


A direct serial connection to the controller console port,The default username is admin, and the default password is admin

You need these items to connect to the serial port:

  • A computer that is running a terminal emulation program such as Putty, SecureCRT, or similar

  • A standard Cisco console serial cable with an RJ45 connector

Configure terminal emulator program with default settings:

  • 9600 baud (你可以通过命令去WLC上修改对应的波特率)

    • (Cisco Controller) >config serial baudrate

      [1200/2400/4800/9600/19200/38400/57600/115200] Enter serial speed.

  • 8 data bits

  • 1 stop bit

  • No parity

  • No hardware flow control

To log on to the controller CLI through the serial port, follow these steps:

如下是WLC5508, 5520,8510,8540以及新的Catalyst Wireless Controller 9800的Console port:






系统提示符可以是最多31个字符的任何字母数字字符串。 您可以通过输入config prompt命令进行更改。


(Cisco Controller) >config prompt Test-vWLC

(Test-vWLC) >
(Test-vWLC) >
(Test-vWLC) >
(Test-vWLC) >




Choose Management > HTTP-HTTPS.The HTTP-HTTPS Configuration page is displayed.





(Test-vWLC) >config network webmode enable

(Test-vWLC) >config network secureweb enable
You must reboot for the change to take effect.  《注意开启secureweb开启,需要重启!默认就是开启的》

  • Enable or disable secure web mode with increased security by entering this command:

config network secureweb cipher-option high {enable | disable}

This command allows users to access the controller GUI using “https://ip-address” but only from browsers that support 128-bit (or larger) ciphers. The default value is disabled.

When high ciphers is enabled, SHA1, SHA256, SHA384 keys continue to be listed and TLS 1.0 is disabled. This is applicable to webauth and webadmin but not for NMSP.


  • Enable or disable SSLv2 for web administration by entering this command:

config network secureweb cipher-option sslv2 {enable | disable}

If you disable SSLv2, users cannot connect using a browser configured with SSLv2 only. They must use a browser that is configured to use a more secure protocol such as SSLv3 or later. The default value is disabled.

  • Enable 256 bit ciphers for a SSH session by entering this command:

config network ssh cipher-option high {enable | disable}


  • (Optional) Generate a new certificate by entering this command:

config certificate generate webadmin

After a few seconds, the controller verifies that the certificate has been generated



(Test-vWLC) >show network summary

RF-Network Name............................. MG
Web Mode.................................... Enable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Disable
Secure Web Mode RC4 Cipher Preference....... Disable
OCSP........................................ Disabled
OCSP responder URL..........................
Secure Shell (ssh).......................... Enable
Telnet...................................... Disable


(Test-vWLC) >show certificate summary
Web Administration Certificate................... 3rd Party
Web Authentication Certificate................... Locally Generated
Certificate compatibility mode:.................. off



Choose Management > Telnet-SSH to open the Telnet-SSH Configuration page.





(Test-vWLC) >config network telnet enable

(Test-vWLC) >config network ssh enable

(Test-vWLC) >config sessions timeout 0 《关闭会话超时》

(Test-vWLC) >config sessions maxsessions

[0-5] Enter sessions as integer. 《最大会话只能是5个》

(Test-vWLC) >config loginsession

close Close active telnet session(s).

(Test-vWLC) >config loginsession close

[<session ID>/all] Enter session ID.



Configure SSH access host-key by entering these commands:


  • Generate or regenerate SSH host key by entering this command:

    config network ssh host-key generate

    This command generates a 1024-bit key.

  • Use device certificate private key as SSH host key by entering this command:

    config network ssh host-key use-device-certificate-key

    This command generates a 2048-bit key.


(Test-vWLC) >show network summary

RF-Network Name............................. MG
Web Mode.................................... Enable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Disable
Secure Web Mode RC4 Cipher Preference....... Disable
OCSP........................................ Disabled
OCSP responder URL..........................
Secure Shell (ssh).......................... Enable
Telnet...................................... Enable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable



(Test-vWLC) >show loginsession

ID User Name Login Type Connection From Idle Time Session Time
-- --------------- ---------- --------------------------------------------- ------------ ------------
01 lcj Ssh 00:00:00 00:48:58

(Test-vWLC) >config loginsession close 01




你必须全局启用Telnet权限。 默认情况下,所有管理用户都启用了Telnet权限。SSH sessions are not affected by this feature.





config mgmtuser telnet user-name {enable | disable}



The management over wireless feature allows you to monitor and configure local controllers using a wireless client. This feature is supported for all management tasks except uploads to and downloads from (transfers to and from) the controller.(除了从WLC上传和下载任务)


  • Management over Wireless can be disabled only if clients are on central switching.(默认关闭)

  • Management over Wireless is not supported for FlexConnect local switching clients. However, Management over Wireless works for non-web authentication clients if you have a route to the controller from the FlexConnect site.(Flex 本地转发的客户端不支持;如果你从Flex站点到WLC有路由,除了WEB认证的客户端外,可以实现无线管理WLC)


Choose Management > Mgmt Via Wireless to open the Management Via Wireless page.





(Test-vWLC) >config network mgmt-via-wireless enable



(Test-vWLC) >show network summary

RF-Network Name............................. MG
Web Mode.................................... Enable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Disable
Secure Web Mode RC4 Cipher Preference....... Disable


AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Enable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable



开启通过动态Dynamic Interfaces 管理WLC:

默认情况下禁用动态接口,如果需要也可以启用大多数或所有管理功能。 启用后,所有动态接口都可用于管理员访问控制器。 您可以根据需要使用访问控制列表(ACL)来限制此访问。

应该只能通过CLI:config network mgmt-via-dynamic-interface {enable | disable}



注意:通过Remote管理(如Web或SSH等)方式管理WLC,需要注意web管理或SSH等管理方式是否enable,如果没有打开需要开启,另外,值得注意的是,如果本地安装有VMware虚拟机等应用,应该避免VMware的网卡和WLC的mangement interface处于同一个网段。