Reset Search
 

 

Article

How to enable password encryption on WiNG and why?

« Go Back

Information

 
TitleHow to enable password encryption on WiNG and why?
Objective
How to use SHA2-AES256 hash function on passwords in order to add a lot more security you have enable password encryption withing WiNG system.
Environment
  • All Summit WM3000 Series Controllers
  • ExtremeWiNG Controllers
  • WirelessWiNG Controllers
  • ExtremeWiNG Access Points
  • WirelessWiNG Acess Points
  • WiNG 5.5+ Software
Procedure
By default only account passwords are hashed and i.e. WLAN pre-shared keys are in plaintext.
This might be considered un-secure in certain deployments. 

To show secured strings rather than plaintext and use SHA2 on all strings marked as "password" you shall use password-encryption command.

This is only possible using CLI
 
VX(config)# password-encryption secret 2 <LINE> - Passphrase for encryption using SHA256-AES256 encryption

i.e
VX(config)# password-encryption secret 2 helloextr

Then you can confirm this in WLAN configuration
 
VX(config)# show running-config wlan HASH
wlan HASH
 ssid HASH
 vlan 1
 bridging-mode local
 encryption-type none
 authentication-type none
 wpa-wpa2 psk 2 NEY/N8NSSruNv5PK/tNyvAAAAAlwiaAXfNxDFSwD2JeehH4X

To undo password encryption just use no in front of the command and confirm by commit write
 
VX(config)# no password-encryption secret 2 helloextr

VX(config)# show running-config wlan HASH
wlan HASH
 ssid HASH
 vlan 1
 bridging-mode local
 encryption-type none
 authentication-type none
 wpa-wpa2 psk 0 helloextr

 
Additional notes
You may notice the strings are changing every time. As you add a HASH fingerprint it gets re-calculated. 
Nevertheless, the value stays the same
 
VX(config)# show running-config wlan HASH | include wpa
 wpa-wpa2 psk 2 tXFbcPRuiuWNv5PK/tNyvAAAAAlDSQuB6E4tZf5AayjOKCh0

VX(config)# no password-encryption secret 2 helloextr

VX(config)# show running-config wlan HASH | include wpa
 wpa-wpa2 psk 0 helloextr


Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255