03-17-2008 12:21 PM - edited 07-03-2021 03:33 PM
Bare with me, I'm new to wireless.
I'm trying to change the WPA keys and I can't get it to take. This is the present settings:
aaa session-id common
!
dot11 ssid !abbessidprivate!
vlan 1
authentication open
authentication key-management wpa
infrastructure-ssid optional
wpa-psk hex 7 BCBA028E263B5C5789D29D55E3F03E7E2CF0B2A9915B19FD626036D79092F06
07D
!
What commands do I need to enter? I tryed this:
41-AccessPoint-1(config-ssid)#wpa-psk hex 7
% Ambiguous command: "wpa-psk hex 7"
41-AccessPoint-1(config-ssid)#wpa-psk hex 7?
7 WORD
41-AccessPoint-1(config-ssid)#wpa-psk hex 7 ?
Hex-data 66 hexadecimal digits
41-AccessPoint-1(config-ssid)#$D69769D94C396017BE9646D05C593A3366C0F
Invalid key length, expecting 66 hexadecimal digits
41-AccessPoint-1(config-ssid)#$D69769D94C396017BE9646D05C593A3366C0F
Invalid key length, expecting 66 hexadecimal digits
41-AccessPoint-1(config-ssid)#wpa-psk hex 7
% Ambiguous command: "wpa-psk hex 7"
41-AccessPoint-1(config-ssid)#$341CACECD69769D94C396017BE9646D05C593A3366C0F
41-AccessPoint-1(config-ssid)#!
41-AccessPoint-1(config-ssid)#end
41-AccessPoint-1#show runn
It didn't change....
03-18-2008 06:20 AM
With the 7 a scrambled key is expected.
Scrambling (service password-encryption) also
adds 2 characters (offset) to the string.
To enter the actual hex-string use
wpa-psk hex 0 KEYSTRING or the equivalent
wpa-psk hex KEYSTRING
KEYSTRING is the actual 64 char hex key.
If you want to use an ascii key use the
command "wpa-psk ascii ...". (Make sure
to use at least 20 characters, everything
else can be easily broken...)
03-18-2008 07:11 AM
I somewhat understand. I don't think that answered my question or i just don't get it.. What commands do I need to enter wpa-psk hex 7? These have already been setup, but the guy put in the wrong key. I need to know how to change it.
03-18-2008 11:23 AM
To hide cleartext passwords in IOS configs, the command
'service password-encryption' can be used.
If enabled, passwords, WEP- and WPA-keys are scrambled
with 'method 7'. This is a very simple encryption easily
reverted, and only meant to protect from someone peaking
over your shoulder.
Unless you want to reenter the same password, you hardly
enter passwords with the 7 in the command, but instead
with a 0 or simply without the number.
So to enter a new cleartext WPA-Key you simply enter
wpa-psk hex KEYSTRING
This requires the actual 256-bit preshared key, which is
written as 64 hex characters.
To enter a password/passphrase for your WPA-PSK, use
wpa-psk ascii STRING
This will generate the actual PSK from the STRING and
the SSID. This is what's usually used, some clients
even don't accept 64 char hex strings.
03-18-2008 03:13 PM
Donna
for your reference the following document is excelent in how to configure WPA-PSK
I reccomend you use the GUI as it is much simpler, the you can look at Config for the resulting CLI, or follow the CLI instructions also included.
good luck
Bill
03-19-2008 11:35 AM
Well, that's another problem, I can't get in through the GUI. When I enter the IP, it comes up with nothing. It can't fing the page. All this start when I installed a different switch last week. We've had trouble with our private wireless networks being to weak or slow but never any problems with the public one. Since I installed the switch you can connect to the public wireless but you have limited or no connectivity.
It shouldn't have anyting to do with the access point, but I noticed the two private wireless network had the wrong keys... So I was going to fix it while I was fixing stuff.
Any idea what I should try? Thanks.
DJ
03-21-2008 01:36 PM
The only difference in the orginal switch configuration (and then it was working) is the ip helper-addresses were the old servers and they are not longer on the network.
And the wireless network I'm troubleshooting, is for the public, therefore it doesn't have wpa keys. I'm new to wireless, so maybe I missing something. I will be at the branch having the trouble sometimes next week. Any advice you can give me on troubleshooting the switch and accesspoint connection would be greatlly appreciated. If I can supply any additional info, just ask.
Thanks,
DJ
03-22-2008 11:41 PM
Donna
the best clue I can give is verify the switch ports the AP's are connected to are set for .1q trunking
Switches are not my thing.
Good luck
Bill
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: