cancel
Showing results for 
Search instead for 
Did you mean: 

ICX connected with SZ does not give or show accurate parameters on the SZ's UI

jdryan
Moderator
Moderator

 

Now when it comes to connecting the switch with SmartZone for management and monitoring.
Below are a few of the key bits needed when setting up a connection with the controller.

On the switch,
To set up, First the minimum OS requirement: should be on 8092 or higher
Recommended would be 8095g
On the Config :
manager registrar
manager registrar-list <ip of the sz> or manager active-list <ip of the sz>
manager port-list 987
This is at times most that you would need to define the SZ ip address and have the connection initiated.
Post this once the switch is added and provisioned on the controller
The connection should be up and about.

Now the connection of the ICX switch and SZ/vSZ works on a ssh tunnel that’s formed.
And if on the switch : there is access restriction placed on which hosts can connect to the switch via SSH
Then when the Sz/vSZ tries to connect to it : you will see below entries on the switch logs :
Security: SSH access from src IP 192.168.0.12 rejected, 3 attempt(s)
Security: SSH access from src IP 192.168.0.12 rejected, 2 attempt(s)
Security: SSH access from src IP 192.168.0.12 rejected, 1 attempt(s)
Security: SSH access from src IP 192.168.0.12 rejected, 3 attempt(s)
Security: SSH access from src IP 192.168.0.12 rejected, 2 attempt(s)

Here the : 192.168.0.12 : switches own ip :

Wondering why the switch's own ip be ssh-ing back to the switch instead of the controller's?
When the SZ is polling the switch for details : it uses reverse SSH connection to obtain them
This is traced in show manager tcp connection

Cause for the for the log ?
Restricting the ssh access of the switch to specific clients raises this error.
On a general deployment where the ssh access to the switch is not locked down : this error is not seen.

What could it effect ?
Vital parameters that are generally polled though the ssh tunnel that’s formed are not updated on the SZ/vSZ UI.
To name a few parameters such as Uptime : device hostname etc. Are not updated

How to fix this ?
Configuring the switch's ip as the ssh client
Using :
Ip ssh client switch's management ip
Or
removing the SSH lockdown altogether [not usually recommended as its a security measure ]

Now this was seen and tested with :
SZ/vSZ revision : 6.1.1 and 6.1.0
ICX platform : checked in 7XXX platform : 8095 code branch.


Note:
During the tests done, issue was tracked with visible parameters that were not able to update.
There is a chance, that with SSH tunnel formation issues due to this lock, Config-backup, port state updates, etc. on the vSZ or the SZ.

 

 

0 REPLIES 0