10-04-2010 07:30 AM - edited 03-06-2019 01:18 PM
Hi,
has somebody found a way to disable the (time consuming) image download that takes place at the beginning of each switch replacement in Smart Install? As far as I see it even if the software version matches the version in the vstack config it is downloaded.
Any ideas are welcome.
regards
mat
10-12-2010 09:35 AM
Hey,
I've been recently testing out the Smart Install feature, and I too have noticed that even when a switch has the newest IOS, there is no version checking before it grabs the new IOS image archive.
I've looked around and I have been unable to find any options or settings to change to mitigate the unneccessary traffic and wasted time.
I'd be interested in seeing if there are any such options.
One other problem I have also noticed with connecting Non-Smart Install capable switches ( < 12.2(52)SE ) is that when it begins the autoinstall, option 150 (TFTP server) is overwritten with the director IP address and does not contain the IP which is defined by file-server in vstack dhcp-localpool. Now this is a problem when using a remote TFTP server as it errors out (TFTP timeout) by trying to retrieve a dummy file from the director IP three times then switching to a broadcast address which fails again if there isn't a TFTP server with the dummy file located on it. Even if there is a dummy file with 0 bytes, it retrieves it three times then continues onto obtaining the client_cfg.txt from the director IP via TFTP (inital config to allow director to telnet and issue the archive download-sw command). Is retrieving the dummy file even neccessary? Is there a way to disable it?
10-18-2010 10:27 AM
Good question, Derek. I dont like this smart install stuff at all.
I would like to turn off smart install as it opens a TCP port on each switch. Shown with 'show tcp brief all'.
--
050A7C6C *.4786 *.* LISTEN
10-18-2010 11:05 AM
Smart Install seems to be a bigger hassle than it is to do it manually, depending on how your network is setup.
I've been looking into a way to stop it from using the tcp port 4786, however Cisco documentation seems to be sparse for the Smart Install feature. The only way I can see to block external access to port 4786 is using an acl to deny access, however denying everything would most likely break the Smart Install functionality. An allow on the director's IP with a deny all rule following it might work...
10-18-2010 11:39 AM
Hi Derek,
I understand you can ACL that smart install tcp port. But i prefer to disable the service. I'm glad you were not able to find any information about how to get rid of this nasty process.
Anyone else who knows how to disable this service/port without use of CPP or ACL's?
06-04-2013 03:37 AM
I know its too late to post the reply here, but since I had read this so why not to put the CISCO's recommendation here (link below). Other people may need it.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-smartinstall
--------------------------
Regards,
Zhang Xu
06-05-2013 12:03 AM
Thanks a lot 'no vstack' disables the tcp port..
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: