[cisco-nas] frequent reboot of AS-5200's

Pierre Nepveu pnepveu at videotron.net
Tue Sep 14 12:21:53 EDT 2004 

hello all,

as of late, we experience sudden an unexplained reboots with the following
symptoms :

as07-xxx uptime is 15 hours, 17 minutes
    System restarted by error - software forced crash, PC 0x221CEAD2 at 14:57:30 EDT Sun Sep 5 2004

as12-xxx uptime is 15 hours, 50 minutes
    System restarted by error - software forced crash, PC 0x221CEAD2 at 14:25:31 EDT Sun Sep 5 2004

as16-xxx uptime is 15 hours, 32 minutes
    System restarted by error - software forced crash, PC 0x221CEAD2 at 14:43:11 EDT Sun Sep 5 2004

as02-yyy uptime is 18 hours, 42 minutes
    System restarted by error - software forced crash, PC 0x221CEAD2 at 11:35:00 EDT Sun Sep 5 2004

as03-yyy uptime is 17 hours, 39 minutes
    System restarted by error - software forced crash, PC 0x221CEAD2 at 12:38:28 EDT Sun Sep 5 2004

(xxx and yyy are 2 different POPs). As you can see, the reboots are synchronized
in time. This leads me to think we have a reccurence of a problem we had a few
months back : there is a virus or worm that overwhelms those poor boxes and
forces a crash. The luser logs into a box, crashes it, hits redial, crashes
another box, redials again, crashes yet a third box and then quits.

I see two possible solutions :
1. filter out the exact problem (if I can pinpoint it)
2. install an IOS that is immune to the problem (and will not introduce new
   ones, hopefully!)

--More info--
Current IOS is : IOS (tm) 5200 Software (C5200-IS-L), Version 11.3(11b)T3
	System image file is "flash:c5200-is-l.113-11b.T3.bin"

Applied filter is : 
interface Group-Async1
 ip unnumbered Ethernet0
 ip access-group 109 in

access-list 109 deny   tcp any any eq 135
access-list 109 deny   tcp any any eq 445
access-list 109 deny   tcp any any eq 5000
access-list 109 deny   icmp any any
access-list 109 permit ip xx.yy.zz.0 0.0.0.255 any
access-list 109 deny   ip any any

(where xx.yy.zz is the netblock this NAS belongs to - this is the poor man's
reverse-path verify)

Any suggestion of improved filter is welcome. Any suggestion of an IOS that fits
in 
   cisco AS5200 (68030) processor (revision A) with 8192K/4096K bytes of memory.
   8192K bytes of processor board System flash (Read ONLY)
is alos welcome. (IP/Plus image not necessary - this just what we have not and
it works, so - not broken, not fixed!)

Thanks !

-------------------------------------------------------------------
Pierre Nepveu, CCNP                    tel: +1 514.380-4289 
Administrateur de reseau                    +1 888.INFOVTL x 4289
Ingenierie / Acces Internet            fax: +1 514 899-8452
Videotron Telecom Ltee (VTL) - Montreal (Quebec), Canada
-------------------------------------------------------------------

More information about the cisco-nas mailing list