chezw 2008-3-7 16:42
cisco 2811用http方式无法进入,疑问?
cisco 2811路由器启用了aaa本地认证(aaa authentication login default local aaa authentication ppp default local aaa authorization exec default local aaa authorization network default local),以telnet方式可以进入,以同样的用户名和密码(管理员权限)用http方式访问就是提示用户名和密码不对进不去(ip http server和ip http authenticatin aaa都配置了)一直提示需要验证要求输入用户名和密码,不知问题出在哪儿?想请教,(主要我想用sdm来管理路由),谢谢了!
10011981 2008-3-9 10:39
telnet方式与http方式的用户名,密码一样吗?
chezw 2008-3-9 16:37
回楼上telnet和http的用户名与密码一样的啊,
具体配置如下:麻烦大伙看看!
#show run
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname vpn-route
!
boot-start-marker
boot system flash c2800nm-adventerprisek9_sna-mz.123-14.T2.bin
boot-end-marker
!
enable secret 5 $1$FwHT$j5eE9.VIKC1uHrp9swR0N.
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default local
aaa authorization network default local
!
aaa session-id common
!
resource policy
!
ip subnet-zero
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 1.1.1.11 1.1.1.254
!
ip dhcp pool nomadpool
network 1.1.1.0 255.255.255.0
dns-server 202.96.199.133 202.96.209.133 202.96.209.5 210.22.70.3
!
!
no ip ips deny-action ips-interface
vpdn enable
vpdn ip udp ignore checksum
!
vpdn-group nomad
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
!
no ftp-server write-enable
!
!
username name password 0 password
!
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key cisco123 address xxxxxxxxxxxxxx
crypto isakmp key cisco123 address xxxxxxxxxxxxxx
!
!
crypto ipsec transform-set changzhou esp-3des esp-md5-hmac
!
crypto ipsec profile cisco
set security-association lifetime seconds 300
set transform-set changzhou
!
!
interface Tunnel0
bandwidth 1000
ip address 10.1.1.120 255.255.255.0
no ip redirects
ip mtu 1300
ip nhrp authentication cisco123
ip nhrp map multicast dynamic
ip nhrp map 10.1.1.1 xxxxxxxxxx
ip nhrp map multicast xxxxxxxx
ip nhrp map 10.1.1.2 xxxxxxxx
ip nhrp map multicast xxxxxxxx
ip nhrp network-id 1
ip nhrp holdtime 300
ip nhrp nhs 10.1.1.1
ip nhrp nhs 10.1.1.2
no ip split-horizon eigrp 100
delay 1000
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 0
tunnel protection ipsec profile cisco
!
interface FastEthernet0/0
ip address xxxxxxxxxxxx
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.120.10.254 255.255.255.0
duplex auto
speed auto
!
interface Virtual-Template1
ip unnumbered FastEthernet0/0
ip broadcast-address 0.0.0.0
ip nat inside
ip virtual-reassembly
peer default ip address dhcp-pool nomadpool
ppp encrypt mppe 40 required
ppp authentication chap ms-chap
!
!
router eigrp 100
passive-interface FastEthernet0/1
network 10.1.1.0 0.0.0.255
network 10.120.10.0 0.0.0.255
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 xxxxxxxxxx
!
!
ip http server
ip http authentication aaa
no ip http secure-server
ip nat pool outpool xxxxxxxxxxxxxnetmask 255.255.255.0
ip nat inside source list nomadlist pool outpool overload
!
ip access-list extended nomadlist
permit ip 1.1.1.0 0.0.0.255 any
!
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password xxxxx
!
scheduler allocate 20000 1000
!
end
