This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.

You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

NCM 7.6 SSH problem with Alcatel DSLAMS and OLTs

farhankhan over 6 years ago

Guys

I have spent 3 days to figure it out what was the problem as of now dont have time to share all the details with out knowing that some one would really need it or now just give me a yell if some buddy is facing the same problem and ill figure out some time to post the solution details.

0 sja over 6 years ago

Well you call support or share what the problem..

I have NO problem with those type

ISAM 7360 that run the TiMOS (SROS)

I just use that template make sure that NCM server /poller can ping and SNMP and SSH to the DSLAM.

<Please select a device template> Auto Determine 3Com Adtran Alaxala AX3630S and AX2530 Alcatel 7210-M Allied-Telesis Apresia 3424GT and 13200 Arris Aruba BIG-IP 11.5 Business Policy Switch 2000 Cisco Adaptive Security Appliance Cisco Catalyst 1900 Cisco Catalyst Cat OSS Cisco Catalyst Cat OSS Cisco Catalyst CatOS Cisco Catalyst CatOS4006 Cisco Catalyst CatOS5000 Cisco Catalyst CatOS5500 Cisco Catalyst CatOS5509 Cisco Catalyst CatOS6006 Cisco Catalyst CatOS6500 Cisco CSS 11500 Series Cisco CSS 11501 Cisco IOS Cisco IOS2505 Cisco IronPort Cisco Pix Firewall Cisco Pix Firewall 501 Cisco Pix Firewall 506 Cisco Pix Firewall 506E Cisco Pix Firewall 515 Cisco Pix Firewall 515E Cisco Pix Firewall 520 Cisco Pix Firewall 525 Cisco Pix Firewall 535 Cisco VPN concentrator Cisco WLC Copy of Cisco IOS Custom ALU 7342 ISAM Custom ALU 7360 ISAM Custom MRV200_400 Dell PowerConnect Switch Dell PowerConnect Switch Dell PowerConnect Switch Enterasys Cabletron SmartSwitch Router 16 slot Enterasys Cabletron SmartSwitch Router 32 slot Enterasys Cabletron SmartSwitch Router 8 slot Extreme Extreme XOS F5 Big IP Fortigate Foundry Generic HP J4865A ProCurve Switch 4108GL HP J4865A ProCurve Switch 4108GL HP Switch Huawei Quidway S2700 Juniper Juniper Devices Juniper NetScreen Mikrotik Motorola MRV910 NetScaler Nortel BayStack 460-24T Nortel Baystack380 Nortel Baystack5510 Nortel Baystack5520 Nortel Passport Nortel Switch 325-24T Nortel Switch 460-24T Nortel Switch 460-24T-PWR Nortel Switch 470-48T-PWR Nortel Switch 5520-24T Nortel Switch 5520-48T NortelBPS2000 PaloAlto5050 Radware WSD Riverbed Steelhead SMC Switch 6128L2 SMC Switch 8926EM

Allow Terminal Server Support:

Yes No

0 farhankhan over 6 years ago in reply to sja

Hi Mate ,
Ok ! let me explain ....
The problem is with NCM's new version (7.6) when you have dis-hmac-sha-1 configured with SSH profile of ISAM / Micronodes / MX-6s (aka ISAM 7363) or ISAM 7330s FTTN . (However ESS 7450 , 7210 SAS-E /D/S or 7750 SR families are working fine)

Technical Reason: The current NCM supports 1024 bits key sizes since it is using diffie-hellman-group-exchange-sha1 and diffie-hellman-group1-sha1 when using SSH.
The following list of ciphers is supported right now:
aes128-ctr,aes128-gcm@openssh.com
aes128-cbc
chacha20-poly1305@openssh.com
3des-cbc,blowfish-cbc
aes192-ctr,aes192-cbc
aes256-gcm@openssh.com
aes256-ctr
aes256-cbc
rijndael128-cbc
rijndael192-cbc
rijndael256-cbc
rijndael-cbc@lysator.liu.se
cast128-cbc
So as of now the solution is to remove dis-mac-sha-1 from node or downgrade the NCM to 7.6 & NPM to 12.0.1
Thanks for the suggestion, support is already looking into this matter to addressed my ticket hope they will come back quickly with solution like always
Cancel
Vote Up 0 Vote Down

Cancel