There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.
intermitent SSH connection to Cisco Router
Hi Experts,
I'm currently experiencing a very weird thing happening on my cisco router 3925. It seems that when I try to connect to the router via SSH, sometimes it connects and sometimes it just times out. Anyone out there experience a similar problem? Thanks in advance.
I'm currently experiencing a very weird thing happening on my cisco router 3925. It seems that when I try to connect to the router via SSH, sometimes it connects and sometimes it just times out. Anyone out there experience a similar problem? Thanks in advance.
Who is Participating?
no i can't, its for my work, i know it won't be much help if i can't post the config. i posted the question just ot get an idea on where i could start troubleshooting this problem.
do you have one internet connection or dual Internet (asymetrical routing, or routing convergance issues?).
An issue end to end from you and the router (Packet loss, high latency)
Congested link, etc.
An issue end to end from you and the router (Packet loss, high latency)
Congested link, etc.
When you say times out, do you mean that it does not connect to the router ( tecp timeout) or it connects but you can't enter your password?
When you try to connect to the router and you time out you should do a traceroute and ping the address you use to ssh to.
Keep a running ping in a window and keep trying to connect. See if the results change when you time out.
If your network pings and traceroutes do not change, then configure the router to log debug messages to flash (logging debug ), and turn on this debug command:
debug ip ssh client
Check the timestamps and see it the router sees the incoming ssh sessions.
When you try to connect to the router and you time out you should do a traceroute and ping the address you use to ssh to.
Keep a running ping in a window and keep trying to connect. See if the results change when you time out.
If your network pings and traceroutes do not change, then configure the router to log debug messages to flash (logging debug ), and turn on this debug command:
debug ip ssh client
Check the timestamps and see it the router sees the incoming ssh sessions.
one thing is for sure there are no packet loss as i check the counters in the interfaces, it shows 0 for all errors. this is a private IP circuit with dual-homed 3xT1 circuit.
i also don't think it would be an ios problem as we have already installed more than 500 sites using the same ios and this weird problem only exist for this one site.
management IP is pingable even at a continuous ping it doesn't drop.
it doesn't even proceed with asking me for a password, aaa tacacs is used for authentication. when i hit ssh -l username ip-address, it just comes as "blank" it doesn'st show disconnect, timeout or anything. nothing just happens and next line is blank.
thanks for the ideas guys, how about the CPU bound problem you mentioned? how can i check this?
i also don't think it would be an ios problem as we have already installed more than 500 sites using the same ios and this weird problem only exist for this one site.
management IP is pingable even at a continuous ping it doesn't drop.
it doesn't even proceed with asking me for a password, aaa tacacs is used for authentication. when i hit ssh -l username ip-address, it just comes as "blank" it doesn'st show disconnect, timeout or anything. nothing just happens and next line is blank.
thanks for the ideas guys, how about the CPU bound problem you mentioned? how can i check this?
As soon as you can get in, check
show proc cpu hist
Shows you a little graph of past hour, 24 hours, 72 hours and you can see if there are spikes of high utilization.
show proc cpu hist
Shows you a little graph of past hour, 24 hours, 72 hours and you can see if there are spikes of high utilization.
yes i did that already and it didn't show any high utilization or spikes. for now im scheduling maintenance and i'll probably run debug commands, any suggestion on what debug commands that could help me?
I would also include into your troubleshooting a packet capture of the issue you are having; what is happening at the packet level. Are the 2 endpoints completing the 3way-hand shake, what else is happening after the 3-way handshake if it is succeeding.
debug ip tcp packet x.x.x.x (host that you are trying to connect to)
debug ip ssh
debug arp
debug ip packet (Be careful with this one, I would recommend that you setup an access-list and specify only the hosts you will be troubleshooting
debug ip routing (This will monitor the routing table to check for flapping routes)
Run each debug separately.
Billy
debug ip tcp packet x.x.x.x (host that you are trying to connect to)
debug ip ssh
debug arp
debug ip packet (Be careful with this one, I would recommend that you setup an access-list and specify only the hosts you will be troubleshooting
debug ip routing (This will monitor the routing table to check for flapping routes)
Run each debug separately.
Billy
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
-
Course of the Month5 days, 2 hours left to enrollMonitoring and Operating a Private Cloud with System Center 2012 R2 273 lessons
Usually, if it connects at all, the configuration is correct.
During the times that it times out, the router could be CPU bound and simply cannot accept incomming connections. There could be a memory leak bug in the current IOS version...