04-27-2012 05:44 AM
Hello
I have enabled SSH on my 3750 switches and notice that https is not working. Iam not sure they are related but seems to be oddly coincidental.
Therefore find it diffficult to monitor using CNA 5.7.6.
configs are given below
gvadc-sf01#sh run | i ip http
ip http server
ip http access-class 11
ip http secure-server
From my machine, i should normally have access to https running on the switch but isnt the case..
Do I need to generate a new crypto key separately for https?
Thanks for helping out on this..
04-27-2012 05:49 AM
Snapshot from the switch that secure server is enable
A1#show ip http server sec st
A1#show ip http server sec status
HTTP secure server status: Enabled
HTTP secure server port: 443
HTTP secure server ciphersuite: 3des-ede-cbc-sha des-cbc-sha rc4-128-md5 rc4-128-sha
HTTP secure server client authentication: Disabled
HTTP secure server trustpoint:
HTTP secure server active session modules: ALL
04-29-2012 06:34 PM
The original post contains this line
ip http access-class 11
which says that access to http in controlled by access list 11. So what is in access list 11? And particularly is the address of your machine included in a permit in access list 11?
HTH
Rick
04-30-2012 07:51 AM
You should specify an authentication method for http(s). e.g., "ip http server authentication local"
05-07-2012 06:40 AM
Hi
It worked on the server farm devices bt i am unable to discover the core and the distribution devices.
in the topology the core devices are seen but when i add them to the community , it fails.
Attached is the snapshot.
and the devices are reachable from the server
ping 172.19.26.252
Pinging 172.19.26.252 with 32 bytes of data:
Reply from 172.19.26.252: bytes=32 time=1ms TTL=255
Reply from 172.19.26.252: bytes=32 time=2ms TTL=255
Reply from 172.19.26.252: bytes=32 time=2ms TTL=255
Ping statistics for 172.19.26.252:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 2ms, Average = 1ms
Control-C
^C
I guess it is trying to connect on this IP address and pings fine.. but the moment i try to discover it fails. It could successfully discover the other devices but not the core and the distribution devices
05-07-2012 07:24 AM
Cisco says "unable to connect" to cover any communications or authentication issue. Have you checked the actual packets with, say Wireshark, to see what's going on? I would suggest looking for and verifying that the SNMP community string matches.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: