WLC 5508 Cant get access via the Mgmt Interface

Answered Question
Aug 17th, 2010

Hello everybody,

i have a wlc 5508 (version 7.0.98.0) , if i'm pinging the service port interface or try to get access via this interface, everythings is fine, but if cant get access via the management interface. (but its pingable)

the crazy thing is, that the LAP joined successful ti the wlc, but the Upgradetool (converting an AP to an LAP) doesnt work, because the tool cant reach the mgmt interface of the wlc.

there are no ACLs, which are blocking the traffic between wlc and my computer

Does anyone has an idea, what i've configured wrong???

regrads,

Rocco

I have this problem too.
0 votes
Correct Answer by Georgios Nikitas about 6 years 5 months ago

I think you have a static route on the controller for your PC subnet.

This is the only way to reach the service port from another network since it doesn't have a default gateway!

If you remove the static route you will lose connectivity with the service port and gain connectivity to the management interface.

It's up to you which one you prefer.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
dancampb Tue, 08/17/2010 - 06:09

Is your PC on the same VLAN as the service port?  If so that could be the issue.  The HTTP request to the controller goes to the managment interface IP but the reply is coming out of the service port.

Rocco_Prielipp Tue, 08/17/2010 - 06:14

no my Pc isnt in the same VLAN, but the communication between Service port and my Pc is working. So if the response comes out of the Service port it has to working, to?! Or did i understand something wrong?

dancampb Tue, 08/17/2010 - 06:17

The controller routes packets similar to a mulit-homed PC.  If your PC was on the same VLAN as the service port packets destined to it would go out the service port.  If your PC is on a different subnet then packets should be coming out of the management interface.

Would it be possible for you to post the output of "show interface summary" from the controller and "show run int gx/x" for the switchport the controller is connected to?

Rocco_Prielipp Tue, 08/17/2010 - 06:34

Interface Name                   Port Vlan Id  IP Address      Type    Ap Mgr Guest
-------------------------------- ---- -------- --------------- ------- ------ -----
wlan1                                   1    16       172.16.2.10      Dynamic No     No
management                         1    2        172.16.1.10      Static     Yes    No
wlan2                                   1    220      172.16.3.10   Dynamic No     No
service-port                        N/A  N/A      10.75.100.99      Static     No     No
virtual                                N/A  N/A      1.1.1.1               Static     No     No

and my Pc is in the 172.16.4 subnet

i have no access to the switch port, where the controller is connected to, but i know that this port permits access to the vlans which are used

dancampb Tue, 08/17/2010 - 06:40

I see the management interface is assigned to VLAN 2.  I would just verify that the native VLAN on the switchport is not VLAN 2.

Can you ping the management interface?

Have you tried enabling HTTP on the controller so that you take the certificates out of the equation?

Leo Laohoo Tue, 08/17/2010 - 15:27

Upgrade tool .... Hmmmm ...

Unless you are converting autonomous to LWAP on newer APs like 1130, 1240, 1140 and 1250 it's just as simple as copying the LWAP IOS (file with the suffix "rcv" in the filename) into the autonomous AP and let the AP boot this image and you should be ready to go.  If you have older models then, unfortunately, the upgrade tool is the way to go.

Make sure your PC and the WLC are in the same VLAN.

Rocco_Prielipp Tue, 08/17/2010 - 23:03

yes of cause, this is the way had upgraded our Ap1242.

leolaohoo schrieb:

Make sure your PC and the WLC are in the same VLAN.

so,  i allways have to be in the same vlan as the managemnt interface to get access to it?!?

Correct Answer
Georgios Nikitas Thu, 08/26/2010 - 03:23

I think you have a static route on the controller for your PC subnet.

This is the only way to reach the service port from another network since it doesn't have a default gateway!

If you remove the static route you will lose connectivity with the service port and gain connectivity to the management interface.

It's up to you which one you prefer.

Actions

This Discussion

 

 

Trending Topics - Security & Network