Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5535
Views
23
Helpful
36
Replies

Unable to Access Controller via HTTPS or SSH – Only Standby IP Ac

Go to solution
athan1234
Level 8
Level 8

‎06-19-2025 11:32 PM

Hi 

I am trying to access Controller 5500, but I’m having trouble because I don’t have access via HTTPS or SSH to the management or primary IP addresses. I only have SSH access to the standby (secondary) IP.

This controller has reached its maximum license capacity, and there are many access points trying to connect, so it might be overloaded or unresponsive.

I need to access it via HTTPS, but when I try to connect via SSH to the management or primary IP, I can reach the login prompt. However, after entering the username, it seems to freeze when I type the password, as if the controller is stuck.Do you have any suggestions for accessing it via HTTPS? Is there any way to manage it or run commands from the secondary IP, since I can access it via SSH?

Labels:
0 Helpful
36 Replies 36

Go to solution
Rich R
VIP
VIP
In response to athan1234

‎06-23-2025 05:24 AM

Correct - AIR-LAP1242AG-E-K9 is not supported on 8.5

------------------------------
Please click Helpful if this post helped you and Accept as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
Field Notice: FN74383 APs Running 17.12.4/5/6/6a May Run Out of Flash Space Preventing Upgrades
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

Go to solution
athan1234
Level 8
Level 8
In response to Rich R

‎06-23-2025 07:02 AM

Therefore, I cannot proceed with the upgrade. I must keep the controller running on the current versionProduct Version.................................. 8.0.152.0

0 Helpful

Go to solution
athan1234
Level 8
Level 8

‎06-23-2025 05:38 AM

I take advantage of this post to ask: I need to delete the DHCP pool on the controller, but some access points (APs) are currently getting their IPs from that DHCP pool. The idea is to assign fixed IPs to the APs. What is the best practice to do this? Should I first assign static IPs to all the access points and, once all of them have their fixed IPs, remove the DHCP pool from the controller? Or is it better to first remove the DHCP pool from the controller and then assign static IPs to the APs?

0 Helpful

Go to solution
Rich R
VIP
VIP
In response to athan1234

‎06-23-2025 06:00 AM

Best practice is to use DHCP not static.
APs can fallback to DHCP automatically anyway if they can't find a WLC using static.
If you must use static then assign static IPs before removing DHCP.

------------------------------
Please click Helpful if this post helped you and Accept as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
Field Notice: FN74383 APs Running 17.12.4/5/6/6a May Run Out of Flash Space Preventing Upgrades
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

Go to solution
athan1234
Level 8
Level 8
In response to Rich R

‎06-23-2025 07:04 AM - edited ‎06-23-2025 07:22 AM

Yes, I know, but the project was originally designed with fixed IPs. Now, there are some APs using DHCP and they are getting their IPs from the controller’s DHCP pool. For this reason, I need to delete the pool and assign static IPs to all APs, just like the rest of the headquarters.Furthermore, we have only taken control of the controller and the AP. I cannot manage the customer's switches, and the AP's name matches its IP address

0 Helpful

Go to solution
eglinsky2012
Spotlight
Spotlight
In response to athan1234

‎06-23-2025 07:21 AM - edited ‎06-23-2025 07:23 AM

@athan1234 wrote:

Yes, I know, but the project was originally designed with fixed IPs. Now, there are some APs using DHCP and they are getting their IPs from the controller’s DHCP pool. For this reason, I need to delete the pool and assign static IPs to all APs, just like the rest of the headquarters.

Could you use DHCP reservations to ensure each AP gets assigned the same IP every time? If the WLC itself is providing DHCP to the APs, I don't think it's possible to make reservations on the controller, so consider running DHCP on another device/server if not. That way, the APs can continue to run DHCP while also maintaining the same IP addresses over time.

As for the original issue at hand, agreed with marce1000, sounds like your only choice at this point is to power-cycle the primary unit and the secondary will take over, and hopefully everything remains functional/accessible after. Once that's resolved, you can consider moving DHCP off the WLC and to a device or server that supports reservations. One thing at a time.

Go to solution
Mark Elsen
Hall of Fame
Hall of Fame
In response to athan1234

‎06-23-2025 06:10 AM

 

 - @athan1234   Assigning fixed addresses to APs is a VERY BAD IDEA! Not only does it become difficult to manage but APs  will also revert to DHCP when they cannpt find a controller! Stick to standard practices : APs must use DHCP with option 43 provisioned for the particular pool , so that they can find the correct controller,

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card