Enforcing Switch Security
Network Security Features
switch SSH and user password authentication: this option is a subset of the client public-
key authentication, and is used if the switch has SSH enabled without a login access
configured to authenticate the client's key. In this case, the switch authenticates itself to
clients, and users on SSH clients then authenticate themselves to the switch by providing
passwords stored on a RADIUS or TACACS+ server, or locally on the switch.
secure copy (SC) and secure FTP (SFTP): By opening a secure, encrypted SSH session,
you can take advantage of SC and SFTP to provide a secure alternative to TFTP for
transferring sensitive switch information.
Secure Socket Layer (SSLv3/TLSv1)
This feature includes use of Transport Layer Security (TLSv1) to provide remote web access to the
switch via authenticated transactions and encrypted paths between the switch and management
station clients capable of SSL/TLS operation. The authenticated type includes server certificate
authentication with user password authentication.