Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

2504WLC with Aironet3702i setup issue (cannot SSH to Router or see certain devices)

As I mentioned in a previous post, I am brand new to using Cisco WLCs.  I am having an issue where I cannot see/connect to NAS (two different ones), or ssh to my router.  I can ping the router, but I cannot connect to this.  When I connect via a hard line to the network, I don't have the issue.  This is the wlan I have setup currently.  What am I doing wrong? 

WLAN Identifier.................................. 1

Profile Name..................................... The Tardis

Network Name (SSID).............................. The Tardis

Status........................................... Enabled

MAC Filtering.................................... Disabled

Broadcast SSID................................... Enabled

AAA Policy Override.............................. Disabled

Network Admission Control

Client Profiling Status

    Radius Profiling ............................ Disabled

     DHCP ....................................... Disabled

     HTTP ....................................... Disabled

    Local Profiling ............................. Disabled

     DHCP ....................................... Disabled

     HTTP ....................................... Disabled

  Radius-NAC State............................... Disabled

  SNMP-NAC State................................. Disabled

  Quarantine VLAN................................ 0

Maximum number of Associated Clients............. 0

Maximum number of Clients per AP Radio........... 200

--More-- or (q)uit

Number of Active Clients......................... 4

Exclusionlist Timeout............................ 60 seconds

Session Timeout.................................. 1800 seconds

User Idle Timeout................................ Disabled

Sleep Client..................................... disable

Sleep Client Timeout............................. 12 hours

User Idle Threshold.............................. 0 Bytes

NAS-identifier................................... The_Master

CHD per WLAN..................................... Enabled

Webauth DHCP exclusion........................... Disabled

Interface........................................ management

Multicast Interface.............................. Not Configured

WLAN IPv4 ACL.................................... unconfigured

WLAN IPv6 ACL.................................... unconfigured

WLAN Layer2 ACL.................................. unconfigured

mDNS Status...................................... Enabled

mDNS Profile Name................................ default-mdns-profile

DHCP Server...................................... Default

DHCP Address Assignment Required................. Disabled

Static IP client tunneling....................... Disabled

Quality of Service............................... Silver

Per-SSID Rate Limits............................. Upstream          Downstream

Average Data Rate................................   0                      0

--More-- or (q)uit

Average Realtime Data Rate.......................   0                      0

Burst Data Rate..................................   0                      0

Burst Realtime Data Rate.........................   0                      0

Per-Client Rate Limits........................... Upstream          Downstream

Average Data Rate................................   0                      0

Average Realtime Data Rate.......................   0                      0

Burst Data Rate..................................   0                      0

Burst Realtime Data Rate.........................   0                      0

Scan Defer Priority.............................. 4,5,6

Scan Defer Time.................................. 100 milliseconds

WMM.............................................. Allowed

WMM UAPSD Compliant Client Support............... Disabled

Media Stream Multicast-direct.................... Disabled

CCX - AironetIe Support.......................... Enabled

CCX - Gratuitous ProbeResponse (GPR)............. Disabled

CCX - Diagnostics Channel Capability............. Disabled

Dot11-Phone Mode (7920).......................... Disabled

Wired Protocol................................... None

Passive Client Feature........................... Disabled

Peer-to-Peer Blocking Action..................... Disabled

Radio Policy..................................... All

DTIM period for 802.11a radio.................... 1

DTIM period for 802.11b radio.................... 1

--More-- or (q)uit

Radius Servers

   Authentication................................ Global Servers

   Accounting.................................... Global Servers

      Interim Update............................. Disabled

      Framed IPv6 Acct AVP ...................... Prefix

   Dynamic Interface............................. Disabled

   Dynamic Interface Priority.................... wlan

Local EAP Authentication......................... Disabled

Security

   802.11 Authentication:........................ Open System

   FT Support.................................... Disabled

   Static WEP Keys............................... Disabled

   802.1X........................................ Disabled

   Wi-Fi Protected Access (WPA/WPA2)............. Enabled

      WPA (SSN IE)............................... Disabled

      WPA2 (RSN IE).............................. Enabled

         TKIP Cipher............................. Disabled

         AES Cipher.............................. Enabled

                                                               Auth Key Management

         802.1x.................................. Disabled

         PSK..................................... Enabled

         CCKM.................................... Disabled

--More-- or (q)uit

         FT-1X(802.11r).......................... Disabled

         FT-PSK(802.11r)......................... Disabled

         PMF-1X(802.11w)......................... Disabled

         PMF-PSK(802.11w)........................ Disabled

      FT Reassociation Timeout................... 20

      FT Over-The-DS mode........................ Enabled

      GTK Randomization.......................... Disabled

      SKC Cache Support.......................... Disabled

      CCKM TSF Tolerance......................... 1000

   WAPI.......................................... Disabled

   Wi-Fi Direct policy configured................ Disabled

   EAP-Passthrough............................... Disabled

   CKIP ......................................... Disabled

   Web Based Authentication...................... Disabled

   Web-Passthrough............................... Disabled

   Conditional Web Redirect...................... Disabled

   Splash-Page Web Redirect...................... Disabled

   Auto Anchor................................... Disabled

   FlexConnect Local Switching................... Disabled

   flexconnect Central Dhcp Flag................. Disabled

   flexconnect nat-pat Flag...................... Disabled

   flexconnect Dns Override Flag................. Disabled

   flexconnect PPPoE pass-through................ Disabled

--More-- or (q)uit

   flexconnect local-switching IP-source-guar.... Disabled

   FlexConnect Vlan based Central Switching ..... Disabled

   FlexConnect Local Authentication.............. Disabled

   FlexConnect Learn IP Address.................. Enabled

   Client MFP.................................... Optional

   PMF........................................... Disabled

   PMF Association Comeback Time................. 1

   PMF SA Query RetryTimeout..................... 200

   Tkip MIC Countermeasure Hold-down Timer....... 60

   Eap-params.................................... Disabled

AVC Visibilty.................................... Disabled

AVC Profile Name................................. None

Flow Monitor Name................................ None

Split Tunnel (Printers).......................... Disabled

Call Snooping.................................... Disabled

Roamed Call Re-Anchor Policy..................... Disabled

SIP CAC Fail Send-486-Busy Policy................ Enabled

SIP CAC Fail Send Dis-Association Policy......... Disabled

KTS based CAC Policy............................. Disabled

Assisted Roaming Prediction Optimization......... Disabled

802.11k Neighbor List............................ Disabled

802.11k Neighbor List Dual Band.................. Disabled

Band Select...................................... Disabled

--More-- or (q)uit

Load Balancing................................... Disabled

Multicast Buffer................................. Disabled

Mobility Anchor List

WLAN ID     IP Address            Status

-------     ---------------       ------

802.11u........................................ Disabled

MSAP Services.................................. Disabled

Local Policy

----------------

Priority  Policy Name

--------  ---------------

21 REPLIES
Hall of Fame Super Gold

2504WLC with Aironet3702i setup issue (cannot SSH to Router or s

I am having an issue where I cannot see/connect to NAS (two different ones), or ssh to my router.  I can ping the router, but I cannot connect to this.

Do a trace route to determine where is the traffic being blocked.

Check your routers and switches for any ACL.

New Member

2504WLC with Aironet3702i setup issue (cannot SSH to Router or s

Leo, I'm actually able to ping the devices in question interestingly enough.  What I cannot do is actually connect to them as NAS over the network.  The switch that I've switched over to is not a managed switch, so no ACL there.  When I plug directly into the switch, I am able to connect to the devices.  When I connect to the WAP that's connected to the WLC 2404, I cannot, but I can still ping them.  My ACLs are empty (I haven't configured any). 

Hall of Fame Super Gold

2504WLC with Aironet3702i setup issue (cannot SSH to Router or s

Leo, I'm actually able to ping the devices in question interestingly enough.

Ping works.  HTTP/HTTPS or telnet or SSH doesn't work.  Yes, I got you.

Check for any ACL in your network.  The ACL doesn't have to be in the WLC.  It could be in the router. 

New Member

2504WLC with Aironet3702i setup issue (cannot SSH to Router or s

Sorry, I was actually referring to the router.  This is the ACL that I have on the router:

Extended IP access list 101

    10 permit ip 192.168.1.0 0.0.0.255 any

Hall of Fame Super Gold

2504WLC with Aironet3702i setup issue (cannot SSH to Router or s

The switch that I've switched over to is not a managed switch, so no ACL there.  When I plug directly into the switch, I am able to connect to the devices.  When I connect to the WAP that's connected to the WLC 2404, I cannot, but I can still ping them.

Describe your VLANs.  Tell me what you have.

The switchport to the WLC should be a 802.1q trunk.  The switchport to the AP should be an access port. 

New Member

2504WLC with Aironet3702i setup issue (cannot SSH to Router or s

I actually don't ahve any VLANs at the moment.  The switch is a Netgear 24 port unmanaged switch.  I still haven't gone over ACLs in my ccna studies yet.... which command should I use via the CLI?

Hall of Fame Super Gold

2504WLC with Aironet3702i setup issue (cannot SSH to Router or s

Then take off the ACL and see if you have access to the NAS server.

If you plug a computer directly to the switch do you see the same issue?

New Member

2504WLC with Aironet3702i setup issue (cannot SSH to Router or s

Never mind, I figured the ACL part out.  I can SSH to the router now, but I'm still having the other issues of the other traffic not working to the other devices such as the NAS. 

New Member

2504WLC with Aironet3702i setup issue (cannot SSH to Router or s

I'll remove the ACL and check.  No, when I plug a computer directly into the switch I do not have any issues.  None. 

New Member

2504WLC with Aironet3702i setup issue (cannot SSH to Router or s

When I remove the ACL, I am then unable to access anything.  (Router, Internet, etc)

Hall of Fame Super Gold

2504WLC with Aironet3702i setup issue (cannot SSH to Router or s

The switchport from your WLC to the switch, is it an access port or a dot1q trunk?

New Member

2504WLC with Aironet3702i setup issue (cannot SSH to Router or s

On the WLC itself?  I'm not certain..... how would I check? 

Hall of Fame Super Gold

2504WLC with Aironet3702i setup issue (cannot SSH to Router or s

On the WLC itself?  I'm not certain..... how would I check?

Ahhhhhh ... Your Netgear is an unmanaged switch, right?

So I will presume it won't do 802.1q trunking.  I will also presume that the switch only knows VLAN 1.

Post the CLI output of the WLC to the command "sh interface detail management".

New Member

2504WLC with Aironet3702i setup issue (cannot SSH to Router or s

Yes, it's unmanaged.  I have a very old catalyst switch from 2005, and it's been causing me nothing but probelms so I just retired it. 

Interface Name................................... management

MAC Address...................................... 50:06:04:cb:6b:20

IP Address....................................... 192.168.1.250

IP Netmask....................................... 255.255.255.0

IP Gateway....................................... 192.168.1.1

External NAT IP State............................ Disabled

External NAT IP Address.......................... 0.0.0.0

VLAN............................................. untagged 

Quarantine-vlan.................................. 0

Active Physical Port............................. 1        

Primary Physical Port............................ 1        

Backup Physical Port............................. Unconfigured

DHCP Proxy Mode.................................. Global

Primary DHCP Server.............................. 192.168.1.1

Secondary DHCP Server............................ Unconfigured

DHCP Option 82................................... Disabled

IPv4 ACL......................................... Unconfigured

mDNS Profile Name................................ Unconfigured

AP Manager....................................... Yes

Guest Interface.................................. No

L2 Multicast..................................... Enabled

New Member

2504WLC with Aironet3702i setup issue (cannot SSH to Router or s

Hmmm, I think it must have something to do with the WLC......  I have an autonomous access point plugged into the switch and I'm having zero issues. 

Hall of Fame Super Gold

2504WLC with Aironet3702i setup issue (cannot SSH to Router or s

AP Manager....................................... Yes

I haven't used 2504 before but can you turn AP Manager off?

New Member

2504WLC with Aironet3702i setup issue (cannot SSH to Router or s

I did that, and the AP reset, and then it can't download any configuration. 

Hall of Fame Super Gold

2504WLC with Aironet3702i setup issue (cannot SSH to Router or s

Hmmm ... I may have given you the wrong info.  If you turn off the AP Manager from the Management interface then it means you need to create an AP Manager interface (which is NOT my intention).

Can you enable AP Manager back again, please? 

New Member

2504WLC with Aironet3702i setup issue (cannot SSH to Router or s

Working on it.....  I'm trying to do this via the command line and I'm having a heck of a time at it. 

New Member

2504WLC with Aironet3702i setup issue (cannot SSH to Router or s

Alright, I got it back.  What should I try next? 

New Member

2504WLC with Aironet3702i setup issue (cannot SSH to Router or s

Now that I think about it, everything did function as it should initially.  I think I had the WLC on the same VLAN as the Catalyst switch, if that makes sense?  Anyhow, I tried using the managed switch again and it's dead.  I have another 2970 on order. 

511
Views
0
Helpful
21
Replies