Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
557
Views
0
Helpful
4
Replies

Four IDSM-2 Hang at once

Farrukh Haroon
VIP Alumni
VIP Alumni

‎09-03-2008 12:15 AM - edited ‎03-10-2019 04:17 AM

Dear All

At one of our customers, four IDSM-2 blades stopped reponding 'ALL' at the same time (7 AM this morning). I can login to the CLI and see the following message:

Error: Cannot communicate with mainApp (getVersion). Please contact your system administrator.

Would you like to run cidDump?[no]: yes

As per Cisco, the solution is to reboot:

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_qanda_item09186a008025c533.shtml#ips

Does anyone ever faced this before, or have a better solution to the problem? :)

I have already captured the Core Dumps.

Regards

Farrukh

Labels:
0 Helpful
4 Replies 4

paulhignutt
Level 1
Level 1

‎09-03-2008 04:41 PM

Do they all monitor traffic from a common VLAN? Possibly some sort of traffic that they can't parse properly? Get the sniffers going again at 6:50 AM tomorrow... ;-)

Just a thought.

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to paulhignutt

‎09-03-2008 05:04 PM

If it was caused by some traffic, then it would have been a broadcast/multicast packet, as under normal operation two of the IDSM do not pass any traffic (as they are in the chassis in which FWSM in standby/secondary). This happened once is more than two years I think, so the chances of it happening again would be quite less. All came up after reboot, but the real worry is WHAT caused it? :)

To answer your question, yes all IDSM(s) share the same VLANs. Two are present on one chassis bridging the VLANS on the switches with the FWSM SVIs (Primary FWSM). The other two are on the second Core switch with the Secondary/Standby FWSM. There is ECLB (load balancing) for both pairs.

Regards

Farrukh

0 Helpful

paulhignutt
Level 1
Level 1
In response to Farrukh Haroon

‎09-03-2008 06:44 PM

I have had this happen once before, with a single IDSM in each of two 6513's. It was a redundant switch fabric, and to be honest I just rebooted the IDSMs and didn't investigate it further. It never happened again, and that was on 5.x about a year ago. So it sounds like it might be the same thing. But who knows. In my situation they were both monitoring the same VLANs so that's why I was thinking some sort of anomalous broadcast traffic.

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to paulhignutt

‎09-03-2008 11:06 PM

Thank you very much for your response(s).

It would be really nice if someone from the Cisco IPS Team could commend on this.

Regards

Farrukh

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card