Solved: Re: accidentally turned on AAA / Radius for management users

apeacock · ‎09-27-2022

Hi everyone,

Currently in the process of trying to setup AAA for our WiFi on our WLC so that users have to authenticate.

The problem is I have accidentally added 'management' to the options for who to use the radius server for and now I can't access my WLC via the web interface or GUI! Even connecting via a console cable, it doesn't work. My local login credentials are just denied.

I think I might have changed the order of the management user priority in the AAA settings, so that 'radius' was higher than 'local'.

My AD accounts synced with the Radius server aren't working for it, but it works for the WiFi.

Please could someone advise how I can resolve this?

Thanks,

Alex

patoberli · ‎09-27-2022

As you probably don't yet use Radius for anything, check if you can disable the radius service on the radius server, so that it doesn't anymore reply (marked as dead). Then, if you left "local" in the priority list, you should be able to login with your previous credentials.

View solution in original post

marce1000 · ‎09-27-2022

- As a work around you may try to configure a management account on Radius and then revert the settings if you can then logon to the controller , or else if configuration was not saved - reboot the controller. Or else re-image and restore 'none aaa'-configuration from backup.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

patoberli · ‎09-27-2022

As you probably don't yet use Radius for anything, check if you can disable the radius service on the radius server, so that it doesn't anymore reply (marked as dead). Then, if you left "local" in the priority list, you should be able to login with your previous credentials.

apeacock · ‎09-27-2022

Thanks, this works perfectly.