Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1186
Views
0
Helpful
4
Replies

(shunnig issues) ERROR: Syntax error from invalid input at device

garyprice
Level 1
Level 1

‎07-21-2003 07:11 AM - edited ‎03-09-2019 04:07 AM

I have a k9 4235 setup to shun host/connection using an interface on a cisco 6513(ver) 12.1(19)E

I have updated sig and patch to Version 4.0(1)S48 on the ids. A userid/password that has access to the router/config terminal access level is being used..We are using a TACAS server.

These are the errors that are being logged on the ids device 000.000.000.00 replaces ip of router interfaces... adn zzzzz replaces the name of router

----------beging error log ---------------

evError: eventId=1056707842350918627 severity=error

originator:

hostId: Constitution

appName: nac

appInstanceId: 17778

time: 2003/07/21 14:53:21 2003/07/21 10:53:21 EDT

errorMessage: name=errSystemError ERROR: Syntax error from invalid input at device [Cisco] IP [000.000.000.000] state [Active]Text from device:

onfigure terminal

^

% Invalid input detected at '^' marker.

zzzzzz# no ip access-list ext IDS_GigabitEthernet1/2_in_1

^

% Invalid input detected at '^' marker.

zzzzzz#

-----------------------end of error lod -----------

It has been runing for 24 hours and there are abbout 50 "failed" attempts to configure the access list by the ids.

If I am reading this correct it appears that the command being sent to the router from the ids is wrong

The "c" in configure terminal is not present....

How can I edit the script so this command can function properly?

Or is there a fix..........

Gary Price

Labels:
0 Helpful
4 Replies 4

garyprice
Level 1
Level 1

‎07-21-2003 08:12 AM

sorry I did not notice how the space character dropped out of the log... this messages has been changed to reflect the correct syntax.

well this will not work either... here it is in words

the first syntax error marker should be under and just after the "e" in onfigure terminal.

the second should be under the "i" in

zzzzzz# no ip access-list

sorry for the confusion, but cut and past is not a perfect science

gp

0 Helpful

jlively
Cisco Employee
Cisco Employee
In response to garyprice

‎07-21-2003 10:07 AM

you have to get rid of all the "#" signs from the configuration. The sensor cannot parse the return it gets from the device properly if there are "#" present.

0 Helpful

garyprice
Level 1
Level 1
In response to jlively

‎07-21-2003 10:12 AM

no # symbols in the config. they only show up as the console prompt....

0 Helpful

jlively
Cisco Employee
Cisco Employee
In response to garyprice

‎07-21-2003 10:21 AM

log into the 6513. Do a conf t then try typing the command "ip access-list ext IDS_GigabitEthernet1/2_in_1". Does that work?

0 Helpful
Customers Also Viewed These Support Documents