cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
591
Views
0
Helpful
5
Replies

NetConfig Jobs again

nawas
Level 4
Level 4

I'm not able to run a successful netconfig job

when I select IOS and Cat OS devices in one job.

Please see below CLI where I'm trying to run a job to change enable secret password

Under the CLI I see the following

IOS:

Commands

no enable password

enable secret ******

Cat OS:

Commands

set enablepass<R>%OLDPASSWORD%<R><R>

set authentication enable local enable all

and the job on CATOS devices fails:

But if I run an individual CAT OS job, it work and CLI shows the following

CAT OS:

Commands

set enablepass<R>%OLDPASSWORD%<R>*********<R>*********

set authentication enable local enable all

Is Netconfig limited to where I need to choose IOS and cAT OS in two different jobs?

or am I doing something wrong?

Please advise.

5 Replies 5

Joe Clarke
Cisco Employee
Cisco Employee

You're doing something wrong. You need to fill in the enable password field under the common options at the top of the template.

If I enable the field in the "common parameters" then it adds/change

the enabe password on my IOS devices as well, which I don't want. I do not have

or want to have enable password in my IOS devices. What do I do?

CLI now shows this

IOS:

enable password ******

enable secret ******

CAT OS:

set enablepass%OLDPASSWORD%************

set authentication enable local enable all

{My wishlist continst that I use one job to change enable secret in IOS and enable password in CAT OS, possible?

This is not possible. The IOS device will get both the enable secret and enable password. You will need to separate the device types into separate jobs to do what you want.

It appears that Netconfig doesn't really serve the purpose and violates SOX. Why would someone want to have the same enable password in IOS devices (which is md7) and then in the CAT OS (which is md5). I can easily see md7 using a Cisco password decoder tool. Can I request an enhancement or I should say "request a fix".

There's no such thing as MD7. The enable password is encrypted using a Cisco-proprietary algorithm, not a message digest. The algorithm is symmetric unlike MD5.

This would be an enhancement request since Netconfig is working as designed.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco