Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
623
Views
0
Helpful
1
Replies

Configuring TACACS on a 1900

Go to solution
lane_frazier
Level 1
Level 1

‎02-01-2006 05:28 PM - edited ‎03-10-2019 02:27 PM

Pardon me if this question belongs on the General Security Forum

I have read the Document ID:9906 Configuring TACACS+ on the Catalyst 1900.

I have a 1924 configuration that has TACACS on it. The switch is not on my network yet...I'm using a console cable to configure it. I have tftp a running config over to nvram. Some how in the process I have an enable password level 15 xxxxx left in the config.

When I log into the sw and go into enable mode...tacacs has to time out several times before I can get in.

My question has to do with enable secret password vs having enable password level 15

Right now I have both..To make my configurations match what is in the rest of my network that is online, I need to remove the enable password level 15 xxxx (pretend xxxx is the pw)command because its pw is not encrypted.

That would leave me with the lone enable secret password.

My concern is when I take the enable password level 15 off...I may not be able to get back into my switch!

enable-use-tacacs

and

tacacs-server last-resort password

are both in my configuration

Can I take the enable password level 15 xxxx out leaving the enable secret in and not get locked out of the switch?

Keep in mind that the 1924 is not on my network yet...I have to drive several hundred miles to install it and don't want to have any troubles when I get there with it.

Thanks for your help.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
pkhatri
Level 11
Level 11

‎02-01-2006 05:57 PM

Hi,

The major difference between the enable password and the enable secret password is that the encrypted enable password uses a reversible cryptographic function and the plain-text password can be recovered using the encrypted password. The enable secret password, however, uses a non-reversible cryptographic function.

The only time the enable password is used is if the enable secret password is disabled (or you are using an old image that does not support the enable secret password).

Therefore, it should be perfectly safe for you to remove the enable password. You will not get locked out of the switch as long as you know the enable secret password.

Hope that helps - pls rate the post if it does.

Paresh

View solution in original post

0 Helpful
1 Reply 1

Go to solution
pkhatri
Level 11
Level 11

‎02-01-2006 05:57 PM

Hi,

The major difference between the enable password and the enable secret password is that the encrypted enable password uses a reversible cryptographic function and the plain-text password can be recovered using the encrypted password. The enable secret password, however, uses a non-reversible cryptographic function.

The only time the enable password is used is if the enable secret password is disabled (or you are using an old image that does not support the enable secret password).

Therefore, it should be perfectly safe for you to remove the enable password. You will not get locked out of the switch as long as you know the enable secret password.

Hope that helps - pls rate the post if it does.

Paresh

0 Helpful
Customers Also Viewed These Support Documents