Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


intermitent SSH connection to Cisco Router

Posted on 2011-02-25
Medium Priority
Last Modified: 2012-05-11
Hi Experts,

I'm currently experiencing a very weird thing happening on my cisco router 3925. It seems that when I try to connect to the router via SSH, sometimes it connects and sometimes it just times out. Anyone out there experience a similar problem? Thanks in advance.
Question by:ffleisma
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +2
LVL 24

Expert Comment

ID: 34984870
Can you post your config?

Author Comment

ID: 34984932
no i can't, its for my work, i know it won't be much help if i can't post the config. i posted the question just ot get an idea on where i could start troubleshooting this problem.
LVL 79

Accepted Solution

lrmoore earned 400 total points
ID: 34984971
>sometimes it connects and sometimes it just times out
Usually, if it connects at all, the configuration is correct.
During the times that it times out, the router could be CPU bound and simply cannot accept incomming connections. There could be a memory leak bug in the current IOS version...
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 24

Assisted Solution

rfc1180 earned 800 total points
ID: 34985054
do you have one internet connection or dual Internet (asymetrical routing, or routing convergance issues?).
An issue end to end from you and the router (Packet loss, high latency)
Congested link, etc.
LVL 10

Assisted Solution

lanboyo earned 400 total points
ID: 34985181
When you say times out, do you mean that it does not connect to the router  ( tecp timeout) or it connects but you can't enter your password?

When you try to connect to the router and you time out you should do a traceroute and ping the address you use to ssh to.

Keep a running ping in a window and keep trying to connect. See if the results change when you time out.

If your network pings and traceroutes do not change, then configure the router to log debug  messages to flash (logging debug ), and turn on this debug command:

debug ip ssh client

Check the timestamps and see it the router sees the incoming ssh sessions.


Author Comment

ID: 34985271
one thing is for sure there are no packet loss as i check the counters in the interfaces, it shows 0 for all errors. this is a private IP circuit with dual-homed 3xT1 circuit.

i also don't think it would be an ios problem as we have already installed more than 500 sites using the same ios and this weird problem only exist for this one site.

management IP is pingable even at a continuous ping it doesn't drop.

it doesn't even proceed with asking me for a password, aaa tacacs is used for authentication. when i hit ssh -l username ip-address, it just comes as "blank" it doesn'st show disconnect, timeout or anything. nothing just happens and next line is blank.

thanks for the ideas guys, how about the CPU bound problem you mentioned? how can i check this?
LVL 79

Expert Comment

ID: 34985284
As soon as you can get in, check
show proc cpu hist
Shows you a little graph of past hour, 24 hours, 72 hours and you can see if there are spikes of high utilization.

Author Comment

ID: 34987218
yes i did that already and it didn't show any high utilization or spikes. for now im scheduling maintenance and i'll probably run debug commands, any suggestion on what debug commands that could help me?
LVL 24

Assisted Solution

rfc1180 earned 800 total points
ID: 34988316
I would also include into your troubleshooting a packet capture of the issue you are having; what is happening at the packet level. Are the 2 endpoints completing the 3way-hand shake, what else is happening after the 3-way handshake if it is succeeding.

debug ip tcp packet x.x.x.x (host that you are trying to connect to)
debug ip ssh
debug arp
debug ip packet (Be careful with this one, I would recommend that you setup an access-list and specify only the hosts you will be troubleshooting
debug ip routing (This will monitor the routing table to check for flapping routes)

Run each debug separately.

LVL 17

Assisted Solution

by:Marius Gunnerud
Marius Gunnerud earned 400 total points
ID: 34991416
is the "ip ssh timeout" configured?  if this value is set too low you wont be able to type in your password before the session times out.

ip ssh timeout detects issues in the negotiation stage

exec-timeout detects user inactivity

Featured Post

Simplify Your Workload with One Tool

How do you combat today’s intelligent hacker while managing multiple domains and platforms? By simplifying your workload with one tool. With Lunarpages hosting through Plesk Onyx, you can:

Automate SSL generation and installation with two clicks
Experience total server control

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question