Solved: Catalyst 9200L Cipher Mismatch

JamesEdmondsAspall · ‎06-25-2021

Hi,

I've just taken delivery of 4x Cisco Catalyst 9200L switches.

These are my first Cisco switches in about 8 years.

I am trying to connect to the web ui of one of these to start configuring it, however when doing so from IE, Edge or Firefox, I get an ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.

Can anyone help me determine why this issue exists on brand new switches?

Thanks

James

JamesEdmondsAspall · ‎06-29-2021

Thanks to everyone else for the help and advice.

Summary answer is;

Until you connect to the console and run through the basic switch setup, SSL configuration is not completed on the switch, causing the web interface to not load.

Once you connect to the console port and run through the basic setup, it will sort the SSL config and the webui will then load (albeit with a self signed cert error (to be expected)).

James

View solution in original post

balaji.bandi · ‎06-25-2021

what terminal client you using

get new Putty client and install and test it

Secure CRT

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

JamesEdmondsAspall · ‎06-25-2021

I'm trying to get to the webui!

balaji.bandi · ‎06-25-2021

Try different Browser, since its not valid SSL, you get that error,

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

JamesEdmondsAspall · ‎06-25-2021

Sorry, but if you re-read my post, you'll see I've already tried 3 browsers. All have the same issue.

balaji.bandi · ‎06-25-2021

I may have over looked the information : ( let me test myself again) mean time try below may work :

Do you have enabled on the browser - enable the TLSv1.1 & TLSv1.2

https://help.wheniwork.com/articles/enable-tls-v12-on-your-web-browser/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

JamesEdmondsAspall · ‎06-25-2021

Yes both 1.1 and 1.2 are enabled.

Leo Laohoo · ‎06-25-2021

Are you using a Win7 machine?

JamesEdmondsAspall · ‎06-28-2021

Windows 10

balaji.bandi · ‎06-25-2021

Do you have any other device ? (Pc) to test

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

marce1000 · ‎06-25-2021

- Try :

conf t
no crypto pki trustpoint TP-Self-Signed-xxxxxxxxxx
no ip http server
no ip http secure-server
ip http server
ip http secure-server
ip http authentication

This should regenerate a new self signed trustpoint

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

marce1000 · ‎06-25-2021

- Actually pre-pend the latter with : show run | inc crypto first

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

JamesEdmondsAspall · ‎06-28-2021

Is there a doc you can point me to advising how to set up one of these switches via Putty? I've skimmed the docs I've found for the 9200L, but they are dense and I couldn't find anything about CLI configuration.

Thanks

James

marce1000 · ‎06-28-2021

- https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9200/software/release/16-9/configuration_guide/sec/b_169_sec_9200_cg/configuring_secure_shell__ssh_.html

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

JamesEdmondsAspall · ‎06-28-2021

~~Is there a doc that precedes this?~~

~~I.e. one that tells me how to connect to the console/management interface for the very first time?~~

EDIT: Nevermind, think I found it.