Showing results for 
Search instead for 
Did you mean: 

Popup Hotspot Using ISR 1000 with WiFi/LTE for Teleworkers and Micro Branchesr

Ask Me Anything – How to Enable Network Connectivity to Remote Workers

5508 Wireless LAN Controller ( GUI becomes inaccessible on Management Interface IP address via HTTPS





In this document Cisco TAC engineer "Siddharth Vij" has explained about GUI of a 5508 controller running software version became inaccessible via HTTPS using the Management Interface IP address. The GUI of the controller was still accessible via HTTP but not HTTPS.



After upgrading the license count on the 5508 controller from 25 to 50 AP's, the upgrade was completed and the controller rebooted and came up fine. The GUI of the controller was no longer accessible for management via HTTPS.



Tried manually starting the HTTPS service from CLI of the controller and rebooted the controller, however this did not resolved the issue.


Took NMAP port captures on the controller and found that the HTTPS page was closed.


sh-3.2# nmap -sS -vv -n 16x.1x2.x7.1xx


Starting Nmap 5.35DC1 (  ) at 201x-06-x6 11:x6 CDT
Initiating Ping Scan at 11:56
Scanning 16x.1x2.x7.1xx [4 ports]

Completed Ping Scan at 11:56, 0.01s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 11:56
Scanning 16x.1x2.x7.1xx [1000 ports]

Discovered open port 80/tcp on 16x.1x2.x7.1xx

Discovered open port 22/tcp on 16x.1x2.x7.1xx

Discovered open port 16113/tcp on 16x.1x2.x7.1xx

Completed SYN Stealth Scan at 11:56, 4.86s elapsed (1000 total ports)
Nmap scan report for 16x.1x2.x7.1xx

Host is up (0.00075s latency).
Scanned at 201x-06-x6 11:x6 CDT for 5s

Not shown: 994 filtered ports
22/tcp    open   ssh
23/tcp    closed telnet
80/tcp    open   http
443/tcp   closed https
1000/tcp  closed cadlock
16113/tcp open   unknown


Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 4.94 seconds
           Raw packets sent: 1999 (87.932KB) | Rcvd: 8 (320B)


From console of the controller rebooted the controller and found the following message while the controller was booting up:


Starting Management Services:
   Web Server:    CLI: ok
   Secure Web: Web Authentication Certificate not found (error). If you cannot access management interface via HTTPS please reconfigure Virtual Interface.
   License Agent: ok


Checked the Virtual Interface of the controller and it was configured with an Ip address "172.16.x.x" (RFC 1918) instead of the address, which the user informed me was configured on the controller earlier.


Changed the IP address of the Virtual Interface back to and this resolved the issue.


More Information

Virtual Interface


The virtual interface is used to support mobility management, Dynamic Host Configuration Protocol (DHCP) relay, and embedded Layer 3 security such as guest web authentication. It also maintains the DNS gateway host name used by Layer 3 security and mobility managers to verify the source of certificates when Layer 3 web authorization is enabled.


Specifically, the virtual interface plays these two primary roles:

•Acts as the DHCP server placeholder for wireless clients that obtain their IP address from a DHCP server.

•Serves as the redirect address for the web authentication login page.


Note          See Chapter 5 for additional information on web authentication.

The virtual interface IP address is used only in communications between the controller and wireless clients. It never appears as the source or destination address of a packet that goes out a distribution system port and onto the switched network. For the system to operate correctly, the virtual interface IP address must be set (it cannot be, and no other device on the network can have the same address as the virtual interface. Therefore, the virtual interface must be configured with an unassigned and unused gateway IP address, such as The virtual interface IP address is not pingable and should not exist in any routing table in your network. In addition, the virtual interface cannot be mapped to a backup port.


Related Information

Troubleshooting Web Authentication on a Wireless LAN Controller (WLC)

Wireless LAN Controller (WLC) FAQ

Cisco Wireless LAN Controller Configuration Guide - Configuring Ports and Interfaces

External Web Authentication with Wireless LAN Controllers Configuration Example


Great help! 

It happened the same to me in a virtual WLC.

Thanks for the info.

Great! Thanks for share this information.

CreatePlease to create content
Content for Community-Ad

Cisco COVID-19 Survey