To Next Page

To Previous Page

10-51

Catalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-21521-01

Chapter 10 Configuring Switch-Based Authentication

Configuring the Switch for Secure Socket Layer HTTP

CipherSuites

A CipherSuite specifies the encryption algorithm and the digest algorithm to use on a SSL connection.

When connecting to the HTTPS server, the client Web browser offers a list of supported CipherSuites,

and the client and server negotiate the best encryption algorithm to use from those on the list that are

supported by both. For example, Netscape Communicator 4.76 supports U.S. security with RSA Public

Key Cryptography, MD2, MD5, RC2-CBC, RC4, DES-CBC, and DES-EDE3-CBC.

For the best possible encryption, you should use a client browser that supports 128-bit encryption, such

as Microso

ft Internet Explorer Version 5.5 (or later) or Netscape Communicator Version 4.76 (or later).

The SSL_RSA_WITH_DES_CBC_SHA CipherSuite provides less security than the other CipherSuites,

as it does not offer 128-bit encryption.

The more secure and more complex CipherSuites requir

e slightly more processing time. This list defines

the CipherSuites supported by the switch and ranks them from fastest to slowest in terms of router

processing load (speed):

1. SSL_RSA_WITH_DES_CBC_SHA—RSA key exchange (RSA Public Key Cryptography) with

DES-CBC for message encryption and SHA for message digest

2. SSL_RSA_WITH_RC4_128_MD5—RSA key exchange with RC4 128-bit encryption and MD5 for

message digest

3. SSL_RSA_WITH_RC4_128_SHA—RSA key exchange with RC4 128-bit encryption and SHA for

message digest

4. SSL_RSA_WITH_3DES_EDE_CBC_SHA—RSA key exchange with 3DES and DES-EDE3-CBC

for message encryption and SHA for message digest

RSA (in conjunction with the specified encryption and d

igest algorithm combinations) is used for both

key generation and authentication on SSL connections. This usage is independent of whether or not a

CA trustpoint is configured.

Configuring Secure HTTP Servers and Clients

These sections contain this configuration information:

• Default SSL Configuration, page 10-51

• SSL Configuration Guidelines, page 10-52

• Configuring a CA Trustpoint, page 10-52

• Configuring the Secure HTTP Server, page 10-53

• Configuring the Secure HTTP Client, page 10-54

Default SSL Configuration

The standard HTTP server is enabled.

SSL is enabled.

No CA trustpoints are configured.

No self-signed certificates are generated.

Switching Capacity	160 Gbps
Stacking Bandwidth	64 Gbps
Max Stacking Units	9
Layer Support	Layer 2 and Layer 3
Form Factor	Rack-mountable
DRAM	256 MB
Flash Memory	64 MB
Model	Cisco Catalyst 3750-X Series
Ports	24 or 48 10/100/1000 Ethernet ports
Uplink Interfaces	4 SFP or 2 SFP+
Features	StackWise Plus, EnergyWise
Image	IP Base or IP Services
Operating Temperature	0 to 40°C
Operating Humidity	10 to 85% noncondensing

Cisco Catalyst 3750-X User Manual

Table of Contents

Other manuals for Cisco Catalyst 3750-X

Questions and Answers:

Cisco Catalyst 3750-X Specifications

Related product manuals