Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cat6500 MSFC vulnerable?

We have a 6509 with MSFC running on hybride software.

So CatOS for the switch and IOS for the MSFC modules.

As recent announced their is a vulnerability for routers running IOS, see http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml.

My question is if the MSFC is vulnerable, it runs IOS but is has no physical interfaces and the switch itselfs run CatOS

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Cat6500 MSFC vulnerable?

Yes..Virtual VLAN interfaces on the MSFC are vulnerable. CAT OS is not vulnerable to this issue

7 REPLIES
Cisco Employee

Re: Cat6500 MSFC vulnerable?

Yes..Virtual VLAN interfaces on the MSFC are vulnerable. CAT OS is not vulnerable to this issue

New Member

Re: Cat6500 MSFC vulnerable?

Thanks for your fast respond.

New Member

Re: Cat6500 MSFC vulnerable?

According to Cisco Security Advisory document 44020 page 6, it is recommended to upgrade IOS to version 12.1(19)E. The problem is that the size of the Eneterprise IOS (filename : c6msfc2-jsv-mz.121-10.E1.bin) is 14.56 MB and the size of the boot image (filename : c6msfc2-boot-mz.121-10.E1.bin) is 1.82 MB. In other words, they need a total of 16.38MB of bootflash. However, there is only 16.0MB bootflash on board and it is not expandable.

In the middle of copying the new file, I got error and I erased the new one and put back the old one.

Any idea how to proceed ?

Cisco Employee

Re: Cat6500 MSFC vulnerable?

You have 3 options

1)If you have a PCMCIA card, load the image onto the PCMCIA card and boot from sup-slot0:. This is not recommended though. Best practice is to boot from bootflash

2)Since you have a MSFC2, you do not need a boot image. You can delete the boot image and fit the regualar IOS image. If you have a MSFC(1), boot image is a mandatory requirement.

3)Get 32MB bootflash upgrade kit from Cisco. I believe this is a free upgrade

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/78_14703.htm

New Member

Re: Cat6500 MSFC vulnerable?

Thanks for the quick reply. However, I believe even we have MSFC2, boot image(c6msfc2-boot-mz.121-10.E1.bin) is still required for the machine to bootup PROPERLY. Otherwise, why Cisco make such a file available to download ?

I am really hestitate to delete the bootimage and reload the box. If the switch really did not boot up, it will be a self-inficted DOS. Can you please double-check if boot image is really not required if we have MSFC2.

How to check whether we have MSFC1 or MSFC2 ?

Thanks you.

Cisco Employee

Re: Cat6500 MSFC vulnerable?

MSFC2 does *NOT* neccessarily need a boot image. It is uselful if your regular IOS gets deleted/corrupted.

sh mod 15 or sh mod 16 should tell you what MSFC you have

Console> (enable) sh mod 15

Mod Slot Ports Module-Type Model Sub Status

--- ---- ----- ------------------------- ------------------- --- --------

15 1 1 Multilayer Switch Feature WS-F6K-MSFC2 no ok

New Member

Re: Cat6500 MSFC vulnerable?

Thanks for your advice. I deleted the bootimage and successfully upgrade the MSFC2 module. It appears to be working fine so far.

I will contact the salesguy to get the upgrade. Hopefully, it is free - just what you mentioned. Thanks again.

97
Views
0
Helpful
7
Replies
CreatePlease login to create content