[123283] in North American Network Operators' Group
Re: Cisco hardware question
daemon@ATHENA.MIT.EDU (Ben Carleton)
Thu Mar 4 18:25:56 2010
From: Ben Carleton <bc-list@beztech.net>
In-Reply-To: <SNT140-w56593771EB5564D397D466B0390@phx.gbl>
Date: Thu, 4 Mar 2010 18:23:57 -0500
To: "Kaveh ." <afx66@hotmail.com>,
NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mar 4, 2010, at 6:16 PM, Kaveh . wrote:
>=20
> Thanks for the feedback. Let me clarify a few things regarding issues =
that this thread has addressed so far:
>=20
> A) Pre-existing configs: What Tim and Joe mentioned is apparently =
correct. I was on phone with a few Cisco tech-reps earlier today and =
they told me that since version 8.2, they have been shipping ASAs with a =
default configuration, which explains the existence of private IP =
addresses on the inside interface, etc ... .
>=20
> B) What Cisco reps could NOT explain was the existence of a number of =
FSCK000#.REC files on these appliances. To be more specific each of ASAs =
in question contains 4 extra files: FSCK0000.REC, FSCK0001.REC, =
FSCK0002.REC, FSCK0003.REC). I said 'extra' because I asked the Cisco =
reps on phone to provide me a complete list of files that should exist =
on a brand new ASA, and the 4 files above were not part of the list and =
I think even they got confused when I mentioned the existence of these =
files.
>=20
> I could not find much info on these files, but a simple Google search =
indicates that these files may be 'recovery files' of Disks operating =
under Unix/Linux/BSD/etc /... kernel, indicating a dying hard drive. =
That would be enough to freak me out! Anyone can confirm this?
>=20
> C) SmarNet issue: I am a little confused on this. Since this purchase =
was for NEW equipment, and the devices were shipped by Cisco (at least =
that is what I read on the box; a Cisco warehouse in TX), then my =
understanding is that the devices came with the first 12 months of =
Smarnet anyway. So I will be surprised if they decline the contract =
renewal after the first year. After all they sold us the appliances as =
if they were new. How can decline renewal if I can prove that I paid =
them for new?
>=20
> D) Reseller: Yes, I appreciate the input. I will stick with a bigger =
name like CDW, next time, but again it appears to me that the devices =
were shipped from a Cisco warehouse in Texas, and not from the =
reseller's location.=20
>=20
>=20
>=20
> I would greatly appreciate any input, especially on B)
>=20
>=20
>=20
> Thank you
>=20
>=20
>=20
> Best regards
>=20
>=20
>=20
>> Subject: RE: Cisco hardware question
>> Date: Thu, 4 Mar 2010 14:27:04 -0800
>> From: MAdcock@hisna.com
>> To: ken.gilmour@gmail.com
>> CC: nanog@nanog.org
>>=20
>> According to previous conversations with my Cisco rep the answer is =
no - Cisco won't support it. I'm blind copying him on this and will pass =
on his response.
>>=20
>> Thanks,
>> Matt
>>=20
>> ________________________________
>>=20
>> From: Ken Gilmour [mailto:ken.gilmour@gmail.com]
>> Sent: Thu 3/4/2010 4:17 PM
>> To: Adcock, Matt [HISNA]
>> Cc: nanog@nanog.org
>> Subject: Re: Cisco hardware question
>>=20
>>=20
>> So if one were to purchase equipment, which is explicitly sold as =
"Refurbished" from, say www.impulsetech.us and they were to offer =
Smartnet on it, there is no guarantee that even if you paid for it, that =
Cisco would fulfil their support contract?
>>=20
>> Regards,
>>=20
>> Ken
>>=20
>>=20
>> On 4 March 2010 15:22, Adcock, Matt [HISNA] <MAdcock@hisna.com> =
wrote:
>>=20
>>=20
>>=20
>> Don't deploy the equipment, demand a refund, and report the reseller =
to Cisco. I agree completely with Brian - find a good Cisco partner and =
stick with them. Also, you can't legally buy used Cisco equipment and =
use the operating system. You can buy the equipment but the OS is =
absolutely non-transferrable. If you try to get SMARTNet on it red flags =
will go up and Cisco won't support it.
>>=20
>> Thanks,
>> Matt
>>=20
>>=20
>>=20
>> Matt Adcock, Manager
>> 334-481-6629 (w) / 334-312-5393 (m) / MAdcock@hisna.com
>> 700 Hyundai Blvd. / Montgomery, AL 36105
>>=20
>> P
>> The average office worker uses 10,000 sheets of paper =3D 1.2 trees, =
per year
>> By not printing this email, you've saved paper, ink and millions of =
trees
>>=20
>>=20
>>=20
>> From: Brian Feeny [mailto:bfeeny@mac.com]
>> Sent: Thu 3/4/2010 3:05 PM
>> To: Kaveh .
>> Cc: nanog@nanog.org
>> Subject: Re: Cisco hardware question
>>=20
>>=20
>>=20
>>=20
>>=20
>> If you are getting Cisco hardware with configs on it or crashfiles, =
etc. Then no it is NOT new equipment. Who are you buying from? Are they =
a Gold partner on Cisco's partner locator? If not, then I have seen some =
seedy things, and of course i have seen seedy things with Gold partners =
too, I am just pointing out that the ability to compete and make margin =
get more and more difficult the lower the partner is on the totem pole =
and so desperation can drive certain behavior.
>>=20
>> In general from a cisco Gold partner you can expect as good as 35-40% =
or so on new equipment for a discount for regular deals. Special pricing =
for special projects you may be able to get a bit better, and maybe 1% =
or so better for general products from CDW or a big box company like =
them. If you are paying 50-60% off list for just individual items you =
order, then its likely not new and there is likely something shady going =
on, as no partner is going to get you some special discount pricing on a =
single 3845 for example.
>>=20
>> All of your good gold partners are going to charge around the same =
give or take a few percent on material. So find someone you can trust =
and just build a relationship. If your paying new prices for used gear =
then yes you are getting ripped off.
>>=20
>> I would be glad to recommend to you a reputable gold partner if you =
email me off list.
>>=20
>>=20
>> Brian
>>=20
>>=20
>> On Mar 4, 2010, at 3:48 PM, Kaveh . wrote:
>>=20
>>>=20
>>> Hello,
>>>=20
>>> I apologize if this is an unusual topic but I would like to know =
what this expert community thinks about this issue:
>>>=20
>>> We have noticed that a number of Cisco appliances we have recently =
purchased and paid (AS NEW), are being shipped as if they have been =
already used/refurbished. In other words, several times we have seen =
brand new Cisco hardware, out of the box, that has pre-existing =
configuration (Interfaces with Private IP addresses, static routes, etc =
...) and in some cases even non-system files, like 'crashdump.txt' or =
additional IOS images. Most importantly our latest purchase; 2 'new' =
ASAs, contain a series of files named: FSCK0000.REC, FSCK0001.REC, =
FSCK0002.REC, etc ... . Based on some research it seems like that these =
files are 'recovery files' signaling bad/failing hard disks in these =
appliances.
>>> Anyone on thhis group has seen this before and if yes, are we =
supposed to blindly trust the vendor saying the hardware is new, safe =
and secure?
>>>=20
>>> The only way I can explain this is that the hardware has been =
refurbished or previously configured for reasons unknown to me. I think =
if customers pays for new hardware, they should get new hardware, even =
if refurbished hardware may be covered by Smartnet.
>>>=20
>>> Any thoughts or recommendations anyone? The last thing we want to do =
is to deploy faulty (or non secure) security appliances in production. =
:)
>>>=20
>>> Thank you
>>>=20
>>> Best regards
>>>=20
>>>=20
>>=20
>>=20
>> The information in this email and any attachments are for the sole =
use of the intended recipient and may contain privileged and =
confidential information. If you are not the intended recipient, any =
use, disclosure, copying or distribution of this message or attachment =
is strictly prohibited. We have taken precautions to minimize the risk =
of transmitting software viruses, but we advise you to carry out your =
own virus checks on any attachment to this message. We cannot accept =
liability for any loss or damage caused by software viruses. If you =
believe that you have received this email in error, please contact the =
sender immediately and delete the email and all of its attachments
>>=20
>>=20
>>> Hotmail: Free, trusted and rich email service.
>>> http://clk.atdmt.com/GBL/go/201469228/direct/01/
>>=20
>>=20
>>=20
>>=20
>>=20
>>=20
>>=20
>>=20
>>=20
>>=20
>>=20
> =20
> _________________________________________________________________
> Hotmail: Powerful Free email with security by Microsoft.
> http://clk.atdmt.com/GBL/go/201469230/direct/01/
Kaveh:
I can confirm with absolute certainty that fcsk is a Unix utility for =
determining if a hard disk is failing and optionally attempting a =
recovery. I have never heard of such output files, though. How big are =
they? If they are tiny, they could just be status reports or a save of =
the program's output. If they are large, they may represent backups of =
the flash memory.
Ben=
