Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2161
Views
0
Helpful
6
Replies

Cisco Router C1111 - Embedded Wireless Controller

diogobranco
Level 1
Level 1

‎10-27-2023 12:03 PM

Hi, i have a cisco c1111-8p and i am trying to access the AP Controller from the Web Gui of the Cisco router,

diogobranco_0-1698433026355.png

i put the credentials to access the controller statistics but it stays in this infinite mode,

diogobranco_1-1698433140708.png

what i am missing here?

Note: i can access the ap controller via web mode and ssh mode 

Regards, Diogo.

1 person had this problem
Labels:
0 Helpful
6 Replies 6

Rich R
VIP
VIP

‎10-27-2023 04:17 PM

I have no idea how that is supposed to work but first make sure the router and EWC code are up to date - think 17.9.4a on both
Then check ACLs in case you have something blocking communication between the router and the AP.
And run packet captures and debug on both of them to try to work out how they're trying to communicate and why it isn't working.
Enabling network trace (F12 or CTRL+CHIFT+I) in your browser might also give you some clue as to what is happening.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

diogobranco
Level 1
Level 1

‎10-28-2023 07:17 AM

Hi, Rich this is a Wireless Embedded controller on the router it is the same equipment there is no acls between them, one strange thing that i see is this ip 192.168.1.5 on the show users command line,

diogobranco_0-1698502433970.png

That network does not exist, and appears to be the default network when the router is factory default

The version that i have in the cisco router is the latest 17.9.4a the embedded wireless controller is ISR-AP1100AC-ME-8-10-185-0.

 

Regards, Diogo.

 

0 Helpful

Rich R
VIP
VIP
In response to diogobranco

‎10-29-2023 06:02 AM - edited ‎10-29-2023 06:23 AM

Aha despite what the GUI calls it that is Mobility Express not EWC although technically Mobility Express is a type of EWC!
ME runs a cut down version of AireOS so your latest release is https://software.cisco.com/download/home/286315006/type/286289839/release/8.10.190.0

I haven't worked with that model specifically but the built-in AP usually has internal interfaces joining the router switch module to the AP so they are 2 separate units in 1 enclosure with a built-in connection.  They also usually have a console connection via a reverse telnet port which you can access with the hw-module session command and there may be a default vlan configured for direct IP access to the AP.  192.168.1.0/24 is the default subnet used by the ME on startup.

Check:
sh platform
show int desc
show ip int brief
show ip route
show arp
You're sure to find more info on the 192.168.1.5 in those.

So the GUI is quite possibly using one of those internal connections to connect to the ME AP.
If you do a "show tcp brief" while it's trying to connect you may see what source and destination IP and port it's trying to connect on.

So you might not have realised but there are interfaces between the router and AP and they could have ACLs on them - I was just suggesting to check them.  If it's using a VTY for that connection then the VTY ACL could come into play too.

You're accessing AP web and ssh from an external IP routed to the configured IP on the AP.  The router GUI will be connecting from a local router IP to the same or different destination IP on the AP.  Check that routing, ACLs (firewall if you have it configured), ARP etc are all working for that connection.

Some more info on the platform:
https://www.itnetworks.com.au/blog/cisco-isr-1100-internal-wap/
https://www.cisco.com/c/en/us/td/docs/routers/access/isr1100/software/configuration/xe-17/isr1100-sw-config-xe-17/configuring_wlan.html

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

diogobranco
Level 1
Level 1

‎11-12-2023 04:59 AM

Hi, this is a mystery to me, when i execute the command show tcp brief this is the output:

diogobranco_0-1699792773317.png

The address 192.168.1.6 and 1.5 does not exist in the network i have no vlan or interface with this range of ip address's.

My wireless lan interface as no ip address assign:

diogobranco_1-1699793006971.png

 

the configuration of that interface is this:

interface Wlan-GigabitEthernet0/1/8
switchport trunk native vlan 55
switchport trunk allowed vlan 15,25,40,55
switchport mode trunk

The Ap Embbeded controller as the address 192.168.55.10.

Maybe this some kind of bug or something that i cannot understand. 

Regards, Diogo.

0 Helpful

Rich R
VIP
VIP
In response to diogobranco

‎11-12-2023 06:54 AM

As I said these are INTERNAL interfaces - built into the IOS - to provide a direct connection between the router and the AP. They are probably in a separate VRF so should not interfere with your own standard routing table/network.
It is not a bug - it's the way Cisco designed the connection between router and AP.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful

diogobranco
Level 1
Level 1

‎11-16-2023 11:34 AM

ok Rich you are probably right with that assumption. if you notice from this screenshoot,

 

diogobranco_0-1700162691031.png

 

they are tell me to have the controller login prompt as "User"

I have execute the command hw-module session 0/3 endpoint 0, that drops to the prompt "User:" when i "click here" in the web gui page  it stays in this way,

diogobranco_1-1700163008612.png

 

and in the hw-module session return to the cisco router prompt.

 

diogobranco_2-1700163074377.png

the output of show users,

diogobranco_3-1700163168776.png

 

i have to execute clear line vty 1 to clear that user.

The output of show tcp brief,

diogobranco_4-1700163265915.png

 

 

 

   

0 Helpful
Review Cisco Networking for a $25 gift card
Top