Dell PowerSwitch S5212F-ON SmartFabric OS10 Security Best Practices Guide July - Page 26
Installed FIPS certificates, Example: Security profile in RADIUS over TLS authentication
![]() |
View all Dell PowerSwitch S5212F-ON manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 26 highlights
• Assign a certificate and private key pair to the security profile in SECURITY-PROFILE mode. For certificate-name, enter the name of the certificate-key pair as it appears in the show crypto certs output without the .pem extension. OS10(config-sec-profile)# certificate certificate-name exit • (Optional) Enable CRL checking for certificates received from external devices in SECURITY-PROFILE mode. CRL checking verifies the validity of a certificate using the CRLs installed on the switch. OS10(config-sec-profile)#revocation-check • (Optional) Enable peer name checking for certificates presented by external devices in SECURITY-PROFILE mode. Peer name checking ensures that the certificate matches the name of the peer device, such as a remote server name. OS10(config-sec-profile)#peer-name-check • Use the security profile to configure X.509v3-based service; for example, to configure RADIUS over TLS authentication using an X.509v3 certificate, enter the radius-server host tls command: OS10(config)# radius-server host {hostname | ip-address} tls security-profile profile-name [auth-port port-number] key {0 authentication-key | 9 authentication-key | authenticationkey} Example: Security profile in RADIUS over TLS authentication OS10# show crypto cert Installed non-FIPS certificates dv-fedgov-s6010-1.pem Installed FIPS certificates OS10# OS10(config)# OS10(config)# crypto security-profile radius-prof OS10(config-sec-profile)# certificate dv-fedgov-s6010-1 OS10(config-sec-profile)# revocation-check OS10(config-sec-profile)# peer-name-check OS10(config-sec-profile)# exit OS10(config)# OS10(config)# radius-server host radius-server-2.test.com tls security-profile radius-prof key radsec OS10(config)# end OS10# show running-configuration crypto security-profile ! crypto security-profile radius-prof certificate dv-fedgov-s6010-1 OS10# show running-configuration radius-server radius-server host radius-server-2.test.com tls security-profile radius-prof key 9 2b9799adc767c0efe8987a694969b1384c541414ba18a44cd9b25fc00ff180e9 26 OS10 security best practices
![](/manual_guide/products/dell-mx5108n-smartfabric-os10-security-best-practices-guide-2020-c2fefbc/26.png)