cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5076
Views
0
Helpful
7
Replies

2960S http/https access with read-only

alex-shpil
Level 1
Level 1

Hi,

I configured 2960S switch as http server.

I'm unable to access the switch GUI with non privilege 15 user, with privilege 15 user it's working.

Does any one know if this could be done ?

7 Replies 7

cadet alain
VIP Alumni
VIP Alumni

Hi,

which GUI are you using ? are you using radius or tacacs+ ?

For CNA if using  authentication server look at this:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_network_assistant/version5_0/quick/guide/English/feature.html#wp1043757

Regards.

Alain

Don't forget to rate helpful posts.

ebarticel
Level 4
Level 4

Create a new user with a level between 1 and 14 and enable that level on vty lines. It should work

username 2960 privilege 10 password 0 cisco

line vty 0 4

privilege level 10

login local

line vty 5 15

privilege level 10

login local

Hope this helps

Eugen

Hi,

I'm still not able to acces the http interface of the switch only with privilege 15.

The switch still expects the user to be with privilege 15.

Hi Eugen,

This web based authentication is talking about http session that passing through the switch.

I'm talking  about accessing the switch with http.

Hi Alex, did you try to create a user with privilege 0 or 1, that is what most literature on cisco recommends for a user exec (some say that a privilege level between 1 to 14 is read-only and 15 is read-write).

Sorry, I give you the wrong link, try this one.

http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_55_se/configuration/guide/swauthen.html#wp1154063

As the link above shows you can restrict using privilege mode, or create admin roles for each user.

Regards

Eugen

Hi,

first of all, i think Alex is talking about accessing the Switch via http (browser) and not telnet/ssh, so vty lines don't play a role.

I am currently stumbling upon this problem as well.

What works is to enter http://switch-ip/level/7/exec (Given that a user with Privilege Level 7 exists on the switch or AAA-Server).

The problem is, when you login with this method, you don't see the usual GUI, but a set of commands you could issue now.

If you find a way to get the GUI working with read-only access, please let me know.

Thanks,

Sebastian

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: