I am attempting to access the service port from a client pc on another network.
Service port = 10.100.2.1/16
Client IP = 10.1.1.10/16
I know you cannot put a default gateway on the service port, but the documentation says you can add a static route for remote management. So I tried...
config route add 10.1.0.0 255.255.0.0 <gateway.ip>
It does not take the command and says something to the effect of...
"ip address/netmask conflicts with the configured ip address of the service port"
Never really tied this - so I am guessing, what if you tried to extend the route subnet from 16 to a more specific 24? 10.1.1.0 ?
Be carefull.... you are not suppose to have the service port accessible on the network. What you have to do is place it on a subnet that is non-routable on your network and vlan that to other switches if you need to access the service port. It is really meant for out of band management.
We are having this same issue. In the cisco documentation it says you should be able to create a static route for the network associated with the service port for remote network management.
In our case the wireless network has been built completely separate from our corp network and we would like the service port on one VLAN of our corp network and be able to access the management page from other VLAN's so that our receptionist can add users/passwords for the web-auth part for visiting users.
Currently we are unable to do this and since the documentation clearly states that it should be possible how can we configure this? or are we bound to some other hack to get this functioning properly?
If your wireless is totally seperated from you r network, why don't you create a static route to the management ip of the wlc's. You can create ACL's to only allow the receptionist and others to access the wlc's from your internal network.
Or you should of connected the management port to you internal network and the specify the other port for your wireless traffic.
I was able to do this... using a setup similar to the following:
10.1.10.20 = WLC Service Port IP
10.1.10.1 = Gateway address for Service Port Network
10.1.0.0/16 = Network to connect to
From the GUI add network like the following:
and viola! it worked...
Maybe so, but you do not want this... the service port is ONLY for out-of-band servicing of the controller, or in the case of WiSMs, communication between WLC and 6K Supervisor.
Packets coming in on the service port generate interrupts directly to the WLC CPU--there is no filtering or rate-limiting!
Good info. I got confused when they mentioned a doc on creating a static route for the service port. I couldn't find any doc regarding this.
5 points for you for clearing this up and also from me scratching my head in confusion.
It's strange, but my wlc also rejects such variant of adding the static route
it tells something like was mentioned previosly
"IP Address/Netmask entered conflicts with the configured IP Address/Netmask of
the service port."
how did force your wlc to apply this command?
I just did configure the service port on a 5508 controller which i'd like to share it with you the way I did it.
I was given a valid IP address (70.X.X.246) with the subnet mask of 255.255.255.252 and with default gateway of 70.X.X.245 for the out-of-band access to the controller from our office (60.X.X.X). So here is what I did:
In the service port interface configuration:
And In the "Network Route" setting:
Default Gateway: 70.X.X.245
Hope it helps!