Re: SSH and HTTPS on a Controller Interface

london.ism · ‎01-10-2013

Hi

I have a wireless controller 5508 and all my interfaces can be accessed via https or ssh from a wireless client.

Management access from a wireless client is disabled so I don't understand why this is happening.

Does anyone know how to fix this?

Thanks

Elena

Scott Fella · ‎01-10-2013

Is management from dynamic interface also disabled? That has to issued from the CLI

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

london.ism · ‎01-10-2013

Hmmm...if it is not a gui option then probably not.

I'll have a go on the CLI.

Thanks

Scott Fella · ‎01-10-2013

No option on the GUI

config network mgmt-via-dynamic-interface enable|disable

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

london.ism · ‎01-10-2013

That didn't work I'm afraid. I have disabled the management via dynamic interface but it didn't do the trick.

The only way I can stop it is if I go to Management, under HTTP or Telnet-SSH in the GUI and disable it from there but then that cuts off the whole management access, including the service port.

Any other ideas?

Scott Fella · ‎01-10-2013

This only works of you are associated to an app on that WLC. If you are associated to an ap on WLC 1, you will be able access https or ssh to another WLC. This feature is only for the same WLC.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

london.ism · ‎01-10-2013

I only have one controller on my network.

Scott Fella · ‎01-10-2013

You need to open up a TAC case then. I don't have that issue in any of my WLC's or in any of my installs. TAC can tell you ifs a bug or maybe a setting that is wrong.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

london.ism · ‎01-10-2013

Do I need a support contract for that?

Scott Fella · ‎01-10-2013

Yes you do.

I usually always leave managment via wireless enabled, but that only allows access to the management ip appdress of the WLC, not access to a dynamic interface ip address. Again... I leave it enabled because I like to be able to access the WLC when I'm on a wireless device.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

George Stefanick · ‎01-10-2013

Good thread ..

I recently review this very topic. Although I didnt have a HTTPS issue, I had a SSH issue. ..

Read this document

http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a0080a7c988.shtml

Also note comment within the document about SSH

Remember that by design, even if management over wireless or dynamic interface is disabled, a device can still make an SSH connection to the controller. This is a CPU taxing task, and WLC limits the number of simultaneous sessions, and for how long using these parameters.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________