Question

PSK cuts off after saving interface settings

  • 6 February 2020
  • 5 replies
  • 1117 views

Hi!

 

I’m having an issue regarding a PSK that cuts off in the interface settings of an AP.

We have 1 SSID that requires a PSK of 35+ characters (still within the 63 character limit).
On Network Policy level there is no problem, the PSK gets saved in full length but when looking at an individual AP the PSK is cut off in its field at 23 characters.

This is an issue when pushing new configs to an AP since the cloud will take the erroneous 23 character PSK instead of the 40+ PSK defined in the Network Policy.

 

I was wondering if anybody else experiences this and if this is a known issue.

Is there a public bug tracker that we as a community can view and maybe contribute to (much like the Mozilla ‘Bugzilla’ bugtracker for example)?

 

Thanks!


5 replies

Could you please specify the ap-image-version and the ap-model you are making use of ? Also, please specify the cloud-product you are making use of -Is it ezcloudx.com or extremecloudiq.com ? 

Regards,
Subanesh

Thank you for replying!

 

We are using extremecloudiq.com and Aerohive AP 250 for this specific SSID (but all the other models have the same problem). The imagine version of the AP is currently 10.07ra.

We are also still using the classic HiveManager (on premise) which does not have an issue like this. Seeing as this PSK cuts off on the form field I’m thinking it’s the web interface and more specifically the web interface of the interface settings of an individual AP.

 

Kind regards,
Nasha

           We tried replicating this locally(with a different model but same version as yours) and were not able to reproduce the Preshared key being cut-off. We were able to configure a 63 character(ascii) PSK based SSID in XIQ and push it to an AP and was able to connect a client using the 63 character PSK. 

 

Could it be the following

  • Are you making use of any specific characters in PSK that is resulting in this behavior ? You can try changing the PSK if possible and see if that fixes the issue
  • Also, since you mentioned you were seeing at the Device-level interface settings - Are you referring to the UI limitation i.e. the text-box-ability to show only few of the characters in case of a lengthy password ? Probably the full psk password is shown if you try to move the cursor further.
  •  Also, please check if you have done any override via the device-level settings for the SSID ? 


 

Hi Subanesh,

Actually you are quite right! I tried several things and indeed, rather than it being due to the length of the PSK it's actually certain characters used.
There's 2 issues that we are experiencing for both I will write a procedure so you can replicate it.

Before I do I just want to reply on your suggesting to use a different PSK. Unfortunately we are not in a position to change the PSKs because the SSID is permanently being used by minitoring devices (patient's vitals). Changing the PSK would mean that we'd have to change every monitoring device individually which cannot be done.
This is not a problem on the Classic Hivemanager and expect this not to be a problem on the XIQ platform.

  • Problem 1: PSK cuts off in idividual interface settings

Step 1. Create a new policy and create an SSID with WPA2 Personal authentication.
Step 2. Use the following key: abcdefgh"ijkl


Step 3: Apply said policy to the AP and delta upload. (The AP will get the PSK from the NW policy)
Step 4: Go into the AP's interface settings and check the SSIDs


- The PSK should be cut off where the double quotes (") started.
- The override icon is present.
NW policy PSK:         abcdefgh"ijkl
AP settings PSK:      abcdefgh

Step 5: Don't change anything but press the save button and push (delta or complete) to the AP.
Step 6: Try connecting to that SSID with the PSK set up in the Network policy. It should fail.


Problem 2: PSK cuts off and part of it appears in plain text

Step 1. Create a new policy and create an SSID with WPA2 Personal authentication.
Step 2. Use the following key: ab"cd>e"fghjk<l


Step 3: Apply said policy to the AP and delta upload. (The AP will get the PSK from the NW policy)
Step 4: Go into the AP's interface settings and check the SSIDs


- The PSK should be cut off after the first 2 characters and the rest of the characters appear erroneuously next to the field.
Characters between " and > are ignored . Characters after the < also get ignored, part of the PSK is repeated.
- "show password" checkbox does not work.
The override icon is not present.
NW policy PSK:         ab"cd>e"fghjk<l
AP settings PSK:    ab - (presumably) in field. e"fghjke"fghjk - next to the field

Step 5: Don't change anything but press the save button and push (delta or complete) to the AP.
Step 6: Try connecting to that SSID with the PSK set up in the Network policy. It should fail.

 

 

Another fun PSK to try out is: 11"222>3333<4444
Which results in:


This is also another reason not to change the PSK as we don’t know what the side effects are.

 

Hope this information helps!

Sure will give out a try and let you know how it goes. Thanks for the extensive inputs.

Reply