mikey250
asked on
SSL - QUERY
Hi
Qns1. Im confused I thought the command 'ssl' was added at the 'line vty 0 4' stage - used for enabling via a browser: https://x.x.x.x.x - ?
Qns2. Although in order to setup a connection via a browser for a Cisco 837 is as below:?
Enable the router's HTTP/HTTPS server, using the following Cisco IOS commands:
Router(config)# ip http server
Router(config)# ip http secure-server
Router(config)# ip http authentication local
Note:- HTTPS is enabled only for crypto enabled IOS images.
Create a user with privilege level 15.
Router(config)# username <username> privilege 15 password 0 <password>
Note:- Replace <username> and <password> with the username and password that you want to configure.
Configure SSH and Telnet for local login and privilege level 15:
Router(config)# line vty 0 4
Router(config-line)# privilege level 15
Router(config-line)# login local
Router(config-line)# transport input telnet
Router(config-line)# transport input telnet ssh
Router(config-line)# exit
(Optional) Enable local logging to support the log monitoring function:
Router(config)# logging buffered 51200 warning
Qns1. Im confused I thought the command 'ssl' was added at the 'line vty 0 4' stage - used for enabling via a browser: https://x.x.x.x.x - ?
Qns2. Although in order to setup a connection via a browser for a Cisco 837 is as below:?
Enable the router's HTTP/HTTPS server, using the following Cisco IOS commands:
Router(config)# ip http server
Router(config)# ip http secure-server
Router(config)# ip http authentication local
Note:- HTTPS is enabled only for crypto enabled IOS images.
Create a user with privilege level 15.
Router(config)# username <username> privilege 15 password 0 <password>
Note:- Replace <username> and <password> with the username and password that you want to configure.
Configure SSH and Telnet for local login and privilege level 15:
Router(config)# line vty 0 4
Router(config-line)# privilege level 15
Router(config-line)# login local
Router(config-line)# transport input telnet
Router(config-line)# transport input telnet ssh
Router(config-line)# exit
(Optional) Enable local logging to support the log monitoring function:
Router(config)# logging buffered 51200 warning
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
There's two methods of getting configuration access to the router.
The first uses virtual terminal lines, which when you configure for incoming connections you also need to list the protocols used. Telnet is the usual and if you want the traffic secure and the IOS supports it, you also include or just have SSH. This will give you access to the Command Line Interface (CLI).
The second method is via a web server which is a different service altogether. It uses http and enabled with:
ip http server
For the traffic to be secure, you need to use https (which uses SSL) and if the IOS supports it, is enabled with:
ip http secure-server
This gives you access to the web GUI.
I think I've discovered where your questions are coming from. Is the configuration listed for using Security Device Manager? This software uses both access methods to get content and read/write the configuration files and why there is two methods of encryption.
The first uses virtual terminal lines, which when you configure for incoming connections you also need to list the protocols used. Telnet is the usual and if you want the traffic secure and the IOS supports it, you also include or just have SSH. This will give you access to the Command Line Interface (CLI).
The second method is via a web server which is a different service altogether. It uses http and enabled with:
ip http server
For the traffic to be secure, you need to use https (which uses SSL) and if the IOS supports it, is enabled with:
ip http secure-server
This gives you access to the web GUI.
I think I've discovered where your questions are coming from. Is the configuration listed for using Security Device Manager? This software uses both access methods to get content and read/write the configuration files and why there is two methods of encryption.
ASKER
Yes it was from 'SDM'. Ive never used any 'GUI' stuff before via Internet Browser but just realised after your explanation.
Oh so the fact that 'https' is added ie is all is needed as below:
ip http server
ip https secure-server
ip http authentication local
Router(config)# username <username> privilege 15 password 0 <password>
And that 'http' actually uses 'SSL' although the acronym itself is not added.!!!!???
But with 'SSH' for security and access to the CLI it is:
Configure SSH and Telnet for local login and privilege level 15:
Router(config)# line vty 0 4
Router(config-line)# privilege level 15
Router(config-line)# login local
Router(config-line)# transport input telnet
Router(config-line)# transport input telnet ssh
Router(config-line)# exit
Oh so the fact that 'https' is added ie is all is needed as below:
ip http server
ip https secure-server
ip http authentication local
Router(config)# username <username> privilege 15 password 0 <password>
And that 'http' actually uses 'SSL' although the acronym itself is not added.!!!!???
But with 'SSH' for security and access to the CLI it is:
Configure SSH and Telnet for local login and privilege level 15:
Router(config)# line vty 0 4
Router(config-line)# privilege level 15
Router(config-line)# login local
Router(config-line)# transport input telnet
Router(config-line)# transport input telnet ssh
Router(config-line)# exit
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Perfect thanks for that!
ASKER
Qns1. So both 'SSH & SSL' which are different encryption types, but are configured in 'line vty 0 4' for eg ?
Qns2. What are the complete configurations for 'SSL' ?