I am not sure how many people are out there that had outages due to this bug, but we had 2 major sites down for about 55 minutes as 2 diffeent sets of FWs were repeatedly failing back and forth during this time. Also it is not listed as affected software version, but we are running 7.1(7)E4 on our IPS'.
My biggest question is what type of testing was done by Cisco before releassing/pushing this signature updated (s749) ? I have noticed that there were issues with signature s601 release as well that were not caught during the pre-release testing, so what is Cisco going to do to improve the testing process ?
Piyush, I apologize for the problems you've experienced.
We do extensive unit testing on each individual signature. This includes accuracy testing, false positive testing, DFA analysis, static analysis and testing on various live networks. We also test each signature update, verifying the upgrade/downgrade mechanisms, impact to performance, memory, internal statistics, signature accuracy, false positives and again install the signature update on sensors in various live environments. This signature update passed all these tests and gave no indication that there was a problem.
Obviously, in this situation, this was not enough. An interaction between a signature and a traffic mix that we did not experience during testing resulted in the problem you experienced. As soon as we realized we had a problem, we pulled S749 from the software download site, root caused the problem, and have subsequently released S750.
In response to this problem, we are adding additional checks to detect the root issue in future testing, enhancing our suite of static analysis tests, and looking to enhance our live testing.
running yesterday in exactly the same problem....made a TAC case and voilla! Also we didn't see the problem before running signature 749 on 7.1(6)E4.. so it seems be a kind of software version mix that this problem is occurring.
There are few interoperability issues between 2960x and other vendors.
In this article we will go over the steps on how to debug these issues.
Check the phy id from “show controllers ethernet-controller phy” output.
It appears that you are trying to access end of life information from
Cisco search. We have detected a problem with your script ("eol...) and
would like to help. Please contact email@example.com if you would
Cisco Licensing is pleased to announce the new Licensing Portal. It
provides customers with an enhanced self-service experience by
stream-lining and automating many licensing activities. Please take a
moment to familiarize yourself with the features that ...