Guest

Preview Tool

Cisco Bug: CSCuq37976 - ip http access-class denies full access to the GUI

Last Modified

Feb 03, 2017

Products (1)

  • Cisco IOS

Known Affected Releases

10.2(1.118)

Description (partial)

Symptom:
Customer is having an issue of his GUI not showing him certain information and not saving his changes.

Conditions:
The issue seems to in response to the ip http access-class X command.  Unless the access list is set to permit any then the above problems will occur.   Even if the access list is set to permit a valid IP address it still has the above problems.

Customer's IP address 172.16.8.82.

~THIS FAILS~
ip http access-class 7

Switch(config)#access-list 7 permit 172.0.0.0 0.255.255.255 log
Switch(config)#do show acc 7
Standard IP access list 7
    10 permit 172.0.0.0, wildcard bits 0.255.255.255 log

Aug 13 12:13:07.370 edt: %SEC-6-IPACCESSLOGS: list 7 permitted 172.16.8.82 27 packets


~THIS WORKS~
ip http access-class 6

Switch(config)#access-list 6 permit any log
Switch(config)#do show acc 6
Standard IP access list 6
    10 permit any log


Aug 13 12:10:19.114 edt: %SEC-6-IPACCESSLOGS: list 6 permitted 172.16.8.82 49 packets



As you can see the access list is getting hit with the same IP address.

~Other Configs~
username cisco1 privilege 15 password 7 121A0C0411045D
aaa new-model
aaa local authentication default authorization default
aaa authentication login default local
aaa authorization console
aaa authorization exec default local



Switch(config)#do show run all | inc ip http
ip http server
ip http port 80
ip http access-class 7
ip http authentication local
ip http secure-server
ip http secure-port 443
ip http secure-active-session-modules all
ip http max-connections 50
ip http timeout-policy idle 180 life 180 requests 25
ip http active-session-modules all
ip http client cache memory pool 100
ip http client cache memory file 2
ip http client cache ager interval 5
ip http client connection timeout 10
ip http client connection retry 1
ip http client connection idle timeout 30
ip http client response timeout 30
ip http path webui:/express
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.