security wpa2 psk set-key ascii [psk]
Configures the pre-shared key (PSK) for WPA2 personal authentication on a WLAN, used to set the passphrase that clients must provide to associate securely.
security wpa2 psk set-key ascii [psk]When to Use This Command
- Setting a new WPA2 passphrase for a guest WLAN to ensure only authorized users can connect.
- Updating the PSK on an existing WLAN after a security breach or periodic rotation.
- Configuring a unique PSK for a management WLAN to separate administrative traffic from user traffic.
- Replacing an old PSK with a stronger, longer passphrase to improve wireless security.
Command Examples
Setting a WPA2 PSK for a WLAN
security wpa2 psk set-key ascii MySecurePass123WPA2 PSK configured successfully.
The command sets the PSK to 'MySecurePass123' for the current WLAN. The output confirms the key was accepted.
Verifying the PSK configuration
show wlan security wpa2 pskWLAN ID: 1 WLAN Name: Corporate PSK: <hidden> Key Management: WPA2-PSK
The output shows the WLAN ID, name, that the PSK is hidden for security, and the key management type. Use this to confirm the PSK is set.
Understanding the Output
The command 'security wpa2 psk set-key ascii [psk]' does not produce verbose output; it simply confirms success or failure. To verify the PSK configuration, use 'show wlan security wpa2 psk'. In the show command output, the 'PSK' field is always hidden (shown as '<hidden>') for security reasons. The 'Key Management' field should display 'WPA2-PSK' to confirm WPA2 personal mode is active. If the PSK is not set, the 'PSK' field may be absent or show 'not configured'. Always ensure the PSK is at least 8 characters and avoid common words to prevent brute-force attacks.
CCNA Exam Tips
CCNA exam tip: The PSK is always hidden in show commands; you cannot retrieve it, only set or overwrite it.
CCNA exam tip: The PSK must be between 8 and 63 ASCII characters; the exam may test this range.
CCNA exam tip: WPA2-PSK uses AES encryption; the exam may ask about encryption types.
CCNA exam tip: To remove the PSK, use 'no security wpa2 psk set-key'.
Common Mistakes
Mistake 1: Using a PSK shorter than 8 characters — the command will be rejected.
Mistake 2: Forgetting to apply the WLAN after setting the PSK — the configuration may not take effect until the WLAN is enabled or reapplied.
Mistake 3: Confusing WPA2-PSK with WPA2-Enterprise — the command only applies to personal mode; for enterprise, use RADIUS configuration.
Practice for the CCNA 200-301
Test your knowledge with hundreds of CCNA practice questions covering all exam domains.
Practice CCNA Questions