Catalyst 6500 running IOS 12.2(33)SXI6 crashed (CSCsv77354)

Hi,
Today one of our customer reported their DMVPN Hub got crashed, analyzing the crash file I found that it crashed due to
"Stack for process ACE HAPI running low" . The bug tool kit has a matching bug CSCsv77354 but the status is terminated since it is not re-producible. I dont know how shall we proceed further, shall we upgrade to SXJ IOS since this problem is not reported in that version.
May I know if any one has experienced similar crash.
Jun 30 16:06:47.099 UAE: %SYS-6-STACKLOW: Stack for process ACE HAPI running low, 0/6000
%Software-forced reload
Early Notification of crash condition..
---- Partial decode of process block ----
Pid 234: Process "ACE HAPI" stack 0x47E82528 savedsp 0x500325B8
Flags: analyze corrupt prefers_new
Regards,
Akhtar

Regarding the first question, you are correct. The WAN image provides support for WAN modules, but the LAN image does not. Since your current image is IP services based, you do want to use IP services with WAN and K9 in it. example:
s72033-ipservicesk9_wan-mz.122-33.SXI14.bin
As for your second question, if you upgrade to 12.2(18r)S1, it should be sufficient to run later images like SXJ and IOS 15 as well.
As for the last question, you can upgrade from the current image directly to SXJ with no issues as long as you have enough memory and flash space. There maybe some commands that you need to redo after the upgrade but nothing significant. Make sure to have a good backup of your config.
HTH 

Similar Messages

  • Jumbo Frame - Enabling on a VLAN of CAT 6500 running IOS

    Jumbo frames needs to be enabled on one of the vlan interface on Cisco 6500 IOS Switch.
    =================================================================
    •1) Once enabled the mtu 9216 on the required vlan interface do we need to reload the switch to take effect (I believe that in some low end swicthes it needs a reload)
    •2) If we enable only one Vlan interface, how about the other vlan interfaces(about 200 are on this switch)? Do we need to specify mtu1500 on other vlan interfaces?
    I have read information at the following two links, but I still wish to reconfirm by asking the questions in this forum. Someone who has already implemented this may have gained more experience while implementing it on CAT 6500 IOS Switch.
    https://supportforums.cisco.com/message/963341#963341
    http://www.cisco.com/en/US/products/hw/switches/ps700/products_configuration_example09186a008010edab.shtml
    http://www.cisco.com/en/US/products/hw/switches/ps700/products_configuration_example09186a008010edab.shtml#backinfo1
    Thanks.
    Alphonse

    You do not need to reboot your 6500 after you enable jumbo frames, but it is good idea to do it during an outage window. You only need to reboot smaller switches i.e. 3560, 3750, etc...after enabling jumbo frames. On these switches you can only enable it globally.  Only enable jumbo frames for the vlans you need.  You usually need jumbo frames for vlans connecting to the storage systems.
    Good Luck

  • EtherChannel load-balance on Catalyst 6500 running CatOS

    I know EtherChannel load balancing can use either MAC addresses, IP addresses, or the TCP port numbers.
    1 Can I config it to make sure every port under the same Channel group has the same traffic utilization?
    2 If one of the Etherchannel physical port has traffic more than its physical bandwidth, why switch can't use another Etherchannel physical port to share the traffic?

    Normally it will fairly well balance the traffic . There is no way to make sure each channel is exactly the same utilization wise . You can look at how it is load balanced and make a change from say mac to ip address if it looks like you aren't getting the balance you want . It would be very rare that you are going to fill one port on the channel without filling the rest almost the same .Exceptions would be if you most of your traffic is headed to one place like a certain server , even then if you used ip addresses in both directions as the load balance I think it would balance out pretty good. If it got to that point where one link was almost filled you would have to think about adding another port to the channel . This is a real good page http://www.cisco.com/en/US/tech/tk389/tk213/technologies_tech_note09186a0080094714.shtml

  • IPhone 5 running iOS 6.0.1 randomly crashing

    running various apps. Tried restoring multiple time using new profiles each time still getting same results. Help? This is the second phone to do this. Took first phone back to Apple Store & got a new one. New one is doing exactly the same thing. Getting a lot of low memory messages in the crash logs along with some other Incident reports added in. Will not completely sync either from time to time and crashes while syncing. Ideas?

    I have the same problem. Had my phone replaced today and still doing same thing.
    Only thing different lately is that Telstra unlocked my phone

  • Hi, I have a Catalyst 6500 with X6K-SUP2-2ge, the IOS and bootlader image been wiped out, it starts in ROMmon SP mod end can't switch to RP to start download the IOS using Xmodem, though it shouldn't work in ROMmon SP omde but the xmodem is not gving the

    Hi, I have a Catalyst 6500 with X6K-SUP2-2ge, the IOS and bootlader image been wiped out, it starts in ROMmon SP modw and I can't switch to RP to start download the IOS using Xmodem, though Xmodem shouldn't work in ROMmon SP mode but the it's not gving the
    not executable message, the slot0: and disk0: are not accessable can't see the files inside, when I try the dir slot0: or dir disk0: it says it can't be opened and when I try to boot from them there's noting as well, what can I do to load an IOS image to the booflash: or slot0: ,each time I load the image using Xmodem at the end it gives me *** System received a Software forced crash ***
    signal=0x17, code=0x5, context=0x0
    When I run the command:
    rommom1> boot bootflash:
    boot: cannot determine first file name on deice "bootflash:"
    rommon2> boot slot0:
    boot: cannot open "slot0:"
    boot: cannot dtermine first file name on device "slot0:"
    BTW  System Bootstrap, version 7.1
    I''m looking to format the PCMCIA using a PC and format it to FAT16 and copy the boot image into it and then try to load from the PCMCIA afterward if it works I'll format it using the Supervisor engine 2.
    Any one have another new idea I can use, thanks in advance

    This is a potentially complex issue.
    Is this SUP configured to run as IOS native or CatOS Hybrid?
    While in ROMMON can you do the 'dev' command and see whad drives are recognized. Then 'dir' the drives that the SUP recognizes.
    Can you provide the screen captures as it boots?
    You would be bette served by hacing a TAC case.

  • After upgrading ios Cisco Catalyst 6500 Series Supervisor Engine 2T ASA-SM is disabled

    after upgrading ios Cisco Catalyst 6500 Series Supervisor Engine 2T to the latest release the ASA-SM module is not recognized it is disabled. the FPD
    is not recognized any more.  reverted back to previous ios with no luck

    What IOS are you running on your Supervisor 2T? As long as it's 15.0(1)SY1 or later you should be OK. (Reference).
    If it's not working with that I'd try reload of the ASA SM module (from IOS cli - e.g. "hw-module <module#> reset" and, failing that, "no power-enable module <module#>" followed by "power-enable module <module#>) while the new Supervisor is installed. Watch the log for relevant messages during that process.

  • IDSM on catalyst 6500 to provide IOS Inline mode support

    I am currently evaluating what kind of method to apply in my 6500. I would like to ask if IOS Version 12.2(33)SXI2a  support inline mode and inline vlan pair mode with IDSM-2???what configuration should be done with the switch in order for the multiple vlan traffic to flow with an inline interface of the IDSM2??? In my case I have 16 user vlans and 1 server vlan on catalyst 6500...The task is to protect the servers from users....The requirement is to configure inline mode to monitor the traffic from these 16 vlans when they access the servers...But as we know the IDSM-2 has only two logical sensing ports...So my question is how will you configure the switch to forward the traffic from these 16 vlans to the IDSM-2 module via only ONE sensing port, since the other sensing port will be configured in the server vlan???  Because as far as i know, when you configure inline mode on IOS,you will have to configure the sensing ports in access mode( While in CatOS, you configure these as TRUNK ports)...But this will work when you have only two vlans...But in my case, I have 16 vlans to monitor in inline mode..Please suggest any solution.
    Any urgent reply will be much grateful...
    Many Thanks in advance

    Hi Mubin,
       If you're looking to monitor all the traffic from the user VLANs to the server VLANs then the simplest way to configure the IDSM-2 would be inline on the server VLAN segment.  All traffic destined to the servers (from the users or anywhere else) has to traverse that VLAN.  Assuming you have something like this to start:
    VLAN 100-120 (users) ====== Switch ------ VLAN 200 (servers)
    you'd drop the IDSM-2 inline on VLAN 200 by using a helper VLAN:
    VLAN 100-120 (users) ====== Switch ----- VLAN 201 (server gateway) ----- IDSM-2 (bridging 201 to 200) ----- VLAN 200 (servers)
    To do this you'll need to perform the following steps:
    1.  Designate a new VLAN to use as a helper VLAN for your current server VLAN.  I'll use 201 for this example and assume your current server VLAN is 200.
    Create the helper VLAN on the switch:
    switch# conf t
    switch(config)# vlan 201
    2.  Configure the IDSM-2 to bridge the helper VLAN and the server VLAN (200-201)
    sensor# conf t
    sensor(config)# service interface
    sensor(config-int)# phsyical-interface GigabitEthernet0/7
    sensor(config-int-phy)# admin-state enabled
    sensor(config-int-phy)# subinterface-type inline-vlan-pair
    sensor(config-int-phy-inl)# subinterface 1
    sensor(config-int-phy-inl-sub)# vlan1 200
    sensor(config-int-phy-inl-sub)# vlan2 201
    sensor(config-int-phy-inl-sub)# description Server-Helper pair
    sensor(config-int-phy-inl-sub)# exit
    sensor(config-int-phy-inl)# exit
    sensor(config-int-phy)# exit
    sensor(config-int)# exit
    Apply Changes:?[yes]:
    3.  Configure the switch to trunk the helper and server VLANs to the IDSM-2 module.  I assume the module is in slot 5 in the example.  Replace the 5 with the correct slot for your deployment:
    switch# conf t
    switch(config)# intrusion-detection module 5 data-port 1 trunk allowed-vlan 200,201
    switch(config)# intrusion-detection module 5 data-port 1 autostate include
    *Warning! This next step may cause an outage if everything is configured correctly.  You'll probably want to schedule a window to do this.*
    4.  Finally, force the traffic from the server VLAN through the IDSM-2 by moving the server VLAN gateway from VLAN 200 (where it is currently) to the helper VLAN you created.  To do this, remove the SVI from VLAN 200 and apply the same IP address to VLAN 201.  I assume the current server gateway is 192.168.1.1/24
    switch# conf t
    switch(config)#int vlan 200
    switch(config-int)#no ip addr
    switch(config-int)#int vlan 201
    switch(config-int)#ip addr 192.168.1.1 255.255.255.0
    switch(config-int)#exit
    switch(config)#exit
    switch# wr mem
    Now, when the servers try to contact 192.168.1.1 (their gateway) they'll have to be bridged through the IDSM-2 to reach VLAN 201 and in the process all traffic destined to them or sourced from them will be inspected.  Do not put any hosts or servers in the helper VLAN (201) or they will not be inspected.
    Best Regards,
    Justin

  • Bootloader and IOS image into a Catalyst 6509 running hybrid mode

    Hi all,
    I have a Catalyst 6509 running CatOS and IOS (hybrid mode)
    The chassis is based on a SUP1A and a MSFC2
    The MSFC is using images:
    boot system bootflash:c6msfc2-is-mz.121-2.E
    boot bootldr bootflash:c6msfc2-boot-mz.121-2.E
    I would like to know if is possible to add the next command to the MSFC configuration in order to load the new image before erase the old one, even while the chassis boot using the old bootloader image:
    boot system tftp c6msfc2-pk2o3sv-mz.121-26.E2.bin 10.10.5.15
    Thanks.

    Thanks Amit, thanks Ankur,
    Yeah! I know about the limits of the bootflash space as the PCMCIA option.
    It is a bit complicated to explaint the situation here but I will try.
    Neither the actual CatOS or IOS will recognize the new PCMCIA we bought to this upgrade. :P
    First, I will upgrade CatOS using rommon and xmodem command in order to execute a new catos release that can view the PCMCIA, then I will format it and I will copy the new catos image and the new ios image there.
    Then I will change the catos boot config and I will do a reset.
    I must do that because the new release don't enter into the bootflash and the actual CatOS don't support boot from the network :P. It is CatOS 5.5.1 :PPP
    After that, I need also to upgrade the MSFC because as I read that the actual IOS won't see the PCMCIA filesystem. In order to do that I would like to prepare the MSFC to boot from a TFTP server and then modify the configuration to boot from sup-slot0: forever :)
    Let me know what do you think about this steps.

  • After upgrading ios Cisco Catalyst 6500 Series Supervisor Engine 2T to the latest release the ASA-SM module is not recognized

    after upgrading ios Cisco Catalyst 6500 Series Supervisor Engine 2T to the latest release the ASA-SM module is not recognized it is disabled. the FPD
    is not recognized any more. reverted back to previous ios with no luck

    Duplicate post.
    Being discussed actively in this thread.

  • Catalyst 6500 IOS RPR+ Bootvar sync

    I have a 6500 running 12.1-22 and it is configured with RPR+. The configuration is set to sync bootvar with the auto-sync bootvar command however the second MSFC isn't showing the correct bootvar when I issue the SHOW BOOTVAR command. I thought this was supposed to sync automatically. How can I manually sync this?

    Thanks GP, I have read that document. Here's the configuration for my RPR+:
    redundancy
    mode rpr-plus
    main-cpu
    auto-sync running-config
    auto-sync bootvar
    auto-sync standard
    As you can see I do have the auto-sync bootvar setting but the bootvar settings are different:
    sh bootvar
    BOOT variable = sup-bootflash:c6sup22-jsv-mz.121-22.E2.bin,1;slot0:c6sup22-jsv-mz.121-22.E2.bin,1;slot0:c6sup22-jsv-mz.121-19.E1a,1
    CONFIG_FILE variable =
    BOOTLDR variable =
    Configuration register is 0x2102
    Standby is up
    Standby has 458752K/65536K bytes of memory.
    Standby BOOT variable = bootflash:c6sup22-jsv-mz.121-22.E2.bin,1;slot0:c6sup22-jsv-mz.121-22.E2.bin,1;slot0:c6sup22-jsv-mz.121-19.E1a,1
    Standby CONFIG_FILE variable =
    Standby BOOTLDR variable =
    Standby Configuration register is 0x2102
    Do you think issuing the copy running-config startup-config will sync the bootvar information?
    Thanks,
    -Jeff

  • Configuring the Catalyst 6500 Switch for IPS Inline Operation of the IDSM

    I understand how to configure the Catalyst 6500 switch so that the monitoring ports are access ports in two separate VLAN's for inline operation.
    However, I don't see any documentation that describes how the desired VLAN traffic gets forced through the IPS.
    In promiscuous mode, you can use VACL's to copy/capture and forward the desired traffic to the IDSM for analysis. I'm not seeing how to get the desired traffic through the IPS.
    Note that the host 6500 is running native IOS 12.2(18)SXE.
    Thanks for any assistance.

    A tranparent firewall is a fairly good comparison.
    Let's say you have vlan 10 with 100 PCs and 1 Router for the network.
    If you want to apply a transparent firewall on that vlan you can not simply put one interface of the firewall on vlan 10. Nothing would go through the firewall.
    Instead you have to create a new vlan, let's say 1010. Now you place one interface of the firewall on vlan 10 and the other on vlan 1010. Still nothing is going through the firewall. So now you move that Router from vlan 10 to vlan 1010. All you do is change the vlan, the IP Address and netmask of the router stay the same.
    The transparent firewall bridges vlan 10 and vlan 1010. The PCs on vlan 10 ae still able to communicate to and through the router, but must go through the transparent firewall to do so.
    The firewall is transparent because it does not IP Route between 2 vlans, instead the same IP subnet exists on both vlans and the firewall transparently beidges traffic between the 2 vlans.
    The transparent firewall can do firewalling between the PCs on vlan 10 and the Router on vlan 1010. But is PC A on vlan 10 talks to PC B on vlan 10, then the transparent firewall does not see and can not block that traffic.
    An InLine sensor is very similar to the transparent firewall and will bridge between the 2 vlans. And similarly an InLine sensor is able to InLine monitor traffic between PCs on vlan 10 and the Router on vlan 1010, but will not be able to monitor traffic between 2 PCs on vlan 10.
    Now the router on one vlan and the PCs on the other vlan is a typical deployment for inline sensors, but your vlans do not Have to be divided that way. You could choose to place some servers in one vlan, and desktop PCs in the other vlan. You subdivide the vlans in what ever method makes sense for your deployment.
    Now for monitoring multiple vlans the same principle still applies. You can't monitor traffic between machines on the same vlan. So for each of the vlans you want to monitor you will need to create a new vlan and split the machines between the 2 vlans.
    In your case with Native IOS you are limited to only 1 pair of vlans for InLine monitoring, but your desired deployment would require 20 vlan pairs.
    The 5.1 IPS software has now the capability to handle the 20 pairs, but the Native IOS software does not have the capability to send the 40 vlans (20 pairs) to the IDSM-2.
    The Native IOS changes are in testing right now, but I have not heard a release date for those changes.
    Now Cat OS has already made these changes. So here is a basic breakdown of what you could do in Cat OS and you can use in preparation for a Native IOS deployment when it gets released.
    For vlans 10-20, and 300-310 that you want monitored you will need to break each of those vlans in to 2 vlans.
    Let's say we make it simple and add 500 to each vlan in order to create the new vlan for each pair.
    So you have the following pairs:
    10/510, 11/511, 12/512, etc...
    300/800, 301/801, 302/802, etc....
    You set up the sensor port to trunk all 40 vlans:
    set trunk 5/7 10-20,300-310,510-520,800-810
    (Then clear all other vlans off that trunk to keep things clean)
    In the IDSM-2 configuration create the 20 inline vlan pairs on interface GigabitEthernet0/7
    Nw on each of the 20 original vlans move the default router for each vlan from the original vlan to the 500+ vlan.
    At this point you should ordinarily be good to go. The IDSM-2 won't be monitoring traffic that stays within each of the original 20 vlans, but Would monitor traffic getting routed in and out of each of the 20 vlans.
    Because of a switch bug you may have to have an additional PC moved to the same vlan as the router if the switch/MSFC is being used as the router and you are deploying with an IDSM-2.

  • How to remove the WiSM2 from the Catalyst 6500 series switch?

    Hello, can you explain to me how to safely remove the WiSM2 from the Catalyst 6500 series switch?
    According to the documentation "Catalyst 6500 Series Wireless Services Module 2 Installation and Verification Note":
    To remove the WiSM2, perform these steps:
    Step1     Shut down the module by one of these methods:
    In privileged mode from the router prompt, enter the hw-mod module mod shutdown command. NoteIf you enter this command to shut down the module, you must enter the following commands in global configuration mode to restart (power down, and then power up) the module:
    Router# no power enable module modRouter# power enable module mod
    If the module does not respond to any commands, press the SHUTDOWN button located on the front panel of the module.
    Step2     Verify that the WiSM2 shuts down. Do not remove the module from the switch until the POWER LEDis off.
    But, in the case of Step1 (1st methods) I do not see a option "shutdown"  in the command "hw-mod module 3"...
    All I prompted to enter is:
    c6500#hw-module module 3 ?
    boot           Specify boot options for the module through Power Management Bus control register
    reset          Reset specified component
    simulate  Simulate options for the module
    Is it hidden options? IOS version of c6500 is 12.2(33)SXJ1
    In the case of Step2 (2nd methods) there is not any button on the front panel of the module?
    And yet, it is better to remove the module configuration manually or use the command module clear-config prior to removing the module?

    Good catch.
    Which one is true, will get back to you on this if i've something soon.
    http://www.cisco.com/en/US/docs/wireless/module/wism2/installation/note/WiSM_2.html#wp34727
    The above link is procedure to remove wism2. This procedure doesn’t look like wism2 is hot swapable.
    http://www.cisco.com/en/US/docs/wireless/module/wism2/installation/note/WiSM_2.html#wp34621
    All modules, including the supervisor engine (if you have redundant supervisor engines), support hot swapping. You can add, replace, or remove modules without interrupting the system power or causing other software or interfaces to shut down. For more information about hot-swapping modules, see the Catalyst 6500 Series Switch Module Installation Guide.

  • Replacement catalyst 6500 switches under redundancy environment

    Hi everyone,
    I plan to replace old core catalyst 6500 switches with new ones for the purpose of reinforcement.
    Now two core catalyst 6500 switches are working under redundancy environment.
    There are many catalyst 6500 switches as distribution switch connect to each core catalyst
    6500 switches as attached.
    I think there are two ways to replace core catalyst 6500 switches.
    [One]
    Replacing one core catalyst 6500 switches first, then one week later, replacing another core
    catalyst 6500 switch. And all traffic will be handled another core catalyst 6500 switch automatically
    by EIGRP routing during replacement.
    Advantage:
    One another core catalyst 6500 switch continues operating even if the replacement fail.
    Disadvantage:
    Two core catalyst 6500 switches will operate in a different version (CatOS, MSFC IOS) for one week.
    Any problem might be happened due to this issue.
    [Two]
    Replacing both core catalyst 6500 switches at the same time.
    Advantage:
    Replacement will be finished at one time
    Disadvantage:
    If the replacement fail, whole network goes to down and it cause critical situation.
    I have to replace successfully so I would like know good information about this, such as
    best practice, case study and so on.
    Your information would be greatly appreciated.
    Best regards,

    Hi,
    If I were you, I will go for option 1.
    This option will give us the time to observe the traffic pattern, time to get the network and EIGRP to stabilize and even to check for any issues on the IOS part.
    This will give you time frame to work out for any issue if it happens in between the weeks time.This will gibe you tha time to see for any imcompatibilty issues as such.
    HTH, Please rate if it does.
    -amit singh

  • 15.1(2)SY1 on Catalyst 6500

    Hi,
    We are planning to upgrade two of our Catalyst 6500 switches to version 15.1(2)SY1 Advanced IP Services.
    The switches have dual supervisors and are currently running version 12.2(33)SXI11, but we have faced some issues and also would also like to enable some new features (e.g. BFD). The switches are running a fairly simple configuration with OSPF, MPLS and MP-BGP with about 30 VRFs.
    Are you aware of any major issues with 15.1(2)SY1 and would discourage the planned upgrade? I am aware that the version was only released in December, but since there are many bug fixes I thought this version might be better than e.g. 15.1(2)SY.
    Thanks in advance for your help!
    Best regards,
    Harry

    We replaced all (~ x20) our Sup720 (SXI4a) with Sup2T during late 2012 & running with Advance Enterprise 15.0(1)SY image. We did not have any issues with that code & still many of our distribution switches running on that code.
    Then we upgraded two core switches with 15.1(1)SY mid last year another two core switches to 15.1(2)SY late last year to accomodate WS-X6904-40G. With both of these new code we had couple of bugs still not proper fix
    CSCue58955: sup2t: LC file systems are not destroyed in Active upon reset"%SNMP-3-INPUT_QFULL_ERR: Packet dropped
    There is workaround for this, but that will impact netflow data if you are using that.
    For me 15.0(1)SY, is much better for Enterprise environment (based on my experience) compare to the two latest. But due to certain limitation we have to go for this newer codes whether you like it or not.
    These bugs may be not related to you if you are not runing Sup2T, anyway just thought to share this experience
    HTH
    Rasika
    **** Pls rate all useful responses ****

  • Span Port Session in Catalyst 6500 & 4500 series

    Hi,
    May I know the maximum monitor session for latest Catalyst 6500 & 4500 series?
    Thanks

    Hi,
    See the below links wich provide all details about the SPAN sessions:
    6500
    http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/span.html#wp1036881
    4500
    http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sg/configuration/guide/span.html#wp1020415
    Regards,

Maybe you are looking for

  • Are inner join and equijoin are same....?

    are inner join and equijoin are same....?

  • Part Payment

    Hi All, I want to know how to track partpayment. I need a report of total amount due, amount payed and remaining amount due for an invoice eg. if i pay partpayment through Outgoing payment for an invoice how can i see the remaining amount. Regards Sh

  • Site-to-Site VPN between ASA & PIX

    Hi everyone, If this has been posted before, which it probably has, I apologize in advance. Basically, I have to configure a VPN between our NY ASA and a PIX we shipped to our LA office. The PIX is replacing an old Cisco router. The ASA is our main d

  • Raw conversion from a nikon??

    I can't seem to open my raw files in Photoshop CS6?

  • How to Decrease Pixelations on WMV Output with PE3, PE4, or PE7?  Settings?

    Hi everyone, Hope someone has a reason for this. Doing some .MOV conversion to WMV. I have found some variations depending on computer and platform. I'm not satisfied with the results using Flip4Mac, PE3 or PE7 (see below). I have found the best resu