Solved: C3750 Stack Login from 127.0.0.4 to 127.0.0.20 failed

e.hoehn · ‎09-19-2011

Hello everyone,

We see on a WS-C3750G-24TS-1U Stack of 2 Switches logins with source 127.0.0.4 to destination: 127.0.0.20

IOS Version: 12.2(55)SE1

Switch1# sh tcp brie

TCB Local Address Foreign Address (state)

05198EAC 127.0.0.20.23 127.0.0.4.64936 FINWAIT2

063D5898 127.0.0.20.23 127.0.0.4.31531 FINWAIT2

063D3EA0 127.0.0.20.23 127.0.0.4.19108 FINWAIT2

04E65DF0 127.0.0.20.23 127.0.0.4.40203 FINWAIT2

051989F0 127.0.0.20.23 127.0.0.4.27305 FINWAIT2

04E5A48C 127.0.0.20.23 127.0.0.4.17622 FINWAIT2

062DD650 127.0.0.20.23 127.0.0.4.19790 FINWAIT2

05195994 127.0.0.20.23 127.0.0.4.60348 FINWAIT2

05195E50 127.0.0.20.23 127.0.0.4.14917 FINWAIT2

051967C8 127.0.0.20.23 127.0.0.4.62480 FINWAIT2

04ED7930 127.0.0.20.23 127.0.0.4.62166 FINWAIT2

04E601B0 127.0.0.20.23 127.0.0.4.49977 FINWAIT2

0519DA08 127.0.0.20.23 127.0.0.4.30670 FINWAIT2

04E64B00 127.0.0.20.23 127.0.0.4.36230 FINWAIT2

05194B60 127.0.0.20.23 127.0.0.4.23216 FINWAIT2

04E62A18 127.0.0.20.23 127.0.0.4.57372 FINWAIT2

04E67498 127.0.0.20.23 127.0.0.4.39934 FINWAIT2

051954D8 127.0.0.20.23 127.0.0.4.30624 FINWAIT2

04F6D16C 127.0.0.20.23 127.0.0.4.30311 FINWAIT2

04F6E5E4 127.0.0.20.23 127.0.0.4.17457 FINWAIT2

04E66B20 127.0.0.20.23 127.0.0.4.57285 FINWAIT2

0518E07C 127.0.0.20.23 127.0.0.4.31212 FINWAIT2

04C14868 127.0.0.20.23 127.0.0.4.11539 FINWAIT2

Switch1#sh users all

Line User Host(s) Idle Location

0 con 0 00:00:00

* 1 vty 0 test idle 00:00:00 192.168.168.1

2 vty 1 % Username idle 00:00:00 127.0.0.4

3 vty 2 00:00:00

4 vty 3 00:00:00

5 vty 4 00:00:00

6 vty 5 00:00:00

7 vty 6 00:00:00

8 vty 7 00:00:00

9 vty 8 00:00:00

10 vty 9 00:00:00

11 vty 10 00:00:00

12 vty 11 00:00:00

13 vty 12 00:00:00

14 vty 13 00:00:00

15 vty 14 00:00:00

16 vty 15 00:00:00

Switch1#sh ver

Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(55)SE1, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Compiled Thu 02-Dec-10 07:46 by prod_rel_team

Image text-base: 0x01000000, data-base: 0x02F00000

ROM: Bootstrap program is C3750 boot loader

BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)

Switch1 uptime is 13 weeks, 2 days, 8 hours, 12 minutes

System returned to ROM by power-on

System restarted at 07:02:15 MESZ Sat Jun 18 2011

System image file is "flash:c3750-ipservicesk9-mz.122-55.SE1.bin"

Does anyone has an explanation for that ?

It looks like one switch is telneting to the other within the stack.

But why ?

We recognized it because we see a login failed on the Tacacs server.

TIA !

Emanuel

ankugarg · ‎09-21-2011

Makes sense..You may want to file a bug for same.

View solution in original post

ankugarg · ‎09-19-2011

Hi Emanue,

You caught that ...Well,thats how stacking concept is internally implemented....One switch telnets to the other within the stack.

e.hoehn · ‎09-20-2011

Hello,

Thanks for the fast responds.

But the problem is, that the Login failes and we see a log message on the TACACS Server. Is there a way to get rid of this Authentication failed "internal" attemps on the TACACS ?

Thanks !

ankugarg · ‎09-20-2011

I am not sure how we can get rid of this on TACACS server..Just wanted to know if this has any functional impact?..It may need to be fixed in that case

e.hoehn · ‎09-21-2011

Well the impact is, that there are many messeges on the TACACS Server, that are useless and its hard to find any message that might be usefull. So it has a kind of a management or seurity impact if you like, beacuse we need to ignore hundreds and hundreds of messages a day but still check them in case of a usefull message.

ankugarg · ‎09-21-2011

Makes sense..You may want to file a bug for same.

e.hoehn · ‎09-21-2011

hmm.... okay; I will open SR tomorrow.

Thank you very much for your explantion !!