| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw89782 | Title: | WebUI: System UP time does not get displayed in webui |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
On the controller GUI, the system UP time is not displayed
Conditions:
Login to controller GUI and go to the dashboard.
There is no way to see the system UP in the GUI
Workaround:
Use CLI 'show ver' to see the system UP time.
Further Problem Description:
|
|
Last Modified: | 26-DEC-2015 |
|
Known Affected Releases: | 16.1(0) |
|
Known Fixed Releases: * | 16.2(0.218), 16.2(0.227) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw55669 | Title: | Crash is seen in iosd on switch and auth-mgr |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Switch with IOSD crashes in auth-manager with this symptom:
IOSD-EXT-SIGNAL: Segmentation fault(11), Process = EPM MAIN PROCESS
Conditions:
The system crashed due to stack overflow caused by loop calls between PI sanet and vlan group plugin on switch platform while dumping sanet trace messages in the case when handling dynamic vlan updates for a given vlan on standby switch.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 24-DEC-2015 |
|
Known Affected Releases: | 3.6(0) |
|
Known Fixed Releases: * | 15.2(4.0.95a)E, 15.2(4.1.25)EA1, 15.2(4.1.5a)E, 15.2(5.0.38)E, 16.1(1.20), 16.2(0.217) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw91252 | Title: | Only 10 domain names supported in domain list for FQDN ACL DNS snooping |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Currently Only 10 domain names are supported in domain list for FQDN ACL DNS snooping but GUI is allowing 25 domain names.
There is no functional impact but traffic would be allowed for 10 domains only.
Conditions:
More than 10 Domain Names/URLs Configured through GUI.
Workaround:
Use 10 or less domain names through GUI configuration
Further Problem Description:
|
|
Last Modified: | 20-DEC-2015 |
|
Known Affected Releases: | 16.1(0) |
|
Known Fixed Releases: * | 16.1(1.21) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCua72199 | Title: | NG3K-7.65: IPv6 (internal)RAs forwarded as mcast RAs to Wireless clients |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptoms: Unsolicited RAs from the switch is forwarded as mcast RAs over the
air to the wireless clients. It should be a unicast packet. CAPWAP packet
header from the switch is populated with L2 MGID and not IPv6 RA MGID (L3)
and forwarded as multicast over air.
Conditions: This symptom is seen with Standalone Newton 48 with a couple of
APs and a couple of wireless clients with IPv6 enabled. IPv6 unicast routing
is enabled on the switch.
Workaround: There is no workaround.
|
|
Last Modified: | 19-DEC-2015 |
|
Known Affected Releases: | 15.0(7.65)EMP |
|
Known Fixed Releases: * | 15.0(1.0)UCT, 15.0(10.16)EMW, 15.0(2)EJ, 15.0(2)EJ1, 15.0(2)EX, 15.0(2)EX1, 15.0(2)EX3, 15.0(2)EX4, 15.0(2)EX5, 15.0(2)EZ |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCus99367 | Title: | 3850 re-writes mobility capwap data packets with TTL 9 |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
3850 re-writes mobility capwap data packets with TTL 9
Conditions:
3850 re-writes mobility capwap data packets with TTL 9. As a result any capwap data packets(DHCP/ARP etc) sent via mobility tunnel will have a TTL set to 9 which means these packets will not be able to make more than 9 hops.
In an environment where 3850 wlan is anchored to another WLC/Switch >9 hops away, clients will not be able to get DHCP IP.
Hardware affected: 3850/3650
Software versions impacted: 3.3.x, 3.6.0, 3.6.1, 3.6.2, 3.7.0, 3.7.1
5760 is not impacted by this issue
Workaround:
Shorten the path between the foreign and anchor or upgrade to fixed image(IOS-xe 3.7.2 or 3.6.3).
Further Problem Description:
None.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 15.2(3)E |
|
Known Fixed Releases: * | 15.2(2)E3, 15.2(3)E2, 16.1.1, 3.6(3)E, 3.7(2)E, Denali-16.1.1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw49457 | Title: | SGT still present for client's STALE state after removing client IP |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
After configuring an IP-SGT mapping on the client, If connection to the peer device (with an interface with IP as in the mapping) is lost (STALE interface wrt to client), we still see the IP-SGT mapping on the client.
