08-22-2016 09:10 AM - edited 03-11-2019 12:01 AM
Dears,
whenever I specify the key for the radius server it comes type 7 as such below, if I m not wrong type 7 can be decrypted easily how I can use a encryption which cannot be decrypted.
radius server ISE-SERVERS-SEC
address ipv4 10.X.X.1 auth-port 1645 acct-port 1646
key 7 121608161C0C1E012B3F
thanks
08-22-2016 11:33 AM
Not all passwords can be protected efficiently. While there are functions in IOS to provide good security for login-passwords and VPN-PSK, I'm not aware of a similar function for RADIUS keys.
There are still some ways to provide security for your keys:
08-22-2016 02:30 PM
Dear
so you are confirming me that when we are configuring the radius host with a key command there is only type 7 key encryption apart from that we have to secure by the ways you have mentioned,
so my configs are correct I am not doing any mistakes for specifying the keys
08-24-2016 04:35 AM
Dears,
Anybody can confirm to me the above .
thanks
08-31-2016 01:01 PM
anybody can help me for my above query and also can confirm to me whether there is another way best practices to configure the radius configuration on the switches.
thanks
08-24-2016 04:37 AM
At least it's a config that is shown in Cisco best practices and I assume that there is no "hidden gem" to protect these keys better than with type7.
05-05-2022 07:23 AM
Use type 6 password if your device supports it. Enter the following in global config and it will convert type 7 passwords to type 6
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: