Solved: Re: Mobility Express: Management over Wireless not working

Maurice_ · ‎04-03-2018

Hi there,

I just deployed a new Mobility Express Wi-Fi (so far just one 1815i with ME 8.6.101.0). I started with a clean AP and configured everything via Web GUI.

Native VLAN ID: 1

WLAN1 (staff): VLAN Tagging disabled

WLAN2 (guest): VLAN Tagging enabled, VLAN ID 2

The AP is connected to a trunk port (native VLAN ID 1, VLAN ID 2 tagged).

DHCP is handled by an existing server, not ME.

Initially I could access the Web GUI and use the Cisco Wireless app while connected to WLAN1. This stopped working after creating WLAN2. Now, while connected to WLAN1, I can still ping the WLCs management IP address, but cannot connect to the Web GUI (timeout). Same for the app (no connection to WLC). Now the only way to access it is from the wired side. Network access works fine from both WLANs.

Can someone reproduce this?

Jonathan-M · ‎04-15-2018

Hey Maurice,

I've hit this bug as well and I'd recommend moving back to 8.3 or possibly 8.5. It was also confirmed in this thread: https://supportforums.cisco.com/t5/other-wireless-mobility-subjects/unable-to-access-mobility-express-controller-from-ap-provisioned/td-p/3329838. Sorry for the late response but I hope this helps.

View solution in original post

patoberli · ‎04-04-2018

Does it still not work if you reboot the AP?
Under the SSID configuration should be an option to enable/disable AP Management through wireless, I assume you haven't unchecked it?
I sadly can't test it, as I don't have an ME AP.

Maurice_ · ‎04-04-2018

I can't find a management over wireless option anywhere in the GUI. I made a backup of the config and it has this line, so I guess it's supposed to be enabled by default:

config network mgmt-via-wireless enable

A port scan started from a wireless client shows that 443 and 22 are open on the WLC. So it can't be a VLAN issue. The WLC seems to actively block connections coming from wireless clients. The really weird thing is that this worked initially and then stopped working after creating the second SSID.

Rebooting does not help, tried that.

patoberli · ‎04-04-2018

In that case it sounds like a bug. I assume that config line is still there?

Maurice_ · ‎04-04-2018

Yes, the config line is from a backup of the current configuration. Sounds like a bug to me too, but it would be nice if someone could confirm this behavior.

I don't have a service contract (it's just a single AP so far) so there is probably no way to file a bug report.

Jonathan-M · ‎04-15-2018

Hey Maurice,

I've hit this bug as well and I'd recommend moving back to 8.3 or possibly 8.5. It was also confirmed in this thread: https://supportforums.cisco.com/t5/other-wireless-mobility-subjects/unable-to-access-mobility-express-controller-from-ap-provisioned/td-p/3329838. Sorry for the late response but I hope this helps.

Maurice_ · ‎04-16-2018

Hey Jonathan,

Thanks, this is very helpful! I don't know why I didn't find this thread before since it is indeed exactly the same issue. Shame on me.

Good to know that this a documented bug and will be fixed in a future release. I think I'll just wait for this to happen. It seems to be a VLAN related bug after all. One of the suggested workarounds is to "connect a wireless client to a Master AP on a WLAN mapped to a non-native vlan". I might try that.

Jonathan-M · ‎04-16-2018

Hi Maurice,

I'm glad it helped. I have tested through a subordinate and that worked as a workaround.

Cheers,

Jonathan

Maurice_ · ‎04-17-2018

Just for reference, here is my workaround:

Changed the native VLAN from 1 to 10 and enabled tagging for VLAN 1 (which WLAN1 is mapped to) on both the WLC and the switch port it is connected to.

On the switch, configured two additional ports as access ports for VLANs 1 and 10 and bridged those (physically, with a patch cable). Had to disable STP on those to prevent them from shutting down.

Result: All WLANs are mapped to tagged VLANs different from the untagged management VLAN, but WLAN1 is still bridged to the native management VLAN. I know it's crude, but now management over wireless works on the master AP!