cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7080
Views
0
Helpful
9
Replies

web console access to 2851 router

gtompkinsRC
Level 1
Level 1

Hi-

I just started a new position and I don't know what the userID and password is to get into the web console on the 2851 router. I can telnet to it and get into en mode. How do I find out what the web user ID and password are?

Thanks!

9 Replies 9

Look for the command 'ip http authentication ' in the running config.

If the authentication is set to local then use any username/password combination that's configured in the router. If the authentication type is set to enable then use the enable password of the router to authenticate. Instead if the authentication is set to use AAA you need to review the 'AAA authentication' configuration to see how authentication is performed, it can be TACACS/RADIUS/local or another method, and then use the appropriate login credentials.

HTH

Sundar

Hello Sundar,

Thanks for the quick reply! I did a show config and it is indeed set to local. I can get into the callmanager express web admin. console and that is on a different IP than the data. If I use the same IP and password for the data portion, however, it doesn't let me in.

I am not too familiar with CME but based on the description of your problem it appears the regular (data) router side itself HTTP server support mayn't have been enabled. That would be true if your http session doesn't even connect and I am not talking about authentication failure.

HTH

Sundar

If I go to the IP address for the data side, I do get prompted to enter credentials. I put in the same user ID and password as for the CallManager Express and it doesn't work. How do I enable the web console for the data side? I'm not very good with IOS to configure what I need to there.

Thanks!

Can you post a sanitized copy of the router configuration?

Here is my config. I truncated it just before the tftp entries and sanitized other parts.

User Access Verification

Password:

XXXXXX>en

Password:

xxxxxx#show config

Using 17501 out of 245752 bytes

!

! Last configuration change at 16:54:44 PDT Thu Jul 12 2007

! NVRAM config last updated at 16:54:48 PDT Thu Jul 12 2007

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname XXXXXX

!

boot-start-marker

boot-end-marker

!

logging buffered 4096 debugging

no logging console

enable password XXXXXX

!

no aaa new-model

!

resource policy

!

--More-- clock timezone pacific -8

clock summer-time PDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00

network-clock-participate wic 3

network-clock-select 1 T1 0/3/0

!

!

ip cef

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.0.1 192.168.0.9

ip dhcp excluded-address 192.168.0.51 192.168.0.254

ip dhcp excluded-address 192.168.101.1 192.168.101.10

!

ip dhcp pool VOICE

network 192.168.101.0 255.255.255.0

default-router 192.168.101.2

option 150 ip 192.168.101.2

!

ip dhcp pool DATA

network 192.168.0.0 255.255.255.0

default-router 192.168.0.1

dns-server XXX.XXX.XXX.XX

!

!

--More-- no ip domain lookup

!

isdn switch-type primary-ni

!

voice-card 0

no dspfarm

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

--More-- application

service cme-acd flash:app-b-acd-2.1.0.0.tcl

param number-of-hunt-grps 1

param queue-len 15

param queue-cme-debugs 1

param voice-mail 8501

param aa-hunt1 8500

!

service cme-aa flash:app-b-acd-aa-2.1.0.0.tcl

param max-time-call-retry 60

param voice-mail 8501

paramspace english index 0

param handoff-string cmd-aa

paramspace english language en

param max-time-vm-retry 1

paramspace english location flash:

param aa-pilot 8500

param number-of-hunt-groups 1

paramspace english prefix en

param sevice-name cme-acd

param call-retry-timer 20

!

!

--More-- !

crypto pki trustpoint TP-self-signed-XXXXXXXXXXXXXXXXX

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-XXXXXXXXXXXXXXXXXX

revocation-check none

rsakeypair TP-self-signed-XXXXXXXXXXXXXXXXX

!

!

crypto pki certificate chain TP-self-signed-XXXXXXXXXXXXXXXXXX

certificate self-signed 01 nvram:IOS-Self-Sig#XXXXXXXXXXXX

!

!

controller T1 0/3/0

framing esf

linecode b8zs

pri-group timeslots 1-13,24

!

translation-rule 1

Rule 0 0700 8990

Rule 1 7431 1755

Rule 2 2719 1739

Rule 3 2710 8990

Rule 4 2713 1743

--More-- !

!

!

!

!

interface Loopback0

ip address 172.16.0.254 255.255.255.255

!

interface GigabitEthernet0/0

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/0.1

encapsulation dot1Q 1 native

!

interface GigabitEthernet0/0.100

description data

encapsulation dot1Q 100

ip address 192.168.0.2 255.255.255.0

!

interface GigabitEthernet0/0.101

description Voice VLAN

--More-- encapsulation dot1Q 101

ip address 192.168.101.2 255.255.255.0

!

interface Service-Engine0/1

ip unnumbered GigabitEthernet0/0.101

service-module ip address 192.168.101.1 255.255.255.0

service-module ip default-gateway 192.168.101.2

!

interface GigabitEthernet0/1

ip address XX.XX.XX.XX 255.255.255.0

duplex auto

speed auto

!

interface Serial0/3/0:23

no ip address

encapsulation hdlc

isdn switch-type primary-ni

isdn incoming-voice voice

isdn calling-number XXXXXXXXXX

no cdp enable

!

ip route 0.0.0.0 0.0.0.0 192.168.0.1

ip route 192.168.101.1 255.255.255.255 Service-Engine0/1

--More-- !

!

ip http server

ip http authentication local

ip http secure-server

ip http path flash:

!

!

!

HTTP is configured to authenticate using local login but no username/password exists in the local database. Just a configure a username password from the global config mode as follows and test. Substitute the name/password that you want to use.

username password

HTH

Sundar

I tried that, I am promted as follows:

The server 192.168.0.2 at level_15 or view_access requires a username and password.

Warning: This server is requesting that your username and password be sent in an insecure manner (basic authentication without a secure connection).

I put in the userID and password I specified in config t mode and it just re-prompts me.

OK I see the problem. Even for local authentication it looks like aaa has to be enabled.

Configure the following and test.

aaa new-model

aaa authentication login default local

aaa authorization exec default local

username privilege 15 password

ip http server

ip http authentication local

Here's a reference document.

http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K34241203

HTH

Sundar

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: