standby 1 autthentication md5 key-string 7 example

Answered Question
Jan 22nd, 2009

Hi every body!

Could any body please give an example of standby 1 authentication md5 key-string 7?

Thanks a lot!

Correct Answer by Mark Yeates about 8 years 3 weeks ago

I may have unnecessarily confused you earlier. The service password encryption will encrypt passwords and encryption strings so that they are not clear text in the configuration. Service password-encryption will take "test" and encrypt it to "071B245F5A". The "071B245F5A" is the encrypted sting of "text". In order to have an encrypted password it must be followed by "7" so the router will know that it is encrypted otherwise "071B245F5A" would be your authentication key, and not test. Service password-encryption does not have to be enabled.

I hope this may have cleared up any confusion,

Mark

Correct Answer by lejoe.thomas about 8 years 3 weeks ago

Hi Sarah,

As you correctly pointed we append do show when in interface or global config mode to view show commands.

The include or (i) command includes only those lines in the configuration containing the regular expression specified.

eg: show run | i standby

shows only lines including "standby". Note that the text specified (standby) is case-sensitive. It provides the necessary filter to your output. In the above case, standby pertains to HSRP, so it shows configuration specific to HSRP.

The documentation below might help

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gtshfltr.html

Lejoe

Correct Answer by Mark Yeates about 8 years 3 weeks ago

You would not include the "7" if the string is not already encrypted. You would just type:

standby 1 authentication md5 key-string test

If you have service password-encryption enabled then it would automatically encrypt the string.

Then you would look at the config and it would like this:

standby 1 authentication md5 key-string 7 071B245F5A

Since I already have the string (example above) previously encrypted I can copy and paste the line in and you would need to include the "7".

Note: This is also the same with passwords too.

HTH,

Mark

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
Giuseppe Larosa Thu, 01/22/2009 - 11:35

Hello Sarah,

you can see the difference on using the 7 option:

even if your router is not configured for password encryption (service password encrpytion global command) the password will be coded and when you do sh run you will see an hash instead of the password you entered.

This is seen as a security measure so that someone looking at your screen cannot read the password on the fly or at the printer when you print the config file.

Hope to help

Giuseppe

sarahr202 Thu, 01/22/2009 - 17:25

Thanks a lot Giuseppe!

Mark says we wont enter the"7" in following command:

standby 1 authentication md5 key-string 7 test.

If "7" means that encrypted value of"test" be used, then question is how we find that encrpted value of"test" if service password-encrption is not configured.

If the whole point of using "7" is to encrpt the "test", then one can use only service password-encryption.

I aplogise for repeating the same problem becuase i still did not get it.

thanks a lot!

Mark Yeates Thu, 01/22/2009 - 11:46

An example of a key string would be:

standby 1 authentication md5 key-string 7 071B245F5A

If you decrypted the string it would read test.

HTH,

Mark

sarahr202 Thu, 01/22/2009 - 15:23

Thanks a lot Mark

Is following the correct:

we configure the command "standby 1 authentication md5 key-string 7 test"

The "7" causes the string"test" to encrypted which would appear as 071B245F5A in configuration.

Am i correct?

thanks a lot!

Correct Answer
Mark Yeates Thu, 01/22/2009 - 16:16

You would not include the "7" if the string is not already encrypted. You would just type:

standby 1 authentication md5 key-string test

If you have service password-encryption enabled then it would automatically encrypt the string.

Then you would look at the config and it would like this:

standby 1 authentication md5 key-string 7 071B245F5A

Since I already have the string (example above) previously encrypted I can copy and paste the line in and you would need to include the "7".

Note: This is also the same with passwords too.

HTH,

Mark

sarahr202 Thu, 01/22/2009 - 17:16

thanks Mark!

That means "service password-encrption" must be configured to get the word "test" encrpted in the the command" standy 1 authentication md5 key-string test". Then we copy and paste the encrpted word in the command" standby 1 authentication 7xxxxxxxxxx".

Is it correct concept?

thanks alot!

Edison Ortiz Thu, 01/22/2009 - 17:57

RSRack1R2#sh run | i no service

no service password-encryption

!

!

RSRack1R2#conf t

Enter configuration commands, one per line. End with CNTL/Z.

RSRack1R2(config)#int f0/0

RSRack1R2(config-if)#standby 1 authentication md5 key-string test

!

!

!

RSRack1R2(config-if)#do show run | i standby

standby 1 authentication md5 key-string test

!

!

RSRack1R2(config-if)#service password

RSRack1R2(config)#do show run | i standby

standby 1 authentication md5 key-string 7 03105E1812

sarahr202 Thu, 01/22/2009 - 18:43

Thanks a lot Edison!

Excuse me for being dumb.

RSRack1R2(config)#do show run | i standby

what does above command? I googled it but only found out how we can use "do show" in interface mode to avoid going back and forth in enabled mode just to view the configuration.

But you used" / i standby" with" do show" command,Could you please explain to me what does this command do?

Just hunch, does it show the configuration pertaining to hrsp?

Correct Answer
lejoe.thomas Thu, 01/22/2009 - 19:18

Hi Sarah,

As you correctly pointed we append do show when in interface or global config mode to view show commands.

The include or (i) command includes only those lines in the configuration containing the regular expression specified.

eg: show run | i standby

shows only lines including "standby". Note that the text specified (standby) is case-sensitive. It provides the necessary filter to your output. In the above case, standby pertains to HSRP, so it shows configuration specific to HSRP.

The documentation below might help

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gtshfltr.html

Lejoe

Correct Answer
Mark Yeates Thu, 01/22/2009 - 19:22

I may have unnecessarily confused you earlier. The service password encryption will encrypt passwords and encryption strings so that they are not clear text in the configuration. Service password-encryption will take "test" and encrypt it to "071B245F5A". The "071B245F5A" is the encrypted sting of "text". In order to have an encrypted password it must be followed by "7" so the router will know that it is encrypted otherwise "071B245F5A" would be your authentication key, and not test. Service password-encryption does not have to be enabled.

I hope this may have cleared up any confusion,

Mark

Actions

This Discussion