| | | |
Software Updates for Nexus 3000 Series Switches
Product Name: | Nexus 3164Q Switch | Software Type: | NX-OS EPLD Updates | Release Version: | 6.1(2)I3(4b)
| |
| |
Alert Type: | New File | File Name: | n9000-epld.6.1.2.I3.4b.img | File Description: | Nexus 9000 Standalone switch EPLD Image for 6.1(2)I3(4b) | File Release Date: | 02-JUL-2015 | | | | |
Software Updates for Nexus 3000 Series Switches
Product Name: | Nexus 3048 Switch | Software Type: | Data Center Network Manager | Release Version: | 7.2(1)
| |
| |
Alert Type: | New File | File Name: | dcnm-silent-installer-properties.7.2.1.zip | File Description: | DCNM 7.2.1 Silent Installer Property Files | File Release Date: | 06-JUL-2015 | | | | | Alert Type: | New File | File Name: | dcnm-va.7.2.1.ova | File Description: | DCNM 7.2.1 Open Virtual Appliance for VMWare | File Release Date: | 06-JUL-2015 | | | | | Alert Type: | New File | File Name: | dcnm-installer-x64-linux.7.2.1.bin | File Description: | DCNM 7.2.1 Installer for Linux (64-bit) | File Release Date: | 06-JUL-2015 | | | | | Alert Type: | New File | File Name: | dcnm-installer-x64-windows.7.2.1.exe | File Description: | DCNM 7.2.1 Installer for Windows (64-bit) | File Release Date: | 06-JUL-2015 | | | | | Alert Type: | New File | File Name: | dcnm-va.7.2.1.iso | File Description: | DCNM 7.2.1 ISO Virtual Appliance for VMWare, KVM and Bare-metal servers | File Release Date: | 06-JUL-2015 | | | | | Alert Type: | New File | File Name: | dcnm-va-templates.7.2.1.zip | File Description: | DCNM 7.2.1 Virtual Appliance templates for VMWare (.ovf) and KVM (domain XMLs) environments | File Release Date: | 06-JUL-2015 | | | | | Alert Type: | New File | File Name: | dcnm-san-client.7.2.1.zip | File Description: | DCNM 7.2.1 San Client Package | File Release Date: | 06-JUL-2015 | | | | |
Software Updates for Nexus 3000 Series Switches
Product Name: | Nexus 3548 Switch | Software Type: | Data Center Network Manager | Release Version: | 7.2(1)
| |
| |
Alert Type: | New File | File Name: | dcnm-installer-x64-windows.7.2.1.exe | File Description: | DCNM 7.2.1 Installer for Windows (64-bit) | File Release Date: | 06-JUL-2015 | | | | | Alert Type: | New File | File Name: | dcnm-installer-x64-linux.7.2.1.bin | File Description: | DCNM 7.2.1 Installer for Linux (64-bit) | File Release Date: | 06-JUL-2015 | | | | | Alert Type: | New File | File Name: | dcnm-va-templates.7.2.1.zip | File Description: | DCNM 7.2.1 Virtual Appliance templates for VMWare (.ovf) and KVM (domain XMLs) environments | File Release Date: | 06-JUL-2015 | | | | | Alert Type: | New File | File Name: | dcnm-va.7.2.1.ova | File Description: | DCNM 7.2.1 Open Virtual Appliance for VMWare | File Release Date: | 06-JUL-2015 | | | | | Alert Type: | New File | File Name: | dcnm-va.7.2.1.iso | File Description: | DCNM 7.2.1 ISO Virtual Appliance for VMWare, KVM and Bare-metal servers | File Release Date: | 06-JUL-2015 | | | | | Alert Type: | New File | File Name: | dcnm-san-client.7.2.1.zip | File Description: | DCNM 7.2.1 San Client Package | File Release Date: | 06-JUL-2015 | | | | | Alert Type: | New File | File Name: | dcnm-silent-installer-properties.7.2.1.zip | File Description: | DCNM 7.2.1 Silent Installer Property Files | File Release Date: | 06-JUL-2015 | | | | |
Software Updates for Nexus 3000 Series Switches
Product Name: | Nexus 3064 Switch | Software Type: | Data Center Network Manager | Release Version: | 7.2(1)
| |
| |
Alert Type: | New File | File Name: | dcnm-va.7.2.1.ova | File Description: | DCNM 7.2.1 Open Virtual Appliance for VMWare | File Release Date: | 06-JUL-2015 | | | | | Alert Type: | New File | File Name: | dcnm-va-templates.7.2.1.zip | File Description: | DCNM 7.2.1 Virtual Appliance templates for VMWare (.ovf) and KVM (domain XMLs) environments | File Release Date: | 06-JUL-2015 | | | | | Alert Type: | New File | File Name: | dcnm-san-client.7.2.1.zip | File Description: | DCNM 7.2.1 San Client Package | File Release Date: | 06-JUL-2015 | | | | | Alert Type: | New File | File Name: | dcnm-va.7.2.1.iso | File Description: | DCNM 7.2.1 ISO Virtual Appliance for VMWare, KVM and Bare-metal servers | File Release Date: | 06-JUL-2015 | | | | | Alert Type: | New File | File Name: | dcnm-installer-x64-windows.7.2.1.exe | File Description: | DCNM 7.2.1 Installer for Windows (64-bit) | File Release Date: | 06-JUL-2015 | | | | | Alert Type: | New File | File Name: | dcnm-silent-installer-properties.7.2.1.zip | File Description: | DCNM 7.2.1 Silent Installer Property Files | File Release Date: | 06-JUL-2015 | | | | | Alert Type: | New File | File Name: | dcnm-installer-x64-linux.7.2.1.bin | File Description: | DCNM 7.2.1 Installer for Linux (64-bit) | File Release Date: | 06-JUL-2015 | | | | |
Software Updates for Nexus 3000 Series Switches
Product Name: | Nexus 3548 Switch | Software Type: | NX-OS System Software | Release Version: | 6.0(2)A6(3)
| |
| |
Alert Type: | New File | File Name: | n3500-uk9.6.0.2.A6.3.bin | File Description: | Nexus 3500 Release 6.0(2)A6(3) System Image | File Release Date: | 02-JUL-2015 | | | | |
Software Updates for Nexus 3000 Series Switches
Product Name: | Nexus 3548 Switch | Software Type: | NX-OS Kick Start | Release Version: | 6.0(2)A6(3)
| |
| |
Alert Type: | New File | File Name: | poap_script.6.0.2.A6.3.py | File Description: | Nexus 3500 Release 6.0(2)A6(3) Python Reference script for PowerOn Auto Provisioning (POAP) | File Release Date: | 02-JUL-2015 | | | | | Alert Type: | New File | File Name: | n3500-uk9-kickstart.6.0.2.A6.3.bin | File Description: | Nexus 3500 Release 6.0(2)A6(3) Kickstart Image | File Release Date: | 02-JUL-2015 | | | | | Alert Type: | New File | File Name: | poap_script.6.0.2.A6.3.tcl | File Description: | Nexus 3500 Release 6.0(2)A6(3) TCL Reference script for PowerOn Auto Provisioning (POAP) | File Release Date: | 02-JUL-2015 | | | | |
Software Updates for Nexus 3000 Series Switches
Product Name: | Nexus 3064-T Switch | Software Type: | Data Center Network Manager | Release Version: | 7.2(1)
| |
| |
Alert Type: | New File | File Name: | dcnm-installer-x64-linux.7.2.1.bin | File Description: | DCNM 7.2.1 Installer for Linux (64-bit) | File Release Date: | 06-JUL-2015 | | | | | Alert Type: | New File | File Name: | dcnm-va.7.2.1.iso | File Description: | DCNM 7.2.1 ISO Virtual Appliance for VMWare, KVM and Bare-metal servers | File Release Date: | 06-JUL-2015 | | | | | Alert Type: | New File | File Name: | dcnm-installer-x64-windows.7.2.1.exe | File Description: | DCNM 7.2.1 Installer for Windows (64-bit) | File Release Date: | 06-JUL-2015 | | | | | Alert Type: | New File | File Name: | dcnm-silent-installer-properties.7.2.1.zip | File Description: | DCNM 7.2.1 Silent Installer Property Files | File Release Date: | 06-JUL-2015 | | | | | Alert Type: | New File | File Name: | dcnm-san-client.7.2.1.zip | File Description: | DCNM 7.2.1 San Client Package | File Release Date: | 06-JUL-2015 | | | | | Alert Type: | New File | File Name: | dcnm-va-templates.7.2.1.zip | File Description: | DCNM 7.2.1 Virtual Appliance templates for VMWare (.ovf) and KVM (domain XMLs) environments | File Release Date: | 06-JUL-2015 | | | | | Alert Type: | New File | File Name: | dcnm-va.7.2.1.ova | File Description: | DCNM 7.2.1 Open Virtual Appliance for VMWare | File Release Date: | 06-JUL-2015 | | | | |
Software Updates for Nexus 3000 Series Switches
Product Name: | Nexus 3164Q Switch | Software Type: | NX-OS Software Maintenance Upgrades (SMU) | Release Version: | 7.0(3)I1(1b)
| |
| |
Software Updates for Nexus 3000 Series Switches
Product Name: | Nexus 3016 Switch | Software Type: | Data Center Network Manager | Release Version: | 7.2(1)
| |
| |
Alert Type: | New File | File Name: | dcnm-installer-x64-linux.7.2.1.bin | File Description: | DCNM 7.2.1 Installer for Linux (64-bit) | File Release Date: | 06-JUL-2015 | | | | | Alert Type: | New File | File Name: | dcnm-silent-installer-properties.7.2.1.zip | File Description: | DCNM 7.2.1 Silent Installer Property Files | File Release Date: | 06-JUL-2015 | | | | | Alert Type: | New File | File Name: | dcnm-san-client.7.2.1.zip | File Description: | DCNM 7.2.1 San Client Package | File Release Date: | 06-JUL-2015 | | | | | Alert Type: | New File | File Name: | dcnm-installer-x64-windows.7.2.1.exe | File Description: | DCNM 7.2.1 Installer for Windows (64-bit) | File Release Date: | 06-JUL-2015 | | | | | Alert Type: | New File | File Name: | dcnm-va.7.2.1.iso | File Description: | DCNM 7.2.1 ISO Virtual Appliance for VMWare, KVM and Bare-metal servers | File Release Date: | 06-JUL-2015 | | | | | Alert Type: | New File | File Name: | dcnm-va.7.2.1.ova | File Description: | DCNM 7.2.1 Open Virtual Appliance for VMWare | File Release Date: | 06-JUL-2015 | | | | | Alert Type: | New File | File Name: | dcnm-va-templates.7.2.1.zip | File Description: | DCNM 7.2.1 Virtual Appliance templates for VMWare (.ovf) and KVM (domain XMLs) environments | File Release Date: | 06-JUL-2015 | | | | |
Software Updates for Nexus 3000 Series Switches
Product Name: | Nexus 3164Q Switch | Software Type: | NX-OS System Software | Release Version: | 6.1(2)I3(4b)
| |
| |
Alert Type: | New File | File Name: | n9000-dk9.6.1.2.I3.4b.bin | File Description: | Cisco Nexus 9000 Standalone Switch | File Release Date: | 02-JUL-2015 | | | | |
Known Bugs - Nexus 3000 Series Switches
| | Bug Id: | CSCtx66070 | Title: | CDP crashes when receiving malformed packet | |
Description: | Symptom:
Cisco Nexus 1000, 3000, 4000, 5000, and 7000 switches as well as Cisco Unified Computing System Fabric Interconnect devices may restart after receiving malformed Cisco Discovery Protocol (CDP) Packets. An adjacent attacker, with the ability to submit malformed CDP traffic to an affected device could cause a denial of service condition while the device reloads or fails over to a redundant Supervisor card if so equipped.
Conditions:
Cisco Nexus Switches running an affected version of NX-OS.
Cisco Unified Computing System, Fabric Interconnect devices running an affected version of UCS Software.
Workaround:
Disable CDP on the affecte device, the CDP protocol is enabled by default.
NX-OS:
no cdp enable
UCS:
Add the 'disable cdp' command to all Network Control Policies
Further Problem Description:
This issue was identified through internal hardening efforts on the NX-OS platform.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.1/5:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:A/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
CVE ID CVE-2012-1322 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 01-JUL-2015 | |
Known Affected Releases: | 5.0(3)U2(1), 5.0(3)U4(1) | |
Known Fixed Releases: | 5.0(3)U3(1) | |
|
| | | | Bug Id: | CSCuc19569 | Title: | RADIUS insufficient attribute length check | |
Description: | Symptoms:
Cisco NXOS contains a vulnerability in the RADIUS authentication code.
Conditions:
Malformed packets are returned from a RADIUS authentication server.
Workaround:
None.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4.3/3.6:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C
CVE ID CVE-2012-6377 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 01-JUL-2015 | |
Known Affected Releases: | 5.0(3)U2(2c) | |
Known Fixed Releases: | 6.0(2)A1(1), 6.0(2)U1(1) | |
|
| | | | Bug Id: | CSCua68258 | Title: | SYSRET 64-bit operating system privilege escalation | |
Description: | Symptoms:
On June 12, 2012, US CERT published VU 649219 addressing a local privilege escalation vulnerability in several 64-bit operating systems and virtualization software running on Intel CPU hardware. The vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape.
Link to VU: http://www.kb.cert.org/vuls/id/649219
Intel claims that this vulnerability is a software implementation issue, as their processors are functioning as per their documented specifications. However, software that fails to take the Intel-specific SYSRET behavior into account may be vulnerable.
CVE-2012-0217 and CVE-2006-0744 have been issued to document this issue in the industry.
This bug has been filed to investigate and track this issue in this product.
Conditions:
This issue has not been confirmed to be exploitable in this product. However, this is a locally exploitable vulnerability and a valid user must be authenticated before he/she can exploit this issue.
Workaround:
None.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.6/6.3:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:L/AC:M/Au:S/C:C/I:C/A:C/E:F/RL:U/RC:C
CVE IDs CVE-2012-0217 and CVE-2006-0744 havebeen assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
| |
Status: | Terminated | |
Severity: | 2 Severe | Last Modified: | 01-JUL-2015 | |
Known Affected Releases: | 9.5(1)N1(7.8) | |
Known Fixed Releases: | | |
|
| | | | Bug Id: | CSCue43983 | Title: | N3K not classifying PIM-REG under CoPP | |
Description: | <B>Symptom:</B>
High CPU on Nexus 3000 due to unicast PIM_REG messages being incorrectly classified under the
CoPP policy.
class-map copp-s-routingProto1 (match-any)
match access-grp name copp-system-acl-routingproto1
match access-grp name copp-system-acl-v6routingproto1
police pps 1000
OutPackets 28067449
DropPackets 29883650
class-map copp-s-pimreg (match-any)
match access-grp name copp-system-acl-pimreg
police pps 200
OutPackets 0
DropPackets 0
class-map copp-s-pimautorp (match-any)
police pps 200
OutPackets 0
DropPackets 0
<B>Workaround:</B>
Ideally the RP should send a register stop and stop he PIM-REG process. For any reason if RP has
been mis-configured you can use a VACL to drop these PIM-REG packets in hardware.
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 01-JUL-2015 | |
Known Affected Releases: | 5.0(3)U5(1b) | |
Known Fixed Releases: | 5.0(3)U5(1c), 6.0(2)A1(1), 6.0(2)U1(1) | |
|
| | | | Bug Id: | CSCuv05674 | Title: | N3500 NAT stops working due to tcam corruption | |
Description: | Symptom:
NAT stops working.
Conditions:
HW redirect entries are corrupted
Workaround:
reload device or remove and re-enter "ip nat inside|outside" configuration.
Further Problem Description:
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 01-JUL-2015 | |
Known Affected Releases: | 6.0(2)A4(5) | |
Known Fixed Releases: | | |
|
| | | | Bug Id: | CSCut14215 | Title: | Upon startup, N3K Sets CoPP Police PPS 0 for multiple class-maps | |
Description: | Symptom:
PPS values for few or all class-maps are 0.
Conditions:
This is seen only if user gives ctrl+C when the setup is in progress during bootup. If user does not give ctrl+C, then this scenario will not occur
Workaround:
Run "setup" again from CLI explicitly and make sure that it runs to completion.
Further Problem Description:
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 02-JUL-2015 | |
Known Affected Releases: | 6.0(2)U2(2) | |
Known Fixed Releases: | 6.0(2)A6(1.115), 6.0(2)A6(2), 6.0(2)U6(0.115), 6.0(2)U6(1) | |
|
| | | | Bug Id: | CSCut43397 | Title: | Nexus 3000 and 3500 (N3K and N3500K) Leap Second | |
Description: | Symptom:
When the leap second update occurs a N3K could have the kernel hit what is known a "livelock" condition under the following circumstances:
a. When the NTP server pushes the update to the N3K NTPd client, which in turn schedules the update to
the Kernel. This push should have happened 24 hours before June 30th, by most NTP servers.
b. When the NTP server actually updates the clock
Conditions:
The leap second update will be propagated via Network Time Protocol (NTP) or via manually setting the clock.
Workaround:
On switches running affected code, following workaround can be used.
1)Remove NTP/PTP configuration on the switch at least two days prior to June 30, 2015 Leap second event date.
2)Add NTP/PTP configuration back on the switch after the Leap second event date(July 1, 2015)
Further Problem Description:
The following releases and above are not affected by this issue:
6.0(2)U3(1)
6.0(2)U2(2Z)
6.0(2)U2(1)
6.0(2)U1(1)
6.0(2)A1(1b)
- The last leap second update happened on June 30th @ 23:59:60 UTC.
- The next leap second update is not due until next several years, and 6 months notice will be given before the update. Please see URL below for leap second update details.
Reference : http://www.timeanddate.com/time/leapseconds.html
- Now that we have past June 30th 23:59:60 UTC, if your N3K have not reset or switched over, you are not affected this caveat until the next leap second update.
| |
Status: | Other | |
Severity: | 2 Severe | Last Modified: | 02-JUL-2015 | |
Known Affected Releases: | 6.0(2)U1(1) | |
Known Fixed Releases: | 6.0(2)A1(2d), 6.0(2)U2(1), 6.0(2)U2(2Z), 6.0(2)U3(1) | |
|
| | | | Bug Id: | CSCus34881 | Title: | N3k - SNMPD crash due to segmentation fault polling port_manager | |
Description: | Symptom:
NX-OS SNMPd process crashes with HAP reset.
Conditions:
SNMP GET requests to IF-MIB may cause the SNMP deamon to crash due to a segmentation fault while trying to fetch the interface counters belonging to a port channel.
Workaround:
Do not poll OID's to collect interface counters belonging to a port-channel
Further Problem Description:
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 02-JUL-2015 | |
Known Affected Releases: | 6.0(2)U4(1) | |
Known Fixed Releases: | 6.0(2)A5(1.37), 6.0(2)A5(2), 6.0(2)A6(0.64), 6.0(2)A6(0.66), 6.0(2)A6(0.78), 6.0(2)A6(1), 6.0(2)U5(1.37), 6.0(2)U5(2), 6.0(2)U6(0.64), 6.0(2)U6(0.66) | |
|
| | | | Bug Id: | CSCuv03416 | Title: | ipfib crash after bulk ucast and mcast update | |
Description: | Symptom:
ipfib crash after bulk ucast and mcast update
Conditions:
bulk mcast and uncast update
Workaround:
n/a
Further Problem Description:
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 06-JUL-2015 | |
Known Affected Releases: | 6.0(2)U4(1), 6.0(2)U4(1M) | |
Known Fixed Releases: | | |
|
| | | | Bug Id: | CSCuu06246 | Title: | Cisco Nexus 3000 Vulnerability cmd injection via DHCP offer options | |
Description: | Symptom:
Command injection via DHCP offer options used with PowerOn Auto Provisioning (POAP)
Conditions:
NX-OS Switch would have to be in a state where POAP is initiated, and if
an attacker can either:
A) Inject their own DHCP server and respond to the POAP DHCP request with
crafted DHCP options.
B) Compromise an existing DHCP server, and craft the specific DHCP
options.
Then during the POAP process, when the crafted DHCP options are processed
arbitrary commands on the system could be executed in the context of root
user.
Note this issue only occurs during the POAP DHCP boot process.
Workaround:
None.
Further Problem Description:
None.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.8/5.9:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:A/AC:H/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C
CVE ID CVE-2015-0658 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 07-JUL-2015 | |
Known Affected Releases: | 5.0(3)U5(1h), 6.0(2)U4(1), 6.0(2)U5(1) | |
Known Fixed Releases: | 6.0(2)U6(1.33), 6.0(2)U6(2) | |
|
| | | | Bug Id: | CSCur67361 | Title: | N3K - FWM assert @fwm_fwim_delete_lif | |
Description: | Symptom:
When adding a particular MAC for an IPSG, an internal error is received, which causes the MAC addition to the database to fail. Deleting the MAC entry during an IPSG operation fails because the entry is not present in the FWM database.
Conditions:
The IPSG MAC addition should fail with an internal error, and the MAC entry deletion during the IPSG operation should be successful.
Workaround:
NA
Further Problem Description:
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 08-JUL-2015 | |
Known Affected Releases: | 6.0(2)U5(1) | |
Known Fixed Releases: | 6.0(2)A4(3.36), 6.0(2)A4(4), 6.0(2)A5(0.985), 6.0(2)A5(1), 6.0(2)A5(1.41), 6.0(2)A5(2), 6.0(2)A6(1.120), 6.0(2)A6(2), 6.0(2)U4(3.36), 6.0(2)U4(4) | |
|
| | | | Bug Id: | CSCug38697 | Title: | OSPF LSA Injection Vulnerability | |
Description: | Summary
Multiple Cisco products are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA)
database. This vulnerability could allow an unauthenticated attacker to take full control of the OSPF Autonomous System (AS) domain routing table,
blackhole traffic, and intercept traffic.
The attacker could trigger this vulnerability by injecting crafted OSPF packets. Successful exploitation could cause flushing of the routing table on a
targeted router, as well as propagation of the crafted OSPF LSA type 1 update throughout the OSPF AS domain.
To exploit this vulnerability, an attacker must accurately determine certain parameters within the LSA database on the target router. This vulnerability
can only be triggered by sending crafted unicast or multicast LSA type 1 packets. No other LSA type packets can trigger this vulnerability.
OSPFv3 is not affected by this vulnerability. Fabric Shortest Path First (FSPF) protocol is not affected by this vulnerability.
Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This
advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130801-lsaospf
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are
5.8/5.8:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:N/C:N/I:P/A:P/E:H/RL:U/RC:C
CVE ID CVE-2013-0149 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Symptom:
Invalid LSA in Database
Conditions:
Workaround:
Further Problem Description:
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 08-JUL-2015 | |
Known Affected Releases: | 6.0(2)U2(1), 6.2(0)PF(0.155) | |
Known Fixed Releases: | 5.2(1)N1(6) | |
|
| | | | Bug Id: | CSCuq86552 | Title: | N3K - "ip source interface icmp-errors" command no longer functions | |
Description: | Symptom:
The "ip source interface icmp-errors" command does not have the expected behavior of changing the source IP address that is embedded in ICMP error messages that are generated by the N3K. The source IP address remains unchanged regardless of whether or not this command is configured.
Conditions:
Configure "ip source interface icmp-errors"
Workaround:
None
Further Problem Description:
| |
Status: | Fixed | |
Severity: | 1 Catastrophic | Last Modified: | 08-JUL-2015 | |
Known Affected Releases: | 6.0(2)U3(1) | |
Known Fixed Releases: | 6.0(2)A3(3.76), 6.0(2)A3(3.77), 6.0(2)A3(4), 6.0(2)U3(3.76), 6.0(2)U3(3.77), 6.0(2)U3(4) | |
|
| | | | Bug Id: | CSCup90103 | Title: | Nexus 3064 unable to resolve arp | |
Description: | Symptom:
Deployed hundreds of switch in the pre-production . Some switches failed to resolve arp
Conditions:
N3K-C3064PQ-10GX running 6.0.2.U2.4
Workaround:
Resolved after a reload. One switch resolved after reloading twice.
Further Problem Description:
| |
Status: | Other | |
Severity: | 2 Severe | Last Modified: | 08-JUL-2015 | |
Known Affected Releases: | 6.0(2)U2(4), 6.0(2)U4(1) | |
Known Fixed Releases: | | |
|
| | | | Bug Id: | CSCul51795 | Title: | SNMP crash in EntitySensor MIB | |
Description: | Symptom:
snmpd crash while during walk of EntitySensorMIB
Conditions:
Unique condition
a) There should be transceiver with invalid EEPROM DOM value that is not recognized by Software (Calibration type)
b) There should be timeout of cache value - timed to the snmp walk/polling and the transceiver which has invalid calibration.
Workaround:
none
Further Problem Description:
| |
Status: | Fixed | |
Severity: | 1 Catastrophic | Last Modified: | 08-JUL-2015 | |
Known Affected Releases: | 5.0(3)U5(1g) | |
Known Fixed Releases: | 5.0(3)U5(0.210), 5.0(3)U5(1i), 6.0(2)U2(1.63), 6.0(2)U2(2Z) | |
|
| | | | Bug Id: | CSCul70898 | Title: | SNMP Response SAP MTS queue buildup seen | |
Description: | Symptom:
SNMPD crash observed with following logs
%KERN-2-SYSTEM_MSG: [65201.135015] [sap 27][pid 3439][comm:snmpd] sap recovering failed and so Killed - kernel
%SYSMGR-3-BASIC_TRACE: core_copy: PID 1689 with message Core not generated by system for snmpd(0). WCOREDUMP(9) returned zero .
%SYSMGR-2-SERVICE_CRASHED: Service "snmpd" (PID 3439) hasn't caught signal 9 (no core).
No core file will be saved
Conditions:
This happens when we use snmpbulkget against EntitySensor MIB OID's and max-iterations is set to 100.
Workaround:
Use max-iterations of 10 and the issue will not be seen
Further Problem Description:
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 08-JUL-2015 | |
Known Affected Releases: | 6.0(2)U2(2Z) | |
Known Fixed Releases: | 5.0(3)U5(0.210), 5.0(3)U5(1i), 6.0(2)U2(1.70), 6.0(2)U2(2Z), 6.1(2)I1(2), 6.1(2)I1(2.6), 6.1(2)I1(3.10), 6.1(2)I1(4) | |
|
| | | | Bug Id: | CSCul59271 | Title: | SNMP polling for lldpRemManAddrOID fails on certain interface | |
Description: | Symptom:
SNMP polling for lldpRemManAddrOID fails on certain interface
Conditions:
snmpwalk -v 2c -c '***community***' .1.0.8802.1.1.2.1.4.2.1.5
Workaround:
N/A
Further Problem Description:
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 08-JUL-2015 | |
Known Affected Releases: | 5.0(3)U5(1e), 5.0(3)U5(1f) | |
Known Fixed Releases: | 5.0(3)U5(0.210), 5.0(3)U5(1i), 6.0(2)U2(1.12), 6.0(2)U2(2), 6.0(2)U2(3.78), 6.0(2)U2(5Z), 6.0(2)U3(0.561), 6.0(2)U3(1) | |
|
| | | | Bug Id: | CSCus85011 | Title: | ARP crash during ARP broadcast storm | |
Description: | When arp_adj_add failed, it was calling arp_errmsg, which expects 2 strings as parameters whereas the actual parameters passed were a string and an integer. have modified the code as per PI code.
Symptom:
An ARP process crash is observed causing a system HAP reset
Conditions:
The issue was obvsereved while ARP broadcast storm coming towards the switch
Workaround:
The issue was got around by increasing the COPP ARP rate limit after which it seems to have stabilized.
Further Problem Description:
When arp_adj_add failed, it was calling arp_errmsg, which expects 2 strings as parameters whereas the actual parameters passed were a string and an integer. have modified the code as per PI code.
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 08-JUL-2015 | |
Known Affected Releases: | 6.0(2)U2(1), 6.0(2)U2(2), 6.0(2)U2(4), 6.0(2)U2(4.92.4Z) | |
Known Fixed Releases: | 6.0(2)A4(3.43), 6.0(2)A4(4), 6.0(2)A5(1.38), 6.0(2)A5(2), 6.0(2)A6(0.56), 6.0(2)A6(1), 6.0(2)U4(3.43), 6.0(2)U4(4), 6.0(2)U5(1.38), 6.0(2)U5(2) | |
|
| | | | Bug Id: | CSCue25653 | Title: | Nexus3000 learns its own and/or vPC peer's router mac addr on an L2 port | |
Description: | Symptom:Nexus3000 learns it's own or vPC peer's router mac address on an L2 port.
In an ideal situation, it's local hardware/router mac-address should not be learned dynamically.
Also, vPC peer's mac-address should be learned only on the peer-link.
Conditions:Nexus3000 running one of the affected releases, and an layer2 loop condition triggered the issue.
Workaround:Configure static MAC addresses pointing to the correct source interface and vlan.
As part of the fix, a new CLI introduced is:
Nexus3000(config)#mac address-table guard-vpc-peergw-mac
To fix the issue, upgrade the Nexus3000 switch to 5.0(3)U5(1c), 6.0(2)U1(1) 6.0(2)A1(1) or later releases
AND
Enable the above-mentioned CLI
More Info:If the same issue is seen for virtual mac addresses owned by FHRP, refer CSCuq50188.
FHRP - First Hop Redundancy Protocol like HSRP, VRRP etc.
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 08-JUL-2015 | |
Known Affected Releases: | 5.0(3)U4(1) | |
Known Fixed Releases: | 5.0(3)U5(1c), 6.0(2)A1(1), 6.0(2)U1(1) | |
|
| | | | Bug Id: | CSCus84124 | Title: | Incorrect PFC MMU Buffer Reservation for 40G Ports With 3132 | |
Description: | Symptom:
For Nexus 3132, when in 32x40G mode, using the range command to enable PFC on a range of non-broken out 40G ports will cause incorrect PFC buffer reservations.
Conditions:
This is seen when the ports are in 40G mode and the range command is used to enable PFC on a range of 40G ports
Workaround:
Do not use range command
Further Problem Description:
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 09-JUL-2015 | |
Known Affected Releases: | 6.0(2)U3(5.94), 6.0(2)U5(1) | |
Known Fixed Releases: | 6.0(2)A6(0.63), 6.0(2)A6(1), 6.0(2)U6(0.63), 6.0(2)U6(1) | |
|
| | | | Bug Id: | CSCuq52769 | Title: | Multicast queue-limit programmed in hardware for queue 1 only | |
Description: | Symptom:
On a Nexus 3000 switch when you manually configure the queue-limit for specific queues only queue number 1 gets properly programmed in hardware with the new queue-limit. The other queue's retain the default values.
Conditions:
Workaround:
None.
Further Problem Description:
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 09-JUL-2015 | |
Known Affected Releases: | 6.0(2)U3(1), 6.0(2)U4(0.866) | |
Known Fixed Releases: | 6.0(2)A3(3.70), 6.0(2)A3(4), 6.0(2)A4(0.888), 6.0(2)A4(1), 6.0(2)U3(3.70), 6.0(2)U3(4), 6.0(2)U4(0.888), 6.0(2)U4(1) | |
|
| | | | Bug Id: | CSCus62896 | Title: | After copy file start Ints lose port-channel config when in PO with pfc | |
Description: | Symptom:
After a "copy file start" with a configuration containing port-channels with pfc configured, the members interfaces of these port-channels will lose their port-channel assignments. This is due to the pfc config coming after the port-channel config on the physical interface causing the port-channel assignment to fail.
Conditions:
After a "copy file start" with configuration containing port-channels with pfc configured, the members interfaces of these port-channels will losse their port-channel assignments. This is due to the pfc config coming after the port-channel config on the physical interface causing the port-channel assignment to fail
Workaround:
Move the "prioirty-flow-control" configuration before the "channel-group x mode" command under the physical interface in the configuration file before copying the file to the startup-configuration. If this issue is seen after interfaces can be reassigned to port-channesl after "copy file start" and reload
Further Problem Description:
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 09-JUL-2015 | |
Known Affected Releases: | 6.0(2)U3(4.92), 6.0(2)U5(1) | |
Known Fixed Releases: | 6.0(2)A4(3.39), 6.0(2)A4(4), 6.0(2)A6(0.24), 6.0(2)A6(1), 6.0(2)U3(5.93), 6.0(2)U3(6), 6.0(2)U4(3.39), 6.0(2)U4(4), 6.0(2)U6(0.24), 6.0(2)U6(1) | |
|
| | | | Bug Id: | CSCut76803 | Title: | GLDN: syslogd hap reset seen while executing fast-reload in a loop | |
Description: | Symptom:
Nexus 3000 may experience a syslogd hap reset after a reload.
Conditions:
The syslogd core has only been reported after a reload/upgrade.
Workaround:
Unknown at this time.
Further Problem Description:
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 10-JUL-2015 | |
Known Affected Releases: | 6.0(2)U3(5.95) | |
Known Fixed Releases: | 6.0(2)U3(7.99), 6.0(2)U3(8), 6.0(2)U6(1.72), 6.0(2)U6(2) | |
|
| | | | Bug Id: | CSCup98077 | Title: | DAI cannot seem to deny bad packets | |
Description: | Symptom:
When there is unicast arp request/responce, DAI fails to block unwanted arp packets.
Conditions:
When there is unicast arp request/responce, DAI fails to block unwanted arp packets.
Workaround:
None
Further Problem Description:
| |
Status: | Fixed | |
Severity: | 1 Catastrophic | Last Modified: | 10-JUL-2015 | |
Known Affected Releases: | 6.0(2)U3(2.60) | |
Known Fixed Releases: | 6.0(2)A3(2.61), 6.0(2)A3(3), 6.0(2)U3(2.61), 6.0(2)U3(3) | |
|
| | | | Bug Id: | CSCui51551 | Title: | Unvalidated Pointers Could Result in Device Reload | |
Description: | Symptom:
A vulnerability in the Open Network Environment Platform (ONEP) could allow an authenticated, remote attacker to cause a reload of the network
element.
The vulnerability is due to insufficient pointer validation of ONEP traffic processing. An attacker could exploit this vulnerability by sending a
crafted packet to the network element.
Conditions:
A network element configured for ONE-P processing.
Workaround:
Limit access to ONE-P process by using Control Plane Policing (CoPP) to define trusted sources and applications.
Further Problem Description:
You must be very careful about enabling the ONE-P feature on a network device. A non-secure implementation of ONE-P could provide the opportunity
for a malicious third party to gain control of a router or switch.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.3/5.2:
https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:S/C:N/I:N/A:C/E:F/RL:OF/RC:C
CVE ID has been assigned to document this issue.
Additional details about the vulnerability described here can be found at:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5496
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 11-JUL-2015 | |
Known Affected Releases: | 6.0(2)U1(1), 6.0(2)U1(2) | |
Known Fixed Releases: | 15.1(1)ICA4.122, 15.2(1)IC273.5, 15.2(2.4.11)EA, 15.2(4.0)ST, 15.3(3)M1, 15.3(3)S0.8, 15.3(3)S1, 15.3(3)S2, 15.4(0.12.6)PIH23, 15.4(0.20.1)CG | |
|
| | | | Bug Id: | CSCut16482 | Title: | N3K scheduler hap reset | |
Description: | Symptom:
scheduler hap reset
Conditions:
customer running 6.0(2)U2(2)
Workaround:
none
Further Problem Description:
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 13-JUL-2015 | |
Known Affected Releases: | 6.0(2)U2(2) | |
Known Fixed Releases: | 6.0(2)A6(1.114), 6.0(2)A6(2), 6.0(2)U6(0.114), 6.0(2)U6(1) | |
|
| | | | Bug Id: | CSCup43205 | Title: | Nexus 3500: Support for Packets with Multicast MAC | |
Description: | Symptom:
Microsoft NLB traffic and ISIS Hello packets are not forwarded by Nexus 3548 when used as a transit device.
Conditions:
- Nexus 3500
- Traffic with multicast mac and unicast IP OR multicast mac and no ip header
Workaround:
None.
Further Problem Description:
Forwarding of this traffic type is currently unsupported on this platform. This issue is present because the Nexus 3548 platform currently performs a L2 and L3 lookup on multicast packets.
This enhancement was filed to add the ability to only perform a L2 only lookup mode.
| |
Status: | Terminated | |
Severity: | 2 Severe | Last Modified: | 14-JUL-2015 | |
Known Affected Releases: | 6.0(2)A3(1), 6.0(2)A4(1) | |
Known Fixed Releases: | | |
|
| | | | Bug Id: | CSCus74195 | Title: | Incorrect parity handling for certain tables on T2 | |
Description: | Symptom:Nexus 3132/3172 switches (T2-based switches) may experience an incorrect soft parity error recovery that can result in packet loss for one or more affected traffic flows. This is the result of a Broadcom SDK defect impacting Software Error Recovery (SER) functionality, which automates the recovery of soft memory parity errors. Known affected memory tables are the L2_ENTRY and L3 LPM tables. Software releases prior to 6.0(2)U3(4) may also experience an unexpected reload due to plog_sup process crash.
A syslog message with the following format is associated with incorrect parity error recovery and can be used to identify the presence of this defect on a device (though there are certain conditions where this defect can be triggered without generation of such as syslog event):
%USER-3-SYSTEM_MSG: bcm_usd_isr_switch_event_cb_log:: slot_num 0, event , memory error type: (0xaddress), table name: (), index: - bcm_usd
Sample messages:
%USER-3-SYSTEM_MSG: bcm_usd_isr_switch_event_cb_log:805: slot_num 0, event 2, memory error type: Correction(0x5), table name: L2 table(0x7d6), index: 62432 bcm_usd
%USER-3-SYSTEM_MSG: bcm_usd_isr_switch_event_cb_log_new_fmt:805: slot_num 0, event 2, memory error type: Correction(0x9), table name: L3 LPM table(0x7fe), index: 2685
Conditions:Nexus 3132/3172 switches (T2-based switches)
Workaround:1) reload should recover from the condition temporarily.
2) Software upgrade.
More Info:
|
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 16-JUL-2015 | |
Known Affected Releases: | 6.0(2)U3(1) | |
Known Fixed Releases: | 6.0(2)A4(3.41), 6.0(2)A4(3.42), 6.0(2)A4(4), 6.0(2)U4(3.41), 6.0(2)U4(3.42), 6.0(2)U4(4), 6.0(2)U5(1) | |
|
| | | | Bug Id: | CSCus64180 | Title: | N3K: 10G link with UCS C-series keep flapping after link up. | |
Description: | Symptom:
After link between N3K and UCS C is up, this link keep flapping.
==========
2014 Dec 29 15:36:21 switch %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet1/52 is down (Link failure)
2014 Dec 29 15:36:23 switch %ETHPORT-5-IF_UP: Interface Ethernet1/52 is up in mode trunk
2014 Dec 29 15:36:24 switch %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet1/52 is down (Link failure)
2014 Dec 29 15:36:25 switch %ETHPORT-5-IF_UP: Interface Ethernet1/52 is up in mode trunk
2014 Dec 29 15:36:26 switch %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet1/52 is down (Link failure)
2014 Dec 29 15:36:27 switch %ETHPORT-5-IF_UP: Interface Ethernet1/52 is up in mode trunk
2014 Dec 29 15:36:28 switch %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet1/52 is down (Link failure)
2014 Dec 29 15:36:30 switch %ETHPORT-5-IF_UP: Interface Ethernet1/52 is up in mode trunk
==========
Sometimes this flapping stop after a few hours, sometimes never stop.
There is no particular configuration.
Conditions:
Nexus 3048 ---------- UCS C240M3
twinax
After link is up, this flapping occur.
Workaround:
- Maybe "shut/no shut" or cable re-connect will make link-up.
- Or, maybe wait.
Further Problem Description:
| |
Status: | Terminated | |
Severity: | 2 Severe | Last Modified: | 16-JUL-2015 | |
Known Affected Releases: | 5.0(3)U5(1h), 6.0(2)U5(1) | |
Known Fixed Releases: | | |
|
| | | | Bug Id: | CSCut86141 | Title: | SFP-H10GB-CU2.255M, hardware type changed to No-Transceiver on N3k | |
Description: | Symptom:
SFP not detected on the ports. The same SFP works on other ports
Conditions:
interface remain down with following error
%ETHPORT-5-IF_HARDWARE: Interface Ethernet1/30, hardware type changed to No-Transceiver
in the bcm_shell interface shows FAUTL remote
bcm-shell.0> port 8
PORT: Status (* indicates PHY link up)
xe7 LS(SW) Forced(10GFD) STP(Disable) Lrn(ARL,FWD) UtPri(0) Pfm(FloodNone) IF(SFI) Max_frame(1518) MDIX(ForcedNormal, Normal) Medium(Copper) Fault(Remote) VLANFILTER(3)
Workaround:
power drain of the switch seems to be recovering the issue some times
Further Problem Description:
In the problem state it seems that the driver is saturated due to larger value of idrv, predrv SI values. Updating the new set of SI setting solves the issue.
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 17-JUL-2015 | |
Known Affected Releases: | 6.0(2)U5(0.37) | |
Known Fixed Releases: | 6.0(2)A6(2.45), 6.0(2)A6(2.61), 6.0(2)A6(3), 6.0(2)A6(3.76), 6.0(2)A6(4), 6.0(2)U6(1.45), 6.0(2)U6(1.61), 6.0(2)U6(1.76), 6.0(2)U6(2) | |
|
| | | | Bug Id: | CSCuv30491 | Title: | nexus 3100 Wrong ACL programmed in hardware | |
Description: | Symptom:
ACL misprogrammed in hardware causing traffic bloackhole
Conditions:
Workaround:
Further Problem Description:
| |
Status: | Other | |
Severity: | 2 Severe | Last Modified: | 17-JUL-2015 | |
Known Affected Releases: | 6.0(2)U5(1) | |
Known Fixed Releases: | | |
|
| | | | Bug Id: | CSCuu71710 | Title: | N3500 : Kernel panic seen when UDP traffic hits the mgmt port | |
Description: | Symptom:
Nexus 3548: Kernel panic observed on 6.0(2)A4(5)
KERN-0-SYSTEM_MSG [2205608.520006] BUG: soft lockup - CPU#0 stuck for 11s! [usd_mts_kthread:3296]
Conditions:
Under high rate of incoming traffic on management interface
Workaround:
None
Further Problem Description:
Kernel panic was observed on Nexus3548 when there is a high incoming traffic rate(>150Mbps) on the management interface.
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 18-JUL-2015 | |
Known Affected Releases: | 6.0(2)A4(5.63) | |
Known Fixed Releases: | 6.0(2)A4(5.70), 6.0(2)A4(6), 6.0(2)A6(2.46), 6.0(2)A6(3), 6.0(2)U4(4.70), 6.0(2)U4(5), 6.0(2)U6(1.46), 6.0(2)U6(2) | |
|
| | | | Bug Id: | CSCuu54126 | Title: | 10g SFP not working/detected on Nexus 3K in port E1/1 | |
Description: | Symptom:
- 10g SFP not working/detected on Nexus 3K in port E1/1 and same SFP works on other switch ports
Conditions:
- issue found in code : 6.0(2)U2(6)
- Interface status remains down
etaccsw17.wsf.prnynj# sho int ethernet 1/1
Ethernet1/1 is down (Link not connected)
Dedicated Interface
Hardware: 100/1000/10000 Ethernet, address: 885a.9237.2228 (bia 885a.9237.2228)
Description: [CISCO][WIFI][OUTDOOR] wc101.wsf.prnynj [8510] PORT 02
MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec
reliability 255/255, txload 1/255, rxload 1/255
- Transceiver status show present
sdeaccsw17.wsf.prnynj# sho int ethernet 1/1 transceiver details
Ethernet1/1
transceiver is present >>>>
type is 10Gbase-LR
name is CISCO-FINISAR
part number is FTLX1474D3BCL-CS
- bcm_shell status of interface shows no error only stp in blocking state which seems to be expected behavior as interface is down.
bcm-shell.0> port 1
PORT: Status (* indicates PHY link up)
*xe0 LS(SW) Forced(10GFD) STP(Block) Lrn(ARL,FWD) UtPri(0) Pfm(FloodNone) IF(SFI) Max_frame(1518) MDIX(ForcedNormal, Normal) Medium(Copper) VLANFILTER(3)
Workaround:
Reload the switch
Further Problem Description:
In the problem state it seems that the driver is saturated due to larger value of idrv, predrv SI values. Updating the new set of SI setting solves the issue.
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 20-JUL-2015 | |
Known Affected Releases: | 6.0(2)U2(5.87) | |
Known Fixed Releases: | 6.0(2)A6(2.45), 6.0(2)A6(2.61), 6.0(2)A6(3), 6.0(2)U6(1.45), 6.0(2)U6(1.61), 6.0(2)U6(2) | |
|
| | | | Bug Id: | CSCut78781 | Title: | N3000 does not install pim OIL for (S,G) | |
Description: | Symptom:
Missing PIM derived OIL for some (S,G)-s when multiple sources come online at the same time
Conditions:
Workaround:
Further Problem Description:
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 22-JUL-2015 | |
Known Affected Releases: | 6.0(2)U4(1) | |
Known Fixed Releases: | 6.0(2)A4(5.59), 6.0(2)A4(6), 6.0(2)A6(2.44), 6.0(2)A6(3), 6.0(2)A7(0.167), 6.0(2)A7(1), 6.0(2)U4(4.59), 6.0(2)U4(5), 6.0(2)U6(1.44), 6.0(2)U6(2) | |
|
| | | | Bug Id: | CSCuu35333 | Title: | Should not shutdown system when there is PS or FAN direction mismatch | |
Description: | Symptom:
Donot shutdown system due to fan/PS direction mismatch.
Print Sev1 syslogs every minute instead.
Conditions:
Workaround:
Further Problem Description:
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 22-JUL-2015 | |
Known Affected Releases: | 6.0(2)U3(7.103) | |
Known Fixed Releases: | 6.0(2)A6(3.82), 6.0(2)A6(4), 6.0(2)U6(1.82), 6.0(2)U6(2) | |
|
| | | | Bug Id: | CSCuv43863 | Title: | N3548 ERSPAN fail | |
Description: | Symptom:
N3548 ERSPAN traffic copy fail to destination port.
Conditions:
when ERSPAN configured with N3048 and N3548 , traffic not copied to N3548 destination port.
Workaround:
Further Problem Description:
| |
Status: | Open | |
Severity: | 2 Severe | Last Modified: | 23-JUL-2015 | |
Known Affected Releases: | 6.0(2)A6(1.16) | |
Known Fixed Releases: | | |
|
| | | | Bug Id: | CSCuu84112 | Title: | N3k - adjacency entry misprogrammed in hardware | |
Description: | Symptom:
Flows getting blackholed because next hop information is incorrect in hardware
Conditions:
none
Workaround:
clear ip arp force-delete
Further Problem Description:
| |
Status: | Other | |
Severity: | 2 Severe | Last Modified: | 23-JUL-2015 | |
Known Affected Releases: | 6.0(2)U6(1) | |
Known Fixed Releases: | | |
|
| | | | Bug Id: | CSCut89022 | Title: | FR upgrade from FP to ICARIA2 does not get XCVR info | |
Description: | Symptom:
After fastreload, port goes to 'SFP not Inserted' after FR upgrade from FP to ICARIA2 on 3132*
Conditions:
Fast reload upgrade from 6.0(2)U3*, 6.0(2)U4* to 6.0(2)U5* or 6.0(2)U6*
Workaround:
Do a install-all upgrade.
Further Problem Description:
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 23-JUL-2015 | |
Known Affected Releases: | 6.0(2)U6(1) | |
Known Fixed Releases: | 6.0(2)U6(1.43), 6.0(2)U6(2), 6.0(2)U7(0.168), 6.0(2)U7(0.169), 6.0(2)U7(1) | |
|
| | | | Bug Id: | CSCup45866 | Title: | Persistent high rate of HW errors can trigger plog_sup process crash | |
Description: | Symptom:
Device will crash due to plog_sup HAP reset. Following logs will be seen in OBFL
%KERN-2-SYSTEM_MSG: [ 1012.114305] [sap 1016][pid 3201][comm:plog_sup] sap recovering failed and so Killed - kernel
%SYSMGR-2-SERVICE_CRASHED: Service "plog_sup" (PID 3201) hasn't caught signal 9 (no core).
%SYSMGR-2-HAP_FAILURE_SUP_RESET: System reset due to service "plog_sup" in vdc 1 has had a hap failure
%KERN-0-SYSTEM_MSG: [ 1020.936979] writing reset reason 16, plog_sup hap reset - kernel
Conditions:
If the parity interrupts are in ECC Protected SRAM, the interrupts should be persistent even after a reload. If not refer CSCus74195
Workaround:
This is a uncorrectable parity problem in the ASIC. The device will need to be replaced.
Further Problem Description:
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 24-JUL-2015 | |
Known Affected Releases: | 6.0(2)U2(4) | |
Known Fixed Releases: | 6.0(2)A3(3.70), 6.0(2)A3(4), 6.0(2)A4(0.784), 6.0(2)A4(1), 6.0(2)U3(3.70), 6.0(2)U3(4), 6.0(2)U4(0.784), 6.0(2)U4(1) | |
|
| | | | Bug Id: | CSCuv33416 | Title: | IPv6 HSRP fails to establish Active/Standby states | |
Description: | Symptom:
IPv6 HSRP fails to establish 'Active/Standby' states between switches on SVIs.
Conditions:
HSRPv2 is configured for IPv6.
Workaround:
Adding a group address that is in the same subnet as the SVI, removing the statically-configured group, adding it back, and then removing the subnet group address on both sides should allow both switches to communicate and establish an 'Active/Standby' state. However, if the SVI is bounced or the switch reloaded, the problem will return and the same workaround must be followed.
Further Problem Description:
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 28-JUL-2015 | |
Known Affected Releases: | 6.0(2)U5(2) | |
Known Fixed Releases: | | |
|
| | | | Bug Id: | CSCuu99566 | Title: | On ECMP table exhaustion seeing wrong value sh hardware profile status | |
Description: | Symptom:
When ECMP table full condition is hit, "show hardware profile status" shows negative (-ve) value for used ECMP entries
N3K-1# show hardware profile status Total LPM Entries = 8191.
Total Host Entries = 8192.
Reserved LPM Entries = 1024.
Max Host4/Host6 Limit Entries (shared)= 4096/2048* Max Mcast
Limit Entries = 4000.
Used LPM Entries (Total) = 151.
Used IPv4 LPM Entries = 149.
Used IPv6 LPM Entries = 2.
Used IPv6 LPM_128 Entries = 1.
Used Host Entries in LPM (Total) = 5872.
Used Host4 Entries in LPM = 5872.
Used Host6 Entries in LPM = 0.
Used Mcast Entries = 0.
Used Mcast OIFL Entries = 2.
Used Host Entries in Host (Total) = 0.
Used Host4 Entries in Host = 0.
Used Host6 Entries in Host = 0.
Max ECMP Table Entries = 64.
Used ECMP Table Entries = -4937.
MFIB prefer-source-tree = Eternity/1500/0.
Conditions:
when ECMP table is full
Workaround:
Further Problem Description:
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 28-JUL-2015 | |
Known Affected Releases: | 6.0(2)U3(7.96), 6.0(2)U6(1) | |
Known Fixed Releases: | 6.0(2)A6(2.67), 6.0(2)A6(3), 6.0(2)A6(3.69), 6.0(2)A6(3.71), 6.0(2)A6(4), 6.0(2)U6(1.67), 6.0(2)U6(1.69), 6.0(2)U6(1.71), 6.0(2)U6(2) | |
|
| | | | Bug Id: | CSCuf36771 | Title: | N3k-OF:Vlan ID is removed when packets are punted to controller | |
Description: | Symptom:
When the Datapath Service Set is asked to provide Layer-2 frames to it's client, the frames will be missing any 802.1Q or QinQ header that may have originally been on the frame.
This in turn affects any OpenFlow packets sent to the controller, preventing the controller from properly performing reactive-mode learning switch or similar operations.
Conditions:
When 802.1q tagged packets need to be diverted via the OneP Datapath Service Set to a client, including to an OpenFlow controller by way of the Cisco Plug-in for OpenFlow Agent.
Workaround:
no known workarounds.
Further Problem Description:
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 29-JUL-2015 | |
Known Affected Releases: | 6.0(2)U3(0.728) | |
Known Fixed Releases: | 15.2(4.0)ST, 15.2(4.0.21)E, 6.0(2)A4(1), 6.0(2)U4(1), 7.1(0)ES(0.10), 7.1(0)ES(0.11), 7.1(0)ES(0.13), 7.1(0)ES(0.14), 7.2(0)BA(0.25), 7.2(0)VZD(0.36) | |
|
| | | | Bug Id: | CSCus64921 | Title: | N3100 - reducing LOU threshold flaps all BFD sessions | |
Description: | Symptom:
When the LOU threshold config is changed, and if there is a failure, BFD sessions flap.
Conditions:
This issue happens only when there is a LOU threshold config change failure
Workaround:
Workaround is to configure a threshold value other than current value which will results in success.
For example,
- current lou threshold - 20
- changing lou threshold to 5 fails and BFD sessions flap.
- Change threshold value to 21 which succeeds
Further Problem Description:
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 29-JUL-2015 | |
Known Affected Releases: | 6.0(2)U5(1) | |
Known Fixed Releases: | 6.0(2)A6(0.61), 6.0(2)A6(1), 6.0(2)U6(0.61), 6.0(2)U6(1) | |
|
| | | | Bug Id: | CSCuv30231 | Title: | N3K: Interface in inconsistent state for stp-state consistency-checker | |
Description: | Symptom:
Interfaces in a port-channel uplink would go into inconsistent status in the consistency-checker outputs.
Conditions:
Switches should be configured using MST protocol for spanning-tree
Regular show commands would show that the interfaces are up and up and forwarding in spanning-tree.
Workaround:
Use spanning-tree in rapid PVST mode. We have not seen the problem in this mode.
Further Problem Description:
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 29-JUL-2015 | |
Known Affected Releases: | 6.0(2)U3(7.99), 6.0(2)U5(2.50), 6.0(2)U6(1), 6.0(2)U6(1.79) | |
Known Fixed Releases: | 6.0(2)A6(3.79), 6.0(2)A6(3.80), 6.0(2)A6(4), 6.0(2)U6(1.79), 6.0(2)U6(1.80), 6.0(2)U6(2) | |
|
| | | | Bug Id: | CSCuq93202 | Title: | N3172 : Link flaps in cetain scenarios | |
Description: | Symptom:
A link flap is observed between 3172 and another device (such as a switch or a host) when the 3172 receives a frame with a size greater than the MTU.
Conditions:
when giant frames are sent and jumbo is not enabled
Workaround:
enable jumbo MTU on 3172
Further Problem Description:
| |
Status: | Fixed | |
Severity: | 2 Severe | Last Modified: | 30-JUL-2015 | |
Known Affected Releases: | 6.0(2)U3(2.58) | |
Known Fixed Releases: | 6.0(2)A4(1.23), 6.0(2)A4(2), 6.0(2)A6(1.6), 6.0(2)A6(2), 6.0(2)U4(1.23), 6.0(2)U4(2), 6.0(2)U6(0.6), 6.0(2)U6(1) | |
|
| |
| | | | |  2013 Cisco and/or its affiliates. All rights reserved. Terms & Conditions | Privacy Statement | Cookie Policy | Trademarks
|
| | |
没有评论:
发表评论