Generating An Ssl Certificate; Configuring Tacacs And Tacacs+ Security - Dell PowerConnect B-RX Configuration Manual

4

Configuring TACACS and TACACS+ security

Syntax: [no] ip ssl certificate-data-file tftp <ip-addr> <certificate-filename>
NOTE
If you import a digital certificate from a client, it can be no larger than 2048 bytes.
To import an RSA private key from a client using TFTP, enter a command such as the following.
BigIron RX(config)# ip ssl private-key-file tftp 192.168.9.210 keyfile
Syntax: [no] ip ssl private-key-file tftp <ip-addr> <key-filename>
The <ip-addr> is the IP address of a TFTP server that contains the digital certificate or private key.

Generating an SSL certificate

If you did not already import a digital certificate from a client, the device can create a default
certificate. To do this, enter the following command.
BigIron RX(config)# crypto-ssl certificate generate
Syntax: [no] crypto-ssl certificate generate
Deleting the SSL certificate
To delete the SSL certificate, enter the following command.
BigIron RX(config)# crypto-ssl certificate zeroize
Syntax: [no] crypto-ssl certificate zeroize
Configuring TACACS and TACACS+ security
You can use the security protocol Terminal Access Controller Access Control System (TACACS) or
TACACS+ to authenticate the following kinds of access to the device:
•
•
•
•
NOTE
You cannot authenticate IronView Network Manager (SNMP) access to a device using TACACS and
TACACS+.
The TACACS and TACACS+ protocols define how authentication, authorization, and accounting
information is sent between a device and an authentication database on a TACACS and TACACS+
server. TACACS and TACACS+ services are maintained in a database, typically on a UNIX
workstation or PC with a TACACS and TACACS+ server running.
82
Telnet access
SSH access
Web Management access
Access to the Privileged EXEC level and CONFIG levels of the CLI
BigIron RX Series Configuration Guide
53-1002253-01