Re: Joining AP to Catalyst 9800-CL Wireless Controller

ermionline · ‎10-22-2022

Hi All,

I have recently acquired Catalyst 9800-CL Wireless Controller and i wanted to join my on-prem AP which are behid NAT to this cloud controller using public IP. Can you guys please help me

balaji.bandi · ‎10-22-2022

in most cases, Option 43 in the DHCP scope will tell AP how to join Controller.

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/97066-dhcp-option-43-00.html

Also required are some FW ports open to establish capwap tunnel.

help guidelines :

https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113344-cuwn-ppm.html#anc9

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

marce1000 · ‎10-22-2022

- Review the 9800-CL configuration with the CLI command : show tech wireless , have the output analyzed by https://cway.cisco.com/tools/WirelessAnalyzer/ , please note do not use classical show tech-support (short version) , use the command denoted in green for Wireless Analyzer. Checkout all advisories!

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Arshad Safrulla · ‎10-23-2022

Is the WLC hosted in Private or Public Cloud? Or are you looking for OEAP deployment. Depending on the cloud platform deployment method will change. I would suggest you include more info on the same.

To answer your question, if you need AP registering over the public IP you need to enable it under the AP join profile.

Configuration >>> AP Join Profile >>> Edit >>> Capwap >>> Advanced >>>Discovery >>> Select Public

And then you need to add the NAT IP for WMI

Configuration >>> Interface >>> Wireless >>> edit >>> NAT IPV4/V6 server address

Then you can advertise this WMI IP to AP via DHCP options or if you need to configure it manually on the AP

capwap ap primary-base <WLC Hostname> <Public IP for WMI>

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

ermionline · ‎10-23-2022

Hi Arshad,

Many Thanks: The WLC is hosted in public cloud, but my Aps are hosted behind NAT

Arshad Safrulla · ‎10-24-2022

OK great. Follow the deployment guide for the specific public cloud platform. But make sure that you do the configuration I have mentioned above.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

ermionline · ‎10-24-2022

OK Arshad, One more question
Do I need to have public IP for each AP or is it possible to have 1 public IP for the whole AP that I have.

Arshad Safrulla · ‎10-24-2022

You don't need any Public IP per AP. You can assign any private IP (RFC1918) and make sure that the upstream NAT is properly configured to have AP management IP to WMI of WLC reachability. For Firewall rules you may refer the below.

Cisco Unified Wireless Network Protocol and Port Matrix - Cisco

Also make sure that the Public Cloud side is configured to allow the traffic as per the documentation.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-7/deployment-guide/Azure_Deployment_Guide.html#:~:text=1.%C2%A0%C2%A0%C2%A0%20Add-,typical,-ports%20that%20are

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

Scott Fella · ‎10-24-2022

Did you setup the public ip on the 9800-CL in the public cloud and allowing the ports required? This is a requirement before any access points can join. Then like with any access points, you will need to figure out the "how to join the ap". With ap's that are joined to another controller, you can define the high availability on the ap to point to the 9800-CL as primary and then use your existing as a backup until the ap can join. If the ap is new, then its easier to actually stage the ap and set the public ip of the controller and have it join prior to shipping them onsite.

So are these ap's new? Are they like OfficeExtend AP's?

-Scott
*** Please rate helpful posts ***

ermionline · ‎10-24-2022

They are new APs.
So what i need to do is to open up the required ports in my Firewall and point the AP to the cloud controller?

Scott Fella · ‎10-24-2022

I'm assuming when you say public cloud, its in AWS or Azure?

-Scott
*** Please rate helpful posts ***

ermionline · ‎10-24-2022

Azure