03-01-2023 10:56 AM
I set up a C1121-4P router for a friend with int gig0/0/0 facing the ISP with ip address dhcp. int gig0/0/1 192.168.1.1/24. See attached sh run. Vanilla Configuration not much security or complexity. After a power reload the GUI "https://192.168.1.1/webui nor http://192.168.1.1/webui" stopped working and can't get it to run. The browser Firefox as well as Chrome reports not compatible TLS and incorrect ssl (don't remember exact message) . I believe the Cisco IOS is using TLS v1.1 and the browsers are using TLS v1.2. The friend is not CLI savvy and want to use the GUI, so he can determine the ip nat translation statistic as well as the log. I have enable ip authentication http local not in sh run. Any help is appreciated.
03-01-2023 04:10 PM
we did not find any show run attached, command try setup only TLS1.2
use the below document for reference to setup TLS 1.2 for the GUI
03-02-2023 08:56 AM
03-03-2023 12:08 AM - edited 03-03-2023 12:09 AM
i do not see your config http config at all ?
config to tls 1.2 does not required router to reboot. but is your router running SSH v2 ?
05-05-2023 03:51 PM
Turns out I needed to have configured user with privilege 15 to user the WebGUI for all menu items
05-07-2023 01:02 AM
Hello
Is http server enabled on the rtr ( it should be by default)
Define a static default route other then the received default from dhcp?
dir flash:
show http server status
conf t
ip https server
ip http authentication aaa
ip http max connections 2
ip http path flash:
ip route 0.0.0.0 0.0.0.0 gig0.0.0 dhcp
06-21-2023 10:00 AM
I had a problem similar to this one on a C1101-4P. The only option that worked was to change the SW baseline from 17.3.x to 17.6.x and then WebGUI would show the proper pages and allow configuration. I don't know if you are able to update your SW, but that is what worked for me.
06-21-2023 10:56 AM
04-19-2024 11:51 AM
Hey there! It sounds like you're facing a bit of a hiccup with your friend's router setup. From what you've described, it seems like there might be a compatibility issue between the router's TLS version and the browsers your friend is using.
Since your friend prefers using the GUI and isn't too familiar with the command line, we might need to explore a few options. One approach could be to see if there's a firmware update available for the router that supports a newer version of TLS. Alternatively, you could try accessing the GUI from a different browser or even a different device to see if that helps.
If those options don't work, we might need to delve into the CLI a bit to troubleshoot further. Let me know if you're up for that, and I can guide you through some steps to check the router's TLS settings and potentially adjust them if needed.
@Hiten Thakkar wrote:I set up a C1121-4P router for a friend with int gig0/0/0 facing the ISP with ip address dhcp. int gig0/0/1 192.168.1.1/24. See attached sh run. Vanilla Configuration not much security or complexity. After a power reload the GUI "https://192.168.1.1/webui nor https://pennmedicalgroup.com/" stopped working and can't get it to run. The browser Firefox as well as Chrome reports not compatible TLS and incorrect ssl (don't remember exact message) . I believe the Cisco IOS is using TLS v1.1 and the browsers are using TLS v1.2. The friend is not CLI savvy and want to use the GUI, so he can determine the ip nat translation statistic as well as the log. I have enable ip authentication http local not in sh run. Any help is appreciated.
07-22-2024 11:38 PM
09-02-2024 02:59 AM
It turns out I needed to configure the user with privilege level 15 to access all menu items in the WebGUI.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide