Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
257
Views
10
Helpful
3
Replies

accidentally turned on AAA / Radius for management users

Go to solution
apeacock
Level 1
Level 1

‎09-27-2022 02:15 AM

Hi everyone,

Currently in the process of trying to setup AAA for our WiFi on our WLC so that users have to authenticate.

The problem is I have accidentally added 'management' to the options for who to use the radius server for and now I can't access my WLC via the web interface or GUI! Even connecting via a console cable, it doesn't work. My local login credentials are just denied.

I think I might have changed the order of the management user priority in the AAA settings, so that 'radius' was higher than 'local'.

My AD accounts synced with the Radius server aren't working for it, but it works for the WiFi.

Please could someone advise how I can resolve this?

Thanks,

Alex

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
patoberli
VIP Alumni
VIP Alumni

‎09-27-2022 05:30 AM

As you probably don't yet use Radius for anything, check if you can disable the radius service on the radius server, so that it doesn't anymore reply (marked as dead). Then, if you left "local" in the priority list, you should be able to login with your previous credentials. 

View solution in original post

3 Replies 3

Go to solution
marce1000
VIP
VIP

‎09-27-2022 04:43 AM

 

 - As a work around you may try to configure a management account on Radius and then revert the settings if you can then logon to the controller , or else if configuration was not saved - reboot the controller. Or else re-image and restore 'none aaa'-configuration from backup.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Go to solution
patoberli
VIP Alumni
VIP Alumni

‎09-27-2022 05:30 AM

As you probably don't yet use Radius for anything, check if you can disable the radius service on the radius server, so that it doesn't anymore reply (marked as dead). Then, if you left "local" in the priority list, you should be able to login with your previous credentials. 

Go to solution
apeacock
Level 1
Level 1
In response to patoberli

‎09-27-2022 05:31 AM

Thanks, this works perfectly.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card