Re: [c-nsp] best ios version for VSS
Hi, On Thu, Jan 28, 2010 at 11:02:25AM +0800, Mark Tinka wrote: But meanwhile, I'll keep buying more of these boxes :-). Cisco must really hate this box. All their attempts to drive customers away (BU split, shoddy support for modular IOS, confusing platform strategy) are *still* not working - and customers are still refusing to buy $EXPENSIVE $REAL_ROUTER boxes instead... Indeed, I fully share your sentiments - we're hoping that SX IOS might eventually reach a less-buggy state, but we've learned to live with it, and keep buying new gear... gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de pgpZ66o5Bz31u.pgp Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] best ios version for VSS
We have a VSS running, L2 only for the moment. We plan to enable L3 (static routing only for the moment) next week (along with a FWSM board in each chassis). We are running version s72033-advipservicesk9_wan-mz.122-33.SXI1.bin for the moment (I know this version has too much features for what we need for the moment) The problems we had with this version until now : - One of the supervisors rebooted spontaneously leaving no traces on why it restarted - ISSU (I don't remember what the version was we started the upgrade) didn't work, so I had to boot both chassis manually, giving a much higher downtime than expected - The activation of the first FWSM (inserted with power down for that specific module, followed by power up of the module), caused a crash and reboot of the supervisor of the chassis in with the FWSM was inserted. So anyone has comments on to which version we eventually should upgrade to before going to L3 ? (downtime will have a much larger impact from that moment on). I found on the cisco website there is a version 12.2.33-SXH6(ED) and a version 12.2.33-SXI3(ED) available. Greetings, Wim Holemans Network Services University of Antwerp ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] best ios version for VSS
I am running three VSSs on 's72033-advipservicesk9_wan-vz.122-33.SXI.bin' with an ACE and a FWSM. 'Time since CORP-CORE01 switched to active is 1 year, 9 weeks, 5 days, 19 hours, 46 minutes' Jason -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Holemans Wim Sent: Wednesday, January 27, 2010 8:02 AM To: cisco-nsp@puck.nether.net Subject: [c-nsp] best ios version for VSS We have a VSS running, L2 only for the moment. We plan to enable L3 (static routing only for the moment) next week (along with a FWSM board in each chassis). We are running version s72033-advipservicesk9_wan-mz.122-33.SXI1.bin for the moment (I know this version has too much features for what we need for the moment) The problems we had with this version until now : - One of the supervisors rebooted spontaneously leaving no traces on why it restarted - ISSU (I don't remember what the version was we started the upgrade) didn't work, so I had to boot both chassis manually, giving a much higher downtime than expected - The activation of the first FWSM (inserted with power down for that specific module, followed by power up of the module), caused a crash and reboot of the supervisor of the chassis in with the FWSM was inserted. So anyone has comments on to which version we eventually should upgrade to before going to L3 ? (downtime will have a much larger impact from that moment on). I found on the cisco website there is a version 12.2.33-SXH6(ED) and a version 12.2.33-SXI3(ED) available. Greetings, Wim Holemans Network Services University of Antwerp ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ *** NOTICE--The attached communication contains privileged and confidential information. If you are not the intended recipient, DO NOT read, copy, or disseminate this communication. Non-intended recipients are hereby placed on notice that any unauthorized disclosure, duplication, distribution, or taking of any action in reliance on the contents of these materials is expressly prohibited. If you have received this communication in error, please delete this information in its entirety and contact the Amedisys Privacy Hotline at 1-866-518-6684. Also, please immediately notify the sender via e-mail that you have received this communication in error. *** ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] best ios version for VSS
I have used 12.2(33)SXI1 on a VSS but encountered a *very* nasty bug triggered when performing an SSO failover, which causes STP to get its knickers in a twist. Ultimately we had to just power the whole thing off (both chassis) to break the loops and restore service, but the whole installation was offline for much longer than a reboot because ACE modules take flipping ages to boot... I now run 12.2(33)SXI2 on VSS with a 'workaround' for a memory leak bug (fixed in SXI2a) and it's been rock solid. Touch wood. I've run 12.2(33)SXI3 on some non-VSS nodes but the upgrade breaks SSH beyond repair (to my knowledge?) if you do an SSO failover, so these are going to be downgraded back to SXI2a. HTH On 27 Jan 2010, at 14:01, Holemans Wim wrote: We have a VSS running, L2 only for the moment. We plan to enable L3 (static routing only for the moment) next week (along with a FWSM board in each chassis). We are running version s72033-advipservicesk9_wan-mz.122-33.SXI1.bin for the moment (I know this version has too much features for what we need for the moment) The problems we had with this version until now : - One of the supervisors rebooted spontaneously leaving no traces on why it restarted - ISSU (I don't remember what the version was we started the upgrade) didn't work, so I had to boot both chassis manually, giving a much higher downtime than expected - The activation of the first FWSM (inserted with power down for that specific module, followed by power up of the module), caused a crash and reboot of the supervisor of the chassis in with the FWSM was inserted. So anyone has comments on to which version we eventually should upgrade to before going to L3 ? (downtime will have a much larger impact from that moment on). I found on the cisco website there is a version 12.2.33-SXH6(ED) and a version 12.2.33-SXI3(ED) available. Greetings, Wim Holemans Network Services University of Antwerp ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] best ios version for VSS
On Jan 27, 2010, at 11:25 AM, Alasdair McWilliam wrote: I've run 12.2(33)SXI3 on some non-VSS nodes but the upgrade breaks SSH beyond repair (to my knowledge?) if you do an SSO failover, so these are going to be downgraded back to SXI2a. Is this the bug where the private key goes away? We've seen this as well and the helpful eng at tac can't seem to follow our simple reproduction instructions and keeps trying to offer us other ways to workaround their bug. I hope this tac eng gets canned so someone helpful can have a job. - Jared ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] best ios version for VSS
With SXI3 there is a quick fix for the SSH bug. Basically, during the upgrade the key gets corrupted and becomes a phantom. You can't delete it with zeroize. The corruption is in the key label (which if you don't specify, is the fqdn) which gets corrupted with the last letter left off. For example, our switch was named switch-core1 with a domain of ox.com. The fqdn was switch-core1.ox.com. After the upgrade, the hidden corrupted key was labeled switch-core1.ox.co. The solution is to create a key with the bad label that will overwrite the phantom, then delete it: switch-core1(config)#crypto key generate rsa general-keys label switch-core1.ox.co modulus 512 switch-core1(config)#crypto key zeroize rsa switch-core1.ox.co and the phantom key will be gone. Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Alasdair McWilliam Sent: Wednesday, January 27, 2010 11:26 AM To: Holemans Wim Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] best ios version for VSS I have used 12.2(33)SXI1 on a VSS but encountered a *very* nasty bug triggered when performing an SSO failover, which causes STP to get its knickers in a twist. Ultimately we had to just power the whole thing off (both chassis) to break the loops and restore service, but the whole installation was offline for much longer than a reboot because ACE modules take flipping ages to boot... I now run 12.2(33)SXI2 on VSS with a 'workaround' for a memory leak bug (fixed in SXI2a) and it's been rock solid. Touch wood. I've run 12.2(33)SXI3 on some non-VSS nodes but the upgrade breaks SSH beyond repair (to my knowledge?) if you do an SSO failover, so these are going to be downgraded back to SXI2a. HTH On 27 Jan 2010, at 14:01, Holemans Wim wrote: We have a VSS running, L2 only for the moment. We plan to enable L3 (static routing only for the moment) next week (along with a FWSM board in each chassis). We are running version s72033-advipservicesk9_wan-mz.122-33.SXI1.bin for the moment (I know this version has too much features for what we need for the moment) The problems we had with this version until now : - One of the supervisors rebooted spontaneously leaving no traces on why it restarted - ISSU (I don't remember what the version was we started the upgrade) didn't work, so I had to boot both chassis manually, giving a much higher downtime than expected - The activation of the first FWSM (inserted with power down for that specific module, followed by power up of the module), caused a crash and reboot of the supervisor of the chassis in with the FWSM was inserted. So anyone has comments on to which version we eventually should upgrade to before going to L3 ? (downtime will have a much larger impact from that moment on). I found on the cisco website there is a version 12.2.33-SXH6(ED) and a version 12.2.33-SXI3(ED) available. Greetings, Wim Holemans Network Services University of Antwerp ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] best ios version for VSS
