Cisco WLC 5508 Password Invalid? (Fixed!Thanks)

Answered Question
Jan 22nd, 2011

Hi Guys,

In this afternoon, I did some testing in WLC in our company wireless network.

However, after my 3 hours testing, I had tried to login WLC again by GUI and SSH. The admin username and password does not work any more. All Read only and Guest Account did not work as well.

Is any one had this issue before? Is there a restriction for access to WCL per 3 hours or one day? By the way, I did not change any password.

Thanks

I have this problem too.
0 votes
Correct Answer by Scott Fella about 3 years 2 months ago

No problem... glad I can help!  One thing to do next time when you are testing radius, is to open up another browser that is logged on.  This way when you logout of one browser to test authentication and get locked out, you can go to the other browser to make a change.  Just make sure you use a different browser of machine.  Not a new tab... does not always work well with tabs:)

Correct Answer by Scott Fella about 3 years 2 months ago

You need to make sure the wlc can't communicate to the radius servers, then the priority will try the local account. So you either take down the radius servers or you disconnect the wlc from the network and then use the service port or console to access the wlc. It will work, since now we know that the priority was set to radius then local. You could setup an acl to block connectivity if you want, but unplugging the wlc from the network is easier.

Sent from Cisco Technical Support iPhone App

Correct Answer by Scott Fella about 3 years 2 months ago

Well.... something changed on the WLC for that to happen.  What were you testing?  Changes in your radius setup and enabling management or the priority order can cause you an issue if things are not setup right.  If that is the case, dissconnect the WLC from the network and connect to your service port or console port and login.

If you can't log on, here is a link for how to do a password recovery on the WLC:

https://supportforums.cisco.com/docs/DOC-8038

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (3 ratings)
Correct Answer
Scott Fella Mon, 01/24/2011 - 06:01

Well.... something changed on the WLC for that to happen.  What were you testing?  Changes in your radius setup and enabling management or the priority order can cause you an issue if things are not setup right.  If that is the case, dissconnect the WLC from the network and connect to your service port or console port and login.

If you can't log on, here is a link for how to do a password recovery on the WLC:

https://supportforums.cisco.com/docs/DOC-8038

edisonbbs Mon, 01/24/2011 - 08:45

Thanks a lot.

Well, as your said, I had disabled and enabled management of the RADIUS server because I was testing multiple RADIUS failover. And also, I have changed authentication priority of the WLAN, I moved RADIUS above of Local.

By the way, I called TAC last night, they told me that in 5508, I have to configure Management port and Service Port in two different SUPERNET. That may cause my issue. However, it worked fine in last 9 months. (Now is 192.168.159.200 & 192.168.1.1)

Another question, do you thing if I connect to WLC by service port or console, the username and password will work?

I am afraid that the password will not work even I do password recovery. It was happened before, at that time, the only way is that I refresh the controller to factory default.

Right now, we are using HREAP mode for all APs, because all AP are distributed in different cities; and APs got diffierent subnet. We know when the AP first time joined to WLC, they must be in the same subnet. If I refresh the WLC but use the same management IP address. Do I need to ask all office to send AP back to WLC office?

Thanks

Correct Answer
Scott Fella Mon, 01/24/2011 - 09:16

You need to make sure the wlc can't communicate to the radius servers, then the priority will try the local account. So you either take down the radius servers or you disconnect the wlc from the network and then use the service port or console to access the wlc. It will work, since now we know that the priority was set to radius then local. You could setup an acl to block connectivity if you want, but unplugging the wlc from the network is easier.

Sent from Cisco Technical Support iPhone App

edisonbbs Mon, 01/24/2011 - 09:40

WOW!!!! Thank you so so much Scott. You save me.

Yes, I disabled RADIUS service. Then, the Admin account got work. And I move the Local authentication above of the RADIUS, and enabled RADIUS server.

Every thing works fine!!

Thanks again, you saved my time and the trip. Otherwise I have to go another city to do the troubleshooting for WLC.

I will send a email to you soon.

Correct Answer
Scott Fella Mon, 01/24/2011 - 09:45

No problem... glad I can help!  One thing to do next time when you are testing radius, is to open up another browser that is logged on.  This way when you logout of one browser to test authentication and get locked out, you can go to the other browser to make a change.  Just make sure you use a different browser of machine.  Not a new tab... does not always work well with tabs:)

krishnalam Tue, 06/05/2012 - 05:27

Hi everyone,

I am having an issue with the WLC 5508 currently lost acces to console, ssh, telnet, GUI. I have no idea why i cant access any of them. I have recently deployed HREAP AP in remote site controlled via WAN. However there is an issue with the clients to authenticate thats a different story but is there anything else to do apart from restore-password after the reboot.

As this didnt help me either.

Pleaseeeeeeeeeeeeeeeeeeee help I desperately need to resolve this.

Thank you very much

KK

krishnalam Tue, 06/05/2012 - 05:34

Adding to the above...

But I have a feeling that I did changed the order of authentication with Radius as primary and local afterwards, is there anything to do with this change for the console access.

Does removing the device from the network resolve or help me to get access to the management ?

Help me please

Actions

Login or Register to take actions

This Discussion

Posted January 22, 2011 at 4:26 PM
Stats:
Replies:8 Avg. Rating:5
Views:5944 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard