Operating notes

  • When you first enter the include-credentials command to save the additional security credentials to the running configuration, these settings are moved from internal storage on the switch to the running-config file.You are prompted by a warning message to perform a write memory operation to save the security credentials to the startup configuration. The message reminds you that if you do not save the current values of these security settings from the running configuration, they will be lost the next time you boot the switch and will revert to the values stored in the startup configuration.

  • When you boot a switch with a startup configuration file that contains the include-credentials command, any security credentials that are stored in internal flash memory are ignored and erased. The switch will load only the security settings in the startup configuration file.

  • Security settings are no longer automatically saved internally in flash memory and loaded with the startup configuration when a switch boots up. The configuration of all security credentials requires that you use the write memory command to save them in the startup configuration in order for them to not be lost when you log off. A warning message reminds you to permanently save a security setting.

  • After you enter the include-credentials command, the currently configured manager and operator usernames and passwords, RADIUS shared secret keys, SNMP and 802.1X authenticator (port-access) security credentials, and SSH client public keys are saved in the running configuration.Use the no include-credentials command to disable the display and copying of these security parameters from the running configuration using the show running-config and copy running-config commands without disabling the configured security settings on the switch. After you enter the include-credentials command, you can toggle between the non-display and display of security credentials in show and copy command output by alternately entering the no include-credentials and include-credentials commands.

  • After you permanently save security configurations to the current startup-config file using the write memory command, you can view and manage security settings with the following commands:
    • show config

      : Displays the configuration settings in the current startup-config file.

    • copy config <source-filename> config <target-filename>

      : Makes a local copy of an existing startup-config file by copying the contents of the startup-config file in one memory slot to a new startup-config file in another, empty memory slot.

    • copy config tftp

      : Uploads a configuration file from the switch to a TFTP server.

    • copy tftp config

      : Downloads a configuration file from a TFTP server to the switch.

    • copy config xmodem

      : Uploads a configuration file from the switch to an Xmodem host.

    • copy xmodem config

      : Downloads a configuration file from an Xmodem host to the switch.

    For more information, see “Transferring startup-config files to or from a remote server” in the management and configuration guide.
  • The switch can store up to three configuration files. Each configuration file contains its own security credentials and these security configurations can differ. It is the responsibility of the system administrator to ensure that the appropriate security credentials are contained in the configuration file that is loaded with each software image and that all security credentials in the file are supported.

  • If you have already enabled the storage of security credentials (including local manager and operator passwords) by entering the include credentials command, the reset-on-clear option is disabled. When you press the Clear button on the front panel, the manager and operator usernames and passwords are deleted from the running configuration. However, the switch does not reboot after the local passwords are erased. (The reset-on-clear option normally reboots the switch when you press the Clear button.)For more in formation, see Configuring front panel security.