Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3301
Views
0
Helpful
4
Replies

Radius encryption options

williamehmke1
Level 1
Level 1

‎02-06-2019 08:26 AM - edited ‎02-20-2020 09:45 PM

Does anyone know what encryption is replacing key 7 for Radius? We have been using key 7 for radius and have had no issues but we just purchased a new 9200 catalyst switch and when you apply the key 7 option it states that "password 7 will soon be depreciated and to migrate to a supported password type". Funny thing is there is no other options other that key 0, key 6 and key 7 when going through the configuration.

 

Any insight is greatly appreciated

3 people had this problem
Labels:
0 Helpful
4 Replies 4

Rob Ingram
VIP
VIP

‎02-06-2019 11:47 AM

Hi,

I haven't personally used the 9200 series switches yet, but if you are using ISE you do have the option to use RADIUS over DTLS or even IPSec, both of which would be considered more secure.

 

Reference here:-

RADIUS over DTLS

RADIUS IPSec

 

HTH

0 Helpful

mbusiadmin
Level 1
Level 1

‎05-14-2019 06:13 AM

I am having this same issue.  We've used type 7 encryption for years.  It makes sense to update this, however Cisco does make it a bit confusing.  On the Cisco 9200 switch Radius configuration web page it states to enter the key with "radius-server key keystring."  When I do that in the 9200 switch I get the following messages:

 

"#radius-server key keystring
 WARNING: Command has been added to the configuration using a type 0 password. However, type 0 passwords will soon be deprecated. Migrate to a supported password type
US138-TU0-SW-001165(config)#
*May 14 13:06:59.416 UTC: %PARSER-5-HIDDEN: Warning!!! ' radius-server key keystring' is a hidden command. Use of this command is not recommended/supported and will be removed in future.
US138-TU0-SW-001165(config)#
*May 14 13:06:59.416 UTC: %AAAA-4-CLI_DEPRECATED: WARNING: Command has been added to the configuration using a type 0 password. However, type 0 passwords will soon be deprecated. Migrate to a supported password type"

 

So what command should we use to get the updated, and correct, type?

0 Helpful

piotrn001
Level 1
Level 1

‎09-19-2019 12:16 AM

Hi All,

 

I too have this problem but on a 9300 and 9400 series. is this a bug? any fix ideas? I am running IOS XE Software, Version 16.09.03

 

thx for any help

 

0 Helpful

serge123
Level 1
Level 1
In response to piotrn001

‎10-09-2019 11:30 AM - edited ‎10-09-2019 11:35 AM

If you enable the strong password protection Type-6 passwords., you will not receive the warning.

 

Excellent info from  Peter Paluch as always  here: https://community.cisco.com/t5/switching/3850-fuji-16-9-code-tacacs-configuration/td-p/3831896

 

 

0 Helpful
Customers Also Viewed These Support Documents