Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Encryption for VTP domain password

Is there any way to encrypt the VTP domain password inside the Cat6500 series configuration?

Like we do with the "enable secret or enable pasword"

"#vtp

set vtp domain xxxxxx

set vtp passwd XXXXXX "

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Encryption for VTP domain password

You'll have to use VTP version 3 and the command

"set vtp passwd hidden"

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a008019f048.html#1043515

(But even then, if someone has the enable password, they can just copy and paste the encrypted string to configure the same password in another switch with "set vtp passwd secret")

The impact of whether the VTP password encrypted or not is minimized by the fact that it is never advertised over the wire. Only the MD5 hash of the VTP config is sent out. If the passwords don't match on the devices, the MD5 hash won't match either.

1 REPLY
New Member

Re: Encryption for VTP domain password

You'll have to use VTP version 3 and the command

"set vtp passwd hidden"

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a008019f048.html#1043515

(But even then, if someone has the enable password, they can just copy and paste the encrypted string to configure the same password in another switch with "set vtp passwd secret")

The impact of whether the VTP password encrypted or not is minimized by the fact that it is never advertised over the wire. Only the MD5 hash of the VTP config is sent out. If the passwords don't match on the devices, the MD5 hash won't match either.

1568
Views
0
Helpful
1
Replies
CreatePlease to create content