cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1863
Views
0
Helpful
6
Replies

C++ process fails to connect to Cisco router (IOS 15.1)

Zeevik
Level 1
Level 1

Hi,

Several years ago, I've developed a C++ process (running on Linux RedHAT 7) that connects via SSH to Cisco routers (IOS 12.2).

The process's task is to monitor (retrieve&update) some preconfigured ACL and it uses the libshh 0.7.0 version (https://www.libssh.org/?s=libssh+0.7.0).

The ssh_set_blocking(session, 1) command is activated prior to the ssh_connect(session) one.

Several months ago, we've received two new Cisco routers with the IOS 15.1, and since then there is the SSH connection problem.

I've written a simple tester that loops (100 cycles) over all the Cisco routers (IOS 12.2 and the new IOS 15.1 ones). The tester just connects, disconnects and sleeps for 2 seconds.

All the 100 tests performed on the Cisco routers with IOS 12.2 - were successful.

Only 75-85 tests performed on the Cisco routers with IOS 15.1 - were successful, the other 15-25 attempts failed due to the timeout error.

What are the IOS 15 changes that could cause this problem, and how may I solve the problem?

 

Thanks

Zeev

6 Replies 6

marce1000
VIP
VIP

 

 - Consider this methodology as being unsupported. You can make configuration changes via the CISCO-COPY-CONFIG MIB , in a semi automatic way, is so desired. Better is to look into overall managerial products such as Cisco Prime to have consistent management of switches.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Hi.

According to the customer requirements, I must perform SSH connect to the Cisco router (IOS version 15.1) and constantly retrieve and report the ACL details.

As I wrote in the description, there are no problems with the Cisco router (IOS version 12.2), but only with the one that runs IOS version 15.1.

What are the changes between these versions that prevent the normal connect operations, and how may I solve these problems?

Thanks

Zeev

 

 

 - The 'customer requirements' shouldn't always be accepted ad hoc , and considered as being 'valid'.. In this case I argue they are not. Because controlled management and knowing who has access to the router also means that the acl's are also managed in an authorized manner. 

M



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Hi,

Thanks for the replies :)

There are two reasons for not using the SNMP protocol, except for the customer requests:

  1. The existing and well-functioning (on IOS 12.2) capability is implemented using the Client-Server SSH communication. Implementing a completely different approach based on the SNMP will carry high development&integration costs.
  2. There is a large number of the Cisco routers, which ACLs must be probed and compared every 100milliseconds. The combined status is to be reported every 200milliseconds. I'm not sure that the SNMP based solution will provide the required rates.

Thanks again

Zeev

 

 

 - As stated I still question the need of these procedures especially when strong authorization and managerial and change management is in place for the routers. Further moment such intense scrutinizing will induce an extra load on the router. Aside that it worked and now longer does , you won't get this supported by CISCO, since they have their own products such as Prime which can also do compliance auditing.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Hi,

If I'll convince my project manager to change the implementation from the libssh based method to the SNMP based one,

would you mind to guide me in the SNMP first steps?

 

Thanks

Zeev

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: