2960s switch web interface

GDainesGDaines Posts: 273Member ■■■□□□□□□□
Got a new 2960s switch at work which I'm setting up "to show I know what I'm doing", but I'm struggling.

This particular switch has a 10/100 management port which I've configured with an IP address of 10.10.10.1. I've then configured the IP address on my laptop to 10.10.10.2. From this I can browse to http://10.10.10.1 where I'm prompted for a password (which seems to be the enable secret password). So far so good.

I want to enable better security so I've been trying to follow this document: Using the Cisco Web Browser User Interface

ip http server was already enabled. Next it recommends using ip http authentication aaa followed by aaa authentication login default local. From my understanding this is supposed to use a local (switch) configured username and password, so let's say I set up username gd password cisco at the global configuration prompt. Now when I try to access the web interface I'm prompted for a username and password, but nothing I enter works. What am I doing wrong?

I've tried aaa authentication login default enable which supposedly uses the 'enable password' password, and aaa authentication login default none, both of which I believe ignore any username typed, but neither of these works either.

Am I misunderstanding the instructions or missing something really obvious?

Comments

  • DeathmageDeathmage Posts: 2,496Banned
    GDaines wrote: »
    Got a new 2960s switch at work which I'm setting up "to show I know what I'm doing", but I'm struggling.

    This particular switch has a 10/100 management port which I've configured with an IP address of 10.10.10.1. I've then configured the IP address on my laptop to 10.10.10.2. From this I can browse to http://10.10.10.1 where I'm prompted for a password (which seems to be the enable secret password). So far so good.

    I want to enable better security so I've been trying to follow this document: Using the Cisco Web Browser User Interface

    ip http server was already enabled. Next it recommends using ip http authentication aaa followed by aaa authentication login default local. From my understanding this is supposed to use a local (switch) configured username and password, so let's say I set up username gd password cisco at the global configuration prompt. Now when I try to access the web interface I'm prompted for a username and password, but nothing I enter works. What am I doing wrong?

    I've tried aaa authentication login default enable which supposedly uses the 'enable password' password, and aaa authentication login default none, both of which I believe ignore any username typed, but neither of these works either.

    Am I misunderstanding the instructions or missing something really obvious?

    by default the telnet or console passwords aren't setup.

    you need to type the following, after opening up a putty serial connection into the switch from your laptop on the console port of the switch with a RS-232 serial USB adapter:

    1) enable
    2) config t
    3) line vty 0 15
    3a) logging synchronous
    3b) exec-timeout 5 0
    3c) login local
    3d) exit
    4) username [username] privilege 15 password [insert password]
    5) exit
    6) wr
    7) log off putty telnet session

    Then you will be able to access the web interface via the IP address with the login information entered above.

    here is a Amazon return on some Serial USB Adapters: http://www.amazon.com/s/ref=nb_sb_noss?url=search-alias%3Daps&field-keywords=RS-232+serial+USB
  • GDainesGDaines Posts: 273Member ■■■□□□□□□□
    Deathmage wrote: »
    by default the telnet or console passwords aren't setup.

    you need to type the following, after opening up a putty serial connection into the switch from your laptop on the console port of the switch with a RS-232 serial USB adapter:

    1) enable
    2) config t
    3) line vty 0 15
    3c) login local
    3d) exit
    4) username [username] privilege 15 password [insert password]
    5) exit

    Then you will be able to access the web interface via the IP address with the login information entered above.

    I had set Console and Telnet passwords, used "login local" as opposed to just login, and created a user and password, but it just wasn't happening. I think that must have been because I was using the commands listed in the original post, because having removed all my changes I followed your instructions and can now indeed log in with the configured username and password. I obviously need to sit with someone that understands the http authentication commands to get an understanding of what I was actually configuring and how to get it to work.

    Off now to test serial and telnet access to make sure I know what details I have to enter to gain access via those login methods.

    Thanks Deathmage.
  • DeathmageDeathmage Posts: 2,496Banned
    Your completely welcome, I realize also if you want to setup the console, do all of Step 3 but instead of line vty 0 15, do 'line con 0'.
Sign In or Register to comment.