We have a remote branch office that is served by a 2106 controller. We want to use the main campus WiSM's as the failover location for the ap's. We are unable to get either ap to join the controller on the Main campus. Both ap's at the local campus have manufacturer signed certificates. I've attempted to force the ap's to the failover controllers, but no luck. The controllers are communicating L3 and are in the same mobility group across the WAN link as well as pingable, both the data path and mobility path are up. What else might I look at?
Re: AP's failing to go to back up controllers via L3
On the router on the remote site configure ip forward protocol udp 12222 and on the l3 interface the ap's are on, configure ip helper-address .
See if this does the trick. Here is part of a doc:
Use IP helper address on the Router
Although this is not a part of the Layer 3 discovery algorithm, this is a simpler method that can be used when WLC and LAPs are in different subnets. After the LAP gets an IP address from the DHCP server, the LAP broadcasts a Layer 3 LWAPP discovery message on to its local subnet. The IP address of the WLC is configured as the ip-helper address on the router. The router forwards these broadcasts to the IP addresses configured with the ip-helper command on the interface on which the broadcast is heard. When you use the ip helper-address command, DIRECTED BROADCASTS, as well as unicasts, eight different UDP ports are forwarded automatically. Those ports are Trivial File Transfer (TFTP) (Port 69), Domain Name System (Port 53), Time Service (Port 37), NetBIOS Name Server (Port 137), NetBIOS Datagram Server (Port 138), Boot Protocol (BOOTP) Client and Server (Port 67 and Port 68), TACACS service (Port 49). Since LWAPP broadcast uses UDP port 12222 it must be explicitly forwarded on the router. Here is an example scenario. Assume that you have a WLC in one subnet, such as 172.16.0.0/16, and the LAPs and the DHCP server in a different subnet, such as 192.168.1.0/24. Routing is enabled between the two subnets. This example shows the configuration on the router: