10-27-2023 12:03 PM
Hi, i have a cisco c1111-8p and i am trying to access the AP Controller from the Web Gui of the Cisco router,
i put the credentials to access the controller statistics but it stays in this infinite mode,
what i am missing here?
Note: i can access the ap controller via web mode and ssh mode
Regards, Diogo.
10-27-2023 04:17 PM
I have no idea how that is supposed to work but first make sure the router and EWC code are up to date - think 17.9.4a on both
Then check ACLs in case you have something blocking communication between the router and the AP.
And run packet captures and debug on both of them to try to work out how they're trying to communicate and why it isn't working.
Enabling network trace (F12 or CTRL+CHIFT+I) in your browser might also give you some clue as to what is happening.
10-28-2023 07:17 AM
Hi, Rich this is a Wireless Embedded controller on the router it is the same equipment there is no acls between them, one strange thing that i see is this ip 192.168.1.5 on the show users command line,
That network does not exist, and appears to be the default network when the router is factory default
The version that i have in the cisco router is the latest 17.9.4a the embedded wireless controller is ISR-AP1100AC-ME-8-10-185-0.
Regards, Diogo.
10-29-2023 06:02 AM - edited 10-29-2023 06:23 AM
Aha despite what the GUI calls it that is Mobility Express not EWC although technically Mobility Express is a type of EWC!
ME runs a cut down version of AireOS so your latest release is https://software.cisco.com/download/home/286315006/type/286289839/release/8.10.190.0
I haven't worked with that model specifically but the built-in AP usually has internal interfaces joining the router switch module to the AP so they are 2 separate units in 1 enclosure with a built-in connection. They also usually have a console connection via a reverse telnet port which you can access with the hw-module session command and there may be a default vlan configured for direct IP access to the AP. 192.168.1.0/24 is the default subnet used by the ME on startup.
Check:
sh platform
show int desc
show ip int brief
show ip route
show arp
You're sure to find more info on the 192.168.1.5 in those.
So the GUI is quite possibly using one of those internal connections to connect to the ME AP.
If you do a "show tcp brief" while it's trying to connect you may see what source and destination IP and port it's trying to connect on.
So you might not have realised but there are interfaces between the router and AP and they could have ACLs on them - I was just suggesting to check them. If it's using a VTY for that connection then the VTY ACL could come into play too.
You're accessing AP web and ssh from an external IP routed to the configured IP on the AP. The router GUI will be connecting from a local router IP to the same or different destination IP on the AP. Check that routing, ACLs (firewall if you have it configured), ARP etc are all working for that connection.
Some more info on the platform:
https://www.itnetworks.com.au/blog/cisco-isr-1100-internal-wap/
https://www.cisco.com/c/en/us/td/docs/routers/access/isr1100/software/configuration/xe-17/isr1100-sw-config-xe-17/configuring_wlan.html
11-12-2023 04:59 AM
Hi, this is a mystery to me, when i execute the command show tcp brief this is the output:
The address 192.168.1.6 and 1.5 does not exist in the network i have no vlan or interface with this range of ip address's.
My wireless lan interface as no ip address assign:
the configuration of that interface is this:
interface Wlan-GigabitEthernet0/1/8
switchport trunk native vlan 55
switchport trunk allowed vlan 15,25,40,55
switchport mode trunk
The Ap Embbeded controller as the address 192.168.55.10.
Maybe this some kind of bug or something that i cannot understand.
Regards, Diogo.
11-12-2023 06:54 AM
As I said these are INTERNAL interfaces - built into the IOS - to provide a direct connection between the router and the AP. They are probably in a separate VRF so should not interfere with your own standard routing table/network.
It is not a bug - it's the way Cisco designed the connection between router and AP.
11-16-2023 11:34 AM
ok Rich you are probably right with that assumption. if you notice from this screenshoot,
they are tell me to have the controller login prompt as "User"
I have execute the command hw-module session 0/3 endpoint 0, that drops to the prompt "User:" when i "click here" in the web gui page it stays in this way,
and in the hw-module session return to the cisco router prompt.
the output of show users,
i have to execute clear line vty 1 to clear that user.
The output of show tcp brief,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide