Command Output

Unanswered Question
Jun 14th, 2010

Hi Netpros,

I have some querries related to output of some commands i executed in our L3 Switches.

1) i have executed the command "sh ip http server all" on L3 switch , output is as:-

L3_Switch#sh ip http server all
HTTP server status: Disabled
HTTP server port: 80
HTTP server authentication method: enable
HTTP server access class: 0
HTTP server base path:
Maximum number of concurrent server connections allowed: 5
Server idle time-out: 180 seconds
Server life time-out: 180 seconds
Maximum number of requests allowed on a connection: 1
HTTP secure server capability: Not present


HTTP server application session modules:
Session module Name  Handle  Description
HOME_PAGE             4       IOS Homepage Server
HTTP_IFS              1       HTTP based IOS File Server
CVDM                  2       Cisco View Device Manager Server
WEB_EXEC              3       HTTP based IOS EXEC Server
DISTRIB               5       Distributed HTTP server


HTTP server current connections:
local-ipaddress:port  remote-ipaddress:port in-bytes   out-bytes


HTTP server statistics:
Accepted connections total: 48071


HTTP server history:
local-ipaddress:port  remote-ipaddress:port in-bytes   out-bytes  end-time
  10.12.1.27:80      74.198.148.18:46427 189        192        16:22:45 06/12
  10.12.1.27:80     98.222.188.152:3237  189        192        18:42:57 06/12
  20.6.24.7:80      99.254.36.214:30618 194        192        21:16:48 06/12
  10.12.1.27:80      69.193.71.250:4205  189        192        01:56:39 06/13
  10.12.1.27:80     114.206.15.122:1325  189        192        05:21:10 06/13
  10.12.1.27:80     71.192.128.137:4323  189        192        06:52:50 06/13
  10.12.1.27:80      67.149.235.10:1136  189        192        08:28:00 06/13
  10.12.1.27:80       70.61.111.36:4130  189        192        08:29:16 06/13
  10.12.1.27:80       41.223.61.90:58505 189        192        10:03:04 06/13
  10.12.1.27:80      74.199.91.205:3829  189        192        15:15:38 06/13
  10.12.1.27:80      66.148.215.90:16544 151        192        16:42:35 06/13
  20.6.24.7:80      66.148.215.90:16576 151        192        16:42:35 06/13
  10.12.1.27:80      74.55.142.202:3182  46         141        17:16:39 06/13
  20.6.24.7:80      74.55.142.202:4899  46         141        17:16:41 06/13
  10.12.1.27:80     118.83.151.139:39723 189        192        17:43:46 06/13
  10.12.1.27:80        66.215.8.77:4217  189        192        18:04:29 06/13
  20.6.24.7:80     92.255.136.158:2703  211        137        18:41:19 06/13
  10.12.1.27:80     92.255.136.158:4007  211        137        19:01:42 06/13
  10.12.1.27:80       66.63.75.215:57700 0          0          01:23:00 06/14
  10.12.1.27:80       180.65.49.60:2839  189        192        01:54:04 06/14

L3_Switch#

Is there anything wrong with this output as i have seens many sessions are established on this device (with port 80).

Whts this "HTTP server authentication method: enable" means in Third line [ no ip http is configured on this device]

I have doubt ...is these are un-authorisd sessions by un-authorised persons. If yes..Then what to do to overcome this.

+++++++++++++++++++++++

2)  I have executed "sh snmp" command on our other Switch L3. output is as:-

Cisco_Switch#sh snmp
Chassis: FCX193022MZ
38470050 SNMP packets input
    0 Bad SNMP version errors
    59684 Unknown community name
    200 Illegal operation for community name supplied
    13 Encoding errors
    78776295 Number of requested variables
    325 Number of altered variables
    28870535 Get-request PDUs
    6902781 Get-next PDUs
    604 Set-request PDUs
38410353 SNMP packets output
    0 Too big errors (Maximum packet size 1500)
    351462 No such name errors
    65 Bad values errors
    48 General errors
    38410350 Response PDUs
    0 Trap PDUs
SNMP agent enabled

SNMP logging: disabled

I have seen some "Bad Valued errors" in this output , "Encoding Errors" are also 13.

Is there something wrong with snmp polling. What are the reasons for this errors. How to clear this.

Txns.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Raphael Wouters Mon, 06/14/2010 - 12:46

Hello!

To answer your questions:

1) a)

> Whts this "HTTP server authentication method: enable" means in Third line [ no ip http is configured on this device]

You can see in the command reference:

This is the method that will be used to authenticate, even though your server is not enabled, the default authentication method is "enable" for enable password:

Router(config)#ip http authentication ?
  aaa     Use AAA access control methods
  enable  Use enable passwords
  local   Use local username and passwords

1) b)

> Is there anything wrong with this output as i have seens many sessions are established on this device (with port 80).

> I have doubt ...is these are un-authorisd sessions by un-authorised persons. If yes..Then what to do to overcome this.

This is pretty strange indeed to see connections made to the http server, when this one is disabled. Maybe a bug that display some of the connection attempt? Or other use of port 80 like port forwarding, copy http, ...
I'm not sure what is the cause of this, this is happening several times a day from  different users, maybe do a "debug ip http all" to see a bit more about the connection made?

2) SNMP

Bad values errors - Number of SNMP set requests that specified an invalid value for an MIB object
Nothing bad here, the snmp client is just polling wrong or non-existing MIBs

Encoding errors - Number of SNMP packets that were improperly encoded.
Those are bad packets received, I wouldn't worry if that doesn't increase too fast.

I didn't find a way to clear those counters.

Actions

This Discussion