https trouble with WLC-4402-50

Answered Question
Oct 12th, 2007

I have a WLC4402 and all of a sudden I can't login through the interface I have been using for a couple years. I get the Certificate popup asking to accept the cert and as soon as I click Yes it gives me a "page cannot be found". I can log in through other interfaces though.

Thanks in advance for any help you may be able to give.

I have this problem too.
0 votes
Correct Answer by dennischolmes about 9 years 3 months ago

In the immortal words of E.T. "Call HOME!" ie call TAC. You have a real life situation lol. I haven't seen this in nearly 2 years.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (3 ratings)
Loading.
Scott Fella Fri, 10/12/2007 - 17:15

I have seen this issue if you have an interface on the WLC that is also part of a wired LAN subnet. Make sure you separate your wireless subnets from your wired subnets.

james-mccarthy Mon, 10/15/2007 - 04:43

we do have interfaces on the WLC that are also on the wired LAN. Different interface IP's. The problem is that it was working fine for a couple of years and just stopped working a week or so ago. We are also using software version 3.2.195.10. I think this problem may have started when we updated the software.

Scott Fella Mon, 10/15/2007 - 04:51

I could be that the upgrade caused the issue. It is still best practice to seperate the two. I have ran into that issues with the 4.0 and 4.1 code.

james-mccarthy Mon, 10/15/2007 - 18:18

Yes I can SSH and telnet to the controller. It's just https that won't allow a connection.

mprofitt1967 Mon, 10/15/2007 - 19:58

ssh to the controller and try this...

>show network

to see if secure web mode is enabled, if not

>config network secureweb enable

Scott Fella Tue, 10/16/2007 - 04:04

When you try to https, are you on the wired or on the wireless. There is an option to allow or not allow wireless management. Also I you do have disabled and you are wired and on wireless, it will not work. Verify you can get to the WLC (https) from only a wired laptop or pc.

james-mccarthy Tue, 10/16/2007 - 05:37

-Yes the Secure Web Mode is enabled.

-And yes I am on wired. I do have the allow wireless management option enabled. I can log in through https on other interfaces but not the interface I have been using in the past.

Scott Fella Tue, 10/16/2007 - 05:46

What I meant is make sure you are on the wired, but you don't have your wireless on. also the interface you should be able to https to is the management interface.

james-mccarthy Tue, 10/16/2007 - 05:52

Yeah I have the wireless off. And I can access the management interface through https. But we had a seperate interface using the IT VLAN to allow us to manage the devices without giving access to the entire management VLAN. It's not a huge deal that I can't log in using that interface since I can still manage the devices using the management interface. I was just curious as to why it would work a couple weeks ago and just stop all of a sudden. I'm leaning towards the possibility that the recent software upgrade is responsible for this.

dennischolmes Tue, 10/16/2007 - 06:04

James,

Have you rebooted the WLC? There is a known issue with a corruption of the session as it relates to the certificate on the controller. It was caused by a memory leak I think. Anyway, try rebooting the box. That usually fixes the problem.

Dennis

james-mccarthy Tue, 10/16/2007 - 06:11

Yeah I rebooted it twice already. I even tried to regenerate new certificates. Here's the funny thing though, it says the cert is valid from Nov 8th 2027 through Nov 8th 2037. I'm not an expert on Certificates but this doesn't seem normal.

dennischolmes Tue, 10/16/2007 - 06:15

Nope. Check the date and time on the controller. If the date and time are correct you will need to open a tac case as the certs are way off on the timestamp piece and will need to be rebuilt.

Scott Fella Tue, 10/16/2007 - 06:18

That is how the certificates are in the WLC. The only way I can see that you once were able to manage via the IT VLAN to the IT VLAN WLC Interface is if you had manage via wireless enabled. With the 4.0 and the 4.1 I know for sure you can't access other interfaces other than the management.

james-mccarthy Tue, 10/16/2007 - 06:37

Ok. I'm fine with using the management interface. And am I understanding that it's ok that the certs are off by 20 years? when I click the cert accept page it says the cert is not yet valid.

dennischolmes Tue, 10/16/2007 - 06:46

Same question I asked a bit ago. If the time is correct then TAC will have to get involved unless you time server (if configured) is wrong. Other than that, the unit itself probably has a problem.

james-mccarthy Tue, 10/16/2007 - 07:19

Sorry, I forgot to mention that the clock is correct. day and time are both correct and as far as I know, our NTP servers are also correct. And both units have the Certificate problem with not being valid for 20 more years.

You have all been a great help so far. Thank you.

Correct Answer
dennischolmes Tue, 10/16/2007 - 07:27

In the immortal words of E.T. "Call HOME!" ie call TAC. You have a real life situation lol. I haven't seen this in nearly 2 years.

james-mccarthy Tue, 10/16/2007 - 07:32

HAHA, yeah I had a feeling this wasn't going to be simple. The best thing about it is this: I can't log into the management interface UNTIL I accept the certificate on the other interface first. If I don't do that, it just times out. I think Murphy's law has been applied to me all month.

Thanks again for all your help.

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode