Openssl 如何连接到cisco CSR1000 restconf
我正在GNS3模拟器上学习CISCO路由器CSR1000v上的restconf。我正在尝试使用下面的命令向路由器进行身份验证Openssl 如何连接到cisco CSR1000 restconf,openssl,cisco,ietf-restconf,Openssl,Cisco,Ietf Restconf,我正在GNS3模拟器上学习CISCO路由器CSR1000v上的restconf。我正在尝试使用下面的命令向路由器进行身份验证 curl -k https://192.168.1.102/restconf/ -u "admin:admin" -v 但连接被拒绝,并给出以下错误 * Trying 192.168.1.102... * TCP_NODELAY set * Connected to 192.168.1.102 (192.168.1.102) port 443 (
curl -k https://192.168.1.102/restconf/ -u "admin:admin" -v
* Trying 192.168.1.102...
* TCP_NODELAY set
* Connected to 192.168.1.102 (192.168.1.102) port 443 (#0)
* schannel: SSL/TLS connection with 192.168.1.102 port 443 (step 1/3)
* schannel: disabled server certificate revocation checks
* schannel: verifyhost setting prevents Schannel from comparing the supplied target name with the subject names in server certificates.
* schannel: using IP address, SNI is not supported by OS.
* schannel: sending initial handshake data: sending 153 bytes...
* schannel: sent initial handshake data: sent 153 bytes
* schannel: SSL/TLS connection with 192.168.1.102 port 443 (step 2/3)
* schannel: encrypted data got 7
* schannel: encrypted data buffer: offset 7 length 4096
* schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE (0x80090326) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.
* Closing connection 0
* schannel: shutting down SSL/TLS connection with 192.168.1.102 port 443
* schannel: clear security context handle
curl: (35) schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE (0x80090326) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.
Current configuration : 1429 bytes
!
! Last configuration change at 13:25:36 UTC Sat Mar 20 2021
!
version 16.7
service config
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform console serial
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 9EU20Y6MD61
no license smart enable
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
restconf
!
username admin privilege 15 secret 5 $1$ZEPO$AMcwXSrAjBucZrOjRAenN1
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet1
ip address 192.168.1.102 255.255.255.0
negotiation auto
no mop enabled
no mop sysid
!
interface GigabitEthernet2
negotiation auto
no mop enabled
no mop sysid
!
interface GigabitEthernet3
negotiation auto
no mop enabled
no mop sysid
!
interface GigabitEthernet4
negotiation auto
no mop enabled
no mop sysid
!
ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
ip http client source-interface GigabitEthernet1
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
line con 0
stopbits 1
line vty 0 4
login
!
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
!
end
Pinging 192.168.1.102 with 32 bytes of data:
Reply from 192.168.1.102: bytes=32 time=1ms TTL=255
Reply from 192.168.1.102: bytes=32 time=1ms TTL=255
这似乎是这个路由器软件版本中的一个bug。我使用了与csr1000v-universalk9.16.12.03-serial.qcow2相同的配置,工作正常。以前的版本是
csr1000v-universalk9.16.06.07-serial.qcow2