Link to home
Start Free TrialLog in
Avatar of Dan Sheridan
Dan SheridanFlag for United States of America

asked on

Cisco SSID password change (no WLC or GUI)

I have some cisco access points (air-1121g) that have SSIDs broadcast and I need to change the password.

How can I change the password via the CLI (command line, iOS)?
Avatar of ArneLovius
ArneLovius
Flag of United Kingdom of Great Britain and Northern Ireland image

I would suggest that you attached a suitably sanitised copy of the config
Avatar of Dan Sheridan

ASKER

Is there no way to change the password from CLI for one SSID?
It is possible to change the password for a single SSID from the CLI.

Questions are clearer if they do not contain negatives.
So I ask my question again.
How do I change the password via the CLI?
Building configuration...

Current configuration : 7763 bytes
!
! Last configuration change at 17:20:54 UTC Tue Nov 26 2019 by netadm
! NVRAM config last updated at 16:06:50 UTC Tue Nov 26 2019 by netadm
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 00182-01-ap05-sec
!
no logging console
enable secret 5 $1$Q5mp$inCqUG1gWTkYWJ/mpaZ021
!
ip subnet-zero
ip domain name private.network
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
aaa new-model
!
!
aaa group server radius rad_eap
 server 10.250.4.3 auth-port 1645 acct-port 1646
 server 10.250.4.2 auth-port 1645 acct-port 1646
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
 server 10.250.4.3 auth-port 1645 acct-port 1646
 server 10.250.4.2 auth-port 1645 acct-port 1646
!
aaa group server radius rad_admin
 server 10.250.4.3 auth-port 1645 acct-port 1646
 server 10.250.4.2 auth-port 1645 acct-port 1646
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius rad_eap1
 server 10.250.4.2 auth-port 1645 acct-port 1646
 server 10.250.4.3 auth-port 1645 acct-port 1646
!
aaa authentication banner ^CC
********************************************************************************
** This system is for use by authorized personnel only.  Unauthorized use of  **
** this system is unlawful and is subject to civil and/or criminal penalties. **
** Any use of this system may be logged or monitored without further notice.  **
** Any resulting logs may be used as evidence in court.                       **
********************************************************************************
^C
aaa authentication login default local group rad_admin
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods1 group rad_eap1
aaa authorization exec default local group rad_admin
aaa session-id common
dot11 mbssid
dot11 syslog
!
dot11 ssid BETHEL
   vlan 123
   authentication open
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii 7 02210B79042F0E2D5F2C594B55
!
dot11 ssid NSCGUEST
   vlan 9
   authentication open
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii 7 09425D0A0A1618002F1F
!
dot11 ssid NSCSTAFF
   vlan 12
   authentication open
   authentication key-management wpa
   wpa-psk ascii 7 1419310858100A1D227F61
!
dot11 ssid NSCVOICE
   vlan 20
   authentication open
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii 7 0528671C321C7E02490B4401
!
!
crypto pki trustpoint TP-self-signed-3289474642
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3289474642
 revocation-check none
 rsakeypair TP-self-signed-3289474642
!
!
username netadm privilege 15 secret 5 *********************************
archive
 path tftp://10.250.1.3/$h
 write-memory
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 9 mode ciphers aes-ccm tkip
 !
 encryption vlan 12 mode ciphers aes-ccm tkip
 !
 encryption vlan 20 mode ciphers aes-ccm tkip
 !
 encryption vlan 125 mode ciphers aes-ccm tkip
 !
 encryption vlan 123 mode ciphers aes-ccm tkip
 !
 ssid BETHEL
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio0.9
 encapsulation dot1Q 9
 no ip route-cache
 bridge-group 9
 bridge-group 9 subscriber-loop-control
 bridge-group 9 block-unknown-source
 no bridge-group 9 source-learning
 no bridge-group 9 unicast-flooding
 bridge-group 9 spanning-disabled
!
interface Dot11Radio0.12
 encapsulation dot1Q 12
 no ip route-cache
 bridge-group 12
 bridge-group 12 subscriber-loop-control
 bridge-group 12 block-unknown-source
 no bridge-group 12 source-learning
 no bridge-group 12 unicast-flooding
 bridge-group 12 spanning-disabled
!
interface Dot11Radio0.20
 encapsulation dot1Q 20
 no ip route-cache
 bridge-group 20
 bridge-group 20 subscriber-loop-control
 bridge-group 20 block-unknown-source
 no bridge-group 20 source-learning
 no bridge-group 20 unicast-flooding
 bridge-group 20 spanning-disabled
!
interface Dot11Radio0.123
 encapsulation dot1Q 123
 no ip route-cache
 bridge-group 123
 bridge-group 123 subscriber-loop-control
 bridge-group 123 block-unknown-source
 no bridge-group 123 source-learning
 no bridge-group 123 unicast-flooding
 bridge-group 123 spanning-disabled
!
interface Dot11Radio0.125
 encapsulation dot1Q 125
 no ip route-cache
 bridge-group 125
 bridge-group 125 subscriber-loop-control
 bridge-group 125 block-unknown-source
 no bridge-group 125 source-learning
 no bridge-group 125 unicast-flooding
 bridge-group 125 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface FastEthernet0.9
 encapsulation dot1Q 9
 no ip route-cache
 bridge-group 9
 no bridge-group 9 source-learning
 bridge-group 9 spanning-disabled
!
interface FastEthernet0.12
 encapsulation dot1Q 12
 no ip route-cache
 bridge-group 12
 no bridge-group 12 source-learning
 bridge-group 12 spanning-disabled
!
interface FastEthernet0.20
 encapsulation dot1Q 20
 no ip route-cache
 bridge-group 20
 no bridge-group 20 source-learning
 bridge-group 20 spanning-disabled
!
interface FastEthernet0.123
 encapsulation dot1Q 123
 no ip route-cache
 bridge-group 123
 no bridge-group 123 source-learning
 bridge-group 123 spanning-disabled
!
interface FastEthernet0.125
 encapsulation dot1Q 125
 no ip route-cache
 bridge-group 125
 no bridge-group 125 source-learning
 bridge-group 125 spanning-disabled
!
interface BVI1
 ip address 10.3.76.105 255.255.255.0
 no ip route-cache
!
ip default-gateway 10.3.76.1
no ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
!
ip access-list extended Voice_Over_IP_300
 permit 119 any any
 permit ip any any
ip access-list extended Voice_Over_IP_301
 permit 119 any any
 permit ip any any
logging trap debugging
logging facility local0
logging 10.250.1.3
snmp-server view iso_view iso included
snmp-server community ***** RW
snmp-server community ****** RO
snmp-server queue-length 1
snmp-server location (00182-01, NSC HQ SRS HTCX)
snmp-server contact Warner Connect
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps entity
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps dot11-qos
snmp-server enable traps switch-over
snmp-server enable traps rogue-ap
snmp-server enable traps wlan-wep
snmp-server enable traps config
snmp-server enable traps syslog
snmp-server enable traps cpu threshold
snmp-server enable traps aaa_server
no radius-server attribute 77 include-in-access-req
radius-server host 10.250.4.2 auth-port 1645 acct-port 1646 key 7 132D12321F3F012F20213A
radius-server host 10.250.4.3 auth-port 1645 acct-port 1646 key 7 062E0A01587D0C1C0E1200
radius-server retry method reorder
radius-server deadtime 2
radius-server key 7 132D12321F3F012F20213A
radius-server vsa send accounting
radius-server vsa send authentication
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 transport input ssh
!
sntp server 10.250.4.200
sntp server 10.250.4.201
end

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of Craig Beck
Craig Beck
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thank you