Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
655
Views
0
Helpful
9
Replies

SSH Not Working with Wireless Controller 9800

zhd27
Level 1
Level 1

‎12-06-2025 08:26 PM

Network scenario: WLC 9800 (192.168.110.9) is connected to Core Switch (192.168.110.1). Then From Core Switch > PoE Switch > APs are Connected. but main problem is I couldn't connect to WLC using SSH from any Vlan or SSID and also not getting GUI from all VLAN whereas only getting from SSID ASA LAB (Vlan-101). Please get out me from this problem that i want to access SSH from all SSID VLAN like (41,43-44,46,50,52,66,95-96,101) as well as for GUI access. i am giving you my running config but here i find out some mistake like i mistakenly use a lot of default route but i kept only one ip route 0.0.0.0 0.0.0.0 192.168.110.1 then it did not work then i kept all. also i am using ip http client source-interface Vlan110 & ip ssh source-interface Vlan110 then i removed both then still wasn't worked then i keep both of them again. one more info in PoE switch connected AP port is configured as switchport mode access and switch port access vlan 43 and same for others . should i use trunk or native vlan 110

ip route 0.0.0.0 0.0.0.0 192.168.200.1
ip route 0.0.0.0 0.0.0.0 192.168.110.1
ip route 0.0.0.0 0.0.0.0 192.168.110.2
ip route 0.0.0.0 0.0.0.0 192.168.101.1
ip route 0.0.0.0 0.0.0.0 192.168.96.1
ip route 0.0.0.0 0.0.0.0 192.168.50.1
ip route 0.0.0.0 0.0.0.0 192.168.44.1
ip route 0.0.0.0 0.0.0.0 192.168.46.1
ip route 0.0.0.0 0.0.0.0 192.168.41.1
ip route 0.0.0.0 0.0.0.0 192.168.212.1
ip route 0.0.0.0 0.0.0.0 192.168.52.1
ip route 0.0.0.0 0.0.0.0 192.168.66.1
ip route 0.0.0.0 0.0.0.0 192.168.152.1
ip route 0.0.0.0 0.0.0.0 192.168.153.1

here is my running configuration

====================

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2025.11.25 11:22:00 =~=~=~=~=~=~=~=~=~=~=~=

ASA_WLC-01#show running-config
Building configuration...

Current configuration : 21941 bytes
!
! Last configuration change at 11:20:22 Banglad Tue Nov 25 2025
!
version 17.9
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
!
hostname ASA_WLC-01
!
boot-start-marker
boot system bootflash:packages.conf
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
aaa new-model
!
!
aaa authentication dot1x ASA_Radius group radius
aaa authorization network ASA_Radius group radius
aaa accounting identity ASA_Radius start-stop group radius
!
!
aaa server radius dynamic-author
client 172.16.1.33
!
aaa session-id common
clock timezone Banglad 0 0
vtp mode off
vtp version 1
!
!
!
!
!
!
!
ip name-server 8.8.8.8
ip domain name ASA.gov.bd
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
!
parameter-map type webauth global
virtual-ip ipv4 192.0.2.1
!
access-session mac-move deny
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
crypto pki trustpoint SLA-TrustPoint
enrollment terminal
revocation-check crl
!
crypto pki trustpoint TP-self-signed-2505650051
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2505650051
revocation-check none
rsakeypair TP-self-signed-2505650051
!
crypto pki trustpoint AP_Join_Cer
enrollment terminal pem
subject-name C=BD, ST=Dhaka, L=Dhaka, O=ASA, OU=Local Government Engineering Department, CN=ASA.gov.bd
subject-alt-name ASA.gov.bd
revocation-check none
rsakeypair AP_Join_Key
hash sha512
!
!
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
D697DF7F 28
quit
crypto pki certificate chain TP-self-signed-2505650051
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32353035 36353030 3531301E 170D3235 30383032 31303537
34335A17 0D333530 38303231 30353734 335A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 35303536
35303035 31308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100ABB7 9C88CD6E 87C89D9D 3587B612 D639A8C3 9B7D554B 7275143F
D3BBBEF8 AFD12108 F8A2B303 0A3F30DC 94DF06C6 32E92567 5B7C6D16 F8B60692
FDDE6CD5 4579742F 82E5522E 3684CA88 1FA1B056 9637F635 9DB8F7BB FB575C5B
FF974E4F BF02080D D1C59B56 45DCDA9F CFA8366E 65B399E3 26D01BFF 63B7CB72
C280FECA BD1C1866 68FF4630 D1C09F7B 488AF66B 3CD1ABF3 D8891597 E2A93A87
138F68B6 A9C4C9A7 90D3EF07 932C70C3 3C5E1468 AAA20356 A42014C3 37480CB9
ED015EE8 34379070 10FD871E 51C61BD8 CDCBF2B1 247A0CB1 D9AE1ADB 0BF67C39
42D6CAC4 B6EC658D 6C3C6A55 F84EF935 03AF4F1C 30E8DF8C B1CD5383 5EA6AAB9
4830D296 21C10203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 14E78A83 36A39806 3247E253 4541C989 ABD93C9C
DD301D06 03551D0E 04160414 E78A8336 A3980632 47E25345 41C989AB D93C9CDD
300D0609 2A864886 F70D0101 05050003 82010100 044F95F6 EFA43942 F5EC2D4F
A562FDB5 92CA3919 3218299A 003B3D7D 0F0F70CA EC39D754 1A5C8C65 BBA971E0
F10B458E F9E499A2 4B61BCC4 1C0A305C 7FFDD8F3 7AF156C2 9EBD7FCC 5A66F0D4
1667AF56 3640C96B EDCCA527 0C0F12CB 60C592A4 9C0AC8A3 8AEEA8F3 CBDB206F
AE7B217A 82119E7B 3F1D8FF4 BBC82EE4 0BA2D14B D194623A 2D7ECDFE 4633F0D4
20BBFA7A B1123769 83369115 4E7074A7 DFF8C6E2 8AE31EB2 AA3A2BB6 81C46D86
3CB1CF71 980B6E78 D34C9900 2BFB18A1 4E5B5E08 9C81EBA2 52038837 1FC98674
7A289B3B 88A22705 EB6FC94B C425E39A 393E09AB D038E373 142FC200 1786523A
196920B1 D9CCF185 49C2E554 75468E1D 1CD3CEE3
quit
crypto pki certificate chain AP_Join_Cer
!
!
license udi pid C9800-L-F-K9 sn FCL292700SG
license smart url https://smartreceiver.cisco.com/licservice/license
license smart url smart https://smartreceiver.cisco.com/licservice/license
memory free low-watermark processor 163477
!
service-template DEFAULT_LINKSEC_POLICY_MUST_SECURE
linksec policy must-secure
service-template DEFAULT_LINKSEC_POLICY_SHOULD_SECURE
linksec policy should-secure
service-template DEFAULT_CRITICAL_VOICE_TEMPLATE
voice vlan
service-template DEFAULT_CRITICAL_DATA_TEMPLATE
service-template webauth-global-inactive
inactivity-timer 3600
diagnostic bootup level minimal
!
!
!
username ASA privilege 15 password 7 096D4A04100B3743595F47
username ASA-WLC privilege 15 secret 9 $9$2l2I2F.G2EwF3k$x0mX6D8y.0zzYLEc.9v6FA43iLhEezCm5dT/bSs0GEg

!
redundancy
mode sso
!
!
!
!
!
vlan internal allocation policy ascending
!
vlan 41,43-44,46,50,52,66,95-96,101
!
vlan 110
name Wireless_Mgmt
!
vlan 152-153
!
vlan 200
name Device_Mgmt
!
vlan 212
!
!
!
class-map match-any AVC-Reanchor-Class
match protocol cisco-jabber-audio
match protocol cisco-jabber-video
match protocol webex-media
match protocol webex-app-sharing
match protocol webex-control
match protocol webex-meeting
match protocol wifi-calling
!
!
!

!
!
!
interface TwoGigabitEthernet0/0/0
negotiation auto
!
interface TwoGigabitEthernet0/0/1
negotiation auto
!
interface TwoGigabitEthernet0/0/2
negotiation auto
!
interface TwoGigabitEthernet0/0/3
negotiation auto
!
interface TenGigabitEthernet0/1/0
description "Connected to Core-Switch-1"
switchport trunk allowed vlan 41,43,44,46,50,52,66,95,96,101,110,152,153,212
switchport mode trunk
no negotiation auto
!
interface TenGigabitEthernet0/1/1
description "Connected to Core-Switch-2"
switchport trunk allowed vlan 110
switchport mode trunk
no negotiation auto
!
interface GigabitEthernet0
description "Device Mgmt"
vrf forwarding Mgmt-intf
ip address 192.168.201.23 255.255.254.0
negotiation auto
!
interface Vlan1
no ip address
shutdown
!
interface Vlan41
description ***SVI FOR ASA WLAN MANAGEMENT***
ip address 192.168.41.200
*Nov 25 11:22:07.353: %CAPWAPAC_SMGR_TRACE_MESSAGE-5-AP_JOIN_DISJOIN: Chassis 1 R0/0: wncd: AP Event: AP Name: ASA-L-AP-12 Mac: 3001.afee.b0c0 Session-IP: 192.168.110.35[5251] 192.168.110.9[5246] Ethernet MAC: 70bd.964d.5618 Joined 255.255.255.0
no ip redirects
no ipv6 redirects
!
interface Vlan43
description ***SVI FOR WLAN_DIGITAL_DEVICE***
ip address 192.168.43.200 255.255.255.0
!
interface Vlan44
description ***SVI FOR ASA WLAN MID-2***
ip address 192.168.44.200 255.255.254.0
no ip redirects
no ipv6 redirects
!
interface Vlan46
description ***SVI FOR ASA WLAN NORM-1***
ip address 192.168.46.200 255.255.254.0
no ip redirects
no ipv6 redirects
!
interface Vlan50
description ***SVI FOR ASA_GUEST***
ip address 192.168.50.200 255.255.255.0
no ip redirects
no ipv6 redirects
!
interface Vlan52
description ***SVI FOR ASA_WLAN_4***
ip address 192.168.52.200 255.255.254.0
no ip redirects
no ipv6 redirects
!
interface Vlan66
description ***SVI FOR WLAN-TRAINING***
ip address 192.168.66.200 255.255.255.0
no ip redirects
no ipv6 redirects
!
interface Vlan95
description ***SVI FOR LAN_IP_for_Server_Room***
ip address 192.168.95.200 255.255.255.0
no ip redirects
no ipv6 redirects
!
interface Vlan96
description ***SVI FOR_TOP_MANAGEMENT***
ip address 192.168.96.200 255.255.254.0
no ip redirects
no ipv6 redirects
!
interface Vlan101
description ***SVI FOR ASA-LAB***
ip address 192.168.101.200 255.255.255.0
no ip redirects
no ipv6 redirects
!
interface Vlan110
description ***Connected to Core Switch***
ip address 192.168.110.9 255.255.255.0
!
interface Vlan152
description ***ROSC Wifi***
no ip address
!
interface Vlan153
description ***ROSC-Wifi-2***
no ip address
!
interface Vlan200
description ***Device Mgmt***
ip address 192.168.201.23 255.255.254.0
!
interface Vlan212
description ***SVI for new WLAN-3***
ip address 192.168.224.200 255.255.248.0
no ip redirects
no ipv6 redirects
!
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface Vlan110
ip forward-protocol nd
!
ip route 0.0.0.0 0.0.0.0 192.168.200.1
ip route 0.0.0.0 0.0.0.0 192.168.110.1
ip route 0.0.0.0 0.0.0.0 192.168.110.2
ip route 0.0.0.0 0.0.0.0 192.168.101.1
ip route 0.0.0.0 0.0.0.0 192.168.96.1
ip route 0.0.0.0 0.0.0.0 192.168.50.1
ip route 0.0.0.0 0.0.0.0 192.168.44.1
ip route 0.0.0.0 0.0.0.0 192.168.46.1
ip route 0.0.0.0 0.0.0.0 192.168.41.1
ip route 0.0.0.0 0.0.0.0 192.168.212.1
ip route 0.0.0.0 0.0.0.0 192.168.52.1
ip route 0.0.0.0 0.0.0.0 192.168.66.1
ip route 0.0.0.0 0.0.0.0 192.168.152.1
ip route 0.0.0.0 0.0.0.0 192.168.153.1
ip ssh version 2
!
!
!
!
!
!
!
radius server ASA_Radius
address ipv4 172.16.1.33 auth-port 1812 acct-port 1813
key 7 11251E0013325F5F567B
!
!
control-plane
!
!
!
!
!
!
line con 0
exec-timeout 5 0
stopbits 1
line aux 0
line vty 0 4
exec-timeout 5 0
transport input ssh
stopbits 1
line vty 5 15
transport input ssh
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
!
!
!
!
!
!
wireless aaa policy default-aaa-policy
wireless cts-sxp profile default-sxp-profile
wireless management interface Vlan110
wireless profile airtime-fairness default-atf-policy 0
wireless profile flex default-flex-profile
description "default flex profile"
wireless profile mesh default-mesh-profile
description "default mesh profile"
wireless profile multi-bssid default-multi-bssid-profile
description "Default multi bssid profile"
wireless profile radio default-radio-profile
description "Preconfigured default radio profile"
wireless profile policy "ASA LAB"
description "ASA LAB_Test"
vlan VLAN0101
no shutdown
wireless profile policy TEST-ASA
description TEST-ASA
vlan Wireless_Mgmt
no shutdown
wireless profile policy ASA-1_Test
aaa-override
accounting-list ASA_Radius
description ASA-1
ipv4 dhcp required
ipv4 dhcp server 172.1
*Nov 25 11:22:12.650: %DOT1X-5-FAIL: Chassis 1 R0/0: wncd: Authentication failed for client (b6ed.c169.f8eb) with reason (Timeout) on Interface capwap_90000024 AuditSessionID 096EA8C000000B23BAA31828 Username: SAE2.IUIDP
*Nov 25 11:22:12.651: %SESSION_MGR-5-FAIL: Chassis 1 R0/0: wncd: Authorization failed or unapplied for client (b6ed.c169.f8eb) on Interface capwap_90000024 AuditSessionID 096EA8C000000B23BAA31828. Failure reason: Authc fail. Authc failure reason: Timeout.6.1.33
vlan VLAN0043
no shutdown
wireless profile policy ASA_GUEST_TEST
description ASA_GUEST_TEST
vlan VLAN0050
no shutdown
wireless profile policy ASA-WLAN-1_Test
aaa-override
accounting-list ASA_Radius
description ASA-WLAN-1_Test
ipv4 dhcp required
ipv4 dhcp server 172.16.1.33
vlan VLAN0046
no shutdown
wireless profile policy ASA-WLAN-3_Test
aaa-override
accounting-list ASA_Radius
description ASA-WLAN-3_Test
ipv4 dhcp required
ipv4 dhcp server 172.16.1.33
vlan VLAN0212
no shutdown
wireless profile policy ASA-WLAN-4_Test
aaa-override
accounting-list ASA_Radius
description ASA-WLAN-4_Test
vlan VLAN0052
no shutdown
wireless profile policy ASA_WLAN-2_Test
aaa-override
accounting-list ASA_Radius
description ASA_WLAN-2_Test
ipv4 dhcp required
ipv4 dhcp server 172.16.1.33
vlan VLAN0041
no shutdown
wireless profile policy ASA-Meeting_Test
description ASA-Meeting_Test
vlan VLAN0153
no shutdown
wireless profile policy ASA-Training_Test
description ASA-Training_Test
vlan VLAN0066
no shutdown
wireless profile policy ASA-Management_Test
aaa-override
accounting-list ASA_Radius
description ASA-Management_Test
ipv4 dhcp required
ipv4 dhcp server 172.16.1.33
vlan VLAN0044
no shutdown
wireless profile policy default-policy-profile
autoqos mode voice
description "default policy profile"
service-policy input platinum-up
service-policy output platinum
vlan VLAN0110
no shutdown
wireless profile policy "ASA-Top Management_Test"
description "ASA-Top Management_Test"
ipv4 dhcp required
ipv4 dhcp server 172.16.1.33
vlan VLAN0096
no shutdown
wireless tag site default-site-tag
description "default site tag"
wireless tag policy Test-New
wlan Test policy TEST-ASA
wlan "ASA LAB" policy "ASA LAB"
wlan ASA-1_Test policy ASA-1_Test
wlan ASA-GUEST_Test policy ASA_GUEST_TEST
wlan ASA-WLAN-2_Test policy ASA_WLAN-2_Test
wlan ASA-WLAN-3_Test policy ASA-WLAN-3_Test
wlan ASA-WLAN-4_Test policy ASA-WLAN-4_Test
wlan ASA_WLAN-1_Test policy ASA-WLAN-1_Test
wlan ASA-Meeting_Test policy ASA-Meeting_Test
wlan ASA-Training_Test policy ASA-Training_Test
wlan ASA-Management_Test policy ASA-Management_Test
wlan ASA-Top-Management_Test policy "ASA-Top Management_Test"
wireless tag policy Test-ASA
description Test-ASA
wlan Test policy TEST-ASA
wireless tag policy ASA-1_Test
description ASA-1_Test
wlan ASA-1_Test policy ASA-1_Test
wireless tag policy "ASA GUEST_Test"
description "ASA GUEST_Test"
wlan ASA-GUEST_Test policy ASA_GUEST_TEST
wireless tag policy ASA-WLAN-1_Test
description ASA-WLAN-1_Test
wlan ASA_WLAN-1_Test policy ASA-WLAN-1_Test
wireless tag policy ASA-WLAN-2_Test
description ASA-WLAN-2_Test
wlan ASA-WLAN-2_Test policy ASA_WLAN-2_Test
wireless tag policy ASA-WLAN-3_Test
description ASA-WLAN-3_Test
wlan ASA-WLAN-3_Test policy ASA-WLAN-3_Test
wireless tag policy ASA-WLAN-4_Test
description ASA-WLAN-4_Test
wlan ASA-WLAN-4_Test policy ASA-WLAN-4_Test
wireless tag policy ASA-Meeting_Test
description ASA-Meeting_Test
wlan ASA-Meeting_Test policy ASA-Meeting_Test
wireless tag policy ASA-Training_Test
description ASA-Training_Test
wlan ASA-Training_Test policy ASA-Training_Test
wireless tag policy default-policy-tag
description "default policy-tag"
wireless tag policy "ASA Management_Test"
description "ASA Management_Test"
wlan ASA-Management_Test policy ASA-Management_Test
wireless tag policy "ASA-Top Management_Test"
description "ASA-Top Management_Test"
wlan ASA-Top-Management_Test policy "ASA-Top Management_Test"
wireless tag rf default-rf-tag
description "default RF tag"
wireless fabric control-plane default-control-plane
wireless country BD
wlan Test 1 ASA-Test
radio policy dot11 24ghz
radio policy dot11 5ghz
security wpa psk set-key ascii 0 ASA1234
no security wpa akm dot1x
security wpa akm psk
wlan "ASA LAB" 12 "ASA LAB_Test"
radio policy dot11
*Nov 25 11:22:17.520: %CLIENT_ORCH_LOG-6-CLIENT_ADDED_TO_RUN_STATE: Chassis 1 R0/0: wncd: Username entry (CAD10.PEDP) joined with ssid (ASA WLAN-3) for device with MAC: 6885.a4d6.8a83
*Nov 25 11:22:18.087: %CLIENT_ORCH_LOG-6-CLIENT_ADDED_TO_RUN_STATE: Chassis 1 R0/0: wncd: Username entry (LT.SupRB) joined with ssid (ASA WLAN-3) for device with MAC: 14eb.b667.af4e
*Nov 25 11:22:18.424: %CLIENT_ORCH_LOG-6-CLIENT_ADDED_TO_RUN_STATE: Chassis 1 R0/0: wncd: Username entry (OA7.ADMIN) joined with ssid (ASA WLAN-4) for device with MAC: 2411.4598.ccde24ghz
radio policy dot11 5ghz
security ft
security wpa psk set-key ascii 0 Pass@2018
no security wpa akm dot1x
security wpa akm ft psk
no shutdown
wlan ASA-1_Test 2 ASA-1
radio policy dot11 24ghz
radio policy dot11 5ghz
security ft
no security wpa akm dot1x
security wpa akm ft dot1x
security dot1x authentication-list ASA_Radius
no shutdown
wlan ASA-GUEST_Test 4 "ASA GUEST"
radio policy dot11 24ghz
radio policy dot11 5ghz
security ft
security wpa psk set-key ascii 0 Common@2299
no security wpa akm dot1x
security wpa akm ft psk
no shutdown
wlan ASA-WLAN-2_Test 7 "ASA WLAN-2"
radio policy dot11 24ghz
radio policy dot11 5ghz
security ft
no security wpa akm dot1x
security wpa akm ft dot1x
security dot1x authentication-list ASA_Radius
no shutdown
wlan ASA-WLAN-3_Test 8 "ASA WLAN-3"
radio policy dot11 24ghz
radio policy dot11 5ghz
security ft
no security wpa akm dot1x
security wpa akm ft dot1x
security dot1x authentication-list ASA_Radius
no shutdown
wlan ASA-WLAN-4_Test 9 "ASA WLAN-4"
radio policy dot11 24ghz
radio policy dot11 5ghz
security ft
no security wpa akm dot1x
security wpa akm ft dot1x
security dot1x authentication-list ASA_Radius
no shutdown
wlan ASA_WLAN-1_Test 6 "ASA WLAN-1"
radio policy dot11 24ghz
radio policy dot11 5ghz
security ft
no security wpa akm dot1x
security wpa akm ft dot1x
security dot1x authentication-list ASA_Radius
no shutdown
wlan ASA-Meeting_Test 11 "ASA Meeting"
radio policy dot11 24ghz
radio policy dot11 5ghz
security ft
security wpa psk set-key ascii 0 Meet@1999
no security wpa akm dot1x
security wpa akm ft psk
no shutdown
wlan ASA-Training_Test 10 "ASA Training"
radio policy dot11 24ghz
radio policy dot11 5ghz
security ft
security wpa psk set-key ascii 0 Lv11@1199
no security wpa akm dot1x
security wpa akm ft psk
no shutdown
wlan ASA-Management_Test 5 "ASA Management"
radio policy dot11 24ghz
radio policy dot11 5ghz
security ft
no security wpa akm dot1x
security wpa akm ft dot1x
security dot1x authentication-list ASA_Radius
no shutdown
wlan ASA-Top-Management_Test 3 "ASA Top Management"
radio policy dot11 24ghz
radio policy dot11 5ghz
security ft
security wpa psk set-key ascii 0 Mgmt@1999
no security wpa akm dot1x
security wpa akm ft psk
no shutdown
ap dot11 24ghz rf-profile Low_Client_Density_rf_24gh
coverage data rssi threshold -90
coverage level 2
coverage voice rssi threshold -90
description "pre configured Low Client Density rfprofile for 2.4gh radio"
high-density rx-sop threshold low
rate RATE_12M supported
rate RATE_24M supported
rate RATE_6M supported
tx-power v1 threshold -65
no shutdown
ap dot11 24ghz rf-profile High_Client_Density_rf_24gh
description "pre configured High Client Density rfprofile for 2.4gh radio"
high-density rx-sop threshold medium
rate RATE_11M disable
rate RATE_12M mandatory
rate RATE_1M disable
rate RATE_24M supported
rate RATE_2M disable
rate RATE_5_5M disable
rate RATE_6M disable
tx-power min 7
no shutdown
ap dot11 24ghz rf-profile Typical_Client_Density_rf_24gh
description "pre configured Typical Client Density rfprofile for 2.4gh radio"
rate RATE_11M disable
rate RATE_12M mandatory
rate RATE_1M disable
rate RATE_24M supported
rate RATE_2M disable
rate RATE_5_5M disable
rate RATE_6M disable
no shutdown
ap dot11 24ghz cac voice acm
ap dot11 24ghz rate RATE_12M supported
ap dot11 24ghz rate RATE_24M supported
ap dot11 24ghz rate RATE_6M supported
ap dot11 6ghz rf-profile default-rf-profile-6ghz
description "default rfprofile for 6GHz radio"
rate RATE_12M mandatory
rate RATE_24M mandatory
rate RATE_6M mandatory
no shutdown
ap dot11 5ghz rf-profile Low_Client_Density_rf_5gh
coverage data rssi threshold -90
coverage level 2
coverage voice rssi threshold -90
description "pre configured Low Client Density rfprofile for 5gh radio"
high-density rx-sop threshold low
rate RATE_12M mandatory
rate RATE_24M mandatory
rate RATE_6M mandatory
tx-power v1 threshold -60
no shutdown
ap dot11 5ghz rf-profile High_Client_Density_rf_5gh
description "pre configured High Client Density rfprofile for 5gh radio"
high-density rx-sop threshold medium
rate RATE_12M mandatory
rate RATE_24M mandatory
rate RATE_6M disable
rate RATE_9M disable
tx-power min 7
tx-power v1 threshold -65
no shutdown
ap dot11 5ghz rf-profile Typical_Client_Density_rf_5gh
description "pre configured Typical Density rfprofile for 5gh radio"
rate RATE_12M mandatory
rate RATE_24M mandatory
rate RATE_6M mandatory
no shutdown
ap dot11 5ghz cac voice acm
ap dot11 5ghz rate RATE_12M mandatory
ap dot11 5ghz rate RATE_24M mandatory
ap dot11 5ghz rate RATE_6M mandatory
ap dot11 6ghz cac voice acm
ap dot11 6ghz rrm monitor measurement 600
ap tag-source-priority 2 source filter
ap tag-source-priority 3 source ap
ap profile default-ap-profile
description "default ap profile"
ap 70bd.964c.73a4
policy-tag Test-New
ap 70bd.964c.7470
policy-tag Test-New
ap 70bd.964c.7a60
policy-tag Test-New
ap 70bd.964c.7d68
policy-tag Test-New
ap 70bd.964c.94cc
policy-tag Test-New
ap 70bd.964c.96e0
policy-tag Test-New
ap 70bd.964c.980c
policy-tag Test-New
ap 70bd.964c.9818
policy-tag Test-New
ap 70bd.964c.a7e8
policy-tag Test-New
ap 70bd.964c.ab98
policy-tag Test-New
ap 70bd.964c.aba4
policy-tag Test-New
ap 70bd.964c.ac08
policy-tag Test-ASA
ap 70bd.964c.ae50
policy-tag Test-New
ap 70bd.964c.b03c
policy-tag Test-New
ap 70bd.964c.c390
policy-tag Test-New
ap 70bd.964c.c408
policy-tag Test-New
ap 70bd.964c.c640
policy-tag Test-New
ap 70bd.964c.c72c
policy-tag Test-New
ap 70bd.964c.e980
policy-tag Test-New
ap 70bd.964c.ec80
policy-tag Test-New
ap 70bd.964c.edf0
policy-tag Test-New
ap 70bd.964c.f540
policy-tag Test-New
ap 70bd.964c.f6e4
policy-tag Test-New
ap 70bd.964d.0bdc
policy-tag Test-New
ap 70bd.964d.3270
policy-tag Test-New
ap 70bd.964d.3b94
policy-tag Test-New
ap 70bd.964d.4620
policy-tag Test-New
ap 70bd.964d.4b6c
policy-tag Test-New
ap 70bd.964d.4d5c
policy-tag Test-New
ap 70bd.964d.5618
policy-tag Test-New
trapflags ap crash
trapflags ap noradiocards
trapflags ap register
end

0 Helpful
9 Replies 9

Mark Elsen
Hall of Fame
Hall of Fame

‎12-06-2025 11:21 PM

 

  - @zhd27    What error are you getting when trying to reach the controller with SSH ?
  
  M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
0 Helpful

zhd27
Level 1
Level 1
In response to Mark Elsen

‎12-09-2025 08:24 AM

I’m not getting any error messages, but when I try to connect using PuTTY, the SSH login prompt doesn’t appear. Because of that, I can’t enter the username or password.

I’m also having the same issue with the GUI — the page is not loading.

Could you please check the configuration I shared above and let me know if it’s correct?

0 Helpful

Mark Elsen
Hall of Fame
Hall of Fame
In response to zhd27

‎12-09-2025 08:47 AM

 

   @zhd27         Why do you have these in the configuration :
ip route 0.0.0.0 0.0.0.0 192.168.200.1
ip route 0.0.0.0 0.0.0.0 192.168.110.1
ip route 0.0.0.0 0.0.0.0 192.168.110.2
ip route 0.0.0.0 0.0.0.0 192.168.101.1
>....

    You can only have one default route to one gateway address , probably the controller doesn't find a valid
    return path for network packets (SSH , http or other) from your client.

  M.

 



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎12-07-2025 04:24 AM

As long as the End device IP can ping the WLC controller, it should be able to use SSH access according to your config.

GUI (as far as I know, you cannot access it from SSID), but you can use the Local LAN network. Again, what error are you getting?

When you have an SSH issue, check the logs on the Controller, show logging, same for the GUI

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

zhd27
Level 1
Level 1
In response to balaji.bandi

‎12-09-2025 08:22 AM - edited ‎12-09-2025 08:23 AM

I did not receive any error message. When I attempt to connect via SSH using PuTTY, no prompt appears for entering the username or password. That is the main issue—without the login prompt, I am unable to proceed with authentication.
Additionally, I am facing a similar problem with the GUI — the GUI page is not loading at all.

Could you please review the configuration I shared above and confirm whether it is correct?

0 Helpful

Mark Elsen
Hall of Fame
Hall of Fame
In response to zhd27

‎12-09-2025 08:39 AM

 

  - @zhd27    To me it looks like you have basic network-path connectivity problem, what error do you get when an
                     SSH is tried ?

  M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
0 Helpful

zhd27
Level 1
Level 1
In response to Mark Elsen

‎12-09-2025 08:47 AM

I will try again and verify whether the logs are generated. Sometimes the logs do not appear because a large amount of information—such as AP and client MAC logs—is received at once.

I have another question as well:
Is there a way to temporarily suppress client-related logs (except for AP join and SSH-related logs)? At times, the excessive logging makes it difficult to run commands on the controller.

0 Helpful

Mark Elsen
Hall of Fame
Hall of Fame
In response to zhd27

‎12-09-2025 08:58 AM

 

  - @zhd27    To disable excessive logging use the configuration command : no logging console

  M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to zhd27

‎12-10-2025 04:14 AM

then start from basic, are you able to ping ?

check TCP ports session on WLC console when you initiated the connection.

GUI you mentioned source VLAN, so make sure that is reachable.

 

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card