RSS

Just a simple password change…

18 Jul

Update: what follows applies to IOS as well, but apparently I had never tried making the mistake described below until now. Yay me?! 

Okay regular readers, don’t freak out, but this post has absolutely nothing to do with voice. Not even a little. But I suggest you go with it because change happens and we love it.  (No, we really don’t love it, that’s just more of my charming sarcasm you’ve grown to know and *actually* love…)

So, changing a password on a Nexus 7K, sounds simple enough, right?  Not something I’ve had to do before (remember, voice engineer last three years), but not something I expected to give me any push back doing.  Yes, well, it seems I was wrong about that.

See, I logged into the shiny N7K and typed:

MYSHINY7K(config)#show run | in sec username 

and got back something like:

username AMYENGINEER password 5 MYAWESOMEPASSWORDHASHVALUE role network-admin

Prompting me to type in something like:

MYSHINY7K(config)#username AMYENGINEER password 5 HEREISMYNEWAWESOMEPASSWORD role network-admin 

And press Enter. And then I got totally sassed by the switch with a message that looked like this:

%String failed to match token pattern at ‘^’ marker.

Huh? Well, fast forward after a few minutes after firing up Google, and I land on this helpful gem from the Cisco Support Forums.  It was just enough information to clue me into the fact that the switch didn’t much care for the 5 after the password in my command string. Oh well, pardon me, let me just try that again Mr. Switch.

MYSHINY7K(config)#username AMYENGINEER password HEREISMYAWESOMEPASSWORD role network-admin 

And sure enough, without the 5 in the command string, my syntax was perfectly acceptable. Note that the 5 does show up in the running-config after.

Now for those of you Nexus gurus who already know this and have known it for ages, please feel free to pat yourselves on the back, as for this Nexus newbie, I’ll be over in the corner wondering what hazing fun the switch has planned for me next.

Published 7/18/2013

I also found this support forum post helpful

About these ads
 
9 Comments

Posted by on 2013/07/18 in 7K, Nexus

 

Tags: ,

9 responses to “Just a simple password change…

  1. wifijanitor

    2013/07/18 at 13:30

    but did you learn what the ‘5’ indicates? That’s the real question

     
  2. amyengineer

    2013/07/18 at 13:52

    I already knew, but in case someone doesn’t, here is a good link to the explanation: http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_1/nx-os/security/configuration/guide/sec_rbac.html

     
  3. Shawn

    2013/07/20 at 10:19

    It’s the same in adding a password to a VTY line or set of lines, I believe, on most if not all cisco devices ? I’m a wannabe NE, and not even in the cisco world, so I may be wrong.

     
  4. Shawn

    2013/07/20 at 10:22

    CcnaRack1TS(config-line)#password ?
    0 Specifies an UNENCRYPTED password will follow
    7 Specifies a HIDDEN password will follow
    LINE The UNENCRYPTED (cleartext) line password

     
  5. Josh

    2013/07/22 at 07:44

    Yes, this is true of regular IOS as well. If you include the 5 in the command then the IOS expects the password to be an MD5 hash. If you are entering plaintext use 0 (or leave it out completely and it defaults to 0). When you check the running config you will find that the IOS automatically changes it to a 5 with the appropriate hash rather than the plain text you typed in.

     
  6. amyengineer

    2013/07/22 at 08:13

    Thanks guys! This was a case of my expecting it might be different and using the question mark key to be prompted for the next bit to fill in. I did a test on IOS as well and indeed it does the same thing, I had just never tried making that mistake before! :)

     
  7. Bryce Trapier

    2013/07/22 at 15:09

    Neat little blog, I just stumbled on it doing some research re: city of l***ville. There’s also a complexity check, which is what I thought you were talking about when I first read the headline. For those who aren’t familiar with it, check out the “password strength-check” command – it got me for a minute or two the first time I set up a Nexus box. NX-OS also requires some additional TLV’s if you want to integrate it with ACS. If anyone needs info on that feel free to contact.

     
  8. David

    2013/09/19 at 14:55

    Amy, the Nexus has soooo many “fun” features. I myself have experienced many sleepless nights/cutovers trying to get everything to work. You are in for such a treat! Just wait until you start playing around with vPC+, :)

     

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

Join 233 other followers

%d bloggers like this: