09-02-2011 08:22 AM - edited 07-03-2021 08:39 PM
Guys / Gals -
Never used the CLI template from WCS, and wanted to enable band select globally. Saw on another post that Lee Johnson commented on that it's best to enable band select globally using the CLI. By not doing so, any changes to an SSID to use band select are irrelevant without the global change. So when you open a new template, it's just a blank doc and so I entered my username on the first line, password on second, and command on the third. The template doesn't apply properly and it times out. Is there a way to specify the access method (i.e. telnet/SSH) or does it go over SNMP? I'm assuming SNMP, and since all of my other templates apply properly that makes me think that while the template goes over SNMP, that the actual commands are via telnet or SSH. In either case, I still get the timeout error. Is there any docs that show examples of how to build the template? I can't find any in the config guide or command reference guide.
Cheers,
Scott
Solved! Go to Solution.
09-02-2011 08:39 AM
Hi Scott,
By default this template uses SSH. Please see the following for an example of how to configure this:
http://www.cisco.com/en/US/docs/wireless/wcs/7.0/configuration/guide/7_0temp.html#wp1261256
HTH
Kyle
09-02-2011 12:04 PM
Scott,
When you define a username/password in the above described location that is the username/password that WCS will use when applying a template that requires a username/password (i.e. the CLI template). The username/password that you define must be allowed to SSH to a WLC so you can either define a local username/password on the WLC or if you are using TACACS+/Radius make sure its a valid domain user that has rights to SSH/Telnet to a WLC. For example if you were to open a SSH session from your pc to the WLC what username/password would you use? You can use that combonation or create another username/password on the WLC under local users.
09-02-2011 08:39 AM
Hi Scott,
By default this template uses SSH. Please see the following for an example of how to configure this:
http://www.cisco.com/en/US/docs/wireless/wcs/7.0/configuration/guide/7_0temp.html#wp1261256
HTH
Kyle
09-02-2011 09:40 AM
Kyle -
I'm an idiot. Helps if you search the correct document. Thanks.
09-02-2011 09:51 AM
Kyle -
I get the invalid username error. I see that the docs state that I need to check the number of CLI connections to the controller. Do previous attempts that fail tie up a CLI session and they need to be cleared? If so, how do I clear them? Also, from that error, I would suspec that a username/password is expected in the CLI template, but no example shows that. As I stated previously, do I simply place my username on line 1 and password on line 2 followed by commands on the remaining lines?
Thanks,
Scott
09-02-2011 10:10 AM
Ok, figured out how to show the active sessions ('show loginsession') and to clear sessions ('config loginsessions close {session id | all}') but I don't see that there are any sessions to clear other than my own active session. This would tell me that my username/password is still the issue, but again, I don't see from the docs how I'm supposed to give that information to the controller. Does it automatically use the username/password that I used for WCS, meaning that the same login information needs to be present on the controllers? I'll try that for now.
09-02-2011 10:12 AM
No dice on adding the WCS username/pass to the controllers. If a session to apply a CLI template is 'initiated', does it still tie up a CLI session until it's either successful or times out? Are those 'hidden' sessions that I wouldn't see on the controller and I should just issue a 'config loginsession close all' regardless?
09-02-2011 10:23 AM
Another question:
Is it expecting the same username/password as the SNMP RW community?
09-02-2011 10:53 AM
Hey Scott,
When you added the WLC to WCS did you define the username/password to use for telnet/ssh? See the below:
This is the user/pass the CLI template is trying to login with. Does this help?
09-02-2011 11:41 AM
Kyle -
Ah, yes, that does help. Was wondering what username/password combination it wanted. So do I log into WCS with credentials that match that, or do I place the username/password in the CLI script?
Regards,
Scott
09-02-2011 11:48 AM
You will need to navigate to configure>Controllers, choose your WLC and you will get the screen shot above. Then input a valid username/password for the telnet/ssh parameter. Say okay to this and then try your CLI template.
09-02-2011 11:52 AM
Kyle -
Again, the part I'm missing is what that username/password needs to be! How is WCS authenticating against that login when I apply a CLI script? Is WCS sending the username/password of the person currently logged in? Clearly it can't be as stupid as just make sure there's a username and password set. Also, is there a way to change that telnet/SSH password on all the controllers? I don't see a template that allows me to do so.
Regards,
Scott
09-02-2011 12:04 PM
Scott,
When you define a username/password in the above described location that is the username/password that WCS will use when applying a template that requires a username/password (i.e. the CLI template). The username/password that you define must be allowed to SSH to a WLC so you can either define a local username/password on the WLC or if you are using TACACS+/Radius make sure its a valid domain user that has rights to SSH/Telnet to a WLC. For example if you were to open a SSH session from your pc to the WLC what username/password would you use? You can use that combonation or create another username/password on the WLC under local users.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide