This instruction outlines the steps needed to configure your unified mode access point (AP) to operate with Cisco dCloud content. If you are using an AP only without a router, you must configure the IP address of your wireless LAN controller (WLC) each time you schedule a session, as the public IP address for the WLC will change each time.
If you are using a router, you only need to complete this task once.
Read this entire instruction before starting the provisioning process. Your AP must be provisioned before it can be used with Cisco dCloud content.
Access Point Configuration – Cisco Catalyst and Aironet Series
The following equipment is needed to complete the configuration:
- An Active Cisco dCloud session
- Cisco Catalyst and Aironet Series Access Point with IOS XE or lightweight AP software (unified)
- Laptop with serial port or USB-to-serial adapter and terminal emulation application
- Ethernet cable
- Console cable (USB to serial adapter may be needed)
- Internet connectivity
Connect to AP
- On Workstation1, ensure your Country is enabled on the wireless LAN controller. If the physical country is not in the list, select the country that matches the wireless regulatory domain.
- Connect one end of the console cable to the AP and the other end to the serial port of the laptop.
- Launch the terminal emulation application on the laptop.
- Connect the AP to a power outlet or to a PoE source.
The AP will boot up. You can observe the boot sequence using the terminal emulation application. After the AP has completed booting, you will see a message that the AP is available.
- Press the Enter key. You will be prompted for a username and password.
- Enter the default username and password.
- Enter privileged EXEC mode.
Configure WLC IP Address
Locate the IP addresses for the WLC for your active session.
- From the Cisco dCloud UI, go to My Hub > Sessions.
- Click View for your active demonstration.
- Click Details.
- In the Session Details popup, scroll to the Incoming IP Addresses section that lists the public and private IP addresses for the wireless LAN controller.
- Configure the IP address of the wireless LAN controller.
- If you are using an AP without an endpoint router, use the public address.
- If you are using an AP with an endpoint router, use the private address.
- From the CLI connection to the AP, for Wave-1 or older controllers, enter the following command, and then press Enter.
AP# capwap ap controller ip address <IP_Address>
For 9800 Controllers, Wave 2, or 11ax AP: If you are connecting your AP to a 9800-CL running 16.x code, then use this command capwap ap primary-base wlc1 <IP_Address>.
- Enter the show capwap ip config command to verify that the wireless LAN controller IP address entered correctly.
- Connect one end of an ethernet cable to the port labeled ethernet on the AP and the other end to an active port on your network. This port must have Internet access per the dCloud connection test.
- Verify that the AP has received an IP address on the network via DHCP.
- Optional: To verify the configuration, enter show capwap client config
The AP will connect to the wireless LAN controller within the session environment.
The AP Status indicator light remains solid blue or solid green. The AP is now connected to the system.
- You can connect to your monitoring workstation and verify that your AP is operational.
Static IP Assignment
If you are provisioning your AP in a network that requires static IP configuration for devices, you must manually configure the IP address. Contact the system administrator at your location to determine if a static IP address is required.
If a static IP address is required, gather the configuration details, including the IP Address, Subnet Mask, and Default-Gateway.
- Configure the IP address, subnet mask, and default-gateway using the following commands:
AP# capwap ap ip address <IP_address> <netmask>
AP# capwap ap ip default-gateway <GW_address>
- Confirm the configuration:
AP# show capwap ip config
Please note that this configuration is site-specific and may need to be changed when connecting the AP from a different location.
Your AP may fail to join the controller due to a known bug. If your AP is not joining the controller properly, and you see something similar to the example logs on your AP console, follow the steps below to troubleshoot the issue.
*Aug 22 19:39:51.247: %CAPWAP-3-ERRORLOG: Failed to authorize controller using trust config. *Aug 22 19:39:51.248: %CAPWAP-1-SSC_CERT_AUTH_FAILED: Failed to authorize controller, SSC certificate validation failed.Peer certificate verification failed FFFFFFFF *Aug 22 19:39:51.251: %CAPWAP-3-ERRORLOG: Certificate verification failed! *Aug 22 19:39:51.252: DTLS_CLIENT_ERROR: ../capwap/base_capwap/capwap/base_capwap_wtp_dtls.c:447 Certificate verified failed!
- Enter test capwap command to manually trigger capwrap discovery in case previous capwrap discovery failed.
AP# test capwap
- If still having issues then physically unplug the network cable from the AP.
- Clear any previous configuration stored on the AP.
AP# clear capwap private-config
AP# clear lwapp private-config
- Reload the AP.
- Once the AP is reloaded, plug in the network cable.
After your AP has reloaded, it should successfully join the controller.