01-09-2023 08:27 PM
Hi all,
I have recently bought and configured 4x CBS350 switches, in 2 stacks.
Each stack has 2 switches.
Switch configuration is very basic, with 5 VLANs, 1 management IP, and 2 LAGs.
While I can access the switch over console, HTTP, and SSH, I cannot access any of the switches using HTTPS. I have tried disabling/enabling the http secure-server, rebooting the switches, restarting my laptop, re-generating the self-signed certs, change connection cables, reset the port, use different ports, change the management IP and VLAN, but no dice.
While I am happy with console and SSH, I would prefer to turn off HTTP and use HTTPS instead. We do need HTTPS enabled for service desk to perform read only checks, as they are not well versed with SSH.
Has anyone faced a similar issue before?
Does anyone have an idea on the next troubleshooting steps?
Any help will be appreciated.
Thanks.
01-09-2023 11:03 PM
>...I cannot access any of the switches using HTTPS
- What happens then ? Do you get an error ? Can you provide a screenshot (e.g.)
M.
01-10-2023 02:31 PM
Hey marce1000,
Please find a screenshot below:
Regards,
Atish
01-10-2023 11:04 PM
- Have a look at : https://www.cisco.com/c/en/us/td/docs/switches/lan/csbms/CBS_250_350/CLI/cbs-350-cli-/web-server-commands.html#wp2708952523
M.
01-30-2023 03:27 PM
Hi Marce1000,
Thanks for the link. I have made sure that the HTTPS server is enabled, and HTTPS logging is also enabled.
I have also lodged a case with Cisco TAC. I will update the forum post ASAP.
Regards,
Atish
01-30-2023 10:22 PM
Hi again,
I have tested the HTTPS access again, and it is still failing, with the below log output:
31-Jan-2023 17:16:42 :%HTTP_HTTPS-I-CONNECT: Connection ID 190 - HTTPS Session request from 10.xx.xx.xx port 3486 to Local address 10.xx.xx.xx port 443, cert ID 1, cert hash 16d3c75d8e38c958928ad2d1cb6c588a18f2079a using crypto cipher TLS_AES_256_GCM_SHA384 succeeded
31-Jan-2023 17:16:42 :%AAA-I-CONNECT: New https connection for user admin, source 10.xx.xx.xx destination 10.xx.xx.xx ACCEPTED
31-Jan-2023 17:16:42 :%HTTP_HTTPS-I-AUTHENTICATED: Connection ID 190 - User 'admin' authentication for HTTPS Session from 10.xx.xx.xx using crypto cipher TLS_AES_256_GCM_SHA384 succeeded
31-Jan-2023 17:18:13 :%HTTP_HTTPS-I-DISCONNECT: Connection ID 190 - from 10.xx.xx.xx port 3486 closed. Reason: Idle timeout
31-Jan-2023 17:18:13 :%AAA-I-DISCONNECT: https connection for user admin, source 10.xx.xx.xx destination 10.xx.xx.xx TERMINATED
Atish
01-30-2023 11:53 PM
>...%AAA-I-CONNECT: New https connection for user admin,...
- If admin is a local user (to be expected) , then check the AAA configuration , make sure local authentication has priority over radius if configured ,
M.
01-31-2023 02:32 PM
Hey Marce,
Radius is not yet configured on the switch.
I am still waiting on Cisco TAC, and will update the forum here ASAP.
Regards,
Atish
01-18-2023 09:50 AM - edited 01-18-2023 09:51 AM
Seeing the same issue across different CBS 350 stacks as well. Different firmware versions also. Only affecting https, opening developer tools through the browser shows dozens of errors trying to load css and various other webpage settings. Multiple browsers tried as well. Maybe TAC has a fix or can say if it's a known bug.
01-30-2023 03:28 PM
Hi originaldotte,
I have opened a case with TAC. hopefully they will find something.
Atish
03-06-2023 07:20 AM
Did you get a resolution for this? I am having same issue
03-06-2023 02:23 PM
Not yet. Cisco Support advised to upgrade to the latest firmware and to try again.
I am now still waiting on the end user on a date and time to do this. It might unfortunately be a while before I get the go ahead.
Atish
03-07-2023 08:39 AM
Just a heads up, I did update to latest firmware last night. Same issue.
03-07-2023 09:15 AM
@paok88 Escalate the issue -> https://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html
M.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide