how to dump guest user database from 4402 to 5508

Answered Question
Sep 9th, 2011

Hi Everyone,

Currently all our guest user accounts are created on a 4402WLC that is running on code 4.2.61.0. This WLC will be replaced by a 5508WLC that is running on 7.0.116.0. Is there a way to export all the guest user accounts and password from 4402 and import them to 5508? I can only get account name from "show running-config" and password is not showing there.

Thank you.

Robert

I have this problem too.
0 votes
Correct Answer by pcroak about 2 years 7 months ago

Hi Robert,

Unfortunately, I do not think there is an easy way to push all configured users to a new WLC.

You can push a batch of users to select WLCs if you import the username/passwords/settings from a .csv file,  but my guess is you do not have an up to date .csv file handy.

The other option would be to go with our original plan if you can schedule an upgrade on your 4.2.61.0 WLC.

-Pat

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
pcroak Mon, 09/12/2011 - 11:54

Hello Robert,

You can enable cleartext password display with the following command:

config passwd-cleartext enable

Then, when you issue a "show running-config" you should see the passwords along with the usernames. I believe this command is present in 4.2.61.0, I tested in 4.2.207.0 in my lab.

-Patrick Croak

Wireless TAC

robert.huang Tue, 09/13/2011 - 09:58

Thanks Patrick for your reply.

I just tested the command "config passwd-cleartext enable" and this command only allows me to view the password for the snmp community and tacas+ server. For those guest users, I still couldn't see the password.

For example, I just created user of testuser, after type in config passwd-cleartext enable, I can only see the following from show running-config.

netuser lifetime testuser 86400

netuser wlan-id testuser 6

Robert

pcroak Tue, 09/13/2011 - 11:23

Hi Robert,

I just tested this command on a 4400 running 4.2.61.0 and it worked for me.

Are you sure you don't see lines such as:

netuser add tactest tac123 wlan 0 userType....

Normally, "tac123" would be *****, but with "config passwd-cleartext enable" I am able to see it.

-Pat

robert.huang Tue, 09/13/2011 - 13:06

Hi Patrick,

I'm pretty sure I can only see "netuser lifetime xx" and "netuser wlan-id xx". I can't see "netuser add xx".  I've checked both lab WLC4402 and production WLC4402. They give me the same results. The following is my WLC's info.

(Cisco Controller) >show sysinfo

Manufacturer's Name.............................. Cisco Systems Inc.

Product Name..................................... Cisco Controller

Product Version.................................. 4.2.61.0

RTOS Version..................................... 4.2.61.0

Bootloader Version............................... 4.1.171.0

Build Type....................................... DATA + WPS

System Name...................................... c1lab-wlc4402-1

System Location..................................

System Contact...................................

System ObjectID.................................. 1.3.6.1.4.1.14179.1.1.4.3

IP Address....................................... 42.116.24.172

System Up Time................................... 270 days 23 hrs 49 mins 51 secs

Configured Country............................... US  - United States

Operating Environment............................ Commercial (0 to 40 C)

Internal Temp Alarm Limits....................... 0 to 65 C

Internal Temperature............................. +45 C

State of 802.11b Network......................... Enabled

State of 802.11a Network......................... Enabled

--More-- or (q)uit

Number of WLANs.................................. 10

3rd Party Access Point Support................... Disabled

Number of Active Clients......................... 13

Burned-in MAC Address............................ 00:19:AA:72:3C:A0

Crypto Accelerator 1............................. Absent

Crypto Accelerator 2............................. Absent

Power Supply 1................................... Absent

Power Supply 2................................... Present, OK

(Cisco Controller) >

pcroak Tue, 09/13/2011 - 13:40

Hi Robert,

Just a quick update on this -- I'm seeing the problem in my lab on 4.2.61.0, it displays permanent netusers but not guest users.

However, it is working fine in 4.2.207.0, so somewhere between here we fixed this problem...performing further testing now and will let you know.

-Pat

pcroak Tue, 09/13/2011 - 14:18

Hi Robert,

Unfortunately, it looks like you might be out of luck while running 4.2.61.0 WLC code. I could not find a way to print the guest usernames in that version.

I upgraded my controller to 4.2.176.0 (and 4.2.207.0 also works), and then the guest users were printing in a "show running-config" -- you can then use the config passwd-cleartext enable to view the password portion as well.

So depending on the number of guest users, it might be worth upgrading your WLC to be able to extract this information.

-Pat

robert.huang Wed, 09/14/2011 - 08:36

Thank you again Patrick. You are extremely helpful.

One more question.

I have WCS running on 7.0.172.0 to manage all the WLCs. From the WCS I can see the guest users and the passwords. I can apply the guest user to the new Guest Anchor controller (5508). The problem is that I can only do it one by one. Since we have 500 guest users, is there a way to apply all the guest users along with the passwords to the new 5508 controller?

Thanks a lot.

Correct Answer
pcroak Wed, 09/14/2011 - 11:20

Hi Robert,

Unfortunately, I do not think there is an easy way to push all configured users to a new WLC.

You can push a batch of users to select WLCs if you import the username/passwords/settings from a .csv file,  but my guess is you do not have an up to date .csv file handy.

The other option would be to go with our original plan if you can schedule an upgrade on your 4.2.61.0 WLC.

-Pat

robert.huang Wed, 09/14/2011 - 12:23

Hi Patrick,

I've rated your answer.

I think I can get another 4402 WLC with the same version of code, download the configuration from the old 4402 and upload to the new 4402. Then upgrade the new 4402's code to the latest. By doing this I can transfer all the guest user accounts and passwords. If something goes wrong, I still have the old one for backup.

Correct me if I'm wrong.

Thanks again.

pcroak Wed, 09/14/2011 - 12:36

Hi Robert,

Yes, that should work -- you will just need to be careful not to have the other 4402 on your production network when you do so, or you'll end up with duplicate IP addresses!

Please let me know if you run into any problems with the process, I was able to upgrade my WLC and extract the commands so this should work.

-Pat

ericgarnel Wed, 09/14/2011 - 12:35

If you can see the user/pass in full clear text, then I have a script that can pull that info. You can then parse the output into a .csv and import it into the new controller.

Actions

Login or Register to take actions

This Discussion

Posted September 9, 2011 at 5:55 AM
Stats:
Replies:12 Avg. Rating:5
Views:778 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard