cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1027
Views
5
Helpful
8
Replies

Concentrator administration access locked out?

shaun-murray
Level 1
Level 1

This is really weird, same username and same password when connecting to the concentrator via console cable, yet... When connecting to it via http/https and using the SAME username and password, its coming up saying that its a badlogin. =**[ Very confusing... Any help is much appreciated!

1 Accepted Solution

Accepted Solutions

Shuan,

Couple of things to check - since you have console access.

Make sure you have http/https access is enabled.

It should be under the management protocols section.

Also make sure that on the interface level, the HTTP/HTTPS access is enabled on the interface you are trying to access.

Third, see if the rules are applied to the filter which is configured on the interface.

Fourth, if you are doing AAA authentication for admin access, see if you can disable that and test it out.

Thanks

Gilbert

View solution in original post

8 Replies 8

shaun-murray
Level 1
Level 1

This is the error message that I see when connected via console cable, and trying to connect via http.

shaun-murray
Level 1
Level 1

Telnet is disabled... But SSH isn't. However, the normal username and password still are not working this way as well....

Shaun

I wonder if the problem is the source address rather than being a problem with the user ID or with the password? I know that the concentrator can be configured with certain address ranges from which it will accept administrative login. I wonder if the address you are coming from is not in the allowed range?

HTH

Rick

HTH

Rick

I'll take a look see at that. Sounds like a good idea... From the console connection, where can I look at that? I'm very familiar with the http configuration, but the console configuration... *shrug* I've zapped a 3002 before, and it was a loooong drive. I'd rather not zap the 3000... LoL!

Like I mentioned, its working... Just unmanageable. =**[ Thanks for the input! I'll defiantly look into that.

Shaun

I agree that the console based interface is kind of awkward. But thank goodness it exists as an alternative.

Here is how to get to the access restriction for administrators. I include a step here to find what group the administrative login belongs to. If you know that then you can skip that step.

Console interface:

login

choose (2) Administration

choose (7) Access Rights

choose (1) Administrators [to verify group for the ID - optional if you need it]

look at the list, find the ID you are using, verify what group it belongs to

choose (2) back [to return to Access Rights]

choose (2) Access Control List

this will display the current restrictions showing address, mask, and group.

there are options to add, modify, or delete. choose the option that you need. make any change that you need.

then back your way out through the menu system

HTH

Rick

HTH

Rick

Well... There is no addresses/accounts that have been explicitly (sp?) denied. But I went ahead and added my computers IP information to the admin group, but... When I tried to login via http, I still get this error....

44159 07/17/2007 10:22:04.540 SEV=3 HTTP/7 RPT=19 10.90.1.6

HTTP 401 Unauthorized: Authorization Failed

Which still baffles me. My IP is set as an administration source, using the SAME username and password when trying to login to HTTP, and console. Works for console, but same u/p for HTTP is giving me a 401 error. BLAH! LoL! I'll play around with it... TIA!

Shuan,

Couple of things to check - since you have console access.

Make sure you have http/https access is enabled.

It should be under the management protocols section.

Also make sure that on the interface level, the HTTP/HTTPS access is enabled on the interface you are trying to access.

Third, see if the rules are applied to the filter which is configured on the interface.

Fourth, if you are doing AAA authentication for admin access, see if you can disable that and test it out.

Thanks

Gilbert

AAA Authentication was the issue. A TACAS+ server and information was put in there (by...? LoL!) On the TACAS+ server... The concentrator wasn't configured yet. So ripping out that info, I was able to get in no worries.

Weird that the TACAS+ prevented me from using the HTTP/HTTPS configuration, but consoling into the 3000 worked like a champ. *shrug*

Thanks for everyone's help!!!! =D