2821 and IOS 12.4(9)T2 high cpu usage for AAA accounting

Unanswered Question
Sep 11th, 2008
User Badges:
  • Silver, 250 points or more

Hi Guys,


I've checked the but tool etc, but to no avail..


Wondering if anyone has seen a problem with 12.4(9)T2 or similiar (SP-SERVICES).


Telnetted into the router.

The router was very slow to respond.

AAA authentication was not working, I logged in with a local user.


Show cpu proc - showed the Virtual Exec and AAA accounting processes as the highest users.


No debugs running.

Not even running term mon.

No other users

Very low traffic


Nothing obvious.


After a reboot, all is well :)


Cheers,


Tim.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mchin345 Wed, 09/17/2008 - 06:25
User Badges:
  • Silver, 250 points or more

The console port by default does not have authorization turned on so as to prevent people from locking themselves out of the device. The following commands you added are basically performing the default behavior:

aaa authorization exec console none

aaa authorization commands 15 console none

line con 0

authorization commands 15 console

authorization exec console

By default, the following commands are applied to the console port and hidden:

no authorization commands 0 default

no authorization commands 1 default

no authorization commands 15 default

no authorization exec default

These will only show up unless you enter them in with either the default method or a named list. You can use "local" or "line" for these authorization methods, but be sure to test it on the telnet lines prior to entering them. That way you will have a backdoor method in case things do not work as intended.

http://www.cisco.com/en/US/docs/ios/12_2sb/feature/guide/sbcache.html#wp1070921


Actions

This Discussion