WLC Service Port

Hello
Are the service-port and the managment-port available in parallel for managment purpose?
I got the information if the service-port is activ, the management-port is not reachable?
Regards
Pascal

What plate form are you using (controllers or WISMs). I would agree with the above but if you are using WiSMs the service ports are used for much more than out of band managment.
Also the service port should not be routable to the management address. If it is you may have issues.
Q. How do the Cisco WiSM and the Cisco Catalyst 6500 Supervisor communicate with each other?
A. The Cisco WiSM uses the Wireless Control Protocol (WCP) to communicate with the Cisco Catalyst 6500 Supervisor. The WCP is a new UDP-based internal protocol for communication between the Supervisor and Cisco WiSM controllers. WCP is only communicated between the WiSM and Supervisor on the service interface of the controllers, which corresponds to ports 9 and 10 of the WiSM module. WCP runs on UDP/IP, port 10000 on a service interface.

Similar Messages

5508 WLC service-port

Is it possible to connect to the WLC GUI through the service-port on the 5500 series controllers?
Or is this just for SSH?

Hi Colin,
Yes you can access the GUI using the service port IP Address.
Connect your laptop using service port and assign a static ip address of the same subnet as Service port IP of your Controller.

WLC 5508 - What is the use of service port.

Hi,
I am getting hard to understand use of service port in wlc 5508,
Even after reading so much post and cisco note I am not understanig the use of (Even basic use) service port.
As I understand service port should be access port and should be in diffrent vlan.
Pleae help me to understand it in simple way....

Hi Tarun,
Like others mentioned it is used for Out of Band Management of a WLC. Many do not use this as it could leads to issues unless you properly configure it & put it onto two completely different supernets. Config guides highlighted those restrictions & below is one of them listed in 7.4 config guide
Do not configure wired clients in the same VLAN or subnet of the service port of the controller on the network. If you configure wired clients on the same subnet or VLAN as the service port, it is not possible to access the management interface of the controller.
In situations you can use it to get access by directly connecting a laptop to take configuration backup or restore configuration to a controller. In the below post I have used service port to take backup & restore the configuration to a WLC.
http://mrncciew.com/2013/01/25/backup-restore-wlc-configs/
HTH
Rasika
**** Pls rate all useful responses ****

Wism Controller 2 doesn't get service port IP but Controller 1 does

I followed the documentation for setting up the WiSM. Controller 1 is up and fine. I see in dhcp bindings, that Controller 2 is getting a DHCP address and when I "session slot 9 pro 2" it tries to connect to that dhcp address, but on a "show wism status" the service-port of controller 2 is 0.0.0.0
Has anyone encountered this problem?
Thanks

Hi..
What about the connectivity?? do we still have the access to the WLC 2?? either from telnet or the GUI?? or will the session to the WLC work?
Regards
Surendra

HA on 5508 and service ports

Hi everybody.
Two 5508 WLCs running 7.4.100.60. I had to activate HA
I decided to configure Service ports: following HA conf guide, I used DHCP. That's because static IPs on service ports are often cleared and forgot during switchover. HA went up perfectly; tests were positive: by rebooting the active unit, standby was immediately ready, and so on.
I decided to test maintenance mode: by shutting down the mgt ports of the active unit, the standby one was activated, and the active went into maintenance mode (because it did not reach the standby). This again is correct.
Issue: when the unit is in this status (maintenance), its service port IS NOT reachable! I have to open again its mgt ports: the unit does not change tha maintenance status (and this is fully correct), but becomes reachable through its service port.
This is not enough: the active unit remembers the peer service port address, but the standby one does not.
Moreover, after some time, when I try to contact the latter, I jump on the former (I am always talking of Service ports).
This is really diffcult for me to explain.... Any suggestion?
Thanks
Davide

Hi
In my 5508 WLC i have exactly the same problem as you gsutherland
I tried apply this command config 802.11b 11nSupport a-mpdu tx priority all disable
and i get message
"802.11b network not disabled"
Why i must turn off b standard ?
Thanks for respons

Service port interface Question

I have a customer that wants to use the service port interface as a backup entry door to its WLCs in the event of a network failure or misconfiguration. I have configured the WLC's mgt and ap-manager interface in a 10.50.x.x network and the service interface in a 10.103.x.x network, which are 2 completely separate networks. Cisco's documentation is unclear as to how to configure the service interface. Should I have the service interface completely separate from the 10.x.x.x network class (e.g 172.16.x.x or 192.168.x.x) or I am okay in using the 10.103.x.x. network?
The WLC can be configured with static routes. Are those, when configured, reserved for the service interface? Should I configure the WLC with a static route? And if yes what should it be?
Your help would be greatly appreciated
Thanks

You can use the service port, but make sure you configure it correctly. Here is from a Cisco doc:
By default, the physical service port interface has a DHCP client installed and looks for an address via DHCP. The WLC attempts to request a DHCP address for the service port. If no DHCP server is available, then a DHCP request for the service port fails. Therefore, this generates the error messages.
The workaround is to configure a static IP address to the service port (even if the service port is disconnected) or have a DHCP server available to assign an IP address to the service port. Then, reload the controller, if needed.
The service port is actually reserved for out-of-band management of the controller and system recovery, and maintenance in the event of a network failure. It is also the only port that is active when the controller is in boot mode. The service port cannot carry 802.1Q tags. Therefore, it must be connected to an access port on the neighbor switch. Use of the service port is optional.
The service port interface controls communications through and is statically mapped by the system to the service port. It must have an IP address on a different subnet from the management, AP-manager, and any dynamic interfaces. Also, it cannot be mapped to a backup port. The service port can use DHCP in order to obtain an IP address, or it can be assigned a static IP address, but a default gateway cannot be assigned to the service port interface. Static routes can be defined through the controller for remote network access to the service port.
Hope this helps.

WLC service-group settings

After checking the WLCs at several sites using the WLC Config Analyzer, one of the errors that came up was that the service-port interface was invalid because it was set to 0.0.0.0. We're not using the service-port interface, so how should this be set? In the web interface, if I uncheck DHCP, it wants a real static IP address... should I use 127.0.0.1? Do I need to do this in the CLI?

Generally I set them to something so that some stuff like WCS & Config Analyzer don't complain about it. I wouldn't set it to 127.0.0.1.; Although if it's a WiSM module then they should be configured to match the WiSM VLAN in the switch chassis otherwise the WLC can generate lost heartbeat alarms.
Typically if my internal network is a 10.x.x.x network I will use 192.168.1.(last octet of management address), then reverse that as necessary. The service port is for out of band management, which mean it generally isn't connected to any unless you need an alternate to the console port.
As fo setting it, you can either set it via the gui or via the cli
hope this helps.

Service port

What is the main function of the service port in the 4400 series WLC?

Hi Alejandro,
Hope all is well with you :) Here is an explanation;
The Service-port Interface is statically mapped by the system only to the physical service port. The service port interface must have an IP address on a different subnet from the Management, AP Manager, and any dynamic interfaces. The service port can get an IP address via DHCP or it can be assigned a static IP address, but a default-gateway cannot be assigned to the Service-port interface. Static routes can be defined in the WLC for remote network access to the Service-port. The Service-port is typically reserved for out-of-band management in the event of a network failure. It is also the only port that is active when the controller is in boot mode. The physical service port is a copper 10/100 Ethernet port and is not capable of carrying 802.1Q tags so it must be connected to an access port on the neighbor switch.
From this excellent WLC doc;
http://www.cisco.com/en/US/products/ps6366/prod_technical_reference09186a00806cfa96.html#wp1052072
Hope this helps!
Rob

Error: DHCP-3-BIND_SRPORT_ERR: dhcp_support.c:374 Binding service port failed.

Hi,
I am getting bellow error messages with new wlan i created. On the same WLC i have three other wlans working OK. This wlan suppose to get authenticated with acs, i tried to disable the authentication but got same error message. With acs authentication, i am able to authenticate OK but cannot get ip address from dhcp server. DHCP server is on wlc, used by other three wlans ok. All wlans are on differnt subnets; vlans created where needed.Any ideas would be appreciated.
Thanks
Error from wlc:
*Sep 10 13:23:53.303: %DHCP-3-BIND_SRPORT_ERR: dhcp_support.c:374 Binding service port failed.
*Sep 10 13:15:33.111: %DHCP-3-BIND_SRPORT_ERR: dhcp_support.c:374 Binding service port failed.
*Sep 10 13:07:12.920: %DHCP-3-BIND_SRPORT_ERR: dhcp_support.c:374 Binding service port failed.
*Sep 10 12:58:52.732: %DHCP-3-BIND_SRPORT_ERR: dhcp_support.c:374 Binding service port failed.
*Sep 10 12:50:32.535: %DHCP-3-BIND_SRPORT_ERR: dhcp_support.c:374 Binding service port failed.

%DHCP-3-BIND_SRPORT_ERR: dhcp_support.c:374 Binding service port failed.
This one perplexed me too, there is no answer on Cisco's website that I could find. I think I have the solution though....
Go to Monitor -> Interfaces -> Service-Port and have a look at the configuration.
I'm willing to bet that DHCP is enabled for the service port (the Ethernet interface on the left side of the controller that you may or may not use) and the Ethernet is either not connected or it's connected to a LAN where it can't get a DHCP lease.
What the controller is try trying to say is something like "%DHCP-3-BIND_SRPORT_ERR: dhcp_support.c:374 Failed to get a DHCP address for the service port"

WiSM Service Port is sourcing Fin-Ack packets

For some reason or another, both of the service port interfaces on our WiSM WLCs are sorucing Fin-Ack packets to IP addresses out on the Internet.
My understanding is that the service ports are only suppose to be used for communication between the Sup720 and WiSM, and I'm wondering if this could be due to some type of misconfiguration on the WiSM or 6509E.
We have static IP addresses configured on the service ports in vlan 999 on the 6509E:
   interface Vlan999
    description VLAN for WiSM Service Port
    ip address 192.168.99.1 255.255.255.0
    no ip redirects
    no ip proxy-arp
   end
There is also a connected route for this vlan on the 6509E:
   ROUTER# sh ip route
   C    192.168.99.0/24 is directly connected, Vlan999
I have verified that traffic on vlan 999 is being routed off of that vlan. Should I? and how can I prevent that?
Should our service port vlan (999) be a L2 vlan instead of L3 at the 6509E?
Should we even have an SVI for vlan 999 on the 6509E?
With the 6509E being a VTP server, vlan 999 has propigated to all of the other swtiches on our campus.
Any advice would be greatly appreciated.
- Jonathan

Thanks for answering my questions Nicolas.
I will configure an ACL to block this traffic.
It just seems odd that this traffic would be coming from the service port interfaces.
The source port for the Fin-Ack packets are always port 2006 of the WiSM service port interfaces:
Ex)
10:57:14 192.168.99.3.2006 > 178.16.32.26.55604: F ack 1572593820 win 1378
10:57:14 192.168.99.3.2006 > 68.192.70.95.50091: F ack 520899031 win 1378
10:57:14 192.168.99.3.2006 > 157.252.133.95.52194: F ack 198026245 win 1378
10:57:14 192.168.99.3.2006 > 68.175.103.222.62076: F ack 2128482631 win 1378
10:57:14 192.168.99.2.2006 > 69.192.173.15.52873: F ack 3642030540 win 1378
10:57:15 192.168.99.3.2006 > 184.88.1.180.59208: F ack 644520437 win 1378
Its understandable that traffic destined for the service port subnet would be forwarded out of the service port interfaces but in this case the traffic is destined for the IP addresses out on the Internet, not the service port subnet.
- Jonathan

WLAN controller 4400 series, use service-port for initial configuration, IP address?

Hi, Everyone,
I just got a new Cisco Wlan controller 4402 from somebody else but I can't find a suitable console cable( DB-9 console on the controller) , I googled everywhere and I read I could use service port to do the initial configuration, the CISCO FAQ says initial IP for service port is 192.168.1.1, I tried use Cross-over cable to connect a PC to the service port directly and use a normal cable with a switch to connect the service port and a PC, both of the connections do not work out: from the PC, I can't ping 192.168.1.1 ( PC IP changed to 192.168.1.20) , nor can I go http://192.168.1.1 . The service port Link is solid GREEN and ACT is solid GREEN, the PC NIC says Connected with 100 Mbps , so I'm wondering the IP address of service port is not 192.168.1.1? Please help.
Any sussgestions and advices are greatly appreciated.

Hi,
plz connect service port to the switch port that should be configured as access.
connect a pc (ip address - as u mentioned) to the other port of the switch. both wlc and pc should be in same vlan (create a temperary vlan).
try https to access the wlc.
Thanks

Static nat and service port groups

I need some help with opening ports on my ASA using firmware 9.1.2.
I read earlier today that I can create service groups and tie ports to those. But how do I use those instead of using 'object network obj-ExchangeSever-smtp' ?
I have the ACL -
access-list incoming extended permit tcp any object-group Permit-1.1.1.1 interface outside
Can this statement
object network obj-ExchangeSever-smtp
nat (inside,outside) static interface service tcp smtp smtp
reference the service port groups instead?
Thanks,
Andrew

Hi,
Are you looking a way to group all the ports/services you need to allow from the external network to a specific server/servers?
Well you can for example configure this kind of "object-group"
object-group service SERVER-PORTS
service-object tcp destination eq www
service-object tcp destination eq ftp
service-object tcp destination eq https
service-object icmp echo
access-list OUTSIDE-IN permit object-group SERVER-PORTS any object
The above would essentially let you use a single ACL rule to allow multiple ports to a server or a group of servers. (Depending if you use an "object" or "object-group" to tell the destination address/addresses)
I am not sure how you have configured your NAT. Are they all Static PAT (Port Forward) configurations like the one you have posted above or perhaps Static NAT configurations?
You can use the "object network " created for the NAT configuration in the above ACL rule destination field to specify the host to which traffic will be allowed to. Using the "object" in the ACL doesnt tell the ASA the ports however. That needs to be configured in the above way or in your typical way.
Hope this helps
- Jouni

Can't create services port in Win2K

Hello guys:
    I was trying to install IDES on my laptop. The OS is Win2K Advanced Server with sp4. But there was a error when I installed the central instance of iDES.
   It said:'opying c:/winnt/system32/drivers/etc/services to c:/winnt/system32/drivers/etc/services.saptmp
Internal error:a call to syslib failed. system error message:no error'. And i thought it should be something wrong when IDES was trying to create service ports. So I opened the 'service' file in the directory which said in the error message, and found that IDES added one line 'sapmszzz 3600/tcp   #sapsystem message port', it should be more than one line, right?
     I don't know what happened during the installation, and ask for your help to solve this. Anyone will be appreciated!
Best Regards!
Zippo

Andreas, it's not quite correct:
The lines look like this:
sapdb<nn> 32<nn>/tcp
sapgw<nn> 33<nn>/tcp
sapms<SID> 36<nn>/tcp
where <nn> should be 00 in this case...
But the service number has to be unique.
If your services contains for example an entry:
sapmsAAB 3600/tcp
you will fail to add
sapmsAAX 3600/tcp
Therefore you typically have to modify the sapms<SID> entry if you install more than one system with the Number 00 to different values.
sapms<XXX> entries have to be identical on all SAP Systems which should talk to another.
regards
Peter

Problem: Socket connection is not creating in machine, through utility program (MFC Dll), on ListDisplay service port - 3334 (on separate machine), while we are able to telnet on same ListDisplay service port - 3334 from same issue machine on same time

Problem: Socket
connection is not creating in machine, through utility program (MFC Dll), on ListDisplay service port - 3334 (on separate machine), while we are able to telnet on same ListDisplay service port - 3334 from same issue machine on same time
Environment: -
OS:
Windows XP SP2/7
Code:
VC 6.0
Dll: MFC
Problem Description: -
We have written a utility program which create socket (Using windows standard method [MFC]), and then make connection with another service (List Display) running
on port 3334 in different machine and retrieve the required list data. This program was working fine in almost all the machines.
But, we have received a severe intermittent issue on two machines. Client is facing issue in displaying the list data from port 3334.
Attempt: -
First we tried to debug code, and we come to know that socket is not creating in utility program. So we tried to telnet on ListDisplay service port 3334 and we were surprised that we were able to telnet, then we opened some more
telnet window on same port 3334 around (6 to 8) window, and each cmd connected properly. But we were not able to create socket from utility program.
Problem is severe because issue is intermittent.
We have tried all the way, but we are not able to figure it out, that what can be the exact problem and what are the conditions, when utility program will not
connect with ListDisplay service on port 3334.
Kindly assist to resolve this issue. For any help, we would be really thankful.

Hi,
According to your description, it seems that you have created an utility program which is making connection with another service port 3334, however, two clients are facing issue in display the data list from port 3334.
Port: 3334/TCP
3334/TCP - Known port assignments (1 record found)
Service
Details
Source
directv-web
Direct TV Webcasting
IANA
Since the port 3334 is used by directv-web service, I'd like to suggest check this service it is working well on the problematic clients.
1. The client can be resolved in DNS well? Please run "nslookup" in the prompt command.
2. Is there any 3rd party application interrupting? Do test in clean boot.
2. Strongly suggest you run process monitor tool to analysis it.
I am looking forward to your reply if you have any updated on your side.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Issue on Service Ports for outgoing connection

Hi,
My question is regarding to my desktop Mac making outgoing connection to an external IP address 184.84.124.244 using TCP protocol destination port 443 but using 40 Service Ports between 49170 through 49217. This is an automatic outgoing connection by OS X 10.7.3 (I assumed as I did not make that connection). Why such connection required 40 ports to be opened at the same time? Anyone have any idea what might have caused that? Thanks.

There could be lots of outgoing connections when you fire up Safari, as an example, because by default it has many favourites that are RSS feeder. You could have added some new yourself.
How do I find out if those connections stay up indefinitely?
By the way just curious, how did you look up the IP address as who they are?
If you are "Terminal aware" there are some commands that can help you in this direction
host
host is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa. When no arguments or options are given, host prints a short summary of its command line arguments and options.
netstat
show network status
whois
The whois utility looks up records in the databases maintained by several Network Information Centers (NICs).
nslookup
query Internet name servers interactively
dig
dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use dig to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. Other lookup tools tend to have less functionality than dig.
just to name a few.
netstat in particular let you know which connections and their relative status are going on between your computer and the rest of the world

WLC Service Port

Similar Messages

Maybe you are looking for