cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2371
Views
5
Helpful
9
Replies

"Line time expired" error in Cisco WS-C3850-48T-E

I am trying to upgrade IOS in Cisco 3850 switch from the tftp server.

Currently running IOS Version: (cat3k_caa_universalk9-m) version 03.06.06E

Trying to upgrade to : cat3k_universalk9.16.09.05.spa.bin

When I am trying to copy the iOS from the tftp server using the command " copy tftp: flash: " it started copying but it ends with following error " line time expired "

I am using SSH

 

Following are the configuration:

Line con 0

exec-timeout 0 0

no exec

line aux 0

transport output none

stopbits 1

Line vty 0 4

access-class 1 itn

exec-timeout 0 0

transport input ssh

transport outpu ssh

line vty 5 15

access-class 1 in

exec-timeout 0 0

transport input ssh

transport output 0 0

Troubleshooting Done:

1. Free up the flash memory space

2. Increase the block size of tftp to 4096

3. Upgarded tftpd64 server to latest version

4. Configured execution-timeout 0 0 under line vty

 

Help me with valuable solution

 

1 Accepted Solution

Accepted Solutions

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

Have you tried using the maximum configurable TFTP blocksize on the switch of 8192 bytes?

 

cheers,

Seb.

View solution in original post

9 Replies 9

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

Have you tried using the maximum configurable TFTP blocksize on the switch of 8192 bytes?

 

cheers,

Seb.

I have configured the bock size of tftp 8192

 

The following error will close the session within 30 sec unable to maintain the session for long time to do any troubleshooting

 

*

*

Line time expired

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello @radhakrishnan.mathiyalagan ,

I would use an FTP server instead of TFTP as FTP is better for big files like the one you are trying to transfer.

 

Hope to help

Giuseppe

 

if you have physical access to the device your alternative can be using a USB flash-drive.

 

but I think you may have a problem on the workstation that you use

the tftp process running seems to be interfering with your terminal session

so when copying starts, your terminal session is disconnected (and therefore the copy aborted)

Hi Pieterh,
What you saying is absolutely right always the session will be aborted for every minute and we tried using following commands 1. exec timeout 0 0 2. Session timeout 40 and done with the reload still session keeps timing out and unable to do any operation when taking SSH

I have studied in one of the book that increasing the absolute timeout will resolve this problem and this the reference link
https://www.oreilly.com/library/view/cisco-ios-cookbook/0596527225/ch03s12.html

But in the switch model C3850 there is no such command called absolute timeout under line vty

Do we have any workaround for configuring absolute timeout to resolve the following error
*
*
*
Line time expired

I mentioned before:  the problem is on the PC you are using NOT on the switch.
so making config changes on the switch will not help.

1) try another PC
2) try another terminal program / tftp program
2) try using serial console connection instead of telnet/ssh
3) don't use tftp but copy from usb-flash-drive

Eric R. Jones
Level 4
Level 4

Hello, we are having this same issue while using SecureCRT.

We aren't using a file transfer program but just using SecureCRT to access our switches.

What did you do to resolve this issue?

 

ej

Hello,

 

how is the authentication configured on your switches, do you use local authentication, or RADIUS/TACACS ? Might be worth posting the full config of one of the 'problem' devices, maybe we can spot something...

We are using 802.1x and TACACS+ with ISE.

The configuration is supposed to check the TACACS+ servers first and then upon failure to authenticate drop to local.

What we find is that as long as the server is up it never drops to local checks regardless if the password is not found on the server side.

We have been using Secure CRT for awhile but prior to that it was putty and we never had this issue.

After switching is when we started seeing this issue.

 

aaa group server tacacs+ <Group-name>
server name <ISE-server>
server name <ISE-server>
!
aaa group server radius <Group-name2>
server name <ISE-server>
server name <ISE-server>
server name <ISE-server>
!
aaa authentication login default group <Group-name> local
aaa authentication enable default group <Group-name> enable
aaa authentication dot1x default group <Group-name2>
aaa authorization console
aaa authorization config-commands
aaa authorization exec default group <Group-name> local
aaa authorization commands 0 default group <Group-name> local if-authenticated
aaa authorization commands 1 default group <Group-name> if-authenticated
aaa authorization commands 7 default group <Group-name> local if-authenticated
aaa authorization commands 15 default group <Group-name> local if-authenticated
aaa authorization network default group <Group-name2>
aaa authorization auth-proxy default group <Group-name2>
aaa accounting update newinfo periodic 2880
aaa accounting auth-proxy default start-stop group <Group-name2>
aaa accounting dot1x default start-stop group <Group-name2>
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default
!
aaa accounting system default start-stop group tacacs+
!
aaa common-criteria policy PASSWORD_POLICY
min-length 8
max-length 25
numeric-count 1
upper-case 1
lower-case 2
special-case 1
char-changes 8
!
!
!
!
!
aaa server radius dynamic-author
client 10.88.8.22 server-key <server key value and hash>
client 10.88.8.23 server-key <server key value and hash>
client 10.188.50.22 server-key <server key value and hash>
!
aaa session-id common

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: