Showing results for 
Search instead for 
Did you mean: 
Rob Johnson
Cisco Employee

Access Points Joining 3850 next generation switches

It's my understanding that APs can join 3850s if and only if the APs are directly connected to ports on the 3850 next generation device.

Can someone point me to where this is explained?


No... If you are using the 3850 as the controller, it doesn't matter if the APs are connected to it or another 3850, you need ap license and you also have to define the 3850 as the MC.

Sent from Cisco Technical Support iPhone App

*** Please rate helpful posts ***

If Switch 1 is setup as a MC and switch 2 is setup as MA, you're saying APs connected to Switch 2 can join the MC of Switch 1?

You need on MC... After that, all APs that connect to a 3850, will terminate to that switch. The MC is like the WLC function, its the brains.

Sent from Cisco Technical Support iPhone App

*** Please rate helpful posts ***

so if i have a 3850 mobility controller then access points connected to a 3850 mobility agent switch can in fact join that mc?

Thank you Scott for your responses above.

I now have a better understanding how this works.

No problem. Hope I was able to she'd some light.

Sent from Cisco Technical Support iPhone App

*** Please rate helpful posts ***

Can you non-directly connect APs to a 3850. For example if you had a multiple offices within one branch site and your 3850 MC was in the server rack and had 2960s in the other offices. Could you connect your APs to the 2960 switch and have them joined to the 3850 MC?

I've read that APs need to be directly connected to the 3850 however it supports flexconnect?

Would appreciate if anyone could shed some light.


This hard-set requirement for APs to be directly attached really is a problem that is surely going to hold back many deployments.  It's very painful because it doesn't leave any options for old/legacy and new wireless to co-exist nicely.  I've looked at a few cases where next-generation wireless could go in, but this requirement has ruled every one of them out.

This restriction is an expecially big problem if you have a legacy 2500/5500 connected to your core switch and your core switch then has MA/MC functionality subsequently enabled.  This is because once a switch has MA or MC functionality enabled, all CAPWAP including legacy CAPWAP through the device is captured and redirected to the MA/MC switch for local termination (so it never reaches the legacy WLC).

From a practical perspective (I've tried this...) what happens in this scenario is that when the legacy AP tries to communicate via unicast to the legacy WLC, the MA/MC switch in between will intercept all of the CAPWAP even from non-connected APs and destined for the WLC, and proceed to terminate it locally.  The APs then get their upgraded image from the switch, and then when they go to connect again after a restart the switch will refuse to let them join (since they are not directly connected).

In other words, they're basically hosed at that point - and won't come online without repriming.

What is required is an option on a per-port or per-vlan basis of the switch to -not- intercept CAPWAP traffic so that traffic from legacy uplinks and to/from legacy WLCs is not subject to this interception.  This would then provide a way to migrate between old and new wireless and carefully manage a migration process.

I've seen in the release notes that there is some ethernet tunneling capability in WLC 8.1, so I wonder if that will help.  I haven't looked into it yet but that might be a way to get around the problem, assuming it also isn't intercepted by the MA on the way through too.

In 3.6 and 3.7 code, you can prevent a switch from intercepting capwap by putting the AP on a VLAN other than the VLAN defined for wireless management.


We do this today to flip APs from 3850 MA/MC to a central 5508.  So this limitation that has you so concerned is not a valid limitation anymore.

Hi Jacob are you saying that I can still plug the APs in to 2960 PoE switch and manage to control them from 3850 WLC?  

What I'm saying is that you can interoperable the two and allow the capwap through the core switch to the airespace controller. IRCM works across both platforms, so there is a valid mixed environment model.

Jacob Snyder

The 3850 and 5760 controllers do not support Flexconnect at this time. Only Airespace controllers support Flexconnect/HREAP today.

Sent from Cisco Technical Support iPhone App

Good call jake +5

Sent from Cisco Technical Support iPad App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
Scott Fella
Hall of Fame Master

Just to add, FlexConnect isn't part of converged access as the AP's terminate directly to the 3850's so there is no need for FlexConnect.

Sent from Cisco Technical Support iPhone App

*** Please rate helpful posts ***

View solution in original post

Content for Community-Ad