Cisco 2921 Router with the ip http access class command

Unanswered Question
Nov 22nd, 2012
User Badges:

Hi,



the cisco 2921 Router has a default  ip hhtp  access class command  found  in it. Just  i  changed the default  IP to the new ip  i will use.

The Router is accessable  from the LAN only  but  not from the internet  configured the Public ip . I think this is due to the standard access list 23 .

Please advice  how will i access the Router from the Internet using the Public IP.



Thanks,

Saroj Pradhan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
johnlloyd_13 Thu, 11/22/2012 - 06:46
User Badges:
  • Blue, 1500 points or more

hi saroj,


please post your 'show run' output.

Rahul Kukreja Thu, 11/22/2012 - 08:46
User Badges:
  • Cisco Employee,
The ACL used with the following command is used to restrict the GUI Access to router (like CCP) 
Also this ACL is the standard ACL, so will only match the source ip address not the destination.

ip http access-class 23


http://www.cisco.com/en/US/docs/ios/12_1/configfun/command/reference/frd1005.html#wp1020068


Check if the same ACL is applied in the vty lines -


line vty 0 4

access-class 23 in


Remove this command and check or put "permit any" at the end of ACL and check.


- HTH

  Rahul

saroj pradhan Fri, 11/23/2012 - 17:42
User Badges:

As  i am unable  to access the Router from the internet due the ip http  access class command  need help to remove the command  from the routeer. please advice.



Thanks,

Saroj

Rahul Kukreja Fri, 11/23/2012 - 23:51
User Badges:
  • Cisco Employee,

Please attach your running confugration and let us via what means you are accessing the Router from Internet and the ip address of router (example - telnet, ssh, CCP etc)


ip http access-class is used to restrict the GUI access access of the router and if you just want to go ahead and remove this without any further troubleshooting, here is the command -


Router#conf t

Router(config)#no ip http access-class 23


- HTH

Rahul

cadet alain Sat, 11/24/2012 - 07:24
User Badges:
  • Purple, 4500 points or more

Hi,


You don't have line vty access with ssh/telnet ?


Regards.


Alain



Don't forget to rate helpful posts.

joelgooding Sat, 11/24/2012 - 11:16
User Badges:

hello,


Just a tip here, if you are going to be making changes on a remote router that you are not sure will result in disconnecting your session, save the config and use the reload command to reboot the device if the session disconnects:

(config)# reload in
(config)# reload cancel          <- to cancel the reload if your changes were successful.



Joel

_______________________________
Please rate helpful posts and answered questions!

Roman Vicent Ma... Thu, 08/29/2013 - 23:25
User Badges:

Hi,


if you are using internet, the first thing you must do is to ping the router


your router must have  default route to the internet

Ricardo Ochoa Fri, 09/25/2015 - 11:16
User Badges:

Hello, please post the next commands:

 

sh run int "WAN Interface"

sh access-list

sh ip route

sh running-config | section line vty

 

Actions

This Discussion