Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
786
Views
0
Helpful
6
Replies

5520 - Management gui access issue

YC2
Level 1
Level 1

‎05-24-2023 08:31 AM

We have a 5520 running 8.10.183.0. Noticed some odd gui access behavior. If the controller has an interface on a vlan, and I try to access the controller gui from a WIRED client on said vlan, it will time out. Yes the vlan has a route to the controller's management interface. It can ping the controller just fine. Wireshark shows TLS/HTTPS packets going back and forth as well. This isn't a routing/switching issue.

 

Is it somehow considering any client, wired or wireless, with an ip that matches one of it's non-management interface, a wireless client? I have "Enable management from wifi clients" on anyway, so even if it is, why isn't it working? I removed the interface in question from the controller and gui access started working immediately. 

 

 

Labels:
0 Helpful
6 Replies 6

Flavio Miranda
VIP
VIP

‎05-24-2023 08:37 AM

Hi

  Try this command 

config network mgmt-via-dynamic-interface enable 

0 Helpful

YC2
Level 1
Level 1
In response to Flavio Miranda

‎05-24-2023 08:46 AM

Interesting, cli only option. But ultimately that doesn't sound like what I need. Let's use some generic ip addresses for discussion

Managment addr (Let's call it interface A) = 10.1.1.1/24

Interface B = 10.2.1.1/24

If I am a wired client, for example 10.2.1.50, on the B subnet, I am unable to access the gui via A. I do not want to access the gui via B, which if I understand it right is what "config network mgmt-via-dynamic-interface enable " will accomplish. If I remove the B interface, the wired client can now get to A.

 

0 Helpful

Flavio Miranda
VIP
VIP
In response to YC2

‎05-24-2023 09:02 AM - edited ‎05-24-2023 09:03 AM

The management interface is there for this. You should access the WLC from anywhere using the Management interface. The command I shared is for in case you need to access the WLC using a different interface on the WLC. 

 The problem you are describing is simply  the lack of defautl gateway on the management interface.  So, basically you need to have default gateway on the management interface and this gateway must be able to route everyone. 

 WLC does not have routing funcrtion as it is basically a Layer2 device.

0 Helpful

YC2
Level 1
Level 1
In response to Flavio Miranda

‎05-24-2023 09:08 AM

There is a gateway on interface A / management already. If a wired client is on B, it can ping A just fine. To access the gui via https://A I have to delete interface B.

0 Helpful

Flavio Miranda
VIP
VIP
In response to YC2

‎05-24-2023 09:15 AM

Then you may have CPU Access list on the WLC allowing only from destination. Cause dont make sense if you have routing does not access the gui

0 Helpful

YC2
Level 1
Level 1
In response to Flavio Miranda

‎05-24-2023 09:17 AM - edited ‎05-24-2023 09:25 AM

No access lists to speak of. I know it doesn't make sense, that's why I'm confused.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card