cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3481
Views
0
Helpful
12
Replies

Cisco 867 access denied using CP Express

Tim Roelands
Level 1
Level 1

Hi,

I would like to manage my Cisco 867 by using CP Express GUI software. For you can use CPE you have to enable HTTP, configure an IP and add a user:

(config)# username 'name' privilege 15 secret 0 'password'

Everthings seems fine, router is reachable using ping, login screen appears, but it keeps saying that I'm using the wrong login / password. I have added a second user (same command, other name) but witout any result. The change my L/P is incorrect seems pretty small.

I have also enable SSH support. Router can be reached using Putty, but again username and pass are wrong.

Show run shows a username:

username 'username' privilege 15 secret 5 ##@#@@@@

Any suggestions?

12 Replies 12

Hi,

Do you have access to the CLI?

If you want to log with the defined user/pass from the local database of the router, make sure that HTTP is set to authenticate against the local database.

From the CLI:

sh run | ip http

Federico.

Federico,

I have CLI access, but could you please help me a bit more by explaining what the problem is?

Do I need to run this command in Config-mode? Should I replace 'IP' with an IP-number? Please help!

If you don't have local authentication enabled for GUI access, then you cannot access the graphical interface with those credentials.

Do the following, please post the output from the following commands:

sh run | i ip http

sh run | i user

sh run | i aaa

You don't need to change anything, just copy/paste the above commands.

Federico.

Oke, understood. Here's the output:

#sh run | i ip http
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000

#sh run | i user
username root privilege 15 secret 5 $1$LtOo$PD4T4Mw5KHcbAIGd6xMxG0
username user1 privilege 15 secret 5 $1$Op6G$NSnpj06BSLa1z.A7p/GYi.

#sh run | i aaa
no aaa new-model

That's why you cannot access the GUI with the local database.

aaa new-model is disabled.

Try this:

aaa new-model
aaa authentication login default local

Federico.

Well, that worked! But....now it gives an error that I do not have enough rights to upgrade the flash...Strange, because both users are (15) level users..

Error message: You do not have permission to upgrade the flash. Privelege level 15 user or view user of type are allowed to upgrade the falsh.

Almost there! Please help!

Just don't use GUI,

It never does what one needs, but causes further trouble in the attempt.

As p.bevilacqua said, I don't recommend the GUI either ;-)


If you still want the GUI try creating another level 15 user.

Federicol

Shame to say it, but I still get the same error....Stil not enough rights....I also added a new user, same result.

But why ''upgrade the flash'' error? Exactly at what point do you get this error?

Have you tried from a different machine just to make sure you get the same error?

Can you post:

sh ver

sh flash

sh run

Federico.

Hi,

Would like to report the outcome of all the problems. First, when switched to Cisco Configuration Professional in stead of the Express version, login is worked....but....no ATM interface could be managed. This was caused by an old IOS (v 12.x). After updating IOS (15.x), ATM interface showed up an now the router is running..

Next problem I ran in into is that I need to setup a second PVC on the router. This circuit will be used to provide VOIP communication. I found some info on that, but I will start an new thread for it...Thank you all for help!

Hi,

Just had a similar issue with the SDM installer in a lab i'm working on.

To resolve the "You do not have permission to upgrade the flash." issue, try setting the enable password if you haven't already, seems a little odd i know, as you already have users with level 15 privs...  but did the trick for me.

Cheers

Garrie

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco