Cisco :: WLC 4402 - HTTPS Access / Controllers Cannot Be Reached
Aug 1, 2011
I am working in an environment with 6 4402 all running 6.0.119.4 code and WCS 6.0.196.0. I keep getting an alert from WCS that the controllers cannot be reached "Controller '10.x.x.x' is unreachable. - Controller Name: 'Name'"
Now when I go to access the WLC through HTTPS I have no access at all but controller still responds to ICMP, HTTP, Telnet, SSH. I know I should have HTTP and Telnet disabled but since HTTPS keeps failing I would have no way to get into the controller. Is this a known issue in the 6.0.199.4 code? should I consider upgrading? The only fix I have found to work is to disable HTTPS reboot controller enable HTTPS and reboot again.
View 2 Replies
ADVERTISEMENT
Nov 3, 2011
In need to upgrade the software on two WLC 4402 controller in a hospital. Both WLCs have the same config and one is primary (has all APs connected) and the other backup (no APs connected.) The APs are placed so there is still coverage if one goes down in an area. My question - is it possible to do a rolling upgrade to have no downtime for the wireless clients? My plan would be to upgrade the backup WLC then selectively move APs to it. If I swap the primary and secondary controllers in the high availability tab on each AP, do I need to do a reset (General - Hardware Reset) or will it automatically reboot and connect to the upgraded backup controller? When I'm done, I'd upgrade the primary controller and now call that backup. Does this make sense?
View 4 Replies
View Related
Jan 24, 2013
I would like to upgrade our three WLC 4402 controllers from version 7.0.116.0 to 7.0.235.3. I have downloaded the two files (AIR-WLC4400-K9-7-0-235-3-ER.aes and AIR-WLC4400-K9-7-0-235-3.aes). Which one should I upgrade/install first?
View 4 Replies
View Related
Mar 24, 2012
I 'm trying to upgrade WLC 4402 up from 5.1.151. After upgrade to 5.2 or higher https interface is inaccessible. If I use any other previous version, all is OK. Somewhere I found recomendation to open http before upgrade and use it at first. It works, but what to do next? To stay on http only?
View 1 Replies
View Related
Jun 25, 2011
We have two 4400 controllers which support 50 Access points each and wcs with 100 base license.Now we added 5508 controller supports 50 access points.wcs is upgraded with another 50 ap license.The 5508 controller is joined to wcs and the licence showing permanent.WCS showing all aps and showing both 100 and 50 licence as permanent.But the issue is while loging into the wcs it showing the error message as"The system is in violation of license.The number of APs registered is greater then licensed."
View 5 Replies
View Related
Mar 26, 2013
Are there any plans to support the "converged wireless access mode" on the 8500 controllers ? Don't want to buy this $$$ controller to throw it away in a couple of months when 3850 switches will start appearing and require local termination...
BTW: will the 3850 ever support just plain pass-through for wireless ? The local termination is a PITA because i will need to replace my WiFi AP at the same time i replace my access switch since current AP are not supported on 3850.
View 4 Replies
View Related
Aug 31, 2011
access https sites from my PC? I cannot access these sites from IE 9 nor Firefox 6. I even disable firewall to try getting access to the secured websites but to no avail. But this problem recently cropped up when i upgraded my PC from XP to Windows 7.
View 11 Replies
View Related
Jul 15, 2012
I have a 2911 which works perfectly except I cannot access it via HTTPS. HTTP and SSH both work. I've regenerated the RSA-key several times but to no avail.The box has a host- and domain-name configured.
View 8 Replies
View Related
Apr 17, 2013
I have one user who doesn't receive a beep when he reaches an internal DN's voicemail. You will hear the attendant say that the person is not available and then the recorded name, but there's never a beep and consequently cannot leave a voicemail.
View 1 Replies
View Related
May 21, 2012
Just purchased a 3355 and installed, followed the set up no problems, added to WCS. Then WCS says no longer able to be reached.
Unable to ping, have to keep running the setup./opt/mse/setup/setup.sh seems, like the settings are not being kept.
Tried /opt/mse/setup/setup.log and sasys I have no permission, this is when logged in as root.
View 4 Replies
View Related
Jul 30, 2011
i am installing a CWLMS 4.0 and everything was good until i have reached the discovery for the devices, i am dealing with a bank setup and the branches is connected using layer 3 MPLS, branches are located behind the ISP router, so as a cdp neighbor i cant see anything but the ISP router at my Core.
so i cant see the branches routers as neighbors to my (seed Device) Core, and i have tried to use the ping sweep and i could not reach them also. and also to add them manually as we were doing before in the earlier versions of CWLMS, using the Devices and Credintials, this option is removed from the LMS 4.0 as i have red in a document.
1- snmp is configured on all devices.
2- access-list is configured on all devices.
3- i am able to reach the LAN Devices without any problems and the configuration is the same on all of the devices.
View 1 Replies
View Related
Sep 16, 2012
in windows 7 pro, While trying to join domain xxxx.local, error message appears. even ping xxxx.local is working...
View 4 Replies
View Related
Apr 29, 2013
I have a cisco WLC 4402, i have a problem with people trying to log into wlc 4402 GUI console with wrong pass. Are there any ways that I can allow certain IP to go to or see the log in page of WLC?
View 5 Replies
View Related
Mar 15, 2012
I installed the LMS as ova template on ESXi and be able to connect via SSH, but when I try to connect via http or https I got the following error.
ForbiddenYou don't have permission to access / on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
View 11 Replies
View Related
Jan 5, 2012
We have an ASA5505 UL bundel, updated with this license "L-ASA5505-SEC-PL=" to enable traffic from DMZ to Inside. No NAT or rules deployed for that yet.
On the Inside we have Exchange 2007 in a single server installation. The public url for smtp, ActiveSync, OWA and Outlook Anywhere is mail.company.se. There is a static NAT for outside traffic to access above mentioned services on inside. Now, on DMZ there is the WLAN for guests to access the Internet. How ever, our Smart Phones with WLAN turned on, cannot sync to the Exchange Server on the Inside! The DMZ gets IP-addressen from ASA on DMZ Interface with external DNS configured. How can I configure the ASA to achieve the function of ActiveSync from DMZ to Inside with the public URL from the phones?
View 15 Replies
View Related
Nov 18, 2012
I have a closed network that is not connnected to the internet, just other sites that we want to communicate with. We have a cisco router connected to the outside interface on an ASA5505 and a cisco router connected to the inside interface on the same ASA5505. I have an inside interface that connects our management LAN, five separate DMZ interfaces with a separate LAN (VLAN) on each DMZ interface and the outside interface that connects to the other sites. Data is not allowed to mingle between the five DMZ's.
Alll connections to the other separate nodes are handled with the router on the external interface. IPSEC GRE tunnels have been established between all sites and BGP routing has been verified. Pings are good between inside, dmz and external interfaces and between the DMZ's and the other sites, to include hosts on our local networks and hosts at the remote sites. Inter and intra traffic is enabled.
When a remote site attempts an https connection, the initial ACK handshake makes it through the ASA5505, but the return SYN/ACK is being knocked down and I don't understand why (it is not because of ACL's, they are any any at this point).
Why the return SYN/ACK to the remote site isn't getting through the ASA5505 outbound. Will probably have the same issue with FTP, but right now, just trying to solve one problem at a time.
ASA5505 is in routed mode, not looking to NAT since the IP addresses in the DMZ need to be reached by their real IP address.
View 3 Replies
View Related
Nov 15, 2012
So, i have set up a working Anyconnect solution, (see attached picture)
Firewall is a 5585-x ssp20 running 8.4.3
Core is cat 6500
Anyconnect client version: 3.1.00495
Configured vpn with a tunneled default route to 172.19.16.1 (Core - cat6500) No split tunnel is configured, everything has to be tunneled and monitored by WCCP in Firewall. Authorization is by Certificate Only.
I can reach inside servers (for example 172.18.254.37) i can reach DMZ server (for example 192.168.138.36) i can surf the internet on regular HTTP (port 80)
but, i cannot surf the internet or DMZ servers using HTTPS (port 443) also, ftp does not work. i have tried to reach external ftp servers who are open to all.
both https and ftp works from the INSIDE network.
I have tried to change the port for Anyconnect, to 444 (for dtls as well) and i can see that all the vpn traffic is going over 444, so 443 should be undisturbed.
but this is not working.. could it be a certificate problem, or am i missing something? NAT/PAT?
This is my NAT configuration:
nat (DMZ,INSIDE) source dynamic NET-VPN-DMZ-PORTWISE-NATED-BOTK HOST-172.18.254.69 destination static NET-VPN-REMOTE NET-VPN-REMOTE
nat (DMZ,INSIDE) source static NET-DMZ NET-DMZ destination static NET-ALL-INSIDE
[Code].....
View 6 Replies
View Related
Oct 25, 2011
when my Linux VM is running!How's this for a mystery - last night I noticed that I could no longer access my gmail. Thought it might be down. This morning, I still couldn't access it. Thought I would try comcast, no joy either. Changed computers, no difference. Changed routers, no difference. Bought a new router and started plugging in network cables one at a time. My main machine first, everything works - http and https sites, a second computer, all good. The switch. Fine. Powerline. Still good. Then I plug in a Windows server running a Linux VM. Https sites on all the other machines stop working. Pause the Linux VM, restart router - https sites return to life. Went to Linux machine, re-enabled ipv6 (the only recent change on the Linux machine was to disable ipv6 since upon a reboot, Linux didn't have an ipv4 address). Restart Linux everything seems fine. A few hours go by, try to connect my wife's new laptop and at that moment wireless seems to stop. Restart router, wireless is back. But lo and behold, https is gone again. Unplug the machine that has the Linux VM, restart router, all is good.Ever see anything this weird?
View 3 Replies
View Related
Mar 21, 2012
Iv tried about everything you can find when you google things about not being able to access a particular website but none work checking out all security settings, deleting all cache, disabling security, checking date and time, flushdns, use opendns, try other devices (not one device in my household can get to https pages on this one site), making sure root certificates are updated, bypassing router, unplugging internet and router to ''reset'', trouble shooting with isp, website, ssl issuer, other wildblue users, other website users, other tech forum, checking for virus and malware and I'm sure there's more that I can't recall at the moment. I am not the only user of this website with a problem and all us having a problem have satellite internet (different providers), however not everyone with my satellite internet (wildblue thru dishnetwork) has this problem as I have asked here...some do some don't Wildblue ''blocking'' a website's ssl? - WildBlueWorld.com Forums
I can go to the website toontown.com but I can not access any pages that are ''secure'' or https. Can't login and using satellite internet?
View 14 Replies
View Related
Feb 25, 2013
For some reason i can't get access anymore to the web interface of our ACS 5.3 appliance.Where i used to get a certificate warning first, and after that the ACS5 login screen, i now get totally no response anymore in my IE browser.
I can telnet to port 443 of the unit however. And i (fortunately) still have ssh access to the unit. So i did a reload (microsoft habits) but that did'nt solve anything.https access to other systems from the same browser is functioning fine
=================================
admin# sh ver
Cisco Application Deployment Engine OS Release: 1.2ADE-OS Build Version: 1.2.0.228ADE-OS System Architecture: i386
Copyright (c) 2005-2009 by Cisco Systems, Inc.All rights reserved.Hostname: <deleted>
Version information of installed applications---------------------------------------------
Cisco ACS VERSION INFORMATION-----------------------------Version : 5.3.0.40.8Internal Build ID : B.839Patches :5-3-0-40-55-3-0-40-8
=================================
View 4 Replies
View Related
Feb 26, 2013
I have a ME-3400EG-12CS-M switch the ports 13 thru 16 have sfp's and are connection to other 3560 switches over fiber. The GIG 0/1 on the 3400 connects to the long haul sonet transport electrically. The IOS is Version 12.2(55)SE3. I can't ping or log into the 3400 unless I am at one of the 3560 switches hanging off of the NNI ports 13 thru 16. I think it is because the max number of NNI ports are 4 and I can't change the GIG 0/1 to a NNI port. Can I make config changes to the UNI port so that it will act like a NNI port with out upgrading the IOS to allow for more NNI ports?
View 1 Replies
View Related
Mar 11, 2013
We have two WLC 4402 WLC in active-active mode in our setup. The issue we see is that a user/laptop gets connected and gets the ip address but there will be no network access. We see a yellow exclamation sign at this time in network icon in tray and we can not ping gateway at this point. We have run debugs at this time for the machine and we could see that was in "RUN" state its only that the machine can not access network.
View 11 Replies
View Related
Mar 23, 2011
We have a 4402 wlc setup for guest network access. We are using the local net users to provide access to our guests. We have an issue where if a user signs in through the web, sometimes but not always, they are then forced to keep signing back in almost every 30-60 seconds.
View 8 Replies
View Related
Nov 15, 2011
We have a WLC 4402, with interface Management, AP-Manager, and only the ap-manager interface is enabled for dynamic AP Management, how can i enable the dynamic AP Management for management interface also. Because i couldn't access WLC from via wireless, only able to access it via wired.
View 15 Replies
View Related
Sep 27, 2010
We have recently upgraded the software on our two WLC 4404 from software release 4.0.xxx to 4.2.xxx to 6.1.199.4 and lastly to version 7.0.98.0.
We could access the WLC's GUI's using https when it was on version 4.0.xxx. When we did the upgrades from version 4.2.xxx to 6.1.199.4 we couldn't access the Admin page through https anymore but only through normal http. We enabled https through the GUI and through the CLI and we did do the re-generation certificate , without any success. We then upgraded to version 7.0.98.0 and we still have the same result , cannot access Admin GUI through https.
View 2 Replies
View Related
Jun 15, 2011
I have a ace board(Acsm) in my switch 6509.I need provide access for clients over https, my scenario looks like this post [URL] .But, i have only one interface, and need to configure nat for inbound clients, to access the server with ip address of the interface vlan of my ace(if i set ace gateway in a rserver, the ssl termination works). The Topology is: Client(https) -> Ace(Https) -> Ace(http) -> rserver (http). Need to configuring this nat? I need that external clients arrive at the server with the ip of the same network as him, he did not right back the packet to the default gateway, but the origin of the same network as him, so that the communication function successfully, end order.
View 1 Replies
View Related
Dec 9, 2010
I was unable to access my ASA 5520 using HTTP/HTTPS even on the management interface. I had upgrade the ASA IOS to asa832-k8.bin and ASDM to asdm-634-53.bin. But, the issue still the same.
My browser show the error message as attach image.
PGA-Firewall-02# sh run: Saved:ASA Version 8.3(2)!hostname PGA-Firewall-02enable password 8Ry2YjIyt7RRXU24 encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface GigabitEthernet0/0 nameif public security-level 0 ip
[Code]....
View 7 Replies
View Related
Mar 5, 2013
I use the Service port connected to the managementVLAN to manage the WLCs. When configuring HA with AP SSO, I lost HTTPS connectivity to the WLC, telnet still works fine.I researched the deployment guide and it states:
- When AP SSO is enabled, there is no SNMP/GUI access on the service port for both the WLCs in the HA setup.Why is remote access disabled using GUI when using HA, and how can I keep management of my WLC using HTTPS and an address in the ManagementVLAN.
View 10 Replies
View Related
Nov 24, 2011
Configuring an asa 5505 with 8.42 software.I need to access an https server on the inside via the outside interface. have moved the http server enable to port 10443.Tried to make a "network object nat rule"
object network Vejrstation nat (any,outside) static interface service tcp https https object network Vejrstationnat (any,outside) static interface service tcp https https.
View 21 Replies
View Related
Mar 3, 2013
I am trying to setup QuickVPN on my RV180W and having no luck. My client log shows "Remote gateway wasn't reached" "Failed to connect". The client is Win7 64-bit. I have created the firewall rule for icmpv4 on my windows 7 client but still no luck. I checked with my ISP and they say all ports are open. I have created the VPN user.
View 6 Replies
View Related
Oct 13, 2011
We are expanding our wireless infrastructure by adding further access points AIR-AP1242AG-E-K9.We use four WLC 4402 running version 6.0.188.0 as a fail over pair.What is the maximum limit the WLC can handle ?What is the recommended limit one WLC can handle ?We can divide the load on the controllers but in case of a failover one WLC will manage all access points.
View 4 Replies
View Related
Nov 15, 2011
I need Some information for Connecting my New Access point ( Cisco AIRLAP 1242AG) with WLC(4402) ControllerIn our network set up we have two WLC(4402) we needs to Connect this New Accesspoint To one of our WLC,My Access point is brand New. I need to Know what all i have to do inorder to connect this AP to the controller (from Acesspoint perspective & WLC perspective),I need to Know what I need to do in AP to connect to the Controller,Do i need to Assign Static IP Address forAP or after connecting to the switch it automatically gets ip from DHCP and regsiter with controller??
View 38 Replies
View Related
Dec 9, 2012
I have a 4402 and recently I have not been able to access the device via the service-port interface. The service-port has an IP Address and it is connected to an access port in the Vlan which I am coming from, however it cannot even ping it's gateway, which as mentioned is within the same network. When I am at the console of the controller I can ping the service-port interface IP that I have assigned, just nothing else.
View 4 Replies
View Related
