Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8366
Views
4
Helpful
4
Replies

Type 5 Passwords on line con 0 and line vty 0 4

Go to solution
bradley.trotter
Level 1
Level 1

‎07-19-2006 05:21 AM - edited ‎03-03-2019 04:07 AM

Hi all,

I have a requirement to have all passwords on my network infrastructure devices to have type 5 (MD5) passwords vs. the type 7 passwords. I'm running IOS version 12.2 on my devices. Is it possible to accomplish this? Or would doing this require ACS or something equivalent. Thank you,

Brad Trotter

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
beball
Level 1
Level 1

‎07-19-2006 11:49 AM

Brad - You can accomplish this by using the local user database & login local. For example:

user admin priv 15 secret Adm1nP@$$w0rd

!

line con 0

login local

line vty 0 4

login local

Now when you look at the config you'll see that the admin password has been MD5 encrypted. HTH.

Ben.

View solution in original post

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to beball

‎07-19-2006 12:01 PM

Ben

When I read the original post I was thinking primarily of console and vty passwords. Your suggestion of login local redefines that scope. You are correct that Cisco has added the capability of secret encryption to passwords for local user definition.

I retract my assertion that the level of encryption could not be achieved and agree that your suggestion will probably get them there.

HTH

Rick

HTH

Rick

View solution in original post

4 Replies 4

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎07-19-2006 05:28 AM

Brad

I do not know who established this requirement but they are requiring you to do something that can not be done. Type 5 encryption (MD5) is for enable secret. Cisco has not implemented that type of encryption for console or vty passwords. If you use ACS then the passwords that are normally used can be protected on the server (or you can use one time passwords which are even more safe). But for the passwords that are configured on the router type 7 is as good as you are going to get.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
beball
Level 1
Level 1

‎07-19-2006 11:49 AM

Brad - You can accomplish this by using the local user database & login local. For example:

user admin priv 15 secret Adm1nP@$$w0rd

!

line con 0

login local

line vty 0 4

login local

Now when you look at the config you'll see that the admin password has been MD5 encrypted. HTH.

Ben.

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to beball

‎07-19-2006 12:01 PM

Ben

When I read the original post I was thinking primarily of console and vty passwords. Your suggestion of login local redefines that scope. You are correct that Cisco has added the capability of secret encryption to passwords for local user definition.

I retract my assertion that the level of encryption could not be achieved and agree that your suggestion will probably get them there.

HTH

Rick

HTH

Rick

Go to solution
bradley.trotter
Level 1
Level 1
In response to Richard Burts

‎07-19-2006 09:27 PM

Thank you all for your responses. I was hoping to not use the local user database as we have a lot of turn over in our business (People coming and going every 2 years or so). We were using a trail version of ACS and thought it was great. We were suppose to be getting a license for it, I'll have to check up on that. Thank you all again,

Brad Trotter

USAF

0 Helpful
Customers Also Viewed These Support Documents