Cisco Switching/Routing :: 2960S Http / Https Access With Read-only?
Feb 19, 2012I configured 2960S switch as http server. I'm unable to access the switch GUI with non privilege 15 user, with privilege 15 user it's working.
View 7 RepliesI configured 2960S switch as http server. I'm unable to access the switch GUI with non privilege 15 user, with privilege 15 user it's working.
View 7 RepliesI have a customer who wants his new ASA-5520 to load balance out-going traffic between 2 ISPs, fairly normal request. Now here's the twist. He wants to separate traffic based upon the protocol used, http to one ISP, https to the other.
View 3 Replies View RelatedI installed the LMS as ova template on ESXi and be able to connect via SSH, but when I try to connect via http or https I got the following error.
ForbiddenYou don't have permission to access / on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
I was unable to access my ASA 5520 using HTTP/HTTPS even on the management interface. I had upgrade the ASA IOS to asa832-k8.bin and ASDM to asdm-634-53.bin. But, the issue still the same.
My browser show the error message as attach image.
PGA-Firewall-02# sh run: Saved:ASA Version 8.3(2)!hostname PGA-Firewall-02enable password 8Ry2YjIyt7RRXU24 encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface GigabitEthernet0/0 nameif public security-level 0 ip
[Code]....
What is the Best way to protect management access ofrece the switch and how to create monitoring users whitout access to configuration Mode?.
View 2 Replies View RelatedI am facing issue with http login after IOS upgrade on 3750 switches. I upgrade IOS from c3750-ipbase-mz.122-35.SE5.bin to c3750-ipbase-mz.122-53.SE2. bin Any other command I have to run.
View 1 Replies View RelatedI have cisco 881 and configured with http access, but when i try to open in browser it's shows blank page. Is the Cisco 881 supports GUI ?
View 3 Replies View RelatedUnable to access switch from outside the local network. Can get to all routers and PC's
View 2 Replies View RelatedWe need to give differentiated internet access to three VLANs. Each one of this VLANs is used for totally different purposes, so traffic between the VLANs is not allowed. Each VLAN has its own internet access provided for the data center using one fast ethernet connection.
We're thinking about using cisco 2911 for Internet access, VPN and firewall. I suppose that best option for VLANs is using Catalyst 2960S or a swithing module for the 2911, but these two options are too expensive for us. We're thinking about using swtiches from the SB series (maybe a SG-200).
We're totaly newbies to VLANs so we have many doubts. This are our questions:
1) The 2911 has three on board ethernet interfaces; we have three VLANs and three internet connections, so we need to use HWICs to get three more ethernet ports. That's right?
2) We need three HWICs or there is some kind of HWIC with more that one ethernet interface?
3) The routing solution is to assign static routes in the 2911 for each interface connected to a VLAN through a 2911's interface connected to internet?
4) Simply connecting three different router interfaces with three different switch ports, each one of them assigned to one of the three different VLAN, are we going to get internet access for all devices in those VLANs? or do we need to configure something else like trunking, VSIs...?
5) Can we achieve our goals using the SG-200 switch?
6) We have the chance to use older routers, is this possible? We're specially interested in knowing if a 1841 or a 2801 router could be used for this setup.
7) This is not a production environment so we can use refurbished equipment.
I have reset my wireless connection numerous times, rebooted, tried wireless and wired and continue to have the same result - great signal; cannot connect to any webpage. Ran network diagnostics and everything seems to check out except the "DNS Server."
Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:Documents and SettingsMarcy Musselman>ipconfig /all
Windows IP Configuration Host Name . . . . . . . . . . . . : MARCYS Primary Dns
[Code].....
how do I install Firefox if I cannot connect to the internet? Can I "save" it to a disc or flash drive from another computer.
View 7 Replies View RelatedI have follow below URL to disable the https over web authentication:
[URL]
What i want to achieve is disable https over web authentication due to certificate issue, but it seems like even we have disable the http over web management as above URL describe, still https while doing web authentication. Or it is possible to configure use port other than 80, like 8080 for web authentication? (need to reboot the wlc?)Is there any bug that related to this CSCsy32145?
WLC Software Version 6.0.196.0
I am familiar with how a proxy works. The client sends a request to the proxy server and the proxy server makes the connection on behalf of the client to the web page.My question is how does this work with HTTP and end to end encryption?I know that at a company the IT staff can install certs on the computers that link to the proxy thus breaking the end to end encryption and allowing the company to see what data is being sent.I however cannot find out or think of how else to proxy an HTTPS connection other than installing certs on the clients that allows the proxy to see the data.If the proxy makes the https request on behalf of the client via one session, the https session would terminate on the proxy and the proxy would have to create a subsequent https connection to the client.This would break the end to end encryption and the client should pick up on this unless the certs on the client have been changed.
View 1 Replies View RelatedI will be adding wireless access points or repeaters on a business network. The business already has one wireless router using a https login, that 15 computers are wired to, through switches. This Secure http router is directly connected to the cable modem.Would I be loosing the benefit of Secure http by adding wireless access points or repeaters that don't support it? Or would they be securely routed by the main https router connected to the gateway?I have never had the opportunity to work with a secure http router before.
View 4 Replies View RelatedFor a CSS with a SSL module (performing SSL termination) - is it possible to impliment a redirect on https URL to send to equivalent http URL.If my understanding is correct, the CSS will do SSL termination and then use an http content rule on the resultant http stream as it is recursively handled by the CSS ? This would mean that the SSL module has no way of seeing/acting on layer 5 and above data (i.e. picking up on a specific URL) and can not itself issue a redirect - i.e. you could not associate a redirect statement or service with the following ssl content rule ? [code]The CSS would instead rely on a http content rule to impliment a redirect - i.e. you would have to associate a redirect statement or service to the following http content rule instead?
But if the CSS is already handling traffic for existing url... traffic that is going to cause a loop when a client goes direct to. url...I realise the requirment is uncommon / a bit convoluted, its one of those don't ask type scenarios - aimed at achieving a specific requirement.Would the ACE 4710 be able to handle such a scenario any differently ?
I am trying to make a redirect from http to https. the goal is whenever a user writes in http://10.80.199.71 it should be redirected to https://10.80.199.71 I am just haveing some trouble making it work.
View 4 Replies View RelatedHow to configure a redirection on the ACE from HTTP to HTTPS using specific URL example [URL] to [URL], the SSL certificates were installed on the servers.
View 7 Replies View RelatedNever seen a Cisco, or any other L3 switch before. Nor an Lx router. Any step by step,or class room or web based training, or a partner or Cisco helper to get us up to speed on this.Goal is to limit http and https traffic in favor of telnet to an AIX server and RDP to a Windows TS. Printing would be ahead of http/s and below the others.
Interstingly, the web site promises 9 videos, but there are only 8. The demo guide says about OoS: "Coming Soon".Where to go? Who(m) to call?
Any issues with IOS 12.4(16) through 12.4(25f) with HTTP/HTTPS protocols running on a 3825 router? I have a remote site that accesses a corporate application over an MPLS, sometimes it works fine, other times it will hang for hours. No errors on circuits, interfaces, ethernet interfaces, etc. Response times are averaging 50ms even when the application freezes. The only thing I can think of is that it could be an issue with the IOS version.
View 13 Replies View RelatedI need to redirect all http and https traffic from one source in a dmz network, to port tcp/8080 on a proxy server on the inside network.
The source device doesn't handle proxying very well, so i've been advised to redirect the tcp/80 and tcp/443 ports to tcp/8080 as it passes through the firewall.
Scenario is thus:
PIX 515E 6.3 (5)
DMZ server: 172.31.255.250 (Real IP), 10.44.181.236 (NAT IP)
Inside Proxy server: 10.44.132.28 (Real IP), 172.31.255.110 (NAT IP)
I've configured a static NAT redirect using the following command: static (inside,dmz) tcp 172.31.255.110 www 10.44.132.28 8080 netmask 255.255.255.255 0 0
When I try to add the next command of: static (inside,dmz) tcp 172.31.255.110 443 10.44.132.28 8080 netmask 255.255.255.255 0 0
I get the following error: ERROR: duplicate of existing static
Is there a work around for this at all or am I stuck with the limitations of the software?
I have a WRVS4400N I am able to block http sites such [URL] but everybody have access to [URL]
View 2 Replies View RelatedI have a WLC526 running sw version 4.2.61.8 that I finally got around to installing in my shop for testing after sitting on the shelf for several years. Since it's now out of warranty and I'm no longer certified getting the latest sw version isn't possible so I'm stuck with the version it shipped with.
1, How do we change the web log in page from https to http? No guest wants to get confronted with a certificate error page so https doesn't make sense.
2, The virtual interface used for Web-Auth provides for a DNS Name but if I set a name it won't resolve and the log in fails. If I delete the name it uses the assigned IP instead and works fine. How do I get the DNS Name to work since it looks more professional?
3, When changes are made to the WLC I was initially just applying the change and then saving the config but it appears for some of these changes to take affect I have to reboot. It this correct or am I just missing something.
Again some of these issues are probably addressed in the subsequent sw releases but since my device sat in a box for 3+ years I missed out on the opportunity to upgrade and now TAC is telling me { (no contract || no warranty == no software) }, despite the fact that this device reached its EOL.
I am configuring a GSS to check an Web server that responds to https requests.I put 443 as the port but I don´t see replies from the server and the Answer Status is always offline.Other servers using http on port 80 are showing OK.The appliance is a GSS-4492-k9 Version 3.1(0).
View 2 Replies View RelatedI have a custom webauth page installed that I am using with web passthrough authentication on my WLC2006 in order to put up a acceptable use policy page. The WLC uses HTTPS to display this which causes a security certificate warning to appear if I go with the WLC's own self-signed certificate. Is there a way I can get the WLC to use plain HTTP to display this page instead so I can eliminate the warning? I have already tried installing a trusted 3rd party certificate on the WLC, but I have this very strange problem where mucking with the WLC's web authentication certificate in any manner causes all network activity on the WLC to break except for CDP and ARP, essentially leaving the WLC dead. Three weeks of troubleshooting with Cisco TAC has yielded no progress on that front so now I am trying to bypass the need for a security certificate altogether since I really don't need to encrypt my acceptable use policy page.
View 13 Replies View RelatedRight now, in my network there is no proxy server and all users go straight through the ASA to access internet. I would like to put a squid with dansguardian (for web filtering). Steps in getting all http and https traffic from ASA go via my squid?
View 18 Replies View Relatedi have a 4710 appliance (one armed) and i am load balancing with two webservers. In the URL, there are links that need to be redirected to https:
[URL]
i am using the
rserver redirect REDIRECT-TO-HTTPS[URL]
The https is working but i have a problem. when i access the Main link "first" it is redirected to https to the Main link.But if i access one of the Sublinks directly(without having to click on the main link first) the page is redirected to https but to the Main Link. i have to click the Sublink again in order to get the page.How can i redirect to https and stay on the same page? What might be the general link in the webserver-redirection?
I have an ASA 5505 that I am using to connect my contractors to via an inside interface, the outside interface is my private LAN. I have setup on our corporate Proxy server to allow traffic from my outside interface of my ASA to go to the internet without credentials BUT log internet activity. The question is I want to know if the ASA can send that http & https traffic to my proxy server and all other traffic to my default route? I want to be able to send all internet traffic to my proxy server. This will avoid me asking the contractors to place proxy credentials in their browsers.
View 6 Replies View RelatedAny benefit to enable https with in the gui instead of using the default http?
View 1 Replies View RelatedLet's see if you can with this one:
DSL Internet Router (Dynamic IP) -> Linksys RV082 -> Firewall PC -> LAN
DSL Internet Router: 192.168.3.0/24
Linksys RV082 WAN2: 192.168.3.0/24
Linksys RV082 LAN: 192.168.5.0/24
Firewall (2 Nics): Nic1 is 192.168.5.0/24 and Nic2 is 192.168.1.0/24
LAN: 192.168.1.0/24
RV082 WAN 2: Configured with a DHCP IP Address from DSL Internet Router so it has 192.168.3.0/24 range IP.
Load Balancing enabled
Static Route added on RV082: 192.168.1.0 mask 255.255.255.0 gateway 192.168.5.x interface LAN
Firewall PC is completely Open as i was using it before.
I had a Fortgate 60B and everything worked fine, then a bought a RV082 and now i can get this up and running properly.The thing is this....whit the actual setup i have, computers only can navigate through HTTP web pages, other ports seem to be closed, but if the Firewall PC was blocking this i guess i'll know because it shows a message on screen when a policy is being applied. If i try to open HTTPS Pages it doesnt work, Even a simple pinng to google.com doesn't work from my LAN (192.168.1.0/24), but if i connect a computer on a local port on RV082 i can PING and i can browse anywere i want.
It seems to be that Firewall PC is causing problems but i execute a tracert to [url]...., the packet get stuck in the RV082.What im thinking is that maybe the RV082 doesn't allow to go trhu at all if the traffic comes from other networks that doesn't belong to the one configured on its LAN side.By the way the Firewall PC connected to the RV082 directly navigates perfectly.
PS. The reason im using Firewall PC is because that way is much easier and flexible to handle policies for Internal users than in the RV082 Router. I use this ume basically to set up VPN IPSEC and Dual WAN Load Balancing.
When I insert the TwinGig Converter in a Catalyst 4900M you get the following error message: Failed to read transceiver serial eeprom on port Te2/1, try reinserting.This error is probably because the device expects 10Gig transceivers to be connected to the device not 1Gig.I used the TwinGig 4 module and 8 SFP ports are connected. But when i type in the the "hw-module module <slot> port-group <group> select gigabitethernet" the command is not available. [code]
View 1 Replies View RelatedA few moments ago we noticed the following on one of our Nexus 7K devices. Google didn't deliver much as to what might have gone amiss. [code]
View 2 Replies View Related9x3750E stacked switch (WS-C3750E-48PD-SF0) (15.0(1)SE2
C3750E-UNIVERSALK9-M)
2x10Gbe uplinks from EMC NAS
At a basic level, we have found that the 10Gbe uplinks have slow read performance with or without a port-channel configured (2-3 minutes for a 700MB file to desktop from the NAS) We switched back to testing a 1Gbe and the read speed is normal. Another anomaly is Win7 / 2008 machines read speed is fine from the NAS while the 10Gbe uplinks are in production?!
Write speed is great on 10Gbe. Only read speed is affected!! the switch is not reporting anything abnormal. We looked at SMB/SMB2 as another possible cause...
mls qos is enabled on the switch but not sure if this is affecting performance.
Is the ANY config that I need to carry out on the interfaces to get the read speed working as it should for both Win7 and WinXP. (MTU is 1500 throughout the enterprise, NAS included).
I have recently split the voice vlan (10) from the data network (1), and am wondering why my catalysts and router do not require an interface Vlan10 statement. In the past I used OpenBSD boxes to do the routing, and I first needed to configure vlan 10 on the interface before I could get inter-vlan communication to work. With these Cisco devices it works, and I am wondering if it is because of VTP, for the fact that the ports maybe just pass all traffic, or is there some other explanation? Below is the setup, and firmware is up-to-date on all of the devices.
When I plug a phone into the POE SGE, the phone turns on, obtains an address on the proper subnet, and conversations are clear (whereas without the ip nat inside on the new subnet the calls had a lot of static). Possibly the reason that it works is because the phones properly create the tcp/ip packet, and it hops over the trunks and creates the states so that traffic routes back properly. I will install wireshark to see exactly what is going on, but is there a simple explanation that I am overlooking?