11-01-2018 06:32 AM
I installed PRTG for network monitoring and later paused all sensors that try to connect with our SG300 switches after realizing it must have caused them to refuse https traffic but after 2 days I still cannot log into our switches to mange them. Any suggestions on how I can get in again?
11-01-2018 06:49 AM
Hi,
I never faced and don't believe that PRTG will make issue with HTTPS connection. The PRTG is not trying to login in your system, it is using https response sensor to monitor it. So your switch will not block any request.
Try with Telnet/SSH/Http login in the switch otherwise connect Console cable direct to your switch and login in it.
Regards,
Deepak Kumar
11-01-2018 01:39 PM
Thanks much Deepak for your reply. I am able to log into 2 of the switches via SSH - what command(s) would I need to run to get the web interface working again?
On one of the switches that SSH does not work, I connected a serial cable using a laptop and with Putty, using instructions from the link below. But I only get a blank empty window to open with no prompt for username or password. Any suggestions? https://sbkb.cisco.com/CiscoSB/GetArticle.aspx?docid=dc87a680f4534f0f8e67f9757987c111_Access_the_CLI_via_PuTTY_Using_a_Console_Connection_on_300_a.xml&pid=2&converted=0
11-01-2018 07:23 PM - edited 11-02-2018 06:08 AM
Hi,
The command for http and HTTPS is
IP http server
IP http secure-server (Edited)
And you mentioned that console cable is not working on one switch so try with below settings on console application putty
115200 (Default Baud Rate) means Speed option in putty.
Regards,
Deepak Kumar
11-02-2018 05:53 AM - edited 11-02-2018 05:54 AM
Thanks again Deepak. I got "Unrecognized command" when I entered "ip https server"
From another post I also tried:
switchfd1e39#configure terminal
switchfd1e39(config)#ip http secure-server
switchfd1e39(config)#end
..and did not get any errors but I still cannot connect via https or http.
Any other ideas on what I can try?
11-02-2018 06:07 AM - edited 11-02-2018 06:07 AM
Hi,
Sorry, it was my mistake. It must be "ip http secure-server" Please share running configuration. Are you getting ping reply from the switch?
Regards,
Deepak Kumar
11-02-2018 06:17 AM
Progress! I can now log in via http but still not https as I could before. I had to enter "configure terminal" though before the commands you mentioned worked.
From the web interface I went to Security->Management Access Auth->Application and checked "enable" for "Secure http" but still cannot connect via https.
Suggestions?
11-02-2018 06:20 AM
Hi,
How old is this switch? Any certificate expired? Share a full running configuration.
Regards,
Deepak Kumar
11-02-2018 06:35 AM
Switches are 4 years old. Certificates expired in 2015 but https has been working until recently. Think I read where self certs will auto generate the first time. Can I just delete the certs and then will they auto-generate again?
BTW, under Security>TCP/UDP Services https is checked.
How to I download a config file?
I found this command:
copy startup-config tftp://10.0.0.2/saved_cfg
Do I need to set up a tftp server someplace first and do it like that?
11-02-2018 06:42 AM
Hi,
OPEN putty software and login in the switch using SSH or telnet, Go on Putty Setting menu, Click on "Logging" submenu under the Session. Click on "All Session Output".
Under the "Log File Name" click on browse and give a file name and save on the desired location on your system and click on OK.
Now run the command " Show running-config"
Regards,
Deepak Kumar
11-02-2018 07:01 AM
Thanks Deepak. I have the config exported. Is there some way that I can PM it to you? Did not see an "Attach file" option when I went to PM you. Not sure it's a good idea to post it publicly.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide