2-13
Configuring Username and Password Security
Saving Security Credentials in a Config File
Security Settings that Can Be Saved
The security settings that can be saved to a configuration file are:
â– Local manager and operator passwords and user names
â– SNMP security credentials, including SNMPv1 community names and
SNMPv3 usernames, authentication, and privacy settings
â– 802.1X port-access passwords and usernames
â– TACACS+ encryption keys
â– RADIUS shared secret (encryption) keys
â– Public keys of SSH-enabled management stations that are used by the
switch to authenticate SSH clients that try to connect to the switch
Executing Include-Credentials or Include-Credentials
Store-in-Config
When include-credentials or include-credentials store-in-config is executed for
the first time, for example, on a new switch, or when you previously have
successfully executed the no include-credentials store-in-config command, the
passwords and SSH keys are not currently stored in the configuration file (not
activated). This warning message displays.
radius-tacacs-only: When executed with the radius-tacacs-only option,
only the RADIUS and TACACS security keys are included in the
configuration when saving files remotely.
The radius-tacacs-only option can be disabled with either command:
no include-credentials
no include-credentials radius-tacacs-only
store-in-config: Stores passwords and SSH authorized keys in the
configuration files. This happens automatically when include-
credentials is enabled.
The no include-credentials store-in-config command disables include-
credentials AND removes credentials stored in the configuration
files. The switch reverts to storing only a single set of passwords
and SSH keys, regardless of which configuration file is booted.
To Next Page
Loading...
Need help?
General