7-55
Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide
OL-12247-04
Chapter 7 Configuring Switch-Based Authentication
Configuring the Switch for Secure Socket Layer HTTP
Use the
no ip http server
global configuration command to disable the standard HTTP server. Use the
no ip http secure-server
global configuration command to disable the secure HTTP server. Use the
no
ip http secure-port
and the
no ip http secure-ciphersuite
global configuration commands to return to
the default settings. Use the
no
ip http secure-client-auth
global configuration command to remove the
requirement for client authentication.
To verify the secure HTTP connection by using a Web browser, enter https://
URL
, where the URL is the
IP address or hostname of the server switch. If you configure a port other than the default port, you must
also specify the port number after the URL. For example:
https://209.165.129:1026
or
https://host.domain.com:1026
Step 5
ip http secure-ciphersuite
{[
3des-ede-cbc-sha
] [
rc4-128-md5
]
[
rc4-128-sha
] [
des-cbc-sha
]}
(Optional) Specify the CipherSuites (encryption algorithms) to be used
for encryption over the HTTPS connection. If you do not have a reason to
specify a particularly CipherSuite, you should allow the server and client
to negotiate a CipherSuite that they both support. This is the default.
Step 6
ip http secure-client-auth
(Optional) Configure the HTTP server to request an X.509v3 certificate
from the client for authentication during the connection process. The
default is for the client to request a certificate from the server, but the
server does not attempt to authenticate the client.
Step 7
ip http secure-trustpoint
name
Specify the CA trustpoint to use to get an X.509v3 security certificate and
to authenticate the client certificate connection.
Note
Use of this command assumes you have already configured a CA
trustpoint according to the previous procedure.
Step 8
ip http path
path-name
(Optional) Set a base HTTP path for HTML files. The path specifies the
location of the HTTP server files on the local system (usually located in
system flash memory).
Step 9
ip http access-class
access-list-number
(Optional) Specify an access list to use to allow access to the HTTP
server.
Step 10
ip http max-connections
value
(Optional) Set the maximum number of concurrent connections that are
allowed to the HTTP server. The range is 1 to 16; the default value is 5.
Step 11
ip http timeout-policy idle
seconds
life
seconds
requests
value
(Optional) Specify how long a connection to the HTTP server can remain
open under the defined circumstances:
•
idle
—the maximum time period when no data is received or response
data cannot be sent. The range is 1 to 600 seconds. The default is
180 seconds (3 minutes).
•
life
—the maximum time period from the time that the connection is
established. The range is 1 to 86400 seconds (24 hours). The default
is 180 seconds.
•
requests
—the maximum number of requests processed on a
persistent connection. The maximum value is 86400. The default is 1.
Step 12
end
Return to privileged EXEC mode.
Step 13
show ip http server secure status
Display the status of the HTTP secure server to verify the configuration.
Step 14
copy running-config startup-config
(Optional) Save your entries in the configuration file.
Command
Purpose