Why does the Radius key change after code upgrade from 3.4 to 6.x? Why should there be a new configuration file after every reboot?

Aruba Employee

Environment Information  :  Any Mobility Controller and any Aruba OS

 

Symptoms  :  We see the Radius key from "show run" is different between 3.4 and 6.x and we see a lot of config files on the Controller.

 

aaa authentication-server radius "ias-sdc"
   key d6137547e1c0a2e9de981c86a44e18a97b9d3470b3a1ce84

 

Cause  :  The encrypted key info in changed every time a show command and write mem is executed. 
There will be a new file for any configuration conversion from older release to match the newer version.

 

Resolution  :  This is expected behaviour, please refer the Answer for explanation.

 

Answer  :  The encrypted key info in changed every time a show command and write mem is executed.  There will be a new file for any configuration conversion from older release to match the newer version.

Since the configuration file has a marker of the relevant version.  If the configuration file only contains X.X versioning but there were a situation when the configuration change (say due to downgrade) within X.X.X.X level, then the software wouldn't have enough details for the older configuration for proper downgrade.  Hence it is the safe operation to review the configuration upon each boot up.  This upgrade process is one direction, i.e. It only supports from prior version to the current version.  The system MUST keep a version of the original to allow fallback operation.  The operation also reviews for any configuration mismatch by whatever accident including manual restoring a different configuration and this operation is in place for configuration integrity.

Version history
Revision #:
1 of 1
Last update:
‎07-10-2014 04:35 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: