08-18-2024 03:47 PM
Hi. I'm working on getting things setup with my 3750. I'm a total noob, so forgive my ignorance but I've hit a new stumbling block. I wanted to take the config I got from show running-config and make some changes then paste it back in. So I copied it out, did the work and went to paste it. When I got to the certificate, it puked:
Device mode already VTP Transparent for VLANS.
catalyst(config)#!
catalyst(config)#crypto pki trustpoint TP-self-signed-2699823360
catalyst(ca-trustpoint)# enrollment selfsigned
catalyst(ca-trustpoint)#$me cn=IOS-Self-Signed-Certificate-2699823360
catalyst(ca-trustpoint)# revocation-check none
catalyst(ca-trustpoint)# rsakeypair TP-self-signed-2699823360
catalyst(ca-trustpoint)#!
catalyst(ca-trustpoint)#$certificate chain TP-self-signed-2699823360
catalyst(config-cert-chain)# certificate self-signed 01
catalyst(config-cert-chain)#$020101 300D0609 2A864886 F70D0101 04050030
30820241 308201AA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
^
% Invalid input detected at '^' marker.
catalyst(config-cert-chain)#$4F532D 53656C66 2D536967 6E65642D 43657274
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
^
% Invalid input detected at '^' marker.
catalyst(config-cert-chain)#$323333 3630301E 170D3933 30333031 30303032
69666963 6174652D 32363939 38323333 3630301E 170D3933 30333031 30303032
^
% Invalid input detected at '^' marker.
catalyst(config-cert-chain)#$1303130 30303030 305A3031 312F302D 0603 60
*Mar 2 07:43:01.433: % Multiple self signed certificates in config
certificate fo303030 305A3031 312F302D 06035504 03132649
31375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
^
% Invalid input detected at '^' marker.
Didn't like that one bit. GPT said try removing the spaces but that made no difference. How do I paste this back in?
Or do I not really need to screw with it? Can I just paste the bits I'm working on? (port tagging, vlans, acls, etc)
Thanks!
PS - if I'm working in conf t and something like this blows up, is there a way to back out without it committing my changes?
08-18-2024 11:46 PM
- You could try to prepare the certificate part (configuring statements) in a separate file ; and import it via tftp ; check if that can help
Note that when copying (importing) parts of a running configuration ,
it will only add/merge , not destroy the already existing (parts) of the running configuration.
M.
08-19-2024 12:33 PM
Great, thanks a lot!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide