I have Cisco 3750X switch that we've used for a while. I've turned off telnet access but I can console and ssh into it just fine. Recently I've been asked to get the Web GUI accessible. I search on EE and found this question: Cisco 3750x Web interface?
I've configured the commands I was missing and still cannot get into the web interface. I get the login box that pops up and reads: A username and password are being requested by https://<switch IP>. The site says: "level_15_or_view_access" but anything I put in fails. Below are the relevant parts of my sanitized config:
aaa authentication login default local
aaa authorization exec default local
ip http server
ip http authentication local
ip http secure-server
username <ssh username> password 0 <ssh password
username <web gui user> password 0 <web gui password> privilege 15
I've tried the IP addresses of two of my VLAN interfaces to no avail, I've tried http and https with no success.
What's missing? Any help is appreciated.
i haven't encountered this issue but try the commands below then try to https to the switch.
no ip http server
no username <ssh username> password 0 <ssh password
no username <web gui user> password 0 <web gui password> privilege 15
username <username> priv 15 password <password>
***Please rate and mark the comment correct if you find it helpful. Thanks***
Leo, here's the results:
2 -rwx 1516 Feb 22 2016 14:37:22 -05:00 vlan.dat
3 -rwx 1239 Jun 29 2014 12:50:27 -04:00 <license file>.lic
5 -rwx 20428800 Sep 28 2014 09:04:52 -04:00 c3750e-universalk9-mz.150-2.SE6.bin
6 -rwx 114 Feb 28 1993 19:09:13 -05:00 express_setup.debug
7 -rwx 1162 Aug 18 2014 17:32:39 -04:00 <license file>.lic
9 -rwx 1163 Aug 18 2014 10:39:12 -04:00 <license file>.lic
10 -rwx 15137 May 2 1993 17:05:32 -04:00 pre-SLA
14 -rwx 2994 Jun 16 2016 15:20:26 -04:00 private-config.text
12 -rwx 3096 Jun 16 2016 15:20:26 -04:00 multiple-fs
13 -rwx 24580 Jun 16 2016 15:20:26 -04:00 config.text
If I'm reading this correctly, all of my IOS images have a -mz in the name, it looks like the Device Manager images have -tar in the names.
Your correct, the .tar image has the files to run the web server, this also creates a sub directory.
I personally don't see the point in it and it should be a secure connection in any event.
Just as suspected, GUI won't work because the switch had an IOS using the "skinny" method: Copy the BIN file into the switch.
This means the rest of the GUI subdirectory wasn't installed.
Try to get the TAR file and un-pack them using the automation script: archive download-sw tftp://<TFTP IP address>/filename.tar
Alternatively, if you have physical access to the switch then you can also upgrade the IOS using a supported USB thumb drive.
Maybe this changes the scope of things, but my original intention to get the Web GUI working was to allow 3rd party technicians to get in and turn off and back on ports to power cycle POE devices. That's it.
My question: Is Device Manager needed or can I get away with something like Cisco Network Assistant?
My background: I do everything by command line so the only cisco GUI experience I have is the ASDM.
You can use CLI via it, but I don't think you can do what you want otherwise. Can they not login to the devices directly instead?
These are third party technicians that have no experience with the command line.
I've tried installing the Network Assistant software thinking it would be much easier to set up but I'm running into the same problem. I try to log in and none of my user names and passwords work. I try my SSH username and password and the web specific username and it won't let me in.
In my logs I'm getting an "authentication failed for level 15"
After trying my 11 other switches, they all connected to the Network Assistant software. I removed the ip http authentication line entirely and added ip http secure-server back in. It connects in now.