cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
11321
Views
40
Helpful
12
Replies
GatewayMastering
Beginner

3850 WebUI will not log in

Could someone give me a few ideas on a problem that just started.

Just bought a 3850 12XS, updated to software to Denali 16.3.2.

Logged into the WebUI. Got in fine with the default username and password. Just browsing the pages. I must have changed something because when I tried to login later it says

"Wrong Credentials. Please Login again."

I didn't think I changed anything but I must have.

Is there a way to reset the username and password or figure out what it might have changed too?

I logged into the USB management port and found the lvl15 username and password but it still does not work.

1 ACCEPTED SOLUTION

Accepted Solutions
Julio E. Moisa
VIP Mentor

Hi

If you are using local credentials configure these lines and try again:

no aaa new-model

ip http authentication local

Hope it is useful

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

12 REPLIES 12
Julio E. Moisa
VIP Mentor

Hi

If you are using local credentials configure these lines and try again:

no aaa new-model

ip http authentication local

Hope it is useful

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

Thanks. Didn't seem to help. 

This is the error message using Putty connected to the USB port when I try to open the WebUI in a browser. There is no Administrator user that I can see configured.

%WEBSERVER-5-LOGIN_FAILED:Switch 1 R0/0: :  Login Un-Succe                                                              ssful from host 10.0.0.192 by user 'Administrator'

Since I just started this whole process, whats the best way to clear everything and reset the switch to factory defaults?

Thanks so much for your help

Hi

Try creating an admin user, example:

conf t

username Cisco privi 15 password Test123




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

So I reset the switch to factory settings. assigned ip address etc.

The webpage again came right up. This time I added a new user. Saved Logged out

Tried to log back in with new user and it fails. It also seems slow opening the webUI, where before it opened in a snap.

here's the config, if you see anything.

version 16.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-recovery
no platform punt-keepalive disable-kernel-core
!
hostname Switch
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 $1$WNBu$kTI/VV6QIburvSdQ0Jgl4/
!
no aaa new-model
facility-alarm critical exceed-action shutdown
switch 1 provision ws-c3850-12xs
!
!
!
!
!
!
!

!
!
!
!
!
!
!
!
!
!


license boot level ipbasek9
diagnostic bootup level minimal
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
username GW privilege 15 secret 9 $9$2lMG2FIM3l6F4.$ZZsJsNc76/mgsN2jsa8AA5vhX2kRSaKzL0sCHVYdBP.
!
redundancy
mode sso
!
!
!
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, SGT Cache Full, LOGGING
class-map match-any system-cpp-default
description DHCP snooping, show forward and rest of traffic
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, Crypto Control, Exception, EGR Exception, NFL SAMPLED DATA, Gold Pkt, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-control-low-priority
description ICMP redirect and general punt
class-map match-any system-cpp-police-wireless-priority1
description Wireless priority 1
class-map match-any system-cpp-police-wireless-priority2
description Wireless priority 2
class-map match-any system-cpp-police-wireless-priority3-4-5
description Wireless priority 3,4 and 5
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
!
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
policy-map system-cpp-policy
class system-cpp-police-data
police rate 200 pps
class system-cpp-police-sys-data
police rate 100 pps
class system-cpp-police-sw-forward
police rate 1000 pps
class system-cpp-police-multicast
police rate 500 pps
class system-cpp-police-multicast-end-station
police rate 2000 pps
class system-cpp-police-punt-webauth
class system-cpp-police-l2-control
class system-cpp-police-routing-control
police rate 1800 pps
class system-cpp-police-control-low-priority
class system-cpp-police-wireless-priority1
class system-cpp-police-wireless-priority2
class system-cpp-police-wireless-priority3-4-5
class system-cpp-police-topology-control
class system-cpp-police-dot1x-auth
class system-cpp-police-protocol-snooping
class system-cpp-police-forus
class system-cpp-default
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
ip address 10.0.0.167 255.255.0.0
negotiation auto
!
interface TenGigabitEthernet1/0/1
!
interface TenGigabitEthernet1/0/2
!
interface TenGigabitEthernet1/0/3
!
interface TenGigabitEthernet1/0/4
!
interface TenGigabitEthernet1/0/5
!
interface TenGigabitEthernet1/0/6
!
interface TenGigabitEthernet1/0/7
!
interface TenGigabitEthernet1/0/8
!
interface TenGigabitEthernet1/0/9
!
interface TenGigabitEthernet1/0/10
!
interface TenGigabitEthernet1/0/11
!
interface TenGigabitEthernet1/0/12
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface TenGigabitEthernet1/1/3
!
interface TenGigabitEthernet1/1/4
!
interface Vlan1
ip address 10.0.0.76 255.255.0.0
!
ip default-gateway 10.0.0.1
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
ip access-list extended AutoQos-4.0-wlan-Acl-Bulk-Data
permit tcp any any eq 22
permit tcp any any eq 465
permit tcp any any eq 143
permit tcp any any eq 993
permit tcp any any eq 995
permit tcp any any eq 1914
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit tcp any any eq smtp
permit tcp any any eq pop3
ip access-list extended AutoQos-4.0-wlan-Acl-MultiEnhanced-Conf
permit udp any any range 16384 32767
permit tcp any any range 50000 59999
ip access-list extended AutoQos-4.0-wlan-Acl-Scavanger
permit tcp any any range 2300 2400
permit udp any any range 2300 2400
permit tcp any any range 6881 6999
permit tcp any any range 28800 29100
permit tcp any any eq 1214
permit udp any any eq 1214
permit tcp any any eq 3689
permit udp any any eq 3689
permit tcp any any eq 11999
ip access-list extended AutoQos-4.0-wlan-Acl-Signaling
permit tcp any any range 2000 2002
permit tcp any any range 5060 5061
permit udp any any range 5060 5061
ip access-list extended AutoQos-4.0-wlan-Acl-Transactional-Data
permit tcp any any eq 443
permit tcp any any eq 1521
permit udp any any eq 1521
permit tcp any any eq 1526
permit udp any any eq 1526
permit tcp any any eq 1575
permit udp any any eq 1575
permit tcp any any eq 1630
permit udp any any eq 1630
permit tcp any any eq 1527
permit tcp any any eq 6200
permit tcp any any eq 3389
permit tcp any any eq 5985
permit tcp any any eq 8080
!
!
!
control-plane
service-policy input system-cpp-policy
!
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
line vty 5 15
login
!
!
!
!
!
!
!
ap dot11 airtime-fairness policy-name Default 0
ap group default-group
ap hyperlocation ble-beacon 0
ap hyperlocation ble-beacon 1
ap hyperlocation ble-beacon 2
ap hyperlocation ble-beacon 3
ap hyperlocation ble-beacon 4
end

