thanks Rasika, '

Almas Saiyed · ‎04-09-2017

Dear All,

I am facing a strange issue while configuring Cisco WLC 5520 and Cisco 3850 switch.

I have assign IP address 192.168.66.1/24 to WLC Management and untagged it.

Created vlan 66, create SVI assigned IP 192.168.66.254/24. WLC is connected on Te 1/0/24, which is trunk and native vlan 66.

Created user vlan 55, created SVI and assigned IP 192.168.55.254/24.

I am able to ping 192.168.66.1 from 3850.

But when I am trying to open https://192.168.66.1 (WLC 5520) from user vlan 55 it opens 3850's web gui.

Urgent help required.

Thanks,

AS

Rasika Nayanajith · ‎04-09-2017

That is weird.

I hope you have not configured "wireless management interface vlan 66" on your 3850 switch.

If problem persist, I would try below

1. tag vlan 66 on wlc end and remove native vlan 66 command on trunk port from the switch end.

Let us know

HTH

Rasika

Almas Saiyed · ‎04-14-2017

thanks Rasika, '

it is already disabled. I have attached sh run of 3850.

version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-vrf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
enable secret 5 $1$7O5R$nQZC6bOhu9wA0DLR4.eEa/
enable password cisco
!
username admin privilege 15 password 0 cisco
no aaa new-model
clock timezone UTC 5 30
switch 1 provision ws-c3850-24xs
!
!
!
!
!
!
!
!
!
!
!
!
qos queue-softmax-multiplier 100
!
crypto pki trustpoint TP-self-signed-2381381258
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2381381258
 revocation-check none
 rsakeypair TP-self-signed-2381381258
!
!
crypto pki certificate chain TP-self-signed-2381381258
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 32333831 33383132 3538301E 170D3137 30343134 30363434 
  33305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 33383133 
  38313235 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  81008FBE 6AE806E6 718717A9 BBD7DAE8 833E47E4 992F7844 C8348BA4 171F288C 
  B127163F D10D10A0 FA94EA77 E3CD8D80 63A1F68B 255C882F C907F46D E5A008EF 
  160A0D16 87E17B06 9F1AB6C9 F67916DE 92D64F9D 32C2D2E9 DB7FB115 A172B20E 
  68D79548 B2D4DEB1 FEE6E273 D94E2075 632D771D 7CE57C58 C0866D83 DC8F163E 
  DAC30203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 
  551D2304 18301680 140D080D 46674A85 5BF31D91 E8A724D2 C45FDB1B 94301D06 
  03551D0E 04160414 0D080D46 674A855B F31D91E8 A724D2C4 5FDB1B94 300D0609 
  2A864886 F70D0101 05050003 8181008D 5200BEB4 AB987F4F 6F95DF32 0422A422 
  A130A323 A7CF0F5A F6B21751 75C57C7C 3FDEBE62 CE2E1598 AFE256CC 52084463 
  FB65697A 6ECC6D79 C0DA9A92 BF4D6A6B 5C50D761 F2B2E56D 459556D8 29969A5F 
  28E7B059 5EF792D9 19A68A9B C1BDF1C2 A4A8854B A24A3654 96BCA553 2BF8A4D7 
  083FC38A BA6132C3 BE78DBCC 502AAC
  quit
diagnostic bootup level minimal
spanning-tree mode rapid-pvst
spanning-tree extend system-id
hw-switch switch 1 logging onboard message level 3
!
redundancy
 mode sso
!
!
!
class-map match-any non-client-nrt-class
!
policy-map port_child_policy
 class non-client-nrt-class
  bandwidth remaining ratio 10
!
! 
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
 vrf forwarding Mgmt-vrf
 ip address 192.168.1.254 255.255.255.0
 negotiation auto
!
interface TenGigabitEthernet1/0/1
!
interface TenGigabitEthernet1/0/2
!
interface TenGigabitEthernet1/0/3
!
interface TenGigabitEthernet1/0/4
!
interface TenGigabitEthernet1/0/5
!
interface TenGigabitEthernet1/0/6
!
interface TenGigabitEthernet1/0/7
!
interface TenGigabitEthernet1/0/8
!
interface TenGigabitEthernet1/0/9
!
interface TenGigabitEthernet1/0/10
!
interface TenGigabitEthernet1/0/11
!
interface TenGigabitEthernet1/0/12
!
interface TenGigabitEthernet1/0/13
!
interface TenGigabitEthernet1/0/14
!
interface TenGigabitEthernet1/0/15
!
interface TenGigabitEthernet1/0/16
!
interface TenGigabitEthernet1/0/17
!
interface TenGigabitEthernet1/0/18
!
interface TenGigabitEthernet1/0/19
!
interface TenGigabitEthernet1/0/20
!
interface TenGigabitEthernet1/0/21
!
interface TenGigabitEthernet1/0/22
 switchport access vlan 55
 switchport mode access
!
interface TenGigabitEthernet1/0/23
 switchport access vlan 55
 switchport mode access
!
interface TenGigabitEthernet1/0/24
 switchport trunk native vlan 66
 switchport mode trunk
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface TenGigabitEthernet1/1/3
!
interface TenGigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/5
!
interface TenGigabitEthernet1/1/6
!
interface TenGigabitEthernet1/1/7
!
interface TenGigabitEthernet1/1/8
!
interface FortyGigabitEthernet1/1/1
!
interface FortyGigabitEthernet1/1/2
!
interface Vlan1
 ip address 192.168.100.1 255.255.255.0
!
interface Vlan55
 ip address 192.168.55.254 255.255.255.0
!
interface Vlan66
 ip address 192.168.66.254 255.255.255.0
!
ip forward-protocol nd
ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.55.253
!
ip access-list extended AutoQos-4.0-wlan-Acl-Bulk-Data
 permit tcp any any eq 22
 permit tcp any any eq 465
 permit tcp any any eq 143
 permit tcp any any eq 993
 permit tcp any any eq 995
 permit tcp any any eq 1914
 permit tcp any any eq ftp
 permit tcp any any eq ftp-data
 permit tcp any any eq smtp
 permit tcp any any eq pop3
ip access-list extended AutoQos-4.0-wlan-Acl-MultiEnhanced-Conf
 permit udp any any range 16384 32767
 permit tcp any any range 50000 59999
ip access-list extended AutoQos-4.0-wlan-Acl-Scavanger
 permit tcp any any range 2300 2400
 permit udp any any range 2300 2400
 permit tcp any any range 6881 6999
 permit tcp any any range 28800 29100
 permit tcp any any eq 1214
 permit udp any any eq 1214
 permit tcp any any eq 3689
 permit udp any any eq 3689
 permit tcp any any eq 11999
ip access-list extended AutoQos-4.0-wlan-Acl-Signaling
 permit tcp any any range 2000 2002
 permit tcp any any range 5060 5061
 permit udp any any range 5060 5061
ip access-list extended AutoQos-4.0-wlan-Acl-Transactional-Data
 permit tcp any any eq 443
 permit tcp any any eq 1521
 permit udp any any eq 1521
 permit tcp any any eq 1526
 permit udp any any eq 1526
 permit tcp any any eq 1575
 permit udp any any eq 1575
 permit tcp any any eq 1630
 permit udp any any eq 1630
 permit tcp any any eq 1527
 permit tcp any any eq 6200
 permit tcp any any eq 3389
 permit tcp any any eq 5985
 permit tcp any any eq 8080
!
!
!
!
line con 0
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 login
line vty 5 15
 login
!
wsma agent exec
 profile httplistener
 profile httpslistener
!
wsma agent config
 profile httplistener
 profile httpslistener
!
wsma agent filesys
 profile httplistener
 profile httpslistener
!
wsma agent notify
 profile httplistener
 profile httpslistener
!
!
wsma profile listener httplistener
 transport http
!
wsma profile listener httpslistener
 transport https
!
no wireless mgmt-via-wireless
ap group default-group
end

Thanks,
AS

Cisco WLC 5520 management IP address issue with Cisco 3850