Service port interface

What is service port interface in WiSM? I know it is used to communication with Supervisor Engine but just want to know in details ?
Please help
thnx
subharose

The service-port interface is reserved for out-of-band management of the controller and
system recovery and maintenance in the event of a network failure. It is also the only port that is active when the controller is in boot mode. WiSM use the service port for internal protocol communication between the
controllers and the Supervisor 720. For example, if you want to use "session slot x proc 1" to access WiSM's CLI through sup720, you have to enable a service VLAN which is local to the chassis and is used for
communication between Cisco WiSM and Catalyst Supervisor 720 over a Gigabit Interface on the Supervisor and a service port in the Cisco WiSM. See following link for more detail:
http://www.cisco.com/en/US/products/hw/modules/ps2706/products_tech_note09186a00808330a9.shtml

Similar Messages

Service port interface Question

I have a customer that wants to use the service port interface as a backup entry door to its WLCs in the event of a network failure or misconfiguration. I have configured the WLC's mgt and ap-manager interface in a 10.50.x.x network and the service interface in a 10.103.x.x network, which are 2 completely separate networks. Cisco's documentation is unclear as to how to configure the service interface. Should I have the service interface completely separate from the 10.x.x.x network class (e.g 172.16.x.x or 192.168.x.x) or I am okay in using the 10.103.x.x. network?
The WLC can be configured with static routes. Are those, when configured, reserved for the service interface? Should I configure the WLC with a static route? And if yes what should it be?
Your help would be greatly appreciated
Thanks

You can use the service port, but make sure you configure it correctly. Here is from a Cisco doc:
By default, the physical service port interface has a DHCP client installed and looks for an address via DHCP. The WLC attempts to request a DHCP address for the service port. If no DHCP server is available, then a DHCP request for the service port fails. Therefore, this generates the error messages.
The workaround is to configure a static IP address to the service port (even if the service port is disconnected) or have a DHCP server available to assign an IP address to the service port. Then, reload the controller, if needed.
The service port is actually reserved for out-of-band management of the controller and system recovery, and maintenance in the event of a network failure. It is also the only port that is active when the controller is in boot mode. The service port cannot carry 802.1Q tags. Therefore, it must be connected to an access port on the neighbor switch. Use of the service port is optional.
The service port interface controls communications through and is statically mapped by the system to the service port. It must have an IP address on a different subnet from the management, AP-manager, and any dynamic interfaces. Also, it cannot be mapped to a backup port. The service port can use DHCP in order to obtain an IP address, or it can be assigned a static IP address, but a default gateway cannot be assigned to the service port interface. Static routes can be defined through the controller for remote network access to the service port.
Hope this helps.

Service port

What is the main function of the service port in the 4400 series WLC?

Hi Alejandro,
Hope all is well with you :) Here is an explanation;
The Service-port Interface is statically mapped by the system only to the physical service port. The service port interface must have an IP address on a different subnet from the Management, AP Manager, and any dynamic interfaces. The service port can get an IP address via DHCP or it can be assigned a static IP address, but a default-gateway cannot be assigned to the Service-port interface. Static routes can be defined in the WLC for remote network access to the Service-port. The Service-port is typically reserved for out-of-band management in the event of a network failure. It is also the only port that is active when the controller is in boot mode. The physical service port is a copper 10/100 Ethernet port and is not capable of carrying 802.1Q tags so it must be connected to an access port on the neighbor switch.
From this excellent WLC doc;
http://www.cisco.com/en/US/products/ps6366/prod_technical_reference09186a00806cfa96.html#wp1052072
Hope this helps!
Rob

WiSM Service Port is sourcing Fin-Ack packets

For some reason or another, both of the service port interfaces on our WiSM WLCs are sorucing Fin-Ack packets to IP addresses out on the Internet.
My understanding is that the service ports are only suppose to be used for communication between the Sup720 and WiSM, and I'm wondering if this could be due to some type of misconfiguration on the WiSM or 6509E.
We have static IP addresses configured on the service ports in vlan 999 on the 6509E:
   interface Vlan999
    description VLAN for WiSM Service Port
    ip address 192.168.99.1 255.255.255.0
    no ip redirects
    no ip proxy-arp
   end
There is also a connected route for this vlan on the 6509E:
   ROUTER# sh ip route
   C    192.168.99.0/24 is directly connected, Vlan999
I have verified that traffic on vlan 999 is being routed off of that vlan. Should I? and how can I prevent that?
Should our service port vlan (999) be a L2 vlan instead of L3 at the 6509E?
Should we even have an SVI for vlan 999 on the 6509E?
With the 6509E being a VTP server, vlan 999 has propigated to all of the other swtiches on our campus.
Any advice would be greatly appreciated.
- Jonathan

Thanks for answering my questions Nicolas.
I will configure an ACL to block this traffic.
It just seems odd that this traffic would be coming from the service port interfaces.
The source port for the Fin-Ack packets are always port 2006 of the WiSM service port interfaces:
Ex)
10:57:14 192.168.99.3.2006 > 178.16.32.26.55604: F ack 1572593820 win 1378
10:57:14 192.168.99.3.2006 > 68.192.70.95.50091: F ack 520899031 win 1378
10:57:14 192.168.99.3.2006 > 157.252.133.95.52194: F ack 198026245 win 1378
10:57:14 192.168.99.3.2006 > 68.175.103.222.62076: F ack 2128482631 win 1378
10:57:14 192.168.99.2.2006 > 69.192.173.15.52873: F ack 3642030540 win 1378
10:57:15 192.168.99.3.2006 > 184.88.1.180.59208: F ack 644520437 win 1378
Its understandable that traffic destined for the service port subnet would be forwarded out of the service port interfaces but in this case the traffic is destined for the IP addresses out on the Internet, not the service port subnet.
- Jonathan

Static nat and service port groups

I need some help with opening ports on my ASA using firmware 9.1.2.
I read earlier today that I can create service groups and tie ports to those. But how do I use those instead of using 'object network obj-ExchangeSever-smtp' ?
I have the ACL -
access-list incoming extended permit tcp any object-group Permit-1.1.1.1 interface outside
Can this statement
object network obj-ExchangeSever-smtp
nat (inside,outside) static interface service tcp smtp smtp
reference the service port groups instead?
Thanks,
Andrew

Hi,
Are you looking a way to group all the ports/services you need to allow from the external network to a specific server/servers?
Well you can for example configure this kind of "object-group"
object-group service SERVER-PORTS
service-object tcp destination eq www
service-object tcp destination eq ftp
service-object tcp destination eq https
service-object icmp echo
access-list OUTSIDE-IN permit object-group SERVER-PORTS any object
The above would essentially let you use a single ACL rule to allow multiple ports to a server or a group of servers. (Depending if you use an "object" or "object-group" to tell the destination address/addresses)
I am not sure how you have configured your NAT. Are they all Static PAT (Port Forward) configurations like the one you have posted above or perhaps Static NAT configurations?
You can use the "object network " created for the NAT configuration in the above ACL rule destination field to specify the host to which traffic will be allowed to. Using the "object" in the ACL doesnt tell the ASA the ports however. That needs to be configured in the above way or in your typical way.
Hope this helps
- Jouni

On a 3750 enhanced services port, are hierarchical queueing and standard queuing features mutually exclusive?

When you configure hierarchical queueing on an enhanced services port, should one also configure the egress queue chararcteristics such as buffer space and thresholds, shaped/shared weights, egress priority queue, etc., that is all of those characteristics that one would configure if one were configuring a port for standard QOS. In other words, on an enhanced services port, are the hierarchical queueing features using the modular QOS CLI and the standard egress queueing features supposed to be used together or are they mutually exclusive?

Hi Christine,
Answer to your confusion is in the following document.
http://www.cisco.com/en/US/docs/switches/metro/catalyst3750m/software/release/12.1_14_ax/release/notes/OL464603.html#wp58682
On an ES port, you can use LLQ (enabled with the priority policy-map class configuration command) and the egress priority queue (enabled with the priority-queue out
interface configuration command). By using these two features, you can
give priority to a class of traffic and avoid losing traffic when the
switch is congested. In previous releases (before the egress priority
queue was supported), you could put a traffic class into the
strict-priority queue, but congestion at the egress queue-sets could
result in the dropping of that priority traffic. The priority-queue out
interface configuration command enables you to prioritize the same
traffic class at the egress queue-sets, ensuring that priority traffic
reaches the hierarchical queues and is processed with priority.
you can also fine tune the Queue-sets for your desired results.
http://www.cisco.com/en/US/docs/switches/metro/catalyst3750m/software/release/12.2_50_se/configuration/guide/swqos.html#wp1162303

CSS11501 - Rejects incoming connections on VIP service port

Hi,
I have configured CSS11501 in one-armed mode with only one server behind the VIP. After every couple of hours the connectivity to VIP Service port (80) is lost. Telnet to VIP on port 80 does not reach the server. During the same time ping to the VIP works continuously. The interface throughput does not go beyond 40Mbps and the max concurrent connections does not go beyond 200 connections. And the 'show service summary' continues to show the server alive on http. NAT is defined for the return traffic through 'group' command
The problem gets resolved by itself within 3-4 minutes or by deactivating and re-activating the VIP within CSS configurations.
CSS model : CSS11501
Version: 08.20.0.01
Any clue or hint to troubleshoot this problem will be of great assistance.
Thanks.

Good afternoon,
Probably the best would be opening a TAC service request to get this investigated further.
Before you do, I would anyway recommend you to try a software upgrade to the latest 8.20 release. 8.20.001 was the first release in the 8.20 train, so a lot of bug fixes have been added since then. There is still the chance that your issue will go away with this upgrade
Regards
Daniel

WLC 5508 - What is the use of service port.

Hi,
I am getting hard to understand use of service port in wlc 5508,
Even after reading so much post and cisco note I am not understanig the use of (Even basic use) service port.
As I understand service port should be access port and should be in diffrent vlan.
Pleae help me to understand it in simple way....

Hi Tarun,
Like others mentioned it is used for Out of Band Management of a WLC. Many do not use this as it could leads to issues unless you properly configure it & put it onto two completely different supernets. Config guides highlighted those restrictions & below is one of them listed in 7.4 config guide
Do not configure wired clients in the same VLAN or subnet of the service port of the controller on the network. If you configure wired clients on the same subnet or VLAN as the service port, it is not possible to access the management interface of the controller.
In situations you can use it to get access by directly connecting a laptop to take configuration backup or restore configuration to a controller. In the below post I have used service port to take backup & restore the configuration to a WLC.
http://mrncciew.com/2013/01/25/backup-restore-wlc-configs/
HTH
Rasika
**** Pls rate all useful responses ****

WISM Service Ports Down

I am walking into a site that already has the WISMs setup. There are 2 switches setup with VSS and there are a total of 4 WISMs. When I do a show wism status there are 3 of the service ports that show down. One port down on one of the WISMs and both ports down on another. The managment addresses are setup and I can mange the WISMs and when I do a show int on any of the interfaces they show as 'notconnect'.
I don't think you can go in and do a "no shut" on the ports so not sure what to do in order to get the service ports up.

I guess when in doubt reboot....I booted the controllers in question and the ports came up.

Wism Service Port issue

Hi All,
I am trying to configure a new wism module, as per the cisco official document i have configured all settings for the service interface, but it is not leasing ip address from my dhcp pool. What could be the possible reason ? Please Help
Thanks in advance.
Rgds.
Shijo.

Hello All,
Thank you very much for the replies and let me inform you that i could resolve the problem by myself. I am glad to share my experiance and solution herev.
As per the cisco documents the 'service port' will automatically lease an ip from the service vlan dhcp pool, as i posted b4 it was not working. Then tried to access the wism's console port using the default user name and password 'admin' (as per cisco documnets). But unfortunately for me it was 'cisco'. (It really took half of a day to make a blind attempt, my bad luck ). Using the newly discovered user name and password i had logged into the cosole and serached for a solution. The result was bit shocking - DHCP in service port was disabled !!!.Anyway i fixed it and logged out. The service port then leased IPs from the sevice vlan dhcp pool.
Then i tried 'session' to the controller, it simpley gave me the next issue. The switch failed to session into controller !!. After a few hrs attempt i found that telnet was also diabled in the controller from the wism's console, fixed it from the wism console itself.
Again, as per the cisco document in the first loggin to the wism you will get a configuration wizard, i didnt get anything like that .
Anyways for the time it is working fine, and as it is my very first experience with a WISM i am expecting more issues when entering into more complex configuration. I expect all of yours support then.
Merry X'mas in advance.
Thank you very much,
Shijo.

Error: DHCP-3-BIND_SRPORT_ERR: dhcp_support.c:374 Binding service port failed.

Hi,
I am getting bellow error messages with new wlan i created. On the same WLC i have three other wlans working OK. This wlan suppose to get authenticated with acs, i tried to disable the authentication but got same error message. With acs authentication, i am able to authenticate OK but cannot get ip address from dhcp server. DHCP server is on wlc, used by other three wlans ok. All wlans are on differnt subnets; vlans created where needed.Any ideas would be appreciated.
Thanks
Error from wlc:
*Sep 10 13:23:53.303: %DHCP-3-BIND_SRPORT_ERR: dhcp_support.c:374 Binding service port failed.
*Sep 10 13:15:33.111: %DHCP-3-BIND_SRPORT_ERR: dhcp_support.c:374 Binding service port failed.
*Sep 10 13:07:12.920: %DHCP-3-BIND_SRPORT_ERR: dhcp_support.c:374 Binding service port failed.
*Sep 10 12:58:52.732: %DHCP-3-BIND_SRPORT_ERR: dhcp_support.c:374 Binding service port failed.
*Sep 10 12:50:32.535: %DHCP-3-BIND_SRPORT_ERR: dhcp_support.c:374 Binding service port failed.

%DHCP-3-BIND_SRPORT_ERR: dhcp_support.c:374 Binding service port failed.
This one perplexed me too, there is no answer on Cisco's website that I could find. I think I have the solution though....
Go to Monitor -> Interfaces -> Service-Port and have a look at the configuration.
I'm willing to bet that DHCP is enabled for the service port (the Ethernet interface on the left side of the controller that you may or may not use) and the Ethernet is either not connected or it's connected to a LAN where it can't get a DHCP lease.
What the controller is try trying to say is something like "%DHCP-3-BIND_SRPORT_ERR: dhcp_support.c:374 Failed to get a DHCP address for the service port"

Controller access using service port

Hi,
We have two 5508 in ha(ap sso) mode. the service port is configured with 192.168.125.1.
Will i be able to access the controller web interface ( https://192.168.125.1 ) if my laptop is directly connected to the controllers service port(SP) using a ethernet cable.
I was able to do this before, but seems after configuring the HA , it is not accessible any more via service port.
Please help on this.

Might want to look at this thread
https://supportforums.cisco.com/thread/2203573
Sent from Cisco Technical Support iPhone App

WLC Service Port

Hello
Are the service-port and the managment-port available in parallel for managment purpose?
I got the information if the service-port is activ, the management-port is not reachable?
Regards
Pascal

What plate form are you using (controllers or WISMs). I would agree with the above but if you are using WiSMs the service ports are used for much more than out of band managment.
Also the service port should not be routable to the management address. If it is you may have issues.
Q. How do the Cisco WiSM and the Cisco Catalyst 6500 Supervisor communicate with each other?
A. The Cisco WiSM uses the Wireless Control Protocol (WCP) to communicate with the Cisco Catalyst 6500 Supervisor. The WCP is a new UDP-based internal protocol for communication between the Supervisor and Cisco WiSM controllers. WCP is only communicated between the WiSM and Supervisor on the service interface of the controllers, which corresponds to ports 9 and 10 of the WiSM module. WCP runs on UDP/IP, port 10000 on a service interface.

SVI needed for WiSM service-port?

I currently have a vlan/SVI on my 6506 for the WiSM service-port. The WiSM has an address on the same subnet. To manage the WiSM, I either https to the Management interface address or use 'session slot X proc Y' from the the 6506. Since I am essentially only using two addresses from a subnet for this service-port I would like to free up the subnet. Can I keep my current functionality by having a vlan only (with the wism service-vlan XX command) with no SVI? Thanks.

Yes, correct. You dont have to have this as a SVI. You can just drop them into the vlan with no SVI. So long as the WiSMs have a service port and IP and they are on the same subnet in the same vlan you are good.
After you set this up do a show wism status .. You should see thet are all up.
In fact I bloged about a security issue with the service port and the SVI interface. Its a good read..
http://www.my80211.com/security-labs/2010/10/7/cisco-wism-config-practice-opens-svi-vulnerability.html
I hope this helps.

Wism Controller 2 doesn't get service port IP but Controller 1 does

I followed the documentation for setting up the WiSM. Controller 1 is up and fine. I see in dhcp bindings, that Controller 2 is getting a DHCP address and when I "session slot 9 pro 2" it tries to connect to that dhcp address, but on a "show wism status" the service-port of controller 2 is 0.0.0.0
Has anyone encountered this problem?
Thanks

Hi..
What about the connectivity?? do we still have the access to the WLC 2?? either from telnet or the GUI?? or will the session to the WLC work?
Regards
Surendra

Service port interface

Similar Messages

Maybe you are looking for