| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv37216 | Title: | Callhome messages via HTTP transport is not sent due to L3VM error |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Callhome messages vis HTTP transport not sent due to l3vm_get_context_id failing.
Conditions:
Try sending any call home message thru http transport.
Workaround(s):
None.
Workaround:
None.
Further Problem Description:
None.
|
|
Last Modified: | 02-OCT-2015 |
|
Known Affected Releases: | 7.3(0)SLN(0.28) |
|
Known Fixed Releases: * | 7.3(0)D1(0.98), 7.3(0)PDB(0.57), 7.3(0)SL(0.109), 7.3(0)SL(0.85), 7.3(0)ZD(0.112) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut29799 | Title: | Privilege escalation with o+w files and directories |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptoms:
Cisco NX-OS based devices contain a number of files and directories that are assigned weak file permissions. This could allow an attacker that was able to gain access to the
underlying operating system to view or modify certain files that should be restricted.
Conditions:
Nexus devices running an affected version of NX-OS Software.
Workaround:
None.
Further Problem Description:
Credit:
Cisco would like to thank Jens Krabbenhoeft for discovering and reporting this vulnerability.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 1.7/1.4:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:L/Au:S/C:N/I:P/A:N/E:F/RL:OF/RC:C&version=2.0
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 30-OCT-2015 |
|
Known Affected Releases: | 6.2(12) |
|
Known Fixed Releases: * | 7.0(0)HSK(0.392), 7.3(0)D1(0.69), 7.3(0)DX(0.4), 7.3(0)PDB(0.11) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCue06708 | Title: | FEX ports in SDP timeout/SFP Mismatch 6.1.3.S35 |
|
Status: | Terminated |
|
Severity: | 2 Severe |
Description: | Symptom:
SDP Timeout / SFP Mismatch error is seen on interface when trying to bring up FEX fabric ports in a port channel on N7K. This occurs only sometimes when FEX fabric port configurations are changed or re-applied to the ports on the N7K. After this bug appears the ports cannot be brought back to an "up" state. The member links of the port channel that are effected seem to be random.
Conditions:
Occurs on release 6.1(3). Has been seen using F248XP line cards with FET-10G transceivers on both the N7K and the FEX. Recommended configurations applied on the N7K ports that serve as an uplink to the FEX.
Workaround(s):
In dual-supervisor setups, a system switchover has been found to correct the problem. A reload of the entire chassis can also fix the problem. Flapping the ports, reloading the VDC, and removing and re-applying configurations has not been found to be a work-around.
Workaround:
Reload the FPC
More Info:
|
|
Last Modified: | 28-OCT-2015 |
|
Known Affected Releases: * | 6.1(3)S35 |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw25153 | Title: | Traffic loss during HSRP Recovery |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | HSRP is configured on 2 Nexus 7700, one is active and the other one is standby.
When the link on the active one is down, the standby one will take over the role of the active one. However, after the link is up, when the original active one try to take back the role, there will be a traffic loss of more than 1s. This issue occurs once in 30 trials.
Symptom:
HSRP is configured on 2 Nexus 7700, one is active and the other one is standby.
When the link on the active one is down, the standby one will take over the role of the active one. However, after the link is up, when the original active one try to take back the role, there will be a traffic loss of more than 1s. This issue occurs once in 30 trials.
Conditions:
Hsrp sessions over BFD and we need to keep on doing shut and no shut
Workaround:
No workaround is there for the drop. Its random.
Further Problem Description:
|
|
Last Modified: | 23-OCT-2015 |
|
Known Affected Releases: | 6.2(13)S8, 7.2(0)D1(1) |
|
Known Fixed Releases: | 7.3(0)IB(0.95) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw49523 | Title: | 6214a: VACL not h/w programmed |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
When VACL is applied to VLAN which has RACL applied on same SVI, VACL could not be applied.
Conditions:
Same VLAN has RACL applied on the SVI before VACL is applied.
Workaround:
Apply VACL first, then apply RACL on SVI.
Further Problem Description:
|
|
Last Modified: | 23-OCT-2015 |
|
Known Affected Releases: | 6.2(14a)S2, 7.3(0.83) |
|
Known Fixed Releases: * | 6.2(14a)S7 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut17793 | Title: | SSTE:Traffic loss observed after flapp mpls interf with 7.2(0)D1(0.422) |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Few VPLS PWs are down
Conditions:
Flap MPLS interface used by PWs
Workaround:
clear l2vpn service all
Further Problem Description:
|
|
Last Modified: | 22-OCT-2015 |
|
Known Affected Releases: | 7.2(0)D1(0.422), 7.2(0)D1(0.484) |
|
Known Fixed Releases: * | 15.5(1)S1.5, 15.5(1)S2.15, 15.5(1)S2.7, 15.6(0.16)S, 15.6(0.17)PI30d, 15.6(0.25)T, 15.6(1.1)T, 15.6(1.3)S, 7.0(0)BZ(0.71), 7.0(0)FHS(0.23) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut25162 | Title: | VPLS VC's don't come after delete/add VFI's in EFP scale setup |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Few VPLS PW's remain down
Conditions:
With L2VPN VFI's scaled, delete all VFIs and Re-add all VFI's.
Workaround:
clear l2vpn service vfi all
Further Problem Description:
|
|
Last Modified: | 22-OCT-2015 |
|
Known Affected Releases: | 7.2(0)D1(0.422), 7.2(0)D1(0.430) |
|
Known Fixed Releases: * | 15.5(1)S0.17, 15.5(1)S1.1, 15.5(1)S2, 15.5(1)S2.1, 15.5(1)S2.15, 15.6(0.16)S, 15.6(0.17)PI30d, 15.6(0.25)T, 15.6(1.1)T, 15.6(1.3)S |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuw59604 | Title: | itd: sh run service does not show nodes, when configuring 32 nodes... |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
with scaled nodes of 256 show command shows only partial outputs does not include all nodes for display ,
display of show running services would not show all nodes and details .
Conditions:
scaled nodes upto max per service
Workaround:
configure lesser nodes ( 2 per service) than max limit for each service .
Further Problem Description:
with scaled nodes of 256 show command shows only partial outputs does not include all nodes for display ,
|
|
Last Modified: | 13-OCT-2015 |
|
Known Affected Releases: | 7.2(1)D1(0.93) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw62003 | Title: | doing takeover in sequence for both instance old primary is not updated |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: * | Symptom:Doing takeover in sequence for both instance old primary is not updated for MST instance.
Conditions:
Apply takeover for both the instance one after another immediately.
Workaround:
Separately they are working fine. No issues.
More Info:
|
|
Last Modified: | 12-OCT-2015 |
|
Known Affected Releases: | 7.2(1)D1(0.68), 7.3(0)D1(0.118) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw39581 | Title: | OSPF sessions flap seen when scaled upto 1000 sessions. |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
OSPF session flap continuously when configured in 1000 sub-interfaces between 2 routers back to back.
Conditions:
OSPF running in 1000 sub-interfaces between 2 routers back to back:
Box bring up.
Interface flap.
Reload.
Workaround:
"timers throttle lsa 50 5000 15000" in router ospf mode.
Further Problem Description:
|
|
Last Modified: | 10-OCT-2015 |
|
Known Affected Releases: | 7.2(1)D1(0.82), 7.3(0)D1(0.98) |
|
Known Fixed Releases: * | 7.2(1)D1(1), 7.3(0)IB(0.87) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw39946 | Title: | MAC learnt on non existent F2e port |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
MAC address learnt on a non existent port
Conditions:
Seen when a loop occurs and multiple mac flaps were seen. While this happens, if the port-channel is deleted, the process responsible for mac learning still believes the interface exist
Workaround:
create the port-channel again and issue clear mac address-table and then delete the port-channel
Further Problem Description:
|
|
Last Modified: | 10-OCT-2015 |
|
Known Affected Releases: | 6.2(10) |
|
Known Fixed Releases: * | 7.3(0)PDB(0.79) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw50467 | Title: | F3 module drops to failure state after ISSU |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: |
Symptom:
After ISSU a LC drops to failure state. "sh system reset-reason module" lists the reason as "elo_io hap reset => [Failures < MAX] : powercycle"
Conditions:
ELOAM must be configured and running on the LC while the ISSU occurs.
Workaround:
Remove all ELOAM config before the ISSU and then reapply afterwards.
|
|
Last Modified: | 08-OCT-2015 |
|
Known Affected Releases: | 7.3(0)D1(0.112) |
|
Known Fixed Releases: * | 7.3(0)D1(0.122) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuw51463 | Title: | HSK: %SYSMGR-2-SERVICE_CRASHED: Service "vpc_config_sync" |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
config-sync service is crashed
Conditions:
change mode of phy vpc from active to passive
Workaround:
mode should be active
Further Problem Description:
|
|
Last Modified: | 07-OCT-2015 |
|
Known Affected Releases: | 7.3(0)D1(0.105), 7.3(0)D1(0.111) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv42308 | Title: | MST Disputes VPC peer-switch secondary peer sending cost of 250 |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: * | Symptom:
STP/MST disputes downstream from vPC domain with peer-switch
Conditions:
vpc peer-switch configured, this was noticed with MST, unaware if it also affects PVST
Workaround:
Remove "peer-switch" from secondary peer sending incorrect root cost value and re-add peer-switch
Further Problem Description:
If this is encountered, please gather the following from both N7K's and engage TAC:
# show tech detail
# show tech vpc
# show tech stp
# show tech l2fm detail
|
|
Last Modified: | 07-OCT-2015 |
|
Known Affected Releases: | 6.2(12) |
|
Known Fixed Releases: | 6.2(14a)S2, 6.2(14a)S3, 7.3(0)PDB(0.69) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuu58533 | Title: | Support to enable hw-offload on any VDc's |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: |
Symptom:BFD hw-offload cannot be enabled on switch with admin vdc
Conditions:BFD configurations are not allowed from Admin VDC
Workaround:Configure BFD hw-offload from Default VDC
More Info:
|
|
Last Modified: | 07-OCT-2015 |
|
Known Affected Releases: | 7.1(0)D1(0.196), 7.2(0)D1(1) |
|
Known Fixed Releases: | 7.2(1)D1(0.30), 7.2(1)ZD(0.25) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuu02335 | Title: | NVT: Console stuck for 2 mins while deleting each port channel with BFD |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: |
Symptom:Console stuck for 2 mins while deleting PC interface with BFD and BGP.
Conditions:While deleting PC interface, with BFD and BGP, console stuck for 2 mins.
Workaround:Remove BFD with "no bfd" config on PC interfaces before deleting those interfaces.
More Info:
|
|
Last Modified: | 07-OCT-2015 |
|
Known Affected Releases: | 7.2(0)D1(0.471) |
|
Known Fixed Releases: | 7.2(1)D1(0.57), 7.2(1)ZD(0.50) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuo12464 | Title: | Titanium: igmp packets looping within a DFA fabric |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
igmp packets looping within a DFA fabric
Conditions:
CPU 100% busy
Workaround:
no
Further Problem Description:
bgp lose connection due to cpu busy.
|
|
Last Modified: | 07-OCT-2015 |
|
Known Affected Releases: | 7.1(0)D1(0.43) |
|
Known Fixed Releases: * | 7.0(0)BZ(0.46), 7.0(0)HSK(0.317), 7.0(0)KM(0.97), 7.0(1)ZD(0.184), 7.0(1)ZN(0.304), 7.0(3)N1(0.42), 7.0(3)N1(1), 7.1(0)BF(0.85), 7.1(0)D1(0.171), 7.1(0)FC(0.2) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCus58902 | Title: | It is possible to install a back door on a fully compromised device |
|
Status: | Terminated |
|
Severity: | 2 Severe |
Description: * | Symptom:If the admin user is able to reach the underlying OS shell, it migh be possible to create a fully functional operating system account that could
have unlimited access to the underlying operating system.
Conditions:Requires to have already full administrative access to the device and the existence of a separate bug that would allow the administrator to access the
underlying operating system shell
Workaround:None
More Info:This is a generic attack type, not a vulnerability in the software.
The proper way to prevent the attack is to prevent the conditions that allow an attacker to gain access to the device and to the unerlaying operating system shell.
|
|
Last Modified: | 05-OCT-2015 |
|
Known Affected Releases: | 7.2(0)ZN(0.36) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCud54797 | Title: | cli enhancements for tls |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | This is an enhancement.
|
|
Last Modified: | 04-OCT-2015 |
|
Known Affected Releases: | 6.2(0)OP(0.49) |
|
Known Fixed Releases: * | 15.1(1)ICA4.122, 15.2(1)IC273.5, 15.2(2.4.11)EA, 15.2(2.6.89)EA, 15.2(4.0)ST, 15.2(4.0.64a)E, 15.2(5.0)ST, 15.3(1.14)PI22c, 15.3(2.2)T, 15.3(2.3.1)CG |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuw51522 | Title: | Mac learnt on ES ID for host vpc+ port operating in individual mode |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
On a pair of nexus 7000 series switches configured for fabricpath vpc+, the mac address for an host vpc+ operating in individual mode may point to an incorrect interface on the non-parent nexus 7000, either pointing to the local vpc+ leg that is down, or to the fabricpath address for the emulated switch (ES ID.1.65535). Traffic destined for devices behind the host vpc+ ingressing the non-parent nexus 7000 will not reach its destination.
Conditions:
- This is seen in a host vpc+ configuration, a port-channel configured for vpc made of HIF interfaces residing on seperate FEXes, each connected to a single parent nexus 7000
- The port is running in standalone mode allowed by the configuration of no lacp suspend-individual on the port-channel and the absence of lacp configuration on the attached system.
Workaround:
Further Problem Description:
|
|
Last Modified: | 03-OCT-2015 |
|
Known Affected Releases: | 6.2(14), 7.2(0)D1(1) |
|
Known Fixed Releases: | 7.2(1)D1(0.99), 7.2(1)ZD(0.90) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCur57084 | Title: | FEX Core Fails to Upload in Non-default VDC - No Workaround on NPE Image |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Nexus 2000 may fail to copy the core file to the Nexus 7000 during a crash but continues to try over and over:
N7k-2 SYSMGR-FEX101-3-CORE_OP_FAILED Core operation failed: send_msg_to_ccdmon: Could not send to CORE_DMON return -1 errno 32
N7k-2 SYSMGR-FEX101-5-SUBPROC_TERMINATED "System Manager (core-client)" (PID 1903) has finished with error code SYSMGR_EXITCODE_CORE_CLIENT_ERR (11).
Conditions:
When the Nexus 2000 connected to a non-default VDC crashes.
Workaround:
Contact Cisco TAC.
Further Problem Description:
Fix is present starting in 7.2. Issue exists in all releases prior to 7.2.
|
|
Last Modified: | 05-OCT-2015 |
|
Known Affected Releases: | 6.2(10) |
|
Known Fixed Releases: | 7.0(0)BZ(0.46), 7.0(0)FHS(0.23), 7.0(0)HSK(0.395), 7.0(0)KM(0.119), 7.0(0)KMS(0.11), 7.0(2)FIP(0.19), 7.1(0)AV(0.74), 7.1(0)ES(0.7), 7.1(0)IB(122), 7.1(0)SIB(99.109) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCum47367 | Title: | Cisco NX-OS Software TACACS+ Command Authorization Vulnerability |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
A vulnerability in TACACS command authorization code of Cisco NX-OS could
allow an authenticated, local attacker to execute certain commands without
being authorized by TACACS server.
The vulnerability is due to processing of certain commands when they are
executed in a sequence. An attacker could exploit this vulnerability by
executing multiple commands in a sequence. An exploit could allow the
attacker to execute certain commands without being authorized by TACACS
server.
Conditions:
The vulnerability happens when the device is configured for TACACS
command authorization.
Workaround:
Assigning the TACACS+ users to a read-only role through authorization, will block all configuration changes that bypass TACACS+ authorization.
Assigning the TACACS+ users to a role that is unable to run any commands, will block all commands the bypass TACACS+ authorization.
Only TACACS+ authorization is affected. Both authentication and accounting are unaffected.
network-operator and vdc-operator are system-generated roles with read-only permissions.
The following configuration example will create a role named remoteuser with no access to run any commands:
role name remoteuser
rule 1 deny command *
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are
6.8/5.8:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=&version=2.0
dispatch=1&version=2&vector=AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:W/RC:C
CVE ID CVE-2014-0676 has been assigned to document this issue.
Additional details about the vulnerability described here can be found at:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0676
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Further Problem Description:
|
|
Last Modified: | 30-OCT-2015 |
|
Known Affected Releases: | 5.1(5), 6.1(4), 6.2(2) |
|
Known Fixed Releases: * | 5.2(1)N1(7.125), 5.2(1)N1(8), 6.0(2)A4(0.760), 6.0(2)A4(1), 6.0(2)U4(0.760), 6.0(2)U4(1), 6.1(2)I3(2.18), 6.1(2)I3(3), 6.2(10), 6.2(10)FM(0.28) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCus61895 | Title: | MPLS:Inconsistent routes with MPLS in 6.2.12.S26 |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Routes going over mpls next-hops may be falsely reported as "inconsistent in software".
Conditions:
Routes going over mpls next-hops may be falsely reported as "inconsistent in software".
Workaround:
none
Further Problem Description:
Routes going over mpls next-hops may be falsely reported as "inconsistent in software". This does not impact traffic, rather is a false +ve that may be ignored.
|
|
Last Modified: | 05-OCT-2015 |
|
Known Affected Releases: | 6.2(12)S26, 7.2(1)D1(0.49) |
|
Known Fixed Releases: * | 7.3(0)PDB(0.74) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuw52384 | Title: | skywalker: N7K clear cores results in error message |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
with skywalker REL_8_3_0_CV_0_155_S0 on N7K, clear cores result error message
Conditions:
error message observed when doing "clear cores"
Workaround:
no workaround
Further Problem Description:
|
|
Last Modified: | 04-OCT-2015 |
|
Known Affected Releases: | 8.3(0)CV(0.155) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui15370 | Title: | Intermittent CHASSIS-PS_INTR failure Emerson PS across all corners |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
During the diag test CHASSIS-PS_INTR test failure is seen intermittently across all corner conditions.
Conditions:
Diag Image Used:
diag-sup3dc3-el-6.2.0.238d1.046.gbin
diag-n7k-6.2.0.238d1.046.mzg
Failing Corners:
Failure seen at NT/NV, HT/NV, and LT/NV
Workaround:
Test was skipped to avoid further failure since the fix is not available at this time.
Further Problem Description:
|
|
Last Modified: | 30-OCT-2015 |
|
Known Affected Releases: | 6.2(0.302)S24 |
|
Known Fixed Releases: * | 6.2(10)FM(0.3), 6.2(8)KR(0.8), 6.2(8)TS(0.28), 6.2(8.9)S0, 6.2(9)FM(0.73), 7.0(0)KM(0.64), 7.3(0)DX(0.4), 7.3(0)TSH(0.4) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCty67801 | Title: | SVI should not be allowed for vpls vlan |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
This is a feature request for SVI, where SVI creation has to fail if VFI is configured under a vlan, and vice-versa, VFI configuration under a vlan has to fail if corresponding SVI is created.
Conditions:
If both SVI and VFI are configured for a vlan at the sam time.
Workaround(s):
User has to be careful not to configure both SVI and VFI for a vlan at same time.
Workaround:
User has to be careful not to configure both SVI and VFI for a vlan at same time.
Further Problem Description:
|
|
Last Modified: | 12-OCT-2015 |
|
Known Affected Releases: | 5.2(0)LV1(0.274), 6.2(1.125)S6 |
|
Known Fixed Releases: * | 7.0(0)BZ(0.46), 7.0(0)HSK(0.317), 7.0(0)KM(0.97), 7.1(0)D1(0.232), 7.1(0)NF(0.32), 7.1(0)OTT(0.27), 7.1(0)PDB(0.166), 7.3(0)PDB(0.80) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw16936 | Title: | N7K - Removing/Adding tunnel dest. throws %LDP-3-OIM_SDB_OPEN: Error |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
When removing or adding GRE tunnel destination ip address, the following error message is getting displayed.
%LDP-3-OIM_SDB_OPEN: Error opening volatile:/dev/shm/4/oim_sdb_info, error - 0x0 (ksink_sdb_open() failed) in oim_api_init()
Tue Aug 25 19:02:04 2015:type=update:id=10.110.252.121@pts/0:user=SVC-UDC-PSC:cmd=configure terminal ; interface Tunnel143 ; tunnel source 10.1.15.10 (SUCCESS)
Tue Aug 25 19:02:05 2015:type=update:id=10.110.252.121@pts/0:user=SVC-UDC-PSC:cmd=configure terminal ; interface Tunnel143 ; tunnel destination 10.110.241.155 (SUCCESS)
2015 Aug 25 19:02:05.158 m-awvpdc01-nsw-udc-n7k01-vdc03 %LDP-3-OIM_SDB_OPEN: Error opening volatile:/dev/shm/4/oim_sdb_info, error - 0x0 (ksink_sdb_open() failed) in oim_api_init()
Conditions:
The OIM service must not be running.
Workaround:
Further Problem Description:
|
|
Last Modified: | 02-OCT-2015 |
|
Known Affected Releases: | 6.2(10), 6.2(12) |
|
Known Fixed Releases: * | 7.3(0)OTT(0.49) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv93032 | Title: | eVPC: dual-homed FEX goes offline when reloading one of the eVPC peers |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | The behaviour is an expected behaviour when none of the hif ports are up.
Symptom:
dual-homed FEX goes offline when reloading one of the VPC peers
Conditions:
reload one of the peers
Workaround:
none
Further Problem Description:
none
|
|
Last Modified: | 13-OCT-2015 |
|
Known Affected Releases: | 7.2(0)D1(1) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu41125 | Title: | LSA are present after configuring "area 1 range not-advertise" |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Component LSA's are present after configuring "area range not-advertise"
Conditions:
After configuring "area range not-advertise"
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 16-OCT-2015 |
|
Known Affected Releases: * | 7.3(0)ZN(0.49), 7.3(0.1), 8.3(0)CV(0.162) |
|
Known Fixed Releases: | 7.3(0)IB(0.11) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCup43718 | Title: | EOBC link failure on Multiple Modules due to standby SUP kernel crash |
|
Status: | Other |
|
Severity: | 3 Moderate |
Description: * | Symptom:
EOBC link failure on Multiple Modules due to standby SUP kernel crash
MODULE-4-MOD_WARNING Module 2 (serial: XXXX) reported warning due to EOBC link failure in device 10 (device error 0xc0005043)
KERN-2-SYSTEM_MSG node=4 sap=2619 desc=statscl_lib3053, rq=850(751400) lq=0(0) pq=0(0) nq=0(0) sq=0(0) buf_in_transit=0, bytes_in_transit=0 - kernel
KERN-2-SYSTEM_MSG node=4 sap=1 desc=MTS Sync Thread, rq=778(649294) lq=0(0) pq=0(0) nq=1(924) sq=0(0) buf_in_transit=0, bytes_in_transit=0 ? kernel
?? and eventually standby crashed:
SYSMGR-2-SYNC_FAILURE_MSG_PAYLOAD vdc 1: Failure from active SUP
Conditions:
Sup1 kernel crash
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 19-OCT-2015 |
|
Known Affected Releases: | 5.1(5) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut18591 | Title: | tshark: Segmentation Violation with IP Protocol 89 Capture Filter |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Ethanalyzer crashes with the following reason:
tshark: Child dump cap process died: Segmentation violation
Conditions:
Unknown at this time
Workaround:
None.
Further Problem Description:
|
|
Last Modified: | 30-OCT-2015 |
|
Known Affected Releases: | 6.2(10) |
|
Known Fixed Releases: * | 7.3(0)PDB(0.89), 7.3(0)PDB(0.93) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCud81026 | Title: | Build error |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom: Compilation failed
Conditions: All
Workaround: None
|
|
Last Modified: | 04-OCT-2015 |
|
Known Affected Releases: | 6.2(0)OP(0.49) |
|
Known Fixed Releases: * | 15.1(1)ICA4.122, 15.2(1)IC273.5, 15.2(2.4.11)EA, 15.2(2.6.89)EA, 15.2(4.0)ST, 15.2(4.0.64a)E, 15.2(5.0)ST, 15.3(1.14)PI22c, 15.3(2.2)T, 15.3(2.3.1)CG |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu78360 | Title: | Vlans not getting registered properly when mvrp configured with VPC |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
When mvrp is configured with vpc, sometimes vlans may not get declared or registered.
Conditions:
The issue is triggered with following known conditions.
1. Flap the MCT and vPC in a quick succession. After few tries, the issue may be seen.
2. Change the access vlan of interface to different value. After few tries, the issue may be seen.
Note that the above list may not be exhaustive.
Workaround:
Enable/Disable MVRP on both peer switches resolves the issue.
Further Problem Description:
|
|
Last Modified: | 27-OCT-2015 |
|
Known Affected Releases: * | 7.2(0)D1(1), 7.3(0)D1(0.86) |
|
Known Fixed Releases: | 7.2(1)D1(0.43), 7.2(1)ZD(0.38) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuh72503 | Title: * | F1 macs do not age out properly |
|
Status: * | Terminated |
|
Severity: | 3 Moderate |
Description: | Symptom:
In F1 card with VPC+, mac doesn't age out
Conditions:
F1 should have the VPC+ Peer Link
Workaround:
clear mac address-table dynamic address
Further Problem Description:
|
|
Last Modified: | 28-OCT-2015 |
|
Known Affected Releases: | 6.2(1.136), 6.2(1.143), 6.2(2), 6.2(5.45)S2 |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut41525 | Title: | Rx span not happening with vlan as source |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
When 2 vlans are configured as rx sources in a span session. the rx span from one of the vlans does not reach the destination port, debugged with asiic and driver team (vinay ) as a bad vqi, which is programmed in the span copy, due to DE_bypass bit set in the asiic span_SCT register.
Conditions:
When 2 vlans are configured as rx sources in a span session. the rx span from one of the vlans does not reach the destination port, debugged with asiic and driver team (vinay ) as a bad vqi, which is programmed in the span copy, due to DE_bypass bit set in the asiic span_SCT register.
Workaround:
no workaround
Further Problem Description:
|
|
Last Modified: | 30-OCT-2015 |
|
Known Affected Releases: | 7.0(0)HSK(0.373) |
|
Known Fixed Releases: * | 7.0(0)BZ(0.46), 7.0(0)HSK(0.381), 7.3(0)DX(0.4), 7.3(0)TSH(0.4) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuq12104 | Title: | Mac-flap between vpc LID and FLID with same switch ID on F1 |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
%L2FM-4-L2FM_MAC_MOVE: Mac 0001.d7cc.e200 in vlan 254 has moved from 103.11.4514 to 103.11.65535
4514 is the vpc LID and 65535 (0xffff) is the Flood LID
vpc LID can be see in show vpc
show vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 56
vPC+ switch id : 103
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
vPC fabricpath status : peer is reachable through fabricpath
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 3
Track object : 10
Peer Gateway : Enabled
Peer gateway excluded VLANs : -
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Enabled (timeout = 240 seconds)
Fabricpath load balancing : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 Po1 up 16-17,19-21,23,28,30-41,44-50,64-70,72,74,76,81-92
,96,112,128,132,165,200-201,224-227,248,254,274,37
4,401,474,700-703,901,951-955,998
vPC status
-------------------------------------------------------------------------------
id Port Status Consistency Reason Active vlans vPC+ Attribute
-- ---- ------ ----------- ------ ------------ --------------
256 Po256 up success success 16-17,19-21,2 DF: Yes, FP
3,28,30-41,44 MAC:
-50,64-70,72, 503.11.4514
74,76,81-92,9
6,112,128,132 ....
Conditions:
This is only for F1 modules.
This happens for source mac addresses which are incoming on vpc+
When the packet needs to be snooped by the CPU, we use the Flood LID 0xffff.
For eg: packets going to 224.0.0.1, dhcp snooping, etc
Workaround:
Disable the snooping for that feature.
For eg:
If igmp snooping is enabled then packets going to 224.0.0.1 will be snooped by CPU. So disable igmp snooping on that vlan. Note this may result flooding for multicast traffic in the vlan
Further Problem Description:
The packets coming into the CE ports for vpc+ should always take vpc LID. However, if the packets need to go to the supervisor for snooping, then sup will send the packet with Flood LID of 65535.
For eg: The packets going to 224.0.0.1 will be sent to the supervisor. The supervisor does not change anything in the packet: meaning the source-mac address and source-index still remains the same however, mim lid is now 65535 instead of vpc LID
This kind of packets will cause mac flaps. This issue should not impact forwarding.
However, if there are multiple hosts then it may impact l2fm process since there would be lot of churning.
|
|
Last Modified: | 07-OCT-2015 |
|
Known Affected Releases: | 6.2(6) |
|
Known Fixed Releases: * | 18.0(0.57278), 18.0(0.57365), 19.0(0.57378), 7.1(0)AV(0.38), 7.1(0)PDB(0.300), 7.2(0)D1(0.362), 7.2(0)D1(1), 8.3(0)CV(0.163) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCud13458 | Title: | VRRPv3 : Feature vrrpv3 is not removed from ADMIN VDC after migration |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
After admin-VDC migration "feature vrrpv3" remains in the running-configuration of the admin-vdc.
Conditions:
Only occurs when "feature vrrpv3" is configured, and admin migration has been initiated.
Workaround:
After migration, perform the command "no feature vrrpv3".
|
|
Last Modified: | 04-OCT-2015 |
|
Known Affected Releases: | 6.2(1) |
|
Known Fixed Releases: * | 15.1(1)IC66.5, 15.1(1)ICA4.3, 15.1(1)ICB40.1, 15.2(1.1)PSR, 15.2(4.0)ST, 15.2(4.0.64a)E, 15.2(5.0)ST, 15.3(2.11)S, 15.3(2.4)T, 15.3(3)JA100 |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuw34945 | Title: | Expected output is not seen for snmp query |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
An invalid SNMP query to the router is not returned by NO_SUCH_INSTANCE_EXCEPTION, but its parent value.
For example:
iox.0/0/CPU0/ $ getone -v2c 13.13.13.2 public enterprises.9.10.106.1.2.1.10.1
cpwVcID.10 = 110
iox.0/0/CPU0/ $ getone -v2c 13.13.13.2 public enterprises.9.10.106.1.2.1.10.1.10
cpwVcID.10.10 = 110 <<< This should be NO_SUCH_INSTANCE_EXCEPTION
Conditions:
The query is an invalid child of one of the PWMIB value.
Workaround:
N/A
Further Problem Description:
|
|
Last Modified: | 06-OCT-2015 |
|
Known Affected Releases: | 7.2(1)D1(0.54), 7.3(0)ZD(0.98) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuv76460 | Title: | Multicast counters getting rolled at 32 bit for IPMCAST-MIB |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
When customer tries to do SNMP get on OID (OID 1.3.6.1.2.1.168.1.5.1.18) of the
IPMCAST-MIB value for counter is getting rolled over after 32 bits .
Conditions:
Workaround:
Not applicable
Further Problem Description:
The issue is seen for all 64 bits counter values
|
|
Last Modified: | 05-OCT-2015 |
|
Known Affected Releases: | 5.2(3a) |
|
Known Fixed Releases: | 7.3(0)RTG(0.81) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu48646 | Title: | snmpwalk on ccmHistoryStartupLastChanged always returns 0 |
|
Status: | Open |
|
Severity: | 4 Minor |
Description: | Symptom:
snmpwalk on OID ccmHistoryStartupLastChanged always returns a zero irrespective of startup config getting modified
Conditions:
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 26-OCT-2015 |
|
Known Affected Releases: * | 6.2(12), 7.3(0)ZD(0.99) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCus53354 | Title: | N7K-OFF-DIAG:Pescara N7K 100: DSH can't start all dsps in BB |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom:
some dsp can't startup automatcially.
It need more time.
Conditions:
NTNV
Workaround:
init group need be refined
Further Problem Description:
|
|
Last Modified: | 30-OCT-2015 |
|
Known Affected Releases: | 7.2(0)ZN(0.87) |
|
Known Fixed Releases: * | 6.2(10)CR(0.35), 7.0(0)BZ(0.46), 7.0(0)HSK(0.325), 7.1(320)MQ(0.60), 7.3(0)DX(0.4), 7.3(0)TSH(0.4) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCum71845 | Title: | The Interface CRC_TX & Output_errors counter are set to 0 |
|
Status: | Open |
|
Severity: | 4 Minor |
Description: | Symptom:
The FEX port is unable to report CRC error as output under the 'show interface' statistics and consequently the ifOutErrors will show zero for CRCs.
N7K# show interface Eth140/1/20 counters detailed | grep CRC
Output CRC Errors: 9349243
N7K# sh int eth140/1/20 | begin TX
TX
2400119045 unicast packets 4113508 multicast packets 29453184 broadcast packets
2443036010 output packets 808455945693 bytes
91758 jumbo packets
0 output error 0 collision 0 deferred 0 late collision
0 lost carrier 0 no carrier 0 babble 0 output discard
65198 Tx pause
11 interface resets
snmpwalk -v1 -c private 172.21.25.241 ifName | grep 140/1/20
IF-MIB::ifName.529204416 = STRING: Ethernet140/1/20
snmpget -v1 -c private 172.21.25.241 ifOutErrors.529204416
IF-MIB::ifOutErrors.529204416 = Counter32: 0
Conditions:
no known conditions at this point.
Workaround:
no workaround.
Further Problem Description:
|
|
Last Modified: | 28-OCT-2015 |
|
Known Affected Releases: | 6.2(2)S9 |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui44948 | Title: | Both vPC peers keep resetting |
|
Status: | Terminated |
|
Severity: | 4 Minor |
Description: * |
Symptom:Both vPC peer switches may reload.
Conditions:This was experienced after bringing up a VDC from a suspended state.
Workaround:None.
|
|
Last Modified: | 30-OCT-2015 |
|
Known Affected Releases: * | 6.1(4), 6.1(4)S26, 6.2(2)S33 |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCub79046 | Title: | N7K-OFF-DIAG: PescaraCB-100 development |
|
Status: | Fixed |
|
Severity: | 5 Cosmetic |
Description: | Symptom:
for new product development
Conditions:
for new product development
Workaround:
pescaraCB-100 is a new product, we create this ID for new product development
Further Problem Description:
|
|
Last Modified: | 30-OCT-2015 |
|
Known Affected Releases: | 6.2(0.28) |
|
Known Fixed Releases: * | 6.2(0.225)S0, 6.2(0.237)S0, 6.2(0.240)S0, 6.2(0.273)S0, 6.2(0.282)S0, 6.2(0.287)S0, 6.2(0.293)S0, 6.2(0.294)S0, 6.2(0.298)S0, 6.2(5.7)S0 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCul84967 | Title: | ingress qos policy in vlan programs TCAM entries in non-member linecards |
|
Status: * | Other |
|
Severity: * | 6 Enhancement |
Description: | Symptom:
QoS policy attached to VLAN in ingress direction programs the policy on the line cards which does not have any ports allocated on the current VDC.
Conditions:
This issue is seen on all M1/M1XL,M2 cards on the Nexus 7000 switch.
TCAM resources and QoS resources are allocated on the line cards which does not have any ports allocated on the current VDC.
Workaround:
None.
Further Problem Description:
|
|
Last Modified: | 04-OCT-2015 |
|
Known Affected Releases: | 6.2(5.65)S6, 7.3(0)D1(1A) |
|
Known Fixed Releases: | 6.2(10.21)S0, 6.2(12)FT(0.9) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuh10646 | Title: | gibt-mvrp project collapse into Gibraltar |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: | Symptom:
this is an internal tracking ID for a source code merge
Conditions:
not a bug, tracking ID
Workaround:
N/A
More Info:
N/A
|
|
Last Modified: | 30-OCT-2015 |
|
Known Affected Releases: | 6.2(5.7), 7.0(0.7) |
|
Known Fixed Releases: * | 7.0(0)KM(0.64), 7.0(0.8)S0, 7.0(1)ZD(0.3), 7.1(0)D1(0.14), 7.1(0)D1(0.15), 7.2(0)D1(1), 7.3(0)DX(0.4) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCug64700 | Title: | NX-OS parser: auto-complete functionality for certain QoS commands |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: | Ability to auto-complete for certain commands
class-map
Symptom:
auto complete of acl names was not happening.
Conditions:
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 08-OCT-2015 |
|
Known Affected Releases: | 5.2(3a) |
|
Known Fixed Releases: * | 7.3(0)D1(0.91), 7.3(0)EG(0.3), 7.3(0)FMD(0.9), 7.3(0)PDB(0.57), 7.3(0)RTG(0.64) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtj61892 | Title: | N7K: BFD Echo needs modification to go through transparent firewall |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: * | BFD Echo packets need modification to go through transparent firewall.
|
|
Last Modified: | 11-OCT-2015 |
|
Known Affected Releases: | 5.0(5) |
|
Known Fixed Releases: | 5.2(0.166)S0 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCur08416 | Title: | NX-OS python allows users from one VDC to delete files from another VDC |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: | Symptom:
Cisco Nexus 7000 devices that have been configured with multiple Virtual Device Context (VDC) contain a privilege escalation vulnerability within the Python scripting subsystem
that could allow an authenticated, local attacker to delete files owned by a different VDC on the device.
The vulnerability exists due to incomplete privilege separation of the python scripting engine across multiple VDC's. This could allow an attacker with administrative privileges in a
specific VDC to remove files owned by a separate VDC. This could result in a denial of service condition on the affected device.
Conditions:
Cisco Nexus 7000 devices running an affected version of Cisco NX-OS software.
Devices configured for multiple Virtual Device Contexts.
Workaround:
Restrict access to python related commands to highly trusted users only via AAA policy.
Further Problem Description:
Credit:
Cisco would like to thank Jens Krabbenhoeft for discovering and reporting this vulnerability.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4.6/4.4:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:L/Au:S/C:N/I:C/A:N/E:F/RL:U/RC:C&version=2.0
CVE ID CVE-2015-4231 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 28-OCT-2015 |
|
Known Affected Releases: | 6.2(8a) |
|
Known Fixed Releases: * | 7.3(0)ZD(0.155) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv04106 | Title: * | need "MAINTENANCE" as (special) reset-reason for GIR |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: * | Symptom:
while in Maintenance Mode, if the switch reloads because of any reason that is not part of handful that are covered under mmode today ,it should come back up in Maintenance mode.
Conditions:
Workaround:
Further Problem Description:
|
|
Last Modified: | 23-OCT-2015 |
|
Known Affected Releases: | 7.2(0)D1(0.507) |
|
Known Fixed Releases: | |
|
|
| |
2013 Cisco and/or its affiliates. All rights reserved. 
没有评论:
发表评论