Showing results for 
Search instead for 
Did you mean: 

tacacs key ****


Currently I'm having an issue with system configurations for the Cisco WAAS device.

In the running configuration it says the following:

tacacs key ****

Yet when you save the config (either via “write mem” or “copy running startup”) you see the following in startup configuration:

tacacs key *****

The extra asterix is causing our monitoring software to think there’s been a configuration change, and flagging it each morning.

Any thoughts on what might be causing this ? maybe there is a default number of " * " and the encryption automatically adds additional ones as an added security mesasure.

> I'm currently using an old version of OS

Cisco Wide Area Application Services Software Release 4.1.3b (build b9 Jul 30 20
"Version: oe274-4.1.3b.9"

Any help will be appreciated.

Regards Erin Falconer

1 Reply 1

Richard Burts
Hall of Fame Community Legend Hall of Fame Community Legend
Hall of Fame Community Legend

Erin Falconer

You are running into the fact that the running-config and the startup-config have different structures and are built in different ways and therefore have different ways of representing the key value.

While the output of show running-config and of show startup-config look quite similar the underlying configurations are actually quite different. The runing config is a dynamic data structure that is maintained in RAM by the configuration commands that you enter. The startup config is a simple text file that is built by interpreting the running config to produce text output.

In each version of the configuration there is actually a value for the key which will be hidden as a result of the service password-encryption command. The people who coded the output representation of running config chose a certain number of asterisks and the people who coded the output representation of the startup config chose a different number of asterisks. I do not think that you could call this a bug.

The only way that I know of to solve the issue of flagging a "change" every morning would be to remove the service password-encryption command. While that would solve one issue it would really create a more serious issue.




Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers