07-19-2007 10:04 AM - edited 03-03-2019 05:57 PM
Hi-
I just started a new position and I don't know what the userID and password is to get into the web console on the 2851 router. I can telnet to it and get into en mode. How do I find out what the web user ID and password are?
Thanks!
07-19-2007 10:12 AM
Look for the command 'ip http authentication
If the authentication is set to local then use any username/password combination that's configured in the router. If the authentication type is set to enable then use the enable password of the router to authenticate. Instead if the authentication is set to use AAA you need to review the 'AAA authentication' configuration to see how authentication is performed, it can be TACACS/RADIUS/local or another method, and then use the appropriate login credentials.
HTH
Sundar
07-19-2007 10:24 AM
Hello Sundar,
Thanks for the quick reply! I did a show config and it is indeed set to local. I can get into the callmanager express web admin. console and that is on a different IP than the data. If I use the same IP and password for the data portion, however, it doesn't let me in.
07-19-2007 10:30 AM
I am not too familiar with CME but based on the description of your problem it appears the regular (data) router side itself HTTP server support mayn't have been enabled. That would be true if your http session doesn't even connect and I am not talking about authentication failure.
HTH
Sundar
07-19-2007 11:17 AM
If I go to the IP address for the data side, I do get prompted to enter credentials. I put in the same user ID and password as for the CallManager Express and it doesn't work. How do I enable the web console for the data side? I'm not very good with IOS to configure what I need to there.
Thanks!
07-19-2007 11:50 AM
Can you post a sanitized copy of the router configuration?
07-19-2007 12:49 PM
Here is my config. I truncated it just before the tftp entries and sanitized other parts.
User Access Verification
Password:
XXXXXX>en
Password:
xxxxxx#show config
Using 17501 out of 245752 bytes
!
! Last configuration change at 16:54:44 PDT Thu Jul 12 2007
! NVRAM config last updated at 16:54:48 PDT Thu Jul 12 2007
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname XXXXXX
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
no logging console
enable password XXXXXX
!
no aaa new-model
!
resource policy
!
--More-- clock timezone pacific -8
clock summer-time PDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
network-clock-participate wic 3
network-clock-select 1 T1 0/3/0
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.9
ip dhcp excluded-address 192.168.0.51 192.168.0.254
ip dhcp excluded-address 192.168.101.1 192.168.101.10
!
ip dhcp pool VOICE
network 192.168.101.0 255.255.255.0
default-router 192.168.101.2
option 150 ip 192.168.101.2
!
ip dhcp pool DATA
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server XXX.XXX.XXX.XX
!
!
--More-- no ip domain lookup
!
isdn switch-type primary-ni
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
--More-- application
service cme-acd flash:app-b-acd-2.1.0.0.tcl
param number-of-hunt-grps 1
param queue-len 15
param queue-cme-debugs 1
param voice-mail 8501
param aa-hunt1 8500
!
service cme-aa flash:app-b-acd-aa-2.1.0.0.tcl
param max-time-call-retry 60
param voice-mail 8501
paramspace english index 0
param handoff-string cmd-aa
paramspace english language en
param max-time-vm-retry 1
paramspace english location flash:
param aa-pilot 8500
param number-of-hunt-groups 1
paramspace english prefix en
param sevice-name cme-acd
param call-retry-timer 20
!
!
--More-- !
crypto pki trustpoint TP-self-signed-XXXXXXXXXXXXXXXXX
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-XXXXXXXXXXXXXXXXXX
revocation-check none
rsakeypair TP-self-signed-XXXXXXXXXXXXXXXXX
!
!
crypto pki certificate chain TP-self-signed-XXXXXXXXXXXXXXXXXX
certificate self-signed 01 nvram:IOS-Self-Sig#XXXXXXXXXXXX
!
!
controller T1 0/3/0
framing esf
linecode b8zs
pri-group timeslots 1-13,24
!
translation-rule 1
Rule 0 0700 8990
Rule 1 7431 1755
Rule 2 2719 1739
Rule 3 2710 8990
Rule 4 2713 1743
--More-- !
!
!
!
!
interface Loopback0
ip address 172.16.0.254 255.255.255.255
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.1
encapsulation dot1Q 1 native
!
interface GigabitEthernet0/0.100
description data
encapsulation dot1Q 100
ip address 192.168.0.2 255.255.255.0
!
interface GigabitEthernet0/0.101
description Voice VLAN
--More-- encapsulation dot1Q 101
ip address 192.168.101.2 255.255.255.0
!
interface Service-Engine0/1
ip unnumbered GigabitEthernet0/0.101
service-module ip address 192.168.101.1 255.255.255.0
service-module ip default-gateway 192.168.101.2
!
interface GigabitEthernet0/1
ip address XX.XX.XX.XX 255.255.255.0
duplex auto
speed auto
!
interface Serial0/3/0:23
no ip address
encapsulation hdlc
isdn switch-type primary-ni
isdn incoming-voice voice
isdn calling-number XXXXXXXXXX
no cdp enable
!
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip route 192.168.101.1 255.255.255.255 Service-Engine0/1
--More-- !
!
ip http server
ip http authentication local
ip http secure-server
ip http path flash:
!
!
!
07-19-2007 01:03 PM
HTTP is configured to authenticate using local login but no username/password exists in the local database. Just a configure a username password from the global config mode as follows and test. Substitute the name/password that you want to use.
username
HTH
Sundar
07-19-2007 01:37 PM
I tried that, I am promted as follows:
The server 192.168.0.2 at level_15 or view_access requires a username and password.
Warning: This server is requesting that your username and password be sent in an insecure manner (basic authentication without a secure connection).
I put in the userID and password I specified in config t mode and it just re-prompts me.
07-19-2007 02:48 PM
OK I see the problem. Even for local authentication it looks like aaa has to be enabled.
Configure the following and test.
aaa new-model
aaa authentication login default local
aaa authorization exec default local
username
ip http server
ip http authentication local
Here's a reference document.
http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K34241203
HTH
Sundar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide