09-09-2011 05:55 AM - edited 07-03-2021 08:44 PM
Hi Everyone,
Currently all our guest user accounts are created on a 4402WLC that is running on code 4.2.61.0. This WLC will be replaced by a 5508WLC that is running on 7.0.116.0. Is there a way to export all the guest user accounts and password from 4402 and import them to 5508? I can only get account name from "show running-config" and password is not showing there.
Thank you.
Robert
Solved! Go to Solution.
09-14-2011 11:20 AM
Hi Robert,
Unfortunately, I do not think there is an easy way to push all configured users to a new WLC.
You can push a batch of users to select WLCs if you import the username/passwords/settings from a .csv file, but my guess is you do not have an up to date .csv file handy.
The other option would be to go with our original plan if you can schedule an upgrade on your 4.2.61.0 WLC.
-Pat
09-12-2011 10:17 AM
Please help. Thanks. -Robert
09-12-2011 11:54 AM
Hello Robert,
You can enable cleartext password display with the following command:
config passwd-cleartext enable
Then, when you issue a "show running-config" you should see the passwords along with the usernames. I believe this command is present in 4.2.61.0, I tested in 4.2.207.0 in my lab.
-Patrick Croak
Wireless TAC
09-13-2011 09:58 AM
Thanks Patrick for your reply.
I just tested the command "config passwd-cleartext enable" and this command only allows me to view the password for the snmp community and tacas+ server. For those guest users, I still couldn't see the password.
For example, I just created user of testuser, after type in config passwd-cleartext enable, I can only see the following from show running-config.
netuser lifetime testuser 86400
netuser wlan-id testuser 6
Robert
09-13-2011 11:23 AM
Hi Robert,
I just tested this command on a 4400 running 4.2.61.0 and it worked for me.
Are you sure you don't see lines such as:
netuser add tactest tac123 wlan 0 userType....
Normally, "tac123" would be *****, but with "config passwd-cleartext enable" I am able to see it.
-Pat
09-13-2011 01:06 PM
Hi Patrick,
I'm pretty sure I can only see "netuser lifetime xx" and "netuser wlan-id xx". I can't see "netuser add xx". I've checked both lab WLC4402 and production WLC4402. They give me the same results. The following is my WLC's info.
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 4.2.61.0
RTOS Version..................................... 4.2.61.0
Bootloader Version............................... 4.1.171.0
Build Type....................................... DATA + WPS
System Name...................................... c1lab-wlc4402-1
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.14179.1.1.4.3
IP Address....................................... 42.116.24.172
System Up Time................................... 270 days 23 hrs 49 mins 51 secs
Configured Country............................... US - United States
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +45 C
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
--More-- or (q)uit
Number of WLANs.................................. 10
3rd Party Access Point Support................... Disabled
Number of Active Clients......................... 13
Burned-in MAC Address............................ 00:19:AA:72:3C:A0
Crypto Accelerator 1............................. Absent
Crypto Accelerator 2............................. Absent
Power Supply 1................................... Absent
Power Supply 2................................... Present, OK
(Cisco Controller) >
09-13-2011 01:40 PM
Hi Robert,
Just a quick update on this -- I'm seeing the problem in my lab on 4.2.61.0, it displays permanent netusers but not guest users.
However, it is working fine in 4.2.207.0, so somewhere between here we fixed this problem...performing further testing now and will let you know.
-Pat
09-13-2011 02:18 PM
Hi Robert,
Unfortunately, it looks like you might be out of luck while running 4.2.61.0 WLC code. I could not find a way to print the guest usernames in that version.
I upgraded my controller to 4.2.176.0 (and 4.2.207.0 also works), and then the guest users were printing in a "show running-config" -- you can then use the config passwd-cleartext enable to view the password portion as well.
So depending on the number of guest users, it might be worth upgrading your WLC to be able to extract this information.
-Pat
09-14-2011 08:36 AM
Thank you again Patrick. You are extremely helpful.
One more question.
I have WCS running on 7.0.172.0 to manage all the WLCs. From the WCS I can see the guest users and the passwords. I can apply the guest user to the new Guest Anchor controller (5508). The problem is that I can only do it one by one. Since we have 500 guest users, is there a way to apply all the guest users along with the passwords to the new 5508 controller?
Thanks a lot.
09-14-2011 11:20 AM
Hi Robert,
Unfortunately, I do not think there is an easy way to push all configured users to a new WLC.
You can push a batch of users to select WLCs if you import the username/passwords/settings from a .csv file, but my guess is you do not have an up to date .csv file handy.
The other option would be to go with our original plan if you can schedule an upgrade on your 4.2.61.0 WLC.
-Pat
09-14-2011 12:23 PM
Hi Patrick,
I've rated your answer.
I think I can get another 4402 WLC with the same version of code, download the configuration from the old 4402 and upload to the new 4402. Then upgrade the new 4402's code to the latest. By doing this I can transfer all the guest user accounts and passwords. If something goes wrong, I still have the old one for backup.
Correct me if I'm wrong.
Thanks again.
09-14-2011 12:36 PM
Hi Robert,
Yes, that should work -- you will just need to be careful not to have the other 4402 on your production network when you do so, or you'll end up with duplicate IP addresses!
Please let me know if you run into any problems with the process, I was able to upgrade my WLC and extract the commands so this should work.
-Pat
09-14-2011 12:35 PM
If you can see the user/pass in full clear text, then I have a script that can pull that info. You can then parse the output into a .csv and import it into the new controller.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: