Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
198
Views
0
Helpful
4
Replies

CMX 11.0.1 <-> Prime Infrastructure 3.10.4 integration

Tima_20
Level 1
Level 1

‎06-05-2024 11:43 PM

Hello,

did anybody tried to connect prime intra 3.10.4 (last version) with CMX 11.0.1 (last version)?

combability matrix says it should work but I get "CMX Reachability issue. Please check logs for more information"

Tima_20_0-1717596762146.png

 

Sure, it is almost impossible to find related logs, but It is (still) possible to run tcpdump and this is the result:

Tima_20_1-1717596963578.png

TLS Version error ... looking into CMX documentation:

Tima_20_2-1717597089031.png

Ok, except NMSP, only TLS Version 1.3 is supported

Looking into Prime Infrastructure: 

Tima_20_3-1717597209079.png

It supports TLS 1.2 ,1.1 and 1.0

I'm sure, someone tested the integration, before updating combability Matrix, but forgot to write down, how it suppose to work. May be some one knows the solution?

 

Thanks

Labels:
0 Helpful
4 Replies 4

marce1000
VIP
VIP

‎06-05-2024 11:57 PM

 

  - You may try to change or specify the needed tls version on Prime with :
                        ncs run set-tls-versions  ?
     (The question mark intended to check the available options first ),

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Tima_20
Level 1
Level 1
In response to marce1000

‎06-06-2024 01:29 AM - edited ‎06-06-2024 01:38 AM

Yes, the output after question mark is in my initial post yellow highlighted and included in red square bracket, to highlight it double 

nevertheless, to exclude hided commands, I checked it

ncs run tls-server-versions ?
<cr> Carriage return.

ncs run tls-server-versions TLSv1.3
Error : Invalid TLS version - TLSv1.3. Supported TLS versions - TLSv1.2 TLSv1.1 TLSv1
0 Helpful

marce1000
VIP
VIP

‎06-06-2024 09:53 AM

 

         - Also have a look at : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr01602

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Tima_20
Level 1
Level 1
In response to marce1000

‎06-07-2024 02:48 AM

Thanks you for answer, but I receive protocol error from CMX, not on the prime infrastructure site.

To be sure, I checked it, so on prime site there wasn't any single entry in tofu store and complete CA trust chain in trusted-ca-store (ncs certvalidation trusted-ca-store listcacerts), as well as valid server certificate

I checked also CMX site (cmxctl config certs show), the same CA trust chain in CA store and valid certificate in server certificate store

unfortunately it seems to be not the right solution, I could enable or disable cert validation, but still cmx has some issue with prime certificate or TLS version, because error code is "protocol version"

 ncs certvalidation certificate-check ?
disable Disable certificate validation
enable Enable certificate validation
trust-on-first-use Trust and pin the host certificate on first use
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card