Want to learn more about router and switch management? Automatically sign up for our free Cisco Routers and Switches newsletter, delivered each Friday!
Did you know that you can use your Cisco router as a Web server? It may sound like a strange idea, but it's certainly viable. These days, it's entirely possible to store 256 MB of Flash on a router.
For example, say you have a Web page, graphic, diagram, document, or file that you want to store. No Web or file server exists at the site, but there is a Cisco router.
Cisco IOS routers have offered a HTTP interface since IOS 11.2, which provided a HTTP 1.0-compliant Web server in the IOS. The introduction of IOS 12.2(15)T enhanced this to offer an HTTP 1.1 Web server that offers Secure Socket Layer (SSL) Version 3.
There's only one catch: You must have Level 15 (root) access to retrieve the file. You can only access files if you have the Level 15 (root) login username and password. As far as I can tell, the Cisco IOS doesn't allow file access any other way.
Let's take a look at how you can take advantage of the Cisco IOS Web server on your router.
To begin, use the Trivial File Transfer Protocol (TFTP) to transfer whatever you want to serve to the router's Flash drive. You can also use any drive (e.g., NVRAM, PCMCIA Flash card slot, or a subdirectory on the router).
One caveat: Be careful when using the copy tftp flash command. By default, it asks if you want to erase Flash. If you accidentally answer yes, you'll erase your IOS operating system.
Figure A shows an example of what it looks like after using TFTP to transfer a Web page and graphic.
Next, enable ip http server while in global configuration mode. Set the path to the location of your files. For our example, we'll put them on the root Flash drive. Here's an example:
ip http server ip http path flash:
Of course, you can also make this a HTTPS (i.e., secured) server using the following command:
ip http secure-server
I've provided several links to documentation on the IOS HTTP Web server and related commands at the end of this article. But to save you some time, here's a quick list of important commands you should know. All commands are in global configuration mode and begin with ip http.
- access-class: This restricts access to your Web server using an access list.
- authentication: This sets the authentication for login to the Web server to either local, enable, or tacacs.
- path: This establishes the root path where the Web server begins looking for files.
- port: This allows you to change the port number for the Web server from 80 to another port.
- server: This enables and disables the Web server.
- secure-server: This enables and disables the SSL Web server.
Don't forget about the "catch" I mentioned earlier; you must have Level 15 (root) access. If you don't have this access, here's what you can do: If you have another privilege level, gain access to the exec command line and perform whatever commands you have access to, based on your user level.
For example, let's say you have privilege Level 7 and an enabled HTTP server. If so, you can go to http://myrouter/level/07/exec. (For more documentation about the different ways to accomplish this, check out Cisco's Sample Configuration: Local Authentication for HTTP Server Users.)
If you're an administrator, you can access your files using this URL, which should include the router, a slash, and the filename. (There is no default page name.) Figure B shows an example.
|Notice how the Web page also shows the transferred graphic.|
Most network administrators will agree that a router is not the best Web server; while it can work, it definitely isn't the best tool for the job. Now that I've shown you how a router can be useful when you're in a pinch, let's look at how to properly configure the Cisco IOS Web server.
This Web server's most common uses involve the following applications.
- You can administer the router through a Web browser, as shown in Figure C. However, this use offers limited functionality, and you usually end up having to know the command line anyway.
- You can also use the Security Device Manager (SDM), as shown in Figure D. This is a great tool for administering your router, checking security, and monitoring performance.
- You can also use a variety of other Cisco paid applications, such as QoS Device Manager (QDM), VPN Device Manager (VDM), and VoIP application servers.
For more information
Check out these links for Cisco documentation on the IOS Web server, related commands, and more.
- Configuration Guide: HTTP 1.1 Web Server and Client
- Command Reference: ip http commands
- HTTPS: HTTP Server and Client with SSL 3.0
- Key Differences between HTTP/1.0 and HTTP/1.1
David Davis has worked in the IT industry for 12 years and holds several certifications, including CCIE, MCSE+I, CISSP, CCNA, CCDA, and CCNP. He currently manages a group of systems/network administrators for a privately owned retail company and performs networking/systems consulting on a part-time basis.