I have a 4400 in the DMZ. Works great and is reachable from inside the network for management puposes (ftp, telnet etc..)
MY WCS shows a config mismatch.
Sees the WLC but when I try to run the report and then sync the config from the controller to the wcs (my typical configuration is done in the wlc)
The WCS says "ip address x.x.x.x" "status device unreachable"
So I cannot sync/copy the controller config to the wcs.
Does anyone know what ports/protocols this feature requires so that I may ensure my firewall is allowing it between these 2 devices?
Solved! Go to Solution.
do you have firewall in between.
please make sure it is not blocking SNMP-GET && SNMP-SET messages.
also make sure that UDP port 161 and 162 are opened.
Thanks for that.
Yeah I already have both udp 161 & 162 allowed between the wcs and wlc.
Yes we do have a firewall between filtering the dmz from the internal network.
I get the same error after double checking that those ports are being allowed.
Mike i made this a bit ago becuase I would always forget myself... Maybe this will help ...
Thanks for the insight.
The diagram is very nice btw.
I checked, I have all the settings already applied at the firewall between the dmz & internal network.
One small tweak you may want to do to your drawing.
Upper left verbage under the heading
"INSIDE to DMZ"
You have the first UDP port missing 1 #6 I believe it should read
Anyway I can see where the WCS is telling me that this issue started back on Oct. 30th. Before then it was working correctly.
I wonder if there is a log in either the wcs or the anchor controller which will tell me more specifically why it is failing.
I did not see anything on the anchor in its log to indicate it say an issue. Since it is upd it may not even be aware a request was made or was and the response was not received.
The wcs is telling me this under admin backround services:
controller configuration backup "warning"
configuration sync "warning"
then inside each is a generic "failed for 1 device".
Attention to detail I like that Mike ... Note taken!
I gave your document the "correct answer" because it is correct; this is how it should work.
At this point as previously mentioned I have been able to verify that both my dmz firewalls (failover capacity) are duplicated and correct with regards to protocals and ports for communicating with the foreign controllers as well as the wcs.
Though my issue still remains that the audit feature for some reason is not functioning.
The wcs can see, talk to and perform two way file transfers the audit function seems broken for this connection.
I am considering opening a case with Cisco on the firewall side to see if there is an issue with how we have it configured or the code rev running on it.
Mike, what was the outcome of this?
As of now I am still unable to get the audit report portion to fuction.
I do not have the time right now to open a TAC on this issue since it is not mission critical.
Everything you posted is correct as to how it should work and I have double checked my firewall as well as the controller & wcs but still no joy.
Either I am missing something or one of the components is not playing nice with the other.
Just as an update if anyone was following this.
I had been able to in the past do my audits to the anchor controller in the DMZ.
At some point late last year I lost the ability to launch the audit for said controller.
It is a 4402 based on code 22.214.171.124
I checked everything in the controller & the cisco asa firewall.
Nothing had changed in reguard to connectivity between the anchor controller and the WCS on the inside.
What I did do 2 weeks ago was run the manual process under
Put a tic mark next to the Anchor controller, then from the drop down menu I chose "refresh config from controller".
Since then it has worked properly.
My guess is there was just something gummed up in the WCS and doing a manual update corrected it or just as likely the code might have a minor bug in it.
Either way it works now so thanks!