The service password-encryption global configuration command directs the Cisco IOS software to encrypt the passwords, Challenge Handshake Authentication Protocol (CHAP) secrets, and similar data that are saved in its configuration file. Such encryption is useful in order to prevent casual observers from reading passwords, such as when they look at the screen over the muster of an administrator.
Below example helps in validating 'service password encryption' is enabled using NetYCE Compliance module
campus01-b02-access01 and campus01-b02-access02 are the two reference devices which we are using for this example. One has password encryption configured and other does not.
Below command output gives us the information.
Below are the steps to create new policy.
Operate → Compliance → Policies → New→
Click on the Node Group to select the relevant group of devices to add. Node group named “building2_access” holds the nodes of both the nodes:
Rule → New
Below is how to create reports to see the results of the compliance policies.
Operate → Compliance → Reports → New → Report Name “test” → Report type “Policies” → Policy Name “Sample 4 : Service Password Encryption” → Show Report
This was a simple example to understand how to implement compliance policy to verify password encryption configuration.