Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1697
Views
0
Helpful
4
Replies

SG-300 firmware 1.2.7.76 crash and lost ssh keys

Go to solution
Ruediger Oertel
Level 1
Level 1

‎09-04-2012 09:26 AM

Hi,

updated 2 of our 7 SG-300-52 switches to the new firmware now.

Our first findings:

- (annoying): the switch regenerates it's ssh host keys on every reboot.If I export the configuration, the keys can be seen but they are

apparently not stored and are regenerated on every reboot of the switch.

- (critical): by accident we connected a port that was part of a port channel configured without lacp (channel-group 1 mode on) to a nx7k

port configured for lacp. At this point the SG-300 stops responding completely, same for network as for serial console. With both sides

correctly configured for lacp, all is fine.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Tom Watts
VIP Alumni
VIP Alumni

‎09-04-2012 09:44 AM

The Ruedigerl, the critical portion of your post is expected behavior when connecting a mismatch channel-group configuration. The spanning tree basically thrashes the switch requiring a reboot. This is true across all switches including the Catalyst series, that the spanning-tree will loop and make nasty problems.

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

View solution in original post

0 Helpful

Go to solution
Tom Watts
VIP Alumni
VIP Alumni
In response to Ruediger Oertel

‎09-04-2012 09:54 AM

I will make research and post an answer. I noticed the same behavior in my lab. I'm not sure if by design or a way to manage it better.

I know you can generate the RSA and DSA keys through the console menu and save them for the fingerprints. That may be the solution. If you log the CLI on the switch, type MENU, there is a section where you can generate the SSH keys. I don't remember the menus off the top of my head or I'd be more detailed.

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Tom Watts
VIP Alumni
VIP Alumni

‎09-04-2012 09:44 AM

The Ruedigerl, the critical portion of your post is expected behavior when connecting a mismatch channel-group configuration. The spanning tree basically thrashes the switch requiring a reboot. This is true across all switches including the Catalyst series, that the spanning-tree will loop and make nasty problems.

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful

Go to solution
Ruediger Oertel
Level 1
Level 1
In response to Tom Watts

‎09-04-2012 09:47 AM

ah good, thanks a lot!

this just leaves the ssh/ssl key issue open ... with some luck it might be a config issue ?

0 Helpful

Go to solution
Tom Watts
VIP Alumni
VIP Alumni
In response to Ruediger Oertel

‎09-04-2012 09:54 AM

I will make research and post an answer. I noticed the same behavior in my lab. I'm not sure if by design or a way to manage it better.

I know you can generate the RSA and DSA keys through the console menu and save them for the fingerprints. That may be the solution. If you log the CLI on the switch, type MENU, there is a section where you can generate the SSH keys. I don't remember the menus off the top of my head or I'd be more detailed.

-Tom
Please rate helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful

Go to solution
Ruediger Oertel
Level 1
Level 1
In response to Tom Watts

‎09-04-2012 05:05 PM

thanks. yes, manually regenerating the keys and certificates seems to help, worked for me on this reboot.

0 Helpful
Customers Also Viewed These Support Documents