Meraki Community

freddy7 · ‎Jun 19 2023

We are trying to setup a guest wifi. The requirements would be that the guest wifi password would need to change once per week. We have setup a user and assigned a password and authorized the user. we can access and login to guest ssid. The issue per-se is, can the process of changing the password weekly and emailing password to certain folk be automated? Trying to make this as hands off as possible. Thank you

PhilipDAth · ‎Jun 19 2023

Splash Access also offer a nice paid solution that can do this.

https://www.splashaccess.com/portfolio/splashaccess-traditional/

View solution in original post

alemabrahao · ‎Jun 19 2023

Unfortunately with the dashboard options you won't be able to do this automatically. You would need a third party solution.

One option is to integrate with AD and on the server set a password expiration policy.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

PhilipDAth · ‎Jun 19 2023

If you change to using WPA2-PSK, and a splash page, you can find a lot of scripts for changing the PSK. Google "github meraki change psk".

You then need to schedule the script to run weekly.

PhilipDAth · ‎Jun 19 2023

Splash Access also offer a nice paid solution that can do this.

https://www.splashaccess.com/portfolio/splashaccess-traditional/

Madhan_kumar_G · ‎Jun 19 2023

Hi,

Yes, It's very much possible with the API and a python script. We have achieved the same for daily rotation and with an email having details of the rotated passwords.

You need to tweak the script for weekly basis. I am attaching the link with details here.

https://drive.google.com/file/d/1YsMqvV3MvqL0S237zWA_r3sji7bXBgWe/view?usp=drivesdk

TBHPTL · ‎Jun 19 2023

Or use a third party radius provider for a captive portal with a rotating passcode. That service will send emails to whoever you want on what ever cycle you tell it. After its set up and for extra measure, I have a certain team recipient that updates an announcement only mailbox that anyone can dial into that has access to our voip phones. Codes get updated at the halflife of the period you mandate so at any given time there are two valid codes. One new one and one on the way out. Anyone can call and be told the code for acces with 5 digit dialing announcement.

BALAJIRG · ‎Jun 20 2023

Hi,

Automated WPA2-PSK be achieved by API.

Edit the following python script as highlighted in red referring to the details.

Get the details

"

import meraki

import requests

import random

import string

import smtplib

import ssl

from email.mime.text import MIMEText

from email.mime.multipart import MIMEMultipart

api_key = "your_api_key" # enter your meraki api key here

network_id = "your_network_id" # enter the network id of the network you

want to change here

ssid_number = "ssid_number"# enter the number of the ssid you want to change here 0 - 14

password_length = 15 # enter the desired length of the new PSK min 8 max 63

character_types = string.ascii_lowercase + string.ascii_uppercase + string.digits # remove or change according to needs

gmail_password = "App_password_generated" # enter the generated gmail app password here

sender_email = "sender@gmail.com" # sending gmail address

receiver_email = "reciver@gmail.com" # receiving address(es)

def random_string(stringlength=password_length):

return ''.join(random.choice(character_types) for i in range(stringlength))

def set_new_psk(new_psk, ssid=ssid_number):

url = "https://api.meraki.com/api/v0/networks/"+network_id+"/ssids/"+str(ssid) #remove the spaces the I inserted to get around a community bug

payload = "{\r\n \"psk\": \""+str(new_psk)+"\"\r\n}"

headers = {

'Accept': "*/*",

'Content-Type': "application/json",

'cache-control': "no-cache",

'X-Cisco-Meraki-API-Key': api_key

}

response = requests.request("PUT", url, data=payload, headers=headers)

print(str(response.status_code) + " - " + response.text)

return(response.status_code)

def send_password_email(new_psk_param):

message = MIMEMultipart("alternative")

message["Subject"] = "New Wi-Fi PSK"

message["From"] = sender_email

message["To"] = receiver_email

# Create the plain-text and HTML version of your message

text = """\

Hi,

We've changed the Wi-Fi password to: {new_psk}

Kind regards,

pskscript""".format(new_psk=new_psk_param)

html = """\

<html>

<body>

<div>Hi,<br>

<br>

We've changed the Wi-Fi password to: <br> #content to be recived

<h1>{new_psk}</h1>

Kind regards,<br>

pskscript

</div>

</body>

</html>

""".format(new_psk=new_psk_param)

# Turn these into plain/html MIMEText objects

part1 = MIMEText(text, "plain")

part2 = MIMEText(html, "html")

# Add HTML/plain-text parts to MIMEMultipart message

# The email client will try to render the last part first

message.attach(part1)

message.attach(part2)

# Create secure connection with server and send email

context = ssl.create_default_context()

with smtplib.SMTP_SSL("smtp.gmail.com", 465, context=context) as server:

server.login(sender_email, gmail_password)

server.sendmail(

sender_email, receiver_email, message.as_string()

)

new_psk = random_string(password_length)

if set_new_psk(new_psk) == 200:

send_password_email(new_psk)

“

Schedule Python script to run weekly on some online platforms like "www.pythonanywhere.com" or you can run the script in the internal server with using crontab.

freddy7 · ‎Jun 22 2023

Thank you all for your input. I will be looking in to the Splash Access option. Whether or not we go with this option is another thing.

Meraki Community

auto password reset for guest SSID and email to users

auto password reset for guest SSID and email to users