| |
|
Alert Type: | Updated * |
Bug Id: | CSCur31425 | Title: | ASRNAT: PPTP ALG: Incorrect UNNAT of Peer-Call-ID in Outgoing-Call-Reply |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
ASR1k PAT may not function properly for PPTP. PPTP control connection is not established.
Conditions:
This was first found in XE3.10.3. The sequence of events which can lead to this failure:
- PPTP ALG is disabled;
- PPTP clients try to connect, but fail;
- PPTP ALG is enabled with "ip nat service pptp";
- PPTP clients are still unable to connect to PPTP server.
Workaround:
Use "clear ip nat translations *" after enabling PPTP NAT ALG.
Further Problem Description:
|
|
Last Modified: | 27-NOV-2015 |
|
Known Affected Releases: | 15.3(3)S3, 15.4(2)S, 15.4(3)SS |
|
Known Fixed Releases: * | 15.3(3)S6, 15.4(2)S4, 15.4(3)S3, 15.5(2)S1, 15.5(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu09592 | Title: | binos: Linux Kernel Solar flare Eth. driver vulnerabilities |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Multiple Cisco devices include a version of the Linux Kernel that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) ID:
CVE-2012-3412
This bug was opened to address the potential impact on this product.
Conditions:
Device running with default configuration running an affected version of software.
Workaround:
None.
Further Problem Description:
Additional details about the vulnerabilities listed above can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.8/6.4:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C&version=2.0
CVE-2012-3412 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 27-NOV-2015 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: * | 15.2(4)S8, 15.3(3)S6, 15.4(2)S4, 15.4(3)S4, 15.5(2)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu09595 | Title: | binos: Linux Kernel TCP SYN+FIN packets vulnerabilities |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Multiple Cisco devices include a version of the Linux Kernel that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:
CVE-2012-2663, CVE-2012-4530
This bug was opened to address the potential impact on this product.
Conditions:
Device running with default configuration running an affected version of software.
Workaround:
None.
Further Problem Description:
Additional details about the vulnerabilities listed above can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.5/6.2:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C&version=2.0
CVE-2012-2663 and CVE-2012-4530 have been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 27-NOV-2015 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: * | 15.2(4)S8, 15.3(3)S6, 15.4(2)S4, 15.4(3)S4, 15.5(2)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut98370 | Title: | binos: Linux Kernel ipv6, ipv4 vulnerabilities |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Multiple Cisco devices include a version of the Linux Kernel that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:
CVE-2012-4565,CVE-2012-4444,CVE-2013-0310,CVE-2013-4162,CVE-2011-2699
This bug was opened to address the potential impact on this product.
Conditions:
Device running with default configuration running an affected version of software.
Workaround:
None.
Further Problem Description:
Additional details about the vulnerabilities listed above can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.8/6.4:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C&version=2.0
CVE-2013-1796 and CVE-2011-4622 have been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 27-NOV-2015 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: * | 15.2(4)S8, 15.3(3)S6, 15.4(2)S4, 15.4(3)S4, 15.5(2)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu07657 | Title: | binos: Linux Kernel Generic , Proc and Admin access vulnerabilities |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptoms:
Cisco ASR 1000 Series Aggregation Services Router includes a version of the Linux Kernel that is affected by the vulnerabilities identified by
the following Common Vulnerability and Exposures (CVE) IDs:
CVE-2011-3593, CVE-2011-3637, CVE-2012-1179
This bug was opened to address the potential impact on this product.
Conditions:
Device with default configuration.
Workaround:
Not currently available.
Further Problem Description:
Additional details about the vulnerabilities listed above can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5.7/5.4:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:A/AC:M/Au:N/C:N/I:N/A:C/E:F/RL:U/RC:C&version=2.0
CVE ID CVE-2011-3593, CVE-2011-3637, CVE-2012-1179 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 27-NOV-2015 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: * | 15.2(4)S8, 15.3(3)S6, 15.4(2)S4, 15.4(3)S4, 15.5(2)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut34273 | Title: | ASR1K, "unknown" process leak under cpp_cp_svr |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
on ASR1K, we may observe memory leak on the ESP under "cpp_cp_svr"
from "show platform software process list f0 sort memory"
Name Pid PPid Group Id Status Priority Size
cpp_cp_svr 7140 6694 7140 S 20 812957696 <<< the size here keep increasing.
and from "show platform software memory qfp-control-process qfp active brief" we see "unknown" is increasing.
module allocated requested allocs frees
unknown 219295960 131577576 10964798 0
Conditions:
This is first observed on ASR1K running 15.4(1)S with WCCP enabled.
The leak could be triggered by WCCP statistic update
Workaround:
do FP switch-over or router reload will clear the memory used, but the memory leak will still exists
Further Problem Description:
|
|
Last Modified: | 27-NOV-2015 |
|
Known Affected Releases: | 15.4(1)S |
|
Known Fixed Releases: * | 15.3(3)S6, 15.4(2)S4, 15.4(3)S3, 15.5(1)S2, 15.5(2)S1, 15.5(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu88964 | Title: | ASR1K Kernel crash at pidns_get() |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
ASR1K kernel crash
Conditions:
This has been seen on ASR1K running 3.10.2 code.
Workaround:
Not known
Further Problem Description:
|
|
Last Modified: | 27-NOV-2015 |
|
Known Affected Releases: | 15.3(3)S2 |
|
Known Fixed Releases: * | 15.2(4)S8, 15.3(3)S6, 15.4(2)S4, 15.4(3)S4, 15.5(2)S2, 15.5(3)S1, 15.5(3)S1a, 16.2(0.170) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv57459 | Title: | ASR1K Kernel crash at pidns_get() - part 2 |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
ASR1K kernel crash
Conditions:
This has been seen on ASR1K running 3.10.2 code.
Workaround:
Not known
Further Problem Description:
|
|
Last Modified: | 27-NOV-2015 |
|
Known Affected Releases: | 15.3(3)S2 |
|
Known Fixed Releases: * | 15.2(4)S8, 15.4(2)S4, 15.4(3)S4, 15.5(2)S2, 15.5(3)S1, 15.5(3)S1a |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv94186 | Title: | SNMPWALK crash at ipsmIPSec_policyOfTunnel |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
SNMPWALK crash at ipsmIPSec_policyOfTunnel
Conditions:
SNMPWALK crash at ipsmIPSec_policyOfTunnel
Workaround:
Workaround: Configure SNMP view to exclude
"snmp-server view iso included"
"snmp-server view ipSecPolMapTable excluded"
"snmp-server community view RO"
Further Problem Description:
|
|
Last Modified: | 11-NOV-2015 |
|
Known Affected Releases: | 15.3(3)S2, 15.3(3)S4 |
|
Known Fixed Releases: * | 15.6(0.22)S0.2, 15.6(0.26)T, 15.6(1.12)S, 15.6(1.2)T |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuq09004 | Title: | RP crashed with cpp_cp_svr crash in cpp_qm_event_insert_leaf_node |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
After upgrading the ASR to the latest 15.2(04)S and later 15.X releases the ASR1K started crashing. The trigger for this crash is when a flat QoS policy with fair-queue is applied to a frame-relay interface.
Conditions:
The trigger for this crash is the flat QoS policy with fair-queue applied to the frame-relay interface. In this case the two key components that together triggered this failure was the frame-relay plus the flat policy with fair-queue.
Workaround:
The workaround is a cosmetic change that will cause NO functional impact. The workaround is to convert this flat policy to a hierarchical policy with a parent shaper set to 100%.
policy-map PM_POS_PARENT
class class-default
shape average percent 100
service-policy PM_POS
!
interface POS0/1/0
no ip address
encapsulation frame-relay
load-interval 30
crc 32
pos scramble-atm
frame-relay lmi-type ansi
service-policy output PM_POS_PARENT < New hierarchical policy
hold-queue 4096 out
Further Problem Description:
This issue is specic to the ASR1K X platforms (ASR1002x, ASR1001x) and ASR1K with ESP100/ESP200.
This issue is not applicable to the older ASR1K platforms using ESP5/10/20/40 or non-X series ASR1002/1001 platforms.
|
|
Last Modified: | 09-NOV-2015 |
|
Known Affected Releases: | 15.3(3)S2.1 |
|
Known Fixed Releases: | 15.2(4)S6, 15.3(3)S4, 15.4(1)S3, 15.4(2)S2, 15.4(3)S0z, 15.4(3)S1, 15.5(1)S |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuw24373 | Title: | Called-station-id and NAS-ID via account profile satus query |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
sending extra attributes "called-station-id" and "NAS-ID" in accout-status-query for Webauth unauthenticated sessions
Conditions:
NA
Workaround:
NA
Further Problem Description:
|
|
Last Modified: | 07-NOV-2015 |
|
Known Affected Releases: | 15.6(1)S |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu09588 | Title: | binos: Linux Kernel Btrfs vulnerabilities |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptoms:
Cisco ASR 1000 Series Aggregation Services Router includes a version of Linux Kernal that is affected by the vulnerabilities identified by the
following Common Vulnerability and Exposures (CVE) IDs:
CVE-2012-5374, CVE-2012-5375
This bug was opened to address the potential impact on this product.
Conditions:
Device with default configuration.
Workaround:
Not currently available.
Further Problem Description:
Additional details about the vulnerabilities listed above can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4/3.8:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:H/Au:N/C:N/I:N/A:C/E:F/RL:U/RC:C&version=2.0
CVE ID CVE-2012-5374, CVE-2012-5375 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 27-NOV-2015 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: * | 15.2(4)S8, 15.3(3)S6, 15.4(2)S4, 15.4(3)S4, 15.5(2)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu09547 | Title: | binos: Linux Kernel kvm vulnerabilities |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Multiple Cisco devices include a version of the Linux Kernel that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:
CVE-2013-1796,CVE-2011-4622,CVE-2012-0045
This bug was opened to address the potential impact on this product.
Conditions:
Device running with default configuration running an affected version of software.
Workaround:
None.
Further Problem Description:
Additional details about the vulnerabilities listed above can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.8/5.6:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:A/AC:H/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C&version=2.0
CVE-2013-1796 and CVE-2011-4622 have been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 27-NOV-2015 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: * | 15.2(4)S8, 15.3(3)S6, 15.4(2)S4, 15.4(3)S4, 15.5(2)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw57225 | Title: * | PFRv2 not work well for 10% inboud load-balance |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
show pfr master prefix in", shows lots of TCs that PfR could not control.
Causing major impact in pfrv2 ingress and egress load-balancing.
Conditions:
"This symptoms were observed, when "max-range-utilization percent" or "max range receive percent" was configured with PfRv2.
Workaround:
no workaround at this time.
Further Problem Description:
|
|
Last Modified: | 11-NOV-2015 |
|
Known Affected Releases: | 15.2(2)S |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtz61014 | Title: | f Linux kernel NTP leap second handling could cause deadlock |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
There are periodic leap second events which can add or delete a second to global time.
When the leap second update occurs the system will crash when adding or deleting NTP leap second in NTP
master mode.
Conditions:
The leap second update will be propagated via Network Time Protocol (NTP) or via manually setting the clock.
Workaround:
To prevent an issue when the leap second update is received do not configure the system as NTP master.
Further Problem Description:
|
|
Last Modified: | 27-NOV-2015 |
|
Known Affected Releases: | 15.0(1)S |
|
Known Fixed Releases: * | 15.1(3)S4, 15.2(2)S1, 15.2(4)S8, 15.4(2)S4, 15.4(3)S4, 15.5(2)S2 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu09604 | Title: | Multiple Cisco Devices Contain Linux Kernel Vulnerabilities |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Multiple Cisco devices include a version of the Linux Kernel that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:
CVE-2012-2373,CVE-2012-2372,CVE-2011-1023
This bug was opened to address the potential impact on this product.
Conditions:
Device running with default configuration running an affected version of software.
Workaround:
None.
Further Problem Description:
Additional details about the vulnerabilities listed above can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4.9/4:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C&version=2.0
CVE-2012-2373, CVE-2012-2372, and CVE-2011-1023 have been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 27-NOV-2015 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: * | 15.2(4)S8, 15.3(3)S6, 15.4(2)S4, 15.4(3)S4, 15.5(2)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtr96607 | Title: | Dialpeer bind fails on reloaded box until the CLIs are reapplied |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Calls fail on a freshly loaded box when dial-peer bind is configured.
Conditions:
Dial peer bind is configured.
Workaround:
Re-apply the configuration for the CLI to take effect.
|
|
Last Modified: | 27-NOV-2015 |
|
Known Affected Releases: | 15.1(3)S |
|
Known Fixed Releases: | 15.1(3)MRA, 15.1(3)MRA1, 15.1(3)MRA3, 15.1(3)MRA4, 15.1(3)S0.5, 15.1(3)S1, 15.1(3)S2, 15.1(3)S5, 15.1(3)S5a, 15.1(3)S6 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux06124 | Title: | Part of records lost after export by FNF from MMA punt/inject path |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Part of PfRV3 traffic-classes are not reported properly on local master controller where PfRV3 MC and BR are collocated after days of traffic.
Conditions:
PfRV3 master controller and border router runs on the same router, and keeps traffic running for days, and small part of records is lost and not exported by flow monitor properly.
Workaround:
Reset PfRV3 border router can recover from this failure.
Further Problem Description:
Port of records are lost for the Punt path, where MC and BR runs on the same router.
|
|
Last Modified: | 20-NOV-2015 |
|
Known Affected Releases: | 15.5(3)M0.2, 15.5(3)S0.2 |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCug61688 | Title: | ASR Crashes |
|
Status: | Terminated |
|
Severity: | 3 Moderate |
Description: * | Symptom:
ASR Crash
Conditions:
Crashd with trace back and core dump also generated
Workaround:
none
More Info:
|
|
Last Modified: | 11-NOV-2015 |
|
Known Affected Releases: | 15.1(0.0.3) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuw54751 | Title: | new Octeon microcode 101-06 |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
On an ASR1k router, a crash on the ESP maybe seen as a result of a hung crypto engine. The following would be seen:
%CMFP-3-OCT_DRV_ERROR: F1: cman_fp: An error has been detected on encryption processor: Octeon core hang:: 0x1000
Conditions:
Unknown at this time. This bug is being filed to enhance reporting capabilities of this type of failure and also provide additional error checks.
Workaround:
None at this time. The root cause is still in investigation at this time.
Further Problem Description:
|
|
Last Modified: | 11-NOV-2015 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw53543 | Title: | Stale entries for unauthenticated user in ISG dont clear . |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
The unauth sessions are configured to expire in 2 mins, but many unauth sessions are showing up for several weeks.
Conditions:
Previous event Account-Logon exited without clearing some flag after some time when the timer expires Timer-expiry event is waiting for previous event to clear the flag, because of this session is in stale state. This happens where Account-logon exited without clearing the flag.
Workaround:
None
Further Problem Description:
Not all unauth sessions are remaining stale, many others are getting removed from ISG .
|
|
Last Modified: | 11-NOV-2015 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: * | 15.4(3)S3.21, 15.5(2)S1.19, 15.6(1.12)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCup01088 | Title: | CPUHOG and crash on 'clear dmvpn session' with large NHRP cache |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
On an ASR 1000 Series Aggregation Services Router configured with DMVPN, CPUHOG messages may be observed after 'clear dmvpn session' is invoked.
In certain cases, this may lead to a watchdog timeout and an unexpected reboot of the router.
Conditions:
This issue is observed when a router has a very large NHRP table (10-20k entries or more) with a large number (thousands) of child entries per parent entry.
Workaround:
Reduce the size of the NHRP database through supernetting or similar.
Further Problem Description:
|
|
Last Modified: | 11-NOV-2015 |
|
Known Affected Releases: | 15.2(4)S1 |
|
Known Fixed Releases: * | 15.2(1)SY1.13, 15.2(4.0)ST, 15.2(4.0.21)E, 15.2(4.0.64a)E, 15.2(5.0)ST, 15.3(1)IE101.170, 15.3(3)M4.1, 15.3(3)M5, 15.3(3)S4.10, 15.3(3)S5 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv25529 | Title: | Remote MEPs 611/613/711/712 not found and unsuccessfull Traceroute |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
remote MEP is not learned
Conditions:
run the Script: me_cfmosvlan_d8_mma
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 07-NOV-2015 |
|
Known Affected Releases: | 15.5(2.21)S0.13, 15.6(0.3)S |
|
Known Fixed Releases: * | 16.2(0.180) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw21897 | Title: | Traceback seen with ip cef accounting |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Cisco IOS-XE router may show an error message in the logs:
%CPPOSLIB-3-ERROR_NOTIFY: F0: fman_fp_image: fman-fp encountered an error
Conditions:
This issue can be seen when 'ip cef accouting' is configured with fast reroute when a routing protocol flaps.
Workaround:
Disable the function if possible - 'no ip cef accouting'
Further Problem Description:
|
|
Last Modified: | 07-NOV-2015 |
|
Known Affected Releases: | 15.4(3)S2.1 |
|
Known Fixed Releases: * | 15.5(2)S2, 16.2(0.180) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw33451 | Title: | AVC: revert workaround for conversation tool following CSCuv05447 fix |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Due to the workaround applied the server and client byte counts might be incomplete.
Conditions:
IP Packet fragmentation.
Workaround:
N/A
Further Problem Description:
|
|
Last Modified: | 07-NOV-2015 |
|
Known Affected Releases: | 15.6(1)S |
|
Known Fixed Releases: * | 16.2(0.180) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCus35015 | Title: | PFR - 'set trigger-log-percentage' not showing in config |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom:
When 'set trigger-log-percentage 100' is configured under a pfr-map, the change does not show up in the running configuration
Conditions:
Configure "'set trigger-log-percentage" under a pfr-map, the change does not show up in the running configuration
Workaround:
None.
Further Problem Description:
Switchname#show pfr master policy
Default Policy Settings:
backoff 90 900 90
delay relative 50
holddown 90
periodic 0
probe frequency 56
number of jitter probe packets 100
mode route control
mode monitor fast
loss relative 10
jitter threshold 20
mos threshold 3.60 percent 30
unreachable relative 50
trigger-log percentage 100
oer-map MAP 4
sequence no. 8444249301581824, provider id 1, provider priority 30
host priority 0, policy priority 4, Session id 0
match oer learn list RICHMOND_VOICE_LIST
backoff 90 900 90
delay relative 50
holddown 90
periodic 0
*probe frequency 4
number of jitter probe packets 100
*mode route control
*mode monitor fast
loss relative 10
jitter threshold 20
*mos threshold 4.0 percent 20
*unreachable threshold 100000
next-hop not set
forwarding interface not set
trigger-log percentage 30
*resolve mos priority 1 variance 10
Forced Assigned Target List:
active-probe jitter 10.1.22.1 target-port 2000 dscp ef codec g711ulaw
active-probe jitter 10.1.22.2 target-port 2000 dscp ef codec g711ulaw
oer-map MAP 6
Switchname#show pfr master policy | in log
trigger-log percentage 100
trigger-log percentage 30
trigger-log percentage 30
trigger-log percentage 30
Switchname#show run | in log
service timestamps log datetime localtime show-timezone
logging buffered 10000 informational
logging console errors
aaa authentication login default group tacacs+ line
trigger-log-percentage 100
log config
bgp log-neighbor-changes
deny ip any any log
logging source-interface Loopback129
logging host XX.XX.XX.XX
snmp-server enable traps syslog
privilege exec level 0 show logging
logging synchronous
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
logging synchronous
logging synchronous
Switchname#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switchname#(config)#
Switchname#(config)#
Switchname#(config)#privilege exec level 0 show pfr
Switchname#(config)#pfr-map MAP 4
Switchname#config-pfr-map)# set trigger-log-percentage 100
Switchname#(config-pfr-map)#pfr-map MAP 6
Switchname#(config-pfr-map)# set trigger-log-percentage 100
Switchname#(config-pfr-map)#pfr-map MAP 7
Switchname#(config-pfr-map)# set trigger-log-percentage 100
Switchname#config-pfr-map)#
Switchname#config-pfr-map)#^Z
Switchname#show pfr master policy | in log
trigger-log percentage 100
trigger-log percentage 100
trigger-log percentage 100
trigger-log percentage 100
Switchname#show run | in log
service timestamps log datetime localtime show-timezone
logging buffered 10000 informational
logging console errors
aaa authentication login default group tacacs+ line
trigger-log-percentage 100
log config
bgp log-neighbor-changes
deny ip any any log
logging source-interface Loopback129
logging host XX.XX.XX.XX
snmp-server enable traps syslog
privilege exec level 0 show logging
logging synchronous
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
logging synchronous
logging synchronous
|
|
Last Modified: | 11-NOV-2015 |
|
Known Affected Releases: | 15.3(1)S, 15.4(2)S |
|
Known Fixed Releases: * | 15.6(1.12)S |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCux21433 | Title: | enhance ipsec for us not find SA debug |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: | Symptom:
This is an enhancement request to improve the log message that is generated when an encrypted packet is received by a router and that packet is destined to that router but cannot be decrypted because the appropriate SA can't be found. This enhancement request will add the source address and the SPI value off the packet that generates that log message.
Conditions:
n/a
Workaround:
Do an EPC to get this information
Further Problem Description:
|
|
Last Modified: | 19-NOV-2015 |
|
Known Affected Releases: | 15.4(1)S |
|
Known Fixed Releases: | |
|
|
| |
:
2015 Cisco and/or its affiliates. All rights reserved. 
没有评论:
发表评论