cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
543
Views
3
Helpful
6
Replies

Using PI Templates to change AP settings / migrate to 9800-L-F?

perrymcgrew
Beginner
Beginner

We are moving from 5508s to a pair of 9800L's hosted in our datacenter.   We have 5508 in the datacenter that manages the local APs and the APs at remote locations that do NOT have a local 5508.  We have 6 sites that have local 5508's -- whose APs are in Flexconnect mode.  We have over 350 APs deployed across the company and we are Healthcare running 24x7x365, so outages need to be minimized.

The 9800L's are basically all set to go.  We've migrated the SSIDs from our 5508 AireOS (8.5.182.105) and tested all the authentication schemes.   As part of the upgrade, I have done some cleanup of the networks to standardize VLANs at all sites.   The "Guest" networks are hosted in the Data Center 5508.  So the sites with local 5508's have Mobility Anchors pointing back to the datacenter's 5508.   I have defined all the 9800L / remote 5508 Mobility anchors and they are all "UP".  

So we are just about ready to pull the trigger on replacing the Datacenter's 5508.   But I need to make some changes on the currently deployed APs.   We are running PI 3.10.3 and I see there are templates for Lightweight APs.  I have not used PI for pushing configurations and searches here have not turned up anything useful.  So looking for suggestions to address the foillowing:

First, I want to change the Management VLAN at 2 remote locations.  I know it is specified in the AP's Flexconnect Tab.  I need to leave the Mapped VLANs alone.  The sites have many APs so accessing them 1 by 1 is not feasible -- as the AP will reboot or become unavailable until I change the Management VLAN to match on the WLC's Interface.  If I change the Management VLAN first, I lose all connectivity to the APs.  If I can get this done, all sites will have consistent VLANs that are defined in the 9800L's Flexconnect Policy.  

The next thing I need to do is to remove any entry in the AP HA tab.   I want all APs to use the DHCP Option 43 to point the APs to the 9800L.   Unfortunately, all 350+ deployed APs have entries pointing to the 5508(s) in their HA Tab.  (We used to have a 5508 HA SKU WLC).  

While I ponder best way to accomplish the above, anyone have a way to pre-load the APs with the 9800L code while they are still attached to their local 5508?  

TIA - Perry

6 Replies 6

My existing AP models are 2802i   Any other older models will be replaces with 9115AXi at the time of cutover at the site(s).

2800 is mentioned on the document. 

 

FlavioMiranda_0-1684768232617.png

Just a commend.  Move AP between WLC with different code is trick, moving AP between WLC with different code and platform, is even more challenging. If I were you I would do this one by one at the beginning and only after you were really confident that the AP as moving smoothly I would try some strategy to speed up the process. 

 And I would probably create and internal entry on the DNS pointing to the 9800 and then reload the AP but shut/no shutting the switch port. DHCP option 43 is not the best strategy as it will impact many APs at once. 

 

Not sure how a DNS entry would work since the HA tab has the DNS & IP of the 5508(s).  Probably the biggest reason I was looking at using PI's templates to "push out" a change.   Wouldn't the DHCP Option 43 should be OK as long as the lease time is sufficient?   The APs won't be looking to renew their IP unless they are rebooted / lease expires.  

 The problem with DHCP is hard to  know how long the AP is using an specific IP address. If you change on the scope and many AP is about to renew they can move to the new WLC.

  But Prime is surelly the best alternative if you will do many at once, that´s for sure.  What I am saying is that I would not do many APs at once at the begining. For start, I would do one by one, which can be from Prime of course or on the WLC directly.

   About the DNS, there is a option on the Prime and or WLC where you can reset the AP and delete the config keeping only the IP address.

  I am just calling the attention to the fact that AP may have difficulty to move from one WLC to another and as you are managing a lot of APs this can be a problem.

 

Prince.O
Spotlight
Spotlight

Hello,

First off , DHCP option 43 works great to point Aps to controllers , however, the caveat with that comes when you have the Aps already joined to a previous controller that is online. When this is the case, even though you have a new Option 43 configured on the APs , they will always join the primed controller they last were joined to.

- A way to resolve this will be to temporarily take the old AireOS WLC offline or create an ACL at your sites to block the AP subnet from reaching the existing controller. This will then force the APs to use DHCP or DNS to get the new controller IP address

- An option can be to point the APs directly to the new 9800 using the prime template and set the previous WLC as a backup so in case of any migration issues, it falls back to the previous controller with no issues . You will have to add the 9800 in prime and ensure it's in managed state prior to this of course. You can still keep the option 43 in place to help guide any future Aps to the right controller

For your query regarding pre-downloading the 9800 code to the Aps , you can use prime to do this , refer to this guide below:

https://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-9/user/guide/bk_CiscoPrimeInfrastructure_3_9_0_UserGuide/manage_device_software_images.html#con_1121211

For your query regarding using PI templates to change AP configuration , please refer to this link below, this may be helpful to guide you:

https://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-8/user/guide/bk_CiscoPrimeInfrastructure_3_8_0_UserGuide/create_templates_to_automate_device_configuration_changes.html

Regarding the AP management VLAN query, is your goal to change the subnet/migrate those 2 sites to a different subnet ? if so , I would say the best way is to focus on make the change on the switching side. For the 9800L, the Aps won't be aware of the native vlan until they are fully joined to the controller so the key will be to change it on the switch to the necessary new native/management vlan

- I would recommend testing this on 1 or two Aps at the remote site in which you need to make modifications to ensure you get the behavior you are expecting then roll it out to all the Aps once its successful

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: