Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2503
Views
0
Helpful
4
Replies

how to enable md5 type 5 password at 3560x switch ?

Md. Shaiful Islam
Level 1
Level 1

‎01-27-2014 11:02 PM - edited ‎03-07-2019 05:50 PM

We have a cisco 3560X  L3 switch deployed in one of our customer location. As per customer  requirement we need to enable OSPF md5 authentication with type 5  encrypted password. But looks like Type 5 password encryption is not  supported for OSPF authentication. 

ROB-STA-DHA-SW01(config-if)#ip ospf message-digest-key 1 md5 5 *******

% OSPF: Type 5 password encryption is not supported

We were able to configure OSPF authentication with  Type 7 MD5 encrypted password but customer is insisting on configuring  Type 5 MD5 encrypted password for OSPF authentication as per there  Security policy . Please let us know how we can enable type 5 password  md5 OSPF authentication in the switch. Following are the switch details.

Switch Ports Model              SW Version            SW Image                

------ ----- -----              ----------            ----------              

*    1 30    WS-C3560X-24       12.2(58)SE2           C3560E-UNIVERSALK9-M    

License Level: ipservices

License Type: Permanent

Next reload license Level: ipservices

can anyone please tell me at urgent basis, how to enable md5 type 5 password for ospf or it is not supported for following licenses ??

Labels:
0 Helpful
4 Replies 4

Sebastian Helmer
Level 5
Level 5

‎01-28-2014 04:52 AM

As Far as I know it is not possible and u can only hide the clear text config by enter the service password-encryption to prevent the clear text key to be visible in the config.

Sent from Cisco Technical Support iPad App

0 Helpful

Md. Shaiful Islam
Level 1
Level 1
In response to Sebastian Helmer

‎01-28-2014 10:39 AM

Thanks a lot for your response. Can you please clear me that, it is not possible only for switch (3560x with ip service lic)  ? becasue i am having CISCO 2821 Router & the MD5 type 5 password encription is taking for that router.

0 Helpful

Sebastian Helmer
Level 5
Level 5
In response to Md. Shaiful Islam

‎01-28-2014 11:12 AM

I never tired that and having no experience...but what I know is only that so far..

That is the type of the key. The "traditional values" are 0 or 7.
0 means that the following key is really the plaintext key.
7 means that the following key is "encrypted" with Ciscos own mechanism ("service password-encryption", more or less against shoulder-surfing then an encryption as it is reverible).
The newer type 3 is a key that's based on a 3des encryption. I'm only aware of NX-OS doing that.

So let's see if someone else has more details.. But when u say it works on another platform it seems to be a platform specific thing.

Sent from Cisco Technical Support iPad App

0 Helpful

mmehrota
Cisco Employee
Cisco Employee
In response to Sebastian Helmer

‎02-03-2014 06:40 AM

• Plain text and MD5 authentication among neighboring routers within an area is supported.

pls follow this link:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_55_se/configuration/guide/3560scg.pdf

page#37-24.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card