Solved: After executing EEM applet, next login prompt 'corrupt'.

mbajelis · ‎11-27-2007

Hi,

I have added a really simple EEM script to my routers to reset the GDOI VPN following a rekey failure. It looks like this:

event manager applet reset-gdoi

event syslog occurs 2 pattern "%CRYPTO-4-RECVD_PKT_NOT_IPSEC:"

action 1 cli command "enable"

action 2 cli command "clear crypto gdoi"

action 3 syslog msg "GDOI failure - resetting VPN"

The issue I have is that when this policy executes (perfectly sucessfully), the NEXT time I connect to the router via the VTY line I get something like this:

Username:^@

Ie the login prompt is populated with random characters!

Any ideas ?

Cheers,

Martin

Joe Clarke · ‎11-27-2007

I don't see a bug for this, but the problem is fixed in 12.4(15)T. I had noticed a similar symptom a while ago where I would get three login prompts following the execution of an applet. While I can still reproduce this using your applet in 12.4(11)T, I can no longer reproduce in 12.4(15)T. If you need a bug for, I suggest you open a TAC service request.

View solution in original post

Joe Clarke · ‎11-27-2007

Please post a show ver from this device.

mbajelis · ‎11-27-2007

#sh ver

Cisco IOS Software, C180X Software (C180X-ADVIPSERVICESK9-M), Version 12.4(11)T1, RELEASE SOFTWARE (fc5)

Technical Support: http://www.cisco.com/techsupport

Compiled Thu 25-Jan-07 10:15 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)YH6, RELEASE SOFTWARE (fc1)

ar1-1999 uptime is 1 week, 1 day, 20 hours, 39 minutes

System returned to ROM by bus error at PC 0x818D80EC, address 0x818D80EC at 17:29:24 aesdt Mon Nov 19 2007

System restarted at 17:32:36 aesdt Mon Nov 19 2007

System image file is "flash:c180x-advipservicesk9-mz.124-11.T1.bin"

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Cisco 1801 (MPC8500) processor (revision 0x400) with 111616K/19456K bytes of memory.

Processor board ID FCZ101110J1, with hardware revision 0000

9 FastEthernet interfaces

1 ISDN Basic Rate interface

1 ATM interface

31360K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

(I realise it is a buggy IOS, but to date has not caused us any grief :) )

Joe Clarke · ‎11-27-2007

I don't see a bug for this, but the problem is fixed in 12.4(15)T. I had noticed a similar symptom a while ago where I would get three login prompts following the execution of an applet. While I can still reproduce this using your applet in 12.4(11)T, I can no longer reproduce in 12.4(15)T. If you need a bug for, I suggest you open a TAC service request.

mbajelis · ‎11-28-2007

Hi,

Thanks for confirming the issue. At least I know I was not imagining it.

Provided the 12.4(15) release gives me full support for the GET VPN I will look at deploying it. I will definately lab it up.

In the meantime, the prospect of rolling out a new IOS to 210 routers with only 32mb of flash is daunting :)