Solved: try to enable BOTH http and

CHARALAMPOS TRIANTAFYLLIDIS · ‎10-16-2015

Our datacenter employs many Catalyst switches and so far we have used Cisco Network Assistant in order to manage them.

Out latest addition has been 2x SG200-28 switches, however I can't get the SG's to work with latest CNA 6.2, even though they are supported from CNA version 6.1 and onward... I get to the username/password credentials screen in CNA, however CNA keeps asking me about the credentials every time after I type them in... What do you think could be wrong??

CNA has been working great so far with Catalyst switches..

CHARALAMPOS TRIANTAFYLLIDIS · ‎07-08-2016

Finally we've solved it!

The device's password included the character "#", which is not supported on CNA! After we removed the character off the password, it connected immediately :\

Anyway, thank you very much for your recommendations.

I hope this post helps anyone struggling.

View solution in original post

Michal Bruncko · ‎10-20-2015

try to enable BOTH http and https services on SG200 units. This helped in my configuration for same units.

CHARALAMPOS TRIANTAFYLLIDIS · ‎10-22-2015

I have tried this already, no luck... I found a post about the same issue about 1 year ago with SG300 and CNA, but was fixed with a firmware upgrade.

That's weird, I already flashed the latest firmware (1.4.1.3 at this time) and I still get the error in system log:

%HTTP_HTTPS-W-WEBWARNING: viaGetSecurityHandler:credentials expected to be encrypted, aggregated (1)

I tried putting in the encrypted (hashed) password that I copied from running-config, still I get the error above.

HTTPS login also gives me SSL handshake process failure.. :(

Michal Bruncko · ‎10-22-2015

that warning seems to be ok. I have exactly same for my working connectivity:

19-Oct-2015 15:29:10 :%HTTP_HTTPS-W-WEBWARNING: viaGetSecurityHandler:credentials expected to be encrypted, aggregated (2)
19-Oct-2015 15:29:10 :%AAA-I-CONNECT: New https connection for user blablabla, source 192.168.15.50 destination 192.168.16.40 ACCEPTED, aggregated (2)

> HTTPS login also gives me SSL handshake process failure

this is interesting. as you can see from my log above CNA logged to switch via HTTPS connection. but it not works for you because you get SSL handshake error.

are you use some customized SSL certificate on switch?
if so, could you try to use self-signed certificate generated on switch directly?
the best would be to create packet capture from client machine to see SSL handshake process to identify what exact issue breaks connectivity

CHARALAMPOS TRIANTAFYLLIDIS · ‎10-23-2015

Can I ask you which firmware version you are using on your SGs?

are you use some customized SSL certificate on switch?

No, I haven't configured anything related to the SSL certificate.

if so, could you try to use self-signed certificate generated on switch directly?

I am using the self-signed certificate, I also tried exporting it into a .crt file and import it as a Trusted CA but no luck..

the best would be to create packet capture from client machine to see SSL handshake process to identify what exact issue breaks connectivity

I will definitely try this way and post my results.

Michal Bruncko · ‎10-23-2015

> Can I ask you which firmware version you are using on your SGs?

Version 1.4.1.3

And in our case it is also self-signed certificate and works without importing it anywhere.

CHARALAMPOS TRIANTAFYLLIDIS · ‎07-08-2016

Finally we've solved it!

The device's password included the character "#", which is not supported on CNA! After we removed the character off the password, it connected immediately :\

Anyway, thank you very much for your recommendations.

I hope this post helps anyone struggling.

SG200 - Cisco Network Assistant 6.2 credential issues