12-14-2022 01:57 AM
Hi all,
I configured a WLAN on our Catalyst 9800 controller with MPSK. It works fine and can connect with one of the preshared keys.
However, how do I know which key does the client uses? I don't need to see the entitry preshared key, only the priority.
I need to know this, because we want to build some kind of rotation in the keys, and the old ones, need to be switched to one of the newer.
Goes anyone nows how I can see this?
Thanks!
Kind regards,
Geert Reijnders
Solved! Go to Solution.
12-14-2022 06:37 AM
I don't think you will find that info using mpsk. Maybe it is something you can request from Cisco as a new feature. For any rotation, do you feel like you can't give a team a deadline before you rotate the psk? iPSK with radius you might be able to define policies for specific psk and then review the log to check if devices are still using a specific psk.
12-14-2022 02:11 AM
- Check if you can find anything useful with : 9800 # show wireless client mac-address a886.adb2.05f9 detail
(sorry for font and color change, not my intend) ,
M.
12-14-2022 02:32 AM
Unfortunatly not. I even did a radioactive trace to see if I could find any information.
12-14-2022 06:37 AM
I don't think you will find that info using mpsk. Maybe it is something you can request from Cisco as a new feature. For any rotation, do you feel like you can't give a team a deadline before you rotate the psk? iPSK with radius you might be able to define policies for specific psk and then review the log to check if devices are still using a specific psk.
12-14-2022 06:46 AM
I think I will go for iPSK with radius. So I can see when all devices are migrated with the new PSK. The problem with the deadline is, that there are many devices (mostly handheld scanners) which are constantly on the move. So I don't think the team can keep track of which devices are migrated.
12-14-2022 08:23 AM
I have always ran into this in the past, where teams just don't do it or they don't take responsibility. I have made them test when the rotation starts and have them sign off/agree on the cut date. Then the blame doesn't come to the network team, but the team responsible for the device. It has worked out better that way, because we all know what we are responsible for. Like in warehouses, they know when they can obtain the scanners to reconfigure them, its all about planning and giving them enough time to make their change. There will be devices that fall of or never got changed, but there is no blaming and teams just fix those one off devices. Good luck!
12-14-2022 02:17 AM
You can look client properties as example below :
https://wifininjas.net/2020/04/15/wn-blog-029-setting-up-mpsk-on-a-cisco-c9800-wlc/
12-14-2022 02:24 AM
I already checked that link, however, no usefull information about the client perspective.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide