8 Replies Latest reply on Jan 8, 2018 11:01 PM by superfly99

    Cisco 3850 Config backup issues

    enderaz

      We've just added a few 3850's into our network and noticed that Solarwinds can't seem to SSH to these boxes to grab the backup.  Despite being allowed to and not being blocked by our ACL.  Has anyone else run into this issue?

       

      debug ip ssh client:

      Dec 14 14:45:51.695: SSH3: protocol version id is - SSH-2.0-WeOnlyDo 3.0.0.184

      Dec 14 14:45:51.697: SSH2 3: Using kex_algo = diffie-hellman-group14-sha1

      Dec 14 14:45:51.980: SSH3: Session disconnected - error 0x00

       

       

        • Re: Cisco 3850 Config backup issues
          david.botfield

          Seem to remember having a similar issue but it wasn't just Solarwinds that could not access. I believe that we resolved by stopping and restarting the ssh service. enabling telnet temporarily would allow this to be done remotely. Worth checking that the crypto key generation has been done and checking that the routing is available via VRF as the management interface uses a VRF to separate the traffic.

            • Re: Cisco 3850 Config backup issues
              enderaz

              I've regen'd the crypto key.  What's odd is that I can SSH to it from windows, linux and MAC.  Just not from Solarwinds.  Even stranger is that if I use the ssh function in the device summary I can SSH to it from there as well.  It seems that whatever function its using to SSH for NCM just isn't working.

                • Re: Cisco 3850 Config backup issues
                  superfly99

                  How is your connection profile configured? So when you press the Test button, I'm assuming it's failing for you. Once it fails, click on Show credential login details. It will show you what it was trying to do.

                   

                  It sounds like you just need to tweak the connection profile.

                  1 of 1 people found this helpful
                    • Re: Cisco 3850 Config backup issues
                      enderaz

                      Device Template: Cisco IOS-1.3.6.1.4.1.9

                       

                       

                       

                      Also tried SSH Auto, SSH v1, SSHv2.  Same results.  Test Failed.  Connection Refused.  Though non 3850 switches down stream of this device on the same management subnet work just fine.  So far I have this issue with all three locations that I have a 3850 acting as a building router.

                       

                       

                       

                      Jan  4 14:34:10.577: SSH3: starting SSH control process

                      Jan  4 14:34:10.577: SSH3: sent protocol version id SSH-2.0-Cisco-1.25

                      Jan  4 14:34:10.578: SSH3: protocol version id is - SSH-2.0-WeOnlyDo 3.0.0.184

                      Jan  4 14:34:10.579: SSH2 3: kexinit sent: kex algo = diffie-hellman-group14-sha1

                      Jan  4 14:34:10.579: SSH2 3: Server certificate trustpoint not found. Skipping hostkey algo = x509v3-ssh-rsa

                      Jan  4 14:34:10.579: SSH2 3: kexinit sent: hostkey algo = ssh-rsa

                      Jan  4 14:34:10.579: SSH2 3: kexinit sent: encryption algo = aes128-ctr,aes192-ctr,aes256-ctr

                      Jan  4 14:34:10.579: SSH2 3: kexinit sent: mac algo = hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96

                      Jan  4 14:34:10.579: SSH2 3: SSH2_MSG_KEXINIT sent

                      Jan  4 14:34:10.581: SSH2 3: SSH2_MSG_KEXINIT received

                      Jan  4 14:34:10.581: SSH2 3: kex: client->server enc:aes128-ctr mac:hmac-sha2-256

                      Jan  4 14:34:10.581: SSH2 3: kex: server->client enc:aes128-ctr mac:hmac-sha2-256

                      Jan  4 14:34:10.581: SSH2 3: Using hostkey algo = ssh-rsa

                      Jan  4 14:34:10.582: SSH2 3: Using kex_algo = diffie-hellman-group14-sha1

                      Jan  4 14:34:10.647: SSH2 3: expecting SSH2_MSG_KEXDH_INIT

                      Jan  4 14:34:10.647: SSH2 3: SSH2_MSG_KEXDH_INIT received

                      Jan  4 14:34:10.739: SSH2: kex_derive_keys complete

                      Jan  4 14:34:10.739: SSH2 3: SSH2_MSG_NEWKEYS sent

                      Jan  4 14:34:10.739: SSH2 3: waiting for SSH2_MSG_NEWKEYS

                      Jan  4 14:34:10.749: SSH2 3: SSH2_MSG_NEWKEYS received

                      Jan  4 14:34:10.750: SSH2 3: Authentications that can continue = publickey,keyboard-interactive,password

                      Jan  4 14:34:10.751: SSH2 3: Using method = none

                      Jan  4 14:34:10.751: SSH2 3: Authentications that can continue = publickey,keyboard-interactive,password

                      Jan  4 14:34:10.753: SSH2 3: Using method = password

                      Jan  4 14:34:10.855: SSH3: Session disconnected - error 0x00

                    • Re: Cisco 3850 Config backup issues
                      david.botfield

                      It might be the type of ssh being used. I've found some times you need to set to use ssh V1 or SSH V2 only in order to get the desired effect. Auto will try both but I'm not sure of the order so I'd try V2 only first.