06-23-2011 08:05 PM - edited 03-07-2019 12:57 AM
I've enabled the server by typing ip http server using the cli but I am unable to get the SDM to launch or use the Cisco configuration professional software to connect to it.
The Cisco Configuration Professional software say's it was unable to connect to it using HTTP or HTTPS. I can ping the router.
What would cause it not to connect? This was also happening on a previous version of the IOS so I did the update to 15.1 to see if that would fix the issue. It didn't.
Thanks...
Solved! Go to Solution.
06-24-2011 11:08 AM
Hi,
https is not enabled so it is normal you can't connect.
For telnet maybe it is due to ACL 23, do a clear access-list counters then try to telnet and then do a sh access-list.
Does your implicit deny hitcount raise?
you can do a debug ip tcp transactions to try to debug http and you can also sniff host interface.
Regards.
Alain.
06-23-2011 08:28 PM
Can you post the command "dir" and "sh run" please?
06-24-2011 08:02 AM
Here are the command. Let me also state that this machine doesn't have line cards in it yet. I am getting it ready to replace our current router and I've added the config but since the cards aren't there the config isn't complete. I'm just trying to enable HTTP and Telent access.
Also, another interesting thing. I've tried to enable Telnet and can't do that either. I can ping the GE0/0 interface though.
Directory of flash:/
1 -rw- 25438028 Jun 22 2010 05:50:40 +00:00 c2800nm-ipbase-mz.124-15.T.bin
2 -rw- 1505280 Jun 22 2010 05:50:48 +00:00 common.tar
3 -rw- 931840 Jun 22 2010 05:50:56 +00:00 es.tar
4 -rw- 1038 Jun 22 2010 05:51:00 +00:00 home.shtml
5 -rw- 112640 Jun 22 2010 05:51:04 +00:00 home.tar
6 -rw- 415956 Jun 22 2010 05:51:12 +00:00 sslclient-win-1.1.4.176.pkg
7 -rw- 2751 Jun 22 2010 05:51:16 +00:00 sdmconfig-28xx.cfg
8 -rw- 37555360 Jun 23 2011 21:47:00 +00:00 c2800nm-ipbasek9-mz.151-3.T1.bin
Show Run
Current configuration : 4963 bytes
!
! Last configuration change at 14:17:38 UTC Fri Jun 24 2011
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname FtWorth
!
boot-start-marker
boot system flash c2800nm-ipbasek9-mz.151-3.T1.bin
boot-end-marker
!
!
no logging buffered
no logging monitor
enable secret 5
enable password 7
!
no aaa new-model
!
dot11 syslog
ip source-route
no ip routing
!
!
no ip cef
!
!
!
ip domain name yourdomain.com
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2821 sn FTX0939A190
archive
log config
hidekeys
username admin privilege 15 secret 5
username paul privilege 15 secret 5
!
!
!
class-map match-all voice-priority
match access-group 150
!
!
policy-map POLICY1
class voice-priority
priority percent 25
set ip precedence 5
class class-default
fair-queue
!
!
!
!
!
interface Multilink1
ip address 192.168.253.2 255.255.255.252
ppp multilink
ppp multilink group 1
service-policy output POLICY1
!
interface GigabitEthernet0/0
description $ETH-LAN$
ip address 10.10.9.1 255.255.0.0
ip flow ingress
ip flow egress
no ip route-cache
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
no ip address
no ip route-cache
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
ip http authentication local
no ip http secure-server
ip flow-cache timeout active 1
ip flow-export version 5
ip flow-export destination 10.10.14.136 9991
!
ip route 0.0.0.0 0.0.0.0 10.10.2.1
ip route 10.250.1.68 255.255.255.252 10.10.9.3
ip route 10.254.1.68 255.255.255.252 10.10.9.3
ip route 64.57.148.10 255.255.255.255 10.10.9.3
ip route 64.57.148.54 255.255.255.255 10.10.9.3
ip route 64.57.148.55 255.255.255.255 10.10.9.3
ip route 64.57.148.99 255.255.255.255 10.10.9.3
ip route 64.57.148.119 255.255.255.255 10.10.9.3
ip route 204.90.2.117 255.255.255.255 10.10.9.3
ip route 206.114.9.249 255.255.255.255 10.10.2.1
!
logging trap warnings
logging source-interface GigabitEthernet0/0
logging 10.10.10.100
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 150 permit udp any range 6004 7039 any
access-list 150 permit udp any any range 6004 7039
access-list 150 permit udp any any range 5000 5070
access-list 150 permit udp any range 5000 5070 any
access-list 150 permit udp any any eq 5567
access-list 150 permit udp any eq 5567 any
access-list 150 permit tcp any any eq 5566
access-list 150 permit tcp any eq 5566 any
access-list 150 permit tcp any any eq 5570
access-list 150 permit tcp any eq 5570 any
!
snmp-server community public RO
snmp-server community paul RW
snmp-server location 10.10.13.155
snmp-server contact Paul Clark
!
control-plane
!
!
line con 0
password 7
login
line aux 0
password 7
login
modem InOut
transport input all
stopbits 1
flowcontrol hardware
line vty 0 4
access-class 23 in
privilege level 15
password 7
login
transport input telnet
line vty 5 15
access-class 23 in
privilege level 15
password 7
login local
transport input telnet
!
scheduler allocate 20000 1000
en
06-24-2011 11:08 AM
Hi,
https is not enabled so it is normal you can't connect.
For telnet maybe it is due to ACL 23, do a clear access-list counters then try to telnet and then do a sh access-list.
Does your implicit deny hitcount raise?
you can do a debug ip tcp transactions to try to debug http and you can also sniff host interface.
Regards.
Alain.
06-24-2011 11:56 AM
Hi,
Please follow the following document to configure http server:
http://www.cisco.com/en/US/prod/collateral/routers/ps5318/prod_qas0900aecd80483a4f.html
I would check your user's password since I don't see that it has been configured. I would also type "
sh ip http server status" to make sure you are using port 80.
Adding to that: Can you telnet into the router? I believe the login local is missing in your vty 0 4 which are the first lines used for this purpose. I am also seeing that your ethernet subnet mask and your ACL wildcard do not match.
Good luck
06-24-2011 12:07 PM
Thanks for the help everyone. The ACL fixed the issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide