WLC 4400 Adding static route for service port

Unanswered Question
May 9th, 2008
User Badges:
  • Green, 3000 points or more

I am attempting to access the service port from a client pc on another network.


Service port = 10.100.2.1/16

Client IP = 10.1.1.10/16


I know you cannot put a default gateway on the service port, but the documentation says you can add a static route for remote management. So I tried...


config route add 10.1.0.0 255.255.0.0 <gateway.ip>


It does not take the command and says something to the effect of...


"ip address/netmask conflicts with the configured ip address of the service port"



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (3 ratings)
Loading.
acomiskey Fri, 05/09/2008 - 08:36
User Badges:
  • Green, 3000 points or more

I tried all the way to a host mask and got the same thing.


config route add 10.1.1.10 255.255.255.255

Scott Fella Fri, 05/09/2008 - 11:38
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Be carefull.... you are not suppose to have the service port accessible on the network. What you have to do is place it on a subnet that is non-routable on your network and vlan that to other switches if you need to access the service port. It is really meant for out of band management.

Shaun Mickey Mon, 05/12/2008 - 10:54
User Badges:

We are having this same issue. In the cisco documentation it says you should be able to create a static route for the network associated with the service port for remote network management.


In our case the wireless network has been built completely separate from our corp network and we would like the service port on one VLAN of our corp network and be able to access the management page from other VLAN's so that our receptionist can add users/passwords for the web-auth part for visiting users.


Currently we are unable to do this and since the documentation clearly states that it should be possible how can we configure this? or are we bound to some other hack to get this functioning properly?

Scott Fella Mon, 05/12/2008 - 11:04
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

If your wireless is totally seperated from you r network, why don't you create a static route to the management ip of the wlc's. You can create ACL's to only allow the receptionist and others to access the wlc's from your internal network.


Or you should of connected the management port to you internal network and the specify the other port for your wireless traffic.

Shaun Mickey Mon, 05/12/2008 - 12:32
User Badges:

I was able to do this... using a setup similar to the following:


10.1.10.20 = WLC Service Port IP

10.1.10.1 = Gateway address for Service Port Network

10.1.0.0/16 = Network to connect to


From the GUI add network like the following:

Network: 10.1.0.0

Netmask: 255.255.0.0

Gateway: 10.1.10.1


and viola! it worked...

Scott Fella Mon, 05/12/2008 - 16:57
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

So can any host access the WLC'S service port then?

jakew Mon, 05/12/2008 - 17:11
User Badges:
  • Silver, 250 points or more

Maybe so, but you do not want this... the service port is ONLY for out-of-band servicing of the controller, or in the case of WiSMs, communication between WLC and 6K Supervisor.


Packets coming in on the service port generate interrupts directly to the WLC CPU--there is no filtering or rate-limiting!

Scott Fella Mon, 05/12/2008 - 17:15
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Jake,


Good info. I got confused when they mentioned a doc on creating a static route for the service port. I couldn't find any doc regarding this.


5 points for you for clearing this up and also from me scratching my head in confusion.

anton_lva Thu, 10/28/2010 - 23:55
User Badges:

Good day!

It's strange, but my wlc also rejects such variant of adding the static route

it tells something like was mentioned previosly

"IP Address/Netmask entered conflicts with the configured IP Address/Netmask of
the service port."

how did force your wlc to apply this command?

Saman Shamim Wed, 12/28/2011 - 23:53
User Badges:

Hi guys,


I just did configure the service port on a 5508 controller which i'd like to share it with you the way I did it.


I was given a valid IP address (70.X.X.246) with the subnet mask of 255.255.255.252 and with default gateway of 70.X.X.245 for the out-of-band access to the controller from our office (60.X.X.X). So here is what I did:



In the service port interface configuration:


IP: 70.X.X.246

Mask: 255.255.255.252


And In the "Network Route" setting:


IP: 60.X.X.X

Mask: 255.255.255.255

Default Gateway: 70.X.X.245



Hope it helps!

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode