HTTP(S) Access to Switch
I am trying to get logged into the web interface of one of my switches. I have the following in my config:
ip http server
ip http authentication aaa
ip http secure-server
and I also setup a trivial username/password to test. This switch is setup to use RADIUS, but I cannot seem to login to it with the username/password I use when accessing it via SSH and I also cannot access it using the trivial username/password I added to the local user database. What am I missing?
Image WITH WEB BASED DEV MGR
ip http server
ip http secure-server
ip http authentication local
Are your rsa keys generated too?
Crypto key generate rsa
https://supportforums.cisco.com/docs/DOC-3392
Hope this helps
Sent from Cisco Technical Support iPhone App
Similar Messages
-
Lost access to switch after upgrade to metro access image
Hello
After an upgrade of a 3400 ME switch image to metro access one (340x), the switch was reloaded. After that, the only way to access the switch is the console port. I am beginner with cisco switches but I managed to configure the switch to make an upgrade through TFTP. Now I want to configure port 0/1 on vlan access mode to vlan 1. Any help on this is more than welcome. Thank you.
Switch Ports Model SW Version SW Image
* 1 26 ME-3400-24TS-D 12.2(35)SE3 ME340x-METROACCESS-M
no aaa new-model
system mtu routing 1500
ip subnet-zero
no file verify auto
spanning-tree mode rapid-pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
vlan 10
name management
interface FastEthernet0/1
speed 100
duplex full
interface FastEthernet0/2
shutdown
interface FastEthernet0/3
no switchport
no ip address
no ip route-cache
shutdown
interface FastEthernet0/4
shutdown
--More--
interface GigabitEthernet0/2
port-type nni
interface Vlan1
ip address 192.168.1.252 255.255.255.0
no ip route-cache
interface Vlan10
no ip address
no ip route-cache
shutdown
ip default-gateway 192.168.1.1
no ip http server
cisco3400#sh int fastEthernet 0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Capture Mode Disabled
Capture VLANs Allowed: ALLI found the source of the problem. My switch was connected to another one. I had to explicitly put port type to nni.
Hope it helps someone. -
I have an LC/APC fiber patch cord infrastructure and I want to connect it to Cisco Catalyst 6500 & Cisco Access 3750 Switches. what type of transceiver should be used?
I read a note on Cisco website stating the following for Cisco SFP+ transceivers:
Note: "Only connections with patch cords with PC or UPC connectors are supported. Patch cords with APC connectors are not supported. All cables and cable assemblies used must be compliant with the standards specified in the standards section"Thank you, but my question is that I have a single mode fiber patch cord with LC/APC connector while cisco stating a note that only use LC/PC or LC/UPC type of connectors with SFP+ transceiver.
So what type of transceiver should I use to connect LC/APC patch cord to cisco switches? Is there another type or SFP+ still can be used? -
Use HTTPS to access webservice on standalone OC4J
I have followed the instructions in the Oracle Containers for J2EE Security Guide for setting up SSL (Chapter 15) on standalone OC4J. I have also looked at Tugs blog about using HTTPS with web services. I believe I have everything setup right but have a problem.
BTW, I am using a standalone OC4J instance that is also an ESB server. Prior to doing the SSL setup I already had 2 test web services running that could be accessed via http just fine.
Here is my default-web-site.xml file contents:
<web-site xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/web-site-10_0.xsd" port="8888" display-name="OC4J 10g (10.1.3) Default Web Site" schema-major-version="10" schema-minor-version="0" >
<default-web-app application="default" name="defaultWebApp" />
<web-app application="system" name="dms0" root="/dmsoc4j" />
<web-app application="system" name="dms0" root="/dms0" />
<web-app application="system" name="JMXSoapAdapter-web" root="/JMXSoapAdapter" />
<web-app application="default" name="jmsrouter_web" load-on-startup="true" root="/jmsrouter" />
<web-app application="javasso" name="javasso-web" root="/jsso" />
<web-app application="ascontrol" name="ascontrol" load-on-startup="true" root="/em" ohs-routing="false" />
<web-app application="esb-test" name="esb-test" load-on-startup="true" root="/esbtest" />
<web-app application="esb-dt" name="esb_console" load-on-startup="true" root="/esb" />
<web-app application="orainfra" name="orainfra" load-on-startup="true" root="/orainfra" />
<web-app application="esb-rt" name="provider-war" load-on-startup="true" root="/event" />
<web-app application="Test-elexnet_service-WS" name="WebServices" load-on-startup="true" root="/Test-elexnet_service-context-root" />
<web-app application="Test-elexnet_service2-WS" name="WebServices" load-on-startup="true" root="/Test-elexnet_service2-context-root" />
<access-log path="../log/default-web-access.log" split="day" />
</web-site>
Here is my secure-web-site.xml file contents:
<web-site xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/web-site-10_0.xsd" secure="true" port="4443" display-name="OC4J 10g (10.1.3) Secure Web Site" schema-major-version="10" schema-minor-version="0" >
<default-web-app application="default" name="defaultWebApp" />
<web-app application="Test-elexnet_service-WS" name="WebServices" load-on-startup="true" root="/Test-elexnet_service-context-root" />
<web-app application="Test-elexnet_service2-WS" name="WebServices" load-on-startup="true" root="/Test-elexnet_service2-context-root" />
<access-log path="../log/secure-web-access.log" split="day" />
<ssl-config keystore="C:\OracleESB\j2ee\home\oc4jkeystore.jks" keystore-password="xxx" />
</web-site>
I also have the following in my server.xml file:
<application name="javasso" path="../../home/applications/javasso.ear" parent="default" start="false" />
<application name="ascontrol" path="../../home/applications/ascontrol.ear" parent="system" start="true" />
<application name="esb-dt" path="../applications/oraesb-dt.ear" parent="default" start="true" />
<application name="orainfra" path="../applications/orainfra.ear" parent="default" start="true" />
<application name="esb-rt" path="../applications/oraesb-rt.ear" parent="esb-dt" start="true" />
<application name="esb-test" path="../applications/oraesb-test.ear" parent="default" start="true" />
<application name="Test-elexnet_service-WS" path="../applications\Test-elexnet_service-WS.ear" parent="default" start="true" />
<application name="webapp" path="../applications\webapp.ear" parent="default" start="true" />
<application name="Test-elexnet_service2-WS" path="../applications\Test-elexnet_service2-WS.ear" parent="default" start="true" />
<global-web-app-config path="global-web-application.xml" />
<transaction-manager-config path="transaction-manager.xml" />
<web-site default="true" path="./default-web-site.xml" />
<web-site path="./secure-web-site.xml" />
<cluster id="31671846181898" />
All I really want is to access the 2 web services via HTTPS. I can access the default applciation via https just fine but when I try to use https to access the web services I get a 404 Not found error (after first getting a security alert popup). I can still access the services via http though. In the log of the server I have the following errors that occured on startup of OC4J. They pertain to the secure web site and there is an error for each web service. I don't understand what they mean/what the problem is:
<MSG_TEXT>Internal error raised tyring to instantiate web-application: WebServices defined in web site OC4J 10g (10.1.3) Secure Web Site. Error compiling :C:\OracleESB\j2ee\home\applications\Test-elexnet_service2-WS\WebServices: Error instantiating compiler: IO error writing cache: C:\OracleESB\j2ee\home\application-deployments\Test-elexnet_service2-WS\WebServices\deployment-cache.jar</MSG_TEXT>
<MSG_TEXT>Internal error raised tyring to instantiate web-application: WebServices defined in web site OC4J 10g (10.1.3) Secure Web Site. Error compiling :C:\OracleESB\j2ee\home\applications\Test-elexnet_service-WS\WebServices: Error instantiating compiler: IO error writing cache: C:\OracleESB\j2ee\home\application-deployments\Test-elexnet_service-WS\WebServices\deployment-cache.jar</MSG_TEXT>
Anyone know what is going on? TIA!
NickI found that when I REMOVED the following from the default-web-site.xml
<web-app application="Test-elexnet_service-WS" name="WebServices" load-on-startup="true" root="/Test-elexnet_service-context-root" />
<web-app application="Test-elexnet_service2-WS" name="WebServices" load-on-startup="true" root="/Test-elexnet_service2-context-root" />
and restarted OC4J, then everything is ok and I don't get any errors. However I can only access the web services via HTTPS and not HTTP.
Anybody got any ideas? -
I can not access the switch through the console (solved)
Hello,
I'm having a problem.
I can not access the switch through the console. The web interface is working properly.
Model: SRW224g4
Below some pictures.
The HyperTerminal settings
error:
If anyone can help me?
Thank you and excuse the bad English.Hello Rumenigue,
It looks to me like you are using a console cable. The reason you usually see them the other way around is because with a console cable the RJ-45 end goes into the device (an ethernet jack labeled console) whereas on this switch the console port is serial itself.
Usually the serial end of the cable you have plugs into a USB to serial adapter (because most computers today don't have serial ports anymore) and that USB connection goes into your PC, creating the virtual COM port you need in HyperTerminal.
So if you get a USB to Serial adapter you could plug that from USB to the console port, or if you computer has a serial port of its own just connect a serial cable directly from the PC to the switch, then use HyperTerminal with the settings recommended above by Tom.
Hope I have helped,
Christopher Ebert
Network Support Engineer - Cisco Small Business Support Center -
Safari 5.1 HTML5 HTTP basic access authentication issue video does not load
I have a .m4v video referenced in a page with the HTML5 video tag in a folder which is in a password protected folder housed on iPage.
Safari 5.0.5 plays the video fine. Safari 5.1 fails to load/play the video in the protected folder. If I move the video to a not protected folder, Safari 5.1 plays it fine.
This is on iPage. Back on MobileMe all is fine with 5.1.
I think this is a HTTP basic access authentication issue with 5.1.
Anyone have similar issue? Work around?Yes, I can also confirm this behaviour. This is in Safari 5.1.1, but I also see the exact same thing in WebKit nightlies.
-
Need to change the Certificate in ACE that is using for HTTPS Management access
Dear Team,
Currently we are getting certificate cannot be trusted error in web browser while we are accessing the ACE through https. So we need to installed the new https certificate for https management connection to ACE for removing this error. We do not want to use the self signed certificate for https access to ACEmanagement. We have done the below configuration but there no luck, still its showing the previous self signed certificate in browser.
parameter-map type ssl MNGMT_SSL
cipher RSA_WITH_AES_128_CBC_SHA priority 2
ssl-proxy service PSERVICE_SERVER
key ACEKEY.key
cert ACECERT.cert
ssl advanced-options MNGMT_SSL
Kindly suggest how we can installed the certificate on ACE for only https management access.
Thanks in advance.
Regrads,
RanjithRanjith,
You may want to see the details and recommendation relatedo to this situation and this bug:
CSCte42757
Jorge -
Hello everyone,
When configuring MST for STP, is there a need to configure it on access layer switches in a collapsed core design? I can find docs to configure the root and secondary root bridges but I don't see anything about configuring access layer switches. In RSTP, you configure it on all switches cooperating in STP and set the root and secondary bridges accordingly. Any help is appreciated.
Regards,
TerenceHi,
You should configure your access switches for MST as well so you are using the same STP for core and access. The only difference between the core and access is that the core is root and back up root for STP and the access layer is just default (32768).
HTH -
EA4500, setting 'HTTPs' admin access only, failure CCC upgrading
Got a new EA4500 yesterday, it came with traditional browser-based firmware.
Then I changed its Admin access to HTTPs only, disabled HTTP.
I downloaded CCC upgrading wizard, registered CCC account.
When I tried to upgrade to CCC firmware, it kept trying to detect and finally told 'can not detect a device to upgrade'.
When I enabled HTTP admin access and tried to upgrade CCC again, it worked.
Does somebody encounter similar issue?
If HTTP enabling is a necessary condition for CCC upgrading, shall such message be prompt at least, when the tool failed to detect applicable device?Which group are you talking about?
I have a group for all direct access machines, You have to specify this group during the wizard.
The permission issue seems to be related to the script trying to modify group policy
I have tired with the default polices the wizard creates and also specifying 2 blank policies. -
Bug: HTTP Basic Access Authorization in browser non-functional.
Upon visiting any site that requires a username and password via HTTP Basic Access Authorization ( http://en.wikipedia.org/wiki/Basic_access_authentication ), a prompt shows up, as one should. There are two fields, which oddly are not denoted Username and Password. In any case, attempting to enter the proper username and password in those fields does not work! You will be reprompted until finally the server rejects you.
I have tried this on numerous websites already, and have checked the passwords to ensure they were correct.
Post relates to: Pre p100eww (Sprint)I can confirm this bug too on the Palm Emulator for webOS (v1.2.0.33 currently). I do not have a physical Palm Pre to test this on, but I would expect that the emulator emulates the hardware's behavior too (else, what's the point of an emulator?). I've seen mixed reports on this particular issue. That is, I've seen at least one other person complaining about this problem on the real hardware, and yet, I've also seen another person who doesn't appear to have any such issues.
I'll cut straight to the technical details. If I use hello:world as the login in a browser that does work correctly for basic HTTP auth, I see the following header in the sniffed packet:
Authorization: Basic aGVsbG86d29ybGQ=
However, when the Palm Pre (emulator) fails to log in, I see the following in the header:
Authorization: Basic aGVsbG86d29ybGQA
Clearly, the Palm is doing something incorrectly when it encodes the authorization details. It seems to be including an additional nonprintable character at the end (a terminating null?) when it encodes, which results in the different encoding. Considering the fact that various web browsers and Base64 encoding libraries I've tested agree with the former encoding, and not the latter, I'm inclined to believe that the Palm Pre is completely in the wrong here. Of course, why this doesn't seem to be happening to all users, though, is an oddity for which I have absolutely no potential explanations.
Message Edited by Ultima on 11-07-2009 02:48 PM -
Is it possible to clean up the http-web-access.log?
The size of the file http-web-access.log has increase drastically and I've just started facing disk full problems on my Server. We have are using Oracle 10g. I was wondering if someone could give me any advice how I can cleanup this file.
Thank you in adavnce.
Edited by: user8378419 on Apr 24, 2009 10:01 AMThank you for your reply. According to the defrag report it is an Oracle product - likely the OEM as we do use Enterprise Manager on a daily basis.
Fragments File Size Most fragmented files
3,630 600 MB \oracle\product\10.2.0\db_1\oc4j\j2ee\OC4J_DBConsole_wyocama01_ATSRV\log\http-web-access.log
Thanks again for any guidance regarding this. -
Packets dropped to Access layer switch???
We have a 6509 running in Native IOS that has 2gb port channels connecting to our 7 access layer switches. About a week ago we were working with Remote span vlans and added a remote span from the 6509 to our other core (6513) which is connected via a 20Gbps portchannel. We began to notice that a lot of people were calling in reporting devices as being slow and we noticed that from the 6509 (Which was the root bridge) we were disgarding millions of packets on the transmit side of our access layer switches. We took out the remote span but it appears that we are still disgarding packets. There are no input or output errors on either side. The Remote span VLAN does not exist on the access layer switch's VLAN database. Does anybody have any idea what we should be looking for?
you can use an acl to match the number of packets that come into / out of each of the devices. Simply use two lines in each acl where on the first line you match the packet in question and on the second line you have "permit ip any any" so you don't block any packets. Then simply apply the acl either inbound or outbound on the interface in question. If you want more than one acl on a given device, such as inbound one interfaceand outbound another, be sure to use two different acl numbers.
create the acl's and apply them
ensure there isn't an active call
clear access-list counters on all devices where you configured the acl's so we ensure all of them are set to 0 -
802.1x per host authentication under one port with multi-host access by switch
In the situation with multi-host access to one port of Cisco 2960 Lan Lite by another simple L2 switch, is it possible that we could control per user access by authentication for each?
What happens if I connect to the switch (which already has some trusted devices) a untrusted device?
What happens if I connect to the switch (which already has some untrusted device) a trusted device?
If I use "authentication violation protect" traffic will be blocked only by an untrusted device or all devices connected via a simple L2 switch?
I read the manual, but it is not made detailed clarity.
Please tell me the right way.
I will be very grateful for your advice!Hello,
In the situation with multi-host access to one port of Cisco 2960 Lan Lite by another simple L2 switch, is it possible that we could control per user access by authentication for each?
Yes, that's why multi-host mode exists
What happens if I connect to the switch (which already has some trusted devices) a untrusted device? If it's on single host the port will go into error-disabled as the violation of just one client per port has been triggered.
What happens if I connect to the switch (which already has some untrusted device) a trusted device?Same thing than before if being on single mode.
If I use "authentication violation protect" traffic will be blocked only by an untrusted device or all devices connected via a simple L2 switch?
Only for the unknown client MAC address, the trusted devices will be able to comunicate.
For more information about Core and Security Networking follow my website at http://laguiadelnetworking.
Any question contact me at [email protected]
Cheers,
Julio Carvajal Segura -
BB Backup access AFTER switching to new phone?
Hello -- I had a BB Curve from 2008-2011. Yes, I switched to a different smartphone. I have need for access to some of the info that was backed up from my BB during 2010. Is it possible for me to get to this? I was using the Desktop BB software at the time, which has since been removed from my PC. Any thoughts/suggestions would be helpful!
Thanks!There are a couple of options for extracting and viewing data from a the backup files.
1. The IPD Parse macro is designed to read a Blackberry IPD file and create reports in MSWord or MSExcel. It is free, and you can find out more here: https://sites.google.com/site/ipdparse/home
For .bbb backup files, use this macro to extract seven "primary" IPD files (Address Book, Calendar, SMS Messages, Tasks, Memos, PIN Messages and Phone Call Logs)
IPD bbb Extract macro https://sites.google.com/site/ipdbbbextract
These IPD files can subsequently be used as inputs to the other macro, IPD Parse, to produce reports.
