Enabling the storage and display of security credentials
To enable the security settings, enter the
include-credentials
command.
include-credentials [radius-tacacs-only|store-in-config]
no include-credentials [radius-tacacs-only|store-in-config]
Enables the inclusion and display of the currently configured manager and operator usernames and passwords, RADIUS shared secret keys, SNMP and 802.1X authenticator (port-access) security credentials, and SSH client public keys in the running configuration. (Earlier software releases store these security configuration settings only in internal flash memory and do not allow you to include and view them in the running-config file.)
To view the currently configured security settings in the running configuration, enter one of the following commands:
show running-config
: Displays the configuration settings in the current running-config file.
write terminal
: Displays the configuration settings in the current running-config file.
For more information, see “Switch Memory and Configuration” in the basic operation guide.
To view the current status of include-credentials on the switch, enter
show include-credentials
. See
Displaying the status of include-credentials.
The
no
form of the command disables only the display and copying of these security parameters from the running configuration, while the security settings remain active in the running configuration.
Default: The security credentials described in Security settings that can be saved are not stored in the running configuration.
radius-tacacs-only
When executed with the
radius-tacacs-only
option, only the RADIUS and TACACS security keys are included in the configuration when saving files remotely.The
radius-tacacs-only
option can be disabled with either commandno include-credentials
no include-credentials radius-tacacs-only
store-in-config:
Stores passwords and SSH authorized keys in the configuration files. This happens automatically when
include-credentials
is enabled.no include-credentials store-in-config
The
no include-credentials store-in-config
command disablesinclude-credentials
and removes credentials stored in the configuration files. The switch reverts to storing only a single set of passwords and SSH keys, regardless of which configuration file is booted.