Link to home
Start Free TrialLog in
Avatar of CUSD200
CUSD200

asked on

Unable to connect to management GUI Cisco 5508 WLC

We have three Cisco 5508 WLC. On one only I cannot connect (doesn't even get to login prompt) to the management GUI, only from a certain site. However, if I RDP to a workstation at another site I can connect and login fine (IP address specific?).

Is there some security setting that causes the controller to reject access attempts from certain IP addresses or subnets? I've looked and not found anything.

Thank you.
Avatar of Craig Beck
Craig Beck
Flag of United Kingdom of Great Britain and Northern Ireland image

Check CPU ACLs on the WLC.
Avatar of CUSD200
CUSD200

ASKER

Good thought, but there are no ACLs.
Can you ping the WLC from the site that can't access the management interface?
Avatar of CUSD200

ASKER

Yes. A little research led me to this, but our WLC is in 10.120.x.x, while wired clients (where we're trying to access it from) are in 10.20.x.x:

Cannot manage WLC from same subnet

Maybe a reboot would do it? I can't even say for sure how long this condition has existed, as I can access it from my workstation in a different building (10.100.x.x subnet), which is where we RDP to and connect successfully. I wasn't even aware there was a problem until last week when we installed all new APs.

Thanks for you help.
That article is correct, in that if your workstation is on the same subnet as the service interface you won't be able to see the management IP of the WLC.  You should be able to reach the GUI and CLI of the WLC using the service-port IP address though.  Have you tried that?

That behavioiur is by design.
Avatar of CUSD200

ASKER

Agreed re: the article. Thanks for the confirm.

Re: the service-port, it has an ip address (3.3.3.3) I've not seen on our network before, and I can't ping it, so it does not appear to be routed. I'll need to config a device in that subnet and see if I can reach the service-port.

Thanks for the suggestion.
There is a network routes section on the WLC.  Check that (Controller -> Network Routes) to see if there's a static route on the WLC pointing to the subnet that's affected.
Avatar of CUSD200

ASKER

The network routes are empty, but they are also empty on our other two 5508s and one 4400, and they're working fine.
Is the subnet mask correct on the management interface on the affected WLC?

Does the affected WLC have a management IP in the same subnet as the other two WLCs?

When you're trying to access the affected WLC, are you trying wirelessly?  If so, is the workstation connected to an AP which is joined to the affected WLC?
Avatar of CUSD200

ASKER

All great suggestions. The mask is good. As for the management IP, it is different as it is at a different site. As for connecting wirelessly, no we are on the wired building LAN (10.20.x.x). That is the crux of the issue - the connection problem is specific to that building's IP subnet. I cannot connect to the secured management IP (10.120.2.11) from IP 10.20.x.x (wired LAN) or 10.120.32.x (wireless), but if I RDP to my PC at our main facility (which is assigned 10.100.10.11 statically) I can connect from there.

I'm stumped. Everything looks fine on the WLC and seems like it should work. I will check the switches at the affected site for an ACL, but barring that maybe a reboot is in order just for the heck of it.

Thanks again for your help.
ASKER CERTIFIED SOLUTION
Avatar of CUSD200
CUSD200

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of CUSD200

ASKER

Closing this out for now until we get a a maintenance window for a WLC reboot.