Re: WLC lost WEB and CLI after enabling FIPs

Mike_ATT_NY · ‎03-13-2020

I lost HTTP/HTTPS/CLI on my WLC after enabling FIPs. I can login, however with the console. I also lost all of my wireless profiles. Luckily, I'm testing in the lab.

Mike_ATT_NY · ‎03-13-2020

I also lost all the wireless profiles... luckily I'm in the lab..

Scott Fella · ‎03-13-2020

You did read up on the requirements for access when fips is enabled? I’m assuming you need to enable fips for government or you just testing?

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/cisco_wlc_security.html#concept_7E605B4A99C746C5BA3F050FDA812C86

-Scott
*** Please rate helpful posts ***

Mike_ATT_NY · ‎03-13-2020

I did read that document. It mentioned flushing out the old certificate & etc.. however, I was looking for some help to see if anyone has gone through this before.

Scott Fella · ‎03-13-2020

Did you create a certificate after you enabled fips?

-Scott
*** Please rate helpful posts ***

ammahend · ‎03-14-2020

I did configure FIPS and CC compliance, did not run into this issue you are referring to.

In addition to the document mentioned by Scott I also followed this document from Cisco.

At the time i was using 5520 with 8.5.

https://www.niap-ccevs.org/MMO/Product/st_vid10931-agd.pdf

-hope this helps-

Mike_ATT_NY · ‎03-26-2020

I did generate the cert.

Here is the HTTPS error -> Error code: SSL_ERROR_NO_CYPHER_OVERLAP

The Putty error -> Couldn't agree a key exchange algorithm (available ecdh-sha2 & etc)

I was able to clear cert/SSL state on IE and I get a login there, but login fails. I have removed FIPS, & etc. and I regain access.