cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1176
Views
5
Helpful
6
Replies

Catalyst 3650 - No administration Links in Wirelesss Web Gui

stathis_iku
Level 1
Level 1

Hi All,

This is going to sound crazy but for no reason at all we stopped seeing all administrative links on the wireless Web Gui of our cisco 3650 switch.

The users that login to the switch have privilege level 15 and can perform all administrative tasks when connected via ssh. However when the same user connects over https there is only view mode in that the only buttons available are home, monitor and help.

I have no idea why this has started happening but we have noticed it for a couple of months.

We even updated to the latest ios (03.06.05E) hoping that this will return to normal but the problem persists.

Has anyone ever run into something like this before??

Any advice would be greatly appreciated.

I have attached an image of the options available to administrators when they login.

Many thanks,

Stathis

6 Replies 6

Hi Sathis,

Makesure below commands is there in your config

AS01#sho run all | in http
ip http authenticaton local
ip http secure-server
ip http secure-port 443
ip http secure-active-session-modules all
.

Also check the below thread as well.

https://supportforums.cisco.com/discussion/13049766/5760-gui-tacacs

https://supportforums.cisco.com/discussion/12984486/cisco-3850-configuration-over-gui

HTH

Rasika

*** Pls rate all useful responses ***

Hi Rasika,

Thanks for looking into this.

From a quick look at my config i can confirm that all the commands are in place as you can see from the output bellow

Switch#sh run all | s ip http
ip http server
ip http port 80
ip http authentication local
ip http secure-server
ip http secure-port 443
ip http secure-active-session-modules all
ip http max-connections 100
ip http timeout-policy idle 180 life 180 requests 25
ip http session-idle-timeout 180
ip http active-session-modules all
ip http client cache memory pool 100
ip http client cache memory file 2
ip http client cache ager interval 5
ip http client connection timeout 10
ip http client connection retry 1
ip http client connection idle timeout 30
ip http client response timeout 30
ip http path webui:/express

also my users have explicit priviledge level 15.

I found out a couple of related bugs namely CSCuy76460 and CSCuw20068. CSCuw20068 has supposedly been resolved and CSCuy76460 talks about vlan groups and special characters which I do not have in my config.

I will investigate this a bit more tomorrow and will let you know if I find anything of interest.

Thanks again

Hi 

In my 3850 network (running 3.6.5E) it works fine with URL https://<mgt_ip_add>/wireless

I have tested that without "ip http authentication local" command (had to use enable secret with admin username)& I have got what you saw on GUI, where no configuration menu.

I think only below lines are required further to default config. 

username <admin> privilege 15 password <xxxx>
ip http authentication local
ip http secure-server

HTH

Rasika

*** Pls rate all useful responses ***

Hi Rasika,

This seems to be related to CSCuy76460 after all. My administrators use special characters which apparently the 3650 has trouble coping with.

I have escalated this to TAC for further investigation but it seems that the web gui likes you to keep passwords nice and simple.

To anyone who may face the same problem i would suggest to remove special characters from the passwords of people who want to use the web gui for administration and try again.

I will post any update if we reach a different conclusion after i have spoken with TAC.

Best regards,

Ok, thanks for that information. I had simple alphanumeric letters in my password. Did you try that in yours ?

What special characters are problematic ? anything other than numbers or letters ?

Rasika

Hi Rasika,

 

It seems the GUI is definitely not happy with the & symbol.

It pretty much accepts all else from our testing so far.

Stathis

Review Cisco Networking for a $25 gift card