It takes about 5-10 seconds to execute any command via a telnet session to the switch. There is a redundant 3560-24 running the same IOS uplinked via the same GigE 2960G-24TT with no issue. The problem switch is actually less populated then the switch which is responding fine. I am using a AAA model for aaa pointing the same ACS server and it seems that the problem switch does not generate the packets destined for ACS to verify the user logged is allowed to execute each command for 5-10 seconds then there is an immediatte response to the switch from the ACS server. There is no duplex, congestion, CPU or memeory related issues on the problem and I could not find a bug which fits this problem.
As you have yourself stated, it is possible that there is a problem in communication between your switch and the ACS server. Is it possible for you to temporarily disable the AAA functions on the switch, best reverting to the "no aaa new-model" and seeing if the console starts responding promptly? If this little experiment succeeds then it would confirm your suspicion. It will then be necessary to focus on the reachability of the ACS server from your switch and checking for configuration/communication problems with the ACS.
I don't think it is a communication issue between the switches IP interface and the ACS server. Looking at a live sniffer, the switch does not seem to generate the packets for the duration of the lag once they are the command is executed. I am really leaning towrds an IOS and/or hardware related issue, the same aaa settings preside on the twin 3560's also, same management subnet and same path even to reach the ACS server.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...