Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
13241
Views
20
Helpful
11
Replies

WLC 4400 Adding static route for service port

acomiskey
Level 10
Level 10

‎05-09-2008 08:07 AM - edited ‎07-03-2021 03:50 PM

I am attempting to access the service port from a client pc on another network.

Service port = 10.100.2.1/16

Client IP = 10.1.1.10/16

I know you cannot put a default gateway on the service port, but the documentation says you can add a static route for remote management. So I tried...

config route add 10.1.0.0 255.255.0.0 <gateway.ip>

It does not take the command and says something to the effect of...

"ip address/netmask conflicts with the configured ip address of the service port"

Labels:
0 Helpful
11 Replies 11

andrew.prince
Level 10
Level 10

‎05-09-2008 08:14 AM

Never really tied this - so I am guessing, what if you tried to extend the route subnet from 16 to a more specific 24? 10.1.1.0 ?

HTH.

0 Helpful

acomiskey
Level 10
Level 10
In response to andrew.prince

‎05-09-2008 08:36 AM

I tried all the way to a host mask and got the same thing.

config route add 10.1.1.10 255.255.255.255

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to acomiskey

‎05-09-2008 11:38 AM

Be carefull.... you are not suppose to have the service port accessible on the network. What you have to do is place it on a subnet that is non-routable on your network and vlan that to other switches if you need to access the service port. It is really meant for out of band management.

-Scott
*** Please rate helpful posts ***

Shaun Mickey
Level 1
Level 1
In response to Scott Fella

‎05-12-2008 10:54 AM

We are having this same issue. In the cisco documentation it says you should be able to create a static route for the network associated with the service port for remote network management.

In our case the wireless network has been built completely separate from our corp network and we would like the service port on one VLAN of our corp network and be able to access the management page from other VLAN's so that our receptionist can add users/passwords for the web-auth part for visiting users.

Currently we are unable to do this and since the documentation clearly states that it should be possible how can we configure this? or are we bound to some other hack to get this functioning properly?

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to Shaun Mickey

‎05-12-2008 11:04 AM

If your wireless is totally seperated from you r network, why don't you create a static route to the management ip of the wlc's. You can create ACL's to only allow the receptionist and others to access the wlc's from your internal network.

Or you should of connected the management port to you internal network and the specify the other port for your wireless traffic.

-Scott
*** Please rate helpful posts ***
0 Helpful

Shaun Mickey
Level 1
Level 1
In response to Scott Fella

‎05-12-2008 12:32 PM

I was able to do this... using a setup similar to the following:

10.1.10.20 = WLC Service Port IP

10.1.10.1 = Gateway address for Service Port Network

10.1.0.0/16 = Network to connect to

From the GUI add network like the following:

Network: 10.1.0.0

Netmask: 255.255.0.0

Gateway: 10.1.10.1

and viola! it worked...

Scott Fella
Hall of Fame
Hall of Fame
In response to Shaun Mickey

‎05-12-2008 04:57 PM

So can any host access the WLC'S service port then?

-Scott
*** Please rate helpful posts ***
0 Helpful

jakew
Level 1
Level 1
In response to Scott Fella

‎05-12-2008 05:11 PM

Maybe so, but you do not want this... the service port is ONLY for out-of-band servicing of the controller, or in the case of WiSMs, communication between WLC and 6K Supervisor.

Packets coming in on the service port generate interrupts directly to the WLC CPU--there is no filtering or rate-limiting!

Scott Fella
Hall of Fame
Hall of Fame
In response to jakew

‎05-12-2008 05:15 PM

Jake,

Good info. I got confused when they mentioned a doc on creating a static route for the service port. I couldn't find any doc regarding this.

5 points for you for clearing this up and also from me scratching my head in confusion.

-Scott
*** Please rate helpful posts ***
0 Helpful

anton_lva
Level 1
Level 1
In response to Shaun Mickey

‎10-28-2010 11:55 PM

shaun_mickey

Good day!

It's strange, but my wlc also rejects such variant of adding the static route

it tells something like was mentioned previosly

"IP Address/Netmask entered conflicts with the configured IP Address/Netmask of
the service port."

how did force your wlc to apply this command?

0 Helpful

Saman Shamim
Level 1
Level 1

‎12-28-2011 11:53 PM

Hi guys,

I just did configure the service port on a 5508 controller which i'd like to share it with you the way I did it.

I was given a valid IP address (70.X.X.246) with the subnet mask of 255.255.255.252 and with default gateway of 70.X.X.245 for the out-of-band access to the controller from our office (60.X.X.X). So here is what I did:

In the service port interface configuration:

IP: 70.X.X.246

Mask: 255.255.255.252

And In the "Network Route" setting:

IP: 60.X.X.X

Mask: 255.255.255.255

Default Gateway: 70.X.X.245

Hope it helps!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card