WARNING: Command has been added to the configuration using a type 5 password. However, type 5 passwords will soon be deprecated. Migrate to a supported password type
WARNING: Command has been added to the configuration using a type 7 password. However, type 7 passwords will soon be deprecated. Migrate to a supported password type
What it says is this: At some point in the future, IOS-XE won’t store plaintext passwords in running-config or startup-config anymore. It will only store hashed passwords (for authentication purposes when the knowledge of the password plaintext isn’t needed anymore) and securely encrypted passwords (for those passwords whose original plaintext still needs to be recoverable).
Secure encrypted passwords, also known as Type-6 passwords, can be enabled on the device using the following commands:
! conf t configure terminal key config-key password-encryption password encryption aes end !
The key config-key password-encryption command will prompt you for a master key that will subsequently be used to encrypt all passwords in the configuration where this encryption is supported, including TACACS+ keys. The encryption of these passwords will be the enabled using the password encryption aes command – without this command, the master key may be configured but will not be used to protect the passwords in the configuration.
This is described in a couple of documents out there,
including https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/46420-pre-sh-keys-ios-rtr-cfg.html
