cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5401
Views
0
Helpful
6
Replies

Radius Server key

clark white
Explorer
Explorer

Dears,

whenever I specify the key for the radius server it comes type 7 as such below, if I m not wrong type 7 can be decrypted easily how I can use a encryption which cannot be decrypted.

radius server ISE-SERVERS-SEC

 address ipv4 10.X.X.1 auth-port 1645 acct-port 1646

 key 7 121608161C0C1E012B3F

thanks

6 Replies 6

Karsten Iwen
VIP Mentor VIP Mentor
VIP Mentor

Not all passwords can be protected efficiently. While there are functions in IOS to provide good security for login-passwords and VPN-PSK, I'm not aware of a similar function for RADIUS keys.

There are still some ways to provide security for your keys:

  • Never use unencrypted management sessions like Telnet or HTTP. Use SSH and HTTPS instead.
  • Use SNMPv3 instead of SNMPv2
  • When backing up your config use SCP instead of TFTP/FTP
  • use complex keys (you have to decide if "omangreat" is a good key)
  • use long keys as the length of the shown type 7 output relates to the length of the key/password
  • make sure there is no one sholdersurfing when working on your config

Dear

so you are confirming me that when we are configuring the radius host with a key command there is only type 7 key encryption apart from that we have to secure by the ways you have mentioned,

so my configs are correct I am not doing any mistakes for specifying the keys

Dears,

Anybody can confirm to me the above .

thanks

anybody can help me for my above query and also can confirm to me whether  there is another way best practices to configure the radius configuration on the switches.

thanks

At least it's a config that is shown in Cisco best practices and I assume that there is no "hidden gem" to protect these keys better than with type7.

Eman.Jr
Beginner
Beginner

Use type 6 password if your device supports it. Enter the following in global config and it will convert type 7 passwords to type 6

 

 

! Specify a password you want the system to use to encrypt 
hostname(config)# key config-key password-encrypt <password>
hostname(config)# password encryption aes
 
 
Reference:
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers