Hi Mark. Thank you for that response. I am actually using the Cisco Catalyst 9800-CL Wireless Controller Image Version 17.15.3 for VMWare vSphere, but my main concern is ease of setup and use as I run an internal RADIUS Server too and I am pretty sure it requires a certificate. How hard it is to get the cert or the key it requires. Is the key a password or an actual cert? I am in the process of learning, but I think I got it setup correctly as the Layer 3 IP is on 192.168.1.x and the Wireless Management is on 192.168.10.x.so I think I am well on my way, but I want to change the IP of the WLC after my migration / setup.

Why do you prefer to NOT migrate? I am just curious, and I know clean installs are always good and better.

Thank you.

    - @dcgtechnologies     Yes it requires a certificate for the Wireless Management Interface (the one use by access points)
                                         This comes from : https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/technical-reference/c9800-best-practices.html
                                         There are extra considerations needed for the 9800-CL as the virtual appliance doesn’t come with a Manufacture Installed Certificate. It needs a Self Signed Certificate (SSC) to  terminate CAPWAP tunnel from the AP.  Follow the steps below to generate an SSC for a 9800-CL:
   >...
Create a new SSC for the management interface using the exec command:
                          wireless config vwlc-ssc key-size 2048 signature-algo sha256 password 0 <password>

 About being on your way :  when configuring  a 9800 controller , validate the configuration using the CLI command 
                                           show tech wireless and feed the output from that into Wireless Config Analyzer
                                           You will  get a report with several remarks and advices , errors red flagged 
                                           for the controller part must always be corrected.

   I indeed prefer clean installs too, getting acquainted with the 9800 configuration model and concepts.
   This document is  small and helpful for initial setups and getting started :
                   https://www.ciscolive.com/c/dam/r/ciscolive/global-event/docs/2024/pdf/BRKEWN-2094.pdf

  M.
                                             

Thank you Mark! All your information is very valuable. Could I import a configuration from my Mobility Express Instance into the 9800 Wireless LAN Controller to populate the configuration and not really doing a migration, but more of a learning experience as I can always blow this thing away and re-build it to do a clean install once I understand concepts. Thank you.

 - @dcgtechnologies    No you can't  import a configuration from Mobility Express Instance into the 9800 Wireless LAN Controller to populate the configuration   because the 9800 would not understand it.  It will only work with a converter tool:
                                                    https://community.cisco.com/t5/wireless/wlc-config-converter-aireos-ios-xe/td-p/2895495

  M.

Now that is awesome! Is the mobility express the old the Airos Operating System I am assuming? Do they need to be converted to *.cfg when imported to the 9800 WLC? How to you import the config via GUI? I just converted mine. Thank you.

---

@dcgtechnologies wrote:
Why do you prefer to NOT migrate? I am just curious, and I know clean installs are always good and better.

---

NOT migrate is out of the question because the AP chosen requires the new 17.15.X firmware to operate.  

Migrating from AireOS to IOS-XE is not easy and using a migration "tool" is not foolproof either.  I prefer re-configuring the new 980-CL from scratch that way you will get acquainted with the different knobs and buttons available.  

I am running 17.15.3 and well this is a learning experience for me so I am trying to use the config convertor instead of the migration tool, plus I want to leave my legacy AP up and running so I can perform the testing that I need to do to make sure this will actually work and I know what I am doing. Thank you for the information.

  - @dcgtechnologies          >.... I am trying to configure the SVI vlan 100 for the Wireless Management. It is in admin status of "UP", but it is operational status is "Down". How do I get it in the Operational status of "UP". I did use the switchport command and assigned VLAN100 as the native vlan, but it turned vlan1 to "UP" on the operational status. Is there supposed to be a vlan assigned to the management interface?
                                  Make sure to also use the 'no shutdown' directive on both the SVI and it's corresponding
                                  physical interface(s). The management interface is often confusing on a 9800-CL.
                                       1) Meaning the interface for managing access points then yes it needs a vlan.
                                  2) It's also advisable to use an SVI for the interface that is  used to manage the controller

                                >....Under the VRF tab I setup the Mgmt-intf and used IP 4 Protocol, but not familiar with the Route Distinguisher, Route-Target Import. or the Route-Target Export. What are these fields? Do they require anything to be filled out?
                                     These parameters are not important on the 9800 controller and don't need changing.
                                     They are part of the overall IOS-XE operating system and targeted for routers (e,g,)

  M.

Thank you for your help Mark. You have been wonderful through this whole process. I did try to put the "no shutdown" command on the Vlan and the physical interface itself and I am not able to see it in the config, but when I apply "shutdown" to both I see that in the config. Is there something I am doing wrong here? I have not been able to get the "no shutdown" command to take, but I do save it correctly.

See config below:

interface GigabitEthernet1
description Management Network Interface
no switchport
ip address 192.168.1.x 255.255.255.0
negotiation auto
!
interface GigabitEthernet2
description Wireless Management Network Interface
no switchport
no ip address
negotiation auto
!
interface Vlan1
ip dhcp client client-id ascii cisco-001e.493f.ccff-Vl1
no ip address
no ip proxy-arp
!
interface Vlan100
description Mgmt_Network
ip dhcp relay source-interface Vlan100
ip address 192.168.10.x 255.255.255.0
no ip proxy-arp

Thank you.

  - @dcgtechnologies     You should always be able to use the 'shutdown' or 'no shutdown' when configuring an interface
                                      (SVI or Gi(x)) ,indeed
                                  .   The lines you post look good. If an interface stays in shutdown  (operational status) even when
                                       telling it directly 'no shutdown' during configuration ; then examine the logs on the controller.
                                                                                                                        (immediately thereafter)

                                      Or perhaps better issue the command : terminal monitor first (to get  console messages directly)
                                      Then try the intended interface configurations again and see what happens

 M.

When I try to reload I get the "% Bad Ip address or host name% Unknown command or computer name, or unable to find computer address error message so I know something is wrong. How can I enable putty as it asks for a password so I can record the config to run it through the Wireless Config Analyzer? Thank you.