Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Catalyst 2950 - Radius

Is it possible of crypter the password radius-server on a catalyst 2950. (example: "radius-server key 7 toto")?

7 REPLIES

Re: Catalyst 2950 - Radius

Hi Romuald,

No you cannot encrypt the router key either with radius nor with tacacs.

HTH

Ankur

Silver

Re: Catalyst 2950 - Radius

Can u try service password-encryption. However this wil encrypt all passwords and secrets on the switch

Regds

Re: Catalyst 2950 - Radius

Hi Gautaum,

It will surely not work. I have tried sometime back.

Regards,

Ankur

VIP Purple

Re: Catalyst 2950 - Radius

Hello,

the radius-server host password is encrypted with the ´service password-encryption´ global command. So, if you enter:

radius-server key 0 toto

and then enter the global command:

service password-encryption

the ´toto´ password will be level 7 encrypted.

Is that what you are asking ?

Regards,

GP

Re: Catalyst 2950 - Radius

Hi GP,

I tried on my layer 3 switch with tacacs and it did not worked.

service password-encryption was already configured and when I entered tacacs-server key 7 it did not worked also then I tried tacacs-server key 0 it did not worked.

Then finally Cisco confirmed me we cannot encrypt it.

Regards,

Ankur

New Member

Re: Catalyst 2950 - Radius

Hi,

First of all thank you for your answers.

I knew the order but on one 2950, it is not possible to use the fonciton "key 7" for example.

Hall of Fame Super Gold

Re: Catalyst 2950 - Radius

Tagging on to this discussion from another thread in the forum:

Actually the answer to this question is very highly release dependent. Earlier releases did not support it. Current releases do. I am not sure where the change is and believe it may be a 12.3 (or maybe even a 12.3T) enhancement. I have quite a few routers (most with TACACS and some with Radius) where the key is encrypted. When I started with those routers the key was not encrypted. At some point in doing a software version upgrade the keys for TACACS/Radius started being encrypted.

The encryption of the TACACS/Radius key is part of the service password encryption. The service has been enhanced several times to increase the number of keys that it protects. If you have service password encryption enabled (and in a live network I hope that you do) and have a release that supports the new enhancement your TACACS/Radius key will be encrypted automatically. If your version of IOS does not support it yet the key will not be encrypted.

HTH

Rick

211
Views
0
Helpful
7
Replies
CreatePlease to create content