Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1655
Views
0
Helpful
7
Replies

Cannot Access CIMC web GUI or SSH via Management IP on 5520 WLC

heyheyhey123
Level 1
Level 1

‎07-30-2018 08:09 AM - edited ‎07-05-2021 08:54 AM

I am setting up a 5520 WLC for the first time, I have set the local credentials and can access this appliance via console.  However my credentials aren't working via SSH or WebGui?

 

Logs seem to show AAA-3-ACCTREQ_SEND_FAILED

I also cannot synch with my NTP servers and had to set the time manually.  

 

Anyone able to point me to how to enable SSH/Web?

 

(Cisco Controller) >show network summary

RF-Network Name............................. Default
DNS Server IP...............................
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Disable
Secure Web Mode RC4 Cipher Preference....... Disable
Secure Web Mode SSL Protocol................ Disable
OCSP........................................ Disabled
OCSP responder URL..........................
Secure Shell (ssh).......................... Enable
Secure Shell (ssh) Cipher-Option High....... Disable
Telnet...................................... Disable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
IPv4 AP Multicast/Broadcast Mode............ Multicast Address : 239.0.0.1
IPv6 AP Multicast/Broadcast Mode............ Multicast Address : ::
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
IGMP Query Interval......................... 20 seconds
MLD snooping................................ Disabled

--More-- or (q)uit
MLD timeout................................. 60 seconds
MLD query interval.......................... 20 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Disable
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
Mesh Backhaul RRM........................... Disable
AP Fallback ................................ Enable
Web Auth CMCC Support ...................... Disabled
Web Auth Redirect Ports .................... 80
Web Auth Proxy Redirect ................... Disable
Web Auth Captive-Bypass .................. Disable
Web Auth Secure Web ....................... Enable
Web Auth Secure Redirection ............... Disable
Fast SSID Change ........................... Disabled
AP Discovery - NAT IP Only ................. Enabled
IP/MAC Addr Binding Check .................. Enabled
Link Local Bridging Status ................. Disabled

Labels:
0 Helpful
7 Replies 7

Flavio Miranda
VIP
VIP

‎07-30-2018 10:31 AM

Hi Local credential should not be related with AAA. When you try to access via network either using SSH or HTTP/HTTPS, are you able enter your credential? If so, and should be, which is the "Priority Order > Management User" on the SECURITY tab? This should be LOCAL first and then RADIUS or TACACS after. -If I helped you somehow, please, rate it as useful.-
0 Helpful

heyheyhey123
Level 1
Level 1
In response to Flavio Miranda

‎07-30-2018 10:40 AM - edited ‎07-30-2018 10:42 AM

Flavio, 

 

I believe I had some mistakes made during the initial configuration.  I was trying to access the management IP through the redundant management port and ended up setting the ip mmb to the management IP.   

 

I did a factory restore and I am able to access the GUI via the 1.1.1.1 service IP I set for the the SP.

 

My next problem is that I cannot reach my Port 1 w/ a SFP to RJ45 get via management IP.   I see it is up in the and green on the dashboard and the switch shows its MAC address but it is not advertising its assigned IP via ARP.

 

I do not have LAG on and I have manually disabled port 2.

 

0 Helpful

Flavio Miranda
VIP
VIP
In response to heyheyhey123

‎07-30-2018 10:54 AM

Did you properly configured the AP address, mask and gateway ?  Can you ping the WLC from the switch or somewhere? 

 

 

 

 

-If I helped you somehow, please, rate it as useful.-

 

 

0 Helpful

heyheyhey123
Level 1
Level 1
In response to Flavio Miranda

‎07-30-2018 11:04 AM

I cannot ping the WLC from the network.   I have tried to directly ping the gateway from the CLI of the WLC and it will not reach it. 

 

I can ping the interface itself but not its gateway from the CLI of the WLC.

 

The SFP/RJ45 in Port1 of the WLC is connected into a management switch which shows it has Layer1/2.  I can see its connected and has a MAC but cannot ping it from that device or any other.

0 Helpful

heyheyhey123
Level 1
Level 1
In response to heyheyhey123

‎07-30-2018 11:26 AM

Super bonehead move, I had the switchport as access mode and it was tagging traffic from the controller.

 

Solved.

0 Helpful

Flavio Miranda
VIP
VIP
In response to heyheyhey123

‎07-30-2018 11:42 AM

Alright. Please, change to solved then.

 

 

 

 

 

-If I helped you somehow, please, rate it as useful.-

0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to heyheyhey123

‎07-31-2018 05:07 AM

Don't (anymore) use 1.1.1.1 as that IP is now used by cloudflare as a public DNS sever and some browsers (Chrome for example) block the access.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card