In this document Cisco TAC engineer "Siddharth Vij" has explained about GUI of a 5508 controller running software version 18.104.22.168 became inaccessible via HTTPS using the Management Interface IP address. The GUI of the controller was still accessible via HTTP but not HTTPS.
After upgrading the license count on the 5508 controller from 25 to 50 AP's, the upgrade was completed and the controller rebooted and came up fine. The GUI of the controller was no longer accessible for management via HTTPS.
Tried manually starting the HTTPS service from CLI of the controller and rebooted the controller, however this did not resolved the issue.
Took NMAP port captures on the controller and found that the HTTPS page was closed.
sh-3.2# nmap -sS -vv -n 16x.1x2.x7.1xx
Starting Nmap 5.35DC1 ( http://nmap.org ) at 201x-06-x6 11:x6 CDT Initiating Ping Scan at 11:56 Scanning 16x.1x2.x7.1xx[4 ports]
Completed Ping Scan at 11:56, 0.01s elapsed (1 total hosts) Initiating SYN Stealth Scan at 11:56 Scanning 16x.1x2.x7.1xx [1000 ports]
Discovered open port 80/tcp on 16x.1x2.x7.1xx
Discovered open port 22/tcp on 16x.1x2.x7.1xx
Discovered open port 16113/tcp on 16x.1x2.x7.1xx
Completed SYN Stealth Scan at 11:56, 4.86s elapsed (1000 total ports) Nmap scan report for 16x.1x2.x7.1xx
Host is up (0.00075s latency). Scanned at 201x-06-x6 11:x6 CDT for 5s
Not shown: 994 filtered ports PORT STATE SERVICE 22/tcp open ssh 23/tcp closed telnet 80/tcp open http 443/tcp closed https 1000/tcp closed cadlock 16113/tcp open unknown
Read data files from: /usr/share/nmap Nmap done: 1 IP address (1 host up) scanned in 4.94 seconds Raw packets sent: 1999 (87.932KB) | Rcvd: 8 (320B) sh-3.2#
From console of the controller rebooted the controller and found the following message while the controller was booting up:
Starting Management Services: Web Server: CLI: ok Secure Web: Web Authentication Certificate not found (error). If you cannot access management interface via HTTPS please reconfigure Virtual Interface. License Agent: ok
Checked the Virtual Interface of the controller and it was configured with an Ip address "172.16.x.x" (RFC 1918) instead of the 22.214.171.124 address, which the user informed me was configured on the controller earlier.
Changed the IP address of the Virtual Interface back to 126.96.36.199 and this resolved the issue.
The virtual interface is used to support mobility management, Dynamic Host Configuration Protocol (DHCP) relay, and embedded Layer 3 security such as guest web authentication. It also maintains the DNS gateway host name used by Layer 3 security and mobility managers to verify the source of certificates when Layer 3 web authorization is enabled.
Specifically, the virtual interface plays these two primary roles:
•Acts as the DHCP server placeholder for wireless clients that obtain their IP address from a DHCP server.
•Serves as the redirect address for the web authentication login page.
Note See Chapter 5 for additional information on web authentication.
The virtual interface IP address is used only in communications between the controller and wireless clients. It never appears as the source or destination address of a packet that goes out a distribution system port and onto the switched network. For the system to operate correctly, the virtual interface IP address must be set (it cannot be 0.0.0.0), and no other device on the network can have the same address as the virtual interface. Therefore, the virtual interface must be configured with an unassigned and unused gateway IP address, such as 188.8.131.52. The virtual interface IP address is not pingable and should not exist in any routing table in your network. In addition, the virtual interface cannot be mapped to a backup port.
So I have been given one of these after a store upgrade that I've been working on, Im quite IT literate and I can console into devices but without guidance this is where my knowledge stops, I want to use this AP for home use, when I plug it in, I get a co...
I have new 1830 with Mobility Express ver 8.10.121 installed CABLINGPC > POE Adapter (no switch) > AP1830all using straight ethernet cablePC Ethernet IP: 192.168.1.101AP IP: 192.168.1.201 PROBLEMS:1. After configuration, no SSID appe...
Guys, I am getting Error extracting webauth files while uploading Custom Webauth tar file. i have used 7zip to make tar and my box is 5520 running on 184.108.40.206 When i checked the log, i can see below lines. **********************...
Hello,there was another posting which explained the 802.11ac Current Rate Field in detail.Unfortunately this doesn't aply on 11n rates.I can see something like m7b2, m6-2, m5t2 on aironet 2700i ap.I think the first digit is the mcs index and the last show...
i have a query on Local Automatic Channel assignment And Leader automatic channel assignment, there is channel update interval 24hours and 600 seconds respectively. what is difference between two and how it will impact our environment. Note: wl...