09-09-2022 01:40 AM - edited 09-09-2022 03:16 AM
Hi,
We have a new installation of DNAC - Version 2.2.3.5
The issue I have is with some, not all IOS updates to 2960X/XRs which fail the pre-check with the following messages:
Unable to download file using HTTPs and SCP.
The certificates are installed and DNAC is reachable. I have tried deleted/installing the certificates manually with no luck as suggested on many websites.
Both the trustpoint and cert have been deleted and re-installed.
I've also tried copying a file from DNAC as a test from the switch which also fails:
copy https://x.x.x.x//core/img/cisco-bridge.png null:
%Error opening https://x.x.x.x//core/img/cisco-bridge.png (I/O error)
I have ran 'debug ip scp' and it seems that scp fails with:
%SSH-3-NO_MATCH: No matching cipher found: client aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc server aes128-ctr,aes192-ctr,aes256-ctr
All switches run SSH Version 2.
Beyond re-creating the certificates and using SSH version 2 there does not seem to be any other suggestions of how to fix this.
Any help would be appreciated.
Thanks
Paul
09-09-2022 02:32 AM
Apologies, we are runnining DNAC version Version 2.2.3.5.
09-09-2022 02:41 AM
Have had the same issue with 3850 & 9300 switches. I found that deleteing the switch from DNAC and then adding it back in often sorted this problem out.
Rgds
Steve
09-09-2022 03:22 AM
Thanks Steve, I was going to try that next.
Presumably, I just delete the device, without device cleanup ticked. No config changes/deletes will be made on the switch ?
09-09-2022 03:40 AM
Correct, don't click device cleanup. Nothing changes on the switch. Once added you will need to assign it to a site and, possibly, enable and deploy Telemetry once the resync has finished. Rerun the Image Update Readiness Check and, hopefully, HTTPS/SCP will be reachable. Even if HTTPS is still not reachable as long as SCP is you will be fine.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide