06-27-2013 02:34 PM - edited 07-04-2021 12:18 AM
Good Day,
I would like to connect to Cisco's management WLC via wireless. There is a security feature that allows you to ENABLE or DISABLE WLC management via wireless. I have enabled controller management to be accessible from wireless clients in the GUI and saved config.
Now what IP address should I enter? The network for users is 192.168.1.0/24 and the network for the WLC and the APs is 192.168.2.0/24. The WLC 192.168.2.5.
I've tried this last IP address, but does not work from 192.168.1.x. What I am doing wrong?
Thank you for your help
06-27-2013 10:03 PM
Hi,
Are you able to access the WLC from wired network? Ar e you trying to access the WLC through telnet/SSH or GUI? In order to access the WLC you should use the managment interface of WLC.If you are trying to access this via GUI ensure that you have enabled the http server using "config network webmode enable" from the command prompt. Also you should be able to see the status of webmode and managment by wireless interface is enabled using "show network summary" command.
Hope that helps.
Regards
Najaf
Please rate when applicable or helpful !!!
06-30-2013 09:44 AM
Good morning,
Thank you for taking the time to respond.
In response to your questions:
"Are you able to access the WLC from wired network?" Yes, I need to put a machine (laptop or desktop) on the mangement network, 192.168. 2 .X /24 in my case, to access GUI, ssh. I can, of course access it via the console port.
"Are you trying to access the WLC through telnet/SSH or GUI?" All of them, but GUI and ssh is preferred.
"In order to access the WLC you should use the managment interface of WLC.If you are trying to access this via GUI ensure that you have enabled the http server using "config network webmode enable""
in
http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a008064a991.shtml
http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a008064a991.shtml
it says:
"When enabled, the Management via Wireless feature allows a wireless client to reach or manage only the WLC to which its associated access point is registered."
My question is: How do you do that and what IP address should be used?
This is a 2504 WLC. There is no service port on this equipment like, for example, the WLC 5505. I have a 5505 and I use that service port, in an out-of-band network. I want to access the management GUI via the client wireless network. In the GUI, I enabled the controller management to be accessible from wireless clients. Do I need to go in the CLI as well? I Thought, once done in the GUI, which I did, you don't need to do it in the CLI. I will check if necessary.
How do you get the GUI from a 192.168.1.X machine to connect to the WLC that is on a different network, in my case 192.168.2.0/24 (not .1 network)? As you probaply know, the APs and the WLC are not on the same network as the clients and traffic is "tunnelled" through that network.
Thank you
06-30-2013 10:28 AM
Hi,
You seems to confuse me :-)
My question is: How do you do that and what IP address should be used?
On 2504 WLC you should be able to access (GUI/SSH/Telnet) the WLC using the ip address assigned to the Managment managment interface for in band managment. You will not be able to use any other interfaces for inband managment.
Do I need to go in the CLI as well?
No... you dont need to configure this on both. As long as you have done this on GUI that is fine.
How do you get the GUI from a 192.168.1.X
My assumption was you should have already setup this routing before implementing the wireless network. This routing has be to done by a L3 device and wireless network has nothing to do with this routing. Ensure that where ever you have defined the gateway address for both network (192.168.1.x and 192.168.2.x) you have routing enabled on this.
By the by when your laptop connect to wireless network you are able to access other network or you have trouble in accessing only the WLC? Or nothing else is accessible?
Hope that helps.
Regards
Najaf
Please rate when applicable or helpful !!!
07-04-2013 03:20 PM
good evening,
Thank you for your reply. I did not configure the management to be routed on the routeur. I have to route the management network? That is not secure, is it? I tought the idea to put the WLC and APs on a different subnet was, in part, to secure these equipments from the users. May be you know more about it, should I do that?
Thank you
07-04-2013 03:26 PM
I guess I could add an access-list with on IP address from the public network to access the management subnet. what do you think?
07-12-2013 02:26 PM
Good Day,
I just wanted to add some information concerning this, as an answer. the IP address is the IP address on the WLC-AP subnet 192.168.2.5 in my case. but you need to route traffic between the public subnet and the WLC-AP subnet to get this to work. There is no other way. An access-list can protect somehow.
07-12-2013 02:27 PM
QED
07-12-2013 03:04 PM
Hello,
As per your query i can suggest you the following solution-
This is the list of options available to access the WLC:
For more information on how to enable these modes, refer to the Using the Web-Browser and CLI Interfaces section of the document Cisco Wireless LAN Controller Configuration Guide, Release 5.1. Usually, the management interface IP address is used for GUI and CLI access. Wireless clients can access the WLC only when the option Enable Controller Management to be accessible from Wireless Clients is checked. In order to enable this option, click the Management menu of the WLC, and click Mgmt via Wireless on the left-hand side. WLC can also be accessed with one of its dynamic interface IP addresses. Use the config network mgmt-via-dynamic-interface command to enable this feature. Wired computers can have only CLI access with the dynamic interface of the WLC. Wireless clients have both CLI and GUI access with the dynamic interface.
Hope this will help you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide