Do I have to add a static route to the service port of 5508?

tdennehy · ‎01-18-2012

I have never actually needed to use the service port of a WLC until today. We found an urgent need to tftp to a controller in the DMZ, and found that we could get to it easily because of change requests, etc.

We configured the service port to 192.168.1.1/30

We configured a laptop to 192.168.1.2/30

We can browse to the controller, etc. When trying to tftp the config from it, however, we could not.

I'm wondering if certain management tasks are disabled over the service port, and if so, is there something that needs to be mapped in order for that to happen?

Thanks in advance...

Scott Fella · ‎01-18-2012

You should be able to tftp from the service port as long as the service port and wlc management interface cannot communicate with each other on the network. So if you have the service port connected, make sure you leave it as layer 2 only, or if you have a layer 3 interface, make sure there is no connectivity between the two.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

tdennehy · ‎01-18-2012

Dynamic vlan #1 = 172.16.16.3

Virtual = 1.1.1.1

Management =172.16.32.3

Service Port= 192.168.1.1

Laptop

Scott Fella · ‎01-18-2012

Okay so the 192.168.1.x/30 is placed on a vlan with no layer 3 interface correct? If so, your setup is the same as if you were connected directly to the service port. I was always to tftp code and configurations using the service port.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

tdennehy · ‎01-18-2012

Nothing but the cable from my laptop to the service port. Not even a switch between the devices. Just a cable.

I can browse to the interface, but cannot tftp. I get an error after I try to upload the saved config to my tftp server on my even tried another laptop just for sanity’s sake. Still gets same error.

Went to a controller not in the DMZ and was able to upload a config to laptop via tftp just fine. Seems to me something in this controller did not get configured correctly when it was initially installed. That’s why I’m asking if there is something that needs to be mapped inside the controller or something strange like that.

Scott Fella · ‎01-18-2012

There is nothing to prevent that. The only time you can't tftp is if your on the wireless and associated to an ap on that wlc. Do you have a static route configured on that wlc? If you can tftp from a different wlc with no issues, then I would compare the two to see I there is something that was configured wrong or added for some reason.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

tdennehy · ‎01-18-2012

I don't need any type of static route if my laptop/tftp is on the same network, do I? Silly question, I know. Cannot think of any other reason why tftp fails locally.

Scott Fella · ‎01-18-2012

Check to see of there is an acl configured on the wlc... You never know.

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

tdennehy · ‎01-18-2012

Good suggestion! I will check that out since I am not the person that set it up.

Maybe someone knocked in an ACLU for mgmt users and denied tftp by mistake. I should probably get a case open...

Stephen Rodriguez · ‎01-18-2012

no you shouldn't need to add a route. An you ash into the WLC and do a

Debug transfer download tftp? May not have the syntax exact pulling from my memory

Sent from Cisco Technical Support iPhone App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

tdennehy · ‎01-18-2012

Am going to try that tomorrow. I should be able to tftp to service port from a local host. Very strange issue indeed...