cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6184
Views
20
Helpful
13
Replies

Can't access Web UI on Catalyst 9300L

seb1303
Level 1
Level 1

Hello,

I'm currently trying to access the Web UI of my Catalyst 9300L switches. I can access the switches via SSH but not via web.
It simply won't load the site. Looks like port 80/443 is not open... Do I need to set some other settings to get it running?

There is currently only the management interface configured. No VLAN.

I enabled the Web UI via:

# ip http server
# ip http authentication local
# ip http secure-server

Output of show ip http server status shows:

cisco#show ip http server status
HTTP server status: Enabled
HTTP server port: 80
HTTP server active supplementary listener ports: 21111
HTTP server authentication method: local
HTTP server auth-retry 0 time-window 0
HTTP server digest algorithm: md5
HTTP server access class: 0
HTTP server IPv4 access class: None
HTTP server IPv6 access class: None
HTTP server base path:
HTTP File Upload status: Disabled
HTTP server upload path:
HTTP server help root:
Maximum number of concurrent server connections allowed: 300
Maximum number of secondary server connections allowed: 50
Server idle time-out: 180 seconds
Server life time-out: 180 seconds
Server session idle time-out: 600 seconds
Maximum number of requests allowed on a connection: 25
Server linger time : 60 seconds
HTTP server active session modules: ALL
HTTP secure server capability: Present
HTTP secure server status: Disabled
HTTP secure server port: 443
HTTP secure server ciphersuite: rsa-aes-cbc-sha2 rsa-aes-gcm-sha2
dhe-aes-cbc-sha2 dhe-aes-gcm-sha2 ecdhe-rsa-aes-cbc-sha2
ecdhe-rsa-aes-gcm-sha2 ecdhe-ecdsa-aes-gcm-sha2
HTTP secure server TLS version: TLSv1.2 TLSv1.1
HTTP secure server client authentication: Disabled
HTTP secure server PIV authentication: Disabled
HTTP secure server PIV authorization only: Disabled
HTTP secure server trustpoint: TP-self-signed-225260382
HTTP secure server peer validation trustpoint:
HTTP secure server ECDHE curve: secp256r1
HTTP secure server active session modules: ALL 

 Any tips to get this working?

Regards
Seb

1 Accepted Solution

Accepted Solutions

as I mention before , the issue is subnet, but the not clear how ping work!! that wired. 
any way 
for configuration tab 
do 
username mhm password mhm
username mhm privilege 15 <<--

 

View solution in original post

13 Replies 13

connect the PC to management port and first try ping 

I can ping the switch and even connet via SSH, as already mentioned. The network itself is working.

in any browser enter 
http 
not 
https 

as I see the https is disable even if you enter ip http secure-server

I tried http only too.

ip http secure-server <<- remove this command
and 
check again with http only 

Tried this one too. No luck. I don't get it...

Reza Sharifi
Hall of Fame
Hall of Fame

Hi,

Try a different browser.

HTH

I tried Edge, Chrome and Firefox. Also wget on Linux shell. It looks more like the switch is not offering HTTP/HTTPS. I get a network timeout. It's not a certificate or browser compatibility problem.

As I said: I can ping it and also connect to it via SSH.

seb1303
Level 1
Level 1

Got it working. I put my computer into the same network like the management port. 
So it looks like there is some sort of network filtering active. How can I disable/configure this?

The next thing I noticed is that there are menues missing like "Configuration" in the Web UI. Can this be a permission thing?

what kind of missing, can you post exmaple :

as long as user have priv 15 you should be good.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

as I mention before , the issue is subnet, but the not clear how ping work!! that wired. 
any way 
for configuration tab 
do 
username mhm password mhm
username mhm privilege 15 <<--

 

seb1303
Level 1
Level 1

I gave the user priv 15. Now I can access all menu entries. Thanks for the hint!

Any tips for the limit that I can only connect to the Web UI if I'm on the same network like the management port?
Haven't found any settings to change...