Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

LMS archive

Hi,

I did a configuration retrieval from ciscoworks for a router.

I have a question about the tacacs+ key that was retrieved

It shows #

tacacs-server key ******** 1158abcdefghxxxxxxxx

I was wondering if the key includes the ******** portion as well.

-Thanks

7 REPLIES
Cisco Employee

Re: LMS archive

I don't follow. The asterisk portion is the key itself obfuscated by RME to prevent eavesdropping. If the key is deployed back to the device, it should be done in clear text so the device understands it. The literal "********" will not be sent to the device.

New Member

Re: LMS archive

Hi,

Thanks for the informarion.

So is the total digits in key is 24? Also,Is there a limit on the size of key in clear text?

Please advise.

Cisco Employee

Re: LMS archive

I think maybe I'm not fully understanding the problem. Can you post a screenshot of this tacacs-server key as shown in RME? As for a length limit of the key, there does not appear to be one in IOS.

New Member

Re: LMS archive

Thanks Jclarke,

As per the this line i was looking in the characters after * they were 24 so was just curious if they have as per certain limit or characters.

I want to see if I loose the key can I decrypt the key from this RME archive by copying the encrypted text and if I have to copy the * or just the characters.

Please suggest !

Cisco Employee

Re: LMS archive

Ah. If you go the the RME shadow directory, you should see the key just as it would appear on the router. So, the short answer is RME has archived a config which can be put back on the router, restoring everything that currently appears in the running config.

New Member

Re: LMS archive

Thanks Jclarke,

As per the this line i was looking in the characters after * they were 24 so was just curious if they have as per certain limit or characters.

I want to see if I loose the key can I decrypt the key from this RME archive by copying the encrypted text and if I have to copy the * or just the characters.

Please suggest !

Cisco Employee

Re: LMS archive

In my RME, when I view the config for my 3745, I see the following for tacacs-server key:

tacacs-server key ********

If I click the Edit button in the config viewer, then view the Tacacs Global section, I see the following in the credentials box:

tacacs-server key ******

If I click the the hyperlinked "******", I see the following in the popup:

Old Credential : tacacs1

Where "tacacs1" is the configured tacacs-server key on my router.

So, if you lose the key, you can either use RME's Config Editor to see the unencrypted value, or look at the shadow directory on the server which will have the clear text config that was archived from the device.

151
Views
0
Helpful
7
Replies
CreatePlease to create content