EasyManuals Logo

Cisco Catalyst 2960 Series User Manual

Cisco Catalyst 2960 Series
2288 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1224 background imageLoading...
Page #1224 background image
Restrictions for Certification Authority
When configuring your CA, the following restrictions apply:
This feature should be configured only when you also configure both IPsec and Internet Key Exchange
(IKE) in your network.
The Cisco IOS software does not support CA server public keys greater than 2048 bits.
Information About Certification Authority
CA Supported Standards
Without certification authority (CA) interoperability, Cisco IOS devices could not use CAs when deploying
IPSec. CAs provide a manageable, scalable solution for IPSec networks.
Cisco supports the following standards with this feature:
IPSecIPSec is a framework of open standards that provides data confidentiality, data integrity, and
data authentication between participating peers. IPSec provides these security services at the IP layer;
it uses Internet Key Exchange to handle negotiation of protocols and algorithms based on local policy,
and to generate the encryption and authentication keys to be used by IPSec. IPSec can be used to protect
one or more data flows between a pair of hosts, between a pair of security gateways, or between a security
gateway and a host.
Internet Key Exchange (IKE)A hybrid protocol that implements Oakley and Skeme key exchanges
inside the Internet Security Association Key Management Protocol (ISAKMP) framework. Although
IKE can be used with other protocols, its initial implementation is with the IPSec protocol. IKE provides
authentication of the IPSec peers, negotiates IPSec keys, and negotiates IPSec security associations.
Public-Key Cryptography Standard #7 (PKCS #7)A standard from RSA Data Security, Inc., used to
encrypt and sign certificate enrollment messages.
Public-Key Cryptography Standard #10 (PKCS #10)A standard syntax from RSA Data Security, Inc.
for certificate requests.
RSA KeysRSA is the public key cryptographic system developed by Ron Rivest, Adi Shamir, and
Leonard Adleman. RSA keys come in pairs: one public key and one private key.
X.509v3 certificatesCertificate support that allows the IPSec-protected network to scale by providing
the equivalent of a digital ID card to each device. When two devices wish to communicate, they exchange
digital certificates to prove their identity (thus removing the need to manually exchange public keys
with each peer or to manually specify a shared key at each peer). These certificates are obtained from a
CA. X.509 is part of the X.500 standard of the ITU.
Purpose of CAs
Certificate authorities (CAs) are responsible for managing certificate requests and issuing certificates to
participating IPSec network devices. These services provide centralized key management for the participating
devices.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1142
Restrictions for Certification Authority

Table of Contents

Other manuals for Cisco Catalyst 2960 Series

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 2960 Series and is the answer not in the manual?

Cisco Catalyst 2960 Series Specifications

General IconGeneral
LayerLayer 2
Power over Ethernet (PoE)Available on some models
RAM128 MB
Flash Memory32 MB
MAC Address Table Size8000
Operating Temperature0°C to 45°C (32 to 113°F)
Ports24 or 48 x 10/100/1000

Related product manuals