[c-nsp] SXI(3) code status?
Daniska, Tomas
tomas at soitron.com
Wed Nov 18 05:40:39 EST 2009
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Mark Tinka
> Sent: Wednesday, November 18, 2009 11:15 AM
> To: cisco-nsp at puck.nether.net
> Cc: Jared Mauch
> Subject: Re: [c-nsp] SXI(3) code status?
>
> On Tuesday 17 November 2009 11:31:18 pm Jared Mauch wrote:
>
> > I strongly recommend using it over prior versions of SXI.
>
> As part of our recent round of upgrades, we moved from SXH3
> to SXI2a. It did fix a non-severe AAA bug we hit when we
> first moved to SXH3.
Which one that was? We've been hit by a bug when using TAC+ out of a
VRF. Initial user authentication is OK, but the subsequent enable auth
outgoing packets do not have the proper VRF set and go out the GRT
instead. Funny enough, the return packet returns via the VRF and the box
eats it.
We've filed CSCtc86306 for this hoping to have this fixed by SXI3, but
after exchanging lots of e-mails with India TAC the status was that they
do understand the issue and suddenly they've just stated it works as
expected. The SXI3 goal is missed now, and ages to come until the next
maintenance build...
Aug 28 17:00:37.285: AAA/MEMORY: create_user (0xF7E8CF8) user='xxxxxxxx'
ruser='NULL' ds0=0 port='tty2' rem_addr='x.x.x.x' authen_type=ASCII
service=ENABLE priv=15 initial_task_id='0', vrf= (id=0) <=== they
somehow forgot to fill this in for enable auth
--
deejay
__________ Informacia od ESET NOD32 Antivirus, verzia databazy 4616
(20091117) __________
Tuto spravu preveril ESET NOD32 Antivirus.
http://www.eset.sk
More information about the cisco-nsp
mailing list