This is a bit of an odd one, and I'm wandering if anyone else has ever seen it. I've asked our CCIE's at work, but they've not come across it.
We have a customer that has a 2960 in their network, and one of the interfaces is to their LES circuit to another site. Over the last few days there have been a number of occurences whereby the logs show:
.Jun 10 03:48:46 bst: %SYS-5-CONFIG_I: Configured from console by admin on conso
.Jun 10 03:49:21 bst: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
et0/24, changed state to down
.Jun 10 03:49:22 bst: %LINK-3-UPDOWN: Interface FastEthernet0/24, changed state
F0/24 is the link to the LES, and it looks as if someone on the console is shutting that interface down. I'm a bit suspicious as to why this is happening, as it almost seems to be malicious because whatever is causing this to happen knows that F0/24 is the LES link.
The customer has physically checked the comms room, and there is no cable plugged in. The comms room also has swipe card access, so there is restricted access.
Have any of you seen an issue before whereby it's possible to execute a command remotely, yet have it appear as if it was executed on the console?
I know that the code running on this box is a bit old and we can upgrade it, but it seems like a very strange bug if that it what it is!
I look forward to receiving any advice/comments.