In the output of the "show tech-support" command, various passwords and community strings are eliminated. I would like to get a listing of the current IOS configuration only (i.e. none of the other "show tech" output) that is cleaned up the same way. I need to be able to manually archive config files to our change management system and don't want to manually edit the config files everytime I need to save one.
I was hoping for a command-line switch on either the "show tech-support" command to just show the section I was interested in (maybe "show tech-support section:config") or a switch on the "show running-config" or "show startup-config" commands to cleanup the lines containing passwords (like "show running-config nopasswords" or something). Or maybe a set of filter commands, e.g. "show tech-support | begin running-config | end show stacks". Unfortunately, the "end" filter does not exist.
I haven't been able to find any documentation to help me and searching for keywords like "configuration" and "password" is getting pretty frustrating. Nothing like 500 search results that don't apply to what you're looking for...
Does anyone know of a way to get IOS to produce a password-clean configuation listing that does not include any other information?
Thanks for any help you can provide.
I was thinking about a change in the workflow; currently, when you have made changes to a device you download the config locally to your harddrive, change the necessary items, connect to the change management server and transfer it over there ;
I thought about this: make device changes as usual; connect to the change management server and start a script on the server (which needs the device as an option/parameter); the script contacts the device gets the config, makes the necessary changes and saves the resulting file locally;
this would be independent of the terminal programms used by your collegues but needs the following as a prerequisite:
- change management server (CMS) needs access (telnet, ssh) to the networking devices
- login credentials need to be stored on the CMS (or this could be provided interactively when the script starts...- but I do not know how to implement this)
- no access list between CMS and devices that prevents the communication (if they are on different subnets or login access is restricted by an ACL to specific hosts)