Hello,
preparing deployment batch of C9500(-48Y/-24Y) currently running IOS XE 17.03.04
Want to bring our config template to current century and get rid of type 7 passwords.
So far managed to success for tacacs, enable and local user.
Last troublesome spot seems to be routing protocols, BGP and OSPF in my case.
This code snippet shows last two points in config I didn't find way how to get rid off type 7 password (clear text not counting)
key config-key password-encrypt <master password>
password encryption aes
interface Hu1/0/25
description uplink
no switchport
ip address 111.111.111.111 255.255.255.252
ip ospf bfd
ip ospf network point-to-point
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 7 <secret>
router bgp <as>
template peer-session BACKBONE
remote-as <as>
transport path-mtu-discovery
password 7 <secret>
neighbor <route reflector> inherit peer-session BACKBONE
address-family ipv4
neighbor <route reflector> activate
Even tried coping type 6 password from user definition, but that didn't worked. For OSPF stanza got error about not supported. For BGP I don't get error but connection is not working.
t1(config-if)#ip ospf message-digest-key 1 md5 6 <secret>
% OSPF: Type 6 password encryption is not supported
Is this not supported by Cisco yet or I'm missing something?
Thanks Michal