cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
16930
Views
0
Helpful
10
Replies

3750X cannot access Web GUI

Adam Hudson
Level 1
Level 1

I have Cisco 3750X switch that we've used for a while. I've turned off telnet access but I can console and ssh into it just fine. Recently I've been asked to get the Web GUI accessible. I search on EE and found this question: Cisco 3750x Web interface?

I've configured the commands I was missing and still cannot get into the web interface. I get the login box that pops up and reads: A username and password are being requested by https://<switch IP>. The site says: "level_15_or_view_access" but anything I put in fails. Below are the relevant parts of my sanitized config:

aaa new-model
aaa authentication login default local
aaa authorization exec default local
ip http server
ip http authentication local
ip http secure-server
username <ssh username> password 0 <ssh password
username <web gui user> password 0 <web gui password> privilege 15

I've tried the IP addresses of two of my VLAN interfaces to no avail, I've tried http and https with no success.

What's missing? Any help is appreciated.

10 Replies 10

agapitca19
Level 1
Level 1

Adam Hudson,

i haven't encountered this issue but try the commands below then try to https to the switch.

no ip http server

no username <ssh username> password 0 <ssh password

no username <web gui user> password 0 <web gui password> privilege 15

username <username> priv 15 password <password>

HTH

***Please rate and mark the comment correct if you find it helpful. Thanks***

Leo Laohoo
Hall of Fame
Hall of Fame

Post the complete output to the command "dir".

Leo, here's the results:

2 -rwx 1516 Feb 22 2016 14:37:22 -05:00 vlan.dat
3 -rwx 1239 Jun 29 2014 12:50:27 -04:00 <license file>.lic
5 -rwx 20428800 Sep 28 2014 09:04:52 -04:00 c3750e-universalk9-mz.150-2.SE6.bin
6 -rwx 114 Feb 28 1993 19:09:13 -05:00 express_setup.debug
7 -rwx 1162 Aug 18 2014 17:32:39 -04:00 <license file>.lic
9 -rwx 1163 Aug 18 2014 10:39:12 -04:00 <license file>.lic
10 -rwx 15137 May 2 1993 17:05:32 -04:00 pre-SLA
14 -rwx 2994 Jun 16 2016 15:20:26 -04:00 private-config.text
12 -rwx 3096 Jun 16 2016 15:20:26 -04:00 multiple-fs
13 -rwx 24580 Jun 16 2016 15:20:26 -04:00 config.text

If I'm reading this correctly, all of my IOS images have a -mz in the name, it looks like the Device Manager images have -tar in the names.

Your correct, the .tar image has the files to run the web server, this also creates a sub directory.

I personally don't see the point in it and it should be a secure connection in any event.

Martin

Adam, 

Just as suspected, GUI won't work because the switch had an IOS using the "skinny" method:  Copy the BIN file into the switch.  


This means the rest of the GUI subdirectory wasn't installed.  

Try to get the TAR file and un-pack them using the automation script:  archive download-sw tftp://<TFTP IP address>/filename.tar

Alternatively, if you have physical access to the switch then you can also upgrade the IOS using a supported USB thumb drive.

Adam Hudson
Level 1
Level 1

Maybe this changes the scope of things, but my original intention to get the Web GUI working was to allow 3rd party technicians to get in and turn off and back on ports to power cycle POE devices. That's it.

My question: Is Device Manager needed or can I get away with something like Cisco Network Assistant?

My background: I do everything by command line so the only cisco GUI experience I have is the ASDM.

You can use CLI via it, but I don't think you can do what you want otherwise. Can they not login to the devices directly instead?

Martin

These are third party technicians that have no experience with the command line.

I've tried installing the Network Assistant software thinking it would be much easier to set up but I'm running into the same problem. I try to log in and none of my user names and passwords work. I try my SSH username and password and the web specific username and it won't let me in.

In my logs I'm getting an "authentication failed for level 15"

Adam Hudson
Level 1
Level 1

After trying my 11 other switches, they all connected to the Network Assistant software. I removed the ip http authentication line entirely and added ip http secure-server back in. It connects in now.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco