[c-nsp] SXI(3) code status?

Christophe Cardon Christophe.Cardon at bec.dk
Thu Nov 19 03:34:25 EST 2009 

 

You are hitting bug id CSCtd21722 which we have reported to Cisco last week.

Problem also with SNMP ACL bypass with SXI3 on VSS setup. If you configure ACL to protect access to SNMP RO or RW, the ACL is not filtering and access is granted to anyone (if you know the community string of course).

-----Oprindelig meddelelse-----
Fra: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] På vegne af Murphy, William
Sendt: 18. november 2009 18:10
Til: andrew; Chris Phillips
Cc: cisco-nsp at puck.nether.net; Jared Mauch
Emne: Re: [c-nsp] SXI(3) code status?

We have VSS running so would the same apply if I force switchover with VSS?
Is it only "redundancy force-switchover" command or will failover for other cause yield same result?

Thanks...

Bill

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of andrew
Sent: Wednesday, November 18, 2009 4:29 AM
To: Chris Phillips
Cc: cisco-nsp at puck.nether.net; Jared Mauch
Subject: Re: [c-nsp] SXI(3) code status?

Breaks as in after forcing a sup switchover while on console subsequent SSH connections are refused, as it seems the private key is missing/unreadable.


This is logged:

Nov 18 10:16:08.211: SSH2 0: RSA_sign: private key not found Nov 18 10:16:08.211: SSH2 0: signature creation failed, status -1


Clearing RSA keys and re-generating did not help.

Clear RSA keys, *reboot box*, and re-generate did fix.





On Wed, Nov 18, 2009 at 2:00 AM, Chris Phillips <cphillips at wbsconnect.com> wrote:
> Define breaks.  Breaks as in your ssh connection drops and you have to
login
> again, or breaks as in your ssh connection drops and the ssh service
doesn't
> restart?
>
> andrew wrote:
>>
>> Here is some BAD on SXI3 ...
>>
>> with redundant supervisor, SSH breaks upon supervisor switchover.
>>
>> -andrew
>>
>> On Tue, Nov 17, 2009 at 11:34 AM, Jeff Fitzwater 
>> <jfitz at princeton.edu>
>> wrote:
>>>
>>> The 6324 100 MM is supported but did not come online in SXI 1, 2 , 2A.
It
>>> did however work in SXI, which we are running now.
>>>
>>> The other flavors are not supported.
>>>
>>> Jeff
>>>
>>> On Nov 17, 2009, at 12:12 PM, Jared Mauch wrote:
>>>
>>>> Release 12.2(33)SXH and later releases do not support the following
>>>> hardware:
>>>>
>>>> These Ethernet Switching Modules:
>>>>
>>>> -WS-X6024-10FL-MT 24-port 10BASE-FL MT-RJ
>>>>
>>>> -WS-X6248A-TEL 48-port 10/100TX RJ-21
>>>>
>>>> -WS-X6248-RJ-45 48-port 10/100TX RJ-45
>>>>
>>>> -WS-X6248-TEL 48-port 10/100TX RJ-21
>>>>
>>>> -WS-X6324-100FX-SM 24-port 100FX Ethernet
>>>>
>>>> -WS-X6224-100FX-MT 24-port 100FX Ethernet Multimode MT-RJ
>>>>
>>>> -WS-X6316-GE-TX 16-port Gigabit Ethernet RJ-45
>>>>
>>>> -WS-X6416-GE-MT 16-Port Gigabit Ethernet MT-RJ
>>>>
>>>>      Now, the caveat is that they did not actually remove the 
>>>> hardware support for some of these until SXI1, so while the release 
>>>> notes say
one
>>>> thing, the actual support varies.
>>>>
>>>> You will see something like this in 'show power':
>>>> 4    WS-X6248A-TEL       112.98  2.69     -     -     on    off 
>>>> (not
>>>> supported)
>>>> 8    WS-X6248-RJ-45      112.98  2.69     -     -     on    off 
>>>> (not
>>>> supported)
>>>>
>>>> It does appear the WS-X6324-100FX-MM card does power on for SXI3, 
>>>> but I can't recall if that was the case for SXI2/2a/or 1.
>>>>
>>>>      - Jared
>>>>
>>>> On Nov 17, 2009, at 12:05 PM, Chris Phillips wrote:
>>>>
>>>>> Jared,
>>>>>
>>>>> After quickly glancing at the release notes, I was unable to find 
>>>>> anything about the removal of hardware support for the 63xx series
cards.
>>>>>  Do you have a URL or can you be more specific?
>>>>>
>>>>> Thanks in advance!
>>>>>
>>>>> Jared Mauch wrote:
>>>>>>
>>>>>> SXI3 has a number of bug fixes for our network, including one 
>>>>>> that would cause the next-hop to be populated as 'drop' in hardware.
>>>>>> I strongly recommend using it over prior versions of SXI.
>>>>>> Due to the removal of hardware support we replaced the older
63xx/62xx
>>>>>> series cards.
>>>>>> - Jared
>>>>>> On Nov 17, 2009, at 10:22 AM, Rubens Kuhl wrote:
>>>>>>>
>>>>>>> SXI2a running fine with MPLS, QoS, SVIs (no BFD on those... 
>>>>>>> :-(), OSPF, BGP. PFC3C-only, no WAN cards/modules, no DFC.
>>>>>>>
>>>>>>>
>>>>>>> Rubens
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Nov 17, 2009 at 12:51 PM, Jeff Fitzwater 
>>>>>>> <jfitz at princeton.edu> wrote:
>>>>>>>>
>>>>>>>> I have been running the SXI(3) on a test router with 100M MM 
>>>>>>>> 6324, which it did not recognize in previous versions, and so 
>>>>>>>> far no
complaints
>>>>>>>> but then again it's not in a real world yet.
>>>>>>>>
>>>>>>>>
>>>>>>>> Does anyone else have  GOOD or BAD new on SXI(3)?
>>>>>>>>
>>>>>>>>
>>>>>>>> Jeff Fitzwater
>>>>>>>> OIT Network Systems
>>>>>>>> Princeton University
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
>>>>>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>>>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
>>>>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>>>
>>>>>> _______________________________________________
>>>>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
>>>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>
>>>> _______________________________________________
>>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>>
>>
>>
>
> --
> Chris Phillips
> Director of Network Engineering & Peering Coordinator WBS Connect 
> cphillips at wbsconnect.com
> (866) WBS-CONX
> (720) 259-8361 - direct
> (303) 968-4383 - mobile
> www.wbsconnect.com
>



--
-andrew
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list