Re: C9800 wlc Mgmtuser encrypt password

Charlie Grey · ‎03-29-2024

hi,

the mgmtuser username password defined in my AP join policy show in clear text and cannot be encrypted.

when i exe the command,

mgmtuser username admin password 8 mypass123 secret 8 mysecret123

always get error %password encryption failed: possible mismatch of password type & secret type!

i really pulling my hair out clueless.

C9800 controller running 17.9.4a.

anyone?

balaji.bandi · ‎03-29-2024

check below thread may help you :

https://community.cisco.com/t5/wireless/9800-wlc-wpa2-pre-shared-key-not-working-after-uploading-config/td-p/4531728

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Charlie Grey · ‎03-29-2024

i already went thru that post before i post here to ask.

i am not restoring from old config.

i already have password encryption aes enabled w the master key configured.

marce1000 · ‎03-29-2024

- Run error through Cisco's bug search tool (use google to find). Select correct platform too.

A trick I often use ; use google advanced search. Paste error in second input field. On the primary field type "solved" "cisco" or less , depending on the number of results ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Karsten Iwen · ‎03-29-2024

You are using the wrong syntax to activate the encryption. The command you used needs the AES encrypted password, not the plaintext one. If the passwords show in clear, you have not yet enabled password-encryption:

password encryption aes
key config-key password-encrypt THIS-IS-YOUR-COMPLEX-ENCRYPT-PASSWORD

After you configure this, the passwords are not visible any more in clear.

Charlie Grey · ‎03-29-2024

not working.

i already have the below 2 commands configured.

password encryption aes

key config-key password-encrypt THIS-IS-YOUR-COMPLEX-ENCRYPT-PASSWORD

i then run the below command also not working

mgmtuser username admin password 0 mypass123 secret 0 mysecret123

do i need to write mem before the encryption take effect?

marce1000 · ‎03-29-2024

- Possible configuration conflicts may lead to this , check with the CLI command show tech wireless and feed the output to : Wireless Config Analyzer

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

marce1000 · ‎03-29-2024

>...do i need to write mem before the encryption take effect?
Could be because the master key is saved separately in a secure part of NVRAM and not backed up.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Karsten Iwen · ‎03-29-2024

What happens when you set the user account with type 0?

Charlie Grey · ‎03-29-2024

the key is show in clear text in config as below -

mgmtuser username admin password 0 mypass123 secret 0 mysecret123

Karsten Iwen · ‎03-30-2024

I would open a TAC case. Although it is a suggested release, there still could be something going wrong. The shown way is how it works for me. I don’t even have to reenter the mgmtuser, the actual passwords get directly encrypted.

Charlie Grey · ‎03-29-2024

Question -

can (should) the password of mgmtuser username command be encryption using Type 6??

how come i run the ? of the command it show 0 and 8??

Karsten Iwen · ‎03-30-2024

It is Type 8 for the mgmtuser. But this is a different type 8 compared to the regular user accounts.