Manualshelf

Leaflet

ManualsBrandsCisco ManualsSwitchesCisco Catalyst 6509-NEB-A Switch
101102103104105106107108109110
107
OL-11615-01
Step 3 Deploy HTTP ACLs to allow access only from trusted hosts or networks. In IOS this can be done using
the ip http access-class global configuration command. The following example shows how access to the
HTTP server is configured to be allowed from a single host (10.0.0.1) only.
Router(config)# ip http access-class 10
Router(config)# access-list 10 permit host 10.0.0.1
For more information on the http access-class command, refer to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/fun_r/cfr
_1g04.htm#wp1028455
Step 4 Limit the maximum number of connections to the built-in HTTP server. Cisco IOS supports the ip http
max-connections global configuration command for this purposes. The following example shows how
to limit the maximum number of concurrent connections to three:
Router(config)# ip http max-connections 3
For more information, refer to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/fun_r/cfr
_1g04.htm#wp1028838
Secure Shell (SSH)
SSH is a remote access protocol that implements strong authentication and encryption, and which for
that it is recommended over insecure protocols like telnet. There are two versions of SSH, v1 and v2.
SSHv2 performs better, and fixes a series of security issues found in the previous version, for those
reasons v2 should be used whenever it is supported. Both versions of SSH are currently supported by
Catalyst OS and Cisco IOS.
SSH in Catalyst OS
The following steps are required to enable SSH on a Catalyst switch running Catalyst OS:
Step 1 Generate an RSA key pair.
Step 2 Limit SSH access to trusted hosts/networks (this is not mandatory, but we recommend it).
Step 3 Enable SSH.
Note SSH requires CatOS K9 software images.
The following example shows how SSH can be configured on Catalyst OS:
!--- Step 1: Generate an RSA key pair for your switch.
Console> (enable) set crypto key rsa
Generating RSA keys..... [OK]
Console> (enable) ssh_key_process: host/server key size: 1024/768
!--- Step 2: Optionally define an IP filter to control which hosts/network accesses the
switch.