Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
956
Views
5
Helpful
7
Replies

Lost access to the CBW140AC access point web interface

Go to solution
EvanC75
Level 1
Level 1

‎06-02-2023 11:20 PM - edited ‎06-02-2023 11:26 PM

Long story short, I updated my main SSID to use VLAN 10 and added VLAN 25 with its own SSID.  After applying the change I lost access to the AP web interface.  I don't know how to get it back.  None of the wireless clients on either VLAN can get to it. I have tried https://ciscobusiness.cisco and https://ip.address.

The wireless clients can still access the Internet just fine.  Wireless clients cannot ping the AP IP address.

Switch PoE port is has native VLAN 1 and associated VLANs 10 and 25.  Adjacent switch port has native VLAN 1 and associated VLAN 10.  Adjacent port has my laptop wired in.  I tried setting the Ethernet network adapter to VLAN 1 and 10.  Neither are able to load the AP web interface.  But on VLAN1, the laptop can ping the AP.  On VLAN10, it cannot ping it.

I have access to the CLI console but after I login to it with putty, the only commands present are cli-access, hash, validate, and logout.  I can't find any reference material online anywhere for the CLI console.

I have a TAC case open but they don't seem to be taking me seriously.

Regards.
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Flavio Miranda
VIP
VIP
In response to EvanC75

‎06-03-2023 09:56 AM - edited ‎06-03-2023 09:58 AM

Hi

 This device does not support CLI at the level  you would need. At least Cisco does not put it in a doc as far as I could see.

But your setup seem to be pretty simple. I believe the problem started when you added the second WLAN right, I am wondering if you choose the Native vlan on the AP side in Global AP config.

 

FlavioMiranda_0-1685811111505.png

And if you change here to tag on both WLANs. This would be a trunk on the AP side.

FlavioMiranda_1-1685811279830.png

 By the way, the laptop in trunk is not required as usually windows (if that is the case) does not understand tagging natively. So, dont mater if you use trunk or not  it will ignore the tag. Either you use it in vlan 10 or vlan 1.

I know sounds odd but you may need to factory reset it.

 

View solution in original post

7 Replies 7

Go to solution
Flavio Miranda
VIP
VIP

‎06-03-2023 03:45 AM

Hi

 Which is the AP´s management IP address  and what IP address you get on the wired network?

 If seems you have two switches? Switch PoE and Adjacent switch ? Are they connected using trunk?

Did you try to put Vlan10 as native on the switch port that connects to you AP?

And then put the port you plug your laptop also on vlan 10?

 

 

Go to solution
Rich R
VIP
VIP

‎06-03-2023 06:34 AM

I'm not an expert on the CBW APs but agree with Flavio - as a general rule the management interface should be untagged - native vlan in other words.  If that doesn't help then the obvious thing to do is factory default reset of the AP then reconfigure it again.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.190.0, latest 9800 releases, 8.5.182.11 (8.5 mainline) and 8.5.182.108 (8.5 IRCM)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs

Go to solution
EvanC75
Level 1
Level 1

‎06-03-2023 08:49 AM

@Flavio Miranda

The AP management IP is 10.0.10.2.  The switch is 10.0.10.1.  The laptop is 10.0.10.8.  All are on a /25 network.

One switch, two ports involved.  AP is in port 8 and laptop is in port 6.  Both ports are configured as VLAN 1 native and VLAN 10 associated.  Both ports are in trunk mode.

Yes I did try VLAN 10 native on the ports, that cut everything off on the AP, wireless clients could no longer connect and the laptop could no longer ping the AP.  I tried setting laptop Ethernet as VLAN 1 and 10.

Yes the switch port for laptop was also VLAN 10.

@Rich R 

I was unaware that changing the VLAN of the primary SSID would also change the management interface VLAN but apparently it does.  I was hoping to avoid factory reset, especially if there was a way to reverse course through the CLI.  But it sounds like that is the only option at this point.

Regards.
0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to EvanC75

‎06-03-2023 09:56 AM - edited ‎06-03-2023 09:58 AM

Hi

 This device does not support CLI at the level  you would need. At least Cisco does not put it in a doc as far as I could see.

But your setup seem to be pretty simple. I believe the problem started when you added the second WLAN right, I am wondering if you choose the Native vlan on the AP side in Global AP config.

 

FlavioMiranda_0-1685811111505.png

And if you change here to tag on both WLANs. This would be a trunk on the AP side.

FlavioMiranda_1-1685811279830.png

 By the way, the laptop in trunk is not required as usually windows (if that is the case) does not understand tagging natively. So, dont mater if you use trunk or not  it will ignore the tag. Either you use it in vlan 10 or vlan 1.

I know sounds odd but you may need to factory reset it.

 

Go to solution
EvanC75
Level 1
Level 1
In response to Flavio Miranda

‎06-03-2023 11:23 AM

Agreed I believe it was after I added second WLAN, at that same time though I adjusted the first WLAN to VLAN 10 exactly in your screenshot for VLAN tagging.  So basically I locked myself out of VLAN 1 on the AP.  Looks like I will be factory resetting it then.

I am puzzled as to why Cisco even bothered to put a console interface on the AP if it is completely useless.  A different topic for another day.

Regards.
0 Helpful

Go to solution
Rich R
VIP
VIP
In response to EvanC75

‎06-04-2023 04:18 AM

The console will be for AP recovery in case of firmware corruption etc.  But only TAC will have the (hidden) commands needed to use it.  And it may even be locked down with a token which only TAC can generate.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.190.0, latest 9800 releases, 8.5.182.11 (8.5 mainline) and 8.5.182.108 (8.5 IRCM)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful

Go to solution
EvanC75
Level 1
Level 1
In response to Flavio Miranda

‎06-03-2023 11:39 AM

Well this is interesting, I factory reset the AP and the web interface still doesn't work.  It got a new IP from DHCP and I can ping that IP but the web interface still will not load on http or https.  I am starting to suspect hardware failure.  I will update this on the TAC.

Regards.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card