Configuring Username and Password Security
Saving Security Credentials in a Config File
C a u t i o n
2-12
Security Settings that Can Be Saved
The security settings that can be saved to a configuration file are:
■
Local manager and operator passwords and user names
SNMP security credentials, including SNMPv1 community names and
■
SNMPv3 usernames, authentication, and privacy settings
802.1X port-access passwords and usernames
■
■
TACACS+ encryption keys
RADIUS shared secret (encryption) keys
■
Public keys of SSH-enabled management stations that are used by the
■
switch to authenticate SSH clients that try to connect to the switch
Local Manager and Operator Passwords
The information saved to the running-config file when the include-credentials
command is entered includes:
password manager [user-name <name>] <hash-type> <pass-hash>
password operator [user-name <name>] <hash-type> <pass-hash>
where
<name> is an alphanumeric string for the user name assigned to the
manager or operator.
<hash-type> indicates the type of hash algorithm used: SHA-1 or plain
text.
<pass-hash> is the SHA-1 authentication protocol's hash of the pass-
word or clear ASCII text.
For example, a manager username and password may be stored in a running-
config file as follows:
password manager user-name George SHA1
2fd4e1c67a2d28fced849ee1bb76e7391b93eb12
Use the write memory command to save the password configurations in the
startup-config file. The passwords take effect when the switch boots with the
software version associated with that configuration file.
If a startup configuration file includes other security credentials, but does not
contain a manager or operator password, the switch will not have password
protection and can be accessed through Telnet, the serial port, or WebAgent
with full manager privileges.