cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1815
Views
0
Helpful
6
Replies

router saving 15 commands when you edit or delete one

zubair_norat
Level 1
Level 1

hey guys,

i have a cisco 851 and everytime i edit something in NAT or delete something in NAT or anything using sdm is seems to say saving 15 commands and then the router crashes and locks up. You then need to reboot the router. What could be an issue with this?

Thanks

Zubair Norat

6 Replies 6

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Zubair,

post the IOS version running on your router use

show ver | inc image

post also the SDM version you are using

it looks like they don't work well together

Hope to help

Giuseppe

hi giuseppe,

ISO version running is 12.4(15)T7 and using SDM version 2.4

thanks

zubair

Hello Zubair,

have a look at

http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/software/release/notes/SDMr24.html#wp89942

the IOS version is supported as reported in the first table at the beginning of the document.

However, being SDM a tool that hides CLI may you provide an example of this behaviour:

initial config

action performed in SDM

resulting configuration

remove user/pwds and change public ip addresses in some other ip addresses for your safety

Edit:

I see that the router can even crash and in that case you cannot see the running configuration after change ...

Learning to make changes directly on the CLI can be a possible solution, you may want to open a service request as the crash is a serious issue impacting your network.

Hope to help

Giuseppe

hi giuseppa

this is the config...

!This is the running config of the router: 192.168.1.11
!----------------------------------------------------------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service sequence-numbers
no service dhcp
!
hostname router
!
boot-start-marker
boot-end-marker
!
logging buffered 52000 warnings
logging console critical
enable secret 5 $1$Dd2J$.G3xnRDTQodNdRZpVKll5/
!
no aaa new-model
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-3136835138
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3136835138
revocation-check none
rsakeypair TP-self-signed-3136835138
!
!
dot11 syslog
no ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.11
!
ip dhcp pool sdm-pool1
   import all
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.11
!
!
ip cef
no ip bootp server
no ip domain lookup
ip domain name autocab.net
ip name-server 212.159.11.150
ip name-server 212.159.13.150
!
!
!
username xxxxxx privilege 15 secret 5 $1$RmqO$Jvybi/8X3VZWesrPogprf/
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key autocab1 address 81.149.192.99
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
archive
log config
  hidekeys
!
!
ip ftp username nick.chard
ip ftp password xxxxxxxxx
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
!
!
interface FastEthernet0
no cdp enable
!
interface FastEthernet1
no cdp enable
!
interface FastEthernet2
no cdp enable
!
interface FastEthernet3
no cdp enable
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.1.11 255.255.255.0
ip access-group 102 in
ip access-group 104 out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
interface Dialer0
ip address negotiated
ip access-group sdm_dialer0_in in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname autocab@plusdsl.net
ppp chap password 0 xxxxxxxxxxx
ppp pap sent-username autocab@plusdsl.net password 0 xxxxxxxx
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 84.92.193.208 255.255.255.248 192.168.1.12 2
ip route 89.0.0.0 255.255.255.0 Vlan1
ip route 192.168.10.0 255.255.255.0 Vlan1
ip route 192.168.12.0 255.255.255.0 Vlan1
ip route 192.168.15.0 255.255.255.0 Vlan1
ip route 192.168.20.0 255.255.255.0 Vlan1
ip route 192.168.21.0 255.255.255.0 Vlan1
ip route 192.168.22.0 255.255.255.0 Vlan1
ip route 192.168.23.0 255.255.255.0 Vlan1
ip route 192.168.24.0 255.255.255.0 Vlan1
ip route 192.168.25.0 255.255.255.0 Vlan1
ip route 192.168.26.0 255.255.255.0 Vlan1
ip route 192.168.100.0 255.255.255.0 Vlan1
ip flow-cache timeout active 5
ip flow-export source Vlan1
ip flow-export version 5
ip flow-export destination 192.168.1.98 9996
ip flow-export destination 192.168.1.90 9996
!
ip http server
ip http access-class 3
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.133 8000 interface Dialer0 8000
ip nat inside source static tcp 192.168.1.80 38000 interface Dialer0 38000
ip nat inside source static tcp 192.168.1.80 32000 interface Dialer0 32000
ip nat inside source static tcp 192.168.1.84 40011 interface Dialer0 41015
ip nat inside source static tcp 192.168.1.141 40093 interface Dialer0 40093
ip nat inside source static udp 192.168.1.238 40097 interface Dialer0 40097
ip nat inside source static tcp 192.168.1.238 40097 interface Dialer0 40097
ip nat inside source static udp 192.168.1.47 50002 interface Dialer0 50002
ip nat inside source static tcp 192.168.1.200 22003 interface Dialer0 22003
ip nat inside source static tcp 192.168.1.196 40666 interface Dialer0 40666
ip nat inside source static tcp 192.168.1.196 11001 interface Dialer0 11001
ip nat inside source static udp 192.168.1.196 11001 interface Dialer0 11001
ip nat inside source static udp 192.168.1.161 40069 interface Dialer0 40069
ip nat inside source static tcp 192.168.1.161 40069 interface Dialer0 40069
ip nat inside source static udp 192.168.1.143 40095 interface Dialer0 40095
ip nat inside source static tcp 192.168.1.143 40095 interface Dialer0 40095
ip nat inside source static tcp 192.168.1.78 22010 interface Dialer0 22010
ip nat inside source static udp 192.168.1.131 40089 interface Dialer0 40089
ip nat inside source static tcp 192.168.1.196 40089 interface Dialer0 40089
ip nat inside source static udp 192.168.1.67 40088 interface Dialer0 40088
ip nat inside source static udp 192.168.1.148 40087 interface Dialer0 40087
ip nat inside source static tcp 192.168.1.84 21002 interface Dialer0 21002
ip nat inside source static tcp 192.168.1.84 21001 interface Dialer0 21001
ip nat inside source static tcp 192.168.1.84 21000 interface Dialer0 21000
ip nat inside source static tcp 192.168.1.137 40084 interface Dialer0 40084
ip nat inside source static udp 192.168.1.137 40084 interface Dialer0 40084
ip nat inside source static udp 192.168.1.58 40083 interface Dialer0 40083
ip nat inside source static tcp 192.168.1.58 40083 interface Dialer0 40083
ip nat inside source static udp 192.168.1.237 40044 interface Dialer0 40044
ip nat inside source static tcp 192.168.1.237 40044 interface Dialer0 40044
ip nat inside source static tcp 192.168.23.40 40067 interface Dialer0 40067
ip nat inside source static udp 192.168.23.40 40068 interface Dialer0 40068
ip nat inside source static tcp 192.168.23.40 40068 interface Dialer0 40068
ip nat inside source static udp 192.168.1.162 5061 interface Dialer0 5061
ip nat inside source static udp 192.168.1.139 40082 interface Dialer0 41082
ip nat inside source static tcp 192.168.1.139 40082 interface Dialer0 41082
ip nat inside source static udp 192.168.2.30 40080 interface Dialer0 40080
ip nat inside source static tcp 192.168.2.30 40080 interface Dialer0 40080
ip nat inside source static udp 192.168.2.30 40081 interface Dialer0 40081
ip nat inside source static tcp 192.168.2.30 40081 interface Dialer0 40081
ip nat inside source static tcp 192.168.1.2 1723 interface Dialer0 1723
ip nat inside source static tcp 192.168.1.47 50001 interface Dialer0 50001
ip nat inside source static tcp 192.168.1.158 43000 interface Dialer0 43000
ip nat inside source static udp 192.168.1.158 43000 interface Dialer0 43000
ip nat inside source static udp 192.168.1.103 1234 interface Dialer0 50010
ip nat inside source static udp 192.168.1.22 40012 interface Dialer0 40012
ip nat inside source static tcp 192.168.1.22 40012 interface Dialer0 40012
ip nat inside source static tcp 192.168.1.47 40001 interface Dialer0 40001
ip nat inside source static tcp 192.168.1.47 40002 interface Dialer0 40002
ip nat inside source static tcp 192.168.1.47 40003 interface Dialer0 40003
ip nat inside source static tcp 192.168.1.47 40004 interface Dialer0 40004
ip nat inside source static tcp 192.168.1.47 40005 interface Dialer0 40005
ip nat inside source static tcp 192.168.1.47 40006 interface Dialer0 40006
ip nat inside source static tcp 192.168.1.47 40007 interface Dialer0 40007
ip nat inside source static tcp 192.168.1.47 40008 interface Dialer0 40008
ip nat inside source static tcp 192.168.1.47 40009 interface Dialer0 40009
ip nat inside source static tcp 192.168.1.47 40010 interface Dialer0 40010
ip nat inside source static udp 192.168.1.47 40000 interface Dialer0 40000
ip nat inside source static udp 192.168.1.47 40002 interface Dialer0 40002
ip nat inside source static udp 192.168.1.47 40003 interface Dialer0 40003
ip nat inside source static udp 192.168.1.47 40004 interface Dialer0 40004
ip nat inside source static udp 192.168.1.47 40005 interface Dialer0 40005
ip nat inside source static udp 192.168.1.47 40006 interface Dialer0 40006
ip nat inside source static udp 192.168.1.47 40007 interface Dialer0 40007
ip nat inside source static udp 192.168.1.47 40008 interface Dialer0 40008
ip nat inside source static udp 192.168.1.47 40009 interface Dialer0 40009
ip nat inside source static udp 192.168.1.47 40010 interface Dialer0 40010
ip nat inside source static tcp 192.168.1.201 22002 interface Dialer0 22002
ip nat inside source static tcp 192.168.1.79 40011 interface Dialer0 41012
ip nat inside source static tcp 192.168.1.150 40011 interface Dialer0 41016
ip nat inside source static udp 192.168.1.150 40011 interface Dialer0 41016
ip nat inside source static udp 192.168.1.79 40011 interface Dialer0 41012
ip nat inside source static tcp 192.168.1.47 50002 interface Dialer0 50002
ip nat inside source static udp 192.168.1.209 40100 interface Dialer0 40100
ip nat inside source static udp 192.168.1.47 40050 interface Dialer0 40050
ip nat inside source static tcp 192.168.1.47 50050 interface Dialer0 50050
ip nat inside source static udp 192.168.1.95 40011 interface Dialer0 41013
ip nat inside source static tcp 192.168.1.95 40011 interface Dialer0 41013
ip nat inside source static udp 192.168.1.177 40013 interface Dialer0 40013
ip nat inside source static tcp 192.168.1.180 40014 interface Dialer0 40014
ip nat inside source static udp 192.168.1.180 40014 interface Dialer0 40014
ip nat inside source static udp 192.168.1.177 5060 interface Dialer0 5060
ip nat inside source static tcp 192.168.25.52 60003 interface Dialer0 60003
ip nat inside source static tcp 192.168.25.30 40045 interface Dialer0 40045
ip nat inside source static udp 192.168.1.234 40037 interface Dialer0 40037
ip nat inside source static tcp 192.168.1.234 40037 interface Dialer0 40037
ip nat inside source static tcp 192.168.1.234 40036 interface Dialer0 40036
ip nat inside source static udp 192.168.1.134 40051 interface Dialer0 40051
ip nat inside source static udp 192.168.1.134 40052 interface Dialer0 40052
ip nat inside source static udp 192.168.1.147 40053 interface Dialer0 40053
ip nat inside source static tcp 192.168.1.138 40056 interface Dialer0 40056
ip nat inside source static tcp 192.168.1.73 5060 interface Dialer0 5060
ip nat inside source static tcp 192.168.1.32 22 interface Dialer0 2222
ip nat inside source static tcp 192.168.1.33 22 interface Dialer0 22222
ip nat inside source static udp 192.168.1.138 40056 interface Dialer0 40056
ip nat inside source static tcp 192.168.1.144 40061 interface Dialer0 40061
ip nat inside source static tcp 192.168.1.138 40057 interface Dialer0 40057
ip nat inside source static udp 192.168.1.138 40057 interface Dialer0 40057
ip nat inside source static udp 192.168.1.84 40011 interface Dialer0 41015
ip nat inside source static tcp 192.168.1.198 22005 interface dialer0 22005
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
ip nat inside source static 192.168.1.36 195.12.1.36
ip nat outside source static 195.12.1.36 192.168.1.36
!
ip access-list extended sdm_dialer0_in
remark SDM_ACL Category=1
permit tcp any any eq 22001
permit tcp any any eq 22002
permit ip any any
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 remark SDM_ACL Category=2
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 3 remark Auto generated by SDM Management Access feature
access-list 3 remark SDM_ACL Category=1
access-list 3 deny   192.168.1.240
access-list 3 permit 192.168.1.0 0.0.0.255
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 remark SDM_ACL Category=2
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 permit ip 192.168.21.0 0.0.0.255 any
access-list 101 permit ip 192.168.22.0 0.0.0.255 any
access-list 101 permit ip 192.168.23.0 0.0.0.255 any
access-list 101 permit ip 192.168.24.0 0.0.0.255 any
access-list 101 permit ip 192.168.15.0 0.0.0.255 any
access-list 101 permit ip 192.168.26.0 0.0.0.255 any
access-list 101 permit ip 192.168.12.0 0.0.0.255 any
access-list 102 remark Auto generated by SDM Management Access feature
access-list 102 remark SDM_ACL Category=1
access-list 102 permit tcp 192.168.1.0 0.0.0.255 host 192.168.1.11 eq telnet
access-list 102 permit tcp 192.168.1.0 0.0.0.255 host 192.168.1.11 eq 22
access-list 102 permit tcp 192.168.1.0 0.0.0.255 host 192.168.1.11 eq www
access-list 102 permit tcp 192.168.1.0 0.0.0.255 host 192.168.1.11 eq 443
access-list 102 permit tcp 192.168.1.0 0.0.0.255 host 192.168.1.11 eq cmd
access-list 102 deny   tcp any host 192.168.1.11 eq telnet
access-list 102 deny   tcp any host 192.168.1.11 eq 22
access-list 102 deny   tcp any host 192.168.1.11 eq www
access-list 102 deny   tcp any host 192.168.1.11 eq 443
access-list 102 deny   tcp any host 192.168.1.11 eq cmd
access-list 102 deny   udp any host 192.168.1.11 eq snmp
access-list 102 permit ip any any
access-list 102 permit ip 3.4.0.36 192.168.1.194 any
access-list 102 permit ip 0.4.0.36 192.168.1.194 any
access-list 103 remark Auto generated by SDM Management Access feature
access-list 103 remark SDM_ACL Category=1
access-list 103 permit ip 192.168.1.0 0.0.0.255 any
dialer-list 1 protocol ip permit
snmp-server ifindex persist
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address 101
!
!
control-plane
!
banner exec ^CC
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for  one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the
"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username privilege 15 secret 0

Replace and with the username and password you want to
use.

-----------------------------------------------------------------------
^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

Hello Zubair,

the configuraton looks like correct.

only note that the dynamic NAT is in part overlapping with the static nat rules but this shouldn't be the cause of the issue you see.

I can only recommend to open a case if using SDM to make changes is mandatory in your environment, if making manual changes doesn-t cause any issue and this is acceptable for you you can go on in this way by simply not using SDM for changes on NAT.

Hope to help

Giuseppe

gephelps
Cisco Employee
Cisco Employee

Does the router actually crash and create a crashinfo file? If so can you attach it?