Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
693
Views
0
Helpful
10
Replies

[WLC 4402] Impossible to access GUI administration interface

association_rezal
Level 1
Level 1

‎07-26-2016 11:24 AM - edited ‎03-07-2019 12:16 AM

Hello!

I have recently setup a "new" WLC 4402 on my network to replace an old one which stopped booting. The configuration went well and I could set some of the different wlan back but I still cannot access GUI administration web pages.

The page does load but when I can't reach the GUI because of some certificate problem. The error displayed by Firefox is the following:

10.100.1.113 uses an invalid security certificate. The certificate is not trusted because it is self-signed. Error code: SEC_ERROR_UNKNOWN_ISSUER

Here is the result of

show certificate summary

Web Administration Certificate................... Locally Generated
Web Authentication Certificate................... Locally Generated
Certificate compatibility mode:.................. on

show network summary

RF-Network Name............................. blabla
Web Mode.................................... Enable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Enable
OCSP........................................ Disabled
OCSP responder URL..........................
Secure Shell (ssh).......................... Enable
Telnet...................................... Disable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Unicast
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
IGMP Query Interval......................... 20 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Enabled
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
Apple Talk ................................. Disable
AP Fallback ................................ Enable
Web Auth Redirect Ports .................... 80
Web Auth Proxy Redirect  ................... Disable
Fast SSID Change ........................... Disabled
802.3 Bridging ............................. Disable
IP/MAC Addr Binding Check .................. Enabled

It seems like some problem with the local certificate but I tried to regenerate the webadmin certificate and it didn't change anything. Furthermore, I cannot reach the http:// version of the GUI administration site either. This could mean that the problem is somewhere else but I then have no idea where to look (on the router or the switch? some mac address not well changed somewhere?).

Do you have any idea what could caused this problem? Or any suggestion on how to debug it?

Thank you in advance for your time and help !

Labels:
0 Helpful
10 Replies 10

Leo Laohoo
Hall of Fame
Hall of Fame

‎07-26-2016 02:53 PM

What is the exact version is the WLC running on?

0 Helpful

association_rezal
Level 1
Level 1
In response to Leo Laohoo

‎07-27-2016 10:03 AM

The version indicated at the top of the boot sequence is the following :

Bootloader 7.0.235.3 (Sep  5 2012 - 21:53:31)

The exact model is :

Model AIR-WLC4402-50-K9

Thank you !

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to association_rezal

‎07-27-2016 03:32 PM

Post the complete output to the command "sh interface detail management". 

Kindly describe the switchport connecting the controller to the LAN.  Is the switchport configured as an access port or as an 802.1q Trunk?

0 Helpful

association_rezal
Level 1
Level 1
In response to Leo Laohoo

‎07-28-2016 04:25 PM

Here is the result :

Interface Name................................... management
MAC Address...................................... 00:18:b9:ea:0b:c7
IP Address....................................... 10.100.1.113
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 10.100.1.251
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. untagged  
Quarantine-vlan.................................. 0
Active Physical Port............................. LAG (29)
Primary Physical Port............................ LAG (29)
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 10.100.1.112
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
L2 Multicast..................................... Disabled

I don't really know how to answer your second question: i would say trunk but I'm not 100% sure. How can I check that? On the switch with the switchport configuration?

Thank you again :)

PS: sorry for the delay, I only have access at night to the controller.

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to association_rezal

‎07-28-2016 06:00 PM

VLAN............................................. untagged

There should be a valid VLAN number in there.  The VLAN should match the same VLAN with the subnet "10.100.1.0/24". 

Change this using the command "config interface vlan management <VLAN number>".

0 Helpful

association_rezal
Level 1
Level 1
In response to Leo Laohoo

‎07-29-2016 09:39 AM

Thanks!

I changed it and it now shows:

Interface Name................................... management
MAC Address...................................... 00:18:b9:ea:0b:c7
IP Address....................................... 10.100.1.113
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 10.100.1.251
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 100       
Quarantine-vlan.................................. 0
Active Physical Port............................. LAG (29)
Primary Physical Port............................ LAG (29)
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 10.100.1.112
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No
L2 Multicast..................................... Disabled

I rebooted the WLC but it didn't change anything. I still cannot access the administration interface.

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to association_rezal

‎07-29-2016 04:33 PM

Is the link from the switch to the controller a 802.1Q Trunk? 

0 Helpful

association_rezal
Level 1
Level 1
In response to Leo Laohoo

‎07-30-2016 04:05 AM

I think yes but I am not 100% sure.

0 Helpful

association_rezal
Level 1
Level 1
In response to Leo Laohoo

‎08-08-2016 10:35 AM

Any other thing that could help me?

Thank you again :)

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to association_rezal

‎08-08-2016 02:06 PM

Please upgrade the controller to version 7.0.252.0.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card