Posted by: Yasir Irfan
access-lists, Cisco, Cisco 3560, Cisco 3745, Cisco 6500, Routers, Switches
Here in this example I am going to show you how to restrict the web access to any Cisco IOS Switch or Router.
If web-based administration of the switch is necessary, then restrict HTTP access to the switch.
Configure a standard access-list (e.g., 11) that allows only the administrators’ systems to make these connections and apply this access-list to the HTTP service on the switch. Finally, use the ip http authentication local command to enable local account checking at login that will prompt for a username and a password.
Switch(config)# access-list 11 remark Permit HTTP access from administrators’ systems
Switch(config)# access-list 11 permit host 10.0.0.2 log
Switch(config)# access-list 11 permit host 10.0.0.4 log
Switch(config)# access-list 11 deny any log
Switch(config)# ip http server
Switch(config)# ip http access-class 11
Switch(config)# ip http authentication local
Note that the web browser used for administration will cache important information (e.g., passwords).Make sure that the cache is emptied periodically.
Personel Web Site:www.yasirirfan.com<p