Cisco WLC 9800 non-ASCII Character Support

R M C · ‎06-28-2022

Hi All

I am currently in the process of setting up TACACS+ for a new WLC 9800 deployment and have come across a 'feature' where only standard ASCII characters are permitted in passwords. This isn't particularly helpful for deployments outside the US that allow non-US symbols such as £ which is common on a UK keyboard.

I probably know the answer already, though is there a way of changing the character set?

Many thanks in advance.

Mark

patoberli · ‎06-29-2022

Normal user passwords should be fine with all characters. I think only the shared secret between the Tacacs+ server and client (Switch, AP, ...) must be in US-ASCII.

R M C · ‎06-29-2022

Unfortunately that isn't the case. Even when trying to set a local user account on the 9800 WLC the ASCII error flags. I was hoping that there is someway of expanding the character set, though there doesn't appear to be alas.

patoberli · ‎06-29-2022

Wait, now you are mixing up Tacacs+ and local user accounts. They do not
have the same restrictions. Via Tacacs+ it shouldn't matter how the user
password is formatted, as long as the shared secret/key is in US-ASCII.

Local users I don't know, but there it might be possible that this
restriction is correct.

R M C · ‎06-30-2022

Hi Patoberli

Thanks for your messages and apologies, I don't mean to sound rude, but I'm not mixing up anything. The WLC 9800-CL, I haven't other instances to test from, won't accept passwords, whether local or TACACS+ if they contain non-ASCII characters. It could be related to the version of code I'm running, 17.6.3, though I cannot type a password into the WLC GUI admin login portal with non-ascii characters, the following error appears - "Input allowed in English only (ASCII characters)". It's not that TACACS is rejecting the password, the GUI simply doesn't allow it.

patoberli · ‎07-01-2022

Hi RMC

I've just tested this and you are right. The WLC 9800 doesn't seem to allow
this, while the 5520 does allow this. I haven't had this tested on the new
ones it seems, sorry about that.

My suggestion is to open a TAC for this feature request.

R M C · ‎07-05-2022

Hi Patoberli

No problem at all and thanks for taking the time to test and confirming your results. I am glad that it is not just me, though saying that, if it was, it could have been fixable. I'll get a feature request raised through our account manager and hope for the best!!

Many thanks

Mark

AngelStalker · ‎07-03-2022

@R M C wrote: uspayserv.com
Hi All

I am currently in the process of setting up TACACS+ for a new WLC 9800 deployment and have come across a 'feature' where only standard ASCII characters are permitted in passwords. This isn't particularly helpful for deployments outside the US that allow non-US symbols such as £ which is common on a UK keyboard.

I probably know the answer already, though is there a way of changing the character set?

Many thanks in advance.

Mark

Great post and very insightful. I will share your tips with some of our clients.