cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
368
Views
0
Helpful
4
Replies
paul amaral
Participant

is there a way to limit http access to a device to one local ip

Hi, is there a way to limit http/s access to a Cisco router or switch to one locally configured ip. right now it seems like I can pull up the http gui on any locally configured ip address including subnet broadcasts. Using IOS 16.9.4 XE.

 

Paul

4 REPLIES 4
marce1000
VIP Mentor

Flavio Miranda
Advisor

Hi

 You can try this for IOS-XE

 

Router(config)# ip access-list standard 20
Router(config-std-nacl)# permit x.x.x.x x.x.x.x
Router(config-std-nacl)# exit

Router(config)# ip http access-class 20

Flavio, that's the issue I have a http access list setup, but it looks like the router will answer for any locally configured ip. This is he behavior I'm trying to stop but doesn't look possible. From what I see the router will answer http/s requests for any that it has locally configure, on vlans or physical interfaces.

 

Thanks, 

 

Paul 

Hello,

 

what did you actually configure ? Did you allow just that one host (as in the example below) ?

 

access-list 1 permit host 192.168.1.15
ip http access-class 1
!
ip http authentication local