Solved: ASA user encrypted passwords on 2960

lcaruso · ‎02-24-2011

Hi,

I need to create the same accounts for a few folks on a switch that exist on an ASA. When I try and copy the encrypted password over, it tells me it's an invalid encrypted password.

This switch is running 12.2(53).

Is there anyway to do this without asking the user for their password?

Collin Clark · ‎02-24-2011

Back in the PIX days you could copy the config from the firewall to a TFTP server and the passwords would be in plain text. I'm not sure is the ASA does that as well, but it won't hurt to try. IMO once you have to add users to more than 1 device, you might as well implement AAA across all of them. It will make your life easier in the long run.

View solution in original post

Collin Clark · ‎02-24-2011

Try this-

aaa new-model

!

aaa authentication login default local enable

username username password the_password

line vty 0 15

login authentication default

Please test before implementing. You can also use secret instead of the password above and it will create a non-reversible hash.

View solution in original post

Collin Clark · ‎02-24-2011

Back in the PIX days you could copy the config from the firewall to a TFTP server and the passwords would be in plain text. I'm not sure is the ASA does that as well, but it won't hurt to try. IMO once you have to add users to more than 1 device, you might as well implement AAA across all of them. It will make your life easier in the long run.

lcaruso · ‎02-24-2011

we have a very small group that manages a lot of ASAs, and we use AAA Local for all of that across all clients, so it seems to work well.

I'd like to do the same on the switches we manage but the AAA models are different on the switches, or at least they don't take the ASA commands.

Do you know how to implement AAA Local for all authentication on a switch?

Collin Clark · ‎02-24-2011