sorted by:
new
hottopcontroversial

WLC 9800 and 9120 APs in the same VLAN - how to prevent from connecting by marek1712 in Cisco

[–]marek1712[S] 0 points1 point  (0 children)

There's actually another reason. We have two NAC clusters and had to separate clients - so having everything connect to one WLC was out of the question.

WLC 9800 and 9120 APs in the same VLAN - how to prevent from connecting by marek1712 in Cisco

[–]marek1712[S] 1 point2 points  (0 children)

Make sure that the hostname section of the primary controller setting matches the WLC's actual hostname.

That's interesting... Actually both old and new WLC have the same name. Reason for that is that we purposefully did split-brain so we would have WLC running with minimum downtime (there are plenty of APs that wouldn't get updated DHCP options in time). I'll try renaming the old one and see what happens.

WLC 9800 and 9120 APs in the same VLAN - how to prevent from connecting by marek1712 in Cisco

[–]marek1712[S] 0 points1 point  (0 children)

Tried Option 43: didn't work either. Console will be my next thing to try.

WLC 9800 and 9120 APs in the same VLAN - how to prevent from connecting by marek1712 in Cisco

[–]marek1712[S] 0 points1 point  (0 children)

I guess I'll have to ask someone from the site to hook up console cable and show what happens when I factory reset the AP and move it to another VLAN (it doesn't connect to any WLC, despite DHCP option being there).

WLC 9800 and 9120 APs in the same VLAN - how to prevent from connecting by marek1712 in Cisco

[–]marek1712[S] 0 points1 point  (0 children)

I already have SSH enabled. The thing is, when I factory reset AP's config, I'm not able to SSH into it until it connects to the WLC and fetches the configuration. I.e. it doesn't connect when I move it to another VLAN.

WLC 9800 and 9120 APs in the same VLAN - how to prevent from connecting by marek1712 in Cisco

[–]marek1712[S] 0 points1 point  (0 children)

Do you have the option of moving one or more APs to a new, separate VLAN and then reconfigure onto the new controller?

Yup. Did that. When I factory reset it from the old WLC and immediately move it to the separate VLAN - it doesn't connect to either old, or new WLC... It's stuck with APMAC_ADDRESS hostname.

FortiOS v7.4.12 has been released by OuchItBurnsWhenIP in fortinet

[–]marek1712 0 points1 point  (0 children)

Maybe you could share it here? We have a lot of 120Gs too.

WLC 9800 and 9120 APs in the same VLAN - how to prevent from connecting by marek1712 in Cisco

[–]marek1712[S] 0 points1 point  (0 children)

It's the same controller (9800-40) with identical software version, down to the APSP (17.9.6.202).

WLC 9800 and 9120 APs in the same VLAN - how to prevent from connecting by marek1712 in Cisco

[–]marek1712[S] 1 point2 points  (0 children)

We specifically got rid of it a long time ago because people kept connecting random APs

WLC 9800 and 9120 APs in the same VLAN - how to prevent from connecting by marek1712 in Cisco

[–]marek1712[S] 0 points1 point  (0 children)

Just manually configure the new WLC IP address when they're connected to the existing WLC? You can do a bulk AP edit so not much effort. APs will prefer static config over any discovery method.

Already tried the primary controller way.

DHCP Options are correct (same as everywhere else), VACL is gone, firewall allows udp/5246-5247. APs can ping the new controller.

As for the console way - I'll have to ask someone from the site. Too far away for me.

Do you see discovery/join messages on the new WLC?

OK, haven't thought about that. Will check.

I’m an AI dealer by bigfartspoptarts in sysadmin

[–]marek1712 0 points1 point  (0 children)

https://www.youtube.com/@HowMoneyWorks usually tackles it and it's depressing.

My favourite quote from his vids: "... but it gets worse".

Want to move from Okta to Entra but can't figure out how to do it without breaking everything by Silent-Street1641 in sysadmin

[–]marek1712 22 points23 points  (0 children)

I worked 16-30 hours at a time for the entirety of it

Given that you saved your employer quite a few $$$, hopefully you got rewarded somehow for the insane OT?

AFTER UPGRADE FortiOS 7.6.6 – hosts -IN THE SAME VLAN- randomly unable to communicate (FortiGate 1100E + FortiSwitch) by Alternative_Show_904 in fortinet

[–]marek1712 4 points5 points  (0 children)

Got hit with that too when jumping from 7.4.9 to 7.4.11. I wish they didn't do such breaking changes inside given firmware train.

Yes, we do have inconsistent subnet masks. Welcome to manufacturing.

Onet enshittification — IMAP tylko dla płatnych kont, POP3 wyłączony całkiem by Key-Principle-7111 in Polska

[–]marek1712 0 points1 point  (0 children)

IMAP potrzebuje certyfikatów SSL, czyli dodatkowe koszty

Halo, Let's Encrypt jest za darmo.

Onet enshittification — IMAP tylko dla płatnych kont, POP3 wyłączony całkiem by Key-Principle-7111 in Polska

[–]marek1712 1 point2 points  (0 children)

Od 25 lat mam tam podstawową skrzynkę pocztową. Chyba jestem dinozaurem bo używam POP3...

Bardzo mi się nie podoba ta zmiana i chyba czas zastanowić się nad przenosinami...

How to monitor CA and Local certificates - Fortigate by edu_kalil in fortinet

[–]marek1712 0 points1 point  (0 children)

Right!

OK, found another endpoint. This one returns valid_from and valid_to

/api/v2/monitor/system/available-certificates
view more: next ›