MP C3501/4501 No WIM access

Re: MP C3501/4501 No WIM access

In a word, NO!!!

Looking at the non defaults, the only things that I see that might help are 5845-22, 5907-01 and 6967-01. Other than that, it might be something in User Settings or something that would have been on page 1 which you did not include.

Re: MP C3501/4501 No WIM access

Something to try, only had one instance of this but worth a go. Even though I can see that you have no Access Control list - Telnet in and do a "access flush" as always remember to 'logout' and confirm changes or it will be in vain.

Re: MP C3501/4501 No WIM access

SP 5801-011 NCS will clear all interface settings including Access Control and Certificates.

Re: MP C3501/4501 No WIM access

High Security settings such as IEEE802.1X and Access Control are not stored in the usual places, hence why replacing Controller and NVRAM won't help you with these settings.

Re: MP C3501/4501 No WIM access

I have always been able to clear Access Control using NCS clear. IEEE802.1x can be cleared through User Tools as can security level.

Re: MP C3501/4501 No WIM access

Sure dot1X can be disabled in Interface Settings, but if a tech doesn't think to check it, changing the Controller and NVRAM won't help him (seen that waaay too many times).

I can recall over a dozen times where NCS clear has not wiped the Access list (or indeed any time that it has done), perhaps my guys are just unlucky but I'll test tomorrow. Plus already mentioned a telnet flush cured a problem when the access list was blank. The more complicated these things get, the stranger the faults!

Re: MP C3501/4501 No WIM access

Praise the Lord! Finally figured it out!!

I had to change the "PERMIT SSL/TSL COMMUNICATION" to "CIPHERTEXT/CLEARTEXT" I never had changed this because the '01 i have that works that i have been comparing is set to "CIPHERTEXT PRIORITY" and so i was trying to get these two to match...but after reading what it said "the client and server don't support a common SSL protocol version or cipher suite." I figured i should probably mess with the thing that says "SSL COMMUNICATION"

Once i changed it...i went into the device certificate and sure enough there was one that the SSL communication was set to use..after i deleted this certificate, i was able to change the ssl communication back to "CIPHERTEXT PRIORITY" like the other '01 and BOOM! I'm IN!!

My question for the future is: is there anyway to delete the certificate on the machine without going into the WIM? Under Administrator tools i think i remember seeing a delete certificate option which i did but i guess that did not delete the certificate that was blocking me?? Or maybe i deleted something under PROGRAM/CHANGE/DELETE REALM

Thanks for all the advice! It definitely helped and i learned a lot from this

Re: MP C3501/4501 No WIM access

I have had IT decide to create a certificate on machines to see what it would do. If it then gave me a permission error entering WIM, SP 5801-011 would clear it. Of course I then had to reenter all interface settings.

Re: MP C3501/4501 No WIM access

Hmmm thats strange then because i did 5801-11 twice to be sure...i guess it was a very secure certificate

Anyways thanks for your help! Just glad its solved

Re: MP C3501/4501 No WIM access

Re : Browser
Where you using "HTTPS" in the address bar of the browser.
You should have seen the address bar change colour to black font on a green background. (Proof of secured connection status...)
Like any secured web site, the browser should have let you install the Encryption key certificate and the SSL comms should have worked.


....