This post is more than 5 years old
15 Posts
0
54427
PowerConnect 3424P - The server at XX.YY.ZZ.AA is taking too long to respond
I get this message when I try to use the web interface on my 3424P switch. I executed the "ip https server" command and created an administrator username with level 15 access using the terminal connection.
Did I miss something?
Thanks
Tim
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
1
August 6th, 2013 08:00
When the auto-boot message appears, press to get the Startup menu. The Startup
menu procedures can be done using the ASCII terminal or Windows HyperTerminal.
[1] Download Software
[2] Erase Flash File
[3] Password Recovery Procedure
[4] Enter Diagnostic Mode
[5] Set Terminal Baud-Rate
[6Back
Selecting the password recovery allows a one-time access to the device from the local terminal with no password entered. Then you can change the password
DELL-Willy M
802 Posts
1
July 17th, 2013 14:00
Are you able to ping the stated IP address successfully from your management PC?
Did you follow all the below steps when setting up the ssh server?
PC1-3424# configure
PC1-3424(config)# ip https server
01-Jan-2000 03:03:39 %HTTP_HTTPS-W-NOCERTIFICATE: HTTPS server has
been enabled but a certificate was not found.
For certificate generation use the - 'crypto certificate
certificate-number generate key-generate' command. The service will
start automatically when a certificate is generated.
PC1-3424(config)# ip https port 443
PC1-3424(config)# crypto certificate 1 generate key-generate
Generating RSA private key, 1024 bit long modulus
PC1-3424(config)# crypto key generate dsa
Replace Existing DSA(DSS) Key [y/n]? y
The SSH service is generating a private DSA key.
This may take a few minutes, depending on the key size.
...................................................................
...................................................................
...................................................................
...................................................................
...................................................................
........................................
PC1-3424(config)# crypto key generate rsa
Replace Existing RSA Key [y/n]? y
The SSH service is generating a private RSA key.
This may take a few minutes, depending on the key size. .............
PC1-3424(config)# exit
PC1-3424# show crypto key mypubkey dsa dsa key data:
ssh-dss AAAAB3NzaC1kc3MAAAEBANuWCXCyLe4+lcVesINmuWbSdjk/IUmC 3JIPadQSX78HgE76DeHaIbZtv2VEVag9v3P0tk2KZn6zHUfh7y1UfEi8qyI7 7SWXMrkG8ISZYfRkMiPxnIIgEprenKHxlhxnQCSmH5w2J/SnA0RFHbwVuUiu uWn4YabG+pnrHAOm/Z5cQ5i2KwQU3b/1sEfGYKeifMjPnTQ+ugApN/0pF6oh koKrelGJVcwKBrd2vCd61NAJRKqk6p2Js6KVi6f36ftmtI+cIOQcdjzcch+m gcCMEqVrjImfoMLXKGign8kIqShrQjipHIvuhLcfK7vUwos1JhrQsgR5PVVp suJ2kVsJgUkAAAAVAIsFKsqhEncFR41g249si3XNVWNpAAABAQCyhb8xdt1F
PC1-3424# show crypto key mypubkey rsa rsa key data:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAu2f/tPmbsC4zKsw5H82L9Bo2 kYEy9J2Q/N8HEjKsz5wkxzBp+q0FEokAbNO75jqClD9oh42KQpavl5PKFbTS g/Gj7eSNgBPxRvddwFoM7u/d1RN9uJIPtoss+XrCAvqkCV6P+bP/j8+findV p65aJnZqBiePR+wWQZA8qErfqjtRIY5tWnYtRr2jRmniTSBKAFWD4xaQuKiy Kr/edpFXhFgVZBwmrs5vwsabzyV4lDxvhOmT1I78BB18WnPzGsJUs/pYEvoA PHXCkyic6m+N8WJ4YKxllnDMSDvkEaAUzdqZqAAeRkUAWMjrRNXaQHCIGNVd LHakK6EjIYJLZ48rqw==
PC1-3424# show ip https
HTTPS server enabled. Port: 443
Certificate 1 is active.
Issued by : C= , ST= , L= , CN=10.0.0.10, O= , OU=
Valid From: Jan 1 03:09:23 2000 GMT
Valid to: Dec 31 03:09:23 2000 GMT
Subject: C= , ST= , L= , CN=10.0.0.10, O= , OU=
SHA1 Fingerprint: 3C0D1309 36014C40 22705F0A 96C0FF97 20A6B066
Certificate 2 does not exist.
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
August 2nd, 2013 07:00
Are you able to ping the switch? Telnet/SSH to the switch?
What browser are you using? Have you tried other browsers?
Prof.Tim.Smith
15 Posts
0
August 2nd, 2013 07:00
Sorry for the delay -- I tried the above and I am still getting the same result.
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
August 2nd, 2013 08:00
What firmware level is the switch at? What IP address has been assigned to it?
Prof.Tim.Smith
15 Posts
0
August 2nd, 2013 08:00
Ping - yes
Telnet - No
FF, Chrome & IE -- nothing connects
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
August 2nd, 2013 09:00
The firmware is a little out of date. Ensuring that is up to date can help with switch operability.
www.dell.com/.../powerconnect-3448
There was another forum user with a 55xx switch that exhibits similar behavior. The switch also had a similar IP address. something i suggested to them, but have not heard back on, is changing the IP address so there is not a 0 in it. So something like 10.1.1.53. Test with an IP address like that and not any behavior changes.
Thanks
Prof.Tim.Smith
15 Posts
0
August 2nd, 2013 09:00
SW v2.0.0.21
Boot v1.0.1.01
HW v00.00.01
IP address 10.1.0.53
I actually have three of these switches, but only looked at one as the others are in different buildings. I suspect the others are at the same version level, but with different ip addresses --
Prof.Tim.Smith
15 Posts
0
August 2nd, 2013 09:00
I suspected the firmware may have been out of date (the down side to inheriting someone else's network). W/r/t to the IP address, we have other switches with a similar IP structure, but, those are 3548P and not 3424P devices. Would that make a difference?
Thanks for the quick response...
Tim
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
August 2nd, 2013 10:00
The 3548 uses similar firmware to 3424. The IP address is a similarity between the different cases. If it is not something you can test out, i will see if there is a way for me to test.
Prof.Tim.Smith
15 Posts
0
August 2nd, 2013 12:00
I have not yet tried the firmware update -- I would be using Xmodem (I do not have a TFTP set up yet), and the intructions said it may take an hour to complete.
In the mean time, here is the running config (if it helps)
spanning-tree mode rstp
interface range ethernet e(1-24)
spanning-tree portfast
exit
interface ethernet g1
description "1Gbps Fiber Feed from Server Room"
exit
interface ethernet g4
description "Backup Server in Sprinkler Room"
exit
interface range ethernet e(1-23)
switchport mode general
exit
interface ethernet g1
switchport mode trunk
exit
vlan database
vlan 11,254,531-532
exit
interface ethernet e1
switchport general pvid 531
exit
interface ethernet e2
switchport general pvid 531
exit
interface ethernet e3
switchport general pvid 531
exit
interface ethernet e4
switchport general pvid 531
exit
interface ethernet e5
switchport general pvid 531
exit
interface ethernet e6
switchport general pvid 531
exit
interface ethernet e7
switchport general pvid 531
exit
interface ethernet e8
switchport general pvid 531
exit
interface ethernet e9
switchport general pvid 531
exit
interface ethernet e10
switchport general pvid 531
exit
interface ethernet e11
switchport general pvid 531
exit
interface ethernet e12
switchport general pvid 531
exit
interface ethernet e13
switchport general pvid 531
exit
interface ethernet e14
switchport general pvid 531
exit
interface ethernet e15
switchport general pvid 531
exit
interface ethernet e16
switchport general pvid 531
exit
interface ethernet e17
switchport general pvid 531
exit
interface ethernet e18
switchport general pvid 531
exit
interface ethernet e19
switchport general pvid 531
exit
interface ethernet e20
switchport general pvid 531
exit
interface ethernet e21
switchport general pvid 531
exit
interface ethernet e22
switchport general pvid 531
exit
interface ethernet e23
switchport general pvid 531
exit
interface ethernet g4
switchport access vlan 11
exit
interface ethernet g1
switchport trunk allowed vlan add 11
exit
interface range ethernet e(1-23)
switchport general allowed vlan add 254
exit
interface ethernet g1
switchport trunk allowed vlan add 254
exit
interface range ethernet e(1-23)
switchport general allowed vlan add 531 untagged
exit
interface ethernet g1
switchport trunk allowed vlan add 531
exit
interface ethernet e24
switchport access vlan 532
exit
interface ethernet g1
switchport trunk allowed vlan add 532
exit
interface vlan 11
name Servers
exit
interface vlan 254
name "Phone VLAN"
exit
interface vlan 1
ip address 10.1.0.53 255.255.255.0
exit
ip default-gateway 10.1.0.254
hostname Gym
line console
speed 115200
exit
management access-list admin
permit ip-source 10.1.1.1
permit ip-source 10.1.0.0 mask 255.255.255.0
exit
management access-list allowHTTPS
permit service https
permit service telnet
exit
management access-class admin
logging 10.1.1.1
username user1 password ...... level 15 encrypted
username user2 password ...... level 15 encrypted
ip ssh server
snmp-server community 93a168 rw 10.1.1.1 view DefaultSuper
ip https server
I have a total of 7 3424P servers -- all with the same behavior
Does the running config provide any clues?
Thankd
Tim
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
August 2nd, 2013 13:00
I looks like there may be some commands missing. I would go back through the config and make sure SSH,HTTP,HTTPS, crypto commands are in place. Here are some examples taken from the user guide.
Page 69
Configuring an Initial SSH password
To configure an initial SSH password, enter the following commands:
console(config)# aaa authentication login default line
console(config)# aaa authentication enable default line
console(config)# line ssh
console(config-line)# login authentication default
console(config-line)# enable authentication default
console(config-line)# password jones.
• When initially logging onto a device through a SSH session, enter jones at the
password prompt.
• When changing a device’s mode to enable, enter jones.
Configuring an Initial HTTP Password
To configure an initial HTTP password, enter the following commands:
console(config)# ip http authentication local
console(config)# username admin password user1 level 15
Configuring an initial HTTPS password:
To configure an initial HTTPS password, enter the following commands:
console(config)# ip https authentication local
console(config)# username admin password user1 level 15
Enter the following commands once when configuring to use a terminal, a Telnet, or an SSH
session in order to use an HTTPS session.
NOTE: In the Web browser enable SSL 2.0 or greater for the page content to be displayed.
console(config)# crypto certificate generate key_generate
console(config)# ip https server
Prof.Tim.Smith
15 Posts
0
August 6th, 2013 07:00
I ran the commands from the last post, and now I am unable to get a serial connection to the switch through the COM port -- I am getting the error message
Cannot authenticate user
Bad configuration or inaccessible server, prevent authentication
Please reconfigure or use Password Recovery
I think I screwed something up (no surprise!) -- is the recoverable, or do I need to do a factory reset? I am planning on upgrading the firmware on the device so I can properly configure it through the web interface
Thanks
Tim
Prof.Tim.Smith
15 Posts
0
August 9th, 2013 07:00
That did it! Thanks. We are going to update the firmware on the switch which should alleviate the rest of the issues with it.