Solved: I can't access controller on management interface

olgu arabaci · ‎01-17-2014

Hi Everybody;

I use 5500 series Controller and 3502 APs for wireless clients. I do some configuration but i can't access controller on management interface. We use Avaya switch on network. I share my switch and controller configuration below. Please tell me what that i did wrong...

switch port which connect to WLC;

port tagging is trunk port. And i add VLAN 15 to this port.

Note: We use VLAN 15 like management vlan on our switch. So i add this vlan on WLC port.

WLC configuration ;

Interface Name................................... management

MAC Address...................................... 6c:20:56:bd:c1:40

IP Address....................................... 10.15.5.100

IP Netmask....................................... 255.255.255.0

IP Gateway....................................... 10.15.5.1

External NAT IP State............................ Disabled

External NAT IP Address.......................... 0.0.0.0

VLAN............................................. 15

Quarantine-vlan.................................. 0

Active Physical Port............................. 1

Primary Physical Port............................ 1

In normaly i can access the devices which in same network on WLC. (Exp: i can ping 10.15.5.28 -> this is a switch ip.)

Rasika Nayanajith · ‎01-17-2014

Yes, remove the Service port IP configuration & save the configuration.

If all other configurations are ok (HP switchport configured as trunk with native vlan is something other than 15 & WLC tags vlan 15 for management), then it should work. If you want to use service port then user completely different supernet IP like 192.168.x.x or 127.16.x.x & do not use 10.x.x.x

HTH

Rasika

**** Pls rate all useful response ****

View solution in original post

Sandeep Choudhary · ‎01-17-2014

HI,

Are you accessing the GUI from a "Wireless" device or a wired client?

Did u enable http?

If using a wireless device, and looking at the same out put from above, do you see "Mgmt Via Wireless Interface" enabled?

Can you confirm whether or not your service port is on a different "supernet" than the management interface?

Enable HTTP

(WLC >config network webmode enable

ENABLE HTTPS

(WLC) >config network secureweb enable

You must reboot for the change to take effect.

Regards

Scott Fella · ‎01-17-2014

If you can ping out from the WLC to a switch or router then your network setting is fine. From a wired machine can you GUI or Telnet/SSH to the WLC through the management IP?

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎01-17-2014

If your using wireless and trying to access the WLC, you need to enable management via wireless

config network mgmt-via-wireless enable

This will allow you to access the management when associated to an access point that is joined to that WLC.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

olgu arabaci · ‎01-17-2014

I can access the controller through service port with GUI. It's so normal because i plugged one side of cable my network port and the other side pluged WLC. The main problem is that i can't ping the management interface IP and i can't access with GUI.

Note: I connect the network with wire.

Scott Fella · ‎01-17-2014

Set the management Vlan to 0 and test

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Saravanan Lakshmanan · ‎01-17-2014

are sure wlc ip is not configured anywhere in network.

share service port config.

disable service port and try.

does the switch has arp entry of wlc.

does wired pc able to ping mgmt ip of wlc. if this fails get below output from wlc.

clear arp entry on pc, arp of wlc on switch, arp on wlc. repeat this pinging pc to wlc and wlc to pc and verify the arp update on each device.

wlc debugs

session:1

debug arp event enable

debug arp error enable

session:2

debug arp all enable

it is possible arp entry of wlc is updating with incorrect mac on its connected switch.

Saravanan Lakshmanan · ‎01-17-2014

other workarounds.

try lag, if not already.

if lag disabled, map mgmt interface to separate physical port.

try different vlan id ie., 200 or 0 like Scott mentioned.

olgu arabaci · ‎01-17-2014

i do vlan 0 but nothing happened. But i notice WLC learn the BackBone device and also BB learn the WLC on ARP. They learn their IP but i can't still ping mgmt IP.

I'm sure there is no IP conflict.

Service port conf;

Interface Name................................... service-port

MAC Address...................................... 6c:20:56:bd:c1:41

IP Address....................................... 10.10.10.25

IP Netmask....................................... 255.255.255.0

DHCP Protocol.................................... Disabled

AP Manager....................................... No

Guest Interface.................................. No

Service port is static how can i disable

Saravanan Lakshmanan · ‎01-17-2014

remove the static ip or change to dhcp, be sure there is no dhcp server reachable.

check the entry got right mac address.

Rasika Nayanajith · ‎01-17-2014

Yes, remove the Service port IP configuration & save the configuration.

If all other configurations are ok (HP switchport configured as trunk with native vlan is something other than 15 & WLC tags vlan 15 for management), then it should work. If you want to use service port then user completely different supernet IP like 192.168.x.x or 127.16.x.x & do not use 10.x.x.x

HTH

Rasika

**** Pls rate all useful response ****

olgu arabaci · ‎01-19-2014

WLC interface summary is below;

Interface Name Port Vlan Id IP Address Type Ap Mgr Guest

-------------------------------- ---- -------- --------------- ------- ------ -----

management 1 15 10.15.5.100 Static Yes No

redundancy-management 1 15 0.0.0.0 Static No No

redundancy-port - untagged 0.0.0.0 Static No No

service-port N/A N/A 192.168.10.10 Static No No

virtual N/A N/A 1.1.1.1 Static No No

And also i do trunk my switch port which connect between WLC. I still can't ping mgmt IP.

Sandeep Choudhary · ‎01-19-2014

HI Olgu,

Try to set management port in VLAN 0.

config interface vlan management 0

Then try it.

also paste the ouput from WLC:

Sh cdp neigh

show interface detailed management

You mus use this config on swicth port where WLC is connected:

interface GigabitEthernet0/xx

description *** WLC ***

switchport trunk encapsulation dot1q

switchport trunk allow vlan 15

switchport mode trunk

spanning-tree trunk port-fast

Regards

Rasika Nayanajith · ‎01-19-2014

What is the native vlan of your switch port trunk configuration ? It can be anything other than 15.

From QoS perspective, it is not good ideal to un-tag managment interface (or otherwise set it to 0)

HTH

Rasika

**** Pls rate all useful responses ****

olgu arabaci · ‎01-20-2014

Thanks for all replies;

I set the factory default on WLC and configure at begining. This time i set service-port int. and mgmt int. on the different supernet. And it works, i can ping and also access http to WLC. I didn't understand why it wasn't work when i change service-port to different supernet before I set to factory default. Whatever it is working now. I thanks everyone who get posted again.