Networking

Access Cisco command output from your Web browser

As you may know, Cisco routers include a built-in Web server, which sports many uses. But did you know that you can use the Cisco IOS Web server to deal with frequently used commands on your core Cisco router? David Davis tells you how to get started, and he offers some security caveats to keep in mind.

About a year ago, I wrote an article explaining how you can use a Cisco router as a Web server. In the article, I reviewed some of the basics of this approach and discussed some unique uses for the built-in Cisco IOS Web server.

However, the Cisco IOS Web server has more uses than I could cover in an article. This week, I want to discuss another way to take advantage of this feature, a method brought to my attention by TechRepublic member Edward.chan.

What if you could display your Cisco router's running-configuration simply by clicking a bookmark in your Web browser or even a desktop icon? You can use the Cisco IOS Web server to view a router's running-configuration from a URL.

With a few simple steps, you can set this up for any router or switch on your network. In fact, you can even execute other commands as well.

This is a useful approach to dealing with frequently used commands (such as show running-configuration) on your core Cisco router. Let's take a look at how to set this up.

First, you need to enable the HTTP server on your router or switch. You can accomplish this using the ip http server command when in Global Configuration Mode.

By default, the Web interface will request the enable password command for authentication. If you've configured users on your router, use any login with level 15 (preferred) access.

After you've enabled the HTTP server, you can access the running-configuration on your router using the following URL. Replace ROUTER with the name or IP address of your router.

http://ROUTER/level/15/exec/-/show/running-config/CR

Once you've authenticated, the browser will execute the show running-configuration command for your router. You can bookmark this URL by pressing [Ctrl]D.

In addition, you'll see a text box, where you can enter other commands. For example, type show ip route in this text box to view all routes on the router. When you do this, you should see a bolded area above the command output that looks something like the following:

Command base-URL was: /level/15/exec/-
Complete URL was: /level/15/exec/-/show/ip/route/CR
Command was: show ip route

Adding the router's name to the Complete URL line will display the URL to bookmark for the show ip route command. Here's an example:

http://ROUTER/level/15/exec/-/show/ip/route/CR

Once you've created a few bookmarks, you can press [Ctrl]I to open the Favorites or Bookmarks pane on the left-hand side of your browser. You can also create a desktop shortcut for the URL.

By clicking the Configure link at the top of the Web page, you can do even more. For example, you could have a URL bookmarked that shuts down the Tunnel 3 interface:

http://ROUTER/level/15/interface/Tunnel3/-/shutdown

Then, once disabled, you could re-enable it by clicking another bookmark:

http://ROUTER/level/15/interface/Tunnel3/-/no/shutdown

Keep in mind that clicking the Home link on the router will take you to the router's home page. And if you've installed Cisco's Security Device Manager (SDM) on the router, this will start SDM, which will discontinue access to the URL-based commands.

Be aware that when you use the Cisco IOS Web server in HTTP Mode, your administrative username and password travel across the network in clear text. Anyone with a protocol analyzer could potentially grab that information from the network and use it to log in. However, this is no different than using Telnet to administer your devices—something many administrators do every day.

In this article, we're talking about the regular Cisco IOS HTTP Web server that sends the information in unencrypted form, but there's also an HTTPS Web server available. But keep in mind that only Cisco IOS software images that support SSL will support the HTTPS feature—specifically, Cisco IOS Release 12.2(15)T and later.

You can use the unencrypted Web server (i.e., HTTP) on any version of the Cisco IOS, starting with version 11.2. But be aware that Cisco has released a security advisory about the Cisco IOS HTTP server. Personally, this vulnerability hasn't stopped me from using the HTTP server, but your organization's security concerns may be different.

Thanks again to TechRepublic member Edward.chan for his valuable tip. Do you have a helpful Cisco tip to share? Post it in this article's discussion.

Miss a column?

Check out the Cisco Routers and Switches Archive, and catch up on David Davis' most recent columns.

Want to learn more about router and switch management? Automatically sign up for our free Cisco Routers and Switches newsletter, delivered each Friday!

David Davis has worked in the IT industry for 12 years and holds several certifications, including CCIE, MCSE+I, CISSP, CCNA, CCDA, and CCNP. He currently manages a group of systems/network administrators for a privately owned retail company and performs networking/systems consulting on a part-time basis.

Editor's Picks