OSI Reference Model (OSI)

OSI Reference Model (OSI)

The International Organization for Standardization (ISO) developed the Open System Interconnection (OSI) Reference Model to describe how information is transferred from one machine to another machine from the point when a user enters information using a keyboard and mouse to when that information is converted to electrical or light signals transferred along a piece of wire or radio waves transferred through the air. It is important to understand that the OSI Reference Model describes concepts and terms in a general manner and that many network protocols such as IP and IPX fail to fit nicely into scheme explained in OSI model. Therefore the OSI Reference Model is most often used as a teaching and troubleshooting tool. By understanding the basics of the OSI Reference Model you can apply these to real protocols to gain a better understanding of them as well as to more easily troubleshoot problems.

 OSI Reference Model (OSI)

                              Layer 6              Presentation

                              Layer 5              Session

                              Layer 4              Transport

                              Layer 3              Network

                              Layer 2              Data link

                              Layer 1              Physical

(1)Application Layer

The top (seventh) layer of the OSI Reference Model is the application layer. It provides the user interface. Example of TCP/IP applications include telnet, FTP, HTTP, and SMTP. The seventh layer or topmost layer of the OSI Reference Model is the application layer. It provides the interface that a person user to interact with the application. The interface can be command-line interface (CLI) whereas a web browser uses a graphical interface. In the OSI Reference Model the application layer refers to applications that are network-aware. There are thousands of computer application across a network. This situation is changing rapidly however . Five years ago there was a distinct line between application that could and could not perform network functions. A good example of this was word processing programs like Microsoft word they were built to perform one process: word processing. Today however many applications Microsoft word for instance

Have  embedded objects that do not necessarily have to be on the same computer are telnet FTP web browsers and e-mail.

(2)Presentation Layer

The sixth layer of the OSI Reference Model is the presentation layer. The presentation layer is responsible for defining how information is presented to the user in the interface that they are using. This layer defines how various forms of text graphics video or audio information are presented to the user. For example text is represented in two different forms: ASCI and EBCDIC. ASCII (the American Standard Code for on formation interchange used by most devices today) uses seven bits to represent characters. EBCDIC (Extended Binary- Coded Decimal Interchange Code developed by IBM) is still used in mainframe environments to represent characters. Text can also b shaped by different elements such as font underline italic and bold. There are different standards for representing graphical information BMP, GIF, JPEG, TIFF and others. This variety of standards is also true of audio (WAV and MIDI) and video (WMV, AVI, and MPEG). There are literally hundreds of standards for representing information that a user sees in their application. Probably one of the best examples of applications that have a very clear presentation function is a web browser since it has many special marking codes that define how data should be represented to the user. The presentation layer can also provide encryption to secure data from the application layer however this is not common with today methods of security since this type of encryption is performed in software and required a lot of CPU cycles to perform.

(3)Session Layer

The fifth layer of the OSI Reference Model is the session layer. The session layer is responsible for initiating the setup and teardown of connections. In order to perform these functions the session layer must determine whether data stays local to a computer or must be obtained or sent to a remote networking device.  In the later case the session layer initiates the connection. The session layer is also responsible for differentiating among multiple network connections ensuring that data is sent across  the correct connection as well as taking data from a connection and forwarding it to the correct application. The actual mechanics of this process however are implemented at the transport layer. To set up connections or tear down connections the session layer communicates with the transport layer. Remote Procedure Call (PRC) is an example of an IP session protocol the Network File System (NFS) which uses RPC is an example application at this layer.

Transport Layer

The fourth layer of the OSI Reference Model is the transport layer. The transport layer is responsible for the actual mechanics of a connection where it can provide both reliable and unreliable delivery of data. For reliable connections the transport layer is responsible for error detection and correction: When an error is detected the transport layer will resend the data thus providing the correction. For unreliable connections the transport layer provides only error detection error correction is left up to one of the higher layers (typically the application layer). In this sense unreliable connections attempted to provide a best effort delivery if the data makes it there that great and if it dose not oh well! Example of a reliable transport protocol are TCP/IP Transmission Control Protocol (TCP) and IPX SPX (Sequenced Packet Exchange) protocol. TCP/IP User Datagram Protocol (UDP) is an example of a protocol that uses unreliable connections. Actually IPX and IP themselves are example of protocols that provide unreliable connections even though they operate at the network and not transport layer. In IPX case if a reliable connection is needed SPX is used. For IP if a reliable connection is mechanics is discussed in more depth in the section Transport Layer later in this chapter.

