Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.
This is an expected behaviour, have a look;
A WLC has one or more AP Manager Interfaces that are used for all Layer 3 communications between the WLC and the lightweight access points after the access point discovers the controller. The AP Manager IP address is used as the tunnel source for LWAPP packets from the WLC to the access point, and as the destination for LWAPP packets from the access point to the WLC. The AP Manager must have a unique IP address. Usually this is configured on the same subnet as the Management interface, but this is not necessarily a requirement. An AP Manager IP address is not pingable from outside the WLC.
From this excellent doc;
Hope this helps!
Please remember to rate helpful posts.....
Thank you for your helping.
I totally understood what did you told me.
However why i can ping to WLC older version(airespace os)?
Please let me know.
If the Ap-Manager addr. was on same subnet as Management i/f and the Management i/f can route to the RADIUS server (as it must), wouldn't you expect the RADIUS server to be able to route to the AP-Manager interface?
Also, once the WLC and AP are Joined, every 30 seconds there is Primary Discovery, Request (from AP) and Reply (from WLC) to & from Management Interface (and LWAPP ECHO Req/REPLY with AP-Manager i/f).
So, Management interface is still involved in traffic after Join is established.
many thanks for the very useful documents, but i'm still confused.
I've 2 WLC, a 2006 and a 4402, both of them with the last release ( 126.96.36.199 ).
On the 2006 I can ping and use for the web connection both the interface ( management and ap-manager ).
On the 4402 I can ping and use for web access only the management interface ( and service of course ). I cannot ping the ap-manager also from inside the WLC.
Any help ?
Luigi, do you have Management via Wireless enabled?
it's disabled. I tryied also to enable it, but nothing change:
management: untagged, 10.23.4.25
ap-manager: untagged, 10.23.4.26
ap-manager still not pingable and not usable for web access.
Thanks in advance and many regards
It sounds like you are waaaaaaaaaaay beyond my scope of limited knowledge when it comes to the WLC and LWAPP processes. I'm still trying to come to grips with the whole concept of Ports, Interfaces, Service ports etc. that are associated with the WLC.Judging by the many posts on this subject I'm not the only one who finds this a tad confusing.
Here is part of the reference that does speak to the ability to ping the different interfaces??
The Management interface is the default interface for in-band management of the WLC and connectivity to enterprise services such as AAA servers. If the service port is in use, the management interface must be on a different subnet from the service port. The management interface is also used for layer 2 communications between the WLC and access points. The Management interface is the only consistently "pingable" in-band interface IP address on the WLC.
If you can shed any light on this I would be most grateful.
The ability to ping to the ap-manager is NOT a supported function in code. Regardless of version this was never an intended function even back in the old Airespace code. If you are able to ping it then you should bring it to the attention of TAC and allow them to open a bug on that revision of code on the specific product. I have had this happen several times in different versions of codes over the past few years and many customers ask this question on why in one version of code can they ping the AP-Manager and then in another version of code they can't.
Again this is NOT a supported function or ability and if you can ping this interface please let TAC know it is happening.
Hi all ,
A bug is alreday filed for it : may be you need to check bug id : CSCsf28199
its reported as new bug