NetConfig Jobs again

Unanswered Question
Oct 6th, 2009

I'm not able to run a successful netconfig job

when I select IOS and Cat OS devices in one job.

Please see below CLI where I'm trying to run a job to change enable secret password

Under the CLI I see the following



no enable password

enable secret ******

Cat OS:


set enablepass<R>%OLDPASSWORD%<R><R>

set authentication enable local enable all

and the job on CATOS devices fails:

But if I run an individual CAT OS job, it work and CLI shows the following



set enablepass<R>%OLDPASSWORD%<R>*********<R>*********

set authentication enable local enable all

Is Netconfig limited to where I need to choose IOS and cAT OS in two different jobs?

or am I doing something wrong?

Please advise.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Joe Clarke Tue, 10/06/2009 - 12:09

You're doing something wrong. You need to fill in the enable password field under the common options at the top of the template.

nawas Tue, 10/06/2009 - 12:20

If I enable the field in the "common parameters" then it adds/change

the enabe password on my IOS devices as well, which I don't want. I do not have

or want to have enable password in my IOS devices. What do I do?

CLI now shows this


enable password ******

enable secret ******


set enablepass%OLDPASSWORD%************

set authentication enable local enable all

{My wishlist continst that I use one job to change enable secret in IOS and enable password in CAT OS, possible?

Joe Clarke Tue, 10/06/2009 - 12:36

This is not possible. The IOS device will get both the enable secret and enable password. You will need to separate the device types into separate jobs to do what you want.

nawas Tue, 10/06/2009 - 12:50

It appears that Netconfig doesn't really serve the purpose and violates SOX. Why would someone want to have the same enable password in IOS devices (which is md7) and then in the CAT OS (which is md5). I can easily see md7 using a Cisco password decoder tool. Can I request an enhancement or I should say "request a fix".

Joe Clarke Tue, 10/06/2009 - 12:57

There's no such thing as MD7. The enable password is encrypted using a Cisco-proprietary algorithm, not a message digest. The algorithm is symmetric unlike MD5.

This would be an enhancement request since Netconfig is working as designed.


This Discussion