Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
772
Views
0
Helpful
4
Replies

Can't access management interface - WLC 4402

Go to solution
raresz
Level 1
Level 1

‎03-01-2021 11:59 AM - edited ‎07-05-2021 01:18 PM

Hi, I'm learning for CCNA exam on real hardware so i just started playing with WLC. I have encountered general problem which doesn't let me go forward. Maybe problem is actually i have this what i have so i have to work on this what i have
But to the point:

I have topology in shortcut like that: my Cisco ASA has role of edge router where is connected 3 vlans: (inside, outside, and dmz). For now only does matter inside vlan so there is a subnet 192.168.1.0/24. In this subnet i have laptop. In same subnet i have also router R1(.1.254) which is straight connected with SFP to WLC(i had no other choice). So on the other side of R1 where sits WLC, there is a subnet : 192.168.3.0/24
- .3.1 is R1 interface
- .3.2 is AP-manager
- .3.3 is management interface.

 

I have also service port connected to inside vlan(192.168.1.250)

 

So, what works and what doesn't:
- Service port works well full connectivity

- SFP connection works ok(so no problem with physical and datalink layer)

- AP-manager i can ping from laptop(.1.0/24 subnet) but can't access via ssh/http(maybe that's normal but that's not my case)

- Management interface(!!!!) - This i can't ping/access from my laptop but R1 can ping it so obviously port has to be in up state but no idea why can't access it from laptop - sure i'm not gonna access GUI from cisco router that everybody knows.

 

I tried it in both ways: with VLAN tagged and untagged. I tried to access it when it was VLAN20 and i did ROAS - ap-manager works but management interface not. Same situation when everything sits on same subnet.

 

There is factory default settings on WLC only with initial configuration from a prompt - nothing more(no acls and others)

I thought first that's routing issue but if i can ping .3.2 and can't .3.3 then i think that's not that.

 

I plugged also AP for a test it get's IP from .1.0/24 subnet. I'm just starting so also a bit on off-topic please tell me if that topology just gonna work for learning?(at least until i get some L3 switch - i just prefer don't wait)

 

I put there also topology on a paper in attachment.

Sorry for snake_track_explaination but even for me it's difficult to get together in my mind
Please help

 

Labels:
Preview file
4138 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
raresz
Level 1
Level 1

‎03-03-2021 12:12 PM

Ok. Solved. (sorry but can't find anywhere solved button). 

I just had some short documentation at first time where was statement : "don't put service port with any other wired clients in same vlan/subnet" so i just didn't take care of that. Other documentation said : "don't put service port with any other wired clients in same vlan/subnet - otherwise you will have no access to management interface"

 

So i have putted it in separate VLAN in my Cisco ASA. Now i can't access service port and for now i don't even want to know why - but i can now access to management interface. So i can continue my education. Thanks everyone

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Rasika Nayanajith
VIP
VIP

‎03-01-2021 02:05 PM

Have you configured R1 interface to WLC as sub-interfaces with appropriate vlan tags (like router on a stick) ?

 

Rasika

0 Helpful

Go to solution
raresz
Level 1
Level 1
In response to Rasika Nayanajith

‎03-01-2021 09:19 PM

Hi. Yes. Like i mentioned i configured ROAS setup there with subinterfaces.

 

But...problem occurs even with not tagged trafic - present configuration. And i can access AP-manager with ICMP but not management interface so i would say it's not about routing. If no ideas before - i will try other version of that IOS when i come back from work.

0 Helpful

Go to solution
patoberli
VIP Alumni
VIP Alumni
In response to raresz

‎03-03-2021 01:56 AM

Please note, some interfaces are not allowed to be in the same network as other interfaces. Some more info:

https://www.cisco.com/c/en/us/td/docs/wireless/controller/6-0/configuration/guide/Controller60CG/c60mint.html

 

If you're connected via serial, can you output the command: show interface detailed management

0 Helpful

Go to solution
raresz
Level 1
Level 1

‎03-03-2021 12:12 PM

Ok. Solved. (sorry but can't find anywhere solved button). 

I just had some short documentation at first time where was statement : "don't put service port with any other wired clients in same vlan/subnet" so i just didn't take care of that. Other documentation said : "don't put service port with any other wired clients in same vlan/subnet - otherwise you will have no access to management interface"

 

So i have putted it in separate VLAN in my Cisco ASA. Now i can't access service port and for now i don't even want to know why - but i can now access to management interface. So i can continue my education. Thanks everyone

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card