Configuring Username and Password Security

Saving Security Credentials in a Config File

The chapter on “Switch Memory and Configuration” in the Management and Configuration Guide.

“Configuring Local Password Security” on page 2-6in this guide.

Enabling the Storage and Display of Security Credentials

To enable the security settings, enter the include-credentialscommand.

Syntax: [no] include-credentials

Enables the inclusion and display of the currently configured manager and operator usernames and passwords, RADIUS shared secret keys, SNMP and 802.1X authenticator (port-access) security credentials, and SSH client public-keys in the running configuration.

To view the currently configured security settings in the running configuration, enter one of the following commands:

show running-config:Displays the configuration settings in the current running-config file.

write terminal: Displays the configuration settings in the current running-config file.

For more information, refer to “Switch Memory and Configuration” in the Management and Configuration Guide. The “no” form of the command disables only the display and copying of these security parameters from the running configuration, while the security settings remain active in the running configuration. Default: The security credentials described in “Security Settings that Can Be Saved” on page 2-11are not stored in the running configuration.

Security Settings that Can Be Saved

The security settings that can be saved are:

Local manager and operator passwords and user names

SNMP security credentials, including SNMPv1 community names and SNMPv3 usernames, authentication, and privacy settings

802.1X port-access passwords and usernames

TACACS+ encryption keys

RADIUS shared secret (encryption) keys

Public keys of SSH-enabled management stations that are used by the switch to authenticate SSH clients that try to connect to the switch

2-11