06-03-2014 09:00 AM - edited 03-07-2019 07:37 PM
I would like to setup an MD5 passwords under the VTY, CON, and AUX line ports but the IOS (c2951-universalk9-mz.SPA.151-4.M1.bin) only let's me setup a "7" hidden password. Is there anyway to do this?
Solved! Go to Solution.
06-03-2014 12:37 PM
If you're using TACACS+ as your primary authentication method, then you dont need to put either a password or "login local" under your line configurations.
Instead, you use aaa new-model and setup authentication method list that includes the TACACS server group as the primary method (and local as fallback). A local username is there for use if and only if the configured TACACS servers are unavailable.
Have a look at the Cisco Validated Design page at Campus Wired LAN Technology Design Guide - April 2014 (specifically steps 10 and 11 on pages 26-27) for more details.
06-03-2014 09:46 AM
If you want to use MD5 passwords, specify "login local" under the line commands. then create local usernames with MD5 passwords, e.g.:
username gsanin privilege 15 secret <plaintext password>
The cli parser will encrypt your plaintext entry after you enter the command and the running-configuration will store the password in its encrypted form.
06-03-2014 10:18 AM
Marvin,
Thank you for your reply.
We are also using TACACS+, will I still need to create a local username? I guess the point is to be able to access the device via out of band, so I would still need the local username. Is that an accurate assumption?
Thanks again.
06-03-2014 12:37 PM
If you're using TACACS+ as your primary authentication method, then you dont need to put either a password or "login local" under your line configurations.
Instead, you use aaa new-model and setup authentication method list that includes the TACACS server group as the primary method (and local as fallback). A local username is there for use if and only if the configured TACACS servers are unavailable.
Have a look at the Cisco Validated Design page at Campus Wired LAN Technology Design Guide - April 2014 (specifically steps 10 and 11 on pages 26-27) for more details.
06-03-2014 12:51 PM
Thank you Marvin. I really appreciate your help on this.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide