02-25-2016 12:17 PM - edited 07-05-2021 04:40 AM
Hello, i have dual 5508 installation in HA mode. I configured ip on management and service interfaces and connect them to the switch. RP port on controllers connected to each together. HA status is ok, i can access to the ssh but not to the web GUI on service port nor management. Please help what could be wrong?
Solved! Go to Solution.
02-26-2016 11:48 AM
Can you clarify this response:
+ No, i`m using gateway
The service port can only be accessed on the same subnet. It has no concept of a default gateway therefore any traffic you are trying to send to it from an outside subnet will never make it back.
I don't know the reasoning behind this and it's annoying to be sure, but that is definitely the case for that particular interface.
02-25-2016 12:38 PM
From https://supportforums.cisco.com/discussion/11859111/web-access-wlc-management
Are you able to access the WLC from wired network? Ar e you trying to access the WLC through telnet/SSH or GUI? In order to access the WLC you should use the managment interface of WLC.If you are trying to access this via GUI ensure that you have enabled the http server using "config network webmode enable" from the command prompt. Also you should be able to see the status of webmode and managment by wireless interface is enabled using "show network summary" command.
02-25-2016 10:50 PM
Hello! I`ve read this topic already but it`s not my case, cause i would like to manage via service port not wireless.
- Are you able to access the WLC from wired network?
+ Yes, only ssh
- Ar e you trying to access the WLC through telnet/SSH or GUI?
+ all of them, but works only ssh
- In order to access the WLC you should use the managment interface of WLC.If you are trying to access this via GUI ensure that you have enabled the http server using "config network webmode enable" from the command prompt.
+ did it already
- Also you should be able to see the status of webmode and managment by wireless interface is enabled using "show network summary" command.
RF-Network Name............................. RFBronka
Web Mode.................................... Enable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Disable
Secure Web Mode RC4 Cipher Preference....... Disable
OCSP........................................ Disabled
OCSP responder URL..........................
Secure Shell (ssh).......................... Enable
Telnet...................................... Disable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Unicast
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
IGMP Query Interval......................... 20 seconds
MLD snooping................................ Disabled
MLD timeout................................. 60 seconds
MLD query interval.......................... 20 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
--More-- or (q)uit
Cisco AP Default Master..................... Disable
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
AP Fallback ................................ Enable
Web Auth CMCC Support ...................... Disabled
Web Auth Redirect Ports .................... 80
Web Auth Proxy Redirect ................... Disable
Web Auth Captive-Bypass .................. Disable
Web Auth Secure Web ....................... Enable
Fast SSID Change ........................... Disabled
AP Discovery - NAT IP Only ................. Enabled
IP/MAC Addr Binding Check .................. Enabled
CCX-lite status ............................ Disable
oeap-600 dual-rlan-ports ................... Disable
oeap-600 local-network ..................... Enable
mDNS snooping............................... Disabled
mDNS Query Interval......................... 15 minutes
02-26-2016 01:03 AM
What exactly happens when you try to reach the WLC via the web GUI? Timeout? Connection refused?
Are you specifying https://<IP>; ?
Are you trying to ssh/http into the WLC on the same subnet as the service port? If not, I'd recommend tracing packets to see why the ssh connections are making it through but the http/https attempts are not.
02-26-2016 01:53 AM
Hello! I`m trying to acces service port IP http://X.X.X.X but it says connection time out. And in the same time i can access by ssh to this address
02-26-2016 09:17 AM
Specify https://<IP> instead of http://<IP>
02-26-2016 10:02 AM
Hello! Thanks for your advice with https but it didn`t get access. Now i see the message:
Unable to connect
Firefox can't establish a connection to the server at X.X.X.X
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer's network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.
02-26-2016 10:16 AM
Are you on the same network segment as the management or service port?
Do you have a CPU ACL setup on the WLC that would be restricting connections to it?
Do you have other ACL's or firewalls that could be blocking the traffic?
Assuming you are not on the same network segment and you can get in with ssh but not http/https I would recommend tracing the packets as you try to connect via http/https to see where the breakdown is.
02-26-2016 11:39 AM
- Are you on the same network segment as the management or service port?
+ No, i`m using gateway
- Do you have a CPU ACL setup on the WLC that would be restricting connections to it?
- Do you have other ACL's or firewalls that could be blocking the traffic?
+ No, No
- Assuming you are not on the same network segment and you can get in with ssh but not http/https I would recommend tracing the packets as you try to connect via http/https to see where the breakdown is.
+ Tracing is ok, there are no firewalls. I`m sure the problem is on the controller side. Are there some debugging methods?
02-26-2016 11:48 AM
Can you clarify this response:
+ No, i`m using gateway
The service port can only be accessed on the same subnet. It has no concept of a default gateway therefore any traffic you are trying to send to it from an outside subnet will never make it back.
I don't know the reasoning behind this and it's annoying to be sure, but that is definitely the case for that particular interface.
10-18-2019 11:55 AM
the service port is ONLY accessible from the same subnet
10-21-2019 01:35 PM
02-26-2016 12:51 AM
This is not the correct forum for this question, moving the thread
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide