Last updated:

Access Point Provisioning for Cisco dCloud Content – Unified Mode

This instruction outlines the steps needed to configure your unified mode access point (AP) to operate with Cisco dCloud content. If you are using an AP only without a router, you must configure the IP address of your wireless LAN controller (WLC) each time you schedule a session, as the public IP address for the WLC will change each time.

If you are using a router, you only need to complete this task once.

Read this entire instruction before starting the provisioning process. Your AP must be provisioned before it can be used with Cisco dCloud content.

Access Point Configuration – Cisco Catalyst and Aironet Series

Equipment List

The following equipment is needed to complete the configuration:

  • An Active Cisco dCloud session
  • Cisco Catalyst and Aironet Series Access Point with IOS XE or lightweight AP software (unified)
  • Laptop with serial port or USB-to-serial adapter and terminal emulation application
  • Ethernet cable
  • Console cable (USB to serial adapter may be needed)
  • Internet connectivity

Connect to AP

  1. On Workstation1, ensure your Country is enabled on the wireless LAN controller. If the physical country is not in the list, select the country that matches the wireless regulatory domain.
  2. Connect one end of the console cable to the AP and the other end to the serial port of the laptop.
  3. Launch the terminal emulation application on the laptop.
  4. Connect the AP to a power outlet or to a PoE source.
NOTE: If you are not familiar with using the command line interface (console connection) to the AP, we highly recommend using a router configured for Cisco dCloud.

The AP will boot up. You can observe the boot sequence using the terminal emulation application. After the AP has completed booting, you will see a message that the AP is available.

  1. Press the Enter key. You will be prompted for a username and password.
  2. Enter the default username and password.
    Username: Cisco
    Password: Cisco
  3. Enter privileged EXEC mode.
    AP> enable
    Password: Cisco


Configure WLC IP Address

Locate the IP addresses for the WLC for your active session.

  1. From the Cisco dCloud UI, go to My Hub > Sessions.
  2. Click View for your active demonstration.
  3. Click Details.
  4. In the Session Details popup, scroll to the Incoming IP Addresses section that lists the public and private IP addresses for the wireless LAN controller.

Incoming IP Addresses-v2

  1. Configure the IP address of the wireless LAN controller.
  • If you are using an AP without an endpoint router, use the public address.
  • If you are using an AP with an endpoint router, use the private address.


Important: To enter the capwap command, the AP console must be in EXEC mode (#).
  1. From the CLI connection to the AP, for Wave-1 or older controllers, enter the following command, and then press Enter.
    AP# capwap ap controller ip address <IP_Address>


For 9800 Controllers, Wave 2, or 11ax AP: If you are connecting your AP to a 9800-CL running 16.x code, then use this command capwap ap primary-base wlc1 <IP_Address>.

  1. Enter the show capwap ip config command to verify that the wireless LAN controller IP address entered correctly.


  1. Connect one end of an ethernet cable to the port labeled ethernet on the AP and the other end to an active port on your network. This port must have Internet access per the dCloud connection test.
  2. Verify that the AP has received an IP address on the network via DHCP.


  • Optional: To verify the configuration, enter show capwap client config
    NOTE: If the network is not configured to supply IP addresses via DHCP, you need to statically configure an IP Address on your AP as shown in the Static IP Assignment section.

    The AP will connect to the wireless LAN controller within the session environment.

    NOTE: After the AP connects to the session environment it may download software while the LED light flashes blue. This takes approximately 10 minutes, depending on the speed of your connection. Please do not interrupt this process. The AP will reboot if it installs new software. Once complete, the status light remains solid blue or green. If the status light is solid red or flashing red and blue there is a problem.

    The AP Status indicator light remains solid blue or solid green. The AP is now connected to the system.

    Static IP Assignment

    If you are provisioning your AP in a network that requires static IP configuration for devices, you must manually configure the IP address. Contact the system administrator at your location to determine if a static IP address is required.

    If a static IP address is required, gather the configuration details, including the IP Address, Subnet Mask, and Default-Gateway.

    1. Configure the IP address, subnet mask, and default-gateway using the following commands:
      AP# capwap ap ip address <IP_address> <netmask>
      AP# capwap ap ip default-gateway <GW_address>
    2. Confirm the configuration:
      AP# show capwap ip config


    Please note that this configuration is site-specific and may need to be changed when connecting the AP from a different location.


    Your AP may fail to join the controller due to a known bug. If your AP is not joining the controller properly, and you see something similar to the example logs on your AP console, follow the steps below to troubleshoot the issue.

    *Aug 22 19:39:51.247: %CAPWAP-3-ERRORLOG: Failed to authorize controller using trust config. *Aug 22 19:39:51.248: %CAPWAP-1-SSC_CERT_AUTH_FAILED: Failed to authorize controller, SSC certificate validation failed.Peer certificate verification failed FFFFFFFF *Aug 22 19:39:51.251: %CAPWAP-3-ERRORLOG: Certificate verification failed! *Aug 22 19:39:51.252: DTLS_CLIENT_ERROR: ../capwap/base_capwap/capwap/base_capwap_wtp_dtls.c:447 Certificate verified failed!

    1. Enter test capwap command to manually trigger capwrap discovery in case previous capwrap discovery failed.
      AP# test capwap
    2. If still having issues then physically unplug the network cable from the AP.
    3. Clear any previous configuration stored on the AP.
      AP# clear capwap private-config
      AP# clear lwapp private-config
    4. Reload the AP.
      AP# reload
    5. Once the AP is reloaded, plug in the network cable.

    After your AP has reloaded, it should successfully join the controller.