Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Remote telnet/ssh/http access to LWAP CLI

All:

Is it possible to remotely login to the wired interface of an LWAP?

Here is why I ask:

Moving 5508 controller (7.4.110.0) from one colo facility to another and changing controller subnet in the process.

Can I use the IOS cmd: "reload in X" time or "reload at X time" on the LWAPs?

Is there a better way to do this that I have not thought of?

Approximately 120 LWAPs involved over a largish geographical area - 3 hours drive time.

Thx,

Phil

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: Remote telnet/ssh/http access to LWAP CLI

I guess the question from reading the post, is what are you doing? We are assuming you will move the WLC to a different subnet and the IP address will change. If that is so, it depends on how comfortable you are with command lines if you don't have WCS/NCS or Prime to push out templates.

I typically would change the HA on the AP's to point the primary to the new WLC IP address even though it not up yet and enter the secondary WLC as the one that is up already. I have done this with over 200 AP's. If you don't want to do that, then the easiest way is to just use DNS and resolve cisco-capwap-controller. to the new IP address of the WLC. You can use option 43 to, but you need to set that right. Once your APs moved, then I usually remove the DNS and option 43 if I have set those.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
8 REPLIES
VIP Purple

Re: Remote telnet/ssh/http access to LWAP CLI

"Telnet" & "SSH" is disabled by default on AP & you can enable it via "Wireless -> AP Name -> Advanced -> tick telnet/ssh"

My question is why you want to do this ? When you are moving 5508 to another subnet what will happen to APs ? Do you have alternative controller to handle your AP while you are moving 5508 to the other subnet ?

If you don't, then any way all your AP will keep rebooting since they cannot find any controller to register while you are doing this work.

How do you configure AP to discover the WLC IP ? Are you using DHCP option 43 or DNS ? Modify those to reflect the new management IP of your controller & then AP will know about your WLC new management IP & it will automatically register to your controller.

No need to do manual reload of your AP

HTH

Rasika

New Member

Re: Remote telnet/ssh/http access to LWAP CLI

Rasika,

I believe the WCL address was/is hardcoded into the original deployment - not DHCP or DNS.

I will have to ask my client.

If this is the case then it may be necessary to visit each LWAP before the colo move and set a DHCP reservation - we want to keep the LWAPs on known IPs.

Thx,
Phil

VIP Purple

Re: Remote telnet/ssh/http access to LWAP CLI

WLC IP address always hardcoded to controller itself & AP will discover controller IP via DHCP/DNS/broadcast forwarding. If you are changing controller IP, then your APs should learn that new controller IP one of the above method.

On the AP itself nothing is hardcoded (except previously learnt WLC IPs) & all configuration push by a WLC.

What is the current WLC mgt IP & to what IP it will change to ? I do not think you have to visit each site where APs are. As you said, it is best if you could include DHCP option 43  for the scopes defined for APs to reflect the controller new management IP. Then AP will get the controller IP(new) information via DHCP & it will register to your controller using that IP.

HTH

Rasika

Hall of Fame Super Gold

Remote telnet/ssh/http access to LWAP CLI

Ok, you've got a firewall ... How "complex" or "simple" is this command?  You can do "show" commands from the WLC using the debug feature.  If I remembered correctly, this is how it goes:

1.  WLC:  debug ap enable;

2.  WLC:  debug ap remote "sh ip int brief" ;

3.  When you're done, disable the command "debug ap disable".

I hope I still got the command syntax correct.

Re: Remote telnet/ssh/http access to LWAP CLI

Wodnering why cant AP HA parameters be configured here ( primary controller, secondary WLC

VIP Purple

Re: Remote telnet/ssh/http access to LWAP CLI

AP HA parameters also an option too. To do this in quick time you have to use WCS/PI template to push new mgt IP of controller as Secondary controller for the AP (In this way still AP will work using old mgt IP as primary). Then once controller IP address change completed, you have to make the new IP as primary controller for all the AP.

If there is no WCS/PI then you have to go in each individual AP & change those HA parameters manually. If it is the case DHCP option 43 would be easier method as you do not want to touch AP config.

HTH

Rasika

New Member

Re: Remote telnet/ssh/http access to LWAP CLI

Scott,

The HA option is what we will use.  I was incorrect about not using DNS to resolve the controller.

Thanks for the suggestion to swap the primary/secondary WLC IP

Phil

Hall of Fame Super Silver

Re: Remote telnet/ssh/http access to LWAP CLI

I guess the question from reading the post, is what are you doing? We are assuming you will move the WLC to a different subnet and the IP address will change. If that is so, it depends on how comfortable you are with command lines if you don't have WCS/NCS or Prime to push out templates.

I typically would change the HA on the AP's to point the primary to the new WLC IP address even though it not up yet and enter the secondary WLC as the one that is up already. I have done this with over 200 AP's. If you don't want to do that, then the easiest way is to just use DNS and resolve cisco-capwap-controller. to the new IP address of the WLC. You can use option 43 to, but you need to set that right. Once your APs moved, then I usually remove the DNS and option 43 if I have set those.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
975
Views
0
Helpful
8
Replies
CreatePlease login to create content