[rancid] Nortel switches

andrew.brennan+rancid at drexel.edu andrew.brennan+rancid at drexel.edu
Thu Jan 23 16:58:36 UTC 2014

Aruba equipment has a similar behavior, you can disable the encryption at 
the start of a RANCID login and re-enable it when you're done.  I am *not* 
a fan of doing that, though, as it translates to unnecessary config change 
that has it's own side effects based in Aruba's architecture.  We replace 
a number of their encrypted strings as <removed> and comment those lines.

Does the Nortel equipment let you re-enter the passwords using the strings 
you get from your "show config" output?  I vaguely remember some equipment 
that would encrypt the passwords during a show ... but they weren't usable 
in that encrypted form.


On Thu, 23 Jan 2014, Pawe? Rzepa wrote:

> Hi,
> I use rancid to gather config from Nortel switches. Every time I run
> 'show run' command I get different output for passwords, even if the
> real user password hasn't been changed:
> show run:
> ....
> access user user-password "encoded-password"
> ....
> second execution of show run
> ....
> access user user-password "same-password-encoded-in-different-way"
> ....
> Obviously rancid/cvs treats it as a config change. I don't want to
> filter out encoded password.
> Is there any way to keep the changes saved in cvs but not to generate
> a new version in cvs subsystem for this change and not to send emails
> (the latter is probably the implication of the former)?
> Regards,
> Pawel
> _______________________________________________
> Rancid-discuss mailing list
> Rancid-discuss at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo/rancid-discuss

More information about the Rancid-discuss mailing list