| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw28001 | Title: | Switch reloads while ND ISSU with Lacp failure-maximum downtime exceeded |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom: ISSU failure on N5672-8G switch during ISSU with error of LACP failure of "maximum downtime exceeded"
The below string will be displayed to the user:-
"Upgrade has failed. Return code 0x40930085 (lacp failure - maximum downtime exceeded)" Rebooting the switch to recover. [ 230.307510] Shutdown Ports.. [ 230.342086] writing reset reason 3, ISSU failure: 0x40930085
Conditions: During ISSU on 5672-8G switch.
Workaround: None
Further Problem Description: The LACP failure in this case was happening due to microcontrollers(these microcontrollers are used to access SFPs, only the control(LED status, SPROM data of SFP etc..) not the LOS/Datapath- datapath is controlled by bigsur) getting timedout during ISSU just after kexec of new kernel. These controllers are enumerated as USB devices in the kernel and need to re-probe and sync with the new kernel, some times these devices fail to get initialized and as the timeout for USB operations was 45 secs and in 5672 there are 3 microcontrollers and hence was causing a delay of more than 80 secs which is the maximum downtime for LACP.
The reason for USB devices not responding is not clear and the failure is not consistent and as of now its reproduced more often on 5672UP platform only.
Fix ==================================== There are 2 approaches taken for fixing the issue completely. 1. USB timeout is being reduced from 45 secs to around 2 sec. 2. If any of the device fails to respond, the a list of these devices is maintained in the kernel which will be fetched by the PFMA module during te system image bootup which will perform the reset of the device to bring it to operational state. These USB devices (microcontrollers used to access SFP) dont impact the datapath of the interface, hence wont have any impact on the interface functionality. This fix is applicable only for 5672-8G
|
|
Last Modified: | 29-FEB-2016 |
|
Known Affected Releases: | 7.3(0)N1(0.131) |
|
Known Fixed Releases: * | 7.1(3)N1(1.5), 7.1(3)N1(2), 7.3(0)IZN(0.13), 7.3(0)N1(0.221), 7.3(0)N1(1), 7.3(0)ZN(0.198), 8.3(0)CV(0.337) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCti96718 | Title: | snmpget caused Nexus 5010 Crashes after upgrade to 4.2(1)N2(1) |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
A Nexus 5000 switch running NX-OS 4.2(1)N2(1) might crash in pfma process
Conditions:
An external NMS station is doing SNMP operations on the Nexus 5000 which has a problem with FEX not coming online.
Workaround: Make sure the FEX connected to the Nexus 5000 is configured correctly and comes online or do not do any SNMPget operations on the Nexus 5000 which has FEX which is not coming online
|
|
Last Modified: | 25-FEB-2016 |
|
Known Affected Releases: | 4.2(1) |
|
Known Fixed Releases: | 5.0(2)N1(1) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCur27098 | Title: | With inside NAT on L3 intf, dynamic NAT not working after switch reload |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom: Inside NAT configured on L3 sub interface.
Conditions: After reload or on clearing the existing nat translations, nat translations are not learned. Due to this traffic matching the ACL in nat drops completely.
Workaround: Remove and add the configurations on l3 interface. On doing this nat translations are learnt and traffic forwarding works as expected.
Further Problem Description:
|
|
Last Modified: | 25-FEB-2016 |
|
Known Affected Releases: | 7.1(0)N1(0.357), 7.3(0)N1(0.231) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCur05017 | Title: | N5K/N6K evaluation for CVE-2014-6271 and CVE-2014-7169 |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom: Symptoms: The N5k/N6K product family includes a version of bash that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2014-6271 CVE-2014-7169
This bug has been opened to address the potential impact on this product.
All current versions of NX-OS on this platform are affected unless otherwise stated.. This bug will be updated with detailed affected and fixed software versions once fixed software is available. Exposure is not configuration dependent. Authentication is required to exploit this vulnerability.
Conditions: Conditions:
Telnet, SSH, HTTP (feature http-server) are attack vectors.
A user must first successfully log in and authenticate via SSH to trigger this vulnerability. Exposure is not configuration dependant.
Workaround: Workaround: Not available.
More Info:
Further Problem Description: PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.5/7.5:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:C
The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
|
|
Last Modified: | 24-FEB-2016 |
|
Known Affected Releases: | 5.2(1)N1(8a), 6.0(2)N2(5), 7.0(3)N1(0.1), 7.0(3)N1(0.125), 7.0(4)N1(1), 7.1(0)N1(0.349) |
|
Known Fixed Releases: * | 5.2(1)N1(8.142), 5.2(1)N1(8b), 6.0(2)N2(4.3), 6.0(2)N2(4.5), 6.0(2)N2(5.105), 6.0(2)N2(5a), 6.0(2)N2(6), 7.0(1)ZN(0.615), 7.0(1)ZN(0.623), 7.0(5)N1(0.173) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCui24150 | Title: | Nexus 5K device is returning 768 value for dot1dTpFdbStatus MIB variable |
|
Status: | Terminated |
|
Severity: | 2 Severe |
Description: | Nexus 5020 device is returning end host connected port status value 768 for most of the MAC addresses.
Symptom: The dot1dTpFdbStatus MIB variable is returning 768, but device should return the value between 1 and 5.
Conditions: Nexus 5020 device's image version 5.2(1)N1(4), this device is returning end host connected port status value 768 for some MAC addresses.
Workaround: the Nexus 5500 was returning 768 as learn type for random MAC addresses. Upon further looking around, the switch was non disruptively ISSUed from 5.1(3)N2(1) to 5.2(1)N1(4). any MAC learnt prior to ISSU are returning 768. To cleared MAC address table for few VLANs and the switch stopped returning 768 for the MACs newly learnt. To cleared MAC address table for all VLANs and did not notice any more 768 being returned.
Further Problem Description: We noticed that the Nexus 5500 was returning 768 as learn type for random MAC addresses. Upon further looking around, I noticed that the switch was non disruptively ISSUed from 5.1(3)N2(1) to 5.2(1)N1(4). My suspicion is that any MAC learnt prior to ISSU are returning 768. As a test we cleared MAC address table for few VLANs and the switch stopped returning 768 for the MACs newly learnt. We cleared MAC address table for all VLANs and did not notice any more 768 being returned.
|
|
Last Modified: | 24-FEB-2016 |
|
Known Affected Releases: | 5.2(1)N1(0.4) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCur11599 | Title: | Nexus 5k/6k - Memory leak in pfstat process causing hap reset |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Polling SVI If-Index to collect packet statistics via SNMP. Or, using CLI "show interface [vlan #] counter [detail]"
The above results in memory leak in pfstat process. Once process runs out of its designated memory space, leads to crash/hap reset.
Symptom: Memory leak in pfstat process results in HAP reset. Reason: Reset triggered due to HA policy of Reset Service: pfstat hap reset
Conditions: Polling SVI If-Index to collect packet statistics via SNMP. Or, using CLI "show interface [vlan #] counter [detail]"
The above results in memory leak in pfstat process. Once process runs out of its designated memory space, leads to crash/hap reset.
Switch should be operating in L2 mode (no L3 license) to hit the issue.
Workaround: Excluding SVI if_indexes from SNMP polling for interface statistics collection. Avoiding running "show interface counter" globally or for SVI.
The ifindex OID is 1.3.6.1.2.1.2.2.1.1. So excluding this OID should prevent the issue (although it has not yet been confirmed).
Further Problem Description:
|
|
Last Modified: | 24-FEB-2016 |
|
Known Affected Releases: | 6.0(2)N2(6), 7.0(3)N1(0.125) |
|
Known Fixed Releases: * | 7.0(1)ZN(0.684), 7.0(6)N1(0.194), 7.0(6)N1(1), 7.1(0)EVN(0.18), 7.1(0)N1(0.372), 7.1(0)N1(1), 7.1(0)ZN(0.445), 7.1(1)N1(1), 7.1(2)N1(0.2), 7.1(2)N1(1) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuy36556 | Title: | Evaluation of nexus-5000-all for glibc_feb_2016 |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptoms: This product may include a version of glibc that is affected by the vulnerability identified by one or more of the following Common Vulnerability and Exposures (CVE) IDs:
CVE-2015-7547
This bug has been raised to investigate the impact to this product.
Conditions:
It was concluded this product is not affected by these vulnerabilities.
Workaround:
N/A
Further Problem Description:
Additional details about those vulnerabilities can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are: 10.0/9.5
http://tools.cisco.com/security/center/cvssCalculator.x?version=2&vector=AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:U/RC:C
The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html |
|
Last Modified: | 23-FEB-2016 |
|
Known Affected Releases: | 8.3(0)CV(0.335) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCur14826 | Title: | WRL 5: GNU Bourne Shell "Shellshock" Vulnerability for kernel migration |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom: The following Cisco products with NXOS: N7K include a version of Bash that may be affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:
CVE-2014-6271 CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187
Conditions: Not applicable
Workaround: Not applicable
Further Problem Description: Additional details about those vulnerabilities can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation: The Cisco PSIRT has evaluated those issues and they do not meet the criteria for PSIRT ownership or involvement. Those issues will be addressed via normal resolution channels.
If you believe that there is new information that would cause a change in the severity of those issues, please contact psirt@cisco.com for another evaluation.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
|
|
Last Modified: | 23-FEB-2016 |
|
Known Affected Releases: | 0.1 |
|
Known Fixed Releases: * | 7.0(0)FFW(0.11), 7.0(0)HSK(0.509), 7.0(0)KM(0.87), 7.3(0)DX(0.4), 7.3(0)EG(0.14) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw45315 | Title: | statsclient hap reset seen on stand alone norcal device. |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom: Switch got reloaded due to Statclient hap reset
Conditions: statsclient got hanged during storm supression stats collection which is done periodically
Workaround: None
Further Problem Description: Stats client periodically collects storm supression stats. This involves blocking IOCTL call. In one of the scenario, statsclient is blocked for response from driver but not received the response. As a results, it got hanged and later switch went for reload.
|
|
Last Modified: | 19-FEB-2016 |
|
Known Affected Releases: | 7.2(1)N1(0.313), 7.3(0)N1(0.144) |
|
Known Fixed Releases: | 7.1(3)ZN(0.140), 7.1(4)N1(0.704), 7.1(4)N1(1), 7.2(2)N1(0.359), 7.2(2)N1(1), 7.2(2)ZN(0.43), 7.3(0)IZN(0.13), 7.3(0)N1(0.196), 7.3(0)N1(1), 7.3(0)ZN(0.179) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw73492 | Title: | N5K crash due to Service: stp hap reset |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: * | Symptom: crash when performing non-distruptive ISSU from 6.0(2)N2(3) to 7.0(7)N1(1)
Loading plugin 1: eth_plugin... ln: creating symbolic link `/lib/libcrypto.so.4': File exists ln: creating symbolic link `/lib/libssl.so.4': File exists ethernet switching mode
INIT: Entering runlevel: 3
touch: cannot touch `/var/lock/subsys/n /isan/bin/muxif_config: fex vlan id: -f,4042 Set name-type for VLAN subsystem. Should be visible in /proc/net/vlan/config Added VLAN with VID == 4042 to IF -:muxif:- 2015 Oct 6 15:40:38 dc3-nx5500-1 %$ VDC-1 %$ %USER-2-SYSTEM_MSG: CLIS: loading cmd files begin - clis
[ 104.511925] Shutdown Ports.. [ 104.546432] writing reset reason 16, stp hap reset
Conditions: The crash was observed on Nexus 5596 when performing non-distruptive ISSU from 6.0(2)N2(3) to 7.0(7)N1(1)
Workaround: n/a
Further Problem Description:
|
|
Last Modified: | 04-FEB-2016 |
|
Known Affected Releases: | 7.0(7)N1(1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuc62084 | Title: | CSCuc62084 Sh accounting log / show log output is missing initial |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom: show accounting log start-time time is not giving the proper output. Initial logs are not present in the show output.
Conditions: Time Zone or Summer Time is configured on the switch.
Workaround: None
Further Problem Description:
|
|
Last Modified: | 12-FEB-2016 |
|
Known Affected Releases: | 5.1(3)N1(1) |
|
Known Fixed Releases: * | 5.2(1)N1(5), 6.0(2)N2(1), 6.3(0.140)S0, 7.0(1)ZN(0.695), 7.0(6)N1(1), 7.1(3)ZN(0.188), 7.1(4)N1(0.735), 7.1(4)N1(1), 7.2(2)N1(0.391), 7.2(2)N1(1) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuw64344 | Title: | Pre-provisioning not working for FC fex ports |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom: Port type conversion cli is giving error which trying to pre provision N2348UPQ fex
Conditions: N2348UPQ FEX pre provision with FC port type
Workaround: No workaround, Pre provision is not supported for FC ports in N2348UPQ
Further Problem Description:
|
|
Last Modified: | 12-FEB-2016 |
|
Known Affected Releases: | 7.3(0)N1(0.160), 7.3(0)N1(0.161) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuq96601 | Title: | PPM should block 'copy r s' if auto-config is going on in the background |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom: Missing/partial config CLIs after "copy r s" followed by reload
Conditions: When a "copy r s" is issued while auto-configuraton operation is in progress in the background, this can cause partial configuration CLIs to be saved in the startup config. As a result, reloading the box after such event could end up with partial/missing configuration CLIs.
Once incomplete configurations are saved and the switch reboots, there will be unexpected behaviors. One of the issues will be that the "clear fabric database host" command does not work for the profiles that have incomplete configuration and fresh auto-config for that profile will not occur. The simplest recovery seems to be doing a 'wr erase' and reboot.
Workaround: write erase and reload
Further Problem Description:
|
|
Last Modified: | 01-MAR-2016 |
|
Known Affected Releases: | 7.1(0)N1(0.343), 7.2(0)N1(0.144) |
|
Known Fixed Releases: * | 7.1(3)N1(0.620), 7.1(3)N1(1), 7.1(3)ZD(0.13), 7.1(3)ZN(0.27), 7.2(1)D1(0.37), 7.2(1)D1(0.40), 7.2(1)D1(1), 7.2(1)N1(0.270), 7.2(1)N1(0.271), 7.2(1)N1(0.274) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw53377 | Title: | Nexus5672 WCCP process crash |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom: WCCP process crash when wccp appliance disconnected and core generated
Conditions: when wccp appliance disconnected/ reconnected
Workaround: none
Further Problem Description:
|
|
Last Modified: | 29-FEB-2016 |
|
Known Affected Releases: | 7.1(0)N1(1) |
|
Known Fixed Releases: * | 7.0(7)N1(0.307), 7.0(7)ZN(0.266), 7.0(8)N1(1), 7.1(3)ZN(0.115), 7.1(4)N1(0.689), 7.1(4)N1(1), 7.2(2)N1(0.339), 7.2(2)N1(1), 7.2(2)ZN(0.22), 7.3(0)IZN(0.13) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv68534 | Title: | WCCP crashing in the steady state w/o any user induced trigger |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom: WCCP with multiple clients crashing WCCP in nexus
Conditions: WCCP running with multiple clients crashing if left for long time
Workaround: No workaround
Further Problem Description: Due to Wave server not updating the correct receive id, wccp session was flapping.
Here_I_Am packet from 10.10.10.2 w/bad recive_id 0x0. Expected 0x94
FSM states are save for future recovery.
|
|
Last Modified: | 29-FEB-2016 |
|
Known Affected Releases: | 7.2(0)N1(0.97) |
|
Known Fixed Releases: * | 7.0(7)N1(0.306), 7.0(7)ZN(0.266), 7.0(8)N1(1), 7.1(3)N1(0.642), 7.1(3)N1(1), 7.1(3)ZN(0.50), 7.2(2)N1(0.356), 7.2(2)N1(1), 7.2(2)ZN(0.40), 7.3(0)N1(0.130) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut21777 | Title: | DHCP Packets flooded to VPC peer with DHCP snooping configuration |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom: Nexus 56128P in VPC enabled for DHCP snooping would loop the DHCP packets to VPC peer causing mac-flap on down-stream switches and connectivity issue.
Conditions: 1) VPC 2) Peer-switch 3) DHCP Snooping
Workaround: Disable DHCP snooping
Further Problem Description:
|
|
Last Modified: | 01-FEB-2016 |
|
Known Affected Releases: | 7.0(1)N1(1), 7.0(4)N1(1) |
|
Known Fixed Releases: | 7.0(7)N1(1), 7.0(7)ZN(0.108), 7.1(1)ZN(0.105), 7.1(2)N1(0.527), 7.1(2)N1(1), 7.2(1)N1(0.246), 7.2(1)N1(1), 7.2(1)ZN(0.12), 7.3(0)N1(1) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy21588 | Title: | N5K npv mode doesn't send flogi upstream |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: * | Symptom: The NP port connected to the F port of the NPIV switch will show stuck initializing and there will be no input/output frames showing for the interface:
show interface fc 2/1
fc2/1 is down (Initializing) Port description is test Hardware is Fibre Channel, SFP is short wave laser w/o OFC (SN) Port WWN is 00:00:00:00:00:00:00:00 Admin port mode is NP, trunk mode is on snmp link state traps are enabled Port vsan is 1 Receive data field Size is 2112 Beacon is turned off 1 minute input rate 0 bits/sec, 0 bytes/sec, 0 frames/sec 1 minute output rate 0 bits/sec, 0 bytes/sec, 0 frames/sec 0 frames input, 0 bytes 0 discards, 0 errors 0 CRC, 0 unknown class 0 too long, 0 too short 0 frames output, 0 bytes 0 discards, 0 errors
Port will eventually show error disabled due to the flogi never being sent:
show interface fc 2/1 fc2/1 is down (Error disabled) Port description is test ...snip
Conditions: A NP mode link on a Nexus 5500 running NX-OS 7.x in NPV mode connected to a upstream NPIV device F port.
Workaround: Only workaround right now is to reload the switch.
Further Problem Description: Ethanalyzer shows flogi generated by the Nexus 5000, but the flogi is lost on it's way to fc2 show fc2 internal event-history.
Resolution Summary: To be completed once bug is resolved.
|
|
Last Modified: | 17-FEB-2016 |
|
Known Affected Releases: | 7.0(5)N1(1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy06974 | Title: * | snmpd hap reset after modifying the trap host configuration |
|
Status: | Other |
|
Severity: | 3 Moderate |
Description: * | Symptom:Nexus crashed after the snmp-server configuration changes:
Nexus(config)# snmp-server host 10.208.0.123 use-vrf management No such SNMP Target configured.
Nexus(config)# snmp-server host 10.208.0.123 use-vrf management udp-port ? <0-65535> The notification host's UDP port number
Nexus(config)# snmp-server host 10.208.0.123 use-vrf management udp-port 2162 No such SNMP Target configured.
Nexus(config)# snmp-server host 10.208.0.123 use-vrf management udp-port 2162 Please check if command was successful using appropriate show commands
Nexus(config)# Broadcast message from root (console) (Wed Jan 27 11:09:10 2016):
The system is going down for reboot NOW!
Conditions:Before the crash the switch has been added to DCNM and the trap host IP address has been added to the trap destination host list for the switch.
Subsequently, adding the below config for the respective trap host IP address triggers a crash:
snmp-server host use-vrf management udp-port <>
Workaround:None
More Info:This issue is fixed in 7.3(0)N1(1) and 7.3(0)D1(1) onwards.
|
|
Last Modified: | 01-MAR-2016 |
|
Known Affected Releases: | 7.0(5)N1(1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtt43092 | Title: | port crash due to mem leak with mismatching FCMAP on VF-VE link |
|
Status: * | Terminated |
|
Severity: | 3 Moderate |
Description: * | Symptom: Crash in port_mgr with SYSMGR_DEATH_REASON_FAILURE_SIGNAL
Conditions: The memory leak happens when there is mismatch in FCMAP between uplink switch and NPV switch.
Workaround: This is caused by a missconfiguration whenever there is a mismatching configuration in FCMAP between core and NPV switch.
Further Problem Description:
|
|
Last Modified: | 17-FEB-2016 |
|
Known Affected Releases: | 5.0(3)N1(1c), 5.1(3)N1(0.341) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCup77720 | Title: | cts manual command not allowed with fex pre provisioning |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom: cts manual command can not be pre provisioned for fex interfaces in a active/active Nexus 5k Nexus 2k environment.
Conditions: when you try to install another or replace another switch in a N55K with active / active fex attachement the switch will not accept cts manual command for preprovisioning the fex interfaces
Workaround: None
Further Problem Description:
|
|
Last Modified: | 24-FEB-2016 |
|
Known Affected Releases: | 6.0(2)N2(4) |
|
Known Fixed Releases: * | 6.0(2)N2(5.101), 6.0(2)N2(6), 7.0(1)ZN(0.681), 7.0(6)N1(0.192), 7.0(6)N1(1), 7.1(0)EVN(0.18), 7.1(0)N1(0.372), 7.1(0)N1(1), 7.1(0)ZN(0.446), 7.1(1)N1(1) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuq04309 | Title: | nexus snmpd crash after mts queue full |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom: snmpd service crash
Conditions: The crash was observed when MTS Queue became full.
Workaround: The only workaround to avoid this crash is to stop the snmp polling done against the switch.
Further Problem Description:
|
|
Last Modified: | 18-FEB-2016 |
|
Known Affected Releases: | 6.0(2)N2(3) |
|
Known Fixed Releases: * | 6.0(2)A6(5.232), 6.0(2)A6(6), 6.0(2)U6(6.232), 6.0(2)U6(7), 7.0(1)ZN(0.695), 7.0(6)N1(1), 7.1(0)EVN(0.18), 7.1(1)N1(0.495), 7.1(1)N1(1), 7.1(1)ZN(0.48) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuq00984 | Title: | Place holder for SNMP changes in N7K bug CSCug60602 |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom: Not all bridge ports are instantiated in the following tables in CISCO-STP-EXTENSIONS-MIB: stpxSMSTPortTable stpxRootGuardConfigTable stpxLoopGuardConfigTable
Conditions:
Workaround:
Further Problem Description:
|
|
Last Modified: | 09-FEB-2016 |
|
Known Affected Releases: | 7.2(0)EV(0.5) |
|
Known Fixed Releases: * | 7.3(1)N1(0.24), 7.3(1)N1(1) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCua78843 | Title: | SFP validation issue with switchport mode fex-fabric |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom: In a Nexus 5000/5500, adding configuration switchport mode fex-fabric to an interface which has speed 1000 configured, removes the speed configuration causing a user to believe the interface is configured for default 10G. Adding a 10Gig optics causes SFP Validation failed status. 5596-A.cisco.com# sh run int ethernet 1/17
!Command: show running-config interface Ethernet1/17 !Time: Mon Jul 2 09:39:22 2012
version 5.2(1)N1(1)
interface Ethernet1/17 switchport mode fex-fabric
5596-A.cisco.com# sh int ethernet 1/17 brief
-------------------------------------------------------------------------------- Ethernet VLAN Type Mode Status Reason Speed Port Interface Ch # -------------------------------------------------------------------------------- Eth1/17 1 eth fabric down SFP validation failed 1000(D) -- <<<---- 5596-A.cisco.com# sh int ethernet 1/17 Ethernet1/17 is down (SFP validation failed)
Conditions: Adding switchport mode fex-fabric to an interface which has speed 1000 configured.
Workaround: Remove switchport mode fex-fabric and do a no speed 1000
Further Problem Description:
|
|
Last Modified: | 19-FEB-2016 |
|
Known Affected Releases: | 5.1(3)N2(1a) |
|
Known Fixed Releases: * | 7.1(3)ZN(0.111), 7.1(4)N1(0.689), 7.1(4)N1(1), 7.2(2)N1(0.338), 7.2(2)N1(1), 7.2(2)ZN(0.21), 7.3(0)N1(0.135), 7.3(0)N1(1), 7.3(0)ZN(0.124) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCue57527 | Title: | Function fcpc_lcp_get_port_info_hdlr: Error: 0x40290004 ... TLV: 96 |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom: show platform software fcpc event-history errors shows many of the following error messages:
1) Event:E_DEBUG, length:90, at 567534 usecs after Tue Feb 12 18:06:24 2013
[102] Function fcpc_lcp_get_port_info_hdlr: Error: 0x40290004 if-index: 0x102e000 TLV: 96
Conditions: Occurs on all Nexus 5000 switches doing Fiber Channel
Workaround: None.
Further Problem Description: Unknown impact on the switch. If request for port information originated via SNMP then some of the information may not be returned.
|
|
Last Modified: | 25-FEB-2016 |
|
Known Affected Releases: | 5.2(1)N1(3) |
|
Known Fixed Releases: * | 7.1(3)ZN(0.201), 7.1(4)N1(0.744), 7.1(4)N1(1), 7.2(2)N1(0.399), 7.2(2)N1(1), 7.2(2)ZN(0.80) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCum62759 | Title: | CTS: N5K ignores CTS timers from ISE |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom: The Nexus does not refresh policies periodically. It should comply with the 'Download SGACL lists' and "Download Environment Data" timers sent from ACS or ISE
Conditions: Occurs when CTS policies have been downloaded to the Nexus. Default 'Download SGACL lists' timer in ACS or ISE is 1 day or 86400 seconds.
Workaround: None
Further Problem Description:
|
|
Last Modified: | 19-FEB-2016 |
|
Known Affected Releases: | 6.0(2)N2(2) |
|
Known Fixed Releases: * | 7.1(3)N1(0.628), 7.1(3)N1(1), 7.1(3)ZN(0.35), 7.2(2)N1(0.5), 7.2(2)N1(1), 7.3(0)BZN(0.41), 7.3(0)N1(1), 7.3(0)ZN(0.79) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuy36205 | Title: | Link between Nexus 5000 and Oracle Acme4600 doesn't go up. |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom: Link between Nexus 5000 and Oracle Acme4600 doesn't go up.
Conditions: This happens when Nexus 5000 is connected to Oracle Acme4600 with optic SFP.
Workaround: N/A
Further Problem Description:
|
|
Last Modified: | 19-FEB-2016 |
|
Known Affected Releases: | 7.0(6)N1(1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut91877 | Title: * | Multiple 2300 FEX report FAN Failure reports intermittently |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom: Multiple FEX FAN minor alarm at different times. This is seen/applicable for 23xx series FEX's: %SATCTRL-FEXxxx-2-SOHMS_DIAG_ERROR: FEX-xxx System minor alarm on fans in fan tray 1 %SATCTRL-FEXxxx-2-SOHMS_DIAG_ERROR: FEX-xxx Recovered: System minor alarm on fans in fan tray 1
%SATCTRL-FEXyyy-2-SOHMS_DIAG_ERROR: FEX-yyy System minor alarm on fans in fan tray 1 %SATCTRL-FEXyyy-2-SOHMS_DIAG_ERROR: FEX-yyy Recovered: System minor alarm on fans in fan tray 1
Conditions: Based on wrong sensor values comparison for 2300 FEX's
Workaround: None. Fix is through software upgrade.
Further Problem Description:
|
|
Last Modified: | 20-FEB-2016 |
|
Known Affected Releases: | 7.1(0)N1(1), 7.2(0)N1(1) |
|
Known Fixed Releases: | 7.1(3)N1(0.645), 7.1(3)N1(1), 7.1(3)ZN(0.53), 7.2(2)N1(0.5), 7.2(2)N1(1), 7.3(0)IZN(0.7), 7.3(0)N1(0.181), 7.3(0)N1(1), 7.3(0)ZN(0.163) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCug39029 | Title: | Igmp report floods back to same hif port on which it was received |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom: Mrouter port on FEX Is not supported . When you have multiple mrouter port on the same fex in same vlan , if the host sends igmp report , then we would flood the igmp on the same interface where it was received .Issue can be observed even if you have mrouter port across diff fex in same vlan (as the packets are flood to vlan) .
Conditions: Multiple mrouter port on the same fex
Workaround: Disable IGMP snooping is the only workaround.
Starting NX-OS 5.2(1)N1(5), IGMP general queries received on FEX interfaces would be dropped preventing from FEX interface becoming an mrouter port.
|
|
Last Modified: | 22-FEB-2016 |
|
Known Affected Releases: | 5.1(3)N2(1a) |
|
Known Fixed Releases: | 5.2(1)N1(5), 6.0(2)N2(1), 7.2(0)ZN(0.111) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtk01388 | Title: | syslog When deleting a switch-profile on carmel "LIBSYSMGR-3-HEARTBEAT_F |
|
Status: | Terminated |
|
Severity: | 3 Moderate |
Description: * | Symptom: The following error may be observed when a switch-profile is removed from the configuration of a Nexus 5000 Series Switch:
VDC-1 %$ %LIBSYSMGR-3-HEARTBEAT_FAILED: Unable to send heartbeat to System Manager for service "ascii-cfg" (PID 5977): Bad file descriptor (9).
Conditions: Nexus 5000 using config sync.
Workaround: None. This issue is cosmetic and the configuration is successfully removed.
Further Problem Description:
|
|
Last Modified: | 25-FEB-2016 |
|
Known Affected Releases: | 5.0(2)N2(1), 5.0(3)N2(0.156) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCua39096 | Title: | TACACS+ missing header length check |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptoms: Cisco Nexus devices contain a vulnerability within the TACACS subsystem that could allow an unauthenticated, remote attack to crash the TACACS process. This could result in an unexpected process restart.
The vulnerability exists due to a failure to properly limit the maximum message size that will be allocated for a TACACS message. An attacker that could place themselves between an affected device and the AAA server, and knows the MD5 authentication token, could respond to a AAA request from an affected device with a malicious packet. When processed the affected device may try to allocate a buffer that is larger than the available memory resulting in a core of the process.
Conditions: Cisco Nexus devices running an affected version of NX-OS software and configured to preform TACACS authentication.
Workaround: None.
Further Problem Description: The TACACS process will be restarted by the device, but may result in a temporary denial of service condition.
PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4.3/3.6: http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:M/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C&version=2.0
CVE ID CVE-2012-4137 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html |
|
Last Modified: | 11-FEB-2016 |
|
Known Affected Releases: | 5.1(3)N1(1a) |
|
Known Fixed Releases: * | 5.2(1)N1(8.153), 5.2(1)N1(9), 6.0(2)N2(6.124), 6.0(2)N2(7), 7.0(1)ZN(0.699), 7.0(6)N1(0.207), 7.0(6)N1(1), 7.1(3)ZN(0.187), 7.1(4)N1(0.734), 7.1(4)N1(1) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy27585 | Title: | N5K: Incorrect startup for allowed vlans in port-profile type ethernet |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom: After a non-disruptive ISSU newly added vlans on the allowed vlan list of a port-profile are not saved in startup
Example: port-profile type ethernet Test switchport trunk allowed vlan add 237
show run port-profile: port-profile type ethernet Test switchport trunk allowed vlan 237, 700-763, 769, 804 state enabled
show startup port-profile: port-profile type ethernet Test switchport trunk allowed vlan 700-763, 769, 804 state enabled
Conditions: Seen after a non-disruptive issue to 7.0(7)N1(1)
Workaround: As a temporary fix an alias can be used. cli alias name wr copy run bootflash:startup ; copy bootflash:startup startup
To recover from this problem state: 1. copy run bootflash:startup 2. copy bootflash:startup startup 3. Reload the switch
After the reload the allowed vlan-list is correctly updated in startup.
Further Problem Description:
|
|
Last Modified: | 23-FEB-2016 |
|
Known Affected Releases: * | 6.0(2)N1(2), 7.0(6)N1(1), 7.0(7)N1(1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuq86047 | Title: | Nexus5k ipForward Object not giving correct results for snmpwalk |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom: Nexus5k ipForward Object not giving correct results for snmpwalk
Example
Server@User1:~> snmpwalk -v 2c -c test1 1.3.6.1.2.1.4.24 IP-MIB::ip.24.6.0 = Gauge32: 67108864 IP-MIB::ip.24.8.0 = Counter32: 0
Conditions: The issue is seen with IOS 5.1.3.N2.1c The defect is still under investigation.
Workaround:
Further Problem Description:
|
|
Last Modified: | 15-FEB-2016 |
|
Known Affected Releases: | 5.1(3)N2(1c) |
|
Known Fixed Releases: * | 7.0(7)ZN(0.280), 7.0(8)N1(1), 7.1(1)N1(0.495), 7.1(1)N1(1), 7.1(1)ZN(0.48), 7.2(0)N1(0.162), 7.2(0)N1(1), 7.2(1)N1(0.239), 7.2(1)N1(1), 7.2(1)ZN(0.5) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuy27650 | Title: | N5K kernel panic seen with e1000_get_hw_semaphore_generic |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom: N5K will experience a kernel panic due to a CPU lockup.
%KERN-0-SYSTEM_MSG: [8348809.761281] BUG: soft lockup - CPU#2 stuck for 11s! [events/2:29] - kernel
The call trace will show that this is related to the e1000 drivers
Conditions: Unknown at this time
Workaround: None at this time
Further Problem Description: |
|
Last Modified: | 12-FEB-2016 |
|
Known Affected Releases: | 7.0(7)N1(1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux98910 | Title: | Descriptions on FEX port corrupt when FEX become online |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom: Descriptions on FEX port corrupt when FEX become online
## When FEX offline
interface Ethernet100/1/1 description % ABCDEFGHIJ % switchport access vlan 1111 spanning-tree port type edge
## After FEX become online
interface Ethernet100/1/1 description 0X1.F16E4080A2F15P-890BCDEFGHIJ % switchport access vlan 1111 spanning-tree port type edge
Conditions:
Workaround: Not using "%" in description
Further Problem Description:
|
|
Last Modified: | 12-FEB-2016 |
|
Known Affected Releases: | 7.2(0)N1(1) |
|
Known Fixed Releases: * | 7.2(2)N1(0.391), 7.2(2)N1(1), 7.2(2)ZN(0.73), 7.3(1)N1(0.29), 7.3(1)N1(1) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCux53351 | Title: | Kokomo: VPC goes down when there is mis-match of PO member links |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom: MCT link goes down (VPC down)
Conditions: When there is a mis-match of the member links in the PO of the MCT, the MCT is up and working fine. But, once we do shut/no shut of the MCT-PO, the PO still remains up but VPC goes down
Workaround: Remove extra member ports from PO.
Further Problem Description:
|
|
Last Modified: | 12-FEB-2016 |
|
Known Affected Releases: | 7.3(0)N1(0.231) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCur09549 | Title: | Config sync rollback failure for failed port-channel member |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom: The commands are executed and not rollback'ed on failure
Conditions: When configuring interface ethernet/fexes in wrong order, we will get following error
command failed: port not compatible [Duplex Mode]
E.g of such order is as follow:
P3-SP6-96P(config-sync-sp)# show switch-profile buffer
switch-profile : asw ---------------------------------------------------------- Seq-no Command ---------------------------------------------------------- 1 interface Ethernet5/1/2 1.1 switchport mode trunk 1.2 speed 1000 1.3 duplex full 1.4 channel-group 25 <<<<<< This command will result in faulure
But first 3 commands are executed
P3-SP6-96P(config-sync-sp)# sh run int eth5/1/2
!Command: show running-config interface Ethernet5/1/2 !Time: Tue Sep 30 21:34:16 2014
version 7.1(0)N1(1)
interface Ethernet5/1/2 switchport mode trunk speed 1000 duplex full
Workaround: When you have the above failure, follow the below steps:
If "copy r s" and reload is done: ======================================================================================= All Step needs to be done individually on both the vPC switches otherwise the import will FAIL 1) If sync-peer, remove 'sync-peers destination' 1.1) commit 2) import interface configurations into switch-profile 2.1) commit 3) If originally sync-peer were there, then add 'sync-peers' back 3.1) commit
If reload is not done: ======================================================================================= 1) buffer-delete all 2) commit 3) switch-profile 1) interface ethernet 5/1/2 <<<<<<<<< remove all the commands before the failure command in this case we have "switchport mode trunk", "speed", "duplex full" by doing 1.1) no switchport mode trunk 1.2) no speed 1000 1.3) no duplex 4) commit
======================================================================================= ======================================================================================= =======================================================================================
To avoid the situation completely: 1. In the config sync mode, add the speed and duplex clis first to portchannel and commit 2. Add speed, duplex to interface and then make it part of port-channel and commit. This will help get the config in place. For eg. config sync switch-profile aws int po25 switchport mode trunk speed 1000 duplex full no shut commit switch-profile aws int eth1/5/1 switchport mode trunk speed 1000 duplex full no shut channel-group 25 commit sh run int eth1/5/1
Further Problem Description: On failure config-sync is going into wrong state and hence rollback is not happening correctly
|
|
Last Modified: | 24-FEB-2016 |
|
Known Affected Releases: | 7.0(2)N1(1), 7.0(4)N1(1) |
|
Known Fixed Releases: * | 7.0(1)ZN(0.639), 7.1(0)N1(0.376), 7.1(0)N1(1), 7.1(0)ZN(0.450), 7.1(1)N1(1), 7.2(0)N1(0.2), 7.2(0)N1(1) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun57790 | Title: | Nexus 5000: Kernel panic in SNMPd process at skb_queue_tail |
|
Status: | Other |
|
Severity: | 3 Moderate |
Description: * | Symptom: A Nexus 5000 switch may reboot unexpectedly. Last reset reason is seen as "Kernel Panic":
N5K# show system reset-reason
----- reset reason for Supervisor-module 1 (from Supervisor in slot 1) --- 1) At 991080 usecs after Sat Mar 1 00:16:54 2014 Reason: Kernel Panic Service: Version: 6.0(2)N2(1)
The output of 'show logging onboard stack-trace' indicates that the crash occurred in the SNMPd process at the function skb_queue_tail.
Conditions: This has been observed on NX-OS 6.0(2)N2(1). Exact conditions and trigger are unknown.
Workaround: None known at this time.
Further Problem Description:
|
|
Last Modified: | 24-FEB-2016 |
|
Known Affected Releases: | 6.0(2)N2(1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuy36894 | Title: | N5K - FCoE VLAN request not answered after disruptive upgrade |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom: After disruptive upgrade to 7.2(1)N1(1), hosts connected via HP B22 FEX are not logging into the switch. VFC is stuck initializing and state is waiting for FLOGI.
Conditions: Hosts connected via HP B22 FEX and connected to Nexus 5500 switch via a VPC. There is one ethernet interface in the VPC port-channel and the VFC is bound to this ethernet interface. Nex
FEX 102 fcoe
interface port-channel301 description **HP-Blade-1** switchport mode trunk switchport trunk allowed vlan 1,998 spanning-tree port type edge trunk vpc 301
interface ethernet 102/1/1 switchport mode trunk switchport trunk allowed vlan 1,998 channel-group 301
interface vfc201 bind interface Ethernet102/1/1 switchport trunk allowed vsan 998 switchport description **HP Blade 1, VHBA2** no shutdown
Workaround: Unbind the VFC from the ethernet interface and bind it to the port-channel. interface vfc201 bind interface port-channel 301 switchport trunk allowed vsan 998 switchport description **HP Blade 1, VHBA2** no shutdown
Further Problem Description:
|
|
Last Modified: | 24-FEB-2016 |
|
Known Affected Releases: | 7.2(1)N1(1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut19721 | Title: | logging source-interface loopback does not work for ipv6 |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom: Configuring "logging source-interface loopback" for ipv6 loopback interface does not work. You would see the following error:
N6K-3(config)# logging source-interface loopback 60 Configuring logging source-interface will open UDP/syslog socket(514). Configuration Failed, no IP address associated with the loopback interface
interface loopback60 description IPV6 Management Loopback ipv6 address 2001:558:2a0::3/128
Conditions: ipv6 address is configured on the loopback
Workaround: none
Further Problem Description:
|
|
Last Modified: | 01-MAR-2016 |
|
Known Affected Releases: | 7.0(2)N1(1), 7.1(0)N1(1) |
|
Known Fixed Releases: * | 7.0(7)N1(1), 7.0(7)ZN(0.108), 7.1(2)N1(0.548), 7.1(2)N1(1), 7.1(2)ZN(0.7), 7.2(0)N1(1), 7.2(1)N1(0.21), 7.2(1)N1(1), 7.3(0)N1(1), 8.3(0)CV(0.337) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu85979 | Title: | Inconsistent value in series tag |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom: model number in series tag ... such as 'Nexus 5672UP Chassis '
Conditions:
Workaround:
Further Problem Description:
|
|
Last Modified: | 29-FEB-2016 |
|
Known Affected Releases: | 7.3(0)RAS(0.1) |
|
Known Fixed Releases: * | 7.3(0)D1(0.106), 7.3(0)D1(1), 7.3(0)FMD(0.9), 7.3(0)GLF(0.25), 7.3(0)N1(0.143), 7.3(0)N1(1), 7.3(0)OTT(0.55), 7.3(0)PDB(0.74), 7.3(0)RSP(0.7), 7.3(0)RTG(0.88) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy45505 | Title: | Broadcast DHCP ACK packet with giaddr 0 causes L2 DHCP ACK storm |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: * | Symptom: Customer can experience an L2 forwarding loop causing network congestion for DHCP server and possible outage.
Conditions: DHCP client responds with DHCP acknowledgement in broadcast form and giaddr set to zero. Nexus 5K will L2 forward DHCP packets where giaddr is set and relay packets where it is not.
Workaround: Remove DHCP relay from one of the N5K gateways switches.
Prevent hosts from sending these kind of DHCP ACK packets if possible.
Further Problem Description:
|
|
Last Modified: | 29-FEB-2016 |
|
Known Affected Releases: | 7.0(6)N1(1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut82544 | Title: | SNMP MIB entPhysicalVendorType does not send the correct value |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom: FC interfaces are reported as Ethernet on Device Manager and in snmpwalk using the entPhysicalVendorType.
Affected interfaces will return the following value in snmpwalk: SNMPv2-SMI::mib-2.47.1.1.1.1.3.4966 = OID: SNMPv2-SMI::enterprises.9.12.3.1.10.304
We should see: SNMPv2-SMI::mib-2.47.1.1.1.1.3.4966 = OID: SNMPv2-SMI::enterprises.9.12.3.1.10.131
CLI reports the correct interface type.
Conditions: Seen after upgrade to 7.1.0.N1.1a
Workaround: DCNM java client and DCNM web client reports the correct value so both can be used for managing the switches.
Further Problem Description:
|
|
Last Modified: | 23-FEB-2016 |
|
Known Affected Releases: | 7.0(5)N1(1), 7.1(0)N1(1) |
|
Known Fixed Releases: * | 7.1(3)N1(0.629), 7.1(3)N1(1), 7.1(3)ZN(0.199), 7.1(3)ZN(0.36), 7.1(4)N1(0.742), 7.1(4)N1(1), 7.2(1)N1(0.310), 7.2(1)N1(1), 7.2(1)ZN(0.73), 7.3(0)N1(1) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCug92414 | Title: | SVI can go down corresponding vlan active on FlexLink only |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom: SVI interface can go down when corresponding VLAN is active (forwarded by) on FlexLink only.
Conditions: This issue can happen only if you have FlexLinks and regular STP ports (trunk/access) which are allowing VLAN X. When last non-FlexLink port belonging to VLAN X goes down, SVI interfaces goes down as well. This happens despite on fact that FlexLink is active and VLAN X forwarded by it.
Workaround: In order to restore SVI state, you will need to shutdown/no shutdown it.
Further Problem Description:
|
|
Last Modified: | 29-FEB-2016 |
|
Known Affected Releases: | 5.1(3)N2(1), 5.2(1)N1(2) |
|
Known Fixed Releases: * | 7.3(0)D1(0.148), 7.3(0)D1(1), 7.3(0)GLF(0.43), 7.3(0)IB(0.122), 7.3(0)IZN(0.13), 7.3(0)N1(0.197), 7.3(0)N1(0.199), 7.3(0)N1(1), 7.3(0)PDB(0.112), 7.3(0)RSP(0.7) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui63827 | Title: | sh int fc <x/y> capabilities , shows fc <x/y> twice |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom: On running command "sh int fc capabilities" fc shows up twice
Conditions: Trying to verify the fc port capabilities
Workaround: none
Further Problem Description:
|
|
Last Modified: | 23-FEB-2016 |
|
Known Affected Releases: | 6.0(2)N1(2a) |
|
Known Fixed Releases: * | 7.2(2)N1(0.397), 7.2(2)N1(1), 7.3(1)N1(0.37), 7.3(1)N1(1) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuy44608 | Title: | N5K -Multiple Issues with "snmp-server source-interface informs" command |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom: Issue 1 : ******** "snmp-server source-interface traps" command isn't displayed either in running or in start-up when "snmp-server source-interface informs" is configured.
Issue 2 : ******** soure-interface is not listed under inform notification when "snmp-server source-interface informs mgmt0" is confgured
Issue 3 : ******** Informs notification doesnt points to right source interface
Conditions: "snmp-server source-interface informs" command is configured
Workaround: N/A
Further Problem Description:
|
|
Last Modified: | 24-FEB-2016 |
|
Known Affected Releases: | 7.2(1)N1(1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCus89917 | Title: | Ethanalyzer interprets packets as Malformed LLC |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom: Ethanalyzer capture on 'inbound-low' receives a large amount of packets interpreted as "Malformed LLC". There is no reported impact to these packets being shown in ethanalzyer.
N5600# ethanalyzer local interface inbound-low limit-cap 50000
Capturing on inband 2015-01-13 14:46:51.949252 00:00:00:00:00:00 -> 00:00:00:00:ff:83 LLC [Malformed Packet] 2015-01-13 14:46:51.949303 00:00:00:00:00:00 -> 00:00:00:00:ff:83 LLC [Malformed Packet]
Conditions: 5672UP chassis running 7.0(1)N1(1), could affect other codes/chassis on 5600
Workaround: None, no impact reported
Further Problem Description: None PSIRT Evaluation: The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels.
If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation.
Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 29-FEB-2016 |
|
Known Affected Releases: | 7.0(1)N1(1) |
|
Known Fixed Releases: * | 7.0(7)N1(1), 7.0(7)ZN(0.113), 7.1(2)N1(0.572), 7.1(2)N1(1), 7.1(2)ZN(0.31), 7.2(1)N1(0.242), 7.2(1)N1(1), 7.2(1)ZN(0.8), 7.3(0)IZN(0.7), 7.3(0)N1(0.158) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCux62683 | Title: | auto-config profile stuck in PPM del wait with reason Profile conflicts |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom: Auto-config profile stuck in PPM del wait with reason Profile conflicts.
Conditions:
Workaround:
Further Problem Description:
|
|
Last Modified: | 04-FEB-2016 |
|
Known Affected Releases: | 7.3(0)N1(0.231) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCux86505 | Title: | Suppress Kickstart/System Image Warning message when doing POAP |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom: When doing a POAP for Nexus switches (example here a Nexus 5600), then the following warning message is shown in the POAP log: 2015 Dec 21 13:51:26 switch %$ VDC-1 %$ %USER-1-SYSTEM_MSG: S/N[FOC1843R5J7] - INFO: result of boot kickstart Warning: Changing bootvariables and reloading is not recommended on this platform. Use install all command for NX-OS upgrades/downgrades. Performing image verification and compatibility check,please wait.... - script.sh
Conditions: When we do POAP and the POAP script sets boot variables.
Workaround: None. This is no impact due to this.
Further Problem Description: For Nexus switches (N5K/N6K), upgrade using the "install all" command is highly recommended. Therefore there is a warning message for this. But POAP always just change the boot variable and don't use the install command. When POAP script sets the boot variable, the following warning message is shown in the POAP log: 2015 Dec 21 13:51:26 switch %$ VDC-1 %$ %USER-1-SYSTEM_MSG: S/N[FOC1843R5J7] - INFO: result of boot kickstart Warning: Changing bootvariables and reloading is not recommended on this platform. Use install all command for NX-OS upgrades/downgrades. Performing image verification and compatibility check,please wait.... - script.sh
|
|
Last Modified: | 29-FEB-2016 |
|
Known Affected Releases: | 7.2(1)N1(1) |
|
Known Fixed Releases: | 7.1(3)ZD(0.93), 7.1(3)ZN(0.199), 7.1(4)N1(0.742), 7.1(4)N1(1) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy47241 | Title: | DOC: Nexus "Storm Control Unicast" |
|
Status: | Open |
|
Severity: | 4 Minor |
Description: * | Symptom: Command on Nexus 5k/7k "Storm Control Unicast" will be applied to ALL Unicast traffic.
Conditions: Nexus 5K/7K
Workaround:
Further Problem Description:
|
|
Last Modified: | 29-FEB-2016 |
|
Known Affected Releases: | 6.0(2)N2(6.146) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuc32461 | Title: * | Support "copy file to startup-config" for N5K/N6k |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: * | Symptom: Unable to copy file from bootflash/ftp to startup-config
Conditions: This has been seen in N5K running 5.0(2)N1(1)
Workaround: 'copy running-config' and then 'copy running-config startup-config
Further Problem Description: The issue is fixed in both Nexus 5000 and 6000 switches
|
|
Last Modified: | 23-FEB-2016 |
|
Known Affected Releases: | 5.0(2)N1(1) |
|
Known Fixed Releases: | 6.0(2)N1(1) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuw01048 | Title: | Enhancement: Add commands to show tech-support |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom: This is an enhancement request to add the commands ....
show tech-support fc show running-config ipqos all
...to ... show tech and show tech details
Conditions:
Workaround: Issue the commands separately.
Further Problem Description:
|
|
Last Modified: | 19-FEB-2016 |
|
Known Affected Releases: | 7.0(7)N1(0.9) |
|
Known Fixed Releases: | 7.3(0)IZN(0.7), 7.3(0)N1(0.167), 7.3(0)N1(1), 7.3(0)ZN(0.155) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCug90080 | Title: | Password with equal sign (=) is not allowed |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: * | Symptom: A pasword with equal sign (=) is not taken in the CLI
Conditions: With with "no password strength" the command is taken. With "password strenght" the password with (=) is not taken
Workaround: Use "no password strength" then configure "password strenght"
Further Problem Description:
|
|
Last Modified: | 18-FEB-2016 |
|
Known Affected Releases: | 5.1(3)N1(1a) |
|
Known Fixed Releases: * | 6.0(2)N3(0.73), 7.0(0)N1(0.73), 7.0(0)N1(1), 7.0(0)ZN(1.72), 7.1(0)ZN(0.183) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui09520 | Title: | If not trunking any VSANs, a vfc int should be Down or Initializing |
|
Status: | Terminated |
|
Severity: | 4 Minor |
Description: * | Symptom: A vfc interface is not trunking any VSANs, but the interface says it's trunking.
Conditions:
Workaround: None
Further Problem Description phx-b0828-n# sh int vfc 1104 vfc1104 is trunking Bound interface is Ethernet107/1/8 Port description is phx-s0715-d Hardware is Ethernet Port WWN is 24:4f:00:2a:6a:31:xx:xx Admin port mode is F, trunk mode is on snmp link state traps are enabled Port mode is TF Port vsan is 71 Trunk vsans (admin allowed and active) (71) Trunk vsans (up) () <------- no VSANs up Trunk vsans (isolated) () Trunk vsans (initializing) (71) 1 minute input rate 0 bits/sec, 0 bytes/sec, 0 frames/sec 1 minute output rate 0 bits/sec, 0 bytes/sec, 0 frames/sec 54039931 frames input, 85172253228 bytes 0 discards, 0 errors 28634768 frames output, 5303638116 bytes 0 discards, 0 errors last clearing of "show interface" counters never Interface last changed at Sat Jul 13 13:04:34 2013 frames output, 5303638116 bytes 0 discards, 0 errors last clearing of "show interface" counters never Interface last changed at Sat Jul 13 13:04:34 2013
Further Problem Description:
|
|
Last Modified: | 17-FEB-2016 |
|
Known Affected Releases: | 5.2(1)N1(4) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuy08558 | Title: | "feature VTP" incompatibility issue on fabric |
|
Status: | Terminated |
|
Severity: | 4 Minor |
Description: | The auto-config feature may not work as expected, after switch reboot.
Symptom: The VLAN information can't be NVGEN'ed with 'feature vtp' and after reboot, without VLAN config host profiles get into profile halt state and communication will get broken.
Conditions: Enabling 'feature vtp' on node running FP or EVPN fabric.
Workaround: To work-around this, enable manually for all the affected VLANs. vlan X vn-segment YYYY ! Then clear the profile , it will be re-learnt fine.
Further Problem Description: N/A
|
|
Last Modified: | 12-FEB-2016 |
|
Known Affected Releases: | 7.3(0)N1(0.275) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCud79112 | Title: | Nexus OS: BGP AS PATH Check for Both IBGP VPNv4 and EBGP |
|
Status: | Open |
|
Severity: | 4 Minor |
Description: | Symptom: Nexus OS: BGP AS PATH Check for Both IBGP VPNv4 and EBGP
Conditions: Nexus OS does BGP AS PATH Check for Both IBGP(VPNv4) and EBGP and if it finds its own AS in MP-BGP update it discards the route. As per IOS on CAT6K we have noticed that CAT6K does filtering for only EBGP but for IBGP VPNv4 update it doesnt do any kind of filtering.
Workaround: Applying ALLOWAS-IN for VPNv4 neighbors resolves the issue. |
|
Last Modified: | 11-FEB-2016 |
|
Known Affected Releases: * | 9.9(0)BS(0.14) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtz94196 | Title: | Need capability to clear QoS statistics per interface. |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom: Cannot clear QoS statistics per interface.
Conditions:
Workaround: Clear QoS statistics for the entire switch.
Further Problem Description:
|
|
Last Modified: | 01-FEB-2016 |
|
Known Affected Releases: | 5.2(1)N1(0.174) |
|
Known Fixed Releases: * | 7.1(3)ZN(0.175), 7.1(4)N1(0.725), 7.1(4)N1(1), 7.2(2)N1(0.383), 7.2(2)N1(1), 7.2(2)ZN(0.65), 7.3(0)IZN(0.7), 7.3(0)N1(0.157), 7.3(0)N1(1), 7.3(0)ZN(0.145) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCti05062 | Title: | Callhome distribute and commit cli missing in N5k |
|
Status: | Terminated |
|
Severity: | 6 Enhancement |
Description: * | Symptom: Callhome distribute and commit commands are missing on the N5k
Conditions: N5k - version 5.0(3)N2(1) No support for implementing the callhome CFS distribute feature on the N5k. It is there on the N7k.
Workaround: None
Further Problem Description:
|
|
Last Modified: | 12-FEB-2016 |
|
Known Affected Releases: | 5.0(3)N2(1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy22176 | Title: | Log source/destination FCIDs for FWM PIF drops. |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: * | Symptom: Log to a show tech file section the top list of Source/Destination FCIDs that hit command : show platform fwm info asic-errors x
Conditions: show platform fwm info pif fc x/y show platform fwm info asic-errors
Workaround: na
Further Problem Description:
|
|
Last Modified: | 11-FEB-2016 |
|
Known Affected Releases: | 5.2(1)N1(1b) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux44029 | Title: | XML support for show interface fcx/y transceiver details |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: | Symptom: XML support for show interface fcx/y transceiver details
Conditions: Feature support in future release
Workaround: None
Further Problem Description: None
|
|
Last Modified: | 29-FEB-2016 |
|
Known Affected Releases: | 7.1(2)N1(0.2) |
|
Known Fixed Releases: * | 7.1(3)ZN(0.205), 7.1(4)N1(0.747), 7.1(4)N1(1), 7.2(2)ZN(0.83) |
|
|
| |
没有评论:
发表评论