Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
308
Views
0
Helpful
2
Replies

AP's need to connet to different wlc, but they don't

erwee1973
Level 1
Level 1

‎11-09-2015 04:13 AM - edited ‎07-05-2021 04:12 AM

Hello, I am struggling with an issue with AP's that I want to move to a new (virtual) wlc, but they reconnect to their former controller every time.

My primary job role is with security appliances, I have 'played' with wifi devices before, but just small little issues that pass by.

Old situation:

AP connect to (local) 4402 WLC through vlan 5 (switchport mode access) and the WLC has trunk port to diffent vlans the wifi clients can connect to.

The new vm Wlc is located over a Wan link in a Datacenter.

Then, since I cannot through cli lwapp commands directly point the AP to this new WLC (I get the bad certificate error messages, which make the AP not join the wlc) I have to empty the AP and then download new firmware via tftp. Then after reboot, point to the new wlc. This works, but after a reboot, the AP joins te old WLC and starts downloading a firmware image from that controller again

The new config is that the AP is connected to a trunkport and connect to the new wlc via vlan 5 as well.

My question is: what is a workable way to circumvent the automatic joining of the old controller.

Note: I have to migrate the AP's one by one and I think I cannot switch off the current wlc since it tunnels the traffic to the correct vlan.

Note2: the old and new wlc run different software versions, otherwise it might be possible to point the AP to the new controller I think.

I also tried to: create a unique vlan, where old WLC is not connected to via its trunk port, but this didn't work out, I think because the AP connects via one of the other vlans on the trunk.

Thanks for help,

Ralph

Arnhem, Netherlands

Labels:
0 Helpful
2 Replies 2

Sandeep Choudhary
VIP Alumni
VIP Alumni

‎11-09-2015 04:45 AM

Hi, Did you configure the primary ,secondary WLC name and IP under APs HA tab?

Wireless > Access points > All APs , select the specifc AP then click on High Availability tab.

Here enter the primary WLC and IP of virtul WLC and try again.

Also paste the output of these:

1. sh sysinfo -  From new WLC

2. sh version -  AP

****Access Point Must be 7.3 Or Above To Join vWLC

 The statement above is stated in the deployment guide by Cisco. This is interesting as if you don't have an existing WLC that is on release 7.3 or above, the access point will not join the vWLC. This has to do with the vWLC using a self-signed certificate and the access point not being able to verify the certificate.

Regards

Dont forget to rate helpful posts

0 Helpful

Joseph Widowski
Level 1
Level 1

‎11-10-2015 11:02 PM

Another option, outside of setting the APs HA primary/secondary wlc is to not allow APs on your physical wlc (old) to join. Go to the security tab and select "ap policies" on the left. Uncheck all boxes (usually MIC auth is the only one checked).

No APs will be able to join until you re-enable mic auth. This won't affect any APs currently joined to the WLC.  When you have your ap primed to the vWLC as its primary controller, you can re-enable mic auth on your old wlc and you should be good to go.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card