Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1305
Views
0
Helpful
5
Replies

dot11 ssid - password encryption in config file

Nicky Maddison
Level 1
Level 1

‎07-11-2017 02:05 AM - edited ‎03-03-2019 08:36 AM

Hi community,

I am archiving the configuration of all my Cisco devices to a TFTP server.

I am using "secret" instead of "password" to avoid anyone to read the different passwords stored in the config files, but the ssid password remain encrypted with Cisco 7 and easily findable with all the tools on the web.

Example:

dot11 ssid xxx
   authentication open
   authentication key-management wpa
   guest-mode
   wpa-psk ascii 7 030C5E070A006C4F471A1A0A

Is it possible to encrypt the ssid password with something else? I don't want some ssid password to be available because we have some specific devices and traffic on these ssids.

Thanks a lot.

Labels:
0 Helpful
5 Replies 5

Julio E. Moisa
VIP Alumni
VIP Alumni

‎07-11-2017 04:25 AM

Hi Nicky,

Usually the command: service password-encryption is configured on the network devices to encrypt the current a new passwords, you could try it on the access point.




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Nicky Maddison
Level 1
Level 1
In response to Julio E. Moisa

‎07-11-2017 04:59 AM

Hello Julio,

Thanks for the answer...

I have already tried the "service password-encryption" but, as explained here, http://www.cisco.com/c/en/us/support/docs/ip/access-lists/13608-21.html it uses the cisco weak encryption algorithm and can be decrypt on any web site with Cisco decrypt password tools.

So, this is not solving my problem. May be it is not possible...

Thanks anyway.

Nicky

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-13-2017 02:38 AM

The "secret" feature only provides strong encryption for the enable and user passwords.

It does not provide it for wireless pre-shared keys or other passwords that may be in the configuration.

0 Helpful

Nicky Maddison
Level 1
Level 1
In response to Marvin Rhoads

‎07-13-2017 03:21 AM

Hello and thank for the answer,

but is there a way to protect the pre-shared keys in the config file?

Thanks.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Nicky Maddison

‎07-13-2017 04:52 AM

Restrict access to the configuration to authorized network administrators.

If you are backing it up externally, then save the backup in an encrypted archive.

If security is so critical that those measures don't suffice, then you should be looking to alternative wireless authentication methods like 802.1x.

0 Helpful
Customers Also Viewed These Support Documents
Top