CBS350 Switch HTTPS Web UI Broken

atish · ‎01-09-2023

Hi all,

I have recently bought and configured 4x CBS350 switches, in 2 stacks.

Each stack has 2 switches.

Switch configuration is very basic, with 5 VLANs, 1 management IP, and 2 LAGs.

While I can access the switch over console, HTTP, and SSH, I cannot access any of the switches using HTTPS. I have tried disabling/enabling the http secure-server, rebooting the switches, restarting my laptop, re-generating the self-signed certs, change connection cables, reset the port, use different ports, change the management IP and VLAN, but no dice.

While I am happy with console and SSH, I would prefer to turn off HTTP and use HTTPS instead. We do need HTTPS enabled for service desk to perform read only checks, as they are not well versed with SSH.

Has anyone faced a similar issue before?

Does anyone have an idea on the next troubleshooting steps?

Any help will be appreciated.

Thanks.

marce1000 · ‎01-09-2023

>...I cannot access any of the switches using HTTPS
- What happens then ? Do you get an error ? Can you provide a screenshot (e.g.)

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

atish · ‎01-10-2023

Hey marce1000,
Please find a screenshot below:

Regards,

Atish

marce1000 · ‎01-10-2023

- Have a look at : https://www.cisco.com/c/en/us/td/docs/switches/lan/csbms/CBS_250_350/CLI/cbs-350-cli-/web-server-commands.html#wp2708952523

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

atish · ‎01-30-2023

Hi Marce1000,

Thanks for the link. I have made sure that the HTTPS server is enabled, and HTTPS logging is also enabled.
I have also lodged a case with Cisco TAC. I will update the forum post ASAP.

Regards,
Atish

atish · ‎01-30-2023

Hi again,
I have tested the HTTPS access again, and it is still failing, with the below log output:

31-Jan-2023 17:16:42 :%HTTP_HTTPS-I-CONNECT: Connection ID 190 - HTTPS Session request from 10.xx.xx.xx port 3486 to Local address 10.xx.xx.xx port 443, cert ID 1, cert hash 16d3c75d8e38c958928ad2d1cb6c588a18f2079a using crypto cipher TLS_AES_256_GCM_SHA384 succeeded

31-Jan-2023 17:16:42 :%AAA-I-CONNECT: New https connection for user admin, source 10.xx.xx.xx destination 10.xx.xx.xx ACCEPTED

31-Jan-2023 17:16:42 :%HTTP_HTTPS-I-AUTHENTICATED: Connection ID 190 - User 'admin' authentication for HTTPS Session from 10.xx.xx.xx using crypto cipher TLS_AES_256_GCM_SHA384 succeeded

31-Jan-2023 17:18:13 :%HTTP_HTTPS-I-DISCONNECT: Connection ID 190 - from 10.xx.xx.xx port 3486 closed. Reason: Idle timeout

31-Jan-2023 17:18:13 :%AAA-I-DISCONNECT: https connection for user admin, source 10.xx.xx.xx destination 10.xx.xx.xx TERMINATED

Atish

marce1000 · ‎01-30-2023

>...%AAA-I-CONNECT: New https connection for user admin,...
- If admin is a local user (to be expected) , then check the AAA configuration , make sure local authentication has priority over radius if configured ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

atish · ‎01-31-2023

Hey Marce,

Radius is not yet configured on the switch.

I am still waiting on Cisco TAC, and will update the forum here ASAP.

Regards,
Atish

originaldotte · ‎01-18-2023

Seeing the same issue across different CBS 350 stacks as well. Different firmware versions also. Only affecting https, opening developer tools through the browser shows dozens of errors trying to load css and various other webpage settings. Multiple browsers tried as well. Maybe TAC has a fix or can say if it's a known bug.

atish · ‎01-30-2023

Hi originaldotte,

I have opened a case with TAC. hopefully they will find something.

Atish

paok88 · ‎03-06-2023

Did you get a resolution for this? I am having same issue

atish · ‎03-06-2023

Not yet. Cisco Support advised to upgrade to the latest firmware and to try again.

I am now still waiting on the end user on a date and time to do this. It might unfortunately be a while before I get the go ahead.

Atish

paok88 · ‎03-07-2023

Just a heads up, I did update to latest firmware last night. Same issue.

marce1000 · ‎03-07-2023

@paok88 Escalate the issue -> https://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '