Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
923
Views
0
Helpful
0
Replies

Nexus 9000 Fail to send out Call Home HTTP message.

cklepp0362
Level 1
Level 1

‎03-11-2022 09:14 AM

Wanted to share this so hopefully it helps other people out who may be having a similar issue.

 

We have 4 93180YC-FX switches that suddenly stopped being able to communicate with Cisco to renew their smart licensing authorizations.  This turns out to be due to a change in the CA's used by Cisco - see field notice 72115 for more info - https://www.cisco.com/c/en/us/support/docs/field-notices/721/fn72115.html.  There is an issue though if your switch only has layer 3 connectivity out to Cisco via the management interface and vrf.  The trustpool by default uses the default vrf to communicate with Cisco.

 

Fixed version is listed as 9.3(8), but if you cannot update to that version, this modification needs to be made to the trustpool policy if your switch only has layer 3 connectivity out to Cisco via the mgmt0 interface/management vrf:

 

switch# config t

switch(config)# crypto ca trustpool policy

switch(config-trustpool)# source-interface mgmt0

switch(config-trustpool)# vrf management

exit

exit

 

'show crypto ca trustpool policy' should now indicate the source-interface and vrf to be used to pull down the new CA bundle from Cisco. After doing this, and forcing a new import by disabling smart licensing and re-enabling it, the new CA bundle updated successfully and the switch registered successfully as well.

 

We had a TAC case open on this and we've asked them to update their information as well to reflect this situation.

 

Hope this helps someone out!

 

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents