Hi Mark,

Is the web login and pass the same for the putty session?

I tried to look at the logs on the controller for the changes for "no shutdown" and see nothing. It will not display at all. I am still working through it. I try "reload" and type "c" and it goes to the next line and I type "onfirm" and it goes to the prompt and then get that same message, but I am still not able to reload controller even when I type "confirm". See the screenshot below:

Do these logs tell you anything? See below:

ct 9 17:23:09.066: %WEBSERVER-5-LOGIN_PASSED: Chassis 1 Login Successful from host 192.168.1.x by user 'admin' using crypto cipher 'TLS_AES_256_GCM_SHA384'

Oct 9 17:23:09.065: %SEC_LOGIN-5-WEBLOGIN_SUCCESS: Login Success [user: admin] [Source: 192.168.1.x] at 11:23:09 GMT Thu Oct 9 2025

Oct 9 17:02:03.697: %SYS-6-PRIVCFG_ENCRYPT_SUCCESS: Successfully encrypted private config file

Oct 9 17:01:59.454: %SYS-5-CONFIG_I: Configured from console by console

Oct 9 17:01:17.250: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up

Oct 9 17:01:17.246: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2, changed state to up

Oct 9 17:01:16.320: %SYS-6-PRIVCFG_ENCRYPT_SUCCESS: Successfully encrypted private config file

Oct 9 17:01:16.250: %LINK-3-UPDOWN: Interface Vlan1, changed state to up

Oct 9 17:01:16.245: %LINK-3-UPDOWN: Interface GigabitEthernet2, changed state to up

Oct 9 17:01:11.134: %SYS-5-CONFIG_I: Configured from console by console

Oct 9 17:01:09.303: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2, changed state to down

Oct 9 16:34:30.986: %SYS-6-PRIVCFG_ENCRYPT_SUCCESS: Successfully encrypted private config file

Oct 9 16:34:27.444: %LINK-3-UPDOWN: Interface Vlan100, changed state to up

Oct 9 16:34:27.141: %SYS-5-CONFIG_I: Configured from console by console

Oct 9 16:27:03.675: %SYS-6-PRIVCFG_ENCRYPT_SUCCESS: Successfully encrypted private config file

Oct 9 16:26:58.908: %LINK-5-CHANGED: Interface Vlan100, changed state to administratively down

Oct 9 16:26:58.590: %SYS-5-CONFIG_I: Configured from console by console

Oct 9 16:26:20.698: %SYS-6-PRIVCFG_ENCRYPT_SUCCESS: Successfully encrypted private config file

Oct 9 16:26:16.830: %SYS-5-CONFIG_I: Configured from console by console

Oct 9 16:24:01.678: %SYS-6-PRIVCFG_ENCRYPT_SUCCESS: Successfully encrypted private config file

Oct 9 16:23:56.409: %SYS-5-CONFIG_I: Configured from console by console

What do you think? Thank you.

    - @dcgtechnologies   Let's  keep it contained with one issue at a time ;  just type return after [confirm].
                                      Don't use the character c as extra input. Will the controller then reboot ?

  M.

Awesome! Just clicking Enter reboots the controller. Why do that have you type out "confirm". That is interesting. Now if we can get putty to work for me. I have tried admin and the password I made for it. How can I reset it? I still get access denied. Once I get into the putty session I can get the config much easier and run in through the wireless config tool. I am still scratching my head on the "no shutdown" issue. I use "config t" for all my configuration changes. Thank you.

  - @dcgtechnologies              Staying with the PuTTY access problem;
                                    Have you defined an administrative user in the running configuration ?

   From   https://www.ciscolive.com/c/dam/r/ciscolive/global-event/docs/2024/pdf/BRKEWN-2094.pdf ;
   read from CLI/GUI access
   All of those directives from the next two rectangular panes must be configured to make (local) access possible
   with PuTTY
                                                          (probably work to do....)

  M.

I have been through those documents to the "T" that is why I am puzzled with my Vlan 1 which is now operational, and I have no clue why. Vlan100 should be the operational vlan for the SVI will not take "no shutdown". Vlan1 should NOT be operational or should it? I am new to all this, and I have read document after document blog after blog and get different answers opinions, but so far you are spot on. That is why I am confused. I did make sure all the aaa groups are in my config as well as went to the next slide and made the adjustments there and NOW I am locked out of the console and cannot even get into the config now so I have to reset the password. The documents are generic and do not provide troubleshooting tips as all environments are different and I wish all of this was a one size fits all model. I have the user name as I pulled it from the config, but the password needs to be reset. Thank you.

THIS IS NOT THE SOLUTION!!! HIT IT BY MISTAKE!

  - @dcgtechnologies    Vlan1 can be left alone when not using it.  Advising to not shut it down.
                                     If you have any other issues when using 'no shutdown' then post a screenshot 
                                     and or the output of what you are getting.
                                     If you are locked out and no access to the console, then you may have to start
                                     with a new controller (VM) and start again,

  M.

Hi Mark. So I did exactly that and started a brand-new build. I have everything in a good place and all past issues have been addressed and I am able to SSH to the WLC now and still have the issue with "no shutdown" on all interfaces, but when I put "shutdown" on an interface it shows that it is shutdown. My new build had "shutdown" on vlan1 so I just put "no shutdown" on it and it is not displayed. See below:

Any ideas as to why this is happening? Thank you.

 - @dcgtechnologies  No shutdown is a default directive. Therefore it will not appear in the output of the running confuguration. Check the status of all interfaces with : show interface

 M.

I understand now. They all are on the up and up. Just one question. The Vlan1 is up, but the line protocol is down. Is this normal behavior? Is the line protocol supposed to be down? I am just curious.

On another note, when following the pdf document, you pointed out I somehow when I did it the first time locked the web gui out and not sure how I did it. I am running through it again with this new installation. I will let you know how it goes. Thank you for your help.

  - @dcgtechnologies   The line protocol should not be down (for Vlan1). Execute  a 'shutdown' followed by a 'no shutdown' and examine the logs on the controller

  M.

I tried exactly what you had stated and in the logs, it shows as "Up". See logs below:

*Oct 11 11:42:18.941: %LINK-3-UPDOWN: Interface Vlan1, changed state to up

*Oct 11 11:42:18.362: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (192.168.1.x)

*Oct 11 11:41:36.366: %SYS-6-PRIVCFG_ENCRYPT_SUCCESS: Successfully encrypted private config file

*Oct 11 11:41:31.996: %SYS-5-CONFIG_I: Configured from console by admin on vty0 (192.168.1.x)

*Oct 11 11:41:31.628: %LINK-5-CHANGED: Interface Vlan1, changed state to administratively down

*Oct 11 11:41:13.803: %SYS-6-PRIVCFG_ENCRYPT_SUCCESS: Successfully encrypted private config file

See screenshot below:

It still shows Operational Status as "Down" and I am at a stopping point until I fix this. I am clueless on this one.

I do have a concern though as my firewall only supports the native vlan1 and not able to set the primary interface to any other vlan then vlan1. I can create other vlans though, but I have to keep vlan1 as my primary interface. I have my switches set to Vlan10 and vlan1 is disabled on the switch and everything works as expected and can reach everything, but I am wondering if my switch is the reason why it is staying down. Could that be my issue as to why the operational status is down, but shows up in the logs as up?

Thank you.

  - @dcgtechnologies   It all depends on what you want to do. Do you want to  manage the controller trough Vlan1 ?
                                    Then vlan1 should not be disabled on the switch and or switches. Actually vlan1 should
                                     never be disabled on switches , because it is used for basic network management
                                    protocols (spanning-tree , vtp , CDP and or  LLDP) . Disabling vlan1 on switches should be
                                     avoided.  This could be your current issue on the controller when it can't find a 
                                   'partner-vlan1' (which is disabled on the switch)

 M.

Sounds like I might have some work to do. I will go ahead and turn vlan 1 back on both my switches, but I have my switches all set to certain Vlans so I am going to open up a case with vendor for my firewall to see if they can make this improvement as I like the flexibility as this firewall I have is an expensive one. I will post my findings once I have turned vlan1 back on and made the necessary changes. Thank you Mark.

Well Mark did enable vlan1 on all the switches and still no Up status on the Operational portion. See show interface below for vlan1:

Vlan1 is up, line protocol is down , Autostate Enabled
Hardware is Ethernet SVI, address is 001e.e50f.afff (bia 001e.e50f.afff)
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 16:37:56, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1 packets input, 60 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 packets output, 0 bytes, 0 underruns
Output 0 broadcasts (0 IP multicasts)
0 output errors, 5 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out

What else do you recommend I check? I am still new to SVI configs so please bare with me and again thank you for your help with this. I will not move anything until I figure it out and I read this post below:

Solved: Vlan shows down/down - Cisco Community

It states I need to attach an L2 interface to that Vlan1 L3 interface. So would that be GigabitEthernet1. What would the config look like? I tried that and it never took and actually caused more issues.

To @Mark Elsen I would like to manage it though my vlan10 that is my native vlan on the switches as that is my main internal network. Is vlan1 a requirement for the SVI for management or can I use vlan10 instead? How can I set that up if vlan1 is not needed. I will not disable it knowing now what you told me.