WLCs AIR-CT5508-K9 or AIR-CT2504-K9 have reached “End of Vulnerability/Security Support” by July 31, 2021 ( link ) but there are still should be many deployments worldwide. In some deployments AIR-CT5508-K9 may run in HA-SSO redundancy mode.
There may be a case when its needed to disable HA-SSO and enable it back (e.g. for changing VLAN number for WLC’s management interface or IP address of management interface). HA-SSO can be disabled from web interface in “Controller -> Redundancy -> Global Configuration -> SSO -> disabled” field. Related message will appear informing that standby WLC will reboot itself and disable all ports per its designed logic:
After all related changes have been completed (e.g. changing VLAN number for WLC’s management interface or IP address of management interface) its needed to restore HA-SSO redundancy mode. Firstly, HA-SSO should be enabled on the primary WLC: Controller -> Redundancy -> Global Configuration -> SSO -> enabled” field, then per design it will be needed a console (or access via service port) connection to the secondary WLC. In console connection its needed enable all the ports by command
config port adminmode all enable
and reboot WLC. Without mentioned actions there will be such message after attempts for enable HA-SSO on the secondary WLC (by command “config redundancy mode sso“):
“Please enable adminmode for redundancy management interface port before enabling redundancy.”
More details are under related cisco doc link “High Availability (SSO) Deployment Guide” (with ugly unreadable screens there though)