Onboarding Error - No matching Key Exchange algorithm

DevOps_RC
Getting noticed

Onboarding Error - No matching Key Exchange algorithm

I've just tried to onboard one of our 9330 switches when I received the following message at the pre-check:

 

Authenticating:

Error: Handshake failed: no matching key exchange algorithm

 

Apart from running V2 SSH only on the switch, there is no special config restricting the algorithms being used.  I've had a quick check of the troubleshooting guide, but can't see this error message listed...but I've been told to book at appointment at specsavers last week so I could be wrong about that.

 

Any thoughts?Onboard-error.jpg

6 REPLIES 6
Eric_Hulderson
Conversationalist

Can you SSH to the switch directly from the laptop you are running the onboarding app?  The message indicates there is no matching key exchange algorithm.  You may need to update your laptop so that it has a compatible key exchange algo. 

PhilipDAth
Kind of a big deal
Kind of a big deal

Have you maybe only got SSHv1 enabled or something like?

DevOps_RC
Getting noticed

I can SSH directly to the switch itself from the endpoint that is running the onboarding app. I'm using putty to initiate the session to prove conenctivity. The switch is configured to only support v2, and the session from my endpoint is running v2. Is the on-boarding app itself only able to create a v1 session, I'd like to think not but just trying to understand why it's not working.

DevOps_RC
Getting noticed

So think I found the issue. The algorithms (mac and encrption) were restricted. I then realised that this switch is also running an old IOS, not supported by this tool....out of the 30 switches I choose to test it with, it's the one that hasn't been updated to 17.3.......I'll update the switch today and confirm that I can perform the pre-checks and on-board the device.

Did you solve the error?

Upgrading the IOS to a supported version for the catalyst on-boarding resolved the issue.

Get notified when there are additional replies to this discussion.