82 BigIron RX Series Configuration Guide
53-1002253-01
Configuring TACACS and TACACS+ security
4
Syntax: [no] ip ssl certificate-data-file tftp <ip-addr> <certificate-filename>
If you import a digital certificate from a client, it can be no larger than 2048 bytes.
To import an RSA private key from a client using TFTP, enter a command such as the following.
BigIron RX(config)# ip ssl private-key-file tftp 192.168.9.210 keyfile
Syntax: [no] ip ssl private-key-file tftp <ip-addr> <key-filename>
The <ip-addr> is the IP address of a TFTP server that contains the digital certificate or private key.
Generating an SSL certificate
If you did not already import a digital certificate from a client, the device can create a default
certificate. To do this, enter the following command.
BigIron RX(config)# crypto-ssl certificate generate
Syntax: [no] crypto-ssl certificate generate
Deleting the SSL certificate
To delete the SSL certificate, enter the following command.
BigIron RX(config)# crypto-ssl certificate zeroize
Syntax: [no] crypto-ssl certificate zeroize
Configuring TACACS and TACACS+ security
You can use the security protocol Terminal Access Controller Access Control System (TACACS) or
TACACS+ to authenticate the following kinds of access to the device:
• Telnet access
• SSH access
• Web Management access
• Access to the Privileged EXEC level and CONFIG levels of the CLI
You cannot authenticate IronView Network Manager (SNMP) access to a device using TACACS and
TACACS+.
The TACACS and TACACS+ protocols define how authentication, authorization, and accounting
information is sent between a device and an authentication database on a TACACS and TACACS+
server. TACACS and TACACS+ services are maintained in a database, typically on a UNIX
workstation or PC with a TACACS and TACACS+ server running.
To Next Page
Loading...
