Manualshelf

Cisco MDS 9000 Family Release Notes for Cisco MDS NX-OS Release 5.0(4b) (OL-21012-04-B0, January 2011)

ManualsBrandsHP ManualsStorageCisco MDS 9124e 12-port Fabric Switch for BladeSystem c-Class
31323334353637383940
Send documentation comments to mdsfeedback-doc@cisco.com
36
Cisco MDS 9000 Family Release Notes for Cisco MDS NX-OS Release 5.0(4b)
OL-21012-04
Caveats
Open Caveats
CSCtf16263
Symptom: Following an upgrade from Cisco MDS NX-OS Release 4.2(3a) to Release 5.0(1a) on
an MDS 9222i switch, the Encapsulating Security Protocol (ESP) configuration is not applied to
members of a PortChannel. This issue occurs only on the MDS 9222i switch.
Workaround: To workaround this issue, following these steps:
1. Enable Fibre Channel Security Protocol (FCSP) on the interface and enter
configuration-interface-esp submode.
switch(config)# interface po103
switch(config-if)# fcsp on
switch(config-if)# fcsp esp manual
2. Add the old egress Security Association (egress-sa) configuration on the switch. Egress-sa is the
other side of the active ingress-sa.
switch(config-if-esp)# egress-sa 258
3. Add a new ingress-sa on the switch. Do not use the previous SA.
switch(config-if-esp)# ingress-sa 256
4. On the other side of the PortChannel, reconfigure egress with 256.
switch(config)# interface po103
switch(config-if)# fcsp esp manual
switch(config-if-esp)# egress-sa 256
At this point, the link is fully secured on both sides.
5. Clean up the old ingress-sa, by deleting it. An error message displays, but the ingress-sa does get
deleted.
switch(config-if-esp)# no ingress-sa 258
ERROR: SA 258 not in ingress list
If you fail to delete the old ingress-sa, an error message displays:
switch(config-if-esp)# ingress-sa 258
ERROR: SA 258 already in ingress list
6. Add the old ingress-sa.
switch(config-if-esp)# ingress-sa 258
CSCsq20408
Symptom: The show startup command displays aspects of the running configuration when
SANTap is configured and/or SANTap objects are created. When a user creates objects such as a
CVT or DVT, the configuration is showing in the running-configuration and in the
startup-configuration without copying the configuration into the startup-configuration.
Workaround: Issue a copy running-config startup-config command whenever you create objects
such as a CVT or DVT so that the running-configuration and startup-configuration are synchronized.