Hi, is there a way to limit http/s access to a Cisco router or switch to one locally configured ip. right now it seems like I can pull up the http gui on any locally configured ip address including subnet broadcasts. Using IOS 16.9.4 XE.
Paul
- Review this thread : https://community.cisco.com/t5/routing/blocking-web-interfaces-in-cisco-ios/td-p/2696699
M.
Hi
You can try this for IOS-XE
Router(config)# ip access-list standard 20
Router(config-std-nacl)# permit x.x.x.x x.x.x.x
Router(config-std-nacl)# exit
Router(config)# ip http access-class 20
Flavio, that's the issue I have a http access list setup, but it looks like the router will answer for any locally configured ip. This is he behavior I'm trying to stop but doesn't look possible. From what I see the router will answer http/s requests for any that it has locally configure, on vlans or physical interfaces.
Thanks,
Paul
Hello,
what did you actually configure ? Did you allow just that one host (as in the example below) ?
access-list 1 permit host 192.168.1.15
ip http access-class 1
!
ip http authentication local