Loss of Telnet Capability to 6509
Peering
Peering at xspedius.com
Wed Jul 28 20:10:23 UTC 2004
I had this once with a 7500 and a friend at Cisco told me this
procedure. I'm not sure if it would help you though. I had an idle
session in "show users" output.
To clear the idle session, I typed "show tcp brief". My friend said the
stuck one should be in "ESTAB" state, but the one I cleared said
"LASTACK", so you can always go by the foreign address. It's better to
kick people off temporarily than to have to reboot the router just to
clear a stuck VTY session.
To clear the session, type "clear tcp tcb xxxxxxxx", using the
hexadecimal TCB address at the beginning of the line from show tcp
brief. Then check show users output to see if the session has
disappeared.
Diane Turley
Network Engineer
Xspedius Communications Co.
636-625-7178
-----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
Richard J. Sears
Sent: Wednesday, July 28, 2004 2:35 PM
To: Jason Frisvold
Cc: Nanog
Subject: Re: Loss of Telnet Capability to 6509
Hi Jason,
the only ACL's on the vty's are the same across my entire farm of
routers and switches. And when I telnet to a box with an ACL, I get a
refused connection...this one is saying that it is timing out.
On Wed, 28 Jul 2004 15:33:45 -0400
"Jason Frisvold" <friz at corp.ptd.net> wrote:
>
> Do you have ACL's restricting access to the vty's? I've seen
> instances where telnet ports get locked up because of port scanning
> and/or attacks...
>
> --
> Jason Frisvold
> Penteledata
>
>
> > -----Original Message-----
> > From: Richard J. Sears [mailto:rsears at adnc.com]
> > Sent: Wednesday, July 28, 2004 2:54 PM
> > To: Nanog
> > Subject: Loss of Telnet Capability to 6509
> >
> >
> >
> > We posted this to cisco-nsp but someone suggested posting it here as
> > well...
> >
> >
> >
> > We have a 6509 running a SUP720 in IOS only mode (no cat os).
> >
> > At around 4am this morning, we lost our ability to telnet to
> > the router.
> > Running a tcpdump shows that the router never responds to the telnet
> > request.
> >
> > All functions and interfaces on the router seem fine (bgp,
> > etherchannel,
> > ibgp, vtp, hsrp) and I can console into the sup with no
> > problems at all,
> > we just cannot telnet into it. The CPU is at around 6%.
> >
> > I have checked all access lists on the router, none were
> > added/removed or modified on line vty that would cause this problem.
> > All logging appears normal.
> >
> > We are running Version 12.2(17a)SX3.
> >
> > Anyone have a similar problem or know how to check or restart
> > the telnet
> > process on the router without a reload...?
> >
> >
> > ******************************************
> > Richard J. Sears
> > Vice President
> > American Digital Network
> > ----------------------------------------------------
> > rsears at adnc.com
> > http://www.adnc.com
> > ----------------------------------------------------
> > 858.576.4272 - Phone
> > 858.427.2401 - Fax
> > INOC-DBA - 6130
> > ----------------------------------------------------
> >
> > I fly because it releases my mind
> > from the tyranny of petty things . .
> >
> >
> > "Work like you don't need the money, love like you've
> > never been hurt and dance like you do when nobody's watching."
> >
> >
******************************************
Richard J. Sears
Vice President
American Digital Network
----------------------------------------------------
rsears at adnc.com
http://www.adnc.com
----------------------------------------------------
858.576.4272 - Phone
858.427.2401 - Fax
INOC-DBA - 6130
----------------------------------------------------
I fly because it releases my mind
from the tyranny of petty things . .
"Work like you don't need the money, love like you've
never been hurt and dance like you do when nobody's
watching."
More information about the NANOG
mailing list