Configuring Username and Password Security

Saving Security Credentials in a Config File

Saving Security Credentials in a ConfigFile

You can store and view the following security settings in internal flash memory by entering the include-credentialscommand:

Local manager and operator passwords and (optional) user names that control access to a management session on the switch through the CLI, menu interface, or web browser interface

SNMP security credentials used by network management stations to access a switch, including authentication and privacy passwords

Port-access passwords and usernames used as 802.1X authentication credentials for access to the switch

TACACS+ encryption keys used to encrypt packets and secure authentication sessions with TACACS+ servers

RADIUS shared secret (encryption) keys used to encrypt packets and secure authentication sessions with RADIUS servers

Secure Shell (SSH) public keys used to authenticate SSH clients that try to connect to the switch.

Benefits of Saving Security Credentials

The benefits of including and saving security credentials are as follows:

After making changes to security parameters in the running configuration, you can experiment with the new configuration and, if necessary, view the new security settings during the session. After verifying the configuration, you can then save it permanently by writing the settings to the startup-config file.

By permanently saving a switch’s security credentials in internal flash memory, you can upload the file to a TFTP server, and later download the file to the ProCurve switches on which you want to use the same security settings without having to manually configure the settings (except for SNMPv3 user parameters) on each switch.

By storing different security settings in different files, you can test different security configurations when you first download a new software version that supports multiple configuration files, by changing the configuration file used when you reboot the switch.

For more information about how to experiment with, upload, download, and use configuration files with different software versions, refer to the following:

2-10