05-18-2022 08:13 AM
Hi, is there a way to limit http/s access to a Cisco router or switch to one locally configured ip. right now it seems like I can pull up the http gui on any locally configured ip address including subnet broadcasts. Using IOS 16.9.4 XE.
Paul
05-18-2022 09:25 AM
- Review this thread : https://community.cisco.com/t5/routing/blocking-web-interfaces-in-cisco-ios/td-p/2696699
M.
05-18-2022 09:36 AM
Hi
You can try this for IOS-XE
Router(config)# ip access-list standard 20
Router(config-std-nacl)# permit x.x.x.x x.x.x.x
Router(config-std-nacl)# exit
Router(config)# ip http access-class 20
05-18-2022 10:21 AM
Flavio, that's the issue I have a http access list setup, but it looks like the router will answer for any locally configured ip. This is he behavior I'm trying to stop but doesn't look possible. From what I see the router will answer http/s requests for any that it has locally configure, on vlans or physical interfaces.
Thanks,
Paul
05-18-2022 11:56 AM
Hello,
what did you actually configure ? Did you allow just that one host (as in the example below) ?
access-list 1 permit host 192.168.1.15
ip http access-class 1
!
ip http authentication local
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: