Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Type 5 Passwords on line con 0 and line vty 0 4

Hi all,

I have a requirement to have all passwords on my network infrastructure devices to have type 5 (MD5) passwords vs. the type 7 passwords. I'm running IOS version 12.2 on my devices. Is it possible to accomplish this? Or would doing this require ACS or something equivalent. Thank you,

Brad Trotter

2 ACCEPTED SOLUTIONS

Accepted Solutions
New Member

Re: Type 5 Passwords on line con 0 and line vty 0 4

Brad - You can accomplish this by using the local user database & login local. For example:

user admin priv 15 secret Adm1nP@$$w0rd

!

line con 0

login local

line vty 0 4

login local

Now when you look at the config you'll see that the admin password has been MD5 encrypted. HTH.

Ben.

Hall of Fame Super Silver

Re: Type 5 Passwords on line con 0 and line vty 0 4

Ben

When I read the original post I was thinking primarily of console and vty passwords. Your suggestion of login local redefines that scope. You are correct that Cisco has added the capability of secret encryption to passwords for local user definition.

I retract my assertion that the level of encryption could not be achieved and agree that your suggestion will probably get them there.

HTH

Rick

4 REPLIES
Hall of Fame Super Silver

Re: Type 5 Passwords on line con 0 and line vty 0 4

Brad

I do not know who established this requirement but they are requiring you to do something that can not be done. Type 5 encryption (MD5) is for enable secret. Cisco has not implemented that type of encryption for console or vty passwords. If you use ACS then the passwords that are normally used can be protected on the server (or you can use one time passwords which are even more safe). But for the passwords that are configured on the router type 7 is as good as you are going to get.

HTH

Rick

New Member

Re: Type 5 Passwords on line con 0 and line vty 0 4

Brad - You can accomplish this by using the local user database & login local. For example:

user admin priv 15 secret Adm1nP@$$w0rd

!

line con 0

login local

line vty 0 4

login local

Now when you look at the config you'll see that the admin password has been MD5 encrypted. HTH.

Ben.

Hall of Fame Super Silver

Re: Type 5 Passwords on line con 0 and line vty 0 4

Ben

When I read the original post I was thinking primarily of console and vty passwords. Your suggestion of login local redefines that scope. You are correct that Cisco has added the capability of secret encryption to passwords for local user definition.

I retract my assertion that the level of encryption could not be achieved and agree that your suggestion will probably get them there.

HTH

Rick

New Member

Re: Type 5 Passwords on line con 0 and line vty 0 4

Thank you all for your responses. I was hoping to not use the local user database as we have a lot of turn over in our business (People coming and going every 2 years or so). We were using a trail version of ACS and thought it was great. We were suppose to be getting a license for it, I'll have to check up on that. Thank you all again,

Brad Trotter

USAF

3976
Views
4
Helpful
4
Replies
CreatePlease to create content