Symptom
AAA servers are going after a switchover when using key 6 password encryption.
Configure the current active chassis 2 with key password encryption:
#password encryption aes
#key config-key password encryption
-Use write to save config.
-Perform a switchover to chassis 1, we can see hat AAA server is still up and client can reconnect and authenticate with no issues.
-Perform a switchover to chassis 2 ( not using write command since config should be already synced) after this we noticed that AAA server goes down and ISE reports key mismatch errors.
To fix the issue, need to remove password encryption and add re-add ISE key.
#no password encryption aes
#no key config-key password encryption
Conditions
Configure HA SSO and switchover to chassis 2
configure password encryption:
password encryption aes
key config-key password-encrypt
perform a switchover to chassis1 ( issue is not seen)
perform a switchover back to chassis 2 ( issue is seen)
Workaround
Reload the unit in a broken state.
or
Log into wlc
1. Disable AES encryption
2. Reconfigure PSK/share secrets
3. Update the AES key
4. Enable AES encryption again
CLI: - disable AES encryption
9800(config)#no password encryption aes
GUI: - reset password for WLANs
Configuration > WLANs
Select SSID
reset password
confirm password
CLI: - change password and enable encryption
9800(config)#key config-key password-encrypt new-key
9800(config)#key config-key password-encrypt
9800(config)#password encryption aes
GUI: - enable AES on new password
save config
Further Problem Description
