Index – 5
zeroing a key … 6-11
zeroize … 6-11
SSL
CA-signed … 7-4, 7-15
CA-signed certificate … 7-4, 7-15
CLI commands … 7-7
client behavior … 7-17, 7-18
crypto key … 7-10
disabling … 7-10
enabling … 7-17
erase certificate key pair … 7-10
erase host key pair … 7-10
generate CA-signed certificate … 7-15
generate host key pair … 7-10
generate self-signed … 7-13
generate self-signed certificate … 7-10, 7-13
generate server host certificate … 7-10
generating Host Certificate … 7-9
host key pair … 7-10
key, babble … 7-12
key, fingerprint … 7-12
man-in-the-middle spoofing … 7-18
OpenSSL … 7-2
operating notes … 7-6
operating rules … 7-6
passwords, assigning … 7-7
prerequisites … 7-5
remove self-signed certificate … 7-10
remove server host certificate … 7-10
reserved TCP port numbers … 7-20
root … 7-4
root certificate … 7-4
self-signed … 7-4, 7-13
self-signed certificate … 7-4, 7-10, 7-13
server host certificate … 7-10
SSL server … 7-3
SSLv3 … 7-2
stacking, security … 7-6
steps for configuring … 7-5
supported encryption methods … 7-3
terminology…7-3
TLSv1…7-2
troubleshooting, operating … 7-21
version … 7-2
zeroize … 7-10, 7-12
stacking
SSH security … 6-8
SSL security … 7-6
T
TACACS
aaa parameters … 4-12
authentication … 4-3
authentication process … 4-20
authentication, local … 4-22
authorized IP managers, effect … 4-25
authorized IP managers, precedence … 11-2
configuration, authentication … 4-11
configuration, encryption key … 4-19
configuration, server access … 4-15
configuration, timeout … 4-20
configuration, viewing … 4-10
encryption key … 4-6, 4-15, 4-16, 4-19
encryption key, general operation … 4-23
encryption key, global … 4-20
general operation … 4-2
IP address, server … 4-15
local manager password requirement … 4-26
messages … 4-25
NAS … 4-3
overview … 1-2
precautions … 4-5
preparing to configure … 4-8
preventing switch lockout … 4-15
privilege level code … 4-7
server access … 4-15
server priority … 4-18
setup, general … 4-5
show authentication … 4-8
system requirements … 4-5
TACACS+ server … 4-3
testing … 4-5
timeout … 4-15
troubleshooting … 4-6
unauthorized access, preventing … 4-7
web access, controlling … 4-24
web access, no effect on … 4-5
tacacs-server … 4-8
TCP
reserved port numbers … 7-20
TLS
See RADIUS.
troubleshooting
authorized IP managers … 11-12
trunk
filter, source-port … 10-2, 10-6
LACP, 802.1X not allowed … 8-15