ArubaOS: Encrypt credentials in config files

By default, credentials such as RADIUS or TACACS authentication keys, are stored separately from the switch configuration, and are not shown when saved or running configurations are displayed or copied using TFTP or SSH. You can change this behavior using the include-credentials command. This clearly seems to be a security issue, because the displays credentials are unencrypted. You can check the current status using show include-credentials. HP Switch(config)# show include-credentials Stored in Configuration : Yes Enabled in Active Configuration : Yes Include ClearPass Keys : No If you want to encrypt these credentials, you can use the encrypt-credentials command.

Notes about 802.1x and MAC authentication

Open network ports in offices, waiting rooms and entrance halls make me curious. Sometimes I want to plugin a network cable, just to see if I get an IP address. I know many companies that does not care about network access control. Anybody can plugin any device to the network. When talking with customers about network access control, or port security, I often hear their complains about complexity. It’s too complex to implement, to hard to administrate.