Cisco Wireless Controller- Password Recovery Procedure for Catalyst 9800-40

As many of you know about the new wireless controller launched by Cisco WLC 9800. We are going to discuss about the password recovery feature in Cisco Wireless Controller 9800-40. The software version is Version 16.10.01

Fig 1.1- Cisco Catalyst 9800-40 WLC password recovery

Step1:

Reboot box

Step 2: 

Send 'break' key when you see ##### print on console for system loading image. then, system will breakup boot and will go to rommon prompt. (this can be done using putty or send break key)

File size is 0x01d191f3

Located C9800-rpboot.16.10.01.SPA.pkg 

Image size 30511603 inode num 874837, bks cnt 7450 blk size 8*512

################################################################################

################################################################################

################################################################################

##########################################################

Boot image size = 30511603 (0x1d191f3) bytes

ROM:RSA Self Test Passed

ROM:Sha512 Self Test Passed

Package header rev 3 structure detected

Calculating SHA-1 hash...done

validate_package_cs: SHA-1 hash:

            calculated e36f46af:2c06b38d:eeb6e65b:ffaeb429:a6982d29

            expected   e36f46af:2c06b38d:eeb6e65b:ffaeb429:a6982d29

Validating main package signatures

monitor: command "boot" aborted due to user interrupt

rommon 1 >

Step 3: 

Change config register, to 0x2142 using command "confreg 0x2142" from rommon prompt.

rommon 1 > confreg 0x2142

You must reset or power cycle for new config to take effect

Step 4: 

To save rommon config change, execute "sync" at the rommon prompt, "reset" rommon to applied change from rommon prompt.

rommon 2 > sync

rommon 3 > reset

Resetting .......

Initializing Hardware ...

System integrity status: 90170200 12030107

System Bootstrap, Version 16.10(2r), RELEASE SOFTWARE

Copyright (c) 1994-2018  by cisco Systems, Inc.

Current image running: Boot ROM0

Last reset cause: LocalSoft

C9800-40-K9 platform with 33554432 Kbytes of main memory

File size is 0x000015c9

Located packages.conf 

Image size 5577 inode num 874834, bks cnt 2 blk size 8*512

#

File size is 0x01d191f3

Located C9800-rpboot.16.10.01.SPA.pkg 

Image size 30511603 inode num 874837, bks cnt 7450 blk size 8*512

################################################################################

################################################################################

################################################################################

##########################################################

Boot image size = 30511603 (0x1d191f3) bytes

ROM:RSA Self Test Passed

ROM:Sha512 Self Test Passed

Package header rev 3 structure detected

Calculating SHA-1 hash...done

validate_package_cs: SHA-1 hash:

            calculated e36f46af:2c06b38d:eeb6e65b:ffaeb429:a6982d29

            expected   e36f46af:2c06b38d:eeb6e65b:ffaeb429:a6982d29

Validating main package signatures

RSA Signed RELEASE Image Signature Verification Successful.

Image validated

Jun 21 02:30:21.565: %PMAN-3-PROC_EMPTY_EXEC_FILE: R0/0: pvp: Empty executable u

sed for process bt_logger

Jun 21 02:30:24.561: %PMAN-3-PROC_EMPTY_EXEC_FILE: R0/0: pvp: Empty executable u

sed for process bt_logger

Both links down, not waiting for other chassis

Chassis number is 1

Jun 21 02:30:25.327: %PMAN-3-PROC_EMPTY_EXEC_FILE: R0/0: pvp: Empty executable u

sed for process bt_logger

Jun 21 02:30:27.293: %PMAN-3-PROC_EMPTY_EXEC_FILE: R0/0: pvp: Empty executable u

sed for process bt_logger

Jun 21 02:30:33.770: %PMAN-3-PROC_EMPTY_EXEC_FILE: R0/0: pvp: Empty executable u

sed for process bt_logger

Jun 21 02:30:37.045: %PMAN-3-PROC_EMPTY_EXEC_FILE: R0/0: pvp: Empty executable u

sed for process bt_logger

Cisco IOS Software [Gibraltar], C9800 Software (C9800_IOSXE), Version 16.10.1, R

ELEASE SOFTWARE (fc4)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2018 by Cisco Systems, Inc.

