[72863] in North American Network Operators' Group
RE: Loss of Telnet Capability to 6509
daemon@ATHENA.MIT.EDU (Paul Ryan)
Wed Jul 28 16:03:57 2004
From: "Paul Ryan" <pryan@rogers.wave.ca>
To: "'Richard J. Sears'" <rsears@adnc.com>,
"'Jason Frisvold'" <friz@corp.ptd.net>
Cc: "'Nanog'" <nanog@nanog.org>
Date: Wed, 28 Jul 2004 16:03:04 -0400
In-Reply-To: <20040728123253.A368.RSEARS@adnc.com>
Errors-To: owner-nanog-outgoing@merit.edu
From your console connection check what you have configured under VTY - just
in case someone has gone ahead and change to SSH for example.
transport input ######### - the specific config
Also what does the "show line" give you ?
Paul
-----Original Message-----
From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of
Richard J. Sears
Sent: Wednesday, July 28, 2004 3:35 PM
To: Jason Frisvold
Cc: Nanog
Subject: Re: Loss of Telnet Capability to 6509
Hi Jason,
the only ACL's on the vty's are the same across my entire farm of
routers and switches. And when I telnet to a box with an ACL, I get a
refused connection...this one is saying that it is timing out.
On Wed, 28 Jul 2004 15:33:45 -0400
"Jason Frisvold" <friz@corp.ptd.net> wrote:
>
> Do you have ACL's restricting access to the vty's? I've seen instances
where telnet ports get locked up because of port scanning and/or attacks...
>
> --
> Jason Frisvold
> Penteledata
>
>
> > -----Original Message-----
> > From: Richard J. Sears [mailto:rsears@adnc.com]
> > Sent: Wednesday, July 28, 2004 2:54 PM
> > To: Nanog
> > Subject: Loss of Telnet Capability to 6509
> >
> >
> >
> > We posted this to cisco-nsp but someone suggested posting it here as
> > well...
> >
> >
> >
> > We have a 6509 running a SUP720 in IOS only mode (no cat os).
> >
> > At around 4am this morning, we lost our ability to telnet to
> > the router.
> > Running a tcpdump shows that the router never responds to the telnet
> > request.
> >
> > All functions and interfaces on the router seem fine (bgp,
> > etherchannel,
> > ibgp, vtp, hsrp) and I can console into the sup with no
> > problems at all,
> > we just cannot telnet into it. The CPU is at around 6%.
> >
> > I have checked all access lists on the router, none were added/removed
> > or modified on line vty that would cause this problem. All logging
> > appears normal.
> >
> > We are running Version 12.2(17a)SX3.
> >
> > Anyone have a similar problem or know how to check or restart
> > the telnet
> > process on the router without a reload...?
> >
> >
> > ******************************************
> > Richard J. Sears
> > Vice President
> > American Digital Network
> > ----------------------------------------------------
> > rsears@adnc.com
> > http://www.adnc.com
> > ----------------------------------------------------
> > 858.576.4272 - Phone
> > 858.427.2401 - Fax
> > INOC-DBA - 6130
> > ----------------------------------------------------
> >
> > I fly because it releases my mind
> > from the tyranny of petty things . .
> >
> >
> > "Work like you don't need the money, love like you've
> > never been hurt and dance like you do when nobody's
> > watching."
> >
> >
******************************************
Richard J. Sears
Vice President
American Digital Network
----------------------------------------------------
rsears@adnc.com
http://www.adnc.com
----------------------------------------------------
858.576.4272 - Phone
858.427.2401 - Fax
INOC-DBA - 6130
----------------------------------------------------
I fly because it releases my mind
from the tyranny of petty things . .
"Work like you don't need the money, love like you've
never been hurt and dance like you do when nobody's
watching."