Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

https trouble with WLC-4402-50

I have a WLC4402 and all of a sudden I can't login through the interface I have been using for a couple years. I get the Certificate popup asking to accept the cert and as soon as I click Yes it gives me a "page cannot be found". I can log in through other interfaces though.

Thanks in advance for any help you may be able to give.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: https trouble with WLC-4402-50

In the immortal words of E.T. "Call HOME!" ie call TAC. You have a real life situation lol. I haven't seen this in nearly 2 years.

20 REPLIES
Hall of Fame Super Silver

Re: https trouble with WLC-4402-50

I have seen this issue if you have an interface on the WLC that is also part of a wired LAN subnet. Make sure you separate your wireless subnets from your wired subnets.

-Scott
*** Please rate helpful posts ***
New Member

Re: https trouble with WLC-4402-50

we do have interfaces on the WLC that are also on the wired LAN. Different interface IP's. The problem is that it was working fine for a couple of years and just stopped working a week or so ago. We are also using software version 3.2.195.10. I think this problem may have started when we updated the software.

Hall of Fame Super Silver

Re: https trouble with WLC-4402-50

I could be that the upgrade caused the issue. It is still best practice to seperate the two. I have ran into that issues with the 4.0 and 4.1 code.

-Scott
*** Please rate helpful posts ***
New Member

Re: https trouble with WLC-4402-50

Can you telnet or ssh to the controller?

New Member

Re: https trouble with WLC-4402-50

Yes I can SSH and telnet to the controller. It's just https that won't allow a connection.

New Member

Re: https trouble with WLC-4402-50

ssh to the controller and try this...

>show network

to see if secure web mode is enabled, if not

>config network secureweb enable

Hall of Fame Super Silver

Re: https trouble with WLC-4402-50

When you try to https, are you on the wired or on the wireless. There is an option to allow or not allow wireless management. Also I you do have disabled and you are wired and on wireless, it will not work. Verify you can get to the WLC (https) from only a wired laptop or pc.

-Scott
*** Please rate helpful posts ***
New Member

Re: https trouble with WLC-4402-50

-Yes the Secure Web Mode is enabled.

-And yes I am on wired. I do have the allow wireless management option enabled. I can log in through https on other interfaces but not the interface I have been using in the past.

Hall of Fame Super Silver

Re: https trouble with WLC-4402-50

What I meant is make sure you are on the wired, but you don't have your wireless on. also the interface you should be able to https to is the management interface.

-Scott
*** Please rate helpful posts ***
New Member

Re: https trouble with WLC-4402-50

Yeah I have the wireless off. And I can access the management interface through https. But we had a seperate interface using the IT VLAN to allow us to manage the devices without giving access to the entire management VLAN. It's not a huge deal that I can't log in using that interface since I can still manage the devices using the management interface. I was just curious as to why it would work a couple weeks ago and just stop all of a sudden. I'm leaning towards the possibility that the recent software upgrade is responsible for this.

Re: https trouble with WLC-4402-50

James,

Have you rebooted the WLC? There is a known issue with a corruption of the session as it relates to the certificate on the controller. It was caused by a memory leak I think. Anyway, try rebooting the box. That usually fixes the problem.

Dennis

New Member

Re: https trouble with WLC-4402-50

Yeah I rebooted it twice already. I even tried to regenerate new certificates. Here's the funny thing though, it says the cert is valid from Nov 8th 2027 through Nov 8th 2037. I'm not an expert on Certificates but this doesn't seem normal.

Re: https trouble with WLC-4402-50

Nope. Check the date and time on the controller. If the date and time are correct you will need to open a tac case as the certs are way off on the timestamp piece and will need to be rebuilt.

Hall of Fame Super Silver

Re: https trouble with WLC-4402-50

That is how the certificates are in the WLC. The only way I can see that you once were able to manage via the IT VLAN to the IT VLAN WLC Interface is if you had manage via wireless enabled. With the 4.0 and the 4.1 I know for sure you can't access other interfaces other than the management.

-Scott
*** Please rate helpful posts ***
New Member

Re: https trouble with WLC-4402-50

Ok. I'm fine with using the management interface. And am I understanding that it's ok that the certs are off by 20 years? when I click the cert accept page it says the cert is not yet valid.

Hall of Fame Super Silver

Re: https trouble with WLC-4402-50

Is the system time on the WLC correct?

-Scott
*** Please rate helpful posts ***

Re: https trouble with WLC-4402-50

Same question I asked a bit ago. If the time is correct then TAC will have to get involved unless you time server (if configured) is wrong. Other than that, the unit itself probably has a problem.

New Member

Re: https trouble with WLC-4402-50

Sorry, I forgot to mention that the clock is correct. day and time are both correct and as far as I know, our NTP servers are also correct. And both units have the Certificate problem with not being valid for 20 more years.

You have all been a great help so far. Thank you.

Re: https trouble with WLC-4402-50

In the immortal words of E.T. "Call HOME!" ie call TAC. You have a real life situation lol. I haven't seen this in nearly 2 years.

New Member

Re: https trouble with WLC-4402-50

HAHA, yeah I had a feeling this wasn't going to be simple. The best thing about it is this: I can't log into the management interface UNTIL I accept the certificate on the other interface first. If I don't do that, it just times out. I think Murphy's law has been applied to me all month.

Thanks again for all your help.

280
Views
8
Helpful
20
Replies