4221 router GUI access failed

Sbeckwith · ‎03-08-2019

I have a problem on a batch of 4221 routers where I cant access the webui at all. I have entered the configuration as described in the documentation. I purchased the routers as a replacement for our cisco lab but they came configured with SD-WAN so I reformatted the flash file system and copied the downgraded IOS-XE V16.6.3 and the NIM firmware files and rebooted. Everything works fine except when I try to access webui from IE 11 it just says ERROR 404 page not found. In the details it states that the web site can be reached but the page is not found. Could I have removed some files from flash when I formatted it and if so how can I get them back. the webgui: file system seems to be in tact.

Any Ideas?

TIA

Jaderson Pessoa · ‎03-08-2019

Hello,
Which protocol were you configured on your router? HTTP or HTTPS?

Do you clean your webrowser cache?

Could you provide a specific configuration for it?

thanks in advance.

Jaderson Pessoa
*** Rate All Helpful Responses ***

Sbeckwith · ‎03-15-2019

I have tried both HTTP and HTTPS I get Page not found for both.

Sbeckwith · ‎03-15-2019

Configuration for webgui
R1(config)# ip http server
R1(config)# ip http secure-server
R1(config)# ip http authentication local
R1(config)# username admin privilege 15 password cisco

balaji.bandi · ‎03-08-2019

Try below config

BB#config t

!

BB(config)# ip http server
BB(config)# ip http secure-server
BB(config)# username bbandi priv 15 secret guiaccess

!

end

http:// or https://routerip/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Sbeckwith · ‎03-15-2019

I already have this configuration.

balaji.bandi · ‎03-15-2019

If you already have same config, post the full config. and try different browsers or different PC to test.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

adrian.cepeda1 · ‎03-08-2019

Hi,

You need to specify through which interface http connection will be established.

Try:

ip http client source-interface GigabitEthernet0/0/0

balaji.bandi · ‎03-08-2019

I do not believe source interface required here to access device GUI interface.

Suggested document for reference any one required :

https://www.cisco.com/c/en/us/td/docs/routers/access/4400/software/configuration/guide/isr4400swcfg/bm_isr_4400_sw_config_guide_chapter_011.html#id_75960

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Jaderson Pessoa · ‎03-08-2019

Balaji has right, we dont need input any command reference source interface.

Just as Balaji said:
BB(config)# ip http server
BB(config)# ip http secure-server
BB(config)# username bbandi priv 15 secret guiaccess

But, maybe he already has this config and its a problem of cache on his browser. But maybe he doesn't has any config about it.

Jaderson Pessoa
*** Rate All Helpful Responses ***

adrian.cepeda1 · ‎03-08-2019

Had the same issue this morning,

Was able to access via HTTP but no with HTTPS, so sent ISR to factory values and used the wizard configuration and what I saw was that HTTPS was enabled en the difference between my configuration that was not woriking and this one done by the wizard was ip http client source-interface GigabitEthernet0/0/0

Try it, doesn´t hurt and might work.

niranjan.ghodke · ‎09-28-2019

I have same issue on my cisco ISR4431/K9

i already configured ip http server, ip http secure-server but still i get 404 page not found error.

if you have any solution please share.

balaji.bandi · ‎09-28-2019

Can you post the configuration to have look, and can you able to ping the router from the device you try to use http://routerip/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

niranjan.ghodke · ‎09-28-2019

Yes we are able to ping router on management port.

please find below configuration.

R2#sh run
Building configuration...

Current configuration : 11132 bytes
!
! Last configuration change at 11:45:42 UTC Sat Sep 28 2019
!
version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no aaa new-model
!
ip domain name xxxxxxxxxxxxxxxxxxxxxx
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-1563601512
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1563601512
revocation-check none
rsakeypair TP-self-signed-1563601512
!
crypto pki trustpoint tac
enrollment pkcs12
revocation-check crl
!
crypto pki trustpoint Entrust-root
enrollment terminal
revocation-check crl
!
crypto pki trustpoint Entrust-intermediate
enrollment terminal
revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-1563601512
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31353633 36303135 3132301E 170D3139 30383130 31323537
31385A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 35363336
30313531 32308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100D8C9 D620E925 60FAA484 6EA80889 BD5CEEBF 5D751AA1 02EAA59C
68FFBBFB 2BF15707 3C87ADF4 B9516514 44CE6A31 344D513F A2CAE5A4 09DAD2E8
AA3A2FF3 0E80026F 2E90B25A F6EA0AA5 5640F227 6006BBE8 1797DA2A 73339373
525DB18F 4BF4CCDC 7E54EAF2 7C4ED081 8CFE9DB8 1522E440 A5659A17 BBEE0909
DC198218 1BE0C81E 7B077298 22D03C28 6B64F756 0AACAD8C 47FD86B3 12C14773
9C6A07CD 563441EE DC73D6AB 42886B22 FB00DB26 77A49DF1 77382F45 43CECB3D
00ADAFFD 8D65F611 505CE777 07D0216D 8C749387 CD34A71F 40F586D4 DF45FDA5
677F320A 4564020A 99D30FE7 EFE5E11B EEBDCAD6 DA0082D9 3C04C558 671CA758
7F9F3BEF D1F90203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 1428AC26 6E2D1045 1512B77A FF86CC52 13F751C6
C6301D06 03551D0E 04160414 28AC266E 2D104515 12B77AFF 86CC5213 F751C6C6
300D0609 2A864886 F70D0101 05050003 82010100 6F9D15FE 2EB1EEB1 F839DC6A
AF3F49A1 A034887E 770B4E00 26A957C9 217D0BBD 5111F04D 33F69C81 490F58FB
E04C996B 5D308000 F10D19E3 8FFE11F6 A48A64AE 9EC106C5 D1F0805D 402B2B52
F245FA4A DEBD7E74 AF9DBB40 14A0E0C5 8781BE21 64275EB0 28E85D31 42709ACD
878B3304 331680C8 D0CAB289 A4CF6610 F3ECCD1F 6A906391 E115A24A C3644F28
459D1223 93F78899 9EE8894A 0A4D1B8B 360341DE 872A44F1 E3544033 0BBADD7B
0DC41360 C03B60A1 005EDEB1 E381581F E92C1D64 9F7891EA B6564381 290B6616
D8D909B3 A7E8AB30 D344919C F6E674D4 84AA3F0E B2C27DEA A4E2F98C D71E994B
A7762D26 5BD08F6E A5404B8F 94F40F1E 199D6B5C
quit
crypto pki certificate chain tac
certificate 00D440976E39A92A8E0000000050DE392B
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
quit
crypto pki certificate chain xxxxxxxxxxxxxxx
certificate ca 4A538C28
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
quit
crypto pki certificate chain xxxxxxxxxxxxxxxxxxxx
!
license udi pid ISR4431/K9 sn FOC23231979
license accept end user agreement
license boot level securityk9
no license smart enable
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
!
username xxxxxxxxxxxxxxxx privilege 15 password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
redundancy
mode none
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
description "connected to Reliance"
ip address x.x.x.x 255.255.255.252
ip access-group block_1 out
negotiation auto
!
interface GigabitEthernet0/0/1
description "connected to WAN-SW Gi2/0/13"
ip address x.x.x.x 255.255.255.240
negotiation auto
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/3
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 172.30.56.246 255.255.255.0
negotiation auto
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip tftp source-interface GigabitEthernet0
ip route 0.0.0.0 0.0.0.0 x.x.x.x
ip route vrf Mgmt-intf 172.30.58.0 255.255.255.0 x.x.x.x
!
!
!
ip access-list extended access
ip access-list extended block
ip access-list extended block_1
permit icmp any host x.x.x.x echo
permit icmp any host x.x.x.x echo-reply
permit icmp any host x.x.x.x echo
permit icmp any host x.x.x.x echo-reply
deny icmp any any
permit ip any any
ip access-list extended block_1_insideinterface
ip access-list extended remote-access
permit tcp host x.x.x.x any eq 22
permit tcp host x.x.x.x any eq 22
permit tcp host x.x.x.x any eq 22
permit tcp host x.x.x.x any eq 22
permit tcp host x.x.x.x any eq 22
permit tcp host x.x.x.x any eq 22
permit tcp host x.x.x.x any eq 22
permit tcp host x.x.x.x any eq 443
!
!
!
!
control-plane
!
!
line con 0
logging synchronous
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
privilege level 15
login local
transport input ssh
line vty 5 15
login local
transport input ssh
!
!
!
!
!
!
end

niranjan.ghodke · ‎09-29-2019

CCP not support under IOS-XE

IOS-XE support WebUI