cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
859
Views
20
Helpful
2
Replies

Post-enabled password encryption can cause any problems on C9800 WLCs?

schulcz
Level 1
Level 1

Hi Guys!

We have an installation where the following commands were not issued at the beginning of the configuration:
1. key config-key password-encrypt (key)
2. password encryption aes

Consequently, except for user passwords, all passwords/secret/keys are now shown in cleartext in the configuration (sh run), such as:
- RADIUS shared secret
- WLAN related PSKs
- AP local login credentials

I want to issue the above command on C9800 to encrypt all sensitive data. I haven't done this before, so I'm wondering if issuing the commands will have any impact on the operation (mgmt access, RADIUS communication, wifi user connections, etc.), will users perceive anything about this? (I have remote access to the system)

Software version: 17.6.4

Thanks!

2 Accepted Solutions

Accepted Solutions

Scott Fella
Hall of Fame
Hall of Fame

You should be fine performing the type 6 configuration after.  I have done that in the past many times as I typically don't do that initially.  It's only type 8 where you have to configure the local user again.

-Scott
*** Please rate helpful posts ***

View solution in original post

Haydn Andrews
VIP Alumni
VIP Alumni

As per what @Scott Fella said no issues. This is normally how I do it until all testing has been completed, as its much easier to see if I have fat fingered a PSK/Password when its in clear text. Post testing being successful I run those commands and then just do a sanity check to ensure everything still working - never had an issue

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***

View solution in original post

2 Replies 2

Scott Fella
Hall of Fame
Hall of Fame

You should be fine performing the type 6 configuration after.  I have done that in the past many times as I typically don't do that initially.  It's only type 8 where you have to configure the local user again.

-Scott
*** Please rate helpful posts ***

Haydn Andrews
VIP Alumni
VIP Alumni

As per what @Scott Fella said no issues. This is normally how I do it until all testing has been completed, as its much easier to see if I have fat fingered a PSK/Password when its in clear text. Post testing being successful I run those commands and then just do a sanity check to ensure everything still working - never had an issue

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***
Review Cisco Networking for a $25 gift card