Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1333
Views
0
Helpful
0
Replies

replacing type 7 passwords IOS XE (BGP and OSPF)

ms339r001
Level 1
Level 1

‎11-26-2021 05:06 AM

Hello,
preparing deployment batch of C9500(-48Y/-24Y) currently running IOS XE 17.03.04

Want to bring our config template to current century and get rid of type 7 passwords.
So far managed to success for tacacs, enable and local user.

Last troublesome spot seems to be routing protocols, BGP and OSPF in my case.

 

This code snippet shows last two points in config I didn't find way how to get rid off type 7 password (clear text not counting)

key config-key password-encrypt <master password>
password encryption aes

interface Hu1/0/25
 description uplink
 no switchport
 ip address 111.111.111.111 255.255.255.252
 ip ospf bfd
 ip ospf network point-to-point 
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 7 <secret>

router bgp <as>
  template peer-session BACKBONE
   remote-as <as>
   transport path-mtu-discovery
   password 7 <secret>
 neighbor <route reflector> inherit peer-session BACKBONE
address-family ipv4
 neighbor <route reflector> activate

Even tried coping type 6 password from user definition, but that didn't worked. For OSPF stanza got error about not supported. For BGP I don't get error but connection is not working.

t1(config-if)#ip ospf message-digest-key 1 md5 6  <secret>
% OSPF: Type 6 password encryption is not supported

Is this not supported by Cisco yet or I'm missing something?

Thanks Michal

 

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents