Cisco ASR 1000 Series Common Criteria Operational User Guidance And Preparative Procedures page 29
Aggregation services router
Hide thumbs
Also See for ASR 1000 Series:
- Software configuration manual (602 pages) ,
- Configuration manual (442 pages) ,
- Replacing (120 pages)
Table of Contents
Advertisement
Whether or not "service password-encryption" has been enabled, a password for an individual
username can be entered in either plaintext or as a SHA-256 hash value, and be stored as a
SHA-256 hash value by using the following command:
router(config)#username name secret {0 password | 4 secret-string | 5 SHA256 secret-string}
To store the enable password in non-plaintext form, use the 'enable secret' command when
setting the enable password. The enable password can be entered as plaintext, or as an MD5
hash value. Example:
router(config)#enable secret [level level] {password | 0 | 4 | 5 [encryption-type] encrypted-
password }
level - (Optional) Specifies the level for which the password applies. You can specify up to
sixteen privilege levels, using the numerals 0 through 15.
password – password that will be entered
0 - Specifies an unencrypted clear-text password. The password is converted to a SHA256 secret
and gets stored in the router.
4 - Specifies an SHA256 encrypted secret string. The SHA256 secret string is copied from the
router configuration.
5 - Specifies a message digest alogrithm5 (MD5) encrypted secret.
encryption-type - (Optional) Cisco-proprietary algorithm used to encrypt the password. The
encryption types available for this command are 4 and 5. If you specify a value for encryption-
type argument, the next argument you supply must be an encrypted password (a password
encrypted by a Cisco router).
encrypted-password - Encrypted password that is copied from another router configuration.
Use of enable passwords are not necessary, so all administrative passwords can be stored as
SHA-256 if enable passwords are not used.
Note: Cisco requires that the 'enable password' command be used to configure a password for
privileged EXEC mode. The password that is entered with the 'enable password' command is
stored as plain text in the configuration file of the networking device. If passwords were created
with the 'enable password' command, it can be hashed by using the 'service password-
encryption' command. Instead of using the 'enable password' command, Cisco recommends
using the 'enable secret' command because it stores a SHA-256 hash value of the password.
To have IKE preshared keys stored in encrypted form, use the password encryption aes
command to enable the functionality and the key config-key password-encrypt command to set
the master password to be used to encrypt the preshared keys. The preshared keys will be stored
encrypted with symmetric cipher Advanced Encryption Standard [AES].
router(config)# password encryption aes
router(config)# key config-key password-encryption [text]
Page 29 of 72
Hide quick links:
Advertisement
Table of Contents
Related Manuals for Cisco ASR 1000 Series
Related Products for Cisco ASR 1000 Series
- Cisco ASR1000-RP1 - ASR 1000 Series Route Processor 1 Router
- Cisco ASR1000-RP2 - ASR 1000 Series Route Processor 2 Router
- Cisco ASR-1000-SIP10
- Cisco ASR1002-5G-SEC/K9 - ASR 1002 VPN+FW Bundle Router
- Cisco ASR1002-5G-SHA/K9 - ASR 1002 Sec+HA Bundle Router
- Cisco ASR1004-10G-SHA/K9 - ASR 1004 Sec+HA Bundle Router
- Cisco ASR1004-20G-SEC/K9 - ASR 1004 VPN+FW Bundle Router
- Cisco ASR1006-10G-SEC/K9 - ASR 1006 VPN+FW Bundle Router
- Cisco ASR1006-10G-VPN/K9 - ASR 1006 VPN Bundle Router
- Cisco ASR1006-10G-SHA/K9 - ASR 1006 Sec+HA Bundle Router
- Cisco ASR1006-10G-HA/K9 - ASR 1006 HA Bundle Router
- Cisco ASR1004-10G/K9 - ASR 1004 Router
- Cisco ASR1006 - ASR 1006 Modular Expansion Base
- Cisco ASR 1002-F
- Cisco ASR 1002-RP1
- Cisco ASR 1002-RP2