You want to configure and monitor your router using a browser interface.
Cisco includes an HTTP server in the IOS. You can enable this feature on a router and then use any standard web browser instead of Telnet to access the router:
Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#access-list 75 permit 172.25.1.1 Router1(config)#access-list 75 deny any Router1(config)#ip http server Router1(config)#ip http access-class 75 Router1(config)#end Router1#
After configuring this feature on a router, you can then connect to the router from a standard web browser. For example, using the Lynx text-based web browser, the router's home page looks like this:
Router1 Home Page
Cisco Systems
Accessing Cisco 2621 "Router1"
Telnet - to the router.
Show interfaces - display the status of the interfaces.
Show diagnostic log - display the diagnostic log.
Monitor the router - HTML access to the command line interface at
level 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15
Connectivity test - ping the nameserver.
Show tech-support - display information commonly needed by tech
support.
QoS Device Manager - Configure and monitor QoS through the web
interface.
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Help resources
1. CCO at www.cisco.com - Cisco Connection Online, including the
Technical Assistance Center (TAC).
2. tac@cisco.com - e-mail the TAC.
3. 1-800-553-2447 or +1-408-526-7209 - phone the TAC.
4. cs-html@cisco.com - e-mail the HTML interface development group.
The bold words are links that allow you to execute IOS EXEC commands. For example, the Showinterfaces link will run the show interfaces command and display the result on your browser. You can even use the browser to configure the router. If you select one of the command-line interface level options, it will give you access to all of the EXEC commands at the corresponding authorization level. Please refer to Chapter 3 for more information about these user authorization levels.
This option for accessing a router has been available since IOS level 11.2. However, there was an extremely serious bug in the feature that was fixed in IOS level 12.1(5). This bug would cause the router to crash if the user issued a relatively simple typographical error. If a Telnet user types a question mark as part of a command, the router will respond with a list of valid options for this command. However, including a question mark in a URL would cause the router to crash. Since even a legitimate user could easily make this mistake, we strongly recommend against using the feature in any IOS levels before 12.1(5).
In more recent IOS versions, this web interface is no more or less secure than Telnet access to the router's EXEC command-line interface. You still need to supply the same valid user authentication information to connect using a browser. In Chapter 3 and Chapter 4 we will discuss different authentication methods, such as AAA, that you can use with Telnet. All these methods are also available for HTTP, and you can configure the one you want using the authentication keyword. For example, you can configure the HTTP server to use AAA authentication:
Router1(config)#ip http authentication aaa
You can even restrict which devices are permitted to access the router's web interface using the access-class keyword. In the example, we have told the router to restrict access to the router's web server based on access list number 75, which allows only one workstation IP address:
Router1(config)#access-list 75 permit 172.25.1.1 Router1(config)#access-list 75 deny any Router1(config)#ip http access-class 75
We find that the Telnet command-line interface is much easier to use than the web interface. The only compelling use for this option that we have encountered is to allow first-level technical staff access to basic commands such as show interfaces.
|
|
|
| Top |