HP ProCurve 3500yl Release Notes page 67

Software version k.13.49

Hide thumbs Also See for ProCurve 3500yl:

Access security manual (778 pages)

Specifications (16 pages)

Features (6 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

page of 219

/ 219
Contents
Table of Contents
Bookmarks

Table of Contents

Restrictions

The following restrictions apply when you enable security credentials to be stored in the running

configuration with the include-credentials command:

■

The private keys of an SSH host cannot be stored in the running configuration. Only the

public keys used to authenticate SSH clients can be stored. An SSH host's private key is only

stored internally; for example, on the switch or on an SSH client device.

■

SNMPv3 security credentials saved to a configuration file on a switch cannot be used after

downloading the file on a different switch. The SNMPv3 security parameters in the file are

only supported when loaded on the same switch for which they were configured.

The reason is that when SNMPv3 security credentials are saved to a configuration file, they are

saved with the engine ID of the switch as shown here:

snmpv3 engine-id 00:00:00:0b:00:00:08:00:09:01:10:01

If you download a configuration file with saved SNMPv3 security credentials on a switch, when

the switch loads the file with the current software version, the SNMPv3 engine ID value in the

downloaded file must match the engine ID of the switch in order for the SNMPv3 users to be

configured with the authentication and privacy passwords in the file. (To display the engine ID

of a switch, enter the show snmpv3 engine-id command. To configure authentication and privacy

passwords for SNMPv3 users, enter the snmpv3 user command.)

If the engine ID in the saved SNMPv3 security settings in a downloaded configuration file does

not match the engine ID of the switch:

•

The SNMPv3 users are configured, but without the authentication and privacy pass-

words. You must manually configure these passwords on the switch before the users

can have SNMPv3 access with the privileges you want.

Only the snmpv3 user <user_name> credentials from the SNMPv3 settings in a downloaded

•

configuration file are loaded on the switch; for example:

snmpv3 user boris

snmpv3 user alan

In software release K.12.06 and greater, you can store 802.1X authenticator (port-access)

■

credentials in a configuration file. However, 802.1X supplicant credentials cannot be stored.

In software release K.12.06 and greater, the local operator password configured with the

■

password command is no longer accepted as an 802.1X authenticator credential. A new

configuration command (password port-access) is introduced to configure the username and

password used as 802.1X authentication credentials for access to the switch. You can store

the password port-access values in the running configuration by using the include-credentials

command.

Enhancements

Release K.12.06 Enhancements

Table of Contents

This manual is also suitable for:

Procurve 8212zl Procurve 5400zl 6200yl

HP ProCurve 3500yl Release Notes page 67

Related Manuals for HP ProCurve 3500yl

Related Products for HP ProCurve 3500yl

This manual is also suitable for:

Table of Contents