Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
299
Views
0
Helpful
1
Replies

Smart Lic via proxy server not sending Http traffic

EddyFonseca3815
Level 1
Level 1

‎09-25-2023 01:26 PM

Hello All

I have created a Proxy for the Smart Lic and I am testing this on a 9200 Switch.  I have enable the following command and waiting to see if they switch will send the Http request to the proxy server.  Since this is the only device I have set to send to this proxy I should only see this traffic but I am not.

I have used the steps notes in this url " https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9200/software/release/16-12/configuration_guide/sys_mgmt/b_1612_sys_mgmt_9200_cg/cisco_smart_licensing_client.html#concept_o2x_fvp_qgb " and I also have set the following commands

ip http client source-interface Vlan105

ip http client proxy-server 10.32.68.31 proxy-port 3128

call-home
contact-email-addr sch-smart-licensing@cisco.com

http-proxy "10.32.68.31" port 3128
profile "test-proxy-srv"
reporting smart-licensing-data
destination transport-method http
no destination transport-method email
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService

I have looked at the " show license eventlog " to see if there is a reason why I am not getting the traffic to flow via the proxy but

2023-09-25 13:28:06.840 CDT SAEVT_INIT_SYSTEM_INIT
2023-09-25 13:28:07.847 CDT SAEVT_INIT_CRYPTO success="False" error="Crypto Initialization has not been completed"
2023-09-25 13:28:37.847 CDT SAEVT_INIT_CRYPTO success="True"
2023-09-25 13:28:37.851 CDT SAEVT_COMM_RESTORED
2023-09-25 13:28:37.922 CDT SAEVT_INIT_COMPLETE
2023-09-25 13:29:32.982 CDT SAEVT_COMM_FAIL error="Unable to resolve server hostname/domain name"
2023-09-25 13:29:34.157 CDT SAEVT_UTILITY_REPORT_START
2023-09-25 13:29:37.848 CDT SAEVT_PRIVACY_CHANGED enabled="True"
2023-09-25 13:51:01.299 CDT SAEVT_CONFIG_PERSISTED

I am able to ping tools.cisco.com without issue but I do not see this traffic going to the out or am I missing something.

92K-CON6#ping tools.cisco.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 72.163.4.38, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/33/36 ms
92K-CON6#

If you can tell me what I could be missing or a command I need to run to ID the issue .

thank you

 

 

 

Labels:
0 Helpful
1 Reply 1

Greg Gibbs
Cisco Employee
Cisco Employee

‎09-25-2023 03:39 PM

This space is intended for questions related to NAC solutions like Cisco ISE.

This question would be better posted to the Switching space - https://community.cisco.com/t5/switching/bd-p/6016-discussions-lan-switching-routing

 

0 Helpful
Customers Also Viewed These Support Documents