I'm more concerned about what do you have configured on the console port of your core routers and less on your console router itself. Could you please post a config of the aaa settings of a core router as well as the con 0 config? Ziv
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Youssef Bengelloun-Zahr Sent: Wednesday, June 02, 2010 3:23 AM To: [email protected] Subject: [c-nsp] Cisco 2600 with async NM-32 sending wrong characters Dear List, I have just installed an Out Of Band network in case of major crashes for our company. The architecture is the following : 3 Cisco 2600 routers gearded with async NM32 modules and octal cables. Each console is connected to the console port of my backbone routers. The routers are NATed behind another IPS DSL line. Such kind of OOB network comes in handy sometimes ;-) My core routers are configured to authenticate with our internal radius servers before falling back to the enable password, just in case. Here is what I have started seeing in my RADIUS logs : *** Received from X.X.X.X port 47832 .... Code: Access-Request Identifier: 83 Authentic: <221>r<176>Z<189><221><25><8>< 142>T<20>b<244>S<176>O Attributes: User-Name = *"CONS1.IX1>"* User-Password = "<161><2><22>s[jR<217>\<245>R<217><25><129><197><137>^<213>7<220><27>5=h,<192><158>9<1>T<31><196>" NAS-IP-Address = X.X.X.X Wed Jun 2 01:40:19 2010: DEBUG: Handling request with Handler '' Wed Jun 2 01:40:19 2010: DEBUG: Deleting session for CONS1.IX1>, X.X.X.X, Wed Jun 2 01:40:19 2010: DEBUG: Handling with Radius::AuthSQL Wed Jun 2 01:40:19 2010: DEBUG: Handling with Radius::AuthSQL: Wed Jun 2 01:40:19 2010: DEBUG: Query is: 'SELECT password, is_staff, is_staff FROM auth_user WHERE username='CONS1.IX1>' AND is_active IS TRUE': Wed Jun 2 01:40:19 2010: DEBUG: *Radius::AuthSQL looks for match with CONS1.IX1> [CONS1.IX1>] Wed Jun 2 01:40:19 2010: DEBUG: Radius::AuthSQL REJECT: No such user: CONS1.IX1> [CONS1.IX1>] Wed Jun 2 01:40:19 2010: DEBUG: AuthBy SQL result: REJECT, No such user* Wed Jun 2 01:40:19 2010: DEBUG: Handling with Radius::AuthFILE: Wed Jun 2 01:40:19 2010: DEBUG: Reading users file /etc/radiator/users-interne Wed Jun 2 01:40:19 2010: DEBUG: Radius::AuthFILE looks for match with CONS1.IX1> [CONS1.IX1>]Wed Jun 2 01:40:19 2010: DEBUG: Radius::AuthFILE REJECT: No such user: CONS1.IX1> [CONS1.IX1>] Wed Jun 2 01:40:19 2010: DEBUG: AuthBy FILE result: REJECT, No such user Wed Jun 2 01:40:19 2010: INFO: Access rejected for CONS1.IX1>: No such user Wed Jun 2 01:40:19 2010: DEBUG: Packet dump: *** Sending to 77.246.80.138 port 47832 .... Code: Access-Reject Identifier: 83 Authentic: <221>r<176>Z<189><221><25><8><142>T<20>b<244>S<176>O Attributes: Reply-Message = "Request Denied" *** Received from X.X.X.X port 52229 .... Code: Access-Request Identifier: 181 Authentic: z5<183>6L<27>z`<191><221><22><6><213><20><13><143> Attributes: User-Name = *"CONS2.IX1> ### Login failed"* User-Password = "UP<214><250><11><158>%<245><251>jJ<195>M<145>c<2>" NAS-IP-Address = X.X.X.X Wed Jun 2 01:40:19 2010: DEBUG: Handling request with Handler '' Wed Jun 2 01:40:19 2010: DEBUG: Deleting session for CONS2.IX1> ### Login failed, X.X.X.X, Wed Jun 2 01:40:19 2010: DEBUG: Handling with Radius::AuthSQL Wed Jun 2 01:40:19 2010: DEBUG: Handling with Radius::AuthSQL: Wed Jun 2 01:40:19 2010: DEBUG: Query is: 'SELECT password, is_staff, is_staff FROM auth_user WHERE username='CONS2.IX1> ### Login failed' AND is_active IS TRUE': Wed Jun 2 01:40:19 2010: DEBUG: *Radius::AuthSQL looks for match with CONS2.IX1> ### Login failed [CONS2.IX1> ### Login failed] Wed Jun 2 01:40:19 2010: DEBUG: Radius::AuthSQL REJECT: No such user: CONS2.IX1> ### Login failed [CONS2.IX1> ### Login failed] Wed Jun 2 01:40:19 2010: DEBUG: AuthBy SQL result: REJECT, No such user* Wed Jun 2 01:40:19 2010: DEBUG: Handling with Radius::AuthFILE: Wed Jun 2 01:40:19 2010: DEBUG: Radius::AuthFILE looks for match with CONS2.IX1> ### Login failed [CONS2.IX1> ### Login failed] Wed Jun 2 01:40:19 2010: DEBUG: Radius::AuthFILE REJECT: No such user: CONS2.IX1> ### Login failed [CONS2.IX1> ### Login failed] Wed Jun 2 01:40:19 2010: DEBUG: AuthBy FILE result: REJECT, No such user Wed Jun 2 01:40:19 2010: INFO: Access rejected for CONS2.IX1> ### Login failed: No such user Wed Jun 2 01:40:19 2010: DEBUG: Packet dump: Where : - X.X.X.X is the source ip address of my core equipment used to reach the internal RADIUS servers - CONS1.IX1 and CONS2.IX1 are my console routers' names. The consoles keep on flooding the RADIUS servers with such a like requests continuasly. For your information, we have been using theese console routers for years now but they connected directly to the backcone until tonight. Here is the output of a sh version of the consoles : CONS1.IX1#sh version Cisco Internetwork Operating System Software IOS (tm) C2600 Software (C2600-IK9S-M), Version 12.2(46a), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2007 by cisco Systems, Inc. Compiled Wed 11-Jul-07 20:22 by pwade Image text-base: 0x8000808C, data-base: 0x812948AC ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) CONS1.IX1 uptime is 1 hour, 51 minutes System returned to ROM by reload System image file is "flash:c2600-ik9s-mz.122-46a.bin" This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to [email protected]. cisco 2621 (MPC860) processor (revision 0x102) with 60416K/5120K bytes of memory. Processor board ID JAD04290CT0 (2953820044) M860 processor: part number 0, mask 49 Bridging software. X.25 software, Version 3.0.0. 2 FastEthernet/IEEE 802.3 interface(s) 32 terminal line(s) 32K bytes of non-volatile configuration memory. 16384K bytes of processor board System flash (Read/Write) Configuration register is 0x2102 Here is my template of configuration : version 12.2 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname CONS3.IX1 ! aaa new-model aaa authentication login default local enable aaa authorization exec default local enable secret 5 $1$B6xi$Wvur3lYfDVqH8Ztaq9dg51 ! username XXXX privilege 15 password 7 120E041C131F09142F29252A3C202C ip subnet-zero ip cef ! ! no ip domain-lookup ip domain-name XXXXX ip host LOCALHOST 192.168.0.1 ip name-server XXX.XXX.XXX.XXX ip name-server XXX.XXX.XXX.XXX ! ip ssh time-out 60 ! call rsvp-sync ! ! ! ! ! ! ! ! interface FastEthernet0/0 description Link to Freebox ip address 192.168.0.1 255.255.255.0 duplex auto speed auto no shut ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.0.254 no ip http server ! ! menu login text 1 se connecter sur BB1.IX1-SUP1 menu login command 1 telnet LOCALHOST 2033 menu login text 2 se connecter sur BB1.IX1-SUP2 menu login command 2 telnet LOCALHOST 2034 menu login text 3 se connecter sur LNS1.IX1 menu login command 3 telnet LOCALHOST 2035 menu login text 4 se connecter sur LNS2.IX1 menu login command 4 telnet LOCALHOST 2036 menu login text 5 se connecter sur FW1.IX1 menu login command 5 telnet LOCALHOST 2037 menu login text 6 se connecter sur FW2.IX1 menu login command 6 telnet LOCALHOST 2038 menu login text 7 se connecter sur FW3.IX1 menu login command 7 telnet LOCALHOST 2039 menu login text 8 se connecter sur LNS7.IX1 menu login command 8 telnet LOCALHOST 2040 menu login text 0 sortir du menu menu login command 0 menu-exit ! dial-peer cor custom ! ! ! ! ! line con 0 line 33 64 exec-timeout 0 0 no exec transport input all escape-character 3 stopbits 1 line aux 0 line vty 0 4 exec-timeout 30 0 logging synchronous transport input ssh ! ntp server XXX.XXX.XXX.XXX ntp server XXX.XXX.XXX.XXX end Any ideas to what my problem might be ? Thanks in advance. Best regards. Y. -- Youssef BENGELLOUN-ZAHR .................. Ingénieur Réseaux et Télécoms Technopole de l'Aube en Champagne - BP 601 - 10901 TROYES Cedex 9 Agence Paris : 6, rue Charles Floquet - 92120 MONTROUGE Tel +33 (0) 825 000 720 Tel. direct +33 (0) 1 77 35 59 14 Tel. portable +33 (0) 6 22 42 63 80 Email [email protected] ...................................www.720.fr _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ************************************************************************************ This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses. ************************************************************************************ ************************************************************************************ This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses. ************************************************************************************ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
