Cisco Wireless LAN Controllers (WLC) help reduce overall operational expenses by simplifying network deployment, operations, and management. Extending the same Cisco Borderless Networks policy and security from the wired network core to the wireless edge, Cisco Wireless Controllers deliver the industry’s most scalable and highest performing controller solution. These controllers provide unique network security and optimization for IPv6-enabled mobile clients, and next-generation hotspot functionality―from branch offices, to small enterprises, to main campuses and service providers.

Cisco Wireless Controllers support system wide functions to deliver:

  • Flexibility to configure wireless policy, management, or security settings at any time through centralized provisioning and management
  • Faster response to business needs by centrally managing wireless networks
  • Standardized access point configuration for software versioning
  • Wireless intrusion prevention system (wIPS) capabilities
  • Networkwide quality of service (QoS) for voice and video across wired and wireless
  • Networkwide centralized security policies across wired and wireless networks
  • Industry-leading mobility, security, and management for IPv6 and dual-stack clients, equipping administrators for IPv6 troubleshooting, planning, and client traceability from a common wired and wireless management system

Configuration Steps:

Step 1:

Lightweight AP (LAP) Registration to a Wireless LAN Controller (WLC)

Several methods can be adopted to get the LAP discover the controller, which are:

Method no. 1: Configure DHCP OPTION 43

When a Cisco Wireless Unified architecture is deployed, the lightweight Cisco Aironet access points (AP) can use a vendor-specific Dynamic Host Control Protocol (DHCP) Option 43 to join specific Wireless LAN Controllers (WLCs) when the WLC is in a different subnet than the LAP.

Register the LAP with the WLC


This sequence of events must occur in order for an LAP to register to a WLC:

  1. The LAPs issue a DHCP discovery request to get an IP address, unless it has previously had a static IP address configured.
  2. The LAP sends LWAPP discovery request messages to the WLCs.
  3. Any WLC that receives the LWAPP discovery request responds with an LWAPP discovery response message.
  4. From the LWAPP discovery responses that the LAP receives, the LAP selects a WLC to join.
  5. The LAP then sends an LWAPP join request to the WLC and expects an LWAPP join response.
  6. The WLC validates the LAP and then sends an LWAPP join response to the LAP.
  7. The LAP validates the WLC, which completes the discovery and join process. The LWAPP join process includes mutual authentication and encryption key derivation, which is used to secure the join process and future LWAPP control messages.
  8. The LAP registers with the controller.


A complete Step-by-step guide on DHCP Option 43 configuration is present here.


Method no.2: DNS Server Configuration

When Cisco’s Wireless Unified Architecture is deployed, the Cisco Aironet Lightweight Access Points (LAPs) can discover wireless LAN controllers (WLCs) using the DNS server when the WLC is in a different subnet than the LAP.

Wireless LAN Controller DNS Discovery

The LAP can discover controllers through your domain name server (DNS). For the access point (AP) to do so, you must configure your DNS to return controller IP addresses in response to CISCO-LWAPP-CONTROLLER.localdomain, where localdomain is the AP domain name. When an AP receives an IP address and DNS information from a DHCP server, it contacts the DNS to resolve CISCO-LWAPP-CONTROLLER.localdomain. When the DNS sends a list of controller IP addresses, the AP sends discovery requests to the controllers.

The AP will attempt to resolve the DNS name CISCO-LWAPP-CONTROLLER.localdomain. When the AP is able to resolve this name to one or more IP addresses, the AP sends a unicast LWAPP Discovery Message to the resolved IP address(es). Each WLC that receives the LWAPP Discovery Request Message replies with a unicast LWAPP Discovery Response to the AP.

A complete Step-by-step guide on DNS Server configuration is present here.

Method no. 3: Use IP helper address on the Router

Although this is not a part of the Layer 3 discovery algorithm, this is a simpler method that can be used when WLC and LAPs are in different subnets. After the LAP gets an IP address from the DHCP server, the LAP broadcasts a Layer 3 LWAPP discovery message on to its local subnet. The IP address of the WLC is configured as the ip-helper address on the router. The router forwards these broadcasts to the IP addresses configured with the ip-helper command on the interface on which the broadcast is heard. When you use the ip helper-address command, DIRECTED BROADCASTS, as well as unicasts, eight different UDP ports are forwarded automatically.

This example shows the configuration on the router:

  • Router(config)#interface Fastethernet XX
  • Router(config-if)#ip helper-address (IP address of the WLC)
  • Router(config-if)#exit
  • Router(config)ip forward-protocol udp 5246


Step 2:

Integration with the ACS (Optional)

TACACS+ is a client/server protocol that provides centralized security for users that attempt to gain management access to a router or network access server. TACACS+ provides these AAA services:

  • Authentication of users attempting to log in to the network equipment
  • Authorization to determine what level of access users should have
  • Accounting to keep track of all changes the user makes

ACS Network Diagram Overview:



Step 3:

Conversion of Autonomous AP to Light Weight

In the Cisco Centralized Wireless LAN Architecture, access points operate in lightweight mode. The access points associate to a Cisco wireless LAN controller. The controller manages the configuration, firmware, and control transactions such as 802.1x authentications. In addition, all wireless data traffic is tunneled through the controller.


Step 4:

Discover LAP in Controller

After successfully following Step 1 and Step 3, LAP will automatically join the controller.

Step 5:

Configure LAP

After the LAP has joined the controller following configurations should be done.

  1. LAP Name
  2. Location
  3. High Availability

Step 6:

Configure WLANs

The Cisco UWN solution can control up to 512 WLANs for lightweight access points. Each WLAN has a separate WLAN ID (1 through 512), a separate profile name, and a WLAN SSID. All controllers publish up to 16 WLANs to each connected access point, but you can create up to 512 WLANs and then selectively publish these WLANs (using access point groups) to different access points to better manage your wireless network.




  1. Hello very nice website!! Man .. Beautiful ..
    Superb .. I’ll bookmark your website and take the feeds additionally?
    I am glad to find numerous useful information here
    in the submit, we need work out extra strategies in this
    regard, thanks for sharing. . . . . .