06-22-2021 01:26 AM - edited 07-02-2021 09:35 PM
Hi all,
Is there any general recommendation how to prevent AP joining/associating with Anchor WLC?
I though about WMI, however WMI is used for management traffic as well (AAA, syslog, SNMP,...) and not only for WLC-AP communication.
But is there a command for 9800 WLC which simply refuse AP if any will try to join/associate?
I'm running IOS-XE 17.3.3.
Thank you for any hint.
Martin
Solved! Go to Solution.
06-23-2021 12:45 AM
06-22-2021 01:35 AM
DHCP Option 43
06-23-2021 12:02 AM
Hi Leo
this won't help you if an AP already knows "somehow" an IP of the Anchor WLC since it is being kept in the AP memory. So if AP has a problem with one WLC it will give a try to known controllers in the memory and if in memory is Anchor IP it will give a try...
In case of standardized environment it might be an option, but in case of widely spread environment with more controllers and administrators, it's a bit challenging.
Thanks
06-23-2021 12:45 AM
06-24-2021 01:59 AM
Yes, that we have in DMZ, so of course firewall ACL is an option, it is just still AP will give a try to associate even though FW will block/drop such connection. And apart of AP policy based on MAC address, most likely there is no other way around.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide