04-07-2012 10:56 AM - edited 07-03-2021 09:58 PM
Hello
Could somebody explain to me how an AP 3500 get to be registered in a controller 5508??, so, i have seen a lot of information of wireles deployment guide but i haven't understood yet how the process or flow is for getting the AP to be registered in a controller 5508, what exactly basic configuration must be done in a controller for doing it?
I would appreciate the help.
Thanks,
AM
04-07-2012 12:09 PM
Here is a good doc on the ap join process. All you need on the wlc 5508 (minimum) is an ip address for the management and set the time correctly.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806c9e51.shtml
Thanks,
Scott Fella
Sent from my iPhone
04-07-2012 12:36 PM
Hello Scott
It's such an excellent document and also very useful, besides, thank you indeed for your soon answer.
So, i have a question to add:
The only way to validate the LAP to the WLC is through the digitally signed X.509 certificate?...or is there another method to authenticate the LAP to the WLC?
I am looking forward to hearing you soon.
AM
04-07-2012 12:56 PM
First off there is a manufacture installed certificate and that's why it is important to make sure the wlc has the correct time. Now you can create a Mac list that only allows APs with Mac address on your list to join the wlc (this is painful when you have a lot of APs). You can also use a radius server to authenticate against. Is there a reason you want to go this route?
Thanks,
Scott Fella
Sent from my iPhone
04-07-2012 02:58 PM
Hello Scott
No, there is not reason, is just to know what methods i can use for registering LAPs. In this order i understand that the most common method to register the LAP is with the digital certificate, is this right?.
By the way, how can i do the authentication using a radius server??
Thanks,
AM
04-07-2012 05:59 PM
For a lap to register, the link describes the various process in the link I posted. You can take any lap and register it to any wlc. Don't get to fancy or else you will run into issues. I never see a need to do this.
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00808c7234.shtml
Thanks,
Scott Fella
Sent from my iPhone
04-07-2012 09:49 PM
Just to add a little to Scott's comments:
The AAA authentication side I believe is a MAC Authentication.
If you don't want to use the Mfg Installed Certificate (MIC), you could actually try out Locally Signficant Certificates (LSC) if you have a CA. I think its documented here: http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a99e23.shtml
With LSCs, you'd basically pre-stage your APs with the MIC, and then have them auto-provision the LSC through SCEP to your CA. After that, I suppose you'd just tell your WLC to not accept MIC APs and the end result would be all APs joined only with a validated LSC.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide