Storing credentials in the switch configuration

Information

By default, usernames and passwords (and other credentials, such as RADIUS/TACACS authentication keys) are stored separately from the switch configuration file, and are not shown when saved or running configurations are displayed. Credentials may be stored and shown as part of the switch configuration using the include-credentials command. If this feature is enabled, Aruba strongly recommends also enabling the encrypt-credentials feature to encrypt stored credentials using aes-256-cbc encryption, using either a hard-coded 256-bit key common to all Aruba switches, or (recommended) a custom pre-shared key defined as either a plaintext string or a 64-character hexadecimal string. Using a pre-shared key common to devices in a given network enables transfer of configurations, including credentials, between devices using the same key.

Solution

To enable both of these features, with credentials encrypted using a custom pre-shared key:

switch(config)# include-credentials
switch(config)# encrypt-credentials pre-shared-key plaintext encryptme

See Also

https://support.hpe.com/hpesc/public/docDisplay?docId=a00056155en_us

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(c)

Plugin: ArubaOS

Control ID: 3184707f890c4905808d9d35235ba80403238328b7de68fe5a300290094b52c2