Passwords in Cisco
IOS configurations require a secure storage so that the key for the reversible
encryption can be stored to ensure that authentication methods can access the
user credentials whenever required.
Reversible
encryption is the process by which a password is encrypted with a reversible,
symmetric encryption algorithm. To check if the password entered by the user is
valid, the password is decrypted and compared to the user-input password. To
perform this encryption, the symmetric encryption algorithm requires a key.
The type 6
advanced encryption scheme (AES) encrypted passwords help to secure the
reversible passwords for authentication, authorization, and accounting (AAA)
features. This type 6 encryption key is stored in a private NVRAM and secured.
AAA network
configurations use Lightweight Directory Access Protocol (LDAP), RADIUS, or
TACACS+ server hosts. Use the
radius server
host ,
tacacs-server
host , and
ldap server
commands to configure RADIUS, TACACS+, or LDAP host servers respectively.