BTW... Do you have a Cryptographic-enabled Cisco IOS software installed on your switch?

My WS-C2950T-24 came with no Cryptographic Cisco IOS support (and thus, it didn't support neither HTTP/S nor SSH), so I had to update its software accordingly.

Yeah.. according to your output, i guess your IOS doesnt support https. Running a software advisor, I got the following IOS for https support with 2950:

c2950-i6k2l2q4-mz.12.1-22.EA6

Try to use this IOS.

Hope this helps..all the best

Raj

Raj:

I'm running c2950-i6k2l2q4-m [no z]...

Is the "z" significant?

I've been able to setup ssh, but not https.

Could it be a configurational issue?

Where can I access the IOS advisor?

Thanks again for your continued assistance...

Bob

Raj:

I am running c2950-i6k2l2q4-mz.121-22.EA6.bin.

The first time I looked at the config file, I was looking at a truncated display of the IOS.

Assuming, I'm running the IOS version you referred to in your initial reply and this functionality is available for the 2950s, is there another way to setup this functionality or additional configuration setup required besides and/or in addition too using the ip http secure-server command?

Bob

felipe:

I'm not sure... how can you tell?

I have been able to setup/use ssh, but there be another IOS version required to also do https.

These are our first Cisco switches and we purchased them from an "upstream" networking group.

I'll get in touch with our contact to investigate.

Thanks for your reply...

Bob

You must have the Crypto Image to use HTTPS (and SSH). Only the Enhanced Image capable 2950's support the Crypto image:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12122ea7/ol8122.htm#wp37393

The comment at the bottom of the table "Table 6 Catalyst 2955, 2950, and Catalyst 2940 Cisco IOS Software Files" states:

"Switches that support only the SI cannot run the cryptographic image"

HTH

Andy

Andy:

My switch is a C2950g-24-EI, so it looks I need to upgrade from:

c2950-i6k2l2q4-mz.121-22.EA6.bin

to:

c2950-i6k2l2q4-mz.121-22.EA7.bin

to acquire https capabilities.

Odd that we were able to setup ssh and not https with our current IOS version.

Thanks for your reply...

Bob

Update:

The C2950G-24-EI is now is running IOS version:

c2950-i6k2l2q4-mz.121-22.EA7.bin.

However, I still have several fundamental questions:

1) How do you determine that the switch has the enhanced IOS image, making it capable of utilizing the cryptographic IOS software functionality?

I would assume the "EI" suffix is indicative of the switch having the enhaced IOS image on it.

2) Can this switch [model/IOS specifics above] be configured for https access?

3) If so, how is this accomplished?

Please advise...

TIA

Bob

Bob

I just checked this out on a 2950 I have access to and it looks like HTTPS isn't available on this platform - regardless of whether you are running the Crypto image or not.

To tell if you have an EI switch do a 'show version' it specifically states what image is running - 'Running Enhanced Image' or 'Running Standard Image'. You can tell if you have a Crypto image as well as there is a section of the output that starts 'This product contains cryptographic features...'

On a catalyst 3550 (or a router) running a crypto image the command to enable HTTPS is 'ip http secure-server' (after an RSA key has been generated). This command isn't available on the 2950.

Apologies for the wrong information - I just assumed that since it was a Crypto image it would have HTTPS as well as SSH?

HTH

Andy