Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Configure Catalyst 2950 for HTTPS Access

Is there a way to setup https access for a Catalyst 2950? I've setup the switch for http access in order to provide network assistant connectivity, but would like to secure this access [somewhat] with https.

11 REPLIES

Re: Configure Catalyst 2950 for HTTPS Access

am sure 2960 can be enabled for https. not really sure of 2950.. you can try these commands:

http://www.cisco.com/en/US/products/ps6406/products_configuration_guide_chapter09186a008055fd0f.html#wp1226317

Hope this helps.. all the best..

Raj

New Member

Re: Configure Catalyst 2950 for HTTPS Access

Raj:

I tried using the following command:

switch(config)# "ip http secure-server"

The switch returned:

"%Invalid input detected at '^' marker"

This functionality may not be available for the 2950 [WS-C2950G-24-EI/v12.1(22)EA6].

I didn't come across it in the command reference.

Thank you for your suggestion.

Bob

New Member

Re: Configure Catalyst 2950 for HTTPS Access

BTW... Do you have a Cryptographic-enabled Cisco IOS software installed on your switch?

My WS-C2950T-24 came with no Cryptographic Cisco IOS support (and thus, it didn't support neither HTTP/S nor SSH), so I had to update its software accordingly.

Re: Configure Catalyst 2950 for HTTPS Access

Yeah.. according to your output, i guess your IOS doesnt support https. Running a software advisor, I got the following IOS for https support with 2950:

c2950-i6k2l2q4-mz.12.1-22.EA6

Try to use this IOS.

Hope this helps..all the best

Raj

New Member

Re: Configure Catalyst 2950 for HTTPS Access

Raj:

I'm running c2950-i6k2l2q4-m [no z]...

Is the "z" significant?

I've been able to setup ssh, but not https.

Could it be a configurational issue?

Where can I access the IOS advisor?

Thanks again for your continued assistance...

Bob

New Member

Re: Configure Catalyst 2950 for HTTPS Access

Raj:

I am running c2950-i6k2l2q4-mz.121-22.EA6.bin.

The first time I looked at the config file, I was looking at a truncated display of the IOS.

Assuming, I'm running the IOS version you referred to in your initial reply and this functionality is available for the 2950s, is there another way to setup this functionality or additional configuration setup required besides and/or in addition too using the ip http secure-server command?

Bob

New Member

Re: Configure Catalyst 2950 for HTTPS Access

felipe:

I'm not sure... how can you tell?

I have been able to setup/use ssh, but there be another IOS version required to also do https.

These are our first Cisco switches and we purchased them from an "upstream" networking group.

I'll get in touch with our contact to investigate.

Thanks for your reply...

Bob

Re: Configure Catalyst 2950 for HTTPS Access

You must have the Crypto Image to use HTTPS (and SSH). Only the Enhanced Image capable 2950's support the Crypto image:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12122ea7/ol8122.htm#wp37393

The comment at the bottom of the table "Table 6 Catalyst 2955, 2950, and Catalyst 2940 Cisco IOS Software Files" states:

"Switches that support only the SI cannot run the cryptographic image"

HTH

Andy

New Member

Re: Configure Catalyst 2950 for HTTPS Access

Andy:

My switch is a C2950g-24-EI, so it looks I need to upgrade from:

c2950-i6k2l2q4-mz.121-22.EA6.bin

to:

c2950-i6k2l2q4-mz.121-22.EA7.bin

to acquire https capabilities.

Odd that we were able to setup ssh and not https with our current IOS version.

Thanks for your reply...

Bob

New Member

Re: Configure Catalyst 2950 for HTTPS Access

Update:

The C2950G-24-EI is now is running IOS version:

c2950-i6k2l2q4-mz.121-22.EA7.bin.

However, I still have several fundamental questions:

1) How do you determine that the switch has the enhanced IOS image, making it capable of utilizing the cryptographic IOS software functionality?

I would assume the "EI" suffix is indicative of the switch having the enhaced IOS image on it.

2) Can this switch [model/IOS specifics above] be configured for https access?

3) If so, how is this accomplished?

Please advise...

TIA

Bob

Re: Configure Catalyst 2950 for HTTPS Access

Bob

I just checked this out on a 2950 I have access to and it looks like HTTPS isn't available on this platform - regardless of whether you are running the Crypto image or not.

To tell if you have an EI switch do a 'show version' it specifically states what image is running - 'Running Enhanced Image' or 'Running Standard Image'. You can tell if you have a Crypto image as well as there is a section of the output that starts 'This product contains cryptographic features...'

On a catalyst 3550 (or a router) running a crypto image the command to enable HTTPS is 'ip http secure-server' (after an RSA key has been generated). This command isn't available on the 2950.

Apologies for the wrong information - I just assumed that since it was a Crypto image it would have HTTPS as well as SSH?

HTH

Andy

2049
Views
0
Helpful
11
Replies
CreatePlease to create content