Initial Notes

If initial config is basic (lab like) will probably need a default static route.
SSO Mode - earlier code only has RP for pairing. Newer code has RMI+RP. RP can use apipa.
New 4800 APs still have standard static controller config - capwap ap primary-base ____ x.x.x.x
Multicast - Need a wireless media stream for multicast snooping. The non wireless vlans need to be added to the controller too.

16x code has issues trying to keep controller in bundle or install mode? No issues since upgrading to 17x.

cli upgrade with bundle to install
boot system bootflash:packages.conf
install add file bootflash:c9800__________ activate commit

The install can be broken up with separate lines:
install activate
install commit

Run into problems use:
show install summary
install remove inactive
request platform software package clean switch all


Tags = AP Groups
Site Tag = AP Location
RF Tag = Different RF properties per group

Major issues

MDM devices & other devices using service account only able to connect to 802.1x SSID after many retries. Will see EAP errors in traces.

Client fails to join as max user count has been reached for username mdmXXX. WLC has the config “wireless client max-user-login 8”. So when more than 8 client try to join with same username, EAP failure is sent and clients fail to join. This is expected as per the config even if they are being sent to radius server.