Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2087
Views
0
Helpful
7
Replies

can't login to cisco router from the web interface

Majed Zouhairy
Level 1
Level 1

‎08-02-2017 02:57 AM - edited ‎03-11-2019 12:54 AM

Peace,

here is the configuration,

aaa authentication login default group qwe local
aaa authentication login no_tacacs enable
aaa authentication enable default group qwe enable

.....

no ip http server

ip http authentication aaa

ip http secure-server

when i log in to the router,

i get this in the debug:

014682: Aug  2 12:53:10.278: AAA/BIND(00000E54): Bind i/f
014683: Aug  2 12:53:10.278: AAA/AUTHEN/LOGIN (00000E54): Pick method list 'default'

what else do i have to do to login using tacacs?

Labels:
0 Helpful
7 Replies 7

Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-02-2017 03:17 AM

Is your qwe group configured and available?

Do you see packets on it (the tacacs server) coming from your router?

Have you configured the router on the tacacs server using the correct IP address (sometimes helps to use "ip tacacs source-interface" on the router) and tacacs key?

0 Helpful

Majed Zouhairy
Level 1
Level 1
In response to Marvin Rhoads

‎08-02-2017 03:59 AM

Well i can log in from ssh, and i tried looking at the monitoring and reports but it doesn't show anything or i didn't understand what to look for.

ip tacacs source-interface Loopback1

interface Loopback1
 ip address 10.0.5.11 255.255.255.255

i was trying to log through another ip, so i thought you got it and i tried 10.0.5.11 but failed.

anything to try?

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Majed Zouhairy

‎08-02-2017 05:30 AM

So when you login via ssh you are using the aaa server credentials?

If so, you should see the successful login in your aaa server logs.

Similarly, you should see failures for the http authentication.

0 Helpful

Majed Zouhairy
Level 1
Level 1
In response to Marvin Rhoads

‎08-02-2017 07:13 AM

the tacacs logs showed only successful logins for my username on the particular device.

i had tried earlier to enter this:

ip http authentication aaa login-authentication qwe

but it warned that qwe is not present.

sounds like there is some missing command.

0 Helpful

Majed Zouhairy
Level 1
Level 1
In response to Majed Zouhairy

‎08-04-2017 02:08 AM

I tried  ip http authentication local

now i get logged in but to a blank page.

i added

ip http server

also gets logged in with blank page.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Majed Zouhairy

‎08-04-2017 06:14 AM

What model of router and IOS version do you have?

Have you checked the flash to make sure the html directory hasn't been deleted?

0 Helpful

Majed Zouhairy
Level 1
Level 1
In response to Marvin Rhoads

‎08-06-2017 11:28 PM

2921, 15.4(3)M4, and there is the home.shtml for example in flash and

ccpexp/CCPExpress_3.1_Open_Source_Documentation.html

to list a few. what do you think?

0 Helpful
Customers Also Viewed These Support Documents