Hey Scott, thanks for reaching out. I do, we have 50 APs on our WLC and they have been going strong for a couple of years now.

Okay... I would console into the ap and look at the output.  I would also perform a factory reset using the button on the ap, just to make sure.  Console output will show you what is going on.  Also keep in mind, that once you add a mac address, then you will need to add all the ap's ethernet to that list.  A reboot would prevent an existing ap to join once you have that checkbox enabled.

Thanks Scott. I will take crack at that this morning and let you know if it works. I do have some questions for clarification.

"...then you will need to add all the ap's ethernet to that list."
***I am not quite sure what you mean by this. Could you elaborate? Thanks!

"A reboot would prevent an existing ap to join once you have that checkbox enabled."
***Also, if you could elaborate on this one, I would appreciate it. It almost sounds like rebooting the AP after adding the MAC was not the correct course of action.

When you enable AAA for ap policies, that is global to all ap's that will join that controller.  So once you add a mac address and enable "Authorize MIC APs against auth-list or AAA" that tells the controller to check the mac address list to authorize the access point during a join.

Scott,

Ahh Ok I think I see what you are saying. Thanks for the pic. Are you saying we need to enable Authorize MIC APs against auth-list or AAA? I suppose what is confusing me is that we have 50 APs connected and doing just fine with the current WLC settings.

If we need to enable the setting, would this cause a disruption in wireless of any kind for already existing APs? I have to ask to avoid any prod down issues.

This is why some folks choose to have another controller for outdoor access points.  Now this doesn't make sense if you can't afford another, or if you have a few of these.  The thing to understand is you need to have authorize ap enabled in order for outdoor access points to join.  Now since this is a global setting, it will affect your other joined ap's.  Now..... this will not disrupt your existing ap's when you enable this, but you need to enter all the ethernet mac address to the list and then enable it.  You can script this out in the CLI if you wish... a lot easier this way.  This will ensure that all your indoor and outdoor access points will join.  Keep in mind that any new or replacement access points will need to be added to the list.

Just to clarify.... enabling the checkbox will not cause any disruptions.  What will cause an issue is if you don't enter the correct mac address and later on, the ap reboots, there is a power outage, etc. the ap will not join.

I'm assuming you have another controller to test with?  This can help you play around with the setting and see if the ap joins or not.

Hey Scott, thanks for the info. OK, I am not sure why this setting was disabled on our end. Perhaps my predecessor enabled it to allow the other external AP to join and then disabled it to prevent what you are describing with the reboots. I'll roll through a change control and get this knocked out tonight. I am not worried about it, just procedure for things of this nature.

We do not have a spare/dev WLC to test with.

Hi Arshadsaf,

Thanks but that is not quite our situation. Appreciate it though.

Haydn,

I have confirmed that the switch pulls the correct MAC address. The sticker is right on this one

• Is the connected switch seeing the AP as a CDP neighbour? No it is not. Which is strange since the AP's MAC is registered in the MAC table of the switch.
• Does the AP have an IP address? Unknown.
• If you connect an internal AP to the same port does it register to the WLC (rule out any port config issues/ connectivity issues)? I have not tested this however, the switchport configuration is identical to other switchports with working APs.
• Can you console the AP and share the log file whilst it reloads? I will get those logs to you tomorrow. Unfortunately, I don't have access the AP at this moment.
• Share output of "show capwap client rcb" from the AP. I will get those logs to you tomorrow. Unfortunately, I don't have access the AP at this moment.
• Are you seeing the AP in the WLCs AP Join Statistics? I am not.
• From the AP console try "capwap ap mode local"  - you may have to enable debug capwap client cli first. I will get those logs to you tomorrow. Unfortunately, I don't have access the AP at this moment.

If your not seeing the AP as a CDP neighbour or hitting the WLC in the join statistic I'm guessing it doesn't have an IP address. The logs will show