11-07-2005 04:42 AM - edited 03-03-2019 12:42 AM
Is it possible of crypter the password radius-server on a catalyst 2950. (example: "radius-server key 7 toto")?
11-07-2005 05:21 AM
Hi Romuald,
No you cannot encrypt the router key either with radius nor with tacacs.
HTH
Ankur
11-07-2005 05:21 AM
Can u try service password-encryption. However this wil encrypt all passwords and secrets on the switch
Regds
11-07-2005 05:28 AM
Hi Gautaum,
It will surely not work. I have tried sometime back.
Regards,
Ankur
11-07-2005 05:29 AM
Hello,
the radius-server host password is encrypted with the ´service password-encryption´ global command. So, if you enter:
radius-server key 0 toto
and then enter the global command:
service password-encryption
the ´toto´ password will be level 7 encrypted.
Is that what you are asking ?
Regards,
GP
11-07-2005 05:34 AM
Hi GP,
I tried on my layer 3 switch with tacacs and it did not worked.
service password-encryption was already configured and when I entered tacacs-server key 7
Then finally Cisco confirmed me we cannot encrypt it.
Regards,
Ankur
11-07-2005 05:37 AM
Hi,
First of all thank you for your answers.
I knew the order but on one 2950, it is not possible to use the fonciton "key 7" for example.
12-01-2005 08:26 AM
Tagging on to this discussion from another thread in the forum:
Actually the answer to this question is very highly release dependent. Earlier releases did not support it. Current releases do. I am not sure where the change is and believe it may be a 12.3 (or maybe even a 12.3T) enhancement. I have quite a few routers (most with TACACS and some with Radius) where the key is encrypted. When I started with those routers the key was not encrypted. At some point in doing a software version upgrade the keys for TACACS/Radius started being encrypted.
The encryption of the TACACS/Radius key is part of the service password encryption. The service has been enhanced several times to increase the number of keys that it protects. If you have service password encryption enabled (and in a live network I hope that you do) and have a release that supports the new enhancement your TACACS/Radius key will be encrypted automatically. If your version of IOS does not support it yet the key will not be encrypted.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide