Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FWSM / 4402 Controller

I have a 4402 as a mobility anchor. The appliance is tied to a 6500 with dual sup2's and a single Firewall services module.

In the past I have had a 6500 with Dual sup720's and dual FWSM. configured the management vlan on the sup included it in the firewall vlan group allong with the other wireless vlans. Everything worked fine.

This setup with the sup2's is giving me grief. from the Firewall I can ping the 4402, the router and the WiSM on another distribution.

Now from the router interface on the 720 I can ping the 4402 and the WiSM's.

From the 4402 I cannot ping the wism nor can I ping the 4402 from the Wism.

The 4402 and the wism are reachable from my work station internal on the network.

The interface on the 6500 is a gig port to the 4402. The port is configured on a set base switch. the trunked vlans are 600 - 604 and vlan 600 is set as access vlan to set it as native.


Re: FWSM / 4402 Controller

The management and AP-manager interfaces must be left untagged Also if the ping is attempted over wireless, the management through wireless check box can be unchecked. The only pingable interface is the management interface. All the AP-managers and the dynamic interfaces do not support pings. The dynamic interfaces can only be pinged if they are mapped to the same port as the management interface. They only send Internet Control Message Protocol (ICMP) replies if the controller is under a light load, because the ICMP is placed as the lowest priority task.

Also, the management interface must be accessed with Layer 3 connectivity to the subnet on which the interface resides. If the management interface is 10.x.x.x, make sure the PC has full access to this subnet. In order to check this, try to access the GUI through secure HTTP. If this does not work, provide full access to the subnet.