Change a SSID's password automatically every month

aleopoldie · ‎08-26-2015

Hello experts,

I am trying to install a way to change 1 time per month the WPA-PSK password of 1 SSID. Is it possible ? With a script or something like this ?

AL

Leo Laohoo · ‎08-26-2015

I am trying to install a way to change 1 time per month the WPA-PSK password of 1 SSID. Is it possible ? With a script or something like this ?

What's wrong with using RADIUS?

aleopoldie · ‎09-23-2015

I just wanted to know if it was possible

AL

Leo Laohoo · ‎09-24-2015

Yes it can be done, of course. The problem is WHO is going to be the poor bugger who'll be tasked to change the SSID passwords on each AP and every client.

This is why, on paper, it is a good idea. In practice, it is not.

aleopoldie · ‎09-24-2015

It is not necessary to change the SSID password on each AP as long as you have a WLC , doesn't it ?

Leo Laohoo · ‎09-24-2015

It is not necessary to change the SSID password on each AP as long as you have a WLC

Correct. But if the APs are autonomous, it's not.

However, this means that each wireless client needs to change their PSK too, which doesn't really help to keep a network "secure" as the PSK can just as easily "walk out the door".

aleopoldie · ‎09-24-2015

Yes you are right. I proposed the radius solution to our customer, it will be more secure then WPA-PSK

AL

Ric Beeching · ‎08-26-2015

In theory you could script something to generate a random password every 30 days and then log into your AP and change it via CLI but I wouldn't know how to write it.

Leo has a point about RADIUS.. it is usually preferred for security reasons.

-----------------------------
Please rate helpful / correct posts

Prakash Parvathala · ‎08-28-2015

Try This,

First, go to SSID and select PPSK as the authentication method and indicate how many devices a user can have on the network at the same time

After doing that, click save. Your config should look something like this:

Now select PSK User groups; select new and configure it something like as follows:

After that you will need to setup a userprofile and make it correspond with the User profile attribute you gave the local user group. This is very important otherwise you will not be able to authenticate. End result should look like something like this:

Now before you push the configuration, go to the tab on the left to the 'show nav' panel. Browse to authentication > local users. In there you should see the user you just made. You can email that to an email address or write it down to give out to people or have it display somewhere.
This would give you a monthly reset, this means you will not have to do an upload to the AP's. On the other hand, if you do not want to use this method. At step one select WPA2/PSK type in your password, change that manually monthly and update the AP's afterward. The AP's will not need to reboot since it's not a major configuration change. This is the 'delta-upload'.

Would this help?

Paul113331 · ‎08-30-2015

It is possible anyhow to connect to the database of the WLC.

(My previous company was an event organization company where they changed every day the password as well as deleted added new wireless profiles to the wlc over a script)

Connect to the database of the wlc and look in the tables of the wlc. There you can find the wireless profile and the password. Script something what you want :-)

Good luck

phongvietphong1989 · ‎03-15-2016

Hi Paul113331

could you help me sent to me script.Thank you show much

My'semail:phongvietphong@gmail.com