Wireless Access

Hi guys,

I use rancid to backuo configs from WLC7010 (8.0.0.0).

The issue is that random generated passwords on Aruba controller keep changing

<...>
ap system-profile "default"
no ap-console-protection
ap-console-password 9e4c0f6d6c840bab9c98c01d4072a0d4bfda02a27ea15046
bkup-passwords f4cdee53b2e453aae11d86f0a91e70fd4eb086af5a9d6aff3022371cdc7a3707

<..>

A minute later

<..>
ap system-profile "default"
no console-enable
no ap-console-protection
ap-console-password 30cfd03a058fd0520c499fa70987455083a84dd043823225
bkup-passwords 91abf57dff1aa0184bf5701546b33646212bd1982bdc2fc5cf8a3ba8e5960ef2
<..>

'f4cdee53b2e453aae11d86f0a91e70fd4eb086af5a9d6aff3022371cdc7a3707' and '91abf57dff1aa0184bf5701546b33646212bd1982bdc2fc5cf8a3ba8e5960ef2' are not matching. This is why I get rancid notifications.

#no ap-console-password
#no bkup-passwords

do not help

Can I somehow delete those config lines ?

Cheers,
Alex.

Try "encrypt disable" before backing up your config.

Hi cjoseph,

Thank you for your reply.

There is a problem here 'encrypt disable' will expose WPA passphrases, keys etc to rancid. That is not what I m looking for - all those key still should be copied as hashes or encripted strings.

What puzzles me is those string are changing.

Is there any other way to stop generating random key strings in config?

Cheers,

Alex.

Alex,

I am not aware of a way.  Maybe someone else can help.

I would think it  might be better to exclude those lines in your Rancid config I have had to perform a similar action in the past. I found a example of someone doing something similar for a ASA.

http://router-secrets.net/tools/rancid/rancid-get-rid-of-recurring-changes-of-coredump-cfg-asa/

I've also done that before. And this password string has popped up in rancid after software upgrade attempt.

I'll eclude the string from parser....sigh....