AboutPricingCommunityTeamsStart Free TrialLog in
Avatar of Dan Sheridan
Dan Sheridan
Flag for United States of America asked on

Cisco SSID password change (no WLC or GUI)

I have some cisco access points (air-1121g) that have SSIDs broadcast and I need to change the password.

How can I change the password via the CLI (command line, iOS)?
Cisco
Avatar of undefined
Last Comment
Dan Sheridan
8/22/2022 - Mon
ArneLovius
I would suggest that you attached a suitably sanitised copy of the config
Dan Sheridan
ASKER
Is there no way to change the password from CLI for one SSID?
ArneLovius
It is possible to change the password for a single SSID from the CLI.

Questions are clearer if they do not contain negatives.
Your help has saved me hundreds of hours of internet surfing.
fblack61
Dan Sheridan
ASKER
So I ask my question again.
How do I change the password via the CLI?
ArneLovius
And I will again ask for a copy of the config.

Alternatively, you can read the Cisco documentation

https://www.cisco.com/c/en/us/td/docs/wireless/access_point/12-4-25d-JA/Configuration/guide/cg_12_4_25d_JA/scg12-4-25d-JA-chap11-authtypes.html
Dan Sheridan
ASKER
Building configuration...

Current configuration : 7763 bytes
!
! Last configuration change at 17:20:54 UTC Tue Nov 26 2019 by netadm
! NVRAM config last updated at 16:06:50 UTC Tue Nov 26 2019 by netadm
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 00182-01-ap05-sec
!
no logging console
enable secret 5 $1$Q5mp$inCqUG1gWTkYWJ/mpaZ021
!
ip subnet-zero
ip domain name private.network
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
aaa new-model
!
!
aaa group server radius rad_eap
 server 10.250.4.3 auth-port 1645 acct-port 1646
 server 10.250.4.2 auth-port 1645 acct-port 1646
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
 server 10.250.4.3 auth-port 1645 acct-port 1646
 server 10.250.4.2 auth-port 1645 acct-port 1646
!
aaa group server radius rad_admin
 server 10.250.4.3 auth-port 1645 acct-port 1646
 server 10.250.4.2 auth-port 1645 acct-port 1646
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius rad_eap1
 server 10.250.4.2 auth-port 1645 acct-port 1646
 server 10.250.4.3 auth-port 1645 acct-port 1646
!
aaa authentication banner ^CC
********************************************************************************
** This system is for use by authorized personnel only.  Unauthorized use of  **
** this system is unlawful and is subject to civil and/or criminal penalties. **
** Any use of this system may be logged or monitored without further notice.  **
** Any resulting logs may be used as evidence in court.                       **
********************************************************************************
^C
aaa authentication login default local group rad_admin
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authentication login eap_methods1 group rad_eap1
aaa authorization exec default local group rad_admin
aaa session-id common
dot11 mbssid
dot11 syslog
!
dot11 ssid BETHEL
   vlan 123
   authentication open
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii 7 02210B79042F0E2D5F2C594B55
!
dot11 ssid NSCGUEST
   vlan 9
   authentication open
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii 7 09425D0A0A1618002F1F
!
dot11 ssid NSCSTAFF
   vlan 12
   authentication open
   authentication key-management wpa
   wpa-psk ascii 7 1419310858100A1D227F61
!
dot11 ssid NSCVOICE
   vlan 20
   authentication open
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii 7 0528671C321C7E02490B4401
!
!
crypto pki trustpoint TP-self-signed-3289474642
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3289474642
 revocation-check none
 rsakeypair TP-self-signed-3289474642
!
!
username netadm privilege 15 secret 5 *********************************
archive
 path tftp://10.250.1.3/$h
 write-memory
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 9 mode ciphers aes-ccm tkip
 !
 encryption vlan 12 mode ciphers aes-ccm tkip
 !
 encryption vlan 20 mode ciphers aes-ccm tkip
 !
 encryption vlan 125 mode ciphers aes-ccm tkip
 !
 encryption vlan 123 mode ciphers aes-ccm tkip
 !
 ssid BETHEL
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio0.9
 encapsulation dot1Q 9
 no ip route-cache
 bridge-group 9
 bridge-group 9 subscriber-loop-control
 bridge-group 9 block-unknown-source
 no bridge-group 9 source-learning
 no bridge-group 9 unicast-flooding
 bridge-group 9 spanning-disabled
!
interface Dot11Radio0.12
 encapsulation dot1Q 12
 no ip route-cache
 bridge-group 12
 bridge-group 12 subscriber-loop-control
 bridge-group 12 block-unknown-source
 no bridge-group 12 source-learning
 no bridge-group 12 unicast-flooding
 bridge-group 12 spanning-disabled
!
interface Dot11Radio0.20
 encapsulation dot1Q 20
 no ip route-cache
 bridge-group 20
 bridge-group 20 subscriber-loop-control
 bridge-group 20 block-unknown-source
 no bridge-group 20 source-learning
 no bridge-group 20 unicast-flooding
 bridge-group 20 spanning-disabled
!
interface Dot11Radio0.123
 encapsulation dot1Q 123
 no ip route-cache
 bridge-group 123
 bridge-group 123 subscriber-loop-control
 bridge-group 123 block-unknown-source
 no bridge-group 123 source-learning
 no bridge-group 123 unicast-flooding
 bridge-group 123 spanning-disabled
!
interface Dot11Radio0.125
 encapsulation dot1Q 125
 no ip route-cache
 bridge-group 125
 bridge-group 125 subscriber-loop-control
 bridge-group 125 block-unknown-source
 no bridge-group 125 source-learning
 no bridge-group 125 unicast-flooding
 bridge-group 125 spanning-disabled
!
interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface FastEthernet0.9
 encapsulation dot1Q 9
 no ip route-cache
 bridge-group 9
 no bridge-group 9 source-learning
 bridge-group 9 spanning-disabled
!
interface FastEthernet0.12
 encapsulation dot1Q 12
 no ip route-cache
 bridge-group 12
 no bridge-group 12 source-learning
 bridge-group 12 spanning-disabled
!
interface FastEthernet0.20
 encapsulation dot1Q 20
 no ip route-cache
 bridge-group 20
 no bridge-group 20 source-learning
 bridge-group 20 spanning-disabled
!
interface FastEthernet0.123
 encapsulation dot1Q 123
 no ip route-cache
 bridge-group 123
 no bridge-group 123 source-learning
 bridge-group 123 spanning-disabled
!
interface FastEthernet0.125
 encapsulation dot1Q 125
 no ip route-cache
 bridge-group 125
 no bridge-group 125 source-learning
 bridge-group 125 spanning-disabled
!
interface BVI1
 ip address 10.3.76.105 255.255.255.0
 no ip route-cache
!
ip default-gateway 10.3.76.1
no ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
!
ip access-list extended Voice_Over_IP_300
 permit 119 any any
 permit ip any any
ip access-list extended Voice_Over_IP_301
 permit 119 any any
 permit ip any any
logging trap debugging
logging facility local0
logging 10.250.1.3
snmp-server view iso_view iso included
snmp-server community ***** RW
snmp-server community ****** RO
snmp-server queue-length 1
snmp-server location (00182-01, NSC HQ SRS HTCX)
snmp-server contact Warner Connect
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps entity
snmp-server enable traps disassociate
snmp-server enable traps deauthenticate
snmp-server enable traps authenticate-fail
snmp-server enable traps dot11-qos
snmp-server enable traps switch-over
snmp-server enable traps rogue-ap
snmp-server enable traps wlan-wep
snmp-server enable traps config
snmp-server enable traps syslog
snmp-server enable traps cpu threshold
snmp-server enable traps aaa_server
no radius-server attribute 77 include-in-access-req
radius-server host 10.250.4.2 auth-port 1645 acct-port 1646 key 7 132D12321F3F012F20213A
radius-server host 10.250.4.3 auth-port 1645 acct-port 1646 key 7 062E0A01587D0C1C0E1200
radius-server retry method reorder
radius-server deadtime 2
radius-server key 7 132D12321F3F012F20213A
radius-server vsa send accounting
radius-server vsa send authentication
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 transport input ssh
!
sntp server 10.250.4.200
sntp server 10.250.4.201
end

Open in new window

⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
ASKER CERTIFIED SOLUTION
Craig Beck
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Dan Sheridan
ASKER
Thank you
Plans and Pricing
Resources
Product
Podcasts
Careers
Contact Us
Teams
Certified Expert Program
Credly Partnership
Udemy Partnership
Privacy Policy
Terms of Use

© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent