Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Controlling Flexconnect AP's



I've noticed that from time to time some of our flex connect AP's will join our less preferred 2504 anchor WLC instead of staying on the 5508 HA pair controllers. The 5508 HA (active/standby) pair are in the same mobility group as the 2504 to facilitate guest anchoring. However if a remote AP loses network connectivity for a brief period, when network returns they will sometimes join the 2504 and need to be moved back to the 5508's manually. 

The process to move them back is usually as simple as doing the following:

In the GUI:

Login to the 2504 Controller >> Select the Wireless Tab >> Select the AP >> Select the High Availability tab >> entering the 5508 name and IP as the primary controller and applying the change. 

After 60 seconds or so the AP will then move back to that controller. 

The problem with this though is that the change is not persistent and if the AP is rebooted this primary controller setting is lost. 

Is there a way to set this permanently for all AP's?

If I go to Wireless >> All AP's >> Global Configuration, there is an option to set backup controllers but no option to set a preferred primary controller. 

Any suggestions would be appreciated. 








VIP Purple

Hi Nick,That AP High

Hi Nick,

That AP High Availability configuration setting should not be lost during AP reload. Which WLC software code you having this issue ?

Regarding configuration since it is AP specific, you  have to do it on individual AP. If you have list of AP names then you can develop the required CLI commands & apply them to your AP via WLC CLI (if you have prime, you can use a template to push these changes as well). That will prevent to go into each AP via GUI & do this change.


(5508-1) >config ap primary-base <5508_Name> <Cisco_AP01> x.x.x.x

(5508-1) >config ap secondary-base <2504_Name> <Cisco_AP01> Y.Y.Y.Y




**** Pls rate all useful responses ***




Hall of Fame Super Silver

Just to add to Rasika post,

Just to add to Rasika post, if your 2504 is an anchor WLC, then how I see it, it should not ever have access points join.  Anchor WLC's should have a different mobility group name and also if not in the DMZ, then you should have Authorize MIC APs against auth-list or AAA enabled to prevent access points from joining that WLC.  This would be my preferred way.  If you have access points that need to join that WLC, then you either should add the mac address of the preferred AP's to allow it to join and have Authorize MIC APs against auth-list or AAA enabled, or you need to have the WLANS, AP Group, consistent with the HA's to prevent AP's from loosing their vlan mapping.  You need to prevent the ap's from joining the 2504 to be sure that the mappings will not get lost.


*** Please rate helpful posts ***
CreatePlease to create content