Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
696
Views
0
Helpful
2
Replies

Cisco 3650 WLC - AP connected clien unable to SSH to WLC

Go to solution
desipes111
Level 1
Level 1

‎12-27-2017 01:10 PM - edited ‎03-08-2019 01:14 PM

This is my scenario.  I have Cisco WS-C3650-24PD set as a WLC.  I have AIR-CAP3702I-A-K9 connected with CAPWAP tunnel and online.  I have a client connected to AP and is able to receive IP address from DHCP server (3650).  Client is able to ping switch, AP, inside FW interface, and other hosts.  On the 3650 there are 3 SVI's and VLANs are tagged to Cisco ASA 5505.  I am able to SSH to switch from client when not connected to WLC AP.  For example, I can have an IP address of 192.168.1.x and I am able to SSH to all VLAN interfaces on the switch.  I can source the the SSH connection from the switch to any VLAN interface on the switch and FW and I am able to connect.  I use the "ip ssh source-interface Vlan xx" to test the connectivity.   My issue is that the Client is unable to SSH to any switch interface on 3650 when it is connected to the AP on the WLC with IP address on same subnet as AP and switch as its default GW.  Is this a CAPWAP tunnel restriction?  This is not a FW issue, the host never sends packet to FW and the rules are ANY ANY at this time.  Any help will be appreciated.

 

Here is the simple design.

FW
|
3650 (dhcp)
|(capwap)
|
AP
|
client

Labels:
Preview file
7 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
desipes111
Level 1
Level 1
In response to Dustin Anderson

‎12-27-2017 02:50 PM

Yes, thank you!  That was the nugget I needed.  The command you sent is correct if you are on a WLC.  I am on a 3650 configured as a WLC.  The command on the 3650 is below:

3650-1# conf t
3650-1(config)#wireless mgmt-via-wireless

 

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Dustin Anderson
VIP
VIP

‎12-27-2017 01:56 PM - edited ‎12-27-2017 01:59 PM

I have not played with a switch WLC, but a standalone has a setting that is off by default to allow management via wireless. I'm wondering if this is the same thing you are hitting.

 

CLI command I found.

config network mgmt-via-wireless enable

0 Helpful

Go to solution
desipes111
Level 1
Level 1
In response to Dustin Anderson

‎12-27-2017 02:50 PM

Yes, thank you!  That was the nugget I needed.  The command you sent is correct if you are on a WLC.  I am on a 3650 configured as a WLC.  The command on the 3650 is below:

3650-1# conf t
3650-1(config)#wireless mgmt-via-wireless

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card