02-09-2006 09:04 AM - edited 03-05-2019 11:46 AM
Is there a way to setup https access for a Catalyst 2950? I've setup the switch for http access in order to provide network assistant connectivity, but would like to secure this access [somewhat] with https.
02-09-2006 09:26 AM
am sure 2960 can be enabled for https. not really sure of 2950.. you can try these commands:
Hope this helps.. all the best..
Raj
02-09-2006 10:05 AM
Raj:
I tried using the following command:
switch(config)# "ip http secure-server"
The switch returned:
"%Invalid input detected at '^' marker"
This functionality may not be available for the 2950 [WS-C2950G-24-EI/v12.1(22)EA6].
I didn't come across it in the command reference.
Thank you for your suggestion.
Bob
02-09-2006 01:23 PM
BTW... Do you have a Cryptographic-enabled Cisco IOS software installed on your switch?
My WS-C2950T-24 came with no Cryptographic Cisco IOS support (and thus, it didn't support neither HTTP/S nor SSH), so I had to update its software accordingly.
02-09-2006 06:48 PM
Yeah.. according to your output, i guess your IOS doesnt support https. Running a software advisor, I got the following IOS for https support with 2950:
c2950-i6k2l2q4-mz.12.1-22.EA6
Try to use this IOS.
Hope this helps..all the best
Raj
02-10-2006 07:08 AM
Raj:
I'm running c2950-i6k2l2q4-m [no z]...
Is the "z" significant?
I've been able to setup ssh, but not https.
Could it be a configurational issue?
Where can I access the IOS advisor?
Thanks again for your continued assistance...
Bob
02-10-2006 12:35 PM
Raj:
I am running c2950-i6k2l2q4-mz.121-22.EA6.bin.
The first time I looked at the config file, I was looking at a truncated display of the IOS.
Assuming, I'm running the IOS version you referred to in your initial reply and this functionality is available for the 2950s, is there another way to setup this functionality or additional configuration setup required besides and/or in addition too using the ip http secure-server command?
Bob
02-10-2006 06:57 AM
felipe:
I'm not sure... how can you tell?
I have been able to setup/use ssh, but there be another IOS version required to also do https.
These are our first Cisco switches and we purchased them from an "upstream" networking group.
I'll get in touch with our contact to investigate.
Thanks for your reply...
Bob
02-14-2006 06:01 AM
You must have the Crypto Image to use HTTPS (and SSH). Only the Enhanced Image capable 2950's support the Crypto image:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12122ea7/ol8122.htm#wp37393
The comment at the bottom of the table "Table 6 Catalyst 2955, 2950, and Catalyst 2940 Cisco IOS Software Files" states:
"Switches that support only the SI cannot run the cryptographic image"
HTH
Andy
02-14-2006 10:07 AM
Andy:
My switch is a C2950g-24-EI, so it looks I need to upgrade from:
c2950-i6k2l2q4-mz.121-22.EA6.bin
to:
c2950-i6k2l2q4-mz.121-22.EA7.bin
to acquire https capabilities.
Odd that we were able to setup ssh and not https with our current IOS version.
Thanks for your reply...
Bob
02-15-2006 08:31 AM
Update:
The C2950G-24-EI is now is running IOS version:
c2950-i6k2l2q4-mz.121-22.EA7.bin.
However, I still have several fundamental questions:
1) How do you determine that the switch has the enhanced IOS image, making it capable of utilizing the cryptographic IOS software functionality?
I would assume the "EI" suffix is indicative of the switch having the enhaced IOS image on it.
2) Can this switch [model/IOS specifics above] be configured for https access?
3) If so, how is this accomplished?
Please advise...
TIA
Bob
02-15-2006 11:16 AM
Bob
I just checked this out on a 2950 I have access to and it looks like HTTPS isn't available on this platform - regardless of whether you are running the Crypto image or not.
To tell if you have an EI switch do a 'show version' it specifically states what image is running - 'Running Enhanced Image' or 'Running Standard Image'. You can tell if you have a Crypto image as well as there is a section of the output that starts 'This product contains cryptographic features...'
On a catalyst 3550 (or a router) running a crypto image the command to enable HTTPS is 'ip http secure-server' (after an RSA key has been generated). This command isn't available on the 2950.
Apologies for the wrong information - I just assumed that since it was a Crypto image it would have HTTPS as well as SSH?
HTH
Andy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide