Solved: Re: "Line time expired" error in Cisco WS-C3850-48T-E

radhakrishnan.mathiyalagan · ‎07-17-2020

I am trying to upgrade IOS in Cisco 3850 switch from the tftp server.

Currently running IOS Version: (cat3k_caa_universalk9-m) version 03.06.06E

Trying to upgrade to : cat3k_universalk9.16.09.05.spa.bin

When I am trying to copy the iOS from the tftp server using the command " copy tftp: flash: " it started copying but it ends with following error " line time expired "

I am using SSH

Following are the configuration:

Line con 0

exec-timeout 0 0

no exec

line aux 0

transport output none

stopbits 1

Line vty 0 4

access-class 1 itn

exec-timeout 0 0

transport input ssh

transport outpu ssh

line vty 5 15

access-class 1 in

exec-timeout 0 0

transport input ssh

transport output 0 0

Troubleshooting Done:

1. Free up the flash memory space

2. Increase the block size of tftp to 4096

3. Upgarded tftpd64 server to latest version

4. Configured execution-timeout 0 0 under line vty

Help me with valuable solution

Seb Rupik · ‎07-17-2020

Hi there,

Have you tried using the maximum configurable TFTP blocksize on the switch of 8192 bytes?

cheers,

Seb.

View solution in original post

Seb Rupik · ‎07-17-2020

Hi there,

Have you tried using the maximum configurable TFTP blocksize on the switch of 8192 bytes?

cheers,

Seb.

radhakrishnan.mathiyalagan · ‎07-17-2020

I have configured the bock size of tftp 8192

The following error will close the session within 30 sec unable to maintain the session for long time to do any troubleshooting

*

Line time expired

Giuseppe Larosa · ‎07-17-2020

Hello @radhakrishnan.mathiyalagan ,

I would use an FTP server instead of TFTP as FTP is better for big files like the one you are trying to transfer.

Hope to help

Giuseppe

pieterh · ‎07-17-2020

if you have physical access to the device your alternative can be using a USB flash-drive.

but I think you may have a problem on the workstation that you use

the tftp process running seems to be interfering with your terminal session

so when copying starts, your terminal session is disconnected (and therefore the copy aborted)

radhakrishnan.mathiyalagan · ‎07-17-2020

Hi Pieterh,
What you saying is absolutely right always the session will be aborted for every minute and we tried using following commands 1. exec timeout 0 0 2. Session timeout 40 and done with the reload still session keeps timing out and unable to do any operation when taking SSH

I have studied in one of the book that increasing the absolute timeout will resolve this problem and this the reference link
https://www.oreilly.com/library/view/cisco-ios-cookbook/0596527225/ch03s12.html

But in the switch model C3850 there is no such command called absolute timeout under line vty

Do we have any workaround for configuring absolute timeout to resolve the following error
*
*
*
Line time expired

pieterh · ‎07-18-2020

I mentioned before: the problem is on the PC you are using NOT on the switch.
so making config changes on the switch will not help.

1) try another PC
2) try another terminal program / tftp program
2) try using serial console connection instead of telnet/ssh
3) don't use tftp but copy from usb-flash-drive

Eric R. Jones · ‎08-19-2021

Hello, we are having this same issue while using SecureCRT.

We aren't using a file transfer program but just using SecureCRT to access our switches.

What did you do to resolve this issue?

ej

Georg Pauwen · ‎08-19-2021

Hello,

how is the authentication configured on your switches, do you use local authentication, or RADIUS/TACACS ? Might be worth posting the full config of one of the 'problem' devices, maybe we can spot something...

Eric R. Jones · ‎08-22-2021

We are using 802.1x and TACACS+ with ISE.

The configuration is supposed to check the TACACS+ servers first and then upon failure to authenticate drop to local.

What we find is that as long as the server is up it never drops to local checks regardless if the password is not found on the server side.

We have been using Secure CRT for awhile but prior to that it was putty and we never had this issue.

After switching is when we started seeing this issue.

aaa group server tacacs+ <Group-name>
server name <ISE-server>
server name <ISE-server>
!
aaa group server radius <Group-name2>
server name <ISE-server>
server name <ISE-server>
server name <ISE-server>
!
aaa authentication login default group <Group-name> local
aaa authentication enable default group <Group-name> enable
aaa authentication dot1x default group <Group-name2>
aaa authorization console
aaa authorization config-commands
aaa authorization exec default group <Group-name> local
aaa authorization commands 0 default group <Group-name> local if-authenticated
aaa authorization commands 1 default group <Group-name> if-authenticated
aaa authorization commands 7 default group <Group-name> local if-authenticated
aaa authorization commands 15 default group <Group-name> local if-authenticated
aaa authorization network default group <Group-name2>
aaa authorization auth-proxy default group <Group-name2>
aaa accounting update newinfo periodic 2880
aaa accounting auth-proxy default start-stop group <Group-name2>
aaa accounting dot1x default start-stop group <Group-name2>
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default
!
aaa accounting system default start-stop group tacacs+
!
aaa common-criteria policy PASSWORD_POLICY
min-length 8
max-length 25
numeric-count 1
upper-case 1
lower-case 2
special-case 1
char-changes 8
!
!
!
!
!
aaa server radius dynamic-author
client 10.88.8.22 server-key <server key value and hash>
client 10.88.8.23 server-key <server key value and hash>
client 10.188.50.22 server-key <server key value and hash>
!
aaa session-id common