From: Wright, Jeremy (JA_WRIGHT@xxxxxxxxxxxx)
Date: Fri Apr 19 2002 - 17:14:38 GMT-3
so i nailed down all of the interfaces on the pix to 10 full and the switch
ports it connects to to 10 full and it seems to have cleared my problems up.
thanks everyone for the help!!!! i'd give my left arm to be ambidextrous.
-----Original Message-----
From: Roberts, Larry [mailto:Larry.Roberts@expanets.com]
Sent: Friday, April 19, 2002 9:04 AM
To: 'Gareth Bromley'; Eric Tucker; security@groupstudy.com
Subject: RE: PIX Interface Errors
Getting a traceback is nearly impossible. I was in the console once when it
happened and only got 3 lines of junk before it stopped logging.
This was a good 2 months before the problem was "discovered". All tac said
was that we needed more info. I proposed the question how ? We had learned
to live with it by just hard coding the interfaces to 10 Mbs. Turns out
that its above 10Mbs/s that the problem will arise.
So in the long wait for a replacement that you will likely face, ( 2 months
for us and we had a 24x7x4 on them ) just drop your interface speeds.
Thanks
Larry
-----Original Message-----
From: Gareth Bromley [mailto:garethb@sports.com]
Sent: Friday, April 19, 2002 8:26 AM
To: Eric Tucker; security@groupstudy.com
Subject: RE: PIX Interface Errors
Sorry my enthusiasm got the better of me :(.
I'd love to capture tracebacks via console, but when the unit fails all
console activity stops, doesn't respond to key presses etc... Only fix we
have is to power off/on. And then wait until it breaks again, well until we
replaced it with a 501/506.
Code release is 6.0(1). We did try 6.1(1) and 6.1(2) but the same effect was
evident.
Thanks for the notes,
--Gareth
-----Original Message-----
From: Eric Tucker [mailto:teamdrop@yahoo.com]
Sent: 19 April 2002 13:21
To: Gareth Bromley; Maxey, Jon; security@groupstudy.com
Subject: Re: PIX Interface Errors
uh excuse me, please do challenge me, I said I worked there, look again,
the line which the serial no falls in is not affected:
2000 (later) 4448017... through 4448052... No
----- Original Message -----
From: "Gareth Bromley" <garethb@sports.com>
To: "Eric Tucker" <teamdrop@yahoo.com>; "Maxey, Jon" <jon.maxey@cgey.com>;
<security@groupstudy.com>
Sent: Friday, April 19, 2002 6:48 AM
Subject: RE: PIX Interface Errors
> The real serial number is 44 480271260, so this would be affected by
> this bug. I remeber when upgrading to DES that I had trouble with the
> serial provided by sh ver. And eventually Cisco pointed out I needed
> to put 44 on the front on it for some reason.
>
> Time to contact Cisco :)
>
> Thanks for all the pointers!!
>
> Best regards,
>
> --Gareth
>
> -----Original Message-----
> From: Eric Tucker [mailto:teamdrop@yahoo.com]
> Sent: 19 April 2002 09:57
> To: Maxey, Jon; Gareth Bromley; security@groupstudy.com
> Subject: Re: PIX Interface Errors
>
>
> I'm not there anymore, if I was I 'd ask if you had a smartnet and see
what
> I could do, this Serial Number: 480271260 is not affected, at least by
this
> notice anyhow.....be sure to capture any tracebacks via console, the
> dev guys know exactly what a traceback says...so you'd need escalated
> tac case at that point
>
> if you have a smartnet you still might be able to open a case and have
> it at least researched.
>
> what version of code is this?
>
>
> ----- Original Message -----
> From: "Maxey, Jon" <jon.maxey@cgey.com>
> To: "'Eric Tucker'" <teamdrop@yahoo.com>; "Gareth Bromley"
> <garethb@sports.com>; <security@groupstudy.com>
> Sent: Friday, April 19, 2002 3:36 AM
> Subject: RE: PIX Interface Errors
>
>
> >
> > What Cisco say on interface issues with PIX 515.
> >
> > http://www.cisco.com/warp/public/770/fn9871.shtml
> >
> > Jon Maxey
> > CCIE#8746
> >
> >
> > -----Original Message-----
> > From: Eric Tucker [mailto:teamdrop@yahoo.com]
> > Sent: 19 April 2002 08:38
> > To: Gareth Bromley; security@groupstudy.com
> > Subject: Re: PIX Interface Errors
> >
> >
> > please check your serial no's and go hog wild in the field notices
> > coming from the ww-security team, a good % of my pix hardware cases
> > fell into to one of these notices, (if you've already done your
> > network
> engineer
> > troublshooting already) (8
> >
> >
> > ----- Original Message -----
> > From: "Gareth Bromley" <garethb@sports.com>
> > To: <security@groupstudy.com>
> > Sent: Friday, April 19, 2002 2:25 AM
> > Subject: RE: PIX Interface Errors
> >
> >
> > > I've recently had the exact same problems with a PIX515UR.
> > >
> > > Its definitaley 515 related as swaping it out for 501 or 506 and
> > > all
the
> > > problems disappeared!!
> > >
> > > It isn't load related as the userbase behind this unit is 3, doing
> nothing
> > > more than web browse and collect/send email. My conclusion was
initially
> > the
> > > onboard ethernet was fried, but I do recollect some sort of
> > > product
> recall
> > > for certain serials some time back.
> > >
> > > Certainly interested to see what the fix for this is, as it my
> > > CCIE
lab
> > PIX
> > > just redeployed for users at present.
> > >
> > > sh ver:
> > > Hardware: PIX-515, 64 MB RAM, CPU Pentium 200 MHz
> > > Flash i28F640J5 @ 0x300, 16MB
> > > BIOS Flash AT29C257 @ 0xfffd8000, 32KB
> > >
> > > 0: ethernet0: address is 0050.54ff.c904, irq 11
> > > 1: ethernet1: address is 0050.54ff.c905, irq 10
> > >
> > > Licensed Features:
> > > Failover: Enabled
> > > VPN-DES: Enabled
> > > VPN-3DES: Disabled
> > > Maximum Interfaces: 6
> > > Cut-through Proxy: Enabled
> > > Guards: Enabled
> > > Websense: Enabled
> > > Throughput: Unlimited
> > > ISAKMP peers: Unlimited
> > >
> > > Serial Number: 480271260 (0x1ca05b9c)
> > >
> > > Cheers,
> > >
> > > --Gareth
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On
> > > Behalf Of Wright, Jeremy
> > > Sent: 18 April 2002 18:08
> > > To: 'ccielab@groupstudy.com'
> > > Cc: 'security@groupstudy.com'
> > > Subject: PIX Interface Errors
> > >
> > >
> > > does anyone know what could possibly be causing intermittent drops
> > > on
my
> > > pix. IP's have been removed to protect the innocent. Please notice
> > > the
> > input
> > > errors and overruns on the interfaces match. any suggestions? TIA
> > >
> > > charger# sh int
> > > interface ethernet0 "outside" is up, line protocol is up
> > > Hardware is i82559 ethernet, address is 0004.9ad0.b3a8
> > > IP address , subnet mask
> > > MTU 1500 bytes, BW 100000 Kbit full duplex
> > > 13096920 packets input, 784948228 bytes, 2823487 no buffer
> > > Received 9832854 broadcasts, 0 runts, 0 giants
> > > 13652 input errors, 0 CRC, 0 frame, 13652 overrun, 0
> > > ignored,
0
> > > abort
> > > 7828585 packets output, 261095618 bytes, 0 underruns
> > > 0 output errors, 0 collisions, 0 interface resets
> > > 0 babbles, 0 late collisions, 0 deferred
> > > 0 lost carrier, 0 no carrier
> > > input queue (curr/max blocks): hardware (128/128) software
> (0/178)
> > > output queue (curr/max blocks): hardware (0/128) software
(0/50)
> > > interface ethernet1 "inside" is up, line protocol is up
> > > Hardware is i82559 ethernet, address is 0004.9ad0.b3a9
> > > IP address , subnet mask
> > > MTU 1500 bytes, BW 100000 Kbit full duplex
> > > 56368683 packets input, 1190253414 bytes, 3326433 no buffer
> > > Received 52447952 broadcasts, 0 runts, 0 giants
> > > 3702 input errors, 0 CRC, 0 frame, 3702 overrun, 0
> > > ignored, 0
> > abort
> > > 569791 packets output, 234944145 bytes, 0 underruns
> > > 0 output errors, 0 collisions, 0 interface resets
> > > 0 babbles, 0 late collisions, 0 deferred
> > > 0 lost carrier, 0 no carrier
> > > input queue (curr/max blocks): hardware (128/128) software
> (0/169)
> > > output queue (curr/max blocks): hardware (1/27) software
(0/15)
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > ************************
> > > Jeremy Wright
> > > Network Analyst
> > > Archer Daniels Midland
> > > ja_wright@admworld.com
> > > (217)451-4063
> > >
> > > ************************
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:13 GMT-3