[c-nsp] 6506 with active/standby Sup1a's failover

Scott Ingram SIngram at clayton.com
Mon Mar 28 18:13:27 EST 2005


Problem Details: I have a 6506 with active/standby Sup1a's.  I had my

helpdesk come to me and mention that random people were looging access
to there 
Voice/Data Vlan. when i telnet into the box any command I made was non

responsive i.e. I had to reopen a new telnet.  when I consoled in the
slot 1    
was active and slot 2 was standby.  then it failed over to the slot 2
and slot  
1 became stand-by.  I have done some debug however, i cant find anything
that   
leads me to the failure.

Slot 2 : Active
Slot 1 : Standby

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
cisco-nsp-request at puck.nether.net
Sent: Sunday, March 27, 2005 12:01 PM
To: cisco-nsp at puck.nether.net
Subject: cisco-nsp Digest, Vol 28, Issue 113

Send cisco-nsp mailing list submissions to
	cisco-nsp at puck.nether.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://puck.nether.net/mailman/listinfo/cisco-nsp
or, via email, send a message with subject or body 'help' to
	cisco-nsp-request at puck.nether.net

You can reach the person managing the list at
	cisco-nsp-owner at puck.nether.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of cisco-nsp digest..."


Today's Topics:

   1. Re: 7206VXR w/ Process Memory Parity Error (Gert Doering)
   2. Re: 7206VXR w/ Process Memory Parity Error (Reuben Farrelly)
   3. RE: PIX and C5RSM (drobinson)
   4. Re: PPPoE and VPDN session query (Ryan O'Connell)
   5. Re: 7206VXR w/ Process Memory Parity Error (Kim Onnel)


----------------------------------------------------------------------

Message: 1
Date: Sun, 27 Mar 2005 11:51:21 +0200
From: Gert Doering <gert at greenie.muc.de>
Subject: Re: [c-nsp] 7206VXR w/ Process Memory Parity Error
To: Jeff Kell <jeff-kell at utc.edu>
Cc: cisco-nsp at puck.nether.net
Message-ID: <20050327095121.GH7864 at greenie.muc.de>
Content-Type: text/plain; charset=us-ascii

Hi,

On Sat, Mar 26, 2005 at 11:11:55PM -0500, Jeff Kell wrote:
> I have a 7204VXR/NPE-300 that crashed three times in the last six
weeks
> with a "Software forced crash" (Block overrun, corrupted redzone)
> running 12.2(13)T12.  Have upgraded to 12.2(15)T15 (with TAC blessing)
> and so far so good.  

I wonder why TAC recommended 12.2(15)T15 instead of going to 12.3(12) -
which should have many more bugfixes, and few new bugs...

gert
-- 
USENET is *not* the non-clickable part of WWW!
 
//www.muc.de/~gert/
Gert Doering - Munich, Germany
gert at greenie.muc.de
fax: +49-89-35655025
gert at net.informatik.tu-muenchen.de


------------------------------

Message: 2
Date: Sun, 27 Mar 2005 22:11:40 +1200
From: Reuben Farrelly <reuben-cisco-nsp at reub.net>
Subject: Re: [c-nsp] 7206VXR w/ Process Memory Parity Error
To: Gert Doering <gert at greenie.muc.de>
Cc: cisco-nsp at puck.nether.net
Message-ID: <6.2.3.0.2.20050327215707.01c69cf0 at tornado.reub.net>
Content-Type: text/plain; charset="us-ascii"; format=flowed

At 09:51 p.m. 27/03/2005, Gert Doering wrote:
>Hi,
>
>On Sat, Mar 26, 2005 at 11:11:55PM -0500, Jeff Kell wrote:
> > I have a 7204VXR/NPE-300 that crashed three times in the last six
weeks
> > with a "Software forced crash" (Block overrun, corrupted redzone)
> > running 12.2(13)T12.  Have upgraded to 12.2(15)T15 (with TAC
blessing)
> > and so far so good.
>
>I wonder why TAC recommended 12.2(15)T15 instead of going to 12.3(12) -
>which should have many more bugfixes, and few new bugs...

This seems to happen regularly, I too have seen other engineers 
recommended things by the TAC, like recently upgrade to 12.3(5a) when 
12.3(5d) with some serious defects fixed, or even 12.3(11) was 
out.  Occasionally I've even seen deferred releases being 
recommended.  The mind boggles.

I would have expected it all revolved around engineers pushing to the 
latest GD release , or failing that, the latest LD for a platform, 
and avoid the ED's unless absolutely necessary.  Although I see 
branch/ED releases such as 12.3(2)XA and 12.3(4)XD shipped in brand 
new routers nearly all the time, so <shrug> to be honest, I really 
can't quite figure out what the thinking behind this all is.

What is cisco's official position on this aspect of software releases?

reuben



------------------------------

Message: 3
Date: Sun, 27 Mar 2005 12:28:22 +0100
From: "drobinson" <drobinson at netfabric.net>
Subject: RE: [c-nsp] PIX and C5RSM
To: "'Sean Granger'" <sgranger at randfinancial.com>,
	<cisco-nsp at puck.nether.net>
Message-ID: <200503271124.j2RBOZaD035278 at puck.nether.net>
Content-Type: text/plain;	charset="us-ascii"

Guys -

Quick one.. do you know of any good PIX mailing lists? 

Thanks,

Dave

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Sean Granger
Sent: 27 March 2005 02:46
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] PIX and C5RSM

Scenario =

PIX with 3 interfaces: Inside, Outside and DMZ.

