Release Notes for Cisco Catalyst Blade Switch 3120 for HP, Cisco IOS Release 12.2(50)SE and Later
14
Release Notes for Cisco Catalyst Blade Switch 3120 for HP, Cisco IOS Release 12.2(50)SE and Later
OL-18270-03
Limitations and Restrictions
• When MAC authentication bypass is configured to use Extensible Authentication Protocol (EAP)
for authorization and critical authentication is configured to assign a critical port to an access
VLAN:
–
If the connected device is supposed to be unauthorized, the connected device might be
authorized on the VLAN that is assigned to the critical port instead of to a guest VLAN.
–
If the device is supposed to be authorized, it is authorized on the VLAN that is assigned to the
critical port.
Use one of these workarounds (CSCse04534):
–
Configure MAC authentication bypass to not use EAP.
–
Define your network access profiles to not use MAC authentication bypass. For more
information, see the Cisco Access Control Server (ACS) documentation.
• When IEEE 802.1x authentication with VLAN assignment is enabled, a CPUHOG message might
appear if the switch is authenticating supplicants in a switch stack.
The workaround is not use the VLAN assignment option. (CSCse22791)
Multicasting
These are the multicasting limitations:
• Multicast packets with a time-to-live (TTL) value of 0 or 1 are flooded in the incoming VLAN when
all of these conditions are met:
–
Multicast routing is enabled in the VLAN.
–
The source IP address of the packet belongs to the directly connected network.
–
The TTL value is either 0 or 1.
The workaround is to not generate multicast packets with a TTL value of 0 or 1, or disable multicast
routing in the VLAN. (CSCeh21660)
• Multicast packets denied by the multicast boundary access list are flooded in the incoming VLAN
when all of these conditions are met:
–
Multicast routing is enabled in the VLAN.
–
The source IP address of the multicast packet belongs to a directly connected network.
–
The packet is denied by the IP multicast boundary access-list configured on the VLAN.
There is no workaround. (CSCei08359)
• Reverse path forwarding (RPF) failed multicast traffic might cause a flood of Protocol Independent
Multicast (PIM) messages in the VLAN when a packet source IP address is not reachable.
The workaround is to not send RPF-failed multicast traffic, or make sure that the source IP address
of the RPF-failed packet is reachable. (CSCsd28944)
• If the clear ip mroute privileged EXEC command is used when multicast packets are present, it
might cause temporary flooding of incoming multicast traffic in the VLAN.
There is no workaround. (CSCsd45753)
• When you configure the ip igmp max-groups number and ip igmp max-groups action replace
interface configuration commands and the number of reports exceed the configured max-groups
value, the number of groups might temporarily exceed the configured max-groups value. No
workaround is necessary because the problem corrects itself when the rate or number of IGMP
reports are reduced. (CSCse27757)