cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1138
Views
1
Helpful
30
Replies

Unable to access Cisco 4221 web login page

mayanksahni
Level 1
Level 1

Hi,

We have a cisco 4221 router. When I try accessing its GUI page on https://192.168.10.1 its not letting me access that.

What all I have tried and not working is as follows:

  1. Tried older version of firefox which supports TLS 1
  2. Tried fiddling with the firefox setting security.tls.version
  3. Tried using internet explorer
  4. Tried changing internet options settings for internet explorer

Please help me with that.

 

PS: I am not a network expert. I am amateur at it. But I can manage configuration through GUI.

30 Replies 30

balaji.bandi
Hall of Fame
Hall of Fame

check below link and let me know if tht help you :

https://community.cisco.com/t5/routing/how-to-configure-cisco-4221-web-ui-for-wan-configuration/td-p/4814336

if still issue post below output ;

show version

show logging

show run

show ip ssh

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

SHOW VERSION

Router>show version
Cisco IOS XE Software, Version 16.08.01
Cisco IOS Software [Fuji], ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9_IAS-M), V ersion 16.8.1, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Tue 27-Mar-18 13:43 by mcpre


Cisco IOS-XE software, Copyright (c) 2005-2018 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.


ROM: IOS-XE ROMMON

Router uptime is 20 minutes
Uptime for this control processor is 22 minutes
System returned to ROM by PowerOn
System image file is "bootflash:isr4200-universalk9_ias.16.08.01.SPA.bin"
Last reload reason: PowerOn

 

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

 

Suite License Information for Module:'esg'

--------------------------------------------------------------------------------
Suite Suite Current Type Suite Next reboot
--------------------------------------------------------------------------------
FoundationSuiteK9 None None None
securityk9
appxk9


Technology Package License Information:

-----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
appxk9 None None None
securityk9 securityk9 Permanent securityk9
ipbase ipbasek9 Permanent ipbasek9

cisco ISR4221/K9 (1RU) processor with 1788426K/6147K bytes of memory.
Processor board ID FGL2421LVK4
1 Virtual Ethernet interface
6 Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
7081983K bytes of flash memory at bootflash:.
0K bytes of WebUI ODM Files at webui:.

Configuration register is 0x2102

 

SHOW IP SSH

Router>show ip ssh
SSH Enabled - version 1.99
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa
Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr
MAC Algorithms:hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96
KEX Algorithms:diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 2048 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded): TP-self-signed-1236578148
%SSH: Failed to encode IOS ASN.1 to SECSH format
Router>

 

Also at ip http secure-server command I am getting the following error:

Router(config)#ip http secure-server
CRYPTO_PKI: setting trustpoint policy for TP-self-signed-1236578148 to specify TP-self-signed-1236578148 keypair usageFailed to generate persistent self-signed certificate.
Secure server will use temporary self-signed certificate.

mayanksahni
Level 1
Level 1

@balaji.bandi @Flavio Miranda @azolfi78 

Please help me further. I truly appreciate your response.

enable the debug on the router and access the Page from PC and post the debug logs here.

I never had so much difficulty to access GUI for testing :

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/https/configuration/xe-16/https-xe-16-book/HTTP_1-1_Web_Server_and_Client.html

I also suggest to - zero the keys and configures ip ssh version 2

crypto key generate rsa usage-keys modulus 2048

Another thing, you are not getting any prompt at all, or you getting prompt and username and password input later you getting error ? 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

How to enable debug on router and how will I be able to access the logs?

I performed the steps mentioned in the link but still the same problem persists.

Crypto command says "Please define a hostname other than Router."

I am not getting any prompt at all.

 

 

Is it easier if there is a way I could reset everything on router and GUI shows up normally like the other small routers?

If this is not production router, then write erase and reload and start from bootstrap.

below standard base config i use it works as expected :

config t
!
hostname MyRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$jtK0$yyHFcVM7xyelts1csVwrV/
!
username cisco privilege 15 secret 5 $1$0qFD$ZEMDi.7z1QTtF4EuPdlSY.
aaa new-model
!
aaa authorization config-commands
!
aaa session-id common
clock timezone GMT 0 0
clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 2:00
!
no ip domain-lookup
ip domain-name bb.com
ip cef
no ipv6 cef
!

interface GigabitEthernet0/0
ip address x.x.x.x 255.255.255.0
no shutdow
!
!
ip http server
ip http secure-server
!
ip ssh version 2
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous level 0 limit 20
stopbits 1
line aux 0
line vty 0
privilege level 15
password cisco
transport input ssh
line vty 1
privilege level 15
password cisco
length 0
transport input ssh
line vty 2 4
privilege level 15
password cisco
transport input ssh
!
!
end


######### Generate SSH keys :
crypto key generate rsa

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Yes, that's not production router and I need its GUI so that I can configure it to use on my existing internet. I am getting various errors with the commands you mentioned. Please see the screenshots attached.

2.jpg3.jpg

Make sure you read the config and understand, Do not blindly paste, that is suggested configuration - the errors giving because of some features not supported (may be different) - Most of them your ignorance.  

x.x.x.x (any where you see the IP like this) 

May be you can read the errors and correct (or you looking some one to do for you ?) this is community to help each other to solve the issue, not doing some one else work.

Note : As i mentioned i used base template does not mean you copy and paste there- i would expect as engineer to read the suggested config. 

And Last - there is not must you need to have GUI for the router work to get yourself or user to get into internet, you can also do the same configuration on cli - if you understand the commands, if you coming from GUI world then different question/.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Add this config an test

enable

conf t

aaa new-model

ip http secure-server
ip http authentication local

ip http authentication enable

ip http authentication aaa

username admin privilege 15 secret cisco@123

end

wr

 

Try

https://192.168.10.1

username: admin

password: cisco@123

Thanks for the response. I tried as you mentioned and still facing the same issue. Please find the screenshot attached for the commands that I ran.

1.jpg

With HTTP only?

With HTTPS only its redirecting to HTTPS.

Try to run this commands

 

crypto pki trustpoint TP-self-signed-12345678148

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-12345678148

revocation-check none

rsakeypair TP-self-signed-12345678148

Now ip http secure-server didn't give the error it was giving before. But issue is still the same.

Review Cisco Networking for a $25 gift card