Solved

ssh issues to router

Posted on 2015-01-28
8
748 Views
Last Modified: 2015-01-28
I will get a chance to get into the router via console. The router is at another state. For some reason, I am getting "connection refused" errors when trying to ssh in. It works just fine after a reboot, but after few times or few hours it will fail again with the above error. It happens daily. The only way to get back in is if I reboot the router.

The VTY lines look normal
line vty 0 4                  
 session-timeout 40                  
 exec-timeout 40            
 password 7 xxxxxxxxxxxx
 transport input ssh                  

I also have this:
service tcp-keepalives-in                        
service tcp-keepalives-out                        
service timestamps debug datetime msec                        
service timestamps log datetime msec                        
service password-encryption                        
no service password-recovery                        

Anything I should be checking for when I get into the console?
- I will check if the certificate is present
- If there are hung sessions

Anything else I could check to verify? There is no acl's on the vty lines as you can see, not sure what else to look for.

thank you
0
Comment
Question by:Shark Attack
  • 5
  • 3
8 Comments
 
LVL 3

Author Comment

by:Shark Attack
ID: 40575481
well i did find out there is an ACL on the vty lines. I am not sure why it didnt show up in my previous show run. Must have been coming back after reboots.

So I tried to take the ACL off the vty's and it gives me the below error

config-line)#no access-class sl_def_acl in
%WARNING: The access list currently in force is the Quiet Mode access
list. The specified access list takes effect only after switching back
to normal mode operation.

How do I turn off the quite mode? or fix the above so I can get back in?

I tried:
no login quiet-mode - that didnt help

Any help?
0
 
LVL 3

Author Comment

by:Shark Attack
ID: 40575486
also got this on "show login"


     Router presently in Quiet-Mode.
     Will remain in Quiet-Mode for 6385 seconds.
     Denying logins from all sources.
0
 
LVL 28

Accepted Solution

by:
Jan Springer earned 500 total points
ID: 40575682
sh run | i quiet

it sounds like quiet mode is turned on.

first try updating the access-list and reapply it to the vty.  then optionally modify the quiet mode configuration to something lower.

that is, after your 6385 seconds have elapsed.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 3

Author Comment

by:Shark Attack
ID: 40575701
thats my acl
Extended IP access list sl_def_acl
    10 deny tcp any any eq telnet log
    20 deny tcp any any eq www log
    30 deny tcp any any eq 22 log (2454 matches)
    40 permit tcp any any eq 22 log

this is the log message
Jan 28 16:05:56.528: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 10.153.0.223(54163) -> 0.0.0.0(22), 2 packet

So i can't do anything until that time elapses? Even via console mode?
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 40575707
you should be able to get in via console.  I believe quiet mode is only applied to the vty interfaces.
0
 
LVL 3

Author Comment

by:Shark Attack
ID: 40575727
what is the command to lower that number down ?
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 40575734
it should be the login block-for command.  Do a "sh run | i block" (no quotes and leave a space before and after the pipe).
0
 
LVL 3

Author Comment

by:Shark Attack
ID: 40575745
alright I modified it. will see what happens. Thanks.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Adoption of Microsoft’s Enterprise Mobility and Security solution and Office 365 will re-order the File Sync and Share market Microsoft has stated that its Enterprise Mobility + Security (EMS) is the fastest growing product in the history of the …
One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question