Access Security Guide K/KA/KB.15.15
Set or clear a local username/password for a given access level.
manager
Configures access to the switch with manager-level privileges.
operator
Configures access to the switch with operator-level privileges.
port access
Configures access to the switch through 802.1X authentication with operator-level
privileges.
user-name <name>
The optional text string of the user name associated with the password.
<hash-type>
Specifies the type of algorithm (if any) used to hash the password. Valid values
are plaintext or sha-1.
<password>
The clear ASCII text string or SHA-1 hash of the password.
You can enter a manager, operator, or 802.1X port-access password in clear ASCII text or hashed
format. However, manager and operator passwords are displayed and saved in a configuration
file only in hashed format; port-access passwords are displayed and saved only as plain ASCII
text.
• For more information about configuring local manager and operator passwords,“Configuring
Username and Password Security” (page 20).
• For more information about configuring a port-access password for 802.1X client authentication.
See“802.1X Port-based access control” (page 338).
SNMP Security Credentials
SNMPv1 community names and write-access settings, and SNMPv3 usernames continue to be
saved in the running configuration file even when you enter the include-credentials command.
In addition, the following SNMPv3 security parameters are also saved:
snmpv3 user “<name>"[auth <md5|sha>“<auth pass>"][priv
“<priv-pass>"]
Where
“<name>"
Is the name of an SNMPv3 management station.
[auth <md5|sha>
Iis the (optional) authentication method used for the management station.
“<auth pass>"
Is the hashed authentication password used with the configured authentication
method.
[priv “<priv-pass>"]
Is the (optional) hashed privacy password used by a privacy protocol to encrypt
SNMPv3 messages between the switch and the station.
The following example shows the additional security credentials for SNMPv3 users that can be
saved in a running-config file.
Security credentials 27