Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1146
Views
0
Helpful
5
Replies

Enabling HTTPS while SSH is enabled

TGF_Cisco
Level 1
Level 1

‎04-27-2012 05:44 AM

Hello

I have enabled SSH on my 3750 switches and notice that https is not working. Iam not sure they are related but seems to be oddly coincidental.

Therefore find it diffficult to monitor using CNA 5.7.6.

configs are given below     

gvadc-sf01#sh run | i ip http

ip http server

ip http access-class 11

ip http secure-server

            

From my machine, i should normally have access to https running on the switch but isnt the case..

Do I need to generate a new crypto key separately for https?

Thanks for helping out on this..

Labels:
0 Helpful
5 Replies 5

TGF_Cisco
Level 1
Level 1

‎04-27-2012 05:49 AM

Snapshot from the switch that secure server is enable

A1#show ip http server sec st

A1#show ip http server sec status

HTTP secure server status: Enabled

HTTP secure server port: 443

HTTP secure server ciphersuite: 3des-ede-cbc-sha des-cbc-sha rc4-128-md5 rc4-128-sha

HTTP secure server client authentication: Disabled

HTTP secure server trustpoint:

HTTP secure server active session modules: ALL

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to TGF_Cisco

‎04-29-2012 06:34 PM

The original post contains this line

ip http access-class 11

which says that access to http in controlled by access list 11. So what is in access list 11? And particularly is the address of your machine included in a permit in access list 11?

HTH

Rick

HTH

Rick
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to TGF_Cisco

‎04-30-2012 07:51 AM

You should specify an authentication method for http(s). e.g., "ip http server authentication local"

0 Helpful

TGF_Cisco
Level 1
Level 1
In response to Marvin Rhoads

‎05-07-2012 06:40 AM

Hi

It worked on the server farm devices bt i am unable to discover the core and the distribution devices.

in the topology the core devices are seen but when i add them to the community , it fails.

Attached is the snapshot.

and the devices are reachable from the server

ping 172.19.26.252

Pinging 172.19.26.252 with 32 bytes of data:
Reply from 172.19.26.252: bytes=32 time=1ms TTL=255
Reply from 172.19.26.252: bytes=32 time=2ms TTL=255
Reply from 172.19.26.252: bytes=32 time=2ms TTL=255

Ping statistics for 172.19.26.252:
    Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 2ms, Average = 1ms
Control-C
^C

I guess it is trying to connect on this IP address and pings fine.. but the moment i try to discover it fails. It could successfully discover the other devices but not the core and the distribution devices

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to TGF_Cisco

‎05-07-2012 07:24 AM

Cisco says "unable to connect" to cover any communications or authentication issue. Have you checked the actual packets with, say Wireshark, to see what's going on? I would suggest looking for and verifying that the SNMP community string matches.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents