Configuration files and the include-credentials command

You can use the include-credentials command to store security information in the running-config file. This allows you to upload the file to a TFTP server and then later download the file to the switches on which you want to use the same settings.

The authentication key values are shown in the output of the show running-config and show config commands only if the include-credentials command was executed.

When SNTP authentication is configured and include-credentials has not been executed, the SNTP authentication configuration is not saved.

The following example shows an enabled SNTP authentication with a key-id of 55.

Configuration file with SNTP authentication information

 switch(config) # show config
Startup configuration:
timesync sntp
sntp broadcast
sntp 50
sntp authentication
sntp server priority 1 10.10.10.2.3 key-id 55
sntp server priority 2 fe80::200:24ff:fec8:4ca8 4 key-id 55

In this example, the include-credentials command has not been executed and is not present in the configuration file. The configuration file is subsequently saved to a TFTP server for later use. The SNTP authentication information is not saved and is not present in the retrieved configuration files, as shown in the following example.

Retrieved configuration file when include credentials is not configured

switch(config) # copy tftp startup-config 10.2.3.44 config1
Switch reboots ...
Startup configuration
timesync sntp
sntp broadcast
sntp 50 sntp server priority 1 10.10.10.2.3
sntp server priority 2 fe80::200:24ff:fec8:4ca8 4
IMPORTANT:

The SNTP authentication line and the Key-ids are not displayed. Reconfigure SNTP authentication.

If include-credentials is configured, the SNTP authentication configuration is saved in the configuration file. When the show config command is entered, all of the information that has been configured for SNTP authentication displays, including the key-values.

Saved SNTP Authentication information when include-credentials is configured