This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Trying to upgrade firmware with XMC - Cannot negotiate, proposals do not match.

Trying to upgrade firmware with XMC - Cannot negotiate, proposals do not match.

Keith9
Contributor III

‎11-16-2022 10:42 AM

We need to upgrade our core X690 switches because they have firmware from 2018 on them.  Because they are critical we are testing the upgrade on an X450-G2 first.

We are getting Cannot negotiate, proposals do not match.

How can we efficiently use XMC to push out firmware upgrades?

 

0 Kudos
2 REPLIES 2

Melli22nger
New Contributor II

‎11-22-2022 10:08 PM - edited ‎11-23-2022 07:48 PM

@Keith9wrote:

We need to upgrade our core X690 switches because they have firmware from 2018 on them. Because they are critical we are testing the upgrade on an X450-G2 first.

We are getting Cannot negotiate, proposals do not match.

How can we efficiently use XMC to push out firmware upgrades? GMGlobalConnect VSP Login

As per the Configuration Utility log provided, the firmware is successfully updated. The error you are receiving in the logs is expected since you have disabled the "firmware update feature" Can you please test and verify whether the device you have programmed is working as expected?

0 Kudos

dpanev
Contributor

‎11-22-2022 06:50 AM

Symptoms

  • Extreme Management Center was being used to fully manage third party devices via Extreme WebShell Terminal, execute CLI Commands and/or backup / restore configuration Archives using CommandScripts.
  • The above functionality all stopped around the same time.
  • The third party devices are managed via SSH vs TELNET.
  • Inventory Manager Archives may return the following which indicates SSH KEX (Key Exchange) between XMC and the device has failed:
Cannot negotiate, proposals do not match.

Environment

  • Extreme Management Center (XMC, formerly NetSight)
  • ExtremeCloud IQ - Site Engine (XIQ-SE)
  • All Software Releases
  • WebShell Terminal
  • CLI Commands
  • Archiving CommandScripts

Cause

If a third-party device is being managed via SSH in Extreme Management Center or ExtremeCloud IQ - Site Engine this functionality may break if the SSH endpoint uses SSH ciphers or algorithms XMC is not compatible with. The endpoint may have been recently upgraded or had policies applied to it to restrict certain cipher or algorithm usage resulting in the loss of compatibility with Extreme WebShell.

Resolution

As noted below Extreme WebShell SSH client supports a limited set of ciphers and encipherment algorithms.

Available workarounds are limited to:
  • Re-enabling compatible ciphers or algorithms as noted below on the SSH endpoint, if possible; OR
  • Use TELNET as an alternative connection mode to the endpoint, if possible.

Additional notes

Extreme WebShell SSH client supports the following:
  • HMAC algorithms supported are limited to hmac-sha1,hmac-md5.
  • KEX algorithmms supported are diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1.
  • Host Key algorithms supported are limited to ssh-rsa,ssh-dss (RSA is however most common for vendors)
  • Encryption algorithms supported are aes256-ctr/aes128-ctr and a handful of legacy CBC ciphers for compatibility with legacy Extreme products.
0 Kudos
GTM-P2G8KFN