Leaflet

ManualsBrandsCisco ManualsSwitchesCisco Catalyst 6509-NEB-A Switch

101

102

103

104

105

106

107

108

109

110

106

OL-11615-01

Console> (enable) set tacacs server 170.1.2.20 primary

170.1.2.20 added to TACACS server table as primary server.

Console> (enable) set tacacs key MyKey

The tacacs key has been set to MyKey.

Console> (enable) set ip http server enable

HTTP server is enabled.

Console> (enable) set authentication login tacacs enable http primary

tacacs login authentication set to enable for HTTP sessions as primary authentification

method.

Console> (enable)

For more information about HTTP authentication using AAA, refer to the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_8_5/confg_gd/authent.htm

Step 2 Use a non-standard port for HTTP (other than TCP/80). In Catalyst OS this can be done using the set ip

http port command.

For more information about the set ip http port command refer to the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_8_5/cmd_ref/set_f

_l.htm#wp1026145

Web-Based GUI Access in Cisco IOS

When the web interface is require, the best practice is to enable it with HTTPS instead of HTTP. In Cisco

IOS the HTTPS service can be enabled using the ip http secure-server global configuration command.

For more information on the ip http secure-server command, refer to the following URL:

http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1833/products_feature

_guide09186a00800d9eee.html#wp1021949

In cases where HTTPS cannot be used or is not available, perform the following steps to secure the

HTTP-based GUI:

Step 1 Enable user authentication using protocols like RADIUS or TACACS+. In Cisco IOS HTTP

authentication can be enabled using the ip http authentication global configuration command. The

following example shows a configuration listing for HTTP authentication using TACACS+.

aaa new-model

aaa authentication login default group tacacs+

aaa authorization exec default group tacacs+

ip http server

ip http authentication aaa

tacacs-server host 171.68.18.10

tacacs-server key Cisco

For more information about HTTP authentication refer to the following URL:

http://www.cisco.com/en/US/partner/tech/tk59/technologies_configuration

_example09186a0080178a51.shtml

Step 2 Use a non-standard port for HTTP (other than TCP/80). In IOS this can be done using the ip http port

global configuration command.

For more information about the ip http port command refer to the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/fun_r/cfr

_1g04.htm#wp1028992