Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CNA and SHA256 usernames

All of my devices with 12.2(55) and higher have the username secrets encrypted with SHA256 as opposed to MD5.  You can see this in the show run output as:

username user secret 4 ......

as opposed to

username user secret 5....

 

Any of the older MD5 based devices are able to be managed via CNA and access via the web device manager, the newer with the SHA 256 cannot.  Anybody know how to make the https connections recognize these users?

1 REPLY
Hall of Fame Super Silver

I am surprised that CNA has a

I am surprised that CNA has a problem with the type 4 secret passwords and wonder if it is a version issue with CNA and if a more recent version of CNA would work better. But I believe that there is something that you can do to resolve the problem with the version of CNA that you are using. You can copy the line from the config of a device with the user name and the MD5 encrypted password and paste it into the config of your devices with the type 4 passwords. Even though the new code will prefer to create type 4 passwords it will understand and process a type 5 password in the config. I have done this kind of thing several times for customers and it works well.

 

Note that Cisco is moving away from the type 4 passwords because of a flaw in their implementation. You would wind up being more secure if you do replace the type 4 passwords with type 5 passwords.

 

HTH

 

Rick

29
Views
0
Helpful
1
Replies
CreatePlease login to create content