Building network automation solutions

9 module online course

Start now!

Multilevel web (HTTP) access to a router

In some scenarios you want to use true username/password authentication when accessing the router's web server (by default, you have to use enable password). To change the HTTP authentication method, use the ip http authentication local configuration command; it tells the router to use local usernames and passwords when authentication web requests.

Before changing the HTTP authentication, you must define local usernames with the username username privilege-level level password password command, for example:
username guest privilege 1 password 0 guest
username admin privilege 15 password 0 admin
Note: unless you configure service password-encryption, the passwords in your configuration will remain in cleartext.

The last bit of the puzzle is the correct formation of the URLs: when executing a command on the router through a URL, you have to specify the required privilege level (the router will then prompt you for a username/password with at least that privilege level). The URL syntax is http://router/level/privilege-level/exec/command. For example, to execute non-privileged (level-1) show users command, use the following URL:
http://router/level/1/exec/show/users/CR
Note: the /CR suffix at the end of the URL tells the router to execute a command that contains optional (non-present) parameters.

We migrated our blog a few days ago, and the commenting functionality is not there yet. In the meantime please find our content on LinkedIn and comment there.

Sidebar