Re: Can't access WLC

hs08 · ‎04-26-2023

Hello,

Anyone know why i can't access to the WLC if i access the WLC from VLAN which the VLAN listed in controller interface?

On the pic we can see i have some VLAN and if i access from that VLAN , the WLC can't be accessed.

hs08 · ‎04-26-2023

Hello,

i'm not asking about AP can't connect to the WLC, but i asking why i can't open WLC management address via workstation if the workstation configured using one of existing VLAN in the controller.

Mark Elsen · ‎04-26-2023

- As these are dynamic vlans mapped to WLANS you probably need to enable management via wireless as explained in : https://www.cisco.com/c/en/us/td/docs/wireless/controller/7-4/configuration/guides/consolidated/b_cg74_CONSOLIDATED/b_cg74_CONSOLIDATED_chapter_010110000.pdf

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

hs08 · ‎04-26-2023

Hello,

management via wireless already enabled, but still can't access and icmp (ping) is reply

Mark Elsen · ‎04-26-2023

- What error do you get in the browser (presuming browser access is attempted) ?

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

hs08 · ‎04-27-2023

the error is "This site can't be reached"

Mark Elsen · ‎04-27-2023

>....the error is "This site can't be reached"
- Make sure you don't have any firewall in between blocking the particular access 2) Check the controller logs when this is attempted 3) Try with google chrome , press F12 , check what you see in the development pane when trying ,

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

Flavio Miranda · ‎04-27-2023

Hi

You can, but you need to enable it.

config network mgmt-via-dynamic-interface {enable | disable}

hs08 · ‎04-27-2023

Hello,

Already enabled on Management - Mgmt Via Wireless - Enabled Controller Management to be accessible from Wireless Client (ticked)

Flavio Miranda · ‎04-27-2023

Sorry dont follow you. Interface vlan on cisco wlc is called dynamic interface.

I undertood from your post that you are trying to http or ssh to the wlc on this interfaces and are not able to, correct?

The commamd I shared allow you to do that. It is not management interface, it is dynamic interface I am not saying management via wireless, it is something else.

Did you run the commamd? Did you try access after that?

hs08 · ‎04-27-2023

Hello,

i already enable mgmt-via-dynamic-interface but still can't access

Flavio Miranda · ‎04-28-2023

Then the problem is not on the WLC.

If you are trying to reach the WLC from a different network, make sure routing is ok. WLC is not a layer3 device but it is possible to add routes on it.

And devices along the way must be checked also.

You can provide the topology and device config for further support.

Mark Elsen · ‎04-28-2023

@Flavio Miranda >..Then the problem is not on the WLC.
Indeed another option to test port 443 (https) reachability is to use an nmap port scan as in :
% nmap -p443 --reason WLChostname

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

Rich R · ‎04-28-2023

Can you access the WLC from any other interface?
Do you have a CPU access list applied?

------------------------------
Please click Helpful if this post helped you and Accept as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
Field Notice: FN74383 APs Running 17.12.4/5/6/6a May Run Out of Flash Space Preventing Upgrades
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

Dustin Anderson · ‎04-28-2023

What is the DNS for the WLC, when you try to manage it via web, are you doing it by name, or IP. is HTTP to HTTPS redirect enabled, if not make sure the web is doing https as if you are trying IP it usually defaults to http.