On Wed, Jan 27, 2010 at 10:50 AM, Matthew Huff mh...@ox.com wrote: With SXI3 there is a quick fix for the SSH bug. Do you happen to have the bug ID for the ssh bug? We're considering the possibility that we'll need to upgrade to SXI very shortly here, although it's purported to also be affected by CSCte44349, which is a real pain in the ass. (Synopsis: HA config parser fails when you add a seq to an extended ACL (in our case, not WCCP) and reloads the standby chassis.) --Adam ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] best ios version for VSS
Oooh... :-) The bug I had stumbled over was CSCtc41114, matching our conditions and symptoms. I've had no luck with the workarounds mentioned in the bug notes and my interpretation was that SXI3 'caused' the bug. I don't have the luxury of test boxes, multiple downtime windows or just enabling alternative remote access mechanisms (i.e. telnet !), so was going to try just downgrade back to SXI2a. I'll try this and see how we go... :) On 27 Jan 2010, at 16:50, Matthew Huff wrote: With SXI3 there is a quick fix for the SSH bug. Basically, during the upgrade the key gets corrupted and becomes a phantom. You can't delete it with zeroize. The corruption is in the key label (which if you don't specify, is the fqdn) which gets corrupted with the last letter left off. For example, our switch was named switch-core1 with a domain of ox.com. The fqdn was switch-core1.ox.com. After the upgrade, the hidden corrupted key was labeled switch-core1.ox.co. The solution is to create a key with the bad label that will overwrite the phantom, then delete it: switch-core1(config)#crypto key generate rsa general-keys label switch-core1.ox.co modulus 512 switch-core1(config)#crypto key zeroize rsa switch-core1.ox.co and the phantom key will be gone. Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Alasdair McWilliam Sent: Wednesday, January 27, 2010 11:26 AM To: Holemans Wim Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] best ios version for VSS I have used 12.2(33)SXI1 on a VSS but encountered a *very* nasty bug triggered when performing an SSO failover, which causes STP to get its knickers in a twist. Ultimately we had to just power the whole thing off (both chassis) to break the loops and restore service, but the whole installation was offline for much longer than a reboot because ACE modules take flipping ages to boot... I now run 12.2(33)SXI2 on VSS with a 'workaround' for a memory leak bug (fixed in SXI2a) and it's been rock solid. Touch wood. I've run 12.2(33)SXI3 on some non-VSS nodes but the upgrade breaks SSH beyond repair (to my knowledge?) if you do an SSO failover, so these are going to be downgraded back to SXI2a. HTH On 27 Jan 2010, at 14:01, Holemans Wim wrote: We have a VSS running, L2 only for the moment. We plan to enable L3 (static routing only for the moment) next week (along with a FWSM board in each chassis). We are running version s72033-advipservicesk9_wan-mz.122-33.SXI1.bin for the moment (I know this version has too much features for what we need for the moment) The problems we had with this version until now : - One of the supervisors rebooted spontaneously leaving no traces on why it restarted - ISSU (I don't remember what the version was we started the upgrade) didn't work, so I had to boot both chassis manually, giving a much higher downtime than expected - The activation of the first FWSM (inserted with power down for that specific module, followed by power up of the module), caused a crash and reboot of the supervisor of the chassis in with the FWSM was inserted. So anyone has comments on to which version we eventually should upgrade to before going to L3 ? (downtime will have a much larger impact from that moment on). I found on the cisco website there is a version 12.2.33-SXH6(ED) and a version 12.2.33-SXI3(ED) available. Greetings, Wim Holemans Network Services University of Antwerp ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ Matthew Huff.vcf ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] best ios version for VSS
I take back what I just said about the specified workaround not working... I clearly had blinkers on and missed the line about taking the last character off !!! Ho hum.. On 27 Jan 2010, at 23:01, Alasdair McWilliam wrote: Oooh... :-) The bug I had stumbled over was CSCtc41114, matching our conditions and symptoms. I've had no luck with the workarounds mentioned in the bug notes and my interpretation was that SXI3 'caused' the bug. I don't have the luxury of test boxes, multiple downtime windows or just enabling alternative remote access mechanisms (i.e. telnet !), so was going to try just downgrade back to SXI2a. I'll try this and see how we go... :) On 27 Jan 2010, at 16:50, Matthew Huff wrote: With SXI3 there is a quick fix for the SSH bug. Basically, during the upgrade the key gets corrupted and becomes a phantom. You can't delete it with zeroize. The corruption is in the key label (which if you don't specify, is the fqdn) which gets corrupted with the last letter left off. For example, our switch was named switch-core1 with a domain of ox.com. The fqdn was switch-core1.ox.com. After the upgrade, the hidden corrupted key was labeled switch-core1.ox.co. The solution is to create a key with the bad label that will overwrite the phantom, then delete it: switch-core1(config)#crypto key generate rsa general-keys label switch-core1.ox.co modulus 512 switch-core1(config)#crypto key zeroize rsa switch-core1.ox.co and the phantom key will be gone. Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Alasdair McWilliam Sent: Wednesday, January 27, 2010 11:26 AM To: Holemans Wim Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] best ios version for VSS I have used 12.2(33)SXI1 on a VSS but encountered a *very* nasty bug triggered when performing an SSO failover, which causes STP to get its knickers in a twist. Ultimately we had to just power the whole thing off (both chassis) to break the loops and restore service, but the whole installation was offline for much longer than a reboot because ACE modules take flipping ages to boot... I now run 12.2(33)SXI2 on VSS with a 'workaround' for a memory leak bug (fixed in SXI2a) and it's been rock solid. Touch wood. I've run 12.2(33)SXI3 on some non-VSS nodes but the upgrade breaks SSH beyond repair (to my knowledge?) if you do an SSO failover, so these are going to be downgraded back to SXI2a. HTH On 27 Jan 2010, at 14:01, Holemans Wim wrote: We have a VSS running, L2 only for the moment. We plan to enable L3 (static routing only for the moment) next week (along with a FWSM board in each chassis). We are running version s72033-advipservicesk9_wan-mz.122-33.SXI1.bin for the moment (I know this version has too much features for what we need for the moment) The problems we had with this version until now : - One of the supervisors rebooted spontaneously leaving no traces on why it restarted - ISSU (I don't remember what the version was we started the upgrade) didn't work, so I had to boot both chassis manually, giving a much higher downtime than expected - The activation of the first FWSM (inserted with power down for that specific module, followed by power up of the module), caused a crash and reboot of the supervisor of the chassis in with the FWSM was inserted. So anyone has comments on to which version we eventually should upgrade to before going to L3 ? (downtime will have a much larger impact from that moment on). I found on the cisco website there is a version 12.2.33-SXH6(ED) and a version 12.2.33-SXI3(ED) available. Greetings, Wim Holemans Network Services University of Antwerp ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ Matthew Huff.vcf ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] best ios version for VSS
The base bug is CSCtc41114. The workaround that I provided is derived from the bugid and a cisco engineer. -Original Message- From: Adam Korab [mailto:adam.ko...@gmail.com] Sent: Wednesday, January 27, 2010 5:43 PM To: Matthew Huff Cc: Alasdair McWilliam; Holemans Wim; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] best ios version for VSS On Wed, Jan 27, 2010 at 10:50 AM, Matthew Huff mh...@ox.com wrote: With SXI3 there is a quick fix for the SSH bug. Do you happen to have the bug ID for the ssh bug? We're considering the possibility that we'll need to upgrade to SXI very shortly here, although it's purported to also be affected by CSCte44349, which is a real pain in the ass. (Synopsis: HA config parser fails when you add a seq to an extended ACL (in our case, not WCCP) and reloads the standby chassis.) --Adam ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] best ios version for VSS
On Thursday 28 January 2010 07:16:35 am Alasdair McWilliam wrote: Here's me thinking I'm cracking up. I just did what you recommended and it worked! I guess SXI3 can stay... you've just saved me another early downtime window. It never ceases to amaze me how problematic the history of the 6500 has been with regard to hardware and software stability, and yet we love it so and would put our heads on the block for it. I long for the day when 6500 code becomes GD (if that's still a relevant goal with IOS these days, and not that GD- status necessarily eliminates a network melt here or a network melt there). But meanwhile, I'll keep buying more of these boxes :-). The irony... Cheers, Mark. signature.asc Description: This is a digitally signed message part. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] best ios version for VSS
I did the exact same thing first go round ;) Crazy thing is I just went through this 2 days ago and thanks to Matthew got it fixed! On Jan 27, 2010, at 4:03 PM, Alasdair McWilliam wrote: I take back what I just said about the specified workaround not working... I clearly had blinkers on and missed the line about taking the last character off !!! Ho hum.. On 27 Jan 2010, at 23:01, Alasdair McWilliam wrote: Oooh... :-) The bug I had stumbled over was CSCtc41114, matching our conditions and symptoms. I've had no luck with the workarounds mentioned in the bug notes and my interpretation was that SXI3 'caused' the bug. I don't have the luxury of test boxes, multiple downtime windows or just enabling alternative remote access mechanisms (i.e. telnet !), so was going to try just downgrade back to SXI2a. I'll try this and see how we go... :) On 27 Jan 2010, at 16:50, Matthew Huff wrote: With SXI3 there is a quick fix for the SSH bug. Basically, during the upgrade the key gets corrupted and becomes a phantom. You can't delete it with zeroize. The corruption is in the key label (which if you don't specify, is the fqdn) which gets corrupted with the last letter left off. For example, our switch was named switch-core1 with a domain of ox.com. The fqdn was switch-core1.ox.com. After the upgrade, the hidden corrupted key was labeled switch-core1.ox.co. The solution is to create a key with the bad label that will overwrite the phantom, then delete it: switch-core1(config)#crypto key generate rsa general-keys label switch-core1.ox.co modulus 512 switch-core1(config)#crypto key zeroize rsa switch-core1.ox.co and the phantom key will be gone. Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 http://www.ox.com | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139 -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Alasdair McWilliam Sent: Wednesday, January 27, 2010 11:26 AM To: Holemans Wim Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] best ios version for VSS I have used 12.2(33)SXI1 on a VSS but encountered a *very* nasty bug triggered when performing an SSO failover, which causes STP to get its knickers in a twist. Ultimately we had to just power the whole thing off (both chassis) to break the loops and restore service, but the whole installation was offline for much longer than a reboot because ACE modules take flipping ages to boot... I now run 12.2(33)SXI2 on VSS with a 'workaround' for a memory leak bug (fixed in SXI2a) and it's been rock solid. Touch wood. I've run 12.2(33)SXI3 on some non-VSS nodes but the upgrade breaks SSH beyond repair (to my knowledge?) if you do an SSO failover, so these are going to be downgraded back to SXI2a. HTH On 27 Jan 2010, at 14:01, Holemans Wim wrote: We have a VSS running, L2 only for the moment. We plan to enable L3 (static routing only for the moment) next week (along with a FWSM board in each chassis). We are running version s72033-advipservicesk9_wan-mz.122-33.SXI1.bin for the moment (I know this version has too much features for what we need for the moment) The problems we had with this version until now : - One of the supervisors rebooted spontaneously leaving no traces on why it restarted - ISSU (I don't remember what the version was we started the upgrade) didn't work, so I had to boot both chassis manually, giving a much higher downtime than expected - The activation of the first FWSM (inserted with power down for that specific module, followed by power up of the module), caused a crash and reboot of the supervisor of the chassis in with the FWSM was inserted. So anyone has comments on to which version we eventually should upgrade to before going to L3 ? (downtime will have a much larger impact from that moment on). I found on the cisco website there is a version 12.2.33-SXH6(ED) and a version 12.2.33-SXI3(ED) available. Greetings, Wim Holemans Network Services University of Antwerp ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ Matthew Huff.vcf ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https