Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Cisco Aironet 1600, http access only with level 15

hello everyone

I have an AP AIR-SAP1602E-E-K9 with ios 15.2(2)JB2, I have created several users via CLI with different privilege and can access with them through CLI without problems, but if try to log in via HTTP only users with level 15 can do it. Other AP with different IOS and same config works fine, through HTTP the minimun level access is 1. Here is part of the config file

aaa group server radius rad_eap

!

aaa group server radius rad_mac

!

aaa group server radius rad_acct

!

aaa group server radius rad_admin

!

aaa group server tacacs+ tac_admin

!

aaa group server radius rad_pmip

!

aaa group server radius dummy

!

aaa authentication login default local

aaa authentication login eap_methods group rad_eap

aaa authentication login mac_methods local

aaa authorization exec default local

aaa accounting network acct_methods start-stop group rad_acct


username admin privilege 15 password 7 XXXXXXXX

username test1 password 7 XXXXXXXXX

username test2 privilege 7 password 7 XXXXXXXXX

!

ip http server

ip http authentication aaa

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

Anyone could help me?

Everyone's tags (2)
6 REPLIES

Re: Cisco Aironet 1600, http access only with level 15

I am pretty sure you need a level 15 account to access the web GUI using a local account.

Sent from Cisco Technical Support iPhone App

Cisco Aironet 1600, http access only with level 15

No. i have other Ap (with different IOS 12.2) and can log in with level 1 (just read-only) but can log on.

Cisco Employee

Re: Cisco Aironet 1600, http access only with level 15

Hi Gonzalo,

Personally, I've not seen accessing HTTP interface via privilege  level 1. Since it's working in your scenario with 12.2 code so we can  troubleshoot.

Can you please remove this command

ip http authentication aaa

with;

ip http authentication local

If the above change doesn't help you to resolve this issue. Please get the following outputs.

debug ip http authentication

debug aaa authentication

debug aaa authorization

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
Cisco Employee

Re: Cisco Aironet 1600, http access only with level 15

did you get a chance to make suggested changes?

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

Re: Cisco Aironet 1600, http access only with level 15

To return to the default privilege for a given command, use the no privilege mode level level command global configuration command.

This example shows how to set the configure command to privilege level 14 and define SecretPswd14 as the password users must enter to use level 14 commands:

AP(config)#privilege exec level 14 configure

AP(config)#enable password level 14 SecretPswd14

Re: Cisco Aironet 1600, http access only with level 15

A client connects to the HTTP server with a default privilege level of 15. Please issue ip http authentication local other than ip http authentication aaa. Check if it helps

3430
Views
0
Helpful
6
Replies