Cisco Community
English
Register
Great changes are coming to Cisco Community in July. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
368
Views
0
Helpful
4
Replies
paul amaral
Participant
Participant
‎05-18-2022 08:13 AM
‎05-18-2022 08:13 AM

is there a way to limit http access to a device to one local ip

Hi, is there a way to limit http/s access to a Cisco router or switch to one locally configured ip. right now it seems like I can pull up the http gui on any locally configured ip address including subnet broadcasts. Using IOS 16.9.4 XE.

 

Paul

Labels:
0 Helpful
4 REPLIES 4
marce1000
VIP Mentor VIP Mentor
VIP Mentor
‎05-18-2022 09:25 AM
‎05-18-2022 09:25 AM

 

           - Review this thread : https://community.cisco.com/t5/routing/blocking-web-interfaces-in-cisco-ios/td-p/2696699

 M.

0 Helpful
Flavio Miranda
Advisor
Advisor
‎05-18-2022 09:36 AM
‎05-18-2022 09:36 AM

Hi

 You can try this for IOS-XE

 

Router(config)# ip access-list standard 20
Router(config-std-nacl)# permit x.x.x.x x.x.x.x
Router(config-std-nacl)# exit

Router(config)# ip http access-class 20

0 Helpful
paul amaral
Participant
Participant
In response to Flavio Miranda
‎05-18-2022 10:21 AM
‎05-18-2022 10:21 AM

Flavio, that's the issue I have a http access list setup, but it looks like the router will answer for any locally configured ip. This is he behavior I'm trying to stop but doesn't look possible. From what I see the router will answer http/s requests for any that it has locally configure, on vlans or physical interfaces.

 

Thanks, 

 

Paul 

0 Helpful
Georg Pauwen
VIP Master VIP Master
VIP Master
In response to paul amaral
‎05-18-2022 11:56 AM
‎05-18-2022 11:56 AM

Hello,

 

what did you actually configure ? Did you allow just that one host (as in the example below) ?

 

access-list 1 permit host 192.168.1.15
ip http access-class 1
!
ip http authentication local

0 Helpful
Latest Contents
AppDynamics
Created by mclymer on 06-30-2022 09:46 AM
0
0
0
0
Cisco Champion Radio: S9|E25 SD-WAN and Ubiquitous Cloud Sec...
Created by Amilee San Juan on 06-29-2022 02:35 PM
0
0
0
0
Listen: https://smarturl.it/CCRS9E25 Follow us: twitter.com/ciscochampions With applications and users everywhere, the networks are now, more than ever, being tasked with delivering consistent protection while providing an exceptional user exper... view more
Cisco Champion Radio: S9|E24 Cisco Radio Aware Routing
Created by Amilee San Juan on 06-28-2022 01:30 PM
0
0
0
0
Listen: https://smarturl.it/CCRS9E24 Follow us: https://twitter.com/CiscoChampion  Cisco Radio Aware Routing addresses several of the challenges faced when merging IP routing and radio communications in mobile networks, especially those exhibiti... view more
Cisco Champion Radio: S9|E23 The Cisco Catalyst 9136 Wi-Fi 6...
Created by Amilee San Juan on 06-28-2022 01:21 PM
0
0
0
0
Listen: https://smarturl.it/CCRS9E23 Follow us: https://twitter.com/CiscoChampion The Wi-Fi 6E Catalyst 9136 access point takes advantage of the 6-GHz band to produce a network that is more reliable and secure, with higher throughput, more ... view more
DR and the Type-2 LSA in OSPFv3 versus OSPFv2
Created by Meddane on 06-24-2022 04:35 PM
0
0
0
0
When moving from OSPFv2 to OSPFv3, there are many changes in the format of the LSAs Type, but the most known changes are: IP prefix informations are no longer carried in Type-1 LSA and Type-2 LSA, new LSAs Type 8 and 9 are added to carry these prefixes. L... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad