KB.15.15

Syntax

[no]include-credentials[radius-tacacs-only|store-in-config]

Enables the inclusion of passwords and security credentials in each configuration file when the file

is saved onto a remote server or workstation. When [no]include-credentials is executed,

include-credentials is disabled. Credentials continue to be stored in the active and inactive

configuration files but are not displayed.

radius-tacacs-only

When executed with the radius-tacacs-only option, only the RADIUS and TACACS

security keys are included in the configuration when saving files remotely.

The radius-tacacs-only option can be disabled with either command:

[no]include-credentials

[no]include-credentials radius-tacacs-only

store-in-config

Stores passwords and SSH authorized keys in the configuration files. This happens automatically

when include-credentials is enabled.

The [no]include-credentials store-in-config command disables the

include-credentials command and removes credentials stored in the configuration files.

The switch reverts to storing only a single set of passwords and SSH keys, regardless of which

configuration file is booted.

When include-credentials radius-tacacs-only is executed, a warning message displays.

Figure 6 Display of caution message for radius-tacacs-only option

Displaying the status of include-credentials on the switch

The show include-credentials command provides the current status of include-credentials

on the switch.

Syntax:

show include-credentials

Displays information about the passwords and SSH keys stored in the configuration.

Stored in configuration — yes

The passwords and SSH keys are stored in the configuration. Include-credentials was executed.

Stored in configuration — no

There is only one set of operator/manager passwords and one set of SSH keys for the switch.

Enabled in active configuration

Include-credentials is either enabled or disabled.

RADIUS/TACACS only

Displayed when the option is configured.

32 Configuring Username and Password Security