Hi, we have the following situation which I'd appreciate assistance with.
We have 9 WLCs around a corporate network. Each of the WLCs was in the same mobility group for failover purposes, and to permit APs to reconnect back to their primary WLC in the event of a failover.
However one of the sites has now been sold and pending separation of the LAN infrastructure the APs need to be isolated and prevented from associating with any WLC other than their primary (on site). From our experience once the APs know about other WLCs they retain this list in NVRAM even if the secondary WLC is removed from the configuration they will still associate with one of the known APs if possible (Cisco document this).
WLC v 8.1.185.
Does anyone have any recommendations to achieve this? My thoughts are:
1) configure WAN router to deny outgoing LWAPP / CAPWAP packets. Router is a managed service which will entail negotiations and cost with the service provider.
2) completely default all APs on site. 69 APs mounted in the roof of a large distribution depot.
3) Use ACLs on the other WLCs to prevent ones from this subnet connecting to them. May be the easiest because it is all in our control. But I'm unsure of the implications of this.
I see this is an old thread but info still relevant. Didnt see any mention of this as an easy solution. At the default gateway, configure a route for the WLC which you do not want the remote APs to join. Send the next hop to null0. This will make it impossible for the site to contact the WLC IP hence preventing join.
You may be able to do this by adding a network route at the WLCs in your org which points to the subnet(s) at the site via a non-existent gateway. All traffic mentioned in network routes should leave the WLC via the Service Port so it should stop APs from being able to connect to the WLC. If it's one subnet it's quick and dirty, but it should work.
Hello Community, I have an issue where APs do not connect to the WLC. Connection is made over VPN. Until yesterday all 3 APfailed with below errors. We change the LAN connection to a cisco router and now one of the AP magically connected to the...
Where to download
Attached files on this post
Alternatively, cloud version (only summaries)
New implementation for the WLC Config Analyzer. it is a new re-write of the application, with clean up and improved checks
Support for IOS...
Cisco Champion Radio · S8|E6: Fastlane+ Optimizes Network and Device Communication
Cisco Fastlane+ is a co-developed solution with Apple that significantly improves the experience of any Wi-Fi 6 capable iPhone or iPad connected to a Cisco Catalyst 9130 A...
We are pleased to announce the immediate availability of the IOS-XE release 17.4.1 for the Catalyst Wireless Controllers. The new code is now posted on the CCO and can be found at this link:
Table of Contents
The purpose of this document is to provide step-by-step instructions regarding how to connect your read-only Catalyst 9800 WLC or AireOS WLC with Cisco DNA Center for Assurance monitoring through manual configuration. I...