tacacs key not necrypted!

Answered Question
Dec 13th, 2007
User Badges:

Hi, i run IOS (tm) 7200 Software (C7200-JS-M), Version 12.1(8), RELEASE SOFTWARE (fc1) and i put a tacacs-server key PASS but even though i run service password-encryptio it does not encrypt the password. What might be the problem?

Correct Answer by Richard Burts about 9 years 6 months ago

VASILEIOS


What you are seeing is normal behavior for the version of code that you are running. The set of keys that are encrypted by service password-encryption has changed over time. More recent versions of IOS do encrypt the TACACS server key and the version of code that you are running does not. If it is important to you to have the TACACS server key be encrypted then you should plan to upgrade the version of code to a more recent version of code. I do not remember for sure the version where the TACACS key became encrypted but I believe that it was somewhere in 12.3T.


HTH


Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Correct Answer
Richard Burts Thu, 12/13/2007 - 04:07
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

VASILEIOS


What you are seeing is normal behavior for the version of code that you are running. The set of keys that are encrypted by service password-encryption has changed over time. More recent versions of IOS do encrypt the TACACS server key and the version of code that you are running does not. If it is important to you to have the TACACS server key be encrypted then you should plan to upgrade the version of code to a more recent version of code. I do not remember for sure the version where the TACACS key became encrypted but I believe that it was somewhere in 12.3T.


HTH


Rick

mohammedmahmoud Thu, 12/13/2007 - 04:24
User Badges:
  • Green, 3000 points or more

Hi,


Exactly Rick, i've faced this issue before on one of my VXRs, and i believe that the first IOS that encrypts the RADIUS and TACACS keys was "12.2(37)" i've it running till now (at least from the many IOSs that i've tried).


BR,

Mohammed Mahmoud.

v.matiakis Thu, 12/13/2007 - 04:32
User Badges:

Thanx anyone i thought it might be an IOS version issue ut i wanted to get an opinion of an expert.


thanx

Richard Burts Thu, 12/13/2007 - 04:35
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

VASILEIOS


I am glad that my answer was helpful. Thank you for using the rating system to indicate that your question was resolved (and thanks for the rating). It makes the forum more useful when people can read a question and can know that they will read an answer that resolved the question.


I encourage you to continue your participation in the forum.


Mohammed's response indicates that support for encrypting TACACS keys may have started earlier than what I remembered. So you may have to check several versions to see where that support began for your platform.


HTH


Rick

Actions

This Discussion