This is how to change the switch configuration (IOS):
WIRED CLIENT INTERFACE CONFIGURATION MAC
This is how to verify the EtherChannel load balancing mechanism: switch#show etherchannel load-balance EtherChannel Load-Balancing Configuration: src-dst-ip EtherChannel Load-Balancing Addresses Used Per-Protocol: Non-IP: Source XOR Destination MAC address IPv4: Source XOR Destination IP address IPv6: Source XOR Destination IP address Some switch models might use incompatible load balancing mechanisms by default, so it is important to verify. Use only ip-src or ip-src ip-dst load balancing options in the switch EtherChannel configuration. If LAG is enabled on the controller, check the load balancing algorithm enabled on the controller. LAG and switch channel distribution method
This issue requires hardware replacement for resolution. Secure Web: Web Admin Certificate not found (error). Unable to load system certificate!!! Contact your Cisco Systems Inc. Please request for one and add to the system
Warning!!!: You don't seem to have internal USB storage for lic/cert In some corner cases, we did spot only https access broken while ssh and http worked fine. Check the controller syslog and trap logs for any suspicious behaviour. This debug allows capturing packets coming to the controller: debug packet logging acl ip 1 permit any debug packet logging acl ip 2 permit any debug packet logging enable all 1-65535 C:\Program Files\Wireshark> C:\Program Files\Wireshark>text2pcap.exe Must specify input and output filename Text2pcap 1.0.99CAPWAP_0.0.1 Generate a capture file from an ASCII hexdump of packets. This will tell us what packets are going to the controller and how (if at all) the controller responds. Move the client to the same vlan as the controller and then try to access the WLC to rule out inter vlan routing issues.Īssuming that the controller is attached to a switch, it will likely be necessary to configure a monitor (span) session to capture a sniffer trace of the controller's traffic. If the client is on a different vlan than the wlc, check for inter vlan routing. If that fails, check for any access control that may be configured along the path- between the client and the controller mgmt that could be blocking this traffic. Web Administration certificate has been generatedĬheck basic ip connectivity from the client to the WLC mgmt interface. (Cisco Controller) config certificate generate webadminĬreating a certificate may take some time. If invalid site certificate errors are displayed when attempting to access a controller via web browser https, the local Web Admin certificate may need to be regenerated. This could definitely block access to the controller mgmt. DisabledĬPU acls regulate traffic to and from the controller. (Cisco Controller) >show acl cpu CPU Acl Name. Make sure there is no CPU acl applied on the controller. Move the service port to a class B or class C address instead of using the same supernet as the management interface (assuming it is on class A address).Ĭ. "Note If the service port is in use, the management interface must be on a different supernet from the service-port interface. You must reboot for the change to take effect. (Cisco Controller) >config network secureweb enable (Cisco Controller) > config network telnet enable
Enable Secure Web Mode Cipher-Option SSLv2. Enable Secure Web Mode Cipher-Option High. Check controller configuration for network access- (Cisco Controller) > show network summary Web Mode. Wired Client for WLC Management Access:Ī. Through this document I have tried to list the things to check to troubleshoot such a problem. There can be various issues why a client (wired or wireless) is unable to reach the controller management interface.Īccess to the controller can be in the form of telnet, ssh, http or https.
0 kommentar(er)
