cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Popup Hotspot Using ISR 1000 with WiFi/LTE for Teleworkers and Micro Branchesr
301
Views
0
Helpful
5
Replies
Highlighted
Enthusiast

2900 router Web portal without authentication

I have a 2911 router with some custom .html pages that I am storing on the flash drive.  I need for users to be able to JUST access and click links on this custom page WITHOUT the need to enter router login credentials.  This of this as a micro web server that delivers .pdf files to the user.  There is no reason for them to have to logon.

 

Everyone's tags (1)
5 REPLIES 5
Highlighted
Collaborator

Re: 2900 router Web portal without authentication

Hi,

 

    It's not recommended, for security reasons to run a "web server" on your router, especially unauthenticated. If you want fo it, ensure the web serves is reachable only from the subnets you want, to minimise the impact. Here's the config:

 

aaa new-model

aaa authentication login HTTP_LOGIN none

!

access-list 10 permit 1.1.1.1

!

ip http server

ip http access-class 10

ip http authentication aaa login-authentication HTTP_LOGIN

 

   Take note that when you enable aaa, the VTY line automatically convert from line password authentication, to username/password authentication, so if you don't have a username/password configured, you'll loose remote access via telnet/ssh.

 

Regards,

Cristian Matei.

Highlighted
Enthusiast

Re: 2900 router Web portal without authentication

I tried that and it still asks for the password.  All I need is for it to be in the view mode.  This internal router web server only allows internal users to download IP phone manuals in the .pdf format.  We will SSH for any router config changes needed. 

The code I put in:
!
aaa new-model
!
aaa authentication login default local
aaa authentication login HTTP_LOGIN none
!
aaa session-id common
!
username guest privilege 5 password 7 0705F4D06
username test privilege 15 password 7 000750754
!
ip forward-protocol nd
!
ip http server
ip http access-class 20
ip http authentication aaa login-authentication HTTP_LOGIN
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip http path flash:GUI
!
access-list 20 remark Networks Allowed onto the router's web server
access-list 20 permit 1.2.3.4
access-list 20 permit 192.168.100.0 0.0.0.255
!
!

 

router.jpg

Giving what I am trying to do, would using the interface Embedded-Service-Engine0/0 meet my needs?

Highlighted
Collaborator

Re: 2900 router Web portal without authentication

Hi,

 

   Can you just click on the OK button, without adding any credentials?

 

Regards,
Cristian Matei

Highlighted
Enthusiast

Re: 2900 router Web portal without authentication

It just comes back again.  I even tried Chrome browser, same results.

Highlighted
Collaborator

Re: 2900 router Web portal without authentication

Hi,

 

    The configuration is correct, so either you're hitting a bug, either unauthenticated access to the GUI is no longer allowed, probably due to security reasons. Why don't you have a username/password that everyone can use, if you don't really care about authentication?

 

Regards,

Cristian Matei.