Dell FCX624-S Laptop User Manual


  Open as PDF
of 1494
 
PowerConnect B-Series FCX Configuration Guide 1163
53-1002266-01
Configuring TACACS/TACACS+ security
32
If you want to allow the Dell PowerConnect device to create the digital certificates, refer to the next
section, “Generating an SSL certificate”. If you choose to import an RSA certificate and private key
file from a client, you can use TFTP to transfer the files.
For example, to import a digital certificate using TFTP, enter a command such as the following.
PowerConnect(config)#ip ssl certificate-data-file tftp 192.168.9.210 certfile
Syntax: [no] ip ssl certificate-data-file tftp <ip-addr> <certificate-filename>
NOTE
The digital certificate can be up to 4096 bytes. Refer to “Support for SSL digital certificates larger
than 2048 bytes” on page 1162.
To import an RSA private key from a client using TFTP, enter a command such as the following.
PowerConnect(config)#ip ssl private-key-file tftp 192.168.9.210 keyfile
Syntax: [no] ip ssl private-key-file tftp <ip-addr> <key-filename>
The <ip-addr> is the IP address of a TFTP server that contains the digital certificate or private key.
Generating an SSL certificate
After you have imported the digital certificate, it should automatically generate.
If the certificate does not automatically generate, enter the following command to generate it.
PowerConnect(config)#crypto-ssl certificate generate
Syntax: [no] crypto-ssl certificate generate
If you did not already import a digital certificate from a client, the device can create a default
certificate. To do this, enter the following command.
PowerConnect(config)#crypto-ssl certificate generate default_cert
Syntax: [no] crypto-ssl certificate generate default_cert
Deleting the SSL certificate
To delete the SSL certificate, enter the following command.
PowerConnect(config)#crypto-ssl certificate zeroize
Syntax: [no] crypto-ssl certificate zeroize
Configuring TACACS/TACACS+ security
You can use the security protocol Terminal Access Controller Access Control System (TACACS) or
TACACS+ to authenticate the following kinds of access to the Dell PowerConnect device:
Telnet access
SSH access
Console access
Web management access
Access to the Privileged EXEC level and CONFIG levels of the CLI