cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
260
Views
0
Helpful
1
Replies
martin.wisz
Beginner

DNA Center password encryption on network devices

This is a new deployment (ver 1.3.3.9) with only a handfull of devices in inventory.  I noticed there was no enable password listed in the device credentials.  I went and entered a password and the DNA center pushed an updated configuration via a EMM applet.  Two problems with what it pushed, it configured a sha256 encryption for the local admin user and for the enable password.  We utilize scrypt or type 9 encryption.  Is there a place where I can specify which algorithm to use when dealing with device passwords?  

 

The other issue was even though the action in the applet contained cli command "no event manager applet_NEW_CREDENTIAL" the applet was not deleted.  I entered that exact command and the applet was deleted.  Has anyone seen this issue before?

 

Any help is appreciated.

1 REPLY 1
Mike.Cifelli
VIP Advocate

Two problems with what it pushed, it configured a sha256 encryption for the local admin user and for the enable password.  We utilize scrypt or type 9 encryption.  Is there a place where I can specify which algorithm to use when dealing with device passwords?  

-Was this ever resolved? AFAIK from within DNAC no.  I would recommend submitting a feature request to your Cisco reps and/or using the make-a-wish from within DNAC to possibly get some visibility on this.  The only thing I can think of to try is to attempt using the DNAC config template editor or have the necessary scrypt config as a part of your base config when deploying a node prior to adding to inventory via discovery etc.

enable algorithm-type scrypt secret <password>
username <user> privilege 15 algorithm-type scrypt secret <password>

If the default was sha256 I would suggest figuring out how to test to ensure there are no hiccups with DNAC.  Maybe try manually modifying via CLI on an EN, and then re-sync the device in inventory to see if DNAC complains.  Good luck & HTH!