When setting up new Cisco WLAN controllers, I find it easier to set one up, get it working properly and then copy the configuration off of it and put it on another WLC and change what needs to be changed in order for it to become a backup controller. You know – the IP addresses need to change, hostname, and then set up the mobility configuration. Everything else as well – I’m sure I am forgetting to mention something.
My most recent pair of WLCs threw a curve ball. I set up the first 3504 WLC via the CLI while on the bench with a very basic config, then copied my base config file to it via TFTP. Everything went well, and the system rebooted. After relogging in via CLI, I tested the Service Port’s IP config with a patch cable to my ethernet port on my laptop. I tried to browse to it, and nothing happened.
I pinged the WLC, and the service port responded. I then SSH’d into the service port and it worked perfectly. But no web browsing!
I went home and came back to work the next day, and I could browse to the WLC. Nothing changed. I thought that was a bit strange.
After getting the WLC all setup like I wanted, I copied the controller’s config off the WLC via TFTP and began to set up the backup controller’s configuration. Everything was successful, and I changed what needed to be changed via CLI, saved the config and rebooted it. When it came up, there was no browsing – same as the first WLC. I looked at the system time, and it was set properly, however it was not connected to the internet and the NTP configuration was not in use.
After asking a few friends and googling around, I started trying different things one by one. I found one post where someone had to regenerate the webauth certificate (for something else), and I also found in that same post there was a command to regenerate the webadmin certificate as well.
I ran the “config certificate generate webadmin” command and executed quickly, however it did not appear to do anything. I saved the config and typed “reset system” and it rebooted. When it came back up, I could browse to the WLC.
I honestly have absolutely no idea why this worked, but it did. I do not know why the first WLC worked the next day, but not the first day when I configured it. If my friend Sam Clement’s theory was correct, it was the NTP setting – and I suspect it had not timed out. My timeout was set to one day, and I do not know if more than 24 hours had passed when I checked the first controller again and it magically worked.
I hope this helps someone, since when I searched, I found no references to anyone else having this same issue.
