Cisco Wireless Controller- Password Recovery Procedure for Catalyst 9800-40
As many of you know about the new wireless controller launched by Cisco WLC 9800. We are going to discuss about the password recovery feature in Cisco Wireless Controller 9800-40. The software version is Version 16.10.01
Fig 1.1- Cisco Catalyst 9800-40 WLC password recovery |
Step1:
Reboot box
Step 2:
Send 'break' key when you see ##### print on console for system loading image. then, system will breakup boot and will go to rommon prompt. (this can be done using putty or send break key)
File size is 0x01d191f3
Located C9800-rpboot.16.10.01.SPA.pkg
Image size 30511603 inode num 874837, bks cnt 7450 blk size 8*512
################################################################################
################################################################################
################################################################################
##########################################################
Boot image size = 30511603 (0x1d191f3) bytes
ROM:RSA Self Test Passed
ROM:Sha512 Self Test Passed
Package header rev 3 structure detected
Calculating SHA-1 hash...done
validate_package_cs: SHA-1 hash:
calculated e36f46af:2c06b38d:eeb6e65b:ffaeb429:a6982d29
expected e36f46af:2c06b38d:eeb6e65b:ffaeb429:a6982d29
Validating main package signatures
monitor: command "boot" aborted due to user interrupt
rommon 1 >
Step 3:
Change config register, to 0x2142 using command "confreg 0x2142" from rommon prompt.
rommon 1 > confreg 0x2142
You must reset or power cycle for new config to take effect
Step 4:
To save rommon config change, execute "sync" at the rommon prompt, "reset" rommon to applied change from rommon prompt.
rommon 2 > sync
rommon 3 > reset
Resetting .......
Initializing Hardware ...
System integrity status: 90170200 12030107
System Bootstrap, Version 16.10(2r), RELEASE SOFTWARE
Copyright (c) 1994-2018 by cisco Systems, Inc.
Current image running: Boot ROM0
Last reset cause: LocalSoft
C9800-40-K9 platform with 33554432 Kbytes of main memory
File size is 0x000015c9
Located packages.conf
Image size 5577 inode num 874834, bks cnt 2 blk size 8*512
#
File size is 0x01d191f3
Located C9800-rpboot.16.10.01.SPA.pkg
Image size 30511603 inode num 874837, bks cnt 7450 blk size 8*512
################################################################################
################################################################################
################################################################################
##########################################################
Boot image size = 30511603 (0x1d191f3) bytes
ROM:RSA Self Test Passed
ROM:Sha512 Self Test Passed
Package header rev 3 structure detected
Calculating SHA-1 hash...done
validate_package_cs: SHA-1 hash:
calculated e36f46af:2c06b38d:eeb6e65b:ffaeb429:a6982d29
expected e36f46af:2c06b38d:eeb6e65b:ffaeb429:a6982d29
Validating main package signatures
RSA Signed RELEASE Image Signature Verification Successful.
Image validated
Jun 21 02:30:21.565: %PMAN-3-PROC_EMPTY_EXEC_FILE: R0/0: pvp: Empty executable u
sed for process bt_logger
Jun 21 02:30:24.561: %PMAN-3-PROC_EMPTY_EXEC_FILE: R0/0: pvp: Empty executable u
sed for process bt_logger
Both links down, not waiting for other chassis
Chassis number is 1
Jun 21 02:30:25.327: %PMAN-3-PROC_EMPTY_EXEC_FILE: R0/0: pvp: Empty executable u
sed for process bt_logger
Jun 21 02:30:27.293: %PMAN-3-PROC_EMPTY_EXEC_FILE: R0/0: pvp: Empty executable u
sed for process bt_logger
Jun 21 02:30:33.770: %PMAN-3-PROC_EMPTY_EXEC_FILE: R0/0: pvp: Empty executable u
sed for process bt_logger
Jun 21 02:30:37.045: %PMAN-3-PROC_EMPTY_EXEC_FILE: R0/0: pvp: Empty executable u
sed for process bt_logger
Cisco IOS Software [Gibraltar], C9800 Software (C9800_IOSXE), Version 16.10.1, R
ELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Mon 19-Nov-18 08:27 by mcpre
PLEASE READ THE FOLLOWING TERMS CAREFULLY. INSTALLING THE LICENSE OR
LICENSE KEY PROVIDED FOR ANY CISCO SOFTWARE PRODUCT, PRODUCT FEATURE,
AND/OR SUBSEQUENTLY PROVIDED SOFTWARE FEATURES (COLLECTIVELY, THE
"SOFTWARE"), AND/OR USING SUCH SOFTWARE CONSTITUTES YOUR FULL
ACCEPTANCE OF THE FOLLOWING TERMS. YOU MUST NOT PROCEED FURTHER IF YOU
ARE NOT WILLING TO BE BOUND BY ALL THE TERMS SET FORTH HEREIN.
You hereby acknowledge and agree that certain Software and/or features are
licensed for a particular term, that the license to such Software and/or
features is valid only for the applicable term and that such Software and/or
features may be shut down or otherwise terminated by Cisco after expiration
of the applicable license term (e.g., 90-day trial period). Cisco reserves
the right to terminate any such Software feature electronically or by any
other means available. While Cisco may provide alerts, it is your sole
responsibility to monitor your usage of any such term Software feature to
ensure that your systems and networks are prepared for a shutdown of the
Software feature.
cisco C9800-40-K9 (1GL) processor (revision 1GL) with 7866660K/6147K bytes of me
mory.
FIPS: Flash Key Check : Key Not Found, FIPS Mode Not Enabled
Processor board ID TTM22500DAL
1 Virtual Ethernet interface
4 Ten Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
33554432K bytes of physical memory.
26255359K bytes of eUSB flash at boot flash:.
234365527K bytes of SATA hard disk at hard disk:.
0K bytes of WebUI ODM Files at webui:.
Base Ethernet MAC Address: D4:C9:3C:CC:F2:E0
Installation mode is INSTALL
Press RETURN to get started!
*Jun 21 02:31:00.165: %IOSXE_PLATFORM-3-WDC_NOT_FOUND: WDC returned length: 0
*Jun 21 02:31:00.185: %SMART_LIC-6-EXPORT_CONTROLLED: Usage of export controlled
features is not allowedAdding registry invocations for the WLC platform
*Jun 21 02:31:01.743: %SMART_LIC-6-AGENT_READY: Smart Agent for Licensing is ini
tialized
*Jun 21 02:31:01.743: %SMART_LIC-6-AGENT_ENABLED: Smart Agent for Licensing is e
nabled
*Jun 21 02:31:01.743: %SMART_LIC-6-EXPORT_CONTROLLED: Usage of export controlled
features is not allowed
*Jun 21 02:31:04.732: mcp_pm_subsys_init : Init done sucessfullyRA Tracing tool
registry return: 0SID Manager, starting initialization ...
*Jun 21 02:31:05.511: Notifications initializedSID Manager, completed initializa
tion ...
*Jun 21 02:31:07.298: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for typ
e vlan
*Jun 21 02:31:08.999: %CRYPTO-4-AUDITWARN: Encryption audit check could not be p
erformed
*Jun 21 02:31:09.081: %VOICE_HA-7-STATUS: CUBE HA-supported platform detected.
*Jun 21 02:31:09.317: %IOSXE_VMAN-3-MSGINITFAIL: Failed to initialize required V
irt-manager resource: Initalize MQIPC
*Jun 21 02:31:09.333: mcp_pm_init_done : Called
*Jun 21 02:31:09.338: %LINK-3-UPDOWN: Interface Lsmpi0, changed state to up
*Jun 21 02:31:09.345: %LINK-3-UPDOWN: Interface EOBC0, changed state to up
*Jun 21 02:31:09.345: %LINEPROTO-5-UPDOWN: Line protocol on Interface VoIP-Null0
, changed state to up
*Jun 21 02:31:09.346: %LINEPROTO-5-UPDOWN: Line protocol on Interface LI-Null0,
changed state to up
*Jun 21 02:31:09.346: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state
to down
*Jun 21 02:31:09.351: %LINK-3-UPDOWN: Interface LIIN0, changed state to up
*Jun 21 02:30:33.738: %PMAN-3-PROC_EMPTY_EXEC_FILE: Chassis 1 R0/0: pvp: Empty e
xecutable used for process bt_logger
*Jun 21 02:30:37.011: %PMAN-3-PROC_EMPTY_EXEC_FILE: Chassis 1 R0/0: pvp: Empty e
xecutable used for process bt_logger
*Jun 21 02:30:39.576: %CMFP-6-CRYPTO_MODULE: Chassis 1 R0/0: cman_fp: Crypto Har
dware Module is present
*Jun 21 02:31:01.754: %LMRP-3-RTU_UNINITIALIZED: Chassis 1 R0/0: lman: RTU not y
et initialized: stack enabled 0
*Jun 21 02:31:09.489: %SMART_LIC-6-HA_ROLE_CHANGED: Smart Agent HA role changed
to Active.
*Jun 21 02:31:10.295: %IOSXE_MGMTVRF-6-CREATE_SUCCESS_INFO: Management vrf Mgmt-
intf created with ID 1, ipv4 table-id 0x1, ipv6 table-id 0x1E000001
*Jun 21 02:31:10.344: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, cha
nged state to down
*Jun 21 02:31:10.345: %LINEPROTO-5-UPDOWN: Line protocol on Interface Lsmpi0, ch
anged state to up
*Jun 21 02:31:10.394: %LINEPROTO-5-UPDOWN: Line protocol on Interface EOBC0, cha
nged state to up
*Jun 21 02:31:10.394: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEth
ernet0, changed state to down
*Jun 21 02:31:10.394: %LINEPROTO-5-UPDOWN: Line protocol on Interface LIIN0, cha
nged state to up
*Jun 21 02:31:10.966: %ONEP_BASE-6-SS_ENABLED: ONEP: Service set Base was enable
d by Default
*Jun 21 02:31:12.842: %SYS-6-STARTUP_CONFIG_IGNORED: System startup configuratio
n is ignored based on the configuration register setting.
*Jun 21 02:31:12.854: %IOSXE_OIR-6-REMSPA: SPA removed from subslot 0/0, interfa
ces disabled
*Jun 21 02:31:12.913: %SPA_OIR-6-OFFLINECARD: SPA (BUILT-IN-4X10G/1G) offline in
subslot 0/0
*Jun 21 02:31:12.919: %IOSXE_OIR-6-INSCARD: Card (fp) inserted in slot F0
*Jun 21 02:31:12.920: %IOSXE_OIR-6-ONLINECARD: Card (fp) online in slot F0
*Jun 21 02:31:12.946: %IOSXE_OIR-6-INSCARD: Card (cc) inserted in slot 0
*Jun 21 02:31:12.946: %IOSXE_OIR-6-ONLINECARD: Card (cc) online in slot 0
*Jun 21 02:31:13.111: % Redundancy mode change to SSO
*Jun 21 02:31:13.112: %VOICE_HA-7-STATUS: NONE->SSO; SSO mode will not take effe
ct until after a platform reload.
*Jun 21 02:31:13.231: %IOSXE_OIR-6-INSSPA: SPA inserted in subslot 0/0
*Jun 21 02:31:14.793: %SYS-5-RESTART: System restarted --
Cisco IOS Software [Gibraltar], C9800 Software (C9800_IOSXE), Version 16.10.1, R
ELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Mon 19-Nov-18 08:27 by mcpre
*Jun 21 02:31:14.834: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*Jun 21 02:31:14.834: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
*Jun 21 02:31:16.976: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state
to up
*Jun 21 02:31:17.079: %SYS-6-BOOTTIME: Time taken to reboot after reload = 325
seconds
*Jun 21 02:31:17.977: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEth
ernet0, changed state to up
*Jun 21 02:31:21.579: %SPA_OIR-6-ONLINECARD: SPA (BUILT-IN-4X10G/1G) online in s
ubslot 0/0
*Jun 21 02:31:21.638: %IOSXE_SPA-6-UPDOWN: Interface TenGigabitEthernet0/0/0, li
nk down due to remote fault
*Jun 21 02:31:21.708: %IOSXE_SPA-6-UPDOWN: Interface TenGigabitEthernet0/0/1, li
nk down due to local fault
*Jun 21 02:31:21.748: %IOSXE_SPA-6-UPDOWN: Interface TenGigabitEthernet0/0/2, li
nk down due to local fault
*Jun 21 02:31:21.788: %IOSXE_SPA-6-UPDOWN: Interface TenGigabitEthernet0/0/3, li
nk down due to local fault
*Jun 21 02:31:21.855: %PNP-6-PNP_DISCOVERY_STOPPED: PnP Discovery stopped (Start
up Config Present)
*Jun 21 02:31:23.541: %LINK-3-UPDOWN: Interface TenGigabitEthernet0/0/0, changed
state to down
*Jun 21 02:31:23.571: %LINK-3-UPDOWN: Interface TenGigabitEthernet0/0/1, changed
state to down
*Jun 21 02:31:23.572: %LINK-3-UPDOWN: Interface TenGigabitEthernet0/0/2, changed
state to down
*Jun 21 02:31:23.575: %LINK-3-UPDOWN: Interface TenGigabitEthernet0/0/3, changed
state to down
*Jun 21 02:31:24.680: %IOSXE_SPA-6-UPDOWN: Interface TenGigabitEthernet0/0/0, li
nk down due to local fault
*Jun 21 02:31:23.618: %LINK-3-UPDOWN: SIP0/0: Interface TenGigabitEthernet0/0/0,
changed state to down
*Jun 21 02:31:29.036: %PKI-2-NON_AUTHORITATIVE_CLOCK: PKI functions can not be i
nitialized until an authoritative time source, like NTP, can be obtained.
*Jun 21 02:31:29.491: %LINK-3-UPDOWN: Interface TenGigabitEthernet0/0/0, changed
state to up
*Jun 21 02:31:30.492: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabit
Ethernet0/0/0, changed state to up
*Jun 21 02:31:29.491: %LINK-3-UPDOWN: SIP0/0: Interface TenGigabitEthernet0/0/0,
changed state to up
*Jun 21 02:31:30.495: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, cha
nged state to up
*Jun 21 02:31:37.119: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named CISCO_IDEVID_SU
DI_LEGACY has been generated or imported by pki-sudi
*Jun 21 02:31:39.050: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named CISCO_IDEVID_SU
DI has been generated or imported by pki-sudi
WLC>
Step 5:
Now system will boot without any config, Ignore startup config wizard.
Step 6:
Once system comes up, copy startup-config to running-config.
Step 7:
Reconfigure enable password or logging credentials, and check if you can access to the device via telnet or ssh.
C9800-40#telnet 10.10.10.1
Trying 10.10.10.1 ... Open
User Access Verification
Username: admin
Password:
C9800-40#
Step 8:
Change config-register back to 0x2002
C9800-40(config)#config-register 0x2002
Step 9:
save config
C9800-40#write memory
Building configuration...
[OK]