Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
571
Views
0
Helpful
6
Replies

ISR1100 Certificate issue

Go to solution
murmucka
Level 1
Level 1

‎08-17-2023 07:22 AM - last edited on ‎08-17-2023 11:07 AM by Community Manager

Hi,

have a problem with

C1111-4P.

Installed with

17.11.1a


All RSA Keys are min 2048 bits strong. Anyway, also

crypto

engine complience shield disabled.

But after all reload SSH, and

http secure-server

doesnt works anymore, i need to

zeroize

all keys and re-generate them all. Also the

snmp

user will be removed automatically after the reload. 
Because all RSA keys are

2048+ strong

i dont have any warning mesage during the operation. Any idea, why

SSH and https + snmp

user will be destroyed after the reload? 

Thank you.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to murmucka

‎08-17-2023 08:00 AM - edited ‎08-17-2023 08:00 AM

Looks for me you lost the config due to config registry

can you post show version complete or change the config register as suggested above document.

Also when you reboot, post complete boot log here.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
6 Replies 6

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎08-17-2023 07:26 AM

i was thinking config may be not saved., check the reg option in show version

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
murmucka
Level 1
Level 1
In response to balaji.bandi

‎08-17-2023 07:29 AM - last edited on ‎08-17-2023 11:09 AM by Community Manager

hi it should be okay

Configuration register is

0x102
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to murmucka

‎08-17-2023 07:44 AM

check config regsiter for all routers :

https://www.cisco.com/c/en/us/support/docs/routers/10000-series-routers/50421-config-register-use.html

when you write config can you check running and startup comparing ? i am still thining some how config not writing.

Until any bugs reported 17.11 (not that i am aware)

But after all reload SSH, and http secure-server doesnt works anymore, i need to zeroize all keys and re-generate them all

how are you doing this config cosole ? or telnet ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
murmucka
Level 1
Level 1
In response to balaji.bandi

‎08-17-2023 07:49 AM - last edited on ‎08-17-2023 11:11 AM by Community Manager

ill do it then with console cable. After

zeroize

and re-generating

rsa

keys, and register

snmp

user again, works well, but only until the next reload. (or power loss, etc...)

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to murmucka

‎08-17-2023 08:00 AM - edited ‎08-17-2023 08:00 AM

Looks for me you lost the config due to config registry

can you post show version complete or change the config register as suggested above document.

Also when you reboot, post complete boot log here.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
murmucka
Level 1
Level 1
In response to balaji.bandi

‎08-17-2023 08:11 AM - last edited on ‎08-17-2023 11:11 AM by Community Manager

thanks. Changing confreg from

0x102 to 0x2102

helped. Now after reload everything fine

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card