HTTP(S) Access to Switch

Similar Messages

• Lost access to switch after upgrade to metro access image

  Hello
  After an upgrade of a 3400 ME switch image to metro access one (340x), the switch was reloaded. After that, the only way to access the switch is the console port. I am beginner with cisco switches but I managed to configure the switch to make an upgrade through TFTP. Now I want to configure port 0/1 on vlan access mode to vlan 1. Any help on this is more than welcome. Thank you.
  Switch   Ports  Model              SW Version              SW Image
  *    1   26     ME-3400-24TS-D     12.2(35)SE3             ME340x-METROACCESS-M
  no aaa new-model
  system mtu routing 1500
  ip subnet-zero
  no file verify auto
  spanning-tree mode rapid-pvst
  spanning-tree extend system-id
  vlan internal allocation policy ascending
  vlan 10
  name management
  interface FastEthernet0/1
  speed 100
  duplex full
  interface FastEthernet0/2
  shutdown
  interface FastEthernet0/3
  no switchport
  no ip address
  no ip route-cache
  shutdown
  interface FastEthernet0/4
  shutdown
  --More--
  interface GigabitEthernet0/2
  port-type nni
  interface Vlan1
  ip address 192.168.1.252 255.255.255.0
  no ip route-cache
  interface Vlan10
  no ip address
  no ip route-cache
  shutdown
  ip default-gateway 192.168.1.1
  no ip http server
  cisco3400#sh int fastEthernet 0/1 switchport
  Name: Fa0/1
  Switchport: Enabled
  Administrative Mode: static access
  Operational Mode: static access
  Administrative Trunking Encapsulation: dot1q
  Operational Trunking Encapsulation: native
  Negotiation of Trunking: Off
  Access Mode VLAN: 1 (default)
  Trunking Native Mode VLAN: 1 (default)
  Administrative Native VLAN tagging: enabled
  Administrative private-vlan host-association: none
  Administrative private-vlan mapping: none
  Administrative private-vlan trunk native VLAN: none
  Administrative private-vlan trunk Native VLAN tagging: enabled
  Administrative private-vlan trunk encapsulation: dot1q
  Administrative private-vlan trunk normal VLANs: none
  Administrative private-vlan trunk private VLANs: none
  Operational private-vlan: none
  Trunking VLANs Enabled: ALL
  Capture Mode Disabled
  Capture VLANs Allowed: ALL

  I found the source of the problem. My switch was connected to another one. I had to explicitly put port type to nni.
  Hope it helps someone.

• Connection of LC/APC fiber patch cords to Cisco Catalyst 6500 $ Cisco Access 3750 Switches

  I have an LC/APC fiber patch cord infrastructure and I want to connect it to Cisco Catalyst 6500 & Cisco Access 3750 Switches. what type of transceiver should be used?
  I read a note on Cisco website stating the following for Cisco SFP+ transceivers:
  Note: "Only connections with patch cords with PC or UPC connectors are supported. Patch cords with APC connectors are not supported. All cables and cable assemblies used must be compliant with the standards specified in the standards section"

  Thank you,  but my question is that I have a single mode fiber patch cord with LC/APC connector while cisco stating a note that only use LC/PC or LC/UPC type of connectors with SFP+ transceiver.  
  So what type of transceiver should I use to connect LC/APC patch cord to cisco switches?  Is there another type or SFP+ still can be used? 

• Use HTTPS to access webservice on standalone OC4J

  I have followed the instructions in the Oracle Containers for J2EE Security Guide for setting up SSL (Chapter 15) on standalone OC4J. I have also looked at Tugs blog about using HTTPS with web services. I believe I have everything setup right but have a problem.
  BTW, I am using a standalone OC4J instance that is also an ESB server. Prior to doing the SSL setup I already had 2 test web services running that could be accessed via http just fine.
  Here is my default-web-site.xml file contents:
  <web-site xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/web-site-10_0.xsd" port="8888" display-name="OC4J 10g (10.1.3) Default Web Site" schema-major-version="10" schema-minor-version="0" >
  <default-web-app application="default" name="defaultWebApp" />
  <web-app application="system" name="dms0" root="/dmsoc4j" />
  <web-app application="system" name="dms0" root="/dms0" />
  <web-app application="system" name="JMXSoapAdapter-web" root="/JMXSoapAdapter" />
  <web-app application="default" name="jmsrouter_web" load-on-startup="true" root="/jmsrouter" />
  <web-app application="javasso" name="javasso-web" root="/jsso" />
  <web-app application="ascontrol" name="ascontrol" load-on-startup="true" root="/em" ohs-routing="false" />
  <web-app application="esb-test" name="esb-test" load-on-startup="true" root="/esbtest" />
  <web-app application="esb-dt" name="esb_console" load-on-startup="true" root="/esb" />
  <web-app application="orainfra" name="orainfra" load-on-startup="true" root="/orainfra" />
  <web-app application="esb-rt" name="provider-war" load-on-startup="true" root="/event" />
  <web-app application="Test-elexnet_service-WS" name="WebServices" load-on-startup="true" root="/Test-elexnet_service-context-root" />
  <web-app application="Test-elexnet_service2-WS" name="WebServices" load-on-startup="true" root="/Test-elexnet_service2-context-root" />
  <access-log path="../log/default-web-access.log" split="day" />
  </web-site>
  Here is my secure-web-site.xml file contents:
  <web-site xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/web-site-10_0.xsd" secure="true" port="4443" display-name="OC4J 10g (10.1.3) Secure Web Site" schema-major-version="10" schema-minor-version="0" >
  <default-web-app application="default" name="defaultWebApp" />
  <web-app application="Test-elexnet_service-WS" name="WebServices" load-on-startup="true" root="/Test-elexnet_service-context-root" />
  <web-app application="Test-elexnet_service2-WS" name="WebServices" load-on-startup="true" root="/Test-elexnet_service2-context-root" />
  <access-log path="../log/secure-web-access.log" split="day" />
  <ssl-config keystore="C:\OracleESB\j2ee\home\oc4jkeystore.jks" keystore-password="xxx" />
  </web-site>
  I also have the following in my server.xml file:
  <application name="javasso" path="../../home/applications/javasso.ear" parent="default" start="false" />
  <application name="ascontrol" path="../../home/applications/ascontrol.ear" parent="system" start="true" />
  <application name="esb-dt" path="../applications/oraesb-dt.ear" parent="default" start="true" />
  <application name="orainfra" path="../applications/orainfra.ear" parent="default" start="true" />
  <application name="esb-rt" path="../applications/oraesb-rt.ear" parent="esb-dt" start="true" />
  <application name="esb-test" path="../applications/oraesb-test.ear" parent="default" start="true" />
  <application name="Test-elexnet_service-WS" path="../applications\Test-elexnet_service-WS.ear" parent="default" start="true" />
  <application name="webapp" path="../applications\webapp.ear" parent="default" start="true" />
  <application name="Test-elexnet_service2-WS" path="../applications\Test-elexnet_service2-WS.ear" parent="default" start="true" />
  <global-web-app-config path="global-web-application.xml" />
  <transaction-manager-config path="transaction-manager.xml" />
  <web-site default="true" path="./default-web-site.xml" />
  <web-site path="./secure-web-site.xml" />
  <cluster id="31671846181898" />
  All I really want is to access the 2 web services via HTTPS. I can access the default applciation via https just fine but when I try to use https to access the web services I get a 404 Not found error (after first getting a security alert popup). I can still access the services via http though. In the log of the server I have the following errors that occured on startup of OC4J. They pertain to the secure web site and there is an error for each web service. I don't understand what they mean/what the problem is:
  <MSG_TEXT>Internal error raised tyring to instantiate web-application: WebServices defined in web site OC4J 10g (10.1.3) Secure Web Site. Error compiling :C:\OracleESB\j2ee\home\applications\Test-elexnet_service2-WS\WebServices: Error instantiating compiler: IO error writing cache: C:\OracleESB\j2ee\home\application-deployments\Test-elexnet_service2-WS\WebServices\deployment-cache.jar</MSG_TEXT>
  <MSG_TEXT>Internal error raised tyring to instantiate web-application: WebServices defined in web site OC4J 10g (10.1.3) Secure Web Site. Error compiling :C:\OracleESB\j2ee\home\applications\Test-elexnet_service-WS\WebServices: Error instantiating compiler: IO error writing cache: C:\OracleESB\j2ee\home\application-deployments\Test-elexnet_service-WS\WebServices\deployment-cache.jar</MSG_TEXT>
  Anyone know what is going on? TIA!
  Nick

  I found that when I REMOVED the following from the default-web-site.xml
  <web-app application="Test-elexnet_service-WS" name="WebServices" load-on-startup="true" root="/Test-elexnet_service-context-root" />
  <web-app application="Test-elexnet_service2-WS" name="WebServices" load-on-startup="true" root="/Test-elexnet_service2-context-root" />
  and restarted OC4J, then everything is ok and I don't get any errors. However I can only access the web services via HTTPS and not HTTP.
  Anybody got any ideas?

• I can not access the switch through the console (solved)

  Hello,
  I'm having a problem.
  I can not access the switch through the console. The web interface is working properly.
  Model: SRW224g4
  Below some pictures.
  The HyperTerminal settings
  error:
  If anyone can help me?
  Thank you and excuse the bad English.

  Hello Rumenigue,
  It looks to me like you are using a console cable.  The reason you usually see them the other way around is because with a console cable the RJ-45 end goes into the device (an ethernet jack labeled console) whereas on this switch the console port is serial itself. 
  Usually the serial end of the cable you have plugs into a USB to serial adapter (because most computers today don't have serial ports anymore) and that USB connection goes into your PC, creating the virtual COM port you need in HyperTerminal.
  So if you get a USB to Serial adapter you could plug that from USB to the console port, or if you computer has a serial port of its own just connect a serial cable directly from the PC to the switch, then use HyperTerminal with the settings recommended above by Tom.
  Hope I have helped,
  Christopher Ebert
  Network Support Engineer - Cisco Small Business Support Center

• Safari 5.1 HTML5 HTTP basic access authentication issue video does not load

  I have a .m4v video referenced in a page with the HTML5 video tag in a folder which is in a password protected folder housed on iPage.
  Safari 5.0.5 plays the video fine.  Safari 5.1 fails to load/play the video in the protected folder.  If I move the video to a not protected folder, Safari 5.1 plays it fine.
  This is on iPage.  Back on MobileMe all is fine with 5.1.
  I think this is a HTTP basic access authentication issue with 5.1.
  Anyone have similar issue? Work around?

  Yes, I can also confirm this behaviour. This is in Safari 5.1.1, but I also see the exact same thing in WebKit nightlies.

• Need to change the Certificate in ACE that is using for HTTPS Management access

  Dear Team,
  Currently we are getting certificate cannot be trusted error in web browser while we are accessing the ACE through https. So we need to installed the new https certificate for https management connection to ACE for removing this error. We do not want to use the self signed certificate for https access to ACEmanagement. We have done the below configuration but there no luck, still its showing the previous self signed certificate in browser.
  parameter-map type ssl MNGMT_SSL
  cipher RSA_WITH_AES_128_CBC_SHA priority 2
  ssl-proxy service PSERVICE_SERVER
  key ACEKEY.key
  cert ACECERT.cert
  ssl advanced-options MNGMT_SSL
  Kindly suggest how we can installed the certificate on ACE for only https management access.
  Thanks in advance.
  Regrads,
  Ranjith

  Ranjith,
  You may want to see the details and recommendation relatedo to this situation and this bug:
  CSCte42757
  Jorge

• MSTP on Access Layer Switches

  Hello everyone,
  When configuring MST for STP, is there a need to configure it on access layer switches in a collapsed core design?  I can find docs to configure the root and secondary root bridges but I don't see anything about configuring access layer switches.  In RSTP, you configure it on all switches cooperating in STP and set the root and secondary bridges accordingly.  Any help is appreciated.
  Regards,
  Terence

  Hi,
  You should configure your access switches for MST as well so you are using the same STP for core and access.  The only difference between the core and access is that the core is root and back up root for STP and the access layer is just default (32768).
  HTH

• EA4500, setting 'HTTPs' admin access only, failure CCC upgrading

  Got a new EA4500 yesterday, it came with traditional browser-based firmware.
  Then I changed its Admin access to HTTPs only, disabled HTTP.
  I downloaded CCC upgrading wizard, registered CCC account.
  When I tried to upgrade to CCC firmware, it kept trying to detect and finally told 'can not detect a device to upgrade'.
  When I enabled HTTP admin access and tried to upgrade CCC again, it worked.
  Does somebody encounter similar issue?
  If HTTP enabling is a necessary condition for CCC upgrading, shall such message be prompt at least, when the tool failed to detect applicable device?

  Which group are you talking about?
  I have a group for all direct access machines, You have to specify this group during the wizard.
  The permission issue seems to be related to the script trying to modify group policy
  I have tired with the default polices the wizard creates and also specifying 2 blank policies.

• Bug: HTTP Basic Access Authorization in browser non-functional.

  Upon visiting any site that requires a username and password via HTTP Basic Access Authorization ( http://en.wikipedia.org/wiki/Basic_access_authentication ), a prompt shows up, as one should. There are two fields, which oddly are not denoted Username and Password. In any case, attempting to enter the proper username and password in those fields does not work! You will be reprompted until finally the server rejects you.
  I have tried this on numerous websites already, and have checked the passwords to ensure they were correct. 
  Post relates to: Pre p100eww (Sprint)

  I can confirm this bug too on the Palm Emulator for webOS (v1.2.0.33 currently). I do not have a physical Palm Pre to test this on, but I would expect that the emulator emulates the hardware's behavior too (else, what's the point of an emulator?). I've seen mixed reports on this particular issue. That is, I've seen at least one other person complaining about this problem on the real hardware, and yet, I've also seen another person who doesn't appear to have any such issues.
  I'll cut straight to the technical details. If I use hello:world as the login in a browser that does work correctly for basic HTTP auth, I see the following header in the sniffed packet:
  Authorization: Basic aGVsbG86d29ybGQ=
  However, when the Palm Pre (emulator) fails to log in, I see the following in the header:
  Authorization: Basic aGVsbG86d29ybGQA
  Clearly, the Palm is doing something incorrectly when it encodes the authorization details. It seems to be including an additional nonprintable character at the end (a terminating null?) when it encodes, which results in the different encoding. Considering the fact that various web browsers and Base64 encoding libraries I've tested agree with the former encoding, and not the latter, I'm inclined to believe that the Palm Pre is completely in the wrong here. Of course, why this doesn't seem to be happening to all users, though, is an oddity for which I have absolutely no potential explanations.
  Message Edited by Ultima on 11-07-2009 02:48 PM

• Is it possible to clean up the http-web-access.log?

  The size of the file http-web-access.log has increase drastically and I've just started facing disk full problems on my Server. We have are using Oracle 10g. I was wondering if someone could give me any advice how I can cleanup this file.
  Thank you in adavnce.
  Edited by: user8378419 on Apr 24, 2009 10:01 AM

  Thank you for your reply. According to the defrag report it is an Oracle product - likely the OEM as we do use Enterprise Manager on a daily basis.
  Fragments File Size Most fragmented files
  3,630 600 MB \oracle\product\10.2.0\db_1\oc4j\j2ee\OC4J_DBConsole_wyocama01_ATSRV\log\http-web-access.log
  Thanks again for any guidance regarding this.

• Packets dropped to Access layer switch???

  We have a 6509 running in Native IOS that has 2gb port channels connecting to our 7 access layer switches. About a week ago we were working with Remote span vlans and added a remote span from the 6509 to our other core (6513) which is connected via a 20Gbps portchannel. We began to notice that a lot of people were calling in reporting devices as being slow and we noticed that from the 6509 (Which was the root bridge) we were disgarding millions of packets on the transmit side of our access layer switches. We took out the remote span but it appears that we are still disgarding packets. There are no input or output errors on either side. The Remote span VLAN does not exist on the access layer switch's VLAN database. Does anybody have any idea what we should be looking for?

  you can use an acl to match the number of packets that come into / out of each of the devices. Simply use two lines in each acl where on the first line you match the packet in question and on the second line you have "permit ip any any" so you don't block any packets. Then simply apply the acl either inbound or outbound on the interface in question. If you want more than one acl on a given device, such as inbound one interfaceand outbound another, be sure to use two different acl numbers.
  create the acl's and apply them
  ensure there isn't an active call
  clear access-list counters on all devices where you configured the acl's so we ensure all of them are set to 0

• 802.1x per host authentication under one port with multi-host access by switch

  In the situation with multi-host access to one port of Cisco 2960 Lan Lite by another simple L2 switch, is it possible that we could control per user access by authentication for each?
  What happens if I connect to the switch (which already has some trusted devices) a untrusted device?
  What happens if I connect to the switch (which already has some untrusted device) a trusted device?
  If I use "authentication violation protect" traffic will be blocked only by an untrusted device or all devices connected via a simple L2 switch?
  I read the manual, but it is not made ​​detailed clarity.
  Please tell me the right way.
  I will be very grateful for your advice!

  Hello,
  In the situation with multi-host access to one port of Cisco 2960 Lan Lite by another simple L2 switch, is it possible that we could control per user access by authentication for each?
  Yes, that's why multi-host mode exists
  What happens if I connect to the switch (which already has some trusted devices) a untrusted device? If it's on single host the port will go into error-disabled as the violation of just one client per port has been triggered.
  What happens if I connect to the switch (which already has some untrusted device) a trusted device?Same thing than before if being on single mode.
  If I use "authentication violation protect" traffic will be blocked only by an untrusted device or all devices connected via a simple L2 switch?
  Only for the unknown client MAC address, the trusted devices will be able to comunicate.
  For more information about Core and Security Networking follow my website at http://laguiadelnetworking.
  Any question contact me at [email protected]
  Cheers,
  Julio Carvajal Segura

• BB Backup access AFTER switching to new phone?

  Hello -- I had a BB Curve from 2008-2011. Yes, I switched to a different smartphone. I have need for access to some of the info that was backed up from my BB during 2010. Is it possible for me to get to this? I was using the Desktop BB software at the time, which has since been removed from my PC.  Any thoughts/suggestions would be helpful!
  Thanks!

  There are a couple of options for extracting and viewing data from a the backup files.
  1. The IPD Parse macro is designed to read a Blackberry IPD file and create reports in MSWord or MSExcel. It is free, and you can find out more here: https://sites.google.com/site/ipdparse/home
  For .bbb backup files, use this macro to extract seven "primary" IPD files (Address Book, Calendar, SMS Messages, Tasks, Memos, PIN Messages and Phone Call Logs)
  IPD bbb Extract macro https://sites.google.com/site/ipdbbbextract
  These IPD files can subsequently be used as inputs to the other macro, IPD Parse, to produce reports.
  2. Another options is MagicBerry from MenaStep... which extract from a backup IPD or BBB file, split IPD files, etc. http://menastep.com/pages/magicberry.php
  3. Another IPD and BBB file utility is BlackBerry Backup Extractor, and is available for PC and Mac, and can be found here: http://www.blackberryconverter.com/ There is a free and paid version.
  1. If any post helps you please click the below the post(s) that helped you.
  2. Please resolve your thread by marking the post "Solution?" which solved it for you!
  3. Install free BlackBerry Protect today for backups of contacts and data.
  4. Guide to Unlocking your BlackBerry & Unlock Codes
  Join our BBM Channels (Beta)
  BlackBerry Support Forums Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• Access Server 2511 can't access Routers & Switch

  Hi,
  i recently bought Cisco Routers, Switch, Access Server and Frame-relay for my CCNP home lab, but problem is that my Access Server 2511 can't connect to any other devices like router or switch, i have configure "loopback 200.1.1.1" than setup "ip host Router1 2001 200.1.1.1" command for all of my other devices, when i try to connect to other devices it give me this message but do not show prompt for that device...
  (Router#f2
  Translating "f2"
  Trying f2 (200.1.1.1, 2001)... Open)
  i leave this message for a long time but Prompt never come....
  i also use CLEAR line command to clear but problem still exist.
  Please help me to resolve this problem...
  Regards,
  ABDUL

  Hi
  Thank you for your guidance, i have done changes which you were suggested, but problem still exit ..this is my fifth day battling with this issue..i can connect and work on all devices through network using # telnet  (ip address of any device) ..i am using the right cable (72-0845-01) Cisco Cab-Octal-Async 8 Lead Octal Cable (68 pin to 8 Male RJ-45s)... now i am thinking that there is a problem with cable or Access Server 2511 physically not with configuration..any way i am waiting for your reply...
  tserver#sh run
  Building configuration...
  Current configuration : 1054 bytes
  version 12.3
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname tserver
  boot-start-marker
  boot-end-marker
  enable secret 5 $1$sWZ2$iNhMYtvWsbwBSGLnYtphr/
  enable password cisco
  no aaa new-model
  ip subnet-zero
  no ip domain lookup
  ip host f1 2001 172.168.1.1
  ip host s1 2002 172.168.1.1
  ip host r1 2007 172.168.1.1
  ip host f2 2009 172.168.1.1
  ip host s2 2010 172.168.1.1
  ip host r2 2016 172.168.1.1
  interface Loopback0
  ip address 172.168.1.1 255.255.255.0
  interface Ethernet0
  no ip address
  shutdown
  interface Serial0
  no ip address
  shutdown
  no fair-queue
  interface Serial1
  no ip address
  shutdown
  ip http server
  ip classless
  dialer-list 1 protocol ip permit
  line con 0
  password cisco
  login
  transport output telnet
  telnet speed 9600 38400
  line 1 16
  transport input telnet
  transport output telnet
  flowcontrol hardware
  line aux 0
  line vty 0 4
  password cisco
  login
  transport input telnet
  transport output telnet
  telnet speed 9600 38400
  end