TELNET connection problem to switches

Unanswered Question

I have a problem connecting with telnet, http, etc to some 3750 switches running IOS 12.1(19)EA1c.

It's not possible to connect to them, BUT snmp and ping is still working ...

If I reload the switch, it's working again... after a while (could be hours, days, etc...) it's not working any longer (without having changed something in the config).

I have switches where I was not able to use a telnet session, who became ok again, and after a while had the same problem again.

I can connect with the serial cable, and there are no special entries in the log file.

I have never had this problem for the last years, and now, suddenly a week ago it started.

The CPU of the switches is used for about 0-1%....

The uplinks are used for 1-10%....

Any idea ? (except from upgarding to the latest firmware)

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Richard Burts Thu, 03/13/2008 - 04:47

Karl

I have seen symptoms similar to what you describe when someone has configured exec-timeout 0 0 (or no exec-timeout) on the vty ports. What happens is the sessions on the vty get hung - someone had a session and the session disconnected without logging out. This results in all the vty ports being busy and then telnet fails. Do you have the vty ports configured with exec-timeout 0 0? If so then I would suggest that you configure some non-zero value for the timtout (use a long timeout if you wish but have some value at which the vty will terminate the session due to inactivity).

HTH

Rick

Richard Burts Thu, 03/13/2008 - 04:58

Karl

If it is not the problem with all vty being busy then it would help to know more about the symptoms. When you are having the problem where in the telnet process is the problem? When you attempt to connect is the connection refused? (if so what message do you get?) Do you get connected and get a prompt for user name?

HTH

Rick

Even stranger ... when I use the console cable and login to the switch, I even can't do a telnet to the local machine !!!!

I'm sure I have vty session available.

I can't tell you when or why, that's my main problem ... but if a switch is 'gone' its gone for a long time .. I have already switch which I could not access for 3 days, others only for a few hours, and others with no problem ...

Everyone of them connected to the same core, same config, same vlan, same routing ...

Edison Ortiz Thu, 03/13/2008 - 06:59

Please post configs from the switch along with show ip int brief | ex una.

If would be really helpful, if you can capture that information from the console while the switch is having problems.

HTH,

__

Edison.

The config (in attach)

And, while someone was trying to access the switch with telnet:

show ip int brief | ex una

sh line

sh line sum

BTVH-WAREF#sh ip int brief | excl una

Interface IP-Address OK? Method Status Protocol

Vlan900 172.16.48.164 YES NVRAM up up

BTVH-WAREF#sh ip int brief | excl una

Interface IP-Address OK? Method Status Protocol

Vlan900 172.16.48.164 YES NVRAM up up

BTVH-WAREF#sh ip int brief | excl una

Interface IP-Address OK? Method Status Protocol

Vlan900 172.16.48.164 YES NVRAM up up

BTVH-WAREF#sh line

Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int

* 0 CTY - - - - - 2 0 0/0 -

* 1 VTY - - - - - 6761 0 0/0 -

2 VTY - - - - - 289 0 0/0 -

3 VTY - - - - - 99 0 0/0 -

4 VTY - - - - - 65 0 0/0 -

5 VTY - - - - - 7 0 0/0 -

6 VTY - - - - - 0 0 0/0 -

7 VTY - - - - - 0 0 0/0 -

8 VTY - - - - - 0 0 0/0 -

9 VTY - - - - - 0 0 0/0 -

10 VTY - - - - - 0 0 0/0 -

11 VTY - - - - - 0 0 0/0 -

12 VTY - - - - - 0 0 0/0 -

13 VTY - - - - - 0 0 0/0 -

14 VTY - - - - - 0 0 0/0 -

15 VTY - - - - - 0 0 0/0 -

16 VTY - - - - - 0 0 0/0 -

BTVH-WAREF#sh lin sum

0: Uu-- --?? ???? ???? ?

2 character mode users. (U)

11 lines never used (?)

2 total lines in use, 1 not authenticated (lowercase)

Attachment: 
Edison Ortiz Thu, 03/13/2008 - 07:59

Your config looks good. I did a quick bug search and found there is a bug file against storm-control on that software release.

Try removing storm-control for a few days and see if the problem goes away.

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCee30678

CSCee30678 Bug Details

Storm control incorrectly blocks all traffic

Description:

Storm Control can not be used to limit traffic on an incoming port. If the user

selects for example:

storm-control multicast level 25 20

and does NOT select:

storm-control action shutdown

Then the switch should limit the incoming multicast to less than 25 percent

of the port speed. If the user chooses:

storm-control action shutdown

then the switch should shutdown the port when the mulitcast traffic exceeds

25 percent and reactivate it when the traffic lowers to 20 percent. This also

does not work, since the port is shutdown, the switch can not monitor the port.

Workaround: None at this time

HTH,

__

Edison.

Edison Ortiz Thu, 03/13/2008 - 08:07

I agree and the remark isn't stupid. That's the only thing that came up since your configuration looks perfect.

I was looking for specific bugs against telnet and there weren't none.

That IOS version is quite old but I understand you said upgrading was out of the question.

it's not "out of the question" ... I will upgrade them to 12.2(44)SE as soon as possible if this could be a sollution ...

I will upgrade a few of them to the latest IOS tonight and see if the error comes on these switches also ..

The only thing is, I'm running this config since 2004 without any problem, and suddenly....

Actions

This Discussion