Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
481
Views
0
Helpful
7
Replies

Catalyst 2950 - Radius

romuald.arnold
Level 1
Level 1

‎11-07-2005 04:42 AM - edited ‎03-03-2019 12:42 AM

Is it possible of crypter the password radius-server on a catalyst 2950. (example: "radius-server key 7 toto")?

Labels:
0 Helpful
7 Replies 7

ankurbhasin
Level 9
Level 9

‎11-07-2005 05:21 AM

Hi Romuald,

No you cannot encrypt the router key either with radius nor with tacacs.

HTH

Ankur

0 Helpful

attrgautam
Level 5
Level 5

‎11-07-2005 05:21 AM

Can u try service password-encryption. However this wil encrypt all passwords and secrets on the switch

Regds

0 Helpful

ankurbhasin
Level 9
Level 9
In response to attrgautam

‎11-07-2005 05:28 AM

Hi Gautaum,

It will surely not work. I have tried sometime back.

Regards,

Ankur

0 Helpful

Georg Pauwen
VIP
VIP

‎11-07-2005 05:29 AM

Hello,

the radius-server host password is encrypted with the ´service password-encryption´ global command. So, if you enter:

radius-server key 0 toto

and then enter the global command:

service password-encryption

the ´toto´ password will be level 7 encrypted.

Is that what you are asking ?

Regards,

GP

0 Helpful

ankurbhasin
Level 9
Level 9
In response to Georg Pauwen

‎11-07-2005 05:34 AM

Hi GP,

I tried on my layer 3 switch with tacacs and it did not worked.

service password-encryption was already configured and when I entered tacacs-server key 7 it did not worked also then I tried tacacs-server key 0 it did not worked.

Then finally Cisco confirmed me we cannot encrypt it.

Regards,

Ankur

0 Helpful

romuald.arnold
Level 1
Level 1
In response to Georg Pauwen

‎11-07-2005 05:37 AM

Hi,

First of all thank you for your answers.

I knew the order but on one 2950, it is not possible to use the fonciton "key 7" for example.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to romuald.arnold

‎12-01-2005 08:26 AM

Tagging on to this discussion from another thread in the forum:

Actually the answer to this question is very highly release dependent. Earlier releases did not support it. Current releases do. I am not sure where the change is and believe it may be a 12.3 (or maybe even a 12.3T) enhancement. I have quite a few routers (most with TACACS and some with Radius) where the key is encrypted. When I started with those routers the key was not encrypted. At some point in doing a software version upgrade the keys for TACACS/Radius started being encrypted.

The encryption of the TACACS/Radius key is part of the service password encryption. The service has been enhanced several times to increase the number of keys that it protects. If you have service password encryption enabled (and in a live network I hope that you do) and have a release that supports the new enhancement your TACACS/Radius key will be encrypted automatically. If your version of IOS does not support it yet the key will not be encrypted.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents