Why does the crypto key show in "show run" on some switches and not others?
in [Cisco]
|
Prev: "Antivirus Soft" (fake spyware virus) removal guide
Next: WTB: Cisco ws-x6748ge-tx, ws-sup720-3bxl,ws-sup720-3b, ws-x6724-sfp, ws-x6704-10ge
From: ttripp on 4 Feb 2010 10:12 I'm configuring eight identical Cisco 2960 switches running 12.2(44) SE6. I'm puzzled by the following behavior: I am running the "crypto key generate" command on all these switches. However, on those switches where I've turned on port security using the "switchport port-security" command, the crypto key no longer appears when I do a "show run" (they do appear when I do a "show crypto key mypub rsa", so I know they're there). On switches where I don't turn on port security, the key shows up in the config file when I do a "show run". This is not really a problem in my environment, but is there some logical reason for this behavior? Or is it just a bug/feature? Thanks.
From: ttripp on 4 Feb 2010 11:30
On Feb 4, 10:12 am, ttripp <ttr...(a)manh.com> wrote: > I'm configuring eight identical Cisco 2960 switches running 12.2(44) > SE6. I'm puzzled by the following behavior: > > I am running the "crypto key generate" command on all these switches. > However, on those switches where I've turned on port security using > the "switchport port-security" command, the crypto key no longer > appears when I do a "show run" (they do appear when I do a "show > crypto key mypub rsa", so I know they're there). > > On switches where I don't turn on port security, the key shows up in > the config file when I do a "show run". > > This is not really a problem in my environment, but is there some > logical reason for this behavior? Or is it just a bug/feature? > > Thanks. And now I have to take it back. One of the switches shows the crypto key when I do a "show run", even with port-security enabled on an interface. Still wonder what causes this behavior. Is there any way to have the crypto key ALWAYS show up in "show run"? Or, for that matter, for it to NEVER show up? |