Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1175
Views
0
Helpful
5
Replies

Cannot access vty lines after ldp neighbor drop

sandwichisles
Level 1
Level 1

‎01-16-2013 08:19 PM

Was able to access 2821 router fine. Using access-class on vty lines and login using aaa. We are running bgp/mpls over one of the links. The bgp neighbor timed out and dropped for a couple of minutes but reestablished soon after. Everything came back up and is working fine, except vty access.

I cannot telnet or ssh to the router from inside or outside. I can still access via console, it is still functioning fine, can ping, traceroute etc. We are using it for voip phones and they are all functioning fine. Logging in on the console still uses the aaa server credentials, so that is fine. SNMP still working fine.

Still plenty of memory available, cpu usage is low.

When i try to access it from a host that is not allowed in the access-class, it gets refused and logged.

But there is no response when trying to access otherwise.

when i debug telnet or ssh, nothing ever gets logged.

I cannot simply reload the router, not without some planning/notifying etc.

Any ideas on what may be the cause, and steps to remedy? Otherwise, i will try to schedule a reload and see if that helps.

Thanks

DT                

Labels:
0 Helpful
5 Replies 5

sandwichisles
Level 1
Level 1

‎01-19-2013 04:21 AM

reloaded the router, no change. Still cannot access vty lines.

Do not think is is access-class related. When i try to access, the hit counters increment in the access-list. Also, when i remove the access-class, i still cannot access.

This all just happened suddenly without any configuration changes.  I am out of ideas. anyone else experience this, where you could no longer access vty lines?

Hopefully someone has some input.

Thanks.

0 Helpful

Emmanuel Valdez
Level 3
Level 3

‎01-24-2013 09:35 PM

Hi,

I have a similar issue with a Catalyst 4500 many time ago, the problem was directly on the line vty's for some reason when I exit the session the line vty were not clear, after weeks of access I could not login anymore because all the lines were used, I only have to clear the lines from the console.

Issue the show users command maybe it is a similar problem but the reload had to clear the lines.

Regards.

Sent from Cisco Technical Support iPhone App

0 Helpful

sandwichisles
Level 1
Level 1
In response to Emmanuel Valdez

‎02-11-2013 05:49 PM

Still no resolution to this issue. I have a Terminal server connected to the console port, so i have access now, but still cannot ssh or telnet as before.

On a side note, I just tried enabling http and https server, both are unresponsive just like the telnet and ssh access.

I've tried configuring control-plane host management-interface. No response still

No connection refused message, it just does nothing.

0 Helpful

kcnajaf
Level 7
Level 7
In response to sandwichisles

‎02-11-2013 06:10 PM

Hi,

Could you share the configuration on the router? Also please enable debug aaa authetication and run test aaa group tacacs+ leg and share the result

Regards

Najaf

Please rate when applicable or helpful !!!

0 Helpful

sandwichisles
Level 1
Level 1
In response to kcnajaf

‎02-11-2013 06:28 PM

user was successfully authenticated

don't think authentication is the issue. I can still log in to the console using my ACS credentials.

Will get config up shortly.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents