cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10847
Views
0
Helpful
42
Replies

Can't Access 3650 Web Panel (but works on CLI)

BashedRoot
Level 2
Level 2

Strange issue here. I have 2 x 3650 switches both running Version 3.76. Web interface shows fine, but cannot log into switch #1.

I've had no issues accessing the panels via web on both switches, saved my passwords locally in Roboform too. Suddenly, my login is not working for switch #1, but works fine on switch #2. I'm baffled.

How do I correct this?

I checked the user/pw in show run

enable secret 5 ********
enable password ********
42 Replies 42

BashedRoot
Level 2
Level 2

Old topic but having a hard time again, please assist. Thank you.

Hello,

 

are you using http or https for web GUI access ?

Try and zeroize the crypto key and then regenerate it:

 

crypto key zeroize rsa

 

crypto key generate rsa

 

Carlos Villagran
Cisco Employee
Cisco Employee
Hi!

It seems you might be hitting:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd82988/?referring_site=bugquickviewredir

Right now you can downgrade to release 03.06.06E or upgrade to 16.6.1

Please let me know if you have any other question or concern.

Thank you!

At this point I'm simply trying to reset / change the enable password. It worked on switch #2, but primary switch #1 is not working for whatever reason, despite showing the change in show run output.

 

I ran:

conf t
enable password <my pw>
end
wr

Same thing worked on second switch, but not primary. Odd. Primary shows this in show run:

 

enable secret 5 $1$Df4Gxxxxxxxxx
enable password TLNs@xxxxxxxxx

Further tracing, odd issues:

 

So this is what it says on switch #1

Cisco3650>en
Password: 
Password: 
Password: 
% Bad secrets

It says the same thing on switch #2 only when attempting to log in via VPN (IP is already whitelisted) but works fine directly to switch #2. Makes no sense. Using same new password.

Hello,

 

with both enable secret and enable password set, it will use the enable secret first. Is that what you are using at the prompt ?

As far as I can remember (login info is stored in Secure CRT software) I use the enable password. How do I fix/reset the secret pw then?

Hello,

 

to avoid confusion, here s an example:

 

If you have the enable secret set globally:

 

enable secret 5 $1$/GLc$TBZdaH5BrhQZ1KmJuVt.K.

 

set up the local account like this:


username admin privilege 15 password 7 03295A0C074E76196C590A

 

and NOT like this:


username admin privilege 15 secret 5 $1$6ABu$IgTj1t6RS0oQXsRh0FuhD1

 

Thanks, but doesn't seem to be working for me.

 

Cisco3650(config)#username myusername privilege 15 password TLNxxxxxxxxxxx
ERROR: Can not have both a user password and a user secret.
Please choose one or the other.

I don't use "admin" as username to clarify.

Delete the user secret first...

 

Can you post the full config of your switch ?

How do I delete the user secret? Sorry never done that before. What's the command?

 

Not comfortable posting entire config but here's the necessary portion I would deem sufficient:

 

Cisco3650#show run
Building configuration...

Current configuration : 26079 bytes
!
! Last configuration change at 11:24:26 EST Tue Oct 17 2017 by myusername
!
version 16.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service compress-config
no service password-recovery
no platform punt-keepalive disable-kernel-core
!
hostname Cisco3650
!
!
vrf definition Mgmt-vrf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
enable secret 5 $1$Df4Gxxxxxxxxxxx
enable password TLNsxxxxxxxxxxx
!
no aaa new-model
clock timezone EST -5 0
facility-alarm critical exceed-action shutdown
switch 1 provision ws-c3650-24ts
!
!
!
!
ip routing
!
!
!
ip name-server xxxxxxxxxxx.62 xxxxxxxxxxx.61

ip domain name companydomamain.com
!
!
!
!
!         
!
!
!
vtp mode transparent
!
!
crypto pki trustpoint HTTPS_SS_CERT_KEYPAIR
 enrollment selfsigned
 serial-number
 revocation-check none
 rsakeypair HTTPS_SS_CERT_KEYPAIR

Hello,

 

delete both enable secret and enable password as below:

 

3650#conf t

3650(config)#no enable secret

3650(config)#no enable password

Then set a username and password...

This is strange, still not working.

 

 

Cisco3650#conf t  
Enter configuration commands, one per line.  End with CNTL/Z.
Cisco3650(config)#no enable secret
Cisco3650(config)#no enable password
Cisco3650(config)#username myusername privilege 15 password TLNsxxxxxxxxxxxx
ERROR: Can not have both a user password and a user secret.
Please choose one or the other.
Cisco3650(config)#end
Cisco3650#wr
Building configuration...
Compressed configuration from 24257 bytes to 8769 bytes[OK]
Cisco3650#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Cisco3650(config)#username myusername privilege 15 password TLNsxxxxxxxxxxxx
ERROR: Can not have both a user password and a user secret.
Please choose one or the other.

 

Odd indeed...

 

Can you reload the switch ?

Review Cisco Networking for a $25 gift card