Changing Cisco Aironet 2800 SSH password on every AP

While changing the password on Cisco Aironet 2800 controller over web-based management interface, it will update the password for the web interface and SSH login of the controller. However, it will not update the SSH login on every access points. This post provides a solution to change the SSH login for all the access points.

Assuming we have multiple AP, with IP address below

  • AP1 –
  • AP2 –
  • AP3 –

and one of them will become the controller, with IP address

Connect to the controller via SSH.

$ ssh controller-admin@
(Cisco Controller)
User: controller-admin

Welcome to the Cisco Mobility Express command line interface.
Only commands which are listed in the command reference guide for this release are supported.
(Cisco Controller) >

Command show mgmtuser will list the user on the controller, not SSH login for each APs.

(Cisco Controller) >show mgmtuser

User Name                 Permissions    Description            Password Strength   Telnet Capable
-----------------------   ------------   ---------------------  ------------------  ----------
controller-admin          read-write                                      Strong         Yes

Use the following command to change the SSH login for all APs. This will not change the controller login.

(Cisco Controller) >config ap mgmtuser add username SSH-ADMIN password SSH-PASSWORD secret SSH-ENABLE-SECRET all
(Cisco Controller) >

Save and logout.

(Cisco Controller) >logout
The system has unsaved changes.
Would you like to save them now? (y/N) y
Connection to closed.

Now you can login individual AP with the updated password.

$ ssh SSH-ADMIN@
sshadmin@'s password: SSH-PASSWORD
Connection to closed.


Tested on Cisco Aironet 2800 software

Leave a Reply

Your email address will not be published. Required fields are marked *