tel 能够连接 但是网页显示登陆失败 服务也都已经开启 下图有用户具体配置
(1)
检查是否登录限制的策略
(0)
该如何去查看
dis cu
display ip https
查看IPv4 ACL:后面参数 是否应用了acl进行了限制
(0)
该使用哪个命令
display ip https
dis acl 2000 看下规则, permit source 加上你的电脑ip
您好,全局是否开启http和https
(0)
您好,请知:
web无法登陆,以下是排查要点,请参考:
1、检查用户名、密码是否正确。
2、检查登陆的用户名是否赋予了HTTP和HTTPS的权限。
3、更换其他浏览器、清理浏览器缓存看下。
4、检查是否开启了HTTP或HTTPS的功能。
5、检查是否修改了HTTP或HTTPS的服务端口。
6、检查AC是否能被PING通。
(0)
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
ip https enable 这个也打开了
vty相关的命令也上来看下,建议把所有命令发上来吧
方便加个联系方式吗 截图您帮我看看
下面回答问题 直接上图就行
version 7.1.064, Release 5435P02 # sysname AC-CB200485 # clock timezone beijing add 08:00:00 clock protocol ntp # wlan global-configuration # telnet server enable # dot1x authentication-method eap # dhcp enable # dhcp snooping enable # lldp global enable # password-recovery enable # vlan 1 # vlan 89 name switch_manage # vlan 90 name ap # vlan 98 name bianfeng # vlan 102 name bianfeng-office # stp mode pvst stp bpdu-protection stp global enable # dhcp server ip-pool ap_vlan90 gateway-list 10.176.90.2 network 10.176.90.0 mask 255.255.255.0 dns-list 114.114.114.114 # wlan service-template office ssid AK vlan 102 akm mode psk preshared-key pass-phrase cipher $c$3$6aAbQDd4gQNHmHCrQnog0sbE3xvCkJrcPrDnItCLIcw= cipher-suite ccmp security-ie rsn service-template enable # interface NULL0 # interface Vlan-interface1 shutdown ip address dhcp-alloc # interface Vlan-interface89 description switch_manage ip address 10.176.89.100 255.255.255.0 # interface Vlan-interface90 ip address 10.176.90.2 255.255.255.0 dhcp server apply ip-pool ap_vlan90 # interface GigabitEthernet1/0/5 port link-mode route # interface GigabitEthernet1/0/6 port link-mode route # interface GigabitEthernet1/0/1 port link-mode bridge port link-type trunk port trunk permit vlan all arp detection trust dhcp snooping trust # interface GigabitEthernet1/0/2 port link-mode bridge port link-type trunk port trunk permit vlan all arp detection trust dhcp snooping trust # interface GigabitEthernet1/0/3 port link-mode bridge port link-type trunk port trunk permit vlan all arp detection trust dhcp snooping trust # interface GigabitEthernet1/0/4 port link-mode bridge port link-type trunk port trunk permit vlan all arp detection trust dhcp snooping trust # scheduler logfile size 16 # line class console user-role network-admin # line class vty user-role network-operator # line con 0 user-role network-admin # line vty 0 31 authentication-mode scheme user-role network-admin user-role network-operator idle-timeout 30 0 # ip route-static 0.0.0.0 0 10.176.89.1 # undo info-center logfile enable # snmp-agent snmp-agent local-engineid 800063A280083A386395B000000001 snmp-agent community read public snmp-agent sys-info version all # ssh server enable ssh server acl 2000 # ntp-service enable ntp-service unicast-server 202.118.1.130 # acl number 2000 description sshmanager rule 1 permit source 10.245.89.0 0.0.0.255 rule 2 permit source 192.168.142.27 0 rule 5 permit source 10.245.96.0 0.0.0.255 rule 10 permit source 10.176.89.0 0.0.0.255 rule 11 permit source 10.176.104.21 0 rule 20 deny # radius scheme all-802.1x primary authentication 10.245.95.25 primary accounting 10.245.95.25 key authentication cipher $c$3$YJ2LE2SXJvLiODz7KjS1+rvUM43jRj5vgcEGaz/Zx9MCE5Y= key accounting cipher $c$3$Y6tRIsLKlJzeVZtUj44X2pabD1BaxupvxNMaZlDakZ8qdr4= user-name-format without-domain nas-ip 10.176.90.2 # radius scheme bianfeng-macauth primary authentication 192.168.136.54 primary accounting 192.168.136.54 key authentication cipher $c$3$fSu2RaGphciVMJk0+YW5Tqzx4PexLsfHrs9RAWENV0pN4ro= key accounting cipher $c$3$vfib7WDPU+Ypkhhrn8rctcyDxYtoMhf7W89v1havEgWTx6o= user-name-format without-domain nas-ip 10.176.89.100 # domain all-802.1x authentication lan-access radius-scheme all-802.1x authorization lan-access radius-scheme all-802.1x accounting lan-access radius-scheme all-802.1x # domain bianfeng-macauth authentication lan-access radius-scheme bianfeng-macauth authorization lan-access radius-scheme bianfeng-macauth accounting lan-access radius-scheme bianfeng-macauth # domain system # domain default enable system # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description tftp rule 1 permit command tftp * put * * rule 2 permit command save # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group system # local-user admin class manage password hash $h$6$KlCqgz9Js12ar19T$jnymF7b3Clih4RvnRm6Nd3zSPMr01SFlkud12gxxaaEUPqGm4/4At+ZEQeS7UjPxCxy6uKo5Ou19c/Cgo55SIg== service-type ssh http https authorization-attribute user-role 15 authorization-attribute user-role network-admin authorization-attribute user-role network-operator # local-user admn class manage authorization-attribute user-role network-operator # local-user ak class manage password hash $h$6$0wTMop4jFv/2zIsj$voSzjk/2YSYyQmPMhlRtoyaj7DcqeElvDrnJg4M6dg/UOoVQfTv5LOr36Fme7A+zu0vngaaO8xVo+tPqWDX4/g== service-type telnet terminal http https authorization-attribute user-role network-admin authorization-attribute user-role network-operator # local-user hzak class manage password hash $h$6$eKyoz8Fmi42OVwov$6KKTmmnopG6wAIFS2b1esK3nbVJfVOcO/4QT4xqd0Pesc4y6KZKHjFN4V/gpnh3xZmS4cZT+p55WTJ/6tbh6hA== authorization-attribute user-role network-admin authorization-attribute user-role network-operator # local-user hzhd class manage password hash $h$6$CxS8DzZLLTVWINSg$lP9Ivfs6HKeJbQZnsozmBafUWg1WgZO6myG5Kg5dVjWJI2ht3Q6TXAEWRR7qPuU8CKe0fXnmjoqU23vZ5ttXIQ== service-type http https authorization-attribute user-role network-admin authorization-attribute user-role network-operator # local-user tftp class manage password hash $h$6$NJR+zvqxjQNry3ex$ZOnG9z/CAib6gFU8J4loKp0dCzrwiBZntscKVLDn8yihmhinrEWrO5KKL9DV7tfDBe4oeTlHloFnJksJgkIEig== service-type ssh authorization-attribute user-role level-3 authorization-attribute user-role network-operator # local-user u class manage authorization-attribute user-role network-operator # ip http acl 2000 ip https acl 2000 ip http enable ip https enable # smartmc tm username admin password cipher $c$3$MnXcUNR38qNgH6GqYsUGxt2GVDoqrFc6 enable # wlan auto-ap enable wlan auto-persistent enable # wlan ap-group default-group retransmit-count 4 provision auto-recovery disable provision auto-update enable vlan 1 rrop anti-bmc protocol ipv6 deny ap-model WA4320-ACN-C radio 1 rate mandatory 12 24 rate supported 18 36 48 54 rate disabled 6 9 radio enable option client fast-forwarding enable level 2 service-template office radio 2 rate mandatory 11 rate supported 12 18 24 36 48 54 rate disabled 1 2 5.5 6 9 radio enable option client fast-forwarding enable level 2 service-template office gigabitethernet 1 ap-model WA5530 radio 1 rate mandatory 12 24 rate supported 18 36 48 54 rate disabled 6 9 radio enable option client fast-forwarding enable level 2 service-template office radio 2 rate mandatory 12 24 rate supported 18 36 48 54 rate disabled 6 9 radio enable service-template office radio 3 rate mandatory 11 rate supported 9 12 18 24 36 48 54 rate disabled 1 2 5.5 6 radio enable option client fast-forwarding enable level 2 service-template office gigabitethernet 1 gigabitethernet 2 ap-model WTU430-EI radio 1 rate mandatory 12 24 rate supported 18 36 48 54 rate disabled 6 9 radio enable option client fast-forwarding enable level 2 service-template office radio 2 rate mandatory 11 rate supported 12 18 24 36 48 54 rate disabled 1 2 5.5 6 9 radio enable option client fast-forwarding enable level 2 service-template office gigabitethernet 1 gigabitethernet 2 gigabitethernet 3 # wlan ap CB200250 model WA4320-ACN-SI serial-id 219801A0T78178E00661 vlan 1 radio 1 service-template office radio 2 service-template office gigabitethernet 1 # wlan ap CB200259 model WT1020 serial-id 219801A0TA9179Q00094 # wlan ap CB200262 model WA5530 serial-id 219801A0YF9179G004SR vlan 1 radio 1 service-template office radio 2 service-template office radio 3 service-template office gigabitethernet 1 gigabitethernet 2 # wlan ap CB200270 model WA5530 serial-id 219801A0YF9179G004WH vlan 1 radio 1 service-template office radio 2 service-template office radio 3 service-template office gigabitethernet 1 gigabitethernet 2 # wlan ap CB200276_wtu430 model WTU430-EI serial-id 219801A1BV9178Q31337 vlan 1 radio 1 service-template office radio 2 service-template office gigabitethernet 1 gigabitethernet 2 gigabitethernet 3 # wlan ap CB200279_wtu430 model WTU430-EI serial-id 219801A1BV9178Q31604 vlan 1 radio 1 service-template office radio 2 service-template office gigabitethernet 1 gigabitethernet 2 gigabitethernet 3 # wlan ap CB200292_wtu430 model WTU430-EI serial-id 219801A1BV9178Q31623 vlan 1 radio 1 service-template office radio 2 service-template office gigabitethernet 1 gigabitethernet 2 gigabitethernet 3
太乱了,直接回答问题 上配置吧
查看这连个配置的命令是哪个 我去截图
ip http acl 2000 ip https acl 2000
把这俩命令删除
acl number 2000 description sshmanager rule 1 permit source 10.245.89.0 0.0.0.255 rule 2 permit source 192.168.142.27 0 rule 5 permit source 10.245.96.0 0.0.0.255 rule 10 permit source 10.176.89.0 0.0.0.255 rule 11 permit source 10.176.104.21 0 rule 20 deny
这意思是不是只有后面的地址能够访问
是的
什么命令能够让我加上去一条
进到acl 2000里,rule 继续添加