[nsp] Is the NM-1FE-TX supported by the 2621XM?

Gert Doering gert at greenie.muc.de
Thu Jan 22 16:01:54 EST 2004 

Hi,

(I put cisco-nsp back on the CC:, because I think that other readers might
be interested in reading the rant)

On Thu, Jan 22, 2004 at 10:48:42AM -0800, Nathan Patrick wrote:
> Gert Doering wrote:
> >Stay away from the 2948G-L3s as far as you can.
> Curious as to why you say this.

We have *one*, and it has been so notoriously unreliable that Cisco TAC 
gave up on it.

The hardware has been swapped *twice*, but the basic problems remain.  The
two show-stoppers are:

 - eventually, the port ASICs lock up.  In earlier releases, this meant
   "the box is completely dead in the water, and needs to be reloaded
   from the console or power-cycled". 

   Later releases had some sort of port-stuck-auto-reload-ASIC features, 
   but it still meant "the network stops working for about 2 minutes",
   which is just not acceptable behaviour.

 - if your ACLs happen to grow over a certain limit, the hardware cannot 
   handle them anymore.  What happens?  The switch prints a warning to
   the *console port* (ONLY!), and stops using the ACL.

   We had a breakin into a customer server due to this.

   Cisco TAC told us "that's the way it is, there is no way to fix that,
   and there is no way to make the message appear in the syslog or
   anywhere else.  The hardware can only print it to serial console".

   There is *no* way to find out whether your ACL is being used or not
   (except for pinging).

   Which is, of course, completely unacceptable as well.


Furthermore, there are some CEF bugs (ARP entries getting stuck, and
CEF keeps using them, with no way to flush CEF tables due to "this
hardware can only use CEF switching").  Not fatal, but also always
good for a surprise.

Not the least, the platform is EOLed.

[..]
> Of course, I've got 10x as many 3550s out there, and I've _never_ had a 
> problem (save running out of ACL mask TCAM space) with them.

Will the 3550 tell you if the TCAM space is full?

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de

More information about the cisco-nsp mailing list