Configuring Username and Password Security

 

Saving Security Credentials in a Config File

 

Operating Notes

 

 

C a u t i o n

When you first enter the include-credentialscommand to save the

 

additional security credentials to the running configuration, these settings

 

are moved from internal storage on the switch to the running-config file.

 

You are prompted by a warning message to perform a write memory

 

operation to save the security credentials to the startup configuration. The

 

message reminds you that if you do not save the current values of these

 

security settings from the running configuration, they will be lost the next

 

time you boot the switch and will revert to the values stored in the startup

 

configuration.

 

When you boot a switch with a startup configuration file that contains the

 

include-credentialscommand, any security credentials that are stored in

 

internal flash memory are ignored and erased. The switch will load only

 

the security settings in the startup configuration file.

 

Security settings are no longer automatically saved internally in flash

 

memory and loaded with the startup configuration when a switch boots

 

up. The configuration of all security credentials requires that you use the

 

write memory command to save them in the startup configuration in order

 

for them to not be lost when you log off. A warning message reminds you

 

to permanently save a security setting.

 

After you enter the include-credentialscommand, the currently configured

 

 

manager and operator usernames and passwords, RADIUS shared secret

 

keys, SNMP and 802.1X authenticator (port-access) security credentials,

 

and SSH client public-keys are saved in the running configuration.

 

Use the no include-credentialscommand to disable the display and copying

 

of these security parameters from the running configuration (using the

 

show running-config and copy running-config commands), without disabling

 

the configured security settings on the switch.

 

After you enter the include-credentialscommand, you can toggle between

 

the non-display and display of security credentials in show and copy

 

command output by alternately entering the no include-credentialsand

 

include-credentials commands.

 

After you permanently save security configurations to the current startup-

 

config file using the write memory command, you can view and manage

 

security settings with the following commands:

 

show config: Displays the configuration settings in the current startup-

 

config file.

2-19