Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6991
Views
0
Helpful
5
Replies

HTTP Server not working on Cisco 2821 with 15.1 IOS and IPBase w/Crypto

Go to solution
pclark
Level 1
Level 1

‎06-23-2011 08:05 PM - edited ‎03-07-2019 12:57 AM

I've enabled the server by typing ip http server using the cli but I am unable to get the SDM to launch or use the Cisco configuration professional software to connect to it.

The Cisco Configuration Professional software say's it was unable to connect to it using HTTP or HTTPS.  I can ping the router. 

What would cause it not to connect?   This was also happening on a previous version of the IOS so I did the update to 15.1 to see if that would fix the issue.  It didn't.   

Thanks...

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to pclark

‎06-24-2011 11:08 AM

Hi,

https is not enabled so it is normal you can't connect.

For telnet maybe it is due to ACL 23, do a clear access-list counters then try to telnet and then do a sh access-list.

Does your implicit deny hitcount raise?

you can do a debug ip tcp transactions to try to debug http and you can also sniff host interface.

Regards.

Alain.

Don't forget to rate helpful posts.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎06-23-2011 08:28 PM

Can you post the command "dir" and "sh run" please?

0 Helpful

Go to solution
pclark
Level 1
Level 1
In response to Leo Laohoo

‎06-24-2011 08:02 AM

Here are the command.  Let me also state that this machine doesn't have line cards in it yet.  I am getting it ready to replace our current router and I've added the config but since the cards aren't there the config isn't complete.  I'm just trying to enable HTTP and Telent access.

Also, another interesting thing.  I've tried to enable Telnet and can't do that either.  I can ping the GE0/0 interface though.

Directory of flash:/

    1  -rw-    25438028  Jun 22 2010 05:50:40 +00:00  c2800nm-ipbase-mz.124-15.T.bin

    2  -rw-     1505280  Jun 22 2010 05:50:48 +00:00  common.tar

    3  -rw-      931840  Jun 22 2010 05:50:56 +00:00  es.tar

    4  -rw-        1038  Jun 22 2010 05:51:00 +00:00  home.shtml

    5  -rw-      112640  Jun 22 2010 05:51:04 +00:00  home.tar

    6  -rw-      415956  Jun 22 2010 05:51:12 +00:00  sslclient-win-1.1.4.176.pkg

    7  -rw-        2751  Jun 22 2010 05:51:16 +00:00  sdmconfig-28xx.cfg

    8  -rw-    37555360  Jun 23 2011 21:47:00 +00:00  c2800nm-ipbasek9-mz.151-3.T1.bin

Show Run

Current configuration : 4963 bytes

!

! Last configuration change at 14:17:38 UTC Fri Jun 24 2011

!

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname FtWorth

!

boot-start-marker

boot system flash c2800nm-ipbasek9-mz.151-3.T1.bin

boot-end-marker

!

!

no logging buffered

no logging monitor

enable secret 5

enable password 7

!

no aaa new-model

!

dot11 syslog

ip source-route

no ip routing

!

!

no ip cef

!

!

!

ip domain name yourdomain.com

multilink bundle-name authenticated

!

!

crypto pki token default removal timeout 0

!

!

!

!

license udi pid CISCO2821 sn FTX0939A190

archive

log config

  hidekeys

username admin privilege 15 secret 5

username paul privilege 15 secret 5

!

!

!

class-map match-all voice-priority

match access-group 150

!

!

policy-map POLICY1

class voice-priority

  priority percent 25

  set ip precedence 5

class class-default

  fair-queue

!

!

!

!

!

interface Multilink1

ip address 192.168.253.2 255.255.255.252

ppp multilink

ppp multilink group 1

service-policy output POLICY1

!

interface GigabitEthernet0/0

description $ETH-LAN$

ip address 10.10.9.1 255.255.0.0

ip flow ingress

ip flow egress

no ip route-cache

duplex auto

speed auto

no mop enabled

!

interface GigabitEthernet0/1

no ip address

no ip route-cache

shutdown

duplex auto

speed auto

!

ip forward-protocol nd

!

ip http server

ip http authentication local

no ip http secure-server

ip flow-cache timeout active 1

ip flow-export version 5

ip flow-export destination 10.10.14.136 9991

!

ip route 0.0.0.0 0.0.0.0 10.10.2.1

ip route 10.250.1.68 255.255.255.252 10.10.9.3

ip route 10.254.1.68 255.255.255.252 10.10.9.3

ip route 64.57.148.10 255.255.255.255 10.10.9.3

ip route 64.57.148.54 255.255.255.255 10.10.9.3

ip route 64.57.148.55 255.255.255.255 10.10.9.3

ip route 64.57.148.99 255.255.255.255 10.10.9.3

ip route 64.57.148.119 255.255.255.255 10.10.9.3

ip route 204.90.2.117 255.255.255.255 10.10.9.3

ip route 206.114.9.249 255.255.255.255 10.10.2.1

!

logging trap warnings

logging source-interface GigabitEthernet0/0

logging 10.10.10.100

access-list 23 permit 10.10.10.0 0.0.0.7

access-list 150 permit udp any range 6004 7039 any

access-list 150 permit udp any any range 6004 7039

access-list 150 permit udp any any range 5000 5070

access-list 150 permit udp any range 5000 5070 any

access-list 150 permit udp any any eq 5567

access-list 150 permit udp any eq 5567 any

access-list 150 permit tcp any any eq 5566

access-list 150 permit tcp any eq 5566 any

access-list 150 permit tcp any any eq 5570

access-list 150 permit tcp any eq 5570 any

!

snmp-server community public RO

snmp-server community paul RW

snmp-server location 10.10.13.155

snmp-server contact Paul Clark

!

control-plane

!

!

line con 0

password 7

login

line aux 0

password 7

login

modem InOut

transport input all

stopbits 1

flowcontrol hardware

line vty 0 4

access-class 23 in

privilege level 15

password 7

login

transport input telnet

line vty 5 15

access-class 23 in

privilege level 15

password 7

login local

transport input telnet

!

scheduler allocate 20000 1000

en

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to pclark

‎06-24-2011 11:08 AM

Hi,

https is not enabled so it is normal you can't connect.

For telnet maybe it is due to ACL 23, do a clear access-list counters then try to telnet and then do a sh access-list.

Does your implicit deny hitcount raise?

you can do a debug ip tcp transactions to try to debug http and you can also sniff host interface.

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful

Go to solution
Limitless1801
Level 1
Level 1

‎06-24-2011 11:56 AM

Hi,

  Please follow the following document to configure http server:

http://www.cisco.com/en/US/prod/collateral/routers/ps5318/prod_qas0900aecd80483a4f.html

I would check your user's password since I don't see that it has been configured. I would also type "

sh ip http server status" to make sure you are using port 80.

Adding to that: Can you telnet into the router? I believe the login local is missing in your vty 0 4 which are the first lines used for this purpose. I am also seeing that your ethernet subnet mask and your ACL wildcard do not match.

  Good luck

0 Helpful

Go to solution
pclark
Level 1
Level 1

‎06-24-2011 12:07 PM

Thanks for the help everyone.  The ACL  fixed the issue.  

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card