Hello,
preparing deployment batch of C9500(-48Y/-24Y) currently running IOS XE 17.03.04
Want to bring our config template to current century and get rid of type 7 passwords.
So far managed to success for tacacs, enable and local user.
Last troublesome spot seems to be routing protocols, BGP and OSPF in my case.
 
This code snippet shows last two points in config I didn't find way how to get rid off type 7 password (clear text not counting)
key config-key password-encrypt <master password>
password encryption aes
interface Hu1/0/25
 description uplink
 no switchport
 ip address 111.111.111.111 255.255.255.252
 ip ospf bfd
 ip ospf network point-to-point 
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 7 <secret>
router bgp <as>
  template peer-session BACKBONE
   remote-as <as>
   transport path-mtu-discovery
   password 7 <secret>
 neighbor <route reflector> inherit peer-session BACKBONE
address-family ipv4
 neighbor <route reflector> activate
Even tried coping type 6 password from user definition, but that didn't worked. For OSPF stanza got error about not supported. For BGP I don't get error but connection is not working.
t1(config-if)#ip ospf message-digest-key 1 md5 6  <secret>
% OSPF: Type 6 password encryption is not supported
Is this not supported by Cisco yet or I'm missing something?
Thanks Michal