Enhanced username password security implementation query

Unanswered Question
May 27th, 2009
User Badges:
  • Gold, 750 points or more

Hi All,

For the cisco router/switch to have MD5encryption password using the command..

username xyz privilege 15 secret 12345

Cisco documentation saying the 'login local' should not be enabled. Is that true. I have devices with no access issues using 'login local'. I might be missing something. please clarify..

Cisco DOC:


MD5 encryption for the username command is not supported in versions of Cisco IOS software prior to Cisco IOS Releases 12.0(18)S and 12.2(8)T.

You must not have the aaa-new model command enabled on the networking device. You must not have the login local command configured for the local CLI sessions over the console port or the remote CLI sessions.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Richard Burts Wed, 05/27/2009 - 11:01
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


This makes no sense to me. Enabling aaa new-model or login local are the two ways that you get an IOS device to check for locally configured user and password for authentication.

I believe that either there must be something in the context of the original reference that changes the meaning or else it is an error in documentation that needs to be corrected.

[edit] I have just tested a user name with secret password (MD5 encrypted) with both login local and with aaa new-model and it works fine with each of the options.



mvsheik123 Wed, 05/27/2009 - 11:07
User Badges:
  • Gold, 750 points or more

Hi Rick

Thanks for the quick reply. The doc is too long and may be 'enable secret' is the context (than username). I will cross check again.




This Discussion