![]() ![]() Look into running config for Type 9 Passwords show running-config | include _9_ Look into running config for Type 8 Passwords show running-config | include _8_ Look into running config for Type 6 Passwords show running-config | include _6_ Look into running config for Type 5 Passwords show running-config | include _5_ Look into running config for Type 7 Passwords show running-config | include _7_ Verification These need to be reviewed \ changed. However, if you have the old password key, changing it is an easy task with no negative effects. There shouldn’t be too many reasons to change the password key. Optimally each device you configure Type 6 on will have a unique Key. Be sure to keep in it KeePass, or 1Password or the password vault of your choice. It's very important that you store the key somewhere offline. The super-secret-password you used is very important. Key config-key password-encrypt super-secret-password In this example I’m working with devices that have reset to factory defaults.Īny device that runs modern IOS XE should support Type 6 Note: Using Type 6 has been supported since 2006, IOS 12.3(2)T and possibly earlier!įor a detailed explanation of each password type please see this document I wrote. I’d like to make a counting joke here but I won’t. If you interested in the details for Types 0,4,5,6,7,8,9 please check out this other document I wrote. Type 6 use strong AES 128-bit encryption for storing passwords. ![]() Today in 2021 the recommendation is to use Type 6, Type 8 and Type 9. At this time my recommendation is to never use Type 5 or Type 7 and absolutely do not EVER use Type 4. There are some newer methods like Type 8 (SHA256) and Type 9 (SCRYPT). We enabled Type 7 encryption with the CLI service password-encryption command. The older methods are Type 5 (MD5 hash)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |