Registering AP 3500 in a Controller 5508

alemunmo81 · ‎04-07-2012

Hello

Could somebody explain to me how an AP 3500 get to be registered in a controller 5508??, so, i have seen a lot of information of wireles deployment guide but i haven't understood yet how the process or flow is for getting the AP to be registered in a controller 5508, what exactly basic configuration must be done in a controller for doing it?

I would appreciate the help.

Thanks,

AM

Scott Fella · ‎04-07-2012

Here is a good doc on the ap join process. All you need on the wlc 5508 (minimum) is an ip address for the management and set the time correctly.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806c9e51.shtml

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

alemunmo81 · ‎04-07-2012

Hello Scott

It's such an excellent document and also very useful, besides, thank you indeed for your soon answer.

So, i have a question to add:

The only way to validate the LAP to the WLC is through the digitally signed X.509 certificate?...or is there another method to authenticate the LAP to the WLC?

I am looking forward to hearing you soon.

AM

Scott Fella · ‎04-07-2012

First off there is a manufacture installed certificate and that's why it is important to make sure the wlc has the correct time. Now you can create a Mac list that only allows APs with Mac address on your list to join the wlc (this is painful when you have a lot of APs). You can also use a radius server to authenticate against. Is there a reason you want to go this route?

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

alemunmo81 · ‎04-07-2012

Hello Scott

No, there is not reason, is just to know what methods i can use for registering LAPs. In this order i understand that the most common method to register the LAP is with the digital certificate, is this right?.

By the way, how can i do the authentication using a radius server??

Thanks,

AM

Scott Fella · ‎04-07-2012

For a lap to register, the link describes the various process in the link I posted. You can take any lap and register it to any wlc. Don't get to fancy or else you will run into issues. I never see a need to do this.

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00808c7234.shtml

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

weterry · ‎04-07-2012

Just to add a little to Scott's comments:

The AAA authentication side I believe is a MAC Authentication.

If you don't want to use the Mfg Installed Certificate (MIC), you could actually try out Locally Signficant Certificates (LSC) if you have a CA. I think its documented here: http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a99e23.shtml

With LSCs, you'd basically pre-stage your APs with the MIC, and then have them auto-provision the LSC through SCEP to your CA. After that, I suppose you'd just tell your WLC to not accept MIC APs and the end result would be all APs joined only with a validated LSC.