Is there a way to setup https access for a Catalyst 2950? I've setup the switch for http access in order to provide network assistant connectivity, but would like to secure this access [somewhat] with https.
am sure 2960 can be enabled for https. not really sure of 2950.. you can try these commands:
Hope this helps.. all the best..
I tried using the following command:
switch(config)# "ip http secure-server"
The switch returned:
"%Invalid input detected at '^' marker"
This functionality may not be available for the 2950 [WS-C2950G-24-EI/v12.1(22)EA6].
I didn't come across it in the command reference.
Thank you for your suggestion.
BTW... Do you have a Cryptographic-enabled Cisco IOS software installed on your switch?
My WS-C2950T-24 came with no Cryptographic Cisco IOS support (and thus, it didn't support neither HTTP/S nor SSH), so I had to update its software accordingly.
Yeah.. according to your output, i guess your IOS doesnt support https. Running a software advisor, I got the following IOS for https support with 2950:
Try to use this IOS.
Hope this helps..all the best
I'm running c2950-i6k2l2q4-m [no z]...
Is the "z" significant?
I've been able to setup ssh, but not https.
Could it be a configurational issue?
Where can I access the IOS advisor?
Thanks again for your continued assistance...
I am running c2950-i6k2l2q4-mz.121-22.EA6.bin.
The first time I looked at the config file, I was looking at a truncated display of the IOS.
Assuming, I'm running the IOS version you referred to in your initial reply and this functionality is available for the 2950s, is there another way to setup this functionality or additional configuration setup required besides and/or in addition too using the ip http secure-server command?
I'm not sure... how can you tell?
I have been able to setup/use ssh, but there be another IOS version required to also do https.
These are our first Cisco switches and we purchased them from an "upstream" networking group.
I'll get in touch with our contact to investigate.
Thanks for your reply...
You must have the Crypto Image to use HTTPS (and SSH). Only the Enhanced Image capable 2950's support the Crypto image:
The comment at the bottom of the table "Table 6 Catalyst 2955, 2950, and Catalyst 2940 Cisco IOS Software Files" states:
"Switches that support only the SI cannot run the cryptographic image"
My switch is a C2950g-24-EI, so it looks I need to upgrade from:
to acquire https capabilities.
Odd that we were able to setup ssh and not https with our current IOS version.
Thanks for your reply...
The C2950G-24-EI is now is running IOS version:
However, I still have several fundamental questions:
1) How do you determine that the switch has the enhanced IOS image, making it capable of utilizing the cryptographic IOS software functionality?
I would assume the "EI" suffix is indicative of the switch having the enhaced IOS image on it.
2) Can this switch [model/IOS specifics above] be configured for https access?
3) If so, how is this accomplished?
I just checked this out on a 2950 I have access to and it looks like HTTPS isn't available on this platform - regardless of whether you are running the Crypto image or not.
To tell if you have an EI switch do a 'show version' it specifically states what image is running - 'Running Enhanced Image' or 'Running Standard Image'. You can tell if you have a Crypto image as well as there is a section of the output that starts 'This product contains cryptographic features...'
On a catalyst 3550 (or a router) running a crypto image the command to enable HTTPS is 'ip http secure-server' (after an RSA key has been generated). This command isn't available on the 2950.
Apologies for the wrong information - I just assumed that since it was a Crypto image it would have HTTPS as well as SSH?