Cisco Catalyst Center Third-Generation Appliance Installation Guide, Release 3.1.x

HTTP port 80 exception list

Updated: April 3, 2026

Want to summarize with AI?

Overview

List of HTTP port 80 exceptions.

Table 1. List of HTTP port 80 exceptions
Area	Why HTTP port 80 is needed	Applicable Catalyst Center/device version	How security is accomplished despite the lack of E2E encryption
SCEP	RFC 8894 - Simple Certificate Enrollment Protocol	All Catalyst Center and device versions.	SCEP uses shared secret and PKCS12 encrypted CSR/certificate exchange.
Plug and Play	PnP Hello runs over HTTP but switches to HTTPS when the device downloads ios.p7b. The device establishes HTTPS with Catalyst Center by anchoring trust on the ios.7b trusted bundle.	All Catalyst Center and device versions.	Ios.p7b is protected with an encrypted hash signed by Cisco Manufacturing CA.
Telemetry Certificate Download	The certificate is downloaded using HTTP.	All Catalyst Center and device versions.	Certificates downloaded are encrypted in PKCS12.
SWIM	You can import images from the remote server (HTTP) to the Catalyst Center image repository.	All Catalyst Center versions.	Images imported through HTTP are verified for integrity by checking the hash of the file.

Need help?

Open a support case

(Requires a Cisco Service Contract)

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.