cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
523
Views
0
Helpful
7
Replies

LMS archive

georgeef1
Level 1
Level 1

Hi,

I did a configuration retrieval from ciscoworks for a router.

I have a question about the tacacs+ key that was retrieved

It shows #

tacacs-server key ******** 1158abcdefghxxxxxxxx

I was wondering if the key includes the ******** portion as well.

-Thanks

7 Replies 7

Joe Clarke
Cisco Employee
Cisco Employee

I don't follow. The asterisk portion is the key itself obfuscated by RME to prevent eavesdropping. If the key is deployed back to the device, it should be done in clear text so the device understands it. The literal "********" will not be sent to the device.

Hi,

Thanks for the informarion.

So is the total digits in key is 24? Also,Is there a limit on the size of key in clear text?

Please advise.

I think maybe I'm not fully understanding the problem. Can you post a screenshot of this tacacs-server key as shown in RME? As for a length limit of the key, there does not appear to be one in IOS.

Thanks Jclarke,

As per the this line i was looking in the characters after * they were 24 so was just curious if they have as per certain limit or characters.

I want to see if I loose the key can I decrypt the key from this RME archive by copying the encrypted text and if I have to copy the * or just the characters.

Please suggest !

Ah. If you go the the RME shadow directory, you should see the key just as it would appear on the router. So, the short answer is RME has archived a config which can be put back on the router, restoring everything that currently appears in the running config.

Thanks Jclarke,

As per the this line i was looking in the characters after * they were 24 so was just curious if they have as per certain limit or characters.

I want to see if I loose the key can I decrypt the key from this RME archive by copying the encrypted text and if I have to copy the * or just the characters.

Please suggest !

Joe Clarke
Cisco Employee
Cisco Employee

In my RME, when I view the config for my 3745, I see the following for tacacs-server key:

tacacs-server key ********

If I click the Edit button in the config viewer, then view the Tacacs Global section, I see the following in the credentials box:

tacacs-server key ******

If I click the the hyperlinked "******", I see the following in the popup:

Old Credential : tacacs1

Where "tacacs1" is the configured tacacs-server key on my router.

So, if you lose the key, you can either use RME's Config Editor to see the unencrypted value, or look at the shadow directory on the server which will have the clear text config that was archived from the device.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: