11 Replies Latest reply: Jul 17, 2012 3:35 AM by amps_1816 RSS

    ip http server




      I'm confused about the use of a router as an http server.


      First of all, is the http server available in both cisco routers and switches ? I'm trying to test this in Packet Tracer and it seems that the command "ip http ..." is not available in any router/switch. Is there anything else you have to configure first before being able to enable the http server ?


      also, is the http server usually enabled so the router can be configured through a web interface ? Or is it used as a normal web server and contain any website?


      So, as soon as you enter the command "ip http server" you can open a web browser, enter the ip for the router and connect to a web interface which you can use to configure the router ? or you have manually place the files for the website / management site on the router ?





        • 1. Re: ip http server

          The http server is not actually a full blown web server to host any site you want - it's intended for web interface/GUI management.  It is typically utilized by the SDM, Cisco Network Assistant, and the ASDM is used with the CIsco Adaptive Security Appliance.


          However, I don't recommend HTTP servers unless you absolutely need them.  I use HTTPS on ASAs due to the extensive capabilities of the ASDM, however on routers and switches if you can stick to CLI access only, it's recommended.  Unfortunately there are bugs out there that affect HTTP/S servers, introducing vulnerabilities that otherwise are avoided entirely.

          • 2. Re: ip http server

            In addition to what Travis has said, make sure your IOS supports crypto so you can generate a certificate and use https.  The only time I have really used the http interface on IOS devices has been to use SDM or the CNA (Cisco Network Assistant), which is a gui for 3750, 3560 and 4500 series switches.


            Depending on the version of IOS, the ip http server may or may not be available.  But I have seen it with shipped IOS version in the last 4 to 5 years.

            • 3. Re: ip http server
              Kerry LeBlanc

              These are the basic steps:


              To enable the Cisco Web browser interface on a router or access server, use the ip http server global configuration command. To disable this feature, use the no form of this command.

              ip http server

              no ip http server

              Syntax Description

              This command has no arguments or keywords.


              It may be that this command is not supported on Packet Tracer. You can check it using the following:


              To determine if the HTTP server is running on your device, issue the show ip http server status and show ip http server secure status commands at the prompt and look for output similar to:

              Router>show ip http server status
              HTTP server status: Enabled

              If the device is not running the HTTP server, you should see output similar to:

              Router>show ip http server status
              HTTP server status: Disabled
              • 4. Re: ip http server



                Call Manager Express also runs http server on the router to provide telephone administration.


                Regards Conwyn

                • 5. Re: ip http server
                  Paul Stewart  -  CCIE Security

                  Believe it or not, there are several answers.  On most routers, there is the ip http server command that allows a very basic access to commands and not much configuration (like show commands).  On some routers, you can add the files through an installer that allows you to use what is called the SDM (Security Device Manager).  This is more robust and is similar in some respect to the ASA's ASDM.  It uses java.  Switches will vary with what you get from just enabling http server.  Some have a java based management console. In all honesty, most of Cisco's router and switch GUIs are getting better, but IMHO are not as good as the CLI.  Basically, I feel like you can use them if you understand the CLI.  I usually just disable the http server and configure through what I know and understand best.

                  • 6. Re: ip http server
                    Adrian Soh

                    Hi Harris,


                    Another case of Cisco Feature Set Navigator time!  http://tools.cisco.com/ITDIT/CFN/Dispatch




                    • 7. Re: ip http server

                      The main perpose of enabling http-server is to use SDM, which is used to configure router via gui mode and which is easy to use but it's not recommended for advanced level, but for beginner its useful because they r not familier with all IOS commands but dont just make it habit.

                      • 8. Re: ip http server
                        Paul Stewart  -  CCIE Security

                        The ip http-server actually predates the SDM by many years.  It is used to serve various administrative tools to administrators such as CME Admin.

                        • 9. Re: ip http server
                          Rakesh Singh Sambyal

                          Do we use ip http server command on routers/swtches in packet tracer.?

                          • 10. Re: ip http server
                            just plain old Kev

                            that command is not supported in any PT routers.

                            • 11. Re: ip http server

                              do I need to issue this command "no ip http authentication local" if im doing this "no ip http server"?