Guest

Cisco BPX/IGX/IPX WAN Software

Field Notice: Data Anomalies in the User ID Table May Cause Nodes to Rebuild


February 6, 1998


Products Affected

The following products are affected: BPX, IGX, and IPX Cisco/Stratacom WAN switches with switch software versions 8.1.72, 8.2.58 or 8.4.15 or earlier.

Problem Description

Data anomalies in a node's User ID table cause the node to reload. In severe situations the node will declare unreachability to other nodes and PVCs will fail to pass traffic. This problem is very low frequency but can have severe consequences when it does occur.

Background

Previous versions of software - including 6.0 through 8.0, as well as the versions listed in the "Products Affected" section of this notice - had no protection against the data anomalies in the User ID table, as the problem was not well-understood and may have occurred only twice in the last three years.

This problem was not seen in switch software versions 5.3 and prior, as the User ID table is not shared among nodes in these older releases.

Data corruption on the User ID database can be caused by several means, ranging from component failures to operator intervention. The problem is not that data corruption can occur in the User ID table, but that User ID corruption can lead to disagreement between the nodes that can not be resolved, and lead to node rebuilds throughout the network.

Solution

The following changes were made to prevent a future occurrence of the problem.

  • Before a processor card transmits or receives a user id table update an integrity check is done on the data.

  • The software checks for duplicate table entries. If a duplicate entry is found, the software:

    • deletes the second occurrence

    • logs a software error

    • stops the duplicate entry from being transmitted

  • For the StrataCom, Service, and SuperUser-level passwords the software checks to ensure the username is correct: StrataCom = StrataCom.

    It checks that the password is an encrypted ASCII string with the appropriate length, access level, format, and that the string is terminated properly.

    If any of the above tests fail, then:

    • The password is set to the factory default.

    • A software log is entered.

    • The corrupted table is not propagated.

  • For customer logins, the software verifies that it is access level 0-6, that it is a valid ASCII string that is terminated, and in the correct format, and that the password is encrypted, checking again that it is a valid ASCII string, and is terminated properly.

    If the verification fails, then:

    • The user ID and password are deleted.

    • A software log is entered.

    • The corrupted table is not propagated.

    In a worst-case scenario, an entire User ID table can become corrupted. The software will then set the StrataCom, Service, and SuperUser passwords to the factory default, and will delete all established users on the system. This new User ID table will be propagated to the entire network, updating the network that all users have been deleted except the StrataCom, Service, and SuperUser logins.

    This is a minor drawback of the software fix. In order to re-establish the User Id table, contact the Cisco Technical Assistance Center (TAC), or contact your service provider, and inform the Customer Service Engineer that the User ID table has been deleted; the Customer Service Engineer can then dial into the network and use the default User ID and password to log in and add new users.

Workaround

There is no workaround for this problem.

DDTS

To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.

DDTS

Description

CSCdj71878

Protect nodes from memory corruption in User_IDs[] structure

Special Instructions

It is recommended that the network be upgraded to one the following versions:

  • 8.1.73

  • 8.2.59

  • 8.4.16

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.