Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SSID PSK Change after 90 days

PJB
Here to help
‎Dec 14 2023 12:04 AM
‎Dec 14 2023 12:04 AM

SSID PSK Change after 90 days

Hi there,

 

I am looking for a solution to this issue; I have set up a Corporate SSID for new remote users. They gain access via a PSK only (No radius involved etc). However, how do I set up a prompt/alert that the password needs changing after 90 days. Even an email to send to the support desk so that they can inform the users of a new password.

 

All help much appreciated

Labels:
0 Kudos
Subscribe
4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal
‎Dec 14 2023 12:41 AM
‎Dec 14 2023 12:41 AM

I have an script that I use for MX-w , I will share with you, maybe you can use it.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
alemabrahao
Kind of a big deal
Kind of a big deal
‎Dec 14 2023 1:40 AM
‎Dec 14 2023 1:40 AM

I know what you want is an alert to change your password every 90 days, but with PSK you won't be able to do that.
 
It would be much more viable to use 802.1x integrated with AD and in AD you define a password policy, but come on, I have this script that I currently use to change the password to a random password from an SSID and add it to Linux cron to run every 30 days.
 
Note that this is for an MX-w network so you have to adapt it to MR.
 
Here is the API that can be used instead.

https://developer.cisco.com/meraki/api/update-network-wireless-ssid/



import requests
import secrets
import string

# Replace 'your_api_key', 'your_network_id', and 'your_ssid_number' with the actual values
api_key = 'your_api_key'
network_id = 'your_network_id'
ssid_number = 'your_ssid_number'

# API URL
url = f'https://api.meraki.com/api/v1/networks/{network_id}/appliance/ssids/{ssid_number}'

# Generates a random password with at least 15 characters, including uppercase letters, lowercase letters, and special characters
def generate_password():
    characters = string.ascii_letters + string.digits + string.punctuation
    password = secrets.choice(string.ascii_uppercase) + secrets.choice(string.ascii_lowercase) + secrets.choice(string.digits) + secrets.choice(string.punctuation)
    password += secrets.token_urlsafe(12)
    return ''.join(secrets.choice(characters) for _ in range(15 - len(password))) + password

# Request header with the API key
headers = {
    'X-Cisco-Meraki-API-Key': api_key,
    'Content-Type': 'application/json',
}

# Generates a new password
new_password = generate_password()

# Data to be sent in the PUT request
data = {
    'name': 'SSID Name',  # Replace with the actual SSID name
    'enabled': True,
    'authMode': 'psk',
    'encryptionMode': 'wpa',
    'wpaEncryptionMode': 'WPA2 only',  # Replace with the desired encryption mode
    'psk': new_password,
}

# Makes the PUT request to change the SSID password
response = requests.put(url, headers=headers, json=data)

# Checks if the request was successful (status code 200)
if response.status_code == 200:
    print(f"Password changed successfully. New password: {new_password}")
else:
    # Displays an error message if the request failed
    print(f"Request failed. Status code: {response.status_code}")
    print(response.text)
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
In response to alemabrahao
PJB
Here to help
‎Dec 17 2023 4:57 AM
‎Dec 17 2023 4:57 AM

Hi there,

 

Many thanks for that script. I am not familiar with implementing them at all and quite noobie regarding API configuration etc.

Is this the only other way this can be done? Can you walk me through it 

0 Kudos
Subscribe
In response to PJB
alemabrahao
Kind of a big deal
Kind of a big deal
‎Dec 17 2023 5:21 AM
‎Dec 17 2023 5:21 AM

Not natively, if you had a Cisco ISE you would have more possibilities.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.