Changing DPSK character length deleted all our previous DPSKs

  • 3
  • Question
  • Updated 2 years ago
We just had a mini-crisis working with the DPSK settings. To make it easier for our mobile users who have to manually enter a generated DPSK, we changed the number of characters required for the Dynamic PSK passphrase from 12 to 8. This ~immediately~ caused all our previously generated DPSKs to be deleted from our system, with no warning whatsoever. Thankfully I had a ZD backup from yesterday and I was able to restore everything within a few minutes, but this was a completely unexpected and disturbing behavior.

The thing is, when we had first started testing the DPSK feature, we used the default 62 character passphrase for some of our initial mobile devices, but we then changed it to 12 characters to make it easier to copy and paste for devices that required manual PSK entry. When we made the change back then, I do not recall that this erased all the previously generated 62 character PSKs.

What bothers me is that this is not documented at all in the User Guide, nor is there any warning or indication in the WLAN setting screen when the number of characters for the DPSK passphrase is changed. Is this supposed to be expected behavior? If so, why is there no warning whatsoever in light of the catastrophic consequences that this simple change can cause?

Photo of Ken Yeh

Ken Yeh

  • 24 Posts
  • 1 Reply Like

Posted 2 years ago

  • 3
Photo of Michael Brado

Michael Brado, Official Rep

  • 1982 Posts
  • 277 Reply Likes
I wasn't aware of this behavior, but certainly agree that there should be a warning.
I've filed a Field Request with the development engineers.  (FR-1991)
(Edited)
Photo of Ken Yeh

Ken Yeh

  • 24 Posts
  • 1 Reply Like
Thanks, Michael. We are on firmware 9.8.3.0 build 14.
Photo of Marco Eichstetter

Marco Eichstetter

  • 130 Posts
  • 7 Reply Likes
Hi,

you are right.
I had same issue/Problem, too.

There really should be a warning.

KR
Marco
(Edited)
Photo of Julian

Julian

  • 2 Posts
  • 0 Reply Likes
Yes, me too. No warning and nothing in the documentation. Other settings in the same area, such as expiry time specifically state it will not impact existing keys. The D-PSK Generation per user setting also causes no issues. We have a recent backup but having been burnt once I'm just waiting on Ruckus to confirm this will restore the PSK's although comments above suggest this is the case.  Firmware 9.12.0.0 build 336. Update: Resolved by a full backup restore as per other posters comments. Not impressed by the technical advice received by the Ruckus engineers over the phone. They could not confirm a restore would restore the keys - apparently "sometimes it does". They could not confirm which type of restore I should use and changed their advice after being questioned. In the end I was convinced they didn't know and simply did not want to admit that. I would have preferred honesty.
(Edited)
Photo of Monnat Systems

Monnat Systems, AlphaDog

  • 717 Posts
  • 151 Reply Likes
I just checked, once you change the char from X numbers to Y numbers, there is no alert or warning.. Warning should be there...
I am on 9.8 version...
(Edited)
Photo of Monnat Systems

Monnat Systems, AlphaDog

  • 717 Posts
  • 151 Reply Likes
this change has to go into unleashed too... no warning or alert..
(Edited)
Photo of Michael Brado

Michael Brado, Official Rep

  • 1982 Posts
  • 277 Reply Likes
I've raised a bug for both ZoneDirector and Unleashed platforms.
Thanks for your feedback Forums!