| |
Bug Id: | CSCue92286 |
Title: | C3KX-SM-10G accessible from non-priviliged mode w/ default credentials |
|
Description: | Symptom:
A vulnerability in the Service Module for Cisco Catalyst 3750X switches could allow an authenticated, local attacker to gain root access to the kernel running on the Service Module.
The vulnerability is due to default credentials on the Service Module. An attacker could exploit this vulnerability by logging in using the default credentials. An exploit could allow the attacker to take complete control of the operating system running on the Service Module.
Conditions:
None.
Workaround:
None.
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.8/5.6:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:L/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:OF/RC:C
CVE ID CVE-2013-5522 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 01-JUL-2015 |
|
Known Affected Releases: | 15.0(2)SE1 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuq11337 |
Title: | Fail to bundle l2protocol ports into channel |
|
Description: | Symptom:
May fail to bundle l2protocol tunnel ports into channel using mode on. Member port always stays suspended.
If the l2pro port on the master switch joined the channel group first, the port on the member switch stayed in "S" state as incompatible port.
Conditions:
l2pt port configuration under cross stack port-channel
Workaround:
Reload switch stack
or remove commands:
l2protocol-tunnel shutdown-threshold
l2protocol-tunnel drop-threshold
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 05-JUL-2015 |
|
Known Affected Releases: | 15.0(2)SE6, 15.2(2)E |
|
Known Fixed Releases: | 15.0(2)SE8, 15.2(2)E1, 15.2(3)E, 15.2(4.0)ST, 3.6(1)E, 3.7(0)E |
|
|
| |
| |
Bug Id: | CSCuc78173 |
Title: | 3750X-12S crashes with 15.0(2)SE CCO image |
|
Description: | Symptom:
3750X-12S is crashing with 15.0(2)SE image at boot-up time. Currently, this issue is seen intermittently and it is not consistently observed. Issue is not seen on other 3750-X SKU's
Many of this case is observed in the combination of C3750X-12S with 15.0(2)SE. But in a few cases, it is also observed in other C3750X or 15.0(1)SEx.
Conditions:
This issue occurs at boot-up and there is no specific configuration which cause this issue.
Workaround:
Right now, there is no work-around available.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 07-JUL-2015 |
|
Known Affected Releases: | 15.0(2.0.99)SE |
|
Known Fixed Releases: | 15.0(2)EJ, 15.0(2)EJ1, 15.0(2)EX, 15.0(2)EX1, 15.0(2)EX3, 15.0(2)EX4, 15.0(2)EX5, 15.0(2)EZ, 15.0(2)SE1, 15.0(2)SE2 |
|
|
| |
| |
Bug Id: | CSCum86316 |
Title: | %ENTROPY-0-ENTROPY_ERROR: Unable to collect sufficient entropy on bootup |
|
Description: | Symptom:
c2960s OR c3750x will print Below errors some times.
Mar 30 01:30:04.263: %ENTROPY-0-ENTROPY_ERROR: Unable to collect sufficient entropy
Mar 30 01:31:04.275: %ENTROPY-0-ENTROPY_ERROR: Unable to collect sufficient entropy
Mar 30 01:32:04.279: %ENTROPY-0-ENTROPY_ERROR: Unable to collect sufficient entropy
Mar 30 01:33:04.283: %ENTROPY-0-ENTROPY_ERROR: Unable to collect sufficient entropy
Mar 30 01:34:04.278: %ENTROPY-0-ENTROPY_ERROR: Unable to collect sufficient entropy
Mar 30 01:35:04.290: %ENTROPY-0-ENTROPY_ERROR: Unable to collect sufficient entropy
Conditions:
Happens only in the c3750x and c2960s which are using ACT1 base Entropy. Not seen in other models. This does not happen all always and on all the units. Happens only in some units.
Workaround:
None
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 09-JUL-2015 |
|
Known Affected Releases: | 15.4(2.2)T |
|
Known Fixed Releases: | 15.2(1.30)PSR, 15.2(2)E, 15.2(2.2.32)EA, 15.2(2b)E, 15.2(4.0)ST |
|
|
| |
| |
Bug Id: | CSCut84437 |
Title: | Ping failed after added "permit host XXX any" at MAC ACL |
|
Description: | Symptom:
Ping failed after added "permit host XXX any" at MAC ACL.
Conditions:
Adding "permit host XXX any" when "permit host XXX any 0x806 0x0" already exists.
Workaround:
For every vlan filter create a seperate acl filled with all arp permits that are required:
Create one permit arp ACE for every permit ACE in the other ACLs on the vlan fliter.
Attach the acl with arp ACEs on to the vlan filter.
e.g.,
if permit host XXX any is an 'ACE' in the vlan filter
Create a mac extended ACL Arp_Fix_Acl with
permit host XXX any 0x806 0x0
attach the Arp_Fix_Acl in the vlan filter.
Further Problem Description:
|
|
Status: | Terminated |
|
Severity: | 2 Severe |
Last Modified: | 10-JUL-2015 |
|
Known Affected Releases: | 15.0(2)SE6 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuu55421 |
Title: | Error - The FRULink 10G Service Module (C3KX-SM-10G) is not responding |
|
Description: | Symptom:
%PLATFORM_SM10G-3-NO_RESPONSE: The FRULink 10G Service Module (C3KX-SM-10G) is not responding.
Seen in the log after service policy is applied to a VLAN carried on an interface on the SM
Conditions:
C3KX-SM-10G installed in a 3750X
Switch#sh switch service-module
Switch/Stack supports service module CPU version: 03.00.78
Temperature CPU
Switch# H/W Status (CPU/FPGA) CPU Link Version
-----------------------------------------------------------------
2 OK 67C/63C notconnected 03.00.78
Workaround:
none
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 11-JUL-2015 |
|
Known Affected Releases: | 15.0(2)SE6 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCui41907 |
Title: | CTS C3KX-SM to N7K in LACP Link down after ~9 master switchover |
|
Description: | Symptom: After a master switchover in a 3750X stack C3KX-SM module port-channels to the neighboring N7K enter into "suspended" state on the N7K side. Interfaces remain suspended even after the original master switch returns to service. The link state is up/down in the 3750X switch. This happens intermittently after a lot of master switch overs.
Conditions: This issue is seen with C3KX-SM module interfaces configured in MACSEC CTS manual mode with SAP GCM Encrypt encapsulation.
Workaround: Shut/No Shut on the affected port.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 12-JUL-2015 |
|
Known Affected Releases: | 15.0(2)SE4 |
|
Known Fixed Releases: | 15.0(2)SE5, 15.0(2)SE6, 15.1(1)SY, 15.2(2)E, 15.2(2.2.70)ST, 15.2(2b)E, 15.2(4.0)ST, 15.4(1.14.11)PIH24, 15.4(1.16)S, 15.4(1.17)T |
|
|
| |
| |
Bug Id: | CSCuj68289 |
Title: | SGACL counters fail for authentication-server based SGT |
|
Description: | Symptom: Static SGACL permissions are not updated for authentication server assigned SGT.
Conditions: This symptom is seen with an authentication server assigned SGT.
Workaround: Use manual SGT or dynamic SGACL.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 12-JUL-2015 |
|
Known Affected Releases: | 15.2(2)E |
|
Known Fixed Releases: | 15.1(2)IC66.2, 15.2(1)IC273.56, 15.2(1)ICA4.30, 15.2(2)DB101.101, 15.2(2)DB101.112, 15.2(4.0)ST, 15.4(2.17)S0.6, 15.4(2.6)T, 15.4(3)M, 15.4(3)S |
|
|
| |
| |
Bug Id: | CSCur74702 |
Title: | Wrong SMI vStack group selected due to incorrect client MAC matched |
|
Description: | Symptom:
The SMI client loads the configuration from an incorrect vStack group, which breaks Zero Touch Deployment.
Conditions:
This is seen on SMI client switches that have MAC addresses that differ in the last byte only.
Workaround:
There is no workaround.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 13-JUL-2015 |
|
Known Affected Releases: | 15.2(2.0.0) |
|
Known Fixed Releases: | 15.2(2)E2, 15.2(3)E1, 15.2(4.0)ST, 3.6(2)E, 3.7(1)E |
|
|
| |
| |
Bug Id: | CSCuh97014 |
Title: | C3KX-SM-10G: remote port CTS link down after 3750X master reload |
|
Description: | Symptom:
If we reload 3750X/3560X stack Master , CTS link configured on CK3X-SM-10G port on member switch goes down (which was UP before the master reload)
Conditions:
3750X/3560X stack of atleast 3 switches , wherein
a Master Switch, alternate-Master ( i.e switch with next highets priority) and a member switch with CK3X-SM-10G module.
On the Member Switch , CTS is configured on CK3X-SM-10G port(s)
If we reload Master, alternate Master will be become new Master. After this, CTS link configured on one of the ports of CK3X-SM-10G installed on Member Switch goes down.
Workaround:
The CTS link can be restored (i.e brought UP) by doing a shut/no shut on the ports on the
SM module
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 14-JUL-2015 |
|
Known Affected Releases: | 15.0(2)SE2 |
|
Known Fixed Releases: | 15.0(2)SE5, 15.0(2)SE6, 15.2(1)E, 15.2(1)E1, 15.2(1)E2, 15.2(1)E3, 15.2(1)EY, 15.2(1.1)EY, 15.2(1.30)PSR, 15.2(2)E |
|
|
| |
| |
Bug Id: | CSCup55822 |
Title: | Delays in Convergence time during link-flap between VSS and 3750 |
|
Description: | Symptom:The convergence time ( measured using packet loss duration in IXNetwork) is higher than expected when links on the multi-chassis port-channel between VSS and 3750 access switches flap or failover.
Conditions:This convergence value (packet loss duration) is specifically high when the port-channel member port is coming up ( either using no shut command or during the link insert) on the member switch of 3750 stack
Workaround:The high convergence is taking because the switch is having 95 vlans from 1 to 94, 1699 when ever the link is no shut it programing all the vlans on the port in ascending order of vlan number. Since in this case vlan 1699 is used for sending traffic it takes more time as it vlan 1699 is programmed in the last. The work around is to use lesser numerical vlan number for sending senstive data where less convergence is required ie example. say vlan 14 so that the convergence time will be decreased as vlan 14 is programmed before vlan 1699
More Info:Convergence values during MEC link failover are specified in
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Campus/Borderless_Campus_Network_1-0/Borderless_Campus_1-0_Design_Guide/BN_Campus_Technologies.html#wp1247223
The value we observe in customer environment and our lab setup is not in accordance to the values specified in the document.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 14-JUL-2015 |
|
Known Affected Releases: | 15.1(1)SY2.1 |
|
Known Fixed Releases: | 15.0(2)EX7, 15.0(2)SE7, 15.1(2)SY4, 15.2(2)E1, 15.2(2.54)PSR, 15.2(2b)E, 15.2(3)E, 15.2(4.0)ST, 15.2(5.0)ST, 3.6(1)E |
|
|
| |
| |
Bug Id: | CSCuq67809 |
Title: | 3750x stack crashes with to big buffer allocated |
|
Description: | Symptom:
Stack is crashing with below message (process may differ):
Debug Exception (Could be NULL pointer difference) Exception (0x2000)!
Dec 16 09:24:28.023 EDT: %SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = MDFS Reload.
Conditions:
Logging buffer was configured as 200MB
'logging buffered 200000000'
Workaround:
Reduce login buffer.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 15-JUL-2015 |
|
Known Affected Releases: | 15.0(2)SE5 |
|
Known Fixed Releases: | 15.0(2)SE8, 15.2(2)E2, 15.2(3)E, 15.2(5.0)ST, 3.6(2)E, 3.7(0)E |
|
|
| |
| |
Bug Id: | CSCup68355 |
Title: | Stack members fail on Etherchannel ports in C3KX-SM-10G or downlinks. |
|
Description: | Symptom:
Stack members fail on Etherchannel ports in C3KX-SM-10G or downlinks.
Conditions:
The stack members fail in a scaled scenario when more ports are part of Etherchannel .
Workaround:
There is no workaround.
Further Problem Description:
In a scaled scenario, member switches of 5 members stack fails when more number of ports are a part of Etherchannel.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 15-JUL-2015 |
|
Known Affected Releases: | 15.2(2.0.0)E |
|
Known Fixed Releases: | 15.2(2)E1, 15.2(2.54)PSR, 15.2(3)E, 15.2(4.0)ST, 15.2(5.0)ST, 3.6(1)E, 3.7(0)E |
|
|
| |
| |
Bug Id: | CSCus23125 |
Title: | 3750x: MAC not learnt after removal of auth config |
|
Description: | Symptom:
IP Phone is connected to a port configured for mab & dot1x.
IP Phone authenticates through mab and gets an IP in voice vlan fine.
User defaults interface config and adds access vlan + voice vlan config.
Switch is unable to dynamically learn the mac address of the phone in voice vlan. Keeps on adding and deleting mac entry in data vlan.
ARP for phone remains incomplete on switch unless 3750X is reloaded.
Conditions:
NA
Workaround:
Remove and reconfigure voice vlan
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 15-JUL-2015 |
|
Known Affected Releases: | 15.2(1.1), 15.2(1.2), 15.2(1.3), 15.2(2.0.0), 15.2(2.1), 15.2(22.22), 15.2(3)E, 15.2(3.7.1), 15.2(3.7.2), 15.2(4.0.1) |
|
Known Fixed Releases: | 15.2(3)E1, 15.2(5.0)ST, 3.7(1)E |
|
|
| |
| |
Bug Id: | CSCuc95754 |
Title: | TestPortAsicCam POST failures |
|
Description: | PortASIC's TCAM test failure when on-demand diagnostics (through diagnostics start command) was executed.
Symptom:
PortASIC's TCAM test failure when on-demand diagnostics (through diagnostics start command) was executed.
Conditions:
This can happen in any of the versions 12.2(55), 12.2(58) or 15.0(2), with switches 3560-E, 3750-E
3560-X, 3750-X. This problem was initially known to happen in mixed stack of 24 port and 48 port switches in one specific case. In other reproducible cases, it happened randomly in standalone switches with walle uplink modules.
Workaround:
Results of on-demand diagnostics can be ignored if POST succeeds on bootup.
More Info:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 15-JUL-2015 |
|
Known Affected Releases: | 15.0(2)SE, 15.0(2.0.0) |
|
Known Fixed Releases: | 12.2(55)SE8, 12.2(55)SE9, 15.0(2)EJ, 15.0(2)EJ1, 15.0(2)SE3, 15.0(2)SE4, 15.0(2)SE5, 15.0(2)SE6, 15.2(1)E, 15.2(1)E1 |
|
|
| |
| |
Bug Id: | CSCud51802 |
Title: | REP on 3750-X errors: Virtual interface not working on slave |
|
Description: | Symptom:
Ping fail when the REP segment connecting to cat3750x with master switch as one primary edge, slave
switch interface as the other edge.
Conditions:
Affected software release: 15.0(2)SE, 15.0(2)SE1, 15.0(02)SE2.
Workaround:
none
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 15-JUL-2015 |
|
Known Affected Releases: | 15.2(1.1) |
|
Known Fixed Releases: | 15.0(2)EJ, 15.0(2)EJ1, 15.0(2)SE3, 15.0(2)SE4, 15.0(2)SE5, 15.0(2)SE6, 15.2(1)E, 15.2(1)E1, 15.2(1)E2, 15.2(1)E3 |
|
|
| |
| |
Bug Id: | CSCue97722 |
Title: | Port-security blocks all ingress/egress traffic |
|
Description: | Symptom:
Some ports with port-security configured in a stack of 3750x switches can block all traffic to this port. The mac will be learned static on the master, but the members will not have this mac in their own table.
D2035-01-DNR03-205-9.11#sh mac address-table | in 0010.7f07.4ede
213 0010.7f07.4ede STATIC Gi1/0/10
D2035-01-DNR03-205-9.11#ses
D2035-01-DNR03-205-9.11#session 1
D2035-01-DNR03-205-9.11-1#sh mac address-table | in 0010.7f07.4ede
D2035-01-DNR03-205-9.11-1#
Conditions:
Configure a port with 'switchport port-security' command.
Workaround:
Removed 'switchport port-security'
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 16-JUL-2015 |
|
Known Affected Releases: | 15.0(2)SE4 |
|
Known Fixed Releases: | 15.0(2)SE6, 15.0(2)SE7, 15.2(1.1)PSR, 15.2(2)E, 15.2(4.0)ST, 3.6(0)E |
|
|
| |
| |
Bug Id: | CSCuj36089 |
Title: | Packet loss during S,G creation |
|
Description: | Symptom:
In a topology where a 3750X acts as the multicast router and a receiver exists for a multicast group (*,G) prior to the source sending multicast traffic, some of the initial packets sent by the source may be lost. Once the (S,G) is programmed for the traffic sent by the source for the multicast group all subsequent multicast traffic reaches the receiver.
Conditions:
A topology where a 3750X acts as the multicast router and a receiver exists for a multicast group (*,G) prior to the source sending multicast traffic
Workaround:
No Workaround
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 16-JUL-2015 |
|
Known Affected Releases: | 15.0(2)SE2 |
|
Known Fixed Releases: | 15.0(2)SE6, 15.2(2)E, 15.2(2b)E, 15.2(4.0)ST |
|
|
| |
| |
Bug Id: | CSCuh95362 |
Title: | Phones on macro configured port unregister when PC wakes up from sleep |
|
Description: | Symptom:
Loosing voice vlan config from interface when PC comes back from sleep mode causing phones getting unregistered from call manager.
Conditions:
Switch:WS-C3750X-48PF-S
IOS:15.0(2)SE2
Issue happens when PC comes back from sleep mode.
Workaround:
use "no macro auto control trigger last-resort" on interface.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 16-JUL-2015 |
|
Known Affected Releases: | n/a |
|
Known Fixed Releases: | 15.0(2)SE5, 15.0(2)SE6, 15.2(1)E, 15.2(1)E1, 15.2(1)E2, 15.2(1)E3, 15.2(1)EY, 15.2(1.0.1)SR, 15.2(1.1)PSR, 15.2(2)E |
|
|
| |
| |
Bug Id: | CSCul02715 |
Title: | Shutting links in REP ring causes 3750-X stack member crash |
|
Description: | Symptom:
Repeated shut/no shut of the alternating ports in a 8 node REP ring causes the Cat3750x switch ( stack member with REP secondary edge port) crashes and reloads with the following error: Debug Exception (Could be NULL pointer dereference) Exception (0x2000)
Conditions:
Repeated shut/no shut of the alternating ports in a 8 node REP ring
Workaround:
None
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 16-JUL-2015 |
|
Known Affected Releases: | 15.0(2)SE5 |
|
Known Fixed Releases: | 15.0(2)SE6, 15.2(1.1)PSR, 15.2(2)E, 15.2(2b)E, 15.2(4.0)ST |
|
|
| |
| |
Bug Id: | CSCuu47539 |
Title: | Stack port becomes root port after reload on 3750X |
|
Description: | Symptom:
Stack port shows up as root port for some or all vlans after a reload.
Reload could be member or whole stack
Logs similar to below are see for the actual root port
Mar 30 04:51:47.128: %DTP-5-TRUNKPORTON: Port Gi4/1/1-Gi4/1/1 has become dot1q trunk (3750-stack-4)
Mar 30 04:51:47.439: %DTP-5-NONTRUNKPORTON: Port Gi4/1/1 has become non-trunk (3750-stack-4)
Mar 30 04:51:50.576: %LINK-3-UPDOWN: Interface GigabitEthernet4/1/1, changed state to up
Conditions:
The uplinks should be fiber connections configured as trunk
"switchport nonegotiate" should be configured on it
Workaround:
remove "switchport nonegotiate
Further Problem Description:
Issue is same as reported in CSCue03558.
But that bug was only fixed for 3750V2
The issue is being seen in 3750X as well
The test was done with 15.0(2)SE7
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 16-JUL-2015 |
|
Known Affected Releases: | 15.0(2)SE6 |
|
Known Fixed Releases: | 15.2(4.0)ST, 15.2(4.10.61)PI5 |
|
|
| |
| |
Bug Id: | CSCur43620 |
Title: | %PLATFORM_IPC-3-COMMON: Unknown IPC message type 65535 size 91 |
|
Description: | Release-Note
Symptom:
Description:
===========
Below traceback continuously thrown on5 member 3750x stack with 2 C3KX-NM-10G uplink module connected.
%PLATFORM_IPC-3-COMMON: Unknown IPC message type 65535 size 91 (3750X-4)
-Traceback= 65AE00z 2A74520z 2C44E6Cz 2C45B3Cz 2B40F94z 2B40F3Cz 2B46AE8z 2B46B84z 2B41044z 2FD87FCz 2FD87DCz 2FD682Cz (3750X-4)
%PLATFORM_IPC-3-COMMON: Unknown IPC message type 65535 size 91
-Traceback= 65AE00z 2A74520z 2C44E6Cz 2C45B3Cz 2B40F94z 2B40F3Cz 2B46AE8z 2B46B84z 2B41044z 2C05AA8z 2C05A84z 2AF36BCz 2A90C04z 2FDC720z 2FD8AA0z
%PLATFORM_IPC-3-COMMON: Unknown IPC message type 65535 size 91 (3750X-4)
-Traceback= 65AE00z 2A74520z 2C44E6Cz 2C45B3Cz 2B40F94z 2B40F3Cz 2B46AE8z 2B46B84z 2B41044z 32006F0z 2B5DDD0z 2FDC720z 2FD8AA0z (3750X-4
Conditions:
Continuous message is shown when C3KX-NM-10G module is connected to 3750X stack.
Workaround:
Remove the C3KX-NM-10G uplink module.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 16-JUL-2015 |
|
Known Affected Releases: | 15.2(2.4.61)E1 |
|
Known Fixed Releases: | 15.2(2)E1, 15.2(3)E, 15.2(3)E1, 15.2(3.1)BSR, 15.2(4.0)ST, 3.6(1)E, 3.7(0)E, 3.7(1)E |
|
|
| |
| |
Bug Id: | CSCun01172 |
Title: | kSlow CLI response when configuring 3750X stacked switches |
|
Description: | Symptom:
Delayed or slow response while in config mode when config context changes during initial configuration.
Conditions:
Stacked Cat 3K switches, when config context levels change and all neighbor switches are having to be updated. Affected commands which have been observed are vlan and interface range (on first config of device).
Workaround:
The delayed Cli response will not occur when we configuring the vtp domain name.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 16-JUL-2015 |
|
Known Affected Releases: | 15.0(2.0.0) |
|
Known Fixed Releases: | 15.0(2)SE7, 15.2(2)E1, 15.2(2.54)PSR, 15.2(2b)E, 15.2(3)E, 15.2(4.0)ST, 3.6(1)E, 3.7(0)E |
|
|
| |
| |
Bug Id: | CSCup79358 |
Title: | C3KX-SM-10G doesn't pass through any packets after reloading switch |
|
Description: | Symptom:
After reloading switch, port on C3KX-SM-10G doesn't transmit/receive
any packets although the link status is up/up.
Conditions:
- 15.2(1)E, E1, E2, E3, and 15.2(2)E is running
- not always occur after reloading switch
- not depend on SFP type
- not depend on specific configuration
- receive counter of the port never increment
This condition may recover by reloading C3KX-SM-10G.
(but the same behavior may be seen after that)
Workaround:
Enabling macsec on the interfaces
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 16-JUL-2015 |
|
Known Affected Releases: | 15.2(2)E |
|
Known Fixed Releases: | 15.0(2)EJ, 15.0(2)EJ1, 15.0(2)SE3, 15.0(2)SE4, 15.0(2)SE5, 15.0(2)SE6, 15.2(1)E, 15.2(2)E1, 15.2(2.54)PSR, 15.2(2b)E |
|
|
| |
| |
Bug Id: | CSCur17365 |
Title: | 15.2(2)E:CSCup68355 verification errdisabled pagp-flap b/w 3750x & 2960s |
|
Description: | Symptom:
ports in port channel go to error disabled state due to pagp flap.
Conditions:
during formation of lacp portchannel bundling the ports go to the error disabled state when switch is having more number of stack members say 5.
Workaround:
do shut and no shut on the physical interfaces which are error disabled so that It will recover and come to up state and will be part of port channel
Further Problem Description:
During formation of lacp portchannel bundling the ports go to the error disabled state when switch is having more number of stack members.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 16-JUL-2015 |
|
Known Affected Releases: | 15.2(2.4.54)E1 |
|
Known Fixed Releases: | 15.2(2)E2, 15.2(3)E1, 15.2(4.0)ST, 15.2(5.0)ST, 3.6(2)E, 3.7(1)E |
|
|
| |
| |
Bug Id: | CSCui65252 |
Title: | ARP packets processing stops when DAI is enabled over Port-Channel |
|
Description: | Symptom:
Enabling DAI with Port-Channel breaks ARP processing
DHCP snooping on port-channel breaks.
Conditions:
1. Configure the required for DAI, DHCP snooping
2. Setup an DHCP server
3. Setup an Cross-Stack Port-Channel between DHCP and Access switch
4. Enable arp inspection for the client vlan
5. Bring up the Client interface
6. Client would be able to get an ip address, binding added to snooping table
Run a continous ping from client
7. From the client side clear the arp binding (arp -d) was used
8. Once the ARP cache was cleared from client; client traffic drops
9. Binding table still holds the entry for the client
10.Tried Release / Renew, works fine client can renew ip address still traffic drops
11.Disable "ip arp inspection" for the client vlan - traffic resumes
12.Enable ip arp inspection again ; traffic drops
Workaround:
When a direct link is used between Access and DHCP issue is not seen.
Further Problem Description:
The issue is seen only with port-channels.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 17-JUL-2015 |
|
Known Affected Releases: | 12.2(55)SE8, 15.0(2)SE4, 15.0(2)SE5, 15.2(1)E |
|
Known Fixed Releases: | 12.2(55)SE9, 15.0(2)SE5, 15.0(2)SE6, 15.2(1)E1, 15.2(1)E2, 15.2(1)E3, 15.2(2)E, 15.2(2b)E, 15.2(4.0)ST |
|
|
| |
| |
Bug Id: | CSCub73201 |
Title: | Catalyst 3560X, 3750X, XPS-2200 failures after an uptime of < 1 month |
|
Description: | Symptom:
When the affected part fails there will be no console output and all system
LEDs will be OFF except the power supply LED.
Once the system has failed, a power cycle or swapping power supplies will not
recover the switch.
In rare cases burn marks and/or smoke may be produced. This type of failure has
been evaluated by the Cisco Safety team and it has been concluded that there is
no safety risk.
Conditions:
Recently installed and up for less than a month.
Workaround:
None. Please contact the Cisco TAC.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 17-JUL-2015 |
|
Known Affected Releases: | 12.2(0)S |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCud01798 |
Title: | "FRU Power Supply is not responding" was seen unexpectedly |
|
Description: | Symptom:
"FRU Power Supply is not responding" message seen on 3560X/3750X intermittently.
Issue may happen with one or two Power Supply Unit.
Conditions:
3560X/3750X is running IOS 15.0(2)SE.
Workaround:
The power supply is operating normally.
Upgrade to 15.0(2)SE2 or later to resolve this issue.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 20-JUL-2015 |
|
Known Affected Releases: | 15.0(2.0.80)SE, 15.0(9.8)EMP |
|
Known Fixed Releases: | 12.2(55)SE10, 15.0(2)EJ, 15.0(2)EJ1, 15.0(2)EZ, 15.0(2)SE2, 15.0(2)SE3, 15.0(2)SE4, 15.0(2)SE5, 15.0(2)SE6, 15.2(1)E |
|
|
| |
| |
Bug Id: | CSCur07371 |
Title: | CPU queue wedge on 3750x |
|
Description: | Symptom:
A CPU queue wedge has been identified on the 3750X.
Conditions:
This defect has been seen soon after upgrading all 3750X stacks to 15.2(2)E. After an arbitrary amount of time, the switch begins to show the following syslog message
%SUPQ-4-CPUHB_RECV_STARVE: Still seeing receive queue stuck after throttling (124A3701-3)
The stack may become inaccessible.
Workaround:
The only known resolve is to reload the switch stack.
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 1 Catastrophic |
Last Modified: | 21-JUL-2015 |
|
Known Affected Releases: | 15.2(2)E |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCur94665 |
Title: | Switch crashes with multicast routing enabled when TCN timer expires. |
|
Description: | Symptom:
When the TCN timer expires, the switch with multicast routing enabled crashes.
Conditions:
The issue is seen on the switch running 15.0(2)SE6.
Workaround:
The workaround is to disable Spanning tree in all the VLANs to avoid STP TCN.
Further Problem Description:
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 24-JUL-2015 |
|
Known Affected Releases: | 15.0(2)SE6 |
|
Known Fixed Releases: | 15.0(2)SE8, 15.2(2)E2, 15.2(3)E1, 15.2(5.0)ST, 3.6(2)E, 3.7(1)E |
|
|
| |
| |
Bug Id: | CSCto10165 |
Title: | Smart Install Crashes with certain IP Packets |
|
Description: | Summary
A vulnerability exists in the Smart Install feature of Cisco Catalyst Switches running Cisco IOS Software that could allow an unauthenticated,
remote attacker to perform remote code execution on the affected device.
Cisco has released free software updates that address this vulnerability.
There are no workarounds available to mitigate this vulnerability other than disabling the Smart Install feature.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110928-smart-install.shtml.
|
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Last Modified: | 26-JUL-2015 |
|
Known Affected Releases: | 12.2(55)SE, 12.2(58)SE |
|
Known Fixed Releases: | 12.2(55)EX3, 12.2(55)SE3, 12.2(55)SE4, 12.2(55)SE5, 12.2(55)SE6, 12.2(55)SE7, 12.2(55)SE8, 12.2(55)SE9, 12.2(58)EY, 12.2(58)EZ |
|
|
| |
| |
Bug Id: | CSCti21077 |
Title: | PoE Issue on 3750X - Standalone & Stacked Configuration |
|
Description: | Symptom:
No PoE supplied when new phones added to 3750X switches in stand alone/stacked
configuration after a period of time. Also tracebacks similar to the following
are seen in the logs,
FRNTEND_CTRLR-2-SUB_INACTIVE: The front end controller 2
is inactive
-Traceback= 1D12690 1D12A60 1EE7068 1EDDAD8
%FRNTEND_CTRLR-2-SUB_INACTIVE: The front end controller 0
Conditions:
Seen on 3750-X and 3560-X switches using a C3KX-NM-10G Network module that has
a 10G SR Agilent/Avago SFP+ (Cisco PID: SFP-10G-SR VID 02 or earlier) inserted
into at least one
of the two SFP+ slots. The affected Agilent/Avago SFP+ serial numbers begin
with the following prefixes,
AGA, AGM, AGC, AGS, AVG
Side effect of bug CSCti61764.
Workaround:
The issue is fixed in software beginning 12.2(55)SE1.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 28-JUL-2015 |
|
Known Affected Releases: | 12.2(55)SE |
|
Known Fixed Releases: | 12.2(55)SE1, 12.2(55)SE2, 12.2(55)SE3, 12.2(55)SE4, 12.2(55)SE5, 12.2(55)SE6, 12.2(55)SE7, 12.2(55)SE8, 12.2(55)SE9, 12.2(58)EZ |
|
|
| |
| |
Bug Id: | CSCti61764 |
Title: | 3750X: Constant High CPU 99% with hulc LED process usage 60-70% |
|
Description: | Symptom:
Catalyst 3750X switch may report CPU usage more than 90%, due to "hulc LED"
and "SFF8472" processes.
Conditions:
Seen on 3750-X and 3560-X switches using a C3KX-NM-10G Network module that
has a 10G SR Agilent/Avago SFP+ (Cisco PID: SFP-10G-SR VID 02 or earlier)
inserted into at least one of the two SFP+ slots. The affected Agilent/Avago
SFP+ serial numbers begin with the following prefixes,
AGA, AGD,AGM, AGC, AGS, AVG
Sample CPU outputs:
3750X_A#show process cpu | ex 0.00
CPU utilization for five seconds: 92%/0%; one minute: 92%; five minutes: 92%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
50 49556124 516496 95946 15.55% 11.86% 11.92% 0 SFF8472
153 192375642 15029102 12800 67.52% 67.91% 67.63% 0 Hulc LED Process
Workaround:
The issue is fixed in 12.2(55)SE1 release and later.
Further Problem Description:
If the switch/stack experience PoE issues as a side effect, refer to bug CSCti21077
|
|
Status: | Other |
|
Severity: | 2 Severe |
Last Modified: | 28-JUL-2015 |
|
Known Affected Releases: | 12.2(55)SE |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCum75450 |
Title: | CPUHB_RECV_STARVE when acl log configured in stack |
|
Description: | Symptom:
With following message, switch performance may be slow,
sometimes switch gets hang and not recovered until power cycling.
%SUPQ-4-CPUHB_RECV_STARVE: Still seeing receive queue stuck after throttling
Following messages may also be observed when problem happens.
%PLATFORM_RPC-3-MSG_THROTTLED: RPC Msg Dropped by throttle mechanism
%XDR-6-XDRIPCNOTIFY: Message not sent to slot X because of IPC error timeout. Disabling linecard. (Expected during linecard OIR)
Conditions:
Catalyst 3750X in stack configuration running 12.2(58)SE or later including 15.0SE releases and 15.2E releases.
log keyword is configured in access-list and traffic go through the member switches hit access-list that log keyword is configured.
Workaround:
Configuring longer logging interval may be the workaround for this problem.
For example,
ip access-list logging interval
Risk for this workaround is packet count that hit the access-list might be inaccurate because logging process is involved with every logging interval.
To recover the switch when problem is happening, you need to power cycling the switch.
Further Problem Description:
Note that this problem does not happen in 12.2(55)SE releases.
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 28-JUL-2015 |
|
Known Affected Releases: | 15.0(2)SE2, 15.2(1)E |
|
Known Fixed Releases: | 15.0(2)SE7, 15.2(1.30)PSR, 15.2(2)E, 15.2(2b)E, 15.2(4.0)ST, 15.2(5.0)ST, 3.6(0)E |
|
|
| |
| |
Bug Id: | CSCup71602 |
Title: | C3KX-SM-10G shows NOTCONNECTED status when inserted |
|
Description: | Symptom:
C3KX-SM-10G cannot be recognized but shows NOTCONNECTED status while show inventory is reflecting it.
Conditions:
with C3KX-SM-10G inserted
Workaround:
set "FRU_VERSION_CHECK=NO", "show switch service-module" is reflecting as CONNECTED
Further Problem Description:
"test axiom show" is reflecting
....
Hello link status..............DOWN
Hello state....................0
...
FPGA version...................00001900
Cavium sw version..............not received
IOS axiom version..............03.00.71
..
|
|
Status: | Terminated |
|
Severity: | 2 Severe |
Last Modified: | 29-JUL-2015 |
|
Known Affected Releases: | 15.0(2)SE6 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuu85115 |
Title: | 3750x 4500 Master crashed with Flexible Netflow enabled |
|
Description: | Symptom:
A Catalyst 4500 in VSS mode or a 3750x stack may reload
Conditions:
Flexible Netflow is enabled
Workaround:
None at this time
Further Problem Description:
|
|
Status: | Terminated |
|
Severity: | 2 Severe |
Last Modified: | 29-JUL-2015 |
|
Known Affected Releases: | 15.2(2.5.17)E3 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCuv53430 |
Title: | inconsistent vlan bpdu received on uplink l3 switch |
|
Description: | Symptom:
long ping timeout from PC to uplink 3750X vitural ip and saw below error messages
detected on uplink L3 switch when interface gi1/x/x connectiong to HSRP-Active switch
link up back.
-----------------------------------------------------------------
%SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id xx on GigabitEthernet1/0/20 VLANxx.
%SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet1/0/xx on VLANxx. Inconsistent peer vlan.
%SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet1/0/xx on VLANxx. Inconsistent local vlan.
-----------------------------------------------------------------
WS-C3750X-48P-L(HSRP-A)gi1/0/x------gi1/x/x WS-C3750X-48P-L(Stack)
Gi1/0/x gi1/0/x
| Port-channel |
Gi1/0/x gi1/0/x
WS-C3750X-48P-L(HSRP-S)gi1/0/x------gi2/x/x WS-C3750X-48P-L(Stack)gi1/0/x---PC
----------------------------------------------------------------
Conditions:
gi1/x/x on Stack link down/up by cable OIR or shut/no shut the connecting interface
on uplink side.
Workaround:
None
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 30-JUL-2015 |
|
Known Affected Releases: | 15.0(2)SE6 |
|
Known Fixed Releases: | |
|
|
| |
| |
Bug Id: | CSCtq51049 |
Title: | Unable to console from member SW with access-class applied in 12.2(58) |
|
Description: | Symptom:
Unable to console into member switch when an ACL is applied to the VTY lines.
Conditions:
WS-C3750X-48T-S running c3750e-universalk9-mz.122-58.SE.bin
This issue occurs in all versions of 12.2(58) due to changes made in the stacking code.
Workaround:
- Not seen with 12.2(55)SE1
- When applying an acl to the vty lines "line vty 0 4" and "line vty 5 15"; please follow the following procedure.
1. Create the vty acl and permit the 127 network;
2. Append the "vrf-also" keyword to the configured access-class inbound.
Example:
ip access-list standard vty-acl
permit 127.0.0.0 0.0.0.255
line vty 0 4
access-class vty-acl in vrf-also
privilege level 15
length 0
transport input ssh
line vty 5 15
access-class vty-acl in vrf-also
privilege level 15
transport input ssh
|
|
Status: | Fixed |
|
Severity: | 2 Severe |
Last Modified: | 30-JUL-2015 |
|
Known Affected Releases: | 12.2(58)SE |
|
Known Fixed Releases: | 15.0(2)EA, 15.0(2)EB, 15.0(2)EC, 15.0(2)ED, 15.0(2)EH, 15.0(2)EJ, 15.0(2)EJ1, 15.0(2)EK, 15.0(2)EK1, 15.0(2)EX |
|
|
| |
| |
Bug Id: | CSCuv03089 |
Title: | Switch crashes removing IPv6 raguard |
|
Description: | Symptom:
The switch crashes trying to free a bad chunk of memory. Additionally, this crash may lead to the switch hanging and not reloading. This is caused by the switch trying to write the crashinfo file. If "no exception crashinfo" is configured, the switch will dump a stack trace to the console, and then reload.
Conditions:
This occurs if a switchport has the following configured on it:
ipv6 nd raguard
And the switchport's configuration is defaulted (e.g., default int gi1/0/1) or the config for ipv6 nd raguard is removed.
Workaround:
Shutdown the port first prior to removing raguard.
Further Problem Description:
|
|
Status: | Open |
|
Severity: | 2 Severe |
Last Modified: | 30-JUL-2015 |
|
Known Affected Releases: | 15.0(2)SE |
|
Known Fixed Releases: | |
|
|
| |
2013 Cisco and/or its affiliates. All rights reserved. 
没有评论:
发表评论