Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
948
Views
0
Helpful
3
Replies

Cisco ITP SSH not responding

tiger76251
Level 1
Level 1

‎06-17-2019 02:44 PM

Greetings,

 

I work for a GSM wireless operator who uses Cisco 7201 ITPs as adjunct switches to our Ericsson IPSTPs. Every few months, SSH stops responding to incoming requests. This is maddening. It generally requires logging in over serial console and rebooting it.

 

Some info:

ITP1#sh ip ssh
SSH Enabled - version 1.5
Authentication timeout: 120 secs; Authentication retries: 3

 

interface FastEthernet0/0
description "OAM -> itp1 port 1:15"
ip vrf forwarding Management
ip address 172.16.129.27 255.255.255.248
duplex auto
speed auto

 

access-list 98 remark VTY access
access-list 98 permit 10.10.240.0 0.0.0.255
access-list 98 permit 10.10.5.0 0.0.0.255
access-list 98 permit 10.10.15.0 0.0.0.255
access-list 98 deny any log

line vty 0 4
access-class 98 in
exec-timeout 30 0
transport input ssh

 

ITP1#sh ssh
%No SSHv2 server connections running.
%No SSHv1 server connections running.


Now, the fun part:


ITP1#debug ip ssh
Incoming SSH debugging is on
(I try to SSH to admin@172.16.129.27 and get nothing...)

no debug ip ssh

Incoming SSH debugging is off
ITP1#debug ip tcp packet port 22 in
TCP Packet debugging is on for port number 22, incoming packets
ITP1#
Jun 17 21:41:41.461: tcp0: I LISTEN 10.10.240.210:54532 172.16.129.27:22 seq 3402043120
OPTS 20 SYN WIN 27320
Jun 17 21:41:42.461: tcp0: I LISTEN 10.10.240.210:54532 172.16.129.27:22 seq 3402043120
OPTS 20 SYN WIN 27320
Jun 17 21:41:44.465: tcp0: I LISTEN 10.10.240.210:54532 172.16.129.27:22 seq 3402043120
OPTS 20 SYN WIN 27320

 

So what this tells us is that my SSH client's TCP SYN is making it to the ITP, who then silently discards it. Can anyone offer a clue to what is going on? Thanks in advance..

Labels:
0 Helpful
3 Replies 3

marce1000
VIP
VIP

‎06-18-2019 12:01 AM

 

- Could be a software bug. Check if you can upgrade your cisco device (e.g.)

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

tiger76251
Level 1
Level 1
In response to marce1000

‎06-26-2019 01:41 PM

No upgrade is practical. Besides, the version is:
Cisco IOS Software, 7200 Software (C7200P-ITPK9-M), Version 12.4(15)SW7, RELEASE SOFTWARE (fc3)

 

Which is newer than I've worked with on 2811's in the past, that never had this problem. It seems like I am the only one to ever have seen this issue, so for now we have to telnet into a terminal server until the next maintenance window where it can be power cycled...
  

0 Helpful

tiger76251
Level 1
Level 1
In response to tiger76251

‎07-05-2019 01:50 PM

No one?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents