Hi Jesse
After reading your last email and me thinking about it I was starting to second guess myself and pulled a new 9105AX out of the box to connect it to our 9800. Yea, it sure doesn't enable the ports, and then I thought about it some more and realized that either I didn't have this issue with 1810 because their different in some way then the 9105AX (as their the same config syntax), or because I moved my 1810's from AirOS to IOS and as they where already enabled I didn't have to deal with it, or I was just delirious and forgot about this with the 1810's. I'm leaning to a mixture of the 2nd and 3rd option. As the more I think about it the more I recall seeing this in testing on the 9800 before migration and thinking "how dumb is this" but didn't end up having to deal with it as APs migrated with ports enabled. Either way, here is something that can help you out. I wrote a quick simple EEM script to look for 9105AX's Joining the controller and then enabling all the ports. Probably don't want to run it all the time on your controllers and you can modify it as you see fit, maybe even stream line it a bit. While I don't think it matters since the syslog output and commands should be the same this was written against 17.3.x code. event manager applet enable-rlan-ports event syslog pattern "%CAPWAPAC_SMGR_TRACE_MESSAGE-5-AP_JOIN_DISJOIN:.* Joined" action 050 set ap_model "null" action 100 regexp "^.*%CAPWAPAC_SMGR_TRACE_MESSAGE-5-AP_JOIN_DISJOIN:.* AP Name: (.*),.* Joined$" "$_syslog_msg" ignore ap_name action 150 cli command "enable" action 200 cli command "show ap name $ap_name config general | i Model" action 250 regexp ".*(C9105AXW).*" "$_cli_result" ignore ap_model action 300 if $ap_model eq "C9105AXW" action 350 syslog msg "C9105AX Joined Setting LAN Ports to Enabled" action 400 cli command "ap name $ap_name lan port-id 1 enable" action 450 cli command "ap name $ap_name lan port-id 2 enable" action 500 cli command "ap name $ap_name lan port-id 3 enable" action 550 end Nick ________________________________ From: The EDUCAUSE Wireless Issues Community Group Listserv <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Jesse Thomas <jtho...@hamilton.edu> Sent: Friday, December 11, 2020 8:27 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Cisco WLC 9800 Gotchas EXTERNAL EMAIL Hi Eric and Nick, I do not believe the traditional templates work for APs on the 9800 platform (we make heavy use of them for our AireOS hardware). I did give it a try and it returns a status of "Not Applicable", and the settings for the LAN ports are not changed. That said, the behavior we are experiencing could also be related to an SNMP bug between 17.3.2a and Prime. This is currently preventing us from using Prime to change names on these APs as well. In Prime 3.8 there is a new section: Menu > Configuration > Cisco Catalyst 9800 Configuration where you can create and deploy tags & profiles (matching what's on the WLC), but the trouble we've found is that there is no way to enable the LAN ports in this manner—either via Prime or directly on the WLC using tags/profiles. We have created an RLAN Profile and RLAN Policy to configure the basic settings, security, VLAN mapping, PoE, etc. and these all work as expected, but once this configuration is applied, the ports remain in a disabled state, and we've have to manually enable them on each AP. We have confirmed this behavior with TAC and our regional Cisco SE and are in the process of filing an enhancement request. @Eric - would you be willing to share more detail on or off the list regarding "CSV uploads of MAC-to-AP name assignments"? If I am understanding this correctly, it may be something useful in our deployment workflow. Thanks, -- Jesse On Thu, Dec 10, 2020 at 5:36 PM Ciesinski, Nick <ciesi...@uww.edu<mailto:ciesi...@uww.edu>> wrote: Are you talking about enabling the LAN ports from Prime or on the WLC itself? On the WLC itself the LAN ports are configured via the policy tag configuration in the RLAN-POLICY map section where you assign a RLAN to each port. That policy tag then needs to be applied to the APs. For applying tags I’ve personally moved away from having Prime statically assign APs tags like I used to do with AP groups in AirOS and instead have written regex rules on the WLC to automatically apply the tag based on the AP name. Nick On Dec 10, 2020, at 11:43 AM, Jesse Thomas <jtho...@hamilton.edu<mailto:jtho...@hamilton.edu>> wrote: EXTERNAL EMAIL Hi Everyone, We are boldly moving forward with a deployment of two 9800-40s (HA pair) and about 400 of the new 9105AXW access points. We have encountered a couple of minor issues thus far and I am curious if anyone in the group has also experienced them and perhaps has some recommendations for workarounds. 1. Oddly, there does not appear to be a way to enable the LAN ports on the access points via a policy or tag within the RLAN configuration. We have confirmed this behavior with TAC and filed for an enhancement request. Our current plan is to export a list of all APs and then do a bulk configuration via the CLI. 2. We intend to manage this new setup via Prime Infrastructure and potentially move to DNAC once we retire our older equipment that is not supported on the new platform. However, there does not seem to be a straightforward way to apply existing tags/policies created on the WLC to APs within Prime, and documentation is sparse in this area. Thanks for any insights you can provide on these topics. Regards, -- Jesse Thomas Network & Systems Administrator Hamilton College 315-859-4211 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community