{"id":1831,"date":"2012-09-27T10:57:23","date_gmt":"2012-09-27T09:57:23","guid":{"rendered":"http:\/\/mccltd.net\/blog\/?p=1831"},"modified":"2013-09-27T19:34:56","modified_gmt":"2013-09-27T18:34:56","slug":"cisco-clear-idle-vty-sessions-tcp-control-blocks","status":"publish","type":"post","link":"http:\/\/darenmatthews.com\/blog\/?p=1831","title":{"rendered":"Cisco &#8211; Clear idle VTY sessions (TCP Control Blocks)"},"content":{"rendered":"<p>An aide-memoir:<\/p>\n<p>Cisco3750#who<br \/>\nLine\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 User\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Host(s)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Idle\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Location<br \/>\n1 vty 0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 idle\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 13w0d l00151267.domainl.com<br \/>\n2 vty 1\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 172.23.64.17\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 14w3d 172.23.64.10<!--more--><br \/>\n3 vty 2\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 idle\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 15w3d l00151267.domainl.com<br \/>\n4 vty 3\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 idle\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 13w0d l00151267.domainl.com<br \/>\n5 vty 4\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 idle\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 14w0d l00151267.domainl.com<br \/>\n6 vty 5\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 idle\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 13w2d l00151267.domainl.com<br \/>\n7 vty 6\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 idle\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 9w6d 172.23.64.10<br \/>\n9 vty 8\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 idle\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 1w6d l00151267.domainl.com<br \/>\n10 vty 9\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 idle\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 3w2d 172.23.64.110<br \/>\n* 11 vty 10\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 idle\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 00:00:00 l00151267.domainl.com<\/p>\n<p>Interface\u00a0\u00a0\u00a0\u00a0\u00a0 User\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Mode\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Idle\u00a0\u00a0\u00a0\u00a0 Peer Address<\/p>\n<p>Cisco3750#<br \/>\nCisco3750#sh tcp brief<br \/>\nTCB\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Local Address\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Foreign Address\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 (state)<br \/>\n061DDCA8\u00a0 172.23.64.9.23\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 l00151267.domain.31161 ESTAB<br \/>\n06097744\u00a0 172.23.64.9.23\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 l00151267.domain.20077 ESTAB<br \/>\n063AA230\u00a0 172.23.64.9.23\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 l00151267.domain.52497 ESTAB<br \/>\n060B1F88\u00a0 172.23.64.9.23\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 172.23.64.10.27657\u00a0\u00a0\u00a0\u00a0 ESTAB<br \/>\n0626B478\u00a0 172.23.64.9.23\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 l00151267.domain.2136\u00a0 ESTAB<br \/>\n063ECE14\u00a0 172.23.64.9.23\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 l00151267.domain.25441 ESTAB<br \/>\n0626C384\u00a0 3.3.3.3.23\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 172.23.64.110.3579\u00a0\u00a0\u00a0\u00a0 ESTAB<br \/>\n063E56DC\u00a0 172.23.64.9.23\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 172.23.64.10.14851\u00a0\u00a0\u00a0\u00a0 ESTAB<br \/>\n063A9AD0\u00a0 172.23.64.9.23\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 l00151267.domain.23547 ESTAB<br \/>\n063A81E8\u00a0 172.23.64.81.51714\u00a0\u00a0\u00a0\u00a0\u00a0 adc-dis.23\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ESTAB<br \/>\n063E4C8C\u00a0 172.23.64.9.23\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 l00151267.domain.50301 ESTAB<br \/>\nCisco3750#<\/p>\n<p>Cisco3750#clear tcp tcb ?<br \/>\n&lt;0x0-0xFFFFFFFF&gt;\u00a0 TCB address<\/p>\n<p>Cisco3750#clear tcp tcb 063ECE14<br \/>\n[confirm]<br \/>\n[OK]<br \/>\nCisco3750#<\/p>\n<p><span style=\"text-decoration: underline;\"><strong>CSCsk239<\/strong><\/span><\/p>\n<p><strong>Symptoms: A router running an IOS image may stop accepting incoming TELNET connections.<\/strong><\/p>\n<p>Conditions: Occurs when 20 or more VRFs are configured and they have incoming TCP connections arriving at the host for non-existing services from different VRFs.<\/p>\n<p>Workaround: Use <b>show tcp brief all<\/b> command to view TCB that have local and foreign addresses as &#8220;*.*&#8221;. Clear those entries using the following command <b>clear tcp tcb<\/b> address of the TCB.<\/p>\n<p>Further Problem Description: When an incoming SYN is received for a non-existing service, for example to BGP port with BGP not configured, TCP leaks a TCB that has laddr and faddr as *.*. This TCB is usually reused for the next incoming connection.<\/p>\n<p>However when VRFs are configured, such TCB can be reused only for that VRF. If there are several VRFs configured in the box, one TCB per VRF will be leaked. And there is a limit of 20 such &#8220;wild TCBs&#8221; in the system. So, once we reach the limit of 20, because we leak one per each different VRF, any connection request coming in will be denied.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>An aide-memoir: Cisco3750#who Line\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 User\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Host(s)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Idle\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Location 1 vty 0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 idle\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 13w0d l00151267.domainl.com 2 vty 1\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 172.23.64.17\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 14w3d 172.23.64.10<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[83],"tags":[],"_links":{"self":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1831"}],"collection":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1831"}],"version-history":[{"count":4,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1831\/revisions"}],"predecessor-version":[{"id":1833,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1831\/revisions\/1833"}],"wp:attachment":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1831"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1831"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1831"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}