KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

Figure 26 Example of security credentials saved in the running-config

Although you can enter a SNMPv3 authentication or privacy password in either clear ASCII text

or the SHA-1 hash of the password, the password is displayed and saved in a configuration file

only in hashed format, as shown in Figure 26 (page 48).

For more information about the configuration of SNMP security replaceables, see "Configuring

for Network Management Applications" in Management and Configuration Guide for your switch.

Storing 802.1X port-access credentials

802.1X authenticator (port-access) credentials can be stored in a configuration file.

• 802.1X authenticator credentials are used by a port to authenticate supplicants requesting a

point-to-point connection to the switch.

• 802.1X supplicant credentials are used by the switch to establish a point-to-point connection

to a port on another 802.1X-aware switch.

Only 802.1X authenticator credentials are stored in a configuration file. For information about

how to use 802.1X on the switch both as an authenticator and a supplicant, see “Storing 802.1X

port-access credentials” (page 48).

The local password configured with the password command is no longer accepted as an 802.1X

authenticator credential. A new configuration command password port-access is introduced

to configure the local operator username and password used as 802.1X authentication credentials

for access to the switch.

The password port-access values are now configured separately from the manager and

operator passwords configured with the password manager and password operator

commands and used for management access to the switch. For information on the new password

command syntax, see “Configuring local password security” (page 21)

After entering the complete password port-access command, the password is set. You are

not prompted to enter the password a second time.

Storage states when using include-credentials

The following table shows the states of several access types when the factory default settings are

in effect or when include-credentials is enabled or not enabled.

[no]include-credentials

executed

include-credentials

disabled but active

include-credentials

enabled

Factory defaultType

One set for switchSame as

include-credentials

enabled

One set per stored

config.

Stored in config.

Single set for switch.

Stored outside config.

Not displayed in

config file.

manager/operator

passwords & port

access

No credentials

displayed in config

Not displayed in

config

Displayed in config.

One set for switchSame as

include-credentials

enabled

One set per stored

config

Stored in flash

One set for switch

Stored in flash

Not displayed in

config

SSH Public Key

No credentials

displayed in config

Not displayed in

config

Displayed in config

48 Configuring Username and Password Security