topic Re: 5520 - Management gui access issue in Wireless

5520 - Management gui access issue

YC2 — Wed, 24 May 2023 15:31:24 GMT

We have a 5520 running 8.10.183.0. Noticed some odd gui access behavior. If the controller has an interface on a vlan, and I try to access the controller gui from a WIRED client on said vlan, it will time out. Yes the vlan has a route to the controller's management interface. It can ping the controller just fine. Wireshark shows TLS/HTTPS packets going back and forth as well. This isn't a routing/switching issue.

Is it somehow considering any client, wired or wireless, with an ip that matches one of it's non-management interface, a wireless client? I have "Enable management from wifi clients" on anyway, so even if it is, why isn't it working? I removed the interface in question from the controller and gui access started working immediately.

Re: 5520 - Management gui access issue

Flavio Miranda — Wed, 24 May 2023 15:37:22 GMT

Try this command

config network mgmt-via-dynamic-interface enable

Re: 5520 - Management gui access issue

YC2 — Wed, 24 May 2023 15:46:56 GMT

Interesting, cli only option. But ultimately that doesn't sound like what I need. Let's use some generic ip addresses for discussion

Managment addr (Let's call it interface A) = 10.1.1.1/24

Interface B = 10.2.1.1/24

If I am a wired client, for example 10.2.1.50, on the B subnet, I am unable to access the gui via A. I do not want to access the gui via B, which if I understand it right is what "config network mgmt-via-dynamic-interface enable " will accomplish. If I remove the B interface, the wired client can now get to A.

Re: 5520 - Management gui access issue

Flavio Miranda — Wed, 24 May 2023 16:03:11 GMT

The management interface is there for this. You should access the WLC from anywhere using the Management interface. The command I shared is for in case you need to access the WLC using a different interface on the WLC.

The problem you are describing is simply the lack of defautl gateway on the management interface. So, basically you need to have default gateway on the management interface and this gateway must be able to route everyone.

WLC does not have routing funcrtion as it is basically a Layer2 device.

Re: 5520 - Management gui access issue

YC2 — Wed, 24 May 2023 16:08:22 GMT

There is a gateway on interface A / management already. If a wired client is on B, it can ping A just fine. To access the gui via https://A I have to delete interface B.

Re: 5520 - Management gui access issue

Flavio Miranda — Wed, 24 May 2023 16:15:52 GMT

Then you may have CPU Access list on the WLC allowing only from destination. Cause dont make sense if you have routing does not access the gui

Re: 5520 - Management gui access issue

YC2 — Wed, 24 May 2023 16:25:01 GMT

No access lists to speak of. I know it doesn't make sense, that's why I'm confused.🙂🙂