Specifications

ManualsBrandsCisco ManualsComputer equipmentOL-10426-01

221

222

223

224

225

226

227

228

229

230

1260

Cross-Platform Release Notes for Cisco IOS Release 12.0S

OL-1617-14 Rev. Q0

Resolved Caveats—Cisco IOS Release 12.0(27)S5

• CSCef53109

Symptoms: When you enter the do command with arguments on an interface member of a

port-channel or pos-channel group, a message sinmilar to the following one is displayed:

Command "do <arguments>" not allowed on link-bundle member interface

<interface-number>

Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS

Release 12.0(28)S when the command is entered on an interface member of a port-channel or

pos-channel group.

Workaround: Enter the command directly on the interface that you are querying.

• CSCef53475

Symptoms: Packet drops occur when traffic is sent below the shape rate that is defined in a service

policy.

Conditions: This symptom is observed on a Frame Relay interface when there are multiple DLCIs

that have service policies enabled. Each DLCI has a hierarchical policy with a shape rate in the class

default at the parent level and a child policy with LLQ and CBWFQ classes. When traffic to each

DLCI is just below the shape rate and the combined traffic through the interface is close to line rate,

packet drops occur on some DLCIs. The symptom does not occur when traffic is sent to one DLCI

at the time.

Workaround: Increase the shape rate to compensate for the scheduling inaccuracy.

• CSCef59507

Symptoms: A failed LDP session may still show up in the output of the show mpls ldp neighbors

command as well as the new working session after the neighborship is re-established. The display

of two sessions, one not working and one working to the same neighbor, may mislead the MPLS

network operator.

Conditions: This symptom may occur after an LDP session has gone down and then re-established.

Workaround: There is no workaround.

• CSCef61610

A document that describes how the Internet Control Message Protocol (ICMP) could be used to

perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol

(TCP) has been made publicly available. This document has been published through the Internet

Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP"

(draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of

three types:

1. Attacks that use ICMP "hard" error messages

2. Attacks that use ICMP "fragmentation needed and Don’t Fragment (DF) bit set" messages, also

known as Path Maximum Transmission Unit Discovery (PMTUD) attacks

3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections,

depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are

workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.