Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

WPA Keys

Bare with me, I'm new to wireless.

I'm trying to change the WPA keys and I can't get it to take. This is the present settings:

aaa session-id common

!

dot11 ssid !abbessidprivate!

vlan 1

authentication open

authentication key-management wpa

infrastructure-ssid optional

wpa-psk hex 7 BCBA028E263B5C5789D29D55E3F03E7E2CF0B2A9915B19FD626036D79092F06

07D

!

What commands do I need to enter? I tryed this:

41-AccessPoint-1(config-ssid)#wpa-psk hex 7

% Ambiguous command: "wpa-psk hex 7"

41-AccessPoint-1(config-ssid)#wpa-psk hex 7?

7 WORD

41-AccessPoint-1(config-ssid)#wpa-psk hex 7 ?

Hex-data 66 hexadecimal digits

41-AccessPoint-1(config-ssid)#$D69769D94C396017BE9646D05C593A3366C0F

Invalid key length, expecting 66 hexadecimal digits

41-AccessPoint-1(config-ssid)#$D69769D94C396017BE9646D05C593A3366C0F

Invalid key length, expecting 66 hexadecimal digits

41-AccessPoint-1(config-ssid)#wpa-psk hex 7

% Ambiguous command: "wpa-psk hex 7"

41-AccessPoint-1(config-ssid)#$341CACECD69769D94C396017BE9646D05C593A3366C0F

41-AccessPoint-1(config-ssid)#!

41-AccessPoint-1(config-ssid)#end

41-AccessPoint-1#show runn

It didn't change....

7 REPLIES
kka
New Member

Re: WPA Keys

With the 7 a scrambled key is expected.

Scrambling (service password-encryption) also

adds 2 characters (offset) to the string.

To enter the actual hex-string use

wpa-psk hex 0 KEYSTRING or the equivalent

wpa-psk hex KEYSTRING

KEYSTRING is the actual 64 char hex key.

If you want to use an ascii key use the

command "wpa-psk ascii ...". (Make sure

to use at least 20 characters, everything

else can be easily broken...)

New Member

Re: WPA Keys

I somewhat understand. I don't think that answered my question or i just don't get it.. What commands do I need to enter wpa-psk hex 7? These have already been setup, but the guy put in the wrong key. I need to know how to change it.

kka
New Member

Re: WPA Keys

To hide cleartext passwords in IOS configs, the command

'service password-encryption' can be used.

If enabled, passwords, WEP- and WPA-keys are scrambled

with 'method 7'. This is a very simple encryption easily

reverted, and only meant to protect from someone peaking

over your shoulder.

Unless you want to reenter the same password, you hardly

enter passwords with the 7 in the command, but instead

with a 0 or simply without the number.

So to enter a new cleartext WPA-Key you simply enter

wpa-psk hex KEYSTRING

This requires the actual 256-bit preshared key, which is

written as 64 hex characters.

To enter a password/passphrase for your WPA-PSK, use

wpa-psk ascii STRING

This will generate the actual PSK from the STRING and

the SSID. This is what's usually used, some clients

even don't accept 64 char hex strings.

Bronze

Re: WPA Keys

Donna

for your reference the following document is excelent in how to configure WPA-PSK

I reccomend you use the GUI as it is much simpler, the you can look at Config for the resulting CLI, or follow the CLI instructions also included.

http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c40b6.shtml

good luck

Bill

New Member

Re: WPA Keys

Well, that's another problem, I can't get in through the GUI. When I enter the IP, it comes up with nothing. It can't fing the page. All this start when I installed a different switch last week. We've had trouble with our private wireless networks being to weak or slow but never any problems with the public one. Since I installed the switch you can connect to the public wireless but you have limited or no connectivity.

It shouldn't have anyting to do with the access point, but I noticed the two private wireless network had the wrong keys... So I was going to fix it while I was fixing stuff.

Any idea what I should try? Thanks.

DJ

New Member

Re: WPA Keys

The only difference in the orginal switch configuration (and then it was working) is the ip helper-addresses were the old servers and they are not longer on the network.

And the wireless network I'm troubleshooting, is for the public, therefore it doesn't have wpa keys. I'm new to wireless, so maybe I missing something. I will be at the branch having the trouble sometimes next week. Any advice you can give me on troubleshooting the switch and accesspoint connection would be greatlly appreciated. If I can supply any additional info, just ask.

Thanks,

DJ

Bronze

Re: WPA Keys

Donna

the best clue I can give is verify the switch ports the AP's are connected to are set for .1q trunking

Switches are not my thing.

Good luck

Bill

907
Views
0
Helpful
7
Replies
CreatePlease to create content