RE: Loss of Telnet Capability to 6509
Do you have ACL's restricting access to the vty's? I've seen instances where telnet ports get locked up because of port scanning and/or attacks... -- Jason Frisvold Penteledata
-----Original Message----- From: Richard J. Sears [mailto:rsears@adnc.com] Sent: Wednesday, July 28, 2004 2:54 PM To: Nanog Subject: Loss of Telnet Capability to 6509
We posted this to cisco-nsp but someone suggested posting it here as well...
We have a 6509 running a SUP720 in IOS only mode (no cat os).
At around 4am this morning, we lost our ability to telnet to the router. Running a tcpdump shows that the router never responds to the telnet request.
All functions and interfaces on the router seem fine (bgp, etherchannel, ibgp, vtp, hsrp) and I can console into the sup with no problems at all, we just cannot telnet into it. The CPU is at around 6%.
I have checked all access lists on the router, none were added/removed or modified on line vty that would cause this problem. All logging appears normal.
We are running Version 12.2(17a)SX3.
Anyone have a similar problem or know how to check or restart the telnet process on the router without a reload...?
****************************************** Richard J. Sears Vice President American Digital Network ---------------------------------------------------- rsears@adnc.com http://www.adnc.com ---------------------------------------------------- 858.576.4272 - Phone 858.427.2401 - Fax INOC-DBA - 6130 ----------------------------------------------------
I fly because it releases my mind from the tyranny of petty things . .
"Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching."
Hi Jason, the only ACL's on the vty's are the same across my entire farm of routers and switches. And when I telnet to a box with an ACL, I get a refused connection...this one is saying that it is timing out. On Wed, 28 Jul 2004 15:33:45 -0400 "Jason Frisvold" <friz@corp.ptd.net> wrote:
Do you have ACL's restricting access to the vty's? I've seen instances where telnet ports get locked up because of port scanning and/or attacks...
-- Jason Frisvold Penteledata
-----Original Message----- From: Richard J. Sears [mailto:rsears@adnc.com] Sent: Wednesday, July 28, 2004 2:54 PM To: Nanog Subject: Loss of Telnet Capability to 6509
We posted this to cisco-nsp but someone suggested posting it here as well...
We have a 6509 running a SUP720 in IOS only mode (no cat os).
At around 4am this morning, we lost our ability to telnet to the router. Running a tcpdump shows that the router never responds to the telnet request.
All functions and interfaces on the router seem fine (bgp, etherchannel, ibgp, vtp, hsrp) and I can console into the sup with no problems at all, we just cannot telnet into it. The CPU is at around 6%.
I have checked all access lists on the router, none were added/removed or modified on line vty that would cause this problem. All logging appears normal.
We are running Version 12.2(17a)SX3.
Anyone have a similar problem or know how to check or restart the telnet process on the router without a reload...?
****************************************** Richard J. Sears Vice President American Digital Network ---------------------------------------------------- rsears@adnc.com http://www.adnc.com ---------------------------------------------------- 858.576.4272 - Phone 858.427.2401 - Fax INOC-DBA - 6130 ----------------------------------------------------
I fly because it releases my mind from the tyranny of petty things . .
"Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching."
****************************************** Richard J. Sears Vice President American Digital Network ---------------------------------------------------- rsears@adnc.com http://www.adnc.com ---------------------------------------------------- 858.576.4272 - Phone 858.427.2401 - Fax INOC-DBA - 6130 ---------------------------------------------------- I fly because it releases my mind from the tyranny of petty things . . "Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching."
From your console connection check what you have configured under VTY - just in case someone has gone ahead and change to SSH for example.
transport input ######### - the specific config Also what does the "show line" give you ? Paul -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Richard J. Sears Sent: Wednesday, July 28, 2004 3:35 PM To: Jason Frisvold Cc: Nanog Subject: Re: Loss of Telnet Capability to 6509 Hi Jason, the only ACL's on the vty's are the same across my entire farm of routers and switches. And when I telnet to a box with an ACL, I get a refused connection...this one is saying that it is timing out. On Wed, 28 Jul 2004 15:33:45 -0400 "Jason Frisvold" <friz@corp.ptd.net> wrote:
Do you have ACL's restricting access to the vty's? I've seen instances
where telnet ports get locked up because of port scanning and/or attacks...
-- Jason Frisvold Penteledata
-----Original Message----- From: Richard J. Sears [mailto:rsears@adnc.com] Sent: Wednesday, July 28, 2004 2:54 PM To: Nanog Subject: Loss of Telnet Capability to 6509
We posted this to cisco-nsp but someone suggested posting it here as well...
We have a 6509 running a SUP720 in IOS only mode (no cat os).
At around 4am this morning, we lost our ability to telnet to the router. Running a tcpdump shows that the router never responds to the telnet request.
All functions and interfaces on the router seem fine (bgp, etherchannel, ibgp, vtp, hsrp) and I can console into the sup with no problems at all, we just cannot telnet into it. The CPU is at around 6%.
I have checked all access lists on the router, none were added/removed or modified on line vty that would cause this problem. All logging appears normal.
We are running Version 12.2(17a)SX3.
Anyone have a similar problem or know how to check or restart the telnet process on the router without a reload...?
****************************************** Richard J. Sears Vice President American Digital Network ---------------------------------------------------- rsears@adnc.com http://www.adnc.com ---------------------------------------------------- 858.576.4272 - Phone 858.427.2401 - Fax INOC-DBA - 6130 ----------------------------------------------------
I fly because it releases my mind from the tyranny of petty things . .
"Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching."
****************************************** Richard J. Sears Vice President American Digital Network ---------------------------------------------------- rsears@adnc.com http://www.adnc.com ---------------------------------------------------- 858.576.4272 - Phone 858.427.2401 - Fax INOC-DBA - 6130 ---------------------------------------------------- I fly because it releases my mind from the tyranny of petty things . . "Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching."
participants (3)
-
Jason Frisvold
-
Paul Ryan
-
Richard J. Sears