Re: c9800 - listing WPA2 or WPA3 security for clients - Cisco Community

1443

Views

13

Helpful

10

Replies

Does anyone know a way to list all the wireless clients on a c9800 showing whether they are using WPA2 or WPA3?

I have a WPA2/WPA3 transition mode SSID and am interesting to know the usage of both methods.

I can query an individual mac address but would like a summary list. e.g.

c9800#show wireless client mac-address aaa.4444.dddd detail | i Policy Type

Policy Type : WPA3

10 Replies 10

i do not see that option, looks like you need to create a script out of the box or explore API can get that information.

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

If you have Cisco Prime, believe it shows in the client details report.

Have requested this feature in DNAC as well.

May be able to do it via a script to the cli or via netconf / SNMP

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***

Thanks Haydn

Prime does show the security policy type in the client report, and I see lots of unknowns that seem to tie up with the WPA3 clients on the controller. I guess I need to bump up the version of Prime.

You should be able to see that info on the controller also. That should be listed under protocol when you look at the clients. As far as Prime, yeah you should be using the latest 3.10 version.

-Scott
*** Please rate helpful posts ***

@Scott Fella - i am more intrested to get this report too.

under protocol of client i see below :

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Yeah... I was just looking at it again and I must of been thinking something else. Let me see if there is a way when you have WPA2 + WPA3 enabled.

-Scott
*** Please rate helpful posts ***

I was looking around and if you are using WPA3, the auth method would show something other than PSK. So if you run the following on the cli, and modify the regex in case you need to to only show clients that do not show PSK or OPEN

show wireless client summary detail | exclude \[PSK\]|\[OPEN\]

show wireless client summary detail | include \[SAE\]

Or you can create a script that runs through all the mac address to parse the following data to only output data that includes WPA3.

show wireless client mac-address <mac xxxx.xxxx.xxxx> detail | in WPA3

-Scott
*** Please rate helpful posts ***

show wireless client summary detail | exclude \[PSK\]|\[OPEN\]

show wireless client summary detail | include \[SAE\]

Thank you let me test the above and get back to you,

we made some python script works out of box.

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I did some different configs for WPA2 + WPA3 and SAE was the item that reflected devices connected using WPA3. I also crossed reference using this command:

show wireless client mac-address <mac xxxx.xxxx.xxxx> detail | in WPA3

-Scott
*** Please rate helpful posts ***

@balaji.bandi any chance you can share the python script?

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community

Review Cisco Networking for a $25 gift card