10-22-2022 02:06 AM
Hi All,
I have recently acquired Catalyst 9800-CL Wireless Controller and i wanted to join my on-prem AP which are behid NAT to this cloud controller using public IP. Can you guys please help me
10-22-2022 02:11 AM - edited 10-22-2022 02:14 AM
in most cases, Option 43 in the DHCP scope will tell AP how to join Controller.
Also required are some FW ports open to establish capwap tunnel.
help guidelines :
10-22-2022 05:58 AM
- Review the 9800-CL configuration with the CLI command : show tech wireless , have the output analyzed by https://cway.cisco.com/
M.
10-23-2022 05:43 AM
Is the WLC hosted in Private or Public Cloud? Or are you looking for OEAP deployment. Depending on the cloud platform deployment method will change. I would suggest you include more info on the same.
To answer your question, if you need AP registering over the public IP you need to enable it under the AP join profile.
Configuration >>> AP Join Profile >>> Edit >>> Capwap >>> Advanced >>>Discovery >>> Select Public
And then you need to add the NAT IP for WMI
Configuration >>> Interface >>> Wireless >>> edit >>> NAT IPV4/V6 server address
Then you can advertise this WMI IP to AP via DHCP options or if you need to configure it manually on the AP
capwap ap primary-base <WLC Hostname> <Public IP for WMI>
10-23-2022 11:29 PM
Hi Arshad,
Many Thanks: The WLC is hosted in public cloud, but my Aps are hosted behind NAT
10-24-2022 05:30 AM
OK great. Follow the deployment guide for the specific public cloud platform. But make sure that you do the configuration I have mentioned above.
10-24-2022 06:36 AM
OK Arshad, One more question
Do I need to have public IP for each AP or is it possible to have 1 public IP for the whole AP that I have.
10-24-2022 06:57 AM
You don't need any Public IP per AP. You can assign any private IP (RFC1918) and make sure that the upstream NAT is properly configured to have AP management IP to WMI of WLC reachability. For Firewall rules you may refer the below.
Cisco Unified Wireless Network Protocol and Port Matrix - Cisco
Also make sure that the Public Cloud side is configured to allow the traffic as per the documentation.
10-24-2022 06:35 AM
Did you setup the public ip on the 9800-CL in the public cloud and allowing the ports required? This is a requirement before any access points can join. Then like with any access points, you will need to figure out the "how to join the ap". With ap's that are joined to another controller, you can define the high availability on the ap to point to the 9800-CL as primary and then use your existing as a backup until the ap can join. If the ap is new, then its easier to actually stage the ap and set the public ip of the controller and have it join prior to shipping them onsite.
So are these ap's new? Are they like OfficeExtend AP's?
10-24-2022 06:40 AM
They are new APs.
So what i need to do is to open up the required ports in my Firewall and point the AP to the cloud controller?
10-24-2022 07:08 AM
I'm assuming when you say public cloud, its in AWS or Azure?
10-24-2022 11:57 PM
Azure
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide