I currently have 1 4402 wirless controller that is controlling the 17 APs I have in our corporate office and 18 APs we have in a warehouse 10 miles away. The warehouse has all of the APs set to H-REAP so that they can connect across the WAN to reach the controller.I have purchased a second 4402 and have placed the controller at the warehouse to handle all traffic out at that site and to relieve issues we have when the WAN gets saturated.
I have configured the 4402 at the Warehouse with the same basic setup as the first controller (well, different IP and different VLAN and different SSIDs so I can tell I am on the new one easily). The problem I am having is that I cannot get any of the access points to log onto the second controller. All access points still show up on the first controller.
To reach the first controller I had placed the information in the WIndows DHCP scope (Option 241 I believe) to talk to the first controller. I have change dthat to point to the second controller but that does not help. I saw that the first controller was set to be the MAster, so I turned that off to no avail. I even created a new vlan, created the DHCP information, and then added the Access Points to the new VLAN. Still, they connect to the first controller.
Lastly, I logged into the APs and reset them to factory defaults. The APs still find the first controller.
Any ideas what I may be missing to have them hit the new controller?
In the logs I can see the following message:
MIC AP is not allowed to join by config
So please make sure that accept Manufatured installed Certificate option is selected.
Security --> AAA --> AP Policies
From the debug it seems as if WLC may be authorizing Lightweight APs via an Auth-list or AAA.
Check these settings here:
Web GUI > Security > AAA > AP Policies
Seems as if your AP's are set to be authorized via an auth-list or AAA,
Try unchecking the following option:
Authorize MIC APs against auth-list or AAA