10-06-2009 11:56 AM
I'm not able to run a successful netconfig job
when I select IOS and Cat OS devices in one job.
Please see below CLI where I'm trying to run a job to change enable secret password
Under the CLI I see the following
IOS:
Commands
no enable password
enable secret ******
Cat OS:
Commands
set enablepass<R>%OLDPASSWORD%<R><R>
set authentication enable local enable all
and the job on CATOS devices fails:
But if I run an individual CAT OS job, it work and CLI shows the following
CAT OS:
Commands
set enablepass<R>%OLDPASSWORD%<R>*********<R>*********
set authentication enable local enable all
Is Netconfig limited to where I need to choose IOS and cAT OS in two different jobs?
or am I doing something wrong?
Please advise.
10-06-2009 12:09 PM
You're doing something wrong. You need to fill in the enable password field under the common options at the top of the template.
10-06-2009 12:20 PM
If I enable the field in the "common parameters" then it adds/change
the enabe password on my IOS devices as well, which I don't want. I do not have
or want to have enable password in my IOS devices. What do I do?
CLI now shows this
IOS:
enable password ******
enable secret ******
CAT OS:
set enablepass
set authentication enable local enable all
{My wishlist continst that I use one job to change enable secret in IOS and enable password in CAT OS, possible?
10-06-2009 12:36 PM
This is not possible. The IOS device will get both the enable secret and enable password. You will need to separate the device types into separate jobs to do what you want.
10-06-2009 12:50 PM
It appears that Netconfig doesn't really serve the purpose and violates SOX. Why would someone want to have the same enable password in IOS devices (which is md7) and then in the CAT OS (which is md5). I can easily see md7 using a Cisco password decoder tool. Can I request an enhancement or I should say "request a fix".
10-06-2009 12:57 PM
There's no such thing as MD7. The enable password is encrypted using a Cisco-proprietary algorithm, not a message digest. The algorithm is symmetric unlike MD5.
This would be an enhancement request since Netconfig is working as designed.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: