Limiting access points joining a specific WLC

fuhrersk8 · ‎08-04-2014

Hello Cisco Forum Team!

I am currently installing a new WLC in a VLAN/IP segment that already has WLCs configured and access points registered. I do not want existing ap's on this VLAN to join this new WLC. Which is the best way to limit ap's joining this new WLC?

I am thinking of some sort of AP authorization list but by IP address instead of MAC address due to the high amount of ap's currently registred on the existing WLCs (approx. 300 ap's).

Thanks in advanced for your support!

Rasika Nayanajith · ‎08-04-2014

AP authorization list would work but you have to use MAC address & cannot use IP address for that. Once you enable AP authorization you can add AP mac to the list like below using CLI.

(5508-1) >config auth-list add mic <AP1 mac>

(5508-1) >config auth-list add mic <AP2 mac>

.

(5508-1) >config auth-list add mic <APn mac>

HTH

Rasika

**** Pls rate all useful responses ****

fuhrersk8 · ‎08-04-2014

Hello Rasika and thanks for your reply;

Yes; I am trying to deny the IP address segment instead of adding each individual access point MAC address to the list.

Is there any other approach?

Thanks again for your support!

Rasika Nayanajith · ‎08-04-2014

Hi

You need to add permit AP mac address list to your new controller, so in that way only those AP will get register to new WLC.

If you want to block this by IP,then you can try block UDP 5246 from AP subnet to new controller managment address if they are in two different subnet.

HTH

Rasika

**** Pls rate all useful responses ****

Leo Laohoo · ‎08-05-2014

I do not want existing ap's on this VLAN to join this new WLC

Make sure this new WLC's Management IP address is not in DHCP Option 43 and you did not configure AP Fallback.

Without any of these settings the AP won't go there unless you manually tell them to.

fuhrersk8 · ‎08-05-2014

Excellent. Thanks for the information.