WLC4402 does not respond to HTTPS on the Management interface

Unanswered Question

Hi I have a 4402 running 4.2.205 (have tried 4.2.207 &4.2.176 also). i have this wlcconnected to a 3750 switch (no config - all ports in native vlan1 only g1.0.1 is a trunk for the wlc) vlan 1 has an ip of x.x.x.1/24 - wlc has an ip of x.x.x.2/24 on management interface. running layer2 mode - virtual interface is 1.1.1.1 - then i have a pc connected to the switch with ip x.x.x.10/24. when i connect to wlc using https://x.x.x.2 - it gives a page saying "problem with certificate" (this is normal) when i select continue to this website - the browser just sits there for hours??? if i give the service port an ip of y.y.y.1/24 and connect the pc directly with ip y.y.y.2/24 - https works fine?? What am i missing??

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gustavo Novais Wed, 09/09/2009 - 20:43

Hi, also had browser access problems when upgrading from 4.1.185 to 4.2.176.

You may be hitting one of the following:

CSCsg66040-After a software upgrade, controllers might experience intermittent access to the management interface through HTTPS.

Workaround: Follow these steps to workaround the issue:

a. Make sure HTTPS is enabled on the controller's management interface, reboot the controller from the CLI, and monitor the last service if error messages appear after the controller prompts you to enter a username and password to login.

b. Login with the relevant credentials and reconfigure the virtual interface with this CLI command:

config interface address virtual 1.1.1.1

c. Reboot the controller and make sure the Secure Web service shows up as OK.

d. Generate a certificate using this CLI command:

config certificate generate webauth

e. Click Yes when prompted and wait a few minutes for the certificate to generate.

f. Reboot the controller.

or

then the problem may be your browser that is trying to connect with SSLv2 and that may be disabled on the controller. Try the cli command

config network secureweb cipher-option sslv2 enable

HTH

Gustavo

Hi Gustavo,

I've tried all that ;-(

here is a capture of the settings

==========================

(Cisco Controller) >show certificate summary

Web Administration Certificate................... Locally Generated

Web Authentication Certificate................... Locally Generated

Certificate compatibility mode:.................. off

(Cisco Controller) >show interface summary

Interface Name Port Vlan Id IP Address Type Ap Mgr Guest

-------------------------------- ---- -------- --------------- ------- ------ -----

ap-manager 2 untagged 200.200.200.3 Static Yes No

management 2 untagged 200.200.200.2 Static No No

service-port N/A N/A 100.100.100.1 Static No No

virtual N/A N/A 1.1.1.1 Static No No

(Cisco Controller) >show network summary

RF-Network Name............................. testrfg

Web Mode.................................... Disable

Secure Web Mode............................. Enable

Secure Web Mode Cipher-Option High.......... Enable

Secure Web Mode Cipher-Option SSLv2......... Enable

Secure Shell (ssh).......................... Enable

Telnet...................................... Disable

Ethernet Multicast Mode..................... Disable Mode: Ucast

Ethernet Broadcast Mode..................... Disable

IGMP snooping............................... Disabled

IGMP timeout................................ 60 seconds

User Idle Timeout........................... 300 seconds

ARP Idle Timeout............................ 300 seconds

ARP Unicast Mode............................ Disabled

Cisco AP Default Master..................... Disable

Mgmt Via Wireless Interface................. Disable

Mgmt Via Dynamic Interface.................. Disable

Bridge MAC filter Config.................... Enable

Bridge Security Mode........................ EAP

Over The Air Provisioning of AP's........... Disable

Apple Talk ................................. Disable

--More-- or (q)uit

AP Fallback ................................ Enable

Web Auth Redirect Ports .................... 80

Fast SSID Change ........................... Disabled

802.3 Bridging ............................. Disable

(Cisco Controller) >show certificate summary

Web Administration Certificate................... Locally Generated

Web Authentication Certificate................... Locally Generated

Certificate compatibility mode:.................. off

(Cisco Controller) >

=================================

any other ideas??

I've used the service port to config it, but it won't authenticate AP's either

some error messages;

Mar 1 00:00:43.781: %LWAPP-5-CHANGED: LWAPP changed state to JOIN

examining image...

*Sep 10 14:49:37.174: %LWAPP-5-CHANGED: LWAPP changed state to IMAGE

*Sep 10 14:49:37.256: LWAPP_CLIENT_ERROR_DEBUG: spamProcessSecureMsg : spamCcmDecrypt returned failure

*Sep 10 14:49:37.256: LWAPP_CLIENT_ERROR_DEBUG: spamProcessImageData : spamProcessSecureMsg returned error

*Sep 10 14:49:38.160: LWAPP_CLIENT_ERROR_DEBUG: spamProcessSecureMsg : spamCcmDecrypt returned failure

*Sep 10 14:49:38.160: LWAPP_CLIENT_ERROR_DEBUG: spamProcessImageData : spamProcessSecureMsg returned error

thanks for any help ;o))

Gustavo Novais Thu, 09/10/2009 - 06:44

Have you tried to regenerate the self signed certificate?

If not, no more ideas...

Gustavo

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode