| |
Bug Id: | CSCup45866 |
Title: | Persistent high rate of HW errors can trigger plog_sup process crash |
|
Description: | Symptom:
Device will crash due to plog_sup HAP reset. Following logs will be seen in OBFL
%KERN-2-SYSTEM_MSG: [ 1012.114305] [sap 1016][pid 3201][comm:plog_sup] sap recovering failed and so Killed - kernel
%SYSMGR-2-SERVICE_CRASHED: Service "plog_sup" (PID 3201) hasn't caught signal 9 (no core).
%SYSMGR-2-HAP_FAILURE_SUP_RESET: System reset due to service "plog_sup" in vdc 1 has had a hap failure
%KERN-0-SYSTEM_MSG: [ 1020.936979] writing reset reason 16, plog_sup hap reset - kernel
Conditions:
If the parity interrupts are in ECC Protected SRAM, the interrupts should be persistent even after a reload. If not refer CSCus74195
Workaround:
This is a uncorrectable parity problem in the ASIC. The device will need to be replaced.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUN-2015 |
|
Known Affected Releases: | 6.0(2)U2(4) |
|
Known Fixed Releases: | 6.0(2)A3(3.70), 6.0(2)A3(4), 6.0(2)A4(0.784), 6.0(2)A4(1), 6.0(2)U3(3.70), 6.0(2)U3(4), 6.0(2)U4(0.784), 6.0(2)U4(1) |
|
|
| |
| |
Bug Id: | CSCui89328 |
Title: | Nexus 3500: All Ports Move to a Hardware Failure State |
|
Description: | Symptom:
All the ports are shut down with the following error messages:
%NOHMS-2-NOHMS_DIAG_ERROR: Module 1: Runtime diag detected major event: Port failure: Ethernet /
%ETHPORT-3-IF_DOWN_HW_FAILURE: Interface Ethernet/ is down (Hardware Failure)
Conditions:
- Parity Error
- 6.0(2)A1(1a) or older
Workaround:
Reload the device.
Further Problem Description:
It is recommended to run 6.0(2)A1(1c) or later if you encounter this issue.
This bug changed the following:
- Only ports related to a soft parity error are moved into a failure state. This allows traffic to flow normally on unaffected ports prior to the reload.
- Provides more granular output in logs for the cause of the parity error.
Both changes are partially implemented in 6.0(2)A1(1b) and fully implemented 6.0(2)A1(1c) and later.
All ports shutting down in 6.0(2)A1(1b) may still be a soft parity error. If a Nexus 3500 shuts down all ports in 6.0(2)A1(1c) or later, the switch should be replaced.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUN-2015 |
|
Known Affected Releases: | 6.0(2)A1(0.99) |
|
Known Fixed Releases: | 6.0(2)A1(1c) |
|
|
| |
| |
Bug Id: | CSCuo81303 |
Title: | All ports error disabled after LPM parity error at a particular index |
|
Description: | Symptom:
All ports will go error-disabled and following message will appear in syslog
2014 May 14 06:16:16 %USER-3-SYSTEM_MSG: bcm_usd_notif_err_hwfail_helper:487: front-port 1, send hwFailure request success - bcm_usd
2014 May 14 06:16:16 %USER-3-SYSTEM_MSG: bcm_usd_notif_err_hwfail_helper:487: front-port 2, send hwFailure request success - bcm_usd
2014 May 14 06:16:16 %USER-3-SYSTEM_MSG: bcm_usd_notif_err_hwfail_helper:487: front-port 3, send hwFailure request success - bcm_usd
2014 May 14 06:16:16 %USER-3-SYSTEM_MSG: bcm_usd_notif_err_hwfail_helper:487: front-port 4, send hwFailure request success - bcm_usd
Conditions:
This only happens when parity errors are detected at specific indices across various tables
Workaround:
None
Further Problem Description:
For LPM parity error happens at index 4192 will cause the following issue
bcm_usd_isr_switch_event_cb_log:834: slot_num 0, event 2, memory error type: Detection(0x1), table name: L3 LPM table(0x83000806),
index: 4192
bcm_usd_isr_switch_event_cb_log:778: slot_num 0, event 2, memory error type: Correction(0x5), table name: L3 LPM table(0x806), ind
ex: 4192
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 01-JUN-2015 |
|
Known Affected Releases: | 6.0(2)U2(1) |
|
Known Fixed Releases: | 6.0(2)U2(8.96), 6.0(2)U2(9Z) |
|
|
| |
| |
Bug Id: | CSCus75034 |
Title: | Nexus 3500 - Flexlink Mcast Fast Convergence - no IGMP report leak |
|
Description: | Symptom:
No IGMP reports are leaked over Backup Standby Port in Flexlink configuration when Mcast fast convergence is configured.
No IGMP snooping entry is created on the upstream switch for the port connecting to the Backup port on the N3500 side.
This would lead to high Mcast convergence when Active Port goes down and Standby port becomes active as upstream switch would not be forwarding multicast traffic for the hosts connected on the N3500.
Conditions:
Flexlink configuration with Mcast Fast convergence configured:
switchport backup interface <> multicast fast-convergence
The upstream switch connecting to the backup port does not receive any IGMP reports for the hosts/receivers connected across N3500 switch.
Workaround:
Add static IGMP snooping entry on the Upstream switch connecting to the N3k backup port. Example if upstream is a N5k/N3k/N7k switch:
ip igmp snooping static-group interface <#port or po connecting to backup port>
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 02-JUN-2015 |
|
Known Affected Releases: | 6.0(2)A3(2.68), 6.0(2)A4(3) |
|
Known Fixed Releases: | 6.0(2)A6(0.65), 6.0(2)A6(1) |
|
|
| |
| |
Bug Id: | CSCup91289 |
Title: | Nexus 3548 Netstack Crashes by Generating Oversized Pings Continuously |
|
Description: | Symptom:
Nexus 3548 has multiple "netstack" crashes by generating oversized pings continuously with the following command:
DC1-3548A# ping 100.100.20.4 timeout 0 count unlimited packet-size 65468
Conditions:
It happens when oversized pings are generated locally and continuously.
Workaround:
Do not ping with maximum packet-size. Crash does not happen with default ping packet-size.
Further Problem Description:
N/A
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 03-JUN-2015 |
|
Known Affected Releases: | 6.0(2)A1(1c) |
|
Known Fixed Releases: | 6.0(2)A4(0.855), 6.0(2)A4(1), 6.0(2)U4(0.855), 6.0(2)U4(1) |
|
|
| |
| |
Bug Id: | CSCuu35333 |
Title: | Should not shutdown system when there is PS or FAN direction mismatch |
|
Description: | Symptom:
Donot shutdown system due to fan/PS direction mismatch.
Print Sev1 syslogs every minute instead.
Conditions:
Workaround:
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 03-JUN-2015 |
|
Known Affected Releases: | 6.0(2)U3(7.103) |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCus81622 |
Title: | POAP Nexus3000 intermittently selects wrong configuration |
|
Description: | Symptom:
Nexus3000 may select an incorrect configuration -- i.e. a configuration intended for another switch -- when it boots from a DHCP/POAP server.
Conditions:
Occurs more frequently in an environment with tens of switches booting simultaneously since DHCP requests are more likely to occur simultaneously as the number of switches increases. The testbed in which the issue was found contained sixty Nexus3000 switches booting from a single DHCP/POAP server.
Workaround:
Upgrade to an image in which this defect is resolved.
Further Problem Description:
The issue is due to DHCP transaction ID not being randomized when DHCP request is sent by the Nexus3000. Hence Nexus3000 is not able to discriminate resulting DHCP OFFERs from a DHCP server and will accept OFFERs intended for other Nexus3000 since these OFFERs will contain the same transaction ID.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 03-JUN-2015 |
|
Known Affected Releases: | 6.0(2)U5(1) |
|
Known Fixed Releases: | 6.0(2)U6(0.75), 6.0(2)U6(1), 6.1(2)I3(3.95), 6.1(2)I3(4) |
|
|
| |
| |
Bug Id: | CSCur55507 |
Title: | N3K may face a mtc_usd hap reset due to an arithmetic exception |
|
Description: | Symptom:
Nexus 3500 may face a mtc_usd hap reset due to an arithmetic exception, and a core file will be generated:
Module Instance Process-name PID Date(Year-Month-Day Time)
------ -------- --------------- -------- -------------------------
1 1 mtc_usd 3273 2014-10-18 07:38:57
1 2 mtc_usd 3273 2014-10-18 07:38:57
1 3 mtc_usd 3273 2014-10-18 07:38:57
Conditions:
Unknown
Workaround:
Unknown
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 04-JUN-2015 |
|
Known Affected Releases: | 6.0(2)A1(1c) |
|
Known Fixed Releases: | 6.0(2)A4(1.33), 6.0(2)A4(3), 6.0(2)A5(0.991), 6.0(2)A5(1), 6.0(2)U4(1.33), 6.0(2)U4(3), 6.0(2)U5(0.991), 6.0(2)U5(1) |
|
|
| |
| |
Bug Id: | CSCus34881 |
Title: | N3k - SNMPD crash due to segmentation fault polling port_manager |
|
Description: | Symptom:
NX-OS SNMPd process crashes with HAP reset.
Conditions:
SNMP GET requests to IF-MIB may cause the SNMP deamon to crash due to a segmentation fault while trying to fetch the interface counters belonging to a port channel.
Workaround:
Do not poll OID's to collect interface counters belonging to a port-channel
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 05-JUN-2015 |
|
Known Affected Releases: | 6.0(2)U4(1) |
|
Known Fixed Releases: | 6.0(2)A5(1.37), 6.0(2)A5(2), 6.0(2)A6(0.64), 6.0(2)A6(0.66), 6.0(2)A6(0.78), 6.0(2)A6(1), 6.0(2)U5(1.37), 6.0(2)U5(2), 6.0(2)U6(0.64), 6.0(2)U6(0.66) |
|
|
| |
| |
Bug Id: | CSCuu19695 |
Title: | Multicast traffic not forwarded when loopback interface used as RP |
|
Description: | Symptom:
When a loopback interface address is configured as a resource provider (RP), the PIM register message received from the FHR is not processed. This results in traffic loss to all downstream devices.
Conditions:
This issue occurs when a loopback interface is configured as RP and we bring up the box using copy r s reload.
Workaround:
Reconfigure the RP address
Further Problem Description:
NA
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 08-JUN-2015 |
|
Known Affected Releases: | 6.0(2)A4(4) |
|
Known Fixed Releases: | 6.0(2)A4(5.49), 6.0(2)A4(6), 6.0(2)A6(2.25), 6.0(2)A6(3), 6.0(2)U4(4.49), 6.0(2)U4(5), 6.0(2)U6(1.25), 6.0(2)U6(2) |
|
|
| |
| |
Bug Id: | CSCuu25368 |
Title: | [N3548] Openflow: Flows are getting disappeared on reload |
|
Description: | Symptom:
OpenFlow programmed flows are not getting retained after reloading the switch.
Conditions:
This issue occurs when:
- OpenFlow is enabled in hybrid mode
- L2 Multicast is enabled
Workaround:
1) OpenFlow can be configured in openflow-only mode if no other protocols are required on the switch.
OR
2) If the OpenFlow has to be hybrid mode, re-trigger the flow programming from the OpenFlow controller after the reload.
Further Problem Description:
Openflow flow entries are failed to get re-programmed on reloading the switch. This is due to the internal table conflict with L2 multicast entries.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 09-JUN-2015 |
|
Known Affected Releases: | 6.0(2)A6(2) |
|
Known Fixed Releases: | 6.0(2)A4(5.49), 6.0(2)A4(6), 6.0(2)A6(2.25), 6.0(2)A6(3), 6.0(2)U4(4.49), 6.0(2)U4(5), 6.0(2)U6(1.25), 6.0(2)U6(2) |
|
|
| |
| |
Bug Id: | CSCur04934 |
Title: | Nexus 3000/3500 - Product evaluation for CVE-2014-6271 and CVE-2014-7169 |
|
Description: | Symptom:
Symptoms:
The Nexus 3000 and 3500 includes a version of bash that is affected by the vulnerabilities
identified by the Common Vulnerability and Exposures (CVE) IDs:
CVE-2014-6271
CVE-2014-7169
CVE-2014-7186
CVE-2014-7187
CVE-2014-6277
CVE-2014-6278
This bug has been opened to address the potential impact on this product.
Conditions:
Conditions:
A user must first successfully log in and authenticate via SSH to trigger this vulnerability.
Workaround:
Workaround:
Not available.
Release with the vulnerability fix:
6.0(2)A3(4), 6.0(2)U3(4) - CCO posted on 10/11
Release expected in future: (Contact Deepak Patwardhan - depatwar for dates)
6.0(2)U2(6)
6.0(2)A4(2), 6.0(2)U4(2)
6.0(2)U5(1) - Nexus3000 only
Further Problem Description:
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2
score. The Base and Temporal CVSS scores as of the time of evaluation
are 7.5/7.5:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:C
The Cisco PSIRT has assigned this score based on information obtained
from multiple sources. This includes the CVSS score assigned by the
third-party vendor when available. The CVSS score assigned may not
reflect the actual impact on the Cisco Product.
Additional information on Cisco's security vulnerability policy can be
found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 12-JUN-2015 |
|
Known Affected Releases: | 6.0(2)U4(1), 7.0(99.1)ZZ, 9.5(1)N1(7.8) |
|
Known Fixed Releases: | 5.0(3)U5(0.214), 5.0(3)U5(1j), 6.0(2)A3(3.80), 6.0(2)A3(3.82), 6.0(2)A3(4), 6.0(2)A4(1.21), 6.0(2)A4(2), 6.0(2)A5(0.918), 6.0(2)A5(0.920), 6.0(2)A5(1) |
|
|
| |
| |
Bug Id: | CSCur32090 |
Title: | N3k - SNMPD crash due to memory leak polling SFP sensor thresholds |
|
Description: | Symptom:
SNMPD crashes due to memory leak while polling CISCO-ENTITY-SENSOR-MIB. Specifically for OID's and indexes collecting SFP thresholds.
Conditions:
Get Requests to collect SFP thresholds using OID's of CISCO-ENTITY-SENSOR-MIB
Workaround:
Do not poll OID's to collect SFP Sensor values and thresholds.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 13-JUN-2015 |
|
Known Affected Releases: | 6.0(2)U3(0.759), 6.0(2)U4(1) |
|
Known Fixed Releases: | 6.0(2)A4(1.25), 6.0(2)A4(2), 6.0(2)A5(0.938), 6.0(2)A5(1), 6.0(2)U3(5.93), 6.0(2)U3(6), 6.0(2)U4(1.25), 6.0(2)U4(2), 6.0(2)U5(0.938), 6.0(2)U5(1) |
|
|
| |
| |
Bug Id: | CSCup80823 |
Title: | SVI not responding to ARP request after reload |
|
Description: | Symptom:
Incomplete ARPs entries can occur randomly after a Nexus 3000 switch is reloaded.
To verify this condition check if the following counter is incrementing -
sh ip arp statistics vlan 2000 interface-all
ARP packet statistics for interface: Vlan2000
...
Received:
Total 24576, Requests 0, Replies 0, Requests on L2 0, Replies on L2 0
Proxy arp 0, Local-Proxy arp 0, Tunneled 0, Fastpath 0, Snooped 0, Dropped 24576
Received packet drops details:
Appeared on a wrong interface : 24576 <<<<<<<<<<<<<<<<<<<<<<<<< This is incrementing
You may also see syslogs message like
%ARP-3-REQ_NON_AM: arp [3393] Sending ARP request for X.X.X.X on invalid interface VlanXXX request from pid: XXXX
Conditions:
After reloading the switch.
Workaround:
We can try bouncing the SVI and if this does not recover it then reload the switch again.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 15-JUN-2015 |
|
Known Affected Releases: | 6.0(2)U3(1) |
|
Known Fixed Releases: | 6.0(2)A3(3.70), 6.0(2)A3(4), 6.0(2)A4(0.817), 6.0(2)A4(1), 6.0(2)U3(3.70), 6.0(2)U3(4), 6.0(2)U4(0.817), 6.0(2)U4(1), 7.0(3)I2(0.122), 7.0(3)I2(1) |
|
|
| |
| |
Bug Id: | CSCuo55510 |
Title: | Unable to program /128 entry in hardware due to missing adjacency |
|
Description: |
Symptom:========
When hardware tables are full and more routes are added, the excess routes are not updated properly in subsequent operations
Conditions:==========
This happens when more routes are added than which is capability of the hardware.
Workaround:==========
The workaround is to clear all the ipv4+ipv6 adjacencies with force option and then then clear all the ipv4+ipv6 routes
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 15-JUN-2015 |
|
Known Affected Releases: | 5.0(3)U5(1f), 6.0(2)U3(1) |
|
Known Fixed Releases: | 6.0(2)A4(0.773), 6.0(2)A4(1), 6.0(2)U4(0.773), 6.0(2)U4(1) |
|
|
| |
| |
Bug Id: | CSCup62071 |
Title: | Nexus 3000 - MAC incorrectly point to peer-link upon reload in VPC setup |
|
Description: | Symptom:
Nexus 3000 in VPC setup may observe incorrect MAC entries following reload of the switch in VPC. Some MAC's may point to peer-link while should be the VPC PO.
Conditions:
Not exactly known. However after reload or power cycle of one of the switches in VPC setup.
Workaround:
'clear mac address-table dynamic' correct the entries.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 15-JUN-2015 |
|
Known Affected Releases: | 6.0(2)U2(1) |
|
Known Fixed Releases: | 6.0(2)U3(1) |
|
|
| |
| |
Bug Id: | CSCus34355 |
Title: | recursive-route updates not pushed to hardware in certain conditions |
|
Description: | Symptom:
N3k continues to forward traffic to a failed HA box due to egress port not getting updated
Conditions:
Trigger for this issue is Mac Move of directly connected next-hop on vlan interface from one physical port to another physical port.
Affects only IPv4 recursive routes with single next-hop.
Workaround:
clear ip arp force-delete
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 15-JUN-2015 |
|
Known Affected Releases: | 6.0(2)U4(1.35), 6.0(2)U4(1M) |
|
Known Fixed Releases: | 6.0(2)A4(3.36), 6.0(2)A4(3.41), 6.0(2)A4(4), 6.0(2)A5(0.34), 6.0(2)A5(1), 6.0(2)A5(1.37), 6.0(2)A5(2), 6.0(2)U4(3.36), 6.0(2)U4(3.41), 6.0(2)U4(4) |
|
|
| |
| |
Bug Id: | CSCuq14486 |
Title: | FIJI-MR-2:Volatile databse usage high, ipfib crash |
|
Description: | Symptom:
system reset due to service "ipfib" in vdc 1 has had a hap failure
Conditions:
500 multicast receivers joins 500 multicast groups resulting in 250000 mroutes.
Workaround:
Limit the mroutes within the recommended scale limits.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 15-JUN-2015 |
|
Known Affected Releases: | 6.0(2)U3(2.63), 6.0(2)U4(0.809) |
|
Known Fixed Releases: | 6.0(2)A3(3.69), 6.0(2)A3(3.70), 6.0(2)A3(4), 6.0(2)A4(0.858), 6.0(2)A4(1), 6.0(2)U3(3.69), 6.0(2)U3(3.70), 6.0(2)U3(4), 6.0(2)U4(0.858), 6.0(2)U4(1) |
|
|
| |
| |
Bug Id: | CSCur83153 |
Title: | NDB may stop working unexpectedly |
|
Description: | Symptom:
After some time of normal operation, Nexus Data Broker (NDB) is suddenly no longer reachable
through the GUI.
Openflow switches using the underlying XNC as controller report a connection failure to the
controller. For example:
2014 Nov 9 05:06:22 switch01 %VMAN-5-VIRT_INST_NOTICE: VIRTUAL SERVICE
ofa_ndbemb LOG: OVS: sw1<->tcp:10.0.0.1:6653%management: no response to
inactivity probe after 5 seconds, disconnecting
2014 Nov 9 05:06:22 switch01 %VMAN-5-VIRT_INST_NOTICE: VIRTUAL SERVICE
ofa_ndbemb LOG: OVS: sw1<->tcp:10.0.0.1:6653%management: connection failed
(Connection reset by peer)
Conditions:
This has been observed on NDB 2.0 running embedded on a Nexus 3548 running NXOS 6.0(2)A4(1)
It is not confirmed at this time whether or not other versions or other platforms are affected.
Workaround:
Restart the NDB service:
conf t
onep
virtual-service ofa_ndb
no activate
activate
exit
Please note: unsaved changes in NDB will be lost.
Further Problem Description:
This defect only affects the working of the controller and the NDB application, it does not
affect the flows created by the controller, except flows that were created but not saved.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4.3/3.7:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:N/C:N/I:N/A:P/E:F/RL:TF/RC:C
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 16-JUN-2015 |
|
Known Affected Releases: | 6.0(2)U4(0.41) |
|
Known Fixed Releases: | 6.0(2)A4(5.47), 6.0(2)A4(6), 6.0(2)A6(0.17), 6.0(2)A6(1), 6.0(2)U4(4.47), 6.0(2)U4(5), 6.0(2)U6(0.17), 6.0(2)U6(1), 7.0(0)BZ(0.46), 7.0(0)HSK(0.357) |
|
|
| |
| |
Bug Id: | CSCus26875 |
Title: | December 2014 - NTPd.org Vulnerabilities |
|
Description: | Symptom:
The following Cisco products
Cisco Nexus 3000 Switches
include a version of NTPd that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:
CVE-2014-9293, CVE-2014-9294, CVE-2014-9295 and CVE-2014-9296
This bug has been opened to address the potential impact on this product.
Please consult http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd for further information.
Conditions:
feature ntp
Workaround:
Block NTP query requests:
ntp access-group query-only query-only-acl
Below shows an example of the NX-OS host being a NTP client:
ntp server 192.168.0.1 use-vrf management
ntp source-interface mgmt0
ntp access-group peer ntp-peer
ntp access-group query-only ntp-query-only
!
ip access-list ntp-peer
statistics per-entry
! Permit the NTP servers you wish to sync with
10 permit udp 192.168.0.1/32 any log
ip access-list ntp-query-only
statistics per-entry
! Deny NTP control messages from any host.
10 deny ip any any log
!
For more information consult: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus3000/sw/system_mgmt/6_x/b_3k_System_Mgmt_Config_6_x/b_3k_System_Mgmt_Config_6_x_chapter_010010.html#task_B61435A7608D4FDBAA43AC77C8C0B76D
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.5/7.5:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:C
The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 17-JUN-2015 |
|
Known Affected Releases: | 6.0(2)U5(1) |
|
Known Fixed Releases: | 6.0(2)A4(3.43), 6.0(2)A4(4), 6.0(2)A5(1.38), 6.0(2)A5(2), 6.0(2)A6(0.44), 6.0(2)A6(1), 6.0(2)U4(3.43), 6.0(2)U4(4), 6.0(2)U5(1.38), 6.0(2)U5(2) |
|
|
| |
| |
Bug Id: | CSCut97806 |
Title: | 1G link not up in QI2-CR with autoneg enabled. |
|
Description: | Symptom:
1G ports does not link up between Nexus 3172PQ and other peers
Conditions:
When Nexus 3172 is configured in 48x10G+6x40G portmode
Workaround:
Two options:
a) Configure portmode as 48x10g+breakout6x40g. In this mode, 1G ports does not have this issue. Also the last QSFP ports will work in 40G mode.
b) Disable auto-negotiation (AN) on the affected interface using "no negotiate auto" in interface configuration mode. Note that this command will fail while the interface is assigned to a port-channel. Procedure in this case is to first remove the "channel-group" command, then add the "no negotiate auto" and then re-apply the "channel-group".
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 17-JUN-2015 |
|
Known Affected Releases: | 6.0(2)U6(1) |
|
Known Fixed Releases: | 6.0(2)U6(2) |
|
|
| |
| |
Bug Id: | CSCur52703 |
Title: | HSRP active n3500/n3000 does not respond arp to resolve its own VIP |
|
Description: | Symptom:
n3500 does not respond to arp request sent to resolve its hsrp VIP and cannot ping its own VIP
Conditions:
n3500 is HSRP active
Workaround:
un-configure and reconfigure the HSRP virtual ip from the svi hsrp-subconfig.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 18-JUN-2015 |
|
Known Affected Releases: | 6.0(2)A4(1) |
|
Known Fixed Releases: | 6.0(2)A4(3), 6.0(2)A5(0.978), 6.0(2)A5(1), 6.0(2)U4(3), 6.0(2)U5(0.978), 6.0(2)U5(1) |
|
|
| |
| |
Bug Id: | CSCup43205 |
Title: | Nexus 3500: Support for Packets with Multicast MAC |
|
Description: | Symptom:
Microsoft NLB traffic and ISIS Hello packets are not forwarded by Nexus 3548 when used as a transit device.
Conditions:
- Nexus 3500
- Traffic with multicast mac and unicast IP OR multicast mac and no ip header
Workaround:
None.
Further Problem Description:
Forwarding of this traffic type is currently unsupported on this platform. This issue is present because the Nexus 3548 platform currently performs a L2 and L3 lookup on multicast packets.
This enhancement was filed to add the ability to only perform a L2 only lookup mode.
|
|
Status: | Terminated |
|
Severity: | 2 Severe |
Last Modified: | 18-JUN-2015 |
|
Known Affected Releases: | 6.0(2)A3(1), 6.0(2)A4(1) |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuo40395 |
Title: | Nexus 3000 bcm_usd core is seen |
|
Description: | Symptom:
Nexus 3000 may experience an unexpected crash.
Conditions:
A core file will be created with the bcm_usd process.
Workaround:
None known.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 19-JUN-2015 |
|
Known Affected Releases: | 6.0(2)U3(1) |
|
Known Fixed Releases: | 6.0(2)A3(0.6), 6.0(2)A3(1), 6.0(2)U3(0.6), 6.0(2)U3(1) |
|
|
| |
| |
Bug Id: | CSCuu84112 |
Title: | N3k - adjacency entry misprogrammed in hardware |
|
Description: | Symptom:
Flows getting blackholed because next hop information is incorrect in hardware
Conditions:
none
Workaround:
clear ip arp force-delete
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 22-JUN-2015 |
|
Known Affected Releases: | 6.0(2)U6(1) |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuq59689 |
Title: | BGP Session Down when NAT max-entries is reached |
|
Description: | Symptom:
When NAT max-entries is reached and the following error is seen:
2014 Aug 25 18:31:34 R11.N3500.Top netstack[3647]: NAT: Can't create dynamic translations, maximum limit reached
A BGP peer using the outside NAT interface will go down with the following log message:
2014 Aug 25 18:31:40 R11.N3500.Top %BGP-5-ADJCHANGE: bgp-10 [3775] (default) neighbor 172.17.0.18 Down - holdtimer expired error
Conditions:
NAT translation max-entries is reached with BGP neighbor configured using the natted interface.
Workaround:
clear ip nat translation all
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 22-JUN-2015 |
|
Known Affected Releases: | 6.0(2)A3(1) |
|
Known Fixed Releases: | 6.0(2)A4(3.36), 6.0(2)A4(4), 6.0(2)A5(0.911), 6.0(2)A5(1), 6.0(2)U4(3.36), 6.0(2)U4(4), 6.0(2)U5(0.911), 6.0(2)U5(1) |
|
|
| |
| |
Bug Id: | CSCuu80493 |
Title: | MSDP sa-policy filters all SA |
|
Description: | Symptom:
All SA are being filtered by MSDP sa-policy if route-map contains "match ip address " statement. Such configuration is not supported.
The correct configuration is "match ip multicast "
Conditions:
Route-map used for sa-policy contains "match ip address " statement.
Workaround:
The correct configuration is "match ip multicast " under route-map.
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 23-JUN-2015 |
|
Known Affected Releases: | 6.0(2)A6(2) |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCun37604 |
Title: | install add fails when we use non-mgmt ports for ftp/tftp/scp |
|
Description: | Symptom:
install add fails
Conditions:
when we use location as ftp/scp/tftp using non-management vrf.
Workaround:
Use management vrf.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 23-JUN-2015 |
|
Known Affected Releases: | 6.0(2)U4(1) |
|
Known Fixed Releases: | 7.0(0)BNZ(0.23), 7.1(0)D1(0.113), 7.1(0)D1(0.132), 7.1(0)FC(0.2), 7.1(0)NF(0.28), 7.1(0)PDB(0.94), 7.1(0)ZD(0.178), 7.2(0)D1(1), 7.2(1)N1(0.1), 7.2(1)N1(1) |
|
|
| |
| |
Bug Id: | CSCuf36771 |
Title: | N3k-OF:Vlan ID is removed when packets are punted to controller |
|
Description: | Symptom:
When the Datapath Service Set is asked to provide Layer-2 frames to it's client, the frames will be missing any 802.1Q or QinQ header that may have originally been on the frame.
This in turn affects any OpenFlow packets sent to the controller, preventing the controller from properly performing reactive-mode learning switch or similar operations.
Conditions:
When 802.1q tagged packets need to be diverted via the OneP Datapath Service Set to a client, including to an OpenFlow controller by way of the Cisco Plug-in for OpenFlow Agent.
Workaround:
no known workarounds.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 24-JUN-2015 |
|
Known Affected Releases: | 6.0(2)U3(0.728) |
|
Known Fixed Releases: | 15.2(4.0.21)E, 6.0(2)A4(1), 6.0(2)U4(1), 7.1(0)ES(0.10), 7.1(0)ES(0.11), 7.1(0)ES(0.13), 7.1(0)ES(0.14), 7.2(0)VZD(0.36), 7.2(0)VZN(0.44), 7.3(0)D1(0.10) |
|
|
| |
| |
Bug Id: | CSCut75234 |
Title: | BFD stops working after upgrade to A6.1 |
|
Description: | Symptom:
CoPP (including BFD) does not work after upgrading to 6.0(2)A6(1) or 6.0(2)A4(5) on N3500 platforms.
Conditions:
This issue occurs when the image is upgraded to 6.0(2)A6(1) or 6.0(2)A4(5) on N3500 platforms.
Workaround:
Modify the Copp policy by changing PPS for any one of the classes, or modify any one of the CoPP ACLs.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 24-JUN-2015 |
|
Known Affected Releases: | 6.0(2)A6(1) |
|
Known Fixed Releases: | 6.0(2)A4(5.47), 6.0(2)A4(6), 6.0(2)A6(1.21), 6.0(2)A6(2), 6.0(2)U4(4.47), 6.0(2)U4(5), 6.0(2)U6(0.21), 6.0(2)U6(1) |
|
|
| |
| |
Bug Id: | CSCus68770 |
Title: | Nexus 3k/3500: assess GHOST vulnerability in glibc (CVE-2015-0235) |
|
Description: | Symptom:
On January 27, 2015, a buffer overflow vulnerability in the GNU C library (glibc) was publicly announced. This vulnerability is related to the various gethostbyname functions included in glibc and affect applications that call these functions. This vulnerability may allow an attacker to obtain sensitive information from an exploited system or, in some instances, perform remote code execution with the privileges of the application being exploited. This vulnerability is documented in CVE-2015-0235.
A Cisco Security Advisory has been published to document this vulnerability at:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
This bug has been opened to address the potential impact on this product.
Conditions:
Exposure is not configuration dependent.
Workaround:
Not available.
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are: 10/7.8
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C/CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND
The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 24-JUN-2015 |
|
Known Affected Releases: | 6.0(2)A4(1), 6.0(2)U5(0.37), 6.0(2)U5(1) |
|
Known Fixed Releases: | 6.0(2)A4(3.41), 6.0(2)A4(4), 6.0(2)A5(1.37), 6.0(2)A5(1.38), 6.0(2)A5(1.39), 6.0(2)A5(2), 6.0(2)A6(0.59), 6.0(2)A6(1), 6.0(2)U4(3.41), 6.0(2)U4(4) |
|
|
| |
| |
Bug Id: | CSCuq61825 |
Title: | Nexus3500: Packet received on access vPC port w/ vlan id 0 not processed |
|
Description: | Symptom:
The Cisco Nexus 3500 does not process the packets received on an access vPC port. This happens only when a dot1q header with VLAN id as 0 is received.
Conditions:
The port is in access port, and part of a vPC.
Issue is seen in 6.0(2)A3 releases.
Workaround:
None
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 24-JUN-2015 |
|
Known Affected Releases: | 6.0(2)A3(2.68), 6.0(2)A4(1) |
|
Known Fixed Releases: | 6.0(2)A4(5.47), 6.0(2)A4(6), 6.0(2)A6(1), 6.0(2)U4(4.47), 6.0(2)U4(5) |
|
|
| |
| |
Bug Id: | CSCut77415 |
Title: | APRIL 2015 NTPd Vulnerabilities |
|
Description: | Symptom:
This product includes a version of ntpd that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs:
CVE-2015-1798 and CVE-2015-1799
This bug has been opened to address the potential impact on this product.
Conditions:
Device configured with NTP and NTP Keys
All shipping versions affected.
Workaround:
Not available.
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are: 4.3/3.2
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C
The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 24-JUN-2015 |
|
Known Affected Releases: | 6.0(2)U6(1) |
|
Known Fixed Releases: | 6.0(2)A7(0.163), 6.0(2)A7(1), 6.0(2)U7(0.163), 6.0(2)U7(1) |
|
|
| |
| |
Bug Id: | CSCut78781 |
Title: | N3000 does not install pim OIL for (S,G) |
|
Description: | Symptom:
Missing PIM derived OIL for some (S,G)-s when multiple sources come online at the same time
Conditions:
Workaround:
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 24-JUN-2015 |
|
Known Affected Releases: | 6.0(2)U4(1) |
|
Known Fixed Releases: | 6.0(2)A4(5.59), 6.0(2)A4(6), 6.0(2)A6(2.44), 6.0(2)A6(3), 6.0(2)A7(0.167), 6.0(2)A7(1), 6.0(2)U4(4.59), 6.0(2)U4(5), 6.0(2)U6(1.44), 6.0(2)U6(2) |
|
|
| |
| |
Bug Id: | CSCuu71710 |
Title: | N3500 : Kernel panic seen when UDP traffic hits the mgmt port |
|
Description: | Symptom:
Nexus 3548: Kernel panic observed on 6.0(2)A4(5)
KERN-0-SYSTEM_MSG [2205608.520006] BUG: soft lockup - CPU#0 stuck for 11s! [usd_mts_kthread:3296]
Conditions:
Under high rate of incoming traffic on management interface
Workaround:
None
Further Problem Description:
Kernel panic was observed on Nexus3548 when there is a high incoming traffic rate(>150Mbps) on the management interface.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 24-JUN-2015 |
|
Known Affected Releases: | 6.0(2)A4(5.63) |
|
Known Fixed Releases: | 6.0(2)A4(5.70), 6.0(2)A4(6), 6.0(2)A6(2.46), 6.0(2)A6(3), 6.0(2)U4(4.70), 6.0(2)U4(5), 6.0(2)U6(1.46), 6.0(2)U6(2) |
|
|
| |
| |
Bug Id: | CSCur05529 |
Title: | Nexus 3000/3500 evaluation for CVE-2014-6271 and CVE-2014-7169 |
|
Description: | Symptom:
The Cisco Nexus 3000/3500 includes a version of bash that is affected by the vulnerabilities
identified by the Common Vulnerability and Exposures (CVE) IDs:
CVE-2014-6271
CVE-2014-7169
This bug has been opened to address the potential impact on this product.
Conditions:
A user must first successfully log in and authenticate via SSH to trigger this vulnerability.
Workaround:
Not available.
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2
score. The Base and Temporal CVSS scores as of the time of evaluation
are 7.5/7.5:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:C
The Cisco PSIRT has assigned this score based on information obtained
from multiple sources. This includes the CVSS score assigned by the
third-party vendor when available. The CVSS score assigned may not
reflect the actual impact on the Cisco Product.
Additional information on Cisco's security vulnerability policy can be
found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
|
|
Status: | Other |
|
Severity: | 2 Severe |
Last Modified: | 24-JUN-2015 |
|
Known Affected Releases: | 6.0(2)U4(1) |
|
Known Fixed Releases: | 6.0(2)A3(3.80), 6.0(2)A3(4), 6.0(2)A5(0.918), 6.0(2)A5(1), 6.0(2)U3(3.80), 6.0(2)U3(4), 6.0(2)U5(0.918), 6.0(2)U5(1) |
|
|
| |
| |
Bug Id: | CSCur28178 |
Title: | Nexus3000/3500: evaluation of SSLv3 POODLE vulnerability |
|
Description: |
Symptom:
This product includes a version of SSL that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs:
CVE-2014-3566
This bug has been opened to address the potential impact on this product.
Conditions:
Web based HTTPS interface is provided in Nexus 3000 only when "feature nxapi" is enabled.
This feature support came in from 6.0(2)U4(1) onwards, and is disabled by default.
When this feature is not enabled, Nexus 3000 is not vulerable.
Workaround:
Disable 'feature nxapi' if enabled.
Will be fixed in following release:
6.0(2)U4(2) - goa MR1
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the
time of evaluation are: 2.6/2.5
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:H/Au:N/C:P/I:N/A:N/E:F/RL:U/RC:C
The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 24-JUN-2015 |
|
Known Affected Releases: | 6.0(2)U4(1) |
|
Known Fixed Releases: | 6.0(2)A4(1.26), 6.0(2)A4(2), 6.0(2)A5(0.946), 6.0(2)A5(0.947), 6.0(2)A5(1), 6.0(2)U4(1.26), 6.0(2)U4(2), 6.0(2)U5(0.946), 6.0(2)U5(0.947), 6.0(2)U5(1) |
|
|
| |
| |
Bug Id: | CSCuu14692 |
Title: | N3500: MTC_USD Crash observed when Active buffer monitor is cleared |
|
Description: | Symptom:
MTC_USD process core happens when active buffer monitor cli's are issued.
Conditions:
When "show hardware profile buffer monitor multicast 1 detail" is executed from multiple telnet sessions, we get into mtc_usd process core.
Workaround:
NA
Further Problem Description:
NA
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 24-JUN-2015 |
|
Known Affected Releases: | 6.0(2)A4(4) |
|
Known Fixed Releases: | 6.0(2)A4(5.49), 6.0(2)A4(6), 6.0(2)A6(2.25), 6.0(2)A6(3), 6.0(2)U4(4.49), 6.0(2)U4(5), 6.0(2)U6(1.25), 6.0(2)U6(2) |
|
|
| |
| |
Bug Id: | CSCus89127 |
Title: | Disabling ptp on one interface breaks ptp on many other interfaces. |
|
Description: | Symptom:
When a change is performed on one of the interfaces on a Cisco Nexus 3000, which affects PTP on this interface, it may affect PTP on other interfaces on this switch.
Conditions:
This issue occurs when PTP is enabled on interfaces
Workaround:
Restart PTP on other affected interfaces by:
no ptp
ptp
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 24-JUN-2015 |
|
Known Affected Releases: | 6.0(2)A3(1), 6.0(2)A4(3), 6.0(2)A6(0.77) |
|
Known Fixed Releases: | 6.0(2)A4(5.47), 6.0(2)A4(5.53), 6.0(2)A4(6), 6.0(2)A6(0.80), 6.0(2)A6(1), 6.0(2)A6(2.28), 6.0(2)A6(3), 6.0(2)U4(4.47), 6.0(2)U4(4.53), 6.0(2)U4(5) |
|
|
| |
| |
Bug Id: | CSCut86141 |
Title: | SFP-H10GB-CU2.255M, hardware type changed to No-Transceiver on N3k |
|
Description: | Symptom:
SFP not detected on the ports. The same SFP works on other ports
Conditions:
interface remain down with following error
%ETHPORT-5-IF_HARDWARE: Interface Ethernet1/30, hardware type changed to No-Transceiver
in the bcm_shell interface shows FAUTL remote
bcm-shell.0> port 8
PORT: Status (* indicates PHY link up)
xe7 LS(SW) Forced(10GFD) STP(Disable) Lrn(ARL,FWD) UtPri(0) Pfm(FloodNone) IF(SFI) Max_frame(1518) MDIX(ForcedNormal, Normal) Medium(Copper) Fault(Remote) VLANFILTER(3)
Workaround:
power drain of the switch seems to be recovering the issue some times
Further Problem Description:
In the problem state it seems that the driver is saturated due to larger value of idrv, predrv SI values. Updating the new set of SI setting solves the issue.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 25-JUN-2015 |
|
Known Affected Releases: | 6.0(2)U5(0.37) |
|
Known Fixed Releases: | 6.0(2)A6(2.45), 6.0(2)A6(3), 6.0(2)U6(1.45), 6.0(2)U6(2) |
|
|
| |
| |
Bug Id: | CSCuu54126 |
Title: | 10g SFP not working/detected on Nexus 3K in port E1/1 |
|
Description: | Symptom:
- 10g SFP not working/detected on Nexus 3K in port E1/1 and same SFP works on other switch ports
Conditions:
- issue found in code : 6.0(2)U2(6)
- Interface status remains down
etaccsw17.wsf.prnynj# sho int ethernet 1/1
Ethernet1/1 is down (Link not connected)
Dedicated Interface
Hardware: 100/1000/10000 Ethernet, address: 885a.9237.2228 (bia 885a.9237.2228)
Description: [CISCO][WIFI][OUTDOOR] wc101.wsf.prnynj [8510] PORT 02
MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec
reliability 255/255, txload 1/255, rxload 1/255
- Transceiver status show present
sdeaccsw17.wsf.prnynj# sho int ethernet 1/1 transceiver details
Ethernet1/1
transceiver is present >>>>
type is 10Gbase-LR
name is CISCO-FINISAR
part number is FTLX1474D3BCL-CS
- bcm_shell status of interface shows no error only stp in blocking state which seems to be expected behavior as interface is down.
bcm-shell.0> port 1
PORT: Status (* indicates PHY link up)
*xe0 LS(SW) Forced(10GFD) STP(Block) Lrn(ARL,FWD) UtPri(0) Pfm(FloodNone) IF(SFI) Max_frame(1518) MDIX(ForcedNormal, Normal) Medium(Copper) VLANFILTER(3)
Workaround:
Reload the switch
Further Problem Description:
In the problem state it seems that the driver is saturated due to larger value of idrv, predrv SI values. Updating the new set of SI setting solves the issue.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 25-JUN-2015 |
|
Known Affected Releases: | 6.0(2)U2(5.87) |
|
Known Fixed Releases: | 6.0(2)A6(2.45), 6.0(2)A6(3), 6.0(2)U6(1.45), 6.0(2)U6(2) |
|
|
| |
| |
Bug Id: | CSCuu28210 |
Title: | memory leak in PIM SLAB |
|
Description: | Symptom:
On a Nexus 3500 switch multicast traffic might stop forwarding for specific groups/sources.
Conditions:
The following messages are seen in the syslog:
%PIM-3-SLAB_ALLOC: pim [3665] Slab alloc of type pim_routetype failed in pim_build_pim_route()
%PIM-3-CREATE_ROUTE: pim [3665] Couldn't create PIM route for (A.B.C.D/32, E.F.G.H/32) in pim_add_oif_to_sources_walk()
Also, memory allocation for PIM can be seen increasing using the following command:
show ip pim internal mem-stats detail | grep -i "grand total"
Workaround:
Reload the device to clear the memory allocation.
Further Problem Description:
|
|
Status: | Terminated |
|
Severity: | 2 Severe |
Last Modified: | 25-JUN-2015 |
|
Known Affected Releases: | 6.0(2)A3(2.55) |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCue06196 |
Title: | copy r s timedout after setting bootvariables |
|
Description: | Symptom:
On Nexus 3000 switch, copy run start might time out.
Following messages can be seen:
%SYSMGR-3-CFGWRITE_FAILED: Configuration copy failed (error-id 0x401E004D).
Conditions:
The problem could happen in scenarios where a script which executes the following
show run
copy run start
copy run tftp
is run on the switch multiple times.
Workaround:
do not perform the above commands multiple times on the switch.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 27-JUN-2015 |
|
Known Affected Releases: | 5.0(3)U3(2), 5.0(3)U5(1d), 6.0(2)U1(1) |
|
Known Fixed Releases: | 5.0(3)U5(1e), 6.0(2)A1(1), 6.0(2)U1(1) |
|
|
| |
| |
Bug Id: | CSCuh87973 |
Title: | LLDP crash on N3k |
|
Description: | Symptom:
A nexus 3k may see an lldp process crash when polled via snmp.
Conditions:
when snmp polling the switch wihtout mgmt ip configured.
Workaround:
two possible workaround:
1. configure an IP address on management interface (even if its shut down)
2. add "no snmp-server load-mib lldpsnmp" to running-config
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 29-JUN-2015 |
|
Known Affected Releases: | 6.0(2)A1(1) |
|
Known Fixed Releases: | 6.0(2)A1(1b), 6.0(2)U1(1b), 6.0(2)U1(2), 6.0(2)U2(1), 6.0(2)U2(1.44), 6.0(2)U2(2Z) |
|
|
| |
| |
Bug Id: | CSCuv03416 |
Title: | ipfib crash after bulk ucast and mcast update |
|
Description: | Symptom:
ipfib crash after bulk ucast and mcast update
Conditions:
bulk mcast and uncast update
Workaround:
n/a
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 29-JUN-2015 |
|
Known Affected Releases: | 6.0(2)U4(1), 6.0(2)U4(1M) |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCut43397 |
Title: | Nexus 3000 and 3500 (N3K and N3500K) Leap Second |
|
Description: | Symptom:
When the leap second update occurs a N3K could have the kernel hit what is known a "livelock" condition under the following circumstances:
a. When the NTP server pushes the update to the N3K NTPd client, which in turn schedules the update to
the Kernel. This push should have happened 24 hours before June 30th, by most NTP servers.
b. When the NTP server actually updates the clock
Conditions:
The leap second update will be propagated via Network Time Protocol (NTP) or via manually setting the clock.
Workaround:
On switches running affected code, following workaround can be used.
1)Remove NTP/PTP configuration on the switch at least two days prior to June 30, 2015 Leap second event date.
2)Add NTP/PTP configuration back on the switch after the Leap second event date(July 1, 2015)
Further Problem Description:
The following releases and above are not affected by this issue:
6.0(2)U3(1)
6.0(2)U2(2Z)
6.0(2)U2(1)
6.0(2)U1(1)
6.0(2)A1(1b)
- The last leap second update happened on June 30th @ 23:59:60 UTC.
- The next leap second update is not due until next several years, and 6 months notice will be given before the update. Please see URL below for leap second update details.
Reference : http://www.timeanddate.com/time/leapseconds.html
- Now that we have past June 30th 23:59:60 UTC, if your N3K have not reset or switched over, you are not affected this caveat until the next leap second update.
|
|
Status: | Other |
|
Severity: | 2 Severe |
Last Modified: | 30-JUN-2015 |
|
Known Affected Releases: | 6.0(2)U1(1) |
|
Known Fixed Releases: | 6.0(2)A1(2d), 6.0(2)U2(1), 6.0(2)U2(2Z), 6.0(2)U3(1) |
|
|
| |
| |
Bug Id: | CSCuu18724 |
Title: | N3k MTS memory leak caused snmpd process to crashes multiple times |
|
Description: | Symptom:
snmpd process crashes
2015 Apr 29 15:00:33.104 nttcom-tyo4 %$ VDC-1 %$ 29 15:00:32 %KERN-2-SYSTEM_MSG: [538326.904027] mts_is_q_space_available_haslock_old():2013: regular+fast mesg total = 46388, soft limit = 1024 - kernel
2015 Apr 29 15:00:33.106 nttcom-tyo4 %$ VDC-1 %$ 29 15:00:32 %KERN-2-SYSTEM_MSG: [538326.904034] mts_is_q_space_available_haslock_old(): NO SPACE - node=4, sap=27, uuid=26, pid=19086, sap_opt = 0x1, hdr_opt = 0x0, rq=46388(27966872), lq=0(0), pq=0(0), nq=0(0), sq=0(0), fast: rq=0, lq=0, pq=0, nq=0, sq=0 - kernel
2015 Apr 29 15:00:33.108 nttcom-tyo4 %$ VDC-1 %$ 29 15:00:32 %KERN-2-SYSTEM_MSG: [538326.904040] mts_print_longest_queue_state: opcode counts for first and last 50 messages in recv_q of sap 27: - kernel
2015 Apr 29 15:00:33.111 nttcom-tyo4 %$ VDC-1 %$ 29 15:00:32 %KERN-2-SYSTEM_MSG: [538326.904048] mts_print_msg_opcode_in_queue: opcode 2832 - 100 messages - kernel
2015 Apr 29 15:00:33.113 nttcom-tyo4 %$ VDC-1 %$ 29 15:00:32 %KERN-2-SYSTEM_MSG: [538326.904051] mts_do_msg_input() failing since no space available in 27 (src_sap = 27, opc = 325) - kernel
2015 Apr 29 15:00:52.241 nttcom-tyo4 %$ VDC-1 %$ 29 15:00:52 %KERN-2-SYSTEM_MSG: [538346.023794] [sap 27][pid 19086][comm:snmpd] QFULL drop notify posted - kernel
2015 Apr 29 15:00:52.244 nttcom-tyo4 %$ VDC-1 %$ 29 15:00:52 %KERN-2-SYSTEM_MSG: [538346.031952] [sap 27][pid 19086][comm:snmpd] sap recovering failed and so Killed - kernel
2015 Apr 29 15:00:53.034 nttcom-tyo4 %$ VDC-1 %$ %SYSMGR-2-SERVICE_CRASHED: Service "snmpd" (PID 19086) hasn't caught signal 6 (core will be saved).
2015 Apr 29 15:03:53.855 nttcom-tyo4 %$ VDC-1 %$ %SYSMGR-2-CORE_SAVE_FAILED: core_client_main: PID 24943 with message command /isan/bin/sysmgr_logmgr /var/sysmgr/tmp_logs 0 1>> /var/sysmgr/core_handling.log failed for srv , ret = 2 .
nttcom-tyo4#
Conditions:
normal operation
Workaround:
unknown at this point
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 30-JUN-2015 |
|
Known Affected Releases: | 6.0(2)U5(1) |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCut14215 |
Title: | Upon startup, N3K Sets CoPP Police PPS 0 for multiple class-maps |
|
Description: | Symptom:
PPS values for few or all class-maps are 0.
Conditions:
This is seen only if user gives ctrl+C when the setup is in progress during bootup. If user does not give ctrl+C, then this scenario will not occur
Workaround:
Run "setup" again from CLI explicitly and make sure that it runs to completion.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 30-JUN-2015 |
|
Known Affected Releases: | 6.0(2)U2(2) |
|
Known Fixed Releases: | 6.0(2)A6(1.115), 6.0(2)A6(2), 6.0(2)U6(0.115), 6.0(2)U6(1) |
|
|
| |
2013 Cisco and/or its affiliates. All rights reserved. 
没有评论:
发表评论