cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2278
Views
0
Helpful
4
Replies

is there a way to limit http access to a device to one local ip

paul amaral
Level 4
Level 4

Hi, is there a way to limit http/s access to a Cisco router or switch to one locally configured ip. right now it seems like I can pull up the http gui on any locally configured ip address including subnet broadcasts. Using IOS 16.9.4 XE.

 

Paul

4 Replies 4

marce1000
Hall of Fame
Hall of Fame

 

           - Review this thread : https://community.cisco.com/t5/routing/blocking-web-interfaces-in-cisco-ios/td-p/2696699

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Hi

 You can try this for IOS-XE

 

Router(config)# ip access-list standard 20
Router(config-std-nacl)# permit x.x.x.x x.x.x.x
Router(config-std-nacl)# exit

Router(config)# ip http access-class 20

Flavio, that's the issue I have a http access list setup, but it looks like the router will answer for any locally configured ip. This is he behavior I'm trying to stop but doesn't look possible. From what I see the router will answer http/s requests for any that it has locally configure, on vlans or physical interfaces.

 

Thanks, 

 

Paul 

Hello,

 

what did you actually configure ? Did you allow just that one host (as in the example below) ?

 

access-list 1 permit host 192.168.1.15
ip http access-class 1
!
ip http authentication local