Showing results for 
Search instead for 
Did you mean: 

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.


commande "credentials username USER001 password 0 PASSWORD realm" not working


I have an issue with configuring a SIP account. My provider wants the username and password to be cleartext. As far as I'm aware, this can be accomplished by configuring the sip-ua credentials with the password option 0 (zero). But when I try this, the password option is automatically set to 7 (which implies that the password should be encrypted).

This is what I do:

UC_520#config t
Enter configuration commands, one per line.  End with CNTL/Z.
UC_520(config-sip-ua)#credentials username USER001 password 0 PASSWORD realm
Building configuration...
Compressed configuration from 56788 bytes to 23893 bytes[OK]
UC_520#sh configuration | begin sip-ua
credentials username USER001 password 7 00343235376C24342B realm

Any idea's what I'm doing wrong, or is this just a bug?

Kind regards,



What IOS version are you running? 

The encryption in IOS determines how the password is stored and displayed on the system, not how it is exchanged in the MD5 Digest authentication. What error are you receiving when trying to authenticate? Can you provide the "debug ccsip message"?


The IOS version is also important, as Steve suggests. We used to have a bug where IOS would display the password in clear text, but think it was already encrypted. This would cause registration issues since the password used would be wrong. But again, this has nothing to do with the Digest authentication.


Yes, thats where I was heading....but your right Marcos.  debug ccsip messages of the registration would help for sure.

I also saw an old bug where if the credentials were read from startup, even though showed clear text, it was encrypted.  But that was fixed a long time ago too.


Steve, Marcos,

Thank you for the fast reply. The version I'm using is 12.4(22)YB4.

The main question is not (yet) if the SIP setup negotiation is working, but why the password 0 option isn't working. According to the documentation that I read it should be. If I try it to use the option 0, it's automatically changed to option 7 in the configuration. I'm wondering why that is.

My SIP provider only has experience with Asterix systems and he told me that for those systems they require that the password and username are send as plain text. I presume that I need password option 0 to accomplish this, or am I wrong?


OK, so your fairly recent IOS (not the latest 15.0(1)XA, which is available in the UC 500 8.0.0 bundle FYI), but I am not surbe that was a supported release for UC500?  WHat bubdle are yuo using?   But this is moot since you should have all the latest bug fixes for problems I saw in earlier IOS.

What you may want to do, is what Marcos suggested and post it for us.

#term mon

#debug ccsip messages

Wait to see some REGISTRATION messages, or make a call, since if a UAC is not registered, the INVITE should be challenged and then credentials are passed.

We can see whats happening on the wire this way and see if the CLI is security only (so it cant be viewed in a 'show run') but actually gets passed in plain text....

# un all  <---turns of all debugging

John Platts

I know that credentials username USER001 password 0 PASSWORD realm changes to credentials username USER001 password 7 00343235376C24342B realm This is actually the expected behavior, and the 7 indicates that the password is an encoded password. Cisco IOS is able to decode the encoded password.

This is not what the "0" means. According to the documentation:

"0" : For all platforms except the Cisco 7600 series router, specifies that the clear-text password immediately following this value is MD5 encrypted.

For the Cisco 7600 series router, specifies that the clear-text password immediately following this value is not encrypted.

"5" : MD5-encrypted text string, which will be stored as the encrypted user password.

"7": Weak, reversible algorithm.

To use 7 or 5, here are the commands:

UC500(config)#username ggg password ?

  0     Specifies an UNENCRYPTED password will follow

  7     Specifies a HIDDEN password will follow

  LINE  The UNENCRYPTED (cleartext) user password

UC500(config)#username ggg secret ?

  0     Specifies an UNENCRYPTED secret will follow

  5     Specifies a HIDDEN secret will follow

  LINE  The UNENCRYPTED (cleartext) user secret

Hi guys,


I have the same problem happens here. After change the password 0  it change to encrypted.  I am using ISR4331 with SIP trunk VMAX.



Daniel Sobrinho

As mentioned several time, the number claim how the password is stored in configuration - it have nothing to do with the password use. You have no reason to care exact format of password the IOS is using internally. So it's unclear what problem you have.
Recognize Your Peers
How would you describe your level of technical expertise?