Cisco Blog » The Platform

2015年9月1日星期二

Cisco Notification Alert -Prime - DCNM-01-Sep-2015 16:53 GMT

 

 

 

 

 

 

 


Security Advisories & Responses - Prime Data Center Network Manager

Title:
OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
Description:

On July 9, 2015, the OpenSSL Project released a security advisory detailing a vulnerability affecting applications that verify certificates, including SSL/Transport Layer Security (TLS)/Datagram Transport Layer Security (DTLS) clients and SSL/TLS/DTLS servers using client authentication.

Multiple Cisco products incorporate a version of the OpenSSL package affected by this vulnerability that could allow an unauthenticated, remote attacker to cause certain checks on untrusted certificates to be bypassed, enabling the attacker to forge "trusted" certificates that could be used to conduct man-in-the-middle attacks.

This advisory will be updated as additional information becomes available.

Cisco will release free software updates that address this vulnerability.

Workarounds that mitigate this vulnerability may be available.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150710-openssl

Date:
29-AUG-2015

Find additional information in Cisco Security Advisories & Responses

Known Bugs - Prime Data Center Network Manager

Alert Type:
Updated *
Bug Id:
CSCus59551
Title:
Template cannot be imported if properties is defined
Status:
Fixed
Severity:
2 Severe
Description:

Symptom:
Config template feature in web client does not allow to edit or save while importing a template

Conditions:
When a template has the attribute "published" is set to true, and imported edit/save options are not available.

Workaround:
Open the template in a text editor and the value for the attribute "published" to false.

Further Problem Description:

Last Modified:
20-AUG-2015
Known Affected Releases:
7.1(1)S19
Known Fixed Releases: *
6.2(11.4)S0, 6.2(13)FM(0.33), 6.2(13)GS(0.13), 7.1(1.25)S0, 7.1(1.36)S0, 7.2(0)FM(0.2), 7.3(0)D1(0.71), 7.3(0)DHB(0.31), 7.3(0)HM(0.5), 7.3(0)PDB(0.32)
Alert Type:
Updated *
Bug Id:
CSCus76975
Title:
DCNM auto-config profile name containing _space_ causes switch to reload
Status:
Fixed
Severity:
2 Severe
Description:

Symptom:
Reload on device when a profile with a space in the name is applied to the device via auto configuration.

Conditions:
Profile created in DCNM for auto-config has a space in it.

Workaround:
Make sure that the profile name does not contain a space. Pre-packaged profiles do not have this issue, custom-generated profiles should adhere this naming convention.

Further Problem Description:

Last Modified:
20-AUG-2015
Known Affected Releases:
7.1(1)
Known Fixed Releases: *
6.2(13)FM(0.54), 6.2(13)GS(0.15), 6.2(13.1)S0, 7.1(1.46)S0, 7.1(1.62)S0, 7.3(0)D1(0.71), 7.3(0)DHB(0.31), 7.3(0)FM(0.4), 7.3(0)HM(0.5), 7.3(0)PDB(0.32)
Alert Type:
Updated *
Bug Id:
CSCtq14131
Title:
DCNM Server: Updates for Jboss Application
Status:
Fixed
Severity:
2 Severe
Description: *

Symptoms:
The Jboss application server comes with a vulnerable bean shell component of the jmx-console which perform access control only for GET and POST
methods.

Conditions:
none
Workaround:
none
Further Problem Description:
The vulnerability is further described in CVE-2010-0738

PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5/4.5:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:W/RC:C&version=2.0
CVE ID CVE-2010-0738 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

Last Modified:
06-AUG-2015
Known Affected Releases:
5.1(1), 5.1(2), 5.1(3), 5.2(1)
Known Fixed Releases:
5.2(1)S25, 5.2(1)S32, 5.2(1)S44, 5.2(1.30)S0, 5.2(1.37)S0, 5.2(1.48)S0
Alert Type:
Updated *
Bug Id:
CSCtw93639
Title:
DB User Password Written in Clear in DCNM Install Log over Upgrade
Status:
Fixed
Severity:
3 Moderate
Description: *

Symptoms:
During the upgrade from 5.2.1 to 5.2.2 DB password may be seen in the install log
Conditions:
This happen only during the upgrade from 5.2.1 to 5.2.2
Workaround:
none

PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 1.7/1.6:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:L/Au:S/C:P/I:N/A:N/E:F/RL:U/RC:C&version=2.0
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

Last Modified:
06-AUG-2015
Known Affected Releases:
5.2(2)
Known Fixed Releases:
5.2(2a)S36, 5.2(3.30)S0
Alert Type:
Updated *
Bug Id:
CSCus29299
Title:
system dyn vlan should be mutually exclusive with global Mobility domain
Status:
Fixed
Severity:
3 Moderate
Description:

Symptom:
VDP detection on nexus 5600 does not function

Conditions:
When the Global Mobility Domain detectable VLAN range is set with overlapping values of the system dynamic VLAN range

Workaround:
Set the Global Mobility Domain detectable VLAN range to be non-overlapping.

Further Problem Description:

Last Modified:
16-AUG-2015
Known Affected Releases:
7.1(1)S19
Known Fixed Releases: *
7.1(1.96)S0, 7.3(0)ZD(0.83)
Alert Type:
Updated *
Bug Id:
CSCub08652
Title:
DCNM: Postgresql Password Unencrypted in DB Scripts
Status:
Terminated
Severity:
3 Moderate
Description: *

Symptom:
DB password may be shown in clear-text in some system logs

Conditions:
none

Workaround:
none

PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 1.7/1.6:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:L/Au:S/C:P/I:N/A:N/E:F/RL:U/RC:C&version=2.0
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

Further Problem Description:


Last Modified:
06-AUG-2015
Known Affected Releases:
5.2(2c)
Known Fixed Releases:
Alert Type:
Updated *
Bug Id:
CSCub04337
Title:
DCNM PostGreSql Vulnerabilities
Status:
Fixed
Severity:
3 Moderate
Description: *

Symptom:
Cisco DCNM includes a version of PostGreSQL that is affected by the vulnerabilities identified by the following Common Vulnerability and
Exposures (CVE) IDs:

CVE-2012-2143, CVE-2012-2655, CVE-2012-0866, CVE-2012-0868

This bug was opened to address the potential impact on this product.

Conditions:
Device with default configuration.

Workaround:
Not currently available.

Further Problem Description:
Additional details about the vulnerabilities listed above can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.5/5.9:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:U/RC:C&version=2.0
CVE ID CVE-2012-2143, CVE-2012-2655, CVE-2012-0866, CVE-2012-0868 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html


Last Modified:
06-AUG-2015
Known Affected Releases:
5.2(2c)
Known Fixed Releases:
Alert Type:
Updated *
Bug Id:
CSCtt15295
Title:
Excessive Logging During TCP Flood on Java Ports
Status:
Fixed
Severity:
3 Moderate
Description: *

Symptom:

CPU Hog and Excessive Logging During TCP Flood on Java Ports

Conditions:

If the size of server.log becomes very big because of too much logging
by DCNM server
then the CPU utlization increase.

Workaround:
User can stop the server and delete or copy and delete the server.log
file to some other location.
This will empty the server.log file. Now CPU wont hog as it logs the
messages in server.log
since it is already empty.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5/4.1:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C&version=2.0
CVE ID CVE-2011-4650 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

Last Modified:
06-AUG-2015
Known Affected Releases:
5.2(1)
Known Fixed Releases:
5.2(2.73)S0, 6.0(0)SL1(0.14)
Alert Type:
Updated *
Bug Id:
CSCul07068
Title:
VINCI: mgmt0 Port information not shown in Interfaces screen of Web UI
Status:
Fixed
Severity:
3 Moderate
Description:

Symptom:
When a switch is discovered, the mgmt0 interface is not shown in the Interface listing page for the switch.

Conditions:
Always.

Workaround:
None.

Further Problem Description:

Last Modified:
20-AUG-2015
Known Affected Releases:
7.0(0.130)
Known Fixed Releases: *
6.2(11)FI(0.8), 6.2(11)S2, 6.2(11.1)S0, 6.2(13)FM(0.13), 6.2(13)GS(0.13), 6.3(1.7)S0, 7.0(1.11)S0, 7.2(0)FM(0.2), 7.3(0)D1(0.71), 7.3(0)DHB(0.31)
Alert Type:
Updated *
Bug Id:
CSCut94107
Title:
Auto-config refresh not working for custom global vlan profiles
Status:
Fixed
Severity:
3 Moderate
Description: *

Symptom:
Changes made to Network based on Global-Vlan-Profile (no segment ID) are not refreshed on switches

Conditions:
Network created with a copy of "defaultNetworkUniversalTfGblVlanProfile" e.g. "defaultNetworkUniversalTfGblVlanProfile2"

Segment ID is configured but not used in profile.

Workaround:
Rename the profile to end with 'GblVlanProfile' (case-insensitive), e.g. 'customizedGblVlanProfile'. The network refresh will then use VLAN ID instead of Segment ID for customized global VLAN profile.

Further Problem Description:
This bug fix provides information for the CCO available via Cisco Prime DCNM documentation and Cisco Prime DCNM Online Help on the Web Client UI, based on the workaround description only. Future Cisco Prime DCNM releases will support global vlan profile refresh capabilities without this limitation regarding profile names.

Last Modified:
23-AUG-2015
Known Affected Releases:
7.1(1)
Known Fixed Releases:
7.2(1)S8
Alert Type:
Updated *
Bug Id:
CSCuu02144
Title:
DCNM: parameter input validation for border-RT field
Status:
Fixed
Severity:
3 Moderate
Description:

Symptom:
In DFA auto-configuration, since the introduction of the universal profile, the network operator can optional add the value include_borderLeafRt, as example in the vrf-common-universal profile.
When the network operator dont follow the exact required field notification with ASN:RT, then NX-OS will fail to configure the import route-target, this leads to a missing import of the default route originated from the borderleaf.

Conditions:
When the network operator don't follow the exact required field notification with ASN:RT.

Workaround:
The network operator need to update the network with the exact required field notification with ASN:RT.

Further Problem Description:

Last Modified:
20-AUG-2015
Known Affected Releases:
7.1(1)
Known Fixed Releases: *
7.2(0.44)S0, 7.3(0)D1(0.71), 7.3(0)DHB(0.31), 7.3(0)HM(0.5), 7.3(0)PDB(0.32), 7.3(0)ZD(0.83)
Alert Type:
Updated *
Bug Id:
CSCum83995
Title:
Stale/old Org/Partition showing up in DFA Topology after Refresh
Status:
Fixed
Severity:
3 Moderate
Description:

Symptom:
On screen refresh icon does not update the Org/Partition Pulldown as it should, so new entries do not appear.

Conditions:
Always. When Partitions are created or destroyed the user may notice the stale UI data.

Workaround:
Browser refresh.

Further Problem Description:

Last Modified:
20-AUG-2015
Known Affected Releases:
7.0(1)S23
Known Fixed Releases: *
6.2(11)FI(0.8), 6.2(11)S2, 6.2(11.1)S0, 6.2(13)FM(0.13), 6.2(13)GS(0.13), 6.3(1.7)S0, 7.0(1.11)S0, 7.2(0)FM(0.2), 7.3(0)D1(0.71), 7.3(0)DHB(0.31)
Alert Type:
Updated *
Bug Id:
CSCum62685
Title:
Blank screen on DFA topology after POAP publish
Status:
Fixed
Severity:
3 Moderate
Description:

Symptom:
From POAP definitions, if user edits a definition, goes through all the steps, and finally publishes it, and then tries to go to DFA topology, the screen becomes blank and unresponsive.
The same issue happens when POAP definition is saved and published, then navigated to DFA screen.

Conditions:
The POAP definition is saved/edited and published and the user goes to DFA topology screen.

Workaround:
Doing a browser reload (clicking the reload button on the browser being used) fixes the issue.

Further Problem Description:

Last Modified:
20-AUG-2015
Known Affected Releases:
7.0(1)S24
Known Fixed Releases: *
6.2(11)FI(0.8), 6.2(11)S2, 6.2(11.1)S0, 6.2(13)FM(0.13), 6.2(13)GS(0.13), 6.3(1.7)S0, 7.0(1.26)S0, 7.2(0)FM(0.2), 7.3(0)D1(0.71), 7.3(0)DHB(0.31)
Alert Type:
Updated *
Bug Id:
CSCur95202
Title:
Cannot import template definition
Status:
Fixed
Severity:
3 Moderate
Description:

Symptom:
Imported template are grayed out

Conditions:
Config->Delivery->Template->Select(predefined template)->Export

Config->Delivery->Template->Import

Workaround:
After exporting the older template., open the file and remove all the lines that appear before ##template variables

then import it into DCNM.

Also, after import, please select the appropriate device types for this template and for POAP templates, select the POAP and the publish flags, so it can be used in the POAP flow.

Further Problem Description:

Last Modified:
20-AUG-2015
Known Affected Releases:
7.2(0)RTG(0.4)
Known Fixed Releases: *
6.2(11.4)S0, 6.2(13)FM(0.33), 6.2(13)GS(0.13), 7.1(0.207)S0, 7.2(0)FM(0.2), 7.3(0)D1(0.71), 7.3(0)DHB(0.31), 7.3(0)HM(0.5), 7.3(0)PDB(0.32), 7.3(0)ZD(0.83)
Alert Type:
Updated *
Bug Id:
CSCus40622
Title:
DCNM:Template job fails when there is undefined symbol in response
Status:
Fixed
Severity:
3 Moderate
Description:

Symptom:
Config template shows job status as failed

Conditions:
When a config template has the command 'copy r s' in it, the out put response contains the symbol '%'.
This is considered as failure response and the commands are rolled back if the rollback option is enabled.

Workaround:
To avoid marking the 'copy r s' response as failure, add the text "Copy complete" in a new line in the file /dcnm/data/templates/skip-error-patterns.txt.
And restart the DCNM Services.

Further Problem Description:

Last Modified:
20-AUG-2015
Known Affected Releases:
7.1(1)S19, 7.1(1.113)
Known Fixed Releases: *
6.2(11.4)S0, 6.2(13)FM(0.33), 6.2(13)GS(0.13), 7.1(1.36)S0, 7.2(0)FM(0.2), 7.3(0)D1(0.71), 7.3(0)DHB(0.31), 7.3(0)HM(0.5), 7.3(0)PDB(0.32), 7.3(0)ZD(0.83)
Alert Type:
Updated *
Bug Id:
CSCuj15816
Title:
generated and upload config file should not have suffix .cfg
Status:
Fixed
Severity:
3 Moderate
Description:

Symptom:
The config file cannot be downloaded to the device.

Conditions:

Workaround:
Change the following line in the file /var/lib/tftpboot/poap_dcnm.py from
startupConfig = deviceRecipe["startup-config"]["config-name"]
to
startupConfig = deviceRecipe["startup-config"]["config-name"] + ".cfg"

Then run the following command under the directory /var/lib/tftpboot
./poap_dcnm.py dcnm-info

Further Problem Description:

Last Modified:
20-AUG-2015
Known Affected Releases:
7.0(0.62)
Known Fixed Releases: *
6.2(11)FI(0.8), 6.2(11)S2, 6.2(11.1)S0, 6.2(13)FM(0.13), 6.2(13)GS(0.13), 6.3(1.7)S0, 7.0(0.72)S0, 7.0(0.76)S0, 7.2(0)FM(0.2), 7.3(0)D1(0.71)
Alert Type:
New
Bug Id:
CSCuv97725
Title:
Client allows local authentication; configured for remote authentication
Status:
Open
Severity:
3 Moderate
Description:

Symptom:
When the DCNM SAN Client is configured for a remote authentication mode and the remote authentication server is available, a local user account can successfully login to the SAN Client.

Check 'Admin > Management Users > Local' to view or add users for local authentication.

To make sure that the remote authentication server does not contain a matching username and password:
*Go to the 'Remote AAA Properties tab' and select the remote authentication mode.
*Enter the remote authentication server information and click the 'Test' button.
*In the 'Test AAA' window, enter the local username and password and click 'Test'.

If the remote authentication server does contain username and password values that match the local account, a message indicating that the login was successful will be displayed. This indicates that the user is being authenticated remotely via credentials that match the local credentials on the remote authentication server. This is considered expected behavior when configured for remote authentication.

If the remote authentication server does not contain credentials that match the local credentials, a failure message will be displayed. This indicates that the remote authentication server does not contain a username and password combination that matches the local username and password combination and that this username and password combination are only configured locally.

If the locally configured credentials cannot be authenticated via the remote authentication server, exit the SAN Client and attempt to login with the locally configured credentials that returned the 'failure' message in the 'Test AAA' window. The login will succeed even though the Client is configured for remote authentication, the account that is logging in is only configured locally, and the remote authentication server is available.

Conditions:
DCNM SAN Client with 'Remote AAA Properties' tab configured for remote authentication.
Remote authentication server is available.
Local account credentials are different from the remote authentication credentials.
Local account credentials fail LDAP authentication.
Remote account credentials successfully complete LDAP authentication.

Workaround:
If the customer does not desire to fallback to local when the remote authentication server is unavailable, once a user has been configured for remote authentication, remove the local account.

If the customer desires to fallback to local authentication, there is no workaround.

Further Problem Description:

Last Modified:
28-AUG-2015
Known Affected Releases:
7.1(2)ZD(0.1)
Known Fixed Releases:
Alert Type:
Updated *
Bug Id:
CSCur96084
Title:
N5K-56XX devices are not listed in config template
Status:
Fixed
Severity:
3 Moderate
Description:

Symptom:
When the templates supported platform is N5600, no N56** device types are listed for config delivery

Conditions:
N56** device types are discovered and managed

Workaround:
Add N5500 to the templates supported platform and save the template. Now select the template and try creating a config delivery job in the web client, the N56** devices should be available for selection.

Further Problem Description:

Last Modified:
20-AUG-2015
Known Affected Releases:
7.1(0.46)
Known Fixed Releases: *
6.2(11.4)S0, 6.2(13)FM(0.33), 6.2(13)GS(0.13), 7.1(0.207)S0, 7.2(0)FM(0.2), 7.3(0)D1(0.71), 7.3(0)DHB(0.31), 7.3(0)HM(0.5), 7.3(0)PDB(0.32), 7.3(0)ZD(0.83)
Alert Type:
Updated *
Bug Id:
CSCut48826
Title:
Notify Border Leaf option on BL/ER pairing is cleared in remote DB case
Status:
Fixed
Severity:
3 Moderate
Description:

Symptom:
"Notify Border Leaf when relevant partitions are changed" checkbox is always cleared and the leafs do not get their configuration updated.

Conditions:
Happens when DCNM is configured with Oracle DB and partitions are extended.

Workaround:
'Manually run cli "fabric database auto-pull dci vrf VFRName node-id borderLeafIP peer-id edgeRouterIP" on the border leafs.

Further Problem Description:

Last Modified:
20-AUG-2015
Known Affected Releases:
7.1(1.81)
Known Fixed Releases: *
6.2(13)FM(0.54), 6.2(13)GS(0.15), 6.2(13.1)S0, 7.1(1.91)S0, 7.2(0.5)S0, 7.3(0)D1(0.71), 7.3(0)DHB(0.31), 7.3(0)FM(0.4), 7.3(0)HM(0.5), 7.3(0)PDB(0.32)
Alert Type:
Updated *
Bug Id:
CSCub00716
Title:
DCNM: TLS1.0/SSL3.0 Information Disclosure Vulnerability (CVE-2011-3389)
Status:
Fixed
Severity:
3 Moderate
Description:

Symptom:
Cisco DCNM includes a version of OpenSSL that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures
(CVE) IDs:

CVE-2011-3389 and CVE-2008-5161
This bug was opened to address the potential impact on this product.

Conditions:
Device with default configuration.

Workaround:
Not currently available.

Further Problem Description:
Additional details about the vulnerabilities listed above can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4.3/3.9:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:M/Au:N/C:P/I:N/A:N/E:POC/RL:U/RC:C&version=2.0
CVE ID CVE-2011-3389 and CVE-2008-5161has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html


Last Modified:
20-AUG-2015
Known Affected Releases:
5.2(2c), 6.2(3)
Known Fixed Releases: *
6.2(11)FI(0.8), 6.2(11)S2, 6.2(11.1)S0, 6.2(13)FM(0.13), 6.2(13)GS(0.13), 6.2(5)S32, 6.3(0.165)S0, 6.3(0.74)S0, 6.3(1)S5, 6.3(1.3)S0
Alert Type:
Updated *
Bug Id:
CSCus44103
Title:
DCNM: lanstartup.log and sanstartup.log are not rotating
Status:
Fixed
Severity:
3 Moderate
Description:

Symptom:
The DCNM LAN Server service fails to start with the following error in "lanstartup.log" under "%INSTALL_DIR\dcm\jboss-as-7.2.0.Final\standalone\log":

---snip---
Starting Cisco DCNM LAN Server [2014-12-29 09:18:13]
Calling "e:\Program Files\Cisco Systems\dcm\jboss-as-7.2.0.Final\bin\standalone.conf.bat"
"JAVA_OPTS already set in environment; overriding default settings with values: -Xms256M -Xmx6152M -XX:MaxPermSize=512M -XX+HeapDumpOnOutOfMemoryError -XX:-UseGCOverheadLimit"
The handle could not be opened
during redirection of handle 1.
---snip---

A similar error is noticed for the SAN servers in the sanstartup.log file. The startup of the server fails.

Conditions:
1. The "lanstartup.log" file itself is >4 GB or the "sanstartup.log" is > 7GB
2. This issue has been observed, when DCNM Server is installed on a host/VM running Microsoft Windows Server OS.

Workaround:
1. Stop all DCNM Server services via "Start > All Programs > Cisco DCNM Server > Stop DCNM Servers".
2. Delete the "lanstartup.log" and "sanstartup.log" files under "%INSTALL_DIR\dcm\jboss-as-7.2.0.Final\standalone\log" (you can take a copy as backup beforehand, if needed).
alternatively you can delete or rename the "%INSTALL_DIR\dcm\jboss-as-7.2.0.Final\standalone\log" directory and recreate it.
3. Start all DCNM Server services via "Start > All Programs > Cisco DCNM Server > Start DCNM Servers".

--- or ---

Navigate to "%INSTALL_DIR\dcm\jboss-as-7.2.0.Final\bin" and run DCNM LAN Server in standalone mode using the "standalone-lan.bat". Note that this workaround is not persistent across reboot and that the Command Prompt window in which the "standalone-lan.bat" is executed must not be closed.

Further Problem Description:
This also results in the files not being included in the techsupport.bat script.

Last Modified:
20-AUG-2015
Known Affected Releases:
6.3(2), 7.1(1)
Known Fixed Releases: *
6.2(11.4)S0, 6.2(13)FM(0.33), 6.2(13)GS(0.13), 7.1(1.20)S0, 7.2(0)FM(0.2), 7.3(0)D1(0.71), 7.3(0)DHB(0.31), 7.3(0)HM(0.5), 7.3(0)PDB(0.32), 7.3(0)ZD(0.83)
Alert Type:
Updated *
Bug Id:
CSCuu30946
Title:
DCNM - Empty Intf Descr for Eth ports
Status:
Fixed
Severity:
4 Minor
Description:

Symptom:
In some situations, the DCNM web GUI will not display the interface description for Ethernet interfaces despite displaying the descriptions for FC interfaces.

Conditions:
DCNM 7.1.1

Workaround:
Use the Device Manager client to view the intf descriptions instead.

Further Problem Description:

Last Modified:
20-AUG-2015
Known Affected Releases:
7.1(1)
Known Fixed Releases: *
7.2(0.37)S0, 7.2(0.38)S0, 7.3(0)D1(0.71), 7.3(0)DHB(0.31), 7.3(0)HM(0.5), 7.3(0)PDB(0.32), 7.3(0)ZD(0.83)
Alert Type:
Updated *
Bug Id:
CSCuv52956
Title:
Doc : On MDS you can configure max=10 snmp server hosts
Status: *
Fixed
Severity:
4 Minor
Description:

Symptom:
On adding 11th target host for SNMP following error is given on the CLI :

switch(config)# snmp-server host 10.4.200.173 traps version 2c noauth
reached maximum allowed targets limit

switch#
This needs to be documented :
http://www.cisco.com/en/US/docs/switches/datacenter/mds9000/sw/4_1/configuration/guides/cli_4_1/snmp.html

Conditions:
Trying to configure the 11th target host snmp

Workaround:
MDS supports only 10 SNMP targets

Further Problem Description:

Last Modified:
03-AUG-2015
Known Affected Releases:
5.3(0.2n)S8
Known Fixed Releases:
Alert Type:
New
Bug Id:
CSCuv63735
Title:
Topology Map not appearing correctly
Status:
Fixed
Severity:
4 Minor
Description:

Symptom:
Topology map of SAN client shows a small dot in the upper left corner.

Conditions:
Hide Unselected VSAN Members is being used when viewing maps of VSANs.

Workaround:
If a map file from a working user is copied over to the non-working user, the non-working user can then see the map.

Alternatively, if pressing the layout button does not correct the map, setting log level to ALL before pressing the layout button worked. Set log level to All for
com.cisco.dcbu.lib.map
com.cisco.dcbu.sm.client.map
then press the layout button. NOTE this will increase data written to fm.log so change log level back to WARN afterwards.

Further Problem Description:
The bad map files (located in C:\Program Files\Cisco Systems\dcm\fm\db\) will have large negative coordinates such as (-2147483648, -2147483648)

Last Modified:
20-AUG-2015
Known Affected Releases:
7.1(2)
Known Fixed Releases:
7.2(1.45)S0
Alert Type:
New
Bug Id:
CSCuv76218
Title:
DCNM VPC Health does not show SVI information
Status:
Open
Severity:
4 Minor
Description:

Symptom:
In the GUI there is no VPC information for SVIs, so inconsistencies there are not displayed.

Conditions:
Running 7.1(2) on a Linux platform

Workaround:
Access the switch and run sh vpc consistency-parameters global, show vpc brief and determine where the inconsistency is.

Further Problem Description:

Last Modified:
19-AUG-2015
Known Affected Releases:
7.1(2.1)
Known Fixed Releases:
Alert Type:
New
Bug Id:
CSCuv78126
Title:
DFA docs needs to highlight the need for higher MTU in transit devices
Status:
Open
Severity:
6 Enhancement
Description:

Symptom:
DFA documentation should let customers know that transit devices are not aware of encapsulation if it is a transit device and thus the need to manually add an additional 42 bytes to any transit devices is necessary

Conditions:
This is a documentation bug

Workaround:
Add higher MTU

Further Problem Description:

Last Modified:
17-AUG-2015
Known Affected Releases:
7.0(1)
Known Fixed Releases:
Alert Type:
Updated *
Bug Id:
CSCup27841
Title:
vcenter 5.5 registration fails due to improper certs
Status:
Fixed
Severity:
6 Enhancement
Description:

Symptom:
vcenter 5.5 registration fails in 6.3.1 due to checksum on certs.
need an option to ignore certs

Conditions:
Wireshark capture will show the VCenter certificate error.

Workaround:
Apply a valid certificate

Further Problem Description:

Last Modified:
20-AUG-2015
Known Affected Releases:
6.3(1)
Known Fixed Releases: *
6.2(10)CR(0.14), 6.2(10.7)S0, 6.2(11)FM(0.7), 6.2(12)BFP(0.13), 6.2(12)FM(0.5), 6.2(8)TS(0.28), 6.3(2)S47, 7.1(0.39)S0, 7.3(0)D1(0.71), 7.3(0)DHB(0.31)
Alert Type:
Updated *
Bug Id:
CSCup33650
Title:
DCNM ignores Root Directory for Config Archive
Status:
Fixed
Severity:
6 Enhancement
Description:

Symptom:
DCNM Config Archive fails to upload configuration due to not using the correct Root Directory from Admin / SFTP/TFTP Credentials

Conditions:
This issue primarily affects Linux based DCNM where the SFTP user does not have privilege to write to /

Windows based DCNM typically uses 3rd party TFTP or SFTP which explicitly nominates the root directory as part of its configuration rather than relying on client, so is unaffected

Workaround:
Use TFTP, where the directory Config Files written to can be controlled by the OS

If using SFTP on Linux, allow SFTP as root

Further Problem Description:

Last Modified:
18-AUG-2015
Known Affected Releases:
6.3(1), 6.3(2)
Known Fixed Releases: *
6.2(11)FI(0.8), 6.2(11)S2, 6.2(11.1)S0, 6.2(13)FM(0.13), 6.2(13)GS(0.13), 7.1(0.42)S0, 7.2(0)FM(0.2), 7.3(0)HM(0.5), 7.3(0)PDB(0.32), 7.3(0)ZD(0.83)

Find additional information in Bug Search index.

 

2013 Cisco and/or its affiliates. All rights reserved. Terms & Conditions | Privacy Statement | Cookie Policy | Trademarks

 

没有评论:

发表评论