I'm testing using Prime Infrastructure 3.5 to push out a new IOS to some Cat3850 switches. I have a Linux VM running SCP server acting as the intermediary. The job starts and I see the IOS file start to copy to the Linux SCP folder. Then job fails and I get an error stating...
"File checksum/size on destination varies from file checksum/size of source. Probable Cause: The file copy failed due to Temporary Network errors."
Same outcome with different IOS versions on different hardware.
- For starters verify this assertion by using the command verify /md5 full-file-path on IOS versus the result (or source) of the same file on the Linux VM with md5sum filename.
Hello and thanks!
I was able to verify the MD5 checksums are the same at both locations.
Looking at the logs of the target 3850 switch I'm seeing the error:
%SSH-3-BAD_PACK_LEN: Bad packet length 1349676916
Quick search of that error and came across this article - https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve64732/?rfs=iqvred
- Considering this bug : if the switch enforces to strong ciphers, try lowering this restriction for Prime to become happy.
Thanks, yes I've tried tinkering with using different ciphers to no avail, unfortunately.
I'm not putting any further effort into this... Not overly impressed with Prime.
I have had success using Prime to upgrade IOS versions in the past but have always thoroughly tested before using in production. It's only since transitioning to IOS 16.x that this appears to have become an issue.
Back to the good ol' manual method.
- Probably because IOS 16.x uses the strong ciphers for SSH by default.