Controllerless Networks

Reply
New Contributor
Posts: 3
Registered: ‎11-01-2016

Management access over wireless- Instant

Hello

 

I am having difficulties figuring out, whow I can modify managment access for directly connected wireless clients.

 

VC and IAPs are in vlan5 and SSID setup is following:
SSID1. Client IP assignment -> Network Assigned and Client VLAN assignment -> Default.  //IAP and client will get IP address from same DHCP scope(vlan5), IAP SSID ACL is any-any allow


SSID2. Client IP assignment -> Network Assigned and Client VLAN assignment -> VLAN40 //IAP(vlan5) and client(vlan40) will get IP addresses from diffrent IP scopes, IAP SSID ACL and router(terminates the subnets) ACL has any-any allow rules.

 

I have managment access to VC-s, when connected to SSID1, but not when connected to SSID2. I did a packet capture and saw that when connected to SSID2 then ssh/https packets are correctly sent to router via vlan40 and router is correctly routing these packets to vlan5 and IAP, but IAP is not responding to them. I I do icmp ping, then IAP is responding...

 

Did not find any option to allow this access, is this by feature or do I have option to allow this traffic?

 

Thank you!

MVP
Posts: 400
Registered: ‎07-26-2011

Re: Management access over wireless- Instant

Do you have the native vlan configured on the switch ports for the IAP?

Might also be worth seeing if you have any Management Subnet restrictions on the IAP (Security -> Inbound Firewall -> Magement and Corporate access configuration)

ACMA, ACMP
If my post addresses your query, give kudos:)
New Contributor
Posts: 3
Registered: ‎11-01-2016

Re: Management access over wireless- Instant

I have native vlan configured:

- in same direction ping is working

- If I connect myself directly with cable to router and vlan 40(SSID2), then I also have access to IAP

 

No management subnet restrictions have been configured, they are as it comes in default setup(allow all).

MVP
Posts: 400
Registered: ‎07-26-2011

Re: Management access over wireless- Instant

Thanks, it is odd that https isn't working yet ping is. I would've suggested it could be due to the cert being revoked based on the latest round of security issues.Do you see anything in the datapath session when you attempnt to connect? Would you mind sharing the configuration as well?

 

 

ACMA, ACMP
If my post addresses your query, give kudos:)
New Contributor
Posts: 3
Registered: ‎11-01-2016

Re: Management access over wireless- Instant

[ Edited ]

Thank you for answers.

If I connect laptop with cable to the same VLAN, then I can get access to IAP. So I do not think it is releated to certificate, it is rather releted to client being wirelessly connected to IAP..

Added cleaned configuration.

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: