cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
243
Views
2
Helpful
5
Replies

Cisco CBS 350 ISE - Radius KEY

josue-espogeira
Level 1
Level 1

Hi!

I am trying to configure ISE setting and when it comes to insert the radius password I am receiving the below error:

encrypted radius-server host 192.168.1.2 key 7 143542050805263F75

OR

encrypted radius-server host 192.168.1.2 key  143542050805263F75

OR

encrypted radius-server host 192.168.1.2 key ORIGINAL KEY(not encrypted)

Error: % Decryption of encrypted value has failed

Any tip?

Thanks

1 Accepted Solution

Accepted Solutions

amikat
Level 7
Level 7

Hi,

The issue is that when using the "encrypted radius-server host" configuration command the system expects the MD5, ie. Type5 encrypted key NOT Type7 ("weak" encryption). So you should either supply Type5 encrypted key for the above command or use the "radius-server host" command.

Best regards,

Antonin

View solution in original post

5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

are you trying from command line ? what code running on the device, have you tried from GUI ?

we have test switch installed that worked for me sure.

encrypted radius-server host 10.10.10.10 key yyyyyyyyy

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi,

Thanks for your attention.

I have only cli access at the moment and the version is shown below:

sh ver
Active-image: flash://system/images/image_cbs_ros_3.4.0.17_release_cisco_signed.bin
Version: 3.4.0.17
MD5 Digest: 28587fc679ea6d83371f12955cf20caa
Date: 29-Nov-2023
Time: 17:21:25
Inactive-image: flash://system/images/image1.bin
Version: 3.2.1.1
MD5 Digest: 937212ebf51de43330b6f7967a7445ae
Date: 13-Feb-2023
Time: 01:12:59

 

thanks

 

 

amikat
Level 7
Level 7

Hi,

The issue is that when using the "encrypted radius-server host" configuration command the system expects the MD5, ie. Type5 encrypted key NOT Type7 ("weak" encryption). So you should either supply Type5 encrypted key for the above command or use the "radius-server host" command.

Best regards,

Antonin

it works!

Thank u soo much Antonin.

 

 

Hi,

Thanks for the update: well done. Please beware of the Type 7 encryption (B0ndalt1).

Best regards,

Antonin

Review Cisco Networking for a $25 gift card