03-12-2022 06:01 PM
Hello all. I am having an issue with a Cisco 9117 AP running in EWC mode. I can successfully set up the AP and get to the management GUI. Upon first login, you get the screen to set the admin user and password, and create an SSID. When i go through this process and click finish, it takes me back to the login as i would expect. When i log back in, it registers the new admin user and password, but it brings me back to the 'Getting Started' menu again every time. I can check and see that my SSID got created and can connect to it, but i can't get to the actual management UI for the controller as it always brings me to that same initial 'Getting Started' page. Is this some known bug or am I missing something? AP EWC is on 17.3.5a software for reference.
03-13-2022 12:38 AM
- Check logs during or after executing these tasks (SSH) : show logging , check if you can find anything unusual
M.
03-13-2022 10:23 AM
Nothing in the logs at all. You can see where i log in, go through the setup process, get logged out as part of that process, then log back in and it starts the setup all over again:
IG_I: Configured from console by vty0
*Mar 13 17:08:49.036: %SYS-5-USERLOG_NOTICE: Message from tty0(user id:
*Mar 13 17:08:49.040: %SYS-5-CONFIG_P: Configured programmatically by process Setup from console as vty0
*Mar 13 17:08:49.333: %SYS-5-CONFIG_P: Configured programmatically by process PnP Agent Discovery from console as vty0
*Mar 13 17:08:49.366: %SYS-5-CONFIG_P: Configured programmatically by process PnP Agent Discovery from console as vty0
*Mar 13 17:08:49.500: %PNP-6-PNP_SUDI_UPDATE: Device SUDI [PID:C9117,SN:KWC231200LE] identified
*Mar 13 17:08:49.555: %CRYPTO_ENGINE-5-KEY_DELETED: A key named CISCO_IDEVID_SUDI_LEGACY has been removed from key storage
*Mar 13 17:08:49.580: %PKI-6-TRUSTPOINT_CREATE: Trustpoint: CISCO_IDEVID_SUDI_LEGACY created succesfully
*Mar 13 17:08:49.611: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named CISCO_IDEVID_SUDI_LEGACY has been generated or imported by pki-sudi
*Mar 13 17:08:49.613: %CRYPTO_ENGINE-3-CSDL_COMPLIANCE_FAIL_RSA: Cisco PSB security compliance violation is detected. Use of weak (1024 bit) key is denied
*Mar 13 17:08:49.671: %PKI-6-TRUSTPOINT_DELETE: Trustpoint: CISCO_IDEVID_SUDI_LEGACY deleted succesfully
*Mar 13 17:08:49.732: %SYS-5-CONFIG_P: Configured programmatically by process PnP Agent Discovery from console as vty0
*Mar 13 17:08:49.837: %PNP-6-PNP_TECH_SUMMARY_SAVED_WITH_ALARM: PnP tech summary (/pnp-tech/pnp-tech-discovery-summary) saved with alarm (1/3) (elapsed time: 43 seconds).
*Mar 13 17:08:49.837: %PNP-6-PNP_DISCOVERY_STOPPED: PnP Discovery stopped (Config Wizard)
*Mar 13 17:09:21.984: %SEC_LOGIN-5-WEBLOGIN_SUCCESS: Login Success [user: admin] [Source: ] at 17:09:21 UTC Sun Mar 13 2022
*Mar 13 17:09:21.986: %WEBSERVER-5-LOGIN_PASSED: Chassis 1 R0/0: : Login Successful from host 10.20.1.166 by user 'admin' using crypto cipher 'ECDHE-RSA-AES128-GCM-SHA256'
*Mar 13 17:10:08.246: %SYS-5-CONFIG_P: Configured programmatically by process SEP_webui_wsma_http from console as admin on vty0
*Mar 13 17:10:14.302: %WEBSERVER-5-SESS_LOGOUT: Chassis 1 R0/0: : Successfully logged out from host 10.20.1.166 by user 'admin' using crypto cipher 'ECDHE-RSA-AES128-GCM-SHA256'
*Mar 13 17:11:12.955: %WEBSERVER-5-SESS_TIMEOUT: Chassis 1 R0/0: : Session timeout from host 10.20.1.166 by user 'admin' using crypto cipher 'ECDHE-RSA-AES128-GCM-SHA256'
*Mar 13 17:11:20.817: %SEC_LOGIN-5-WEBLOGIN_SUCCESS: Login Success [user: admin] [Source: ] at 17:11:20 UTC Sun Mar 13 2022
*Mar 13 17:11:20.810: %WEBSERVER-5-SESS_TIMEOUT: Chassis 1 R0/0: : Session timeout from host 10.20.1.166 by user 'admin' using crypto cipher 'ECDHE-RSA-AES128-GCM-SHA256'
*Mar 13 17:11:20.819: %WEBSERVER-5-LOGIN_PASSED: Chassis 1 R0/0: : Login Successful from host 10.20.1.166 by user 'admin' using crypto cipher 'ECDHE-RSA-AES128-GCM-SHA256'
*Mar 13 17:12:30.539: %SYS-5-CONFIG_P: Configured programmatically by process SEP_webui_wsma_http from console as admin on vty0
*Mar 13 17:15:51.004: %SYS-5-CONFIG_P: Configured programmatically by process SEP_webui_wsma_http from console as admin on vty0
*Mar 13 17:16:05.795: %WEBSERVER-5-SESS_LOGOUT: Chassis 1 R0/0: : Successfully logged out from host 10.20.1.166 by user 'admin' using crypto cipher 'ECDHE-RSA-AES128-GCM-SHA256'
*Mar 13 17:16:05.800: %WEBSERVER-5-SESS_TIMEOUT: Chassis 1 R0/0: : Session timeout from host 10.20.1.166 by user 'admin' using crypto cipher 'ECDHE-RSA-AES128-GCM-SHA256'
*Mar 13 17:16:35.465: %SEC_LOGIN-5-WEBLOGIN_SUCCESS: Login Success [user: admin] [Source: ] at 17:16:35 UTC Sun Mar 13 2022
*Mar 13 17:16:35.459: %WEBSERVER-5-SESS_TIMEOUT: Chassis 1 R0/0: : Session timeout from host 10.20.1.166 by user 'admin' using crypto cipher 'ECDHE-RSA-AES128-GCM-SHA256'
*Mar 13 17:16:35.472: %WEBSERVER-5-LOGIN_PASSED: Chassis 1 R0/0: : Login Successful from host 10.20.1.166 by user 'admin' using crypto cipher 'ECDHE-RSA-AES128-GCM-SHA256'
*Mar 13 17:17:55.889: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: admin] [Source: 10.20.1.166] [localport: 22] at 17:17:55 UTC Sun Mar 13 2022
Maybe i'll try installing a different software version to test with, something in the 16.x train, cause i'm not getting anywhere with this at the moment...
03-13-2022 11:04 AM
- Regardless of software version re-imaging the EWC-ap may help (indeed).
M.
03-13-2022 12:18 PM
So not really sure what was actually wrong, but i did get it working finally on current software version. Couple notes:
- Using the initial setup dialog on the AP always induced the 'Getting Started' webui loop
- Using the initial setup dialog on the AP and manually changing certain aspects didn't produce positive results either (intermittent IP connectivity, webui loop as well)
What i ended up doing was performing a clean reset (wireless ewc-ap factory-reset), skipping the initial configuration dialog altogether, and then running through the setup completely via CLI:
Step 1 - Configure the Host Name (Optional)
Step 2A - Set the administrative username/password
Step 2B - Configure the AP Profile
Step 3A - Configure the Wireless Local Area Network
Step 3B - Configure the Wireless Profile Policy
Step 3C - Configure the Default Policy Tag
Step 4 - Turn on the global encryption
Step 5 - Save the Configuration
Once that was complete, i was able to access the primary management UI. I'm not sure why there is such a discrepancy between the modes of initial setup and why some simply don't work as documented, but this is how i got it working in the end.
** Note - You can supposedly use the Catalyst app on a phone to perform the provisioning, but i didn't play with that much. I tried it initially when i was getting the webui loop, but connecting to the SSID resulted in no DHCP handoff to the client, so that didn't work either.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide