Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AP's failing to go to back up controllers via L3

We have a remote branch office that is served by a 2106 controller. We want to use the main campus WiSM's as the failover location for the ap's. We are unable to get either ap to join the controller on the Main campus. Both ap's at the local campus have manufacturer signed certificates. I've attempted to force the ap's to the failover controllers, but no luck. The controllers are communicating L3 and are in the same mobility group across the WAN link as well as pingable, both the data path and mobility path are up. What else might I look at?

Hall of Fame Super Silver

Re: AP's failing to go to back up controllers via L3

On the router on the remote site configure ip forward protocol udp 12222 and on the l3 interface the ap's are on, configure ip helper-address .

See if this does the trick. Here is part of a doc:

Use IP helper address on the Router

Although this is not a part of the Layer 3 discovery algorithm, this is a simpler method that can be used when WLC and LAPs are in different subnets. After the LAP gets an IP address from the DHCP server, the LAP broadcasts a Layer 3 LWAPP discovery message on to its local subnet. The IP address of the WLC is configured as the ip-helper address on the router. The router forwards these broadcasts to the IP addresses configured with the ip-helper command on the interface on which the broadcast is heard. When you use the ip helper-address command, DIRECTED BROADCASTS, as well as unicasts, eight different UDP ports are forwarded automatically. Those ports are Trivial File Transfer (TFTP) (Port 69), Domain Name System (Port 53), Time Service (Port 37), NetBIOS Name Server (Port 137), NetBIOS Datagram Server (Port 138), Boot Protocol (BOOTP) Client and Server (Port 67 and Port 68), TACACS service (Port 49). Since LWAPP broadcast uses UDP port 12222 it must be explicitly forwarded on the router. Here is an example scenario. Assume that you have a WLC in one subnet, such as, and the LAPs and the DHCP server in a different subnet, such as Routing is enabled between the two subnets. This example shows the configuration on the router:

Router(config)#interface Fastethernet 0/1

Router(config-if)#ip helper-address

!--- IP address of the WLC


Router(config)ip forward-protocol udp 12222

*** Please rate helpful posts ***