Guest

Cisco PIX 500 Series Security Appliances

Field Notice: *Expired* FN - 15028 - Incorrect PIX-1FE Fast Ethernet Interface Card


Revised October 30, 2006

September 24, 2001

NOTICE:

THIS FIELD NOTICE HAS BEEN ARCHIVED AND IS NO LONGER MAINTAINED OR UPDATED BY CISCO.

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE, WARRANTY OR SUPPORT. USE OF THE INFORMATION ON THIS FIELD NOTICE OR MATERIALS LINKED FROM THIS FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.


Products Affected

Product

Comments

PIX-1FE

One 10/100 Mbps Ethernet Interface, RJ45 (option)

PIX-1FE=

One 10/100 Mbps Ethernet Interface, RJ45 (spare)

Problem Description

Between July 30, 2001, and August 9, 2001, some PIX-1FE cards shipped from Cisco contained the i82550 Ethernet controller chip. This chip is not supported by the PIX operating system and these cards may not function properly when installed in PIX firewalls.

Background

The vendor supplying Cisco with Ethernet interface cards substituted a different model without notifying Cisco in advance. The i82550 Ethernet controller chip is very similar in function to the supported chips and initially passed production tests. Since this substitution has been discovered and corrected, Cisco has modified its testing to verify the Ethernet controller type.

Problem Symptoms

When an unsupported interface card is installed in a PIX firewall, the following symptoms may occur:

  • The incorrect interface card may not be recognized in ROM monitor mode and may fail to TFTP PIX or PDM images. The system may stop responding or "hang" when a TFTP transfer is initiated.

  • The incorrect interface card may cause the system to hang or reboot during the boot process.

  • The incorrect interface card may cause some systems (in particular the PIX 525) to hang or reboot during the execution of a show interface command.

  • In all situations where the Ethernet interface controller type is reported (ROM monitor mode, show interface, etc.), the i82550 controller is reported as hardware type i82557. Note that in the past i82557 interface cards were shipped as PIX-1FE units. Refer to the "How To Identify Hardware Levels" section below for more details.

In addition, newer PIX OS releases including 6.1(1) and future maintenance releases of older release trains (6.0, 5.3, etc.) will disable the card with a message like the following at boot time:

      Cisco Secure PIX Firewall BIOS (4.0) #0: Thu Mar 2 22:59:20 PST 2000
      Platform PIX-515
      Flash=i28F640J5 @ 0x300
      
      Use BREAK or ESC to interrupt flash boot.
      Use SPACE to begin flash boot immediately.
      Reading 2466304 bytes of image from flash.
      32MB RAM
      Ignoring PCI card in slot:2 (vendor:0x8086 deviceid:0x1229 revisionid:0xc)
      Flash=i28F640J5 @ 0x300
    BIOS Flash=AT29C257 @ 0xfffd8000

Workaround/Solution

The solution is to replace the incorrect PIX-1FE interface card with the correct card. Customers who wish to replace one or more of their cards should contact the Technical Assistance Center (TAC) and request a return materials authorization (RMA) for the affected cards.

How To Identify Hardware Levels

To identify the card from the command line, issue the show interface command. This command shows the hardware type of every installed interface card. The cards with the incorrect i82550 controller are reported as i82557 hardware types. The i82557 controller, except the 535 model, is supported by the PIX but Cisco has not shipped it for two years. Therefore, it is most likely that recently received PIX-1FE cards reported as type i82557 are the unsupported i82550 model.

caution Caution: Some PIX models (notably the 525) containing the i82550-based card may stop responding when the show interface command is executed. If the units are in production, it's recommended that you issue this command during off hours.

pixfirewall# show interface
interface ethernet0 "outside" is administratively down, line protocol is down
Hardware is i82557
 ethernet, address is 0005.3290.024e
IP address 127.0.0.1, subnet mask 255.255.255.255
...

The printing on the Ethernet controller chips may positively identify the cards. The Ethernet controller type (8255x) is all that matters; the other text, including the location (Philippines versus Korea, year, and so on), is inconsequential.

Ethernet Controller

i82557

i82558

i82559

i82550

Supported

Yes (except 535)

Yes

Yes

No

Sample Printing on Chip

S82557

SB82558B

GD82559

82550EY

Sample Picture

fn15028_gjkrbg.jpg

fn15028_gjksb0.jpg

fn15028_gjkrdk.jpg

fn15028_gjkr7s.jpg

Physical Replacement of Parts

In the PIX installation guide under Installing a Circuit Board, follow the instructions to remove and replace incorrect PIX-1FE cards.

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.