cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
14754
Views
5
Helpful
5
Replies

5508 WLC config: can't access GUI on management int

mike-brooks
Level 1
Level 1

I've got a new 5508 wireless lan controller and can ping the ip address of the management interface, but can't access the GUI at the management interface's ip address.  I can access the GUI on the service-port interface.  No static routes in the controller; trunk appears to be set up correctly.

1 Accepted Solution

Accepted Solutions

Your service port interface should be on a completely different class of network as it should be configured as an "out-of-band" network; ie. you do not want the service port to be on a normally routed internal network.

For you example above

manament int

10.132.249.5/24

service-port int

10.132.120.15/24

You should place your service-port int on a separate class of network preferably (ie. 172.16.0.1 or 192.168.0.1, etc)

View solution in original post

5 Replies 5

daviwatk
Level 3
Level 3

Can you verify from the CLI that "web mode" or "secure web mode" is enabled?

(Cisco Controller) >show network summary

For example the output in my lab shows...

Web Mode.................................... Disable

Secure Web Mode............................. Enable

Secure Web Mode Cipher-Option High.......... Disable

Secure Web Mode Cipher-Option SSLv2......... Enable

Mgmt Via Wireless Interface................. Enable

HTTPS is enabled, HTTP is disabled (by default)

Are you accessing the GUI from a "Wireless" device or a wired client?  If using a wireless device, and looking at the same out put from above, do you see "Mgmt Via Wireless Interface" enabled?

Lastly, you mentioned you can access from your service port and do not have any static routes assigned.  Can you confirm whether or not your service port is on a different "supernet" than the management interface?  It is possible for the WLC to be confused about which interface to egress traffic when the service port is on the same supernet.  The config guide states that it must be on a different supernet.

(Cisco Controller) >show network summary

RF-Network Name............................. Steelton

Web Mode.................................... Enable

Secure Web Mode............................. Enable

Secure Web Mode Cipher-Option High.......... Disable

Secure Web Mode Cipher-Option SSLv2......... Enable

Secure Shell (ssh).......................... Enable

Telnet...................................... Enable

Ethernet Multicast Forwarding............... Disable

Ethernet Broadcast Forwarding............... Disable

AP Multicast/Broadcast Mode................. Unicast

IGMP snooping............................... Disabled

IGMP timeout................................ 60 seconds

User Idle Timeout........................... 300 seconds

ARP Idle Timeout............................ 300 seconds

Cisco AP Default Master..................... Disable

AP Join Priority............................ Disable

Mgmt Via Wireless Interface................. Disable

Mgmt Via Dynamic Interface.................. Disable

Bridge MAC filter Config.................... Enable

Bridge Security Mode........................ EAP

Mesh Full Sector DFS........................ Enable

--More-- or (q)uit

AP Fallback ................................ Enable

Web Auth Redirect Ports .................... 80

Fast SSID Change ........................... Disabled

IP/MAC Addr Binding Check .................. Enabled

(Cisco Controller) >

I'm accessing from wired client.  No APs at all on the controller yet.

manament int

10.132.249.5/24

service-port int

10.132.120.15/24

I saw that statement in the configuration guide about "supernet" - what does that mean?

Your service port interface should be on a completely different class of network as it should be configured as an "out-of-band" network; ie. you do not want the service port to be on a normally routed internal network.

For you example above

manament int

10.132.249.5/24

service-port int

10.132.120.15/24

You should place your service-port int on a separate class of network preferably (ie. 172.16.0.1 or 192.168.0.1, etc)

That was it - Thank you!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: