Enterprise Wireless · OEAP

Manually Configure Lightweight AP to join WLC

The scenario is I want to setup a couple of 3700 APs in Office Extend mode. This means the APs will be connecting via a standard home Internet connection and will somehow need to find their way back to the NAT address of my corporate WLC. The people using these APs won’t be able to troubleshoot issue so they must work out of the box. My options:

  1. Configure a temporary WLC with the same name and IP Address of the WLC I want my APs to join. Once joined they will remember the details (until someone holds the mode button down on them)
    Pros: Fairly easy to do, can also configure the AP for mode/hostname etc as well during the setup
    Cons: Time consuming, must have spare WLC available
    .
  2. Utilise DHCP Option 43 to ensure a cross-subnet discovery is available
    Pros: Well known/Standard procedure
    Cons: Requires DHCP server with ability to do Option 43 (not available on your standard home router)
    .
  3. Manually set the Controller IP address via the CLI
    Pros: Convenient, no extra equipment required
    Cons: Make sure the config saves or your AP is stranded!

In this case options 1 & 2 aren’t readily available so manual IP set it is.

The Process

  1. Confirm if there is any existing WLC config through the following command:
    show capwap ip config

    Checking existing CAPWAP config
    Checking existing CAPWAP config
  2. Delete any existing entries:
    clear capwap private-config

    Clearing CAPWAP config
    Clearing CAPWAP config
  3. From the command line you can tell the AP what Controller to join through the following command(s). Note: For some reason new APs require the lwapp command as they will ignore the CAPWAP command.
    lwapp ap controller ip address <IP Address>
    capwap ap controller ip address <IP Address>In the image below you can see the AP joining the WLC instantly after setting the IP Address manually. It then begins downloading the software which is likely to be a slower process if you’re doing this over the WAN or from an external ISP.

    Manually setting LWAPP and CAPWAP Controller IP
    Manually setting LWAPP and CAPWAP Controller IP
  4. During the software download you won’t be able to make any configuration changes and the AP will reboot following the download. This may cause it to lose the controller IP that you have set so re-enter this as per step 3 using the capwap only command which should work instantly.
    capwap ap controller ip address <IP Address>
  5. Once joined to the WLC you can permanently set the controller IP address (you’ll need to enter a DNS host for it too) via the GUI

    Setting Primary WLC IP via GUI
    Setting Primary WLC IP via GUI
  6. Finally I recommend setting Data Encryption and Link Latency on your AP to secure the traffic over the Internet/WAN- there are thousands of hackers out there trying to take advantage of mistakes and not encrypting the traffic can leave your corporate data vulnerable to attack. Enabling Link Latency will allow you to see some quick latency stats on your Control and Data traffic to see if things are running slow.

    Enabling Link Latency + Data Encryption
    Enabling Link Latency + Data Encryption
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s