Console Password on 8300 Router cannot exceed 15 characters

rpidcock@bankrcb.net · ‎05-24-2021

Does anyone have experience with new 8300 series Edge platform routers. I have two new 8300's that I was about to put into production when I discovered that my console password was not working properly. The particular password that I set on the device was 17 characters in length. I set the same password for the local user account and my enable secret. The password works properly when using the local credentials for a vty session, however, when trying to use the same local credentials for a console connection it fails. Similarly, the enable secret password works properly in a vty session but not in a console session. Has anyone experienced this? Any ideas? I am currently running Amsterdam 17.3.3 on this device. I upgraded the other to Bengalaru 17.5.1a, problem still exists. Trying to determine if this is a hardware issue or software; I have numerous 4K's in my environment that do not have this issue running on 17.3.3

balaji.bandi · ‎05-24-2021

how about using below command :

aaa common-criteria policy
min-length 15 << Cisco IOS XE router enforces a minimum password length of "15" characters.

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_aaa/configuration/xe-17/sec-usr-aaa-xe-17-book/sec-aaa-comm-criteria-pwd.html#GUID-CD4DDC3F-1DC1-467F-BC14-DD40BCC21A4D

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

rpidcock@bankrcb.net · ‎05-24-2021

Additional information. I completely reset the device, performed write erase and reload. After coming up with no config I configured just minimal configuration to establish IP connectivity via a VTY session. (See below)

!
username localuser privilege 15 secret 15CharacterP@ss
enable secret 15CharacterP@ss
no enable password
!

line con 0

login local

stopbits 1

line aux 0

stopbits 1

line vty 0 4

login local

transport input ssh

!

After establishing a VTY session I could successfully disconnect and reconnecting using the local user and 15 character password. Additionally I could exit out of enable mode and return to enable mode using the 15 character password. Same for console session, could logout and login and also exit enable mode and re-enter enable mode. No problem with 15 character password.

Then I used a 16 character password (see below)

!
username localuser privilege 15 secret 16CharacterP@ss!
enable secret 16CharacterP@ss!
no enable password
!

Tested same actions again after reconfiguring the local user and enable secret to use the 16 character password. The results are successful on a VTY session but fail on console session.

I've tried the same on multiple versions of code 17.3.2, 17.3.3, and also 17.5.1a.

khaskin011 · ‎09-30-2023

I’m having same issue. Did you ever get this issue resolved?

rpidcock@bankrcb.net · ‎09-30-2023

I did discover a solution to this problem. In my scenario this was caused by the fact that my serial port was configured on a VM within a host and there was something weird with the serial port settings on the VM.
I eventually tested the same on a physical comm port vs. the serial port on the host of the VM, and I was successful to use a password exceeding 15 characters. Long story short, this was not a Cisco problem but rather a problem with the serial port I was using for connectivity.

Thanks,
Richard

paul driver · ‎09-30-2023

Hello

rpidcock@bankrcb.net wrote:

Additional information. I completely reset the device, performed write erase and reload. After coming up with no config I configured just minimal configuration to establish IP connectivity via a VTY session. (See below)

username localuser privilege 15 secret 15CharacterP@ss
enable secret 15CharacterP@ss
no enable password

Apply the following:

password encryption aes
username localuser privilege 15 algorithm-type scrypt secret xxxxx
aaa authentication login default local
aaa authorization console
aaa authorization exec default local if-authenticated

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul