Home > Articles > Cisco Certification > CCIE > CCIE Security v4.0 Quick Reference: Application and Infrastructure Security

CCIE Security v4.0 Quick Reference: Application and Infrastructure Security

Chapter Description

This chapter from CCIE Security v4.0 Quick Reference, 3rd Edition covers HTTP, HTTPS, Simple Mail Transfer, Protocol, File Transfer Protocol, Domain Name System, and Trivial File Transfer Protocol.


Secure HTTP, or HTTPS, offers a secure connection to an HTTPS server. It uses SSL and TLS (transport layer security) to provide authentication and data encryption.

An HTTPS client initiates a request by establishing a TCP connection to a particular port on a remote host (port 443 by default). Resources to be accessed by HTTPS are identified using URIs or URLs using the HTTPS URI schemes.

When a client connects to the secure HTTPS port, it first authenticates to the server by using the server’s digital certificate. The client then negotiates the security protocols to be used for the connection with the server and generates session keys for encryption and decryption purposes. If the authentication fails, the client cannot establish a secure encrypted session and the security protocol negotiation does not proceed.

Configuring HTTPS

Use the ip http access-class command to restrict access-specific IP addresses, and employ ip http authentication to enable only certain users to access the Cisco router via HTTP.

If you choose to use HTTP for management, issue the ip http access-class access-list-number command to restrict access to appropriate IP addresses. As with interactive logins, the best choice for HTTP authentication is a TACACS+ or RADIUS server. Avoid using the enable password as an HTTP password.

The ip http secure-server command enables the HTTPS server. HTTP authentication for login can be set using the ip http authentication [ enable | local | tacacs | aaa ] command. All default login methods and local authentication methods supported are the same as mentioned in the section, “HTTP.”

The ip http secure-port command can set the HTTPS port number from the default value of 443, if required.

3. Simple Mail Transfer Protocol | Next Section Previous Section