
Release K.12.06 Enhancements
If you upgrade ProCurve software on a switch from an earlier software release to software
release K.12.06 or greater and then enter the include-credentials command, security
passwords are managed as follows:
The manager password (if any) in the earlier software version is copied into the running
configuration. The other two configuration files, if configured, will not have a manager
password configured.
The operator password (if any) in the earlier software version is copied into the running
configuration. The other two configuration files, if configured, will not have an operator
password configured.
No port-access password for 802.1X authentication is configured. The operator pass-
word in the earlier software version is not automatically copied as the new port-access
password. To configure password access to the switch through 802.1X authentication,
use the password port-access command as described in “Password Command” on page
45. (It is not recommended that you use the same password for operator console access
and for 802.1X port-access authentication.)
The SSH client public-keys for manager and operator access are copied from flash
memory into the running configuration.
The RADIUS shared secret and TACACS+ encryption keys for access to authentication
servers are already included in the running configuration.
SNMPv3 user credentials are already included in the running configuration.
If you downgrade ProCurve software on a switch and use a software release earlier than
K.12.06, security passwords are managed as follows:
Because SNMPv3 user credentials, RADIUS shared secret keys, and TACACS+ encryp-
tion keys are already included in the startup configuration, these security credentials
are not lost. They continue to be used in the earlier software version.
The local manager and operator passwords are not recognized by an earlier software
version and are not saved in the running configuration. However, passwords in inactive
configuration files remain stored there. Although they are not displayed in show config
command output, they are not automatically erased.
Although the hashed SSH client public-keys (for manager and operator access) are not
recognized by an earlier software version, they remain stored so that they are immedi-
ately reloaded if you upgrade back to software release K.12.06 or greater.
As in a software upgrade, no port-access (operator) password for 802.1X authentication
is saved from software release K.12.06 or greater.