Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8760
Views
5
Helpful
11
Replies

standby 1 autthentication md5 key-string 7 example

Go to solution
sarahr202
Level 5
Level 5

‎01-22-2009 11:27 AM - edited ‎03-06-2019 03:35 AM

Hi every body!

Could any body please give an example of standby 1 authentication md5 key-string 7?

Thanks a lot!

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Mark Yeates
Level 7
Level 7
In response to sarahr202

‎01-22-2009 04:16 PM

You would not include the "7" if the string is not already encrypted. You would just type:

standby 1 authentication md5 key-string test

If you have service password-encryption enabled then it would automatically encrypt the string.

Then you would look at the config and it would like this:

standby 1 authentication md5 key-string 7 071B245F5A

Since I already have the string (example above) previously encrypted I can copy and paste the line in and you would need to include the "7".

Note: This is also the same with passwords too.

HTH,

Mark

View solution in original post

0 Helpful

Go to solution
lejoe.thomas
Level 3
Level 3
In response to sarahr202

‎01-22-2009 07:18 PM

Hi Sarah,

As you correctly pointed we append do show when in interface or global config mode to view show commands.

The include or (i) command includes only those lines in the configuration containing the regular expression specified.

eg: show run | i standby

shows only lines including "standby". Note that the text specified (standby) is case-sensitive. It provides the necessary filter to your output. In the above case, standby pertains to HSRP, so it shows configuration specific to HSRP.

The documentation below might help

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gtshfltr.html

Lejoe

View solution in original post

0 Helpful

Go to solution
Mark Yeates
Level 7
Level 7
In response to sarahr202

‎01-22-2009 07:22 PM

I may have unnecessarily confused you earlier. The service password encryption will encrypt passwords and encryption strings so that they are not clear text in the configuration. Service password-encryption will take "test" and encrypt it to "071B245F5A". The "071B245F5A" is the encrypted sting of "text". In order to have an encrypted password it must be followed by "7" so the router will know that it is encrypted otherwise "071B245F5A" would be your authentication key, and not test. Service password-encryption does not have to be enabled.

I hope this may have cleared up any confusion,

Mark

View solution in original post

0 Helpful
11 Replies 11

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎01-22-2009 11:35 AM

Hello Sarah,

you can see the difference on using the 7 option:

even if your router is not configured for password encryption (service password encrpytion global command) the password will be coded and when you do sh run you will see an hash instead of the password you entered.

This is seen as a security measure so that someone looking at your screen cannot read the password on the fly or at the printer when you print the config file.

Hope to help

Giuseppe

0 Helpful

Go to solution
sarahr202
Level 5
Level 5
In response to Giuseppe Larosa

‎01-22-2009 05:25 PM

Thanks a lot Giuseppe!

Mark says we wont enter the"7" in following command:

standby 1 authentication md5 key-string 7 test.

If "7" means that encrypted value of"test" be used, then question is how we find that encrpted value of"test" if service password-encrption is not configured.

If the whole point of using "7" is to encrpt the "test", then one can use only service password-encryption.

I aplogise for repeating the same problem becuase i still did not get it.

thanks a lot!

0 Helpful

Go to solution
Mark Yeates
Level 7
Level 7

‎01-22-2009 11:46 AM

An example of a key string would be:

standby 1 authentication md5 key-string 7 071B245F5A

If you decrypted the string it would read test.

HTH,

Mark

0 Helpful

Go to solution
sarahr202
Level 5
Level 5
In response to Mark Yeates

‎01-22-2009 03:23 PM

Thanks a lot Mark

Is following the correct:

we configure the command "standby 1 authentication md5 key-string 7 test"

The "7" causes the string"test" to encrypted which would appear as 071B245F5A in configuration.

Am i correct?

thanks a lot!

0 Helpful

Go to solution
Mark Yeates
Level 7
Level 7
In response to sarahr202

‎01-22-2009 04:16 PM

You would not include the "7" if the string is not already encrypted. You would just type:

standby 1 authentication md5 key-string test

If you have service password-encryption enabled then it would automatically encrypt the string.

Then you would look at the config and it would like this:

standby 1 authentication md5 key-string 7 071B245F5A

Since I already have the string (example above) previously encrypted I can copy and paste the line in and you would need to include the "7".

Note: This is also the same with passwords too.

HTH,

Mark

0 Helpful

Go to solution
sarahr202
Level 5
Level 5
In response to Mark Yeates

‎01-22-2009 05:16 PM

thanks Mark!

That means "service password-encrption" must be configured to get the word "test" encrpted in the the command" standy 1 authentication md5 key-string test". Then we copy and paste the encrpted word in the command" standby 1 authentication 7xxxxxxxxxx".

Is it correct concept?

thanks alot!

0 Helpful

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame
In response to sarahr202

‎01-22-2009 05:57 PM

RSRack1R2#sh run | i no service

no service password-encryption

!

!

RSRack1R2#conf t

Enter configuration commands, one per line. End with CNTL/Z.

RSRack1R2(config)#int f0/0

RSRack1R2(config-if)#standby 1 authentication md5 key-string test

!

!

!

RSRack1R2(config-if)#do show run | i standby

standby 1 authentication md5 key-string test

!

!

RSRack1R2(config-if)#service password

RSRack1R2(config)#do show run | i standby

standby 1 authentication md5 key-string 7 03105E1812

Go to solution
sarahr202
Level 5
Level 5
In response to Edison Ortiz

‎01-22-2009 06:43 PM

Thanks a lot Edison!

Excuse me for being dumb.

RSRack1R2(config)#do show run | i standby

what does above command? I googled it but only found out how we can use "do show" in interface mode to avoid going back and forth in enabled mode just to view the configuration.

But you used" / i standby" with" do show" command,Could you please explain to me what does this command do?

Just hunch, does it show the configuration pertaining to hrsp?

0 Helpful

Go to solution
lejoe.thomas
Level 3
Level 3
In response to sarahr202

‎01-22-2009 07:18 PM

Hi Sarah,

As you correctly pointed we append do show when in interface or global config mode to view show commands.

The include or (i) command includes only those lines in the configuration containing the regular expression specified.

eg: show run | i standby

shows only lines including "standby". Note that the text specified (standby) is case-sensitive. It provides the necessary filter to your output. In the above case, standby pertains to HSRP, so it shows configuration specific to HSRP.

The documentation below might help

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gtshfltr.html

Lejoe

0 Helpful

Go to solution
sarahr202
Level 5
Level 5
In response to lejoe.thomas

‎01-23-2009 08:41 AM

Thanks a lot Lejoe!

0 Helpful

Go to solution
Mark Yeates
Level 7
Level 7
In response to sarahr202

‎01-22-2009 07:22 PM

I may have unnecessarily confused you earlier. The service password encryption will encrypt passwords and encryption strings so that they are not clear text in the configuration. Service password-encryption will take "test" and encrypt it to "071B245F5A". The "071B245F5A" is the encrypted sting of "text". In order to have an encrypted password it must be followed by "7" so the router will know that it is encrypted otherwise "071B245F5A" would be your authentication key, and not test. Service password-encryption does not have to be enabled.

I hope this may have cleared up any confusion,

Mark

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card