cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11805
Views
0
Helpful
8
Replies

Cisco WLC 5508 Password Invalid? (Fixed!Thanks)

edisonbbs
Level 1
Level 1

Hi Guys,

In this afternoon, I did some testing in WLC in our company wireless network.

However, after my 3 hours testing, I had tried to login WLC again by GUI and SSH. The admin username and password does not work any more. All Read only and Guest Account did not work as well.

Is any one had this issue before? Is there a restriction for access to WCL per 3 hours or one day? By the way, I did not change any password.

Thanks

3 Accepted Solutions

Accepted Solutions

Scott Fella
Hall of Fame
Hall of Fame

Well.... something changed on the WLC for that to happen.  What were you testing?  Changes in your radius setup and enabling management or the priority order can cause you an issue if things are not setup right.  If that is the case, dissconnect the WLC from the network and connect to your service port or console port and login.

If you can't log on, here is a link for how to do a password recovery on the WLC:

https://supportforums.cisco.com/docs/DOC-8038

-Scott
*** Please rate helpful posts ***

View solution in original post

Scott Fella
Hall of Fame
Hall of Fame

You need to make sure the wlc can't communicate to the radius servers, then the priority will try the local account. So you either take down the radius servers or you disconnect the wlc from the network and then use the service port or console to access the wlc. It will work, since now we know that the priority was set to radius then local. You could setup an acl to block connectivity if you want, but unplugging the wlc from the network is easier.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

No problem... glad I can help!  One thing to do next time when you are testing radius, is to open up another browser that is logged on.  This way when you logout of one browser to test authentication and get locked out, you can go to the other browser to make a change.  Just make sure you use a different browser of machine.  Not a new tab... does not always work well with tabs:)

-Scott
*** Please rate helpful posts ***

View solution in original post

8 Replies 8

Scott Fella
Hall of Fame
Hall of Fame

Well.... something changed on the WLC for that to happen.  What were you testing?  Changes in your radius setup and enabling management or the priority order can cause you an issue if things are not setup right.  If that is the case, dissconnect the WLC from the network and connect to your service port or console port and login.

If you can't log on, here is a link for how to do a password recovery on the WLC:

https://supportforums.cisco.com/docs/DOC-8038

-Scott
*** Please rate helpful posts ***

Thanks a lot.

Well, as your said, I had disabled and enabled management of the RADIUS server because I was testing multiple RADIUS failover. And also, I have changed authentication priority of the WLAN, I moved RADIUS above of Local.

By the way, I called TAC last night, they told me that in 5508, I have to configure Management port and Service Port in two different SUPERNET. That may cause my issue. However, it worked fine in last 9 months. (Now is 192.168.159.200 & 192.168.1.1)

Another question, do you thing if I connect to WLC by service port or console, the username and password will work?

I am afraid that the password will not work even I do password recovery. It was happened before, at that time, the only way is that I refresh the controller to factory default.

Right now, we are using HREAP mode for all APs, because all AP are distributed in different cities; and APs got diffierent subnet. We know when the AP first time joined to WLC, they must be in the same subnet. If I refresh the WLC but use the same management IP address. Do I need to ask all office to send AP back to WLC office?

Thanks

Scott Fella
Hall of Fame
Hall of Fame

You need to make sure the wlc can't communicate to the radius servers, then the priority will try the local account. So you either take down the radius servers or you disconnect the wlc from the network and then use the service port or console to access the wlc. It will work, since now we know that the priority was set to radius then local. You could setup an acl to block connectivity if you want, but unplugging the wlc from the network is easier.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

WOW!!!! Thank you so so much Scott. You save me.

Yes, I disabled RADIUS service. Then, the Admin account got work. And I move the Local authentication above of the RADIUS, and enabled RADIUS server.

Every thing works fine!!

Thanks again, you saved my time and the trip. Otherwise I have to go another city to do the troubleshooting for WLC.

I will send a email to you soon.

No problem... glad I can help!  One thing to do next time when you are testing radius, is to open up another browser that is logged on.  This way when you logout of one browser to test authentication and get locked out, you can go to the other browser to make a change.  Just make sure you use a different browser of machine.  Not a new tab... does not always work well with tabs:)

-Scott
*** Please rate helpful posts ***

Hi everyone,

I am having an issue with the WLC 5508 currently lost acces to console, ssh, telnet, GUI. I have no idea why i cant access any of them. I have recently deployed HREAP AP in remote site controlled via WAN. However there is an issue with the clients to authenticate thats a different story but is there anything else to do apart from restore-password after the reboot.

As this didnt help me either.

Pleaseeeeeeeeeeeeeeeeeeee help I desperately need to resolve this.

Thank you very much

KK

Adding to the above...

But I have a feeling that I did changed the order of authentication with Radius as primary and local afterwards, is there anything to do with this change for the console access.

Does removing the device from the network resolve or help me to get access to the management ?

Help me please

Vinay Sharma
Level 7
Level 7

This document was generated from the following discussion: https://supportforums.cisco.com/docs/DOC-26233

Thanks,

Vinay Sharma

Thanks & Regards
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: