ASK THE EXPERT - CONFIGURING AND TROUBLESHOOTING CISCO AS5X00 ACCESS SERVER

Unanswered Question
Jan 11th, 2008
User Badges:
  • Gold, 750 points or more

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to get an update on configuration and troubleshooting of Cisco AS5x00 access servers with Cisco expert Zulfiqar Ahmed. Zulfiqar Ahmed, CCIE# 3960, is part of High Touch Technical Support (HTTS) based out of San Jose, California where he currently holds the position of high touch engineer (HTE). Ahmed joined Cisco in 1997 as an engineer in the Technical Assistance Center (TAC). His background has been in Remote Access, Dial, AAA, DSL, and Broadband Cable networks. He has worked on a variety of Cisco Platforms. He has authored relevant Cisco.com documents, conducted trainings and war rooms for Cisco partners, and has taught in Cisco bootcamps and courses.


Remember to use the rating system to let Zulfiqar know if you have received an adequate response.


Zulfiqar might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through January 25, 2008. Visit this forum often to view responses to your questions and the questions of other community members.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
csf129csf129 Sun, 01/13/2008 - 11:06
User Badges:

what do I do when I receive the message "Reason 412:The remote peer is no longer responding."

dinchavan1 Sun, 01/13/2008 - 21:59
User Badges:

hi sir


my name is dinesh chavan


my email ID [email protected] [email protected]


Detail of router configuration and exiting daigram attached


1) I have isp router ,ip address of

lan interface 192.168.10.100

wan interface 59.97.200.23

2)three D-link non manageable switch

3)total 60 computer and ip address range is 192.168.10.100-192.168.10.200 255.255.255.0(it is assing to computer )




I connect port 0 to isp

port 1 to dlink switch







I want install pix 501 into exting network

My plan is


ip address of outside 192.168.10.99 255.255.255.0

ip address of inside 192.168.10.71 255.255.255.0


what is nating/ addistonal configustion












dinchavan1 Sun, 01/13/2008 - 22:38
User Badges:

also I have 506e firewall

hoe to change access and telnet password using telnet

Hi Zulfiquar!

Got a problem with ASA5510/5505 and the packet size.

Infrastructure tests done by my ISP says that they transport up MTU 1500, but on ASA side of my networks (outside) i can only packets of 992b trough??

MTU on the ASA's are set to DSL given 1462.

This causes problems with Citrix/RDP/print/file from my WAN sites and it seems that packets are very fragmented???


Sincerely


Henning Kihle

Norway

internetthomas Wed, 01/16/2008 - 07:13
User Badges:

I have been searching for resources on the file formats for the configuration file and IOS stored in a router or switch but could not identify the formats. Could you help?

Collin Clark Thu, 01/17/2008 - 13:54
User Badges:
  • Purple, 4500 points or more

PLEASE NOTE THE DISCUSSION IS FOR THE AS5X00 SERIES ACCESS SERVERS AND MEDIA GATEWAYS.


If you are looking for help on the ASA Firewalls, please post to the Firewall forum at http://forum.cisco.com/eforum/servlet/NetProf;jsessionid=077FAD2146A06C1A111291A266565797.SJ3B?page=netprof&forum=Security&topic=Firewalling&CommCmd=MB%3Fcmd%3Ddisplay_messages%26mode%3Dnew%26location%3D.ee6e1fa


Collin Clark Thu, 01/17/2008 - 14:01
User Badges:
  • Purple, 4500 points or more

Zulfiqar-


We currently have an AS5350 and utilize autocommand telnet. Will Cisco be supporting other protocols in the future (ie FTP)? Will the AS5X00 ever have full IOS services? Thanks.

zahmed Fri, 01/18/2008 - 11:31
User Badges:
  • Cisco Employee,

Hi Collin,


The command "autocommand" will take any word you enter - be it telnet or FTP. You can enter "autocommand BLAH" under a tty line and it will take it as it and show up in the config.


But what it (the autocommand) will execute is what you can run from the router prompt.


So you can execute a telnet from a router prompt, but obviously not an FTP command. Hence, "autocommand ftp" is not a feasible option.


In other words, "autocommand BLAH" makes sense if and only if BLAH makes sense (from the router or exec prompt).


This is true for any router, be it AS5x00 series or any other platform.


If you could let me know what other IOS services you are referring to for the AS5x00 platform, I can probably answer you with more info.


Thanks and Regards,


~Zulfiqar


zahmed Fri, 01/18/2008 - 10:44
User Badges:
  • Cisco Employee,

Hi Samuel,


The file format for config files is always TEXT/ASCII. Like in some platforms (not all), you could actually do a "more nvram:startup-config" and "more system:running-config" to give you a config file. And as you know, the 'more' command only works on ASCII files so it's an implicit file format verification technique.


As for IOS stored on on-board FLASH or PCMCIA FLASH devices, the file format depends on the platform. So I would say, for about 90% of the platforms, it's a zip file while for the other 10% it is usually a tar file.


Hope this helps.


Thanks and Regards,


~Zulfiqar


zahmed Fri, 01/18/2008 - 10:45
User Badges:
  • Cisco Employee,

Hi Samuel,


The file format for config files is always TEXT/ASCII. Like in some platforms (not all), you could actually do a "more nvram:startup-config" and "more system:running-config" to give you a config file. And as you know, the 'more' command only works on ASCII files so it's an implicit file format verification technique.


As for IOS stored on on-board FLASH or PCMCIA FLASH devices, the file format depends on the platform. So I would say, for about 90% of the platforms, it's a zip file while for the other 10% it is usually a tar file.


Hope this helps.


Thanks and Regards,


~Zulfiqar

masonibasis Sun, 01/20/2008 - 17:26
User Badges:

Hi Zulfiqar,


I have an AS5400XM running IOS v12.4(10) that is logging some strange errors:


Jan 12 10:49:21.649 GMT: %SYS-3-MGDTIMER: Master timer has bad magic, timer = 6A155228. -Process= "CC-API_VCM", ipl= 4, pid= 160 -Traceback= 0x6045DCC8 0x605624E8

Jan 13 12:45:50.651 GMT: %SYS-3-MGDTIMER: Master timer has bad magic, timer = 7192EC00. -Process= "CC-API_VCM", ipl= 4, pid= 160 -Traceback= 0x6045DCC8 0x605624E8

Jan 15 12:12:29.822 GMT: %SYS-3-MGDTIMER: Master timer has bad magic, timer = 6F741C4C. -Process= "AFW_application_process", ipl= 4, pid= 48 -Traceback= 0x6045DCC8 0x605624E8

Jan 16 12:00:26.424 GMT: %SYS-3-MGDTIMER: Master timer has bad magic, timer = 6B192FE0. -Process= "AFW_application_process", ipl= 4, pid= 48 -Traceback= 0x6045DCC8 0x605624E8

Jan 17 10:13:20.508 GMT: %SYS-3-MGDTIMER: Master timer has bad magic, timer = 70D36D74. -Process= "AFW_application_process", ipl= 4, pid= 48 -Traceback= 0x6045DCC8 0x605624E8

Jan 18 09:08:05.100 GMT: %SYS-3-MGDTIMER: Master timer has bad magic, timer = 6E7616C8. -Process= "AFW_application_process", ipl= 4, pid= 48 -Traceback= 0x6045DCC8 0x605624E8

Jan 18 09:37:53.009 GMT: %SYS-3-MGDTIMER: Master timer has bad magic, timer = 6C241F70. -Process= "AFW_application_process", ipl= 4, pid= 48 -Traceback= 0x6045DCC8 0x605624E8

Jan 18 11:23:27.227 GMT: %SYS-3-MGDTIMER: Master timer has bad magic, timer = 6B1939F0. -Process= "AFW_application_process", ipl= 4, pid= 48 -Traceback= 0x6045DCC8 0x605624E8

Jan 18 11:34:40.458 GMT: %SYS-3-MGDTIMER: Master timer has bad magic, timer = 7192EA90. -Process= "AFW_application_process", ipl= 4, pid= 48 -Traceback= 0x6045DCC8 0x605624E8

Jan 20 09:30:20.586 GMT: %SYS-3-MGDTIMER: Master timer has bad magic, timer = 6C242530. -Process= "CC-API_VCM", ipl= 4, pid= 160 -Traceback= 0x6045DCC8 0x605624E8


Can you please explain what this error means and what actions should be taken to resolve it?

zahmed Mon, 01/21/2008 - 12:05
User Badges:
  • Cisco Employee,

Hi Mason,


A "show ver" will be needed to find the exact IOS image filename for this 12.4(10) code for the purpose of decoding the Tracebacks. Only then we will be able to pinpoint to the root cause, however if I have to guess, this sounds like the following software defect :


CSCsl29208 : %SYS-3-MGDTIMER errors seen with voice application


http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCsl29208&Submit=Search



As you'll see on the above Bug Toolkit link, this defect has been dup'ed to this other defect, CSCsj34095, that is fixed as of 12.4(19) (which is scheduled to be released in early March '08).


Thanks and Regards,


~Zulfiqar

masonibasis Mon, 01/21/2008 - 12:12
User Badges:

Cisco IOS Software, 5400 Software (C5400-IK9S-M), Version 12.4(10), RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2006 by Cisco Systems, Inc.

Compiled Wed 16-Aug-06 06:59 by prod_rel_team


ROM: System Bootstrap, Version 12.3(12r)PI6b, RELEASE SOFTWARE (fc1)


LAX-C03-C5400X-11 uptime is 8 weeks, 6 days, 22 hours, 19 minutes

System returned to ROM by reload at 14:06:54 GMT Tue Feb 22 2000

System restarted at 21:51:36 GMT Mon Nov 19 2007

System image file is "flash:c5400-ik9s-mz.124-10.bin"



This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.


A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html


If you require further assistance please contact us by sending email to

[email protected].


Cisco AS5400XM (BCM) processor (revision 0x22) with 393215K/131072K bytes of memory.

Processor board ID JAE1139Y00R

SB-1 CPU at 750MHz, Implementation 1025, Rev 0.3, 256KB L2 Cache

Last reset from IOS reload

Manufacture Cookie Info:

EEPROM Version 0x4, Board ID 0x4BD,

Board Hardware Version 2.7, Item Number 800-6572547-03,

Board Revision A0, Serial Number JAE1139Y00R.

Processor 0x0, MAC Address 001b.d51b.5280

2 Gigabit Ethernet interfaces

512 Serial interfaces

648 terminal lines

28 Channelized T1/PRI ports

1 Channelized T3 port

512K bytes of NVRAM.

125440K bytes of ATA External CompactFlash (Read/Write)


Configuration register is 0x2102

zahmed Mon, 01/21/2008 - 12:20
User Badges:
  • Cisco Employee,

Mason,


Thanks for providing the 'show ver'. It indeed is the above mentioned defect(s) I mentioned.


Thanks and Regards,


~Zulfiqar

joe-vieira Tue, 01/22/2008 - 11:10
User Badges:

We have a 5350xm configured for dial in clients using Cisco ACS for authentication. Now we have a need to use tokens instead of passwords. Do you have documentation on how to configure this solution from the client to the 5350 to the token server and back?


thanks

joe-vieira Wed, 01/23/2008 - 10:13
User Badges:

The thing is we're not using ISDN, we're using regular phone lines and we're also using the Windows XP dialer. Is it possible for the dialer at the PC to access the rsa usb token, prompt for the pin and then connect through the AS5350 to the servers?

zahmed Fri, 01/25/2008 - 12:12
User Badges:
  • Cisco Employee,

Joe,


Sorry to have misunderstood your question earlier.


As for doing SecureID authentication for your async/modem clients, there is not much that you need to configure on the the access server.


As always, you will configure your T1 controller(s), the group-async interface, the "aaa new-model" section, and "line x y" (or the tty line config) section as you normally would for a PPP dialin application. Just make sure you have "autoselect ppp", "autoselect during-login", and "autocommand ppp" defined as well under the tty lines.


