Solved

Cisco 3548 XL

Posted on 2013-01-06
13
488 Views
Last Modified: 2013-03-01
Hi,

I have setup Radius Authentication but when I try to encrypt the password it fails to
Authenticate,

With the following.

radius-server host 10.42.7.110 auth-port 1645 acct-port 1646 key thispassword

The user account logons without any problems.

But when I encrypt the password.

radius-server host 10.42.7.110 auth-port 1645 acct-port 1646 key 7 *****

It fails to authenticate.

Am I missing something or is there any easier way ?  Its only the 3548-XL I have this problem on.

Thanks in advance,
0
Comment
Question by:Mongo Peck
  • 6
  • 4
  • 2
  • +1
13 Comments
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
Can you point out where you can use a encrypted key for RADIUS?  I have alway just specified "key value"  and I checked a few places and don't seem to see anything that says you can do "key 7 encryptedvalue".
0
 
LVL 5

Expert Comment

by:Leeeee
Comment Utility
It seems like the following may be your issue. When you specify an encrypted key with '7', you need to paste a encrypted key, not the plain text key that you're expecting to be encrypted because you use a 7.

What you're looking for and what will work, is pasting the key with the following syntax:

radius-server host 10.42.7.110 auth-port 1645 acct-port 1646 key 0 ciscokey (plain text)

Service password-encryption (this will disguise the key in the config with random hash)

Now the key will be encrypted in the config.

If you have a legit encrypted key that looks like , 07AfeR20AbC, then you would use the 7 and paste the encrypted key. Hope this helps you.
0
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
Yes,  Leeeee is correct.  If radius-server key supports accepts encrypted keys, then the value after the 7 must be the encrypted value.  

However, that would only be used if you don't know what the clear text value is and you have saved the encrypted value.  IOS will store any key values encrypted once you specify service password-encryption.
0
 

Author Comment

by:Mongo Peck
Comment Utility
Hi,

When using the key 7 I am using an encrypted value which instantly stops radius
from working.  

When I use Service password-encryption the AAA password remains plain text in the
config.

Its only the 3458-XL thats having a problem all other 2900's etc take the config without
any errors,  This switch also doesn't support ssh.

This is the version c3500XL-c3h2s-mz.120-5.WC5.bin
0
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
The most recent level of code for the 3548XL is c3500xl-c3h2s-mz.120-5.WC17.bin.
0
 

Author Comment

by:Mongo Peck
Comment Utility
The most recent level of code for the 3548XL is c3500xl-c3h2s-mz.120-5.WC17.bin

Cause the switch to randomly to reboot.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:Mongo Peck
Comment Utility
When I use Service password-encryption the AAA password remains plain text in the
config.
0
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
We have 2 3548's left.  One is running c3550-ipservicesk9-mz.122-25.SEC.bin and the other  c3500xl-c3h2s-mz.120-5.WC17.bin.

Both show the passwords encrypted.
0
 
LVL 17

Expert Comment

by:TimotiSt
Comment Utility
Whoa, the one running c3550-ipservicesk9-mz.122-25.SEC.bin is surely not a c3548-XL... :)
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
Comment Utility
Opps, my fault, its not.  We apparently replaced the 3548 with a 3550 and somebody didn't update the doc.  Didn't even thing about it when I did the show ver.

So our ONLY 3548 left is running  c3500xl-c3h2s-mz.120-5.WC17.bin.
0
 

Author Comment

by:Mongo Peck
Comment Utility
Is there some 3548 hardware versions that cannot support later IOS.
These switches run c3500xl-c3h2s-mz.120-5.WC5.bin without any problems.

As soon as I replace this with c3500xl-c3h2s-mz.120-5.WC17.bin they randomly crash
constantly.
0
 
LVL 17

Expert Comment

by:TimotiSt
Comment Utility
I do remember something faint about different memory size (4M/8M?), but that may have been the 2900XL series...

Check the MD5 of your .WC17 image, make sure it's not corrupt? Possibly format the flash of the switch before uploading new image?
0
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
Just checked and 12.0(5)WC17 is supposed to be able to run on 3500 XL switches with 8MB of DRAM, which is the minimum that a 3548XL is supposed to have.  Ours has 16MB.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

I see many questions here on Experts Exchange regarding switch port configurations and trunks. This article is meant for beginners in the subject to help to get basic knowledge about Virtual Local Area Network (VLAN (http://en.wikipedia.org/wiki/Vir…
I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now