How to remotely manage Cisco WLC via Service Port
Usually we can connect PC to the Service Port to access the WLC (http/https or SSH/Telnet). At this point we don’t even need to configure gateway for the PC. But if we want to access the WLC remotely through the Service Port, we need some extra configuration.
The topology diagram of this example is as follows.
The configuration of the WLC is as follows.
(Cisco Controller) >config interface address service-port 192.1.1.1 255.255.255.0 (Cisco Controller) >config route add 192.168.2.0 255.255.255.0 192.1.1.254 (Cisco Controller) >show route summary Number of Routes................................. 1 Destination Network Netmask Gateway ------------------- ------------------- ------------------- 192.168.2.0 255.255.255.0 192.1.1.254 (Cisco Controller) >
The switch port connected to the Service Port is configured as follows.
Switch#sh run int gigabitEthernet 0/1 Building configuration... Current configuration : 89 bytes ! interface GigabitEthernet0/1 description Connected to the Service Port switchport access vlan 1000 switchport mode access end Switch#sh run int vlan 1000 Building configuration... Current configuration : 64 bytes ! interface Vlan1000 description Service Port Gateway ip address 192.1.1.254 255.255.255.0 end
The switch port connected to the PC is configured as follows.
Switch#sh run int gigabitEthernet 0/4 Building configuration... Current configuration : 167 bytes ! interface GigabitEthernet0/4 description Connected to the PC switchport trunk encapsulation dot1q switchport trunk native vlan 2 switchport trunk allowed vlan 1-3000 switchport mode trunk end
After all the configuration is complete, the PC can use the IP address of the Service Port to access the GUI or SSH/Telnet of the WLC.
If the network environment is SSO, Standby’s Service Port needs to be configured in Active.
config redundancy interface address peer-service-port <IP address> <netmask> config redundancy peer-route add <network IP addr> <IP mask> <gateway>
In addition, the PC accessing the Service Port remotely should not be on the same subnet as the IP address of the Management interface or Service Port. In fact, such a route cannot be added.
Do not configure wired clients in the same VLAN or subnet of the service port of the controller on the network. If you configure wired clients on the same subnet or VLAN as the service port, it is not possible to access the management interface of the controller. We recommend that you place the service port in a VLAN or a subnet that is dedicated to out-of-band management.
https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-8/config-guide/b_cg88/ports_and_interfaces.html#ID136
The following is the test result.
(Cisco Controller) >show interface summary Number of Interfaces.......................... 6 Interface Name Port Vlan Id IP Address Type Ap Mgr Guest -------------------------------- ---- -------- --------------- ------- ------ ----- management 1 untagged 100.106.68.108 Static Yes No redundancy-management 1 untagged 0.0.0.0 Static No No redundancy-port - untagged 0.0.0.0 Static No No service-port N/A N/A 192.168.1.1 Static No No virtual N/A N/A 30.30.30.30 Static No No vlan90 1 90 192.168.90.3 Dynamic No No (Cisco Controller) >config route add 100.106.68.0 255.255.255.0 192.168.1.254 IP Address/Netmask entered conflicts with the configured IP Address/Netmask of the switch. (Cisco Controller) >config route add 192.168.1.0 255.255.255.0 192.168.1.254 IP Address/Netmask entered conflicts with the configured IP Address/Netmask of the service port. (Cisco Controller) >
Recent Comments