2. Another options is MagicBerry from MenaStep... which extract from a backup IPD or BBB file, split IPD files, etc. http://menastep.com/pages/magicberry.php
3. Another IPD and BBB file utility is BlackBerry Backup Extractor, and is available for PC and Mac, and can be found here: http://www.blackberryconverter.com/ There is a free and paid version.
1. If any post helps you please click the below the post(s) that helped you.
2. Please resolve your thread by marking the post "Solution?" which solved it for you!
3. Install free BlackBerry Protect today for backups of contacts and data.
4. Guide to Unlocking your BlackBerry & Unlock Codes
Join our BBM Channels (Beta)
BlackBerry Support Forums Channel
PIN: C0001B7B4 Display/Scan Bar Code
Knowledge Base Updates
PIN: C0005A9AA Display/Scan Bar Code -
Access Server 2511 can't access Routers & Switch
Hi,
i recently bought Cisco Routers, Switch, Access Server and Frame-relay for my CCNP home lab, but problem is that my Access Server 2511 can't connect to any other devices like router or switch, i have configure "loopback 200.1.1.1" than setup "ip host Router1 2001 200.1.1.1" command for all of my other devices, when i try to connect to other devices it give me this message but do not show prompt for that device...
(Router#f2
Translating "f2"
Trying f2 (200.1.1.1, 2001)... Open)
i leave this message for a long time but Prompt never come....
i also use CLEAR line command to clear but problem still exist.
Please help me to resolve this problem...
Regards,
ABDULHi
Thank you for your guidance, i have done changes which you were suggested, but problem still exit ..this is my fifth day battling with this issue..i can connect and work on all devices through network using # telnet (ip address of any device) ..i am using the right cable (72-0845-01) Cisco Cab-Octal-Async 8 Lead Octal Cable (68 pin to 8 Male RJ-45s)... now i am thinking that there is a problem with cable or Access Server 2511 physically not with configuration..any way i am waiting for your reply...
tserver#sh run
Building configuration...
Current configuration : 1054 bytes
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname tserver
boot-start-marker
boot-end-marker
enable secret 5 $1$sWZ2$iNhMYtvWsbwBSGLnYtphr/
enable password cisco
no aaa new-model
ip subnet-zero
no ip domain lookup
ip host f1 2001 172.168.1.1
ip host s1 2002 172.168.1.1
ip host r1 2007 172.168.1.1
ip host f2 2009 172.168.1.1
ip host s2 2010 172.168.1.1
ip host r2 2016 172.168.1.1
interface Loopback0
ip address 172.168.1.1 255.255.255.0
interface Ethernet0
no ip address
shutdown
interface Serial0
no ip address
shutdown
no fair-queue
interface Serial1
no ip address
shutdown
ip http server
ip classless
dialer-list 1 protocol ip permit
line con 0
password cisco
login
transport output telnet
telnet speed 9600 38400
line 1 16
transport input telnet
transport output telnet
flowcontrol hardware
line aux 0
line vty 0 4
password cisco
login
transport input telnet
transport output telnet
telnet speed 9600 38400
end
Maybe you are looking for
-
How do I re-install Verdana files on my Mac so that Illustrator opens?
Hi I'm getting the message 'Adobe Illustrator has stopped working, enable Verdana files etc).... I've read the other discussions about this & I know that Verdana & some other font files need to be activated in order for Illustrator to open. The probl
-
Hi I receive the following error when loading a CF form in a Flash format... Errors, warnings or exceptions were found when compiling /mystore/admin/purchases_not_processed.cfm. Visit the online Flex documentation or API reference for further informa
-
How do I make a facebook page with a premade template? [was:help]
how do I make a facebook page with a premade template i bought on etsy? I have asked this 10 times now In all diffrent section here. I guess I dont even know how to ask a question in photo shop?? I am very glad I am only on the trial. This is soooo N
-
I am trying to insert a stat counter (from statcounter.com) into my Muse website. I am not sure how I can insert that html and keep it hidden. I originally developed my website with Dreamweaver and it was easy to place the statcounter in the code. I
-
Hi, i want to use dovecot as IMAP server. but i don't get i is use getmail to fetch pop3 mail. this works fine, but dovecut doesn't the config is very complicated, the log doesn't say a lot and every howto on google says..."just install it and it wor