[cisco-nas] frequent reboot of AS-5200's

Aaron Leonard Aaron at Cisco.COM
Tue Sep 14 13:31:19 EDT 2004 

Pierre,


Please provide the output of "show version" and "show stack"
from one of these 5200s after it has crashed and rebooted.

Aaron

--

> hello all,

> as of late, we experience sudden an unexplained reboots with the following
> symptoms :

> as07-xxx uptime is 15 hours, 17 minutes
>     System restarted by error - software forced crash, PC 0x221CEAD2 at 14:57:30 EDT Sun Sep 5 2004

> as12-xxx uptime is 15 hours, 50 minutes
>     System restarted by error - software forced crash, PC 0x221CEAD2 at 14:25:31 EDT Sun Sep 5 2004

> as16-xxx uptime is 15 hours, 32 minutes
>     System restarted by error - software forced crash, PC 0x221CEAD2 at 14:43:11 EDT Sun Sep 5 2004

> as02-yyy uptime is 18 hours, 42 minutes
>     System restarted by error - software forced crash, PC 0x221CEAD2 at 11:35:00 EDT Sun Sep 5 2004

> as03-yyy uptime is 17 hours, 39 minutes
>     System restarted by error - software forced crash, PC 0x221CEAD2 at 12:38:28 EDT Sun Sep 5 2004

> (xxx and yyy are 2 different POPs). As you can see, the reboots are synchronized
> in time. This leads me to think we have a reccurence of a problem we had a few
> months back : there is a virus or worm that overwhelms those poor boxes and
> forces a crash. The luser logs into a box, crashes it, hits redial, crashes
> another box, redials again, crashes yet a third box and then quits.

> I see two possible solutions :
> 1. filter out the exact problem (if I can pinpoint it)
> 2. install an IOS that is immune to the problem (and will not introduce new
>    ones, hopefully!)

> --More info--
> Current IOS is : IOS (tm) 5200 Software (C5200-IS-L), Version 11.3(11b)T3
> 	System image file is "flash:c5200-is-l.113-11b.T3.bin"

> Applied filter is :
> interface Group-Async1
>  ip unnumbered Ethernet0
>  ip access-group 109 in

> access-list 109 deny   tcp any any eq 135
> access-list 109 deny   tcp any any eq 445
> access-list 109 deny   tcp any any eq 5000
> access-list 109 deny   icmp any any
> access-list 109 permit ip xx.yy.zz.0 0.0.0.255 any
> access-list 109 deny   ip any any

> (where xx.yy.zz is the netblock this NAS belongs to - this is the poor man's
> reverse-path verify)

> Any suggestion of improved filter is welcome. Any suggestion of an IOS that fits
> in
>    cisco AS5200 (68030) processor (revision A) with 8192K/4096K bytes of memory.
>    8192K bytes of processor board System flash (Read ONLY)
> is alos welcome. (IP/Plus image not necessary - this just what we have not and
> it works, so - not broken, not fixed!)

> Thanks !

> -------------------------------------------------------------------
> Pierre Nepveu, CCNP                    tel: +1 514.380-4289
> Administrateur de reseau                    +1 888.INFOVTL x 4289
> Ingenierie / Acces Internet            fax: +1 514 899-8452
> Videotron Telecom Ltee (VTL) - Montreal (Quebec), Canada
> -------------------------------------------------------------------



> _______________________________________________
> cisco-nas mailing list
> cisco-nas at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas

More information about the cisco-nas mailing list