Tags:


Notable Replies

  1. Thank you Rene I understand the concept of “login” and “login local” but my question about password encryption let me explain to you my question in another way:
    login local refers to a local database on the router or switch with usernames / passwords as you said but the password possible to be encrypted or not if I configure it in plain text how can I change it to encrypted Text or vice versa ,
    this is my question?

    *when I try to change it this message appears to me :

    SW3(config)#us hussein pa 121212
    ERROR: Can not have both a user password and a user secret.
    Please choose one or the other.
    

    how can I change between them?

  2. Hi Hussein,

    Now I understand your question :slight_smile:

    There are two methods:

    1. username hussein password cisco123

    If you do it like this, then it will be saved in the configuration in clear text.

    1. username hussein secret cisco123

    If you use “secret” then it will create a MD5 hash of your password.

    You can’t have a “password” and “secret” at the same time for one user account so you are getting this error because you probably already configured a secret for your username. Remove it first and then you can set a password.

    It’s also possible to encrypt all plaintext passwords in the configuration with the “service password-encryption” command. However, this is a very poor encryption type:

    Rene

  3. Hi Hussein,

    I think the wikipedia page is a good start:

    The most common use for using the “ip domain-name” command is probably SSH. However it’s also used sometimes for certificates.

    To give you an idea, here’s an example where I used certificates for the anyconnect VPN on an ASA firewall:

    Rene

  4. We will need more information. What IP are you trying to reach on the switch? Is this IP an SVI or assigned to a physical interface? What IP are you making the connection from? What are the details of your access-list 23? Have you tried making your connection on the same subnet as the IP to which you are trying to connect? When say it is refusing the connection, is the port open, but actively rejecting your attempt, or you get no response at all? If you are using SSH, I assume you have done a crypto key generate rsa?

Continue the discussion forum.networklessons.com

29 more replies!

Participants