Project

General

Profile

Bug #2013

Permanent blocks fail on some IOS devices.

Added by Randy Reitz about 8 years ago. Updated almost 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Start date:
10/14/2011
Due date:
% Done:

0%

Estimated time:
Duration:

Description

FBI uses the status 'permanent' (as defined in the BRIDGE-MIB::dot1dStaticStatus column) to request a MAC filter in a switch.
Some switches running Cisco IOS will reject the 'permanent' request with a error value "wrongValue(10)". The reason for
the rejection is that FBI does not have sufficient privilege to modify the non-volatile RAM in the device. Using the status
'deleteOnReset' will be successful on these devices.

Possible solutions:
1) Configure all switches to allow FBI to use status 'permanent' when requesting a block.
2) Add code to FBI to "fall back" to use 'deleteOnReset' when 'permanent' fails.
or
Add a routine to the new CIA poller that collects the contents of the dot1dStaticTable for all switches and compares
to the FBI list of blocks. If an FBI block doesn't exist in the device MIB, then FBI would request a new block.

History

#1 Updated by Lauri Carpenter about 8 years ago

NOTE:
Options 2 and 3 introduce a large window of opportunity for the TIssue and FBI databases to become completely out-of-synch with reality. A device will show up in FBI/TIssue as being blocked when actually it is NOT blocked.

#2 Updated by Lauri Carpenter almost 8 years ago

  • Status changed from New to Closed


Also available in: Atom PDF