EasyManua.ls Logo

HP J8693A

HP J8693A
778 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
2-29
Configuring Username and Password Security
Encrypting Credentials in the Configuration File
the username and password used as 802.1X authentication credentials for
access to the switch. You can store the password port-access values in the
running configuration file by using the include-credentials command.
Note that the password port-access values are configured separately from
local operator username and passwords configured with the password
operator command and used for management access to the switch. For
more information about how to use the password port-access command
to configure operator passwords and usernames for 802.1X authentica-
tion, see “Do These Steps Before You Configure 802.1X Operation” on page
13-13 in this guide.
Encrypting Credentials in the
Configuration File
Overview
A security risk is present when credentials used for authentication to remote
devices such as RADIUS or TACACS+ servers are displayed in the configura-
tion file in plain text. The encrypt-credentials command allows the storing,
displaying, and transferring of credentials in encrypted form.
When the encrypt-credentials feature is enabled, the affected credentials will
be encrypted using aes-256-cbc encryption. By default, a fixed, hard-coded
256-bit key that is common to all HP networking devices is used. This allows
transfer of configurations with all relevant credentials and provides much
more security than plaintext passwords in the configuration.
Additionally, you can set a separate, 256-bit pre-shared key, however, you must
now set the pre-shared key on the destination device before transferring the
configuration. The pre-shared key on the destination device must be identical
to the pre-shared key on the source device or the affected security credentials
will not be usable. This key is only accessible using the CLI, and is not visible
in any file transfers.
Note It is expected that plaintext passwords will continue to be used for configuring
the switch. The encrypted credentials option is available primarily for the
backup and restore of configurations.

Table of Contents

Other manuals for HP J8693A

Related product manuals