Configure NCM to Ignore Password Changes in F5 Backups
Article ID: 428888
Updated On:
Products
Issue/Introduction
Network Configuration Manager (NCM) captures indicate configuration changes occurred on F5 devices, but the differences are solely related to automated password or hash rotation. Specifically, lines containing "auth-password" and "privacy-password" change daily or weekly, triggering false positive change alerts in NCM.
SYMPTOMS:
-
NCM reports configuration differences every time a backup runs.
-
Comparison views show changes only in password/encryption lines.
-
No actual administrative changes were made to the device configuration.
Environment
-
DX NetOps Spectrum (Network Configuration Manager)
-
F5 Load Balancers
-
SSH Backup communication
Cause
The differences are solely related to automated password or hash rotation
Resolution
PREREQUISITES:
-
Access to OneClick Console.
-
NCM privileges to edit Global Sync Task or device family settings.
STEPS:
-
IDENTIFY THE REGEX MASKS
Use the following Regular Expressions (Regex) to identify and ignore the changing lines.
Auth (Plain): ^\s*auth-password\s+.*
Auth (Encrypted): ^\s*auth-password-encrypted\s+.*
Privacy (Plain): ^\s*privacy-password\s+.*
Privacy (Encrypted): ^\s*privacy-password-encrypted\s+.*
-
APPLY MASKS IN NCM
Apply these masks to the specific device family or global sync task configuration.
Path: NCM Configuration > Comparison Masks
Add the four regex patterns listed in Step 1.
EXPECTED: NCM accepts the patterns without error. NOTE: Ensure no leading or trailing spaces are added unless part of the regex.
-
VERIFY CONFIGURATION
Trigger a new capture or wait for the next scheduled backup.
EXPECTED: The "auth" and "privacy" password lines are ignored during comparison, and NCM no longer flags these rotations as configuration changes.
Feedback
