Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2239
Views
20
Helpful
13
Replies

Can't access Web UI on Catalyst 9300L

Go to solution
seb1303
Level 1
Level 1

‎01-31-2023 09:05 AM

Hello,

I'm currently trying to access the Web UI of my Catalyst 9300L switches. I can access the switches via SSH but not via web.
It simply won't load the site. Looks like port 80/443 is not open... Do I need to set some other settings to get it running?

There is currently only the management interface configured. No VLAN.

I enabled the Web UI via:

# ip http server
# ip http authentication local
# ip http secure-server

Output of show ip http server status shows:

cisco#show ip http server status
HTTP server status: Enabled
HTTP server port: 80
HTTP server active supplementary listener ports: 21111
HTTP server authentication method: local
HTTP server auth-retry 0 time-window 0
HTTP server digest algorithm: md5
HTTP server access class: 0
HTTP server IPv4 access class: None
HTTP server IPv6 access class: None
HTTP server base path:
HTTP File Upload status: Disabled
HTTP server upload path:
HTTP server help root:
Maximum number of concurrent server connections allowed: 300
Maximum number of secondary server connections allowed: 50
Server idle time-out: 180 seconds
Server life time-out: 180 seconds
Server session idle time-out: 600 seconds
Maximum number of requests allowed on a connection: 25
Server linger time : 60 seconds
HTTP server active session modules: ALL
HTTP secure server capability: Present
HTTP secure server status: Disabled
HTTP secure server port: 443
HTTP secure server ciphersuite: rsa-aes-cbc-sha2 rsa-aes-gcm-sha2
dhe-aes-cbc-sha2 dhe-aes-gcm-sha2 ecdhe-rsa-aes-cbc-sha2
ecdhe-rsa-aes-gcm-sha2 ecdhe-ecdsa-aes-gcm-sha2
HTTP secure server TLS version: TLSv1.2 TLSv1.1
HTTP secure server client authentication: Disabled
HTTP secure server PIV authentication: Disabled
HTTP secure server PIV authorization only: Disabled
HTTP secure server trustpoint: TP-self-signed-225260382
HTTP secure server peer validation trustpoint:
HTTP secure server ECDHE curve: secp256r1
HTTP secure server active session modules: ALL 

 Any tips to get this working?

Regards
Seb

1 person had this problem
Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP
In response to seb1303

‎02-01-2023 02:38 AM

as I mention before , the issue is subnet, but the not clear how ping work!! that wired. 
any way 
for configuration tab 
do 
username mhm password mhm
username mhm privilege 15 <<--

 

View solution in original post

13 Replies 13

Go to solution
MHM Cisco World
VIP
VIP

‎01-31-2023 09:24 AM

connect the PC to management port and first try ping 

0 Helpful

Go to solution
seb1303
Level 1
Level 1
In response to MHM Cisco World

‎01-31-2023 12:05 PM

I can ping the switch and even connet via SSH, as already mentioned. The network itself is working.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to seb1303

‎01-31-2023 12:13 PM

in any browser enter 
http 
not 
https 

as I see the https is disable even if you enter ip http secure-server

0 Helpful

Go to solution
seb1303
Level 1
Level 1
In response to MHM Cisco World

‎01-31-2023 12:27 PM

I tried http only too.
0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to seb1303

‎01-31-2023 12:29 PM

ip http secure-server <<- remove this command
and 
check again with http only 

0 Helpful

Go to solution
seb1303
Level 1
Level 1
In response to MHM Cisco World

‎01-31-2023 11:40 PM

Tried this one too. No luck. I don't get it...

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎01-31-2023 09:29 AM

Hi,

Try a different browser.

HTH

0 Helpful

Go to solution
seb1303
Level 1
Level 1
In response to Reza Sharifi

‎01-31-2023 12:07 PM - edited ‎01-31-2023 12:08 PM

I tried Edge, Chrome and Firefox. Also wget on Linux shell. It looks more like the switch is not offering HTTP/HTTPS. I get a network timeout. It's not a certificate or browser compatibility problem.

As I said: I can ping it and also connect to it via SSH.

0 Helpful

Go to solution
seb1303
Level 1
Level 1

‎02-01-2023 12:28 AM

Got it working. I put my computer into the same network like the management port. 
So it looks like there is some sort of network filtering active. How can I disable/configure this?

The next thing I noticed is that there are menues missing like "Configuration" in the Web UI. Can this be a permission thing?

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to seb1303

‎02-01-2023 01:07 AM

what kind of missing, can you post exmaple :

as long as user have priv 15 you should be good.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to seb1303

‎02-01-2023 02:38 AM

as I mention before , the issue is subnet, but the not clear how ping work!! that wired. 
any way 
for configuration tab 
do 
username mhm password mhm
username mhm privilege 15 <<--

 

Go to solution
seb1303
Level 1
Level 1

‎02-01-2023 02:45 AM

I gave the user priv 15. Now I can access all menu entries. Thanks for the hint!

Any tips for the limit that I can only connect to the Web UI if I'm on the same network like the management port?
Haven't found any settings to change...

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card