Move WPA-PSK between controllers

Unanswered Question
Feb 19th, 2010
User Badges:

The customer lost the PSK but kept it in production. Now they installed a new controller and need to add the PSK in the new WLC.

Seems to still be problem to use template and PSK in WCS (old bug). The key seems to be corrupt in the new WLC.

Is there any way to see the key in clear text or move a crypt key in the CLI?


Or do the customer have to change key?

WLC 1 = 4404 4.2

WLC 2 = 5508 6.0

WCS   = 6.0


Anyone that have a nice solution?


Kind Regards,

Johan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Leo Laohoo Fri, 02/19/2010 - 16:54
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Nope.  Please take note that running two different wireless firmware codes may cause some disruptions or performance issues.  There are some different default feature that each version has.

jhedstr2 Sat, 02/20/2010 - 00:39
User Badges:

Customer don't have much choice since they have many AP in 1000-series, so they have to run diffrent codes.


I think it's a bit silly that the admin/root user can't see any password or keys. In most other system, like ACS, there are some way see this in clear text.


Well, I tell the customer that they have to change the PSK.

Leo Laohoo Sat, 02/20/2010 - 00:55
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

It ain't silly.  It's very logical, security speaking.  You can never be assured that the person(s) perusing the passwords are legitimate or not.  Even Cisco (sometimes) can't tell you what the encrypted passwords are.  (Emphasis on the word "sometimes".)

jhedstr2 Sat, 02/20/2010 - 02:07
User Badges:

The problem with this is that the customer still have to write down and keep the PSK somewhere. I think it's much better to have a root user that can see PSK, and keep the information in the system. Seen too many Post-it notes in my days.


It could also be an option to encrypt, like you have in all IOS devices.

Actions

This Discussion

 

 

Trending Topics - Security & Network