Release Notes for Cisco IOS Release 12.1E on the Catalyst 6500 and Cisco 7600 Supervisor Engine and MSFC March 4, 2008 Note • This publication applies to these platforms: – CAT6000-SUP2/MSFC2 – 7600-SUP2/MSFC2 – CAT6000-SUP1/MSFC2 (not supported in Release 12.2(27b)E2 and later releases) – CAT6000-SUP1/MSFC1 (not supported in Release 12.2(27b)E2 and later releases) • This publication is for Cisco IOS Release 12.1E on both the supervisor engine and the MSFC.
Contents Contents This publication consists of these sections: • Chronological List of Releases, page 2 • Early Deployment Releases, page 5 • Memory Requirements and Recommendations, page 6 • Supported Hardware, page 8 • Unsupported Hardware, page 28 • Feature Sets, page 29 • Image Names and Sizes, page 51 • New Features, page 51 • Features Not Supported, page 109 • Limitations and Restrictions, page 110 • Caveats, page 119 • Troubleshooting, page 320 • System Software Upgrade Inst
Chronological List of Releases • 22 Aug 2005—Release 12.1(26)E3 • 30 June 2005—Release 12.1(26)E2 • 12 May 2005—Release 12.1(20)E6 • 10 May 2005—Release 12.1(13)E16 • 09 May 2005—Release 12.1(8b)E19 • 05 May 2005—Release 12.1(23)E3 • 05 May 2005—Release 12.1(22)E6 • 28 Mar 2005—Release 12.1(26)E1 • 20 Jan 2005—Release 12.1(22)E5 • 10 Jan 2005—Release 12.1(26)E • 06 Dec 2004—Release 12.1(22)E4 • 04 Nov 2004—Release 12.1(23)E2 • 14 Oct 2004—Release 12.
Chronological List of Releases • 03 Jun 2003—Release 12.1(19)E • 28 Apr 2003—Release 12.1(8b)E14 • 21 Apr 2003—Release 12.1(13)E6 • 07 Apr 2003—Release 12.1(13)E5 • 03 Feb 2003—Release 12.1(13)E4 • 2 Jan 2003—Release 12.1(11b)E11 • 30 Dec 2002—Release 12.1(8b)E13 • 26 Dec 2002—Release 12.1(13)E3 • 16 Dec 2002—Release 12.1(14)E • 11 Nov 2002—Release 12.1(13)E1 • 28 Oct 2002—Release 12.1(8b)E12 • 28 Oct 2002—Release 12.1(12c)E5 • 21 Oct 2002—Release 12.
Early Deployment Releases Note • 11 Jul 2001—Release 12.1(8a)E • 14 May 2001—Release 12.1(7a)E1 • 30 Apr 2001—Release 12.1(7)E • 09 Apr 2001—Release 12.1(6)E1 • 02 Apr 2001—Release 12.1(5c)E10 • 27 Mar 2001—Release 12.1(5c)E9 • 26 Mar 2001—Release 12.1(6)E • 05 Mar 2001—Release 12.1(5c)E8 • 22 Jan 2001—Release 12.1(5a)E3 • 28 Dec 2000—Release 12.1(5a)E1 • 20 Nov 2000—Release 12.1(4)E1 • 24 Oct 2000—Release 12.1(3a)E4 • 10 Oct 2000—Release 12.1(3a)E3 • 26 Jun 2000—Release 12.
Memory Requirements and Recommendations Memory Requirements and Recommendations These sections describe memory requirements: • Supervisor Engine 2, PFC2, and MSFC2 Default and Recommended Configurations, page 6 • Supervisor Engine 2, PFC2, DFCs, and MSFC2 with EIGRP or OSPF, page 6 • Supervisor Engine 2, PFC2, DFCs, and MSFC2 with BGP, page 7 • Supervisor Engine 2 and MSFC2 Upgrades, page 7 • Supervisor Engine 1, PFC, MSFC, and MSFC2 Default and Recommended Configurations, page 8 Supervisor Engin
Memory Requirements and Recommendations Supervisor Engine 2, PFC2, DFCs, and MSFC2 with BGP Maximum Number of BGP Routes per CEF Path Memory Configuration Variable Length Subnet Masking Fixed Length Subnet Masking MSFC2 with 512 MB, 150,000 routes Supervisor Engine 2 with 512 MB, DFC with 256 MB 250,000 routes MSFC2 with 256 MB, 64,000 routes Supervisor Engine 2 with 256 MB, DFC with 128 MB 150,000 routes MSFC2 with 128 MB, 32,000 routes Supervisor Engine 2 with 128 MB, DFC with 128 MB 50,000 route
Supported Hardware Supervisor Engine 1, PFC, MSFC, and MSFC2 Default and Recommended Configurations These are the required memory configurations for c6sup11 and c6sup12 images: • MSFC2 on Supervisor Engine 1—These default memory configurations are acceptable for all MSFC2 images: – 128-MB synchronous dynamic random-access memory (SDRAM) DIMM – 16-MB Flash SIMM or 32-MB Flash SIMM Note • 128 MB is the minimum acceptable MSFC2 DRAM configuration.
Supported Hardware • FlexWAN Module Port Adapters, page 21 • Service Modules, page 22 • Power Supplies, page 24 • Fan Trays, page 25 • Chassis, page 26 Supervisor Engines Product Number (append with “=” for spares) Power Required Product Description Minimum Software Version Supervisor Engine 2, PFC2, and MSFC2 Memory and ROMMON can be upgraded (see the “Memory Requirements and Recommendations” section on page 6). Note WS-X6K-S2U-MSFC2 WS-X6K-S2-MSFC2 3.46 A 3.
Supported Hardware Product Number (append with “=” for spares) Power Required Product Description Minimum Software Version Supervisor Engine 1 with MSFC1 or MSFC2 Note • Not supported in Release 12.2(27b)E2 and later releases. • Memory and ROMMON can be upgraded (see the “Memory Requirements and Recommendations” section on page 6). WS-X6K-S1A-MSFC2 2.90 A WS-X6K-SUP1A-MSFC 3.30 A Supervisor Engine 1 with ROMMON version 5.
Supported Hardware Switch Fabric Modules Note • Supported only with Supervisor Engine 2. • Supported only in Cisco 7600 series chassis and 6500-series chassis. Not supported in 6000-series chassis. • Not supported in 3-slot chassis. • Except in 13-slot chassis, WS-X6500-SFM2 and WS-C6500-SFM can be used together to provide redundancy. Product Number (append with “=” for spares) Power Required Product Description Minimum Software Version WS-X6500-SFM2 2.79 A 12.
Supported Hardware Gigabit Interface Converters (GBICs) Note The support listed in this section applies to all modules that use GBICs, including OSM LAN ports and OSM Gigabit Ethernet WAN ports. Product ID (append “=” for spares) Product Description Minimum Software Version DWDM-GBIC Dense wavelength division multiplexing (DWDM) GBIC 12.1(20)E2 CWDM-GBIC Coarse wave division multiplexing (CWDM) GBIC 12.1(13)E WS-G5483 1000BASET GBIC 12.1(13)E WS-G5484 Short wavelength, 1000BASE-SX 12.
Supported Hardware Product Number (append with “=” for spares) Power Required Product Description Minimum Software Version WS-X6516-GBIC 3.40 A 12.1(8a)E WS-X6416-GBIC 2.81 A 16-port Gigabit Ethernet GBIC, CEF256 (dCEF256 with DFC), QoS port architecture (Rx/Tx): 1p1q4t/1p2q2t Number of ports: 16 Number of port groups: 2 Port ranges per port group: 1–8, 9–16 With CWDM-GBIC and WS-G5483 GBIC support 12.1(13)E With DWDM-GBIC support 12.
Supported Hardware 10/100/1000 Ethernet Switching Modules Product Number Power (append with “=” for spares) Required Product Description WS-X6548-GE-TX WS-X6548V-GE-TX 2.98 A 3.40 A 48-port 10/100/1000 Mbps, RJ-45, fabric-enabled (WS-X6548V-GE-TX has WS-F6K-VPWR-GE) QoS port architecture (Rx/Tx): 1q2t/1p2q2t Number of ports: 48 Number of port groups: 2 Port ranges per port group: 1–24, 25–48 Note WS-X6148-GE-TX WS-X6148V-GE-TX 2.47 A 2.89 A WS-X6516-GE-TX 3.45 A 12.
Supported Hardware Fast Ethernet Switching Modules Product Number Power (append with “=” for spares) Required Product Description Minimum Software Version WS-X6524-100FX-MM 1.90 A 24-port 100FX Ethernet multimode, fabric enabled, QoS port architecture (Rx/Tx): 1p1q0t/1p3q1t Number of ports: 24 Number of port groups: 1 Port ranges per port group: 1–24 12.1(8a)EX WS-X6324-100FX-SM WS-X6324-100FX-MM 1.52 A 1.
Supported Hardware Product Number Power (append with “=” for spares) Required Product Description Minimum Software Version WS-X6348-RJ-21V 12.1(8a)EX 2.39 A 48-port 10/100TX RJ-21, 128-KB per-port packet buffers, QoS port architecture (Rx/Tx): 1q4t/2q2t Number of ports: 48 Number of port groups: 4 Port ranges per port group: 1–12, 13–24, 25–36, 37–48 With WS-F6K-VPWR support 12.1(13)E WS-X6248-RJ-45 2.
Supported Hardware Ethernet Switching Module Product Number (append with “=” for spares) Power Required Product Description Minimum Software Version WS-X6024-10FL-MT 1.52 A 12.
Supported Hardware OC-48 Packet over SONET Note • Also has four Layer 2 Gigabit Ethernet GBIC ports, numbered 1 through 4. • Support for CWDM-GBIC and WS-G5483 GBIC on the Layer 2 ports requires Release 12.1(13)E1 or later. Product Number (append with “=” for spares) Power Required Product Description Minimum Software Version OSM-1OC48-POS-SS 4.25 A 12.
Supported Hardware Product Number (append with “=” for spares) Power Required Product Description Minimum Software Version OSM-4OC12-POS-MM 4.78 A 12.1(8a)E3 OSM-4OC12-POS-SI 4-port OC-12c/STM-4c POS, MM 4-port OC-12c/STM-4c POS, SM-IR OSM-4OC12-POS-SL 4-port OC-12c/STM-4c POS, SM-LR OSM-4OC12-POS-SI+ 4.55 A Enhanced 4-port OC-12c/STM-4c POS, SM-IR 12.1(13)E1 OSM-2OC12-POS-MM 3.36 A 2-port OC-12c/STM-4c POS, MM 12.
Supported Hardware • Support for CWDM-GBIC and WS-G5483 GBIC on the Layer 2 ports requires Release 12.1(13)E1 or later. Product Number (append with “=” for spares) Power Required Product Description Minimum Software Version OSM-1CHOC48/T3-SS 3.75 A 12.1(8a)E3 OSM-1CHOC48/T3-SI 1-port channelized OC-48, SM-SR 1-port channelized OC-48, SM-IR OC-12 Channelized Note • Also has four Layer 2 Gigabit Ethernet GBIC ports, numbered 1 through 4.
Supported Hardware Product Number (append with “=” for spares) Power Required Product Description Minimum Software Version OSM-2OC12-ATM-MM 3.62 A 12.1(8b)EX2 OSM-2OC12-ATM-SI 2-port OC-12/STM-4 ATM OSM, MM 2-port OC-12/STM-4 ATM OSM, SM-IR OSM-2OC12-ATM-MM+ 4.00 A OSM-2OC12-ATM-SI+ Enhanced 2-port OC-12/STM-4 ATM OSM, MM 12.
Supported Hardware Product Description Minimum Software Version PA-4T+ PA-8T-V35 PA-8T-X21 PA-8T-232 PA-MC-2E1/120 PA-MC-8T1 PA-MC-8E1/120 T1/E1 12.1(1)E PA-MC-2T1 PA-MC-4T1 T1/E1 12.1(8a)E3 PA-MC-8TE1+ Multichannel T1/E1 8PRI 12.1(12c)E1 Product Number (append with “=” for spares) Note This port adapter does not support ISDN PRI when installed in the FlexWAN module. PA-4E1G/75 PA-4E1G/120 T1/E1 12.1(19)E PA-H PA-2H HSSI 12.1(1)E PA-MC-STM-1 Multichannel STM-1 12.
Supported Hardware Firewall Services Module Product Number (append with “=” for spares) Power Required Product Description Minimum Software Version WS-SVC-FWM-1-K9 4.09 A 12.1(13)E Fabric-enabled Firewall Services Module Intrusion Detection System Modules (IDSMs) Product Number (append with “=” for spares) Power Required Product Description Minimum Software Version WS-X6381-IDS 1.31 A 12.1(8a)EX Intrusion Detection System Module Note WS-SVC-IDS2-BUN-K9 2.50 A 12.
Supported Hardware Content Switching Module (CSM) Product Number (append with “=” for spares) Power Required Product Description WS-X6066-SLB-APC 3.00 A Minimum Software Version Content Switching Module With Supervisor Engine 2 12.1(8a)E With Supervisor Engine 1 and MSFC2 12.1(6)E Content Services Gateway (CSG) Module Product Number (append with “=” for spares) Power Required Product Description Minimum Software Version WS-SVC-CSG-1 3.00 A 12.
Supported Hardware 7606 Power Supplies Product Number (append with “=” for spares) Product Description Minimum Software Version PWR-1900-AC 1900 W AC power supply 12.1(8a)EX PWR-1900-DC 1900 W DC power supply Other Power Supplies Product Number (append with “=” for spares) Product Description Minimum Software Version PWR-4000-DC 4000 W DC power supply 12.1(19)E WS-CAC-3000W 3,000 W AC power supply 12.1(13)E WS-CAC-4000W 4000 W (95.70 A) AC power supply 12.1(6)E WS-CAC-2500W 2500 W (55.
Supported Hardware Product Number (append “=” for spares) Product Description Minimum Software Version WS-C6K-6SLOT-FAN Standard-capacity fan tray for WS-C6506 chassis 12.1(1)E WS-C6K-6SLOT-FAN2 High-capacity fan tray for WS-C6506 chassis 12.1(20)E WS-C6K-9SLOT-FAN Standard-capacity fan tray for WS-C6509 chassis 12.1(1)E WS-C6K-9SLOT-FAN2 High-capacity fan tray for WS-C6509 chassis 12.1(20)E WS-C6509-NEB-FAN= Standard fan tray for WS-C6509-NEB 12.
Supported Hardware Product Number (append with “=” for spares) Product Description Minimum Software Version WS-C6509-E 12.
Unsupported Hardware Product Number (append with “=” for spares) Product Description Minimum Software Version WS-C6009 12.1(1)E Catalyst 6009 chassis: WS-C6006 • Does not support SFM, SFM2, or WS-F6K-DFC • 9 slots • 1024 chassis MAC addresses Catalyst 6006 chassis: • Does not support SFM, SFM2, or WS-F6K-DFC • 6 slots • 1024 chassis MAC addresses 12.1(1)E Unsupported Hardware The following hardware is not supported: • In Release 12.2(27b)E2 and later releases, Supervisor Engine 1.
Feature Sets • WS-SVC-MWAM-1 Multi-Processor WAN Application Module • WS-X6624-FXS, WS-X6608-T1, and WS-X6608-E1 voice modules • WS-X6101-OC12-MMF and WS-X6101-OC12-SMF ATM LANE modules • WS-X6302-MSM Multilayer Switch Module These modules remain powered down if detected and do not affect system behavior. Feature Sets These sections describe the feature sets: Note • Release 12.1(27b)E4, page 31 • Release 12.1(26)E9, page 34 • Release 12.1(23)E4, page 37 • Release 12.
Feature Sets • The k2 images support the IPsec Network Security feature (configured with the crypto ipsec command) in software and SSH access. • For information about the firewall images, which support Cisco firewall features in software, see the “Configuring Network Security” chapter in the Software Configuration Guide at this URL: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/swconfig/secure.htm Release Notes for Cisco IOS Release 12.
Feature Sets Release 12.1(27b)E4 Note For information about the size of Release 12.1(27b)E4 images, see the “Image Names and Sizes in Release 12.1(27b)E4” section. Feature Set Image Filename Enterprise: Supervisor Engine 2/MSFC2 images • Wire speed Layer 2 switching (bridging) c6sup22-js-mz.121-27b.
Feature Sets Feature Set Image Filename Desktop (no SSH or firewall support): Supervisor Engine 2/MSFC2 image Wire speed Layer 2 switching (bridging) Supports FlexWAN and OSM: c6sup22-dsv-mz.121-27b.E4 • Wire speed Layer 3 switching (routing) for IP (routing protocols include RIPv1, Supervisor Engine 1/MSFC2 image RIPv2, OSPF, IGRP, EIGRP, EGP, Supports FlexWAN and OSM: BGP4, and IS-IS; multicast routing c6sup12-dsv-mz.121-27b.
Feature Sets Feature Set Image Filename IP/IPX (no SSH or firewall support) : Supervisor Engine 2/MSFC2 image Wire speed Layer 2 switching (bridging) Supports FlexWAN and OSM: c6sup22-dsv-mz.121-27b.E4 • Wire speed Layer 3 switching (routing) for IP (routing protocols include RIPv1, Supervisor Engine 1/MSFC2 image RIPv2, OSPF, IGRP, EIGRP, EGP, Supports FlexWAN and OSM: BGP4, and IS-IS; multicast routing c6sup12-dsv-mz.121-27b.
Feature Sets Release 12.1(26)E9 Note • For information about the size of Release 12.1(26)E9 images, see the “Image Names and Sizes in Release 12.1(26)E9” section. • Release 12.1(26)E and rebuilds earlier than Release 12.1(26)E1 are deferred. Feature Set Image Filename Enterprise: Supervisor Engine 2/MSFC2 images • Wire speed Layer 2 switching (bridging) c6sup22-js-mz.121-26.
Feature Sets Feature Set Image Filename Desktop (no SSH or firewall support): Supervisor Engine 2/MSFC2 image Wire speed Layer 2 switching (bridging) Supports FlexWAN and OSM: c6sup22-dsv-mz.121-26.E9 • Wire speed Layer 3 switching (routing) for IP (routing protocols include RIPv1, Supervisor Engine 1/MSFC2 image RIPv2, OSPF, IGRP, EIGRP, EGP, Supports FlexWAN and OSM: BGP4, and IS-IS; multicast routing c6sup12-dsv-mz.121-26.
Feature Sets Feature Set Image Filename IP/IPX (no SSH or firewall support) : Supervisor Engine 2/MSFC2 image Wire speed Layer 2 switching (bridging) Supports FlexWAN and OSM: c6sup22-dsv-mz.121-26.E9 • Wire speed Layer 3 switching (routing) for IP (routing protocols include RIPv1, Supervisor Engine 1/MSFC2 image RIPv2, OSPF, IGRP, EIGRP, EGP, Supports FlexWAN and OSM: BGP4, and IS-IS; multicast routing c6sup12-dsv-mz.121-26.
Feature Sets Release 12.1(23)E4 Note • For information about the size of Release 12.1(23)E4 images, see the “Image Names and Sizes in Release 12.1(23)E4” section. • Release 12.1(23)E and rebuilds earlier than Release 12.1(23)E3 are deferred. Feature Set Image Filename Enterprise: Supervisor Engine 2/MSFC2 images • Wire speed Layer 2 switching (bridging) c6sup22-js-mz.121-23.
Feature Sets Feature Set Image Filename Desktop (no SSH or firewall support): Supervisor Engine 2/MSFC2 image Wire speed Layer 2 switching (bridging) Supports FlexWAN and OSM: c6sup22-dsv-mz.121-23.E4 • Wire speed Layer 3 switching (routing) for IP (routing protocols include RIPv1, Supervisor Engine 1/MSFC2 image RIPv2, OSPF, IGRP, EIGRP, EGP, Supports FlexWAN and OSM: BGP4, and IS-IS; multicast routing c6sup12-dsv-mz.121-23.
Feature Sets Feature Set Image Filename IP/IPX (no SSH or firewall support) : Supervisor Engine 2/MSFC2 image Wire speed Layer 2 switching (bridging) Supports FlexWAN and OSM: c6sup22-dsv-mz.121-23.E4 • Wire speed Layer 3 switching (routing) for IP (routing protocols include RIPv1, Supervisor Engine 1/MSFC2 image RIPv2, OSPF, IGRP, EIGRP, EGP, Supports FlexWAN and OSM: BGP4, and IS-IS; multicast routing c6sup12-dsv-mz.121-23.
Feature Sets • Release 12.1(22)E and rebuilds earlier than Release 12.1(22)E6 are deferred. Feature Set Image Filename Enterprise: Supervisor Engine 2/MSFC2 images • Wire speed Layer 2 switching (bridging) c6sup22-js-mz.121-22.
Feature Sets Feature Set Image Filename Desktop (no SSH or firewall support): Supervisor Engine 2/MSFC2 image Wire speed Layer 2 switching (bridging) Supports FlexWAN and OSM: c6sup22-dsv-mz.121-22.E6 • Wire speed Layer 3 switching (routing) for IP (routing protocols include RIPv1, Supervisor Engine 1/MSFC2 image RIPv2, OSPF, IGRP, EIGRP, EGP, Supports FlexWAN and OSM: BGP4, and IS-IS; multicast routing c6sup12-dsv-mz.121-22.
Feature Sets Feature Set Image Filename IP/IPX (no SSH or firewall support) : Supervisor Engine 2/MSFC2 image Wire speed Layer 2 switching (bridging) Supports FlexWAN and OSM: c6sup22-dsv-mz.121-22.E6 • Wire speed Layer 3 switching (routing) for IP (routing protocols include RIPv1, Supervisor Engine 1/MSFC2 image RIPv2, OSPF, IGRP, EIGRP, EGP, Supports FlexWAN and OSM: BGP4, and IS-IS; multicast routing c6sup12-dsv-mz.121-22.
Feature Sets • Release 12.1(20)E and rebuilds earlier than Release 12.1(20)E6 are deferred. Feature Set Image Filename Enterprise: Supervisor Engine 2/MSFC2 images • Wire speed Layer 2 switching (bridging) c6sup22-js-mz.121-20.
Feature Sets Feature Set Image Filename Desktop (no SSH or firewall support): Supervisor Engine 2/MSFC2 image Wire speed Layer 2 switching (bridging) Supports FlexWAN and OSM: c6sup22-dsv-mz.121-20.E6 • Wire speed Layer 3 switching (routing) for IP (routing protocols include RIPv1, Supervisor Engine 1/MSFC2 image RIPv2, OSPF, IGRP, EIGRP, EGP, Supports FlexWAN and OSM: BGP4, and IS-IS; multicast routing c6sup12-dsv-mz.121-20.
Feature Sets Feature Set Image Filename IP/IPX (no SSH or firewall support) : Supervisor Engine 2/MSFC2 image Wire speed Layer 2 switching (bridging) Supports FlexWAN and OSM: c6sup22-dsv-mz.121-20.E6 • Wire speed Layer 3 switching (routing) for IP (routing protocols include RIPv1, Supervisor Engine 1/MSFC2 image RIPv2, OSPF, IGRP, EIGRP, EGP, Supports FlexWAN and OSM: BGP4, and IS-IS; multicast routing c6sup12-dsv-mz.121-20.
Feature Sets • Release 12.1(13)E and rebuilds earlier than Release 12.1(13)E16 are deferred. Feature Set Image Filename Enterprise: Supervisor Engine 2/MSFC2 images • • Wire speed Layer 2 switching (bridging) Wire speed Layer 3 switching (routing) for IP (routing protocols include RIPv1, RIPv2, OSPF, IGRP, EIGRP, EGP, BGP4, and IS-IS; multicast routing protocols include PIM version 1 and 2, MBGP/MSDP, IGMP, and RGMP) c6sup22-js-mz.121-13.
Feature Sets Feature Set Image Filename Desktop (no SSH or firewall support): Supervisor Engine 2/MSFC2 image Wire speed Layer 2 switching (bridging) Supports FlexWAN and OSM: c6sup22-dsv-mz.121-13.
Feature Sets Feature Set Image Filename IP/IPX (no SSH or firewall support) : Supervisor Engine 2/MSFC2 image • • Wire speed Layer 2 switching (bridging) Supports FlexWAN and OSM: c6sup22-dsv-mz.121-13.E17 Wire speed Layer 3 switching (routing) for IP (routing protocols include RIPv1, RIPv2, OSPF, IGRP, EIGRP, EGP, BGP4, and IS-IS; multicast routing protocols include PIM version 1 and 2, MBGP/MSDP, IGMP, and RGMP) Supervisor Engine 1/MSFC2 image Supports FlexWAN and OSM: c6sup12-dsv-mz.121-13.
Feature Sets • Release 12.1(8b)E and rebuilds earlier than Release 12.1(8b)E19 are deferred. Image Filename Note Feature Set Enterprise: Orderable Product Number1 All images include FlexWAN support. All Supervisor Engine 2 images include OSM support.
Feature Sets Image Filename Note Feature Set Service Provider: Orderable Product Number1 All images include FlexWAN support. All Supervisor Engine 2 images include OSM support.
Image Names and Sizes Release 12.1(5c)E12 Release 12.1(5a)E and rebuilds are deferred. Release 12.1(4)E1 Release 12.1(4)E and rebuilds are deferred. Release 12.1(3a)E7 Release 12.1(3a)E and rebuilds are deferred. Release 12.1(2)E2 Release 12.1(2)E and rebuilds are deferred. Release 12.1(1)E6 Release 12.1(1)E and rebuilds are deferred. Image Names and Sizes For detailed information about image names and sizes, refer to this publication: http://www.cisco.
New Features • New Features in Release 12.1(26)E6, page 57 • New Features in Release 12.1(26)E5, page 57 • New Features in Release 12.1(26)E4, page 58 • New Features in Release 12.1(26)E3, page 58 • New Features in Release 12.1(26)E2, page 58 • New Features in Release 12.1(26)E1, page 59 • New Features in Release 12.1(26)E, page 59 • New Features in Release 12.1(23)E4, page 59 • New Features in Release 12.1(23)E3, page 60 • New Features in Release 12.
New Features • New Features in Release 12.1(13)E6, page 72 • New Features in Release 12.1(13)E5, page 72 • New Features in Release 12.1(13)E4, page 73 • New Features in Release 12.1(13)E3, page 73 • New Features in Release 12.1(13)E1, page 74 • New Features in Release 12.1(13)E, page 75 • New Features in Release 12.1(12c)E5, page 79 • New Features in Release 12.1(12c)E4, page 79 • New Features in Release 12.1(12c)E2, page 79 • New Features in Release 12.
New Features • New Features in Release 12.1(7a)E6, page 97 • New Features in Release 12.1(7a)E1, page 97 • New Features in Release 12.1(7)E, page 97 • New Features in Release 12.1(6)E8, page 98 • New Features in Release 12.1(6)E1, page 98 • New Features in Release 12.1(6)E, page 99 • New Features in Release 12.1(5c)E12, page 99 • New Features in Release 12.1(5c)E10, page 100 • New Features in Release 12.1(5c)E9, page 100 • New Features in Release 12.
New Features New Features in Release 12.1(27b)E3 These sections describe the new features in Release 12.1(27b)E3, 10 Aug 2007: • New Hardware Features in Release 12.1(27b)E3, page 55 • New Software Features in Release 12.1(27b)E3, page 55 New Hardware Features in Release 12.1(27b)E3 None. New Software Features in Release 12.1(27b)E3 None. New Features in Release 12.1(27b)E2 These sections describe the new features in Release 12.1(27b)E2, 12 Jun 2007: • New Hardware Features in Release 12.
New Features New Features in Release 12.1(27b)E These sections describe the new features in Release 12.1(27b)E, 02 Mar 2006: • New Hardware Features in Release 12.1(27b)E, page 56 • New Software Features in Release 12.1(27b)E, page 56 New Hardware Features in Release 12.1(27b)E None. New Software Features in Release 12.1(27b)E None. New Features in Release 12.1(26)E9 These sections describe the new features in Release 12.1(26)E9, 10 Aug 2007: • New Hardware Features in Release 12.
New Features New Features in Release 12.1(26)E7 These sections describe the new features in Release 12.1(26)E7, 08 Jun 2006: • New Hardware Features in Release 12.1(26)E7, page 57 • New Software Features in Release 12.1(26)E7, page 57 New Hardware Features in Release 12.1(26)E7 None. New Software Features in Release 12.1(26)E7 None. New Features in Release 12.1(26)E6 These sections describe the new features in Release 12.1(26)E6, 06 Feb 2006: • New Hardware Features in Release 12.
New Features New Features in Release 12.1(26)E4 These sections describe the new features in Release 12.1(26)E4, 20 Oct 2005: • New Hardware Features in Release 12.1(26)E4, page 58 • New Software Features in Release 12.1(26)E4, page 58 New Hardware Features in Release 12.1(26)E4 None. New Software Features in Release 12.1(26)E4 None. New Features in Release 12.1(26)E3 These sections describe the new features in Release 12.1(26)E3, 22 Aug 2005: • New Hardware Features in Release 12.
New Features New Features in Release 12.1(26)E1 These sections describe the new features in Release 12.1(26)E1, 28 Mar 2005: • New Hardware Features in Release 12.1(26)E1, page 59 • New Software Features in Release 12.1(26)E1, page 59 New Hardware Features in Release 12.1(26)E1 None. New Software Features in Release 12.1(26)E1 None. New Features in Release 12.1(26)E These sections describe the new features in Release 12.1(26)E, 10 Jan 2005: • New Hardware Features in Release 12.
New Features New Features in Release 12.1(23)E3 These sections describe the new features in Release 12.1(23)E3, 05 May 2005: • New Hardware Features in Release 12.1(23)E3, page 60 • New Software Features in Release 12.1(23)E3, page 60 New Hardware Features in Release 12.1(23)E3 None. New Software Features in Release 12.1(23)E3 None. New Features in Release 12.1(23)E2 These sections describe the new features in Release 12.1(23)E2, 04 Nov 2004: • New Hardware Features in Release 12.
New Features New Features in Release 12.1(23)E These sections describe the new features in Release 12.1(23)E, 29 Jul 2004: • New Hardware Features in Release 12.1(23)E, page 61 • New Software Features in Release 12.1(23)E, page 61 New Hardware Features in Release 12.1(23)E None. New Software Features in Release 12.1(23)E • Support for the mls netflow maximum-flows command.
New Features New Software Features in Release 12.1(22)E5 None. New Features in Release 12.1(22)E4 These sections describe the new features in Release 12.1(22)E4, 06 Dec 2004: • New Hardware Features in Release 12.1(22)E4, page 62 • New Software Features in Release 12.1(22)E4, page 62 New Hardware Features in Release 12.1(22)E4 None. New Software Features in Release 12.1(22)E4 None. New Features in Release 12.1(22)E3 These sections describe the new features in Release 12.
New Features New Software Features in Release 12.1(22)E2 None. New Features in Release 12.1(22)E1 These sections describe the new features in Release 12.1(22)E1, 20 Apr 2004: • New Hardware Features in Release 12.1(22)E1, page 63 • New Software Features in Release 12.1(22)E1, page 63 New Hardware Features in Release 12.1(22)E1 None. New Software Features in Release 12.1(22)E1 None. New Features in Release 12.1(22)E These sections describe the new features in Release 12.
New Features New Software Features in Release 12.1(20)E6 None. New Features in Release 12.1(20)E3 These sections describe the new features in Release 12.1(20)E3, 20 Apr 2004: • New Hardware Features in Release 12.1(20)E3, page 64 • New Software Features in Release 12.1(20)E3, page 64 New Hardware Features in Release 12.1(20)E3 None. New Software Features in Release 12.1(20)E3 None. New Features in Release 12.1(20)E2 These sections describe the new features in Release 12.
New Features New Software Features in Release 12.1(20)E • Custom IEEE 802.1Q Ethertypes—Refer to this publication: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/swconfig/layer2.htm#1054196 New Features in Release 12.1(19)E1a These sections describe the new features in Release 12.1(19)E1a, 06 Aug 2003: Note • New Hardware Features in Release 12.1(19)E1a, page 65 • New Software Features in Release 12.1(19)E1a, page 65 Release 12.
New Features New Hardware Features in Release 12.1(19)E1 • 16-port Gigabit Ethernet switching module, fabric-enabled (WS-X6516A-GBIC) • 48-port 10/100/1000 Mbps switching module, fabric-enabled (WS-X6548-GE-TX; WS-X6548V-GE-TX provides inline power to IP telephones with WS-F6K-VPWR-GE). Note • 48-port 10/100/1000 Mbps switching module (WS-X6148-GE-TX; WS-X6148V-GE-TX provides inline power to IP telephones with WS-F6K-VPWR-GE).
New Features New Software Features in Release 12.1(19)E1 • The [no] mls ip multicast command was extended to FlexWAN module ATM subinterfaces. (CSCeb29878) New Features in Release 12.1(19)E These sections describe the new features in Release 12.1(19)E, 03 Jun 2003: • New Hardware Features in Release 12.1(19)E, page 67 • New Software Features in Release 12.1(19)E, page 67 New Hardware Features in Release 12.1(19)E • 4000 W DC-power supply (PWR-4000-DC) New Software Features in Release 12.
New Features Note The MAC address move notification feature does not generate a notification when a new MAC address is added to the CAM or when a MAC address is removed from the CAM. New Features in Release 12.1(14)E Note All images in Release 12.1(14)E have been deferred. These sections describe the new features in Release 12.1(14)E, 16 Dec 2002: • New Hardware Features in Release 12.1(14)E, page 68 • New Software Features in Release 12.1(14)E, page 68 New Hardware Features in Release 12.
New Features New Features in Release 12.1(13)E16 These sections describe the new features in Release 12.1(13)E16, 10 May 2005: • New Hardware Features in Release 12.1(13)E16, page 69 • New Software Features in Release 12.1(13)E16, page 69 New Hardware Features in Release 12.1(13)E16 None. New Software Features in Release 12.1(13)E16 None. New Features in Release 12.1(13)E15 These sections describe the new features in Release 12.1(13)E15, 12 Aug 2004: • New Hardware Features in Release 12.
New Features New Features in Release 12.1(13)E13 These sections describe the new features in Release 12.1(13)E13, 19 Jan 2004: • New Hardware Features in Release 12.1(13)E13, page 70 • New Software Features in Release 12.1(13)E13, page 70 New Hardware Features in Release 12.1(13)E13 None. New Software Features in Release 12.1(13)E13 • Support for the mls qos trust [dscp | ip-precedence | cos] command on WS-X6148-RJ-45, WS-X6148-RJ-45V, WS-X6148-RJ-21 and WS-X6148-RJ-21V switching modules.
New Features New Features in Release 12.1(13)E10 These sections describe the new features in Release 12.1(13)E10, 08 Sep 2003: • New Hardware Features in Release 12.1(13)E10, page 71 • New Software Features in Release 12.1(13)E10, page 71 New Hardware Features in Release 12.1(13)E10 None. New Software Features in Release 12.1(13)E10 None. New Features in Release 12.1(13)E9 These sections describe the new features in Release 12.1(13)E9, 14 Jul 2003: • New Hardware Features in Release 12.
New Features New Features in Release 12.1(13)E7 These sections describe the new features in Release 12.1(13)E7, 23 Jun 2003: • New Hardware Features in Release 12.1(13)E7, page 72 • New Software Features in Release 12.1(13)E7, page 72 New Hardware Features in Release 12.1(13)E7 None. New Software Features in Release 12.1(13)E7 None. New Features in Release 12.1(13)E6 These sections describe the new features in Release 12.1(13)E6, 21 Apr 2003: • New Hardware Features in Release 12.
New Features – WS-X6548-RJ-21 (CSCdy04156) • The WAN ports on the OSM-2+4GE-WAN+ module support a minimum allowable shaping rate of 1 MB. New Features in Release 12.1(13)E4 These sections describe the new features in Release 12.1(13)E4, 03 Feb 2003: • New Hardware Features in Release 12.1(13)E4, page 73 • New Software Features in Release 12.1(13)E4, page 73 New Hardware Features in Release 12.1(13)E4 • Initial support for the Cisco 7613 Internet Router chassis. New Software Features in Release 12.
New Features New Software Features in Release 12.1(13)E3 For information on software features supported on the OSMs, refer to this URL: http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/cfgnotes/osm_inst/index.htm • General Packet Radio Service (GPRS) load balancing for the Server Load Balancing (SLB) module—Refer to this publication: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121e/121e1 3/iosslb13.
New Features • Protocol tunneling over EoMPLS—Support for Layer 2 protocol tunneling over an EoMPLS link allows protocol data units (PDUs) (CDP, STP, and VTP) to be tunneled through an MPLS network. • Route Processor Redundancy+ (RPR+) support for all OSMs • Hierarchical traffic-shaping support for Frame Relay Encapsulation • QoS with Frame Relay encapsulation • DSCP-based WRED • QoS support for RFC 1483 and BRE New Features in Release 12.
New Features New Software Features in Release 12.1(13)E • Support for these CiscoView Device Managers: – CiscoView Device Manager for Cisco Catalyst 6500 Series Switch 1.0 and 1.1 (CVDM-C6500) CVDM-C6500 resides in the switch and manages several Layer 2 and Layer 3 features for a single chassis. It is a task-based tool that eases the initial setup and deployment of end-to-end services across modules by offering configuration templates based on recommended practices.
New Features • Remote SPAN—For more information, go to this URL: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/swconfig/span.htm • MAC address-based traffic blocking—For more information, go to this URL: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/swconfig/secure.htm • SNMP ifindex persistence—For more information, go to this URL: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/swconfig/ifindex.
New Features Release 12.1(13)E supports these software features, which were previously supported in 12.1(11b)EX releases: • Configuration of Layer 2 EtherChannels that include interfaces on different DFC-equipped switching modules (see CSCdt27074 in the “Resolved General Caveats in Release 12.1(13)E” section on page 249.) • Route Processor Redundancy Plus (RPR+) redundancy—For more information, go to this URL: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/swconfig/redund.
New Features • SPAN destination ports can be configured as trunks so that all SPAN traffic is tagged—For more information, go to this URL: http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/swconfig/span.htm New Features in Release 12.1(12c)E5 These sections describe the new features in Release 12.1(12c)E5, 28 Oct 2002: • New Hardware Features in Release 12.1(12c)E5, page 79 • New Software Features in Release 12.1(12c)E5, page 79 New Hardware Features in Release 12.1(12c)E5 None.
New Features New Software Features in Release 12.1(12c)E2 None. New Features in Release 12.1(12c)E1 These sections describe the new features in Release 12.1(12c)E1, 05 Aug 2002: • New Hardware Features in Release 12.1(12c)E1, page 80 • New Software Features in Release 12.1(12c)E1, page 80 New Hardware Features in Release 12.1(12c)E1 • Support for the following OSMs: – OSM-2OC48/1DPT-SS, -SI, SL—2-port OC-48 DPT/POS with 4 Gigabit Ethernet LAN ports.
New Features • Traffic storm control—Prevents LAN ports from being disrupted by a broadcast, multicast, or unicast traffic storm on physical interfaces. • Support for the following PFC QoS policy map class commands: – set ip dscp – set ip precedence • Support for the no mls qos channel-consistency command, which supports EtherChannels that have interfaces with and without strict-priority queues when QoS is enabled.
New Features New Features in Release 12.1(11b)E11 These sections describe the new features in Release 12.1(11b)E11, 2 Jan 2003: • New Hardware Features in Release 12.1(11b)E11, page 82 • New Software Features in Release 12.1(11b)E11, page 82 New Hardware Features in Release 12.1(11b)E11 None. New Software Features in Release 12.1(11b)E11 None. New Features in Release 12.1(11b)E7 These sections describe the new features in Release 12.1(11b)E7, 26 Aug 2002: • New Hardware Features in Release 12.
New Features New Features in Release 12.1(11b)E3 These sections describe the new features in Release 12.1(11b)E3, 13 May 2002: • New Hardware Features in Release 12.1(11b)E3, page 83 • New Software Features in Release 12.1(11b)E3, page 83 New Hardware Features in Release 12.1(11b)E3 None. New Software Features in Release 12.1(11b)E3 None. New Features in Release 12.1(11b)E2 Note All images in Release 12.1(11b)E2 are deferred. These sections describe the new features in Release 12.
New Features New Hardware Features in Release 12.1(11b)E1 None. New Software Features in Release 12.1(11b)E1 None. New Features in Release 12.1(11b)E Note All images in Release 12.1(11b)E have been deferred. These sections describe the new features in Release 12.1(11b)E, 28 Feb 2002: • New Hardware Features in Release 12.1(11b)E, page 84 • New Software Features in Release 12.1(11b)E, page 85 New Hardware Features in Release 12.1(11b)E • Release 12.
New Features New Software Features in Release 12.1(11b)E For information on software features supported on the OSMs, refer to this URL: http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/cfgnotes/osm_inst/index.htm Release 12.
New Features • With Supervisor Engine 2, new command to set the boot-up diagnostic level: diagnostic level [minimal | complete | bypass] • New command to configure the fabric switching mode: [no] fabric switching-mode allow {bus-mode | {truncated [{threshold [number]}]} • New command to make the SFM required for system operation: [no] fabric required • PortFast support for trunks.
New Features • Support for the Network Analysis Module with Supervisor Engine 1 and MSFC2.CSCed81316 • Support for RADIUS load balancing and Virtual Private Networking (VPN) load balancing. Release 12.1(11b)E provides initial support in 12.1E for the following software features (these features were previously supported in 12.
New Features http://www.cisco.com/cgi-bin/tablebuild.pl/qdm • Troubleshooting DCEF synchronization—The following commands help to troubleshoot DCEF synchronization problems on a Supervisor Engine 2: – ip cef table consistency-check – show ip cef inconsistency – clear ip cef epoch full – clear ip cef inconsistency – Refer to the online publications at these URLs: – http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fswtch_r/index.htm http://www.cisco.
New Features New Software Features in Release 12.1(8b)E19 None. New Features in Release 12.1(8b)E18 These sections describe the new features in Release 12.1(8b)E18, 19 Jan 2004: • New Hardware Features in Release 12.1(8b)E18, page 89 • New Software Features in Release 12.1(8b)E18, page 89 New Hardware Features in Release 12.1(8b)E18 None. New Software Features in Release 12.1(8b)E18 None. New Features in Release 12.1(8b)E16 These sections describe the new features in Release 12.
New Features New Software Features in Release 12.1(8b)E15 None. New Features in Release 12.1(8b)E14 These sections describe the new features in Release 12.1(8b)E14, 28 Apr 2003: • New Hardware Features in Release 12.1(8b)E14, page 90 • New Software Features in Release 12.1(8b)E14, page 90 New Hardware Features in Release 12.1(8b)E14 None. New Software Features in Release 12.
New Features New Software Features in Release 12.1(8b)E12 None. New Features in Release 12.1(8b)E11 These sections describe the new features in Release 12.1(8b)E11, 28 May 2002: • New Hardware Features in Release 12.1(8b)E11, page 91 • New Software Features in Release 12.1(8b)E11, page 91 New Hardware Features in Release 12.1(8b)E11 None. New Software Features in Release 12.1(8b)E11 None. New Features in Release 12.1(8b)E10 These sections describe the new features in Release 12.
New Features New Software Features in Release 12.1(8b)E9 None. New Features in Release 12.1(8b)E8 These sections describe the new features in Release 12.1(8b)E8, 21 Jan 2002: • New Hardware Features in Release 12.1(8b)E8, page 92 • New Software Features in Release 12.1(8b)E8, page 92 New Hardware Features in Release 12.1(8b)E8 None. New Software Features in Release 12.1(8b)E8 None. New Features in Release 12.1(8b)E7 These sections describe the new features in Release 12.
New Features New Software Features in Release 12.1(8b)E6 Release 12.1(8b)E6 supports these new features: • The new show mls cef lookup command, which displays the longest FIB prefix match (CSCdv64090).
New Features New Features in Release 12.1(8a)E3 These sections describe the new features in Release 12.1(8a)E3, 20 Aug 2001: • New Hardware Features in Release 12.1(8a)E3, page 94 • New Software Features in Release 12.1(8a)E3, page 94 New Hardware Features in Release 12.1(8a)E3 Release 12.
New Features New Features in Release 12.1(8a)E These sections describe the new features in Release 12.1(8a)E, 11 Jul 2001: Note • New Hardware Features in Release 12.1(8a)E, page 95 • New Software Features in Release 12.1(8a)E, page 96 Release 12.1(8a)E is deferred. New Hardware Features in Release 12.1(8a)E Release 12.1(8a)E provides initial Release 12.
New Features New Software Features in Release 12.1(8a)E Release 12.1(8a)E supports these new software features: • Support for source specific multicast with IGMPv3, IGMP v3lite, and URD. For complete information and procedures, refer to this URL: http//www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t5/dtssm5t.ht m • Support for chassis with reduced MAC address allocation.
New Features – WCCP • With PFC2, dual-rate aggregate policing • Per-VLAN statistics, displayed with the show interface vlan vlan_ID | include Switched command • Broadcast suppression for both Layer 3 and Layer 2 interfaces • With PFC2, Layer 4-based EtherChannel frame distribution New Features in Release 12.1(7a)E6 These sections describe the new features in Release 12.1(7a)E6, 15 Feb 2002: • New Hardware Features in Release 12.1(7a)E6, page 97 • New Software Features in Release 12.
New Features New Hardware Features in Release 12.1(7)E Release 12.1(7)E provides initial support with Supervisor Engine 1 for the PA-MC-STM-1 multichannel STM-1 port adapter in the FlexWAN module. Refer to this online publication: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121limit/121e/121e7/12e _stm.htm New Software Features in Release 12.1(7)E Release 12.
New Features New Hardware Features in Release 12.1(6)E1 None. New Software Features in Release 12.1(6)E1 None. New Features in Release 12.1(6)E These sections describe the new features in Release 12.1(6)E, 26 Mar 2001: • New Hardware Features in Release 12.1(6)E, page 99 • New Software Features in Release 12.1(6)E, page 99 New Hardware Features in Release 12.1(6)E Release 12.1(6)E provides initial support with Supervisor Engine 1 for the Content Switching Module (WS-X6066-SLB-APC).
New Features New Features in Release 12.1(5c)E10 These sections describe the new features in Release 12.1(5c)E10, 02 Apr 2001: • New Hardware Features in Release 12.1(5c)E10, page 100 • New Software Features in Release 12.1(5c)E10, page 100 New Hardware Features in Release 12.1(5c)E10 None. New Software Features in Release 12.1(5c)E10 None. New Features in Release 12.1(5c)E9 These sections describe the new features in Release 12.1(5c)E9, 27 Mar 2001: • New Hardware Features in Release 12.
New Features New Features in Release 12.1(5a)E3 These sections describe the new features in Release 12.1(5a)E3, 22 Jan 2001: • New Hardware Features in Release 12.1(5a)E3, page 101 • New Software Features in Release 12.1(5a)E3, page 101 New Hardware Features in Release 12.1(5a)E3 None. New Software Features in Release 12.1(5a)E3 None. New Features in Release 12.1(5a)E1 These sections describe the new features in Release 12.1(5a)E1, 28 Dec 2000: • New Hardware Features in Release 12.
New Features • To support the requirements of future hardware and provide compatibility with previous releases, the interface port-channel channel-group command has been changed to support up to 64 values within the range 1 to 256. • With Release 12.1(5a)E1 and later: – The IP feature set image is replaced with the service provider feature set image, which provides the same features, and includes service provider features.
New Features New Features in Release 12.1(3a)E4 These sections describe the new features in Release 12.1(3a)E4, 24 Oct 2000: • New Hardware Features in Release 12.1(3a)E4, page 103 • New Software Features in Release 12.1(3a)E4, page 103 New Hardware Features in Release 12.1(3a)E4 None. New Software Features in Release 12.1(3a)E4 None. New Features in Release 12.1(3a)E3 These sections describe the new features in Release 12.1(3a)E3, 10 Oct 2000: • New Hardware Features in Release 12.
New Features Note • IP MMLS global threshold—Refer to the “Configuring IP Multicast Layer 3 Switching” chapter of the Catalyst 6500 Series Cisco IOS Software Configuration Guide and to the Catalyst 6500 Series Cisco IOS Command Reference publication. • Aggressive UniDirectional Link Detection (UDLD)—Refer to the “Configuring UDLD” chapter of the Catalyst 6500 Series Cisco IOS Software Configuration Guide and to the Catalyst 6500 Series Cisco IOS Command Reference publication.
New Features • WS-X6416-GBIC—16-port Gigabit GBIC Ethernet switching module • WS-6316-GE-TX—16-port Gigabit Ethernet RJ-45 switching module • WS-X6348-RJ-45—48-port 10/100TX RJ-45 Ethernet switching module with 128 KB per-port packet buffers • WS-X6324-100FX—24-port 100FX Ethernet switching module with 128 KB per-port packet buffers New Software Features in Release 12.1(2)E Release 12.
New Features http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/comref/index.htm • UniDirectional Link Detection—Refer to the “Configuring UDLD” chapter of the Catalyst 6500 Series Cisco IOS Software Configuration Guide and to the Catalyst 6500 Series Cisco IOS Command Reference publication. • Local proxy ARP—Refer to the Catalyst 6500 Series Cisco IOS Command Reference publication for information about the ip local-proxy-arp command.
New Features New Features in Release 12.1(1)E These sections describe the new features in Release 12.1(1)E: • New Hardware Features in Release 12.1(1)E, page 107 • New Software Features in Release 12.1(1)E, page 107 New Hardware Features in Release 12.1(1)E None. New Software Features in Release 12.1(1)E Release 12.1(1)E supports these new software features: • Quality of service (QoS) supports IPX and MAC-layer traffic, in addition to IP traffic.
New Features • The Layer 2 features are as follows: Note The following chapter references are to the Catalyst 6500 Series Cisco IOS Software Configuration Guide.
Features Not Supported • These services are supported in this release: – Standard Domain Naming System (DNS) support (refer to the Cisco IOS Network Protocols Configuration Guide, Part 1, and the Cisco IOS Network Protocols Command Reference publication, Part 1) – Dynamic Host Configuration Protocol (DHCP); (refer to Cisco IOS IP and IP Routing Configuration Guide, Release 12.
Limitations and Restrictions • System warning and error counter enhancements implemented in Catalyst software release 6.
Limitations and Restrictions • These modules do not support Inter-Switch Link (ISL) VLAN trunking: – WS-X6502-10GE – WS-X6548-GE-TX – WS-X6148-GE-TX • The link state messages (“LINK-3-UPDOWN” and “LINEPROTO-5-UPDOWN”) are disabled by default. With Release 12.1(19)E1a and later releases, enter the logging event link status command on each interface where you want the messages enabled. • In Release 12.1(19)E and later releases, you cannot disable IP routing.
Limitations and Restrictions Workaround: Use a Flash PC card in slot0 to run these images and make sure there is at least 1 MB free on the supervisor engine bootflash in case the system needs to save crash information. (CSCdx48936) • Traffic flow and SNMP connectivity is interrupted briefly if you perform an online insertion and removal (OIR) that changes the number of fabric-enabled modules so that the switch must use a different fabric channel switching mode.
Limitations and Restrictions • Integrated routing and bridging (IRB) and concurrent routing and bridging (CRB) have deliberately been disabled on the Catalyst 6500 series switches and Cisco 7600 Series Routers. You should use routable Layer 2 VLANs and VLAN interfaces for normal bridging and interVLAN routing. Bridge groups are supported only to bridge nonrouted protocols. • With Release 12.1(6)E or later, FlexWAN module interfaces support dNBAR. Do not configure NBAR on other interfaces.
Limitations and Restrictions – If you configure more than 16 HSRP groups, this restriction prevents use of the VLAN number as the HSRP group number. • A Supervisor Engine 1 must have ROMMON version 5.2(1) or later. • You must have a boot loader image in an MSFC1 bootflash device to boot successfully. Do not reset the switch when there is no boot loader image in the MSFC1 bootflash device.
Limitations and Restrictions To eliminate the load imposed on the MSFC CPU by the task of dropping denied packets and generating ICMP-unreachable messages, do the following: – With Supervisor Engine 1, enter the no ip unreachables interface configuration command. – With Supervisor Engine 2, enter the no ip unreachables and the no ip redirects interface configuration commands. (CSCdr33918) • MAC address-based Cisco IOS ACLs are not supported for packets that are Layer 3 switched in hardware.
Limitations and Restrictions configuration commands can be applied to EtherChannel interfaces. Other QoS queueing configuration commands can be applied, however, to individual EtherChannel physical interfaces. After the physical interfaces are bundled into an EtherChannel, QoS classification, marking, and policing by the Policy Feature Card (PFC) for the channel packets is determined by the service-policy attached to the EtherChannel interface.
Limitations and Restrictions • The interface range command is not supported by the HTTP user interface. The command will execute on only the first interface in the specified range. Do not use the interface range command with the HTTP interface. (CSCdm54471) • Supervisor Engine 2 and Supervisor Engine 1 typically are able to learn at least 32 K MAC addresses. • When you boot Release 12.
Limitations and Restrictions OSM Limitations and Restrictions • If you use the Class-Based Weighted Fair Queueing (CBWFQ) shape average command and apply the configured policy map to an interface on an OSM, traffic-shaping accuracy cannot be guaranteed if the target bit rate specified is less than 256,000 bits per second. (CSCea06515) • For the OC-12 ATM OSM, the Common Part Convergence Sub-layer User-to-User (CPCS-UU) field in the AAL5 CPCS PDU cannot be set, cleared, or transported correctly.
Caveats Caveats These sections describe caveats: Note • Release 12.1(27b)E and Rebuilds, page 119 • Release 12.1(26)E and Rebuilds, page 132 • Release 12.1(23)E and Rebuilds, page 159 • Release 12.1(22)E and Rebuilds, page 173 • Release 12.1(20)E and Rebuilds, page 192 • Release 12.1(19)E and Rebuilds, page 212 • Release 12.1(14)E, page 220 • Release 12.1(13)E and Rebuilds, page 226 • Release 12.1(12c)E and Rebuilds, page 262 • Release 12.1(11b)E and Rebuilds, page 270 • Release 12.
Caveats General Caveats • Open General Caveats in Release 12.1(27b)E4, page 120 • Resolved General Caveats in Release 12.1(27b)E4, page 120 • Resolved General Caveats in Release 12.1(27b)E3, page 121 • Resolved General Caveats in Release 12.1(27b)E2, page 121 • Resolved General Caveats in Release 12.1(27b)E1, page 123 • Resolved General Caveats in Release 12.1(27b)E, page 125 Open General Caveats in Release 12.1(27b)E4 None. Resolved General Caveats in Release 12.
Caveats Resolved General Caveats in Release 12.1(27b)E3 • CSCin95836—Resolved in Release 12.1(27b)E3. The Cisco Next Hop Resolution Protocol (NHRP) feature in Cisco IOS contains a vulnerability that can result in a restart of the device or possible remote code execution. NHRP is a primary component of the Dynamic Multipoint Virtual Private Network (DMVPN) feature.
Caveats • In rare situations, intensive SNMP polling might use all available I/O memory. This problem is resolved in Release 12.1(27b)E2. (CSCeg11566) • For a system configured as an IP HTTP server, tracebacks and a reload might occur during HTTP transactions with URL tokens greater than 128 characters long. A token is a string delimited by slashes in a URL. This problem is resolved in Release 12.1(27b)E2.
Caveats There are workarounds available for this vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070110-dlsw.shtml This problem is resolved in Release 12.1(27b)E2. (CSCsf28840) • A very slow memory leak might occur in the medium buffers. This problem occurs on a system configured with a distributed EtherChannel (DEC). When this problem occurs, MALLOCFAIL messages are displayed in the switch processor log. This problem is resolved in Release 12.1(27b)E2.
Caveats There are workarounds available to mitigate the effects of the vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-tcp.shtml This problem is resolved in Release 12.1(27b)E1. (CSCek37177) • Symptoms: A router may crash if it receives a packet with a specific crafted IP option as detailed in Cisco Security Advisory: Crafted IP Option Vulnerability: http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.
Caveats • With a tunnel configured to use an ATM interface, one end of the tunnel cannot ping the other end until you bring either end of the tunnel interface down and up. This problem is resolved in Release 12.1(27b)E1. (CSCse40423) • Cisco IOS BGP is implemented with limits of 255 standard communities and 128 extended communities. RFC1771 Border Gateway Protocol 4 (BGP4) specifies that these communities should not be limited. This problem is resolved in Release 12.1(27b)E1.
Caveats • Data Link Switching (DLSw) circuits might not connect using DLSw Ethernet redundancy.
Caveats • After you enter the snmp-server enable traps sonet command, the no snmp-server enable traps sonet command fails. If you enter the show run command, you will see that the traps are still enabled. This problem is resolved in Release 12.1(27b)E. (CSCeg41564) • In RPR+ mode, when the standby supervisor engine is reset, an SNMP ModuleDown trap indicates that a specific module has been powered down or reloaded. The moduleType in this trap is 1 (other) instead of the correct value.
Caveats • Memory loss might occur with Web Cache Communication Protocol (WCCP) configured. This problem is resolved in Release 12.1(27b)E. (CSCeh79880) • A system might require several attempts to initialize. If you set the diagnostics bootup level to bypass, the following message might be displayed: %SM-SP-4-BADEVENT: Event 'online' is invalid for the current state 'check_power_on' This problem is resolved in Release 12.1(27b)E.
Caveats FlexWAN Caveats • Open FlexWAN Caveats in Release 12.1(27b)E2, page 129 • Resolved FlexWAN Caveats in Release 12.1(27b)E2, page 129 • Resolved FlexWAN Caveats in Release 12.1(27b)E1, page 129 • Resolved FlexWAN Caveats in Release 12.1(27b)E, page 129 Open FlexWAN Caveats in Release 12.1(27b)E2 None. Resolved FlexWAN Caveats in Release 12.1(27b)E2 • When other modules have large configurations, an E1 controller on a PA-MC-8TE1+ port adapter might not be active following a reload.
Caveats • When you use the show controller command to display the serial interface counters, they may stop incrementing for the input and output rate and the input and output packet counts. This problem occurs on a system configured with a PA-MC-E3 or a PA-MC-8E1 port adapter. The problem does not effect traffic flow. This problem is resolved in Release 12.1(27b)E.
Caveats • Cisco Catalyst 6000, 6500 series and Cisco 7600 series that have a Network Analysis Module installed are vulnerable to an attack, which could allow an attacker to gain complete control of the system. Only Cisco Catalyst systems that have a NAM on them are affected. This vulnerability affects systems that run Cisco IOS or Catalyst Operating System (CatOS). Cisco has made free software available to address this vulnerability for affected customers.
Caveats Release 12.1(26)E and Rebuilds Note • General Caveats, page 132 • FlexWAN Caveats, page 152 • Service Module Caveats, page 155 • OSM Caveats, page 157 The caveat lists for Release 12.1(26)E and rebuilds are updated frequently. General Caveats • Open General Caveats in Release 12.1(26)E9, page 132 • Resolved General Caveats in Release 12.1(26)E9, page 132 • Resolved General Caveats in Release 12.1(26)E8, page 134 • Resolved General Caveats in Release 12.
Caveats • CSCse24889—Resolved in Release 12.1(26)E9. Symptoms: Malformed SSH version 2 packets may cause a memory leak, causing the platform to operate under a degraded condition. Under rare circumstances, the platform may reload to recover itself. Conditions: This symptom is observed on a Cisco platform that is configured for SSH version 2 after it has received malformed SSHv2 packets.
Caveats Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory. There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.
Caveats • A Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device. Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device.
Caveats • With the Cisco IOS Firewall CBAC feature enabled, if a client opens a connection to a server, which causes a firewall session to be created, and the connection is terminated on both the client and the server, the firewall session may never time out. This problem occurs with applications that use fixed source and destination ports. This problem is resolved in Release 12.1(26)E8.
Caveats • Symptoms: A router may crash if it receives a packet with a specific crafted IP option as detailed in Cisco Security Advisory: Crafted IP Option Vulnerability: http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml Conditions: This DDTS resolves a symptom of CSCec71950. Cisco IOS with this specific DDTS are not at risk of crash if CSCec71950 has been resolved in the software.
Caveats These vulnerabilities are addressed by Cisco IDs: – CSCsd52629/CSCsd34759—VTP version field DoS – CSCse40078/CSCse47765—Integer Wrap in VTP revision – CSCsd34855/CSCei54611—Buffer Overflow in VTP VLAN name Cisco’s statement and further information are available on the Cisco public website at http://www.cisco.com/warp/public/707/cisco-sr-20060913-vtp.shtml This problem is resolved in Release 12.1(26)E7.
Caveats • When polling the SNMP MIB object slbstickyobjectable, SNMP goes into a loop. No SNMP transactions take place and a loss of contact with SNMP devices may occur. This problem is resolved in Release 12.1(26)E7. (CSCeh54725) • Intermediate System-to-Intermediate System (IS-IS) load balancing may not function correctly. This problem occurs in a topology in which three routers reside on a broadcast media.
Caveats • SSH sessions might fail due to a bad packet length error when you open an SSH session from a Solaris or MacOSX client. The following message might appear: Disconnecting: Bad packet length -625118183. This problem is resolved in Release 12.1(26)E5.
Caveats – While all corresponding Layer 2 ports remain inactive, the Layer 3 VLAN interface is administratively enabled (no shutdown). This problem is resolved in Release 12.1(26)E5. (CSCsc08947) • The SNMP ifAdminStatus state for the ATM layer or the ATM Adaptation Layer 5 (AAL5) of an ATM interface or subinterface might go down. This situation can occur without entering a shutdown command, and prevents SNMP from monitoring the proper status of the ATM interfaces.
Caveats • You might see SCHED-3-THRASHING messages when an SSH client sends text at a high input rate. This problem is resolved in Release 12.1(26)E4. (CSCsa92622) • A reload or spurious memory access occurs when HSRP rapidly changes states or goes up and down. This problem occurs with IOS SLB configured and with virtual servers that are monitoring these HSRP groups and probes that are configured on their server farms. This problem is resolved in Release 12.1(26)E4.
Caveats • In a multicast virtual private network (MVPN) environment with a provider edge (PE) router configuration and with the ip pim register-rate-limit global configuration command enabled, PIM register messages might not be sent for the default multicast distribution tree (MDT) to its rendezvous point (RP). This situation prevents PE routers from establishing PIM adjacencies with other PE routers in the MVPN. This problem is resolved in Release 12.1(26)E4.
Caveats • When EoMPLS is configured on a system that is functioning as the PE router and a FlexWAN module is used to connect to the core router, packets sent by the CE router are dropped. This problem is resolved in Release 12.1(26)E2. (CSCei01835) • The system may reset if it receives a invalid VTP packet. The invalid VTP packet must be received on a port configured for ISL or 802.1q trunking and must correctly match the VTP domain name.
Caveats • With Per-VLAN-Spanning Tree (PVST) configured, if you remove a DFC-equipped switching module, other DFC-equipped switching modules might retain some Layer 2 address entries for the removed module. Traffic loss occurs when the remaining DFC-equipped switching modules send traffic to the removed module. This problem is resolved in Release 12.1(26)E1.
Caveats enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet.
Caveats – WS-X6816-GBIC – WS-X6316-GE-TX – WS-X6516-GE-TX This problem is resolved in Release 12.1(26)E. (CSCeg12816) • The hardware switching information for (*,G) multicast traffic might not be consistent with the software routing table. This problem is resolved in Release 12.1(26)E. (CSCeg13661) • A memory leak occurs when IGMP snooping is configured. This problem is resolved in Release 12.1(26)E.
Caveats – WS-X6516A-GBIC – WS-X6816-GBIC – WS-X6316-GE-TX – WS-X6516-GE-TX This problem is resolved in Release 12.1(26)E. (CSCef32513) • When configured as an IEEE 802.1Q trunk, ports on these modules might drop all native VLAN traffic: – Supervisor Engine 1 – Supervisor Engine 2 – WS-X6408-GBIC – WS-X6408A-GBIC – WS-X6416-GE-MT – WS-X6416-GBIC – WS-X6516-GBIC – WS-X6516A-GBIC – WS-X6816-GBIC – WS-X6316-GE-TX – WS-X6516-GE-TX This problem is resolved in Release 12.1(26)E.
Caveats • A reload might occur when a distance vector multicast routing protocol (DVMRP) tunnel is configured and routing information is being redistributed between DVMRP and MBGP. This problem is resolved in Release 12.1(26)E. (CSCee66936) • With policy-based routing (PBR) and an input ACL configured on the same interface, if you enter the clear arp-cache command, PBR is done in software instead of hardware. This problem is resolved in Release 12.1(26)E.
Caveats • For QoS filtering, extended ACLs that are configured to match DSCP parse 7 bits of the ToS byte instead of 6 bits. This problem is resolved in Release 12.1(26)E. (CSCec86976) • A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available.
Caveats (LDP). To display the LFIB local label, enter the show mpls forwarding prefix command. To display the LDP-allocated local label, enter the show mpls ldp binding prefix mask length command. This problem is resolved in Release 12.1(26)E. (CSCee72857) • In switch-fabric “bus” mode with either WS-X6516A-GBIC or WS-X6548-GE-TX switching modules installed, some ingress SPAN traffic is duplicated. This problem is resolved in Release 12.1(26)E.
Caveats • Some IP traffic might be sent with incorrect alignment, and you might see “ALIGN-SP-3-CORRECT: Alignment correction made” messages. This problem is resolved in Release 12.1(26)E. (CSCef73076) • In rare situations, the MSFC might stop responding to received traffic. This problem is resolved in Release 12.1(26)E.
Caveats Resolved FlexWAN Caveats in Release 12.1(26)E7 • A reload caused by a bus error might occur on a FlexWAN module configured with serial port adapters after this error message is displayed: FIB-3-FIBDISABLE: Fatal error, slot/cpu 4/0: Linecard timed out waiting for messages from RP. This problem occurs after the serial interfaces that are part of a multilink interface go up and down. This problem is resolved in Release 12.1(26)E7.
Caveats Resolved FlexWAN Caveats in Release 12.1(26)E • When you modify the configuration of a serial interface, you might see messages similar to these: %INTERFACE_API-3-NODESTROYSUBBLOCK: The HWIDB subblock named COPS_PR was not removed -Traceback= This problem is resolved in Release 12.1(26)E. (CSCin65698) • The output packet counter for multilink and distributed link fragmentation and interleaving (dLFI) interfaces displays double the actual traffic count. This problem is resolved in Release 12.
Caveats • Under a high traffic load, a PA-A3-8T1IMA or PA-A3-8E1IMA port adapter might display an increasing “rx_no_buffer” counter in the output of the show controllers atm privileged EXEC command, and some PVCs that are configured on the port adapter might stop receiving traffic. This problem is resolved in Release 12.1(26)E.
Caveats • Cisco Catalyst 6000, 6500 series and Cisco 7600 series that have a Network Analysis Module installed are vulnerable to an attack, which could allow an attacker to gain complete control of the system. Only Cisco Catalyst systems that have a NAM on them are affected. This vulnerability affects systems that run Cisco IOS or Catalyst Operating System (CatOS). Cisco has made free software available to address this vulnerability for affected customers.
Caveats OSM Caveats • Open OSM Caveats in Release 12.1(26)E9, page 157 • Resolved OSM Caveats in Release 12.1(26)E9, page 157 • Resolved OSM Caveats in Release 12.1(26)E8, page 157 • Resolved OSM Caveats in Release 12.1(26)E7, page 157 • Resolved OSM Caveats in Release 12.1(26)E6, page 157 • Resolved OSM Caveats in Release 12.1(26)E5, page 157 • Resolved OSM Caveats in Release 12.1(26)E4, page 157 • Resolved OSM Caveats in Release 12.1(26)E3, page 158 • Resolved OSM Caveats in Release 12.
Caveats • With Quality of Service (QoS) configured on multiple OSM subinterfaces, the OSM might reload after a Route Processor Redundancy Plus (RPR+) switchover. This problem is resolved in Release 12.1(26)E4. (CSCsa77560) • With MPLS support configured, a reload might occur when you configure an ATM VC class. This problem is resolved in Release 12.1(26)E4. (CSCeg83164) • Port 1/7 ingress traffic is dropped if the egress port is on an OSM. This problem is resolved in Release 12.1(26)E4.
Caveats • In a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment, incorrect tags might be imposed after a route flaps. This problem is resolved in Release 12.1(26)E. (CSCec31162) • Changing the MTU size on a port might not change the MPLS MTU size. This problem is resolved in Release 12.1(26)E.
Caveats • Resolved General Caveats in Release 12.1(23)E, page 163 Open General Caveats in Release 12.1(23)E4 None. Resolved General Caveats in Release 12.1(23)E4 • Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.
Caveats Resolved General Caveats in Release 12.1(23)E2 • A Cisco device running Cisco IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DoS) attack from a malformed BGP packet. Only devices with the command ‘bgp log-neighbor-changes’ configured are vulnerable. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer.
Caveats – WS-X6348-RJ-21 – WS-X6148-RJ-21 – WS-X6316-GE-TX – WS-X6324-100FX – WS-X6416-GE-MT – WS-X6024-10FL-MT This problem is resolved in Release 12.1(23)E2. (CSCef23843) Resolved General Caveats in Release 12.1(23)E1 • SNMP traps are sent for every Internet Key Exchange (IKE) timeout and rekey but not for every IPsec timeout and rekey. This situation might generate many false alerts that an IKE tunnel is down when the IKE tunnel is torn down but immediately rebuilt.
Caveats • A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled “ICMP Attacks Against TCP” (draft-gont-tcpm-icmp-attacks-03.txt).
Caveats resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial of Service (DoS) condition. Use of SSH with Remote Authentication Dial In User Service (RADIUS) is not affected by these vulnerabilities. Cisco has made free software available to address these vulnerabilities for all affected customers. There are workarounds available to mitigate the effects of the vulnerability (see the “Workarounds” section of the full advisory for details.
Caveats • When you use local-proxy-arp and HSRP, the active MSFC could respond to ARP requests with the BIA MAC address and the redundant MSFC might keep cached ARP entries that should have been deleted. This problem is resolved in Release 12.1(23)E. (CSCed72287) • After Cisco IOS ACLs have been updated dynamically or after responding dynamically to an IDS signature, a reload might occur following attempts to access a low memory address. This problem is resolved in Release 12.1(23)E.
Caveats • There is no response to SNMP requests and memory use increases until tracebacks occur. This problem is resolved in Release 12.1(23)E. (CSCed52841) • With certain configurations, a reload might occur when you enter the show cdp entry * protocol command. This problem is resolved in Release 12.1(23)E. (CSCed40563) • Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications.
Caveats • In a release where caveat CSCeb06811 is resolved and with STP loop guard configured, two ports connected together might incorrectly stay in the STP loopguard loop-inconsistent state. This problem is resolved in Release 12.1(23)E. (CSCee45170) • While traffic is flowing, CPU utilization might increase to a very high level if you reconfigure an EtherChannel from Layer 3 to Layer 2 and configure a Layer 3 VLAN interface for the EtherChannel. This problem is resolved in Release 12.1(23)E.
Caveats • In releases where caveat CSCdy36604 is resolved, you cannot use SNMP to retrieve dot1dBase group data on VLANs where the spanning tree protocol is not enabled. This problem is resolved in Release 12.1(23)E. (CSCee39798) • HSRP tracking might incorrectly track two instances of the same interface, stating that one instance is down while the other is up. This situation causes the HSRP priority to be decremented by 10. This problem is resolved in Release 12.1(23)E.
Caveats • With a switch fabric module (SFM), some modules might stop egressing traffic. This problem is resolved in Release 12.1(23)E. (CSCee08015) • A reload might follow this message: %C6KERRDETECT-SP-2-SUPSWO: Supervisor card switchover due to unrecoverable errors detected, Reason: Failed In-band Path This problem is resolved in Release 12.1(23)E. (CSCee01297) • WCCP-redirected packets that have no next hop ARP cache entry are process-switched to generate an ARP request.
Caveats Resolved FlexWAN Module Caveats in Release 12.1(23)E3 None. Resolved FlexWAN Module Caveats in Release 12.1(23)E2 None. Resolved FlexWAN Module Caveats in Release 12.1(23)E1 • Serial interfaces on a PA-MC-8TE1+ port adapter that are configured as part of a channel group continue to process packets when the interface is in the “admindown” state. The counters in the output of the show interfaces serial command might increment when the serial interface is shut down.
Caveats • Resolved Service Module Caveats in Release 12.1(23)E3, page 171 • Resolved Service Module Caveats in Release 12.1(23)E2, page 171 • Resolved Service Module Caveats in Release 12.1(23)E1, page 171 • Resolved Service Module Caveats in Release 12.1(23)E, page 171 Open Service Module Caveats in Release 12.1(23)E4 None. Resolved Service Module Caveats in Release 12.1(23)E4 None. Resolved Service Module Caveats in Release 12.1(23)E3 None. Resolved Service Module Caveats in Release 12.
Caveats Resolved OSM Caveats in Release 12.1(23)E4 None. Resolved OSM Caveats in Release 12.1(23)E3 None. Resolved OSM Caveats in Release 12.1(23)E2 • If you configure 802.1Q tunneling on a LAN port and 802.1Q-tunnel bridging on an OSM-2OC12-ATM-SI+ subinterface, the OSM might reload. This problem is resolved in Release 12.1(23)E2. (CSCef35398) Resolved OSM Caveats in Release 12.
Caveats • With high CPU utilization and line-rate traffic, byte counters on OC-48 interfaces might be wrong. This problem is resolved in Release 12.1(23)E. (CSCee84887) • OSM-2+4GE-WAN+ ports do not automatically adjust the MTU size to accommodate tagged traffic. Ingress tagged packets destined for the MSFC are dropped if the packet size is larger than the ingress interface MTU size. This problem is resolved in Release 12.1(23)E.
Caveats Resolved General Caveats in Release 12.1(22)E6 • A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled “ICMP Attacks Against TCP” (draft-gont-tcpm-icmp-attacks-03.txt).
Caveats • For ACEs that match on DSCP, 7 bits instead of 6 bits are programmed into the ACL TCAM. This problem is resolved in Release 12.1(22)E4. (CSCee39170) Resolved General Caveats in Release 12.1(22)E3 • SNMP traps are sent for every Internet Key Exchange (IKE) timeout and rekey but not for every IPsec timeout and rekey. This situation might generate many false alerts that an IKE tunnel is down when the IKE tunnel is torn down but immediately rebuilt.
Caveats • When an OSPF external route has a forwarding address with a next hop address in the routing table, the next hop address does not get updated in the type 5 link-state advertisement (LSA) when the forwarding address gets a more specific entry in the routing table with a different next hop address. This problem is resolved in Release 12.1(22)E3.
Caveats – WS-X6148-RJ-21 – WS-X6316-GE-TX – WS-X6324-100FX – WS-X6416-GE-MT – WS-X6024-10FL-MT This problem is resolved in Release 12.1(22)E3. (CSCef23843) • A specifically crafted Transmission Control Protocol (TCP) connection to a telnet or reverse telnet port of a Cisco device running Internetwork Operating System (IOS) may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases Hypertext Transport Protocol (HTTP) access to the Cisco device.
Caveats • OSPF area border routers (ABRs) might continue to generate summary link-state advertisements (LSAs) for obsolete nonbackbone intra-area routes. This problem is resolved in Release 12.1(22)E2. (CSCee36622) • Traffic through a port-channel interface that has a Cisco IOS ACL configured might be dropped or switched in software after a reload or after switchover to a redundant supervisor engine or after you enter shutdown and no shutdown interface commands on a member port.
Caveats • Receiving CDP packets with a host name that is 256 or more characters long might cause a memory leak in the CDP process. This problem is resolved in Release 12.1(22)E1. (CSCin67568) Resolved General Caveats in Release 12.
Caveats • A reload might occur if you enter the interface loopback interface_number interface configuration command and the value of the interface_number argument is a 9-digit number that starts with 10. This problem is resolved in Release 12.1(22)E.
Caveats • With Rapid-Per-VLAN-Spanning Tree (Rapid-PVST) or IEEE 802.1s multiple spanning tree (MST) configured, when the root bridge in a spanning tree domain ages out, the remaining bridges reconverge after timing out the root bridge. During this reconvergence, a spanning tree loop might occur. This problem is resolved in Release 12.1(22)E. (CSCed00441) • In releases where caveat CSCed00441 is resolved and with Rapid-Per-VLAN-Spanning Tree (Rapid-PVST) or IEEE 802.
Caveats • When the OSPF cost is changed on one of the upstream paths in the network and a request to delete or remove the stale entry is not received, the TTFIB table contains stale entries that causes traffic loss. This problem is resolved in Release 12.1(22)E. (CSCed01611) • A FlexWAN module is not detected during the boot process causing it to be ignored during the startup configuration process. This problem is resolved in Release 12.1(22)E.
Caveats • When Border Gateway Protocol (BGP) uses multihome interfaces to peer with the neighbors that are part of the same peer group or the same update group and you enter the neighbor next-hop-self router configuration command on routers of a peer group, the next-hop calculation is performed only on the first member of the peer group, and the same next-hop value is replicated to the rest of the peers instead of calculating the next hop based on the next-hop-self configuration.
Caveats sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality. All Cisco products which contain TCP stack are susceptible to this vulnerability. This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
Caveats • TCP FIN and RST packets might be dropped, which causes a 3 to 4 second delay in retrieving web content, if a hardware-switched TCP connection carrying more than 1,000 packets per second is load balanced through IOS Firewall Load Balancing or Cisco IOS server load balancing. This problem is resolved in Release 12.1(22)E.
Caveats • A reload might occur when you enter the shutdown and no shutdown interface configuration command for the interface that connects to an IP EIGRP neighbor, and then you enter the show ip eigrp neighbors EXEC command. This problem is resolved in Release 12.1(22)E. (CSCdu59038) • The BGP address family IPv4 neighbor x.y.z.t peer-group command appears twice in the configuration when entered only once. This problem is resolved in Release 12.1(22)E.
Caveats • With a route in a different VPN routing and forwarding instance (VRF) attached to an interface, the interface might not be able to receive traffic being sent to an address that is configured on the MSFC. This problem is resolved in Release 12.1(22)E.
Caveats Resolved FlexWAN Module Caveats in Release 12.1(22)E3 • Serial interfaces on a PA-MC-8TE1+ port adapter that are configured as part of a channel group continue to process packets when the interface is in the “admindown” state. The counters in the output of the show interfaces serial command might increment when the serial interface is shut down. This problem is resolved in Release 12.1(22)E3. (CSCin78325) Resolved FlexWAN Module Caveats in Release 12.
Caveats • On a PA-A3 port adapter with distributed class-based weighted fair queuing (dCBWFQ) configured, when one bandwidth class is congested, there might be extra latency in another bandwidth class that is not congested. This problem is resolved in Release 12.1(22)E. (CSCeb61825) • Output queue packet drops might occur on the priority queue of an E1 serial interface on a 1-port multichannel E3 port adapter (PA-MC-E3), after which the E1 serial interface becomes congested.
Caveats Resolved Service Module Caveats in Release 12.1(22)E • If you add VLANs 1002-1005 to the allowed VLAN list for an SSL module, the SSL module might have a connectivity problem. This problem is resolved in Release 12.1(22)E. (CSCec60933) • A traceback occurs if you enter the keepalive interface command on a tunnel with IPSEC on both sides. This problem is resolved in Release 12.1(22)E. (CSCec90162) • BPDU packets are not sent to Firewall Services Module (FWSM) ports.
Caveats • The interfaces on an OSM-2+4GE-WAN+ module might be reported as administratively “up/up” when there is no GBIC installed. This problem is resolved in Release 12.1(22)E3. (CSCee35867) • If you have an input service policy that is configured only to police attached to an OSM interface and you do not have an output service policy attached to the OSM interface and you OIR another module, the OSM might reset. This problem is resolved in Release 12.1(22)E3.
Caveats • Distributed CEF switching does not work for multilink interface egress traffic. This problem is resolved in Release 12.1(22)E. (CSCec55650) • The 64-bit counter on the OSM-2+4GE-WAN+ main interface shows an incorrect value of zero. This problem is resolved in Release 12.1(22)E. (CSCec34010) • With CRC32 configured on OSM interfaces, priority queues have high latency with line-rate traffic. This problem is resolved in Release 12.1(22)E.
Caveats 2. Attacks that use ICMP “fragmentation needed and Don’t Fragment (DF) bit set” messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks. 3. Attacks that use ICMP “source quench” messages. Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type. Multiple Cisco products are affected by the attacks described in this Internet draft.
Caveats Resolved General Caveats in Release 12.1(20)E3 • Certain release trains of Cisco Internetwork Operating System (IOS), when configured to use the Cisco IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access Control System Plus (TACACS+) as a means to perform remote management tasks on Cisco IOS devices, may contain two vulnerabilities that can potentially cause Cisco IOS devices to exhaust resources and reload.
Caveats • With a route in a different VPN routing and forwarding instance (VRF) attached to an interface, the interface might not be able to receive traffic being sent to an address that is configured on the MSFC. This problem is resolved in Release 12.1(20)E3. (CSCeb52270) • A reload might occur if you apply an undefined crypto map to an interface. This problem is resolved in Release 12.1(20)E3. (CSCin08118) • Traffic might be dropped if you enter the no ip cef global configuration command.
Caveats • A new vulnerability in the OpenSSL implementation for SSL has been announced on March 17, 2004. An affected network device running an SSL server based on an affected OpenSSL implementation may be vulnerable to a Denial of Service (DoS) attack. There are workarounds available to mitigate the effects of this vulnerability on Cisco products in the workaround section of this advisory. Cisco is providing fixed software, and recommends that customers upgrade to it when it is available.
Caveats • With Rapid-Per-VLAN-Spanning Tree (Rapid-PVST) or IEEE 802.1s multiple spanning tree (MST) configured, when the root bridge in a spanning tree domain ages out, the remaining bridges reconverge after timing out the root bridge. During this reconvergence, a spanning tree loop might occur. This problem is resolved in Release 12.1(20)E2. (CSCed00441) • The PFC might not be programmed to provide Layer 3 switching for traffic that follows a static route to the null 0 interface.
Caveats • A FIB-related memory leak might occur. This problem is resolved in Release 12.1(20)E2. (CSCec43573) • For BGP routes learned through a WAN interface, if the BGP neighbor goes down, the default route adjacency does not change if the default route learned through BGP had a better metric than a static route configured locally. This problem is resolved in Release 12.1(20)E2. (CSCec41005) • An IGMP packet flood might cause a reload. This problem is resolved in Release 12.1(20)E2.
Caveats • SSH Version 1 does not work. This problem is resolved in Release 12.1(20)E2. (CSCed47810) • When the OSPF cost is changed on one of the upstream paths in the network and a request to delete or remove the stale entry is not received, the TTFIB table contains stale entries that causes traffic loss. This problem is resolved in Release 12.1(20)E2. (CSCed01611) • A Catalyst 6500 switch with an MSFC • Layer 2 traffic might be dropped if policy-based routing (PBR) is enabled on a VLAN interface.
Caveats • After you remove a Cisco IOS ACL from an interface, the packets continue to be passed or dropped as they would with the Cisco IOS ACL still attached. This problem is resolved in Release 12.1(20)E2. (CSCec43666) • Incorrect processing of received PIM packets causes IGMP snooping to fail. When this occurs, the system is unable to learn the correct outbound interface for the multicast traffic. This problem is resolved in Release 12.1(20)E2.
Caveats • A reload might occur when you enter a show command that is related to IP multicast if the “more” prompt has been displayed for a long period of time. This problem is resolved in Release 12.1(20)E. (CSCea81029) • Cisco products running Cisco IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and Cisco IOS Firewall must inspect H.323 messages and may be vulnerable as well.
Caveats This problem is resolved in Release 12.1(20)E. (CSCdu53656) • A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet.
Caveats • Sessions to linecards will fail if you enter the ip telnet source-interface command and the specified interface is an up/up state. This problem is resolved in Release 12.1(20)E. (CSCea36425) • Layer 2 and Layer 3 switched counters remain at 0 after you enter the show interface vlan command. This problem is resolved in Release 12.1(20)E. (CSCea69116) • The stack-mib portname command for switchport-configured physical interfaces gets erased from the startup configuration after a reboot.
Caveats • When there is insufficient memory, crash information is not generated after a Supervisor Engine reload. This problem is resolved in Release 12.1(20)E. (CSCeb51785) • Cisco 7603 switches running Cisco IOS Release 12.1(19)E and using 950 Watt DC power supplies might keep modules in a power-deny state. This problem is resolved in Release 12.1(20)E. (CSCeb57796) • Ethernet interface counters are updated only at 10-second intervals, instead of in real-time and ondemand.
Caveats • The following system message, which indicates an HSRP misconfiguration, is sent out as three separate messages instead of a single message: %STANDBY-3-DIFFVIP1 This problem is resolved in Release 12.1(20)E. (CSCdz44758) • Systems network architecture switching services (SNASw) logical units (LUs) may fail to establish a session with their virtual telecommunications access method (VTAM) application.
Caveats • Deny ACEs that do not specify any Layer 4 ports incorrectly do not deny fragmented packets. This problem is resolved in Release 12.1(20)E. (CSCeb04343) • An IEEE 802.Q trunking Gigabit EtherChannel formed with interfaces on different DFC-equipped switching modules might drop some traffic that is Layer 3 switched in hardware or that is routed in software. This problem is resolved in Release 12.1(20)E.
Caveats • With QoS and Cisco IOS server load balancing (Cisco IOS SLB) configured on a Supervisor Engine 1, a VACL configured to filter multicast traffic on one VLAN might incorrectly be applied to multicast traffic on other VLANs. This problem is resolved in Release 12.1(20)E. (CSCeb69582) • OIR of a fabric-enabled switching module might cause a reload. This problem is resolved in Release 12.1(20)E. (CSCec12236) • A reload might occur if you modify a policy map that is attached to an interface.
Caveats Resolved FlexWAN Caveats in Release 12.1(20)E6 • Serial interfaces on a PA-MC-8TE1+ port adapter that are configured as part of a channel group continue to process packets when the interface is in the “admindown” state. The counters in the output of the show interfaces serial command might increment when the serial interface is shut down. This problem is resolved in Release 12.1(20)E6. (CSCin78325) Resolved FlexWAN Caveats in Release 12.
Caveats • After a few weeks of normal operation, an interface on a PA- MC-8E1 port adapter begins flapping and finally pauses with the output queue stuck as follows: Serial1/1:1 is up, line protocol is up Encapsulation HDLC, crc 16, Data non-inverted Keepalive set (120 sec) Last input 00:00:03, output 04:14:23, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 21952 Queueing strategy: weighted fair Output queue: 30/4000/6
Caveats Open Service Module Caveats in Release 12.1(20)E6 None. Resolved Service Module Caveats in Release 12.1(20)E6 None. Resolved Service Module Caveats in Release 12.1(20)E3 None. Resolved Service Module Caveats in Release 12.1(20)E2 • BPDU packets are not sent to Firewall Services Module (FWSM) ports. When transparent-firewall mode is used, this situation may cause packet-forwarding loops when redundancy is enabled or when two Firewall Services Modules share the same VLANs.
Caveats Resolved OSM Caveats in Release 12.1(20)E6 None. Resolved OSM Caveats in Release 12.1(20)E3 • OSM ATM interfaces do not support the SNMP lowerLayerDown value defined in RFC 2863. This problem is resolved in Release 12.1(20)E6. (CSCee56269) Resolved OSM Caveats in Release 12.1(20)E2 • OSM-4GE-WAN interfaces remain in the “up/up” state when the other end of the link is inactive. This problem is resolved in Release 12.1(20)E2.
Caveats • The PE does not map IP DSCP to the MPLS experimental field in the output interface. By default, the router copies the three most significant bits of the DSCP of the IP packet to the EXP field in the MPLS shim header. This problem is resolved in Release 12.1(20)E. (CSCea87671) • OSM interfaces may stop receiving data after an RPR+ switchover. This problem is resolved in Release 12.1(20)E.
Caveats Open General Caveats in Release 12.1(19)E1a None. Resolved General Caveats in Release 12.1(19)E1a • Routing protocols do not work on EtherChannels that are reconfigured from Layer 2 to Layer 3. This problem is resolved in Release 12.1(19)E1a. (CSCeb60132, CSCeb07123) • A global command is needed for enabling link state messages on interfaces. This problem is resolved in Release 12.1(19)E1a.
Caveats This problem is resolved in Release 12.1(19)E1. (CSCea28131) • You cannot use a named aggregate policer and a microflow policer together if both are configured to set the same IP precedence value for conforming traffic. This problem is resolved in Release 12.1(19)E1. (CSCeb22674) • Static multicast router port configuration is not in effect following a reload. This problem is resolved in Release 12.1(19)E1.
Caveats • Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected.
Caveats • An MSFC2 might reload with the following error messages: MISTRAL-3-ERROR: Error condition detected: SYSAD_TIMEOUT_DPATH and: sysad_dpath_addr_log = 0x100002E1 This problem is resolved in Release 12.1(19)E. (CSCdu83548) • With PIM dense mode configured, multicast traffic might get dropped when all routers have the multicast group in a pruned state even though interested receivers are present. This problem is resolved in Release 12.1(19)E.
Caveats • A redundant supervisor engine might not reload if you enter the reload command on the redundant supervisor engine's console or physically remove and reinsert the redundant supervisor engine. This problem is resolved in Release 12.1(19)E.
Caveats Resolved FlexWAN Caveats in Release 12.1(19)E • When you configure IP precedence to ATM CoS mapping in a bundle on a FlexWAN ATM port adapter, the precedence mapping does not work if you specify a range of precedences under a VC in the bundle. The bundle only forwards the first precedence in the range. This problem is resolved in Release 12.1(19)E. (CSCea56687) • After a reload, some PVCs on PA-A3-8T1/8E1 IMA port adapter interfaces might remain inactive. This problem is resolved in Release 12.
Caveats • Resolved OSM Caveats in Release 12.1(19)E1, page 219 • Resolved OSM Caveats in Release 12.1(19)E, page 220 Open OSM Caveats in Release 12.1(19)E1a • After an OSM-4GE-WAN module resets, this message is displayed: Mar 1 16:06:15.729: SP: TCAM ASSERT FAILURE: label_alloc_tbl[label].num_if_using[lookup_type] != 0: ../const/native-sp/tcam_label.c: 1379 Mar 1 16:06:15.
Caveats • You cannot change the high priority queue rate for an OSM SRP interface. This problem is resolved in Release 12.1(19)E1. (CSCeb18943) • If you remove a service policy from an OSM interface where EoMPLS traffic is flowing, the OSM might reload. This problem is resolved in Release 12.1(19)E1. (CSCin33060) • Occasionally, OSM POS interfaces stop updating statistics while traffic is passing. This problem is resolved in Release 12.1(19)E1. (CSCea78519) Resolved OSM Caveats in Release 12.
Caveats Open General Caveats in Release 12.1(14)E • Routing protocols do not work on EtherChannels that are reconfigured from Layer 2 to Layer 3. This problem is resolved in Release 12.1(19)E1a. (CSCeb60132, CSCeb07123) Resolved General Caveats in Release 12.1(14)E Note In Release 12.1(14)E, caveat CSCdy36604 disabled SNMP retrieval of dot1dBase group data on VLANs where the spanning tree protocol is not enabled.
Caveats • The following error messages are displayed immediately after a reload: %SYS-2-INTSCHED: 'sleep for' at level 3 -Process= "Init", ipl= 3, pid= 2 -Traceback= 6064AA94 60633C04 60FFD1C4 611867AC 6066D1CC 60596134 603D1EB0 603D30BC 603C3110 603D1C20 603BCB30601F2480 601F0460 601F09F0 601F0840 60599A60 The ip cef global configuration command and the police settings are class-map configurations and need to have a packet identification mechanism before anything is policed (such as match protocol http)
Caveats • Reads and writes to Advanced Technology Attachment (ATA) flash filesystem devices are extremely slow. This problem is resolved in Release 12.1(14)E. (CSCdz27200) • In rare situations, an MSFC2 might freeze when it can receive control traffic from the supervisor engine, but it cannot send it. This problem is resolved in Release 12.1(14)E. (CSCdy15598) • The show interface gigabitethernet output command incorrectly displays significant deviation between the TXload and RXload parameters.
Caveats already applied to the GRE-IPsec tunnel and the associated physical interface. This symptom affects only the GRE-IPsec tunnel and not the IPsec tunnel. This problem is resolved in Release 12.1(14)E. (CSCdy37551) • HSRP does not validate the destination IP address of received packets. This problem is resolved in Release 12.1(14)E. (CSCdx82139) • Multiprotocol Label Switching (MPLS) packets entering 802.1Q Ethernet VLAN subinterfaces will not be Cisco express forwarding (CEF) switched.
Caveats Service Modules Caveats • Open Service Modules Caveats in Release 12.1(14)E, page 225 • Resolved Service Module Caveats in Release 12.1(14)E, page 225 Open Service Modules Caveats in Release 12.1(14)E None. Resolved Service Module Caveats in Release 12.1(14)E • Do not define VLANs 1002 through 1005 as secure VLANs with the firewall vlan-group command. This problem is resolved in Release 12.1(14)E.
Caveats • Following a reload, it is safe to ignore this message from OSM-2OC12-POS-MM, OSM-2OC12-POS-SI, or OSM-2OC12-POS-SL modules in a fully loaded chassis: %SM-SP-4-BADEVENT: Event 'dnld_completed' is invalid for the current state 'online': scp_dnld_module 4 This problem is resolved in Release 12.1(14)E. (CSCdw10533) Release 12.1(13)E and Rebuilds Note All caveats resolved in Release 12.1(11b)EX are resolved in Release 12.1(13)E. Refer to this URL: http://www.cisco.
Caveats Open General Caveats in Release 12.1(13)E17 • If you replace a set ip dscp or set ip precedence class map command with a police class map command, the class map is deleted. This problem is resolved in Release 12.1(14)E. (CSCdy42355, CSCdy41975) Resolved General Caveats in Release 12.1(13)E17 • Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability.
Caveats • A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled “ICMP Attacks Against TCP” (draft-gont-tcpm-icmp-attacks-03.txt).
Caveats – WS-X6324-100FX – WS-X6416-GE-MT – WS-X6024-10FL-MT This problem is resolved in Release 12.1(13)E15. (CSCef23843) • Traffic loss might occur on fabric-enabled modules when there are frequent OIRs. This problem is resolved in Release 12.1(13)E15. (CSCee44496, CSCee48403, CSCee78766) • OSPF area border routers (ABRs) might continue to generate summary link-state advertisements (LSAs) for obsolete nonbackbone intra-area routes. This problem is resolved in Release 12.1(13)E15.
Caveats sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality. All Cisco products which contain TCP stack are susceptible to this vulnerability. This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.
Caveats • Cisco IOS software incorrectly replies to TCP packets that are destined to broadcast/multicast addresses. Replies are sourced from the broadcast/multicast address. The problem is applicable to all ports except HTTP (default 80) and HTTPS (default 443) ports. With the fix in this DDTS, behavior is changed so that Cisco IOS software will only reply to packets that are destined to broadcast/multicast addresses HTTP (default 80) and HTTPS (default 443) ports.
Caveats • After Cisco IOS ACLs have been updated dynamically or after responding dynamically to an IDS signature, a reload might occur following attempts to access a low memory address. This problem is resolved in Release 12.1(13)E14. (CSCed35253) • A reload might follow receipt of a corrupt CPD packet. This problem is resolved in Release 12.1(13)E14.
Caveats A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml. This problem is resolved in Release 12.1(13)E13. (CSCed27956, CSCed38527) • Malfunctioning PIM, MLSM, or mwheel processes might cause “CPUHOG” and “WATCHDOG” messages and reloads. This problem is resolved in Release 12.1(13)E13.
Caveats developed by the University of Oulu to target this protocol and identify vulnerabilities. Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
Caveats Resolved General Caveats in Release 12.1(13)E11 • The show mac-address-table command might incorrectly display “” instead of “flood to vlan” for a MAC address. This is a cosmetic error. This problem is resolved in Release 12.1(13)E11. (CSCdz83191) • Incorrect traffic loss occurs if you enter a shutdown command and then a no shutdown command on a Layer 3 VLAN interface that has HSRP configured. This problem is resolved in Release 12.1(13)E11.
Caveats • If you replace a WS-X6148-GE-TX or WS-X6148V-GE-TX switching module with a WS-X6548-GE-TX or WS-X6548V-GE-TX switching module, any switchport commands configured on the WS-X6148-GE-TX or WS-X6148V-GE-TX switching module do not work on the WS-X6548-GE-TX or WS-X6548V-GE-TX switching module. This problem is resolved in Release 12.1(13)E10. (CSCea89432) • Deny ACEs that do not specify any Layer 4 ports incorrectly do not deny fragmented packets. This problem is resolved in Release 12.1(13)E10.
Caveats • Some traffic that ingresses through one DFC-equipped module and egresses through another DFC-equipped module might be dropped. This problem is resolved in Release 12.1(13)E10. (CSCeb83650) • With CBAC and RPR+ redundancy configured, all TCP and UPD sessions fail after a switchover to the redundant supervisor engine. This problem is resolved in Release 12.1(13)E10.
Caveats Resolved General Caveats in Release 12.1(13)E7 • A manually summarized entry might remain in the Enhanced Interior Gateway Routing Protocol (EIGRP) topology table after manual summarization is disabled. This problem is resolved in Release 12.1(13)E7. (CSCdx83729) • Reads and writes to Advanced Technology Attachment (ATA) flash filesystem devices are extremely slow. This problem is resolved in Release 12.1(13)E7.
Caveats • In a topology that uses VLAN interfaces for intermediate router connections, PIM register and PIM register stop messages might loop between the intermediate routers until the TTL count expires. This problem is resolved in Release 12.1(13)E7. (CSCea82353) • With IP inspection configured, a reload might occur following an “%ALIGN-1-FATAL” message. This problem is resolved in Release 12.1(13)E7. (CSCea51320) • The switch might drop into ROMMON mode after reload.
Caveats • After the link to the PBR next hop is lost, the new next hop information is not programmed into hardware immediately. This problem is resolved in Release 12.1(13)E7. (CSCdy28888) • Hardware-supported ACLs without any ACEs do not implicitly deny all traffic. This problem is resolved in Release 12.1(13)E7. (CSCea17192) • A system with an MSFC2 may encounter a bus error if the percent character is used in a VTP password, a VTP domain, or a VTP VLAN name. This problem is resolved in Release 12.
Caveats • If you configure Cisco IOS SLB while creating RTR entries using SNMP, the system may generate traceback messages similar to the following: Feb 16 15:27:08.846: -Traceback= 413DD97C Feb 16 15:28:08.846: -Traceback= 413DD97C %IDMGR-3-INVALID_ID: bad id in id_to_ptr 405C4C08 405CB12C 40E387E8 40E34DF0 401DAD1C 401DAD08 %IDMGR-3-INVALID_ID: bad id in id_to_ptr 405C4C08 405CB12C 40E387E8 40E34DF0 401DAD1C 401DAD08 This problem is resolved in Release 12.1(13)E6.
Caveats • With a Supervisor Engine 2, if the show id supervisor slot_num command displays “8006” as part of the “Manufacturing Assembly Number,” then all CoS values for the Gigabit Ethernet ports on the Supervisor Engine 2 are mapped to queue 1, threshold 1, by default and cannot be reconfigured.
Caveats • The output packet counter on a VLAN interface displays incorrect information. This problem is resolved in Release 12.1(13)E5. (CSCea02680) • In a topology with routed interfaces, multicast packets may be lost because of incorrect management of LTL indexes. If you enter a shutdown command followed by a no shutdown command on the interfaces or perform an OIR of the modules, this problem might occur. This problem is resolved in Release 12.1(13)E5.
Caveats • Some NAT translations do not expire. This problem is resolved in Release 12.1(13)E4. (CSCdz44155) • When you remove a GBIC from one port on a module, you receive SNMP traps for all ports on the module. This problem is resolved in Release 12.1(13)E4. (CSCdz37642) • Cisco IOS server load balancing (Cisco IOS SLB) connectivity might fail following a “%ICC-SP-5-WATERMARK” message. This problem is resolved in Release 12.1(13)E4.
Caveats • SNMP access of cltcDot1qTunnelMode might cause a reload. This problem is resolved in Release 12.1(13)E3. (CSCdz35749) • The implementation of the CISCO-SLB-EXT-MIB on the Catalyst 6500 series switches and Cisco 7600 Series Routers does not support the “SET” operation.
Caveats • In a configuration that contains many route maps, if you ping from a router to a VLAN interface messages like the following may be displayed and the TCAM screening status may be displayed as INACTIVE: 00:03:41: :FM-ODM: Maximum Number of entries exceeded, ODM gives up! odm_intra_feature_merge:odm_merge fail with code=1 00:03:41: %FM-2-TCAM_MEMORY: Interface Vlan711 processor memory low programming ingress ACLs This problem is resolved in Release 12.1(13)E3.
Caveats Resolved General Caveats in Release 12.1(13)E1 • The L3Capture2 diagnostic test might fail during bootup. This problem is resolved in Release 12.1(13)E1. (CSCdy30707) • If you enter the clear ip mroute command, data corruption occurs in the PIM process and a reload might occur. This problem is resolved in Release 12.1(13)E1.
Caveats • With a Supervisor Engine 2, (*,G) multicast entries are not programmed in hardware. This problem is resolved in Release 12.1(13)E1. (CSCdy44937) • The messages about the maximum number of logical interfaces are incorrect (see the “Spanning Tree Troubleshooting” section on page 321). This problem is resolved in Release 12.1(13)E1. (CSCdy83667) • If a DFC fails immediately after it comes online, the system might reload and generate this error message: HEARTBEAT NOT_RUNNING.
Caveats • Systems running a Release prior to 12.
Caveats • With IGMP snooping enabled, the system does not learn router ports from IGMP membership queries. This problem is resolved in Release 12.1(13)E. (CSCdx39149) • When the MSFC is the IGMP querier on a Layer 3 interface and it receives a topology change notification (TCN), the MSFC does not send the required general queries when only IGMP is enabled. The MSFC sends the two general queries, spaced 10 seconds apart, only if CGMP is enabled. This problem is resolved in Release 12.1(13)E.
Caveats • Packets between fabric-enabled modules can be forwarded from one module to another using either the 8-Gigabit Ethernet fabric interface or the 16-Gigabit Ethernet backplane bus. In a system where fewer than 3 fabric-enabled modules are installed, replicated multicast packets are occasionally sent over the fabric as well as over the backplane bus, which causes ports to receive twice as many packets as were generated. This problem is resolved in Release 12.1(13)E.
Caveats FlexWAN Module Caveats • Open FlexWAN Module Caveats in Release 12.1(13)E17, page 252 • Resolved FlexWAN Module Caveats in Release 12.1(13)E17, page 252 • Resolved FlexWAN Module Caveats in Release 12.1(13)E16, page 252 • Resolved FlexWAN Module Caveats in Release 12.1(13)E15, page 252 • Resolved FlexWAN Module Caveats in Release 12.1(13)E14, page 253 • Resolved FlexWAN Module Caveats in Release 12.1(13)E13, page 253 • Resolved FlexWAN Module Caveats in Release 12.
Caveats Resolved FlexWAN Module Caveats in Release 12.1(13)E14 • With a high traffic load, PA-A3-OC3, PA-A3-T3, and PA-A3-E3 port adapters might display an increasing “rx_no_buffer” counter in the output of the show controllers atm privileged EXEC command and some PVCs configured on the PA-A3 port adapter might stop receiving traffic. This problem is resolved in Release 12.1(13)E14. (CSCin49458) • All high-capacity counters remain at 0 for FlexWAN module POS interfaces.
Caveats Resolved FlexWAN Module Caveats in Release 12.1(13)E7 None. Resolved FlexWAN Module Caveats in Release 12.1(13)E6 None. Resolved FlexWAN Module Caveats in Release 12.1(13)E5 • For channelized T1 interfaces, the following counters do not increment correctly: – The “bytes in” and “bytes out” counts displayed by the show frame pvc command.
Caveats • An ALIGN-1-FATAL:RSP_update_linecard_vc_blt_state message might be displayed, followed by a reload. This problem is resolved in Release 12.1(13)E1. (CSCdy17228) • Because of an inter-process communication failure on the MSFC, the supervisor engine might reset after switched virtual circuit (SVC) traffic is forwarded on a FlexWAN ATM port adapter. This problem is resolved in Release 12.1(13)E1. (CSCdy18390) Resolved FlexWAN Module Caveats in Release 12.1(13)E None.
Caveats Resolved Service Module Caveats in Release 12.1(13)E17 None. Resolved Service Module Caveats in Release 12.1(13)E16 None. Resolved Service Module Caveats in Release 12.1(13)E15 None. Resolved Service Module Caveats in Release 12.1(13)E14 None. Resolved Service Module Caveats in Release 12.1(13)E13 None. Resolved Service Module Caveats in Release 12.1(13)E12 None. Resolved Service Module Caveats in Release 12.1(13)E11 None. Resolved Service Module Caveats in Release 12.1(13)E10 None.
Caveats Resolved Service Module Caveats in Release 12.1(13)E5 None. Resolved Service Module Caveats in Release 12.1(13)E4 None. Resolved Service Module Caveats in Release 12.1(13)E3 • To avoid a reload, do not enter the show firewall module module_number stat command while the WS-SVC-FWM-1-K9 Firewall Services Module is resetting. This problem was resolved in Release 12.1(13)E3. (CSCdy53164) Resolved Service Module Caveats in Release 12.
Caveats Resolved OSM Caveats in Release 12.1(13)E17 None. Resolved OSM Caveats in Release 12.1(13)E16 None. Resolved OSM Caveats in Release 12.1(13)E15 • An OSM might be reset following an online insertion and removal (OIR) of a Switch Fabric Module (SFM) or during periods of heavy traffic. This problem is resolved in Release 12.1(13)E15. (CSCin37112) • Traffic loss might occur on OSMs when there are frequent OIRs. This problem is resolved in Release 12.1(13)E15.
Caveats • When you configure an ATM subinterface, it does not inherit the MTU size of the physical interface. When you change the MTU on the physical interface, ATM subinterfaces do not inherit the changed MTU size. This problem is resolved in Release 12.1(13)E10. (CSCea86866) • EoMPLS VCs flap on an 8-port, 8 Gbps customer edge-to-provider edge (CE-to-PE) router connection between WS-X6516-GBIC and OSM-2+4GE-WAN+ modules. This problem is resolved in Release 12.1(13)E10.
Caveats • When an HSRP group is configured on a OSM-4GE-WAN subinterface and MPLS VPN is configured on the same subinterface, packet duplication might occur. This problem is resolved in Release 12.1(13)E5. (CSCea21791) • The OSM-4GE-WAN-GBIC module returns an incorrect port type value in CiscoView. This problem is resolved in Release 12.1(13)E5.
Caveats • With no cable connected, an OSM-4GE-WAN-GBIC module incorrectly display status and protocol as “up.” This problem is resolved in Release 12.1(13)E4. (CSCdz45070) Resolved OSM Caveats in Release 12.1(13)E3 • Occasionally, the “OIRTWICE” error message displays during OIR of two OSMs. This may happened at boot up or during an RPR+ switchover. This problem is resolved in Release 12.1(13)E3. (CSCdz01886) • An initial reload of the system may cause the OC-48 DPT/POS modules to reload continuously.
Caveats • With Ethernet over MPLS, a problem may occur when the label switched path (LSP) for an Ethernet over MPLS VC is changed and a new tunnel label for the new LSP is used. Instead of sending the frame with the new tunnel label, the frame is sent with the old tunnel label. This problem is resolved in Release 12.1(13)E1. (CSCdy34983) • A mixed configuration of E3s and T3s on an AU-4 fails on OSM-1CHOC12/T3 modules. This problem is resolved in Release 12.1(13)E1.
Caveats • In a system with a Switch Fabric Module installed, the following error message might be displayed when a Switch Fabric Module is reset or powered down if the traffic load is heavy: %CWAN_RP-1-LCLOG_MSG: slot 3/0 Rx SOAP hardware error: source 0x1 deta il 0x0 (CSCdx87261) Note • CSCdx87261 is not seen in later releases. With a PFC2 and DFCs, you cannot configure Layer 2 EtherChannels that include interfaces on different DFC-equipped switching modules.
Caveats • With Supervisor Engine 2, multicast packets that set the router alert option, like IGMP general queries and membership reports, might not be handled properly, which might disrupt IGMP client connectivity. This problem is resolved in Release 12.1(12c)E4. (CSCdy84078) • With Supervisor Engine 2, packet loss might occur for a few seconds after routing protocol multicast packets are received. This problem is resolved in Release 12.1(12c)E4.
Caveats • When an (S,G) entry with the T flag set transitions to an (S,G,R) entry an (S,G) RP-bit prune is sent towards the source instead of towards the RP. This problem is resolved in Release 12.1(12c)E1. (CSCdw95442) • A reload might occur when you enter the show ip mroute command. This problem is resolved in Release 12.1(12c)E1. (CSCdw20251) • The distribute-list list_number out protocol protocol_number command does not work. This problem is resolved in Release 12.1(12c)E1.
Caveats • The MSFC might reload after receiving OSPF link-state advertisements (LSAs) that have an illegal mask. This problem is resolved in Release 12.1(12c)E1. (CSCdx70216) • An extremely complex ACL configuration might cause “idbman_get_port_idb: slot out of range for slot” messages. This problem is resolved in Release 12.1(12c)E1. (CSCdx68009) • The TestIpFibShortcut diagnostic fails intermittently. This problem is resolved in Release 12.1(12c)E1.
Caveats • Only the 4-port Gigabit Ethernet WAN module (OSM-4GE-WAN) supports Layer 3 trunks. Configuring a subinterface on a LAN port might cause a reload. This problem is resolved in Release 12.1(12c)E1. (CSCdx24623) • If you configure more than 16 HSRP group numbers for different VLAN interfaces in a system with a PFC1, the following error message is displayed: More than 16 standby groups not supported in this platform. This problem is resolved in Release 12.1(12c)E1.
Caveats • Because of an inter-process communication failure on the MSFC, the supervisor engine might reset after SVC traffic is forwarded on a FlexWAN ATM port adapter. This problem is resolved in Release 12.1(13)E1.
Caveats • In an MPLS-VPN topology where a Catalyst 6500 series switch or Cisco7600 Internet Router is functioning as a provider router, the following informational error messages might be displayed: *Jul 1 18:25:23.709: updated. *Jul 1 18:25:25.285: updated. *Jul 1 18:26:24.049: updated. *Jul 1 18:27:23.945: updated. *Jul 1 18:27:24.949: updated. %TFIB-7-SCANSABORTED: TFIB scan not completing. MAC string %TFIB-DFC8-7-SCANSABORTED: TFIB scan not completing.
Caveats Resolved OSM Caveats in Release 12.1(12c)E4 None. Resolved OSM Caveats in Release 12.1(12c)E2 None. Resolved OSM Caveats in Release 12.1(12c)E1 • Because subinterfaces on the OSM-4GE-WAN module cannot share HSRP group numbers, the 4-port Gigabit Ethernet WAN module supports only 16 HSRP groups per Gigabit Ethernet WAN port. This problem is resolved in Release 12.1(12c)E1.
Caveats • Resolved Caveats in Release 12.1(11b)E7, page 274 • Resolved Caveats in Release 12.1(11b)E4, page 274 • Resolved Caveats in Release 12.1(11b)E3, page 275 • Resolved Caveats in Release 12.1(11b)E2, page 275 • Resolved Caveats in Release 12.1(11b)E1, page 276 • Resolved Caveats in Release 12.1(11b)E, page 277 Open Caveats in Release 12.
Caveats • With a PFC2 and DFCs, you cannot configure Layer 2 EtherChannels that include interfaces on different DFC-equipped switching modules. You can do the following: – Create Layer 3 EtherChannels that include ports on different DFC-equipped switching modules. – Create Layer 2 EtherChannels that include ports on a single DFC-equipped switching module. – Create Layer 2 EtherChannels that include supervisor engine ports and ports on non-DFC-equipped switching modules.
Caveats • There might be OSPF neighbor drops and HSRP flaps when QoS is enabled on a Supervisor Engine 1 and MSFC2. This problem is resolved in Release 12.1(11b)E14. (CSCeb55271) Resolved Caveats in Release 12.1(11b)E12 • A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer.
Caveats Resolved Caveats in Release 12.1(11b)E7 • With Supervisor Engine 2, any access to an invalid address in the valid I/O address space can suspend all operation. This problem is resolved in Release 12.1(11b)E7. (CSCdx81901) • Switchover to the redundant supervisor engine and MSFC does not occur following a problem on the MSFC that should cause a switchover. This problem is resolved in Release 12.1(11b)E7.
Caveats Resolved Caveats in Release 12.1(11b)E3 • The distribute-list list_number out protocol protocol_number command does not work. This problem is resolved in Release 12.1(11b)E3. (CSCdu52717) • A sequencing problem results when there are NAT ACL configurations and static NAT entries in the startup configuration at bootup. The problem results in incorrect entries being programmed into the ternary content addressable memory (TCAM). This problem is resolved in Release 12.1(11b)E3.
Caveats • Because of a lack of IPC buffer space, a system with a Supervisor Engine1 and an MSFC2 running Release 12.1(8b)E8 may reload when InterCard Communication (ICC) messages are waiting in the queue. Before the system reloads, messages similar to these may appear: %ICC-SP-5-WATERMARK:5988 pkts for class L3-MGR are waiting to be processed %IPC-SP-3-NOBUFF:The main IPC message header cache has emptied This problem is resolved in Release 12.1(11b)E2.
Caveats • The show module command incorrectly displays the WS-SVC-CSG-1 Content Services Gateway module as a WS-X6066-SLB-APC Content Switching Module. This problem is resolved in Release 12.1(11b)E1. (CSCdw94918) • EoMPLS on Flexwan does not work. This problem is resolved in Release 12.1(11b)E1. (CSCin05155) Resolved Caveats in Release 12.
Caveats • Jumbo frame support is incompatible with the IS-IS routing protocol. Leave the MTU size at the default value on any interface where IS-IS provides routing. This problem is resolved in Release 12.1(11b)E. (CSCdu09773, CSCdu48660) • After you have entered a complete Cisco Appliance Services Architecture (CASA) configuration, a system running 12.1(8a)E4 or later might reload when it receives an update from a Local Director.
Caveats Resolved FlexWAN Module Caveats in Release 12.1(11b)E11 None. Resolved FlexWAN Module Caveats in Release 12.1(11b)E4 • Multilink bundles may go down intermittently. This problem is resolved in Release 12.1(11b)E4. (CSCdx47373) • The “packets in” counters for multilinks show twice the number of packets actually received. This problem is resolved in Release 12.1(11b)E4.
Caveats Open OSM Caveats in Release 12.1(11b)E14 • PFC2-based QoS is supported on all the OSMs but has not been fully tested on the 2-port OC-12 ATM OSMs and the channelized OSMs. The PFC2 QoS CLI is not blocked for these modules, but we do not recommend that you configure PFC2-based QoS until testing has been completed. This problem is resolved in Release 12.1(12c)E1. (CSCdw84716) • IGMP snooping does not function over an EoMPLS connection if the connection is made over a POS interface.
Caveats Resolved OSM Caveats in Release 12.1(11b)E3 None. Resolved OSM Caveats in Release 12.1(11b)E2 Note All images in Release 12.1(11b)E2 are deferred. The set ip prec and set mpls exp commands are not supported on main interfaces configured as VRF on the 4-port Gigabit Ethernet WAN OSM. This problem is resolved in Release 12.1(11b)E2. (CSCdx11904) Resolved OSM Caveats in Release 12.1(11b)E1 None. Resolved OSM Caveats in Release 12.
Caveats • Resolved Caveats in Release 12.1(8b)E10, page 291 • Resolved Caveats in Release 12.1(8b)E9, page 292 • Resolved Caveats in Release 12.1(8b)E8, page 292 • Resolved Caveats in Release 12.1(8b)E7, page 293 • Resolved Caveats in Release 12.1(8b)E6, page 293 • Resolved Caveats in Release 12.1(8a)E5, page 295 • Resolved Caveats in Release 12.1(8a)E4, page 296 • Resolved Caveats in Release 12.1(8a)E3, page 297 • Resolved Caveats in Release 12.
Caveats • After a system reset, the Layer 2 global aging timer value is reset to the default value of 300 seconds even though the startup configuration has the correct values. Workaround: Reconfigure the Layer 2 aging timer after a reset. This problem is resolved in Release 12.1(11b)E. (CSCdv21825) • Jumbo frame support is incompatible with the IS-IS routing protocol. Leave the MTU size at the default value on any interface where IS-IS provides routing. This problem is resolved in Release 12.1(11b)E.
Caveats • A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session).
Caveats vulnerabilities can be exploited repeatedly to produce a denial of service (DoS). There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks. This advisory is available at: http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml This problem is resolved in Release 12.1(8b)E18. (CSCed28873) Resolved Caveats in Release 12.1(8b)E16 • Cisco products running IOS contain vulnerabilities in the processing of H.
Caveats This problem is resolved in Release 12.1(8b)E14. (CSCea28131) • Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet.
Caveats • Changes in the Unicast routing table can cause an inconsistency between software and hardware programming of the RPF interfaces of specific multicast groups. This inconsistency causes group-specific multicast traffic to be lost. This problem is resolved in Release 12.1(8b)E14. (CSCdz44110) • With PIM configured and an (S,G) entry with the F flag reset, a directly connected source might not start registering when the source becomes active, and the (S,G) state might time out.
Caveats • If an output route-map in an EBGP neighbor has match ip next-hop or match ip route-source or match ip community or match ip extcommunity commands, then BGP updates might be incorrectly suppressed if the next-hop of the best path changes. This problem is resolved in Release 12.1(8b)E14.
Caveats • Certain Cisco products containing support for the Secure Shell (SSH) server are vulnerable to a Denial of Service (DoS) if the SSH server is enabled on the device. A malformed SSH packet directed at the affected device can cause a reload of the device. No authentication is necessary for the packet to be received by the affected device. The SSH server in Cisco IOS is disabled by default. Cisco will be making free software available to correct the problem as soon as possible.
Caveats • A failure in communication between the MSFC and the supervisor engine causes the MSFC to be reset by an internal message from the supervisor engine. This problem is resolved in Release 12.1(8b)E12. (CSCdx38960) • Nonmaskable interrupts (NMIs) might cause a Supervisor Engine 1 to reload, and then the reload might fail. This problem is resolved in Release 12.1(8b)E12. (CSCdy25902) • MAC address notifications to Layer 3 EtherChannels can be sent to the wrong ingress switching module.
Caveats Resolved Caveats in Release 12.1(8b)E10 • If you enter an invalid interface range for the SPAN sources or destinations, the SPAN feature may not work correctly and the system might reset. Changing the configuration to reflect a valid interface range corrects this problem. This problem is resolved in Release 12.1(8b)E10. (CSCdv07321, CSCdv07079) • Setting the next hop for BGP route reflectors should be allowed only through the outbound route-map and not through the nexthop-self command.
Caveats Resolved Caveats in Release 12.1(8b)E9 • An error can occur with management protocol processing. Use the following URL for further information: http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903 This problem is resolved in Release 12.1(8b)E9. (CSCdw65903) Resolved Caveats in Release 12.1(8b)E8 • Enhanced IGRP (EIGRP) might display a “stuck in active” message with an incorrect network and mask (13.13.13.13 0xD0D0D0D). Routing is not affected. This problem is resolved in Release 12.
Caveats Resolved Caveats in Release 12.1(8b)E7 • For multicast flows, the PFC provides Layer 3 switching only when the ingress interface MTU size matches the minimum MTU size of the egress interface. This problem is resolved in Release 12.1(8b)E7. (CSCdu71710) • Configuring broadcast suppression on a Gigabit Ethernet interface filters all broadcast traffic. This problem is resolved in Release 12.1(8b)E7.
Caveats • With Supervisor Engine 2, when a DVMRP unicast packet (for example, an MRINFO packet) enters the switch to be routed, the packet is replicated multiple times. The number of replications depends on the IP TTL value of the incoming packet. This problem is resolved in Release 12.1(8b)E6. (CSCdv62588) • With Supervisor Engine 1, after entering the no mls ip and mls ip interface commands on an interface with multiple HSRP groups configured, some packets get switched in software on the MSFC.
Caveats • When data-link switching (DLSw) Ethernet redundancy is configured, the switch might reload with a bus error if circuits are established while peer connections are torn down. This problem is resolved in Release 12.1(8b)E6. (CSCdt82241) • After entering shutdown and no shutdown commands on an interface running fast switching, some of the route cache entries for directly connected hosts are not created correctly, which causes network connectivity issues. This problem is resolved in Release 12.
Caveats • Adding or removing an entry from the IGMP cache for special addresses 224.0.1.39 or 224.0.1.40 or 224.0.0.x or an interface joining or leaving a multicast group unnecessarily resets the interface hardware, causing the interface to go down and then back up. This problem is resolved in Release 12.1(8a)E5. (CSCdv43208) • Entering the attach command while connected over a secure shell (SSH) session freezes the switch. This problem is resolved in Release 12.1(8a)E5.
Caveats Resolved Caveats in Release 12.1(8a)E3 None. Resolved Caveats in Release 12.1(8a)E2 • In systems with a Supervisor Engine 1, entering the show mls nde command shows the NetFlow Data Export feature as disabled when it is enabled. This problem occurs if you enter an ip flow-export command after the mls nde src_address command and do not reenter the mls nde src_address command. This problem is resolved in Release 12.
Caveats • The show version command might display “Running default software” instead of the boot filename. This problem is resolved in Release 12.1(8a)E. (CSCdu23762) • With Supervisor Engine 2, ignore any “%BIT-SP-4-OUTOFRANGE: bit 16 is not in the expected range of 0 to -1” error messages. This problem is resolved in Release 12.1(8a)E. (CSCdu26072) • The crypto map interface command is disabled to prevent a reload. This problem is resolved in Release 12.1(8a)E.
Caveats • Resolved FlexWAN Module Caveats in Release 12.1(8a)E4, page 300 • Resolved FlexWAN Module Caveats in Release 12.1(8a)E3, page 300 • Resolved FlexWAN Module Caveats in Release 12.1(8a)E2, page 300 • Resolved FlexWAN Module Caveats in Release 12.1(8a)E, page 300 Open FlexWAN Module Caveats in Release 12.1(8b)E20 • FlexWAN module crashinfo files do not propagate to the MSFC bootflash device.
Caveats Resolved FlexWAN Module Caveats in Release 12.1(8b)E11 None. Resolved FlexWAN Module Caveats in Release 12.1(8b)E10 None. Resolved FlexWAN Module Caveats in Release 12.1(8b)E9 None. Resolved FlexWAN Module Caveats in Release 12.1(8b)E8 None. Resolved FlexWAN Module Caveats in Release 12.1(8b)E7 • Entering shutdown and no shutdown commands for a FlexWAN module multilink interface might cause the FlexWAN module to reload. If the link connects two FlexWAN modules, both modules might reload.
Caveats OSM Caveats • Open OSM Caveats in Release 12.1(8b)E20, page 301 • Resolved OSM Caveats in Release 12.1(8b)E20, page 301 • Resolved OSM Caveats in Release 12.1(8b)E19, page 301 • Resolved OSM Caveats in Release 12.1(8b)E18, page 301 • Resolved OSM Caveats in Release 12.1(8b)E17, page 302 • Resolved OSM Caveats in Release 12.1(8b)E16, page 302 • Resolved OSM Caveats in Release 12.1(8b)E15, page 302 • Resolved OSM Caveats in Release 12.
Caveats Resolved OSM Caveats in Release 12.1(8b)E17 None. Resolved OSM Caveats in Release 12.1(8b)E16 None. Resolved OSM Caveats in Release 12.1(8b)E15 • For virtual private dial-up networks (VPDN), when an L2TP access concentrator (LAC) negotiates an authentication protocol that is not listed as a valid authentication protocol according to the L2TP Network Server (LNS) configuration, the LNS incorrectly accepts the negotiated options and uses the authentication protocol set by the LAC.
Caveats Resolved OSM Caveats in Release 12.1(8a)E5 • When the fiber-optic cable carrying traffic from the add-drop multiplexer (ADM) is removed from a packet-over-SONET (POS) interface, the automatic protection switchover (APS) does not occur. This problem is resolved in Release 12.1(8a)E5.
Caveats • The ciscoFlashDeviceInitTime CISCO-FLASH-MIB object does not return the correct device initialization (insertion or removal) time stamp for the Flash devices on a redundant supervisor engine. Users of applications that depend on ciscoFlashDeviceInitTime should take care not to remove a redundant supervisor engine or a PCMCIA card from slave-slot0 when the applications are performing Flash file operations. This problem is resolved in Release 12.1(11b)E.
Caveats Resolved FlexWAN Module Caveats in Release 12.1(7a)E6 None. Resolved FlexWAN Module Caveats in Release 12.1(7a)E1 None. Resolved FlexWAN Module Caveats in Release 12.1(7)E None. Release 12.1(6)E and Rebuilds • General Caveats, page 305 • FlexWAN Module Caveats, page 307 • Open Caveats in Release 12.1(6)E8, page 305 • Resolved Caveats in Release 12.1(6)E8, page 306 • Resolved Caveats in Release 12.1(6)E1, page 306 • Resolved Caveats in Release 12.
Caveats Resolved Caveats in Release 12.1(6)E8 • An error can occur with management protocol processing. Please use the following URL for further information: http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903 This problem is resolved in Release 12.1(6)E8. (CSCdw65903) Resolved Caveats in Release 12.1(6)E1 • When the active supervisor engine shuts down normally, it notifies the redundant supervisor engine to switch over quicker.
Caveats FlexWAN Module Caveats • Open FlexWAN Module Caveats in Release 12.1(6)E8, page 307 • Resolved FlexWAN Module Caveats in Release 12.1(6)E8, page 307 • Resolved FlexWAN Module Caveats in Release 12.1(6)E1, page 307 • Resolved FlexWAN Module Caveats in Release 12.1(6)E, page 307 Open FlexWAN Module Caveats in Release 12.1(6)E8 • Flows between an Ethernet interface configured with an HSRP standby IP address and a WAN interface might not be Layer 3 switched.
Caveats • Resolved Caveats in Release 12.1(5c)E8, page 309 • Resolved Caveats in Release 12.1(5a)E3, page 311 • Resolved Caveats in Release 12.1(5a)E1, page 311 • Resolved Caveats in Release 12.1(5a)E, page 312 Open Caveats in Release 12.1(5c)E12 • Secure shell (SSH) support does not work with MSFC2. This problem is resolved in Release 12.1(8a)E. (CSCdt56832) • You cannot configure the MTU size on VLAN interfaces. For Supervisor Engine 2, this problem is resolved in Release 12.1(8a)E.
Caveats Resolved Caveats in Release 12.1(5c)E10 • When the active supervisor engine shuts down normally, it notifies the redundant supervisor engine to switch over quicker. Occasionally, this notification fails, resulting in an infinite series of SYS-2-INTSCHED messages. This problem is resolved in Releases 12.1(5c)E10 and 12.1(6)E1.
Caveats • Cisco Security Advisory: Cisco IOS Software Multiple SNMP Community String Vulnerabilities Revision 1.0: INTERIM For Public Release2001 February 27 20:00 US/Eastern (UTC+0500) Summary: Multiple Cisco IOS software and Catalyst OS software releases contain several independent but related vulnerabilities involving the unexpected creation and exposure of SNMP community strings. These vulnerabilities can be exploited to permit the unauthorized viewing or modification of affected devices.
Caveats • A Border Gateway Protocol (BGP) UPDATE contains Network Layer Reachability Information (NLRI) and attributes that describe the path to the destination. Each path attribute is a type, length, value (TLV) object. The type is a two-octet field that includes the attribute flags and the type code. The fourth high-order bit (bit 3) of the attribute flags is the Extended Length bit. It defines whether the attribute length is one octet (if set to 0) or two octets (if set to 1).
Caveats Resolved Caveats in Release 12.1(5a)E • Support for mobile IP was inadvertently deleted. This problem is resolved in Release 12.1(5a)E1. (CSCds78103) • Clock synchronization between the MSFC and the supervisor engine on the Catalyst 6500 series switches is broken and affects other subsystems. This problem is resolved in Release 12.1(5a)E. (CSCds72622) • The input and output fields of NDE version 7 records are not updated with the snmp_if_index of the ingress and egress interfaces.
Caveats • To use the interfaces on the FlexWAN module, you must enable IP routing on the MSFC. (CSCdp34896) • With an MSFC2, to avoid error-caused reloads, enter the no vines route-cache interface commands so that VINES traffic is process switched. (CSCdr61424) CSCdr61424 is not seen in later releases. Note Resolved FlexWAN Module Caveats in Release 12.1(5c)E12 None. Resolved FlexWAN Module Caveats in Release 12.1(5c)E10 None. Resolved FlexWAN Module Caveats in Release 12.1(5c)E9 None.
Caveats • The IPX rip-response-delay interface command does not work on an MSFC, which prevents configuration of preferred routes with this command. (CSCdr45398) Note This problem has not been seen in later releases. • The MSFC2 does not support the MultiNode Load Balancing (MNLB) forwarding agent of the MNLB feature set for LocalDirector. This problem is resolved in Release 12.1(8a)E.
Caveats • Receipt of a large packet that was fragmented by another network device might cause this message to be displayed at the rendezvous point of a multicast network that is running Protocol Independent Multicast (PIM) sparse mode: %PIM-5-REG_ENCAP_INVALID:Bad register from IP_address for (IP_address, Class_D_IP_address). Trace = .... This problem is resolved in Release 12.1(4)E1.
Caveats • The MSFC2 does not support the MultiNode Load Balancing (MNLB) forwarding agent of the MNLD feature set for Local Director. This problem is resolved in Release 12.1(8a)E. (CSCdr65433) • To avoid multiple MSFCs in the same subnet claiming to be the OSPF designated router, use the loopback interface IP address for each router rather than the interface IP address. This problem is resolved in Release 12.1(4)E1.
Caveats • CLNS fast-switching does not work. This problem is resolved in Release 12.1(3a)E3. (CSCdr17019) • The ifInNUcastPkts MIB object (1.3.6.1.2.1.2.2.1.12) does not increment correctly. This problem is resolved in Release 12.1(3a)E3. (CSCds07072) Release 12.1(2)E and Rebuilds • Open Caveats in Release 12.1(2)E2, page 317 • Resolved Caveats in Release 12.1(2)E2, page 317 • Resolved Caveats in Release 12.1(2)E, page 318 Open Caveats in Release 12.
Caveats Resolved Caveats in Release 12.1(2)E • BOOTP/DHCP address request UDP packets are dropped because of an encapsulation failure. This problem is resolved in Release 12.1(2)E. (CSCdp36754) • DLSw Ethernet redundancy is not supported. This problem is resolved in Release 12.1(2)E. (CSCdp93599) • Online insertion or replacement of a secondary supervisor engine can cause the Gigabit Ethernet ports on the secondary supervisor engine to be unusable for approximately 5 minutes.
Caveats Resolved Caveats in Release 12.1(1)E2 • After setting the config-register to 0x02, entering a sync command, and reloading, the config-register is 0x0. This problem is resolved in Release 12.1(1)E2. (CSCdr25147) • The SLB stateless redundancy inservice standby name command results in an endless loop. This problem is resolved in Release 12.1(1)E2.
Troubleshooting supervisor engines are installed. With the switch in a nonredundant configuration, do the conversion separately for each supervisor engine, and then configure redundancy. This problem is resolved in Release 12.1(1)E. (CSCdp55717) • Partial support exists for the CISCO-FLASH-MIB. This problem is resolved in Release 12.1(1)E. • Partial support exists for the BRIDGE-MIB (RFC 1493). This problem is resolved in Release 12.1(1)E.
Troubleshooting Module Troubleshooting This section contains troubleshooting guidelines for module problems: • When you hot insert a module into a chassis, be sure to use the ejector levers on the front of the module to seat the backplane pins properly. Inserting a module without using the ejector levers might cause the supervisor engine to display incorrect messages about the module. For module installation instructions, refer to the Catalyst 6500 Series Module Installation Guide.
Troubleshooting To debug STP problems, follow these guidelines: • The sum of all logical interfaces equals the number of trunks on the switch times the number of active VLANs on the trunks, plus the number of nontrunking interfaces on the switch. • The show spanning-tree summary totals command displays the number of logical interfaces in the STP Active column. • These maximum numbers of logical interfaces are supported with Release 12.
System Software Upgrade Instructions • On trunks, make sure that the trunk configuration is set properly on both sides of the link. • On trunks, if the neighboring device supports it, set duplex to full on both sides of the link to prevent any collisions under heavy traffic conditions. Additional Troubleshooting Information For additional troubleshooting information, refer to the publications at this URL: http://www.cisco.com/en/US/partner/products/hw/switches/tsd_products_support_category_home.
Related Documentation Related Documentation These sections describe the documentation available for Cisco IOS on the supervisor engine and MSFC. These publications consist of hardware and software installation guides, Cisco IOS configuration and command references, system error messages, feature modules, and other publications. Documentation is available as printed manuals or electronic publications.
Related Documentation Release 12.1 Documentation Set The following table describes the contents of the Cisco IOS Release 12.1 software documentation set, which is available in electronic form and orderable in printed form. Note You can find the most current Cisco IOS documentation on Cisco.com. These electronic publications may contain updates and modifications made after the hard-copy publications were printed.
Related Documentation Books Major Topics • Cisco IOS Apollo Domain, Banyan VINES, DECnet, ISO CLNS, and XNS Configuration Guide • Cisco IOS Apollo Domain, Banyan VINES, DECnet, ISO CLNS, and XNS Command Reference • Cisco IOS Multiservice Applications Configuration Guide • Cisco IOS Multiservice Applications Command Reference • Cisco IOS Quality of Service Solutions Configuration Guide • Cisco IOS Quality of Service Solutions Command Reference • Cisco IOS Security Configuration Guide • Cisc
Notices Notices The following notices pertain to this software license. OpenSSL/Open SSL Project This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). License Issues The OpenSSL toolkit stays under a dual license, i.e.
Notices LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). Original SSLeay License: Copyright © 1995-1998 Eric Young (eay@cryptsoft.com). All rights reserved. This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).
Obtaining Documentation and Submitting a Service Request Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.
Obtaining Documentation and Submitting a Service Request Release Notes for Cisco IOS Release 12.
