Cisco Systems

N3t W0rK3r · ‎12-21-2009

I have a Cisco ASR 1002 on which I am trying to configure the IOS WebUI following the direction here:

http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/chassis/webui.html

Problem is, I can only seem to get the so-called legacy interface running, but not the graphical interface.

I am running:

Cisco IOS Software, IOS-XE Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M), Version 12.2(33)XNE, RELEASE SOFTWARE (fc1)

Here is some added info:

ASR#show transport-map name https-webui
Transport Map:
Name: https-webui
Type: Persistent Webui Transport

Webui:
Server: disabled
Secure Server: enabled

ASR#show ip http server secure status
HTTP secure server status: Enabled
HTTP secure server port: 443
HTTP secure server ciphersuite: 3des-ede-cbc-sha des-cbc-sha rc4-128-md5 rc4-128-sha
HTTP secure server client authentication: Disabled
HTTP secure server trustpoint:
HTTP secure server active session modules: ALL
Sudbury-ASR#show ip http server all
HTTP server status: Disabled
HTTP server port: 80
HTTP server authentication method: aaa
HTTP server access class: 0
HTTP server base path:
HTTP server help root:
Maximum number of concurrent server connections allowed: 5
Server idle time-out: 180 seconds
Server life time-out: 180 seconds
Maximum number of requests allowed on a connection: 1
HTTP server active session modules: ALL
HTTP secure server capability: Present
HTTP secure server status: Enabled
HTTP secure server port: 443
HTTP secure server ciphersuite: 3des-ede-cbc-sha des-cbc-sha rc4-128-md5 rc4-128-sha
HTTP secure server client authentication: Disabled
HTTP secure server trustpoint:
HTTP secure server active session modules: ALL

HTTP server application session modules:
Session module Name Handle Status   Secure-status Description
HOME_PAGE             2      Active   Active         IOS Homepage Server
QDM                   3      Active   Active         QoS Device Manager Server
HTTP_IFS              1      Active   Active         HTTP based IOS File Server
QDM_SA                4      Active   Active         QoS Device Manager Signed Applet Server
WEB_EXEC              5      Active   Active         HTTP based IOS EXEC Server

HTTP server current connections:
local-ipaddress:port remote-ipaddress:port in-bytes out-bytes

HTTP server statistics:
Accepted connections total: 71

HTTP server history:
local-ipaddress:port remote-ipaddress:port in-bytes out-bytes end-time

Any idea where I may have gone wrong with this config?

Thanks in advance.

John

Giuseppe Larosa · ‎12-28-2009

Hello John,

posting your current config would have been of help. filter username/pwds and mask public ip addresses

Have you followed the procedure that you have linked after first steps?

Have you configured the management ethernet interface as explained in the following note?

The web user interface will not work if the Management Ethernet interface has not been configured or is not working; specifically, the default route must be specified in the Management Ethernet VRF before the web user interface can be configured.
See the "Using the Management Ethernet Interface" chapter for information on configuring the Management Ethernet interface on your router. See the "Setting a Default Route in the Management Ethernet Interface VRF" section on page 8-4 chapter for information on configuring a default route in the Management Ethernet interface on your router.

sorry if these are basic questions but these are to just to start the thread.

Hope to help

Giuseppe

bhunsaker_2 · ‎07-29-2010

Same problem here. Must be missing something simple.

The web page that is displayed looks anemic:

---

Cisco Systems

Accessing Cisco ASR1002 "routera"

Show diagnostic log - display the diagnostic log.
Monitor the router - HTML access to the command line interface at level 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15
Show tech-support - display information commonly needed by tech support.
Extended Ping - Send extended ping commands.
QoS Device Manager - Configure and monitor QoS through the web interface.

Help resources

CCO at www.cisco.com - Cisco Connection Online, including the Technical Assistance Center (TAC).
tac@cisco.com - e-mail the TAC.
1-800-553-2447 or +1-408-526-7209 - phone the TAC.
cs-html@cisco.com - e-mail the HTML interface development group.

----

My software version:

Cisco IOS Software, IOS-XE Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M), Version 12.2(33)XND2, RELEASE SOFTWARE (fc1)

System image file is "bootflash:asr1000rp1-adventerprisek9.02.04.02.122-33.XND2.bin"

Here are my configuration commands:

!   Although we don't plan on using the management interface for now, the web
!   user interface will not work if the Management Ethernet interface has not
!   been configured or is not working; specifically, the default route must be
!   specified in the Management Ethernet VRF before the web user interface can
!   be configured.

ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 10.xxx.yyy.254
interface GigabitEthernet0
ip address 10.xxx.yyy.1 255.255.255.0
exit

! Allow manaagement access from our management stations only.

no ip access-list standard 20
ip access-list standard 20

permit host 10.xxx.zzz.1
permit host 10.xxx.zzz.2

exit

! Enable https webui

no ip http server
ip http secure-server
ip http authentication local
ip http access-class 20

! The above enables the legacy web user interface. We'll also enable the
! graphics-based web user interface.

transport-map type persistent webui https-webui
secure-server
exit

transport type persistent webui input https-webui

When I enter the "transport type persistent webui input https-webui" command, I get the following message:

Please enable (ip http) secure-server and set desired port information.

Here's a obscured version of the running config:

!
! Last configuration change at 16:02:23 MDT Thu Jul 29 2010
! NVRAM config last updated at 15:08:00 MDT Thu Jul 29 2010
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname routera
!
boot-start-marker
boot-end-marker
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
logging buffered 1048576 informational
logging console errors
logging monitor errors
enable secret 5
enable password
!
no aaa new-model
!
transport-map type persistent webui https-webui
secure-server
!
clock timezone MST -8
clock summer-time MDT recurring
syscon address 10.www.xxx.44 burp
syscon shelf-id 0
ip subnet-zero
ip source-route
no ip domain lookup
ip domain name domain.com
!
!
!
!
!
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-28998717235
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-28998717235
revocation-check none
rsakeypair TP-self-signed-2899871775
!
!
crypto pki certificate chain TP-self-signed-2899871235
certificate self-signed 01
quit
username bob privilege 15 password 0
!
redundancy
mode none
!
!!
!
!
interface GigabitEthernet0/0/0
description Connects to tier 1 switch in the left powerhouse phone room.
ip address 10.xxx.aaa.1 255.255.255.0 secondary
ip address 10.xxx.zzz.1 255.255.255.0
negotiation auto
vrrp 100 description Our one and only active interface on this router.
vrrp 100 ip 10.xxx.zzz.254
vrrp 100 ip 10.xxx.aaa.254 secondary
vrrp 100 priority 110
vrrp 100 authentication text t1auth
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/0/3
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 10.xxx.yyy.1 255.255.255.0
negotiation auto
no mop enabled
!
ip classless
ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 10.xxx.yyy.254
!
no ip http server
ip http access-class 20
ip http authentication local
ip http secure-server
!
logging facility local5
logging 10.xxx.yyy.251
access-list 20 permit 10.xxx.zzz.1
access-list 20 permit 10.xxx.zzz.2
!
!
!
control-plane
!
banner login ^C
Be careful out there
^C
!
line con 0
stopbits 1
line aux 0
line vty 0 4
login local
transport input ssh
!
transport type persistent webui input https-webui
!
ntp server 10.xxx.zzz.119
end

Any ideas why I can't even get the legacy web interface shown in the Cisco docs?

Thanks!

N3t W0rK3r · ‎06-28-2011

Still no solution to this, eh? I decided to look into this problem again after some time away from it, but cannot get any furhter ahead.

Hoping someone with an answer may pick-up on this this time around.

dreams_as_money · ‎11-28-2011

Hi

update to latest ios will work for example:

asr1000rp1-adventerprisek9.03.04.01.S.151-3.S1.bin

regards

mwannemacher · ‎06-30-2016

hello,

please be aware of that. i got the same issue and solved it here:

https://quickview.cloudapps.cisco.com/quickview/bug/CSCuo46375

mkhalil10 · ‎10-12-2015

I have the same issue , i am using 155-1.s1

I just get the basic web interface

nathan.kiel.pgi · ‎01-25-2012

I had a similar issue but with mine I was seeing the advanced web interface but some features within it were not working. For an error message in the non-working portions of the interface, it stated 'IOS is inaccessible or down'.

I noticed that if I removed the access-class for ip http that it was fully functional.

Apparently at least the ASR1013 communicates with an internal service.

if you run 'show ip http server all' you get a netstat output like this:

Note: I replaced my IP with #.#.#.# in the output.

HTTP server history:

local-ipaddress:port remote-ipaddress:port in-bytes out-bytes end-time

#.#.#.#:443 10.120.0.1:18432 0 0 22:00:01 01/25

#.#.#.#:443 10.120.0.1:60727 343 200 22:00:03 01/25

#.#.#.#:443 10.120.0.1:11390 386 200 22:00:14 01/25

#.#.#.#:443 10.120.0.1:5716 386 2117 22:00:20 01/25

#.#.#.#:443 10.120.0.1:18065 367 137 22:00:20 01/25

#.#.#.#:443 10.120.0.1:59682 397 137 22:00:21 01/25

#.#.#.#:443 10.120.0.1:34330 432 5929 22:00:29 01/25

192.168.1.2:443 192.168.1.1:38016 118 200 22:07:09 01/25

192.168.1.2:443 192.168.1.1:38017 118 200 22:07:22 01/25

192.168.1.2:443 192.168.1.1:38018 161 2117 22:07:22 01/25

192.168.1.2:443 192.168.1.1:50212 192 3524 22:07:39 01/25

192.168.1.2:443 192.168.1.1:50211 149 200 22:07:40 01/25

192.168.1.2:443 192.168.1.1:50214 191 14460 22:08:46 01/25

192.168.1.2:443 192.168.1.1:50213 148 200 22:08:46 01/25

192.168.1.2:443 192.168.1.1:50216 193 2246 22:09:12 01/25

192.168.1.2:443 192.168.1.1:50218 194 3598 22:09:12 01/25

192.168.1.2:443 192.168.1.1:50215 150 200 22:09:12 01/25

192.168.1.2:443 192.168.1.1:50217 151 200 22:09:12 01/25

192.168.1.2:443 192.168.1.1:32877 118 200 22:13:25 01/25

192.168.1.2:443 192.168.1.1:42057 118 200 22:20:26 01/25

Notice that there is internal communication with the web service on IP addresses 192.168.1.2 and 192.168.1.1. I had to add 192.168.1.1 to my access-list and re-add the ip http access-class statement. Once I did that full functionality to the website was available.

Thus, you may have issues with an assigned access-list to your ip http config. It may even prevent your advanced web interface from working.

Something to check. Btw, I do not have these 192.168.1.x IP addresses in my configuration at all.

ASR1013#show ip route 192.168.1.1

% Network not in table

ASR1013#show ip route 192.168.1.2

% Network not in table

ASR1013#

Btw, I'm running:

Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.2(1)S, RELEASE SOFTWARE (fc1)

On an RP2

kobarley1078 · ‎04-07-2016

Hi,

I have the same problem one the ASR1002-X.

Did you solve that?

My running-config on the ASR is almost the same of your.

If you have the solution of that, Colud you help me?

Thank you.

Danniel

mwannemacher · ‎06-30-2016

hello,

please be aware of that. i got the same issue and solved it here:

https://quickview.cloudapps.cisco.com/quickview/bug/CSCuo46375

Problems configuring IOS Web User Interface

Cisco Systems

Accessing Cisco ASR1002 "routera"

Help resources