Why does the crypto key show in "show run" on some switches and not others?|
|
|
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||
|
Posted by ttripp on February 4, 2010, 10:12 am
Please log in for more thread options
I'm configuring eight identical Cisco 2960 switches running 12.2(44) SE6. I'm puzzled by the following behavior: I am running the "crypto key generate" command on all these switches. However, on those switches where I've turned on port security using the "switchport port-security" command, the crypto key no longer appears when I do a "show run" (they do appear when I do a "show crypto key mypub rsa", so I know they're there). On switches where I don't turn on port security, the key shows up in the config file when I do a "show run". This is not really a problem in my environment, but is there some logical reason for this behavior? Or is it just a bug/feature? Thanks. | ||||||||||
|
Posted by ttripp on February 4, 2010, 11:30 am
Please log in for more thread options And now I have to take it back. One of the switches shows the crypto key when I do a "show run", even with port-security enabled on an interface. Still wonder what causes this behavior. Is there any way to have the crypto key ALWAYS show up in "show run"? Or, for that matter, for it to NEVER show up? | ||||||||||
|
Posted by Phil Harrison on February 10, 2010, 11:43 am
Please log in for more thread options
>
> And now I have to take it back. One of the switches shows the crypto > key when I do a "show run", even with port-security enabled on an > interface. > > Still wonder what causes this behavior. Is there any way to have the > crypto key ALWAYS show up in "show run"? Or, for that matter, for it > to NEVER show up? Are you sure it's the crypto *keys* shown in running config and not a PKI cert (if you enabled 'ip http secure-server' for example). The local RSA keypair should only be stored in private-config not running/startup. /Phil | ||||||||||
| Similar Threads | Posted |
| Why does the crypto key show in "show run" on some switches and not others? | February 4, 2010, 10:12 am |
| Show Crypto Map | July 2, 2006, 4:47 am |
| show crypto isakmp sa - src/dst explanation | September 10, 2008, 3:42 am |
| show eigrp accros crypto map, no updates | September 13, 2005, 12:07 pm |
| show calendar show clock | September 17, 2006, 10:39 pm |
| Program to show what's attached to network switches cammer.pl -> cammer_c.pl | September 25, 2009, 7:32 am |
| show ver | October 13, 2005, 8:34 am |
| Show dsl int atm0 | February 11, 2005, 3:20 pm |
| Show commands | June 20, 2007, 6:32 pm |
| Show WAN information | July 6, 2006, 11:46 am |
| exiting out of "show run" on PIX | July 11, 2006, 3:32 pm |
| Howto Show RIB and FIB ? | March 18, 2007, 12:21 pm |
| show log filtering | August 13, 2008, 1:17 am |
| pix ver 8 show run scrolls | January 15, 2010, 12:06 am |
| LS1010 show version | July 12, 2005, 7:57 pm |
|
Home Cabling GuideFinally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language! Learn More |
> SE6. =A0I'm puzzled by the following behavior:
>
> I am running the "crypto key generate" command on all these switches.
> However, on those switches where I've turned on port security using
> the "switchport port-security" command, the crypto key no longer
> appears when I do a "show run" =A0(they do appear when I do a "show
> crypto key mypub rsa", so I know they're there).
>
> On switches where I don't turn on port security, the key shows up in
> the config file when I do a "show run".
>
> This is not really a problem in my environment, but is there some
> logical reason for this behavior? =A0Or is it just a bug/feature?
>
> Thanks.