xStack DES-3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual
enable ssl
Purpose
To enable the SSL function on the Switch.
Syntax
enable ssl {ciphersuite {RSA_with_RC4_128_MD5 |
RSA_with_3DES_EDE_CBC_SHA |
DHE_DSS_with_3DES_EDE_CBC_SHA |
RSA_EXPORT_with_RC4_40_MD5}}
Description
This command will enable SSL on the Switch by implementing any
one or combination of listed ciphersuites on the Switch. Entering this
command without a parameter will enable the SSL status on the
Switch. Enabling SSL will disable the web-manager on the Switch.
Parameters
ciphersuite
- A security string that determines the exact
cryptographic parameters, specific encryption algorithms and key
sizes to be used for an authentication session. The user may choose
any combination of the following:
•
RSA_with_RC4_128_MD5
– This ciphersuite combines the
RSA key exchange, stream cipher RC4 encryption with
128-bit keys and the MD5 Hash Algorithm.
•
RSA_with_3DES_EDE_CBC_SHA
- This ciphersuite
combines the RSA key exchange, CBC Block Cipher
3DES_EDE encryption and the SHA Hash Algorithm.
•
DHE_DSS_with_3DES_EDE_CBC_SHA
- This ciphersuite
combines the DSA Diffie Hellman key exchange, CBC
Block Cipher 3DES_EDE encryption and SHA Hash
Algorithm.
•
RSA_EXPORT_with_RC4_40_MD5
- This ciphersuite
combines the RSA Export key exchange, stream cipher
RC4 encryption with 40-bit keys.
The ciphersuites are enabled by default on the Switch, yet the SSL
status is disabled by default. Enabling SSL with a ciphersuite will not
enable the SSL status on the Switch.
Restrictions
Only Administrator or Operator-level users can issue this command.
Example usage:
To enable SSL on the Switch for all ciphersuites:
DES-3800:admin#enable ssl
Command:enable ssl
Note: Web will be disabled if SSL is enabled.
Success.
DES-3800:admin#
NOTE:
Enabling SSL on the Switch will enable all ciphersuites. To utilize a
particular ciphersuite, the user must eliminate other ciphersuites by using
the
disable ssl
command along with the appropriate ciphersuites.
NOTE:
Enabling the SSL function on the Switch will disable the port for
the web manager (port 80). To log on to the web based manager, the
entry of your URL must begin with
https://
. (ex. https://10.90.90.90)
298