Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Wism 4404 remote manage WLCs

i am able to manage the WLCs by https:\\IP from one vlan but not from another.

i dont see any rule on FWSM blocking the attempt so i guess its being blocked on WLC Level

is there a setting which allows/denys managment from specific vlan/ip ?

thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Wism 4404 remote manage WLCs

Do you have this enabled? 

config network mgmt-via-wireless

Again, if your wireless dynamic interfaces are on wired user subnet's, you can run into the issue your seeing.  So either you enable management-via-wireless, make sure your wireless is separate from your wired subnet's or you just use the dynamic interface ip to access the WLC.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
13 REPLIES
VIP Purple

Wism 4404 remote manage WLCs

Are you able to ping WLC management IP from the vlan you cannot https ? Check your switch SVI where WLC management subnet defined to see any ACL applied ?

Rasika

Re: Wism 4404 remote manage WLCs

Are you trying to access the WLC from a subnet that you have a dynamic interface configured for?

Steve

Sent from Cisco Technical Support iPhone App

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Re: Wism 4404 remote manage WLCs

Yes

Re: Wism 4404 remote manage WLCs

Yes, there is a setting which allows/denys managment from specific vlan/ip

Cisco Employee

Re: Wism 4404 remote manage WLCs

If your PC is not on the same vlan as the management interface, can you

initiate the command:

> config network mgt-via-dynamic-interface enable

New Member

Re: Wism 4404 remote manage WLCs

i configed the command but still no access (was disabled and now enabled)

Hall of Fame Super Silver

Re: Wism 4404 remote manage WLCs

Typically you should have your wireless separate from your wired devices. The question is, are you trying to access the WLC from a wireless or wired client. config network mgmt-via-wireless enable allows you to access the WLC management IP from a wireless client. So let us know if you are trying from a wireless or wired client also.

Here is a link that explains it better.

http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080a7c988.shtml#t3

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Re: Wism 4404 remote manage WLCs

i am using a wired client

i can connect from a user vlan that is not in the dynamic list

but not from a user vlan that is dynamic

i tried the command that Jha Abha gave but still nothing

Hall of Fame Super Silver

Re: Wism 4404 remote manage WLCs

Well, what code are you running? I know there was a bug on a certain version of code back then. You might want to look it up in the bug toolkit. The command that they posed was so you can use the IP address of the dynamic interface IP to access the WLC. So if you enabled that, try to access the WLC using the ip of the dynamic interface.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Re: Wism 4404 remote manage WLCs

OK

tried again with the above command to dynamic interface IP and works.

my question now is:

whats blocking me from connecting to the managment IP from the dynamic Interface VLAN

but is allowing me to connect from a vlan now configured on WLC?

and why is the above command set to diabled as default (whats the security risk?)

Hall of Fame Super Silver

Wism 4404 remote manage WLCs

Do you have this enabled? 

config network mgmt-via-wireless

Again, if your wireless dynamic interfaces are on wired user subnet's, you can run into the issue your seeing.  So either you enable management-via-wireless, make sure your wireless is separate from your wired subnet's or you just use the dynamic interface ip to access the WLC.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
New Member

Wism 4404 remote manage WLCs

OK

didnt think that i would need config network mgmt-via-wireless (thought it detect wired or wireless connections , not just subnets)

i think i will work with the dynamic IP

whats the security risk with  network mgmt-via-dynamic-interface enable ?

Hall of Fame Super Silver

Wism 4404 remote manage WLCs

The risk is, some don't want to allow access in general to the WLC on the wireless no matter what.  Others want that ability in case they need to troubleshoot.  So the risk is the same for either the management interface or the dynamic interface... users can http/https to the ip address (if they know it) and try to login (which they most likely can't).  I typically like to manage the WLC's on the wireless, but thats me:)

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
309
Views
0
Helpful
13
Replies
CreatePlease to create content