Is it possible to script a WLAN WPA2 password change?

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
Is is possible to run a script on a W4110 controller to change the WPA2 password for a WLAN?
Photo of Scott Van Artsdalen

Scott Van Artsdalen

  • 366 Points 250 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 50,154 Points 50k badge 2x thumb
Just ssh to the controller and use the following commands to change it - here a example for WLAN Service ABCDEF.....

- ssh to the controller
# wlans
# ABCDEF
# priv
# psk abcdefghijklmnop
# apply

If you've the skills to write a script to do that... why not.

-Ron

Photo of Scott Van Artsdalen

Scott Van Artsdalen

  • 366 Points 250 badge 2x thumb
This is great!  Thanks!  What if I don't have the skills but can follow directions very well? :-)
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 49,972 Points 20k badge 2x thumb
Something like this could happen if you follow directions :-)

http://fox59.com/2015/06/25/driver-on-way-to-hospital-nearly-follows-gps-into-downtown-canal/
Photo of Scott Van Artsdalen

Scott Van Artsdalen

  • 366 Points 250 badge 2x thumb
Entertaining but not helpful. :-)  I just trying to prevent myself and my teammates from having to get up at 4am to change a stupid password.
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 49,972 Points 20k badge 2x thumb
Here a link to a article about scripting for the controller.

If you take that as an example and change it a bit you should be able to do what you are looking for.

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-disable-enable-wireless-services-du...
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 50,154 Points 50k badge 2x thumb
I've played around a bit...

I've used my Netsight and installed Expect on it - had some troubles but the community helped....
https://community.extremenetworks.com/extreme/topics/run-expect-in-netsight

Put my script in /usr/local/Enterasys_Networks/NetSight/scripts and changed the file settings with "chmod 755 psk_change".

Here the script that changes the PSK key and also generates a trap in Netsight "PSK was changed for WLAN Service $WLAN"
(I've just modified the script from this post...  https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-disable-enable-wireless-services-du... )
#####################################################################

#!/usr/bin/expect#
set timeout 20
if { $argc!=4 } {send_user " \n
usage psk_change.exp <IP address of Controller> <Admin password> <WLAN name> <PSK> \n
\n" 
exit 1
}
#
#
set AC [lindex $argv 0]
set PASS [lindex $argv 1]
set WLAN [lindex $argv 2]
set PSK [lindex $argv 3]
set ac_prompt "#"
#
#
system echo
eval spawn ssh admin@$AC

set timeout 1
expect "(yes/no)" {send "yes\r"}

set timeout 20
expect "assword:" {send "$PASS\r"}

expect $ac_prompt {send "wlans\r"}
expect $ac_prompt {send "$WLAN\r"}
expect $ac_prompt {send "priv\r"}
expect $ac_prompt {send "psk $PSK\r"}
expect $ac_prompt {send "apply\r"}
expect $ac_prompt {send "exit\r"}
expect $ac_prompt {send "exit\r"}
expect $ac_prompt {send "exit\r"}
expect $ac_prompt {send "exit\r"}
#
exec /usr/bin/snmptrap -v 1 -c public localhost  "1.2.3.4.5.6" $AC 6 0 0 1.11.12.13.14.15  s "PSK was changed for WLAN Service $WLAN"

#####################################################################
You'd manualy start it with....
./psk_change.exp <IP address of Controller> <Admin password> <WLAN name> <PSK>


#####################################################################
To start it with a cron job....
In /var/spool/cron/crontabs create a file i.e. job01.txt - the script is started every day @20:30

vi job01.txt
# start expect wpa change
30 20 * * * /usr/local/Enterasys_Networks/NetSight/scripts/psk_change.exp 10.12.0.1 EWC_pw123 PS4 abc123abc123
#

Now activate it...
#crontab job01.txt
This generated a file "root" with the job - you'd check it with "cat root"

root@netsightvienna.mywlan.at:/var/spool/cron/crontabs$ cat root
# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (job01.txt installed on Wed Oct 28 16:25:10 2015)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
# start expect wpa change
20 * * * * /usr/local/Enterasys_Networks/NetSight/scripts/psk_change.exp 10.12.0.1 EWC_pw123 PS4 abc123abc123
#
root@netsightvienna.mywlan.at:/var/spool/cron/crontabs$


#############################################

Wasn't that hard even with no prior experience with Expect and "scripting"... with some help from you guys&my colleague and Google.

Next step... write my own controller code - without any bugs :-)

-Ron
Photo of Scott Van Artsdalen

Scott Van Artsdalen

  • 366 Points 250 badge 2x thumb
Ron, you, sir, are the man!  Thank you very much!