This is a very common scenario and

all Windows clients support it if you enable

"terminal window after dialing"

method - which is the character mode username authentication before PPP starts.


Basically, , first the user is presented an EXEC prompt and thereafter PPP is automatically started at successful login. That means that the user must bring up the terminal screen after dialin.


Hope this helps.


Thanks and Regards,


~Zulfiqar



joe-vieira Fri, 01/25/2008 - 12:16
User Badges:

Sorry but what is the terminal screen for? Does it prompt for a pin number related to the usb token?

g.pregnolato Thu, 01/24/2008 - 03:57
User Badges:

Hi,

I'd like to know the cabling specification for the 8-Port E1 Feature Card for AS5400XM.

In my implementation I've an UTP cable (10/15 mt. of length) connected to the AS5400XM and a CAB adapter 75-120 ohm connected to the telephone permutator. In the output of the "show controller e1" (in the attachment) you can find some errors that I suppose are related to cabling. The ECCVGBO3_old contains the output with the old cabling. With the new cabling (ECCVGBO3_new) the errors are decreased but don't disappear (for example e1 7/7).

I have some question for you:

1) Is it required that the cable from the telephone permutator to the AS5400XM is a coax cable with the cab adapter near to the router (short UTP cable)?

2) In the "show controller e1" output are showed only the input error?

3) Is it possible to decrease the error rate with some configuration of the controllers (for example adjusting the cable-length parameter)?

Tanks.



Attachment: 
zahmed Fri, 01/25/2008 - 12:26
User Badges:
  • Cisco Employee,

Hi Giuseppe,


Please see Table A-11 in the following doc for cabling spec for the 8 port E1 DFC :


http://www.cisco.com/en/US/docs/routers/access/as5350/hardware/interfaces/guide/54crdcbl.html#wpxref49389


For your question whether or not you need short UTP cable, I suggest you open up a TAC case to confirm that.


As for the input errors, that is only viewable

on the corresponding "show interface Ser x/y:15" output.


And yes, you might want to play with the cable-length command but if it does not do any good, you will have to get the E1 checked by your provider which is what it looks to me that might have to be done eventually.


Thanks and Regards,


~Zulfiqar

masonibasis Thu, 01/24/2008 - 11:14
User Badges:

Hi Zulfiqar,


I have an AS5300 that is dropping calls on a single ISDN PRI E1. Calls on the other E1s are completing fine. Can you please offer any insight as to why this might be happening? Please let me know if you need additional information.


sh ver and debug output:


LON-AP1-C5300-4#sh ver

Cisco Internetwork Operating System Software

IOS (tm) 5300 Software (C5300-IK9S-M), Version 12.3(22), RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2007 by cisco Systems, Inc.

Compiled Wed 24-Jan-07 19:36 by ccai

Image text-base: 0x60008AEC, data-base: 0x61854000


ROM: System Bootstrap, Version 12.0(2)XD1, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

BOOTLDR: 5300 Software (C5300-BOOT-M), Version 12.0(4)T1, RELEASE SOFTWARE (fc1)


LON-AP1-C5300-4 uptime is 27 weeks, 1 day, 10 hours, 14 minutes

System returned to ROM by reload at 08:49:48 GMT Wed Jul 18 2007

System restarted at 08:50:39 GMT Wed Jul 18 2007

System image file is "flash:c5300-ik9s-mz.123-22.bin"


cisco AS5300 (R4K) processor (revision A.32) with 131072K/16384K bytes of memory.

Processor board ID 14898474

R4700 CPU at 150MHz, Implementation 33, Rev 1.0, 512KB L2 Cache

Channelized E1, Version 1.0.

Bridging software.

X.25 software, Version 3.0.0.

SuperLAT software (copyright 1990 by Meridian Technology Corp).

Primary Rate ISDN software, Version 1.1.

Backplane revision 2

Manufacture Cookie Info:

EEPROM Type 0x0001, EEPROM Version 0x01, Board ID 0x30,

Board Hardware Version 1.80, Item Number 800-2544-03,

Board Revision A0, Serial Number 14898474,

PLD/ISP Version 0.0, Manufacture Date 8-Jul-1999.

1 Ethernet/IEEE 802.3 interface(s)

1 FastEthernet/IEEE 802.3 interface(s)

126 Serial network interface(s)

4 Channelized E1/PRI port(s)

60 DSP(s), 120 Voice resource(s)

128K bytes of non-volatile configuration memory.

16384K bytes of processor board System flash (Read/Write)

8192K bytes of processor board Boot flash (Read/Write)


LON-AP1-C5300-4#deb isdn error int Serial0:15

Jan 24 19:04:02.166 GMT: ISDN Se0:15 SERROR: call_cleared: Got a disconnect on a non-existent call (call id = 0xCD2C).

This probably is a call that we placed that failed.

Jan 24 19:04:02.166 GMT: ISDN Se0:15 **ERROR**: call_cleared: VOICE ERROR: NULL VDEV Common(0xFC): bchan -1, call id 0xCD2C

Jan 24 19:04:06.218 GMT: ISDN Se0:15 SERROR: call_cleared: Got a disconnect on a non-existent call (call id = 0xCD2D).

This probably is a call that we placed that failed.

Jan 24 19:04:06.218 GMT: ISDN Se0:15 **ERROR**: call_cleared: VOICE ERROR: NULL VDEV Common(0xFC): bchan -1, call id 0xCD2D

Jan 24 19:04:12.866 GMT: ISDN Se0:15 SERROR: call_cleared: Got a disconnect on a non-existent call (call id = 0xCD30).

This probably is a call that we placed that failed.

Jan 24 19:04:12.866 GMT: ISDN Se0:15 **ERROR**: call_cleared: VOICE ERROR: NULL VDEV Common(0xFC): bchan -1, call id 0xCD30

Jan 24 19:04:15.050 GMT: ISDN Se0:15 SERROR: call_cleared: Got a disconnect on a non-existent call (call id = 0xCD32).

This probably is a call that we placed that failed.

==============================================================================

LON-AP1-C5300-4#deb isdn q931 asn1 interface Serial0:15

debug isdn asn1 is ON.

Jan 24 18:56:46.139 GMT: ISDN Se0:15 **ERROR**: call_cleared: VOICE ERROR: NULL VDEV Common(0xFC): bchan -1, call id 0xCC0E

Jan 24 18:56:48.219 GMT: ISDN Se0:15 **ERROR**: call_cleared: VOICE ERROR: NULL VDEV Common(0xFC): bchan -1, call id 0xCC0F

Jan 24 18:56:48.891 GMT: ISDN Se0:15 **ERROR**: call_cleared: VOICE ERROR: NULL VDEV Common(0xFC): bchan -1, call id 0xCC10

Jan 24 18:56:51.711 GMT: ISDN Se0:15 **ERROR**: call_cleared: VOICE ERROR: NULL VDEV Common(0xFC): bchan -1, call id 0xCC11

Jan 24 18:56:53.691 GMT: ISDN Se0:15 **ERROR**: call_cleared: VOICE ERROR: NULL VDEV Common(0xFC): bchan -1, call id 0xCC13

Jan 24 18:56:54.799 GMT: ISDN Se0:15 **ERROR**: call_cleared: VOICE ERROR: NULL VDEV Common(0xFC): bchan -1, call id 0xCC15

zahmed Fri, 01/25/2008 - 12:35
User Badges:
  • Cisco Employee,

Hi Mason,


A full capture of debug isdn q931, debug isdn event, and debug ppp nego will be required in addition to the relevant config. But are you sure calls are indeed dropping on this particular PRI that you mentioned and are not like this cosmetic issue :


CSCse55246

Unnecessary message printed**ERROR**: call_progress: DEV_CONNECTED VOICE


You might want to get a TAC case open for further investigation.


Thanks and Regards,


~Zulfiqar

Actions

This Discussion