cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
18331
Views
36
Helpful
20
Replies

Catalyst 9200L Cipher Mismatch

Hi,

 

I've just taken delivery of 4x Cisco Catalyst 9200L switches.

These are my first Cisco switches in about 8 years.

 

 

I am trying to connect to the web ui of one of these to start configuring it, however when doing so from IE, Edge or Firefox, I get an ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.

 

Can anyone help me determine why this issue exists on brand new switches?

 

Thanks

James

1 Accepted Solution

Accepted Solutions

Thanks to everyone else for the help and advice.

 

Summary answer is;

Until you connect to the console and run through the basic switch setup, SSL configuration is not completed on the switch, causing the web interface to not load.

Once you connect to the console port and run through the basic setup, it will sort the SSL config and the webui will then load (albeit with a self signed cert error (to be expected)).

 

James

View solution in original post

20 Replies 20

balaji.bandi
Hall of Fame
Hall of Fame

what terminal client you using

 

get new Putty client and install  and test it

 

image.png

 

Secure CRT

 

image.png

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I'm trying to get to the webui!

Try different Browser, since its not valid SSL, you get that error,

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Sorry, but if you re-read my post, you'll see I've already tried 3 browsers. All have the same issue.

I may have over looked the information  :  ( let me test myself again) mean time try below may work :

 

Do you have enabled on the browser  - enable  the TLSv1.1 & TLSv1.2

 

https://help.wheniwork.com/articles/enable-tls-v12-on-your-web-browser/

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Yes both 1.1 and 1.2 are enabled.

Are you using a Win7 machine?

Windows 10

Do you have any other device ? (Pc) to test

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

marce1000
Hall of Fame
Hall of Fame

 

      - Try :

  conf t
no crypto pki trustpoint TP-Self-Signed-xxxxxxxxxx
no ip http server
no ip http secure-server
ip http server
ip http secure-server
ip http authentication

 

        This should regenerate a new self signed trustpoint

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

 

 - Actually pre-pend the latter with : show run | inc crypto first

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Is there a doc you can point me to advising how to set up one of these switches via Putty? I've skimmed the docs I've found for the 9200L, but they are dense and I couldn't find anything about CLI configuration.

 

Thanks

James

 

 - https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9200/software/release/16-9/configuration_guide/sec/b_169_sec_9200_cg/configuring_secure_shell__ssh_.html

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Is there a doc that precedes this?

I.e. one that tells me how to connect to the console/management interface for the very first time?

EDIT: Nevermind, think I found it.