cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2572
Views
0
Helpful
14
Replies

ASA5506-X cant access wlc-2504

Martin
Level 1
Level 1

Hi guys

 

I have just installed a asa5506-x firewall and have the lasted software version on it and FirePower is operational etc.

I have the following devices

ASA5506 10.10.100.1

FirePOWER 10.10.100.2

WLC2504 10.10.100.3

Switch 10.10.100.4

UPS managment card 10.10.100.5

DHCP router 10.10.100.6

 

The problem is i can access the switch all the devices from my production network 10.10.10.x except for the WLC2504 it was fine before i put the firewall in and its still fine if i put the computer on the 10.10.100.x network, but all the other devices can be accessed so really stumped

14 Replies 14

Can you ping the WLC from your switch?

can you ping the Switch form WLC?

can you ping the firewall from switch?

 

 

does the firewall is connected to switch and so the WLC?

 

please do not forget to rate.

Can you ping the WLC from your switch?  yes

can you ping the Switch form WLC?  Yes

can you ping the firewall from switch? yes both ASA and firepower

 

 

does the firewall is connected to switch and so the WLC? both wlc and firewall connect to the same switch

hm.. can you upload the config of fw and sw and wlc.

 

on wlc just give us

!

show interface summary

 

 

thanks

please do not forget to rate.

Attached the configs thanks

let me get clear if i get your question right. since you connected your firewall/introduce your firewall to the wireless controller you can not connet/ping your wireless controller in subnet 10.10.10.x?

please do not forget to rate.

i can ping it but not connect to the web interface for it from 10.10.10.x

i can ping it but not connect to the web interface for it from 10.10.10.x

 

web interface of what appliance?

please do not forget to rate.

your wireless controller mgmt address is 10.10.100.3, vlan 100

you created another interface martynet-interface  10.10.10.3 vlan 10.

 

now you can ping the vlan 10 but you can not connect to the GUI/WEB interface of wlc addresss 10.10.10.3. which make sense because you have define the mgmt interface for wlc in vlan 100 address 10.10.100.3. so if you need to connect to wlc than you have to type the address  https://10.10.100.3. unless you create a DNS record of it to martynet-wlc.

please do not forget to rate.

i am tryiong to connect to it on 10.10.100.3 but it will not

when you in subnet 10.10.10.x, you in this subnet via wireless AP or wired network.

 

the reason i am saying if you in wireless network with address 10.10.10.x you will be able to ping the wireless controller but you wont be able to get GUI the reason for this is by default WLC does not allow wireless connection to conncet to it GUI. to enable this you need to go to wlc Management tab, (this will be on the top) than on left tab click on mgmt via wireless and check this. than you will be able to connect to wireless gui from the subnet 10.10.10.x

please do not forget to rate.

OK, a bit of confusion here i think.

 

Whan i use my pc on wired connection on the LAN in VLAN 100 i can ping the WLC but i cannot access the GUI

 

When i use my laptop on the wifi on VLAN 100 i can both ping the device and access the GUI

 what is you firepower configuration are. I have checked your config everything is ok. it could be your Firepower playing.

 

can you run this command on your ASA when you on wired vlan 100 and opening the wlc page

 

capture MAN interface Network-Management match host 10.10.100.x host 10.10.100.WLC

 

and share the capture file.

please do not forget to rate.

where the command says host, it will only allw me to have one of the following commands

 

exec mode commands/options:
  access-list      Capture packets that match access-list
  buffer           Configure size of capture buffer, default is 512 KB
  circular-buffer  Overwrite buffer from beginning when full, default is
                   non-circular
  ethernet-type    Capture Ethernet packets of a particular type, default is IP
  headers-only     Capture only L2, L3 and L4 headers of packet without data in
                   them
  match            Capture packets matching five-tuple
  packet-length    Configure maximum length to save from each packet, default
                   is 1518 bytes
  real-time        Display captured packets in real-time. Warning: using this
                   option with a slow console connection may result in an
                   excessive amount of non-displayed packets due to performance
                   limitations.
  trace            Trace the captured packets
  <cr>

sorry typo erro

capture MAN1 interface Network-Management match ip host 10.10.100.x host 10.10.100.WLC

capture MAN2 interface Network-Management match ip host 10.10.100.WLC host 10.10.100.x

 

here is a link if case if you want to do it from GUI.

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118097-configure-asa-00.html

please do not forget to rate.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: