08-26-2015 12:23 AM - edited 07-05-2021 03:50 AM
Hello experts,
I am trying to install a way to change 1 time per month the WPA-PSK password of 1 SSID. Is it possible ? With a script or something like this ?
AL
08-26-2015 01:37 AM
I am trying to install a way to change 1 time per month the WPA-PSK password of 1 SSID. Is it possible ? With a script or something like this ?
What's wrong with using RADIUS?
09-23-2015 05:41 AM
I just wanted to know if it was possible
AL
09-24-2015 05:11 AM
Yes it can be done, of course. The problem is WHO is going to be the poor bugger who'll be tasked to change the SSID passwords on each AP and every client.
This is why, on paper, it is a good idea. In practice, it is not.
09-24-2015 05:55 AM
It is not necessary to change the SSID password on each AP as long as you have a WLC , doesn't it ?
09-24-2015 06:10 AM
It is not necessary to change the SSID password on each AP as long as you have a WLC
Correct. But if the APs are autonomous, it's not.
However, this means that each wireless client needs to change their PSK too, which doesn't really help to keep a network "secure" as the PSK can just as easily "walk out the door".
09-24-2015 06:24 AM
Yes you are right. I proposed the radius solution to our customer, it will be more secure then WPA-PSK
AL
08-26-2015 02:27 AM
In theory you could script something to generate a random password every 30 days and then log into your AP and change it via CLI but I wouldn't know how to write it.
Leo has a point about RADIUS.. it is usually preferred for security reasons.
08-28-2015 10:47 AM
Try This,
First, go to SSID and select PPSK as the authentication method and indicate how many devices a user can have on the network at the same time
After doing that, click save. Your config should look something like this:
Now select PSK User groups; select new and configure it something like as follows:
After that you will need to setup a userprofile and make it correspond with the User profile attribute you gave the local user group. This is very important otherwise you will not be able to authenticate. End result should look like something like this:
Now before you push the configuration, go to the tab on the left to the 'show nav' panel. Browse to authentication > local users. In there you should see the user you just made. You can email that to an email address or write it down to give out to people or have it display somewhere.
This would give you a monthly reset, this means you will not have to do an upload to the AP's. On the other hand, if you do not want to use this method. At step one select WPA2/PSK type in your password, change that manually monthly and update the AP's afterward. The AP's will not need to reboot since it's not a major configuration change. This is the 'delta-upload'.
Would this help?
08-30-2015 07:52 PM
It is possible anyhow to connect to the database of the WLC.
(My previous company was an event organization company where they changed every day the password as well as deleted added new wireless profiles to the wlc over a script)
Connect to the database of the wlc and look in the tables of the wlc. There you can find the wireless profile and the password. Script something what you want :-)
Good luck
03-15-2016 11:20 PM
Hi Paul113331
could you help me sent to me script.Thank you show much
My'semail:phongvietphong@gmail.com
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide