http enabled on c2948g

Unanswered Question

I just upgraded the IOS on my catalyst 2948G switch to 6.4(21). Part of the configuration is that the console, telenet, and http session are all enabled on both login authentication and enable

authentication. I can get to the switch through console and telnet but I can't access through http. How can I access my switch through http?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Tue, 12/04/2007 - 13:13
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Tevita


It is not clear to me whether http was working before the code upgrade or not.


Since console and telnet access are working we do not need to know much about them. HTTP authentication is a bit different from console and telnet authentication. Can you post every line of the config that involves http? This would give us better information to work with.


HTH


Rick

It was not working before the upgrade. This is from 'show authentication';

c2948g> (enable) show authentication


Login Authentication: Console Session Telnet Session Http Session

--------------------- ---------------- ---------------- ----------------

tacacs disabled disabled disabled

radius disabled disabled disabled

kerberos disabled disabled disabled

local enabled(primary) enabled(primary) enabled(primary)

attempt limit 3 3 -

lockout timeout (sec) disabled disabled -


Enable Authentication: Console Session Telnet Session Http Session

---------------------- ----------------- ---------------- ----------------

tacacs disabled disabled disabled

radius disabled disabled disabled

kerberos disabled disabled disabled

local enabled(primary) enabled(primary) enabled(primary)

attempt limit 3 3 -

lockout timeout (sec) disabled disabled -


Richard Burts Tue, 12/04/2007 - 13:27
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Thanks for this information. It is helpful to know that the issue is not a result of changing code but has been an on-going issue.


Would you please execute this command and post the output:

show run | include http


HTH


Rick

Richard Burts Tue, 12/04/2007 - 13:55
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

you are right. it did not like it. I guess it is a code difference from the models of switch that I am more used to. Perhaps I can find a switch similar to the one you are asking about and see what it is doing for authentication for http.


In the mean time lets clarify a couple of things. I assume that you have configured a user name with a password and this is what you type to login and authenticate on the switch? Do you have to enter the enable command and put in the enable password/secret to get to enable mode?


When you attempt http what happens? Do you get a prompt? If you get a prompt how are you responding to the prompt? (what do you enter)


HTH


Rick

Richard Burts Tue, 12/04/2007 - 14:49
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Thanks for the additional information. It is quite helpful.


If Internet Explorer can not display the webpage, it sounds as if the switch may not have the web page fully enabled. At this point it will be very helpful if you would post the config of the switch. You may obscure any sensitive information such as addresses and passwords, but please post the config so we can see better what is going on.


HTH


Rick

show run all



begin

!

# ***** ALL (DEFAULT and NON-DEFAULT) CONFIGURATION *****

!

!

#time: Tue Dec 4 2007, 14:09:15

!

#version 6.4(21)

!

!

#system web interface version(s)

set password

set enablepass

set prompt Console>

set length 24 default

set logout 20

set config mode binary

set banner motd ^C


Authorized access only

^C

!

#test

set test diaglevel minimal

!

#errordetection

set errordetection inband enable

set errordetection memory enable

!

#system

set system baud 9600

set system modem disable

set system name supgslc-c2948g-06

set system location SLC

set system contact

set system countrycode

set traffic monitor 100

set feature log-command enable

set feature loop-detect enable

!

#power

set power budget 1

!

#Default Inlinepower

set inlinepower defaultallocation 6000

!

#frame distribution method

set port channel all distribution mac both

!

#mac address reduction

set spantree macreduction disable

!

#default portcost mode

set spantree defaultcostmode short

!


#tacacs+

set tacacs attempts 3

set tacacs directedrequest disable

set tacacs timeout 5

!

#radius

set radius deadtime 0

set radius timeout 5

set radius retransmit 2

!

#kerberos

!

#authentication

set authentication login tacacs disable console

set authentication login tacacs disable telnet

set authentication login tacacs disable http

set authentication enable tacacs disable console

set authentication enable tacacs disable telnet

set authentication enable tacacs disable http

set authentication login radius disable console

set authentication login radius disable telnet

set authentication login radius disable http

set authentication enable radius disable console

set authentication enable radius disable telnet

set authentication enable radius disable http

set authentication login local enable console

set authentication login local enable telnet

set authentication login local enable http

set authentication enable local enable console

set authentication enable local enable telnet

set authentication enable local enable http

set authentication login kerberos disable console

set authentication login kerberos disable telnet

set authentication login kerberos disable http

set authentication enable kerberos disable console

set authentication enable kerberos disable telnet

set authentication enable kerberos disable http

set authentication login attempt 3 console

set authentication login attempt 3 telnet

set authentication login lockout 0 console

set authentication login lockout 0 telnet

set authentication enable attempt 3 console

set authentication enable attempt 3 telnet

set authentication enable lockout 0 console

set authentication enable lockout 0 telnet

!

#stp mode

set spantree mode pvst+

!

#vtp

set vtp mode server

set vtp v2 disable

set vtp pruning disable

set vtp pruneeligible 2-1000

clear vtp pruneeligible 1001-1005

set dot1q-all-tagged disable

!

#ip

set feature mdg enable

set feature psync-recovery no-powerdown

set interface sc0 1 x.x.x.x/255.255.x.x x.x.x.x


set interface sc0 up

set interface sl0 0.0.0.0 0.0.0.0

set interface sl0 down

set interface me1 0.0.0.0 0.0.0.0 0.0.0.0


set interface me1 down

set arp agingtime 1200

set ip redirect enable

set ip unreachable enable

set ip fragmentation enable

set ip route 0.0.0.0/0.0.0.0 x.x.x.x

set ip alias default 0.0.0.0

!

#command alias

!

#vmps

set vmps server retry 3

set vmps server reconfirminterval 60

!

#rcp

set rcp username

!

#dns

set ip dns disable

!

#spantree

#uplinkfast groups

set spantree uplinkfast disable

#backbonefast

set spantree backbonefast disable

#portfast

set spantree portfast bpdu-guard disable

set spantree portfast bpdu-filter disable

#bpdu-skewing

set spantree bpdu-skewing disable

!

#cgmp

set cgmp disable

set cgmp leave disable

!


#set boot command

set boot config-register 0x2102

set boot system flash bootflash:

set boot system flash bootflash:cat4000.6-4-21.bin

!

#permit list

set ip permit disable telnet

set ip permit disable ssh

set ip permit disable snmp

!

#permanent arp entries

!

#protocolfilter

set protocolfilter disable

!

#standby ports

set standbyports disable

!

#vlan mapping

!

#gmrp

set gmrp disable

!

#garp

set garp timer all 200 600 10000

!


#udld

set udld disable

set udld interval 15

!


#accounting

set accounting exec disable

set accounting connect disable

set accounting system disable

set accounting commands disable

set accounting suppress null-username disable

set accounting update new-info

!

#errdisable timeout

set errdisable-timeout disable other

set errdisable-timeout disable udld

set errdisable-timeout disable bpdu-guard

set errdisable-timeout disable channel-misconfig

set errdisable-timeout interval 300

!

#http configuration

set ip http server disable

set ip http port 80

!

#crypto key

!

#module 1 : 0-port Switching Supervisor

set module name 1

!

#module 2 : 50-port 10/100/1000 Ethernet

set module name 2

set module enable 2

set vlan 1 2/1-50

set port auxiliaryvlan 2/1-50 none

set port enable 2/1-50

set port level 2/1-50 normal

set port speed 2/1-48 auto

set port trap 2/1-50 disable

set port name 2/1-50

set port dot1x 2/1-50 port-control force-authorized

set port dot1x 2/1-50 multiple-host disable

set port dot1x 2/1-50 re-authentication disable

set port security 2/1-50 disable age 0 maximum 1 shutdown 0 violation shutdown

set port membership 2/1-50 static

set port protocol 2/1-50 ip on

set port protocol 2/1-50 ipx auto

set port protocol 2/1-50 group auto

set port negotiation 2/49-50 enable

set port flowcontrol 2/49-50 send desired

set port flowcontrol 2/49-50 receive off

set cdp enable 2/1-50

set udld disable 2/1-48

set udld aggressive-mode disable 2/1-50


set spantree portfast 2/1-50 disable

set spantree portcost 2/42,2/48 19

set spantree portcost 2/1-41,2/43-47 100

set spantree portcost 2/49-50 4

set spantree portpri 2/1-50 32


!

#switch port analyzer

!

#cam

set cam agingtime 1,1003,1005 300

!

#gvrp

set gvrp dynamic-vlan-creation disable

set gvrp disable

!

#authorization

set authorization exec disable console

set authorization exec disable telnet

set authorization enable disable console

set authorization enable disable telnet

set authorization commands disable console

set authorization commands disable telnet

end

c2948g> (enable)

Richard Burts Tue, 12/04/2007 - 15:15
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Thank you for posting the config. It does show what the problem is:

#http configuration

set ip http server disable

set ip http port 80

!

change this to:

set ip http server enable

and I believe that you will be able to access via the http.


HTH


Rick

glen.grant Tue, 12/04/2007 - 16:20
User Badges:
  • Purple, 4500 points or more

Can you post a "dir bootflash: here unless you got the correct code the http function will not work . You must have the CV version of code to run the gui. file should look like this with the cv in it cat4000-cv.7-6-1.bin . CV is ciscoview .

glen.grant Wed, 12/05/2007 - 08:36
User Badges:
  • Purple, 4500 points or more

No they have 8.X CV code available also , don't know the very latest one though. That being said if you go to 8.X make sure your rommon version is high enough , there are stipulations in the release notes on what you need for rommon versions to run the higher codes. Looks like this is the last CV code

cat4000-cv.8-3-2-GLX.bin

Actions

This Discussion