cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1476
Views
0
Helpful
3
Replies

Newbe question: management interface routing

aleksey.barbash
Level 1
Level 1

Could anybody help and explain? I am trying to set up new (and my first) 2500 WLC. I have configured management interface with 10.10.19.2/24, default gateway 10.10.19.1. My office network is 10.10.13.0/24, all the traffic allowed between WLC and office network (just for the test time). I have additional server on the same network as WLS (10.10.19.9) that has tftpd32.

I can HTTPS, SSH and ping WLS from my workstation. I cannot ping nodes on my office network from WLC. I can ping my tftpd32 server from WLC and upload software, i.e. nodes on the same WLC network are accessible from WLC. There are no ACL on WLC:

(Cisco Controller) >show route summary

Number of Routes................................. 0

Destination Network         Netmask               Gateway

-------------------   -------------------   -------------------

(Cisco Controller) >show acl summary

ACL Counter Status             Disabled

----------------------------------------

IPv4 ACL Name                   Applied

-------------------------------- -------

----------------------------------------

IPv6 ACL Name                   Applied

-------------------------------- -------

(Cisco Controller) >show interface summary

Interface Name                   Port Vlan Id IP Address     Type   Ap Mgr Guest

-------------------------------- ---- -------- --------------- ------- ------ -----

management                      1   untagged 10.10.19.2     Static Yes   No

virtual                         N/A N/A     192.168.95.1   Static No     No

(Cisco Controller) >

I have read documentation and, frankly speaking, my understanding about different types of interfaces is not good enough yet. I suspect that there is some routing restrictions imposed on management interface, but in that case what is the best approach – use NAT on my firewall (how such design is reasonable from the security point of view?) or configure additional (dynamic, virtual?) interfaces on WLS and use them to connect to AD or ACS?

Please, give advice and clarify.

2 Accepted Solutions

Accepted Solutions

weterry
Level 4
Level 4

Generally speaking, when you see anything regarding routes on the WLC, it refers to the Service Port (out of band-management where you can define routes for that particular port).

Anyhow, there should be no restrictions on your Management interface from talking to anything.  If your WLC can ping anything on the same VLAN, then it sounds like ARP and everything is working great, but if you can't ping anything L3, it would make it seems like your WLC isn't happy with the gateway (or gateway not happy with the WLC).    

Can your other devices in 10.10.19.X ping your office network?

There is no restriction that comes to mind for me as to why only your WLC would not be able to talk (unless the gateway was defined wrong, or duplicate IP, or something of the like).

View solution in original post

johncaston_2
Level 1
Level 1

Hi Aleksey,

There should be no reason for you not to be able to reach the WLC Management interface and the fact that you can reach it from the TFTP server indicates that it's physically OK. I think that you've got a problem with the VLAN / Routing on your LAN Network - return routes might not be right.

I'm assuming that the default gateway is your core L3 switch and it's configured to route properly?

From your core switch try pinging your PC with a source IP of the wireless interface and vice versa

Also I noticed the the Management interface is untagged (on the native VLAN) - is that right?

Sent from Cisco Technical Support iPad App

View solution in original post

3 Replies 3

weterry
Level 4
Level 4

Generally speaking, when you see anything regarding routes on the WLC, it refers to the Service Port (out of band-management where you can define routes for that particular port).

Anyhow, there should be no restrictions on your Management interface from talking to anything.  If your WLC can ping anything on the same VLAN, then it sounds like ARP and everything is working great, but if you can't ping anything L3, it would make it seems like your WLC isn't happy with the gateway (or gateway not happy with the WLC).    

Can your other devices in 10.10.19.X ping your office network?

There is no restriction that comes to mind for me as to why only your WLC would not be able to talk (unless the gateway was defined wrong, or duplicate IP, or something of the like).

johncaston_2
Level 1
Level 1

Hi Aleksey,

There should be no reason for you not to be able to reach the WLC Management interface and the fact that you can reach it from the TFTP server indicates that it's physically OK. I think that you've got a problem with the VLAN / Routing on your LAN Network - return routes might not be right.

I'm assuming that the default gateway is your core L3 switch and it's configured to route properly?

From your core switch try pinging your PC with a source IP of the wireless interface and vice versa

Also I noticed the the Management interface is untagged (on the native VLAN) - is that right?

Sent from Cisco Technical Support iPad App

Yes, it seems, I do have troubles with routing. Thanks for helping me with WLC "no-restriction" clarification.

Review Cisco Networking for a $25 gift card