Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3238
Views
0
Helpful
3
Replies

Trying to configure WebUi access

Go to solution
JiriB0609
Level 1
Level 1

‎05-05-2021 08:54 AM

Hi guys,

I am visiting a remote office with 4221 router. I dont work with CISCO so I trying to get to WebUi to avoid CLI. Currently I cannot even SSH and have to specifically Telnet from PUTTY. WebUI is accessible, but it refuses my credentials (Wrong Credentials. Please Login again.) which are the same I use for Telnet.

 

*May  5 15:44:52.660: %WEBSERVER-5-LOGIN_FAILED:  SIP0: :  Login Un-Successful from host 172.20.15.23 by user 'admin'

 

I tried to do my own research on how to configure Local Authentication for HTTP Server Users and found just few varations on commands from this article (https://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/13852-http-1.html#local)

 

No change. It doesnt accept both my telnet credentials and users I created myself.  wasnt able to find anything else (super unstable 3G connectivity only). Can you give me some pointers? This is my sanitized running config:

 

 

 

Building configuration...


Current configuration : 4647 bytes
!
! Last configuration change at 15:41:41 UTC Wed May 5 2021
!
version 16.6
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname XXX
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 XXXX
enable password XXX
!
aaa new-model
!
!
aaa authentication login default local
!
!
!
!
!
!
aaa session-id common
!
ip dhcp excluded-address 172.20.18.1 172.20.18.10
ip dhcp excluded-address 172.20.18.129 172.20.18.139
ip dhcp excluded-address 172.20.15.1 172.20.15.10
ip dhcp excluded-address 172.20.15.129 172.20.15.139
ip dhcp excluded-address 172.20.16.1 172.20.16.10
ip dhcp excluded-address 172.20.16.129 172.20.16.139
ip dhcp excluded-address 172.20.17.1 172.20.17.10
ip dhcp excluded-address 172.20.17.129 172.20.17.139
ip dhcp excluded-address 172.20.18.126
ip dhcp excluded-address 172.20.17.254
ip dhcp excluded-address 172.20.17.126
ip dhcp excluded-address 172.20.16.126
ip dhcp excluded-address 172.20.16.254
ip dhcp excluded-address 172.20.15.126
ip dhcp excluded-address 172.20.15.254
!
ip dhcp pool BATIMENT_A
network 172.20.18.0 255.255.255.128
dns-server 8.8.8.8
domain-name XXX
netbios-name-server 172.20.15.5
default-router 172.20.18.1
lease 0 12
!
ip dhcp pool BATIMENT_B
network 172.20.17.128 255.255.255.128
default-router 172.20.17.129
dns-server 8.8.8.8
domain-name XX
netbios-name-server 172.20.15.5
lease 0 12
!
ip dhcp pool BATIMENT_C
network 172.20.15.0 255.255.255.128
default-router 172.20.15.1
dns-server 8.8.8.8
domain-name XX
netbios-name-server 172.20.15.5
lease 0 12
!
ip dhcp pool BATIMENT_D
network 172.20.15.128 255.255.255.128
domain-name XX
netbios-name-server 172.20.15.5
dns-server 8.8.8.8
default-router 172.20.15.129
lease 0 12
!
ip dhcp pool BATIMENT_E
network 172.20.16.0 255.255.255.128
default-router 172.20.16.1
dns-server 8.8.8.8
netbios-name-server 172.20.15.5
domain-name XX
lease 0 12
!
ip dhcp pool BATIMENT_F
network 172.20.16.128 255.255.255.128
domain-name XX
netbios-name-server 172.20.15.5
dns-server 8.8.8.8
default-router 172.20.16.129
lease 0 12
!
ip dhcp pool BATIMENT_G
network 172.20.17.0 255.255.255.128
default-router 172.20.17.1
dns-server 172.20.15.5
netbios-name-server 172.20.15.5
domain-name XX
lease 0 12
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
license udi pid XX snXX
diagnostic bootup level minimal
spanning-tree extend system-id
!
!
!
username XXX privilege 15 password 0 XXX
username XXX privilege 15 password 0 XX
username XX password 0 XX privelege 15
username XXX privilege 7 password 0 XX
username XX privilege 15 password 0 XXX
!
redundancy
mode none
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
ip address dhcp
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
ip nat inside
negotiation auto
!
interface GigabitEthernet0/0/1.10
encapsulation dot1Q 10
ip address 172.20.18.1 255.255.255.128
ip nat inside
!
interface GigabitEthernet0/0/1.20
encapsulation dot1Q 20
ip address 172.20.17.129 255.255.255.128
ip nat inside
!
interface GigabitEthernet0/0/1.30
encapsulation dot1Q 30
ip address 172.20.15.1 255.255.255.128
ip nat inside
!
interface GigabitEthernet0/0/1.40
encapsulation dot1Q 40
ip address 172.20.15.129 255.255.255.128
ip nat inside
!
interface GigabitEthernet0/0/1.50
encapsulation dot1Q 50
ip address 172.20.16.1 255.255.255.128
ip nat inside
!
interface GigabitEthernet0/0/1.60
encapsulation dot1Q 60
ip address 172.20.16.129 255.255.255.128
ip nat inside
!
interface GigabitEthernet0/0/1.70
encapsulation dot1Q 70
ip address 172.20.17.1 255.255.255.128
ip nat inside
!
ip nat inside source list 100 interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
ip http server
ip http authentication aaa
ip http secure-server
!
!
access-list 100 permit ip 172.20.15.0 0.0.0.127 any
access-list 100 permit ip 172.20.15.128 0.0.0.127 any
access-list 100 permit ip 172.20.16.0 0.0.0.127 any
access-list 100 permit ip 172.20.16.128 0.0.0.127 any
access-list 100 permit ip 172.20.17.0 0.0.0.127 any
access-list 100 permit ip 172.20.17.128 0.0.0.127 any
access-list 100 permit ip 172.20.18.0 0.0.0.127 any
!
!
!
!
!
!
control-plane
!
!
line con 0
transport input none
stopbits 1
line vty 0 4
password XXX
!
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
!
end

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JiriB0609
Level 1
Level 1
In response to JiriB0609

‎05-06-2021 12:35 AM

 Fixed by 

aaa authorization exec default local

View solution in original post

0 Helpful
3 Replies 3

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎05-05-2021 09:03 AM

I do not see any SSH config, can you post show ip ssh output.

Since you are masked username , do you have user called admin ?

 

you can use debug to see what is wrong :

 

debug ip http authentication
debug aaa authentication
debug aaa authorization

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
JiriB0609
Level 1
Level 1
In response to balaji.bandi

‎05-06-2021 12:27 AM

Thanks for the tip! Cannot say it makes much sense to me. What I have configured is user "admin", but the log is showing copyrightbanneruser

 

*May  6 07:16:34.790: AAA/AUTHEN/LOGIN (00000000): Pick method list 'default'
*May  6 07:16:34.791: AAA/AUTHOR (0x0): Invalid method list id=0x0
*May  6 07:16:34.791: %WEBSERVER-5-LOGIN_FAILED:  SIP0: :  Login Un-Successful from host 172.20.15.80 by user 'admin'
*May  6 07:16:34.796: AAA/BIND(00004E99): Bind i/f
*May  6 07:16:34.796: AAA/BIND(00004E9A): Bind i/f
*May  6 07:16:34.804: AAA/AUTHOR: auth_need : user= 'copyrightbanneruser' ruser= 'RouterHostName'rem_addr= 'async' priv= 1 list= '' AUTHOR-TYPE= 'commands'
*May  6 07:16:34.987: AAA/BIND(00004E9B): Bind i/f
*May  6 07:16:34.987: AAA/BIND(00004E9C): Bind i/f
*May  6 07:16:34.989: AAA/AUTHOR: auth_need : user= 'copyrightbanneruser' ruser= 'RouterHostName'rem_addr= 'async' priv= 15 list= '' AUTHOR-TYPE= 'commands'
0 Helpful

Go to solution
JiriB0609
Level 1
Level 1
In response to JiriB0609

‎05-06-2021 12:35 AM

 Fixed by 

aaa authorization exec default local
0 Helpful
Customers Also Viewed These Support Documents