Re: Multiple WLCs in one network

ethutchinson · ‎01-07-2020

We have two WLC 4402s ( old I know ). I have always struggled keeping two sets of APs onto what should be the Controllers I want them to connect to. The VLANs for IP assignment to the APs are separate. They all share VLANs for open and secure SSIDs. I keep the IP assignment VLANs separate so I dont go over the license (50) amounts. However I was forced (maybe wrongfully) to have capwap and lwapp IPs in DNS going to two separate entries. I know this is probably wrong. Is there a way to integrate two different Cisco WLC 4402 controllers on the same network while forcing certain APs to certain controllers?

Thanks

Leo Laohoo · ‎01-07-2020

@ethutchinson wrote:

Is there a way to integrate two different Cisco WLC 4402 controllers on the same network while forcing certain APs to certain controllers?

Yes. Manually configure each AP which WLC to go. This feature has been there since 3.X.X.X.

ethutchinson · ‎01-07-2020

I think I tried that.

capwap controller ip address.

I set that on my test ap and it still reported to the wrong controller.

Scott Fella · ‎01-07-2020

What you should do then is set AP aaa on the wlc you don’t want the ap to join, that way it will block any new join connections. This should be temporary as if any of your existing AP’s in that wlc will fail to join if they loose connectivity to that wlc. Or you can add the MAC address of all the AP’s you want allowed to join. So you have options.

-Scott
*** Please rate helpful posts ***

ethutchinson · ‎01-07-2020

Wow how do you setup certain AP mac addresses to join a controller?

Thanks

Scott Fella · ‎01-07-2020

You add the MAC address to the wlc to allow only those MAC address. It’s the same process for mesh ap’s. Here is a link that can help.

https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/98848-lap-auth-uwn-config.html

-Scott
*** Please rate helpful posts ***

ethutchinson · ‎02-19-2020

Scott,

Sorry to get back you so late. After I enter in the MAC addresses of the APs allowed to the controller will I have to reset them?

ethutchinson · ‎02-19-2020

Scott,

Sorry to get back to you so late. After I have built my list of allowed MAC addresses do I have to reset the APs?

ethutchinson · ‎02-19-2020

Just to add another wrinkle to this mystery I discovered through a colleague setting the "Master Controller mode on" to the controller I want to add the APs to. However when I set Master Controller to controller I want the APs to go to the other controller starts to lose its APs and they go to the other controller. this is frustrating.

ethutchinson · ‎02-19-2020

I also made sure the Mobility Groups on both controllers were different

ethutchinson · ‎02-19-2020

The Primary controller in the GUI is set for proper controller. When I telnet to the AP and do sh capwap client config it shows mwarName and mwarIPAddress is the correct controller. However "Configured Switch 1 Addr" is the wrong controller. Do you have any idea how to change this? I think this is the key if I could change it.

Thanks

Sandeep Choudhary · ‎02-19-2020

Yes you can do that.

There are multiple ways

1. Assign IP & Name of WLCs under cisco APs High Availability Tab as primary and secondary.

https://mrncciew.com/2013/04/07/ap-failover/

2. AP authorization: How to do it:

From the WLC controller GUI, click Security > AP Policies.
Click the Add button on the right hand side of the screen.
Under Add AP to Authorization List, enter the AP MAC address (NOT the AP Radio mac address).
Under Policy Configuration, check the box for Authorize MIC APs against auth-list or AAA.

Regards

Dont forget to rate helpful posts