Solved: 4510+R ssh error after upgrade xe 3.11.07 to xe 3.11.09 - Page 5

Hubert Kupper · ‎10-24-2023

Hi,

after a upgrade from xe 3.11.07 to 3.11.09 we cannot open a ssh session to our 4510+R Switch. Before the upgrade everything works fine. The error message in the log is:

%SSH-3-BAD_PACK_LEN: Bad packet lenghth

We zeroised the rsa key and generate it new but the error still occours.

Any idea?

Regards, Hubert

RVTim · ‎03-22-2024

I upgraded a switch to 03.11.10E and it did not have any issues with KEX, and did not trigger the applet that replaced the KEX values. So it's looking good. I'd recommend to anyone who's running 03.11.8E and older to skip right over 03.11.9E and go right to this version.

RVTim · ‎03-22-2024

I had good luck again tonight on a 2nd production 4500x running 03.11.9E to 03.11.10E.

However, I tried doing an ISSU upgrade on a 4510R+E switch to the same version and ran into an issue. (Yes, I know that many people say ISSU doesn't work well but I've very very rarely had an issue myself, other than spanning-tree issues that I found workarounds for). After going back to the cisco download site to see if the release notes were out yet (they weren't), I saw someone posted a comment on the 4510R software download that the 03.11.10E has the same SSH issue as 03.11.09E. I thought that the 4500x and 4510R were so close in code base that this would not be the case. If anyone tries a 4510R+E, please report back if you do indeed have issues.

mitzomitzov · ‎08-15-2024

I just upgraded 4 switches from 3.11.02 to 3.11.10 and 1 of the 4 lost ssh. TAC case will be open if we cannot resolve it.

Leo Laohoo · ‎08-15-2024

Keep us posted.

mitzomitzov · ‎08-15-2024

After taking a look of our config with another of our engineers here is what we found:

sh run | beg line vty
line vty 0 4
transport input none

Looks like the upgrade whipped out our transport input command. As soon as i added ssh to that command it worked again.

line vty 0 4
transport input ssh