cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3401
Views
7
Helpful
19
Replies

CSCwj93921 - upgrade to 9.18.4.24: "Configuration line too long"

JesseSmith8517
Level 1
Level 1

I had observed this issue when I attempted the following sequence:

terminal pager 0
more system:running-config

I received the error message, %Error reading system:run (Configuration line too long)

Does anyone know if the error message is looking at a single command line in the running configuration?

19 Replies 19

MFIsupport
Level 1
Level 1

Running the same OS than you.

An old bug seems to be back: http://blog.boreas.ro/2007/10/cisco-asa-issues-configuration-line-too.html

I've deleted all my SNMP configuration and I can now parse and save my running conf...

 

Thank you for sharing this.  I'm curious as to how the original poster was able to narrow down the issue to the snmp-server command.  I'm also curious to know if the poster was running snmp v3...

I'm going to test this out and then come back and post some details.

 

Thanks again

laszlofarkas
Level 1
Level 1

Yeah, for us, it's not the snmp config, most likely it's the  very long list of objects in one of our blocklist, but haven't tested it yet.

Edit: I've culled the blocklist (deleted objects from the object-group referencing them and created new objects by summarizing prefixes) by a few hundred entries and i was able save the config. not sure what exactly is the limit, but i was able to save this:

1312421 bytes copied in 5.670 secs (262484 bytes/sec)
[OK]

# show run | count
Number of lines which match regexp = 32256

Which is surprisingly clsoe to 32768 aka 2^15. It might be a red herring, but that's all I got for now.

MFIsupport
Level 1
Level 1

As I said yesterday, I've deleted the SNMP configuration and then I was able to parse and save the running. Just a few minutes later, the problem occured again for no identified reason.

Yep, same thing here.

It seems, that adding and removing a new line to the config temporarily fixes it.

fwad05/sec/act(config)# wr
Building configuration...
Cryptochecksum: 78bfa1e2 fa2f9f41 0417ed11 2647d58e

%Error reading system:/running-config (Configuration line too long)
[OK]
fwad05/sec/act(config)# show run | count
Number of lines which match regexp = 32256

fwad05/sec/act(config)# object network kakamaki
fwad05/sec/act(config-network-object)# description bipp
fwad05/sec/act(config-network-object)# show run | count
Number of lines which match regexp = 32258
fwad05/sec/act(config-network-object)# wr
Building configuration...
Cryptochecksum: 8e3bdf28 7f92a106 3f65a01b 299db4b1

1312463 bytes copied in 4.690 secs (328115 bytes/sec)
[OK]

sam25
Level 1
Level 1

Looks like this bug also causes some errors with the actual configuration.

Had one cluster member with missing network objects and therefore tunnels and other configurations weren't working.

Did a downgrade now with manual fixing the configuration from a backup...

What version did you downgrade to to avoid this?

BrentCoats0047
Level 1
Level 1

I have this same issue after upgrading from ASA 9.18(3)(56) to ASA 9.18(4)(24).  Even in ASDM it constantly shows it needs to be saved.

iipaycisco's suggestion to add a line to the config worked on one pair but not on a different pair.  

8.18.4.22 does not seem to suffer from the bug. There was a
workaround in the ticket, but it wasn't really practical. you have to
show the running config to the terminal one page (term page 20, for
example) at a time first, and then you can copy/save/write, etc.

I tried term page 40 and it worked! Thanks. Will it come back?

You can make any change you want (change an ACL description, change the terminal length...) the bug will return.

The @sam25 post is concerning me most.

Bernd Nies
Level 1
Level 1

I have the same issue after upgrading from 9.18.4.22 to 9.18.4.24. Found a temporary workaround. When doing a "show running-config" then afterwards one can save it.

firewall1/wan1/act# write mem
Building configuration...
Cryptochecksum: 1d29e697 fe79d3f6 50dbc5b7 c1e36cdc

%Error reading system:/running-config (Configuration line too long)
[OK]

firewall1/wan1/act# show running-config

firewall1/wan1/act# write mem
Building configuration...
Cryptochecksum: a4b464cb 0bb22b65 6553f51d 24348f8e

66254 bytes copied in 1.140 secs (66254 bytes/sec)
[OK]

 

laszlofarkas
Level 1
Level 1

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwj93921

They basically say to change the terminal pager to anything other than 0 and you should be able to save. They're working on a fixed version to release in a few weeks, at least that's what i got from support.

Our firewall misteriously crashed when removing and object from under an object group, so they're investigating that as well, but might not be related.

 

So the current "official" workaround has the same spirit than the one we tried before: make a minor change in configuration.

Thanks for the update.