Last updated:

Access Point Connectivity – Remote Site Preparations

If you plan to demonstrate Enterprise Networking or Security content utilizing an onsite access point (AIR-CAP model) at a non-Cisco site, follow the steps below to ensure a successful experience.


Demonstrating at a non-Cisco Site Using an Onsite Access Point

There are two ways to prepare:

  • Using a router registered and configured for Cisco dCloud (highly recommended).
NOTE: Refer to the guide for details on router requirements.
  • Using an access point (AP) only.

Using a dCloud Registered ISR

  1. Prior to arriving at the remote site, make sure your devices are enabled:
NOTE: If you do not have a router, learn how to get one to use for your dCloud sessions.
    • Test your router connectivity prior to going to your remote site by connecting your laptop to the same wired port that your router will use.
    • Test connectivity to dCloud. Success on VPN means you can use your router on this connection.
    • Plug the WAN port of the router into an Internet connection.
    • Schedule and complete a practice session using the router.
    • If using an external AP, attach it to one of the LAN ports on the router. Ensure the private address for the wireless LAN controller is configured on the AP as indicated in the AP provisioning section of the associated content guide.
  1. Ensure that there is wired VPN connectivity at the customer site for your router.
NOTE: Contact the site representative to ensure you will have a wired connection that supports VPN (TCP 443) for your router at the site.
  1. Once at the remote site:
    • Plug in your router. It will find your scheduled session.
    • Test for proper VPN connectivity using steps 1b and 1c above.

Using an Access Point Only

  1. Prior to arriving at the remote site, make sure you are familiar with provisioning your AP with a wireless LAN controller IP address. This information is in the AP Provisioning section of your script.
  2. Prior to arriving at the remote site, have an associate at the remote site test bandwidth and VPN connectivity using the same wired connection that will be used for the session.
  3. If the BYOD Data, BYOD Control, and VPN Ready tests are not successful, ensure that the firewall configuration allows the protocols and ports specified in Firewall Port Requirements to Support Your Session.  Note, using a router avoids data and control port (CAPWAP) issues.
  4. Verify with the remote site that the access point will receive an IP address.
    • Check to see if a firewall is blocking access points from receiving IP addresses, or if switchport security prevents access.
    • You may need to request a static IP address and default gateway address from the customer. See Configuring a Status IP Address on the Access Point for details.
  5. Once at the remote site:
    • Plug into the port that will be used for the session with a wired laptop and then verify connectivity by using the bandwidth and VPN connectivity test link from Step 2 above.
    • In the dCloud UI, locate your session and click View. Click Review Session Info and then locate the public address with the description of the wireless LAN controller.
    • Configure the public address of the wireless LAN controller on your access point. See Configuring Controller IP address on the Access Point.
    • If the connection test was successful, attach the configured access point to the network using the same port where the test was conducted.
NOTE: If you are using a static IP address, configure the static IP address provided prior to attaching the access point to the network as explained in Configuring a Static IP Address on the Access Point and test this address on your laptop to ensure connectivity.

The AP connects to the demo system with an LED color of solid green. The SSIDs may NOT be visible on your endpoint device until you complete the AP Verification explained in the demonstration guide you will complete. You are now ready to conduct the demonstration.

Firewall Port Requirements to Support Your Session

Necessary ports:

If not using a router, UDP 5246 and 5247 should be opened to:

  • Americas data center:
  • EMEAR data center:, and
  • APJ data center: and
  • GC data center:

AnyConnect and router VPN: Use TCP 443 for most networks.

Configuring a Static IP Address on the Access Point

Once a static IP address is configured on the AP, it does not need to be removed. If the AP cannot connect the network via the static IP address, it will automatically use DHCP to connect.

  1. Console into the AP.  Log in with the default credentials of Cisco/Cisco.
  2. Issue these commands to assign a static IP address to your AP:

capwap ap ip address <address> <subnet mask> (Enter the IP address and subnet mask provided by the customer)
capwap ap ip default-gateway <address> (Enter the IP address provided by the customer)
show capwap ip config (This will verify that the above commands were successful)

Configuring Controller IP address on the Access Point

  1. Console into the access point. Log in with the default credentials of Cisco/Cisco.
  2. Enter the following command:
    capwap ap controller ip address <WLC Public IP>
NOTE: Use the IP address of your controller from the scheduled demonstration page. It is important to verify that your access point has an IP address. Please ensure the access point does not state “Not sending discovery request. AP does not have an IP.” If you are using a router, enter the private address for the wireless LAN controller.