Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4021
Views
0
Helpful
25
Replies

Restricted Web GUI Access & Login Reset on Cisco 3650

BashedRoot
Level 2
Level 2

‎04-19-2017 02:38 PM - edited ‎03-08-2019 10:15 AM

Hello,

1. How do I put IP access restriction on the web GUI panel? I already have IP access restrictions set on SSH access to a couple of my local IPs, but I also want to apply the same security measure on the web GUI as well.

2. I cannot log into the web GUI on switch #1, but can on switch #2. How do I reset the user's pw for the first switch? It's odd, because they're both the same user/pw and saved in my password manager.

3. How do I also enable secure https for web access?

Thanks in advance.

Labels:
0 Helpful
25 Replies 25

Collin Clark
VIP Alumni
VIP Alumni
In response to BashedRoot

‎05-04-2017 02:15 PM

Strange. Can you try this command from configuration mode?

sw(config)# crypto key generate rsa

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to Collin Clark

‎05-04-2017 02:20 PM

And this command too please.

show ip http server secure status

0 Helpful

BashedRoot
Level 2
Level 2
In response to Collin Clark

‎05-04-2017 02:28 PM 

Cisco3650#show ip http server secure status
HTTP secure server status: Enabled
HTTP secure server port: 443
HTTP secure server ciphersuite:  3des-ede-cbc-sha aes-128-cbc-sha
        aes-256-cbc-sha dhe-aes-128-cbc-sha ecdhe-rsa-3des-ede-cbc-sha
HTTP secure server client authentication: Disabled
HTTP secure server trustpoint: 
HTTP secure server active session modules: ALL
0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to BashedRoot

‎05-05-2017 06:11 AM

When you browse to the switches IP address you get Page cannot be found or 505 error?

0 Helpful

BashedRoot
Level 2
Level 2
In response to Collin Clark

‎05-05-2017 10:38 AM

From the single whitelisted IP, I get the login page but in http protocol. If I manually try https:// it says Secure Connection Failed. If I try to access from any other IP, I get 403 which I expect to.

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to BashedRoot

‎05-08-2017 07:35 AM

Can you debug https and try and connect then post the results?

0 Helpful

BashedRoot
Level 2
Level 2
In response to Collin Clark

‎05-08-2017 08:11 AM

Sorry but I'm not sure how to do that. Please explain.

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to BashedRoot

‎05-09-2017 08:50 AM

Going off the top of my head...

debug ip http

logging buff 50000

loggiing buff 7

0 Helpful

BashedRoot
Level 2
Level 2
In response to Collin Clark

‎05-09-2017 08:56 AM 

Cisco3650#debug ip http
% Incomplete command.

Cisco3650#logging buff 50000
                  ^
% Invalid input detected at '^' marker.

Cisco3650#loggiing buff 7
               ^
% Invalid input detected at '^' marker.
0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to BashedRoot

‎05-09-2017 09:07 AM

Cisco3650# debug ip http secure-server

Cisco3650# configuration terminal

CIsco3650(config)# logging buff 50000

CIsco3650(config)# end

CIsco3650# show log

0 Helpful

BashedRoot
Level 2
Level 2
In response to Collin Clark

‎05-04-2017 02:22 PM

Cisco3650(config)#crypto key generate rsa     
% You already have RSA keys defined named Cisco3650.domain.com.
% Do you really want to replace them? [yes/no]:

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card