Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6265
Views
0
Helpful
6
Replies

Cisco Aironet 1600, http access only with level 15

Gonzalo Arroyo Rey
Level 1
Level 1

‎10-09-2013 08:58 AM - edited ‎07-04-2021 01:02 AM

hello everyone

I have an AP AIR-SAP1602E-E-K9 with ios 15.2(2)JB2, I have created several users via CLI with different privilege and can access with them through CLI without problems, but if try to log in via HTTP only users with level 15 can do it. Other AP with different IOS and same config works fine, through HTTP the minimun level access is 1. Here is part of the config file

aaa group server radius rad_eap

!

aaa group server radius rad_mac

!

aaa group server radius rad_acct

!

aaa group server radius rad_admin

!

aaa group server tacacs+ tac_admin

!

aaa group server radius rad_pmip

!

aaa group server radius dummy

!

aaa authentication login default local

aaa authentication login eap_methods group rad_eap

aaa authentication login mac_methods local

aaa authorization exec default local

aaa accounting network acct_methods start-stop group rad_acct


username admin privilege 15 password 7 XXXXXXXX

username test1 password 7 XXXXXXXXX

username test2 privilege 7 password 7 XXXXXXXXX

!

ip http server

ip http authentication aaa

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

Anyone could help me?

Labels:
0 Helpful
6 Replies 6

Jacob Snyder
Level 5
Level 5

‎10-13-2013 10:19 AM

I am pretty sure you need a level 15 account to access the web GUI using a local account.

Sent from Cisco Technical Support iPhone App

0 Helpful

Gonzalo Arroyo Rey
Level 1
Level 1
In response to Jacob Snyder

‎10-13-2013 10:38 PM

No. i have other Ap (with different IOS 12.2) and can log in with level 1 (just read-only) but can log on.

0 Helpful

Jatin Katyal
Cisco Employee
Cisco Employee
In response to Gonzalo Arroyo Rey

‎10-20-2013 03:00 PM

Hi Gonzalo,

Personally, I've not seen accessing HTTP interface via privilege  level 1. Since it's working in your scenario with 12.2 code so we can  troubleshoot.

Can you please remove this command

ip http authentication aaa

with;

ip http authentication local

If the above change doesn't help you to resolve this issue. Please get the following outputs.

debug ip http authentication

debug aaa authentication

debug aaa authorization

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin
0 Helpful

Jatin Katyal
Cisco Employee
Cisco Employee
In response to Jatin Katyal

‎10-24-2013 03:18 AM

did you get a chance to make suggested changes?

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin
0 Helpful

blenka
Level 3
Level 3

‎10-25-2013 09:28 AM

To return to the default privilege for a given command, use the no privilege mode level level command global configuration command.

This example shows how to set the configure command to privilege level 14 and define SecretPswd14 as the password users must enter to use level 14 commands:

AP(config)#privilege exec level 14 configure

AP(config)#enable password level 14 SecretPswd14

0 Helpful

Saurav Lodh
Level 7
Level 7

‎10-25-2013 03:24 PM

A client connects to the HTTP server with a default privilege level of 15. Please issue ip http authentication local other than ip http authentication aaa. Check if it helps

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card