01-22-2011 04:26 PM - edited 07-03-2021 07:42 PM
Hi Guys,
In this afternoon, I did some testing in WLC in our company wireless network.
However, after my 3 hours testing, I had tried to login WLC again by GUI and SSH. The admin username and password does not work any more. All Read only and Guest Account did not work as well.
Is any one had this issue before? Is there a restriction for access to WCL per 3 hours or one day? By the way, I did not change any password.
Thanks
Solved! Go to Solution.
01-24-2011 06:01 AM
Well.... something changed on the WLC for that to happen. What were you testing? Changes in your radius setup and enabling management or the priority order can cause you an issue if things are not setup right. If that is the case, dissconnect the WLC from the network and connect to your service port or console port and login.
If you can't log on, here is a link for how to do a password recovery on the WLC:
https://supportforums.cisco.com/docs/DOC-8038
01-24-2011 09:16 AM
You need to make sure the wlc can't communicate to the radius servers, then the priority will try the local account. So you either take down the radius servers or you disconnect the wlc from the network and then use the service port or console to access the wlc. It will work, since now we know that the priority was set to radius then local. You could setup an acl to block connectivity if you want, but unplugging the wlc from the network is easier.
Sent from Cisco Technical Support iPhone App
01-24-2011 09:45 AM
No problem... glad I can help! One thing to do next time when you are testing radius, is to open up another browser that is logged on. This way when you logout of one browser to test authentication and get locked out, you can go to the other browser to make a change. Just make sure you use a different browser of machine. Not a new tab... does not always work well with tabs:)
01-24-2011 06:01 AM
Well.... something changed on the WLC for that to happen. What were you testing? Changes in your radius setup and enabling management or the priority order can cause you an issue if things are not setup right. If that is the case, dissconnect the WLC from the network and connect to your service port or console port and login.
If you can't log on, here is a link for how to do a password recovery on the WLC:
https://supportforums.cisco.com/docs/DOC-8038
01-24-2011 08:45 AM
Thanks a lot.
Well, as your said, I had disabled and enabled management of the RADIUS server because I was testing multiple RADIUS failover. And also, I have changed authentication priority of the WLAN, I moved RADIUS above of Local.
By the way, I called TAC last night, they told me that in 5508, I have to configure Management port and Service Port in two different SUPERNET. That may cause my issue. However, it worked fine in last 9 months. (Now is 192.168.159.200 & 192.168.1.1)
Another question, do you thing if I connect to WLC by service port or console, the username and password will work?
I am afraid that the password will not work even I do password recovery. It was happened before, at that time, the only way is that I refresh the controller to factory default.
Right now, we are using HREAP mode for all APs, because all AP are distributed in different cities; and APs got diffierent subnet. We know when the AP first time joined to WLC, they must be in the same subnet. If I refresh the WLC but use the same management IP address. Do I need to ask all office to send AP back to WLC office?
Thanks
01-24-2011 09:16 AM
You need to make sure the wlc can't communicate to the radius servers, then the priority will try the local account. So you either take down the radius servers or you disconnect the wlc from the network and then use the service port or console to access the wlc. It will work, since now we know that the priority was set to radius then local. You could setup an acl to block connectivity if you want, but unplugging the wlc from the network is easier.
Sent from Cisco Technical Support iPhone App
01-24-2011 09:40 AM
WOW!!!! Thank you so so much Scott. You save me.
Yes, I disabled RADIUS service. Then, the Admin account got work. And I move the Local authentication above of the RADIUS, and enabled RADIUS server.
Every thing works fine!!
Thanks again, you saved my time and the trip. Otherwise I have to go another city to do the troubleshooting for WLC.
I will send a email to you soon.
01-24-2011 09:45 AM
No problem... glad I can help! One thing to do next time when you are testing radius, is to open up another browser that is logged on. This way when you logout of one browser to test authentication and get locked out, you can go to the other browser to make a change. Just make sure you use a different browser of machine. Not a new tab... does not always work well with tabs:)
06-05-2012 05:27 AM
Hi everyone,
I am having an issue with the WLC 5508 currently lost acces to console, ssh, telnet, GUI. I have no idea why i cant access any of them. I have recently deployed HREAP AP in remote site controlled via WAN. However there is an issue with the clients to authenticate thats a different story but is there anything else to do apart from restore-password after the reboot.
As this didnt help me either.
Pleaseeeeeeeeeeeeeeeeeeee help I desperately need to resolve this.
Thank you very much
KK
06-05-2012 05:34 AM
Adding to the above...
But I have a feeling that I did changed the order of authentication with Radius as primary and local afterwards, is there anything to do with this change for the console access.
Does removing the device from the network resolve or help me to get access to the management ?
Help me please
07-28-2012 06:14 AM
This document was generated from the following discussion: https://supportforums.cisco.com/docs/DOC-26233
Thanks,
Vinay Sharma
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide