Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

9K observation of type 7 keys

Status
Not open for further replies.

wybnormal

Technical User
Apr 8, 2000
2,170
US
I had a chance to recently configure four 9ks with TACACS and I found that setting up the key was interesting. I could use type 0 or 7 ( encrypted/unencrypted ) keys.. but the resulting type 7 key didnt look like the normal type 7 encryption. And it didnt decrypt using the normal type 7 tools.
This

tacacs-server key 0 @rb0nn3infra

Gets us this in the config

tacacs-server key 7 "@nf0fn3nfibf"

A "Cut and paste" of the same key from a different device as a type 7 did not work with TACACS.. came back as a bad match for the key.

Cut and paste of valid type 7 key that looks normal and decrypts

tacacs-server key 7 "052B140D7142405A100B11000A"

Even though the new type 7 key looks wrong, it works with ACS so I'm assuming Cisco "fixed" the issue of easily decrypting the type 7 passcodes/keys

Anyone else run into this "feature" yet?

MikeS
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top