Name: Cisco Catalyst 3560-X
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

1-51

Catalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-25303-03

Chapter 1 Configuring Switch-Based Authentication

Configuring the Switch for Secure Socket Layer HTTP

• Configuring the Secure HTTP Server, page 1-52

• Configuring the Secure HTTP Client, page 1-54

Default SSL Configuration

The standard HTTP server is enabled.

SSL is enabled.

No CA trustpoints are configured.

No self-signed certificates are generated.

SSL Configuration Guidelines

When SSL is used in a switch cluster, the SSL session terminates at the cluster commander. Cluster

member switches must run standard HTTP.

Before you configure a CA trustpoint, you should ensure that the system clock is set. If the clock is not

set, the certificate is rejected due to an incorrect date.

In a switch stack, the SSL session terminates at the stack master.

Configuring a CA Trustpoint

For secure HTTP connections, we recommend that you configure an official CA trustpoint.

A CA trustpoint is more secure than a self-signed certificate.

Beginning in privileged EXEC mode, follow these steps to configure a CA trustpoint:

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

hostname hostname Specify the hostname of the switch (required only if you have not

previously configured a hostname). The hostname is required for security

keys and certificates.

Step 3

ip domain-name domain-name Specify the IP domain name of the switch (required only if you have not

previously configured an IP domain name). The domain name is required

for security keys and certificates.

Step 4

crypto key generate rsa (Optional) Generate an RSA key pair. RSA key pairs are required before

you can obtain a certificate for the switch. RSA key pairs are generated

automatically. You can use this command to regenerate the keys, if

needed.

Step 5

crypto ca trustpoint name Specify a local configuration name for the CA trustpoint and enter CA

trustpoint configuration mode.

Step 6

enrollment url url Specify the URL to which the switch should send certificate requests.

Step 7

enrollment http-proxy host-name

port-number

(Optional) Configure the switch to obtain certificates from the CA

through an HTTP proxy server.

Step 8

crl query url Configure the switch to request a certificate revocation list (CRL) to

ensure that the certificate of the peer has not been revoked.

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 3560-X and is the answer not in the manual?

Cisco Catalyst 3560-X Specifications

General

Enclosure Type	Rack-mountable - 1U
Subtype	Gigabit Ethernet
Ports	48 x 10/100/1000 + 4 x SFP
Flash Memory	64 MB
Power Device	Internal power supply
Voltage Required	AC 120/230 V (50/60 Hz)
Operating System	Cisco IOS
Device Type	Switch
Performance	Switching capacity: 128 Gbps
Jumbo Frame Support	Yes
Routing Protocol	RIP-1, RIP-2, EIGRP
Remote Management Protocol	SNMP 1, RMON 1, RMON 2, RMON 3, RMON 9, Telnet, SNMP 3, HTTP, HTTPS
Features	DHCP support, VLAN support, QoS, IPv6 support, Syslog
Compliant Standards	IEEE 802.3, IEEE 802.3u, IEEE 802.3z, IEEE 802.1D, IEEE 802.1Q, IEEE 802.3ab, IEEE 802.1p, IEEE 802.3af, IEEE 802.3x, IEEE 802.3ad, IEEE 802.1w, IEEE 802.1x, IEEE 802.1s, IEEE 802.3ah, IEEE 802.1ag, IEEE 802.3at
Stacking	Stackable
Security Features	SSH, RADIUS, TACACS+
Management	CLI
Dimensions (H x W x D)	17.5 in
Operating Temperature	32 to 113 °F (0 to 45 °C)
Humidity	10 - 95% (non-condensing)