cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2217
Views
0
Helpful
7
Replies

WPA Keys

DonnaJ
Level 1
Level 1

Bare with me, I'm new to wireless.

I'm trying to change the WPA keys and I can't get it to take. This is the present settings:

aaa session-id common

!

dot11 ssid !abbessidprivate!

vlan 1

authentication open

authentication key-management wpa

infrastructure-ssid optional

wpa-psk hex 7 BCBA028E263B5C5789D29D55E3F03E7E2CF0B2A9915B19FD626036D79092F06

07D

!

What commands do I need to enter? I tryed this:

41-AccessPoint-1(config-ssid)#wpa-psk hex 7

% Ambiguous command: "wpa-psk hex 7"

41-AccessPoint-1(config-ssid)#wpa-psk hex 7?

7 WORD

41-AccessPoint-1(config-ssid)#wpa-psk hex 7 ?

Hex-data 66 hexadecimal digits

41-AccessPoint-1(config-ssid)#$D69769D94C396017BE9646D05C593A3366C0F

Invalid key length, expecting 66 hexadecimal digits

41-AccessPoint-1(config-ssid)#$D69769D94C396017BE9646D05C593A3366C0F

Invalid key length, expecting 66 hexadecimal digits

41-AccessPoint-1(config-ssid)#wpa-psk hex 7

% Ambiguous command: "wpa-psk hex 7"

41-AccessPoint-1(config-ssid)#$341CACECD69769D94C396017BE9646D05C593A3366C0F

41-AccessPoint-1(config-ssid)#!

41-AccessPoint-1(config-ssid)#end

41-AccessPoint-1#show runn

It didn't change....

7 Replies 7

kka
Level 5
Level 5

With the 7 a scrambled key is expected.

Scrambling (service password-encryption) also

adds 2 characters (offset) to the string.

To enter the actual hex-string use

wpa-psk hex 0 KEYSTRING or the equivalent

wpa-psk hex KEYSTRING

KEYSTRING is the actual 64 char hex key.

If you want to use an ascii key use the

command "wpa-psk ascii ...". (Make sure

to use at least 20 characters, everything

else can be easily broken...)

I somewhat understand. I don't think that answered my question or i just don't get it.. What commands do I need to enter wpa-psk hex 7? These have already been setup, but the guy put in the wrong key. I need to know how to change it.

To hide cleartext passwords in IOS configs, the command

'service password-encryption' can be used.

If enabled, passwords, WEP- and WPA-keys are scrambled

with 'method 7'. This is a very simple encryption easily

reverted, and only meant to protect from someone peaking

over your shoulder.

Unless you want to reenter the same password, you hardly

enter passwords with the 7 in the command, but instead

with a 0 or simply without the number.

So to enter a new cleartext WPA-Key you simply enter

wpa-psk hex KEYSTRING

This requires the actual 256-bit preshared key, which is

written as 64 hex characters.

To enter a password/passphrase for your WPA-PSK, use

wpa-psk ascii STRING

This will generate the actual PSK from the STRING and

the SSID. This is what's usually used, some clients

even don't accept 64 char hex strings.

Donna

for your reference the following document is excelent in how to configure WPA-PSK

I reccomend you use the GUI as it is much simpler, the you can look at Config for the resulting CLI, or follow the CLI instructions also included.

http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c40b6.shtml

good luck

Bill

Well, that's another problem, I can't get in through the GUI. When I enter the IP, it comes up with nothing. It can't fing the page. All this start when I installed a different switch last week. We've had trouble with our private wireless networks being to weak or slow but never any problems with the public one. Since I installed the switch you can connect to the public wireless but you have limited or no connectivity.

It shouldn't have anyting to do with the access point, but I noticed the two private wireless network had the wrong keys... So I was going to fix it while I was fixing stuff.

Any idea what I should try? Thanks.

DJ

The only difference in the orginal switch configuration (and then it was working) is the ip helper-addresses were the old servers and they are not longer on the network.

And the wireless network I'm troubleshooting, is for the public, therefore it doesn't have wpa keys. I'm new to wireless, so maybe I missing something. I will be at the branch having the trouble sometimes next week. Any advice you can give me on troubleshooting the switch and accesspoint connection would be greatlly appreciated. If I can supply any additional info, just ask.

Thanks,

DJ

Donna

the best clue I can give is verify the switch ports the AP's are connected to are set for .1q trunking

Switches are not my thing.

Good luck

Bill

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: