Operating Notes
CAUTION:
| |
After you enter the
include-credentials
command, the currently configured manager and operator user names and passwords, RADIUS shared secret keys, SNMP and 802.1X authenticator (port-access) security credentials, and SSH client public keys are saved in the running configuration.Use the
[no] include-credentials
command to disable the display and copying of these security parameters from the running configuration using theshow running-config
andcopy running-config
commands without disabling the configured security settings on the switch.After you enter the
include-credentials
command, you can toggle between the non-display and display of security credentials inshow
andcopy
command output by alternately entering the[no] include-credentials
andinclude-credentials
commands.
After you permanently save security configurations to the current startupconfig file using the
write memory
command, you can view and manage security settings with the following commands.show config
Displays the configuration settings in the current startup-config file.
copy config
copy config
source-filename
config
target-filename
: Makes a local copy of an existing startup-config file by copying the contents of the startup-config file in one memory slot to a new startup-config file in another, empty memory slot.copy config tftp
Uploads a configuration file from the switch to a TFTP server
copy tftp config
Downloads a configuration file from a TFTP server to the switch.
copy config xmodem
Uploads a configuration file from the switch to an Xmodem host.
copy xmodem config
Downloads a configuration file from an Xmodem host to the switch.
For more information, see “Transferring Startup-Config Files To or From a Remote Server” in the management and configuration guide.
The switch can store up to three configuration files. Each configuration file contains its own security credentials and these security configurations can differ. It is the responsibility of the system administrator to ensure that the appropriate security credentials are contained in the configuration file that is loaded with each software image and that all security credentials in the file are supported.
If you have already enabled the storage of security credentials (including local manager and operator passwords) by entering the
include credentials
command, theReset-on-clear
option is disabled. When you press the Clear button on the front panel, the manager and operator user names and passwords are deleted from the running configuration. However, the switch does not reboot after the local passwords are erased. (TheReset-on-clear
option normally reboots the switch when you press the Clear button.)See Configuring front panel security.
If you load a prior software version that does not contain the
encryptcredentials
feature, it is important to back up the configuration and then execute theerase startup
command on the switch. Features that have encrypted parameters configured do not work until those parameters are cleared and reconfigured.Hewlett Packard Enterprise recommends that when executing an
encrypted-<option>
command, you copy and paste the encrypted parameter from a known encrypted password that has been generated on the same switch or another switch with the same pre-shared key (whether user-specified or a default key). If an incorrectly encrypted parameter is used, it is highly likely that the decrypted version will contain incorrect characters, and neither key function correctly or be displayed in anyshow
command.
Interaction with include-credentials settings
The following table shows the interaction between include-credentials
settings
and encrypt-credentials
settings when displaying
or transferring the configuration.
Interactions
include-credentials Active |
include-credentials Enabled |
encrypt-credentials Enabled |
Resulting behavior for sensitive data |
---|---|---|---|
Hidden (default) | |||
Yes | Shown, encrypted | ||
Yes | n/a | ||
Yes | Yes | n/a | |
Yes | Hidden | ||
Yes | Yes | Shown, encrypted | |
Yes | Yes | Shown, plaintext | |
Yes | Yes | Yes | Shown, encrypted |