cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
19695
Views
10
Helpful
8
Replies

web access to WLC Management

sjuneau
Level 1
Level 1

Good Day,

     I would like to connect to Cisco's management WLC via wireless. There is a security feature that allows you to ENABLE or  DISABLE WLC management via wireless. I have enabled controller management to be accessible from wireless clients in the GUI and saved config.

Now what IP address should I enter?  The network for users is 192.168.1.0/24 and the network for the WLC and the APs is 192.168.2.0/24. The WLC 192.168.2.5.

I've tried this last IP address, but does not work from 192.168.1.x. What I am doing wrong?

Thank you for your help

8 Replies 8

kcnajaf
Level 7
Level 7

Hi,

Are you able to access the WLC from wired network? Ar e you trying to access the WLC through telnet/SSH or GUI? In order to access the WLC you should use the managment interface of WLC.If you are trying to access this via GUI ensure that you have enabled the http server using "config network webmode enable" from the command prompt. Also you should be able to see the status of webmode and managment by wireless interface is enabled using "show network summary" command.

Hope that helps.

Regards

Najaf

Please rate when applicable or helpful !!!


Good morning,

Thank you for taking the time to respond.

In response to your questions:

"Are you able to access the WLC from wired network?"  Yes, I need to put a machine (laptop or desktop) on the mangement network, 192.168.  2   .X /24 in my case, to access GUI, ssh. I can, of course access it via the console port.

"Are you trying to access the WLC through telnet/SSH or GUI?" All of them, but GUI and ssh is preferred.

"In order to access the WLC you should use the managment interface of  WLC.If you are trying to access this via GUI ensure that you have  enabled the http server using "config network webmode enable""

in

http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a008064a991.shtml

http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a008064a991.shtml

it says:

"When enabled, the Management via Wireless       feature allows a wireless client to reach or manage only the WLC to which its       associated access point is registered."

My question is: How do you do that and what IP address should be used?

This is a 2504 WLC. There is no service port on this equipment like, for example, the WLC 5505. I have a 5505 and I use that service port, in an out-of-band network. I want to access  the management GUI via the client wireless network. In the GUI, I enabled the controller management to be accessible from wireless clients. Do I need to go in the CLI as well? I Thought, once done in the GUI, which I did, you don't need to do it in the CLI. I will check if necessary.

How do you get the GUI from a 192.168.1.X machine to connect to the WLC that is on a different network, in my case 192.168.2.0/24 (not .1 network)? As you probaply know, the APs and the WLC are not on the same network as the clients and traffic is "tunnelled" through that network.

Thank you

Hi,

You seems to confuse me :-)

My question is: How do you do that and what IP address should be used?

On 2504 WLC you should be able to access (GUI/SSH/Telnet) the WLC using the ip address assigned to the Managment managment interface for in band managment. You will not be able to use any other interfaces for inband managment.

Do I need to go in the CLI as well?

No... you dont need to configure this on both. As long as you have done this on GUI that is fine.

How do you get the GUI from a 192.168.1.X

My assumption was you should have already setup this routing before implementing the wireless network. This routing has be to done by a L3 device and wireless network has nothing to do with this routing. Ensure that where ever you have defined the gateway address for both network (192.168.1.x and 192.168.2.x) you have routing enabled on this.

By the by when your laptop connect to wireless network you are able to access other network or you have trouble in accessing only the WLC? Or nothing else is accessible?

Hope that helps.

Regards

Najaf

Please rate when applicable or helpful !!!

good evening,

Thank you for your reply. I did not configure the management to be routed on the routeur. I have to route the management network? That is not secure, is it? I tought the idea to put the WLC and APs on a different subnet was, in part, to secure these equipments from the users. May be you know more about it, should I do that?

Thank you

I guess I could add an access-list with on IP address from the public network to access the management subnet. what do you think?

sjuneau
Level 1
Level 1

Good Day,

I just wanted to add some information concerning this, as an answer. the IP address is the IP address on the WLC-AP subnet 192.168.2.5 in my case. but you need to route traffic between the public subnet and the WLC-AP subnet to get this to work. There is no other way. An access-list can protect somehow.

sjuneau
Level 1
Level 1

QED

Abhishek Abhishek
Cisco Employee
Cisco Employee

Hello,

As per your query i can suggest you the following solution-

This is the list of options available to access the WLC:

  • GUI access with HTTP or HTTPS
  • CLI access with Telnet, SSH, or console access
  • Access through service port

For more information on how to enable these modes, refer to the Using the Web-Browser and CLI Interfaces section of the document Cisco Wireless LAN Controller Configuration Guide, Release 5.1. Usually, the management interface IP address is used for GUI and CLI access. Wireless clients can access the WLC only when the option Enable Controller Management to be accessible from Wireless Clients is checked. In order to enable this option, click the Management menu of the WLC, and click Mgmt via Wireless on the left-hand side. WLC can also be accessed with one of its dynamic interface IP addresses. Use the config network mgmt-via-dynamic-interface command to enable this feature. Wired computers can have only CLI access with the dynamic interface of the WLC. Wireless clients have both CLI and GUI access with the dynamic interface.

Hope this will help you.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: