Cisco AP Discovery, Option 43/60….And You!

One of the things I see there a lot is either a misunderstanding or lack of understanding as to what Option 43 is for.

So, what is Option 43 for? Glad you asked!

Option 43 is one method of WLC discovery. So let me go back a little bit, and lay out how the AP is informed of the WLC.

In no particular order:

Layer 2 (broadcast)
Layer 3
DHCP Option 43/60
OTAP (depricated)
Previously Joined WLC

So, if you have multiple methods, or in the case of Option 43 multiple WLC, which one will it use? Well I’m going to answer you with the standard wireless answer, “It Depends”.

So, what most people do not understand, is that the AP doesn’t just use one method, it uses them all.

Once the AP has “learned” all the WLC it can from all the methods in use, it sends a discovery request to a WLC that it is aware of. In the WLC’s discovery reply it sends the max AP license, as well as the current excess availability for all members of its mobility group.

So what does that mean? It means that if you have 3 WLC 5508.

5508-A is licensed for 100 AP and has 48 currently joined – excess 52
5508-B is licensed for 150 AP and has 50 currently joined – excess 100
5508-C is licensed for 100 AP and has 65 currently joined – excess 35

The new AP should join to 5508-B, as it has the greatest excess availability. Key word here is should. If the AP has already joined a WLC before, this option will supercede all the others. Another caveat is if one of the WLC has enabled. MCM does not have an affect if the AP has a Primary/Secondary/Tertiary set.

Ok, now to go back and explain the methods.

Layer 2, this is purely broadcast messaging. For this to work the AP and WLC need to be in the same subnet, or you have to add a ip forward-protocol 5247 globally, and an ip helper-address under the L3 interface. That being said, this does not really scale well.

Layer 3 AP is not on the same subnet, so we fall to other methods:

DHCP Option 43/60. So Option 60 is ‘optional’, and is a VCI (Vendor Class Identifier). This will limit the server from giving out the Option 43 if configured. While that sounds bad, it’s actually a good thing. If a DHCP request comes in and it doesn’t have the VCI the server will not return Option 43.

Option 43, is the IP address of the management interface. You only need to list one. If you are running your AP DHCP on a IOS switch, you have the ability to list multiple if you so desire.

DNS – CISCO-CAPWAP-CONTROLLER. resolves to the management IP. This option can be nice if you have regional WLC and your DNS broken up, like etc. If you are only then it still works, but you lose the ability to point to a regional WLC.

Now to move on a bit.

You have AP that are already on the network, can you use Option 43 to push the AP to a new WLC? The answer is no. The AP is going to already know all the WLC in the mobility group, so it will first attempt to join the last WLC it was on.

If you need to move an AP from one WLC to another, a discovery method won’t help you. Your best bet is to go through and just set the Primary Controller as the WLC you want it to join, and make sure that AP fallback is enabled.

