01-27-2010 02:35 PM - edited 03-06-2019 09:28 AM
I have a client who has 6 switches currently configured on their local LAN. One switch which is a Catalyst 2950 has the Device Manager loaded, and when you access the site using the IP address by the URL http://206.x.x.x it brings up the switch Web GUI without any required authentication. They also have a Cisco 3560 that has been recently updated to version 12.2(53) with the Device Manger as well. However it prompts for authentication when accessing the URL of that device. Is it possible to configure the 3560 to load up the Web GUI without authentication like the 2950 currently does? The IT manager is very stern about using it that way, regardless of what risks it creates.
Thank you for your help.
01-27-2010 02:48 PM
Hi Kyle
Can you disable http authentication on the switch using the command
no ip http authentication {enable | local | tacacs}
this will disable http authentication, but a high-risk security vulnerability...
Let us know..
Raj
01-27-2010 03:07 PM
Thanks for your quick response. I had tried using that command earlier in my troubleshooting steps. I have even gone as far as to erase the current configuration using write erase, reload (with no as my response to save the config). Still the WEB GUI prompts for authentication. I do realize the high security risks, the IT manager for the client is the person in charge, I just get to make it work. I wish I could access the Catalyst 2950, but currently telnet is not enabled, and there is no COM connection available to help me check the configuation between the two switches. I am hoping that maybe I am just missing something. If it would help, I can copy the relevant parts of my Catalyst configuration for review.
Thank you
01-27-2010 03:25 PM
HI Kyle,
I have never used the GUI, but can you logon to the witch using the GUI and just clear the password?
HTH
Reza
01-27-2010 04:00 PM
This is a good idea, but sadly I went into the GUI and tried to remove the password and it told me that I had to specify a password. Would not let me set it to blank. By default the WEB GUI uses the enable password on the Cisco. Currently the only way I can get into it is to specify a enable password from the CLI. I am starting to wonder if maybe the current IOS release somehow fixed the ability to be able to use no authentication on the WEB GUI. I am wondering if I need to load up an older IOS.
Thanks
01-27-2010 04:46 PM
Ya Kyle..
It might just be because the newer IOS comes with some kind of security features inbuilt ! not sure if this is one among them.. 999.99 out of 1000 would need authentication enabled (if http server is enabled)... and normally we dont leave them to default enable passwords, and redirect the requests to tacacs or atleast local authentication..
this is a very strange requirement.. am sure older IOS might just support authentication without passwords.. but i dont think it will be a good idea to revert back to older codes for such requirements.. the older code might have more vulnerabilities, and open bugs, and also can be short of feature sets that your new IOS supports..
somebody has to convey to your superior about the risk of downgrading the IOS... if you want, you can create a password like "a" and give , to make things easier to login
Hope this helps.. all the best
Raj
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide