03-19-2020 11:23 AM - edited 07-05-2021 11:52 AM
Currently testing the new 9800-CL controllers and we've gotten an eval of the CMX on-prem appliance to replace our existing MSEs. I'm able to get CMX connected to our production AireOS controllers but there appears to be an SSH issue when trying to add the test 9800-CL controllers to CMX. I've tested SSH to other switches and routers from the CMX and it has no problems so I'm thinking there is a config that I'm missing on the 9800.There is full IP connectivity between the vWLC and the CMX as they are both at the same site behind the same firewall with no ACLs in between.
Screen caps and config examples are below so if there are any wireless savvy folks out there with experience with 9800s and CMX who may be able to help, it would be much appreciated. FYI, hostnames, IPs, usernames, and passwords have been obfuscated.
SSL errors in the 9800 controller logs:
Mar 19 17:40:53.976: %NMSP_SYSLOG-3-NMSP_SSL_ERROR_DISCONNECT: Chassis 1 R0/0: nmspd: nmspd TLS disconnection: [TLS local: XXX.XXX.35.33, remote: XXX.XXX.35.52] SSL accept failed with SSL error (code: 5, error:00000000:lib(0):func(0):reason(0)), closing connection
Mar 19 17:40:53.976: %NMSP_SYSLOG-5-NMSP_SSL_NOTICE: Chassis 1 R0/0: nmspd: nmspd TLS notice: [TLS local: XXX.XXX.35.33, remote: XXX.XXX.35.52] closing CMX connection over TLS protocol
Solved! Go to Solution.
10-20-2020 10:09 AM
03-19-2020 07:20 PM - edited 03-19-2020 07:23 PM
Hi
I would check C9800 got proper configuration for SSH. Pls see below screen
If you can SSH to 9800, then you should be able to simply add it on CMX, refer below
Then you should be able to see NMSP status by "show nmsp status" on your C9800.
HTH
Rasika
*** Pls rate all useful responses ***
03-20-2020 04:20 AM
03-23-2020 01:50 AM - edited 03-23-2020 01:51 AM
You can try manual config & see if that works
Step1: Get mac address & SHA2 key has from your CMX
[cmxadmin@cmx ~]$ cmxctl config authinfo get
+-------------------+------------------------------------------+------------------------------------------------------------------+
| macAddress | keyHashString | sha2KeyHashString |
+-------------------+------------------------------------------+------------------------------------------------------------------+
| 00:0c:29:89:5b:26 | 6b045e761b112a3ff394c37ad0ffcc0c2750215f | 2faf935028816daf405b6d90aa8c112f5b25ea5a4f227767b90fa92099e3a6ba |
+-------------------+------------------------------------------+------------------------------------------------------------------+
Step2 : Configure NMSP on your 9800.
nmsp enable
aaa attribute list NMSP_LIST
attribute type password 2FAF935028816DAF405B6D90AA8C112F5B25EA5A4F227767B90FA92099E3A6BA
username 000c29895b26 mac aaa attribute list NMSP_LIST
This post also talks about NMSP configs
https://mrncciew.com/2014/09/25/what-is-nmsp/
HTH
Rasika
*** Pls rate all useful responses ***
03-23-2020 04:24 AM
Thanks for replying. I've already tried the configuration that you're recommending and it appears to be an ssh issue. When I try to add the controller in the CMX, it says "Unable to do SSH to the controller". See the screen cap. So this is what is leading me to believe that it's got something to do with the SSH config on the 9800.
03-23-2020 09:11 AM
FYI All,
I've opened a TAC case and it appears that there is a bug that we're hitting. Ill be sure to update this thread with the outcome. Thanks to all that chimed in to help.
-Kevin
10-20-2020 02:05 AM
What was the bug/outcome?
10-20-2020 10:09 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide