08-31-2011 10:56 AM - edited 07-03-2021 08:39 PM
I've got a new 5508 wireless lan controller and can ping the ip address of the management interface, but can't access the GUI at the management interface's ip address. I can access the GUI on the service-port interface. No static routes in the controller; trunk appears to be set up correctly.
Solved! Go to Solution.
08-31-2011 11:24 AM
Your service port interface should be on a completely different class of network as it should be configured as an "out-of-band" network; ie. you do not want the service port to be on a normally routed internal network.
For you example above
manament int
10.132.249.5/24
service-port int
10.132.120.15/24
You should place your service-port int on a separate class of network preferably (ie. 172.16.0.1 or 192.168.0.1, etc)
08-31-2011 11:12 AM
Can you verify from the CLI that "web mode" or "secure web mode" is enabled?
(Cisco Controller) >show network summary
For example the output in my lab shows...
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Enable
Mgmt Via Wireless Interface................. Enable
HTTPS is enabled, HTTP is disabled (by default)
Are you accessing the GUI from a "Wireless" device or a wired client? If using a wireless device, and looking at the same out put from above, do you see "Mgmt Via Wireless Interface" enabled?
Lastly, you mentioned you can access from your service port and do not have any static routes assigned. Can you confirm whether or not your service port is on a different "supernet" than the management interface? It is possible for the WLC to be confused about which interface to egress traffic when the service port is on the same supernet. The config guide states that it must be on a different supernet.
08-31-2011 11:15 AM
(Cisco Controller) >show network summary
RF-Network Name............................. Steelton
Web Mode.................................... Enable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Enable
Secure Shell (ssh).......................... Enable
Telnet...................................... Enable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Unicast
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Disable
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
--More-- or (q)uit
AP Fallback ................................ Enable
Web Auth Redirect Ports .................... 80
Fast SSID Change ........................... Disabled
IP/MAC Addr Binding Check .................. Enabled
(Cisco Controller) >
08-31-2011 11:18 AM
I'm accessing from wired client. No APs at all on the controller yet.
manament int
10.132.249.5/24
service-port int
10.132.120.15/24
I saw that statement in the configuration guide about "supernet" - what does that mean?
08-31-2011 11:24 AM
Your service port interface should be on a completely different class of network as it should be configured as an "out-of-band" network; ie. you do not want the service port to be on a normally routed internal network.
For you example above
manament int
10.132.249.5/24
service-port int
10.132.120.15/24
You should place your service-port int on a separate class of network preferably (ie. 172.16.0.1 or 192.168.0.1, etc)
08-31-2011 11:40 AM
That was it - Thank you!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: