Using Dynamic Interfaces for Management
You can access the controller with one of its dynamic interface IP addresses. Both the wired and wireless clients can access the dynamic interface of the controller using the CLI and GUI. To access the GUI of the controller enter the dynamic interface IP address of the controller in the address field of either Internet Explorer or Mozilla Firefox browser. For wired clients, you must enable management of dynamic interface and must ensure that the wired client is in the VLAN that is mapped to the dynamic interface.
A device, when the management using dynamic interfaces is disabled, can open an SSH connection, if the protocol is enabled. However, you are not prompted to log on. Additionally, the management address remains accessible from a dynamic interface VLAN, unless a CPU ACL is in place. When management using dynamic interface is enabled along with CPU ACL, the CPU ACL has more priority.
The following are some examples of management access and management access using dynamic interfaces, here the management VLAN IP address of the Cisco WLC is 209.165. 201.1 and dynamic VLAN IP address of the Cisco WLC is 209.165. 202.129:
-
Source wired client from Cisco WLC's dynamic interface VLAN accesses the management interface VLAN and tries for management access.
-
Source wired client from Cisco WLC's management interface VLAN accesses the dynamic interface VLAN and tries for management access.
-
Source wired client from Cisco WLC's dynamic interface VLAN accesses the dynamic interface VLAN tries and tries for management access.
-
Source wired client from Layer 3 VLAN interface accesses the dynamic interface or the management interface and tries for management access.
Here, management is not the management interface but the configuration access. If the Cisco WLC configuration is accessed from any other IP address on the Cisco WLC other than the management IP, it is management using dynamic interface.