Datasheet
175
Release Notes for Cisco IOS Release 12.1E on the Catalyst 6500 and Cisco 7600 Supervisor Engine and MSFC
OL-2310-11
Caveats
• For ACEs that match on DSCP, 7 bits instead of 6 bits are programmed into the ACL TCAM. This
problem is resolved in Release 12.1(22)E4. (CSCee39170)
Resolved General Caveats in Release 12.1(22)E3
• SNMP traps are sent for every Internet Key Exchange (IKE) timeout and rekey but not for every
IPsec timeout and rekey. This situation might generate many false alerts that an IKE tunnel is down
when the IKE tunnel is torn down but immediately rebuilt. Releases where CSCee91044 is resolved
do not send SNMP traps that are sent for normal IKE operation. This problem is resolved in
Release 12.1(22)E3. (CSCee91044)
• A Cisco device running Cisco IOS and enabled for the Border Gateway Protocol (BGP) is
vulnerable to a Denial of Service (DoS) attack from a malformed BGP packet. Only devices with
the command ‘bgp log-neighbor-changes’ configured are vulnerable. The BGP protocol is not
enabled by default, and must be configured in order to accept traffic from an explicitly defined peer.
Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be
difficult to inject a malformed packet.
If a misformed packet is received and queued up on the interface, this bug may also be triggered by
other means which are not considered remotely exploitable such as the use of the command ‘show
ip bgp neighbors’ or running the command ‘debug ip bgp <neighbor> updates’ for a configured bgp
neighbor.
Cisco has made free software available to address this problem.
For more details, please refer to this advisory, available at
http://www.cisco.com/warp/public/707/cisco-sa-20050126-bgp.shtml
This problem is resolved in Release 12.1(22)E3. (CSCee67450)
• In rare situations, the MSFC might stop responding to received traffic. This problem is resolved in
Release 12.1(22)E3. (CSCef85654)
• In a release where caveat CSCec55429 is resolved, after a number of WCCP “cache lost” and “cache
found” events have occurred for all the caches in a service group, spurious memory accesses might
occur, the addition and deletion of WCCP services might fail, and the show ip wccp command
displays the WCCP service, but the output of the show ip wccp service_number command does not
show the WCCP service. This problem is resolved in Release 12.1(22)E3. (CSCuk50878)
• With both static and dynamic Port Address Translation (PAT) configured and if the ip nat pool
inside_pool_name command has been entered for only one IP address, the IP addresses that are used
for overloading might be used as one-to-one translations. This problem is resolved in
Release 12.1(22)E3. (CSCdx19396)
• With MD5 password encryption configured, the software does not correctly verify that all
configured TCP options can be sent in a TCP packet, which can cause this message to be displayed:
%TCP-6-TOOBIG: Tty0, too many bytes of options (44)
This problem is resolved in Release 12.1(22)E3. (CSCeb07106)
• Under heavy traffic conditions, online insertion and removal (OIR) of a switch fabric module or OIR
of a nonfabric-enabled module might cause OSMs to stop forwarding traffic. This problem is
resolved in Release 12.1(22)E3. (CSCec49269)
• When you configure BGP peergroups, spurious memory access messages are displayed. This
problem is resolved in Release 12.1(22)E3. (CSCec78347)
• You might see high CPU utilization if you enter the logging synchronous command. This problem
is resolved in Release 12.1(22)E3. (CSCed16920)