Solved: Set IP source for SCP software downloading

mitard · ‎06-29-2021

Hi guys,

I use Cisco Prime Infrastructure to manage devices. I would like to update Cat. 2960X with release 15.2.7E4. For security purpose the devices are managed over a dedicated IP address (It can either be a SVI in case there are several swtiches to manage within the same subnet or a /32 loopback in case there is a single L3 switch on the site). The management IP address is the only one allowed to connect to the Cisco Prime Infrastructure server.

When I use Prime to update the switch software, downloading fails over SCP (although I configured the source IP address for SSH, please see below) but it works through FTP (Configuration below as well).

ip ssh source-interface Loopback1
ip ftp source-interface Loopback1

Of course it would be far better to use SCP rather than FTP. Can anyone help me to configure the device so it can use the loopback1 IP address as source IP for SCP downloading ?

Thanks for your help, regards, Vincent

marce1000 · ‎06-29-2021

- How does the download fail ,which error is seen in Prime ? Is there anything in the switch logs ?

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

View solution in original post

marce1000 · ‎06-30-2021

The command "ip ssh source-interface" only controls the sessions that are initiated *from* your switch/router. Meaning , can you ssh to the device from Prime and or does that work ?

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

View solution in original post

marce1000 · ‎06-29-2021

- How does the download fail ,which error is seen in Prime ? Is there anything in the switch logs ?

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

mitard · ‎06-30-2021

Hi marce1000,

Unfortunatelly there is nothing relevant in the switch logs. Here is below the error message displayed on the on Cisco Prime Infrastructure :

The image does not exists on the device continue Distribution Process
The image does not exists on the device continue Distribution Process Flash Validation successfully completed.
The image does not exists on the device continue Distribution Process Flash Validation successfully completed.
Checking if HTTP server is enabled on the device...Http Server is not enabled, will continue with Software Upgrade Operation.
Loading Image File to Device : Copying image c2960x-universalk9-mz.152-7.E4.bin to the flash flash1: failed.
Error occured while communicating with the device. Check device credentials and SSH/telnet reachability..

What are the credentials used by the switch to connect to the Cisco Prime in order to download the software ?

Regards, Vincent

marce1000 · ‎06-30-2021

>What are the credentials used by the switch to connect to the Cisco Prime in order to download the software ?

These are the credentials configured for (Privileged) Exec mode , you may want to remove the device from Prime and re-enter it but press Verify Credentials first for correct operation.

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

mitard · ‎06-30-2021

Yes I did check thanks to "Verify Credentials" and the result was fine. I definitely don't understand where the issue comes from.

marce1000 · ‎06-30-2021

The command "ip ssh source-interface" only controls the sessions that are initiated *from* your switch/router. Meaning , can you ssh to the device from Prime and or does that work ?

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !