Two ARs are deployed in active/standby mode and run the VRRP protocol. The ARs are connected to the firewall, core switch S5700, access switch S5700, and eSight in sequence. eSight can back up the configuration files of the core switch S5700 and access switch S5700 but fails to back up the configuration file of the AR routers.
1. Check whether the firewall permits the corresponding port number.
The firewall security policy and session information are checked. The firewall has a permit policy from eSight to the AR management address, and the session information about TCP port 22 exists.
2. Initiate SSH access from the access switch and core switch to the AR routers. The AR routers can be properly accessed through SSH. However, the system displays a message, indicating that the ssh client first-time enable command needs to be run on the AR routers.
3. Run the ssh client first-time enable command on the AR routers and back up the configuration files of the AR routers. The backup is successful. This indicates that the fault occurs because the ssh client first-time enable command is not run on the AR routers.
eSight backs up network device configurations through SSH. When eSight functions as an SSH client and accesses an AR router for the first time, the backup fails because the public key of the SSH server is not configured on eSight. After the ssh client first-time enable command is run, the SSH client can continue to access the SSH server upon first authentication, and the public key of the SSH server is stored on the SSH client.