cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1297
Views
0
Helpful
0
Replies

replacing type 7 passwords IOS XE (BGP and OSPF)

ms339r001
Level 1
Level 1

Hello,
preparing deployment batch of C9500(-48Y/-24Y) currently running IOS XE 17.03.04

Want to bring our config template to current century and get rid of type 7 passwords.
So far managed to success for tacacs, enable and local user.

Last troublesome spot seems to be routing protocols, BGP and OSPF in my case.

 

This code snippet shows last two points in config I didn't find way how to get rid off type 7 password (clear text not counting)

key config-key password-encrypt <master password>
password encryption aes

interface Hu1/0/25 description uplink no switchport ip address 111.111.111.111 255.255.255.252 ip ospf bfd ip ospf network point-to-point ip ospf authentication message-digest ip ospf message-digest-key 1 md5 7 <secret> router bgp <as> template peer-session BACKBONE remote-as <as> transport path-mtu-discovery password 7 <secret> neighbor <route reflector> inherit peer-session BACKBONE
address-family ipv4
neighbor <route reflector> activate

Even tried coping type 6 password from user definition, but that didn't worked. For OSPF stanza got error about not supported. For BGP I don't get error but connection is not working.

t1(config-if)#ip ospf message-digest-key 1 md5 6  <secret>
% OSPF: Type 6 password encryption is not supported

Is this not supported by Cisco yet or I'm missing something?

Thanks Michal

 

 

0 Replies 0