| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv89746 | Title: | ECMP Auto-recovery fails to complete |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
ECMP Auto-Recovery does not complete and IPv4 or IPv6 routes are out of sync between hardware and software leading to blackholing.
Also, MTS messages could build up and not processed by the IPFIB process
Conditions:
1. This issue is a corner case seen after ECMP object groups are exhausted
%IPFIB-2-FIB_HW_ECMP_TABLE_FULL: Programming of ECMP in hardware failed, due to ECMP hardware table full.
2. There are free hardware ECMP paths that satisfy the ECMP-Recovery configuration so that Auto-Recovery starts and attempts to recover
some partially installed prefixes
IPFIB-2-FIB_HW_ECMP_AUTO_RECOVERY_START: ECMP auto recovery start.
3. The AUTO_RECOVERY_COMPLETE log message is absent after several minutes
/* Note, you should normally see one of these two messaeges after auto-recovery kicks off but in this case you actually wouldn't see them */
IPFIB-2-FIB_HW_ECMP_AUTO_RECOVERY_PARTIAL_COMPLETE:
IPFIB-2-FIB_HW_ECMP_AUTO_RECOVERY_COMPLETE
Workaround:
Disabling ECMP-AutoRecovery can be done as a preventive measure to avoid hitting this problem
Further Problem Description:
|
|
Last Modified: | 27-OCT-2015 |
|
Known Affected Releases: | 6.0(2)U3(7.99) |
|
Known Fixed Releases: * | 6.0(2)A6(4.115), 6.0(2)A6(5), 6.0(2)U3(7.106), 6.0(2)U3(7.107), 6.0(2)U3(8), 6.0(2)U3(9), 6.0(2)U6(3.115), 6.0(2)U6(4), 7.0(3)I2(1.65), 7.0(3)I2(2) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv88315 | Title: | N3K: STP core on BPDUguard |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
When a BPDU guard enabled port receives a BPDU the port is put to error disabled.
Under this condition a STP process core is seen and the box could reload due to hap reset,
if the condition is persistent
Conditions:
Receiving a BPDU on an BPDU Guard port.
Workaround:
Disable BPDU guard
Further Problem Description:
|
|
Last Modified: | 16-OCT-2015 |
|
Known Affected Releases: | 6.0(2)U6(1.99) |
|
Known Fixed Releases: * | 6.0(2)A6(4.113), 6.0(2)A6(5), 6.0(2)U6(2.113), 6.0(2)U6(4) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuf36771 | Title: | N3k-OF:Vlan ID is removed when packets are punted to controller |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
When the Datapath Service Set is asked to provide Layer-2 frames to it's client, the frames will be missing any 802.1Q or QinQ header that may have originally been on the frame.
This in turn affects any OpenFlow packets sent to the controller, preventing the controller from properly performing reactive-mode learning switch or similar operations.
Conditions:
When 802.1q tagged packets need to be diverted via the OneP Datapath Service Set to a client, including to an OpenFlow controller by way of the Cisco Plug-in for OpenFlow Agent.
Workaround:
no known workarounds.
Further Problem Description:
|
|
Last Modified: | 08-OCT-2015 |
|
Known Affected Releases: | 6.0(2)U3(0.728) |
|
Known Fixed Releases: * | 15.2(4.0)ST, 15.2(4.0.21)E, 15.2(4.0.64a)E, 15.2(5.0)ST, 6.0(2)A4(1), 6.0(2)U4(1), 7.0(0)FHS(0.23), 7.0(0)KMS(0.12), 7.0(0)SC(0.2), 7.1(0)ES(0.10) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw44058 | Title: | N3500: UTC offset not reused by BC when utc_offet_valid is FALSE from GM |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
GM ---------- BC1 ------------ BC2 ---------- client
In the above topology when Grand Master [GM] sends utc_offset_valid as FALSE, Boundary Clock node [BC1] propagates 36 as utc offset irrespective of the once received from GM.
In our case, GM sends UTC offset 35 with UTC_offset_valid as FALSE. However BC1 sends to BC2 with UTC offset as 36 and UTC_offset_valid as TRUE.
BC1 *must* always reuse the information received from GM.
Conditions:
NA
Workaround:
There are no known workarounds
Further Problem Description:
N3500 overides UTC offset value when GM sends utc offset valid flag as FALSE.
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 6.0(2)A6(4.124) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCue28842 | Title: | New onep Makefile targets for c-pl and java-pl |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Conditions:
Workaround:
|
|
Last Modified: | 03-OCT-2015 |
|
Known Affected Releases: | 6.0(2)U1(1) |
|
Known Fixed Releases: * | 15.1(1)ICA4.122, 15.2(1)IC273.5, 15.2(2.4.11)EA, 15.2(2.6.89)EA, 15.2(4.0)ST, 15.2(4.0.64a)E, 15.2(5.0)ST, 15.3(1.14)PI22c, 15.3(2.2)T, 15.3(2.3.1)CG |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv75209 | Title: | Nexus 3064T detects non-existent SFP on 40G interface |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
When configuring "hardware profile portmode 48x10G+4x40G" and reloading N3k, unknown SFP might be detected on 40G interfaces though SFP is not inserted.
The unknown SFP's serial number is always "AVP1525S301".
At that time, "show interface transceiver" may show the following output;
Ethernet1/xx
transceiver is present
type is 40Gbase-SR
name is CISCO-AVAGO
part number is AFBR-79E4Z-CS1
revision is 02
serial number is AVP1525S301
nominal bitrate is 10300 MBit/sec
Link length supported for 50/125um OM3 fiber is 100 m
Link length supported for 50/125um OM2 fiber is 30 m
cisco id is --
cisco extended id number is 16
OR
Ethernet1/xx
transceiver is present
type is QSFP-40G-SR4
name is UNKNOWN
part number is
revision is
serial number is
nominal bitrate is 10300 MBit/sec
Link length supported for 50/125um OM3 fiber is 100 m
Link length supported for 50/125um OM2 fiber is 30 m
cisco id is --
cisco extended id number is 16
Conditions:
Nexus - 3064T
NXOS - 6.0(2)U3(7), 6.0(2)U4(3), 6.0(2)U5(1), 6.0(2)U6(1)
Workaround:
By Installing QSFP+ in the affected port then reseating it again, correct SFP information will be shown.
Further Problem Description:
|
|
Last Modified: | 08-OCT-2015 |
|
Known Affected Releases: | 6.0(2)U5(1), 6.0(2)U6(1) |
|
Known Fixed Releases: * | 6.0(2)U6(3.126), 6.0(2)U6(3.127), 6.0(2)U6(4) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCty07258 | Title: | Hidden cli commands allow access to arbitrary files |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Cisco devices running NX-OS include hidden commands that could allow an authenticated, local attacker to view arbitrary files on on the
underlying operating system. This could result in the disclosure of critical system information.
The following Cisco Nexus devices are affected:
Cisco Nexus 7000 Series
Cisco Nexus 5000 Series
Cisco Nexus 3000 Series
Cisco Nexus 1000V Series
Conditions:
Cisco Nexus and MDS switches running an affected version of NX-OS software are affected.
Workaround:
Restrict access to trusted users only.
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are :
4.6/3.8
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:L/Au:S/C:C/I:N/A:N/E:F/RL:OF/RC:C&version=2.0
CVE ID CVE-2012-4134 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 30-OCT-2015 |
|
Known Affected Releases: | 5.0(3)U1(2) |
|
Known Fixed Releases: | 6.0(2)A4(0.765), 6.0(2)A4(1), 6.0(2)U4(0.765), 6.0(2)U4(1), 7.0(3)I2(0.96), 7.0(3)I2(1) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuq83575 | Title: | Improve serviceability of message neutron_usd - failed to set mux addr |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
This is not a software bug. It is an enhancement request to improve the serviceability of the following error message:
%KERN-3-SYSTEM_MSG: [2654954.489403] neutron_usd - failed to set mux addr 0xYY ch Y err Y -
kernel
Conditions:
This bug applies to software up to 6.0(2)U3(3)
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 28-OCT-2015 |
|
Known Affected Releases: | 6.0(2)U3(1) |
|
Known Fixed Releases: * | 6.0(2)A5(1.38), 6.0(2)A5(2), 6.0(2)A6(1.90), 6.0(2)A6(2), 6.0(2)U5(1.38), 6.0(2)U5(2), 6.0(2)U6(0.90), 6.0(2)U6(1) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv77848 | Title: | Deny ACL entry with log doesn't block traffic if fwd profile is WARP |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
ACL doesn't block or log traffic that hits an ACE with deny + log entry
Conditions:
- forwarding profile must be warp
- have to have deny and log option enabled in an ACE.
Workaround:
- do not use log option in a deny ACE
- if log is mandatory, disable warp mode.
Further Problem Description:
|
|
Last Modified: | 27-OCT-2015 |
|
Known Affected Releases: | 6.0(2)A6(3.100) |
|
Known Fixed Releases: * | 6.0(2)A6(4.134), 6.0(2)A6(5), 6.0(2)A7(0.6), 6.0(2)A7(1), 6.0(2)U6(4.134), 6.0(2)U6(5), 6.0(2)U7(0.6), 6.0(2)U7(1) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu40319 | Title: | Order of strength check to be ahead of the "username" |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
After ASCII configuration replay during fast-reload username/combination password might not work
Conditions:
This is seen when copy file start + fast-reload is performed and
a) The source file does not have snmp-username
b) The password is not a strong password
Workaround:
a) Change source file so password strength-check is above username CLI
or
b) Use strong password
Further Problem Description:
|
|
Last Modified: | 15-OCT-2015 |
|
Known Affected Releases: | 6.0(2)U6(1) |
|
Known Fixed Releases: * | 6.0(2)A6(4.121), 6.0(2)A6(5), 6.0(2)U6(3.121), 6.0(2)U6(4) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv33390 | Title: | MSDP timers should match (S,G) state |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Currently in NX-OS, MSDP timers rely on the generation of Null-Registers on the RP to keep the SA state active. Even if the (S,G) expiry timer is increased and the source stops sending, the SA will eventually time out due to inactivity from the source as the Null-Registers will stop even though the (S,G) is still active.
Conditions:
This is the default behavior in NX-OS.
Workaround:
None.
Further Problem Description:
|
|
Last Modified: | 25-OCT-2015 |
|
Known Affected Releases: | 6.0(2)A4(3) |
|
Known Fixed Releases: * | 7.3(0)RTG(0.98) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuq59586 | Title: | back space hits 73rd character will "blank" out all characters |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
when entering long CLI command that exceeded 73 characters, if back space was used, when back space hits the 73rd character, all characters then disappeared from the command line.
Conditions:
CLI command exceeds 72 characters long and back space bar was used
Workaround:
set the terminal width to a bigger number. By default terminal width is set at 72. This can the set to a maximum number of 511.
BLR-SCL-QI2-28# terminal width ?
<24-511> Number of characters on a screen line
BLR-SCL-QI2-28# terminal width 511
Further Problem Description:
|
|
Last Modified: | 27-OCT-2015 |
|
Known Affected Releases: | 5.0(3)U5(1h) |
|
Known Fixed Releases: * | 6.0(2)A6(0.74), 6.0(2)A6(1), 6.0(2)U6(0.74), 6.0(2)U6(1) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCus36166 | Title: | Monitoring LACP groupd via SNMP always returns value of 1 |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom:
The SNMP agent in the Nexus 3000 series always returns a value of 1 for the object dot3adAggAggregateOrIndividual, regardless of how the device is actually configured.
Conditions:
Workaround:
At this time, there is no workaround.
Further Problem Description:
|
|
Last Modified: | 30-OCT-2015 |
|
Known Affected Releases: | 5.0(3)U5(1e) |
|
Known Fixed Releases: * | 6.0(2)A6(0.18), 6.0(2)A6(1), 6.0(2)U6(0.18), 6.0(2)U6(1) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw53993 | Title: | SPAN capability consistency across N3K platform |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: * | Symptom:
Unable to configure a two monitor sessions with the same source VLAN
Conditions:
Two active monitor sessions
Workaround:
Upgrade to 7.0(3)I2
Further Problem Description:
|
|
Last Modified: | 25-OCT-2015 |
|
Known Affected Releases: | 6.0(2)U4(1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuw56247 | Title: | create show tech-support openflow option |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: | Symptom:
openflow commands must be run one at a time to be provided to TAC
Conditions:
Running a switch in openflow mode
Workaround:
1) run each command one at a time
2) run a python script to concatenate the commands onto one an other
Further Problem Description:
|
|
Last Modified: | 09-OCT-2015 |
|
Known Affected Releases: | 6.0(2)A6(4.107) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw33662 | Title: | Traceroute not working over NAT |
|
Status: | Open |
|
Severity: * | 6 Enhancement |
Description: | Symptom:
Traceroute doesn't work through N3K switch configured for nat
Conditions:
Using dynamic NAT on N3k
Workaround:
N/A
Further Problem Description:
|
|
Last Modified: | 14-OCT-2015 |
|
Known Affected Releases: | 6.0(2)A6(2) |
|
Known Fixed Releases: | |
|
|
| |
2013 Cisco and/or its affiliates. All rights reserved. 
没有评论:
发表评论