11-15-2012 05:31 PM
I config certificate and use it to connect ipsec vpn , I just config
jinan-neusoft(config)#ip domain-name neusoft.com
jinan-neusoft(config)#crypto key generate rsa general-keys
The name for the keys will be: jinan-neusoft.neusoft.com
Choose the size of the key modulus in the range of 360 to 4096 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]:
% Generating 512 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 0 seconds)
jinan-neusoft(config)#
Nov 16 01:05:44.435: RSA key size needs to be atleast 768 bits for ssh version 2
jinan-neusoft(config)#
Nov 16 01:05:44.435: %SSH-5-ENABLED: SSH 1.5 has been enabled
jinan-neusoft(config)#crypto pki trustpoint CA1
jinan-neusoft(ca-trustpoint)# enrollment url http://59.44.43.217:80
jinan-neusoft(ca-trustpoint)# revocation-check crl
jinan-neusoft(ca-trustpoint)# rsakeypair DMVPN-SY-KEY
jinan-neusoft(ca-trustpoint)# auto-enrol
jinan-neusoft(config)#crypto pki authenticate CA1
Certificate has the following attributes:
Fingerprint MD5: D5F9D56B 4D9A4260 43F21D39 811D7AD5
Fingerprint SHA1: 1E49B228 DD57F4DB 43DD2C2F 03870C18 840DA12A
% Do you accept this certificate? [yes/no]: y
Trustpoint CA certificate accepted.
then I have log issues like below ,even I config auto-enroll , I don t get certificate pending information from my certificate server ,
my device is C3925 and ios is c3900-universalk9-mz.SPA.151-4.M4.bin ,how to deal with it ,top players , THX~~~~
Nov 16 01:07:54.871: %PKI-6-CERTRENEWAUTO: Renewing the router certificate for trustpoint CA1
Nov 16 01:07:54.951: %CRYPTO-6-AUTOGEN: Generated new 512 bit key pair
Nov 16 01:07:55.115: CRYPTO_PKI: Certificate Request Fingerprint MD5: 939AF8C1 854DDA90 8FE03058 5635468F
Nov 16 01:07:55.115: CRYPTO_PKI: Certificate Request Fingerprint SHA1: 50F869D2 C0814317 7EB2ECC9 90461F3A 353E7089
Nov 16 01:07:55.119: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6
jinan-neusoft(config)#D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
Nov 16 01:07:55.119: %SYS-2-MALLOCFAIL: Memory allocation of 40 bytes failed from 0x6D05DEC, alignment 0
Pool: Processor Free: 731143916 Cause: Interrupt level allocation
Alternate Pool: None Free: 0 Cause: Interrupt level allocation
-Process= "<interrupt level>", ipl= 3
-Traceback= 5564384z 6892328z 68B3064z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z
Nov 16 01:07:55.119: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
jinan-neusoft(config)#
Nov 16 01:08:09.719: %PKI-6-CERTRENEWAUTO: Renewing the router certificate for trustpoint CA1
Nov 16 01:08:09.879: CRYPTO_PKI: Certificate Request Fingerprint MD5: 939AF8C1 854DDA90 8FE03058 5635468F
Nov 16 01:08:09.879: CRYPTO_PKI: Certificate Request Fingerprint SHA1: 50F869D2 C0814317 7EB2ECC9 90461F3A 353E7089
jinan-neusoft(config)#
Nov 16 01:08:09.883: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
Nov 16 01:08:09.883: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
jinan-neusoft(config)# Nov 16 01:07:54.871: %PKI-6-CERTRENEWAUTO: Renewing the router certificate for trustpoint CA1
Nov 16 01:07:54.951: %CRYPTO-6-AUTOGEN: Generated new 512 bit key pair
Nov 16 01:07:55.115: CRYPTO_PKI: Certificate Request Fingerprint MD5: 939AF8C1 854DDA90 8FE03058 5635468F
Nov 16 01:07:55.115: CRYPTO_PKI: Certificate Request Fingerprint SHA1: 50F869D2 C0814317 7EB2ECC9 90461F3A 353E7089
Nov 16 01:07:55.119: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6
jinan-neusoft(config)#D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
Nov 16 01:07:55.119: %SYS-2-MALLOCFAIL: Memory allocation of 40 bytes failed from 0x6D05DEC, alignment 0
Pool: Processor Free: 731143916 Cause: Interrupt level allocation
Alternate Pool: None Free: 0 Cause: Interrupt level allocation
-Process= "<interrupt level>", ipl= 3
-Traceback= 5564384z 6892328z 68B3064z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z
Nov 16 01:07:55.119: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
jinan-neusoft(config)#
Nov 16 01:08:09.719: %PKI-6-CERTRENEWAUTO: Renewing the router certificate for trustpoint CA1
Nov 16 01:08:09.879: CRYPTO_PKI: Certificate Request Fingerprint MD5: 939AF8C1 854DDA90 8FE03058 5635468F
Nov 16 01:08:09.879: CRYPTO_PKI: Certificate Request Fingerprint SHA1: 50F869D2 C0814317 7EB2ECC9 90461F3A 353E7089
jinan-neusoft(config)#
Nov 16 01:08:09.883: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
Nov 16 01:08:09.883: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
jinan-neusoft(config)#
Solved! Go to Solution.
11-19-2012 12:59 AM
Hello,
I did'nt decode your traceback but it looks like a well known issue:
CSCty42626 RSA operations fail with '(malloc) at interrupt level' msg
Upgrade to at least
15.2(03)T01
15.1(04)M5
15.1(01)T05
15.2(04)M1
Cheers,
Olivier
11-15-2012 11:57 PM
I do not have the answer but have exactly the same issue, looks as if it is a bug of some kind :
Cisco CISCO3945-CHASSIS (revision 1.0) with C3900-SPE150/K9 with 980992K/67584K bytes of memory.
Processor board ID FCZ163371P3
6 FastEthernet interfaces
3 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 72 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)
System image file is "flash0:c3900-universalk9-mz.SPA.151-4.M4.bin"
Nov 16 07:37:16.611: CRYPTO_PKI: Signature Certificate Request Fingerprint MD5: 358FF778 7C2E66AE 895BF088 BF022442
.Nov 16 07:37:16.615: CRYPTO_PKI: Signature Certificate Request Fingerprint SHA1: 5F7A4300 20B62132 83D08C6E 2D315DF4 51EFE94D
.Nov 16 07:37:16.623: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 412
7784z
.Nov 16 07:37:16.623: %SYS-2-MALLOCFAIL: Memory allocation of 72 bytes failed from 0x6D05DEC, alignment 0
Pool: Processor Free: 704933204 Cause: Interrupt level allocation
Alternate Pool: None Free: 0 Cause: Interrupt level allocation
-Process= "
-Traceback= 5564384z 6892328z 68B3064z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4AC
B9F4z Nov 16 07:37:16.611: CRYPTO_PKI: Signature Certificate Request Fingerprint MD5: 358FF778 7C2E66AE 895BF088 BF022442
.Nov 16 07:37:16.615: CRYPTO_PKI: Signature Certificate Request Fingerprint SHA1: 5F7A4300 20B62132 83D08C6E 2D315DF4 51EFE94D
.Nov 16 07:37:16.623: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 412
7784z
.Nov 16 07:37:16.623: %SYS-2-MALLOCFAIL: Memory allocation of 72 bytes failed from 0x6D05DEC, alignment 0
Pool: Processor Free: 704933204 Cause: Interrupt level allocation
Alternate Pool: None Free: 0 Cause: Interrupt level allocation
-Process= "
-Traceback= 5564384z 6892328z 68B3064z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4AC
B9F4z
11-18-2012 10:59 PM
that is a ios bug , i have certain it in cisco.com
This situation can be identified by the process in the error message. If the process is listed as
"%SYS-2-MALLOCFAIL: Memory allocation of 68 bytes failed from 0x604CEF48, pool Processor, alignment 0-Process=, ipl= 3"
This is a Cisco Internet Operating System (IOS) bug. You can use the Bug Toolkit (registered customers only) to search for a matching software bug ID for this issue. Once the software bug has been identified, upgrade to a Cisco IOS software version that contains the fix to resolve the problem.
http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00800a6f3a.shtml
12-03-2014 11:26 PM
thanks a lot , may i know how to search the bug information in cisco.com
11-19-2012 12:59 AM
Hello,
I did'nt decode your traceback but it looks like a well known issue:
CSCty42626 RSA operations fail with '(malloc) at interrupt level' msg
Upgrade to at least
15.2(03)T01
15.1(04)M5
15.1(01)T05
15.2(04)M1
Cheers,
Olivier
11-19-2012 07:10 PM
THX
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide