cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

252
Views
5
Helpful
8
Replies
Beginner

SSH & HTTPS issue on Firepower 4100 chassis management interface

Hello,

I am facing an issue with SSH/HTTPS management access on a Firepower 4100.  After un-boxing the device, I consoled in and ran through the initial setup.  I assigned the IP, subnet, hostname, default gateway, and IP blocks on the interface.  I am able to ping the chassis mgmt interface from a laptop on the same subnet.  From my laptop, I use putty to SSH in, I get a response, but using the same credentials that work for console access, it says access denied.  I can confirm that my IP is in the IP block list on the private subnet of: 10.200.1.x/24.
2019-11-21_1710_001.png

2019-11-22_1529.png

 

When I attempt to access the 4100 via https, I get the login page, but my credentials that work for console access, do not work for web access:
2019-11-21_1710.png

The only network connectivity that I have to the appliance is to the chassis mgmt port.  I simply want SSH and/or HTTPS access.  I tried creating a 2nd admin user.  I have the same issue with that account.


Is there something simple that I am missing to SSH/HTTPS into the chassis management port?  I'm on version 2.4(1.101).  I have followed the Cisco Firepower 4100 Quick Start Guide.  According to the doc, after the initial configuration, one should be able to SSH in to the appliance.

 

Many thanks for your assistance.

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Guru

Re: SSH & HTTPS issue on Firepower 4100 chassis management interface

Is it possible that somebody else has a different device in the lab using the same IP address?

View solution in original post

8 REPLIES 8
Cisco Employee

Re: SSH & HTTPS issue on Firepower 4100 chassis management interface

Hmm, this is strange. I was going to ask if had the ssh/http services enabled (Scope system > scope services > enable ssh/http) but if you are getting a login prompt then those must be running. However, one thing that seems odd here is the GUI login screen that you have in your screenshot. This does look like the FXOS login prompt nor the error message that you would get if your authentication fails. Can you please confirm that you are trying to get to the chassis (FXOS) and not FTD (The application running on the chassis)?

Thank you for rating helpful posts!

Beginner

Re: SSH & HTTPS issue on Firepower 4100 chassis management interface

Hello,

Thank you for your response.  The screenshot in my previous post, showing the failed web login, was from going to the management IP: https: //10.200.1.210

I have the devices in a simple configuration, as noted below:

2019-11-23_0846.png

The only network cable connected to the FPR-4110 is to the management port.  The remaining ports do not have any SFPs or connections.  It looks just like the picture below.

2019-11-23_0848.png

I have a 2nd unit with the same issue.  Perhaps it is user error.  I have followed the getting started guide, setup the necessary address, subnet, IP block, gateway.  Can ping the devices, SSH/HTTPS responds, but does not accept my credentials.  If I am connected via console cable, I CAN SSH to the managment IP successfully.  But I cannot SSH/HTTPS through a network connection.  


Is there a feature that needs to be enabled?  HTTP and SSH have been set to enabled.  Is there a license that needs to be applied?  Is 2.4 buggy with this?

 

Many thanks for your time and assistance.

Hall of Fame Guru

Re: SSH & HTTPS issue on Firepower 4100 chassis management interface

Is it possible that somebody else has a different device in the lab using the same IP address?

View solution in original post

Beginner

Re: SSH & HTTPS issue on Firepower 4100 chassis management interface

Thank you all for your assistance.  I'm going to head over to Networking 101 class :(  It was an IP conflict.  

Cisco Employee

Re: SSH & HTTPS issue on Firepower 4100 chassis management interface

Hey, don't feel bad as this happens more often than not. We, tech people, tend to miss the most basic/easy things when troubleshooting as we get smarter and more knowledgeable. It is very common :) Plus, it did not help that the login prompt for the other device also happens to be Cisco.

Thank you for rating helpful posts! 

Highlighted
Hall of Fame Guru

Re: SSH & HTTPS issue on Firepower 4100 chassis management interface

No worries - the reason I came up with the answer is because I've made same error once or twice in my long career. :)

Cisco Employee

Re: SSH & HTTPS issue on Firepower 4100 chassis management interface

I think Marvin was thinking what I was thinking. I would recommend connecting your PC directly to the mgmt interface and give it an IP address from the same subnet and then try again. The FXOS GUI Login screen should look like this:

https://www.google.com/search?q=firepower+chassis+manager+login&sxsrf=ACYBGNRqfIdruhX0M2FkunU8GMkOvAuVAQ:1574664179204&source=lnms&tbm=isch&sa=X&ved=2ahUKEwjlxKqY4YTmAhV3JzQIHfdrApQQ_AUoAnoECAwQBA&biw=1440&bih=717#imgrc=z-q2yv-jbvfpdM:

Thank you for rating helpful posts!

Cisco Employee

Re: SSH & HTTPS issue on Firepower 4100 chassis management interface

Right click on that page and check the source :) 

see what is actually is there....

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here