HP ProCurve 9304M Security Manual page 36

Routing switches

Hide thumbs Also See for ProCurve 9304M:

Management and configuration manual (690 pages)

Installation and configuration manual (504 pages)

Installation and getting started manual (348 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

page of 172

/ 172
Contents
Table of Contents
Bookmarks

Table of Contents

Security Guide for ProCurve 9300/9400 Series Routing Switches

ProCurveRS(config)# ip ssl certificate-data-file tftp 192.168.9.210 certfile

Syntax: [no] ip ssl certificate-data-file tftp <ip-addr> <certificate-filename>

NOTE: If you import a digital certificate from a client, it can be no larger than 2048 bytes.

To import an RSA private key from a client using TFTP, enter a command such as the following:

ProCurveRS(config)# ip ssl private-key-file tftp 192.168.9.210 keyfile

Syntax: [no] ip ssl private-key-file tftp <ip-addr> <key-filename>

The <ip-addr> is the IP address of a TFTP server that contains the digital certificate or private key.

Generating an SSL Certificate

After you have imported the digital certificate, generate the SSL certificate by entering the following command:

ProCurveRS(config)# crypto-ssl certificate generate

Syntax: [no] crypto-ssl certificate generate

If you did not already import a digital certificate from a client, the device can create a default certificate. To do this,

enter the following command:

ProCurveRS(config)# crypto-ssl certificate generate default

Syntax: [no] crypto-ssl certificate generate default

Deleting the SSL Certificate

To delete the SSL certificate, enter the following command:

ProCurveRS(config)# crypto-ssl certificate zeroize

Syntax: [no] crypto-ssl certificate zeroize

Configuring TACACS/TACACS+ Security

You can use the security protocol Terminal Access Controller Access Control System (TACACS) or TACACS+ to

authenticate the following kinds of access to the HP device

•

Telnet access

•

SSH access

•

Web management access

•

Access to the Privileged EXEC level and CONFIG levels of the CLI

The TACACS and TACACS+ protocols define how authentication, authorization, and accounting information is

sent between an HP device and an authentication database on a TACACS/TACACS+ server. TACACS/TACACS+

services are maintained in a database, typically on a UNIX workstation or PC with a TACACS/TACACS+ server

running.

How TACACS+ Differs from TACACS

TACACS is a simple UDP-based access control protocol originally developed by BBN for MILNET. TACACS+ is an

enhancement to TACACS and uses TCP to ensure reliable delivery.

TACACS+ is an enhancement to the TACACS security protocol. TACACS+ improves on TACACS by separating

the functions of authentication, authorization, and accounting (AAA) and by encrypting all traffic between the HP

device and the TACACS+ server. TACACS+ allows for arbitrary length and content authentication exchanges,

which allow any authentication mechanism to be utilized with the HP device. TACACS+ is extensible to provide for

site customization and future development features. The protocol allows the HP device to request very precise

access control and allows the TACACS+ server to respond to each component of that request.

2 - 20

June 2005

Table of Contents

This manual is also suitable for:

J4139aProcurve 9308mJ4874a Procurve 9408sl J4138a J8680a ... Show all

HP ProCurve 9304M Security Manual page 36

Related Manuals for HP ProCurve 9304M

Related Products for HP ProCurve 9304M

This manual is also suitable for:

Table of Contents