- Also note https://www.cisco.com/c/en/us/support/docs/wireless/embedded-wireless-controller-on-catalyst-access-points/215303-embedded-wireless-controller-conversion.html#toc-hId--1773290237 , especially do not use SVI's and or let routing statements depend on them , 

 M.

I am using the IP Address directly on the ge0 Interface (no SVI). I just want to reach the EWC-AP Management IP via a router.

The only configuration I have changed after the wizzard is this:

interface GigabitEthernet0
  mac-address 0000.5e00.0101 <- default which cant be removed
  ip address 10.78.40.5 255.255.255.0

ip route 0.0.0.0 0.0.0.0 10.78.40.1

             >....  mac-address 0000.5e00.0101 <- default which cant be removed
 - A strange statement try from config mode : default int Gi0 , and configure it again according to your needs ,

 M.
 

After defaulting the interface it looks like this:

interface GigabitEthernet0
mac-address 0000.5e00.0101
no ip address
negotiation auto
!

Still doesnt work when I give it an IP

  - It seems that mac-address 0000.5e00.0101 is being used only in the config if VRRP is configured which is the only High Availability  method that the EWC(s) can support , you may try to config from scratch again , but don't use or setup VRRP anywhere in the menu's when you don't need it ,

 M.

Indeed the MAC seems to be related to VRRP. Also the log of the connected switch is spammed with DOS invalid IP Alerts from the VRRP announcements: VRF 0: DoS type invalid ip from 0.0.0.0/90:e9:5e:89:03:18 on port 1/1/1 <- Using the other MAC-Address.
But I did not configure any VRRP in the wizzard or afterwards. And the only VRRP command I found in he CLI reference Guide was this: wireless ewc-ap vrrp vrid <value>, which is not helpful.

I have now upgraded the controller to 17.6.5 (recommended) but still the same behaviour. I can not belive to say this, but this is my second full day of troubleshooting a network device which does not accept a default gateway!

                 >...second full day of troubleshooting a network device which does not accept a default gateway!
 - I would like to do some back tracking on this : meaning why don't you let the needed VLANS 'arrive on the EWC only' and do all of the needed  routing for them on the (backend) core (e.g.) ?

 M.

This is the plan, to bridge the WLAN clients in the respective VLAN and let the coreswitch do the routing. However, the EWC needs to be managed via a routed network and therefore needs a default gateway (we don't want to implement NAT at its location). Or what exactly do you mean by 'arrive on the EWC only'? Because I thought with the EWC only Flex port is supported and Data traffic cannot be tunneled to the EWC with CAPWAP?

The following configuration lines will be included in the configuration after a reboot, even if they are deleted and saved beforehand:

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0 250

interface GigabitEthernet0
  ip dhcp client client-id GigabitEthernet0
  ip dhcp client broadcast-flag clear

When I set up a DHCP server on the EWC for the AP with a default gateway, the EWC seems to use that defgw itself. It feels like the EWC is forwarding its traffic to the AP, but I really don't understand the behavior. Am I missing a something here or is there a functionallity active which I can disable?

                           >...the EWC needs to be managed via a routed network
                  For management access you may need to specify the management vrf in the routing statement too as in :
                                  ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 <gateway>

              >...When I set up a DHCP server on the EWC for the AP with a default gateway, the EWC seems to use that defgw itself.
  - That is something that I certainly would not do , doubt if that is even supported , use an external DHCP server for the APs with the needed parameters given upon DHCP offerings such as the default gateway. As a result disable DHCP on the EWC. For DHCP don't use Cisco equipment, preferably use the modern ways = using a DHCP appliance, 

 - Flex discussion is somewhat unrelated , client data is switched locally indeed  , then the APs on (remote) site need ports configured with trunk links for the WLAN/VLANS supported and or defined

 M.

> For management access you may need to specify the management vrf in the routing statement too as in ...

Can I find this part in the configuration guide or in any other sources? show vrf doesnt provide any output and additional VRF´s are not found neither on the GUI nor CLI.

> That is something that I certainly would not do... preferably use the modern ways = using a DHCP appliance,...

I dont want to use the integrated DHCP Server on the EWC this is just a behaviour I recognized while trying out different things. There will be a DHCP server for the APs running on the coreswitch.

> Flex discussion...

Yes, there will be a trunk port with native VLAN for mangament and tagged VLANs for client traffic at the end.

For now I just want to have the EWC configured with a static IP and working default gateway.