CR-2026-03-10: C9130AX WiFi 6 AP — Implementation
Implementation
Phase 1: BIND DNS Configuration
1.1 Backup Zone File
TIMESTAMP=$(date +%Y%m%d%H%M)
sudo cp /var/named/inside.domusdigitalis.dev.zone \
/var/named/inside.domusdigitalis.dev.zone.bak.${TIMESTAMP}1.2 Add CAPWAP Controller Records
# Add A records for WLC HA cluster
echo "CISCO-CAPWAP-CONTROLLER IN A 10.50.1.40" | sudo tee -a /var/named/inside.domusdigitalis.dev.zone
echo "CISCO-CAPWAP-CONTROLLER IN A 10.50.1.41" | sudo tee -a /var/named/inside.domusdigitalis.dev.zone1.3 Increment Serial and Reload
# Increment serial (YYYYMMDDNN format)
sudo vim /var/named/inside.domusdigitalis.dev.zone
# Validate zone
sudo named-checkzone inside.domusdigitalis.dev /var/named/inside.domusdigitalis.dev.zone
# Reload
sudo rndc reload inside.domusdigitalis.dev1.4 Verify Resolution
dig CISCO-CAPWAP-CONTROLLER.inside.domusdigitalis.dev @10.50.1.90Expected:
;; ANSWER SECTION: CISCO-CAPWAP-CONTROLLER.inside.domusdigitalis.dev. 3600 IN A 10.50.1.40 CISCO-CAPWAP-CONTROLLER.inside.domusdigitalis.dev. 3600 IN A 10.50.1.41
Phase 2: Verify AXFR Replication
# Check zone transfer to bind-02
dig CISCO-CAPWAP-CONTROLLER.inside.domusdigitalis.dev @10.50.1.91If not replicated, force transfer:
ssh bind-02 "sudo rndc retransfer inside.domusdigitalis.dev"Phase 3: Trigger AP Discovery
# Bounce switch port to trigger DHCP renewal
netapi ios run "conf t" "interface te1/0/8" "shut" "no shut" "end"Phase 4: Verify AP Join
# Check WLC for join attempt
netapi wlc run "show wireless stats ap join summary"
# Verify AP registered
netapi wlc run "show ap summary"Implementation Log
| Time | Action | Result |
|---|---|---|
2026-03-10 13:30 |
Initial attempt: VyOS Option 138 |
Failed - AP requests Option 43, not 138 |
2026-03-10 14:00 |
Investigated VyOS vendor-option |
Only Ubiquiti supported, no Cisco |
2026-03-10 14:15 |
BIND DNS: Added CISCO-CAPWAP-CONTROLLER records |
Serial 2026031005 → 2026031006 |
2026-03-10 14:16 |
Zone reload + AXFR verification |
Both bind-01 and bind-02 resolving |
2026-03-10 14:17 |
AP discovery |
JOINED - C9130AX-01 at 10.50.10.111 |
Verification Output
WLC Confirmation
9800-WLC-01#show wireless stats ap join summary Number of APs: 2 Base MAC Ethernet MAC AP Name IP Address Status a0a4.7f20.dd00 8c88.812a.0000 C9130AX-01 10.50.10.111 Joined
Client Distribution - All clients migrated to WiFi 6
MAC Address AP Name Type State Protocol Method 14f6.d87b.3180 C9130AX-01 WLAN 4 Run 11ax(5) Dot1x 80a9.9734.a120 C9130AX-01 WLAN 5 Run 11ax(5) MAB bcd0.740c.057e C9130AX-01 WLAN 5 Run 11ax(2.4) MAB
CLI Mastery Patterns
BIND Zone Management
# Capture current serial with dig + awk
CURRENT_SERIAL=$(dig @10.50.1.90 inside.domusdigitalis.dev SOA +short | awk '{print $3}')
NEW_SERIAL=$((CURRENT_SERIAL + 1))
echo "Current: $CURRENT_SERIAL -> New: $NEW_SERIAL"
# Validate zone before reload (always!)
sudo named-checkzone inside.domusdigitalis.dev /var/named/inside.domusdigitalis.dev.zone
# Force zone transfer to secondary
sudo rndc retransfer inside.domusdigitalis.devCAPWAP Troubleshooting
# Test DNS resolution from workstation
dig CISCO-CAPWAP-CONTROLLER.inside.domusdigitalis.dev +short
# Verify both WLCs returned (HA)
dig CISCO-CAPWAP-CONTROLLER.inside.domusdigitalis.dev +short | wc -l
# Expected: 2
# Check CAPWAP UDP ports (5246, 5247)
ss -unap | grep -E '524[67]'AP Status Commands
# Show all APs with their status
netapi wlc run "show ap summary"
# Show detailed join statistics
netapi wlc run "show wireless stats ap join summary"
# Show radio status (channels, power)
netapi wlc run "show ap dot11 5ghz summary"
netapi wlc run "show ap dot11 6ghz summary"
# Show clients per AP
netapi wlc run "show wireless client summary"