Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1052
Views
15
Helpful
6
Replies

Problem with authentication on ASR1002-X

Go to solution
Alex Pashko
Level 1
Level 1

‎07-05-2022 08:54 AM

We observe a periodic authentication problem on our 2 ASR1002-X.

It is impossible to get to the device either under local accounts or through tacacs, only reboot helps.

The software on the two ASRs is the same Cisco IOS Software [Fuji], ASR1000 Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.9.4, RELEASE SOFTWARE (fc2)

Please tell me what could be wrong and how to fix it?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎07-08-2022 03:00 PM

You have not provided any configuration information, logs, or error messages to troubleshoot.

Please create a TAC case so they can troubleshoot with the required information.

See How to Ask The Community for Help for future requests with troubleshooting.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎07-05-2022 09:41 AM

Hi,

Configure logging to external server and change the level to debugging.

Then read the logs when it happens. You might be having suck remote
sessions which hits the max limit.

Also, ensure vty timeout is configured.

**** please remember to rate useful posts

Go to solution
Alex Pashko
Level 1
Level 1
In response to Mohammed al Baqari

‎07-06-2022 07:48 AM

what debug will be helpfull to troubleshoot this issue?

 

0 Helpful

Go to solution
Alex Pashko
Level 1
Level 1
In response to Mohammed al Baqari

‎07-14-2022 07:49 AM

There is no possibility to send logs to an external syslog.

We have not many tsp sessions on the router, almost all of them are in the ESTAB state.

N2040-M10-ASR#show tcp brief 
Load for five secs: 20%/4%; one minute: 23%; five minutes: 26%
Time source is NTP, 11:50:44.214 Moscow Tue Jul 12 2022

TCB       Local Address               Foreign Address             (state)
7F707FD2B638  172.17.253.12.179          172.17.253.1.23468          ESTAB
7F70783F7F58  172.17.253.12.646          172.17.253.30.39427         ESTAB
7F707FD33A58  172.17.253.12.22722        172.17.253.1.646            ESTAB
7F70C6480CE0  172.17.253.12.30861        172.17.253.3.646            ESTAB
7F707DD09258  172.17.253.12.179          172.17.253.30.19210         ESTAB
7F71051E7888  10.4.15.37.37806           10.4.15.38.179              ESTAB
7F70EF8E6278  172.17.255.210.47658       10.6.141.40.49              FINWAIT1
7F70787347E8  172.17.255.210.22          10.6.167.156.61068          ESTAB
7F71228E92F8  195.43.90.6.36664          195.43.91.19.179            ESTAB
7F712700A590  195.210.187.166.39712      195.210.187.165.179         ESTAB
7F705D281D58  81.211.26.66.179           81.211.26.65.19342          ESTAB

 

Does it make sense to configure TCP keep alive  in this case?

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎07-05-2022 10:00 AM

use TCP keep alive under VTY, this clear session when no response from one end.

Go to solution
Aref Alsouqi
VIP
VIP

‎07-06-2022 10:05 AM

This behaviour to me would suggest a software bug that is causing this issue. I would ensure to install the latest recommended release for that platform, alternatively, I would raise a TAC for further investigation.

Go to solution
thomas
Cisco Employee
Cisco Employee

‎07-08-2022 03:00 PM

You have not provided any configuration information, logs, or error messages to troubleshoot.

Please create a TAC case so they can troubleshoot with the required information.

See How to Ask The Community for Help for future requests with troubleshooting.

0 Helpful
Customers Also Viewed These Support Documents