07-18-2003 03:43 AM - edited 03-02-2019 08:56 AM
We have a 6509 with MSFC running on hybride software.
So CatOS for the switch and IOS for the MSFC modules.
As recent announced their is a vulnerability for routers running IOS, see http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml.
My question is if the MSFC is vulnerable, it runs IOS but is has no physical interfaces and the switch itselfs run CatOS
Solved! Go to Solution.
07-18-2003 04:22 AM
Yes..Virtual VLAN interfaces on the MSFC are vulnerable. CAT OS is not vulnerable to this issue
07-18-2003 04:22 AM
Yes..Virtual VLAN interfaces on the MSFC are vulnerable. CAT OS is not vulnerable to this issue
07-18-2003 04:44 AM
Thanks for your fast respond.
07-19-2003 06:23 PM
According to Cisco Security Advisory document 44020 page 6, it is recommended to upgrade IOS to version 12.1(19)E. The problem is that the size of the Eneterprise IOS (filename : c6msfc2-jsv-mz.121-10.E1.bin) is 14.56 MB and the size of the boot image (filename : c6msfc2-boot-mz.121-10.E1.bin) is 1.82 MB. In other words, they need a total of 16.38MB of bootflash. However, there is only 16.0MB bootflash on board and it is not expandable.
In the middle of copying the new file, I got error and I erased the new one and put back the old one.
Any idea how to proceed ?
07-19-2003 06:28 PM
You have 3 options
1)If you have a PCMCIA card, load the image onto the PCMCIA card and boot from sup-slot0:. This is not recommended though. Best practice is to boot from bootflash
2)Since you have a MSFC2, you do not need a boot image. You can delete the boot image and fit the regualar IOS image. If you have a MSFC(1), boot image is a mandatory requirement.
3)Get 32MB bootflash upgrade kit from Cisco. I believe this is a free upgrade
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/78_14703.htm
07-19-2003 06:49 PM
Thanks for the quick reply. However, I believe even we have MSFC2, boot image(c6msfc2-boot-mz.121-10.E1.bin) is still required for the machine to bootup PROPERLY. Otherwise, why Cisco make such a file available to download ?
I am really hestitate to delete the bootimage and reload the box. If the switch really did not boot up, it will be a self-inficted DOS. Can you please double-check if boot image is really not required if we have MSFC2.
How to check whether we have MSFC1 or MSFC2 ?
Thanks you.
07-19-2003 06:54 PM
MSFC2 does *NOT* neccessarily need a boot image. It is uselful if your regular IOS gets deleted/corrupted.
sh mod 15 or sh mod 16 should tell you what MSFC you have
Console> (enable) sh mod 15
Mod Slot Ports Module-Type Model Sub Status
--- ---- ----- ------------------------- ------------------- --- --------
15 1 1 Multilayer Switch Feature WS-F6K-MSFC2 no ok
07-21-2003 08:29 AM
Thanks for your advice. I deleted the bootimage and successfully upgrade the MSFC2 module. It appears to be working fine so far.
I will contact the salesguy to get the upgrade. Hopefully, it is free - just what you mentioned. Thanks again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide