04-19-2017 02:38 PM - edited 03-08-2019 10:15 AM
Hello,
1. How do I put IP access restriction on the web GUI panel? I already have IP access restrictions set on SSH access to a couple of my local IPs, but I also want to apply the same security measure on the web GUI as well.
2. I cannot log into the web GUI on switch #1, but can on switch #2. How do I reset the user's pw for the first switch? It's odd, because they're both the same user/pw and saved in my password manager.
3. How do I also enable secure https for web access?
Thanks in advance.
05-04-2017 02:15 PM
Strange. Can you try this command from configuration mode?
sw(config)# crypto key generate rsa
05-04-2017 02:20 PM
And this command too please.
show ip http server secure status
05-04-2017 02:28 PM
Cisco3650#show ip http server secure status
HTTP secure server status: Enabled
HTTP secure server port: 443
HTTP secure server ciphersuite: 3des-ede-cbc-sha aes-128-cbc-sha
aes-256-cbc-sha dhe-aes-128-cbc-sha ecdhe-rsa-3des-ede-cbc-sha
HTTP secure server client authentication: Disabled
HTTP secure server trustpoint:
HTTP secure server active session modules: ALL
05-05-2017 06:11 AM
When you browse to the switches IP address you get Page cannot be found or 505 error?
05-05-2017 10:38 AM
From the single whitelisted IP, I get the login page but in http protocol. If I manually try https:// it says Secure Connection Failed. If I try to access from any other IP, I get 403 which I expect to.
05-08-2017 07:35 AM
Can you debug https and try and connect then post the results?
05-08-2017 08:11 AM
Sorry but I'm not sure how to do that. Please explain.
05-09-2017 08:50 AM
Going off the top of my head...
debug ip http
logging buff 50000
loggiing buff 7
05-09-2017 08:56 AM
Cisco3650#debug ip http
% Incomplete command.
Cisco3650#logging buff 50000
^
% Invalid input detected at '^' marker.
Cisco3650#loggiing buff 7
^
% Invalid input detected at '^' marker.
05-09-2017 09:07 AM
Cisco3650# debug ip http secure-server
Cisco3650# configuration terminal
CIsco3650(config)# logging buff 50000
CIsco3650(config)# end
CIsco3650# show log
05-04-2017 02:22 PM
Cisco3650(config)#crypto key generate rsa
% You already have RSA keys defined named Cisco3650.domain.com.
% Do you really want to replace them? [yes/no]:
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: