Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3758
Views
10
Helpful
9
Replies

AP migration from Aireos WLC to 9800-CL

ahmad.syed
Level 1
Level 1

‎09-23-2020 08:50 AM - edited ‎07-05-2021 12:33 PM

Hi All,

We have 100 APs at site on AIreos WLC. We want only 10 APs to be migrated on 9800-CL WLC.

What should be approach?

When we migrate one AP as test by defining 9800-CL WLC IP in HA of Access Point as primary controller, it gives below error

%CAPWAPAC_SMGR_TRACE_MESSAGE-3-EWLC_GEN_ERR: Chassis 1 R0/0: wncd: Error in Session-IP:10.65.98.10[5264] CAPWAP DTLS session closed for AP, cause: DTLS server session shutdown
 
On Cisco docs, we found remove SSC from Aireos WLC and then AP will easily associate. But have fear , if we disable SSC from Aireos WLC, it impact all other AP which we not want to migrate
 
Please suggest how to resolve this issue and best migration approach.
1 person had this problem
0 Helpful
9 Replies 9

Scott Fella
Hall of Fame
Hall of Fame

‎09-23-2020 09:16 AM

Do you have the AireOS on the right code to support mobility along with support for the code required for the access point? I have had no issues moving ap’s over from one to another, but you need to have mobility or else roaming will be impacted.
-Scott
*** Please rate helpful posts ***
0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to Scott Fella

‎09-23-2020 09:20 AM

Also make sure you have completed each step of the 9800-CL configuration:
Step 11
A certificate is needed for the AP to join the virtual C9800. This can be created automatically via the DAY 0 flow or manually using the following commands.

Specify the interface to be the wireless management interface

C9800(config)#wireless management interface vlan 122
In exec mode, issue the following command:

C9800(#wireless config vwlc-ssc key-size 2048 signature-algo sha256 password 0
Configuring vWLC-SSC…
Script is completed
This is a script the automates the whole certificate creation:

Verifying Certificate Installation:

C9800#show wireless management trustpoint
Trustpoint Name : ewlc-default-tp
Certificate Info : Available
Certificate Type : SSC
Certificate Hash : e55e61b683181ff0999ef317bb5ec7950ab86c9e
Private key Info : Available
Note
You can skip the certificate/trustpoint configuration but if you do it, APs will not able to join. You would need to go to the GUI and configure it from there by importing the desired certificate.
-Scott
*** Please rate helpful posts ***
0 Helpful

ahmad.syed
Level 1
Level 1
In response to Scott Fella

‎09-23-2020 09:45 AM

Hi Scott

Thanks for reply.

a) Which code you are asking. AP which we are using is 2800 series 

b) 9800-CL wlc already have day 0 SSC certificate. 

 

But when we send AP from Aireos WLC to 9800-CL we are getting error which i mention in initial post. How to mitigate this issue? What steps we use so that only required access point migrate not all Access Point of Aireos WLC

Scott Fella
Hall of Fame
Hall of Fame
In response to ahmad.syed

‎09-23-2020 01:49 PM

There is a dependency on the aireOS firmware along with the ap firmware from the AireOS controller.
-Scott
*** Please rate helpful posts ***
0 Helpful

ahmad.syed
Level 1
Level 1
In response to Scott Fella

‎09-24-2020 12:23 AM

Hi @Scott Fella 

Aireos WLC from where we are removing APs is having image 8.5.140.0 and AP which we are removing is 2800 series.

 

Do it have any any issue while migrating? Please suggest how can we migrate 

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to ahmad.syed

‎09-24-2020 01:57 AM

For mobility between the two:

IRCM Compatible version based of 8.5 Maintenance Release is 8.5.164.0. This is available for download from Cisco CCO Software downloads.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-8/b_c9800_wireless_controller-aireos_ircm_dg.html

-Scott
*** Please rate helpful posts ***
0 Helpful

ahmad.syed
Level 1
Level 1
In response to Scott Fella

‎09-24-2020 02:16 AM

Hi @Scott Fella 

We are not creating mobility between two controller. We are doing migration from one controller i.e. Aireos Controller to New Controller i.e. 9800-CL

So, once AP move to 9800-CL, there is no requirement of Aireos controller for those AP. 

Hence , need input as said in 1st post, 

a) How we can send only few AP to 9800-CL as we are getting certificate error when AP try to join 9800-CL

 

%CAPWAPAC_SMGR_TRACE_MESSAGE-3-EWLC_GEN_ERR: Chassis 1 R0/0: wncd: Error in Session-IP:10.65.98.10[5264] CAPWAP DTLS session closed for AP, cause: DTLS server session shutdown

 

b) If we remove SSC from AIreos, it impact all AP

0 Helpful

mbay
Level 1
Level 1
In response to ahmad.syed

‎02-08-2021 05:11 AM

Hi Ahmad,

 

How did you complete this migration? 

Have you found a solution for this migration?

 

We will also move APs from Cisco 5508 8.5.140.0 version to Cisco 9800-CL. I'm looking for a smooth way to do that.

 

Also have you tried to disable SSC Hash Validation?

 

Mehmet

jacky.reinbold
Level 1
Level 1

‎06-21-2022 09:20 AM

Hello Ahmad,

 

did you find the solution for the AP2800 migration and DTLS issue since 2020?

 

Thank

 

JR

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card