2 VLAN-Ints on C5RSM:
VLAN10 - Inside gateway, redirection for the segment.
VLAN11 - Connects to PIX Inside interface.

Everything is working as should be expected.
In order for Inside hosts to reach the Outside or DMZ, they are forced
through the PIX.
And vice versa. Standard issue stuff.

There is another standalone router [a seriously underutilized
7204VXR(!!)]
in the DMZ segment ...
Used for? You guessed it, redirection (have to love the PIX).
This is an utter waste of (nice) routing equipment and I'd like to
change
it.

Problem:

The simplest explanation of how I'd like to redesign it would be as
follows:

2 MORE VLAN-Ints on C5RSM:
VLAN 20 - DMZ gateway, redirection for the segment.
VLAN 21 - Connects to PIX DMZ Interface.

However, if I bring the segment facing the protected hosts into the
C5RSM,
it will always prefer the directly connected route and switch across the
VLANs.

Traffic between the VLANs 10 and 20 will never be firewalled and the PIX
will only be used to/from the Outside. Bad, bad, bad.

Thus, I'm looking for some novel ideas on how to FORCE the traffic
through
the PIX.
I can't think of any way to effectively change the connected route's
cost.
This doesn't seem like an overly complicated setup (I doubt people are
wasting routers for PIX installs and/or using host route entries) and I
feel
like I'm just missing something in the visualization process.

Any advice greatly appreciated.

Regards,
Sean


_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/







------------------------------

Message: 4
Date: Sun, 27 Mar 2005 12:30:16 +0100
From: "Ryan O'Connell" <ryan at complicity.co.uk>
Subject: Re: [c-nsp] PPPoE and VPDN session query
To: Prit Patel <shahtejal at gmail.com>
Cc: NSP List <cisco-nsp at puck.nether.net>
Message-ID: <42469948.7060402 at complicity.co.uk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

On 25/03/2005 11:12, Prit Patel wrote:

>I m useing VPDN + PPPoE on 7200 for allow access to remote user.
>Client will use PPPoE dialer to access the services.
>
>When client is giving wrong uid/passwd at that time Cisco 7200 is able
>to communicate to PPPoE dialer that uid/passwd wrong.
>
>Is it possible to use some attribute in users profile so that users
>will get prompt or popup window when their subscription get over.
>  
>

If you're using RADIUS, the "Reply-Message" attribute can be used to 
return a message to the end user. However, the majority of dialup/VPN 
clients I've used don't bother to display such messages.

-- 
         Ryan O'Connell - CCIE #8174
<ryan at complicity.co.uk> - http://www.complicity.co.uk

I'm not losing my mind, no I'm not changing my lines,
I'm just learning new things with the passage of time



------------------------------

Message: 5
Date: Sun, 27 Mar 2005 15:26:20 +0200
From: Kim Onnel <karim.adel at gmail.com>
Subject: Re: [c-nsp] 7206VXR w/ Process Memory Parity Error
To: Jeff Kell <jeff-kell at utc.edu>
Cc: cisco-nsp at puck.nether.net
Message-ID: <e05f392905032705263acbf3b6 at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1

How about if i got
System returned to ROM by error - a Software forced crash, PC
0x60377264.

twice, associated with a self reload, on an RPM 

Cisco Internetwork Operating System Software
IOS (tm) RPM Software (RPM-JS-M), Version 12.2(14.4)T,  MAINTENANCE
INTERIM SOF
WARE
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Mon 13-Jan-03 22:17 by ccai
Image text-base: 0x60008954, data-base: 0x61748000

ROM: System Bootstrap, Version 12.2(4r)T1, RELEASE SOFTWARE (fc1)
BOOTLDR: RPM Software (RPM-BOOT-M), Version 12.2(8)T4,  RELEASE SOFTWARE
(fc1)

RPM(r) uptime is 1 day, 9 minutes
System returned to ROM by error - a Software forced crash, PC 0x60377264
Running default software

cisco RPM-PR (NPE400) processor with 491520K/32768K bytes of memory.
R7000 CPU at 350Mhz, Implementation 39, Rev 3.3, 256KB L2, 4096KB L3
Cache
Last reset from s/w peripheral
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
1 ATM network interface(s)
125K bytes of non-volatile configuration memory.

Any known bugs, recommended changes ?
On Sat, 26 Mar 2005 23:11:55 -0500, Jeff Kell <jeff-kell at utc.edu> wrote:
> Ted Mittelstaedt wrote:
> > cisco-nsp-bounces at puck.nether.net wrote:
> 
> >> I have a 7206VXR (NPE-300) that has been working fine as a border
> >> router for over two years. It reloaded itself last night, and the
> >> logs say that it was due to a "processor memory parity error".
> 
> >> Does anyone here have any experience with this type of error on the
> >>  7200-series? Should I write this incident off as a random glitch?
> 
> > If you have never updated IOS on this router for the last 2 years
> > it is suceptable to a number of remote attacks.
> 
> I have a 7204VXR/NPE-300 that crashed three times in the last six
weeks
> with a "Software forced crash" (Block overrun, corrupted redzone)
> running 12.2(13)T12.  Have upgraded to 12.2(15)T15 (with TAC blessing)
> and so far so good.  It had been running quite some time (though not
two
> years) without problems.  The "remote attack" scenario is an
interesting
> alternative theory as this is an edge router (fed by DS3).
> 
> Jeff
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


------------------------------

_______________________________________________
cisco-nsp mailing list
cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp


End of cisco-nsp Digest, Vol 28, Issue 113
******************************************



More information about the cisco-nsp mailing list