09-21-2011 03:17 PM - edited 03-07-2019 02:21 AM
Hi all !!! Hope everyone is doing well !!
I am working on configuring a pair of Nexus 7010, this is a new install. I've got the switches connected to the network via the Mgmt0 interface and this is the only connection that I can get to them for the time being. AAA is configured and working but for some reason when I try to SSH to either one there is a delay about 30 seconds for the password prompt to come up. So after I type in the username it takes about 30 seconds for the password prompt to come up. The delay occurs after I added the SVI's on the 7010 but prior to that there was no delay. Has anyone seen this issue ? I have no idea why adding the SVI's would cause this delay.
Thanks in advance for any inputs/suggestions !!!
D.
Solved! Go to Solution.
09-21-2011 04:39 PM
Not a problem.
I think I know the issue. Do a no ip domain-lookup and let me know the test result.
Regards,
jerry
09-21-2011 03:30 PM
Did you specified tacacs to use the management VRF?
Regards,
jerry
09-21-2011 04:19 PM
Hi Jeye !! Below is what I've configured on the 7010. I notice the delay after I added the SVI's and if I shutdown all the SVI's then there is no delay. Thanks !!! I appreciate your response !!!!!!
ip tacacs source-interface mgmt0
tacacs-server timeout 3
tacacs-server host 172.16.9.161
aaa group server tacacs+ tacacs
server 172.16.9.161
use-vrf management
09-21-2011 04:33 PM
What version are you running? Also, do you have ip domain-lookup enabled?
Regards,
jerry
09-21-2011 04:38 PM
Hi Jerry !!! Really appreciate your help !!!!!
I am running 5.2.1 and yes, ip domain-lookup is enabled.
Thanks !!!
D.
09-21-2011 04:39 PM
Not a problem.
I think I know the issue. Do a no ip domain-lookup and let me know the test result.
Regards,
jerry
09-21-2011 04:46 PM
That did it Jerry !!! very much appreciate your help !!!!!
"no ip domain-lookup" fixed it. Could you explain why that happens with SVI enabled ?
Thanks Jerry !!!!
D.
09-21-2011 05:38 PM
When you telnet or ssh into the N7K, the Nexus7000 actually performs reverse DNS lookup (which is required by SSH server daemons) for the PC's IP address. This causes almost 40 seconds before the user gets prompt.
There is an enhancement bug filed against this
The current workaround is no ip domain-lookup.
HTH,
jerry
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide