Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1887
Views
0
Helpful
10
Replies

Embedded wireless controller not access through WebGui

sachinsharma0021
Level 1
Level 1

‎04-11-2023 11:11 PM - edited ‎04-11-2023 11:12 PM

Hi All,

I am facing EWLC WebGui access issue in my environment. We are using DNAC (2.3.3.6), Border/WLC role enable switch (9300 - 17.3.3)  & EWLC concept for local sites. But somehow unable to access the EWLC through WebGUI & getting SSL error. Could you please help me out how to resolve that issue.

Please find the below some reference command output

ABC1#sh run | i http
http
enrollment url http://XX.XX.XX.XX:80/ejbca/publicweb/apply/scep/sdnscep
ip http server
ip http authentication local
ip http secure-server
ip http max-connections 16
ip http active-session-modules none
ip http client source-interface Loopback0
destination transport-method http
http-tlv-caching
http-tlv-caching
http-tlv-caching

ABC1#sh run | i crypto
crypto pki trustpoint TP-self-signed-XXXXXX
crypto pki trustpoint SLA-TrustPoint
crypto pki trustpoint sdn-network-infra-iwan
crypto pki trustpoint DNAC-CA
crypto pki certificate chain TP-self-signed-XXXXXX
crypto pki certificate chain SLA-TrustPoint
crypto pki certificate chain sdn-network-infra-iwan
crypto pki certificate chain DNAC-CA
crypto pki certificate pool

0 Helpful
10 Replies 10

Mark Elsen
Hall of Fame
Hall of Fame

‎04-11-2023 11:40 PM

 

            - What kind of SSL error are you getting (and or post screenshot) ?

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
0 Helpful

sachinsharma0021
Level 1
Level 1
In response to Mark Elsen

‎04-11-2023 11:45 PM

sachinsharma0021_0-1681281896580.png

 

0 Helpful

Mark Elsen
Hall of Fame
Hall of Fame
In response to sachinsharma0021

‎04-12-2023 12:00 AM

 

  - Have a checkup of the controller configuration with the CLI command : show tech wireless , feed that output into :
                             https://cway.cisco.com/wireless-config-analyzer/
    Also check the logs on the controller when the WebGui access is attempted , 

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
0 Helpful

sachinsharma0021
Level 1
Level 1
In response to Mark Elsen

‎04-12-2023 12:38 AM - edited ‎04-12-2023 12:44 AM

I checked in WLC logs, no such messages "WebGui access is attempted" found.

0 Helpful

Mark Elsen
Hall of Fame
Hall of Fame
In response to sachinsharma0021

‎04-12-2023 01:36 AM

 

 - Anything else in the logs when the WebGui access is attempted (?) , also reminder use this procedure too
    Have a checkup of the controller configuration with the CLI command : show tech wireless , feed that output into :
                             https://cway.cisco.com/wireless-config-analyzer/

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
0 Helpful

sachinsharma0021
Level 1
Level 1
In response to Mark Elsen

‎04-12-2023 01:38 AM

Nothing is there related to WebGui.

0 Helpful

Mark Elsen
Hall of Fame
Hall of Fame
In response to sachinsharma0021

‎04-12-2023 01:59 AM

 

 -  Have a checkup of the controller configuration with the CLI command : show tech wireless , feed that output into :
                             https://cway.cisco.com/wireless-config-analyzer/

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
0 Helpful

sachinsharma0021
Level 1
Level 1

‎04-12-2023 02:05 AM

Yes, I pasted the output in given URL of show tech wireless. But nothing found in WLC logs related to WebGui access.

WLC Logs Summary
WLC Logs: USCLDC001
FED_L3_ERRMSG-3-RSRC_ERR Times SeenFirst SeenLast SeenTextDMI-5-AUTH_PASSED Times SeenFirst SeenLast SeenTextDOT1X-5-FAIL Times SeenFirst SeenLast SeenTextDHCP_SNOOPING-5-DHCP_SNOOPING_FAKE_INTERFACE Times SeenFirst SeenLast SeenTextSEC_LOGIN-5-LOGIN_SUCCESS Times SeenFirst SeenLast SeenTextHA_EM-6-LOG Times SeenFirst SeenLast SeenTextSYS-6-LOGOUT Times SeenFirst SeenLast SeenTextSYS-6-TTY_EXPIRE_TIMER Times SeenFirst SeenLast SeenText
6
Apr 12 2023 06:31:27.252 UTC:
Apr 12 2023 06:39:18.673 UTC:
Switch 1 R0/0: fed: Failed to allocate hardware resource for fib entry due to hardware resource exhaustion - rc:2054
1
Apr 12 2023 01:43:29.445 UTC:
Apr 12 2023 01:43:29.445 UTC:
Switch 2 R0/0: dmiauthd: User 'dnac' authenticated successfully from XX.XX.XX.XX):36241 and was authorized for netconf over ssh. External groups: PRIV15
72
Apr 12 2023 01:53:20.717 UTC:
Apr 12 2023 07:03:08.144 UTC:
Switch 2 R0/0: sessmgrd: Authentication failed for client (ec01.d568.1aec) with reason (No Response from Client) on Interface Gi2/0/25 AuditSessionID 21C3400A000000A671874CF6
3
Apr 12 2023 04:35:21.011 UTC:
Apr 12 2023 06:11:01.146 UTC:
DHCP_SNOOPING drop message with mismatched source interface, the binding is not updated, message type: DHCPRELEASE, MAC sa: 48a2.e659.f34b
3
Apr 12 2023 05:29:47.094 UTC:
Apr 12 2023 07:04:36.633 UTC:
Login Success [user: rancid] [Source: XX.XX.XX.XX)] [localport: 22] at 05:29:47 UTC Wed Apr 12 2023
323
Apr 12 01:43:14.503:
Apr 12 07:05:45.056:
catchall: show platform software flow switch 7 FP active ios monitor name dnacmonitor cache filter 0 0 0 0 0 timestamp 51127F2C0
3
Apr 12 2023 01:51:03.839 UTC:
Apr 12 2023 06:03:38.064 UTC:
User dnac has exited tty session 1(10.76.17.16)
1
Apr 12 2023 06:03:38.063 UTC:
Apr 12 2023 06:03:38.063 UTC:
(exec timer expired, tty 1 (XX.XX.XX.XX)), user dnac

 

0 Helpful

Mark Elsen
Hall of Fame
Hall of Fame
In response to sachinsharma0021

‎04-12-2023 03:29 AM

 

 - Try the procedure mentioned by Scott Fella from this thread :
                        https://community.cisco.com/t5/wireless/cisco-9800-wreless-controller-not-getting-the-http-or-https/td-p/3988305

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
0 Helpful

Rich R
VIP
VIP

‎04-13-2023 06:07 AM - edited ‎04-13-2023 06:08 AM

Have you tried a different browser?

What browser and version are you using?

Is WLC and PC time both set correctly (NTP)?

 

------------------------------
Please click Helpful if this post helped you and Accept as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card