Re: 2950's and HTTP login

dcooper_191 · ‎10-19-2006

Hello,

I'm deploying some 2950's with a crypto IOS 12.1.22.EA8a. Here is most of my config (that I think applies to my problem). I'm trying to let a user called "look" log in by http at level 1. However no matter what I've tried using the documents from ciso. I can't get it to work. It always pops up with LEVEL-15 login by default.

------

aaa new-model

aaa authentication login default local

aaa authorization exec default local

username look password 0 xxxxx

username look privilege 1

(I've tried the ip http auth commands as well)

line vty 0 15

password xxxxx

line con 0

password xxxxx

login authentication default

Note the users work fine via SSH or Term.

Thank you for any suggestions.

a.hajhamad · ‎10-19-2006

Hi,

Please use the following commands:

ip http server

ip http authentication local

Please rate if it does!

Thanks

Abd Alqader

dcooper_191 · ‎10-19-2006

Yeah that's what I found in some docs as well. (NOTE: my post states I tried the http auth commands as well) However it didn't work.

Although....I can get Network Assistant to use level 1 access by using the above. Which is good but......

I was really trying to get the generic web interface to accept level 1's but I'm starting to think it's not possible. (Maybe it is on Routers but not on 2950's?)

Also since IOS 12.1 usese http v.1 it uses vtys to connect and not sockets. So I also can't use "line vty x - x / transmit input ssh" or it will lock out the web access.

The 2950's dont's support https either. :(

arrghh!

Thanks for your input.

andrew.butterworth · ‎10-19-2006

As far as I know there is no way to change the HTTP privilege level and it is fixed at 15. You must therefore make the user Level 15 privilege.

HTH

Andy