NetConfig Jobs again

Unanswered Question
Oct 6th, 2009
User Badges:

I'm not able to run a successful netconfig job

when I select IOS and Cat OS devices in one job.

Please see below CLI where I'm trying to run a job to change enable secret password


Under the CLI I see the following

IOS:

Commands

no enable password

enable secret ******


Cat OS:

Commands

set enablepass<R>%OLDPASSWORD%<R><R>

set authentication enable local enable all


and the job on CATOS devices fails:


But if I run an individual CAT OS job, it work and CLI shows the following


CAT OS:

Commands

set enablepass<R>%OLDPASSWORD%<R>*********<R>*********

set authentication enable local enable all


Is Netconfig limited to where I need to choose IOS and cAT OS in two different jobs?

or am I doing something wrong?

Please advise.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Tue, 10/06/2009 - 12:09
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

You're doing something wrong. You need to fill in the enable password field under the common options at the top of the template.

nawas Tue, 10/06/2009 - 12:20
User Badges:

If I enable the field in the "common parameters" then it adds/change

the enabe password on my IOS devices as well, which I don't want. I do not have

or want to have enable password in my IOS devices. What do I do?

CLI now shows this


IOS:

enable password ******

enable secret ******


CAT OS:

set enablepass%OLDPASSWORD%************

set authentication enable local enable all

{My wishlist continst that I use one job to change enable secret in IOS and enable password in CAT OS, possible?


Joe Clarke Tue, 10/06/2009 - 12:36
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

This is not possible. The IOS device will get both the enable secret and enable password. You will need to separate the device types into separate jobs to do what you want.

nawas Tue, 10/06/2009 - 12:50
User Badges:

It appears that Netconfig doesn't really serve the purpose and violates SOX. Why would someone want to have the same enable password in IOS devices (which is md7) and then in the CAT OS (which is md5). I can easily see md7 using a Cisco password decoder tool. Can I request an enhancement or I should say "request a fix".

Joe Clarke Tue, 10/06/2009 - 12:57
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

There's no such thing as MD7. The enable password is encrypted using a Cisco-proprietary algorithm, not a message digest. The algorithm is symmetric unlike MD5.


This would be an enhancement request since Netconfig is working as designed.

Actions

This Discussion