07-26-2016 11:24 AM - edited 03-07-2019 12:16 AM
Hello!
I have recently setup a "new" WLC 4402 on my network to replace an old one which stopped booting. The configuration went well and I could set some of the different wlan back but I still cannot access GUI administration web pages.
The page does load but when I can't reach the GUI because of some certificate problem. The error displayed by Firefox is the following:
10.100.1.113 uses an invalid security certificate. The certificate is not trusted because it is self-signed. Error code: SEC_ERROR_UNKNOWN_ISSUER
Here is the result of
show certificate summary
Web Administration Certificate................... Locally Generated
Web Authentication Certificate................... Locally Generated
Certificate compatibility mode:.................. on
show network summary
RF-Network Name............................. blabla
Web Mode.................................... Enable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Enable
OCSP........................................ Disabled
OCSP responder URL..........................
Secure Shell (ssh).......................... Enable
Telnet...................................... Disable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Unicast
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
IGMP Query Interval......................... 20 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Enabled
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
Apple Talk ................................. Disable
AP Fallback ................................ Enable
Web Auth Redirect Ports .................... 80
Web Auth Proxy Redirect ................... Disable
Fast SSID Change ........................... Disabled
802.3 Bridging ............................. Disable
IP/MAC Addr Binding Check .................. Enabled
It seems like some problem with the local certificate but I tried to regenerate the webadmin certificate and it didn't change anything. Furthermore, I cannot reach the http:// version of the GUI administration site either. This could mean that the problem is somewhere else but I then have no idea where to look (on the router or the switch? some mac address not well changed somewhere?).
Do you have any idea what could caused this problem? Or any suggestion on how to debug it?
Thank you in advance for your time and help !
07-26-2016 02:53 PM
What is the exact version is the WLC running on?
07-27-2016 10:03 AM
The version indicated at the top of the boot sequence is the following :
Bootloader 7.0.235.3 (Sep 5 2012 - 21:53:31)
The exact model is :
Model AIR-WLC4402-50-K9
Thank you !
07-27-2016 03:32 PM
Post the complete output to the command "sh interface detail management".
Kindly describe the switchport connecting the controller to the LAN. Is the switchport configured as an access port or as an 802.1q Trunk?
07-28-2016 04:25 PM
Here is the result :
Interface Name................................... management
MAC Address...................................... 00:18:b9:ea:0b:c7
IP Address....................................... 10.100.1.113
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 10.100.1.251
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. untagged
Quarantine-vlan.................................. 0
Active Physical Port............................. LAG (29)
Primary Physical Port............................ LAG (29)
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 10.100.1.112
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
L2 Multicast..................................... Disabled
I don't really know how to answer your second question: i would say trunk but I'm not 100% sure. How can I check that? On the switch with the switchport configuration?
Thank you again :)
PS: sorry for the delay, I only have access at night to the controller.
07-28-2016 06:00 PM
VLAN............................................. untagged
There should be a valid VLAN number in there. The VLAN should match the same VLAN with the subnet "10.100.1.0/24".
Change this using the command "config interface vlan management <VLAN number>".
07-29-2016 09:39 AM
Thanks!
I changed it and it now shows:
Interface Name................................... management
MAC Address...................................... 00:18:b9:ea:0b:c7
IP Address....................................... 10.100.1.113
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 10.100.1.251
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 100
Quarantine-vlan.................................. 0
Active Physical Port............................. LAG (29)
Primary Physical Port............................ LAG (29)
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 10.100.1.112
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
L2 Multicast..................................... Disabled
I rebooted the WLC but it didn't change anything. I still cannot access the administration interface.
07-29-2016 04:33 PM
Is the link from the switch to the controller a 802.1Q Trunk?
07-30-2016 04:05 AM
I think yes but I am not 100% sure.
08-08-2016 10:35 AM
Any other thing that could help me?
Thank you again :)
08-08-2016 02:06 PM
Please upgrade the controller to version 7.0.252.0.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide