cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
782
Views
5
Helpful
10
Replies
Highlighted
Beginner

3750-X Switch Ver 15.2 (4) E CNA Access Issue

I upgraded to IOS Version 15.2 (4) E on a 3750-X switch stack and I can no longer access the switch via the Cisco Network Assistant (CNA) via HTTPS/SSL.

I have a self signed cert and the following settings

no ip http server

ip http authentication aaa

ip http secure-server

Accessing the switch via https in IE 11 works fine.

Everyone's tags (1)
10 REPLIES 10
Highlighted
Advisor

Have you tried upgrading your

Have you tried upgrading your copy of CNA?

Highlighted
Beginner

I'm running the latest

I'm running the latest version 6.2

Highlighted
Advisor

Perhaps try enabling "ip http

Perhaps try enabling "ip http" and connecting over HTTP, and see if you can get the simpler configuraiton going first.

Highlighted
Beginner

Already did that and HTTP

Already did that and HTTP works fine... HTTPS does not work.

I get...

Unable to connect.

SSL handshake process failed. The secure connection through HTTPS could not be established.

I've uninstalled CNA and reinstalled it.

I'm using the self-signed cert that is automatically created.

Highlighted
Advisor

I'm going to guess that

I'm going to guess that something was disabled in the new switch code, like SSL3, or such like, and CNA still needs it.

Perhaps have a play with:

ip http secure-ciphersuite ...
Highlighted
Beginner

I'll loo at that

I'll loo at that

Highlighted
Beginner

I'm trying to do something

I'm trying to do something similar.  Any update on this? 

Highlighted
Beginner

I believe the issue is that

I believe the issue is that CNA needs to be updated

From...http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/15-2_4_e/releasenotes/rn-1524e-3750x3560x.html#pgfId-832031

CNA Compatibility

Cisco IOS 15.2(2)E will be supported in a future release of the Cisco Network Assistant.

Beginner

It seems that this issue is

It seems that this issue is pervasive across all manner of switches. I have 2960X and 3650 both cannot be managed without first enabling http server by changing

no ip http server

ip http secure-server

to

ip http server

ip http secure-server.

This is with CNA 6.3 and 15.2(2)E5 on 2960X. and 03.06.04.E on 3650.

Switch release notes state the following.

For Cisco IOS Release 15.2(2)E, CNA support is available on release version 5.8.9 and later.

Highlighted
Beginner

Have the same issue on 3850

Have the same issue on 3850 48 and 24 ports models.

HTTP works, not HTTPS in CNA

Both work in IE 11 

Latest IOS and CNA running....

CreatePlease to create content
Content for Community-Ad