1

我正在 GNS3 模拟器上的 CISCO 路由器 CSR1000v 上学习 restconf。我正在尝试使用以下命令对路由器进行身份验证

curl -k https://192.168.1.102/restconf/ -u "admin:admin" -v

但是连接被拒绝,并给出以下错误。

*   Trying 192.168.1.102...
* TCP_NODELAY set
* Connected to 192.168.1.102 (192.168.1.102) port 443 (#0)
* schannel: SSL/TLS connection with 192.168.1.102 port 443 (step 1/3)
* schannel: disabled server certificate revocation checks
* schannel: verifyhost setting prevents Schannel from comparing the supplied target name with the subject names in server certificates.
* schannel: using IP address, SNI is not supported by OS.
* schannel: sending initial handshake data: sending 153 bytes...
* schannel: sent initial handshake data: sent 153 bytes
* schannel: SSL/TLS connection with 192.168.1.102 port 443 (step 2/3)
* schannel: encrypted data got 7
* schannel: encrypted data buffer: offset 7 length 4096
* schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE (0x80090326) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.
* Closing connection 0
* schannel: shutting down SSL/TLS connection with 192.168.1.102 port 443
* schannel: clear security context handle
curl: (35) schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE (0x80090326) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.

我也尝试使用邮递员进行连接。但同样的事情也会发生。

在此处输入图像描述

思科交换机配置。

    Current configuration : 1429 bytes
!
! Last configuration change at 13:25:36 UTC Sat Mar 20 2021
!
version 16.7
service config
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform console serial
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 9EU20Y6MD61
no license smart enable
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
restconf
!
username admin privilege 15 secret 5 $1$ZEPO$AMcwXSrAjBucZrOjRAenN1
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet1
 ip address 192.168.1.102 255.255.255.0
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet2
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet3
 negotiation auto
 no mop enabled
 no mop sysid
!
interface GigabitEthernet4
 negotiation auto
 no mop enabled
 no mop sysid
!
ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
ip http client source-interface GigabitEthernet1
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
line con 0
 stopbits 1
line vty 0 4
 login
!
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
!
end

注意:路由器可从物理网络 ping 通。

Pinging 192.168.1.102 with 32 bytes of data:
Reply from 192.168.1.102: bytes=32 time=1ms TTL=255
Reply from 192.168.1.102: bytes=32 time=1ms TTL=255
4

1 回答 1

1

这似乎是这个路由器软件版本中的一个错误。我使用了相同的配置csr1000v-universalk9.16.12.03-serial.qcow2并且工作正常。以前的版本是csr1000v-universalk9.16.06.07-serial.qcow2

于 2021-03-20T18:27:37.500 回答