Guest

Preview Tool

Cisco Bug: CSCvu29922 - NSO out of synch with VPR's part I (tacacs pwds)

Last Modified

Aug 24, 2020

Products (1)

  • Cisco Application Deployment Engine

Known Affected Releases

4.1(1)

Description (partial)

Symptom:
NSO is out of synch with VPRR devices

admin@nso> request devices device p0black-global-services_vpr2-hk_hkg_a_black_NGENA-CSR-VPR_VPR_esc-ha-hk-hkg-a_black_1 compare-config we have noticed that output shows differences for password field because of hash. IMHO the difference shouldn`t be shown in compare-config. Also, there is a difference in "ios:banner", not sure why.

diff
 devices {
     device p0black-global-services_vpr2-hk_hkg_a_black_NGENA-CSR-VPR_VPR_esc-ha-hk-hkg-a_black_1 {
         config {
             ios:aaa {
                 group {
                     server {
                         tacacs+ N-TACACS {
                             server-private <IP-omitted> {
                                 key {
+                                    type 7;
-                                    secret "original password value deleted for security reasons";
+                                    secret 062D5672557B58080A40065958;
                                 }
                             }
                             server-private <IP-omitted> {
                                 key {
+                                    type 7;
-                                    secret "original password value deleted for security reasons";
+                                    secret 022D5D0812335E3043191D4B51;
                                 }
                             }
                             ip {
                                 vrf {
-                                    forwarding Mgmt-intf;
                                 }
                             }
                         }
                     }
                 }
             }
             ios:banner {
-                login "======================================================================\r\nThis system is protected by intellectual property rights.\r\n\r\nAny unauthorized access is strictly prohibited and will be prosecuted\r\nto the full extent of applicable local and international law.\r\n======================================================================";
+                login "======================================================================\r\nThis system is protected by intellectual property rights.\r\nAny unauthorized access is strictly prohibited and will be prosecuted\r\nto the full extent of applicable local and international law.\r\n======================================================================";
             }
             ios:router {
                 bgp 48582 {
                     neighbor <IP-omitted> {
                         password {
+                            enctype 7;
+                            text 051E015616566C50162A19285A5E;
                         }
                     }
                     neighbor <IP-omitted> {
                         password {
+                            enctype 7;
+                            text 140215523B1E08722B073D0F7341;
                         }
                     }
                     neighbor <IP-omitted> {
                         password {
+                            enctype 7;
+                            text 021303023C1C2D78436107235445;
                         }
                     }
                     neighbor <IP-omitted>{
                         password {
+                            enctype 7;
+                            text 140215523B1E08722B073D0F7341;
                         }
                     }
                     address-family {
                         ipv4 unicast {
                             neighbor <IP-omitted>{
                                 password {
-                                    text "original password value deleted for security reasons";
                                 }
                             }
                             neighbor <IP-omitted> {
                                 password {
-                                    text "original password value deleted for security reasons";
                                 }
                             }
                             neighbor <IP-omitted> {
                                 password {
-                                    text "original password value deleted for security reasons";
                                 }
                             }
                         }
                         ipv6 unicast {
                             neighbor <IP-omitted>{
                                 password {
-                                    text "original password value deleted for security reasons";
                                 }
                             }
                             neighbor <IP-omitted> {
                                 password {
-                                    text "original password value deleted for security reasons";
                                 }
                             }
                             neighbor <IP-omitted> {
                                 password {
-                                    text "original password value deleted for security reasons";
                                 }
                             }
                         }
                     }
                 }
             }
         }
     }
 }

Conditions:
n/a
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.