Solved: AP C9115AXI‑E capwap discovery password

peterjhollis · ‎11-25-2025

The new IOS-XE out of the box boots in capwap discovery but unlike before, does not land into the CLI but prompts for a user account. Best description I can find is:

🔑 Out‑of‑Box Behavior for C9115AXI‑E

Default mode: Ships in CAPWAP lightweight mode.
Console access:
- On older builds → you’d drop straight into CLI with no credentials.
- On newer IOS‑XE (17.9+ and especially 17.12) → Cisco enforces a local login even in CAPWAP mode.
  - Default credentials:
    - Username: admin
    - Password: admin
  - You’ll be forced to change the password on first login.
Web UI (if promoted to EWC): Same defaults (admin/admin).

So the fact that your brand‑new APs are prompting for a username while still showing CAPWAP Discovery is not a fault — it’s Cisco’s tightened security baseline. They no longer allow unauthenticated console access, even before joining a controller.

Tried every combination of default passwords (Admin or Cisco or Serial)

Need to boot the first AP and set as EWC. Without a CLI how can I achieve this? Your assistance is really appreciated.

peterjhollis · ‎12-01-2025

Just to update: Could not log on as the tough book I was using to putty onto the AP was scrambling data so the password never worked. Cisco/Cisco was the default.

View solution in original post

Mark Elsen · ‎11-26-2025

- @peterjhollis I have doubts whether this is true; if it would be default credentials then it makes even more
no sense when anyone get's a hand on the boxed ap, and even so if the credentials
would be based on the serial number. Do you have a cisco document (URL) confirming your
statements ?

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

peterjhollis · ‎11-26-2025

I have 6 new APs from cisco, three I have tried off network and all ask for credentials in capwap discovery. I have reset the devices, same result

Mark Elsen · ‎11-26-2025

- @peterjhollis Post the complete boot process for one of those , for the time being I can't find
any related info's in Cisco documents concerning unboxing and first installation (e.g.)

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

peterjhollis · ‎11-27-2025

Zip attached, sorry for the wit, been off sick..

Mark Elsen · ‎11-27-2025

- @peterjhollis That AP is not in CAPWAP mode , but running EWC (for whatever reason)

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

pieterh · ‎11-26-2025

https://www.cisco.com/c/en/us/products/collateral/wireless/embedded-wireless-controller-catalyst-access-points/wireless-ewc-access-point-eol.html

EWC mode has been discontinued
this AP's image may not have EWC option at all ?

End-of-Sale Date: HW, OS SW	The last date to order the product through Cisco point-of-sale mechanisms. The product is no longer for sale after this date.	November 29, 2024
Last Ship Date: HW, OS SW	The last-possible ship date that can be requested of Cisco and/or its contract manufacturers. Actual ship date is dependent on lead time.	February 27, 2025

peterjhollis · ‎11-26-2025

this would explain a lot. Time to splash out on a controller...

pieterh · ‎11-26-2025

https://www.cisco.com/c/en/us/support/wireless/catalyst-9115ax-series-access-points/series.html#~tab-downloads
latest lightweight release 17.18.1 -> this may be the shipper version?
latest EWC release 17.12.6a -> if you need EWC you could consider downgrade?

peterjhollis · ‎11-27-2025

Don't think I can easily downgrade without logging on. Looking at restoring through u-boot

peterjhollis · ‎12-01-2025

Just to update: Could not log on as the tough book I was using to putty onto the AP was scrambling data so the password never worked. Cisco/Cisco was the default.