Guest

Cisco MGX 8250 Software

Field Notice: FN# 62101 MGX8850, MGX8230, MGX8830 and MGX8250, Images 1.3.10 and 1.3.11 Only: When Default Password is Changed and Displayed, the Password Table Will Contain Invalid Entries


June 09, 2005


Products Affected

  • MGX8230-SW - 1.3.10

  • MGX8230-SW - 1.3.11

  • MGX8250-SW - 1.3.10

  • MGX8250-SW - 1.3.11

  • MGX8830-SW - 1.3.10

  • MGX8830-SW - 1.3.11

  • MGX8850-SW - 1.3.10

  • MGX8850-SW - 1.3.10

Problem Description

  1. Invalid Password entries after upgrade if dsppassword is executed in PXM releases 1.3.10 or 1.3.11 (CSCeg40704)

  2. Invalid Password entries during PXM software upgrade (CSCdu36455)

Background

The MGX8850, MGX8230, MGX8830 and MGX8250 chassis can be affected if they are using PXM1-type cards, not PXM1E.

  1. Problem Description #1 occurs in the PXM release 1.3.11. It happens when upgrading from versions earlier than 1.1.40 to versions 1.1.40 and later.

  2. Problem Description #2 happens in both versions 1.3.10 and 1.3.11. As part of the fix to verify the password in 1.1.40, the scanning of the password stored in RAM DB was done from right to left and was compared with the user entered password.

Problem Symptoms

The password table contains invalid entries and login to the node may not be possible unless a workaround is done.

  1. When the dsppasswd CLI command or the getUserpassword shellconn command is used to display the password, the password table is written with invalid entries.

  2. If the length of a currently configured password happens to be shorter than the length of the previous password, the password table is written with invalid entries.

Workaround/Solution

1. & 2. These issues are fixed in PXM release 1.3.12.

For Option1:

Switchcc or do not display password after updating the password when using or upgrading to the 1.3.10 or 1.3.11 images:

While upgrading from lower versions to 1.3.10 or 1.3.11, the invalid password entries can be avoided as follows:

  1. Change all passwords to max length ( 15 characters) before software upgrade

  2. After a software upgrade to 1.3.11 or 1.3.10, keep superuser at max length then other passwords can be changed.

Once upgraded to 1.3.11 or 1.3.10 :

Do not execute cli command dsppasswd or shellconn command getUserpassword in 1.3.10 or 1.3.11.

For option2:

Upgrade to 1.3.12 software which has the fix :

While upgrading to 1.3.12 we have to take care of the invalid password entries as follows:

Upgrading from 1.1.40 or earlier versions to 1.3.12:

  1. Change all passwords to max length( 15 characters) before software upgrade.

  2. After a software upgrade to 1.3.12 , all passwords can be changed.

Upgrading from 1.3.11 or 1.3.10 to 1.3.12

  1. Not required to change the passwords to maximum length.

  2. Do not change superuser password before software upgrade.

  3. After the upgrade , all the passwords can be changed.

There is a possibility of Superuser invalid password entries also after upgrading from 1.1.40 or lower versions to 1.3.11:

Scenario:

When the node is upgraded from 1.1.40 or earlier versions to 1.3.11 with the below steps:

  1. Change the passwords of Cisco/Service/Superuser to the 15 characters in 1.1.34.

  2. Upgrade to 1.3.11

  3. Change passwords back to AT&T's production value for Cisco/Service/Superuser.

Cisco/service passwords works fine and the node is reachable for Cisco/Service users. Yet, there can still be invalid password entries for Superuser login and access to the node is lost for Superuser.

Invalid password entries for Superuser login and access to the node is lost for Superuser.

Workaround:

  1. If the Password is changed for Superuser by mistake, Superuser login is lost. To reach the node using Superuser, perform the following:

    1. Login to the node as Cisco/Service user and change the password.

    2. Login as Superuser. Node is reachable for Superuser.

  2. Superuser Password cannot be changed after the upgrade to 1.3.11.

  3. Superuser password can be changed after upgrading to 1.3.12.

DDTS

To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.

DDTS

Description

CSCeg40704 (registered customers only)

password gets corrupted after dsppasswd command is used

CSCdu36455 (registered customers only)

password corruption after adduser

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.