Cisco Systems 3130

7-47

Cisco Catalyst Blade Switch 3130 for Dell Software Configuration Guide

OL-13270-01

Chapter7 Configuring Switch-Ba sed Authentication Configuring the Switch for Secure Socket Layer HTTP

Use the no ip http server global configuration command to disable the standard HTTP server. Use the

no ip http secure-server global configuration command to disable the secure HTTP server. Use the no

ip http secure-port and the no ip http secure-ciphersuite global configuration commands to return to

the default settings. Use the no ip http secure-client-auth global configuration command to remove the

requirement for client authentication.

Step4 ip http secure-port port-number (Optional) Specify the port number to be used for the HTTPS server. The

default port number is 443. Valid options are 443 or any number in the

range 1025 to 65535.

Step5 ip http secure-ciphersuite

{[3des-ede-cbc-sha] [rc4-128-md5]

[rc4-128-sha] [des-cbc-sha]}

(Optional) Specify the CipherSuites (encryption algorithms) to be used

for encryption over the HTTPS connection. If you do not have a reason to

specify a particularly CipherSuite, you should allow the server and clien t

to negotiate a CipherSuite that they both support. This is the default.

Step6 ip http secure-client-auth (Optional) Configure the HTTP server to request an X.509v3 certificate

from the client for authentication during the connection process. The

default is for the client to request a certificate from the server, but the

server does not attempt to authenticate the clie nt.

Step7 ip http secure-trustpoint name Specify the CA trustpoint t o use to g et an X.509v3 security certif icat e and

to authenticate the client certificate connection.

Note Use of this command assumes you have already configured a CA

trustpoint according to the previous procedure.

Step8 ip http path path-name (Optional) Set a base HTTP path for HTML files. The path specifies the

location of the HTTP server files on the local system (usually located in

system flash memory).

Step9 ip http access-class access-list-number (Optional) Specify an access list to use to allow access to the HTTP serve r .

Step10 ip http max-connections value (Optional) Set the maximum number of concurrent connections that are

allowed to the HTTP server. The range is 1 to 16; the default value is 5.

Step11 ip http timeout-policy idle seconds life

seconds requests value (Optional) Specify how long a connection to the HTTP server can remain

open under the defined circumstances:

•idle—the maximum time period when no data is received or response

data cannot be sent. The range is 1 to 600 seconds. The default is

180 se conds (3 min utes).

•life—the maximum time period from the time that the connection is

established. The range is 1 to 86400 seconds (24 hours). The default

is 180 seconds.

•requests—the maximum number of requests processed on a

persistent connection. The maximum value is 86400. The default is 1.

Step12 end Return to privileged EXEC mode.

Step13 show ip http server secure status Display the status of the HTTP secure server to verify the configuration.

Step14 copy running-config startup-config (Optional) Save your entries in the configuration file.

Command Purpose