Cisco Systems IE 2000

12-43

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Chapter 12 Configuring Switch-Based Authentication

How to Configure Switch-Based Authentication

Command Purpose

Step 1 show ip http server status (Optional) Displays the status of the HTTP server to determine if the

secure HTTP server feature is supported in the software. You should see

one of these lines in the output:

HTTP secure server capability: Present

HTTP secure server capability: Not present

Step 2 configure terminal Enters global configuration mode.

Step 3 ip http secure-server Enables the HTTPS server if it has been disabled. The HTTPS server is

enabled by default.

Step 4 ip http secure-port port-number (Optional) Specifies the port number to be used for the HTTPS server. The

default port number is 443. Valid options are 443 or any number in the

range 1025 to 65535.

Step 5 ip http secure-ciphersuite

{[3des-ede-cbc-sha] [rc4-128-md5]

[rc4-128-sha] [des-cbc-sha]}

(Optional) Specifies the CipherSuites (encryption algorithms) to be used

for encryption over the HTTPS connection. If you do not have a reason to

specify a particularly CipherSuite, you should allow the server and client

to negotiate a CipherSuite that they both support. This is the default.

Step 6 ip http secure-client-auth (Optional) Configures the HTTP server to request an X.509v3 certificate

from the client for authentication during the connection process. The

default is for the client to request a certificate from the server, but the

server does not attempt to authenticate the clie nt.

Step 7 ip http secure-trustpoint name Specifies the CA trustpoint to use to get an X.509v3 security certificate

and to authenticate the client certificate connection.

Note Use of this command assumes you have already configured a CA

trustpoint according to the previous procedure.

Step 8 ip http path path-name (Optional) Sets a base HTTP path for HTML files. The path specifies the

location of the HTTP server files on the local system (usually located in

system flash memory).

Step 9 ip http access-class access-list-number (Optional) Specifies an access list to use to allow access to the HTTP

server.

Step 10 ip http max-connections value (Optional) Sets the maximum number of concurrent connections that are

allowed to the HTTP server. The range is 1 to 16; the default value is 5.

Step 11 ip http timeout-policy idle seconds life

seconds requests value

(Optional) Specifies how long a connection to the HTTP server can

remain open under the defined circumstances:

• idle—Specifies the maximum time period when no data is received or

response data cannot be sent. The range is 1 to 600 second s. The

default is 180 seconds (3 minutes).

• life—Specifies the maximum time period from the time that the

connection is established. The range is 1 to 86400 seconds (24 hours).

The default is 180 seconds.

• requests—Specifies the maximum number of requests processed on

a persistent connection. The maximum value is 86400. The d efault

is 1.