cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
52064
Views
23
Helpful
10
Replies

Can't login web interface but can login SSH and telnet

Can't login web interface but can login SSH and telnet of cisco 3560

after got problem i can login and monitor performance and see log after that logoff and try login again it show user password not correct 

- i try change browser firefox, ie, chrome can access web but can't login.

- i try login ssh :OK!

- i try login telnet :OK!

- i try create new user can login ssh ,telnet but can't login web.

 

Please help me how to check this problem.

1 Accepted Solution

Accepted Solutions

Thank you for all and i solving problems already

command : no ip http secure-server

and put command again: ip http secure-server

View solution in original post

10 Replies 10

balaji.bandi
Hall of Fame
Hall of Fame

Using the GUI , you have must have permission of privilege level 15 access try below option :

 

create a user

Step 1

username admintemp privilege 15 privilege 15 secret admintemp

then runn the http services

Step 2

ip http server
ip http secure-server

ip http authentication login local

 

Step 3

management ip

http://X.X.XX

it will ask you username and pass  

 

make sure you have right java version.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I see my config and check with you recommend it correct
1
username cisco privilege 15 password 0 12343234
username Admin privilege 15 password 0 09876567
============================================
2
!
interface Vlan100
ip address 192.168.100.254 255.255.255.0
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.99.1
ip ssh version 2
ip scp server enable
!

The question in the original post was about failure in login for the web interface but success in login for telnet and ssh. The partial config posted shows that the web interface should authenticate using the locally configured user ID and password. So the users cisco and Admin should be able to login to the web interface. Are you telling us that these IDs do work or do not work for the web interface?

 

We have no information about authentication for telnet and ssh and so can not yet address differences in login success or failure. Can you post more of the config (most especially all of the aaa config and the config of the vty lines - complete config would be nice).

 

HTH

 

Rick

HTH

Rick

can you see my config

 

interface Vlan700
ip address 10.1.12.253 255.255.255.0
!
ip default-gateway 10.1.8.77
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!

ip access-list extended AutoQos-4.0-wlan-Acl-Bulk-Data
permit tcp any any eq 22
permit tcp any any eq 465
permit tcp any any eq 143
permit tcp any any eq 993
permit tcp any any eq 995
permit tcp any any eq 1914
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit tcp any any eq smtp
permit tcp any any eq pop3
ip access-list extended AutoQos-4.0-wlan-Acl-MultiEnhanced-Conf
permit udp any any range 16384 32767
permit tcp any any range 50000 59999
ip access-list extended AutoQos-4.0-wlan-Acl-Scavanger
permit tcp any any range 2300 2400
permit udp any any range 2300 2400
permit tcp any any range 6881 6999
permit tcp any any range 28800 29100
permit tcp any any eq 1214
permit udp any any eq 1214
permit tcp any any eq 3689
permit udp any any eq 3689
permit tcp any any eq 11999
ip access-list extended AutoQos-4.0-wlan-Acl-Signaling
permit tcp any any range 2000 2002
permit tcp any any range 5060 5061
permit udp any any range 5060 5061
ip access-list extended AutoQos-4.0-wlan-Acl-Transactional-Data
permit tcp any any eq 443
permit tcp any any eq 1521
permit udp any any eq 1521
permit tcp any any eq 1526
permit udp any any eq 1526
permit tcp any any eq 1575
permit udp any any eq 1575
permit tcp any any eq 1630
permit udp any any eq 1630
permit tcp any any eq 1527
permit tcp any any eq 6200
permit tcp any any eq 3389
permit tcp any any eq 5985
permit tcp any any eq 8080
!
ip sla enable reaction-alerts
access-list 100 permit ip any any
access-list 100 deny ip 192.168.1.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 100 deny ip 192.168.1.0 0.0.0.255 172.20.1.0 0.0.0.255
!
snmp-server community public RO
snmp-server community private RW
!
control-plane
service-policy input system-cpp-policy
!
!
no vstack
!
line con 0
password asdfghjkl;'
login local
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password asdfghjkl;'
login local
line vty 5 15
password asdfghjkl;'
login
!
!
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
!
ap dot11 airtime-fairness policy-name Default 0
ap group default-group
ap hyperlocation ble-beacon 0
ap hyperlocation ble-beacon 1
ap hyperlocation ble-beacon 2
ap hyperlocation ble-beacon 3
ap hyperlocation ble-beacon 4
end

Hello,

 

this sounds more like a browser problem than a problem with the 3560. Are you trying this from a Windows machine ? If so, try and disable the firewall...

Thanks for posting some additional configuration. It is helpful to see the configuration of the vty lines. Would you post the output of this command

show run | include aaa

 

HTH

 

Rick

HTH

Rick

I was facing this problem on all my devices with the GUI files installed and the HTTP(s) service enabled. Except for AP. The AP running config doesn't have the ip http authentication local line and the GUI works as intended. That's different.

Balaji, your hint was helpful. I wish, you are making much less typo for now

Thank you for all and i solving problems already

command : no ip http secure-server

and put command again: ip http secure-server

Thanks for the update telling us that you solved the problem by removing and re-adding the command. It is good to know this.

 

HTH

 

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco