4
Cisco 9300er Serie - Webinterface HTTPS - funktioniert nicht
Wir haben hier diverse Switche:
1x Catalyst 9300-24T
4x Catalyst 9300-48T (2x Stack)
4x Catalyst 9500-40X (2x Stack)
Alle 9300er wurden mit der gleichen Firmware betankt und identisch konfiguriert. Und mit identisch, meine ich auch identisch. Die Configs sind von einer Person kurz nacheinander konfiguriert worden.
Auf den 9300-24T funktioniert der Webzugriff per HTTPS.
Auf den 9300-48T funktioniert der Webzugriff per HTTP, aber nicht per HTTPS.
Auf den 9500-40X funktioniert der Webzugriff per HTTPS.
Auffallend ist, dass es generell bei den beiden 9300-48T Stacks nicht per HTTPS funktioniert.
Folgendes wurde überprüft/durchgeführt:
- HTTP-Config verglichen --> Identisch
- RSA-Schlüssel neu erzeugt (4096 Bit)
- ssh-User neu erzeugt
- Mit Internet Explorer, Edge, Chrome versucht (auch mit Inkognito-Modi)
Hier ist die Config vom Switch auf den der Zugriff per HTTPS funktioniert:
Hier ist die Config vom Switch auf den der Zugriff per nicht HTTPS funktioniert:
Leider habe ich keine Idee mehr, wo ich ansetzen kann, da die Konfigs ja wirklich identisch sind.
Daher mein Versuch, Hilfe über das Forum zu erhalten.
Hier noch die Meldung, welche mir im Browser angezeigt werden:
Danke, Grüße.
1x Catalyst 9300-24T
4x Catalyst 9300-48T (2x Stack)
4x Catalyst 9500-40X (2x Stack)
Alle 9300er wurden mit der gleichen Firmware betankt und identisch konfiguriert. Und mit identisch, meine ich auch identisch. Die Configs sind von einer Person kurz nacheinander konfiguriert worden.
Auf den 9300-24T funktioniert der Webzugriff per HTTPS.
Auf den 9300-48T funktioniert der Webzugriff per HTTP, aber nicht per HTTPS.
Auf den 9500-40X funktioniert der Webzugriff per HTTPS.
Auffallend ist, dass es generell bei den beiden 9300-48T Stacks nicht per HTTPS funktioniert.
Folgendes wurde überprüft/durchgeführt:
- HTTP-Config verglichen --> Identisch
- RSA-Schlüssel neu erzeugt (4096 Bit)
- ssh-User neu erzeugt
- Mit Internet Explorer, Edge, Chrome versucht (auch mit Inkognito-Modi)
Hier ist die Config vom Switch auf den der Zugriff per HTTPS funktioniert:
Current configuration : 16899 bytes
!
! Last configuration change at 11:54:32 cet Fri Feb 8 2019 by admin
!
version 16.10
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
no platform punt-keepalive disable-kernel-core
!
hostname SW-000195
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
logging buffered 40960
no logging console
!
aaa new-model
!
!
aaa authentication login default local group radius
aaa authorization exec default local group radius if-authenticated
aaa accounting system default start-stop group radius
!
!
!
!
!
!
aaa session-id common
boot system switch all flash:cat9k_iosxe.16.10.01.SPA.bin
clock timezone cet 1 0
clock summer-time cest recurring last Sun Mar 2:00 last Sun Oct 3:00
switch 1 provision c9300-24t
!
!
!
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
no destination transport-method email
!
no ip domain lookup
ip domain name domäne.de
!
!
!
login on-success log
!
!
!
!
!
vtp mode transparent
no device-tracking logging theft
!
crypto pki trustpoint TP-self-signed-4237354898
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4237354898
revocation-check none
rsakeypair TP-self-signed-4237354898
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-4237354898
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34323337 33353438 3938301E 170D3139 30313331 30383432
31375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32333733
35343839 38308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100B7C2 F4858EB3 C174DF63 BFF48446 5AB8CBE6 3A8B152F 7A9EDE24
E41B4E3C 1413E282 CC9B4CCE 937F4BAA D31DB12D 912E59DB CAE2B1D1 A6AFE7AC
B2519747 D200C415 8EE7AF94 B8A94468 0ED24CA6 B6250CE8 3D78001B F9EBB947
A005D207 E91EA756 461EEF2C C1FADC7F 47741117 C7163274 280B018D AA0A13A8
9FFF8908 AF11CE56 1751F53B 9ACE2C3E 88B2B9B1 32488BD8 DCBC3BBA F00FF5D8
957DF562 AFD034E2 27DBD68B 89B089BB A75ED68E 2201CC65 AD1E547A D35E9261
0BA52203 2388E3FC 27E01EAB A0D3B5B8 BE57BD14 4829F322 2E0403AC D3C43423
768B521E 746B2673 9A4666F3 8C1F2E64 92A81F3E EDFA084A AE630DD0 D0900CF7
393AD206 2A5B0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 14E482A0 40A2D64B 2501924A 98B91B87 09C49AAD
A7301D06 03551D0E 04160414 E482A040 A2D64B25 01924A98 B91B8709 C49AADA7
300D0609 2A864886 F70D0101 05050003 82010100 6066EBF2 C1C915CF 8941A3EC
D22DCFCC 09700524 96DC7C53 12217CDF 9A7A4D80 BDE96755 60AF67BB 8C4A4295
A2C4846C 98E8D9DD 19BAB1A0 ED12C42C D865FF2B B3F296B6 ED43050E CE5AD888
651038AC C4DC4A5B 89EEE490 9B640DA0 C4FDDA84 F1F43EB4 7A8F4952 37E60846
5A4E7988 F48B8FEC 06749673 3D2DA8F0 51152DC4 621A545F 4554D0DB 001FCE51
DE84C770 687E54B9 9E7A4C22 8A4A6FBA 190835DC 959664E0 D2A8F81E 8871AC7F
35B5CF30 B5CE3560 7821023C 7D3A1468 9663920B 064A0961 C1F317AA 118734DF
CA2C3656 43EBFBE9 565B4CDF 28DD1E8F 108EA28C E8C18354 71B91E3B AE3C0CE8
DAF86021 E822C010 F55E9814 89C40FAB EF42E9C4
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
43697363 63324030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
D697DF7F 28
quit
!
license boot level network-essentials addon dna-essentials
!
!
diagnostic bootup level minimal
!
spanning-tree mode mst
spanning-tree extend system-id
!
spanning-tree mst configuration
name firma
revision 1
instance 1 vlan 1-4093
!
archive
path tftp://192.168.0.200/$h/cfg-$t
write-memory
!
!
username admin privilege 15 secret 9 $9$a4bR.r/9mGdtD.$1L/P/LhjyMFw1g6VjdOfCAF9XTAYUrFShPp7NzPuDPQ
!
redundancy
mode sso
!
!
!
!
!
vlan 20-200
!
lldp run
!
class-map match-any system-cpp-police-ewlc-control
description EWLC Control
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
class-map match-any system-cpp-default
description EWLC Data, Inter FED Traffic
class-map match-any system-cpp-police-sys-data
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-high-rate-app
description High Rate Applications
class-map match-any system-cpp-police-multicast
description MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual OOB
class-map match-any system-cpp-police-control-low-priority
description General punt
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
description DHCP snooping
class-map match-any system-cpp-police-ios-routing
description L2 control, Topology control, Routing control, Low Latency
class-map match-any system-cpp-police-system-critical
description System Critical and Gold Pkt
class-map match-any system-cpp-police-ios-feature
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
!
policy-map system-cpp-policy
class system-cpp-police-control-low-priority
!
!
!
!
!
!
!
!
!
!
interface Port-channel108
switchport mode trunk
switchport nonegotiate
spanning-tree link-type point-to-point
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
ip address 10.20.30.40 255.255.255.0
speed 1000
negotiation auto
!
interface GigabitEthernet1/0/1
switchport access vlan 200
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/2
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/3
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/4
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/5
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/6
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/7
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/8
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/9
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/10
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/11
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/12
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/13
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/14
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/15
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/16
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/17
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/18
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/19
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/20
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/21
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/22
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/23
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/24
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface TenGigabitEthernet1/1/3
!
interface TenGigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/5
!
interface TenGigabitEthernet1/1/6
!
interface TenGigabitEthernet1/1/7
switchport mode trunk
switchport nonegotiate
channel-group 108 mode active
!
interface TenGigabitEthernet1/1/8
switchport mode trunk
switchport nonegotiate
channel-group 108 mode active
!
interface FortyGigabitEthernet1/1/1
!
interface FortyGigabitEthernet1/1/2
!
interface TwentyFiveGigE1/1/1
!
interface TwentyFiveGigE1/1/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan200
ip address 192.168.200.244 255.255.255.0
!
ip forward-protocol nd
no ip http server
ip http authentication aaa
ip http secure-server
ip ssh version 2
!
!
kron occurrence SDB at 20:00 Sun recurring
policy-list SDB
!
kron policy-list SDB
cli write memory
!
!
snmp-server community public RO
snmp-server location Serverraum
snmp-server contact Administratoren
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps flowmon
snmp-server enable traps entity-perf throughput-notif
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps rep
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps port-security
snmp-server enable traps license
snmp-server enable traps smart-license
snmp-server enable traps cpu threshold
snmp-server enable traps memory bufferpeak
snmp-server enable traps stackwise
snmp-server enable traps udld link-fail-rpt
snmp-server enable traps udld status-change
snmp-server enable traps fru-ctrl
snmp-server enable traps flash insertion removal lowspace
snmp-server enable traps energywise
snmp-server enable traps power-ethernet police
snmp-server enable traps entity
snmp-server enable traps pw vc
snmp-server enable traps envmon
snmp-server enable traps ipsla
snmp-server enable traps bfd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps event-manager
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps dhcp
snmp-server enable traps auth-framework sec-violation
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps pimstdmib neighbor-loss invalid-register invalid-join-prune rp-mapping-change interface-election
snmp-server enable traps ospfv3 state-change
snmp-server enable traps ospfv3 errors
snmp-server enable traps ike policy add
snmp-server enable traps ike policy delete
snmp-server enable traps ike tunnel start
snmp-server enable traps ike tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps vlan-membership
snmp-server enable traps errdisable
snmp-server enable traps rf
snmp-server enable traps transceiver all
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps mac-notification change move threshold
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
snmp-server host 192.168.0.250 public
!
!
radius server radius3
address ipv4 192.168.0.80 auth-port 1812 acct-port 1813
key string
!
radius server radius4
address ipv4 192.168.0.81 auth-port 1812 acct-port 1813
key string
!
!
control-plane
service-policy input system-cpp-policy
!
!
line con 0
logging synchronous
stopbits 1
line vty 0 4
logging synchronous
transport input ssh
line vty 5 15
logging synchronous
transport input ssh
!
ntp server 192.168.0.110
!
mac address-table notification mac-move
!
!
!
!
!
endHier ist die Config vom Switch auf den der Zugriff per nicht HTTPS funktioniert:
Current configuration : 27608 bytes
!
! Last configuration change at 11:59:06 cet Fri Feb 8 2019 by admin
!
version 16.10
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service call-home
no platform punt-keepalive disable-kernel-core
!
hostname SW-000189
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
no logging console
enable secret 9 $9$Vp8VpCCqO22m0E$5Hr/sesToS/KqDsOq8l862Gc7uQE3SsdYHPxcRAu3gls
!
aaa new-model
!
!
aaa authentication login default local group radius
aaa authorization exec default local group radius if-authenticated
aaa accounting system default start-stop group radius
!
!
!
!
!
!
aaa session-id common
boot system switch all flash:cat9k_iosxe.16.10.01.SPA.bin
clock timezone cet 1 0
clock summer-time cest recurring last Sun Mar 2:00 last Sun Oct 3:00
switch 1 provision c9300-48t
switch 2 provision c9300-48t
!
stack-power stack Powerstack-1
!
stack-power switch 1
stack Powerstack-1
stack-power switch 2
stack Powerstack-1
!
!
!
!
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
no destination transport-method email
!
no ip domain lookup
ip domain name domäne.de
!
!
!
login on-success log
!
!
!
!
!
vtp mode transparent
no device-tracking logging theft
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
crypto pki trustpoint TP-self-signed-199934604
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-199934604
revocation-check none
rsakeypair TP-self-signed-199934604
!
!
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA58746 CD98B646 5575B146 8DFC66A8
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C3798564 39F08678
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
D697DF7F 28
quit
crypto pki certificate chain TP-self-signed-199934604
certificate self-signed 01
3082032E 30820216 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31393939 33343630 34301E17 0D313930 31323931 30323231
375A170D 33303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3139 39393334
36303430 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02
82010100 D8D61B49 DEEE62F1 1BA10CF2 D0AE4B10 D708DBE8 CAC520CA 5F43DCDA
4165FA79 26D366A9 D97526D0 0F1C35E6 3ADA6D63 BED5B813 585BAB00 286628C5
5D0E8C49 461E814B 6473312D 490272A1 1E6E9386 15E5BD3B 627BEA31 637FFA1A
F0A977CD 0D10BA7B 0F65C3A1 2CD71178 8AE17D07 C2094A22 011F11ED 76FA8573
F095CEF6 470BE430 1AFCAEE9 715BA159 031A5D55 82B322EF F37C3274 32D346F6
FD42DDFB E15B5344 39D1DF09 DA1C770C EB5E8BA9 B7C4D25C BC423506 998C3147
EFB9C3A1 41D4B177 3C2F8121 863BAF3F C766FEF5 B906D5F7 EAC1D4A7 6666C025
C4AEB6D0 91E99BF1 A4DF5E04 7F183979 D012E261 E2F64BAB CFA479C3 B139ACD8
B7C3F519 02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F
0603551D 23041830 16801445 D18BCEC8 56CA7AFD 8D0560E8 036B74C7 33797E30
1D060355 1D0E0416 041445D1 8BCEC856 CA7AFD8D 0560E803 6B74C733 797E300D
06092A86 4886F70D 01010505 00038201 01005A8A DD90C31F 84979E38 2A9B7176
C3076E65 948CDDD3 D11AB9E3 25852F95 5F864A31 153B01A7 59882733 4B30E25C
233F69F3 38A74E36 BDDCC420 D1FD91C2 8BE9E4F8 C5A30335 80025923 C5DDAE00
835B2291 8CAE011B D1AC54D1 1D40DB60 D701C9D7 E2B92E65 0595E8A4 67286AE7
3EE651F4 A61E598B CAEE93F3 21403414 35C3E06E CACC224A B4DA8F42 EC329976
1B313992 F92E04E6 C2D2177F 2FA95E6F 8F8F87F5 B3C3392B E6C14D68 21434CF6
75CFBD4D 213C7EDF E4F50CAB DA6BC8B4 B90FB02E 97805B64 A1388517 9F14C976
76053388 031AF9CD 5B36CB8E A380CB85 D860793F AC8053E7 033BB7A6 83D9F9F6
9E3E83FB 3B489A7B 0DE9AA1A BD6D6279 A3F5
quit
!
license boot level network-essentials addon dna-essentials
!
!
diagnostic bootup level minimal
!
spanning-tree mode mst
spanning-tree extend system-id
!
spanning-tree mst configuration
name SBD
revision 1
instance 1 vlan 1-4093
!
archive
path tftp://192.168.0.160/$h/cfg-$t
write-memory
!
!
username user privilege 5 secret 9 $9$0XhLfXiaSeCOhk$lcvmc3QycMgi4MmZGQViyMb99KDOfPGRTIkte7H0XEg
username admin privilege 15 secret 9 $9$IhhEeHlXmIqXvU$pk9h3V6Hm.Sl.5oB8GOC5R7CUsKvFwTgojIHIfMzuhc
!
redundancy
mode sso
!
!
!
!
!
vlan 20-189
!
vlan 190
name SBD-MGMT
!
vlan 190-200
!
lldp run
!
class-map match-any system-cpp-police-ewlc-control
description EWLC Control
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
class-map match-any system-cpp-default
description EWLC Data, Inter FED Traffic
class-map match-any system-cpp-police-sys-data
description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-high-rate-app
description High Rate Applications
class-map match-any system-cpp-police-multicast
description MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual OOB
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
description DHCP snooping
class-map match-any system-cpp-police-ios-routing
description L2 control, Topology control, Routing control, Low Latency
class-map match-any system-cpp-police-system-critical
description System Critical and Gold Pkt
class-map match-any system-cpp-police-ios-feature
description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
!
policy-map system-cpp-policy
!
!
!
!
!
!
!
!
!
!
interface Port-channel108
switchport mode trunk
switchport nonegotiate
spanning-tree link-type point-to-point
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
speed 1000
negotiation auto
!
interface GigabitEthernet1/0/1
switchport access vlan 200
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/2
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/3
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/4
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/5
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/6
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/7
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/8
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/9
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/10
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/11
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/12
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/13
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/14
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/15
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/16
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/17
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/18
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/19
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/20
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/21
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/22
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/23
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/24
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/25
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/26
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/27
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/28
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/29
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/30
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/31
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/32
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/33
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/34
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/35
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/36
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/37
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/38
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/39
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/40
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/41
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/42
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/43
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/44
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/45
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/46
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/47
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/48
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface TenGigabitEthernet1/1/3
!
interface TenGigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/5
!
interface TenGigabitEthernet1/1/6
!
interface TenGigabitEthernet1/1/7
!
interface TenGigabitEthernet1/1/8
switchport mode trunk
switchport nonegotiate
channel-group 108 mode active
!
interface FortyGigabitEthernet1/1/1
!
interface FortyGigabitEthernet1/1/2
!
interface TwentyFiveGigE1/1/1
!
interface TwentyFiveGigE1/1/2
!
interface GigabitEthernet2/0/1
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/2
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/3
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/4
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/5
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/6
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/7
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/8
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/9
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/10
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/11
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/12
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/13
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/14
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/15
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/16
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/17
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/18
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/19
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/20
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/21
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/22
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/23
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/24
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/25
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/26
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/27
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/28
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/29
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/30
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/31
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/32
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/33
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/34
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/35
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/36
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/37
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/38
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/39
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/40
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/41
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/42
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/43
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/44
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/45
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/46
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/47
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/48
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/1/1
!
interface GigabitEthernet2/1/2
!
interface GigabitEthernet2/1/3
!
interface GigabitEthernet2/1/4
!
interface TenGigabitEthernet2/1/1
!
interface TenGigabitEthernet2/1/2
!
interface TenGigabitEthernet2/1/3
!
interface TenGigabitEthernet2/1/4
!
interface TenGigabitEthernet2/1/5
!
interface TenGigabitEthernet2/1/6
!
interface TenGigabitEthernet2/1/7
!
interface TenGigabitEthernet2/1/8
switchport mode trunk
switchport nonegotiate
channel-group 108 mode active
!
interface FortyGigabitEthernet2/1/1
!
interface FortyGigabitEthernet2/1/2
!
interface TwentyFiveGigE2/1/1
!
interface TwentyFiveGigE2/1/2
!
interface Vlan1
no ip address
!
interface Vlan200
ip address 192.168.200.240 255.255.255.0
!
ip default-gateway 192.168.0.1
ip forward-protocol nd
no ip http server
ip http authentication aaa
ip http secure-server
ip ssh version 2
!
!
kron occurrence wgg at 20:00 Sun recurring
policy-list SBD
!
kron policy-list SBD
cli write memory
!
!
snmp-server community public RO
snmp-server location Serverraum 2
snmp-server contact Administratoren
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps flowmon
snmp-server enable traps entity-perf throughput-notif
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps rep
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps port-security
snmp-server enable traps license
snmp-server enable traps smart-license
snmp-server enable traps cpu threshold
snmp-server enable traps memory bufferpeak
snmp-server enable traps stackwise
snmp-server enable traps udld link-fail-rpt
snmp-server enable traps udld status-change
snmp-server enable traps fru-ctrl
snmp-server enable traps flash insertion removal lowspace
snmp-server enable traps energywise
snmp-server enable traps power-ethernet police
snmp-server enable traps entity
snmp-server enable traps pw vc
snmp-server enable traps envmon
snmp-server enable traps ipsla
snmp-server enable traps bfd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps event-manager
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps dhcp
snmp-server enable traps auth-framework sec-violation
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps pimstdmib neighbor-loss invalid-register invalid-join-prune rp-mapping-change interface-election
snmp-server enable traps ospfv3 state-change
snmp-server enable traps ospfv3 errors
snmp-server enable traps ike policy add
snmp-server enable traps ike policy delete
snmp-server enable traps ike tunnel start
snmp-server enable traps ike tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps vlan-membership
snmp-server enable traps errdisable
snmp-server enable traps rf
snmp-server enable traps transceiver all
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps mac-notification change move threshold
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
snmp-server host 192.168.0.250 public
!
!
radius server radius3
address ipv4 192.168.0.80 auth-port 1812 acct-port 1813
key string
!
radius server radius4
address ipv4 192.168.0.81 auth-port 1812 acct-port 1813
key string[
!
!
control-plane
service-policy input system-cpp-policy
!
!
line con 0
logging synchronous
stopbits 1
line vty 0 4
logging synchronous
transport input ssh
line vty 5 15
logging synchronous
transport input ssh
!
ntp server 192.168.200.1
!
mac address-table notification mac-move
!
!
!
!
!
endLeider habe ich keine Idee mehr, wo ich ansetzen kann, da die Konfigs ja wirklich identisch sind.
Daher mein Versuch, Hilfe über das Forum zu erhalten.
Hier noch die Meldung, welche mir im Browser angezeigt werden:
Danke, Grüße.
Share on Facebook
Share on Twitter
Share on Reddit
Share on LinkedinPlease also mark the comments that contributed to the solution of the article
Content-Key: 415669
Url: https://administrator.de/contentid/415669
Printed on: April 25, 2024 at 21:04 o'clock
4 Comments
Latest comment
Hallo,
Deine Fehlermeldung hat als Quelle die 10.20.100.240. Die taucht aber in deiner config nicht auf....
(Oder ich hab das in den 1000 Zeilen config überlesen..)
Wer hat den die IP?
Und wofür brauchst du https Zugang? Die console sagt doch alles und das viel schneller?
Gibt es im Log irgendwelche Einträge?
Brammer
Deine Fehlermeldung hat als Quelle die 10.20.100.240. Die taucht aber in deiner config nicht auf....
(Oder ich hab das in den 1000 Zeilen config überlesen..)
Wer hat den die IP?
Und wofür brauchst du https Zugang? Die console sagt doch alles und das viel schneller?
Gibt es im Log irgendwelche Einträge?
Brammer
Korrekt, ich habe die Config natürlich etwas angepasst. Im Bild habe ich das vergessen. Du kannst dir sicher sein, dass die Adressierung definitiv passt. Momentan ist der ganze Aufbau in einem Labornetzwerk. Pingen kann ich die Kiste (wie gesagt) bereits. HTTP-Zugriff geht auch. Nur HTTPS geht nicht.
Wer hat den die IP?
Und wofür brauchst du https Zugang? Die console sagt doch alles und das viel schneller?
Das mag sein, nur habe ich auch Kollegen, die ab und an mal ein VLAN ändern müssen/sollen und mit der Console nicht so firm sind, da wir erst letztes Jahr auf Cisco umgestellt haben bzw. bei der Umstellung sind.Und wofür brauchst du https Zugang? Die console sagt doch alles und das viel schneller?
Gibt es im Log irgendwelche Einträge?
Ich habe mit einem unserer Dienstleister, welcher regelmäßig Cisco Netzwerke aufbaut, nachgesehen. Gefunden haben wir beide nichts. Deshalb mein letzter Versuch hier im Forum.
Hallo,
dann lasse mal ein
mitlaufen.
du kannst den Log auch hier posten.
Außerdem würde ich mal eine wireshark laufen lassen.
brammer
dann lasse mal ein
debug ip https allmitlaufen.
du kannst den Log auch hier posten.
Außerdem würde ich mal eine wireshark laufen lassen.
brammer
Gegen meinen eigentlichen Willen habe ich den Stack aufgelöst, die Startups noch einmal komplett gelöscht und alles neukonfiguriert.
Nu' gehts. Ich werde das auf dem zweiten Stack auch noch einmal machen.
...wird mit in meiner "Config-Liste" aufgenommen.
Danke, ich berichte, ob es beim zweiten Stack auch so geklappt hat.
EDIT:
Auch beim anderen "Problemkind" ist das Webinterface jetzt über HTTPS erreichbar.
Nu' gehts. Ich werde das auf dem zweiten Stack auch noch einmal machen.
debug ip https all...wird mit in meiner "Config-Liste" aufgenommen.
Danke, ich berichte, ob es beim zweiten Stack auch so geklappt hat.
EDIT:
Auch beim anderen "Problemkind" ist das Webinterface jetzt über HTTPS erreichbar.
