Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Lightweight AP set into holding state?

When i plug an LAP into my network it sees the DNS entry for the WLC and associates itself with it and picks up all the defined WLANS on the WLC and advertises and provides them.

Ideally, I'd like each and every LAP to associate but then pick up no WLANS until I decide to move it into a particular AP group.

It seems terribly unsecure the way that I'm doing it now and I'm sure there must be an alternative.

At present, there's nothing stopping a third party plugging in their own LAP and getting wifi access wherever they choose from within my network.

Any ideas?



Re: Lightweight AP set into holding state?

Well, the way to stop unauthorized APs is to use the AP Authorization List feature and code in the mac addresses of all your authorized APs; this will cause the controllers to reject join requests from any AP which isn't on the list.

In the 5.2 release, you might be able to set up the default AP group with no WLANs, and then manually assign your APs to other AP groups with the appropriate WLAN assignments. I haven't played with this feature yet, though.

New Member

Re: Lightweight AP set into holding state?

that's exactly what I'd expect you can do, but it seems that the default group gets populated with every WLAN that you've configured on the WLC. As yet, I can't see how to alter this.

New Member

Re: Lightweight AP set into holding state?

Alternatively, you could not use the DNS method for provisioning access points. If you use DHCP option 43, you can have more control over which APs get the option template with the controller addresses.