04-09-2017 03:14 AM - edited 07-05-2021 06:50 AM
Dear All,
I am facing a strange issue while configuring Cisco WLC 5520 and Cisco 3850 switch.
I have assign IP address 192.168.66.1/24 to WLC Management and untagged it.
Created vlan 66, create SVI assigned IP 192.168.66.254/24. WLC is connected on Te 1/0/24, which is trunk and native vlan 66.
Created user vlan 55, created SVI and assigned IP 192.168.55.254/24.
I am able to ping 192.168.66.1 from 3850.
But when I am trying to open https://192.168.66.1 (WLC 5520) from user vlan 55 it opens 3850's web gui.
Urgent help required.
Thanks,
AS
04-09-2017 04:38 PM
That is weird.
I hope you have not configured "wireless management interface vlan 66" on your 3850 switch.
If problem persist, I would try below
1. tag vlan 66 on wlc end and remove native vlan 66 command on trunk port from the switch end.
Let us know
HTH
Rasika
04-14-2017 02:51 AM
thanks Rasika, '
it is already disabled. I have attached sh run of 3850.
version 15.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption service compress-config ! hostname Switch ! boot-start-marker boot-end-marker ! ! vrf definition Mgmt-vrf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! enable secret 5 $1$7O5R$nQZC6bOhu9wA0DLR4.eEa/ enable password cisco ! username admin privilege 15 password 0 cisco no aaa new-model clock timezone UTC 5 30 switch 1 provision ws-c3850-24xs ! ! ! ! ! ! ! ! ! ! ! ! qos queue-softmax-multiplier 100 ! crypto pki trustpoint TP-self-signed-2381381258 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2381381258 revocation-check none rsakeypair TP-self-signed-2381381258 ! ! crypto pki certificate chain TP-self-signed-2381381258 certificate self-signed 01 3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32333831 33383132 3538301E 170D3137 30343134 30363434 33305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 33383133 38313235 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 81008FBE 6AE806E6 718717A9 BBD7DAE8 833E47E4 992F7844 C8348BA4 171F288C B127163F D10D10A0 FA94EA77 E3CD8D80 63A1F68B 255C882F C907F46D E5A008EF 160A0D16 87E17B06 9F1AB6C9 F67916DE 92D64F9D 32C2D2E9 DB7FB115 A172B20E 68D79548 B2D4DEB1 FEE6E273 D94E2075 632D771D 7CE57C58 C0866D83 DC8F163E DAC30203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304 18301680 140D080D 46674A85 5BF31D91 E8A724D2 C45FDB1B 94301D06 03551D0E 04160414 0D080D46 674A855B F31D91E8 A724D2C4 5FDB1B94 300D0609 2A864886 F70D0101 05050003 8181008D 5200BEB4 AB987F4F 6F95DF32 0422A422 A130A323 A7CF0F5A F6B21751 75C57C7C 3FDEBE62 CE2E1598 AFE256CC 52084463 FB65697A 6ECC6D79 C0DA9A92 BF4D6A6B 5C50D761 F2B2E56D 459556D8 29969A5F 28E7B059 5EF792D9 19A68A9B C1BDF1C2 A4A8854B A24A3654 96BCA553 2BF8A4D7 083FC38A BA6132C3 BE78DBCC 502AAC quit diagnostic bootup level minimal spanning-tree mode rapid-pvst spanning-tree extend system-id hw-switch switch 1 logging onboard message level 3 ! redundancy mode sso ! ! ! class-map match-any non-client-nrt-class ! policy-map port_child_policy class non-client-nrt-class bandwidth remaining ratio 10 ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface GigabitEthernet0/0 vrf forwarding Mgmt-vrf ip address 192.168.1.254 255.255.255.0 negotiation auto ! interface TenGigabitEthernet1/0/1 ! interface TenGigabitEthernet1/0/2 ! interface TenGigabitEthernet1/0/3 ! interface TenGigabitEthernet1/0/4 ! interface TenGigabitEthernet1/0/5 ! interface TenGigabitEthernet1/0/6 ! interface TenGigabitEthernet1/0/7 ! interface TenGigabitEthernet1/0/8 ! interface TenGigabitEthernet1/0/9 ! interface TenGigabitEthernet1/0/10 ! interface TenGigabitEthernet1/0/11 ! interface TenGigabitEthernet1/0/12 ! interface TenGigabitEthernet1/0/13 ! interface TenGigabitEthernet1/0/14 ! interface TenGigabitEthernet1/0/15 ! interface TenGigabitEthernet1/0/16 ! interface TenGigabitEthernet1/0/17 ! interface TenGigabitEthernet1/0/18 ! interface TenGigabitEthernet1/0/19 ! interface TenGigabitEthernet1/0/20 ! interface TenGigabitEthernet1/0/21 ! interface TenGigabitEthernet1/0/22 switchport access vlan 55 switchport mode access ! interface TenGigabitEthernet1/0/23 switchport access vlan 55 switchport mode access ! interface TenGigabitEthernet1/0/24 switchport trunk native vlan 66 switchport mode trunk ! interface TenGigabitEthernet1/1/1 ! interface TenGigabitEthernet1/1/2 ! interface TenGigabitEthernet1/1/3 ! interface TenGigabitEthernet1/1/4 ! interface TenGigabitEthernet1/1/5 ! interface TenGigabitEthernet1/1/6 ! interface TenGigabitEthernet1/1/7 ! interface TenGigabitEthernet1/1/8 ! interface FortyGigabitEthernet1/1/1 ! interface FortyGigabitEthernet1/1/2 ! interface Vlan1 ip address 192.168.100.1 255.255.255.0 ! interface Vlan55 ip address 192.168.55.254 255.255.255.0 ! interface Vlan66 ip address 192.168.66.254 255.255.255.0 ! ip forward-protocol nd ip http server ip http secure-server ip route 0.0.0.0 0.0.0.0 192.168.55.253 ! ip access-list extended AutoQos-4.0-wlan-Acl-Bulk-Data permit tcp any any eq 22 permit tcp any any eq 465 permit tcp any any eq 143 permit tcp any any eq 993 permit tcp any any eq 995 permit tcp any any eq 1914 permit tcp any any eq ftp permit tcp any any eq ftp-data permit tcp any any eq smtp permit tcp any any eq pop3 ip access-list extended AutoQos-4.0-wlan-Acl-MultiEnhanced-Conf permit udp any any range 16384 32767 permit tcp any any range 50000 59999 ip access-list extended AutoQos-4.0-wlan-Acl-Scavanger permit tcp any any range 2300 2400 permit udp any any range 2300 2400 permit tcp any any range 6881 6999 permit tcp any any range 28800 29100 permit tcp any any eq 1214 permit udp any any eq 1214 permit tcp any any eq 3689 permit udp any any eq 3689 permit tcp any any eq 11999 ip access-list extended AutoQos-4.0-wlan-Acl-Signaling permit tcp any any range 2000 2002 permit tcp any any range 5060 5061 permit udp any any range 5060 5061 ip access-list extended AutoQos-4.0-wlan-Acl-Transactional-Data permit tcp any any eq 443 permit tcp any any eq 1521 permit udp any any eq 1521 permit tcp any any eq 1526 permit udp any any eq 1526 permit tcp any any eq 1575 permit udp any any eq 1575 permit tcp any any eq 1630 permit udp any any eq 1630 permit tcp any any eq 1527 permit tcp any any eq 6200 permit tcp any any eq 3389 permit tcp any any eq 5985 permit tcp any any eq 8080 ! ! ! ! line con 0 stopbits 1 line aux 0 stopbits 1 line vty 0 4 login line vty 5 15 login ! wsma agent exec profile httplistener profile httpslistener ! wsma agent config profile httplistener profile httpslistener ! wsma agent filesys profile httplistener profile httpslistener ! wsma agent notify profile httplistener profile httpslistener ! ! wsma profile listener httplistener transport http ! wsma profile listener httpslistener transport https ! no wireless mgmt-via-wireless ap group default-group end
Thanks,
AS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide