It's just for fixing another security issue. I agree with you, layer 2 switch should not filter layer 3/4 data traffic by default.
I suggest you contact SBSC and open a SR.
kmccourt 100 - 249 points kmccourt 125 posts since
Mar 15, 2007 Currently Being Moderated
Jul 16, 2013 11:35 AM (in response to Li Zhu)
Why is the 126.96.36.199 firmware still freely available to download without so much as a warning as to its bizarre behaviour when it is obviously broken?
Li Zhu Employee points Li Zhu 28 posts since
Jan 16, 2013 Currently Being Moderated
Jul 16, 2013 9:16 PM (in response to kmccourt)
Port 0-1023 are well known ports, normally service use source port greater than 1023. Only some special service use source port in 0-1023, not all the customers found their service broken.
Really Li? "not all customers found their service broken" is a reason not to warn of probable significant issue. Who are you people? You are not from around here are you? May you all are from Pluto or beyond. You are at least that far out of touch.
The firmware version 188.8.131.52 was released to address other issues related to the platform.
It seems like one of the changes made to the firmware affected the DoS prevention feature supported on this platform.
Our Engineering team is working on to address this glitch. If you are running into this issue, please contact Cisco SBSC and open a Service Request. One of our Engineers will work with you to find a viable solution.
I just wanted to chime in and say I experience the problem and downgrading to 184.108.40.206 put me back working.
I also want to let Cisco know that having a Layer 2 switch blocking traffic based on layer3/4 characteristics for whatever reason is just completely unacceptable. I am not sure on what world that LPR and NFS traffic is considered traffic that needs to be dropped. These are standards/protocols that have been around for decades, not something new.
Cisco if you need to recreate it here is the simplest way
hping3 -S -s 784 -p 2049 192.168.150.30 BLOCKED
hping3 -s 784 -p 2049 192.168.150.30 NOT BLOCKED
Just another "ME-TOO" from me to demonstrate that this is not an issue of a few exotic customers.l
2 months ago I had to spend a lot of my time in debugging (including setting up mirror ports and sniffing on them), until all other error causes could be excluded and I realized the unbelievable reality, that it was the switch dropping the traffic.
Intermediatedly, all my devices using NFS are connected by an very cheap "Level One Switch" - This switch does his job!
@ Li Zhu: Can you estimate, when the "couple of months" until the next release will be reached ?
Under certain circumstances I would accept a beta version. Are there asynchronus ways to contact the SBSC ?
(The provided link only offers live Chat and telephone numbers, but no E-Mail or Web-based contact formulars.)
Now we are six months further and there is still no fix available...
Amazing how effective Cisco is responding to this issue, well done Cisco!
There is a Engineering firmware version that may have a fix for this issue. If you would like to try that, please contact Cisco SBSC and open a Service Request (You may need to provide entitlement information to open a service request). Alternatively, if you have a SBS service contract on the switch, you may be able to open the case online via Cisco.com.
it seems obvious that Cisco offers dysfunctional firmware for this product. Since this seems to be OK for Cisco, it should be no trouble to offer an experimental firmware for download without having to deal with service requests and stuff.
Replacing one broken thing with another broken thing is not the best of choices, but still offering this dysfunctional v220.127.116.11 without comment certainly isn't any better!
tim (the one with NFS issues:
Engineering firmware is released through our support team. Once our Support Engineers verify the symptoms match the issue that was fixed in the Engineering firmware, then they will be able walk you through the process to get the firmware for testing. So, I would suggest you to contact Cisco Support and open a Service request (You may need to provide entitlement information to open a service request).
Let's assume i was willing to do the beta testing for cisco. I tried to register for a service ticket here:
...to find out that i am not allowed to do so.
No further comments on this suggestion. Swearing would probably get me kicked from the forum, right?
Again, ciso is offering defective firmware for download for months now. I am certainly cured from buying cisco products.
Online case creation option is available for customers with a support contract on their Cisco device. If you do not have a support contract but your device is still within the support warranty period (1 Year from the date of purchase), then you can contact Cisco Support at +1 866 606 1866 (or appropriate number at your region
http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html) and log a Support Service Request.
While it is unfortunate that the latest firmware broke some of the functionalities of the switch, our Engineering team is working with several customers to verify the fix that was made in an Engineering firmware release. Once the Engineering team has completed the verification of the fix and the firmware has gone through the QA testing, it will be released for general download. In the interim, you can downgrade the firmware on the switch to the previous version to avoid hitting this product anomaly.
"...some of the functionalities"? SOME?
Have you ANY idea what you're talking about? No obviously not, sorry for asking.
I guess this is not 1st level support, this is "please, please go somewhere else" support! Well, I hear the call...
Any updates to when a new firmware will be released? I'm playing around with IPv6 and I think I'm running into the MLD bug but then at the same time cannot upgrade because it messes up my NFS shares. I need a firmware that has the fix for both issues.