I have a Cisco Router 887 here, with an integrated AP. This AP is a separate device in the router, with its own software, config, etc.
My problem I can't get the remote management of this AP to work (I'd prefer CLI, which means via SSH).
The router has a separate interface to communicate/manage with the AP:
description Service module interface to manage the embedded AP
ip unnumbered Vlan100
arp timeout 0
ip address 172.22.2.1 255.255.255.0
After this initial configuration, I can login to the AP *via the router* by issuing this command:
wlan service-module wlan-ap 0 session
When I'm on the router via console, this works! But when I'm on the router via SSH, it won't work:
router#connect 172.22.2.1 2002
Trying 172.22.2.1, 2002 ...
% Connections to that host not permitted from this terminal
I'd like to configure the access to work via an SSH-session also!
My line-configs are as follows:
line con 0
no modem enable
line aux 0
transport preferred none
transport input all
line vty 0 4
access-class VTY.TRUSTED in
exec-timeout 120 0
transport input ssh
I tried to remove the access-class and allow every protocol (transport input all), but it didn't change it. How can I make this access to work? How can I find out what is preventing it?
*Note: The rest of this posting covers technically a different problem! I would be very happy if i had at least an answer to one of the given problems!
After failing to achieve this, I tried to tackle the problem differently. This time by configuring an IP-Adress on the AP itself, to SSH directly to it. But I also couldn't get this to work!
There is an internal data-connection between router and the integrated AP:
description Internal switch interface connecting to the embedded AP
switchport mode trunk
no ip address
description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router
no ip address
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
encapsulation dot1Q 100
bridge-group 100 spanning-disabled
no bridge-group 100 source-learning
ip address 172.22.2.5 255.255.255.0
bridge 100 route ip
The problem here is: I can't get the IP from BVI100 to work correctly in VLAN100. That is, I can't reach it anywhere from VLAN100. This happens in spite of the fact that the SSID (config not shown, it's a Dot11Radio0.100 subinterface with the corresponding bridge-group 100 attached) works perfectly fine.
In my tests I found if I configure the IP in BVI1 (Vlan1), it's reachable. Just in this case the VLAN 1 is not the VLAN I'd like the management IP to be.
Is there some additional bridge-group config missing? I wouldn't know which, as I see no difference to bridge-group 1, where it would work. The only difference is that VLAN 1 is bridged natively via the internal data-link, whereas VLAN 100 is tagged. As I said, WLAN over these SSIDs/VLANs works as expected.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...