Switch#

It looks fine,have you tried with other browser?

http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf005.html




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Thanks so much Julio.

I tried multiple browsers on different computers. No joy.

so bizarre... I'll keep trying. When I open the WebUI for the first time it works great. There must be a parameter that's changing.

Thanks!

Thank you, I was having the same problem because i had started configuring the switch from console.

Adding user worked for me.

Good day,

 

I have a problem with the WebUI login. I have new Cisco Catalyst 3850 24. I just unboxed it. When I try to put the Login and Password I have getting the error "Wrong Credentials. Please Login again." I tried to put to username "webui" and password "S/N of the switch" and username "webui" and pass "cisco", but I cannot login.

anuarus
Beginner

so i have the same issue, what i can tell so far, is that something triggers when i make a change to the "ip http...." commands,

every time i change something on a command that starts like that then it lets me back into the GUI,

 

so far my best guess is that when you log out, the user is flagged as "logged out" once the switch detects that the user logged out, it seems to start a timer for "anti-logging spam" something along the lines of "you just logged out so i lock that account down for a while to prevent user spamming logins", this seems to be the symptoms, becuase when i leave the office and i try again the next day, then i can log in to the gui no problem, also if i try again by lunch time, i can get back in,

consider the following

i have aaa new-model enabled

ip http authen local

 

the ssh is fine, i can get in and out no problem, so this is a webgui issue and think it may be only a gui rule somewhere or part of the micro code

i have 3 different usernames with the same priv level and differnt passwords, so i believe tghe GUI itself locks down for a while 

when you just logged out. i dont know 100%

anuarus
Beginner

when i entered the "ip http client conn forceclose" command
i could see in the syslog that i get a login syslog, and then inmediately a log out syslog starting with <%WEBSERVER>
when i remove the command then the "loop" goes away and then lets me back into the device, so,
when log in again, i can see the syslog entry for login in via webserver, but when i click log out in the GUI i DO NOT SEE a
log off "%WEBSERVER" entry in the syslog,
which makes me think that the session you logged in with is still active and when you think you logged out, the switch is still waiting for a response from the "active session" and will not let you log back in untill the session times out.

i still dont have a dead on answer, but based on this observations, the switch doesn't know you logged out and it will not let you log back in with the credentials that it thinks are still active and current.
joshua.watts
Beginner

resolved!

 

had same problem on WS-C3850-12S

disabled, re-enabled http service and got it working - weird one!


(config)#no ip http secure-server
(config)#ip http secure-server