06-30-2016 06:50 AM - edited 07-05-2021 05:20 AM
I have a couple of things to clarify on 5508 WLCs set up in HA:
Service ports are only accessible via SSH and not HTTPS correct?
Should I be able to access the redundancy-management interface on the standby controller? I assume via SSH again and not via HTTPS. The reason I ask is I can access the redundancy-management interface via SSH on the active controller but not the standby.
06-30-2016 03:14 PM
Service ports are only accessible via SSH and not HTTPS correct?
Service ports can be accessed using Telnet and/or SSH, HTTP and/or HTTPs.
Should I be able to access the redundancy-management interface on the standby controller?
Yes.
08-24-2016 01:55 AM
OK well I have the issue that I can ssh via the service-port OK and I can ping the redundancy-management interface but I can't ssh or https to it?
Is there something I need to set/check on the WLC that I could've missed?
Also, I am under the impression that there is no way to monitor the secondary WLC once you enable HA...is that correct?
08-24-2016 03:07 AM
Using CLI, post the complete output to the command "sh network summary".
08-24-2016 03:15 AM
(Cisco Controller-Standby) >show network summ
RF-Network Name............................. XXXXXXXX
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Disable
Secure Web Mode RC4 Cipher Preference....... Disable
Secure Web Mode SSL Protocol................ Disable
OCSP........................................ Disabled
OCSP responder URL..........................
Secure Shell (ssh).......................... Enable
Telnet...................................... Disable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
IPv4 AP Multicast/Broadcast Mode............ Unicast
IPv6 AP Multicast/Broadcast Mode............ Unicast
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
IGMP Query Interval......................... 20 seconds
MLD snooping................................ Disabled
MLD timeout................................. 60 seconds
MLD query interval.......................... 20 seconds
--More-- or (q)uit
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Disable
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
AP Fallback ................................ Enable
Web Auth CMCC Support ...................... Disabled
Web Auth Redirect Ports .................... 80
Web Auth Proxy Redirect ................... Disable
Web Auth Captive-Bypass .................. Disable
Web Auth Secure Web ....................... Enable
Web Auth Secure Redirection ............... Disable
Fast SSID Change ........................... Disabled
AP Discovery - NAT IP Only ................. Enabled
IP/MAC Addr Binding Check .................. Enabled
Link Local Bridging Status ................. Disabled
CCX-lite status ............................ Disable
oeap-600 dual-rlan-ports ................... Disable
oeap-600 local-network ..................... Enable
--More-- or (q)uit
oeap-600 Split Tunneling (Printers)......... Disable
WebPortal Online Client .................... 0
WebPortal NTF_LOGOUT Client ................ 0
mDNS snooping............................... Disabled
mDNS Query Interval......................... 15 minutes
Web Color Theme............................. Default
Capwap Prefer Mode.......................... IPv4
Client ip conflict detection (DHCP) ........ Disabled
08-24-2016 03:46 AM
Web Mode.................................... Disable
HTTP is disabled
Secure Web Mode............................. Enable
HTTPS is enabled.
Secure Shell (ssh).......................... Enable
Telnet...................................... Disable
I think this is self-explanatory.
08-24-2016 04:01 AM
Absolutely. But the issue I am seeing is that whilst I can SSH to the service-port I cannot SSH to the redundancy-management interface.
According to the documentation I should be able to. It pings OK, but SSH just times out.
08-24-2016 04:08 PM
Post the complete output to the command "sh sysinfo" and "sh red summary".
06-30-2016 07:00 PM
The primary is the only one that can be reachable using http/https/telnet/ssh with AP SSO enabled. Once SSO is enabled, the Standby WLC can be accessed via console connection or via SSH on the service port and on the redundant management interface.
http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/High_Availability_DG.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide