Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
57433
Views
102
Helpful
32
Replies

CISCO 9800 wreless controller not getting the http or https access giving ERR_SSL_PROTOCOL_ERROR

Shrikant Gaikwad
Level 1
Level 1

‎11-23-2019 07:41 AM - edited ‎07-05-2021 11:20 AM

Hello Team, 

i am trying to deploy the two C9800-40-K9 controller in the network

1- Before connecting the both controller to the network

i had given one ip adress 10.91.225.80 ip  to the Gi0 of WLC1 and connected the cable between SP port and laptop with static ip address 10.91.225.82

2.from laptop i am able to take the https acess of the WLC1 , i upgraded the IOS for WLC1 to the 16.11.01 

3.same thing i did for the WLC2 upgraded the IOS and 10.91.225.81

4.during the configuration of WLC1 and WLC2 i used Gi0 as the wireless Managment interface

5. Then we connected the both the WLC1 and WLC2 to the network but during this time i didnt check the connectivity of the WLC from coreswitch

6. Both WLC RP Port is in L2 vlan 498

7.after rackmounting Both WLC by connecting to the SP to the laptop from the browser i configured the HA between two WLC , HA form properly , i did the failover test it was working properly

8. but when i try to connect from the different vlan2 or Vlan 50 from other switch ports i am not able to take the https access of both controller , i am getting ERR_SSL_PROTOCOL_ERROR in the browser

9. can i help me what may go worng ?

10.i have license file but i didnt uploaded them on any WLC?

11. as Gi0 is not pinging from other network i changed Gi0 ip to the interface vlan 50 and wireless mgmt to int vlan 50 but still i am not able to ping the int vlan 50 ip

 

can somebody help did we are doing something wrong

Now we are not able to ping the int vlan 50 from outside network 

we have given another int vlan 2 ip in WLC1 and this ip we are able to ping but when we try to take the browser with the interface vlan 2 of WLC i am getting the ERR_SSL_PROTOCOL_ERROR

attached is the diagram and attached is the error screenshot

 

Thanks all

Shrikant Gaikwad

8 people had this problem
Preview file
48 KB
Preview file
251 KB
0 Helpful
32 Replies 32

Scott Fella
Hall of Fame
Hall of Fame
In response to Colin Mans

‎02-15-2022 07:29 AM

You should test this out in the lab also.  Especially if you are using the same trustpoint.  This way you can have a conversation with the customer on the risk and the next steps.

-Scott
*** Please rate helpful posts ***

stefan.tabell
Level 1
Level 1

‎08-15-2022 01:34 AM

I had the same error and solved it by rebooting WLC. For me the WLC was still in the setup phase so no active clients to consider. 

0 Helpful

MauricioSantana23168
Level 1
Level 1

‎11-05-2022 04:34 PM

Try the following:

show run | inc crypto
>>> Find trustpoint named TP-Self-Signed-xxxxx


conf t
no crypto pki trustpoint TP-Self-Signed-xxxxxx
no ip http server
no ip http secure-server
ip http server
ip http secure-server
ip http authentication
end

 


conf t
!
ntp server 2.north-america.pool.ntp.org
ntp server 1.north-america.pool.ntp.org
ntp server 3.north-america.pool.ntp.org
!
!
clock timezone UTC -6
clock calendar-valid
!
crypto key generate rsa general-keys label RSACA modulus 2048
!
!
crypto pki server CA-WLAN
issuer-name cn=ca.wla.local
grant auto
no shutdown

Pass:<<password>>
REPass:<<password>>
!
!
crypto pki trustpoint TPEWLCCA
enrollment url http://<<ip_wlc>>:80
revocation-check none
subject-name cn=wlc.<<enterprise>>.net
rsakeypair RSACA
exit
!
!
crypto pki authenticate TPEWLCCA
yes
!
!
crypto pki enroll TPEWLCCA

Pass:R0u3#C1sc0
REPass:R0u3#C1sc0

no
no
yes
!

ip http secure-trustpoint TPEWLCCA

 

 

 

Example: 

 

 

Preview file
3 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card