Guest

Preview Tool

Cisco Bug: CSCvh92770 - Prime Infrastructure fail to archvie configuration of Cisco VG3X0 device

Last Modified

Apr 02, 2018

Products (1)

  • Cisco Prime Infrastructure

Known Affected Releases

3.3.4

Description (partial)

Symptom:
Prime Infrastructure fail to archvie configuration of Cisco VG3X0 device.

VG3X0 device is configured with ssh version 2 with cipher negotiating algorithm:

ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr

show ip ssh
SSH Enabled - version 1.99
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa
Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr
MAC Algorithms:hmac-sha1,hmac-sha1-96

Prime configuration archive jar file is not capable of supporting strong cipher suite which is mentioned above. it is still using old aes128-cbc,aes192-cbc,aes256-cbc which is old and getting obsolete.

New polaris IOX-XE code is forced to support only strong cipher suite aes128-ctr,aes192-ctr,aes256-ctr

We need to get enable these cipher suite support for configuration archive to work as inventory is already capable of it

Conditions:
Prime Infrastructure fail to archvie configuration of Cisco VG3X0 device.

VG3X0 device is configured with ssh version 2 with cipher negotiating algorithm:

ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr

show ip ssh
SSH Enabled - version 1.99
Authentication methods:publickey,keyboard-interactive,password
Authentication Publickey Algorithms:x509v3-ssh-rsa,ssh-rsa
Hostkey Algorithms:x509v3-ssh-rsa,ssh-rsa
Encryption Algorithms:aes128-ctr,aes192-ctr,aes256-ctr
MAC Algorithms:hmac-sha1,hmac-sha1-96

Prime configuration archive jar file is not capable of supporting strong cipher suite which is mentioned above. it is still using old aes128-cbc,aes192-cbc,aes256-cbc which is old and getting obsolete.

New polaris IOX-XE code is forced to support only strong cipher suite aes128-ctr,aes192-ctr,aes256-ctr

We need to get enable these cipher suite support for configuration archive to work as inventory is already capable of it
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.