02-06-2019 08:26 AM - edited 02-20-2020 09:45 PM
Does anyone know what encryption is replacing key 7 for Radius? We have been using key 7 for radius and have had no issues but we just purchased a new 9200 catalyst switch and when you apply the key 7 option it states that "password 7 will soon be depreciated and to migrate to a supported password type". Funny thing is there is no other options other that key 0, key 6 and key 7 when going through the configuration.
Any insight is greatly appreciated
02-06-2019 11:47 AM
Hi,
I haven't personally used the 9200 series switches yet, but if you are using ISE you do have the option to use RADIUS over DTLS or even IPSec, both of which would be considered more secure.
Reference here:-
HTH
05-14-2019 06:13 AM
I am having this same issue. We've used type 7 encryption for years. It makes sense to update this, however Cisco does make it a bit confusing. On the Cisco 9200 switch Radius configuration web page it states to enter the key with "radius-server key keystring." When I do that in the 9200 switch I get the following messages:
"#radius-server key keystring
WARNING: Command has been added to the configuration using a type 0 password. However, type 0 passwords will soon be deprecated. Migrate to a supported password type
US138-TU0-SW-001165(config)#
*May 14 13:06:59.416 UTC: %PARSER-5-HIDDEN: Warning!!! ' radius-server key keystring' is a hidden command. Use of this command is not recommended/supported and will be removed in future.
US138-TU0-SW-001165(config)#
*May 14 13:06:59.416 UTC: %AAAA-4-CLI_DEPRECATED: WARNING: Command has been added to the configuration using a type 0 password. However, type 0 passwords will soon be deprecated. Migrate to a supported password type"
So what command should we use to get the updated, and correct, type?
09-19-2019 12:16 AM
Hi All,
I too have this problem but on a 9300 and 9400 series. is this a bug? any fix ideas? I am running IOS XE Software, Version 16.09.03
thx for any help
10-09-2019 11:30 AM - edited 10-09-2019 11:35 AM
If you enable the strong password protection Type-6 passwords., you will not receive the warning.
Excellent info from Peter Paluch as always here: https://community.cisco.com/t5/switching/3850-fuji-16-9-code-tacacs-configuration/td-p/3831896
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide