Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CSA 5.2 DHCP

I may be having a possible issue with CSA 5.2. I am hoping someone out there can lend a hand. All CSA agents are in test mode (supposedly nothing is blocked, but events can be logged).

Every now and then, a host with the CSA agent does not get a DHCP address. It just doesn't get one.

If I disable the CSA agent, the host does get a DHCP address.

There are times the host will get a DHCP address ...

I double cheked the switch, the host's port has portfast enabled.

Thank you for any thoughts,

Mike

  • Intrusion Prevention Systems/IDS
12 REPLIES
Blue

Re: CSA 5.2 DHCP

Any events either in the Windows event logs or the MC?

It will also log CSA events to C:\Program Files\Cisco\CSAgent\log\csalog.txt.

Tom

New Member

Re: CSA 5.2 DHCP

Thank you for the reply. I do not think it was a CSA issue. I believe there was a combination of different software that started during boot up (CSA, Antivirus, Network connection Manager, etc). One of which made it a long time to make any network connection active, thus the client not getting a DHCP address.

I did upgrade to R255. I am not having any issue with desktops, just the laptops with a lot of software that loads during boot up ...

Mike

Blue

Re: CSA 5.2 DHCP

I've had that problem with laptops as well, especially when they have both NICs active.

One of my attempts to solve the "too many things loading at startup" dilemma included disabling the NIC that wasn't needed.

It seemed to help.

The other thing I did was clean as many useless startup items as I could (reader_sl.exe, Qtask.exe, Jusched.exe, to name a few) and turn off all unneccesary services.

Every vendor seems to think theirs is the only software on the system and must start up immediately, thus competing with every other product that thinks so.

I think the company that perfects the startup control will gain an advantage.

Thanks for letting me vent...

Tom

New Member

Re: CSA 5.2 DHCP

Hi Mike I also have this problem and cannot find any reference to this on the net can anyone help i'm currently going through the logs on stored locally on the PC but no help with events shown on MC if I find anything I'll post back...

Blue

Re: CSA 5.2 DHCP

Are you running 5.2.203? Try disabling the network shield rule.

Check out bug CSCsi91902 here:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsi91902&from=summary

Tom

New Member

Re: CSA 5.2 DHCP

Hi Tom,

Many thanks for your reply... I have tried the suggested fix for this problem and at first I thought it worked but I?m still getting this problem.

I have disabled all network shield rules just in case but still no luck, even placed the host into learn mode and this didn't work, I thought it could be something else - windows related but this problem always disappears when the CSA service is turned off.

Could you think of anything that would cause the agent not to enforce the new policy I am generating the rules after any changes are made and I am also waiting the agent to pick up the new policy before testing but I'm not sure what else to do, is there possibly a rule I haven?t disabled.

Any suggestions would be greatly appreciated

Regards

Atilla

Blue

Re: CSA 5.2 DHCP

Hi Atilla,

If you are running .203 you may want to test 225. The workaround may not always fix this bug.

Is your second question a different problem or related to the first one?

Tom

New Member

Re: CSA 5.2 DHCP

Hi Tom,

Once again thanks for your reply...

I am running v.203, the second question is related to the first due to the difficulties I have been experiencing I thought that maybe I have been making mistakes or overlooked something while changing the host rules (for example not giving the hosts enough time to update the rules) but it seems I am making the changes and the host is receiving the updated policy, it?s just that it still has this problem.

When you think about it this means any changes made to rules may not have any effect on the hosts which seems to be a big problem with this version of CSA Cisco must be aware of this but this doesn't seem to be included in the fixes in v.225

Regards

Atilla

Blue

Re: CSA 5.2 DHCP

I think the exact bug you describe is fixed in 225. I guess the only way you'll know for sure is to test it.

There were two hotfixes since 203 and they fixed a number of bugs.

More here:

http://ftp-sj.cisco.com/cisco/crypto/3DES/cw2000/csa/hotfixes/CSA_5.2.0.225_readme.txt

I see problems sometimes with hosts updating rules within 30 seconds at startup which seems to be the time allowed by the agent.

I haven't seen any with 225.

You might look for those events in the application event logs.

Tom

170
Views
5
Helpful
12
Replies