Cisco 2960G - Web interface not available in HTTPS, only in HTTP, why ?

Elrick Landon · ‎05-07-2017

Hi to all,

I just updated my Switch 2960 to the latest release, 12.2(55)SE11 (c2960-lanbasek9-tar.122-55.SE11.tar).

All is working fine even if i try to access to Cisco web interface in HTTPS.

If i active http web interface => HTTP OK

If i active https => HTTPS KO, telnet on port 443 is open, but Nothing is answering behind...

I dunno why, i post here my configuration :

Using 2192 out of 65536 bytes
!
! Last configuration change at 18:03:56 cest Sun May 7 2017
! NVRAM config last updated at 18:04:06 cest Sun May 7 2017
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname C2960G-1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$0UPl$SuJI1pntqnY8deafJonJe/
enable password 7 0871141C0C4B55
!
username Cisco privilege 15 secret 5 $1$kG7o$22gaI1msYYIOqvKn0oKKV1
!
!
no aaa new-model
clock timezone cet 1
clock summer-time cest recurring last Sun Mar 3:00 last Sun Oct 3:00
system mtu routing 1500
!
!
ip domain-name mondomaine.local
!
!
crypto pki trustpoint TP-self-signed-3541658880
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3541658880
revocation-check none
rsakeypair TP-self-signed-3541658880
!
!
crypto pki certificate chain TP-self-signed-3541658880
certificate self-signed 01 nvram:IOS-Self-Sig#3030.cer
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
!
interface GigabitEthernet0/13
!
interface GigabitEthernet0/14
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
!
interface GigabitEthernet0/17
!
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23
!
interface GigabitEthernet0/24
!
interface Vlan1
ip address 192.168.1.250 255.255.255.0
!
ip default-gateway 192.168.1.1
no ip http server
ip http authentication local
ip http secure-server
!
line con 0
exec-timeout 0 0
line vty 0 4
password 7 12495D4517595C
login
line vty 5 15
password 7 055B5E5D241E1E
login
!
ntp clock-period 36028801
ntp server 62.4.12.66
ntp server 94.23.217.75
end

Georg Pauwen · ‎05-07-2017

Hello,

try and configure an aaa model as below:

aaa new-model
aaa authentication login default local
username cisco secret mysecret
ip http authentication local
ip http secure-server

Elrick Landon · ‎05-07-2017

I add it, nothing new, the webinterface is still not reachable

So if i want to remove it, i add "no aaa new-model", is it correct ?

Georg Pauwen · ‎05-08-2017

Elrick,

the problem might be with Internet Explorer and/or recently installed Windows Security Updates.

If possible, try Firefox or Google Chrome.

Saluts

Elrick Landon · ‎05-08-2017

Same issue with Firefox and Chrome.

The Truth is out there ?

Matt Wilson · ‎12-11-2019

I find that SeaMonkey works with all Cisco http access. You will need to install Java as well.

Julio E. Moisa · ‎05-08-2017

Hi

Please check this link, it could be useful:

https://supportforums.cisco.com/discussion/11341186/using-web-console-if-possible-manage-2960-switch

Managing the Switch

After completing Express Setup and installing the switch in your network, you can use one of these options for further configuration.

Using Device Manager

The simplest way to manage the switch is by using Device Manager in the switch memory. This web interface offers quick configuration and monitoring. You can access Device Manager from anywhere in your network through a web browser.

Procedure

Step 1	Launch a web browser on your PC or workstation.
Step 2	Enter the switch IP address in the web browser, and press Enter. The Device Manager page appears.
Step 3	Use Device Manager to perform basic switch configuration and monitoring. See the Device Manager online help for more information.
Step 4	For a more advanced configuration, download and run Cisco Network Assistant, which is described in the next section.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960xr/hardware/quick/guide/b_gsg_2960xr.html

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Elrick Landon · ‎05-08-2017

I check your link, the iOS update already done integrate html folder (it's a DEV MGR version).

As i say previously, only https is not working, http is working if i active it.

paul driver · ‎12-12-2019

Hello

@Elrick Landon wrote:

HIf i active https => HTTPS KO, telnet on port 443 is open, but Nothing is answering behind.

You have http-telnet access so can you elaborate what you mean by this? -
What are you trying t access and by what means, http-telnet etc...?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul