You'll need to configure a Cisco WLC using the CLI in case the routing to the network where you HTTPS or access the GUI is unreachable. In my case only the management server is able to SSH remotely to the WLC.
You can verify if the AP has successfully joined the WLC using the show ap join stats summary all command.
(Cisco Controller) >show ap join stats summary all
Number of APs.............................................. 5
Base Mac AP EthernetMac AP Name IP Address Status
c4:b9:cd:1f:02:ab N A AP2c5a.0f5a.fabc 10.16.25.24 Not Joined
c4:b9:cd:1f:08:cd N A AP2c5a.0f5a.fdef 10.16.25.30 Not Joined
c4:b9:cd:1f:17:ef N A AP2c5a.0f5a.f123 10.16.25.26 Not Joined
c4:b9:cd:1f:1c:12 N A AP2c5a.0f5a.f456 10.16.25.27 Not Joined
c4:b9:cd:1f:22:34 N A AP2c5a.0f5a.f789 10.16.25.25 Not Joined
Use the show time command to verify if an NTP server is configured and synchronized time on the WLC.
(Cisco Controller) >show time
Time............................................. Sat Jan 1 11:54:25 2000 // DATE AND YEAR NOT SYNC'D
Timezone delta................................... 0:0
Timezone location................................ (GMT +8:00) HongKong, Bejing, Chongquing
NTP Servers
NTP Polling Interval......................... 3600
Index NTP Key Index NTP Server NTP Msg Auth Status
------- ----------------------------------------------------------------------------------
1 0 63.12.7.2 AUTH DISABLED
I tried to ping the configured NTP server and Google's public NTP server but it's not reachable.
(Cisco Controller) >ping 63.12.7.2
Send count=3, Receive count=0 from 63.12.7.2
(Cisco Controller) >ping 216.239.35.4 // GOOGLE NTP
Send count=3, Receive count=0 from 216.239.35.4
I've configured another internal NTP server that is reachable from the site using the config time ntp server command.
(Cisco Controller) >ping 10.12.3.4
Send count=3, Receive count=3 from 10.12.3.4
(Cisco Controller) >config time ?
manual Configures the system time.
ntp Configures the Network Time Protocol.
timezone Configures the system's timezone.
(Cisco Controller) >config time ntp ?
auth Configures the NTP authentication
interval Configures the Network Time Protocol Polling Interval.
key-auth Configures the NTP authentication key.
server Configures the Network Time Protocol Servers.
(Cisco Controller) >config time ntp server ?
<index> Enter NTP server index.
(Cisco Controller) >config time ntp server 1 ?
<IP Address> Enter NTP server's IP address. Use 0.0.0.0 to delete entry
(Cisco Controller) >config time ntp server 1 10.12.3.4
The DTLS tunnel on the AP were established and it was able to join the WLC.
(Cisco Controller) >show ap join stats summary all
Number of APs.............................................. 5
Base Mac AP EthernetMac AP Name IP Address Status
c4:b9:cd:1f:02:ab N A AP2c5a.0f5a.fabc 10.16.25.24 Joined
c4:b9:cd:1f:08:cd N A AP2c5a.0f5a.fdef 10.16.25.30 Joined
c4:b9:cd:1f:17:ef N A AP2c5a.0f5a.f123 10.16.25.26 Joined
c4:b9:cd:1f:1c:12 N A AP2c5a.0f5a.f456 10.16.25.27 Joined
c4:b9:cd:1f:22:34 N A AP2c5a.0f5a.f789 10.16.25.25 Joined
(Cisco Controller) >save config // SAVE THE CONFIG IN NVRAM
Are you sure you want to save? (y/n) y
Configuration Saved!
You can verify if the AP has successfully joined the WLC using the show ap join stats summary all command.
(Cisco Controller) >show ap join stats summary all
Number of APs.............................................. 5
Base Mac AP EthernetMac AP Name IP Address Status
c4:b9:cd:1f:02:ab N A AP2c5a.0f5a.fabc 10.16.25.24 Not Joined
c4:b9:cd:1f:08:cd N A AP2c5a.0f5a.fdef 10.16.25.30 Not Joined
c4:b9:cd:1f:17:ef N A AP2c5a.0f5a.f123 10.16.25.26 Not Joined
c4:b9:cd:1f:1c:12 N A AP2c5a.0f5a.f456 10.16.25.27 Not Joined
c4:b9:cd:1f:22:34 N A AP2c5a.0f5a.f789 10.16.25.25 Not Joined
Use the show time command to verify if an NTP server is configured and synchronized time on the WLC.
(Cisco Controller) >show time
Time............................................. Sat Jan 1 11:54:25 2000 // DATE AND YEAR NOT SYNC'D
Timezone delta................................... 0:0
Timezone location................................ (GMT +8:00) HongKong, Bejing, Chongquing
NTP Servers
NTP Polling Interval......................... 3600
Index NTP Key Index NTP Server NTP Msg Auth Status
------- ----------------------------------------------------------------------------------
1 0 63.12.7.2 AUTH DISABLED
I tried to ping the configured NTP server and Google's public NTP server but it's not reachable.
(Cisco Controller) >ping 63.12.7.2
Send count=3, Receive count=0 from 63.12.7.2
(Cisco Controller) >ping 216.239.35.4 // GOOGLE NTP
Send count=3, Receive count=0 from 216.239.35.4
I've configured another internal NTP server that is reachable from the site using the config time ntp server command.
(Cisco Controller) >ping 10.12.3.4
Send count=3, Receive count=3 from 10.12.3.4
(Cisco Controller) >config time ?
manual Configures the system time.
ntp Configures the Network Time Protocol.
timezone Configures the system's timezone.
(Cisco Controller) >config time ntp ?
auth Configures the NTP authentication
interval Configures the Network Time Protocol Polling Interval.
key-auth Configures the NTP authentication key.
server Configures the Network Time Protocol Servers.
(Cisco Controller) >config time ntp server ?
<index> Enter NTP server index.
(Cisco Controller) >config time ntp server 1 ?
<IP Address> Enter NTP server's IP address. Use 0.0.0.0 to delete entry
(Cisco Controller) >config time ntp server 1 10.12.3.4
The DTLS tunnel on the AP were established and it was able to join the WLC.
(Cisco Controller) >show ap join stats summary all
Number of APs.............................................. 5
Base Mac AP EthernetMac AP Name IP Address Status
c4:b9:cd:1f:02:ab N A AP2c5a.0f5a.fabc 10.16.25.24 Joined
c4:b9:cd:1f:08:cd N A AP2c5a.0f5a.fdef 10.16.25.30 Joined
c4:b9:cd:1f:17:ef N A AP2c5a.0f5a.f123 10.16.25.26 Joined
c4:b9:cd:1f:1c:12 N A AP2c5a.0f5a.f456 10.16.25.27 Joined
c4:b9:cd:1f:22:34 N A AP2c5a.0f5a.f789 10.16.25.25 Joined
(Cisco Controller) >save config // SAVE THE CONFIG IN NVRAM
Are you sure you want to save? (y/n) y
Configuration Saved!
