cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8727
Views
10
Helpful
23
Replies

SSH & HTTPS issue on Firepower 4100 chassis management interface

Happy_Trooper
Level 1
Level 1

Hello,

I am facing an issue with SSH/HTTPS management access on a Firepower 4100.  After un-boxing the device, I consoled in and ran through the initial setup.  I assigned the IP, subnet, hostname, default gateway, and IP blocks on the interface.  I am able to ping the chassis mgmt interface from a laptop on the same subnet.  From my laptop, I use putty to SSH in, I get a response, but using the same credentials that work for console access, it says access denied.  I can confirm that my IP is in the IP block list on the private subnet of: 10.200.1.x/24.
2019-11-21_1710_001.png

2019-11-22_1529.png

 

When I attempt to access the 4100 via https, I get the login page, but my credentials that work for console access, do not work for web access:
2019-11-21_1710.png

The only network connectivity that I have to the appliance is to the chassis mgmt port.  I simply want SSH and/or HTTPS access.  I tried creating a 2nd admin user.  I have the same issue with that account.


Is there something simple that I am missing to SSH/HTTPS into the chassis management port?  I'm on version 2.4(1.101).  I have followed the Cisco Firepower 4100 Quick Start Guide.  According to the doc, after the initial configuration, one should be able to SSH in to the appliance.

 

Many thanks for your assistance.

1 Accepted Solution

Accepted Solutions

Is it possible that somebody else has a different device in the lab using the same IP address?

View solution in original post

23 Replies 23

nspasov
Cisco Employee
Cisco Employee

Hmm, this is strange. I was going to ask if had the ssh/http services enabled (Scope system > scope services > enable ssh/http) but if you are getting a login prompt then those must be running. However, one thing that seems odd here is the GUI login screen that you have in your screenshot. This does look like the FXOS login prompt nor the error message that you would get if your authentication fails. Can you please confirm that you are trying to get to the chassis (FXOS) and not FTD (The application running on the chassis)?

Thank you for rating helpful posts!

Hello,

Thank you for your response.  The screenshot in my previous post, showing the failed web login, was from going to the management IP: https: //10.200.1.210

I have the devices in a simple configuration, as noted below:

2019-11-23_0846.png

The only network cable connected to the FPR-4110 is to the management port.  The remaining ports do not have any SFPs or connections.  It looks just like the picture below.

2019-11-23_0848.png

I have a 2nd unit with the same issue.  Perhaps it is user error.  I have followed the getting started guide, setup the necessary address, subnet, IP block, gateway.  Can ping the devices, SSH/HTTPS responds, but does not accept my credentials.  If I am connected via console cable, I CAN SSH to the managment IP successfully.  But I cannot SSH/HTTPS through a network connection.  


Is there a feature that needs to be enabled?  HTTP and SSH have been set to enabled.  Is there a license that needs to be applied?  Is 2.4 buggy with this?

 

Many thanks for your time and assistance.

Is it possible that somebody else has a different device in the lab using the same IP address?

Thank you all for your assistance.  I'm going to head over to Networking 101 class :(  It was an IP conflict.  

Hey, don't feel bad as this happens more often than not. We, tech people, tend to miss the most basic/easy things when troubleshooting as we get smarter and more knowledgeable. It is very common :) Plus, it did not help that the login prompt for the other device also happens to be Cisco.

Thank you for rating helpful posts! 

No worries - the reason I came up with the answer is because I've made same error once or twice in my long career. :)

I think Marvin was thinking what I was thinking. I would recommend connecting your PC directly to the mgmt interface and give it an IP address from the same subnet and then try again. The FXOS GUI Login screen should look like this:

https://www.google.com/search?q=firepower+chassis+manager+login&sxsrf=ACYBGNRqfIdruhX0M2FkunU8GMkOvAuVAQ:1574664179204&source=lnms&tbm=isch&sa=X&ved=2ahUKEwjlxKqY4YTmAhV3JzQIHfdrApQQ_AUoAnoECAwQBA&biw=1440&bih=717#imgrc=z-q2yv-jbvfpdM:

Thank you for rating helpful posts!

Mohammad Alhyari
Cisco Employee
Cisco Employee

Right click on that page and check the source :) 

see what is actually is there....

Hello 

 

Please Help me to resolve this problem

 

I use erase configuration on my FPR 4110 and after I can't access to FTD and when I try different procedure I stop on this step with this error

 

Error: Update failed: [App Instance cannot be started. Please provision LogicalDevice before starting application.]

 

Regards.

@mnice 

If you have erased the configuration at the chassis level then you need to start over with provisioning a logical device again as the message indicates.

Hello marvin

 

Thank you sof much for your return

 

Provisioning a logical device means to allocate resources such as cpu disk and ram by creating a profile resource.?

 

Regards.

Hello Marvin

 

When I tried to allocate resources through the cli because the HTTPS access not work, I got this message

 

Error: Update failed: [Specified in CSP image header, FTD application does not support dynamic resources allocation.]

 

Regards.

Hello marvin

 

Thank you for your return

 

The problem is , I have only Cli access I can't connect to the chassis in HTTPS it connects once at startup after it displays me incorrect user and password after impossible to restart the page.

 

Is there an access list problem ???  knowing that I didn't configure the IP-Block.

 

Thank you for helping me marvin .

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: