cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
320
Views
20
Helpful
2
Replies

Post-enabled password encryption can cause any problems on C9800 WLCs?

schulcz
Beginner
Beginner

Hi Guys!

We have an installation where the following commands were not issued at the beginning of the configuration:
1. key config-key password-encrypt (key)
2. password encryption aes

Consequently, except for user passwords, all passwords/secret/keys are now shown in cleartext in the configuration (sh run), such as:
- RADIUS shared secret
- WLAN related PSKs
- AP local login credentials

I want to issue the above command on C9800 to encrypt all sensitive data. I haven't done this before, so I'm wondering if issuing the commands will have any impact on the operation (mgmt access, RADIUS communication, wifi user connections, etc.), will users perceive anything about this? (I have remote access to the system)

Software version: 17.6.4

Thanks!

2 Accepted Solutions

Accepted Solutions

Scott Fella
Hall of Fame Guru Hall of Fame Guru
Hall of Fame Guru

You should be fine performing the type 6 configuration after.  I have done that in the past many times as I typically don't do that initially.  It's only type 8 where you have to configure the local user again.

-Scott
*** Please rate helpful posts ***

View solution in original post

Haydn Andrews
Engager
Engager

As per what @Scott Fella said no issues. This is normally how I do it until all testing has been completed, as its much easier to see if I have fat fingered a PSK/Password when its in clear text. Post testing being successful I run those commands and then just do a sanity check to ensure everything still working - never had an issue

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***

View solution in original post

2 Replies 2

Scott Fella
Hall of Fame Guru Hall of Fame Guru
Hall of Fame Guru

You should be fine performing the type 6 configuration after.  I have done that in the past many times as I typically don't do that initially.  It's only type 8 where you have to configure the local user again.

-Scott
*** Please rate helpful posts ***

Haydn Andrews
Engager
Engager

As per what @Scott Fella said no issues. This is normally how I do it until all testing has been completed, as its much easier to see if I have fat fingered a PSK/Password when its in clear text. Post testing being successful I run those commands and then just do a sanity check to ensure everything still working - never had an issue

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers