Re: Using type 6 passwords for TACACS on a 2960X switch with version 15.2(7)E3

PaulBlais6702 · ‎11-20-2020

I am looking to update my type 7 keys for the type 6 keys in the tacacs server commands. I updated a test switch 2960X-LPS-L to 15.2(7).E3 which the release notes state you can use the type 6 keys now. However, I have added the key config-key password-encrypt <password> command and the password encyption aes. I then removed the tacacs servers from the list of servers and added them with clear-text keys but they go back to type 7 keys. I reloaded the switch and still no change. Does anyone know of a way to use the type 6 keys for tacacs on 2960X switches?

DavidFarinsky43246 · ‎03-30-2021

I have the same issue, I'm assuming that type 6 is not fully supported on the 2960's. I opened a TAC case and the engineer is looking for documentation that states that type 6 is not supported.

PaulBlais6702 · ‎03-31-2021

Thanks for responding. Once you find something out, please respond back to the community on this. I submitted this question just in case there was something that I was missing in the configuration but I do think it isn't supported on the older technology.

Thanks,

Paul

davidfarinsky · ‎03-31-2021

Paul,

This is what I received from the TAC engineer:

There is no official documentation that explicitly talks about key 6 encryption on 2960’s switches, however there are multiple cases documented internally that provide enough evidence regarding compatibility for this key with 2960’s. This has been confirmed by me as well as my switching team colleague. Please let me know any questions that you have.