cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2011
Views
15
Helpful
7
Replies

Keys do not change from clear text to key 6th

Greetings Gents,

 

I have this IOS 15.2(7)E3 running on 2960X.

 

I have set:

 

(config)#key config-key password-encrypt ***

(config)#password encryption aes 

 

 However, my tacacs and radius keys do not get encrypted using 'key 6', like in this example. They are still shown in clear-text.

 

Configure the Encrypt Pre-shared Keys in Cisco IOS Router - Cisco

 

Could you please advise what else I am missing.

 

Thanks,

Edouard.

7 Replies 7

Milos_Jovanovic
VIP Collaborator VIP Collaborator
VIP Collaborator

Hi @EdouardZorrilla0939,

I believe you'll need command 'service password-encryption' (although I don't have switch next to me to be sure). Also, if I remember correctly, it might not be that this command will encrypt your already configured password, and that you'll have to retype them.

What I do remember is that you need to remember/save password used in 'key config-key password-encrypt XXX', as you won't be able to restore configuration later without it (in terms of password recovery).

BR,

Milos

Hi Milos,

 

The password-type 7 is weak, and I am looking to use password-type 6 using AES as encryption. 

 

tacacs server ABC
address ipv4 1.1.1.1
key cisco123

 

I need to encrypt the tacacs's key in our 2960x, but I can't.

 

I will open a ticket with Cisco TAC tomorrow.

 

Regards,

Edouard.

I believe you need to use the command " tacacs server key 6 key-name."

Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-2_7_e/release_notes/rn-1527e-2960x-xr.html

Hi Marvin,

 

Thanks for sharing this information. I have the following IOS version:

 

Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.2(7)E3, RELEASE SOFTWARE (fc3)

 

However, the command syntax " tacacs server key 6 key-name." is not available.

 

Best regards,

Edouard.

That's odd. It should work according to the documentation. Can you open a TAC case on it?

radics.tibor1974
Beginner
Beginner

Hello guys. I can confirm, it doesnt work.

I created a master key, then encrypted them via aes - at least tried to - but the clear text stays . Copy doesnt work too, although the same master key is used.

Has somebody already opened a TAC case. I´m really tired about open new cases, I already have some regarding other issues

I've opened a case with Cisco TAC and I will update you guys when I have meaningful information.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers