Solved: Encryption for VTP domain password

gilson_machado · ‎03-19-2004

Is there any way to encrypt the VTP domain password inside the Cat6500 series configuration?

Like we do with the "enable secret or enable pasword"

"#vtp

set vtp domain xxxxxx

set vtp passwd XXXXXX "

cgrande · ‎03-19-2004

You'll have to use VTP version 3 and the command

"set vtp passwd hidden"

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a008019f048.html#1043515

(But even then, if someone has the enable password, they can just copy and paste the encrypted string to configure the same password in another switch with "set vtp passwd secret")

The impact of whether the VTP password encrypted or not is minimized by the fact that it is never advertised over the wire. Only the MD5 hash of the VTP config is sent out. If the passwords don't match on the devices, the MD5 hash won't match either.

View solution in original post

cgrande · ‎03-19-2004

You'll have to use VTP version 3 and the command

"set vtp passwd hidden"

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a008019f048.html#1043515

(But even then, if someone has the enable password, they can just copy and paste the encrypted string to configure the same password in another switch with "set vtp passwd secret")

The impact of whether the VTP password encrypted or not is minimized by the fact that it is never advertised over the wire. Only the MD5 hash of the VTP config is sent out. If the passwords don't match on the devices, the MD5 hash won't match either.