Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

WLC 5508 - Management Users

I have a few management users and then there is the admin superuser who are all local users on the WLC 5508.  Today, I accidently made a change on the WLC 5508 where I changed the order of authentication for management users.  I had RADIUS and LOCAL set and I accidently removed LOCAL as the second method and chose TACACS+ instead.  I did this from the Security page on the WLC (Security > Priority Order > Management User). Now I can't login using the admin user account or any of the management accounts.  See the attached picture.

Anyone have any idea how I can fix this change?

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: WLC 5508 - Management Users

Is your radius the same as the tacacs server? If not, remove the radius from the network. I would try to disconnect the wlc first then remove the radius.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
22 REPLIES
Hall of Fame Super Silver

Re: WLC 5508 - Management Users

Reboot the wlc. I doubt that you saved it. Or disconnect the wlc from the network so it can't communicate with the radius server and it will fall back to local.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Community Member

WLC 5508 - Management Users

I might have saved the configuration.  I rebooted the WLC and tried logging in, got the same issue.  I didn't try pulling out the network cable though.  Even if it is set to authenticate against RADIUS and TACACS+, it will still look for LOCAL?

Hall of Fame Super Silver

Re: WLC 5508 - Management Users

Well if you don't have local in the list it might not work. You will just have to try and see.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Hall of Fame Super Silver

Re: WLC 5508 - Management Users

Is your radius the same as the tacacs server? If not, remove the radius from the network. I would try to disconnect the wlc first then remove the radius.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Community Member

WLC 5508 - Management Users

Scott, you're a genius.  That worked.  When I checked the priority order now, I see RADIUS and LOCAL as the secondary. So I'm not sure how that got changed over but it worked.

Hall of Fame Super Silver

Re: WLC 5508 - Management Users

One more thing.... You have ncs or prime? Because you should be able to change that through either one of those.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Community Member

WLC 5508 - Management Users

I have a Cisco Secure ACS acting like the RADIUS.  What is NCS or Prime?  I only have one WLC Controller.

If this doesn't work, is there a backdoor method I can try?  I have already tried SSH but not console.  I don't have the USB console cable.

Hall of Fame Super Silver

Re: WLC 5508 - Management Users

There is no backdoor method. If you don't have ncs or prime don't worry about it because you can't access the wlc to configure it. The only other method is to factory reset the wlc and do a restore if you have a backup.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Silver

Re: WLC 5508 - Management Users

Hello Manpreet,

I totally agree with Scott, if you are not able to access your wlc then you need to do factory reset .

Community Member

WLC 5508 - Management Users

Oh is that right?  Strange thing is that I can use any one of the RADIUS users to login to the WLC but the only issue is that I can't change or backup anything since I don't have admin rights. 

With Cisco switches, firewalls and routers you can change the password or backdoor in somehow, why isn't it possible with this device?

Also, I do have backups but I think the backups are from a previous version of the WLC.  I was on version 7.0.98 and did backups of that.  I don't have any backups since I upgraded.  Does that matter?

Hall of Fame Super Silver

WLC 5508 - Management Users

WLC's are not IOS so there is no backdoor..... you try to remove the wlc from the network and login?

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
Community Member

WLC 5508 - Management Users

No I didn't do that yet as I'm away from my office.  I will try tomorrow morning and let you know what happens.

Cisco Employee

WLC 5508 - Management Users

I had one TAC case yesterday and one today where the customers did the same thing where they changed the priority then weren't able to login.  Fortunately both had Prime Inrastructure so we were able to use Prime to change the oder back to put local 1st...

Community Member

WLC 5508 - Management Users

Hi Rob

Thanks for your suggestion.  What is Prime?

451
Views
0
Helpful
22
Replies
CreatePlease to create content