Slashdot Mirror

← Back to Stories (view on slashdot.org)

Plug In an Ethernet Cable, Take Your Datacenter Offline

Posted by samzenpus on from the not-a-feature dept.

New submitter jddj writes: The Next Web reports on a hilarious design failure built into Cisco's 3650 and 3850 Series switches, which TNW terms "A Network Engineer's Worst Nightmare". By plugging in a hooded Ethernet cable, you...well, you'll just have to see the picture and laugh. They write: "The cables, which are sometimes accidentally used in datacenters, feature a protective boot that sticks out over the top to ensure the release tab isn’t accidentally pressed or broken off, rendering the cable useless. That boot would hit the reset button which happened to be positioned directly above port one of the Cisco switch, which causes the device to quietly reset to factory settings."

37 of 150 comments (clear)

  1. Easy way.... by blackfeltfedora · · Score: 5, Insightful

    "There’s an easy way to prevent it happening at all, by disabling the button" Another easy way to prevent this from happening would be DON'T BUY THIS SWITCH

    1. Re:Easy way.... by Darinbob · · Score: 4, Insightful

      It's not just the hood on the cable that would do this, you could easily press that button with a finger while plugging it in. Or you could press it accidentally while working on a box above or below it. Don't know if you have to hold the button in for 10 seconds before it wipes to factory default, but even without the hood there it seems like a big goof.

      But hey, it's Cisco. They use the design principle that people will buy their stuff anyway so why bother trying.

    2. Re: Easy way.... by phaethon2k · · Score: 5, Funny

      Every cheeseburger I shove down my throat is stopping a child from eating it, saving that child from obesity. Won't you think of the children?

    3. Re:Easy way.... by Bert64 · · Score: 4, Insightful

      That's even worse, only qualified IT departments would be buying these switches so you have every reason to expect that they *should* research their purchase before buying.
      Normally a reset button needs to be pressed with a pin to prevent accidental pressing...

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    4. Re:Easy way.... by X0563511 · · Score: 2

      "Average" anyones don't buy datacenter equipment.

      --
      For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
    5. Re:Easy way.... by mwvdlee · · Score: 2

      Also, it would require that the person most qualified to make such decissions is also the person actually making those decissions.
      How many of us had to suffer the fate of a "golfclub"; where the boss decides to force a certain product upon his employees because his buddy from the golfclub sells it.

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
    6. Re: Easy way.... by Anonymous Coward · · Score: 2, Funny

      The judge and my therapist says I shouldn't think of the children so much.

    7. Re:Easy way.... by TheCarp · · Score: 2

      The average American has 0.98 Testicles.

      --
      "I opened my eyes, and everything went dark again"
    8. Re:Easy way.... by zonk+the+purposeful · · Score: 2

      Pin? For real?

      You wouldn't be bringing small slivers of conducting metal loose into any data centre I ran, I wouldn't be buying something requiring a pin either.

      --
      "I see. The fact that you...`can't explain'.. explains everything."
    9. Re:Easy way.... by KingMotley · · Score: 2

      So you've never bought a current generation phone, tablet, PC, or a linksys router? Each of those require a pin for different things. Phones and tablets to remove their SIM chips, PCs and linksys routers to reset their CMOS settings or any device with a CD/DVD/Bluray drive to open it in case it gets "stuck".

  2. Bad in any case by Dan+East · · Score: 4, Insightful

    Regardless of the design of the connector, having the reset button directly above the port is a bad design. It's simply too easy to hit it with your thumb just plugging in or removing a cable. I suppose holding it down for several seconds resets to factory, which is what happens when using cables with the boot. Still, regardless of that more severe problem, it was a bad design in the first place.

    --
    Better known as 318230.
    1. Re:Bad in any case by Drishmung · · Score: 5, Insightful
      Why didn't they at least recess the switch? You really don't want to accidentally press a reset switch. Poor design.

      Not that Cisco hasn't made faux pas before. The 25xx as I recall had socket for a PCMCIA card, but no slot in the front panel to access it! You had to take the case off to do that.

      --
      Protoplasm. Quiet Protoplasm. I like quiet protoplasm.
    2. Re: Bad in any case by Anonymous Coward · · Score: 2

      Perhaps Cisco believes that the reset switch is used so frequently, they didn't want the network engineers to have to look around for a paperclip to push a recessed switch.

      The real WTF is that there is a "factory reset" button on the thing at all

    3. Re: Bad in any case by xous · · Score: 4, Interesting

      The mode button triggers "express setup" which is basically a lazy way to configure the shit for retard small business/enterprise admins so they don't have to console the device via rs232 to configure it.

      I've had similar issues with older gear not racked properly. The mode button a 3750 (and other models) can still be accidentally depressed in a messy cabinet.

    4. Re: Bad in any case by ArmoredDragon · · Score: 4, Informative

      The mode button triggers "express setup" which is basically a lazy way to configure the shit for retard small business/enterprise admins so they don't have to console the device via rs232 to configure it.

      For which model? In every Cisco device I've used (including the C3560 switches I own for CCIE training) the mode button only does anything at all if you have it held down while the switch is powering on. Doing so goes into ROMMON, which allows you to change the configuration register to ignore the startup-config.text file on the flash (the startup-config.text file is what contains all of the password information, so if it doesn't execute, then you effectively have a factory configuration switch, although your configuration files are still present if you need to use them.)

      By the way, you can also modify the configuration register so that if the mode button is held at bootup, then it simply wipes the configuration files entirely, that way you don't have to worry about somebody stealing your configuration data if you have a switch that's in a geographic location that you can't reasonably have physically secured.

    5. Re: Bad in any case by TWX · · Score: 4, Informative

      If I'm remembering correctly...

      If there's a TFTP server properly configured... If there's bootp on the LAN properly configured... If there's a switch configuration saved to that TFTP server and If it's named correctly such that there's a mechanism for associating it with a given request, some Cisco equipment can autoconfigure by pulling the config down off of TFTP without administrator intervention. I've seen some C2960S and C3560G do this; had to clear-out, IOS update, and put config templates on about 160 switches over a few days, watching it complain about not being able to find a TFTP server is just a little burned into my brain.

      No one that I've spoken with has ever used this feature in production, and honestly it would take so much advance-setup to make it work that no boss would choose that path out of laziness instead of getting out a console cable, but technically if the switch were reset with the mode button it might make the attempt.

      Again, if I'm remembering correctly.

      I wish that Cisco would make it harder to press that button. Some older switches were REALLY bad, the button was the whole left end of the panel. If the closet is racked incorrectly the component above or below the switch could press the button and hold it down. I've seen it happen a few times.

      --
      Do not look into laser with remaining eye.
  3. It's not a bug, it's a feature by __roo · · Score: 4, Funny

    Are 'config t' and 'write erase' too difficult to remember? Bothered by all those inconvenient keystrokes? Try the new EasyBoot(TM) from Cisco, the most convenient way to reset your router!

    --
    Building Better Software
    1. Re:It's not a bug, it's a feature by CrankyFool · · Score: 3, Interesting

      You've got to log in as enabled in order to be able to use 'config' or 'write', which of course means you can't use either to recover from a lost enable password (of course, that's what starting up and interrupting the boot sequence and 0x2102 (which, BTW, I last used about 18 years ago and could still remember -- scary) are for.

  4. Wait, what? by Anonymous Coward · · Score: 5, Funny

    From the article:

    The cables, which are sometimes accidentally used in datacenters, feature a protective boot that sticks out over the top to ensure the release

    and then

    Such a situation could cause a problem in any size datacenter, where these switches and cables are commonly used

    So are they commonly used on accident? Accidentally used commonly? I was reading the article to figure out what type of cable was often used, but apparently it's these cables but only by accident all the time.

    1. Re:Wait, what? by 93+Escort+Wagon · · Score: 2

      "Sometimes," "commonly" and "accidentally" are not exclusive conditions.

      One of these things is not like the other
      One of these things just doesn't belong!
      Can you tell me which thing is not like the other
      Before I finish this song?

      --
      #DeleteChrome
  5. i work in enterprise datacenter by cosm · · Score: 3, Interesting

    If a single device brings down your entire data center, you've got design problems and your architect should be fired or retrained. These days everything is redundant in triplicate at minimum and new devices spin up automatically based on automatic provisioning and chef/puppet type setups. Even if your core router (why would you have just one!?!?!?!) shits the bed and resets to factory defaults with VLAN 1 and basic STP with no routing interfaces configured, if your NOC folks did a good job, a proper MSTP / VRF / TRILL / SDN ( OpenFlow, etc) / etc like setup should route around that shit and QA will have already tested the "core clos spine device reboots to factory defaults" test case at which point you have just another device for a low paid lackey to swap out based on your network monitor going yellow.

    If you work in a Fortune 500 datacenter and you can't handle this sort of outage, get the fuck out. You're the reason shit's going downhill. Also if a Cisco 3650 or 3850 bring down your datacenter, see previous negative asshole sentiment or get a new job if your manager is responsible for the confines of such a clusterfuck. No participation trophy for such asshattery.

    --
    'We are trying to prove ourselves wrong as quickly as possible, because only in that way can we find progress.' RPF
    1. Re:i work in enterprise datacenter by iggymanz · · Score: 4, Insightful

      blah blah blah

      Reality is single device failures bring down large chunks of the net including valuable peers of your "enterprise datacenter"

      Of course, sometimes identical cisco models used in redundant tuples also cause outages together after upgrade by common bug that didn't show up in test

      so pontificate all you want, you're vulnerable to a lot of bad things

    2. Re:i work in enterprise datacenter by xous · · Score: 4, Interesting

      The problem is that 3650 and 3850 are not designed for a "Datacenter" deployment.

      They aren't even designed as top of rack switches.Their use case is access or distribution for end-users. They belong in a wiring closet.

      That, of course, doesn't stop morons or small companies deploying them as "Core" routers or switches in their datacenters....

    3. Re:i work in enterprise datacenter by Antique+Geekmeister · · Score: 4, Insightful

      > If a single device brings down your entire data center, you've got design problems and your architect should be fired or retrained.

      Please: if your data center has the time, and skill, and is willing to take the service interruptions to make the whole setup properly immune to single points of failure, that's great. But very, very few live business environments have that kind of resource, time, and willingness to enable critical switches with robust failover.

    4. Re:i work in enterprise datacenter by gl4ss · · Score: 2

      yeah I'm sure everyone runs 3x the servers and 3x the switches they need.

      yeah. sure.

      it's not just for fortune 500 datacenters. and plenty of fortune 500 companies have office or whatever serving centralized servers that don't have triple redundancy because it's not really practical.

      plenty of places where that switch could have 10-20 devices behind it that weren't redundant on another switch. in fact if you just stopped to think of how practical world works, it's more than likely.

      (furthermore, "the low paid lackey" would just install all the cables in the same places which would cause the same problem to come up instantly)

      --
      world was created 5 seconds before this post as it is.
    5. Re:i work in enterprise datacenter by camperdave · · Score: 2

      For $10,000 I can ship you 40 safety plugs that will fit into port 1 as a reminder not to use the port. Now... where did I put my crimper?

      --
      When our name is on the back of your car, we're behind you all the way!
  6. Re:Actual pictures or it didn't happen. by Scoth · · Score: 2

    I've seen a few of them, but they're pretty rare. I avoid them because usually the boot does more harm than good - getting stuck under the tab, sliding to the side and making it hard to push the tab, getting stuck next to the jack/port, especially if it's slightly recessed like you might find in an IP phone. And, apparently, breaking Cisco switches. Something like This would probably do it.

    Incidentally, I'm not really a Cisco guy, but I have helped recover a couple secondhand switches for friends and I'm pretty sure there are several more steps required than just holding the mode button. If you were to get it stuck pushed and the switch ever power cycled it'd likely end up stuck at a boot prompt until the cable was unplugged and it was rebooted again, but it shouldn't be the disaster implied.

  7. Cisco's official response.. by hilather · · Score: 4, Funny

    You're plugging it in wrong.

    1. Re:Cisco's official response.. by 93+Escort+Wagon · · Score: 4, Funny

      You're plugging it in wrong.

      To be fair, it is running IOS.

      --
      #DeleteChrome
  8. Novel! by adolf · · Score: 5, Interesting

    While I like the auto-LART feature, I wonder what the switch is doing there at all: If the switch is working properly, it doesn't need a reset button.

    If the switch is not working properly, it needs to be burdensome to power-cycle it, to encourage people to complain loudly to the responsible vendor(s) until the product actually works.

    In these modern times, I think an accessible reset switch is like: "Yo dawg, I heard you like to 'fix' things by pushing buttons, so we put buttons on your Enterprise switches so you can reset one-handed while you [...]"

    ObTopic: I once helped take down an enterprise LAN with an Ethernet cable. It was 10-ish years ago, and we just installed a new-fangled VoIP phone system. Each VoIP deskset had a built-in unmanaged 10/100 switch. This was a very handy thing before our modern enlightened structured cabling roll-outs, because it could be trivially daisy-chained with a desktop computer and standardized PoE was not yet a thing.

    Anyhow, we started late on a Wednesday, and finished just before start of business Thursday: Record time for replacing an old Nortel with a few hundred extensions, I tell you. And I went home and died on my couch, having been awake and actually working (prep, etc) for about 40 hours.

    At 7:23AM, my phone rang. It was my manager. Their entire network had crashed, hard. They blamed us. They were livid. I read my manager the NSFW riot act, hung up, and went back to sleep.

    Turns out that after we left, some unknown person had plugged both external switched ports of a deskset into both ports on a wallplate connected to a then high-end HP Procurve switch, which itself connected to a factory and office tower full of other HP Procurve switches carefully set up in a redundant "mesh fabric" mode. This carefully-constructed, redundant network then died in a broadcast packet storm.

    Once they found the error and unplugged that one extraneous heads-will-roll wayward wire, things more-or-less instantly returned to normal.

    (STP would've instantly made this a complete non-issue, but at that time STP and HP's mesh conflicted with eachother and could not cohabitate. I understand that this was subsequently resolved, though I don't deal with HP switches often enough to verify.)

    --
    Kid-proof tablet..
  9. Re:Actual pictures or it didn't happen. by MyAlternateID · · Score: 2

    Article only show drawings/illustrations - where's an actual picture

    That's exactly what I said in Sex Ed!

  10. Re:Actual pictures or it didn't happen. by I'm+New+Around+Here · · Score: 2

    You home-schooled kids are so funny.

    --
    If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
  11. Slow news day? by HockeyPuck · · Score: 2

    Sure this is funny, but the workaround in TFA is pretty straightforward.

    Disable Express Setup with this command while in config mode:

    3850(config)# no setup express

    Someone explain to me why you'd run Express Setup after deploying this switch?

  12. Re:Actual pictures or it didn't happen. by TWX · · Score: 2

    I've got several thousand of those kinds of cables in my closets. They're not so bad if you don't have a reset button located adjacent to the tab protector. They actually slip out of the bundle fairly easily compared to most others.

    --
    Do not look into laser with remaining eye.
  13. Probably designed by a millenial by Hognoxious · · Score: 2

    Normally a reset button needs to be pressed with a pin to prevent accidental pressing...

    This. I've never seen anything where it wasn't recessed like that.

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  14. NOT A RESET BUTTON by Big+Jim+Taters · · Score: 2

    I think the first thing we all need to understand is that the button mentioned is NOT a reset button. It's the display button for the lights and is clearly labeled "mode". It cycles between the different information modes such as speed, duplex, stack ID, POE usage, etc. See this article from the Cisco Support forums detailing how to determine which stack ID the different switches are as one example: https://supportforums.cisco.co...

  15. Simple solution by espre · · Score: 2

    just saw of the reset button - leave a ditch. For resetting you can always prick with a pin on that ditch :).