1. Home
  2. Cisco Systems
  3. Why does the crypto key show in "show run" on some switches and not others?

Why does the crypto key show in "show run" on some switches and not others?

I'm configuring eight identical Cisco 2960 switches running 12.2(44) SE6. I'm puzzled by the following behavior:

I am running the "crypto key generate" command on all these switches. However, on those switches where I've turned on port security using the "switchport port-security" command, the crypto key no longer appears when I do a "show run" (they do appear when I do a "show crypto key mypub rsa", so I know they're there).

On switches where I don't turn on port security, the key shows up in the config file when I do a "show run".

This is not really a problem in my environment, but is there some logical reason for this behavior? Or is it just a bug/feature?

Thanks.

Reply to
ttripp
Loading thread data ...

And now I have to take it back. One of the switches shows the crypto key when I do a "show run", even with port-security enabled on an interface.

Still wonder what causes this behavior. Is there any way to have the crypto key ALWAYS show up in "show run"? Or, for that matter, for it to NEVER show up?

Reply to
ttripp

Are you sure it's the crypto *keys* shown in running config and not a PKI cert (if you enabled 'ip http secure-server' for example). The local RSA keypair should only be stored in private-config not running/startup.

/Phil

Reply to
Phil Harrison

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.