Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


How to point AP to specific WLC when have multiple

Posted on 2014-08-28
Medium Priority
Last Modified: 2014-09-11
Hello EE,

We have a few sites with APs and a corporate controller.  We have one other site with a controller as well given the number of APs at that location.

My question in putting APs in at other sites, how do you determine if they will come to the corporate controller or this secondary site?
Question by:operationsIT

Expert Comment

ID: 40290757
They will need to join with one WLC (depending on what type of configuration you have setup), so when you place new APs, they will generally communicate with one or the other WLC. The WLC will need to provision the AP and issue a certificate and that AP will communicate strictly to that WLC.

Author Comment

ID: 40291125
Thank you, I understand that they need to be joined, but I had the scenario where I was looking in one controller and didn't see the APs trying to connect then checked the AP log and saw it was going to the other.  I am curious what determines that and how I would get it to go to the other?

Expert Comment

ID: 40291127
Are these WLCs configured with HA?
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.


Expert Comment

ID: 40291385
Only at the AP level on the HA tab
LVL 47

Accepted Solution

Craig Beck earned 2000 total points
ID: 40292814
You usually determine which WLC an AP will join in one of 3 ways...

1] DHCP Option 43
2] DNS
3] Configure the Master Controller option on one WLC in the mobility group.

If you drop all the APs onto the same VLAN as the WLC's management interface you don't need to do [1] or [2] - the APs will send a L2 broadcast for a WLC if [1] and [2] fail so the WLC will respond.  Setting the Master Controller option on one WLC (if you have more than one in the same mobility group) will force APs to join that WLC if they haven't previously joined a WLC.

If you have a dedicated AP VLAN and separate the APs from the WLC via Layer3 you need to do [1] or [2].  The DHCP method is generally preferred as you can specify one or more WLC IP addresses and guarantee which one will be contacted first (as per the order you enter the IP addresses in the option).

So, if you go with a single VLAN for your WLC and APs you just tick the Master Controller box in the Controller -> Advanced section.  If you have separate VLANs for APs and the WLC, go with DHCP and configure option 43 to point the APs to the WLC you want them to join.

You don't necessarily need to issue certs to APs.  Most Cisco APs come with a MIC certificate (manufacturer installed) so the WLC will trust those certs.  If you start messing with recovery images, etc, you may need to add certs, or if you specifically want to authenticate APs at the switchport via 802.1x.  In your case though you'll not need any of that by the sound of it.

Author Comment

ID: 40302243
great Craigbeck I will check

Author Closing Comment

ID: 40317890
Great thanks!

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
In this article I will be showing you how to subnet the easiest way possible for IPv4 (Internet Protocol version 4). This article does not cover IPv6. Keep in mind that subnetting requires lots of practice and time.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question