Article ID: 5335
Products
DFE
N-Series
Firmware 4.00.50 and higher
Firmware 3.51.01 and lower
Related to
Passwords
SNMPv3
Commands
'show config outfile'
'configure'
Changes
Executed a saved DFE configuration file
Symptoms
Lost hashed / encrypted data
Reverted back to default passwords
Cause
The 'show config' command may be used to display a full DFE system configuration. When used with the 'outfile' option, the output is directed to a file rather than to the system console. That file, either left in place or having been copied from/to other locations, may then be used as the target of a 'configure' command in order to boot a DFE system onto that specific configuration. See
5035, for more about these commands.
With firmware 3.51.01 and lower, commands which display chassis secrets like user passwords, and similar secrets for other applications such as SNMPv3, have these lines commented out with asterisks in place of the password/secret, in the output of a 'show config'.
With firmware 4.00.50 and higher, rather than being commented out the password/secret data is converted to an encrypted ASCII format. This encryption is specific to the chassis the configuration was pulled from and is only decodable by that chassis.
With any version of firmware, activating such a saved configuration file by means of the 'configure' command will have unexpected effects - with older firmware, the password/secret data will revert to default values; and with newer firmware, the password/secret data will revert to default values
if activated in a different chassis.
Solution
If the password/secret data is lost under the conditions stated above, you must either:
- remove the chassis-specific encrypted password command lines;
-or-
- replace the lines with versions that have clear text passwords; -or-
- ignore the errors the lines will produce.
See also: 5037.
