Wired Intelligent Edge

 View Only

  • 1.  problems getting 3810 web-management ssl to work

    Posted Oct 07, 2020 05:49 PM

    I'm trying to login to web-management but it just keeps going back to the main page.  This is after I added the switch to our ClearPass server.  I accidently added a aaa authentication web login tacacs    I can't seem to figure out how to remove that line.  I also have aaa authentication web enable tacacs as well.  I can't seem to do a no aaa authentication web blablabla  as it errors out?  I can login to the switch using TACACS fine using SSH and console? 

     

    When i try a no aaa authentication web login tacacs I get Invalid input: web

     

    Thanks!

     



  • 2.  RE: problems getting 3810 web-management ssl to work

    Posted Oct 09, 2020 04:21 AM

    Hi,

     

    Do you have try aaa authentication web login local ?

     



  • 3.  RE: problems getting 3810 web-management ssl to work

    Posted Oct 09, 2020 10:07 AM

    Hello,

     

    I did try that, and I login with manager and the password I setup in the CLI, but it just goes back to the login prompt, not actually going into the system.  I tried on Internet Explorer, Chrome, NEW Edge, and FireFox with all the same behavior.  Is there a command that will reset the website on the switch?



  • 4.  RE: problems getting 3810 web-management ssl to work

    Posted Oct 09, 2020 10:09 AM

    it briefly goes to the login.check then back to login.html

     

    UIUYoungr_0-1602252531923.png

     



  • 5.  RE: problems getting 3810 web-management ssl to work

    Posted Oct 12, 2020 03:41 PM

    what firmware version ?

     

    what the config ?



  • 6.  RE: problems getting 3810 web-management ssl to work

    Posted Oct 12, 2020 04:02 PM

    I don't know why my account isn't working I had to create a new one.....

    Ver: 

    Image stamp: /ws/swbuildm/rel_ajanta_qaoff/code/build/bom(swbuildm_rel_ajanta_qaoff_rel_ajanta)
    Jun 26 2020 00:37:17
    KB.16.10.0009
    72
    Boot Image: Primary

    Boot ROM Version: KB.16.01.0009
    Active Boot ROM: Primary

     

    console idle-timeout 900
    console idle-timeout serial-usb 900
    logging 10.1.80.50
    logging origin-id hostname
    radius-server host 10.2.1.11 encrypted-key "KEY"
    radius-server host 10.2.1.11 dyn-authorization
    radius-server host 10.2.1.11 time-window plus-or-minus-time-window
    radius-server host 10.2.1.11 time-window 30
    radius-server host 10.2.1.12 encrypted-key "KEY"
    radius-server host 10.2.1.12 dyn-authorization
    radius-server host 10.2.1.12 time-window plus-or-minus-time-window
    radius-server host 10.2.1.12 time-window 30
    radius-server cppm identity "cppm-dur" encrypted-key "KEY
    timesync ntp
    sntp unicast
    sntp server priority 1 10.1.30.91
    ntp unicast
    ntp server 10.1.30.91 iburst
    ntp server 10.1.30.91 min-poll 10 max-poll 17
    ntp enable
    tacacs-server host 10.2.1.11 encrypted-key "KEY"
    tacacs-server host 10.2.1.12 encrypted-key "KEY"
    time daylight-time-rule continental-us-and-canada
    time timezone -360
    no web-management
    web-management ssl
    ip default-gateway 10.2.1.1
    ip ssh filetransfer
    ip source-interface tacacs vlan 2
    ip source-interface radius vlan 2
    ip client-tracker trusted
    aaa server-group radius "CLEARPASS" host 10.2.1.11
    aaa server-group radius "CLEARPASS" host 10.2.1.12
    aaa accounting update periodic 5
    aaa accounting commands stop-only radius
    aaa accounting exec start-stop radius
    aaa accounting network start-stop radius server-group "CLEARPASS"
    aaa accounting system stop-only radius
    aaa authorization user-role name "BYOD"
    exit
    aaa authorization user-role name "CORP"
    exit
    aaa authorization user-role name "GUEST"
    exit
    aaa authorization user-role name "VOICE"
    exit
    aaa authorization user-role name "SECURE"
    exit
    aaa authorization user-role name "SPLASH"
    exit
    aaa authorization user-role name "PROFILE"
    exit
    aaa authorization user-role name "MYRESNET"
    exit
    aaa authorization user-role name "PRINTERS"
    exit
    aaa authorization user-role enable download
    aaa authentication login privilege-mode
    aaa authentication console login tacacs
    aaa authentication console enable tacacs
    aaa authentication ssh login tacacs
    aaa authentication ssh enable tacacs
    aaa authentication port-access eap-radius server-group "CLEARPASS"
    aaa authentication mac-based chap-radius server-group "CLEARPASS"
    aaa authentication captive-portal enable
    aaa port-access authenticator 1-47
    aaa port-access authenticator 1-47 tx-period 10
    aaa port-access authenticator 1-47 supplicant-timeout 10
    aaa port-access authenticator 1-47 client-limit 3

    aaa port-access mac-based 1-47
    aaa port-access mac-based 1-47 addr-limit 3
    oobm
    ip address dhcp-bootp
    ipv6 enable
    ipv6 address dhcp full
    exit
    vlan 1
    name "DEFAULT_VLAN"
    no untagged 1-48,A1-A4
    no ip address
    ipv6 enable
    ipv6 address dhcp full
    exit
    vlan 2
    untagged 48,A1-A4
    exit
    vlan 9
    tagged 48,A1-A4
    no ip address
    exit
    vlan 10
    untagged 1-47
    tagged 48,A1-A4
    no ip address
    exit
    vlan 42
    tagged 48,A1-A4
    no ip address
    exit
    vlan 90
    tagged 48,A1-A4
    no ip address
    exit
    vlan 205
    tagged 48,A1-A4
    no ip address
    exit
    spanning-tree
    no tftp server
    no autorun
    no dhcp config-file-update
    no dhcp image-file-update
    device-profile name "default-ap-profile"
    cos 0
    exit



  • 7.  RE: problems getting 3810 web-management ssl to work
    Best Answer

    Posted Oct 13, 2020 02:15 AM

    What do you have with show authentication ?

     

    do you have a local user ?



  • 8.  RE: problems getting 3810 web-management ssl to work

    Posted Oct 13, 2020 11:21 AM

    It appears that you have to create a user-name for it to work, UNLIKE for the 2530 which is what I'm used to.



Related Content