Guest

Cisco Services Modules

Field Notice: FN - 62010 - WS-SVC-FWM-1-K9 - New 1.1 Minimum Software Version Requirement


Revised July 20, 2006

July 07, 2005

NOTICE:

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.


Products Affected

  • WS-SVC-FWM-1-K9

Problem Description

Changes in the design of the Cisco Catalyst 6500 Series Firewall Services Module require a new minimum level of software, version 1.1(4). Newer Firewall Service Modules will not boot if they are downgraded to versions 1.1(1) through 1.1(3).

Background

A Firewall Service Module manufacturing component change introduced in July 2003 changed the minimum required software version from 1.1(1) to 1.1(2). Then a BIOS update to version 6.0.9 released in February 2005 changed the minimum required software version from 1.1(2) to 1.1(4).

Releases 2.2(1) and later fully support the new changes as well.

Problem Symptoms

Firewall Service Modules manufactured with the newer component or BIOS version will not boot if downgraded to software versions earlier than 1.1(2) or 1.1(4) respectively. The module may continuously reboot or simply fail to boot once and then hang. The following error message will appear on the supervisor console several minutes later:

%C6KPWR-SP-4-DISABLED: power to module in slot 2 set off (Module Failed SCP dnld)

Running a show module command from the supervisor will show that the Firewall Service Module is in PwrDown status:

------------------ show module ------------------ 
Mod Ports Card Type Model Serial No. 
--- ----- -------------------------------------- -------------- --------------- 
1 6 Firewall Module WS-SVC-FWM-1 SAD0911007S 
7 2 Supervisor Engine 720 (Active) WS-SUP720-3BXL SAD091108NS 

Mod MAC addresses Hw Fw Sw Status 
--- ---------------------------------- ------ ------------ ------------ ------- 
1 0012.8005.dd4a to 0012.8005.dd51 3.0 7.2(1) 8.3(0.156)RO PwrDown 
7 0011.21ba.0da8 to 0011.21ba.0dab 4.3 8.1(3) 12.2(18)SXD Ok

Workaround/Solution

All Firewall Service Modules shipped from manufacturing or via the RMA process with software version 1.1(4) or later should not be downgraded to any earlier versions of software. See the How to Identify Hardware Levels section below to determine if your unit may safely be downgraded to versions 1.1(2) or 1.1(3) if required.

If you have already downgraded your software and find that your FWSM will not boot you may utilize the Maintenance Partition to upgrade the Application Partition software to release 1.1(4) or later. Follow the instructions in the Configuration Guide, Installing Application Software to Any Application Partition in order to boot to the maintenance partition and upgrade the application partition.

How To Identify Hardware Levels

The component version which requires software version 1.1(2) cannot be identified via the CLI. All units shipped from manufacturing or via the RMA process with software version 1.1(2) or later must not be downgraded to software version 1.1(1).

If you wish to verify the version of BIOS that you have installed in the FWSM you may do so using the show version command from the maintenance partition.

Note: the same command run from the Application Partition does not display the BIOS version.

Follow the instructions in the Configuration Guide, Installing Application Software to Any Application Partition in order to boot to the maintenance partition.

The example below shows that BIOS version 6.0.4 is in place and therefore this unit will work with software versions 1.1(2) and later.

root@localhost.localdomain#show version 

Maintenance image version: 1.1(2) 
mp.1-1-2.bin : Tue Sep 3 14:12:54 PDT 2002 : integ@kplus-build-lx.cisco.com 

Line Card Number :WS-SVC-FWM-1 
Number of Pentium-class Processors : 2 
BIOS Vendor: Phoenix Technologies Ltd. 
BIOS Version: 4.0-Rel 6.0.4 
Total available memory: 1004 MB 
Size of compact flash: 123 MB 
Daughter Card Info: Number of DC Processors: 3 
Size of DC Processor Memory (per proc): 32 MB 

root@localhost.localdomain#

The example below shows that BIOS version 6.0.9 is in place and therefore this unit requires software versions 1.1(4) or later.

root@localhost.localdomain#show version 

Maintenance image version: 2.1(2) 
mp.2-1-2.bin : Thu Nov 18 11:41:36 PST 2004 : integ@kplus-build-lx.cisco.com 

Line Card Number :WS-SVC-FWM-1 
Number of Pentium-class Processors : 2 
BIOS Vendor: Phoenix Technologies Ltd. 
BIOS Version: 4.0-Rel 6.0.9 
Total available memory: 1004 MB 
Size of compact flash: 122 MB 
Daughter Card Info: Number of DC Processors: 3 
Size of DC Processor Memory (per proc): 32 MB 

root@localhost.localdomain#

To identify units by HW version:

HW Ver 1.1 can use any application image.

HW Ver 2.0 can use any application image.

HW Ver 3.0 should use application image above 1.1(4).

HW Ver 3.1 must use application image 1.1(4) or higher.

HW Ver 4.0 must use application image 1.1(4) or higher.

HW Ver 4.1 must use application image 1.1(4) or higher.

Revision History

Revision

Date

Comment

1.1

20-JUL-2006

Added HW/SW interoperability matrix

1.0

08-JUL-2005

Initial Public Release

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.