Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1104
Views
2
Helpful
3
Replies

How do I copy encrypted passwords from one WLC to another

Go to solution
srosenthal
Level 4
Level 4

‎04-28-2023 02:10 PM

I am migrating from a 5508 to an 8540 WLC.  I used the WLC converter tool and it advised me that the encrypted passwords for RADIUS and TACACS won't be recognized.  I have the actual passwords but don't know how to fit them into the text file before I upload it to the new WLC.

For example, this is one of the commands that is in the output from the config converter file.

config tacacs auth add encrypt 1 192.168.40.252 49 password 1 2e131eb59625871lkjsfd617e1508eb f7de263f949abc123456789abcde47ba00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

Is there a way for me to use the command above and just slot in the proper password?  Something like this maybe?

config tacacs auth add encrypt 1 192.168.40.252 49 password 1 properpassword

I tried to use the format above but it doesn't work and the TACACS doesn't get configured unless I do it manually via the GUI or CLI.

Thanks for the help.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to srosenthal

‎04-29-2023 05:40 AM

What you need to do is determine the command line config.  This is how you should do this and it will help you learn more and feel comfortable around configurations.

You should access the controller via ssh and start running the commands using "?".  See the example below:

(WLC2504-01) >config tacacs auth add ?

<1-3> Enter the TACACS+ Server index.

(WLC2504-01) >config tacacs auth add 1 ?

<IP addr> Enter TACACS+ Server IP (v4 or v6) Address.

(WLC2504-01) >config tacacs auth add 1

The command you will end up with is this: config tacacs auth add 1 192.168.40.252 49 ascii 

Use the "?" to help you determine the command and also you can Google part of the command to help you with finding the right commands.

-Scott
*** Please rate helpful posts ***

View solution in original post

3 Replies 3

Go to solution
Flavio Miranda
VIP
VIP

‎04-28-2023 05:48 PM

Hi

 From the security perspective it should not be possible. Just like in the past cisco had the command "config switchconfig secret-obfuscation disable" and they removed in newer version cause this represent a security flaw.

I would say the same apply to what you are trying to do.  Considere that someone had access to you backup file and is able to setup a rogue device and use you tacacs as a legitim device.

Go to solution
srosenthal
Level 4
Level 4
In response to Flavio Miranda

‎04-28-2023 06:37 PM

Thank you for the information.  I am not looking to decipher the password.  I know the secret, I just need to know is there a way for me to populate the secret in the text file before I upload it into the new WLC.

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to srosenthal

‎04-29-2023 05:40 AM

What you need to do is determine the command line config.  This is how you should do this and it will help you learn more and feel comfortable around configurations.

You should access the controller via ssh and start running the commands using "?".  See the example below:

(WLC2504-01) >config tacacs auth add ?

<1-3> Enter the TACACS+ Server index.

(WLC2504-01) >config tacacs auth add 1 ?

<IP addr> Enter TACACS+ Server IP (v4 or v6) Address.

(WLC2504-01) >config tacacs auth add 1

The command you will end up with is this: config tacacs auth add 1 192.168.40.252 49 ascii 

Use the "?" to help you determine the command and also you can Google part of the command to help you with finding the right commands.

-Scott
*** Please rate helpful posts ***
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card