The scenario is I want to setup a couple of 3700 APs in Office Extend mode. This means the APs will be connecting via a standard home Internet connection and will somehow need to find their way back to the NAT address of my corporate WLC. The people using these APs won’t be able to troubleshoot issue so they must work out of the box. My options:
- Configure a temporary WLC with the same name and IP Address of the WLC I want my APs to join. Once joined they will remember the details (until someone holds the mode button down on them)
Pros: Fairly easy to do, can also configure the AP for mode/hostname etc as well during the setup
Cons: Time consuming, must have spare WLC available
- Utilise DHCP Option 43 to ensure a cross-subnet discovery is available
Pros: Well known/Standard procedure
Cons: Requires DHCP server with ability to do Option 43 (not available on your standard home router)
- Manually set the Controller IP address via the CLI
Pros: Convenient, no extra equipment required
Cons: Make sure the config saves or your AP is stranded!
In this case options 1 & 2 aren’t readily available so manual IP set it is.
- Confirm if there is any existing WLC config through the following command:
show capwap ip config
- Delete any existing entries:
clear capwap private-config
- From the command line you can tell the AP what Controller to join through the following command(s). Note: For some reason new APs require the lwapp command as they will ignore the CAPWAP command.
lwapp ap controller ip address <IP Address>
capwap ap controller ip address <IP Address>In the image below you can see the AP joining the WLC instantly after setting the IP Address manually. It then begins downloading the software which is likely to be a slower process if you’re doing this over the WAN or from an external ISP.
- During the software download you won’t be able to make any configuration changes and the AP will reboot following the download. This may cause it to lose the controller IP that you have set so re-enter this as per step 3 using the capwap only command which should work instantly.
capwap ap controller ip address <IP Address>
- Once joined to the WLC you can permanently set the controller IP address (you’ll need to enter a DNS host for it too) via the GUI
- Finally I recommend setting Data Encryption and Link Latency on your AP to secure the traffic over the Internet/WAN- there are thousands of hackers out there trying to take advantage of mistakes and not encrypting the traffic can leave your corporate data vulnerable to attack. Enabling Link Latency will allow you to see some quick latency stats on your Control and Data traffic to see if things are running slow.