cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2811
Views
0
Helpful
3
Replies

Cisco Prime 3.0 can not access by ssh some devices

Hello,

We have problems monitoring Catalyst 6509 with the new version of Cisco PRIME 3.0. When we add devices Catalyst 6509 with IOS version 12.2(33)SXI10 or 12.2(33)SXI12 on Monitor / Managed Elements / Network Devices, after Sync this devices appears on Last Inventory Collection Status as "Partial Colection Failure".

We check that SNMP community and SSH user and password are corrects, but if we access by ssh to Cisco PRIME appliance (with root enabled) ans try yo connect to this Catalyst you cannot connect, after a few seconds catalyst disconnect the session with the following message " Connection closed by <<catalyst's-ip-address>>", if we try to connect with the verbose mode active (ssh user@ip-address -vvv) we the that the last message that appears is "SSH2_MSG_KEXINIT sent", after this the next message is " Connection closed by <<catalyst's-ip-address>>".

We have other Catalyst 6509 with IOS version 12.2(33)SXI9 and this works fine with cisco PRIME 3.0. Also we have other Switches and Routers and all works fine.

Thanks for your time reading/helping us

3 Replies 3

Hello,

We have more information about the problem:

If we connect to Cisco PRIME Appliance and launch the ssh connection from root mode we can connect to the Catalyst if we add the option -c aes256-cbc (ssh -c aes256-cbc username@<<ip-address>>). Seems like Cisco PRIME try to connect with other configuration different to this. Are there any chance of modify this behavior?

Also if we try to connect from other equipment (a laptop in the same network that Cisco PRIME Appliance) with other ssh client (PUTTY o SecureCRT) works fine, we can reproduce the problem only with Cisco PRIME Appliance.

Hi David, 

Have you had any luck with the problem, I face some similar issue

regards

Nikhil

Hi Nikhil,

Yes, customer changed the IOS version to another version more updated, and with this version we don't have the problem.

I tried modify the ssh configuration of Prime (file /etc/ssh/ssh_config) adding a custom configuration for the IP address of Catalyst that had the problem, but I didn't time to try, I remember that was some thing like this:

Host <<ip-address>>

Ciphers aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc

I hope that you can solve the problem.

Best Regards,

David

Review Cisco Networking for a $25 gift card