[Cisco] Telnet/SSH work, HTTP Gives Permission Denied

Posted on in Networking

Here are a few tips that might be helpful if you are having trouble accessing your Cisco router or switch via the web server.

  • Make sure you have the right password! This is pretty obvious, but it's definitely the first thing worth checking.
  • If you're using aaa new-model, you will need to tell the web server what group to use for authentication: ip http authentication local.
  • In order to make changes to the device, your user will need access level 15. You can set this with the username command: username slap privilege 15.
  • It's a good idea to use HTTPS instead of HTTP if possible. Enable that with ip http secure-server. You can disable the non-encrypted web server with no ip http server.
  • The web server supports a very basic access list. You can lock your web server down even further by limiting who can connect to it. Use ip http access-class 9. Remember to set up your access list first!

My Bookshelf

Reading Now

Other Stuff