Solved: WLC 5508 AP authorization

fuhrersk8 · ‎02-24-2014

Hello Forum Team!

Wich is the best way to filter out unwanted ap's to join a specific WLC? For example, I have a WLC 5508 cluster with four ap's already joined and registered but other surrounding ap's from other WLC clusters are starting to register with this new cluster. Which is the best way to prevent these ap's to register with this new WLC cluster? MAC address filter list or ap authorization list?

Thanks in advanced for your great support!

Sandeep Choudhary · ‎02-24-2014

Hi Nephtali,

1. You can use the Authorize AP's against AAA function to make sure that all the AP's registering to your WLC are authorized AP's of the network. By enabling this feature, only those AP's whose mac-addresses are present in the authorization list, will be able to register to the WLC.

http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/98848-lap-auth-uwn-config.html#backinfo

2. AP priming and Rouge Rules.

http://www.cisco.com/en/US/products/hw/wireless/ps430/products_tech_note09186a00808e2d27.shtml

http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70rrm.html#wp1180349

Regards

Dont forget to rate helpful posts

View solution in original post

Scott Fella · ‎02-25-2014

Only if the AP's bounce and tries to join the WLC again. It's best to push all the mac address at once to be safe.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***

View solution in original post

Scott Fella · ‎02-24-2014

You should apply bit the Mac filter and the ap authorization. Enter all the MAC address if the access point in the Mac filter that you want to allow on that WLC. Then enable the ap authorization.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Sandeep Choudhary · ‎02-24-2014

Hi Nephtali,

1. You can use the Authorize AP's against AAA function to make sure that all the AP's registering to your WLC are authorized AP's of the network. By enabling this feature, only those AP's whose mac-addresses are present in the authorization list, will be able to register to the WLC.

http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/98848-lap-auth-uwn-config.html#backinfo

2. AP priming and Rouge Rules.

http://www.cisco.com/en/US/products/hw/wireless/ps430/products_tech_note09186a00808e2d27.shtml

http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70rrm.html#wp1180349

Regards

Dont forget to rate helpful posts

fuhrersk8 · ‎02-25-2014

Hello and thanks for reply!

By enablig Authorize AP's against AAA feature on the WLC, does it will affect the AP's already registered on this WLC until all AP's are added to the list?

Thanks again for support guys!

Scott Fella · ‎02-25-2014

Only if the AP's bounce and tries to join the WLC again. It's best to push all the mac address at once to be safe.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***

fuhrersk8 · ‎02-25-2014

Excellent and thanks for reply;

One more question; does the WLC allow both the AP Authorization List and MAC address filter enabled at the same time?

Thanks again for your great support!

Scott Fella · ‎02-25-2014

Yes it does allow both. They are entered in either the mac filter or AP Policies. I have had to do this in the past with WLC on different code version and to prevent AP's from upgrading or downgrading.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***

fuhrersk8 · ‎02-25-2014

Excellent. Thanks for your support.

Scott Fella · ‎02-25-2014

No problem:)

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***