Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
737
Views
5
Helpful
2
Replies

Can't update (import) backed-up config from SG350 28P into CBS350

Mzt834
Level 1
Level 1

‎07-25-2022 09:26 PM - edited ‎07-25-2022 09:27 PM

In March 2022, it worked. I upgraded three SG350 switches (two non-PoE 24 port and one non-PoE 8 port) by backing up the running config from each SG350 and updating (importing) each into its CBS 350 counterpart (we bought the CBS models based on Cisco's upgrade guide from the SG350 to CBS 350 line). 

So that worked and it was easy through the GUI.

But in July 2022 (today and last week), it hasn't worked with 3 new CBS 350 switches that recently arrived after being backordered forever. Today, for example, I tried to update a new CBS 350 24P using the SG350 28P's backed up config file (tried the running config then focused on startup config; tried with "encrypted," "plaintext" and "excluded" backups from the SG350). 

I also tried after updating the firmware that just out on July 21st for the SG 350 and CBS 350.

When trying to update the startup config in the CBS 350 24P, errors appeared referring to Line 44: username <ourswitch's username> has a an encrypted password.

When I tried again using a plaintext backup config and even an excluded backup startup config file, an error appeared that in Line 50: yada yada the same thing, ...the user's <ourswitchusername> password is encrypted.

On each brand new switch, I had already created a username and password that matches their SG350 predecessors.

The error is perplexing. Searching the web for errors with "Line 44" and "Line 50" plus "password encrypted" etc. didn't help.

The only thing different between March and July with the SG350 switches is they no longer have VLAN1 as the native and VLAN1 is disabled now (for security and performance). Back in March, VLAN1 was active and native on the SG350 switches (before I knew better). 

Any ideas?

We might reconfigure the new CBS 24P manually with CLI referring to a plaintext version of the running config from the SG350.

Ugh.

 

Labels:
0 Helpful
2 Replies 2

pieterh
VIP
VIP

‎08-05-2022 08:00 AM

check the encryption type/method 

some suggestions to check: 
1) Cisco is moving away from some less secure methods,
    so some method may not be supported in the new switch / software version

2) there may be a "master password" in use that has one-way encryption so the command cannot be copied to a new switch
    you must configure this manually on the new switch before importing the old config
    "key config-key password-encrypt <key>"

Mzt834
Level 1
Level 1

‎08-05-2022 12:23 PM - edited ‎08-05-2022 02:25 PM

Thanks for the idea.

In the 11 days since posting my question, though, we already configured the new switches from scratch. It wasn't that bad. But I'll keep your idea handy for the last backordered switch, which hasn't arrived yet. When it eventually arrives (could be months), if the same problem occurs and your idea works, I'll let you know (and will "accept as solution").

Thanks again.

0 Helpful
Customers Also Viewed These Support Documents