Cisco 7600-ES20-GE3CXL-RF - Ethernet Services 20G Line Card Switch Manual de usuario descargar pdf (Pagina 217)

663

Caveats for Cisco IOS Release 12.2(33)SRD through 12.2(33)SRD8

OL-10394-05 Rev. R0

2. Or - log in via console at least once since router startup;

3. Or - use Cisco IOS Release 12.2(33)SRD but do not enable ’debug tftp packet’.

To fix the issue after it has occured, connect to the router via console, press space bar to get rid of

’--More--’ prompt, then press enter to log in

• CSCsw25255

Symptoms: A Catalyst 6500 or Cisco 7600 router may not send back a BPDU with agreement flag

in response to a proposal on its root port, causing slow convergence on the designated bridge.

Conditions: This is seen on Catalyst 6500 switches running any version of Cisco IOS Release

12.2(33)SXH. This is seen on Cisco 7600 routers running any version of Cisco IOS Release 12.2SR.

Workaround: The problem does not occur if debug spanning-tree event is enabled. This can be a

suitable workaround in an environment with a small number of VLANs if the debug does not impact

CPU usage.

• CSCsw31019

Symptoms: A Cisco router crashes.

Conditions: This symptom is observed if the frame-relay be 1 command is issued under "map-class

frame-relay <name>" configuration.

Workaround: There is no workaround.

• CSCsw37053

Symptoms: Traffic with aggregate label was forwarded in wrong VPN, causing the mis-forwarding,

as the IP prefix was not present in the VPN routing/forwarding (VRF) table.

Conditions: Occurs under the following scenario:

1. Aggregate label should not be using the VPN CAM.

2. The recirculation VLAN has the wrong VPN number.

Workaround: Manually correct the wrong mls vlan-ram entry.

Further Problem Description: If there are multiple aggregate labels on a given VRF, there might be

a chance of seeing this issue.

• CSCsw41041

Symptoms: Cisco ASR1000 routers running Cisco IOS software are vulnerable to a crash when

PPTP packets are sent to the router.

Conditions: Occurs under normal operating conditions.

Workaround: CoPP may be configured on the device to protect the management and control planes

and to workaround this risk by explicitly permitting only authorized traffic sent to the route

processor in accordance with existing security policies and configurations. The following example

can be adapted to your network.

!-- Permit all TCP and UDP PPTP traffic sent to all IP addresses !-- configured on all interfaces of

the affected device so that it !-- will be policed and dropped by the CoPP feature

access-list 100 permit tcp any any eq 1723 access-list 100 permit udp any any eq 1723

!-- Permit (Police or Drop)/Deny (Allow) all other Layer3 and Layer4 !-- traffic in accordance with

existing security policies and !-- configurations for traffic that is authorized to be sent !-- to

infrastructure devices ! !-- Create a Class-Map for traffic to be policed by !-- the CoPP feature

class-map match-all drop-pptp-class match access-group 100

!-- Create a Policy-Map that will be applied to the !-- Control-Plane of the device

1 2 ... 212 213 214 215 216 217 218 219 220 221 222 ... 397 398

Comentarios a estos manuales

Sin comentarios

Cisco 7600-ES20-GE3CXL-RF - Ethernet Services 20G Line Card Switch Manual de usuario Pagina 217

Comentarios a estos manuales

Relacionado con productos y manuales para Redes Cisco 7600-ES20-GE3CXL-RF - Ethernet Services 20G Line Card Switch