12-04-2007 01:02 PM - edited 03-05-2019 07:49 PM
I just upgraded the IOS on my catalyst 2948G switch to 6.4(21). Part of the configuration is that the console, telenet, and http session are all enabled on both login authentication and enable
authentication. I can get to the switch through console and telnet but I can't access through http. How can I access my switch through http?
12-04-2007 01:13 PM
Tevita
It is not clear to me whether http was working before the code upgrade or not.
Since console and telnet access are working we do not need to know much about them. HTTP authentication is a bit different from console and telnet authentication. Can you post every line of the config that involves http? This would give us better information to work with.
HTH
Rick
12-04-2007 01:20 PM
It was not working before the upgrade. This is from 'show authentication';
c2948g> (enable) show authentication
Login Authentication: Console Session Telnet Session Http Session
--------------------- ---------------- ---------------- ----------------
tacacs disabled disabled disabled
radius disabled disabled disabled
kerberos disabled disabled disabled
local enabled(primary) enabled(primary) enabled(primary)
attempt limit 3 3 -
lockout timeout (sec) disabled disabled -
Enable Authentication: Console Session Telnet Session Http Session
---------------------- ----------------- ---------------- ----------------
tacacs disabled disabled disabled
radius disabled disabled disabled
kerberos disabled disabled disabled
local enabled(primary) enabled(primary) enabled(primary)
attempt limit 3 3 -
lockout timeout (sec) disabled disabled -
12-04-2007 01:27 PM
Thanks for this information. It is helpful to know that the issue is not a result of changing code but has been an on-going issue.
Would you please execute this command and post the output:
show run | include http
HTH
Rick
12-04-2007 01:43 PM
Seems like it doesn't like that command. This is the output though;
c2948g> (enable) show run | include http
Usage: show running-config [all]
show running-config [system|mod] [all]
12-04-2007 01:55 PM
you are right. it did not like it. I guess it is a code difference from the models of switch that I am more used to. Perhaps I can find a switch similar to the one you are asking about and see what it is doing for authentication for http.
In the mean time lets clarify a couple of things. I assume that you have configured a user name with a password and this is what you type to login and authenticate on the switch? Do you have to enter the enable command and put in the enable password/secret to get to enable mode?
When you attempt http what happens? Do you get a prompt? If you get a prompt how are you responding to the prompt? (what do you enter)
HTH
Rick
12-04-2007 02:40 PM
Yes, i configured to login with password on both enable and secret.
I don't get a prompt when attempting to login to http, instead 'internet explorer cannot display the webpage'.
12-04-2007 02:49 PM
Thanks for the additional information. It is quite helpful.
If Internet Explorer can not display the webpage, it sounds as if the switch may not have the web page fully enabled. At this point it will be very helpful if you would post the config of the switch. You may obscure any sensitive information such as addresses and passwords, but please post the config so we can see better what is going on.
HTH
Rick
12-04-2007 03:07 PM
show run all
begin
!
# ***** ALL (DEFAULT and NON-DEFAULT) CONFIGURATION *****
!
!
#time: Tue Dec 4 2007, 14:09:15
!
#version 6.4(21)
!
!
#system web interface version(s)
set password
set enablepass
set prompt Console>
set length 24 default
set logout 20
set config mode binary
set banner motd ^C
Authorized access only
^C
!
#test
set test diaglevel minimal
!
#errordetection
set errordetection inband enable
set errordetection memory enable
!
#system
set system baud 9600
set system modem disable
set system name supgslc-c2948g-06
set system location SLC
set system contact
set system countrycode
set traffic monitor 100
set feature log-command enable
set feature loop-detect enable
!
#power
set power budget 1
!
#Default Inlinepower
set inlinepower defaultallocation 6000
!
#frame distribution method
set port channel all distribution mac both
!
#mac address reduction
set spantree macreduction disable
!
#default portcost mode
set spantree defaultcostmode short
!
#tacacs+
set tacacs attempts 3
set tacacs directedrequest disable
set tacacs timeout 5
!
#radius
set radius deadtime 0
set radius timeout 5
set radius retransmit 2
!
#kerberos
!
#authentication
set authentication login tacacs disable console
set authentication login tacacs disable telnet
set authentication login tacacs disable http
set authentication enable tacacs disable console
set authentication enable tacacs disable telnet
set authentication enable tacacs disable http
set authentication login radius disable console
set authentication login radius disable telnet
set authentication login radius disable http
set authentication enable radius disable console
set authentication enable radius disable telnet
set authentication enable radius disable http
set authentication login local enable console
set authentication login local enable telnet
set authentication login local enable http
set authentication enable local enable console
set authentication enable local enable telnet
set authentication enable local enable http
set authentication login kerberos disable console
set authentication login kerberos disable telnet
set authentication login kerberos disable http
set authentication enable kerberos disable console
set authentication enable kerberos disable telnet
set authentication enable kerberos disable http
set authentication login attempt 3 console
set authentication login attempt 3 telnet
set authentication login lockout 0 console
set authentication login lockout 0 telnet
set authentication enable attempt 3 console
set authentication enable attempt 3 telnet
set authentication enable lockout 0 console
set authentication enable lockout 0 telnet
!
#stp mode
set spantree mode pvst+
!
#vtp
set vtp mode server
set vtp v2 disable
set vtp pruning disable
set vtp pruneeligible 2-1000
clear vtp pruneeligible 1001-1005
set dot1q-all-tagged disable
!
#ip
set feature mdg enable
set feature psync-recovery no-powerdown
set interface sc0 1 x.x.x.x/255.255.x.x x.x.x.x
set interface sc0 up
set interface sl0 0.0.0.0 0.0.0.0
set interface sl0 down
set interface me1 0.0.0.0 0.0.0.0 0.0.0.0
set interface me1 down
set arp agingtime 1200
set ip redirect enable
set ip unreachable enable
set ip fragmentation enable
set ip route 0.0.0.0/0.0.0.0 x.x.x.x
set ip alias default 0.0.0.0
!
#command alias
!
#vmps
set vmps server retry 3
set vmps server reconfirminterval 60
!
12-04-2007 03:09 PM
#rcp
set rcp username
!
#dns
set ip dns disable
!
#spantree
#uplinkfast groups
set spantree uplinkfast disable
#backbonefast
set spantree backbonefast disable
#portfast
set spantree portfast bpdu-guard disable
set spantree portfast bpdu-filter disable
#bpdu-skewing
set spantree bpdu-skewing disable
!
#cgmp
set cgmp disable
set cgmp leave disable
!
#set boot command
set boot config-register 0x2102
set boot system flash bootflash:
set boot system flash bootflash:cat4000.6-4-21.bin
!
#permit list
set ip permit disable telnet
set ip permit disable ssh
set ip permit disable snmp
!
#permanent arp entries
!
#protocolfilter
set protocolfilter disable
!
#standby ports
set standbyports disable
!
#vlan mapping
!
#gmrp
set gmrp disable
!
#garp
set garp timer all 200 600 10000
!
#udld
set udld disable
set udld interval 15
!
#accounting
set accounting exec disable
set accounting connect disable
set accounting system disable
set accounting commands disable
set accounting suppress null-username disable
set accounting update new-info
!
#errdisable timeout
set errdisable-timeout disable other
set errdisable-timeout disable udld
set errdisable-timeout disable bpdu-guard
set errdisable-timeout disable channel-misconfig
set errdisable-timeout interval 300
!
#http configuration
set ip http server disable
set ip http port 80
!
#crypto key
!
#module 1 : 0-port Switching Supervisor
set module name 1
!
#module 2 : 50-port 10/100/1000 Ethernet
set module name 2
set module enable 2
set vlan 1 2/1-50
set port auxiliaryvlan 2/1-50 none
set port enable 2/1-50
set port level 2/1-50 normal
set port speed 2/1-48 auto
set port trap 2/1-50 disable
set port name 2/1-50
set port dot1x 2/1-50 port-control force-authorized
set port dot1x 2/1-50 multiple-host disable
set port dot1x 2/1-50 re-authentication disable
set port security 2/1-50 disable age 0 maximum 1 shutdown 0 violation shutdown
set port membership 2/1-50 static
set port protocol 2/1-50 ip on
set port protocol 2/1-50 ipx auto
set port protocol 2/1-50 group auto
set port negotiation 2/49-50 enable
set port flowcontrol 2/49-50 send desired
set port flowcontrol 2/49-50 receive off
set cdp enable 2/1-50
set udld disable 2/1-48
set udld aggressive-mode disable 2/1-50
set spantree portfast 2/1-50 disable
set spantree portcost 2/42,2/48 19
set spantree portcost 2/1-41,2/43-47 100
set spantree portcost 2/49-50 4
set spantree portpri 2/1-50 32
!
#switch port analyzer
!
#cam
set cam agingtime 1,1003,1005 300
!
#gvrp
set gvrp dynamic-vlan-creation disable
set gvrp disable
!
#authorization
set authorization exec disable console
set authorization exec disable telnet
set authorization enable disable console
set authorization enable disable telnet
set authorization commands disable console
set authorization commands disable telnet
end
c2948g> (enable)
12-04-2007 03:15 PM
Thank you for posting the config. It does show what the problem is:
#http configuration
set ip http server disable
set ip http port 80
!
change this to:
set ip http server enable
and I believe that you will be able to access via the http.
HTH
Rick
12-04-2007 03:27 PM
This is the page i get when i login;
Accessing Cisco Catalyst Switch
Help resources
CCO at www.cisco.com - Cisco Connection Online, including the Technical Assistance Center (TAC).
tac@cisco.com - e-mail the TAC.
1-800-553-2447 or +1-408-526-7209 - phone the TAC.
cs-html@cisco.com - e-mail the HTML interface development group.
12-04-2007 04:20 PM
Can you post a "dir bootflash: here unless you got the correct code the http function will not work . You must have the CV version of code to run the gui. file should look like this with the cv in it cat4000-cv.7-6-1.bin . CV is ciscoview .
12-05-2007 08:21 AM
c2948g> (enable) dir bootflash:
-#- -length- -----date/time------ name
1 4493668 Nov 30 2007 10:24:05 cat4000.6-4-21.bin
7040540 bytes available (4493796 bytes used)
12-05-2007 08:30 AM
Is cv 7-6-1.bin the latest adp i can use for my switch? Is there a later cv software?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: