[Fixed in 2.2.3] UMINUS Discovering the Cisco SF300-24

Unimus support forum
Post Reply
geoffroy.mathieu
Posts: 4
Joined: Wed Feb 02, 2022 1:38 pm

Wed Feb 02, 2022 1:54 pm

Hello everyone,

I am adding the switches in unimus.

Regarding the Cisco SG300-20 I have no problem.

But the SF300-24 does not work.

However, the SSH is activated on the unimus and cisco side.
Vik@Unimus
Posts: 121
Joined: Thu Aug 05, 2021 6:35 pm

Wed Feb 02, 2022 2:11 pm

Hello,

We would like to check debug logs, those will tell us more what is the exact cause of the Discovery failure.
To do so, go to Zones > Your Zone (the zone where you assigned the affected device(s)) > Debug mode and enable Debug mode and Device output logging.
Rerun the failing discovery job, and after it fails, download both log files (from the same Debug mode window) and send them to us.

To send them to us, please create a support ticket via our Portal and attach them to it (I'd recommend packing them into an archive in beforehand).
geoffroy.mathieu
Posts: 4
Joined: Wed Feb 02, 2022 1:38 pm

Thu Feb 10, 2022 11:07 am

Hello,

as requested, thanks for your help.
Vik@Unimus
Posts: 121
Joined: Thu Aug 05, 2021 6:35 pm

Thu Feb 10, 2022 3:00 pm

Hello,

Thank you for the logs. Received and checked, but I removed them now from the post due security policy.

Now, as for what was in the logs. I found 3 devices with the same symptom - the issue is that they uses a non-standard DH (diffie hellman KEX) key size of 1026, which is not compatible with our SSH library. The key size has to be an increment of 64 (+ the range is 512-8192). In the case of this device, changing it to 1024, 2048, etc will work and Discovery should go through just fine afterwards.

Give it a try, and let me know if everything went successfully afterwards.
geoffroy.mathieu
Posts: 4
Joined: Wed Feb 02, 2022 1:38 pm

Mon Feb 14, 2022 7:21 am

Hello,

Thank you for the feedback, but unfortunately I can't find this parameter on the ciscos.

Will you be or maybe it?

Or how to modify it in cli?

Thank you in advance.
Vik@Unimus
Posts: 121
Joined: Thu Aug 05, 2021 6:35 pm

Tue Feb 15, 2022 2:28 pm

Hello,

Take this with a grain of salt as I am not that knowledgeable of SF300 CLI commands, but here's the administration guide for SF300

https://community.cisco.com/kxiwq67737/ ... LI_300.pdf

it seems it is using a rather common syntax, that is

switchxxxxxx(config)# crypto key generate rsa

but it doesn't show anything about customizing the key size. In IOS one could specify the length with modulus key-size parameter

switchxxxxxx(config)# crypto key generate rsa modulus 2048

but I can't tell if this will work for you for sure, you may want to check context help using ? to verify you are inserting it correctly. I saw some mentions it should even prompt user automatically even without specifying it, but then again, that was also IOS related.

Lastly, even if it wouldn't offer you the option in any way, then as far as I can tell the default length should be 1024, so even just regenerating the key should be enough.
geoffroy.mathieu
Posts: 4
Joined: Wed Feb 02, 2022 1:38 pm

Mon Feb 21, 2022 7:25 am

Hello,

I tried several cli but nothing happens, still not good synthase.
Vik@Unimus
Posts: 121
Joined: Thu Aug 05, 2021 6:35 pm

Mon Feb 21, 2022 3:19 pm

Hello,

If you re-generated the key as well, then you can enable debug logging and rerun the Discovery, and send them to us.
I will verify if the cause is still the same.

If it is, unfortunately there won't be anything we could do. We are looking into changing the SSH library we use to something with more advanced capabilities (the current one does not support non-standard key sizes, as mentioned before), but this is something which is in the investigation/analysis phase, so it's not something I could provide any ETA on.
Vik@Unimus
Posts: 121
Joined: Thu Aug 05, 2021 6:35 pm

Thu Mar 24, 2022 8:56 pm

We have a new Unimus version 2.2.3-Beta1 live now, which contains a new SSH library which comes with improvements to compatibility with newer and stricter algorithms and some other encountered limitations like when a device used some non-standard key sizes for key exchange algorithms, which should directly address the issue with these devices. You can find more information in our Beta branch thread

viewtopic.php?f=4&t=1454

and download a new version below

https://unimus.net/download-dev

If you get a chance, give it a try and let us know if it worked as expected, or if you encounter any other issue.
Post Reply