Header Only - DO NOT REMOVE - Extreme Networks

Is it possible to script a WLAN WPA2 password change?


Is is possible to run a script on a W4110 controller to change the WPA2 password for a WLAN?

7 replies

Userlevel 7
Just ssh to the controller and use the following commands to change it - here a example for WLAN Service ABCDEF.....

- ssh to the controller
# wlans
# ABCDEF
# priv
# psk abcdefghijklmnop
# apply

If you've the skills to write a script to do that... why not.

-Ron

This is great! Thanks! What if I don't have the skills but can follow directions very well? 🙂
Userlevel 7
Scott Van Artsdalen wrote:

This is great! Thanks! What if I don't have the skills but can follow directions very well? :-)

Something like this could happen if you follow directions 🙂

http://fox59.com/2015/06/25/driver-on-way-to-hospital-nearly-follows-gps-into-downtown-canal/
Scott Van Artsdalen wrote:

This is great! Thanks! What if I don't have the skills but can follow directions very well? :-)

Entertaining but not helpful. 🙂 I just trying to prevent myself and my teammates from having to get up at 4am to change a stupid password.
Userlevel 7
Scott Van Artsdalen wrote:

This is great! Thanks! What if I don't have the skills but can follow directions very well? :-)

Here a link to a article about scripting for the controller.

If you take that as an example and change it a bit you should be able to do what you are looking for.

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-disable-enable-wireless-services-du...
Userlevel 7
I've played around a bit...

I've used my Netsight and installed Expect on it - had some troubles but the community helped....
https://community.extremenetworks.com/extreme/topics/run-expect-in-netsight

Put my script in /usr/local/Enterasys_Networks/NetSight/scripts and changed the file settings with "chmod 755 psk_change".

Here the script that changes the PSK key and also generates a trap in Netsight "PSK was changed for WLAN Service $WLAN"
(I've just modified the script from this post... https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-disable-enable-wireless-services-du... )
#####################################################################

#!/usr/bin/expect#
set timeout 20
if { $argc!=4 } {send_user " \n
usage psk_change.exp [i] \n
\n"
exit 1
}
#
#
set AC [lindex $argv 0]
set PASS [lindex $argv 1]
set WLAN [lindex $argv 2]
set PSK [lindex $argv 3]
set ac_prompt "#"
#
#
system echo
eval spawn ssh admin@$AC

set timeout 1
expect "(yes/no)" {send "yes\r"}

set timeout 20
expect "assword:" {send "$PASS\r"}

expect $ac_prompt {send "wlans\r"}
expect $ac_prompt {send "$WLAN\r"}
expect $ac_prompt {send "priv\r"}
expect $ac_prompt {send "psk $PSK\r"}
expect $ac_prompt {send "apply\r"}
expect $ac_prompt {send "exit\r"}
expect $ac_prompt {send "exit\r"}
expect $ac_prompt {send "exit\r"}
expect $ac_prompt {send "exit\r"}
#
exec /usr/bin/snmptrap -v 1 -c public localhost "1.2.3.4.5.6" $AC 6 0 0 1.11.12.13.14.15 s "PSK was changed for WLAN Service $WLAN"

#####################################################################
You'd manualy start it with....
./psk_change.exp [i]



#####################################################################
To start it with a cron job....
In /var/spool/cron/crontabs create a file i.e. job01.txt - the script is started every day@20:30

vi job01.txt
# start expect wpa change
30 20 * * * /usr/local/Enterasys_Networks/NetSight/scripts/psk_change.exp 10.12.0.1 EWC_pw123 PS4 abc123abc123
#

Now activate it...
#crontab job01.txt
This generated a file "root" with the job - you'd check it with "cat root"

root@netsightvienna.mywlan.at:/var/spool/cron/crontabs$ cat root
# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (job01.txt installed on Wed Oct 28 16:25:10 2015)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
# start expect wpa change
20 * * * * /usr/local/Enterasys_Networks/NetSight/scripts/psk_change.exp 10.12.0.1 EWC_pw123 PS4 abc123abc123
#
root@netsightvienna.mywlan.at:/var/spool/cron/crontabs$

#############################################

Wasn't that hard even with no prior experience with Expect and "scripting"... with some help from you guys&my colleague and Google.

Next step... write my own controller code - without any bugs 🙂

-Ron
Ron wrote:

I've played around a bit...

I've used my Netsight and installed Expect on it - had some troubles but the community helped....
https://community.extremenetworks.com/extreme/topics/run-expect-in-netsight

Put my script in /usr/local/Enterasys_Networks/NetSight/scripts and changed the file settings with "chmod 755 psk_change".

Here the script that changes the PSK key and also generates a trap in Netsight "PSK was changed for WLAN Service $WLAN"
(I've just modified the script from this post... https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-disable-enable-wireless-services-du... )
#####################################################################

#!/usr/bin/expect#
set timeout 20
if { $argc!=4 } {send_user " \n
usage psk_change.exp [i] \n
\n"
exit 1
}
#
#
set AC [lindex $argv 0]
set PASS [lindex $argv 1]
set WLAN [lindex $argv 2]
set PSK [lindex $argv 3]
set ac_prompt "#"
#
#
system echo
eval spawn ssh admin@$AC

set timeout 1
expect "(yes/no)" {send "yes\r"}

set timeout 20
expect "assword:" {send "$PASS\r"}

expect $ac_prompt {send "wlans\r"}
expect $ac_prompt {send "$WLAN\r"}
expect $ac_prompt {send "priv\r"}
expect $ac_prompt {send "psk $PSK\r"}
expect $ac_prompt {send "apply\r"}
expect $ac_prompt {send "exit\r"}
expect $ac_prompt {send "exit\r"}
expect $ac_prompt {send "exit\r"}
expect $ac_prompt {send "exit\r"}
#
exec /usr/bin/snmptrap -v 1 -c public localhost "1.2.3.4.5.6" $AC 6 0 0 1.11.12.13.14.15 s "PSK was changed for WLAN Service $WLAN"

#####################################################################
You'd manualy start it with....
./psk_change.exp [i]



#####################################################################
To start it with a cron job....
In /var/spool/cron/crontabs create a file i.e. job01.txt - the script is started every day@20:30

vi job01.txt
# start expect wpa change
30 20 * * * /usr/local/Enterasys_Networks/NetSight/scripts/psk_change.exp 10.12.0.1 EWC_pw123 PS4 abc123abc123
#

Now activate it...
#crontab job01.txt
This generated a file "root" with the job - you'd check it with "cat root"

root@netsightvienna.mywlan.at:/var/spool/cron/crontabs$ cat root
# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (job01.txt installed on Wed Oct 28 16:25:10 2015)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
# start expect wpa change
20 * * * * /usr/local/Enterasys_Networks/NetSight/scripts/psk_change.exp 10.12.0.1 EWC_pw123 PS4 abc123abc123
#
root@netsightvienna.mywlan.at:/var/spool/cron/crontabs$

#############################################

Wasn't that hard even with no prior experience with Expect and "scripting"... with some help from you guys&my colleague and Google.

Next step... write my own controller code - without any bugs 🙂

-Ron

Ron, you, sir, are the man! Thank you very much!

Reply