Home > IT Blogs > Network technologies and trends > How to restrict the web access to Cisco Switches & Routers.
>>VIEW ALL POSTS  

Network technologies and trends

« Fiber Runner - Great for Data Centers
Cisco Catalyst Switches are Certified Green! »
Jul 6 2008   6:25AM GMT

How to restrict the web access to Cisco Switches & Routers.



Posted by: Yasir Irfan
Switches, Cisco, Routers, Cisco 6500, Cisco 3560, Cisco 3745, access-lists

 Here in this example I am going to show you how to restrict the web access to any Cisco IOS Switch or Router.

If web-based administration of the switch is necessary, then restrict HTTP access to the switch.
Configure a standard access-list (e.g., 11) that allows only the administrators’ systems to make these connections and apply this access-list to the HTTP service on the switch. Finally, use the ip http authentication local command to enable local account checking at login that will prompt for a username and a password.

Switch(config)# access-list 11 remark Permit HTTP access from administrators’ systems
Switch(config)# access-list 11 permit host 10.0.0.2 log
Switch(config)# access-list 11 permit host 10.0.0.4 log
Switch(config)# access-list 11 deny any log
Switch(config)# ip http server
Switch(config)# ip http access-class 11
Switch(config)# ip http authentication local
Note that the web browser used for administration will cache important information (e.g., passwords).Make sure that the cache is emptied periodically.

Yasir

Personel Web Site:www.yasirirfan.com<p

AddThis Social Bookmark Button     Comment     RSS Feed     Email a friend

Comment on this Post


You must be logged-in to post a comment. Log-in/Register