Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
591
Views
0
Helpful
1
Replies

tacacs key ****

australia.nmc
Beginner
Beginner

‎01-31-2011 05:19 PM - edited ‎03-04-2019 11:16 AM

Currently I'm having an issue with system configurations for the Cisco WAAS device.

In the running configuration it says the following:

tacacs key ****

Yet when you save the config (either via “write mem” or “copy running startup”) you see the following in startup configuration:

tacacs key *****

The extra asterix is causing our monitoring software to think there’s been a configuration change, and flagging it each morning.

Any thoughts on what might be causing this ? maybe there is a default number of " * " and the encryption automatically adds additional ones as an added security mesasure.

> I'm currently using an old version of OS

Cisco Wide Area Application Services Software Release 4.1.3b (build b9 Jul 30 20
09)
"Version: oe274-4.1.3b.9"

Any help will be appreciated.

Regards Erin Falconer

Labels:
0 Helpful
1 Reply 1

Richard Burts
Hall of Fame Community Legend Hall of Fame Community Legend
Hall of Fame Community Legend

‎01-31-2011 11:47 PM

Erin Falconer

You are running into the fact that the running-config and the startup-config have different structures and are built in different ways and therefore have different ways of representing the key value.

While the output of show running-config and of show startup-config look quite similar the underlying configurations are actually quite different. The runing config is a dynamic data structure that is maintained in RAM by the configuration commands that you enter. The startup config is a simple text file that is built by interpreting the running config to produce text output.

In each version of the configuration there is actually a value for the key which will be hidden as a result of the service password-encryption command. The people who coded the output representation of running config chose a certain number of asterisks and the people who coded the output representation of the startup config chose a different number of asterisks. I do not think that you could call this a bug.

The only way that I know of to solve the issue of flagging a "change" every morning would be to remove the service password-encryption command. While that would solve one issue it would really create a more serious issue.

HTH

Rick

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents