Re: Cisco Field Notice 63180

Thu, 20 Nov 2008 12:31:30 -0800 

I don't either, I do know this, the Primary CAM was manually repaired by the 
TAC engineer. Then he did a service perfigo stop and service perfigo start. The 
stand-by was shutdown at the time, powered it up and he manually repaired that 
CAM, then a stop/start to finish. Neither CAM was actually rebooted. All of the 
CAS were rebooted, some more than once, still one CAS showed up as affected. 
That CAS has been running "affected" since Sunday. I just downloaded and ran 
the patch this morning. I ran check on the CAMs first and all four showed "not 
affected". I ran the check in the CAS next and that one machine showed 
"affected". I didn't expect that. That's why I said "just to be safe" run the 
check on each box...
Tell you something else I did after all was said and done, made a current 
backup and stored it in a nice dry place, several places actually!  :)
Howard
From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On 
Behalf Of David Pifer
Sent: Thursday, November 20, 2008 14:57
To: [email protected]
Subject: Re: Cisco Field Notice 63180

I found that I ran the check on the CAMs (HA MODE) first and the CASs were 
clean, then I restarted the CAMs. Wether the update pushed from the CAMs or the 
CASs were not affected, I don't know.


David L. Pifer - N9YNF - CCNA
Network Engineering Services
Indiana State University, Office of Information Technology
210 N. 7th St., Rankin Hall R044, Terre Haute, IN 47809
812.237.2923 office  812.237.4361 fax


>>> Bruce Hudson <[EMAIL PROTECTED]> 11/20/2008 14:30 >>>

> The steps stated in the Field Notice only say that the Standby NAC Servers
> require no action. However, when a reboot happens on the active CAS, the
> environment will fail over to the secondary. Therefore, I would believe
> that the active CAS after the failover would not have the correct OS
> version. Or am I wrong on this and when the first active CAS runs
> the "CASSigAffect.sh" script the secondary would then also be updated?

    The patch is to the CAM. The CAS scripts only identify whether or not
a given CAS has been "infected". A simple reboot will fix the CAS as long
as the CAM been fixed.
--
Bruce A. Hudson| [EMAIL PROTECTED]
UCIS, Networks and Systems|
Dalhousie University|
Halifax, Nova Scotia, Canada| (902) 494-3405

Reply via email to