12-15-2022 04:10 PM
Again, an old issue where I did not find a solution when searching in the community.
FP 1120 is not able to access Cisco's smart licensing server.
Here is my configuration:
> show network
===============[ System Information ]===============
Hostname : zzz
Domains : xxx.yyy.com
DNS Servers : 192.168.2.25
Management port : 8305
IPv4 Default route
Gateway : 192.168.2.6
Netmask : 0.0.0.0
==================[ management0 ]===================
State : Enabled
Link : Up
Channels : Management & Events
Mode : Non-Autonegotiation
MDI/MDIX : Auto/MDIX
MTU : 1500
MAC Address : 68:87:C6:71:9C:00
----------------------[ IPv4 ]----------------------
Configuration : Manual
Address : 192.168.2.19
Netmask : 255.255.255.0
Gateway : 192.168.2.6
----------------------[ IPv6 ]----------------------
Configuration : Disabled
===============[ Proxy Information ]================
State : Disabled
Authentication : Disabled
> show interface ip brief
Interface IP-Address OK? Method Status Protocol
Internal-Data0/0 unassigned YES unset up up
Ethernet1/1 192.168.0.6 YES manual up up
Ethernet1/2 192.168.1.6 YES manual admin down down
Ethernet1/3 unassigned YES unset admin down down
Ethernet1/4 unassigned YES unset admin down down
Ethernet1/5 unassigned YES unset admin down down
Ethernet1/6 unassigned YES unset admin down down
Ethernet1/7 unassigned YES unset admin down down
Ethernet1/8 unassigned YES unset admin down down
Ethernet1/9 192.168.2.6 YES manual up up
Ethernet1/10 unassigned YES unset admin down down
Ethernet1/11 unassigned YES unset admin down down
Ethernet1/12 unassigned YES unset admin down down
Internal-Control1/1 unassigned YES unset up up
Internal-Data1/1 169.254.1.1 YES unset up up
Internal-Data1/2 unassigned YES unset up up
Management1/1 unassigned YES unset up up
> show route
Gateway of last resort is 192.168.0.1 to network 0.0.0.0
S* 0.0.0.0 0.0.0.0 [1/0] via 192.168.0.1, outside
C 192.168.0.0 255.255.255.0 is directly connected, outside
L 192.168.0.6 255.255.255.255 is directly connected, outside
C 192.168.2.0 255.255.255.0 is directly connected, inside
L 192.168.2.6 255.255.255.255 is directly connected, inside
> ping 192.168.2.25
Sending 5, 100-byte ICMP Echos to 192.168.2.25, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
> ping system 192.168.2.25
Command execution timed out. Please try again.
> ping 192.168.2.19
Sending 5, 100-byte ICMP Echos to 192.168.2.19, timeout is 2 seconds:
?????
Success rate is 0 percent (0/5)
> ping system 192.168.2.19
Command execution timed out. Please try again.
> ping google.com
Sending 5, 100-byte ICMP Echos to 142.251.143.78, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/22/30 ms
I also used 192.168.2.23 as an alternative gateway for the management interface, it did not work either (this is another way to the internet).
Does anybody has a clue how to fix this?
Thx,
Andreas
12-15-2022 08:20 PM
When your "ping system 192.168.2.25" failed, that indicates your configured name server (DNS) is not reachable from your management interface.
The management interface must have Internet connectivity, the ability to resolve Cisco's FQDNs and be able to reach them via https.
You must also have a relatively recent release or patch to account for Cisco having updated the Certificate Authority (CA) used by the licensing servers.
12-16-2022 02:43 PM
Well, the DNS server resolves FQDNs to IP addresses appropriately - but only through the data interface. As the internal DNS server is reachable through the data interface, I believe it is more or less a management port issue (configuration?). I have added a small picture showing the current environment.
12-16-2022 03:53 PM
Just a small enhancement:
> traceroute system 192.168.2.25
traceroute to 192.168.2.25 (192.168.2.25), 30 hops max, 60 byte packets
1 AKF206 (192.168.2.19) 2998.101 ms !H 2998.048 ms !H 2998.047 ms !H
> ping system 192.168.2.25
PING 192.168.2.25 (192.168.2.25) 56(84) bytes of data.
From 192.168.2.19 icmp_seq=1 Destination Host Unreachable
^C
--- 192.168.2.25 ping statistics ---
6 packets transmitted, 0 received, +1 errors, 100% packet loss, time 4999ms
pipe 4
> ping system 192.168.2.19
PING 192.168.2.19 (192.168.2.19) 56(84) bytes of data.
64 bytes from 192.168.2.19: icmp_seq=1 ttl=64 time=0.073 ms
64 bytes from 192.168.2.19: icmp_seq=2 ttl=64 time=0.055 ms
64 bytes from 192.168.2.19: icmp_seq=3 ttl=64 time=0.055 ms
^C
--- 192.168.2.19 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.055/0.061/0.073/0.008 ms
It seems that there is a path to the DNS server
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide