[c-nsp] 2811 login issues

Chris Wopat me at falz.net
Mon Feb 8 09:11:44 EST 2010

I have a 2811 that stopped accepting logins from its FastEthernet
interface last week out of the blue. When this happened there were no
config changes, router reboots, etc. It has a Multilink bundle
unnumbered via that FastEthernet interface and it *does* accept logins
from this direction. Config is simple, a default route via FA and a
/24 via MU.

A few other odd symptoms:

- 'copy tftp flash' will work for about 12 seconds and then begin to timeout.

- telnetting from the router to anywhere immediately gives
"Destination unreachable; gateway or host down" without even really

What's even more strange is that everything works fine the first 5-10
minutes after a reboot.
It was running 12.4(15)XY1 and I was able to get it to 12.4(15)XY3 to
see if it was a bug. It's running XY for support for its HWIC-4T1/E1.

In an attempt to rule out an upstream routing problem I've added its
default gateway (3.89) to the login ACL and it gives the same symptoms
when connecting from there. It seems to be completely dropping packets
vs rejecting them as it still does if you connect from an IP not on
that ACL.

'debug ip packet' shows this when connecting via telnet or ssh:

Feb  8 07:45:25.892 CDT: IP: s= (FastEthernet0/0),
d=, len 60, rcvd 2
Feb  8 07:45:25.892 CDT: IP: s= (FastEthernet0/0),
d=, len 60, stop process pak for forus packet


