Configuring Username and Password Security

Saving Security Credentials in a Config File

user-name <name>: the optional text string of the user name associated with the password.

<hash-type>: specifies the type of algorithm (if any) used to hash the password. Valid values are plaintext or sha-1

<password>: the clear ASCII text string or SHA-1 hash of the password.

You can enter a manager, operator, or 802.1X port-access password in clear ASCII text or hashed format. However, manager and operator passwords are displayed and saved in a configuration file only in hashed format; port-access passwords are displayed and saved only as plain ASCII text.

After you enter the complete command syntax, the password is set. You are not prompted to enter the password a second time.

This command enhancement allows you to configure manager, operator, and 802.1X port-access passwords in only one step (instead of entering the password command and then being prompted twice to enter the actual password).

For more information about configuring local manager and operator passwords, refer to “Configuring Username and Password Security” on page 2-1in this guide.

For more information about configuring a port-access password for 802.1X client authentication, see “802.1X Port-Access Credentials” on page 2-14in this guide.

SNMP Security Credentials

SNMPv1 community names and write-access settings, and SNMPv3 usernames continue to be saved in the running configuration file even when you enter the include-credentialscommand.

In addition, the following SNMPv3 security parameters are also saved:

snmpv3 user “<name>" [auth <md5sha> “<auth-pass>”] [priv “<priv-pass>"]

where:

<name> is the name of an SNMPv3 management station.

[auth <md5 sha>] is the (optional) authentication method used for the management station.

<auth-pass> is the hashed authentication password used with the configured authentication method.

2-13