Add dot11k/dot11v ssid-profile commands

2025-05-28 01:15:27 +02:00 · 2025-05-28 01:15:27 +02:00 · 354ae82906
commit 354ae82906
parent 89a443be1b
1 changed files with 8 additions and 7 deletions
--- a/netbox-aruba-instant-sync.py
+++ b/netbox-aruba-instant-sync.py
@ -77,13 +77,13 @@ try:
 except ImportError:
  from cryptography.hazmat.decrepit.ciphers.algorithms import TripleDES

-# Secrets in the VC config as returned by "show running-config" and similar
-# means Triple DES encrypted. While applying config commands, secrets must be
-# unencrypted (even for "no ..." commands), so this complicates both change
-# detection and generation. Luckily the key static and publicly known (making
-# the encryption pointless from a security perspective). We transparently
-# decrypt parameters for specific commands when reading the config and
-# otherwise pretend this encryption thing does not exist.
+# Secrets in the VC config as returned by "show running-config" are Triple DES
+# encrypted. While applying config commands, secrets must be clear text (even
+# for "no ..." commands), so this complicates both detecting changes and
+# applying them. Luckily the key is static and publicly known (making the
+# encryption pointless from a security perspective). We transparently decrypt
+# parameters for specific commands when reading the config and otherwise
+# pretend this encryption thing does not exist.
 #
 # See also https://seclists.org/fulldisclosure/2016/May/19

@ -134,6 +134,7 @@ CONFIG_COMMANDS = [
  (r'enable|disable', r'enable', None),
  (r'(index|type|opmode|max-authentication-failures|rf-band|captive-portal|dmo-channel-utilization-threshold|local-probe-req-thresh|max-clients-threshold) .+', r'\1', None),
  (r'(zone|essid|wpa-passphrase|vlan|dtim-period|broadcast-filter) .+', r'\1', r'no \1'),
+  (r'(dot11k|dot11v)', r'\1', r'no \1'),

  (r'(wlan access-rule .+)', r'\1', r'no \1'),
  (r'(rule .+)', r'\1', None), # TODO: Sequence Sensitive Command