Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1166
Views
0
Helpful
5
Replies

2900 router Web portal without authentication

Michael Durham
Level 4
Level 4

‎03-05-2020 10:58 AM

I have a 2911 router with some custom .html pages that I am storing on the flash drive.  I need for users to be able to JUST access and click links on this custom page WITHOUT the need to enter router login credentials.  This of this as a micro web server that delivers .pdf files to the user.  There is no reason for them to have to logon.

 

Labels:
0 Helpful
5 Replies 5

Cristian Matei
VIP Alumni
VIP Alumni

‎03-13-2020 04:17 AM

Hi,

 

    It's not recommended, for security reasons to run a "web server" on your router, especially unauthenticated. If you want fo it, ensure the web serves is reachable only from the subnets you want, to minimise the impact. Here's the config:

 

aaa new-model

aaa authentication login HTTP_LOGIN none

!

access-list 10 permit 1.1.1.1

!

ip http server

ip http access-class 10

ip http authentication aaa login-authentication HTTP_LOGIN

 

   Take note that when you enable aaa, the VTY line automatically convert from line password authentication, to username/password authentication, so if you don't have a username/password configured, you'll loose remote access via telnet/ssh.

 

Regards,

Cristian Matei.

0 Helpful

Michael Durham
Level 4
Level 4
In response to Cristian Matei

‎03-13-2020 10:57 AM

I tried that and it still asks for the password.  All I need is for it to be in the view mode.  This internal router web server only allows internal users to download IP phone manuals in the .pdf format.  We will SSH for any router config changes needed. 

The code I put in:
!
aaa new-model
!
aaa authentication login default local
aaa authentication login HTTP_LOGIN none
!
aaa session-id common
!
username guest privilege 5 password 7 0705F4D06
username test privilege 15 password 7 000750754
!
ip forward-protocol nd
!
ip http server
ip http access-class 20
ip http authentication aaa login-authentication HTTP_LOGIN
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip http path flash:GUI
!
access-list 20 remark Networks Allowed onto the router's web server
access-list 20 permit 1.2.3.4
access-list 20 permit 192.168.100.0 0.0.0.255
!
!

 

router.jpg

Giving what I am trying to do, would using the interface Embedded-Service-Engine0/0 meet my needs?

0 Helpful

Cristian Matei
VIP Alumni
VIP Alumni
In response to Michael Durham

‎03-13-2020 12:28 PM

Hi,

 

   Can you just click on the OK button, without adding any credentials?

 

Regards,
Cristian Matei

0 Helpful

Michael Durham
Level 4
Level 4
In response to Cristian Matei

‎03-13-2020 03:42 PM

It just comes back again.  I even tried Chrome browser, same results.

0 Helpful

Cristian Matei
VIP Alumni
VIP Alumni
In response to Michael Durham

‎03-14-2020 03:16 AM

Hi,

 

    The configuration is correct, so either you're hitting a bug, either unauthenticated access to the GUI is no longer allowed, probably due to security reasons. Why don't you have a username/password that everyone can use, if you don't really care about authentication?

 

Regards,

Cristian Matei.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card