12-26-2013 09:41 AM - edited 03-04-2019 09:56 PM
After being up less than three days - "show memory dead" displays 4,100 instances of
entries like:
4B021528 0000000156 4B0211A0 4B0215F4 001 -------- -------- 43BA7684 SSH Process The device is a 2811 ISR running 12.4(24)T3. I have been troubleshooting a problem where by outbound dialing starts to fail intermittently and a router reboot solves the issue. Any idea what could be triggering all these SSH proc dead memory entries? Might they be related to some of the inconsistent VOIP (SIP trunk) behavior? |
12-26-2013 10:03 AM
Do you have an acl on the interface that could block ssh? It seems to me there are a bunch of half open connections that the router is trying to keep open. If you aren't blocking ssh, maybe you should...
HTH,
John
*** Please rate all useful posts ***
12-26-2013 10:34 AM
To secure access I am using Zone firewall and an ACL on vty 0 4. For the latter note:
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input ssh
sfo-c2811-1#sho access-list 23
Standard IP access list 23
10 permit 5.4.53.78
20 permit 5.7.54.32, wildcard bits 0.0.0.31
30 permit 192.168.0.0, wildcard bits 0.0.255.255
40 permit 10.0.0.0, wildcard bits 0.255.255.255 (32 matches)
50 permit 10.10.10.0, wildcard bits 0.0.0.255
60 deny any log
The zone firewall is very simple - permit everything out. Deny everything in except SIP and ping.
Looking at syslog I don't see any denies for SSH - just some denied snmp. Drop is the default
class for the policy.
zone-pair security sdm-zp-out-self source out-zone destination self |
service-policy type inspect sdm-permit |
It's conceivable something inside is banging against it. Perhaps I should put on a permit all ACL to see if something inside is going rogue with SSH attempts to it. Thank you for the thoughts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide