chezw
新新人类
帖子
2
精华
0
无忧币 30
积分 16
阅读权限 20
|
发表于:2008-3-9 16:28
标题:cisco 2811用http方式无法进入?
<上一帖 |
下一帖>
在cisco 2811路由器上启用了aaa本地认证用户密码(aaa authentication login default local ,aaa authentication ppp default local ,aaa authorization exec default local ,aaa authorization network default local),以telnet方式输入用户名和密码可以进入,以同样的用户名和密码(具有管理员权限)用http方式访问就是提示用户名和密码不对进不去(ip http server和ip http authenticatin aaa都配置了)一直提示需要验证要求输入用户名和密码,不知问题出在哪儿?想请教各位,(主要我想用sdm来管理配置路由),谢谢了!
具体配置如下:
#show run
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname vpn-route
!
boot-start-marker
boot system flash c2800nm-adventerprisek9_sna-mz.123-14.T2.bin
boot-end-marker
!
enable secret 5 $1$FwHT$j5eE9.VIKC1uHrp9swR0N.
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default local
aaa authorization network default local
!
aaa session-id common
!
resource policy
!
ip subnet-zero
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 1.1.1.11 1.1.1.254
!
ip dhcp pool nomadpool
network 1.1.1.0 255.255.255.0
dns-server 202.96.199.133 202.96.209.133 202.96.209.5 210.22.70.3
!
!
no ip ips deny-action ips-interface
vpdn enable
vpdn ip udp ignore checksum
!
vpdn-group nomad
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
!
no ftp-server write-enable
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username name password 0 password
!
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key cisco123 address xxxxxxxxxxxxxx
crypto isakmp key cisco123 address xxxxxxxxxxxxxx
!
!
crypto ipsec transform-set changzhou esp-3des esp-md5-hmac
!
crypto ipsec profile cisco
set security-association lifetime seconds 300
set transform-set changzhou
!
!
!
!
!
interface Tunnel0
bandwidth 1000
ip address 10.1.1.120 255.255.255.0
no ip redirects
ip mtu 1300
ip nhrp authentication cisco123
ip nhrp map multicast dynamic
ip nhrp map 10.1.1.1 xxxxxxxxxx
ip nhrp map multicast xxxxxxxx
ip nhrp map 10.1.1.2 xxxxxxxx
ip nhrp map multicast xxxxxxxx
ip nhrp network-id 1
ip nhrp holdtime 300
ip nhrp nhs 10.1.1.1
ip nhrp nhs 10.1.1.2
no ip split-horizon eigrp 100
delay 1000
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 0
tunnel protection ipsec profile cisco
!
interface FastEthernet0/0
ip address xxxxxxxxxxxx
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.120.10.254 255.255.255.0
duplex auto
speed auto
!
interface Virtual-Template1
ip unnumbered FastEthernet0/0
ip broadcast-address 0.0.0.0
ip nat inside
ip virtual-reassembly
peer default ip address dhcp-pool nomadpool
ppp encrypt mppe 40 required
ppp authentication chap ms-chap
!
!
router eigrp 100
passive-interface FastEthernet0/1
network 10.1.1.0 0.0.0.255
network 10.120.10.0 0.0.0.255
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 xxxxxxxxxx
!
!
ip http server
ip http authentication aaa
no ip http secure-server
ip nat pool outpool xxxxxxxxxxxxxnetmask 255.255.255.0
ip nat inside source list nomadlist pool outpool overload
!
ip access-list extended nomadlist
permit ip 1.1.1.0 0.0.0.255 any
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password xxxxx
!
scheduler allocate 20000 1000
!
end
[ 本帖最后由 chezw 于 2008-3-9 16:33 编辑 ]
|
网络工程师到底该不该去考CCIE认证? |
|
| 诚征版主 | 版主堂 | 意见建议 | 大史记 | 论坛地图