03-01-2021 11:59 AM - edited 07-05-2021 01:18 PM
Hi, I'm learning for CCNA exam on real hardware so i just started playing with WLC. I have encountered general problem which doesn't let me go forward. Maybe problem is actually i have this what i have so i have to work on this what i have
But to the point:
I have topology in shortcut like that: my Cisco ASA has role of edge router where is connected 3 vlans: (inside, outside, and dmz). For now only does matter inside vlan so there is a subnet 192.168.1.0/24. In this subnet i have laptop. In same subnet i have also router R1(.1.254) which is straight connected with SFP to WLC(i had no other choice). So on the other side of R1 where sits WLC, there is a subnet : 192.168.3.0/24
- .3.1 is R1 interface
- .3.2 is AP-manager
- .3.3 is management interface.
I have also service port connected to inside vlan(192.168.1.250)
So, what works and what doesn't:
- Service port works well full connectivity
- SFP connection works ok(so no problem with physical and datalink layer)
- AP-manager i can ping from laptop(.1.0/24 subnet) but can't access via ssh/http(maybe that's normal but that's not my case)
- Management interface(!!!!) - This i can't ping/access from my laptop but R1 can ping it so obviously port has to be in up state but no idea why can't access it from laptop - sure i'm not gonna access GUI from cisco router that everybody knows.
I tried it in both ways: with VLAN tagged and untagged. I tried to access it when it was VLAN20 and i did ROAS - ap-manager works but management interface not. Same situation when everything sits on same subnet.
There is factory default settings on WLC only with initial configuration from a prompt - nothing more(no acls and others)
I thought first that's routing issue but if i can ping .3.2 and can't .3.3 then i think that's not that.
I plugged also AP for a test it get's IP from .1.0/24 subnet. I'm just starting so also a bit on off-topic please tell me if that topology just gonna work for learning?(at least until i get some L3 switch - i just prefer don't wait)
I put there also topology on a paper in attachment.
Sorry for snake_track_explaination but even for me it's difficult to get together in my mind
Please help
Solved! Go to Solution.
03-03-2021 12:12 PM
Ok. Solved. (sorry but can't find anywhere solved button).
I just had some short documentation at first time where was statement : "don't put service port with any other wired clients in same vlan/subnet" so i just didn't take care of that. Other documentation said : "don't put service port with any other wired clients in same vlan/subnet - otherwise you will have no access to management interface"
So i have putted it in separate VLAN in my Cisco ASA. Now i can't access service port and for now i don't even want to know why - but i can now access to management interface. So i can continue my education. Thanks everyone
03-01-2021 02:05 PM
Have you configured R1 interface to WLC as sub-interfaces with appropriate vlan tags (like router on a stick) ?
Rasika
03-01-2021 09:19 PM
Hi. Yes. Like i mentioned i configured ROAS setup there with subinterfaces.
But...problem occurs even with not tagged trafic - present configuration. And i can access AP-manager with ICMP but not management interface so i would say it's not about routing. If no ideas before - i will try other version of that IOS when i come back from work.
03-03-2021 01:56 AM
Please note, some interfaces are not allowed to be in the same network as other interfaces. Some more info:
If you're connected via serial, can you output the command: show interface detailed management
03-03-2021 12:12 PM
Ok. Solved. (sorry but can't find anywhere solved button).
I just had some short documentation at first time where was statement : "don't put service port with any other wired clients in same vlan/subnet" so i just didn't take care of that. Other documentation said : "don't put service port with any other wired clients in same vlan/subnet - otherwise you will have no access to management interface"
So i have putted it in separate VLAN in my Cisco ASA. Now i can't access service port and for now i don't even want to know why - but i can now access to management interface. So i can continue my education. Thanks everyone
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide