cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
990
Views
0
Helpful
6
Replies

Cisco Router C1111 - Embedded Wireless Controller

diogobranco
Level 1
Level 1

Hi, i have a cisco c1111-8p and i am trying to access the AP Controller from the Web Gui of the Cisco router,

diogobranco_0-1698433026355.png

i put the credentials to access the controller statistics but it stays in this infinite mode,

diogobranco_1-1698433140708.png

what i am missing here?

Note: i can access the ap controller via web mode and ssh mode 

Regards, Diogo.

6 Replies 6

Rich R
VIP
VIP

I have no idea how that is supposed to work but first make sure the router and EWC code are up to date - think 17.9.4a on both
Then check ACLs in case you have something blocking communication between the router and the AP.
And run packet captures and debug on both of them to try to work out how they're trying to communicate and why it isn't working.
Enabling network trace (F12 or CTRL+CHIFT+I) in your browser might also give you some clue as to what is happening.

diogobranco
Level 1
Level 1

Hi, Rich this is a Wireless Embedded controller on the router it is the same equipment there is no acls between them, one strange thing that i see is this ip 192.168.1.5 on the show users command line,

diogobranco_0-1698502433970.png

That network does not exist, and appears to be the default network when the router is factory default

The version that i have in the cisco router is the latest 17.9.4a the embedded wireless controller is ISR-AP1100AC-ME-8-10-185-0.

 

Regards, Diogo.

 

Aha despite what the GUI calls it that is Mobility Express not EWC although technically Mobility Express is a type of EWC!
ME runs a cut down version of AireOS so your latest release is https://software.cisco.com/download/home/286315006/type/286289839/release/8.10.190.0

I haven't worked with that model specifically but the built-in AP usually has internal interfaces joining the router switch module to the AP so they are 2 separate units in 1 enclosure with a built-in connection.  They also usually have a console connection via a reverse telnet port which you can access with the hw-module session command and there may be a default vlan configured for direct IP access to the AP.  192.168.1.0/24 is the default subnet used by the ME on startup.

Check:
sh platform
show int desc
show ip int brief
show ip route
show arp
You're sure to find more info on the 192.168.1.5 in those.

So the GUI is quite possibly using one of those internal connections to connect to the ME AP.
If you do a "show tcp brief" while it's trying to connect you may see what source and destination IP and port it's trying to connect on.

So you might not have realised but there are interfaces between the router and AP and they could have ACLs on them - I was just suggesting to check them.  If it's using a VTY for that connection then the VTY ACL could come into play too.

You're accessing AP web and ssh from an external IP routed to the configured IP on the AP.  The router GUI will be connecting from a local router IP to the same or different destination IP on the AP.  Check that routing, ACLs (firewall if you have it configured), ARP etc are all working for that connection.

Some more info on the platform:
https://www.itnetworks.com.au/blog/cisco-isr-1100-internal-wap/
https://www.cisco.com/c/en/us/td/docs/routers/access/isr1100/software/configuration/xe-17/isr1100-sw-config-xe-17/configuring_wlan.html

diogobranco
Level 1
Level 1

Hi, this is a mystery to me, when i execute the command show tcp brief this is the output:

diogobranco_0-1699792773317.png

The address 192.168.1.6 and 1.5 does not exist in the network i have no vlan or interface with this range of ip address's.

My wireless lan interface as no ip address assign:

diogobranco_1-1699793006971.png

 

the configuration of that interface is this:

interface Wlan-GigabitEthernet0/1/8
switchport trunk native vlan 55
switchport trunk allowed vlan 15,25,40,55
switchport mode trunk

The Ap Embbeded controller as the address 192.168.55.10.

Maybe this some kind of bug or something that i cannot understand. 

Regards, Diogo.

As I said these are INTERNAL interfaces - built into the IOS - to provide a direct connection between the router and the AP. They are probably in a separate VRF so should not interfere with your own standard routing table/network.
It is not a bug - it's the way Cisco designed the connection between router and AP.

diogobranco
Level 1
Level 1

ok Rich you are probably right with that assumption. if you notice from this screenshoot,

 

diogobranco_0-1700162691031.png

 

they are tell me to have the controller login prompt as "User"

I have execute the command hw-module session 0/3 endpoint 0, that drops to the prompt "User:" when i "click here" in the web gui page  it stays in this way,

diogobranco_1-1700163008612.png

 

and in the hw-module session return to the cisco router prompt.

 

diogobranco_2-1700163074377.png

the output of show users,

diogobranco_3-1700163168776.png

 

i have to execute clear line vty 1 to clear that user.

The output of show tcp brief,

diogobranco_4-1700163265915.png

 

 

 

   

Review Cisco Networking for a $25 gift card