Solved: WLC 3504 GUI No Show After Configuration

TDandy · ‎06-13-2022

Hello,

I am looking for some help regarding what I thought would be a simple WLAN setup. I must admit, Cisco network interfaces are not something I am familiar with at all. I have done a bit of poking around the Cisco community and it seems like there are several questions that address this issue...but I think I am not understanding something very fundamental about this as nothing I am doing seems to work. Please help!

My First Goal: Establish a connection with a single Cisco Aironet 2800AP from the WLC itself. I am under the impression that I can setup a small WLAN this way. I do not think I require any additional switches or anything (please enlighten me if I am wrong about that).

Here is a basic setup I have performed to configure the WLC 3504, without performing any extra steps.

1. Take a fully reset WLC 3504 and connect to the service port with an Ethernet cable (I do not have the Aironet AP connected to the WLC)

2. From the service port connection to a CPU I am able to perform an initial configuration via GUI by typing 192.168.0.3 in my browser.

3. I then input the following values:

Controller Settings:

- Management IP Address: 192.168.128.149

- Management IP Subnet: 255.255.255.0

- Management IP Gateway: 192168.128.191

- Management VLAN ID: 0

Wireless Network Settings:

- Employee VLAN: Management VLAN

- DHCP Server Address: -

Advanced Settings:

- Virtual IP Address: 192.0.2.1

- Local Mobility Group: Default

- DHCP

4. I then clock "Apply" and allow the WLC to reboot.

5. The GUI cuts out and at this point I am under the impression that I should be able to connect to "Port 1" on the WLC 3504 and can login to the main WLC GUI via https://192.168.128.149 , but access to the GUI appears to be unavailable this way as it is not working.

- I have tried the "config network webmode disable" command over CLI using PuTTY via USB interface with the WLC and attempting to connect via http:// does not work either.

******************************************************************************

I grabbed the following information off of the serial interface (connected via USB using PuTTY) as the WLC boots up. Is there anything in this that is telling?

******************************************************************************

Cisco bootloader . . .

Cisco BootLoader Version : 8.5.103.0 (Cisco build) (Build time: Jul 25 2017 - 07 :47:10)

Octeon unique ID: 014000620321f31e010b

OCTEON CN7240-AAP pass 1.3, Core clock: 1500 MHz, IO clock: 800 MHz, DDR clock: 1067 MHz (2134 Mhz DDR)

DRAM: 8 GiB

Clearing DRAM...... done

CPLD Revision : a5

Reset Reason : Soft reset due to RST_SOFT_RST write

SF: Detected S25FL064A with page size 256 Bytes, erase size 64 KiB, total 8 MiB

MMC: Octeon MMC/SD0: 0 (Type: MMC, Version: MMC v5.1, Manufacturer ID: 0x15, V endor: Man 150100 Snr 07dc11b8, Product: BJNB4R, Revision: 0.7)

Net: octmgmt0, octmgmt1, octeth0, octeth1, octeth2, octeth3, octeth4, octeth5, octeth6

SF: Detected S25FL064A with page size 256 Bytes, erase size 64 KiB, total 8 MiB

Press <ESC> now to access the Boot Menu...

Loading primary image (8.10.121.0)

89367619 bytes read in 2097 ms (40.6 MiB/s)

Launching...

Verifying images... OK

Launching images...

PP0:~CONSOLE-> Using device tree

PP0:~CONSOLE-> Version: Cavium Inc. OCTEON SDK version 3.1.2-p7, build 591

PP1:~CONSOLE-> Version: Cavium Inc. OCTEON SDK version 3.1.2-p7, build 591

PP2:~CONSOLE-> Version: Cavium Inc. OCTEON SDK version 3.1.2-p7, build 591

PP3:~CONSOLE-> Version: Cavium Inc. OCTEON SDK version 3.1.2-p7, build 591

PP0:~CONSOLE-> Application in 64-bit mode (ptrsize= 8 bytes)

PP0:~CONSOLE-> # cvmcs: Cores are running at 1500000000 Hz

PP0:~CONSOLE-> # cvmcs: BOOT CORE: Core 0; DISPLAY CORE: Core 3

PP0:~CONSOLE-> SDK Build Number: 3.1.2-p7, build 591

PP0:~CONSOLE-> Platform Initialization... Platform board =24590

PP0:~CONSOLE-> # fp_hal_platform_init: WLC-Kukri core_mask=0xf num_cores=4 pool= 204800/102400/34794/128

PP0:~CONSOLE-> Octeon68xx/73xx found in iit_iqs

PP0:~CONSOLE-> Done with all fp init functions

PP0:~CONSOLE-> Initializing Phy ports, queues

PP0:~CONSOLE-> Node 0 Interface 0 has 4 ports (SGMII)

PP0:~CONSOLE-> Node 0 Interface 1 has 4 ports (XFI)

PP0:~CONSOLE-> Node 0 Interface 2 has 2 ports (SGMII)

PP0:~CONSOLE-> Node 0 Inface 3 hs 128 ports (NPI)

PP0:~CONSOLE-> Node 0 Interface 4 has 4 ports (LOOP)

INIT: version 2.88 bootingPP0:~CONSOLE->

PP0:~CONSOLE->

PP0:~CONSOLE-> Active FP Cores in System = 04.

PP0:~CONSOLE->

PP0:~CONSOLE-> Booting DP ID 0

Configuring network interfaces... done.

PP0:~CONSOLE-> Warning: Enabling PKI when PKI already enabled.

Starting udev

Decompressing... OK

Validating......MD5 ffe05140d7c9405150181c1702316256

ffe05140d7c9405150181c1702316256

OK

Setting up the kernel dump handler..

INIT: Entering runlevel: 3

Detecting Hardware ...

/sbin/oct-linux-csr: line 2: oct-remote-csr: Permission denied

Loading host drivers..

Starting Ulogd...

Starting DB Services...

Starting NA Connector...

Cryptographic library self-test....

Testing SHA1 Short Message 1

Testing SHA256 Short Message 1

Testing SHA384 Short Message 1

SHA1 POST PASSED

Testing HMAC SHA1 Short Message 1

Testing HMAC SHA2 Short Message 1

Testing HMAC SHA384 Short Message 1

passed!

XML config selected

Validating XML configuration

octeon_device_init: found 1 DPs

Cisco is a trademark of Cisco Systems, Inc.

Cisco AireOS Version 8.10.121.0

Initializing OS Services: ok

Initializing Serial Services: ok

Initializing Network Services: ok

Starting Statistics Service: ok

Unable to open dx flag file

Starting ARP Services: ok

Starting Trap Manager: ok

Starting Data Externalization services: ok

Starting Network Interface Management Services: ok

Starting System Services:

Read from Flash Completed ...

ok

Starting FIPS Features: ok : Not enabled

Starting SNMP services: ok

Starting Fastpath Hardware Acceleration: ok

Starting Fastpath DP Heartbeat : ok

Fastpath CPU0.00(0): Starting Fastpath Application. SDK-Cavium Inc. OCTEON SDK v ersion 3.1.2-p7, build 591. Flags-[DUTY CYCLE] : ok

Fastpath CPU0.00(0): Initializing last packet received queue. Num of cores(4)

Fastpath CPU0.00(0): Initializing Global Packet Queue. Num of packets supported( 1000)

Fastpath CPU0.00(0): Core 0 Initialization and FIPS self-test: ok

Fastpath CPU0.00(0): 4 Cores are being initialized

Fastpath CPU0.00(0): Initializing Timer...

Fastpath CPU0.00(0): Initializing Timer...done.

Fastpath CPU0.00(0): Initializing Timer...

Fastpath CPU0.00(0): Initializing NBAR AGING Timer...done.

Fastpath CPU0.00(0): Initializing Data Ports....done

Fastpath CPU0.01(0): Core 1 Initialization and FIPS self-test: ok

Fastpath CPU0.02(0): Core 2 Initialization and FIPS self-test: ok

Fastpath CPU0.03(1): Core 3 Initialization and FIPS self-test: ok

Starting Switching Services: ok

Starting QoS Services: ok

Starting Policy Manager: ok

Starting Data Transport Link Layer: ok

Starting Access Control List Services: ok

Starting System Interfaces: ok

Starting Client Troubleshooting Service: ok

Starting Certificate Database: Initializing Curl Globally..

ok

Starting VPN Services: ok

Starting Management Frame Protection: ok

Starting DNS Services: ok

ok

HBL initialization is successful

Starting Licensing Services: ok

Starting Redundancy: ok

Start rmgrPingTask: ok

Starting LWAPP: ok

Starting CAPWAP: ok

Starting LOCP: ok

Starting Security Services: ok

Starting OpenDNS Services: ok

Starting Policy Manager: ok

Starting TrustSec Services: ok

Starting Authentication Engine: ok

Starting Mobility Management: ok

Starting Capwap Ping Component: ok

Starting AVC Services: ok

Starting AVC Flex Services: ok

Starting Virtual AP Services: ok

Starting AireWave Director: ok

Starting Network Time Services: ok

Starting Cisco Discovery Protocol: ok

Starting Broadcast Services: ok

Starting Logging Services: ok

Starting DHCP Server: ok

Starting IDS Signature Manager: ok

Starting RFID Tag Tracking: ok

Starting RF Profiles: ok

Starting Environment Fan Status Monitoring Service: ok

Starting Mesh Services: ok

Starting TSM: ok

Starting CIDS Services: ok

Starting Ethernet-over-IP: ok

Starting DTLS server: enabled in CAPWAP

In hreapLoadConfig. Loading config has failed. loading default config

Starting CleanAir: ok

Starting WIPS: ok

Starting SSHPM LSC PROV LIST: ok

Starting RRC Services: ok

Starting SXP Services: ok

Starting Alarm Services: ok

Starting FMC HS: ok

Starting IPv6 Services: ok

Starting Config Sync Manager : ok

Starting Hotspot Services: ok

Starting Tunnel Services New: Failed

Starting PMIP Services: ok

Starting Portal Server Services: ok

Starting mDNS Services: ok

Starting Management Services:

Web Server: CLI: Secure Web: ok

SSH: ok

Starting IPSec Profiles component: ok

Starting FEW Services: ok

Starting MS Agent Services: ok

Starting CPU ACL Logging services: ok

***************************************************************************
I also queried this information with the "show network summary" command:
***************************************************************************

show network summary

RF-Network Name............................. Rtest

DNS Server IP............................... 0.0.0.0

Web Mode.................................... Enable

Secure Web Mode............................. Enable

Secure Web Mode Cipher-Option High.......... Enable

Secure Web Mode SSL Protocol................ Disable

Web CSRF check.............................. Enable

OCSP........................................ Disabled

OCSP responder URL..........................

Network 2-factor-authentcation.............. Disable

2FA Username field ..................... Common Name

Secure Shell (ssh).......................... Enable

Secure Shell (ssh) Cipher-Option High....... Enable

Telnet...................................... Disable

Ethernet Multicast Forwarding............... Disable

Ethernet Broadcast Forwarding............... Disable

IPv4 AP Multicast/Broadcast Mode............ Unicast

IPv6 AP Multicast/Broadcast Mode............ Unicast

IGMP snooping............................... Disabled

IGMP timeout................................ 60 seconds

IGMP Query Interval......................... 20 seconds

I would be extremely grateful for any help regarding this issue and will certainly rate helpful replies.

Thank you.

marce1000 · ‎06-14-2022

- Use a switched network between the controller and your PC , do not use a direct link.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

marce1000 · ‎06-15-2022

- An unmanaged switch with default configuration will be fine , including default port settings , but the IP addresses between your PC and the controller must be compatible and or in the same subnet (check if you can ping the controller first)

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

marce1000 · ‎06-13-2022

>.... - I have tried the "config network webmode disable"

- Would you rather not need the reverse command to get the GUI enabled . check :

http://www.my80211.com/cisco-wlc-cli-commands/2010/1/22/wlc-how-to-enable-webmode-http-or-secureweb-https.html

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

TDandy · ‎06-14-2022

Hello Marce,

I apologize for the misunderstanding. This is the exact webpage I referenced for this command. It appears that I input a typo here. I have tried the "config network webmode enable" command. It certainly enables the standard "Web Mode" setting, but when I attempt to input the MGMT IP address using http:// instead of https:// I get the same result, no GUI.

Thank you! Any other ideas?

marce1000 · ‎06-14-2022

- How do you define 'no GUI' ; is there an error in the browser , an empty page, do you get connection refused , or something else ... ?

If needed ,provide a screenshot (too).

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

TDandy · ‎06-14-2022

Marce,

Thank you very much for following up!

I looked into this to get you the exact information.

Attempts to access the GUI via Microsoft edge today resulted in the following errors:

1. Logins using https:// resulted in "ERROR_CONNECTION_ABORTED"

2. Logins using https:// resulted in "ERROR_SOCKET_NOT_CONNECTED"

I did go into the CLI interface and grabbed a little bit more information that I think might be helpful.

(Cisco Controller) >show interface summary

Number of Interfaces.......................... 5

Interface Name Port Vlan Id IP Address Type Ap Mgr Guest
-------------------------------- ---- -------- --------------- ------- ------ -----
management 1 untagged 192.168.128.149 Static Yes No
redundancy-management 1 untagged 0.0.0.0 Static No No
redundancy-port - untagged 0.0.0.0 Static No No
service-port N/A N/A 0.0.0.0 DHCP No No
virtual N/A N/A 192.0.2.1 Static No No

(Cisco Controller) >show interface detailed management

Interface Name................................... management
MAC Address...................................... 70:18:a7:c9:50:01
IP Address....................................... 192.168.128.149
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 192.168.128.191
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
Link Local IPv6 Address.......................... fe80::7218:a7ff:fec9:5001/64
STATE ........................................... REACHABLE
Primary IPv6 Address............................. ::/128
STATE ........................................... NONE
Primary IPv6 Gateway............................. ::
Primary IPv6 Gateway Mac Address................. 00:00:00:00:00:00
STATE ........................................... INCOMPLETE
VLAN............................................. untagged
Quarantine-vlan.................................. 0
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
DHCP Proxy Mode.................................. Global
Primary DHCP Server.............................. Unconfigured

--More-- or (q)uit
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
DHCP Option 82 bridge mode insertion............. Disabled
DHCP Option 6 Opendns Override................... Disabled
IPv4 ACL......................................... Unconfigured
URL ACL.......................................... Unconfigured
IPv6 ACL......................................... Unconfigured
mDNS Profile Name................................ Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No
L2 Multicast..................................... Enabled

marce1000 · ‎06-14-2022

>.... Logins using https:// resulted in "ERROR_CONNECTION_ABORTED"

- Is this a persistent error when trying from other PC , Mac or 'operator terminal' with different browser (e.g.) ?

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

TDandy · ‎06-14-2022

Hello M,

I tried Chrome and Firefox using a different PC.

Chrome:

Firefox:

marce1000 · ‎06-14-2022

- Make sure you have no firewall in between (or verify by using host in same subnet as the controller)

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

TDandy · ‎06-14-2022

Hello M,

All firewalls are disabled in this case. I am also just directly linked to
Port 1 on the WLC.

There is no switch or other devices to contend with. I am not sure what you
mean by “or verify by using host in same subnet as the controller.”

Thank you!

marce1000 · ‎06-14-2022

- Use a switched network between the controller and your PC , do not use a direct link.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

TDandy · ‎06-15-2022

Hello M,

Do you have any recommendations for a network switch? I have a few
unmanaged network switches available, but in my past experience I get the
same results with these (no GUI).

I have seen posts that suggest configuring a native vlan to the switch, but
it is my understanding that this cannot be done on a unmanaged switch(Cudy,
GS1010P)

Thank you!

marce1000 · ‎06-15-2022

- An unmanaged switch with default configuration will be fine , including default port settings , but the IP addresses between your PC and the controller must be compatible and or in the same subnet (check if you can ping the controller first)

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

TDandy · ‎06-15-2022

Hello M,

Thank you for your help. By speaking to you I was able to determine that I needed to be hooked up to the network at my place of work and within the same subnet.

I was able to determine an acceptable static IP address within that subnet and used the gateway IP address of that network.

I was able to get one wireless ap connected and the SSID for my WLAN came up almost right away. I decided to attach 3 more APs. It looks like I have a little bit of trouble shooting to do with the 4th aironet ap, but I will take a crack at it!

I may be on here again very soon! Thanks again for your help!

Best wishes.