Solved: Re: Hi I checked this with Cisco

jazmario · ‎08-15-2014

Hi, anyone manage to configure on Cisco 3850 wireless wpa key using the ascii 8 encryption ? I'm able to configure using the >> security wpa akm psk set-key ascii 0 <pre-sharedkey>. But since it is not encrypted, i'm able to see the PSK string in plaintext if i show config.

I tried to use the ascii 8 <pre-sharedkey> but prompted for the below error after entering the command.

% switch-1:eicored:Invalid Encrypted Text : Decryption Failed

Rasika Nayanajith · ‎08-17-2014

Hi

I am also not so sure how to get AES encrypted text to follow this ascii 8 <pre-sharedkey>.

But here is a workaround I am doing not to disclose PSK in plain text in switch configuration. Hope that may be useful to you as well.

You can enter your PSK in HEX format instead of plaintext. You can use this website to derive your PSK in hex format.

Here is an example (SSID: ABC-PSK, Presharedkey: Test12345). From the above link you can get the PSK in HEX format as shown below & configure it on your WLAN.

wlan ABC-PSK 17 ABC-PSK
client vlan 1410
no mfp client
no mfp client required
no security wpa akm dot1x
security wpa akm psk set-key hex 0 194d3ee23de5212c109a7139e6c398ecd0ce9a394f84c0c88fb3cfd389262ae2
no shutdown

HTH

Rasika

**** Pls rate all useful responses ****

View solution in original post

Rasika Nayanajith · ‎08-17-2014

Nice.. You can mark the thread as "answered" if you are satisfied with the resolution.

Rasika

View solution in original post

Rasika Nayanajith · ‎08-17-2014

Hi

I am also not so sure how to get AES encrypted text to follow this ascii 8 <pre-sharedkey>.

But here is a workaround I am doing not to disclose PSK in plain text in switch configuration. Hope that may be useful to you as well.

You can enter your PSK in HEX format instead of plaintext. You can use this website to derive your PSK in hex format.

Here is an example (SSID: ABC-PSK, Presharedkey: Test12345). From the above link you can get the PSK in HEX format as shown below & configure it on your WLAN.

wlan ABC-PSK 17 ABC-PSK
client vlan 1410
no mfp client
no mfp client required
no security wpa akm dot1x
security wpa akm psk set-key hex 0 194d3ee23de5212c109a7139e6c398ecd0ce9a394f84c0c88fb3cfd389262ae2
no shutdown

HTH

Rasika

**** Pls rate all useful responses ****

jazmario · ‎08-17-2014

Great. That did the job. Thanks.

Rasika Nayanajith · ‎08-17-2014

Nice.. You can mark the thread as "answered" if you are satisfied with the resolution.

Rasika

Rasika Nayanajith · ‎08-18-2014

Hi

I checked this with Cisco & here is the resolution for this. You need to simply configure the below & then all your PSK shown in encrypted format.

3850(config)#passwd encryption on

HTH

Rasika

**** Pls rate all useful responses ****

Rakesh.Amin · ‎07-23-2020

Hi Rasika

That Command don't work in 16.9. version command is

password encryption aes but it didn't encrypted my psk key.

Scott Fella · ‎07-23-2020

Take a look at this guide:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/config-guide/b_wl_16_10_cg/wlans.html <>

We recommend that you configure the password encryption aes and the key config-key password-encrypt key commands to encrypt your password.