Cannot Manage the Controller from a Wireless VLAN

Unanswered Question
Oct 20th, 2008


I have a 4402 v5.1 with its management Interface on VLAN_A, its AP Manager Interface on VLAN_B and a dynamic interface on VLAN_C. I can manage my controller with my station connected to any VLAN but not if the my station is connected to VLAN_C !

By tracing the https packets, I see my station establishing the TCP session on the controller management interface (VLAN_A), but just after the session establishment, the controller breaks the session with a reset (RST)...

Is is a known limitation that one cannot manage the Controller if the management station is connected to one of the Wireless VLAN ? (note that I tried to enable the management from wireless option as well..)

Thank you for any hints

Yves Haemmerli

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jeff.kish Mon, 10/20/2008 - 10:33

Hi Yves,

Are you attempting to manage the controller from a wireless client? The controller defaults to disallowing wireless clients from connecting to the management interface. If this is the problem, go to the Management tab -> Mgmt Via Wireless to enable this.

There is nothing about the controller that blocks specific subnets from managing it. Just wireless clients in general. I hope solves the problem!


yves.haemmerli Tue, 10/21/2008 - 05:03

Hi Jeff,

Thanks a lot for your suggestion. In fact, I already enabled controller management via Wireless. However, my station is not on wireless, but on VLAN_C, the vlan which is bridged with the WLAN. Actually, as soon the admin station is on a VLAN which is associated with a WLAN, you cannot manage the controller... After the TCP session on port 443 is established with the controller, he controller send a RST to the station...


jeff.kish Tue, 10/21/2008 - 07:27

Unfortunately, I'm a bit stumped here. Maybe someone else can chime in if they've seen this before. I'm guessing that since you're a CCIE that all your routing is configured correctly :) The fact that you show the HTTP sessions initiating should prove this.

What version of code are you running? Do you see this on multiple controllers, or just one?

Also, you're connecting to the management interface, correct? You can't connect to the other L3 interfaces that you create on the controller, just the management interface itself.

yves.haemmerli Tue, 10/21/2008 - 08:53

Hi Jeff,

I really appreciate your help. Yes, my routing is OK (nvertheless, also CCIEs can make mistakes you know ;-)

Actually, the phenomea occurs as soon I configure a dynamic interface on the same subnet as my workstation.

I am running code, so a quite newer one.

To document my problem, I attach hereafter a Wirershark trace when the connection to the management interface responds correctly and another one when the problem occurs. In the first case, my station is anywhere in the network. In the second case, my station is on subnet /24

In addition, I put the two relevant configuration screens.

Thank you for any hints

Yves Haemmerli

jeff.kish Tue, 10/21/2008 - 10:24

Well, I'm again stumped. You say you're always connecting to the management interface, correct?

Hopefully someone else has seen this problem and can shed some light on the subject for us. Sorry I can't be of better help.

yves.haemmerli Wed, 10/22/2008 - 00:05

No problem Jeff, thank you anyway having responded. In any case, I will post the solution, if any ...



This Discussion