Generating an ssl certificate, Configuring tacacs and tacacs+ security, How tacacs+ differs from tacacs – Brocade BigIron RX Series Configuration Guide User Manual

Page 153: Deleting the ssl certificate

background image

BigIron RX Series Configuration Guide

75

53-1002484-04

Configuring TACACS and TACACS+ security

3

Generating an SSL certificate

If you did not already import a digital certificate from a client, the device can create a default
certificate. To do this, enter the following command.

BigIron RX(config)# crypto-ssl certificate generate

Syntax: [no] crypto-ssl certificate generate

Deleting the SSL certificate

To delete the SSL certificate, enter the following command.

BigIron RX(config)# crypto-ssl certificate zeroize

Syntax: [no] crypto-ssl certificate zeroize

Configuring TACACS and TACACS+ security

You can use the security protocol Terminal Access Controller Access Control System (TACACS) or
TACACS+ to authenticate the following kinds of access to the device:

Telnet access

SSH access

Web Management access

Access to the Privileged EXEC level and CONFIG levels of the CLI

NOTE

You cannot authenticate Brocade Network Advisor access to a device using TACACS and TACACS+.

The TACACS and TACACS+ protocols define how authentication, authorization, and accounting
information is sent between a device and an authentication database on a TACACS and TACACS+
server. TACACS and TACACS+ services are maintained in a database, typically on a UNIX
workstation or PC with a TACACS and TACACS+ server running.

How TACACS+ differs from TACACS

TACACS is a simple UDP-based access control protocol originally developed by BBN for MILNET.
TACACS+ is an enhancement to TACACS and uses TCP to ensure reliable delivery.

TACACS+ is an enhancement to the TACACS security protocol. TACACS+ improves on TACACS by
separating the functions of authentication, authorization, and accounting (AAA) and by encrypting
all traffic between the device and the TACACS+ server. TACACS+ allows for arbitrary length and
content authentication exchanges, which allow any authentication mechanism to be utilized with
the device. TACACS+ is extensible to provide for site customization and future development
features. The protocol allows the device to request very precise access control and allows the
TACACS+ server to respond to each component of that request.

NOTE

TACACS+ provides for authentication, authorization, and accounting, but an implementation or
configuration is not required to employ all three.

See also other documents in the category Brocade Computer Accessories: