Top-Themen

Aktuelle Themen (A bis Z)

Administrator.de FeedbackApache ServerAppleAssemblerAudioAusbildungAuslandBackupBasicBatch & ShellBenchmarksBibliotheken & ToolkitsBlogsCloud-DiensteClusterCMSCPU, RAM, MainboardsCSSC und C++DatenbankenDatenschutzDebianDigitiales FernsehenDNSDrucker und ScannerDSL, VDSLE-BooksE-BusinessE-MailEntwicklungErkennung und -AbwehrExchange ServerFestplatten, SSD, RaidFirewallFlatratesGoogle AndroidGrafikGrafikkarten & MonitoreGroupwareHardwareHosting & HousingHTMLHumor (lol)Hyper-VIconsIDE & EditorenInformationsdiensteInstallationInstant MessagingInternetInternet DomäneniOSISDN & AnaloganschlüsseiTunesJavaJavaScriptKiXtartKVMLAN, WAN, WirelessLinuxLinux DesktopLinux NetzwerkLinux ToolsLinux UserverwaltungLizenzierungMac OS XMicrosoftMicrosoft OfficeMikroTik RouterOSMonitoringMultimediaMultimedia & ZubehörNetzwerkeNetzwerkgrundlagenNetzwerkmanagementNetzwerkprotokolleNotebook & ZubehörNovell NetwareOff TopicOpenOffice, LibreOfficeOutlook & MailPapierkorbPascal und DelphiPeripheriegerätePerlPHPPythonRechtliche FragenRedHat, CentOS, FedoraRouter & RoutingSambaSAN, NAS, DASSchriftartenSchulung & TrainingSEOServerServer-HardwareSicherheitSicherheits-ToolsSicherheitsgrundlagenSolarisSonstige SystemeSoziale NetzwerkeSpeicherkartenStudentenjobs & PraktikumSuche ProjektpartnerSuseSwitche und HubsTipps & TricksTK-Netze & GeräteUbuntuUMTS, EDGE & GPRSUtilitiesVB for ApplicationsVerschlüsselung & ZertifikateVideo & StreamingViren und TrojanerVirtualisierungVisual StudioVmwareVoice over IPWebbrowserWebentwicklungWeiterbildungWindows 7Windows 8Windows 10Windows InstallationWindows MobileWindows NetzwerkWindows ServerWindows SystemdateienWindows ToolsWindows UpdateWindows UserverwaltungWindows VistaWindows XPXenserverXMLZusammenarbeit

gelöst Cisco 9300er Serie - Webinterface HTTPS - funktioniert nicht

Mitglied: malawi

malawi (Level 1) - Jetzt verbinden

08.02.2019, aktualisiert 12:51 Uhr, 205 Aufrufe, 4 Kommentare

Wir haben hier diverse Switche:

1x Catalyst 9300-24T
4x Catalyst 9300-48T (2x Stack)
4x Catalyst 9500-40X (2x Stack)

Alle 9300er wurden mit der gleichen Firmware betankt und identisch konfiguriert. Und mit identisch, meine ich auch identisch. Die Configs sind von einer Person kurz nacheinander konfiguriert worden.

Auf den 9300-24T funktioniert der Webzugriff per HTTPS.

Auf den 9300-48T funktioniert der Webzugriff per HTTP, aber nicht per HTTPS.

Auf den 9500-40X funktioniert der Webzugriff per HTTPS.

Auffallend ist, dass es generell bei den beiden 9300-48T Stacks nicht per HTTPS funktioniert.

Folgendes wurde überprüft/durchgeführt:

- HTTP-Config verglichen --> Identisch
- RSA-Schlüssel neu erzeugt (4096 Bit)
- ssh-User neu erzeugt
- Mit Internet Explorer, Edge, Chrome versucht (auch mit Inkognito-Modi)


Hier ist die Config vom Switch auf den der Zugriff per HTTPS funktioniert:

01.
Current configuration : 16899 bytes
02.
!
03.
! Last configuration change at 11:54:32 cet Fri Feb 8 2019 by admin
04.
!
05.
version 16.10
06.
no service pad
07.
service timestamps debug datetime msec localtime show-timezone
08.
service timestamps log datetime msec localtime show-timezone
09.
no platform punt-keepalive disable-kernel-core
10.
!
11.
hostname SW-000195
12.
!
13.
!
14.
vrf definition Mgmt-vrf
15.
 !
16.
 address-family ipv4
17.
 exit-address-family
18.
 !
19.
 address-family ipv6
20.
 exit-address-family
21.
!
22.
logging buffered 40960
23.
no logging console
24.
!
25.
aaa new-model
26.
!
27.
!
28.
aaa authentication login default local group radius
29.
aaa authorization exec default local group radius if-authenticated
30.
aaa accounting system default start-stop group radius
31.
!
32.
!
33.
!
34.
!
35.
!
36.
!
37.
aaa session-id common
38.
boot system switch all flash:cat9k_iosxe.16.10.01.SPA.bin
39.
clock timezone cet 1 0
40.
clock summer-time cest recurring last Sun Mar 2:00 last Sun Oct 3:00
41.
switch 1 provision c9300-24t
42.
!
43.
!
44.
!
45.
!
46.
call-home
47.
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
48.
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
49.
 contact-email-addr sch-smart-licensing@cisco.com
50.
 profile "CiscoTAC-1"
51.
  active
52.
  destination transport-method http
53.
  no destination transport-method email
54.
!
55.
no ip domain lookup
56.
ip domain name domäne.de
57.
!
58.
!
59.
!
60.
login on-success log
61.
!
62.
!
63.
!
64.
!
65.
!
66.
vtp mode transparent
67.
no device-tracking logging theft
68.
!
69.
crypto pki trustpoint TP-self-signed-4237354898
70.
 enrollment selfsigned
71.
 subject-name cn=IOS-Self-Signed-Certificate-4237354898
72.
 revocation-check none
73.
 rsakeypair TP-self-signed-4237354898
74.
!
75.
crypto pki trustpoint SLA-TrustPoint
76.
 enrollment pkcs12
77.
 revocation-check crl
78.
!
79.
!
80.
crypto pki certificate chain TP-self-signed-4237354898
81.
 certificate self-signed 01
82.
  30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
83.
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
84.
  69666963 6174652D 34323337 33353438 3938301E 170D3139 30313331 30383432
85.
  31375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
86.
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32333733
87.
  35343839 38308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
88.
  0A028201 0100B7C2 F4858EB3 C174DF63 BFF48446 5AB8CBE6 3A8B152F 7A9EDE24
89.
  E41B4E3C 1413E282 CC9B4CCE 937F4BAA D31DB12D 912E59DB CAE2B1D1 A6AFE7AC
90.
  B2519747 D200C415 8EE7AF94 B8A94468 0ED24CA6 B6250CE8 3D78001B F9EBB947
91.
  A005D207 E91EA756 461EEF2C C1FADC7F 47741117 C7163274 280B018D AA0A13A8
92.
  9FFF8908 AF11CE56 1751F53B 9ACE2C3E 88B2B9B1 32488BD8 DCBC3BBA F00FF5D8
93.
  957DF562 AFD034E2 27DBD68B 89B089BB A75ED68E 2201CC65 AD1E547A D35E9261
94.
  0BA52203 2388E3FC 27E01EAB A0D3B5B8 BE57BD14 4829F322 2E0403AC D3C43423
95.
  768B521E 746B2673 9A4666F3 8C1F2E64 92A81F3E EDFA084A AE630DD0 D0900CF7
96.
  393AD206 2A5B0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
97.
  301F0603 551D2304 18301680 14E482A0 40A2D64B 2501924A 98B91B87 09C49AAD
98.
  A7301D06 03551D0E 04160414 E482A040 A2D64B25 01924A98 B91B8709 C49AADA7
99.
  300D0609 2A864886 F70D0101 05050003 82010100 6066EBF2 C1C915CF 8941A3EC
100.
  D22DCFCC 09700524 96DC7C53 12217CDF 9A7A4D80 BDE96755 60AF67BB 8C4A4295
101.
  A2C4846C 98E8D9DD 19BAB1A0 ED12C42C D865FF2B B3F296B6 ED43050E CE5AD888
102.
  651038AC C4DC4A5B 89EEE490 9B640DA0 C4FDDA84 F1F43EB4 7A8F4952 37E60846
103.
  5A4E7988 F48B8FEC 06749673 3D2DA8F0 51152DC4 621A545F 4554D0DB 001FCE51
104.
  DE84C770 687E54B9 9E7A4C22 8A4A6FBA 190835DC 959664E0 D2A8F81E 8871AC7F
105.
  35B5CF30 B5CE3560 7821023C 7D3A1468 9663920B 064A0961 C1F317AA 118734DF
106.
  CA2C3656 43EBFBE9 565B4CDF 28DD1E8F 108EA28C E8C18354 71B91E3B AE3C0CE8
107.
  DAF86021 E822C010 F55E9814 89C40FAB EF42E9C4
108.
        quit
109.
crypto pki certificate chain SLA-TrustPoint
110.
 certificate ca 01
111.
  30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
112.
  32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
113.
  6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
114.
  3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
115.
  43697363 63324030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
116.
  526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
117.
  82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
118.
  CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
119.
  1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
120.
  4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
121.
  7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
122.
  68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
123.
  C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
124.
  C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
125.
  DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
126.
  06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
127.
  4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
128.
  03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
129.
  604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
130.
  D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
131.
  467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
132.
  7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
133.
  5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
134.
  80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
135.
  418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
136.
  D697DF7F 28
137.
        quit
138.
!
139.
license boot level network-essentials addon dna-essentials
140.
!
141.
!
142.
diagnostic bootup level minimal
143.
!
144.
spanning-tree mode mst
145.
spanning-tree extend system-id
146.
!
147.
spanning-tree mst configuration
148.
 name firma
149.
 revision 1
150.
 instance 1 vlan 1-4093
151.
!
152.
archive
153.
 path tftp://192.168.0.200/$h/cfg-$t
154.
 write-memory
155.
!
156.
!
157.
username admin privilege 15 secret 9 $9$a4bR.r/9mGdtD.$1L/P/LhjyMFw1g6VjdOfCAF9XTAYUrFShPp7NzPuDPQ
158.
!
159.
redundancy
160.
 mode sso
161.
!
162.
!
163.
!
164.
!
165.
!
166.
vlan 20-200
167.
!
168.
lldp run
169.
!
170.
class-map match-any system-cpp-police-ewlc-control
171.
  description EWLC Control
172.
class-map match-any system-cpp-police-topology-control
173.
  description Topology control
174.
class-map match-any system-cpp-police-sw-forward
175.
  description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
176.
class-map match-any system-cpp-default
177.
  description EWLC Data, Inter FED Traffic
178.
class-map match-any system-cpp-police-sys-data
179.
  description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
180.
class-map match-any system-cpp-police-punt-webauth
181.
  description Punt Webauth
182.
class-map match-any system-cpp-police-l2lvx-control
183.
  description L2 LVX control packets
184.
class-map match-any system-cpp-police-forus
185.
  description Forus Address resolution and Forus traffic
186.
class-map match-any system-cpp-police-multicast-end-station
187.
  description MCAST END STATION
188.
class-map match-any system-cpp-police-high-rate-app
189.
  description High Rate Applications
190.
class-map match-any system-cpp-police-multicast
191.
  description MCAST Data
192.
class-map match-any system-cpp-police-l2-control
193.
  description L2 control
194.
class-map match-any system-cpp-police-dot1x-auth
195.
  description DOT1X Auth
196.
class-map match-any system-cpp-police-data
197.
  description ICMP redirect, ICMP_GEN and BROADCAST
198.
class-map match-any system-cpp-police-stackwise-virt-control
199.
  description Stackwise Virtual OOB
200.
class-map match-any system-cpp-police-control-low-priority
201.
  description General punt
202.
class-map match-any non-client-nrt-class
203.
class-map match-any system-cpp-police-routing-control
204.
  description Routing control and Low Latency
205.
class-map match-any system-cpp-police-protocol-snooping
206.
  description Protocol snooping
207.
class-map match-any system-cpp-police-dhcp-snooping
208.
  description DHCP snooping
209.
class-map match-any system-cpp-police-ios-routing
210.
  description L2 control, Topology control, Routing control, Low Latency
211.
class-map match-any system-cpp-police-system-critical
212.
  description System Critical and Gold Pkt
213.
class-map match-any system-cpp-police-ios-feature
214.
  description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
215.
!
216.
policy-map system-cpp-policy
217.
 class system-cpp-police-control-low-priority
218.
!
219.
!
220.
!
221.
!
222.
!
223.
!
224.
!
225.
!
226.
!
227.
!
228.
interface Port-channel108
229.
 switchport mode trunk
230.
 switchport nonegotiate
231.
 spanning-tree link-type point-to-point
232.
!
233.
interface GigabitEthernet0/0
234.
 vrf forwarding Mgmt-vrf
235.
 ip address 10.20.30.40 255.255.255.0
236.
 speed 1000
237.
 negotiation auto
238.
!
239.
interface GigabitEthernet1/0/1
240.
 switchport access vlan 200
241.
 switchport mode access
242.
 switchport nonegotiate
243.
 spanning-tree portfast
244.
 spanning-tree bpduguard enable
245.
!
246.
interface GigabitEthernet1/0/2
247.
 switchport mode access
248.
 switchport nonegotiate
249.
 spanning-tree portfast
250.
 spanning-tree bpduguard enable
251.
!
252.
interface GigabitEthernet1/0/3
253.
 switchport mode access
254.
 switchport nonegotiate
255.
 spanning-tree portfast
256.
 spanning-tree bpduguard enable
257.
!
258.
interface GigabitEthernet1/0/4
259.
 switchport mode access
260.
 switchport nonegotiate
261.
 spanning-tree portfast
262.
 spanning-tree bpduguard enable
263.
!
264.
interface GigabitEthernet1/0/5
265.
 switchport mode access
266.
 switchport nonegotiate
267.
 spanning-tree portfast
268.
 spanning-tree bpduguard enable
269.
!
270.
interface GigabitEthernet1/0/6
271.
 switchport mode access
272.
 switchport nonegotiate
273.
 spanning-tree portfast
274.
 spanning-tree bpduguard enable
275.
!
276.
interface GigabitEthernet1/0/7
277.
 switchport mode access
278.
 switchport nonegotiate
279.
 spanning-tree portfast
280.
 spanning-tree bpduguard enable
281.
!
282.
interface GigabitEthernet1/0/8
283.
 switchport mode access
284.
 switchport nonegotiate
285.
 spanning-tree portfast
286.
 spanning-tree bpduguard enable
287.
!
288.
interface GigabitEthernet1/0/9
289.
 switchport mode access
290.
 switchport nonegotiate
291.
 spanning-tree portfast
292.
 spanning-tree bpduguard enable
293.
!
294.
interface GigabitEthernet1/0/10
295.
 switchport mode access
296.
 switchport nonegotiate
297.
 spanning-tree portfast
298.
 spanning-tree bpduguard enable
299.
!
300.
interface GigabitEthernet1/0/11
301.
 switchport mode access
302.
 switchport nonegotiate
303.
 spanning-tree portfast
304.
 spanning-tree bpduguard enable
305.
!
306.
interface GigabitEthernet1/0/12
307.
 switchport mode access
308.
 switchport nonegotiate
309.
 spanning-tree portfast
310.
 spanning-tree bpduguard enable
311.
!
312.
interface GigabitEthernet1/0/13
313.
 switchport mode access
314.
 switchport nonegotiate
315.
 spanning-tree portfast
316.
 spanning-tree bpduguard enable
317.
!
318.
interface GigabitEthernet1/0/14
319.
 switchport mode access
320.
 switchport nonegotiate
321.
 spanning-tree portfast
322.
 spanning-tree bpduguard enable
323.
!
324.
interface GigabitEthernet1/0/15
325.
 switchport mode access
326.
 switchport nonegotiate
327.
 spanning-tree portfast
328.
 spanning-tree bpduguard enable
329.
!
330.
interface GigabitEthernet1/0/16
331.
 switchport mode access
332.
 switchport nonegotiate
333.
 spanning-tree portfast
334.
 spanning-tree bpduguard enable
335.
!
336.
interface GigabitEthernet1/0/17
337.
 switchport mode access
338.
 switchport nonegotiate
339.
 spanning-tree portfast
340.
 spanning-tree bpduguard enable
341.
!
342.
interface GigabitEthernet1/0/18
343.
 switchport mode access
344.
 switchport nonegotiate
345.
 spanning-tree portfast
346.
 spanning-tree bpduguard enable
347.
!
348.
interface GigabitEthernet1/0/19
349.
 switchport mode access
350.
 switchport nonegotiate
351.
 spanning-tree portfast
352.
 spanning-tree bpduguard enable
353.
!
354.
interface GigabitEthernet1/0/20
355.
 switchport mode access
356.
 switchport nonegotiate
357.
 spanning-tree portfast
358.
 spanning-tree bpduguard enable
359.
!
360.
interface GigabitEthernet1/0/21
361.
 switchport mode access
362.
 switchport nonegotiate
363.
 spanning-tree portfast
364.
 spanning-tree bpduguard enable
365.
!
366.
interface GigabitEthernet1/0/22
367.
 switchport mode access
368.
 switchport nonegotiate
369.
 spanning-tree portfast
370.
 spanning-tree bpduguard enable
371.
!
372.
interface GigabitEthernet1/0/23
373.
 switchport mode access
374.
 switchport nonegotiate
375.
 spanning-tree portfast
376.
 spanning-tree bpduguard enable
377.
!
378.
interface GigabitEthernet1/0/24
379.
 switchport mode access
380.
 switchport nonegotiate
381.
 spanning-tree portfast
382.
 spanning-tree bpduguard enable
383.
!
384.
interface GigabitEthernet1/1/1
385.
!
386.
interface GigabitEthernet1/1/2
387.
!
388.
interface GigabitEthernet1/1/3
389.
!
390.
interface GigabitEthernet1/1/4
391.
!
392.
interface TenGigabitEthernet1/1/1
393.
!
394.
interface TenGigabitEthernet1/1/2
395.
!
396.
interface TenGigabitEthernet1/1/3
397.
!
398.
interface TenGigabitEthernet1/1/4
399.
!
400.
interface TenGigabitEthernet1/1/5
401.
!
402.
interface TenGigabitEthernet1/1/6
403.
!
404.
interface TenGigabitEthernet1/1/7
405.
 switchport mode trunk
406.
 switchport nonegotiate
407.
 channel-group 108 mode active
408.
!
409.
interface TenGigabitEthernet1/1/8
410.
 switchport mode trunk
411.
 switchport nonegotiate
412.
 channel-group 108 mode active
413.
!
414.
interface FortyGigabitEthernet1/1/1
415.
!
416.
interface FortyGigabitEthernet1/1/2
417.
!
418.
interface TwentyFiveGigE1/1/1
419.
!
420.
interface TwentyFiveGigE1/1/2
421.
!
422.
interface Vlan1
423.
 no ip address
424.
 shutdown
425.
!
426.
interface Vlan200
427.
 ip address 192.168.200.244 255.255.255.0
428.
!
429.
ip forward-protocol nd
430.
no ip http server
431.
ip http authentication aaa
432.
ip http secure-server
433.
ip ssh version 2
434.
!
435.
!
436.
kron occurrence SDB at 20:00 Sun recurring
437.
 policy-list SDB
438.
!
439.
kron policy-list SDB
440.
 cli write memory
441.
!
442.
!
443.
snmp-server community public RO
444.
snmp-server location Serverraum
445.
snmp-server contact Administratoren
446.
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
447.
snmp-server enable traps flowmon
448.
snmp-server enable traps entity-perf throughput-notif
449.
snmp-server enable traps call-home message-send-fail server-fail
450.
snmp-server enable traps tty
451.
snmp-server enable traps eigrp
452.
snmp-server enable traps ospf state-change
453.
snmp-server enable traps ospf errors
454.
snmp-server enable traps ospf retransmit
455.
snmp-server enable traps ospf lsa
456.
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
457.
snmp-server enable traps ospf cisco-specific state-change shamlink interface
458.
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
459.
snmp-server enable traps ospf cisco-specific errors
460.
snmp-server enable traps ospf cisco-specific retransmit
461.
snmp-server enable traps ospf cisco-specific lsa
462.
snmp-server enable traps rep
463.
snmp-server enable traps vtp
464.
snmp-server enable traps vlancreate
465.
snmp-server enable traps vlandelete
466.
snmp-server enable traps port-security
467.
snmp-server enable traps license
468.
snmp-server enable traps smart-license
469.
snmp-server enable traps cpu threshold
470.
snmp-server enable traps memory bufferpeak
471.
snmp-server enable traps stackwise
472.
snmp-server enable traps udld link-fail-rpt
473.
snmp-server enable traps udld status-change
474.
snmp-server enable traps fru-ctrl
475.
snmp-server enable traps flash insertion removal lowspace
476.
snmp-server enable traps energywise
477.
snmp-server enable traps power-ethernet police
478.
snmp-server enable traps entity
479.
snmp-server enable traps pw vc
480.
snmp-server enable traps envmon
481.
snmp-server enable traps ipsla
482.
snmp-server enable traps bfd
483.
snmp-server enable traps config-copy
484.
snmp-server enable traps config
485.
snmp-server enable traps config-ctid
486.
snmp-server enable traps event-manager
487.
snmp-server enable traps bridge newroot topologychange
488.
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
489.
snmp-server enable traps syslog
490.
snmp-server enable traps dhcp
491.
snmp-server enable traps auth-framework sec-violation
492.
snmp-server enable traps ipmulticast
493.
snmp-server enable traps msdp
494.
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
495.
snmp-server enable traps pimstdmib neighbor-loss invalid-register invalid-join-prune rp-mapping-change interface-election
496.
snmp-server enable traps ospfv3 state-change
497.
snmp-server enable traps ospfv3 errors
498.
snmp-server enable traps ike policy add
499.
snmp-server enable traps ike policy delete
500.
snmp-server enable traps ike tunnel start
501.
snmp-server enable traps ike tunnel stop
502.
snmp-server enable traps ipsec cryptomap add
503.
snmp-server enable traps ipsec cryptomap delete
504.
snmp-server enable traps ipsec cryptomap attach
505.
snmp-server enable traps ipsec cryptomap detach
506.
snmp-server enable traps ipsec tunnel start
507.
snmp-server enable traps ipsec tunnel stop
508.
snmp-server enable traps ipsec too-many-sas
509.
snmp-server enable traps vlan-membership
510.
snmp-server enable traps errdisable
511.
snmp-server enable traps rf
512.
snmp-server enable traps transceiver all
513.
snmp-server enable traps bulkstat collection transfer
514.
snmp-server enable traps mac-notification change move threshold
515.
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
516.
snmp-server host 192.168.0.250 public
517.
!
518.
!
519.
radius server radius3
520.
 address ipv4 192.168.0.80 auth-port 1812 acct-port 1813
521.
 key string
522.
!
523.
radius server radius4
524.
 address ipv4 192.168.0.81 auth-port 1812 acct-port 1813
525.
 key string
526.
!
527.
!
528.
control-plane
529.
 service-policy input system-cpp-policy
530.
!
531.
!
532.
line con 0
533.
 logging synchronous
534.
 stopbits 1
535.
line vty 0 4
536.
 logging synchronous
537.
 transport input ssh
538.
line vty 5 15
539.
 logging synchronous
540.
 transport input ssh
541.
!
542.
ntp server 192.168.0.110
543.
!
544.
mac address-table notification mac-move
545.
!
546.
!
547.
!
548.
!
549.
!
550.
end

Hier ist die Config vom Switch auf den der Zugriff per nicht HTTPS funktioniert:

01.
Current configuration : 27608 bytes
02.
!
03.
! Last configuration change at 11:59:06 cet Fri Feb 8 2019 by admin
04.
!
05.
version 16.10
06.
no service pad
07.
service timestamps debug datetime msec localtime show-timezone
08.
service timestamps log datetime msec localtime show-timezone
09.
service call-home
10.
no platform punt-keepalive disable-kernel-core
11.
!
12.
hostname SW-000189
13.
!
14.
!
15.
vrf definition Mgmt-vrf
16.
 !
17.
 address-family ipv4
18.
 exit-address-family
19.
 !
20.
 address-family ipv6
21.
 exit-address-family
22.
!
23.
no logging console
24.
enable secret 9 $9$Vp8VpCCqO22m0E$5Hr/sesToS/KqDsOq8l862Gc7uQE3SsdYHPxcRAu3gls
25.
!
26.
aaa new-model
27.
!
28.
!
29.
aaa authentication login default local group radius
30.
aaa authorization exec default local group radius if-authenticated
31.
aaa accounting system default start-stop group radius
32.
!
33.
!
34.
!
35.
!
36.
!
37.
!
38.
aaa session-id common
39.
boot system switch all flash:cat9k_iosxe.16.10.01.SPA.bin
40.
clock timezone cet 1 0
41.
clock summer-time cest recurring last Sun Mar 2:00 last Sun Oct 3:00
42.
switch 1 provision c9300-48t
43.
switch 2 provision c9300-48t
44.
!
45.
stack-power stack Powerstack-1
46.
!
47.
stack-power switch 1
48.
 stack Powerstack-1
49.
stack-power switch 2
50.
 stack Powerstack-1
51.
!
52.
!
53.
!
54.
!
55.
!
56.
call-home
57.
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
58.
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
59.
 contact-email-addr sch-smart-licensing@cisco.com
60.
 profile "CiscoTAC-1"
61.
  active
62.
  destination transport-method http
63.
  no destination transport-method email
64.
!
65.
no ip domain lookup
66.
ip domain name domäne.de
67.
!
68.
!
69.
!
70.
login on-success log
71.
!
72.
!
73.
!
74.
!
75.
!
76.
vtp mode transparent
77.
no device-tracking logging theft
78.
!
79.
crypto pki trustpoint SLA-TrustPoint
80.
 enrollment pkcs12
81.
 revocation-check crl
82.
!
83.
crypto pki trustpoint TP-self-signed-199934604
84.
 enrollment selfsigned
85.
 subject-name cn=IOS-Self-Signed-Certificate-199934604
86.
 revocation-check none
87.
 rsakeypair TP-self-signed-199934604
88.
!
89.
!
90.
crypto pki certificate chain SLA-TrustPoint
91.
 certificate ca 01
92.
  30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
93.
  32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
94.
  6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
95.
  3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
96.
  43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
97.
  526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
98.
  82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
99.
  CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
100.
  1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
101.
  4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
102.
  7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
103.
  68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
104.
  C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
105.
  C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
106.
  DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
107.
  06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
108.
  4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
109.
  03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
110.
  604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
111.
  D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA58746 CD98B646 5575B146 8DFC66A8
112.
  467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
113.
  7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
114.
  5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C3798564 39F08678
115.
  80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
116.
  418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
117.
  D697DF7F 28
118.
        quit
119.
crypto pki certificate chain TP-self-signed-199934604
120.
 certificate self-signed 01
121.
  3082032E 30820216 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
122.
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
123.
  69666963 6174652D 31393939 33343630 34301E17 0D313930 31323931 30323231
124.
  375A170D 33303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
125.
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3139 39393334
126.
  36303430 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02
127.
  82010100 D8D61B49 DEEE62F1 1BA10CF2 D0AE4B10 D708DBE8 CAC520CA 5F43DCDA
128.
  4165FA79 26D366A9 D97526D0 0F1C35E6 3ADA6D63 BED5B813 585BAB00 286628C5
129.
  5D0E8C49 461E814B 6473312D 490272A1 1E6E9386 15E5BD3B 627BEA31 637FFA1A
130.
  F0A977CD 0D10BA7B 0F65C3A1 2CD71178 8AE17D07 C2094A22 011F11ED 76FA8573
131.
  F095CEF6 470BE430 1AFCAEE9 715BA159 031A5D55 82B322EF F37C3274 32D346F6
132.
  FD42DDFB E15B5344 39D1DF09 DA1C770C EB5E8BA9 B7C4D25C BC423506 998C3147
133.
  EFB9C3A1 41D4B177 3C2F8121 863BAF3F C766FEF5 B906D5F7 EAC1D4A7 6666C025
134.
  C4AEB6D0 91E99BF1 A4DF5E04 7F183979 D012E261 E2F64BAB CFA479C3 B139ACD8
135.
  B7C3F519 02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F
136.
  0603551D 23041830 16801445 D18BCEC8 56CA7AFD 8D0560E8 036B74C7 33797E30
137.
  1D060355 1D0E0416 041445D1 8BCEC856 CA7AFD8D 0560E803 6B74C733 797E300D
138.
  06092A86 4886F70D 01010505 00038201 01005A8A DD90C31F 84979E38 2A9B7176
139.
  C3076E65 948CDDD3 D11AB9E3 25852F95 5F864A31 153B01A7 59882733 4B30E25C
140.
  233F69F3 38A74E36 BDDCC420 D1FD91C2 8BE9E4F8 C5A30335 80025923 C5DDAE00
141.
  835B2291 8CAE011B D1AC54D1 1D40DB60 D701C9D7 E2B92E65 0595E8A4 67286AE7
142.
  3EE651F4 A61E598B CAEE93F3 21403414 35C3E06E CACC224A B4DA8F42 EC329976
143.
  1B313992 F92E04E6 C2D2177F 2FA95E6F 8F8F87F5 B3C3392B E6C14D68 21434CF6
144.
  75CFBD4D 213C7EDF E4F50CAB DA6BC8B4 B90FB02E 97805B64 A1388517 9F14C976
145.
  76053388 031AF9CD 5B36CB8E A380CB85 D860793F AC8053E7 033BB7A6 83D9F9F6
146.
  9E3E83FB 3B489A7B 0DE9AA1A BD6D6279 A3F5
147.
        quit
148.
!
149.
license boot level network-essentials addon dna-essentials
150.
!
151.
!
152.
diagnostic bootup level minimal
153.
!
154.
spanning-tree mode mst
155.
spanning-tree extend system-id
156.
!
157.
spanning-tree mst configuration
158.
 name SBD
159.
 revision 1
160.
 instance 1 vlan 1-4093
161.
!
162.
archive
163.
 path tftp://192.168.0.160/$h/cfg-$t
164.
 write-memory
165.
!
166.
!
167.
username user privilege 5 secret 9 $9$0XhLfXiaSeCOhk$lcvmc3QycMgi4MmZGQViyMb99KDOfPGRTIkte7H0XEg
168.
username admin privilege 15 secret 9 $9$IhhEeHlXmIqXvU$pk9h3V6Hm.Sl.5oB8GOC5R7CUsKvFwTgojIHIfMzuhc
169.
!
170.
redundancy
171.
 mode sso
172.
!
173.
!
174.
!
175.
!
176.
!
177.
vlan 20-189
178.
!
179.
vlan 190
180.
 name SBD-MGMT
181.
!
182.
vlan 190-200
183.
!
184.
lldp run
185.
!
186.
class-map match-any system-cpp-police-ewlc-control
187.
  description EWLC Control
188.
class-map match-any system-cpp-police-topology-control
189.
  description Topology control
190.
class-map match-any system-cpp-police-sw-forward
191.
  description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic
192.
class-map match-any system-cpp-default
193.
  description EWLC Data, Inter FED Traffic
194.
class-map match-any system-cpp-police-sys-data
195.
  description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed
196.
class-map match-any system-cpp-police-punt-webauth
197.
  description Punt Webauth
198.
class-map match-any system-cpp-police-l2lvx-control
199.
  description L2 LVX control packets
200.
class-map match-any system-cpp-police-forus
201.
  description Forus Address resolution and Forus traffic
202.
class-map match-any system-cpp-police-multicast-end-station
203.
  description MCAST END STATION
204.
class-map match-any system-cpp-police-high-rate-app
205.
  description High Rate Applications
206.
class-map match-any system-cpp-police-multicast
207.
  description MCAST Data
208.
class-map match-any system-cpp-police-l2-control
209.
  description L2 control
210.
class-map match-any system-cpp-police-dot1x-auth
211.
  description DOT1X Auth
212.
class-map match-any system-cpp-police-data
213.
  description ICMP redirect, ICMP_GEN and BROADCAST
214.
class-map match-any system-cpp-police-stackwise-virt-control
215.
  description Stackwise Virtual OOB
216.
class-map match-any non-client-nrt-class
217.
class-map match-any system-cpp-police-routing-control
218.
  description Routing control and Low Latency
219.
class-map match-any system-cpp-police-protocol-snooping
220.
  description Protocol snooping
221.
class-map match-any system-cpp-police-dhcp-snooping
222.
  description DHCP snooping
223.
class-map match-any system-cpp-police-ios-routing
224.
  description L2 control, Topology control, Routing control, Low Latency
225.
class-map match-any system-cpp-police-system-critical
226.
  description System Critical and Gold Pkt
227.
class-map match-any system-cpp-police-ios-feature
228.
  description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed
229.
!
230.
policy-map system-cpp-policy
231.
!
232.
!
233.
!
234.
!
235.
!
236.
!
237.
!
238.
!
239.
!
240.
!
241.
interface Port-channel108
242.
 switchport mode trunk
243.
 switchport nonegotiate
244.
 spanning-tree link-type point-to-point
245.
!
246.
interface GigabitEthernet0/0
247.
 vrf forwarding Mgmt-vrf
248.
 no ip address
249.
 speed 1000
250.
 negotiation auto
251.
!
252.
interface GigabitEthernet1/0/1
253.
 switchport access vlan 200
254.
 switchport mode access
255.
 switchport nonegotiate
256.
 spanning-tree portfast
257.
 spanning-tree bpduguard enable
258.
!
259.
interface GigabitEthernet1/0/2
260.
 switchport mode access
261.
 switchport nonegotiate
262.
 spanning-tree portfast
263.
 spanning-tree bpduguard enable
264.
!
265.
interface GigabitEthernet1/0/3
266.
 switchport mode access
267.
 switchport nonegotiate
268.
 spanning-tree portfast
269.
 spanning-tree bpduguard enable
270.
!
271.
interface GigabitEthernet1/0/4
272.
 switchport mode access
273.
 switchport nonegotiate
274.
 spanning-tree portfast
275.
 spanning-tree bpduguard enable
276.
!
277.
interface GigabitEthernet1/0/5
278.
 switchport mode access
279.
 switchport nonegotiate
280.
 spanning-tree portfast
281.
 spanning-tree bpduguard enable
282.
!
283.
interface GigabitEthernet1/0/6
284.
 switchport mode access
285.
 switchport nonegotiate
286.
 spanning-tree portfast
287.
 spanning-tree bpduguard enable
288.
!
289.
interface GigabitEthernet1/0/7
290.
 switchport mode access
291.
 switchport nonegotiate
292.
 spanning-tree portfast
293.
 spanning-tree bpduguard enable
294.
!
295.
interface GigabitEthernet1/0/8
296.
 switchport mode access
297.
 switchport nonegotiate
298.
 spanning-tree portfast
299.
 spanning-tree bpduguard enable
300.
!
301.
interface GigabitEthernet1/0/9
302.
 switchport mode access
303.
 switchport nonegotiate
304.
 spanning-tree portfast
305.
 spanning-tree bpduguard enable
306.
!
307.
interface GigabitEthernet1/0/10
308.
 switchport mode access
309.
 switchport nonegotiate
310.
 spanning-tree portfast
311.
 spanning-tree bpduguard enable
312.
!
313.
interface GigabitEthernet1/0/11
314.
 switchport mode access
315.
 switchport nonegotiate
316.
 spanning-tree portfast
317.
 spanning-tree bpduguard enable
318.
!
319.
interface GigabitEthernet1/0/12
320.
 switchport mode access
321.
 switchport nonegotiate
322.
 spanning-tree portfast
323.
 spanning-tree bpduguard enable
324.
!
325.
interface GigabitEthernet1/0/13
326.
 switchport mode access
327.
 switchport nonegotiate
328.
 spanning-tree portfast
329.
 spanning-tree bpduguard enable
330.
!
331.
interface GigabitEthernet1/0/14
332.
 switchport mode access
333.
 switchport nonegotiate
334.
 spanning-tree portfast
335.
 spanning-tree bpduguard enable
336.
!
337.
interface GigabitEthernet1/0/15
338.
 switchport mode access
339.
 switchport nonegotiate
340.
 spanning-tree portfast
341.
 spanning-tree bpduguard enable
342.
!
343.
interface GigabitEthernet1/0/16
344.
 switchport mode access
345.
 switchport nonegotiate
346.
 spanning-tree portfast
347.
 spanning-tree bpduguard enable
348.
!
349.
interface GigabitEthernet1/0/17
350.
 switchport mode access
351.
 switchport nonegotiate
352.
 spanning-tree portfast
353.
 spanning-tree bpduguard enable
354.
!
355.
interface GigabitEthernet1/0/18
356.
 switchport mode access
357.
 switchport nonegotiate
358.
 spanning-tree portfast
359.
 spanning-tree bpduguard enable
360.
!
361.
interface GigabitEthernet1/0/19
362.
 switchport mode access
363.
 switchport nonegotiate
364.
 spanning-tree portfast
365.
 spanning-tree bpduguard enable
366.
!
367.
interface GigabitEthernet1/0/20
368.
 switchport mode access
369.
 switchport nonegotiate
370.
 spanning-tree portfast
371.
 spanning-tree bpduguard enable
372.
!
373.
interface GigabitEthernet1/0/21
374.
 switchport mode access
375.
 switchport nonegotiate
376.
 spanning-tree portfast
377.
 spanning-tree bpduguard enable
378.
!
379.
interface GigabitEthernet1/0/22
380.
 switchport mode access
381.
 switchport nonegotiate
382.
 spanning-tree portfast
383.
 spanning-tree bpduguard enable
384.
!
385.
interface GigabitEthernet1/0/23
386.
 switchport mode access
387.
 switchport nonegotiate
388.
 spanning-tree portfast
389.
 spanning-tree bpduguard enable
390.
!
391.
interface GigabitEthernet1/0/24
392.
 switchport mode access
393.
 switchport nonegotiate
394.
 spanning-tree portfast
395.
 spanning-tree bpduguard enable
396.
!
397.
interface GigabitEthernet1/0/25
398.
 switchport mode access
399.
 switchport nonegotiate
400.
 spanning-tree portfast
401.
 spanning-tree bpduguard enable
402.
!
403.
interface GigabitEthernet1/0/26
404.
 switchport mode access
405.
 switchport nonegotiate
406.
 spanning-tree portfast
407.
 spanning-tree bpduguard enable
408.
!
409.
interface GigabitEthernet1/0/27
410.
 switchport mode access
411.
 switchport nonegotiate
412.
 spanning-tree portfast
413.
 spanning-tree bpduguard enable
414.
!
415.
interface GigabitEthernet1/0/28
416.
 switchport mode access
417.
 switchport nonegotiate
418.
 spanning-tree portfast
419.
 spanning-tree bpduguard enable
420.
!
421.
interface GigabitEthernet1/0/29
422.
 switchport mode access
423.
 switchport nonegotiate
424.
 spanning-tree portfast
425.
 spanning-tree bpduguard enable
426.
!
427.
interface GigabitEthernet1/0/30
428.
 switchport mode access
429.
 switchport nonegotiate
430.
 spanning-tree portfast
431.
 spanning-tree bpduguard enable
432.
!
433.
interface GigabitEthernet1/0/31
434.
 switchport mode access
435.
 switchport nonegotiate
436.
 spanning-tree portfast
437.
 spanning-tree bpduguard enable
438.
!
439.
interface GigabitEthernet1/0/32
440.
 switchport mode access
441.
 switchport nonegotiate
442.
 spanning-tree portfast
443.
 spanning-tree bpduguard enable
444.
!
445.
interface GigabitEthernet1/0/33
446.
 switchport mode access
447.
 switchport nonegotiate
448.
 spanning-tree portfast
449.
 spanning-tree bpduguard enable
450.
!
451.
interface GigabitEthernet1/0/34
452.
 switchport mode access
453.
 switchport nonegotiate
454.
 spanning-tree portfast
455.
 spanning-tree bpduguard enable
456.
!
457.
interface GigabitEthernet1/0/35
458.
 switchport mode access
459.
 switchport nonegotiate
460.
 spanning-tree portfast
461.
 spanning-tree bpduguard enable
462.
!
463.
interface GigabitEthernet1/0/36
464.
 switchport mode access
465.
 switchport nonegotiate
466.
 spanning-tree portfast
467.
 spanning-tree bpduguard enable
468.
!
469.
interface GigabitEthernet1/0/37
470.
 switchport mode access
471.
 switchport nonegotiate
472.
 spanning-tree portfast
473.
 spanning-tree bpduguard enable
474.
!
475.
interface GigabitEthernet1/0/38
476.
 switchport mode access
477.
 switchport nonegotiate
478.
 spanning-tree portfast
479.
 spanning-tree bpduguard enable
480.
!
481.
interface GigabitEthernet1/0/39
482.
 switchport mode access
483.
 switchport nonegotiate
484.
 spanning-tree portfast
485.
 spanning-tree bpduguard enable
486.
!
487.
interface GigabitEthernet1/0/40
488.
 switchport mode access
489.
 switchport nonegotiate
490.
 spanning-tree portfast
491.
 spanning-tree bpduguard enable
492.
!
493.
interface GigabitEthernet1/0/41
494.
 switchport mode access
495.
 switchport nonegotiate
496.
 spanning-tree portfast
497.
 spanning-tree bpduguard enable
498.
!
499.
interface GigabitEthernet1/0/42
500.
 switchport mode access
501.
 switchport nonegotiate
502.
 spanning-tree portfast
503.
 spanning-tree bpduguard enable
504.
!
505.
interface GigabitEthernet1/0/43
506.
 switchport mode access
507.
 switchport nonegotiate
508.
 spanning-tree portfast
509.
 spanning-tree bpduguard enable
510.
!
511.
interface GigabitEthernet1/0/44
512.
 switchport mode access
513.
 switchport nonegotiate
514.
 spanning-tree portfast
515.
 spanning-tree bpduguard enable
516.
!
517.
interface GigabitEthernet1/0/45
518.
 switchport mode access
519.
 switchport nonegotiate
520.
 spanning-tree portfast
521.
 spanning-tree bpduguard enable
522.
!
523.
interface GigabitEthernet1/0/46
524.
 switchport mode access
525.
 switchport nonegotiate
526.
 spanning-tree portfast
527.
 spanning-tree bpduguard enable
528.
!
529.
interface GigabitEthernet1/0/47
530.
 switchport mode access
531.
 switchport nonegotiate
532.
 spanning-tree portfast
533.
 spanning-tree bpduguard enable
534.
!
535.
interface GigabitEthernet1/0/48
536.
 switchport mode access
537.
 switchport nonegotiate
538.
 spanning-tree portfast
539.
 spanning-tree bpduguard enable
540.
!
541.
interface GigabitEthernet1/1/1
542.
!
543.
interface GigabitEthernet1/1/2
544.
!
545.
interface GigabitEthernet1/1/3
546.
!
547.
interface GigabitEthernet1/1/4
548.
!
549.
interface TenGigabitEthernet1/1/1
550.
!
551.
interface TenGigabitEthernet1/1/2
552.
!
553.
interface TenGigabitEthernet1/1/3
554.
!
555.
interface TenGigabitEthernet1/1/4
556.
!
557.
interface TenGigabitEthernet1/1/5
558.
!
559.
interface TenGigabitEthernet1/1/6
560.
!
561.
interface TenGigabitEthernet1/1/7
562.
!
563.
interface TenGigabitEthernet1/1/8
564.
 switchport mode trunk
565.
 switchport nonegotiate
566.
 channel-group 108 mode active
567.
!
568.
interface FortyGigabitEthernet1/1/1
569.
!
570.
interface FortyGigabitEthernet1/1/2
571.
!
572.
interface TwentyFiveGigE1/1/1
573.
!
574.
interface TwentyFiveGigE1/1/2
575.
!
576.
interface GigabitEthernet2/0/1
577.
 switchport mode access
578.
 switchport nonegotiate
579.
 spanning-tree portfast
580.
 spanning-tree bpduguard enable
581.
!
582.
interface GigabitEthernet2/0/2
583.
 switchport mode access
584.
 switchport nonegotiate
585.
 spanning-tree portfast
586.
 spanning-tree bpduguard enable
587.
!
588.
interface GigabitEthernet2/0/3
589.
 switchport mode access
590.
 switchport nonegotiate
591.
 spanning-tree portfast
592.
 spanning-tree bpduguard enable
593.
!
594.
interface GigabitEthernet2/0/4
595.
 switchport mode access
596.
 switchport nonegotiate
597.
 spanning-tree portfast
598.
 spanning-tree bpduguard enable
599.
!
600.
interface GigabitEthernet2/0/5
601.
 switchport mode access
602.
 switchport nonegotiate
603.
 spanning-tree portfast
604.
 spanning-tree bpduguard enable
605.
!
606.
interface GigabitEthernet2/0/6
607.
 switchport mode access
608.
 switchport nonegotiate
609.
 spanning-tree portfast
610.
 spanning-tree bpduguard enable
611.
!
612.
interface GigabitEthernet2/0/7
613.
 switchport mode access
614.
 switchport nonegotiate
615.
 spanning-tree portfast
616.
 spanning-tree bpduguard enable
617.
!
618.
interface GigabitEthernet2/0/8
619.
 switchport mode access
620.
 switchport nonegotiate
621.
 spanning-tree portfast
622.
 spanning-tree bpduguard enable
623.
!
624.
interface GigabitEthernet2/0/9
625.
 switchport mode access
626.
 switchport nonegotiate
627.
 spanning-tree portfast
628.
 spanning-tree bpduguard enable
629.
!
630.
interface GigabitEthernet2/0/10
631.
 switchport mode access
632.
 switchport nonegotiate
633.
 spanning-tree portfast
634.
 spanning-tree bpduguard enable
635.
!
636.
interface GigabitEthernet2/0/11
637.
 switchport mode access
638.
 switchport nonegotiate
639.
 spanning-tree portfast
640.
 spanning-tree bpduguard enable
641.
!
642.
interface GigabitEthernet2/0/12
643.
 switchport mode access
644.
 switchport nonegotiate
645.
 spanning-tree portfast
646.
 spanning-tree bpduguard enable
647.
!
648.
interface GigabitEthernet2/0/13
649.
 switchport mode access
650.
 switchport nonegotiate
651.
 spanning-tree portfast
652.
 spanning-tree bpduguard enable
653.
!
654.
interface GigabitEthernet2/0/14
655.
 switchport mode access
656.
 switchport nonegotiate
657.
 spanning-tree portfast
658.
 spanning-tree bpduguard enable
659.
!
660.
interface GigabitEthernet2/0/15
661.
 switchport mode access
662.
 switchport nonegotiate
663.
 spanning-tree portfast
664.
 spanning-tree bpduguard enable
665.
!
666.
interface GigabitEthernet2/0/16
667.
 switchport mode access
668.
 switchport nonegotiate
669.
 spanning-tree portfast
670.
 spanning-tree bpduguard enable
671.
!
672.
interface GigabitEthernet2/0/17
673.
 switchport mode access
674.
 switchport nonegotiate
675.
 spanning-tree portfast
676.
 spanning-tree bpduguard enable
677.
!
678.
interface GigabitEthernet2/0/18
679.
 switchport mode access
680.
 switchport nonegotiate
681.
 spanning-tree portfast
682.
 spanning-tree bpduguard enable
683.
!
684.
interface GigabitEthernet2/0/19
685.
 switchport mode access
686.
 switchport nonegotiate
687.
 spanning-tree portfast
688.
 spanning-tree bpduguard enable
689.
!
690.
interface GigabitEthernet2/0/20
691.
 switchport mode access
692.
 switchport nonegotiate
693.
 spanning-tree portfast
694.
 spanning-tree bpduguard enable
695.
!
696.
interface GigabitEthernet2/0/21
697.
 switchport mode access
698.
 switchport nonegotiate
699.
 spanning-tree portfast
700.
 spanning-tree bpduguard enable
701.
!
702.
interface GigabitEthernet2/0/22
703.
 switchport mode access
704.
 switchport nonegotiate
705.
 spanning-tree portfast
706.
 spanning-tree bpduguard enable
707.
!
708.
interface GigabitEthernet2/0/23
709.
 switchport mode access
710.
 switchport nonegotiate
711.
 spanning-tree portfast
712.
 spanning-tree bpduguard enable
713.
!
714.
interface GigabitEthernet2/0/24
715.
 switchport mode access
716.
 switchport nonegotiate
717.
 spanning-tree portfast
718.
 spanning-tree bpduguard enable
719.
!
720.
interface GigabitEthernet2/0/25
721.
 switchport mode access
722.
 switchport nonegotiate
723.
 spanning-tree portfast
724.
 spanning-tree bpduguard enable
725.
!
726.
interface GigabitEthernet2/0/26
727.
 switchport mode access
728.
 switchport nonegotiate
729.
 spanning-tree portfast
730.
 spanning-tree bpduguard enable
731.
!
732.
interface GigabitEthernet2/0/27
733.
 switchport mode access
734.
 switchport nonegotiate
735.
 spanning-tree portfast
736.
 spanning-tree bpduguard enable
737.
!
738.
interface GigabitEthernet2/0/28
739.
 switchport mode access
740.
 switchport nonegotiate
741.
 spanning-tree portfast
742.
 spanning-tree bpduguard enable
743.
!
744.
interface GigabitEthernet2/0/29
745.
 switchport mode access
746.
 switchport nonegotiate
747.
 spanning-tree portfast
748.
 spanning-tree bpduguard enable
749.
!
750.
interface GigabitEthernet2/0/30
751.
 switchport mode access
752.
 switchport nonegotiate
753.
 spanning-tree portfast
754.
 spanning-tree bpduguard enable
755.
!
756.
interface GigabitEthernet2/0/31
757.
 switchport mode access
758.
 switchport nonegotiate
759.
 spanning-tree portfast
760.
 spanning-tree bpduguard enable
761.
!
762.
interface GigabitEthernet2/0/32
763.
 switchport mode access
764.
 switchport nonegotiate
765.
 spanning-tree portfast
766.
 spanning-tree bpduguard enable
767.
!
768.
interface GigabitEthernet2/0/33
769.
 switchport mode access
770.
 switchport nonegotiate
771.
 spanning-tree portfast
772.
 spanning-tree bpduguard enable
773.
!
774.
interface GigabitEthernet2/0/34
775.
 switchport mode access
776.
 switchport nonegotiate
777.
 spanning-tree portfast
778.
 spanning-tree bpduguard enable
779.
!
780.
interface GigabitEthernet2/0/35
781.
 switchport mode access
782.
 switchport nonegotiate
783.
 spanning-tree portfast
784.
 spanning-tree bpduguard enable
785.
!
786.
interface GigabitEthernet2/0/36
787.
 switchport mode access
788.
 switchport nonegotiate
789.
 spanning-tree portfast
790.
 spanning-tree bpduguard enable
791.
!
792.
interface GigabitEthernet2/0/37
793.
 switchport mode access
794.
 switchport nonegotiate
795.
 spanning-tree portfast
796.
 spanning-tree bpduguard enable
797.
!
798.
interface GigabitEthernet2/0/38
799.
 switchport mode access
800.
 switchport nonegotiate
801.
 spanning-tree portfast
802.
 spanning-tree bpduguard enable
803.
!
804.
interface GigabitEthernet2/0/39
805.
 switchport mode access
806.
 switchport nonegotiate
807.
 spanning-tree portfast
808.
 spanning-tree bpduguard enable
809.
!
810.
interface GigabitEthernet2/0/40
811.
 switchport mode access
812.
 switchport nonegotiate
813.
 spanning-tree portfast
814.
 spanning-tree bpduguard enable
815.
!
816.
interface GigabitEthernet2/0/41
817.
 switchport mode access
818.
 switchport nonegotiate
819.
 spanning-tree portfast
820.
 spanning-tree bpduguard enable
821.
!
822.
interface GigabitEthernet2/0/42
823.
 switchport mode access
824.
 switchport nonegotiate
825.
 spanning-tree portfast
826.
 spanning-tree bpduguard enable
827.
!
828.
interface GigabitEthernet2/0/43
829.
 switchport mode access
830.
 switchport nonegotiate
831.
 spanning-tree portfast
832.
 spanning-tree bpduguard enable
833.
!
834.
interface GigabitEthernet2/0/44
835.
 switchport mode access
836.
 switchport nonegotiate
837.
 spanning-tree portfast
838.
 spanning-tree bpduguard enable
839.
!
840.
interface GigabitEthernet2/0/45
841.
 switchport mode access
842.
 switchport nonegotiate
843.
 spanning-tree portfast
844.
 spanning-tree bpduguard enable
845.
!
846.
interface GigabitEthernet2/0/46
847.
 switchport mode access
848.
 switchport nonegotiate
849.
 spanning-tree portfast
850.
 spanning-tree bpduguard enable
851.
!
852.
interface GigabitEthernet2/0/47
853.
 switchport mode access
854.
 switchport nonegotiate
855.
 spanning-tree portfast
856.
 spanning-tree bpduguard enable
857.
!
858.
interface GigabitEthernet2/0/48
859.
 switchport mode access
860.
 switchport nonegotiate
861.
 spanning-tree portfast
862.
 spanning-tree bpduguard enable
863.
!
864.
interface GigabitEthernet2/1/1
865.
!
866.
interface GigabitEthernet2/1/2
867.
!
868.
interface GigabitEthernet2/1/3
869.
!
870.
interface GigabitEthernet2/1/4
871.
!
872.
interface TenGigabitEthernet2/1/1
873.
!
874.
interface TenGigabitEthernet2/1/2
875.
!
876.
interface TenGigabitEthernet2/1/3
877.
!
878.
interface TenGigabitEthernet2/1/4
879.
!
880.
interface TenGigabitEthernet2/1/5
881.
!
882.
interface TenGigabitEthernet2/1/6
883.
!
884.
interface TenGigabitEthernet2/1/7
885.
!
886.
interface TenGigabitEthernet2/1/8
887.
 switchport mode trunk
888.
 switchport nonegotiate
889.
 channel-group 108 mode active
890.
!
891.
interface FortyGigabitEthernet2/1/1
892.
!
893.
interface FortyGigabitEthernet2/1/2
894.
!
895.
interface TwentyFiveGigE2/1/1
896.
!
897.
interface TwentyFiveGigE2/1/2
898.
!
899.
interface Vlan1
900.
 no ip address
901.
!
902.
interface Vlan200
903.
 ip address 192.168.200.240 255.255.255.0
904.
!
905.
ip default-gateway 192.168.0.1
906.
ip forward-protocol nd
907.
no ip http server
908.
ip http authentication aaa
909.
ip http secure-server
910.
ip ssh version 2
911.
!
912.
!
913.
kron occurrence wgg at 20:00 Sun recurring
914.
 policy-list SBD
915.
!
916.
kron policy-list SBD
917.
 cli write memory
918.
!
919.
!
920.
snmp-server community public RO
921.
snmp-server location Serverraum 2
922.
snmp-server contact Administratoren
923.
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
924.
snmp-server enable traps flowmon
925.
snmp-server enable traps entity-perf throughput-notif
926.
snmp-server enable traps call-home message-send-fail server-fail
927.
snmp-server enable traps tty
928.
snmp-server enable traps eigrp
929.
snmp-server enable traps ospf state-change
930.
snmp-server enable traps ospf errors
931.
snmp-server enable traps ospf retransmit
932.
snmp-server enable traps ospf lsa
933.
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
934.
snmp-server enable traps ospf cisco-specific state-change shamlink interface
935.
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
936.
snmp-server enable traps ospf cisco-specific errors
937.
snmp-server enable traps ospf cisco-specific retransmit
938.
snmp-server enable traps ospf cisco-specific lsa
939.
snmp-server enable traps rep
940.
snmp-server enable traps vtp
941.
snmp-server enable traps vlancreate
942.
snmp-server enable traps vlandelete
943.
snmp-server enable traps port-security
944.
snmp-server enable traps license
945.
snmp-server enable traps smart-license
946.
snmp-server enable traps cpu threshold
947.
snmp-server enable traps memory bufferpeak
948.
snmp-server enable traps stackwise
949.
snmp-server enable traps udld link-fail-rpt
950.
snmp-server enable traps udld status-change
951.
snmp-server enable traps fru-ctrl
952.
snmp-server enable traps flash insertion removal lowspace
953.
snmp-server enable traps energywise
954.
snmp-server enable traps power-ethernet police
955.
snmp-server enable traps entity
956.
snmp-server enable traps pw vc
957.
snmp-server enable traps envmon
958.
snmp-server enable traps ipsla
959.
snmp-server enable traps bfd
960.
snmp-server enable traps config-copy
961.
snmp-server enable traps config
962.
snmp-server enable traps config-ctid
963.
snmp-server enable traps event-manager
964.
snmp-server enable traps bridge newroot topologychange
965.
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
966.
snmp-server enable traps syslog
967.
snmp-server enable traps dhcp
968.
snmp-server enable traps auth-framework sec-violation
969.
snmp-server enable traps ipmulticast
970.
snmp-server enable traps msdp
971.
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
972.
snmp-server enable traps pimstdmib neighbor-loss invalid-register invalid-join-prune rp-mapping-change interface-election
973.
snmp-server enable traps ospfv3 state-change
974.
snmp-server enable traps ospfv3 errors
975.
snmp-server enable traps ike policy add
976.
snmp-server enable traps ike policy delete
977.
snmp-server enable traps ike tunnel start
978.
snmp-server enable traps ike tunnel stop
979.
snmp-server enable traps ipsec cryptomap add
980.
snmp-server enable traps ipsec cryptomap delete
981.
snmp-server enable traps ipsec cryptomap attach
982.
snmp-server enable traps ipsec cryptomap detach
983.
snmp-server enable traps ipsec tunnel start
984.
snmp-server enable traps ipsec tunnel stop
985.
snmp-server enable traps ipsec too-many-sas
986.
snmp-server enable traps vlan-membership
987.
snmp-server enable traps errdisable
988.
snmp-server enable traps rf
989.
snmp-server enable traps transceiver all
990.
snmp-server enable traps bulkstat collection transfer
991.
snmp-server enable traps mac-notification change move threshold
992.
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
993.
snmp-server host 192.168.0.250 public
994.
!
995.
!
996.
radius server radius3
997.
 address ipv4 192.168.0.80 auth-port 1812 acct-port 1813
998.
 key string
999.
!
1000.
radius server radius4
1001.
 address ipv4 192.168.0.81 auth-port 1812 acct-port 1813
1002.
 key string[
1003.
!
1004.
!
1005.
control-plane
1006.
 service-policy input system-cpp-policy
1007.
!
1008.
!
1009.
line con 0
1010.
 logging synchronous
1011.
 stopbits 1
1012.
line vty 0 4
1013.
 logging synchronous
1014.
 transport input ssh
1015.
line vty 5 15
1016.
 logging synchronous
1017.
 transport input ssh
1018.
!
1019.
ntp server 192.168.200.1
1020.
!
1021.
mac address-table notification mac-move
1022.
!
1023.
!
1024.
!
1025.
!
1026.
!
1027.
end
Leider habe ich keine Idee mehr, wo ich ansetzen kann, da die Konfigs ja wirklich identisch sind.

Daher mein Versuch, Hilfe über das Forum zu erhalten.

Hier noch die Meldung, welche mir im Browser angezeigt werden:

2019-02-08 11_58_06-10.20.100.240 - Klicke auf das Bild, um es zu vergrößern

Danke, Grüße.
Mitglied: brammer
08.02.2019 um 20:52 Uhr
Hallo,

Deine Fehlermeldung hat als Quelle die 10.20.100.240. Die taucht aber in deiner config nicht auf....
(Oder ich hab das in den 1000 Zeilen config überlesen..)

Wer hat den die IP?
Und wofür brauchst du https Zugang? Die console sagt doch alles und das viel schneller?
Gibt es im Log irgendwelche Einträge?

Brammer
Bitte warten ..
Mitglied: malawi
11.02.2019 um 07:16 Uhr
Zitat von brammer:

Deine Fehlermeldung hat als Quelle die 10.20.100.240
Korrekt, ich habe die Config natürlich etwas angepasst. Im Bild habe ich das vergessen. Du kannst dir sicher sein, dass die Adressierung definitiv passt. Momentan ist der ganze Aufbau in einem Labornetzwerk. Pingen kann ich die Kiste (wie gesagt) bereits. HTTP-Zugriff geht auch. Nur HTTPS geht nicht.


Wer hat den die IP?
Und wofür brauchst du https Zugang? Die console sagt doch alles und das viel schneller?
Das mag sein, nur habe ich auch Kollegen, die ab und an mal ein VLAN ändern müssen/sollen und mit der Console nicht so firm sind, da wir erst letztes Jahr auf Cisco umgestellt haben bzw. bei der Umstellung sind.

Gibt es im Log irgendwelche Einträge?
Ich habe mit einem unserer Dienstleister, welcher regelmäßig Cisco Netzwerke aufbaut, nachgesehen. Gefunden haben wir beide nichts. Deshalb mein letzter Versuch hier im Forum.
Bitte warten ..
Mitglied: brammer
11.02.2019 um 08:32 Uhr
Hallo,

dann lasse mal ein

01.
debug ip https all
mitlaufen.
du kannst den Log auch hier posten.

Außerdem würde ich mal eine wireshark laufen lassen.

brammer
Bitte warten ..
Mitglied: malawi
11.02.2019, aktualisiert um 10:02 Uhr
Gegen meinen eigentlichen Willen habe ich den Stack aufgelöst, die Startups noch einmal komplett gelöscht und alles neukonfiguriert.

Nu' gehts. Ich werde das auf dem zweiten Stack auch noch einmal machen.

01.
debug ip https all
...wird mit in meiner "Config-Liste" aufgenommen.

Danke, ich berichte, ob es beim zweiten Stack auch so geklappt hat.

EDIT:

Auch beim anderen "Problemkind" ist das Webinterface jetzt über HTTPS erreichbar.
Bitte warten ..
Ähnliche Inhalte
SEO

Wie funktioniert eine HTTPS Verschlüsselung?

Frage von YanmaiSEO5 Kommentare

Hallo ihr Administratoren, ich werde mir jetzt doch ein SSL Zertifikat kaufen. Mir schwebt dieses hier vor: das erste ...

Router & Routing

Cisco ASA HTTPS und HTTP Portfreigabe einrichten

Frage von Herbrich19Router & Routing1 Kommentar

Hallo, Ich habe mein System auf eine Cisco ASA Umgestellt. Nun möchte ich gerne eine Port Freigabe einrichten die ...

Verschlüsselung & Zertifikate

Wie funktioniert ein HTTPS Proxy? Ist das zeitgemäß?

gelöst Frage von flyingKangarooVerschlüsselung & Zertifikate7 Kommentare

Hallo, ich war bisher immer der Meinung wenn im Browser ein Proxyserver für HTTPS eingetragen ist, dann stellt der ...

Switche und Hubs

Cisco Stack - Software Update funktioniert nicht

gelöst Frage von hanst1Switche und Hubs3 Kommentare

Hallo in die Runde, ich habe ein Problem mit einem Cisco Stack (2x2960S). Ich will gerade ein IOS Update ...

Neue Wissensbeiträge
Windows 7

Windows 7 u. Server 2008 (R2) SHA-2-Update kommt am 12. März 2019

Information von kgborn vor 1 TagWindows 74 Kommentare

Kleine Info für die Admins der oben genannten Maschinen. Ab Juli 2019 werden Updates von Microsoft nur noch mit ...

Firewall
PfSense 2.5.0 benötigt doch kein AES-NI
Information von ChriBo vor 2 TagenFirewall2 Kommentare

Hallo, Wie sich einige hier erinnern werden hat Jim Thompson in diesem Aritkel beschrieben, daß ab Version 2.5.0 ein ...

Internet
Copyright-Reform: Upload-Filter
Information von Frank vor 4 TagenInternet1 Kommentar

Hallo, viele Menschen reden aktuell von Upload-Filtern. Sie reden darüber, als wären es eine Selbstverständlichkeit, das Upload-Filter den Seitenbetreibern ...

Google Android

Blokada: Tracking und Werbung unter Android unterbinden

Information von AnkhMorpork vor 4 TagenGoogle Android1 Kommentar

In Ergänzung zu meinem vorherigen Beitrag: Blokada efficiently blocks ads, tracking and malware. It saves your data plan, makes ...

Heiß diskutierte Inhalte
Hardware
IT-Werkzeugkoffer bis 50,- EUR
gelöst Frage von departure69Hardware40 Kommentare

Hallo. Ich bin als IT-Systembetreuer einer Gemeinde zusätzlich auch der IT-Systembetreuer einer Grund- und Hauptschule. Dort muß ich jedoch ...

Netzwerke
Verteilung von Programmdaten außerhalb des internen Netzwerkes
Frage von mertaufmbergNetzwerke24 Kommentare

Guten Morgen liebe Administratoren, ich versuche zurzeit eine möglichst sichere und einfache Lösung zu suchen, um ein Programmverzeichnis über ...

Netzwerkmanagement
Richtfunknetzwerk mit vielen Hops stabiler gestalten
Frage von turti83Netzwerkmanagement21 Kommentare

Hallo, in meinem Dorf habe ich vor ca. einem Jahr ein Backbone aufgebaut um die Nachbarschaft mit Internet zu ...

Hyper-V
Intel MSC Raid 5 Rebuild
Frage von DannysHyper-V19 Kommentare

Hallo Community, Ich habe einen Modul Server von Intel in Betrieb. Dort ist eine Festplatte aus dem Raid 5 ...