A recently acquired Cisco Aironet 1550 series AP is unable to join the WLC. This message is observed on the AP console:
AAA Authentication Failure for UserName:CC93.1981.0035 User Type: WLAN USER
Which action must be taken for the AP to associate with the controller?
A. Add MAC address CC93.1981.0035 to the Security AAA AP policy Authorization List.
B. Authenticate the AP to the WLC from the console using an admin account on the WLC.
C. Add MAC address CC93.1981.035 to the Security AAA MAC Filtering tab.
D. Import the self-signed certificate of the AP to the Security:Certificate:LSC tab.
E. Import the self-signed certificate of the AP to the Security:Certificate:SSC tab.
Answer: A
See below.
https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/98848-lap-auth-uwn-config.html
Also, the 1550 is an outdoor mesh AP. The process for adding this AP starts:-
Step 1 Add the MAC address of the mesh access point to the controller’s MAC filter. See the Adding MAC Addresses of Mesh Access Points to MAC Filter section.
https://www.cisco.com/c/en/us/td/docs/wireless/technology/mesh/8-3/b_mesh_83/Connecting_the_Cisco_1500_Series_Mesh_Access_Points_to_the___.html#ID4755
Answer C?
Any other comments?
Answer C?
This was the resolution on a TAC case:-
https://community.cisco.com/t5/wireless-mobility-documents/access-point-not-registering-with-5508-controller-running-7-2/ta-p/3112766
Very hard question because there are two ways for AP authorization that I found below. From a TAC case https://community.cisco.com/t5/wireless-mobility-documents/access-point-not-registering-with-5508-controller-running-7-2/ta-p/3112766 the resolutions was “added the AP’s to the MAC filtering table under security”
So this would lean towards C
This doc shows both options A and B possible:-
https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/98848-lap-auth-uwn-config.html:-
Using the Internal Authorization list on the WLC.
Using the MAC address database on an AAA server.
Very hard question because there are two ways for AP authorization that I found below. From a TAC case https://community.cisco.com/t5/wireless-mobility-documents/access-point-not-registering-with-5508-controller-running-7-2/ta-p/3112766 the resolutions was “added the AP’s to the MAC filtering table under security”
So this would lean towards C
Using the Internal Authorization list on the WLC.
Using the MAC address database on an AAA server.
https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/98848-lap-auth-uwn-config.html:-
The behaviors of the APs differ based on the certificate used:
APs with SSCs—The WLC will only use the Internal Authorization list and will not forward a request to a RADIUS server for these APs.
APs with MICs—WLC can use either the Internal Authorization list configured on the WLC or use a RADIUS server to authorize the APs.
The option C is missing one number on last part (.035) of the mac address…
C. Add MAC address CC93.1981.035 to the Security AAA MAC Filtering tab.
This way I think the correct option will be the option A
Very hard question because there are two ways for AP authorization that I found below. From a TAC case https://community.cisco.com/t5/wireless-mobility-documents/access-point-not-registering-with-5508-controller-running-7-2/ta-p/3112766 the resolutions was “added the AP’s to the MAC filtering table under security”
So this would lean towards C
Using the Internal Authorization list on the WLC.
Using the MAC address database on an AAA server.
https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/98848-lap-auth-uwn-config.html:-
The behaviors of the APs differ based on the certificate used:
APs with SSCs—The WLC will only use the Internal Authorization list and will not forward a request to a RADIUS server for these APs.
APs with MICs—WLC can use either the Internal Authorization list configured on the WLC or use a RADIUS server to authorize the APs.
https://www.cisco.com/c/en/us/td/docs/wireless/technology/mesh/8-3/b_mesh_83/Connecting_the_Cisco_1500_Series_Mesh_Access_Points_to_the___.html#ID4755
Adding MAC Addresses of Mesh Access Points to MAC Filter
You must enter the radio MAC address for all mesh access points that you want to use in the mesh network into the appropriate controller. A controller only responds to discovery requests from outdoor radios that appear in its authorization list. MAC filtering is enabled by default on the controller, so only the MAC addresses need to be configured. If the access point has an SSC and has been added to the AP Authorization List, then the MAC address of the AP does not need to be added to the MAC Filtering List.