07-11-2017 02:05 AM - edited 03-03-2019 08:36 AM
Hi community,
I am archiving the configuration of all my Cisco devices to a TFTP server.
I am using "secret" instead of "password" to avoid anyone to read the different passwords stored in the config files, but the ssid password remain encrypted with Cisco 7 and easily findable with all the tools on the web.
Example:
dot11 ssid xxx
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 030C5E070A006C4F471A1A0A
Is it possible to encrypt the ssid password with something else? I don't want some ssid password to be available because we have some specific devices and traffic on these ssids.
Thanks a lot.
07-11-2017 04:25 AM
Hi Nicky,
Usually the command: service password-encryption is configured on the network devices to encrypt the current a new passwords, you could try it on the access point.
07-11-2017 04:59 AM
Hello Julio,
Thanks for the answer...
I have already tried the "service password-encryption" but, as explained here, http://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html it uses the cisco weak encryption algorithm and can be decrypt on any web site with Cisco decrypt password tools.
So, this is not solving my problem. May be it is not possible...
Thanks anyway.
Nicky
07-13-2017 02:38 AM
The "secret" feature only provides strong encryption for the enable and user passwords.
It does not provide it for wireless pre-shared keys or other passwords that may be in the configuration.
07-13-2017 03:21 AM
Hello and thank for the answer,
but is there a way to protect the pre-shared keys in the config file?
Thanks.
07-13-2017 04:52 AM
Restrict access to the configuration to authorized network administrators.
If you are backing it up externally, then save the backup in an encrypted archive.
If security is so critical that those measures don't suffice, then you should be looking to alternative wireless authentication methods like 802.1x.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide