07-26-2012 12:46 AM - edited 03-04-2019 05:04 PM
Hello,
Last week i saw on one of my ASR1000 a strange behaviour. It reboot (reason: localsoft) after a strange set of commands load from memory by user:console.
Here is an extract of the ASR logs:
*Jul 16 13:17:52.307: %PARSER-5-CFGLOG_LOGGEDCMD: User:console logged command:access-list 199 permit icmp host 10.10.10.10 host 20.20.20.20
*Jul 16 13:17:52.308: %PARSER-5-CFGLOG_LOGGEDCMD: User:console logged command:crypto map NiStTeSt1 10 ipsec-manual
*Jul 16 13:17:52.308: %PARSER-5-CFGLOG_LOGGEDCMD: User:console logged command:match address 199
*Jul 16 13:17:52.309: %PARSER-5-CFGLOG_LOGGEDCMD: User:console logged command:set peer 20.20.20.20
*Jul 16 13:17:52.309: %PARSER-5-CFGLOG_LOGGEDCMD: User:console logged command:exit
*Jul 16 13:17:52.312: %PARSER-5-CFGLOG_LOGGEDCMD: User:console logged command:no access-list 199
*Jul 16 13:17:52.337: %PARSER-5-CFGLOG_LOGGEDCMD: User:console logged command:no crypto map NiStTeSt1
*Jul 16 13:17:52.636: %SYS-5-RESTART: System restarted –
Radius authentication is enabled on this router (even for console port).
It’s not the first time our router display this kind of logs. Last time (a few weeks ago) it made a “watchdod”.
Does someone have an idea of what could generate this behaviour and how to fix it?
Thank you for your help.