standby 1 autthentication md5 key-string 7 example

Answered Question
Jan 22nd, 2009
User Badges:
  • Bronze, 100 points or more

Hi every body!

Could any body please give an example of standby 1 authentication md5 key-string 7?


Thanks a lot!

Correct Answer by Mark Yeates about 8 years 5 months ago

I may have unnecessarily confused you earlier. The service password encryption will encrypt passwords and encryption strings so that they are not clear text in the configuration. Service password-encryption will take "test" and encrypt it to "071B245F5A". The "071B245F5A" is the encrypted sting of "text". In order to have an encrypted password it must be followed by "7" so the router will know that it is encrypted otherwise "071B245F5A" would be your authentication key, and not test. Service password-encryption does not have to be enabled.


I hope this may have cleared up any confusion,

Mark

Correct Answer by lejoe.thomas about 8 years 5 months ago

Hi Sarah,


As you correctly pointed we append do show when in interface or global config mode to view show commands.


The include or (i) command includes only those lines in the configuration containing the regular expression specified.


eg: show run | i standby


shows only lines including "standby". Note that the text specified (standby) is case-sensitive. It provides the necessary filter to your output. In the above case, standby pertains to HSRP, so it shows configuration specific to HSRP.



The documentation below might help


http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gtshfltr.html


Lejoe

Correct Answer by Mark Yeates about 8 years 5 months ago

You would not include the "7" if the string is not already encrypted. You would just type:


standby 1 authentication md5 key-string test


If you have service password-encryption enabled then it would automatically encrypt the string.


Then you would look at the config and it would like this:


standby 1 authentication md5 key-string 7 071B245F5A


Since I already have the string (example above) previously encrypted I can copy and paste the line in and you would need to include the "7".



Note: This is also the same with passwords too.


HTH,

Mark

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
Giuseppe Larosa Thu, 01/22/2009 - 11:35
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Sarah,

you can see the difference on using the 7 option:


even if your router is not configured for password encryption (service password encrpytion global command) the password will be coded and when you do sh run you will see an hash instead of the password you entered.


This is seen as a security measure so that someone looking at your screen cannot read the password on the fly or at the printer when you print the config file.


Hope to help

Giuseppe


sarahr202 Thu, 01/22/2009 - 17:25
User Badges:
  • Bronze, 100 points or more

Thanks a lot Giuseppe!

Mark says we wont enter the"7" in following command:

standby 1 authentication md5 key-string 7 test.


If "7" means that encrypted value of"test" be used, then question is how we find that encrpted value of"test" if service password-encrption is not configured.


If the whole point of using "7" is to encrpt the "test", then one can use only service password-encryption.


I aplogise for repeating the same problem becuase i still did not get it.



thanks a lot!

Mark Yeates Thu, 01/22/2009 - 11:46
User Badges:
  • Gold, 750 points or more

An example of a key string would be:


standby 1 authentication md5 key-string 7 071B245F5A


If you decrypted the string it would read test.


HTH,

Mark

sarahr202 Thu, 01/22/2009 - 15:23
User Badges:
  • Bronze, 100 points or more

Thanks a lot Mark


Is following the correct:

we configure the command "standby 1 authentication md5 key-string 7 test"

The "7" causes the string"test" to encrypted which would appear as 071B245F5A in configuration.

Am i correct?

thanks a lot!

Correct Answer
Mark Yeates Thu, 01/22/2009 - 16:16
User Badges:
  • Gold, 750 points or more

You would not include the "7" if the string is not already encrypted. You would just type:


standby 1 authentication md5 key-string test


If you have service password-encryption enabled then it would automatically encrypt the string.


Then you would look at the config and it would like this:


standby 1 authentication md5 key-string 7 071B245F5A


Since I already have the string (example above) previously encrypted I can copy and paste the line in and you would need to include the "7".



Note: This is also the same with passwords too.


HTH,

Mark

sarahr202 Thu, 01/22/2009 - 17:16
User Badges:
  • Bronze, 100 points or more

thanks Mark!

That means "service password-encrption" must be configured to get the word "test" encrpted in the the command" standy 1 authentication md5 key-string test". Then we copy and paste the encrpted word in the command" standby 1 authentication 7xxxxxxxxxx".

Is it correct concept?

thanks alot!

Edison Ortiz Thu, 01/22/2009 - 17:57
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

RSRack1R2#sh run | i no service

no service password-encryption

!

!


RSRack1R2#conf t

Enter configuration commands, one per line. End with CNTL/Z.

RSRack1R2(config)#int f0/0

RSRack1R2(config-if)#standby 1 authentication md5 key-string test

!

!

!


RSRack1R2(config-if)#do show run | i standby

standby 1 authentication md5 key-string test

!

!


RSRack1R2(config-if)#service password

RSRack1R2(config)#do show run | i standby

standby 1 authentication md5 key-string 7 03105E1812

sarahr202 Thu, 01/22/2009 - 18:43
User Badges:
  • Bronze, 100 points or more

Thanks a lot Edison!


Excuse me for being dumb.


RSRack1R2(config)#do show run | i standby

what does above command? I googled it but only found out how we can use "do show" in interface mode to avoid going back and forth in enabled mode just to view the configuration.

But you used" / i standby" with" do show" command,Could you please explain to me what does this command do?


Just hunch, does it show the configuration pertaining to hrsp?


Correct Answer
lejoe.thomas Thu, 01/22/2009 - 19:18
User Badges:
  • Silver, 250 points or more

Hi Sarah,


As you correctly pointed we append do show when in interface or global config mode to view show commands.


The include or (i) command includes only those lines in the configuration containing the regular expression specified.


eg: show run | i standby


shows only lines including "standby". Note that the text specified (standby) is case-sensitive. It provides the necessary filter to your output. In the above case, standby pertains to HSRP, so it shows configuration specific to HSRP.



The documentation below might help


http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gtshfltr.html


Lejoe

sarahr202 Fri, 01/23/2009 - 08:41
User Badges:
  • Bronze, 100 points or more

Thanks a lot Lejoe!

Correct Answer
Mark Yeates Thu, 01/22/2009 - 19:22
User Badges:
  • Gold, 750 points or more

I may have unnecessarily confused you earlier. The service password encryption will encrypt passwords and encryption strings so that they are not clear text in the configuration. Service password-encryption will take "test" and encrypt it to "071B245F5A". The "071B245F5A" is the encrypted sting of "text". In order to have an encrypted password it must be followed by "7" so the router will know that it is encrypted otherwise "071B245F5A" would be your authentication key, and not test. Service password-encryption does not have to be enabled.


I hope this may have cleared up any confusion,

Mark

Actions

This Discussion