Conditions:
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 22-DEC-2015 |
|
Known Affected Releases: | 16.1(0) |
|
Known Fixed Releases: * | 16.1(1.23), 16.3(0.6) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCux26399 | Title: | CWA config: Client gets disconnected when roaming b/w same subnet cntrlr |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
With CWA config client get disconnect when roaming b/w same subnet controller
Conditions:
When the client connected to a WLAN configured for central web-auth, and roams to another controller which is in same subnet. Then it goes to webauth-pending state.
Hence, credentials again need to be entered.
Workaround:
Change the controller to a different VLAN or change the WLAN client VLAN to a different VLAN than the other controller.
Further Problem Description:
|
|
Last Modified: | 07-DEC-2015 |
|
Known Affected Releases: | 16.1(0) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut87285 | Title: | MAC address being learnt on an individual Port-channel member interface |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
*MAC addresses flapping messages are being displayed on a 3850 stack of five switches running IOS 03.06.00SE.
* Some of the MAC addresses are seen on the port-channel interface and some other MAC addresses are seen on the port-channel member interfaces.
* Issue seems to be cosmetic at this point.
%SW_MATM-4-MACFLAP_NOTIF: Host 54ee.753a.4112 in vlan 999 is flapping between port Te1/1/3 and port Po32
%SW_MATM-4-MACFLAP_NOTIF: Host 54ee.753a.4112 in vlan 999 is flapping between port Te1/1/3 and port Po32
%SW_MATM-4-MACFLAP_NOTIF: Host a0a8.cd60.2944 in vlan 883 is flapping between port Te1/1/3 and port Po3
Conditions:
* 3850 stack of 5 switches.
* Switches version 03.06.00E
* On previous versions this behavior was not seen.
Workaround:
Disabling IPDT on trunk interface helped to decrease the number of MAC flaps being logged and increased the time it will take for a particular MAC to flap.
However, the flapping still occurs approximately every 15 minutes.
Further Problem Description:
|
|
Last Modified: | 20-DEC-2015 |
|
Known Affected Releases: | 15.2(2)E |
|
Known Fixed Releases: * | 16.1(1.21), 16.3(0.4) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw94595 | Title: | Tracebacks on bootup at "epm_vlan_name_insert_or_delete" w/200+ VLANs |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Tracebacks are seen at the time of reload .
Conditions:
if more than 200 vlans are configured on the box, and box is brought up then these tracebacks are seen. They have no functionality impact.
Workaround:
Currently there is no way to disable these tracebacks if above scenario is run.
Further Problem Description:
|
|
Last Modified: | 21-DEC-2015 |
|
Known Affected Releases: | 16.1(0) |
|
Known Fixed Releases: * | 16.1(1.21), 16.3(0.5) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuw99028 | Title: | Traceback@eedge_ial_vlan_load_balance_info_destroy_internal w/200 VLANs |
|
Status: | Other |
|
Severity: | 3 Moderate |
Description: | Symptom:
Tracebacks are seen at the time of bootup .
Conditions:
if more than 200 vlans are configured on the box, and box is brought up then these tracebacks are seen. They have no functionality impact.
Workaround:
Currently there is no way to disable these tracebacks if above scenario is run.
Further Problem Description:
|
|
Last Modified: | 08-DEC-2015 |
|
Known Affected Releases: | 16.1(0) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuw38480 | Title: | Intermittent CDP and traffic issue for random 10G SFPs upon OIR |
|
Status: | Terminated |
|
Severity: | 3 Moderate |
Description: | Symptom:
Hot swap of 10G SFPs will result in no traffic pass through even though link is up. Also, there is CDP neighbor data available.
Conditions:
Hot swap or OIR of 10G SFPs.
Workaround:
Shut/No shut on the interface will fix the problem.
Further Problem Description:
This issue is intermittent and is not specific to a 10G SFP type.
|
|
Last Modified: | 08-DEC-2015 |
|
Known Affected Releases: | 16.1(0) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux16381 | Title: | Tracebacks (%EVENTLIB-3-CPUHOG:Switch 1 R0/0:SMD:) seen intermittently |
|
Status: | Terminated |
|
Severity: | 3 Moderate |
Description: * | Symptom:
CPUHOG tracebacks "%EVENTLIB-3-CPUHOG:Switch 1 R0/0: smd: undefined:" observed in Security profiles scaled setup
No functionality impact observed
Conditions:
Security profile loaded on a 5-member 3850 stack
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 08-DEC-2015 |
|
Known Affected Releases: | 16.1(0) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCux01125 | Title: | MAC address once aged due to port-security ageing is not re-learnt |
|
Status: | Terminated |
|
Severity: | 3 Moderate |
Description: | Symptom:
MAC address is not re-learnt after it gets removed when the aging timer expires.
Conditions:
switchport port-security aging <> needs to be configured. And the port should be enabled for port security and dot1x authentication.
Workaround:
none other than not configuring the aging command,
Further Problem Description:
|
|
Last Modified: | 07-DEC-2015 |
|
Known Affected Releases: | 16.1(0) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuw94006 | Title: | Packet drop seen when IP source guard configured on trunk ports |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
Packet drop seen when ip source guard configured on trunk ports.
Conditions:
when ip verify source is configured on trunk ports with dhcp snooping enabled on vlan.
Workaround:
No workaround. Condition observed when running automated scripts. Not observed when configured manually.
Further Problem Description:
|
|
Last Modified: | 06-DEC-2015 |
|
Known Affected Releases: | 16.1(0) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuw97933 | Title: | Client should not associate to wlan mapped in ap-group when static ip configured |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
When "dhcp required" attribute is configured under WLAN, client goes to RUN state with "static" ip address.
Conditions:
This happens if both ipv4 and ipv6 addresses are "Statically" configured on the client.
Workaround:
Remove "static" ipv6 address from Client config. Feature works fine for ipv4 address handling.
Further Problem Description:
|
|
Last Modified: | 06-DEC-2015 |
|
Known Affected Releases: | Denali-16.1.1 |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw29304 | Title: * | Cat3850: IFM-3-LE_ERROR/IFM-3-IFB_ERROR after switch reload/failover |
|
Status: | Terminated |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Catalyst 3850 (stack or standalone) may report following errors with tracebacks during boot up after failover/reload:
%IFM-3-LE_ERROR: 1 fed: IFM encountered a LE error. Client LE allocation failed.
%IFM-3-IFB_ERROR: 1 fed: IFM encountered an IFB error. Interface block init failed.
Conditions:
Catalyst 3850 or 3650 running 3.6.x or 3.7.x releases.
AND
Interfaces are enabled with Dot1x authentication
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 29-DEC-2015 |
|
Known Affected Releases: * | 15.2(2)E1, 15.2(3)E |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuw65143 | Title: | Cannot capture egress traffic on interface when ACL/SPAN are on same int |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
Cannot capture egress traffic on an interface using embedded wireshark feature when there is a SPAN source port already configured
Conditions:
The problem is seen where there is a SPAN source port already configured on the interface, and the embedded wireshark feature is being used.
Workaround:
Do not have a SPAN source port configured for the same port as in use for embedded wireshark monitoring
Further Problem Description:
|
|
Last Modified: | 06-DEC-2015 |
|
Known Affected Releases: | 16.1(0) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui36124 | Title: | 3850 switch Input Queue size exceeds max threshold |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
The Input queue size counter may exceed the max defined.
Switch#show int gi1/0/1
Input queue: 2227/10/0/0 (size/max/drops/flushes); Total output drops: 0
Conditions:
Cisco 3850 switch with processed switched traffic exceeding the input queue max threshold.
Workaround:
None.
Further Problem Description:
|
|
Last Modified: | 28-DEC-2015 |
|
Known Affected Releases: | 15.0(1.1)EX |
|
Known Fixed Releases: * | 15.2(1.1)PSR, 15.2(2)E, 15.2(2b)E, 15.2(4.0)ST, 15.2(4.0.64a)E |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun58159 | Title: | Enabling FIPS mode in CiscoSSL |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Security vulnerability for license related library usage needs to be enhanced
Conditions:
Customers facing security vulnerability focused around encryption/decryption needs to be further strengthened
Workaround:
CiscoSSL library APIs are used in 3.3x releases, which is updated to FIPS mode for further strengthening license related security, encryption and decryption.
Further Problem Description:
FIPS Feature has been added to 3.6x releases as a part of security enhancement.
Earlier versions were using MD5 which has been uplifted in 3.6x releases.
|
|
Last Modified: | 24-DEC-2015 |
|
Known Affected Releases: | 15.2(2.2.2)S |
|
Known Fixed Releases: | 15.2(2)E, 3.6(0)E |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux05372 | Title: | QoS - class-map counters not updating for each AP |
|
Status: | Terminated |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Customer adjusted the child qos values used on the PORT target to meet their site QoS need. But looking at the policy-map out, we noticed that "class VIDEO_SIGNALLING" conformed byte count is same for all the APs. But "class VOIP byte count increases/differs on each AP as expected.
class-map match-any VOIP
match dscp ef
class-map match-any VIDEO_SIGNALLING
match dscp af31
match dscp af41
match dscp cs3
!
policy-map port_child_policy
class VOIP
priority level 1
police rate percent 10
conform-action transmit
exceed-action drop
class VIDEO_SIGNALLING
priority level 2
police rate percent 20
conform-action transmit
exceed-action drop
class class-default
bandwidth remaining ratio 90
But from the output of "show policy-map interface wireless ap" we noticed that "class VIDEO_SIGNALLING" conformed byte count is same for all the APs. But "class VOIP byte count increases/differs on each AP as expected.
!
SW01BPTA10#show policy-map interface wireless ap
AP AP01BPTA10 iifid: 0x010137C000000009
Class-map: VIDEO_SIGNALLING (match-any)
police:
rate 20 %
rate 200000000 bps, burst 6250000 bytes
conformed 53915 bytes; actions:
transmit
exceeded 0 bytes; actions:
drop
conformed 0000 bps, exceeded 0000 bps
AP AP06BPTA10 iifid: 0x0102B3400000000F
Class-map: VIDEO_SIGNALLING (match-any)
police:
rate 20 %
rate 200000000 bps, burst 6250000 bytes
conformed 53915 bytes; actions:
transmit
exceeded 0 bytes; actions:
drop
conformed 0000 bps, exceeded 0000 bps
AP AP04BPTA10 iifid: 0x0104DBC00000000D
Class-map: VIDEO_SIGNALLING (match-any)
Priority Level: 2
police:
rate 20 %
rate 200000000 bps, burst 6250000 bytes
conformed 53915 bytes; actions:
transmit
exceeded 0 bytes; actions:
drop
conformed 0000 bps, exceeded 0000 bps
AP AP02BPTA10 iifid: 0x010779400000000B
Class-map: VIDEO_SIGNALLING (match-any)
police:
rate 20 %
rate 200000000 bps, burst 6250000 bytes
conformed 53915 bytes; actions:
transmit
exceeded 0 bytes; actions:
drop
conformed 0000 bps, exceeded 0000 bps
AP APWIPS01BPTA10 iifid: 0x0108F14000000016
Class-map: VIDEO_SIGNALLING (match-any)
police:
rate 20 %
rate 200000000 bps, burst 6250000 bytes
conformed 53915 bytes; actions:
transmit
exceeded 0 bytes; actions:
drop
conformed 0000 bps, exceeded 0000 bps
Conditions:
HW and SW:
WS-C3850-24U
03.06.02aE
class VIDEO_SIGNALLING conformed byte count is same for all the APs.
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 23-DEC-2015 |
|
Known Affected Releases: | 3.6(0) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux13746 | Title: | Cat3850-24/48XS switches recognize transceivers wrongly upon bootup/OIR |
|
Status: | Open |
|
Severity: | 4 Minor |
Description: * | Symptom:
Cat3850 XS switches (24 or 48 port) upon bootup or OIR would recognize transceivers incorrectly, or put them into err-disable mode.
Example: a GLC-SX-MMD would either be recognized as SFP-10G-SR.
Conditions:
The problem has been observed on version of code 03.07.02.E but could also be observed in other releases.
Workaround:
Restart the switch to clear this wrong condition.
Further Problem Description:
|
|
Last Modified: | 08-DEC-2015 |
|
Known Affected Releases: | 15.2(3.7.2) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw82382 | Title: | 3850 Not Honoring Netflow Cache Timeout Values |
|
Status: | Open |
|
Severity: * | 4 Minor |
Description: | Symptom:
Netflow exporter is sending flows higher than configured flow timeouts.
Conditions:
flow record FlowRecordIn
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
match flow direction
collect transport tcp flags
collect counter bytes long
collect counter packets long
collect timestamp absolute first
collect timestamp absolute last
!
!
flow record FlowRecordOut
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface output
match flow direction
collect transport tcp flags
collect counter bytes long
collect counter packets long
collect timestamp absolute first
collect timestamp absolute last
!
!
flow exporter SEV1
destination 10.152.194.72
source Vlan240
transport udp 9996
!
!
flow monitor FlowMonitorIn
description Flexible Netflow Monitor Input
exporter SEV1
cache timeout inactive 900
cache timeout active 60
record FlowRecordIn
!
!
flow monitor FlowMonitorOut
description Flexible Netflow Monitor Output
exporter SEV1
cache timeout inactive 900
cache timeout active 60
record FlowRecordOut
Workaround:
None
Further Problem Description:
Customer reporting the problem with flows sent, because their tool request flows not larger than 60 seconds, otherwise the packets are dropped.
I tried to reproduce the issue on a CALO lab but I don't have any collector to receive the traffic on the customer's setup configuration.
Now they have this configuration on two devices:
flow monitor FlowMonitorIn
description Flexible Netflow Monitor Input exporter SEV1 cache timeout inactive 900 cache timeout active 60 record FlowRecordIn !
!
flow monitor FlowMonitorOut
description Flexible Netflow Monitor Output exporter SEV1 cache timeout inactive 900 cache timeout active 60 record FlowRecordOut
One 3850 and one 2911. The Cisco 2911 is working as desired the 3850 is sending up to 120 seconds active flows, hence their Collector is dropping the packets as they need to use no more than 60 seconds flow for the application to work.
I have captures that I can share with you for further assistance.
What is the TAC case number? 636523857.
Is there any plan to change for a more up-to-date version? Not sure, is the current one too old or not supported? The one is 03.03.02SE compiled around year and a half.
Is the problem caused by that records are exported after more than 60 sec? They are exported on time, but the duration within the flow entry is more than 60 seconds (up to 118sec seen on the capture) Did the customer try to tune active and inactive timers, especially change the inactive timer to 60? I will request this for testing propouses.
|
|
Last Modified: | 05-DEC-2015 |
|
Known Affected Releases: | n/a |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux14199 | Title: | error "Command rejected: Bad VLAN list" when default interface config |
|
Status: | Open |
|
Severity: * | 4 Minor |
Description: | Symptom:
unable to default the interface with port-security and interface mode in trunk.
Switch(config)#default interface gi3/0/48
Command rejected: Bad VLAN list - character #1 is a non-numeric
character ('a').
Interface GigabitEthernet3/0/48 set to default configuration
Conditions:
interface is configured for trunk mode along with port-security access mode configured.
interface GigabitEthernet3/0/48
switchport mode trunk <<<<<<<<<<<<<<<<<<<<<<<<<<<<<
switchport port-security maximum 3
switchport port-security maximum 2 vlan access <<<<<<<<<<<<
switchport port-security maximum 2 vlan 1
Workaround:
change the switchport mode to access and they delete the configuration one by one on the interface.
Further Problem Description:
|
|
Last Modified: | 09-DEC-2015 |
|
Known Affected Releases: | 15.2(3)E |
|
Known Fixed Releases: | |
|
|
| |
:
2015 Cisco and/or its affiliates. All rights reserved. 
没有评论:
发表评论