Move WPA-PSK between controllers

jhedstr2 · ‎02-19-2010

The customer lost the PSK but kept it in production. Now they installed a new controller and need to add the PSK in the new WLC.

Seems to still be problem to use template and PSK in WCS (old bug). The key seems to be corrupt in the new WLC.

Is there any way to see the key in clear text or move a crypt key in the CLI?

Or do the customer have to change key?

WLC 1 = 4404 4.2

WLC 2 = 5508 6.0

WCS = 6.0

Anyone that have a nice solution?

Kind Regards,

Johan

Leo Laohoo · ‎02-19-2010

Nope. Please take note that running two different wireless firmware codes may cause some disruptions or performance issues. There are some different default feature that each version has.

jhedstr2 · ‎02-20-2010

Customer don't have much choice since they have many AP in 1000-series, so they have to run diffrent codes.

I think it's a bit silly that the admin/root user can't see any password or keys. In most other system, like ACS, there are some way see this in clear text.

Well, I tell the customer that they have to change the PSK.

Leo Laohoo · ‎02-20-2010

It ain't silly. It's very logical, security speaking. You can never be assured that the person(s) perusing the passwords are legitimate or not. Even Cisco (sometimes) can't tell you what the encrypted passwords are. (Emphasis on the word "sometimes".)

jhedstr2 · ‎02-20-2010

The problem with this is that the customer still have to write down and keep the PSK somewhere. I think it's much better to have a root user that can see PSK, and keep the information in the system. Seen too many Post-it notes in my days.

It could also be an option to encrypt, like you have in all IOS devices.