Cisco Wireless LAN Controller (WLC) 5508 Password Invalid - Password recovery on the WLC

Document

Sat, 04/26/2014 - 23:34
Jul 26th, 2012

Introduction

User Login was working fine on WLC for few hours during testing but User tried to login WLC again by GUI and SSH and the admin username and password does not work any more. All Read only and Guest Account did not work as well.

Scenario

While testing the WLC my login to WLC failed both via GUI and SSH. The admin username and password does not work any more. All Read only and Guest Account did not work as well.

Is any one had this issue before? Is there a restriction for access to WCL per 3 hours or one day? By the way, I did not change any password.

Solution

Changes in your radius setup and enabling management or the priority order can cause you an issue if things are not setup right.  If that is the case, disconnect the WLC from the network and connect to your service port or console port and login.

If you can't log on, here is a Video for how to do a password recovery on the WLC:

Video

Ram- Doc 1.bmp

 

You need to make sure the WLC can't communicate to the radius servers, then the priority will try the local account. So you either take down the radius servers or you disconnect the WLC from the network and then use the service port or console to access the WLC. It will work, since now we know that the priority was set to radius then local. You could setup an ACL to block connectivity if you want, but unplugging the WLC from the network is easier.

Suggestion 1

One thing to do next time when you are testing radius, is to open up another browser that is logged on.  This way when you logout of one browser to test authentication and get locked out, you can go to the other browser to make a change.  Just make sure you use a different browser of machine.  Not a new tab... does not always work well with tabs:)

Suggestion 2

To configure Management port and Service Port in two different Supernet. This could have avoided the above issue

Password Recovery in WLC versions 5.1 and later

If you forget your password in WLC version 5.1 and later, you can use the CLI from the serial console of the controller in order to configure a new user name and password.

After the controller boots up, enter the Restore-Password command at the user prompt. This command is only accepted for the initial user login and becomes disabled after a user logs in. You are prompted to enter a new username/password, which can then be used to log into the controller and modify settings.

Before version 5.1, there is no password recovery option on the Wireless LAN Controller (WLC). You need to set the WLC in order to factory defaults and reconfigure it. In order to set the WLC to factory defaults, power cycle the WLC, press the ESC Key during the boot up process from the console, and choose last option(5) in order to clear the configuration and reboot the Wireless LAN Controller.

Note:  The new default username and password is admin.

Reference

Password Recovery Procedure for the Wireless LAN Controller Module (WLCM) and Wireless Services Module (WiSM)

Cisco Wireless LAN Controller Configuration Guide for 7.2

Wireless LAN Controller (WLC) FAQ

Wireless LAN Controller Web Authentication Configuration Example

Wireless LAN Controller (WLC) Software Upgrade

Wireless LAN Controller Layer 2 Layer 3 Security Compatibility Matrix

This document was generated from the following discussion: Cisco WLC 5508 Password Invalid? (Fixed!Thanks)

Loading.

Actions

This Document

Related Content