Network Layer  

The third layer of the OSI Reference Model is network layer. The network layer provides quite a few functions. First it provides for a logical topology of your network using logical or layer 3 addresses. These addresses are used to group machines together. As you will see in chapter 3 these addresses have two components a network component and a host component. The network component is used to group devices together. Layer 3 addresses allow devices that are on the same or different media types to communicate with each other. Media types define types of connections such as Ethernet Token Ring or serial. These are discussed in the section Data Link Layer later in this chapter. To move information between devices that have different network numbers a router is used. Routers use information in the logical address to make intelligent decisions about how to reach a destination. Routing is discussed in more depth in chapter 9, 10 and 11. Examples of network layer protocols include Apply Talk DEC net IPX, TCP/IP (or IP for short), Vines and XNS. The network layer is discussed in much more depth in the section Network Layer later in this chapter.

Data Link Layer   

The second layer in the OSI Reference Model is the data link layer. Whereas the network layer provides for logical addresses for devices the data link layer provides for physical or hardware addresses. These hardware addresses are commonly called Media Access Control (MAC) addresses. The data link layer also defines how a networking device access the media that it is connected as well as defining the media frame type. This include the fields and components of the data link layer or layer 2 frame. This communication is only for devices on the same data link layer media type (or same piece of wire). To traverse media types Ethernet to Token Ring for instance typically a router is used. The data link layer is also responsible for taking bits (binary 1 and o) from the physically layer and reassembling them into the original data link layer frame. The data link layer dose error detection and will discard bad frames. It typically does not perform error correction as TCP/IP TCP protocol does however some data link layer protocols do support error correction functions. Examples of data link layer protocols and standards for local area  network (LAN) connections include IEEE 802.3 and 802.5 Ethernet II and ANSI FDDI. Example of WAN connections include ATM Frame Relay HDLC (High Level Data Link Control) SLIP (Serial Line Internet Protocol ) and X.25. Bridges switches and network interface controllers or cards (NIC) are the primary networking devices functioning the data link layer which is discussed in more depth in the section Data Link Layer later in this chapter.

Physical Layer  

The first or bottommost layer of the OSI Reference Model is the physical layer. The physical layer is responsible for the physical mechanics of a network connection which include the following:

• The type of interface used on the networking device.

• The type of cable used for connecting devices.

• The connectors used on each end of the cable.

• The pin-outs used for each of the connections on the cable.

The type of interface is commonly called a NIC A NIC can be a physical card that you put into a computer like a 100BaseT Ethernet card or a fixed interface on a switch like a 100BaseTX port on a Cisco Catalyst 1900 series switch. The physical layer is also responsible for how binary information is converted to a physical layer signal. For example if the cable uses copper as a transport medium the physical defines how binary 1 s and 0 s are converted into an electrical signal by using different voltage   

Password Recovery Procedure for the Cisco 7200 Series Routers

Password Recovery Procedure for the Cisco 7200 Series Routers

Introduction

This document describes how to recover the enable password and the enable secret passwords. These passwords protect access to privileged EXEC and configuration modes. The enable password password can be recovered, but the enable secret password is encrypted and must be replaced with a new password. Use the procedure described in this document in order to replace the enable secret password.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on these hardware versions:

• Cisco 3600 Series Router
• Cisco 3800 Series Router

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Related Products

Refer to Password Recovery Procedures for information on how to recover passwords for related products.

Conventions

Refer to Cisco Technical Tips Conventions for information on document conventions.

Step-by-Step Procedure

Follow these steps in order to recover your password:

1. Attach a terminal or PC with terminal emulation to the console port of the router.

Use these terminal settings:

• 9600 baud rate
• No parity
• 8 data bits
• 1 stop bit
• No flow control

Refer to these documents for information on how to cable and connect a terminal to the console port or the AUX port:

• Cabling Guide for Console and AUX Ports
• Connecting a Terminal to the Console Port on Catalyst Switches
• Connect a Terminal to Catalyst 2948G-L3, 4908G-L3, and 4840G Series Switches
1. If you can access the router, type show version at the prompt, and record the configuration register setting. See Example of Password Recovery Procedure in order to view the output of a show version command

Note: The configuration register is usually set to 0x2102 or 0x102. If you can no longer access the router (because of a lost login or TACACS password), you can safely assume that your configuration register is set to 0x2102.

3. Use the power switch in order to turn off the router, and then turn the router back on.

Important Notes:

• In order to simulate this step on a Cisco 6400, pull out and then plug in the Node Route Processor (NRP) or Node Switch Processor (NSP) card.
• In order to simulate this step on a Cisco 6x00 with NI-2, pull out and then plug in the NI-2 card.
3. Press Break on the terminal keyboard within 60 seconds of power up in order to put the router into ROMMON.

If the break sequence does not work, refer to Standard Break Key Sequence Combinations During Password Recovery for other key combinations.

5. Type confreg 0x2142 at the rommon 1> prompt in order to boot from Flash.

This step bypasses the startup configuration where the passwords are stored.

6. Type reset at the rommon 2> prompt.

The router reboots, but ignores the saved configuration.

7. Type no after each setup question, or press Ctrl-C in order to skip the initial setup procedure.
8. Type enable at the Router> prompt.

You are in enable mode and should see the Router# prompt.

9. Type configure memory or copy startup-config running-config in order to copy the nonvolatile RAM (NVRAM) into memory.

Important: Do not type copy running-config startup-config or write. These commands erase your startup configuration.

10. Type show running-config.

The show running-config command shows the configuration of the router. In this configuration, the shutdown command appears under all interfaces, which indicates all interfaces are currently shut down. In addition, the passwords (enable password, enable secret, vty, console passwords) are in either an encrypted or unencrypted format. You can reuse unencrypted passwords. You must change encrypted passwords to a new password.

11. Type configure terminal.

The hostname(config)# prompt appears.

12. Type enable secret <password> in order to change the enable secret password. For example:

13.             hostname(config)#enable secret cisco

14.              

15. Issue the no shutdown command on every interface that you use.

If you issue a show ip interface brief command, every interface that you want to use should display up up.

16. Type config-register <configuration_register_setting>. Where configuration_register_setting is either the value you recorded in step 2 or 0x2102 . For example:

17.             hostname(config)#config-register 0x2102

18.              

19. Press Ctrl-z or end in order to leave the configuration mode.

The hostname# prompt appears.

20. Type write memory or copy running-config startup-config in order to commit the changes.

Example of Password Recovery Procedure

This section provides an example of the password recovery procedure. This example was created with a Cisco 2600 Series Router. Even if you do not use a Cisco 2600 Series Router, this output provides an example of what you should experience on your product.

Router>enable

Password:

Password:

Password:

% Bad secrets

Router>show version

Cisco Internetwork Operating System Software

IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)

Copyright (c) 1986-1999 by cisco Systems, Inc.

Compiled Tue 07-Dec-99 02:21 by phanguye

Image text-base: 0x80008088, data-base: 0x80C524F8

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Router uptime is 3 minutes

System returned to ROM by abort at PC 0x802D0B60

System image file is "flash:c2600-is-mz.120-7.T"

cisco 2611 (MPC860) processor (revision 0x202) with 26624K/6144K bytes of memory.

Processor board ID JAB031202NK (3878188963)

M860 processor: part number 0, mask 49

Bridging software.

X.25 software, Version 3.0.0.

Basic Rate ISDN software, Version 1.1.

2 Ethernet/IEEE 802.3 interface(s)

2 Serial(sync/async) network interface(s)

1 ISDN Basic Rate interface(s)

32K bytes of non-volatile configuration memory.

8192K bytes of processor board System flash partition 1 (Read/Write)

8192K bytes of processor board System flash partition 2 (Read/Write)

Configuration register is 0x2102

Router>

!--- The router was just powercycled, and during bootup a

!--- break sequence was sent to the router.

!

*** System received an abort due to Break Key ***

signal= 0x3, code= 0x500, context= 0x813ac158

PC = 0x802d0b60, Vector = 0x500, SP = 0x80006030

rommon 1 > confreg 0x2142

You must reset or power cycle for new config to take effect

rommon 2 > reset

System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Copyright (c) 1999 by cisco Systems, Inc.

TAC:Home:SW:IOS:Specials for info

C2600 platform with 32768 Kbytes of main memory

program load complete, entry point: 0x80008000, size: 0x6fdb4c

Self decompressing the image : ###############################

##############################################################

##############################################################

##############################################################

############################### [OK]

 Restricted Rights Legend

Use, duplication, or disclosure by the Government is

subject to restrictions as set forth in subparagraph

(c) of the Commercial Computer Software - Restricted

Rights clause at FAR sec. 52.227-19 and subparagraph

(c) (1) (ii) of the Rights in Technical Data and Computer

Software clause at DFARS sec. 252.227-7013.

 cisco Systems, Inc.

 170 West Tasman Drive

 San Jose, California 95134-1706

Cisco Internetwork Operating System Software

IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)

Copyright (c) 1986-1999 by cisco Systems, Inc.

Compiled Tue 07-Dec-99 02:21 by phanguye

Image text-base: 0x80008088, data-base: 0x80C524F8

cisco 2611 (MPC860) processor (revision 0x202) with 26624K/6144K bytes of memory.

Processor board ID JAB031202NK (3878188963)

M860 processor: part number 0, mask 49

Bridging software.

X.25 software, Version 3.0.0.

Basic Rate ISDN software, Version 1.1.

2 Ethernet/IEEE 802.3 interface(s)

2 Serial(sync/async) network interface(s)

1 ISDN Basic Rate interface(s)

32K bytes of non-volatile configuration memory.

8192K bytes of processor board System flash partition 1 (Read/Write)

8192K bytes of processor board System flash partition 2 (Read/Write)

 --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: n

Press RETURN to get started!

00:00:19: %LINK-3-UPDOWN: Interface BRI0/0, changed state to up

00:00:19: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up

00:00:19: %LINK-3-UPDOWN: Interface Ethernet0/1, changed state to up

00:00:19: %LINK-3-UPDOWN: Interface Serial0/0, changed state to down

00:00:19: %LINK-3-UPDOWN: Interface Serial0/1, changed state to down

00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0,

changed state to down

00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0,

 changed state to up

Router>

00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1,

changed state to up

00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0,

changed state to down

00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1,

changed state to down

00:00:50: %SYS-5-RESTART: System restarted --

Cisco Internetwork Operating System Software

IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)

Copyright (c) 1986-1999 by cisco Systems, Inc.

Compiled Tue 07-Dec-99 02:21 by phanguye

00:00:50: %LINK-5-CHANGED: Interface BRI0/0,

changed state to administratively down

00:00:52: %LINK-5-CHANGED: Interface Ethernet0/0,

changed state to administratively down

00:00:52: %LINK-5-CHANGED: Interface Serial0/0,

changed state to administratively down

00:00:52: %LINK-5-CHANGED: Interface Ethernet0/1,

changed state to administratively down

00:00:52: %LINK-5-CHANGED: Interface Serial0/1,

changed state to administratively down

00:00:53: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0,

changed state to down

00:00:53: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1,

changed state to down

Router>

Router>enable

Router#copy startup-config running-config

Destination filename [running-config]?

1324 bytes copied in 2.35 secs (662 bytes/sec)

Router#

00:01:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:1,

changed state to down

00:01:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:2,

changed state to down

Router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#enable secret < password >

Router(config)#^Z

00:01:54: %SYS-5-CONFIG_I: Configured from console by console

Router#show ip interface brief

Interface   IP-Address        OK?  Method     Status                   Protocol

Ethernet0/0 10.200.40.37      YES  TFTP       administratively down    down

Serial0/0   unassigned        YES  TFTP       administratively down    down

BRI0/0      193.251.121.157   YES  unset      administratively down    down

BRI0/0:1    unassigned        YES  unset      administratively down    down

BRI0/0:2    unassigned        YES  unset      administratively down    down

Ethernet0/1 unassigned        YES  TFTP       administratively down    down

Serial0/1   unassigned        YES  TFTP       administratively down    down

Loopback0   193.251.121.157   YES  TFTP       up                       up

Router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#interface Ethernet0/0

Router(config-if)#no shutdown

Router(config-if)#

00:02:14: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up

00:02:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0,

changed state to up

Router(config-if)#interface BRI0/0

Router(config-if)#no shutdown

Router(config-if)#

00:02:26: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to down

00:02:26: %LINK-3-UPDOWN: Interface BRI0/0:2, changed state to down

00:02:26: %LINK-3-UPDOWN: Interface BRI0/0, changed state to up

00:02:115964116991: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0/0,

TEI 68 changed to up

Router(config-if)#^Z

Router#

00:02:35: %SYS-5-CONFIG_I: Configured from console by console

Router#copy running-config startup-config

Destination filename [startup-config]?

Building configuration...

[OK]

Router#show version

Cisco Internetwork Operating System Software

IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)

Copyright (c) 1986-1999 by cisco Systems, Inc.

Compiled Tue 07-Dec-99 02:21 by phanguye

Image text-base: 0x80008088, data-base: 0x80C524F8

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Router uptime is 3 minutes

System returned to ROM by abort at PC 0x802D0B60

System image file is "flash:c2600-is-mz.120-7.T"

cisco 2611 (MPC860) processor (revision 0x202)

with 26624K/6144K bytes of memory.

Processor board ID JAB031202NK (3878188963)

M860 processor: part number 0, mask 49

Bridging software.

X.25 software, Version 3.0.0.

Basic Rate ISDN software, Version 1.1.

2 Ethernet/IEEE 802.3 interface(s)

2 Serial(sync/async) network interface(s)

1 ISDN Basic Rate interface(s)

32K bytes of non-volatile configuration memory.

8192K bytes of processor board System flash partition 1 (Read/Write)

8192K bytes of processor board System flash partition 2 (Read/Write)

Configuration register is 0x2142

Router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#config-register 0x2102

Router(config)#^Z

00:03:20: %SYS-5-CONFIG_I: Configured from console by console

Router#show version

Cisco Internetwork Operating System Software

IOS (tm) C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)

Copyright (c) 1986-1999 by cisco Systems, Inc.

Compiled Tue 07-Dec-99 02:21 by phanguye

Image text-base: 0x80008088, data-base: 0x80C524F8

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Router uptime is 3 minutes

System returned to ROM by abort at PC 0x802D0B60

System image file is "flash:c2600-is-mz.120-7.T"

cisco 2611 (MPC860) processor (revision 0x202)

with 26624K/6144K bytes of memory.

Processor board ID JAB031202NK (3878188963)

M860 processor: part number 0, mask 49

Bridging software.

X.25 software, Version 3.0.0.

Basic Rate ISDN software, Version 1.1.

2 Ethernet/IEEE 802.3 interface(s)

2 Serial(sync/async) network interface(s)

1 ISDN Basic Rate interface(s)

32K bytes of non-volatile configuration memory.

8192K bytes of processor board System flash partition 1 (Read/Write)

8192K bytes of processor board System flash partition 2 (Read/Write)

Configuration register is 0x2142 (will be 0x2102 at next reload)

Router#

Password Recovery Procedure for the Wireless LAN

Password Recovery Procedure for the Wireless LAN Controller Module (WLCM) and Wireless Services Module (WiSM)

Introduction

This document describes how to recover a password or to restore the default settings on a Cisco Wireless LAN Controller Module (WLCM) installed on a Cisco Integrated Services Router (ISR) and the Cisco Wireless Services Module (WiSM) installed on a Catalyst 6500 Series Switch with the Supervisor 720.

Note: If you use the Cisco Wireless Control System (WCS) in order to manage the WLCM or WiSM, you should be able to access the controller from the WCS and create a new admin user without logging into the controller itself. Or, if you did not save the configuration on the controller after you deleted the user, then a reboot (power cycling) of the controller should bring it back up with the deleted user still in the system. If you do not have the default admin account or another user account with which you can log in, your only option is to default the controller to factory settings and reconfigure it from scratch.

Prerequisites

Requirements

This document applies to WLC versions prior to version 5.1. If you forget your password in WLC version 5.1 and later, you can use the CLI from the serial console of the controller in order to configure a new user name and password. See the Password Recovery in WLC versions 5.1 and later section for more information on this procedure.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Reset the WLCM to Default Settings

When the password to login to the WLCM is lost, the only way to get into the WLCM is to reset the WLCM back to default settings. This also means that the entire configuration on the WLCM is reset and has to be configured from scratch.

Complete these steps in order to reset the WLCM to factory default settings:

1.      Go to the CLI on the ISR and enter this command:

2811ISR#service-module wlan-controller slot/port reset 

This command performs a hardware reset on the WLCM. When this command is issued, the user is prompted to confirm the reset. When the user presses Enter, the reset begins.

This output shows an example:

2811ISR#service-module wlan-controller 2/0 reset

Use reset only to recover from shutdown or failed state

Warning: May lose data on the hard disc!

Do you want to reset?[confirm]

Trying to reset Service Module wlan-controller2/0.

[Resuming connection 1 to 192.168.11.1 ... ]

2.      When the reset begins, the console switches back to the ISR CLI. Press Enter in order to switch back to the WLCM CLI.

Note: The console switches back to the controller only if there is an open session that was previously established on the controller. If there is no open session on the controller, use the service-module wlan-controller 2/0 session command in order to open a new session on the controller.

When you session into the controller, the router might prompt you for a username and password to connect to the serial line if there is a default login authentication configured. This is the username and password for the router and not the controller. It does not give you the controller's User prompt until you press <cr> after you have entered the correct password. The Username prompt is for the router VTY and the User prompt is for sessioning into the controller. The first login is for the router, then <cr>, and the second login is for the controller.

Router#service-module wlan-controller 1/0 session

Username:myusername

Password:*********

<cr>

User:wlcuser

Password:*******

(Cisco Controller)>

Note: In order to check if the router is configured for any default login authentication, check if the running configuration has any of the aaa authentication commands, such as aaa new-model or aaa authentication login default. Refer to General AAA Configuration for more information on these commands.

This prevents the recovery of the password as the router prompts for a username/password and breaks the recover-config first prompt (it gets intercepted). Therefore, the user never has the opportunity. A workaround is to disable auth for the line.

Router(config)#aaa authentication login wlc none

Router(config)#line 66

!--- Line 66 is meant for the controller module of the router and 

!--- might change based on the hardware/chassis used on the router.

Router(config-if)#login authentication wlc

The boot process on the WLCM starts.

During the boot process on the WLCM, the user has to break into the boot loader by pressing Esc in order to see the additional options.

This output shows an example:

Initializing memory.  Please wait.  256 MB SDRAM detected

BIOS Version: SM 02.00

BIOS Build date: 09/17/02

System Now Booting ...

Booting from disk..., please wait.

Cisco Bootloader Loading stage2...

    Cisco Bootloader (Version 3.2.116.21)

Booting Primary Image...

Press <ESC> now for additional boot options...

    Boot Options

Please choose an option from below:

1. Run primary image (Version 3.2.116.21) (active)

2. Run backup image  (Version 3.2.116.21)

3. Manually upgrade primary image

4. Change active boot image

5. Clear Configuration

3.      Choose 5. Clear Configuration.

This is the only option that resets the password along with the controller configuration. This means you need to reconfigure the rest of the box again.

This output shows an example:

Please choose an option from below:

1. Run primary image (version 3.2.116.21) (active)

2. Run backup image (version 3.1.87.0)

3. Manually update images

4. Change active boot image

5. Clear Configuration

Please enter your choice: 5

4.      Once you enter this option, the WLCM is reset to factory default settings. After the reset, the WLCM automatically enters the CLI startup wizard and you are prompted for the startup configuration which includes the username/password. Complete the startup configuration wizard in order to access the WLCM.

This output shows an example:

Please enter your choice: 5

Detecting hardware . . . .

Clearing system configuration: done.

Configuration has been cleared.  Restarting...

Initializing memory.  Please wait.  256 MB SDRAM detected

BIOS Version: SM 02.00

BIOS Build date: 09/17/02

System Now Booting ...

Booting from disk..., please wait.

Cisco Bootloader Loading stage2...

    Cisco Bootloader (Version 3.2.116.21)

Booting Primary Image...

Press <ESC> now for additional boot options...

Detecting hardware . . . .

Generating Secure Shell DSA Host Key ...

Generating Secure Shell RSA Host Key ...

Generating Secure Shell version 1.5 RSA Host Key ...

Cisco is a trademark of Cisco Systems, Inc.

Software Copyright Cisco Systems, Inc. All rights reserved.

Cisco AireOS Version 3.2.116.21

Initializing OS Services: ok

Initializing Serial Services: ok

Initializing Network Services: ok

Starting ARP Services: ok

Starting Trap Manager: ok

Starting Network Interface Management Services: ok

Starting System Services: ok

Starting Fast Path Hardware Acceleration: ok

Starting Switching Services: ok

Starting QoS Services: ok

Starting FIPS Features: Not enabled

Starting Policy Manager: ok

Starting Data Transport Link Layer: ok

Starting Access Control List Services: ok

Starting System Interfaces: ok

Starting LWAPP: ok

Starting Crypto Accelerator: Not Present

Starting Certificate Database: ok

Starting VPN Services: ok

Starting Security Services: ok

Starting Policy Manager: ok

Starting Authentication Engine: ok

Starting Mobility Management: ok

Starting Virtual AP Services: ok

Starting AireWave Director: ok

Starting Network Time Services: ok

Starting Broadcast Services: ok

Starting Logging Services: ok

Starting DHCP Server: ok

Starting IDS Signature Manager: ok

Starting RFID Tag Tracking: ok

Starting RBCP: ok

Starting Management Services:

   Web Server: ok

   CLI: ok

   Secure Web: Web Authentication Certificate not found (error).

(Cisco Controller)

Welcome to the Cisco Wizard Configuration Tool

Use the '-' character to backup

System Name [Cisco_e8:38:c0]: WLCM

Enter Administrative User Name (24 characters max): admin

Enter Administrative Password (24 characters max): *****

Management Interface IP Address: 172.16.1.60

Management Interface Netmask: 255.255.0.0

Management Interface Default Router: 172.16.1.1

Management Interface VLAN Identifier (0 = untagged):

Management Interface Port Num [1]: 1

Management Interface DHCP Server IP Address: 172.16.1.1

AP Manager Interface IP Address: 172.16.1.61

AP-Manager is on Management subnet, using same values

AP Manager Interface DHCP Server (172.16.1.1):

Virtual Gateway IP Address: 1.1.1.1

Mobility/RF Group Name: WLCM-Group

Network Name (SSID): WLCM-Clients

Allow Static IP Addresses [YES][no]: no

Configure a RADIUS Server now? [YES][no]: no

Warning! The default WLAN security policy requires a RADIUS server.

Please see documentation for more details.

Enter Country Code (enter 'help' for a list of countries) [US]:

Enable 802.11b Network [YES][no]: yes

Enable 802.11a Network [YES][no]: yes

Enable 802.11g Network [YES][no]: yes

Enable Auto-RF [YES][no]: yes

Configure a NTP server now? [YES][no]: no

Configure the system time now? [YES][no]: no

Warning! No AP will come up unless the time is set.

Please see documentation for more details.

Configuration correct? If yes, system will save it and reset. [yes][NO]: yes

Configuration saved!

Resetting system with new configuration...

Initializing memory.  Please wait.  256 MB SDRAM detected

BIOS Version: SM 02.00

BIOS Build date: 09/17/02

System Now Booting ...

Booting from disk..., please wait.

Cisco Bootloader Loading stage2...

    Cisco Bootloader (Version 3.2.116.21)

Booting Primary Image...

Press <ESC> now for additional boot options...

Detecting hardware . . . .

Cisco is a trademark of Cisco Systems, Inc.

Software Copyright Cisco Systems, Inc. All rights reserved.

Cisco AireOS Version 3.2.116.21

Initializing OS Services: ok

Initializing Serial Services: ok

Initializing Network Services: ok

Starting ARP Services: ok

Starting Trap Manager: ok

Starting Network Interface Management Services: ok

Starting System Services: ok

Starting Fast Path Hardware Acceleration: ok

Starting Switching Services: ok

Starting QoS Services: ok

Starting FIPS Features: Not enabled

Starting Policy Manager: ok

Starting Data Transport Link Layer: ok

Starting Access Control List Services: ok

Starting System Interfaces: ok

Starting LWAPP: ok

Starting Crypto Accelerator: Not Present

Starting Certificate Database: ok

Starting VPN Services: ok

Starting Security Services: ok

Starting Policy Manager: ok

Starting Authentication Engine: ok

Starting Mobility Management: ok

Starting Virtual AP Services: ok

Starting AireWave Director: ok

Starting Network Time Services: ok

Starting Broadcast Services: ok

Starting Logging Services: ok

Starting DHCP Server: ok

Starting IDS Signature Manager: ok

Starting RFID Tag Tracking: ok

Starting RBCP: ok

Starting Management Services:

   Web Server: ok

   CLI: ok

   Secure Web: ok

(Cisco Controller)

Enter User Name (or 'Recover-Config' this one-time only to reset 

configuration to factory defaults)

User: admin

Password:*****

(Cisco Controller) >

Note: There is an alternate way to reset the WLCM to default settings. Reset the WLCM with the command illustrated in step 1. At this point, you perform step 2 as described earlier.

5.      After the boot process completes, it leads you to the user prompt. Enter the recover-config command at the User prompt on the controller.

WLCM is reset back to the factory default and the user is prompted with the startup wizard so that they can reconfigure the WLCM from scratch.

This output shows an example

(Cisco Controller)

Enter User Name (or 'Recover-Config' this one-time only to reset 

configuration to factory defaults)

User:recover-config

!--- This command works only for the first user prompt. 

!--- If you press enter and try the command at the second user prompt,

!--- this does not work.

Reset the WiSM to Default Settings

The procedure to reset the WiSM to its default settings is similar to the procedure to reset the WLCM.

Complete these steps in order to reset the WiSM to its default settings:

1.      In privileged mode from the router prompt, enter this command:

2.           Router#hw-module module <module slot number> reset

This command reboots the WiSM module. This is an example:

Router#hw-module module 3 reset

Proceed with reload of module?[confirm]

3.      Access the console of the controllers using a serial connection.

4.      When you are prompted for a username, enter recover-config in order to restore the factory default configuration.

Here is an example:

(Cisco Controller)

Enter User Name (or 'Recover-Config' this one-time only to reset 

configuration to factory defaults)

User:recover-config

For an alternative method, refer to WiSM Troubleshooting FAQ.

The controller reboots and displays this message:

Welcome to the Cisco WLAN Solution Wizard Configuration Tool

5.      Use the startup configuration wizard in order to enter new configuration settings including the username and password.

Password Recovery in WLC versions 5.1 and later

If you forget your password in WLC version 5.1 and later, you can use the CLI from the serial console of the controller in order to configure a new user name and password.

After the controller boots up, enter the Restore-Password command at the user prompt. This command is only accepted for the initial user login and becomes disabled after a user logs in. You are prompted to enter a new username/password, which can then be used to log into the controller and modify settings.

Before version 5.1, there is no password recovery option on the Wireless LAN Controller (WLC). You need to set the WLC in order to factory defaults and reconfigure it. In order to set the WLC to factory defaults, power cycle the WLC, press the ESC Key during the boot up process from the console, and choose last option(5) in order to clear the configuration and reboot the Wireless LAN Controller.

Note:  The new default username and password is admin.

Refer to the Clearing the Controller Configuration section of Managing Controller Software and Configurations for more information on how to clear the configuration on the WLC.

You can also have a look at the Wireless LAN Password Recovery video , which provides an explanation with an illustration on how to recover passwords on WLCs that run the older firmware versions and the WLCs that run versions 5.1 and later.