Welcome to the second article in this series on the Cisco Configuration Professional (CCP) tool. In the last article, we installed and setup CCP to discover our GNS3 devices (routers). We stopped at the point where CCP successfully discovered one of the routers but could not discover the second one. In this article, we are going to troubleshoot the error with RTR2 and also look at other discovery-related issues. We will conclude by familiarizing ourselves with the windows layout of CCP.

Our network diagram is as shown below:

GNS3NetConfig1

This is the screen we had from the last article that showed us the result of the discovery process:

One of the best ways to find out what went wrong is to use the “Discovery Details” button on that screen. Select the device you want to view details for and click that button. The discovery details screen for RTR2 is as shown below:

What actually happened is that while I was installing and setting up CCP, I shut down the router and did not remember to turn it back on before that router was discovered. The details above actually give us a good pointer to that fact: “Connection to the device could not be established. Either the device is not reachable or the HTTP/HTTPS service is not enabled on the device.

So of course, I go to GNS3, turn on my RTR2, come back to CCP, and hit the “Discover” button:

Now I have the security certificate alert dialog box that lets me know it was able to establish connection. A few moments later, you can see that my RTR2 was successfully discovered, as shown below:

Cool! Now let’s take a look at different scenarios of what could go wrong with the discovery process.

HTTP(S) not enabled

I go to my RTR2 router and turn off HTTP and HTTPS services and then run the discovery process again:

no ip http server
no ip http secure-server

The error message we will get is the same as the one above.

Wrong username or password

I go ahead and turn on the HTTP and HTTPS services but, this time, I will change the password of the “ccp” username we configured to something else.

Again, the discovery is going to fail but we have a different reason this time: “The username or password is incorrect.

Username with privilege level < 15

The next thing we are going to do is reduce the privilege level of the “ccp” username from 15 to, say, 2. I will also use the correct password, “cisco123.”

The discovery process is still going to fail, but now it starts getting a bit tricky:

The same incorrect username or password error is being shown, even though your username and password are technically correct. In our case, we specifically configured a privilege level of 2 for that username and you may think that no one will normally do that for basic configuration. That may be true, but it is also true that basic configuration will not specify any privilege level at all. For example:

The problem with this configuration (without specifying a privilege level) is that the default privilege level assigned to a username is 1. This is why you must remember to specify the privilege level for that username.

No HTTP local authentication

The next error we want to consider is if HTTP local authentication is not turned on.

Notice yet again that we get the same “The username or password is incorrect” error. If you are not familiar with the basic steps necessary to prepare a router for CCP, you will probably spend a long time troubleshooting the username/password combination.

Problem with certificate

The last case we want to consider is if there is a problem with the router’s certificate. I cannot replicate this error now but it sometimes happens with GNS3 devices. The error you get in this case will be: “Discovery could not be completed because security certificate was rejected. See help for more information.

Hint: If you want to see this error, remove the certificate you have on your router, and regenerate it so that, when CCP tries to discover the device, it will bring up the security certificate alert dialog box; now, instead of accepting the certificate, click on “No.”

CCP Windows Layout

Before we round off on this article, let’s take a look at the windows layout of the CCP tool. I have used different colors of rectangles to segment the various sections of the CCP window.

The top bar (red rectangle) is called the Menu bar; it offers application services such as managing communities and adding user profiles. It also offers help and information about CCP.

The bar below the menu bar (green rectangle) is called the Toolbar. Here we have the “Home,” “Configure,” “Monitor.” and other buttons. It contains the most commonly used application and network configuration services.

The left hand pane (yellow rectangle) is called the Left Navigation Pane, which allows us to pick features that we want to configure or monitor. We will see this in detail as we go on in the series.

The right hand pane (blue rectangle) is called the Content Pane; here we enter configuration options and also view reports and others.

The last bar at the bottom (purple rectangle) is the Status bar, which displays the status of CCP. In this case, it shows a padlock and, hovering over that padlock, a message tells us that there is currently a secure connection to the router:

Summary

In this article, we began by troubleshooting a discovery-related issue with one of our routers. We then went on to look at other issues that could cause the discovery process to fail. We finished by looking at the various sections of the Cisco Configuration Professional (CCP) Windows.

In the next article, we will look at the CCP tool in more detail and we will also begin interacting with our discovered devices. I hope you have found this article insightful and I look forward to writing the next article in this series.

Further Reading