Enhanced username password security implementation query

Unanswered Question
May 27th, 2009

Hi All,

For the cisco router/switch to have MD5encryption password using the command..

username xyz privilege 15 secret 12345

Cisco documentation saying the 'login local' should not be enabled. Is that true. I have devices with no access issues using 'login local'. I might be missing something. please clarify..

Cisco DOC:

Restrictions

MD5 encryption for the username command is not supported in versions of Cisco IOS software prior to Cisco IOS Releases 12.0(18)S and 12.2(8)T.

You must not have the aaa-new model command enabled on the networking device. You must not have the login local command configured for the local CLI sessions over the console port or the remote CLI sessions.

TIA

MS

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Richard Burts Wed, 05/27/2009 - 11:01

MS

This makes no sense to me. Enabling aaa new-model or login local are the two ways that you get an IOS device to check for locally configured user and password for authentication.

I believe that either there must be something in the context of the original reference that changes the meaning or else it is an error in documentation that needs to be corrected.

[edit] I have just tested a user name with secret password (MD5 encrypted) with both login local and with aaa new-model and it works fine with each of the options.

HTH

Rick

mvsheik123 Wed, 05/27/2009 - 11:07

Hi Rick

Thanks for the quick reply. The doc is too long and may be 'enable secret' is the context (than username). I will cross check again.

Thanks

MS

Actions

This Discussion