Displaying Secure Http Server And Client Status; Configuring The Switch For Secure Copy Protocol - Cisco 3750G - Catalyst Integrated Wireless LAN Controller Configuration Manual

Configuring the Switch for Secure Copy Protocol

Command
Step 3
ip http client secure-ciphersuite
{[3des-ede-cbc-sha] [rc4-128-md5]
[rc4-128-sha] [des-cbc-sha]}
Step 4
end
Step 5 show ip http client secure status
Step 6 copy running-config startup-config
Use the no ip http client secure-trustpoint name to remove a client trustpoint configuration. Use the
no ip http client secure-ciphersuite to remove a previously configured CipherSuite specification for
the client.

Displaying Secure HTTP Server and Client Status

To display the SSL secure server and client status, use the privileged EXEC commands in
Table 9-4
Command
show ip http client
secure status
show ip http server
secure status
show running-config
Configuring the Switch for Secure Copy Protocol
The Secure Copy Protocol (SCP) feature provides a secure and authenticated method for copying switch
configurations or switch image files. SCP relies on Secure Shell (SSH), an application and a protocol
that provides a secure replacement for the Berkeley r-tools.
For SSH to work, the switch needs an RSA public/private key pair. This is the same with SCP, which
relies on SSH for its secure transport.
Because SSH also relies on AAA authentication, and SCP relies further on AAA authorization, correct
configuration is necessary.
•
•
When using SCP, you cannot enter the password into the copy command. You must enter the password
Note
when prompted.
Catalyst 3750 Switch Software Configuration Guide
9-48
Purpose
(Optional) Specify the CipherSuites (encryption algorithms) to be used
for encryption over the HTTPS connection. If you do not have a reason to
specify a particular CipherSuite, you should allow the server and client to
negotiate a CipherSuite that they both support. This is the default.
Return to privileged EXEC mode.
Display the status of the HTTP secure server to verify the configuration.
(Optional) Save your entries in the configuration file.
Commands for Displaying the SSL Secure Server and Client Status
Purpose
Shows the HTTP secure client configuration.
Shows the HTTP secure server configuration.
Shows the generated self-signed certificate for secure HTTP connections.
Before enabling SCP, you must correctly configure SSH, authentication, and authorization on the
switch.
Because SCP relies on SSH for its secure transport, the router must have an Rivest, Shamir, and
Adelman (RSA) key pair.
Chapter 9 Configuring Switch-Based Authentication
Table 9-4:
OL-8550-02