Command of the Day

Reply
Highlighted
Aruba Employee

COTD: Recover a forgotten key

Have you ever tried to remember what that secret key was that you configured for a RADIUS server? What about trying to find out the encryption key?
By default we will hide the sensitive information from view, like this:
Code:
(Greig) #show wlan ssid-profile default | include Key
WEP Key 1 ********
WEP Key 2 N/A
WEP Key 3 N/A
WEP Key 4 N/A
WEP Transmit Key Index 1
(Greig) #
Well, this weeks command of the week is "encrypt disable" that will let you view all of the sensitive information stored in the system. You configure it like so:
Code:
(Greig) #configure t
Enter Configuration commands, one per line. End with CNTL/Z
(Greig) (config) #encrypt disable
(Greig) #
And now you can see what that key was:
Code:
(Greig) #show wlan ssid-profile default | include Key
WEP Key 1 12345678901234567890123456
WEP Key 2 N/A
WEP Key 3 N/A
WEP Key 4 N/A
WEP Transmit Key Index 1
(Greig) #
This currently works for ALL sensitive information stored and shown by the switch. You can also use this command to get yourself a copy of the running configuration without having hashed passwords.
Note- for all of the security sensitive people out there who don't like this, it will be different in 3.2. All of the passwords that we can hash and turn into a one-way hash representative, will from 3.2 be stored internally as the one-way hash. There are certain passwords however that we need to have access to in plaintext and so it will not be for all secrets.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: