Avatar of Mongo Peck
Mongo Peck
 asked on

Cisco 3548 XL

Hi,

I have setup Radius Authentication but when I try to encrypt the password it fails to
Authenticate,

With the following.

radius-server host 10.42.7.110 auth-port 1645 acct-port 1646 key thispassword

The user account logons without any problems.

But when I encrypt the password.

radius-server host 10.42.7.110 auth-port 1645 acct-port 1646 key 7 *****

It fails to authenticate.

Am I missing something or is there any easier way ?  Its only the 3548-XL I have this problem on.

Thanks in advance,
Switches / Hubs

Avatar of undefined
Last Comment
giltjr

8/22/2022 - Mon
giltjr

Can you point out where you can use a encrypted key for RADIUS?  I have alway just specified "key value"  and I checked a few places and don't seem to see anything that says you can do "key 7 encryptedvalue".
Leeeee

It seems like the following may be your issue. When you specify an encrypted key with '7', you need to paste a encrypted key, not the plain text key that you're expecting to be encrypted because you use a 7.

What you're looking for and what will work, is pasting the key with the following syntax:

radius-server host 10.42.7.110 auth-port 1645 acct-port 1646 key 0 ciscokey (plain text)

Service password-encryption (this will disguise the key in the config with random hash)

Now the key will be encrypted in the config.

If you have a legit encrypted key that looks like , 07AfeR20AbC, then you would use the 7 and paste the encrypted key. Hope this helps you.
giltjr

Yes,  Leeeee is correct.  If radius-server key supports accepts encrypted keys, then the value after the 7 must be the encrypted value.  

However, that would only be used if you don't know what the clear text value is and you have saved the encrypted value.  IOS will store any key values encrypted once you specify service password-encryption.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Mongo Peck

ASKER
Hi,

When using the key 7 I am using an encrypted value which instantly stops radius
from working.  

When I use Service password-encryption the AAA password remains plain text in the
config.

Its only the 3458-XL thats having a problem all other 2900's etc take the config without
any errors,  This switch also doesn't support ssh.

This is the version c3500XL-c3h2s-mz.120-5.WC5.bin
giltjr

The most recent level of code for the 3548XL is c3500xl-c3h2s-mz.120-5.WC17.bin.
Mongo Peck

ASKER
The most recent level of code for the 3548XL is c3500xl-c3h2s-mz.120-5.WC17.bin

Cause the switch to randomly to reboot.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Mongo Peck

ASKER
When I use Service password-encryption the AAA password remains plain text in the
config.
giltjr

We have 2 3548's left.  One is running c3550-ipservicesk9-mz.122-25.SEC.bin and the other  c3500xl-c3h2s-mz.120-5.WC17.bin.

Both show the passwords encrypted.
TimotiSt

Whoa, the one running c3550-ipservicesk9-mz.122-25.SEC.bin is surely not a c3548-XL... :)
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
ASKER CERTIFIED SOLUTION
giltjr

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Mongo Peck

ASKER
Is there some 3548 hardware versions that cannot support later IOS.
These switches run c3500xl-c3h2s-mz.120-5.WC5.bin without any problems.

As soon as I replace this with c3500xl-c3h2s-mz.120-5.WC17.bin they randomly crash
constantly.
TimotiSt

I do remember something faint about different memory size (4M/8M?), but that may have been the 2900XL series...

Check the MD5 of your .WC17 image, make sure it's not corrupt? Possibly format the flash of the switch before uploading new image?
giltjr

Just checked and 12.0(5)WC17 is supposed to be able to run on 3500 XL switches with 8MB of DRAM, which is the minimum that a 3548XL is supposed to have.  Ours has 16MB.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.