WPA Passphrase with Special Characters

Wow. It has been a while, but I wanted to post this quick snippet about getting an Aruba controller to take special characters in the passphrase. The only info I could find while we were troubleshooting was that special characters are not supported and the controllers wouldn’t take them. Well, FEAR NOT! After troubleshooting and failing with TAC, I successfully made it happen…after TAC said “you can’t do it.”

Here is the scenario. I have a customer that has been using a different wireless vendor for a long time and their current key for production is a long passphrase with different special characters in place. Here is an example key:


While I was configuring their new controller, I ran into an issue when applying this key. I would get to the question mark and the controller would act like I was asking for CLI help. It would skip to the next line, and then paste the rest of the key in -without the “?”. When using the GUI, the controller would take the key; but if you went into the CLI with “encrypt disable” and viewed the key, the “?” was gone. I tried several other methods before the customer requested a TAC call. As you can imagine, typing this into wireless terminals is not fun. I’m not sure if this procedure will apply to other special characters, but here is what I did to get it to accept the question mark and quotes in the key:

  1. Copy the beginning portion of the key before the “?” and paste it into the controller (don’t hit enter).
  2. Add quotes to the beginning and end of the text you entered.
  3. Using arrows, move the cursor to right before the end quote.
  4. Paste the rest of the key in before the quote.
  5. Press enter and the controller will take the entire string as is.

*Side note: If you are using quotes in your key, you have to use apostrophes instead of quotes to enter it correctly. I followed this procedure with the quotes and it still did not work. Replacing the quotes with apostrophes resolved it.

Here is the actual command procedure:

Aruba#config t

Aruba(config)# wlan SSID-profile test-ssid_profile

Aruba(config)# wpa-passphrase oQ|ienU6ra+K-8/KQU1AU3Y1{Aly

Aruba(config)# wpa-passphrase "oQ|ienU6ra+K-8/KQU1AU3Y1{Aly" <-add quotes.

Aruba(config)# wpa-passphrase "oQ|ienU6ra+K-8/KQU1AU3Y1{Aly?QNU-,gFZYP"" <-paste the rest of the password.

Aruba(config)# wpa-passphrase 'oQ|ienU6ra+K-8/KQU1AU3Y1{Aly?QNU-,gFZYP"' <-replace quotes with apostrophes.

Thats it. You should be able to hit enter to confirm the command. The big take-away here is that you need the beginning and ending quote before you can type any special characters. To confirm, you can view the passphrase unencrypted by typing “encrypt disable” and then “show wlan SSID-profile test-ssid_profile”.

TAC says they have added this procedure to their documentation.

…till next time!