Compiled Mon 19-Nov-18 08:27 by mcpre

PLEASE READ THE FOLLOWING TERMS CAREFULLY. INSTALLING THE LICENSE OR

LICENSE KEY PROVIDED FOR ANY CISCO SOFTWARE PRODUCT, PRODUCT FEATURE,

AND/OR SUBSEQUENTLY PROVIDED SOFTWARE FEATURES (COLLECTIVELY, THE

"SOFTWARE"), AND/OR USING SUCH SOFTWARE CONSTITUTES YOUR FULL

ACCEPTANCE OF THE FOLLOWING TERMS. YOU MUST NOT PROCEED FURTHER IF YOU

ARE NOT WILLING TO BE BOUND BY ALL THE TERMS SET FORTH HEREIN.

You hereby acknowledge and agree that certain Software and/or features are

licensed for a particular term, that the license to such Software and/or

features is valid only for the applicable term and that such Software and/or

features may be shut down or otherwise terminated by Cisco after expiration

of the applicable license term (e.g., 90-day trial period). Cisco reserves

the right to terminate any such Software feature electronically or by any

other means available. While Cisco may provide alerts, it is your sole

responsibility to monitor your usage of any such term Software feature to

ensure that your systems and networks are prepared for a shutdown of the

Software feature.

cisco C9800-40-K9 (1GL) processor (revision 1GL) with 7866660K/6147K bytes of me

mory.

FIPS: Flash Key Check : Key Not Found, FIPS Mode Not Enabled

Processor board ID TTM22500DAL

1 Virtual Ethernet interface

4 Ten Gigabit Ethernet interfaces

32768K bytes of non-volatile configuration memory.

33554432K bytes of physical memory.

26255359K bytes of eUSB flash at boot flash:.

234365527K bytes of SATA hard disk at hard disk:.

0K bytes of WebUI ODM Files at webui:.

Base Ethernet MAC Address: D4:C9:3C:CC:F2:E0

Installation mode is INSTALL

Press RETURN to get started!

*Jun 21 02:31:00.165: %IOSXE_PLATFORM-3-WDC_NOT_FOUND: WDC returned length: 0

*Jun 21 02:31:00.185: %SMART_LIC-6-EXPORT_CONTROLLED: Usage of export controlled

 features is not allowedAdding registry invocations for the WLC platform

*Jun 21 02:31:01.743: %SMART_LIC-6-AGENT_READY: Smart Agent for Licensing is ini

tialized

*Jun 21 02:31:01.743: %SMART_LIC-6-AGENT_ENABLED: Smart Agent for Licensing is e

nabled 

*Jun 21 02:31:01.743: %SMART_LIC-6-EXPORT_CONTROLLED: Usage of export controlled

 features is not allowed

*Jun 21 02:31:04.732: mcp_pm_subsys_init : Init done sucessfullyRA Tracing tool 

registry return: 0SID Manager, starting initialization ...

*Jun 21 02:31:05.511: Notifications initializedSID Manager, completed initializa

tion ...

*Jun 21 02:31:07.298: %SPANTREE-5-EXTENDED_SYSID: Extended SysId enabled for typ

e vlan

*Jun 21 02:31:08.999: %CRYPTO-4-AUDITWARN: Encryption audit check could not be p

erformed

*Jun 21 02:31:09.081: %VOICE_HA-7-STATUS: CUBE HA-supported platform detected.

*Jun 21 02:31:09.317: %IOSXE_VMAN-3-MSGINITFAIL: Failed to initialize required V

irt-manager resource: Initalize MQIPC

*Jun 21 02:31:09.333: mcp_pm_init_done : Called

*Jun 21 02:31:09.338: %LINK-3-UPDOWN: Interface Lsmpi0, changed state to up

*Jun 21 02:31:09.345: %LINK-3-UPDOWN: Interface EOBC0, changed state to up

*Jun 21 02:31:09.345: %LINEPROTO-5-UPDOWN: Line protocol on Interface VoIP-Null0

, changed state to up

*Jun 21 02:31:09.346: %LINEPROTO-5-UPDOWN: Line protocol on Interface LI-Null0, 

changed state to up

*Jun 21 02:31:09.346: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state 

to down

*Jun 21 02:31:09.351: %LINK-3-UPDOWN: Interface LIIN0, changed state to up

*Jun 21 02:30:33.738: %PMAN-3-PROC_EMPTY_EXEC_FILE: Chassis 1 R0/0: pvp: Empty e

xecutable used for process bt_logger

*Jun 21 02:30:37.011: %PMAN-3-PROC_EMPTY_EXEC_FILE: Chassis 1 R0/0: pvp: Empty e

xecutable used for process bt_logger

*Jun 21 02:30:39.576: %CMFP-6-CRYPTO_MODULE: Chassis 1 R0/0: cman_fp: Crypto Har

dware Module is present

*Jun 21 02:31:01.754: %LMRP-3-RTU_UNINITIALIZED: Chassis 1 R0/0: lman: RTU not y

et initialized: stack enabled 0

*Jun 21 02:31:09.489: %SMART_LIC-6-HA_ROLE_CHANGED: Smart Agent HA role changed 

to Active.

*Jun 21 02:31:10.295: %IOSXE_MGMTVRF-6-CREATE_SUCCESS_INFO: Management vrf Mgmt-

intf created with ID 1, ipv4 table-id 0x1, ipv6 table-id 0x1E000001

*Jun 21 02:31:10.344: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, cha

nged state to down

*Jun 21 02:31:10.345: %LINEPROTO-5-UPDOWN: Line protocol on Interface Lsmpi0, ch

anged state to up

*Jun 21 02:31:10.394: %LINEPROTO-5-UPDOWN: Line protocol on Interface EOBC0, cha

nged state to up

*Jun 21 02:31:10.394: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEth

ernet0, changed state to down

*Jun 21 02:31:10.394: %LINEPROTO-5-UPDOWN: Line protocol on Interface LIIN0, cha

nged state to up

*Jun 21 02:31:10.966: %ONEP_BASE-6-SS_ENABLED: ONEP: Service set Base was enable

d by Default

*Jun 21 02:31:12.842: %SYS-6-STARTUP_CONFIG_IGNORED: System startup configuratio

n is ignored based on the configuration register setting.

*Jun 21 02:31:12.854: %IOSXE_OIR-6-REMSPA: SPA removed from subslot 0/0, interfa

ces disabled

*Jun 21 02:31:12.913: %SPA_OIR-6-OFFLINECARD: SPA (BUILT-IN-4X10G/1G) offline in

 subslot 0/0

*Jun 21 02:31:12.919: %IOSXE_OIR-6-INSCARD: Card (fp) inserted in slot F0

*Jun 21 02:31:12.920: %IOSXE_OIR-6-ONLINECARD: Card (fp) online in slot F0

*Jun 21 02:31:12.946: %IOSXE_OIR-6-INSCARD: Card (cc) inserted in slot 0

*Jun 21 02:31:12.946: %IOSXE_OIR-6-ONLINECARD: Card (cc) online in slot 0

*Jun 21 02:31:13.111: % Redundancy mode change to SSO

*Jun 21 02:31:13.112: %VOICE_HA-7-STATUS: NONE->SSO; SSO mode will not take effe

ct until after a platform reload.

*Jun 21 02:31:13.231: %IOSXE_OIR-6-INSSPA: SPA inserted in subslot 0/0

*Jun 21 02:31:14.793: %SYS-5-RESTART: System restarted --

Cisco IOS Software [Gibraltar], C9800 Software (C9800_IOSXE), Version 16.10.1, R

ELEASE SOFTWARE (fc4)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2018 by Cisco Systems, Inc.

Compiled Mon 19-Nov-18 08:27 by mcpre

*Jun 21 02:31:14.834: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF

*Jun 21 02:31:14.834: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF

*Jun 21 02:31:16.976: %LINK-3-UPDOWN: Interface GigabitEthernet0, changed state 

to up

*Jun 21 02:31:17.079: %SYS-6-BOOTTIME: Time taken to reboot after reload =  325 

seconds

*Jun 21 02:31:17.977: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEth

ernet0, changed state to up

*Jun 21 02:31:21.579: %SPA_OIR-6-ONLINECARD: SPA (BUILT-IN-4X10G/1G) online in s

ubslot 0/0

*Jun 21 02:31:21.638: %IOSXE_SPA-6-UPDOWN: Interface TenGigabitEthernet0/0/0, li

nk down due to remote fault

*Jun 21 02:31:21.708: %IOSXE_SPA-6-UPDOWN: Interface TenGigabitEthernet0/0/1, li

nk down due to local fault

*Jun 21 02:31:21.748: %IOSXE_SPA-6-UPDOWN: Interface TenGigabitEthernet0/0/2, li

nk down due to local fault

*Jun 21 02:31:21.788: %IOSXE_SPA-6-UPDOWN: Interface TenGigabitEthernet0/0/3, li

nk down due to local fault

*Jun 21 02:31:21.855: %PNP-6-PNP_DISCOVERY_STOPPED: PnP Discovery stopped (Start

up Config Present)

*Jun 21 02:31:23.541: %LINK-3-UPDOWN: Interface TenGigabitEthernet0/0/0, changed

 state to down

*Jun 21 02:31:23.571: %LINK-3-UPDOWN: Interface TenGigabitEthernet0/0/1, changed

 state to down

*Jun 21 02:31:23.572: %LINK-3-UPDOWN: Interface TenGigabitEthernet0/0/2, changed

 state to down

*Jun 21 02:31:23.575: %LINK-3-UPDOWN: Interface TenGigabitEthernet0/0/3, changed

 state to down

*Jun 21 02:31:24.680: %IOSXE_SPA-6-UPDOWN: Interface TenGigabitEthernet0/0/0, li

nk down due to local fault

*Jun 21 02:31:23.618: %LINK-3-UPDOWN: SIP0/0: Interface TenGigabitEthernet0/0/0,

 changed state to down

*Jun 21 02:31:29.036: %PKI-2-NON_AUTHORITATIVE_CLOCK: PKI functions can not be i

nitialized until an authoritative time source, like NTP, can be obtained.

*Jun 21 02:31:29.491: %LINK-3-UPDOWN: Interface TenGigabitEthernet0/0/0, changed

 state to up

*Jun 21 02:31:30.492: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabit

Ethernet0/0/0, changed state to up

*Jun 21 02:31:29.491: %LINK-3-UPDOWN: SIP0/0: Interface TenGigabitEthernet0/0/0,

 changed state to up

*Jun 21 02:31:30.495: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, cha

nged state to up

*Jun 21 02:31:37.119: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named CISCO_IDEVID_SU

DI_LEGACY has been generated or imported by pki-sudi

*Jun 21 02:31:39.050: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named CISCO_IDEVID_SU

DI has been generated or imported by pki-sudi

WLC>

Step 5: 

Now system will boot without any config, Ignore startup config wizard.

Step 6: 

Once system comes up, copy startup-config to running-config.

Step 7: 

Reconfigure enable password or logging credentials, and check if you can access to the device via telnet or ssh.

C9800-40#telnet 10.10.10.1

Trying 10.10.10.1 ... Open

User Access Verification

Username: admin

Password:

C9800-40#

Step 8: 

Change config-register back to 0x2002

C9800-40(config)#config-register 0x2002

Step 9: 

save config

C9800-40#write memory 

Building configuration...

[OK]