"SSH key exchange algorithm negotiation failed" when configuring a device as a data source in Aria Operations for Networks
search cancel

"SSH key exchange algorithm negotiation failed" when configuring a device as a data source in Aria Operations for Networks

book

Article ID: 398404

calendar_today

Updated On:

Products

VCF Operations for Networks

Issue/Introduction

An error is received when attempting to add Physical Switch or any physical devices to Aria Operations for Networks as a data source in Aria Operations for Networks.

The error states "SSH key exchange algorithm negotiation failed."

Error screenshot below:

 

 

Environment

Aria Operations for Networks 6.13.0
Aria Operations for Networks 6.14.0
Aria Operations for Networks 6.14.1

Cause

The 3rd party device does not support a secure key exchange algorithm required by Aria Operations for Networks.

 

Resolution

Determine whether your use case requires you to collect inventory/alerts  or flows only for the device.

If you require inventory/alerts, then enable stronger key exchange algorithms, ciphers, macs, and host key algorithms in your 3rd party device or refer to Broadcom KB Configuration of weaker key exchange algorithms, ciphers, macs and host key algorithms in Aria Operations for Networks

If you require flows only, then follow Flow Support for Physical Servers public facing documentation on how to Add or Deploy a New Physical flow collector.

See documented steps by step instructions below for how to Add or Deploy a New Physical flow collector from Aria Operations for Networks GUI.

  1. Add or Deploy a New Physical flow collector  navigating on GUI by Selecting Settings (Gear Icon) which is on GUI on the Left bottom side.

  2. Navigate to Account and datasource> Add Source >Single Source and select Flows.

    Refer to GUI Screenshot below:




  3. From above select, Physical Flow Collector (Netflow, SFlow)

    See screenshot below:




  4. Complete the new deploy of the Physical Flow collector and submit it.

  5. Post deployment complete the manual set up for the  physical collector collector

  6. Once deployed and completed the manual setup/configuration the newly deployed collector should be listed under accounts and datasource page and under Settings>Infrastructure and support page as well.

  7. Next work with you Internal Network team to enable Net Flow/SFLOW and then configure the 3rd party device to send flows to the newly deployed physical collector collector. This is done by CLI and for some physical switches and devices it is done via GUI

    Note: You may need to Open the firewall between the physical flow collector and the Cisco ASA for UDP on port 2055, for SFlow use case Post needed is 6343

  8. Once you have enabled Netflow/SFLOW and performed the configuration to point the NetFlow and SFlow to the newly deployed collector IP Address allow it to collector the data for at least 12 to 24 hours for Aria Operations for Networks GUI to see the Netflow and SFlow data on the GUI.

Additional Information

Refer to public facing documentation which lists down the Supported Products and Versions

Refer to public facing documentation for supported Encryption Algorithms and Ciphers

 

Powered by Wolken Software