04-07-2013 03:41 AM - edited 03-01-2019 07:18 AM
Hello Gents
Cisco Nexus 5000 Series NX-OS Layer 2 Switching Configuration Guide, Release 5.1(3)N1(1) VM-FEX configuration article lists Step 6 as part of configuration procedure:
Step 6 Switch and vCenter: Install XML certificate from switch to vCenter.
a) Switch: Enable HTTP using the feature http command in config mode.
b) From a web browser, access the IP address of the switch and download the displayed XML certificate.
c) Switch: Disable HTTP using the no feature http command in config mode.
d) vCenter: Install the XML certificate plugin.
But enabling feature http-server doesnt enable http-server on switch: switch refuses http connections and if U check with command "sho feature | i http-serv" U will see 2 entries with http-server feature with one of them in disabled state.
Q is how enable http-server on switch (N5548UP) or is there other way to get the XML certificate from the switch?
Thank U
Solved! Go to Solution.
04-07-2013 04:18 AM
Hi,
What do you see if you execute the show http-server command? Does it still show as enabled?
I just checked my switch here and I don't see two http-server entries, but I've noticed that connections are refused unless I connect to the IP address of the management interface, mgmt 0. If I try to connect to the IP address of any other interface I also see the connections refused.
Are you able to connect to the IP address assigned to the management interface and see if that works OK?
Regards
04-07-2013 04:18 AM
Hi,
What do you see if you execute the show http-server command? Does it still show as enabled?
I just checked my switch here and I don't see two http-server entries, but I've noticed that connections are refused unless I connect to the IP address of the management interface, mgmt 0. If I try to connect to the IP address of any other interface I also see the connections refused.
Are you able to connect to the IP address assigned to the management interface and see if that works OK?
Regards
04-07-2013 09:22 PM
Yes, it (sho http-server) pretty shows http-server is enabled.
I also didn't try http access via mgmt0. Will check today. After a lot of thoughts I believe XML certificate can be found somewhere in file system.
04-08-2013 12:53 AM
Many thanks to Steve, using mgmt I downloaded xml-files.
Now only one of them can be registered in Plug-in Manager of vCenter. I believe it's due the fact taht N5K's are already assembled in VPC-domain. Is it critical to have both XML-certificate installed in vCenter?
04-08-2013 03:48 AM
Hi,
I'm not sure whether both switches will have to be registered in vCenter as I've not setup VM-FEX.
It seems strange though that vPC would be the reason that only one certificate can be installed. In my mind the two switches are both independent apart from using a common LAG ID such that any downstream device connected via a port-channel sees both switches as a single entity.
Are the XML certificates that are exported from both switches exactly the same?
Regards
04-08-2013 05:33 AM
Pretty the same. svs connection is set up as expected thought. I have read in N5K-ops-VM-FEX that "The extension key is synchronized by the primary vPC member to the secondary vPC memeber. You can verify that the extension key is the same on both peers by using the show svs connection command." And yes, theay are. I try to move forward with VM-FEX.
Thank U Steve.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide