Network technologies and trends

Jul 6 2008   6:25AM GMT

How to restrict the web access to Cisco Switches & Routers.

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

 Here in this example I am going to show you how to restrict the web access to any Cisco IOS Switch or Router.

If web-based administration of the switch is necessary, then restrict HTTP access to the switch.
Configure a standard access-list (e.g., 11) that allows only the administrators’ systems to make these connections and apply this access-list to the HTTP service on the switch. Finally, use the ip http authentication local command to enable local account checking at login that will prompt for a username and a password.

Switch(config)# access-list 11 remark Permit HTTP access from administrators’ systems
Switch(config)# access-list 11 permit host 10.0.0.2 log
Switch(config)# access-list 11 permit host 10.0.0.4 log
Switch(config)# access-list 11 deny any log
Switch(config)# ip http server
Switch(config)# ip http access-class 11
Switch(config)# ip http authentication local
Note that the web browser used for administration will cache important information (e.g., passwords).Make sure that the cache is emptied periodically.

Yasir

Personel Web Site:www.yasirirfan.com<p

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: