Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
13924
Views
3
Helpful
7
Replies

How to configure level 9 enable secret on IOS-XE

Go to solution
Ricky Sandhu
Level 3
Level 3

‎01-24-2024 07:43 AM

Hi everyone, need some advice. Recently upgraded IOS-XE to version 16.12.x (Gibraltor) and it removed my enable secret which was using level 5 encryption. Looks like this version of IOS-XE doesn't support level 5 secrets and removes all credentials that use these.   How can I configure enable secret with level 9 encryption before I upgrade the IOS to the new version? When I type enable secret 9 ... it is asking to specify a SCRYPT HASHED secret. However if I type enable secret followed simply by the password, it again encrypts it with level 5 by default.

RickySandhu_0-1706110893276.png

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
liviu.gheorghe
VIP
VIP

‎01-24-2024 08:02 AM

Hello @Ricky Sandhu ,

to configure the enable password with level 9 encryption, use the following command:

enable algorithm-type scrypt secret 

 

Regards, LG
*** Please Rate All Helpful Responses ***

View solution in original post

7 Replies 7

Go to solution
M02@rt37
VIP
VIP

‎01-24-2024 07:46 AM

Hello @Ricky Sandhu 

If a device is upgraded from Cisco IOS XE Fuji 16.9.x, Cisco IOS XE Gibraltar 16.10.x, or Cisco IOS XE Gibraltar 16.11.x to Cisco IOS XE Gibraltar 16.12.x, the type 5 secret is auto-converted to convoluted type 9 secret. After the device is upgraded, run the write memory command in privileged EXEC mode for the convoluted type 9 secret to be permanently written into the startup configuration.

=> Plain text passwords are converted to nonreversible encrypted password type 9.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Go to solution
MHM Cisco World
VIP
VIP

‎01-24-2024 07:49 AM

https://defaultgateway.org/2021/08/28/move-to-type-9-password/

check this link 

NOTE:- please dont WR config until you sure that the password is work and can access to config+t, in case the password is not work you can reload and return to point before config enable type 9 password 

thanks and be careful 
MHM

Go to solution
liviu.gheorghe
VIP
VIP

‎01-24-2024 08:02 AM

Hello @Ricky Sandhu ,

to configure the enable password with level 9 encryption, use the following command:

enable algorithm-type scrypt secret 

 

Regards, LG
*** Please Rate All Helpful Responses ***

Go to solution
Ricky Sandhu
Level 3
Level 3

‎01-24-2024 08:48 AM

THank you all for your valuable input.  @liviu.gheorghe this is exactly what I needed.  

Also thanks to M02@rt37 and @MHM Cisco World for your input.  

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to Ricky Sandhu

‎01-24-2024 08:51 AM

You are so welcome friend 

MHM

0 Helpful

Go to solution
shekhawatakash20
Level 1
Level 1

‎12-31-2024 03:51 AM

what is pre-requisites for enable secret 9?

can we configure on asr1001x? 

0 Helpful

Go to solution
Devaa
Spotlight
Spotlight

‎12-31-2024 06:16 AM

I just validated in one of the ASR1000 models, the cmd is available. It should work as expected. 

enable algorithm-type scrypt secret <secret-password>

 

0 Helpful
Customers Also Viewed These Support Documents