05-24-2023 08:31 AM
We have a 5520 running 8.10.183.0. Noticed some odd gui access behavior. If the controller has an interface on a vlan, and I try to access the controller gui from a WIRED client on said vlan, it will time out. Yes the vlan has a route to the controller's management interface. It can ping the controller just fine. Wireshark shows TLS/HTTPS packets going back and forth as well. This isn't a routing/switching issue.
Is it somehow considering any client, wired or wireless, with an ip that matches one of it's non-management interface, a wireless client? I have "Enable management from wifi clients" on anyway, so even if it is, why isn't it working? I removed the interface in question from the controller and gui access started working immediately.
05-24-2023 08:37 AM
Hi
Try this command
config network mgmt-via-dynamic-interface enable
05-24-2023 08:46 AM
Interesting, cli only option. But ultimately that doesn't sound like what I need. Let's use some generic ip addresses for discussion
Managment addr (Let's call it interface A) = 10.1.1.1/24
Interface B = 10.2.1.1/24
If I am a wired client, for example 10.2.1.50, on the B subnet, I am unable to access the gui via A. I do not want to access the gui via B, which if I understand it right is what "config network mgmt-via-dynamic-interface enable " will accomplish. If I remove the B interface, the wired client can now get to A.
05-24-2023 09:02 AM - edited 05-24-2023 09:03 AM
The management interface is there for this. You should access the WLC from anywhere using the Management interface. The command I shared is for in case you need to access the WLC using a different interface on the WLC.
The problem you are describing is simply the lack of defautl gateway on the management interface. So, basically you need to have default gateway on the management interface and this gateway must be able to route everyone.
WLC does not have routing funcrtion as it is basically a Layer2 device.
05-24-2023 09:08 AM
There is a gateway on interface A / management already. If a wired client is on B, it can ping A just fine. To access the gui via https://A I have to delete interface B.
05-24-2023 09:15 AM
Then you may have CPU Access list on the WLC allowing only from destination. Cause dont make sense if you have routing does not access the gui
05-24-2023 09:17 AM - edited 05-24-2023 09:25 AM
No access lists to speak of. I know it doesn't make sense, that's why I'm confused.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide