Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

WLC4402 does not respond to HTTPS on the Management interface

Hi I have a 4402 running 4.2.205 (have tried 4.2.207 &4.2.176 also). i have this wlcconnected to a 3750 switch (no config - all ports in native vlan1 only g1.0.1 is a trunk for the wlc) vlan 1 has an ip of x.x.x.1/24 - wlc has an ip of x.x.x.2/24 on management interface. running layer2 mode - virtual interface is 1.1.1.1 - then i have a pc connected to the switch with ip x.x.x.10/24. when i connect to wlc using https://x.x.x.2 - it gives a page saying "problem with certificate" (this is normal) when i select continue to this website - the browser just sits there for hours??? if i give the service port an ip of y.y.y.1/24 and connect the pc directly with ip y.y.y.2/24 - https works fine?? What am i missing??

  • Other Wireless - Mobility Subjects
3 REPLIES
New Member

Re: WLC4402 does not respond to HTTPS on the Management interfac

Hi, also had browser access problems when upgrading from 4.1.185 to 4.2.176.

You may be hitting one of the following:

CSCsg66040-After a software upgrade, controllers might experience intermittent access to the management interface through HTTPS.

Workaround: Follow these steps to workaround the issue:

a. Make sure HTTPS is enabled on the controller's management interface, reboot the controller from the CLI, and monitor the last service if error messages appear after the controller prompts you to enter a username and password to login.

b. Login with the relevant credentials and reconfigure the virtual interface with this CLI command:

config interface address virtual 1.1.1.1

c. Reboot the controller and make sure the Secure Web service shows up as OK.

d. Generate a certificate using this CLI command:

config certificate generate webauth

e. Click Yes when prompted and wait a few minutes for the certificate to generate.

f. Reboot the controller.

or

then the problem may be your browser that is trying to connect with SSLv2 and that may be disabled on the controller. Try the cli command

config network secureweb cipher-option sslv2 enable

HTH

Gustavo

New Member

Re: WLC4402 does not respond to HTTPS on the Management interfac

Hi Gustavo,

I've tried all that ;-(

here is a capture of the settings

==========================

(Cisco Controller) >show certificate summary

Web Administration Certificate................... Locally Generated

Web Authentication Certificate................... Locally Generated

Certificate compatibility mode:.................. off

(Cisco Controller) >show interface summary

Interface Name Port Vlan Id IP Address Type Ap Mgr Guest

-------------------------------- ---- -------- --------------- ------- ------ -----

ap-manager 2 untagged 200.200.200.3 Static Yes No

management 2 untagged 200.200.200.2 Static No No

service-port N/A N/A 100.100.100.1 Static No No

virtual N/A N/A 1.1.1.1 Static No No

(Cisco Controller) >show network summary

RF-Network Name............................. testrfg

Web Mode.................................... Disable

Secure Web Mode............................. Enable

Secure Web Mode Cipher-Option High.......... Enable

Secure Web Mode Cipher-Option SSLv2......... Enable

Secure Shell (ssh).......................... Enable

Telnet...................................... Disable

Ethernet Multicast Mode..................... Disable Mode: Ucast

Ethernet Broadcast Mode..................... Disable

IGMP snooping............................... Disabled

IGMP timeout................................ 60 seconds

User Idle Timeout........................... 300 seconds

ARP Idle Timeout............................ 300 seconds

ARP Unicast Mode............................ Disabled

Cisco AP Default Master..................... Disable

Mgmt Via Wireless Interface................. Disable

Mgmt Via Dynamic Interface.................. Disable

Bridge MAC filter Config.................... Enable

Bridge Security Mode........................ EAP

Over The Air Provisioning of AP's........... Disable

Apple Talk ................................. Disable

--More-- or (q)uit

AP Fallback ................................ Enable

Web Auth Redirect Ports .................... 80

Fast SSID Change ........................... Disabled

802.3 Bridging ............................. Disable

(Cisco Controller) >show certificate summary

Web Administration Certificate................... Locally Generated

Web Authentication Certificate................... Locally Generated

Certificate compatibility mode:.................. off

(Cisco Controller) >

=================================

any other ideas??

I've used the service port to config it, but it won't authenticate AP's either

some error messages;

Mar 1 00:00:43.781: %LWAPP-5-CHANGED: LWAPP changed state to JOIN

examining image...

*Sep 10 14:49:37.174: %LWAPP-5-CHANGED: LWAPP changed state to IMAGE

*Sep 10 14:49:37.256: LWAPP_CLIENT_ERROR_DEBUG: spamProcessSecureMsg : spamCcmDecrypt returned failure

*Sep 10 14:49:37.256: LWAPP_CLIENT_ERROR_DEBUG: spamProcessImageData : spamProcessSecureMsg returned error

*Sep 10 14:49:38.160: LWAPP_CLIENT_ERROR_DEBUG: spamProcessSecureMsg : spamCcmDecrypt returned failure

*Sep 10 14:49:38.160: LWAPP_CLIENT_ERROR_DEBUG: spamProcessImageData : spamProcessSecureMsg returned error

thanks for any help ;o))

New Member

Re: WLC4402 does not respond to HTTPS on the Management interfac

Have you tried to regenerate the self signed certificate?

If not, no more ideas...

Gustavo

225
Views
0
Helpful
3
Replies