Server certificate authentication with user password authentication

This is a subset of full certificate authentication of the user and host, only available when the switch has SSL enabled. As in Switch/user authentication, the switch authenticates itself to SSL-enabled web browser. Users on SSL browser then authenticate themselves to the switch - operator and manager levels - by providing passwords stored locally on the switch or on a TACACS+ or RADIUS server. However, the client does not use a certificate to authenticate itself to the switch.

Switch/user authentication
SSL on the switches covered in this guide supports these data encryption methods:
  • 3DES (168-bit, 112 Effective)

  • DES (56-bit)

  • RC4 (40-bit, 128-bit)

NOTE:

Switches use RSA public-key algorithms and Diffie-Hellman, and all references to a key mean keys generated using these algorithms unless otherwise noted.