Cisco 7600-ES20-GE3CXL-RF - Ethernet Services 20G Line Card Switch Manual de usuario descargar pdf (Pagina 245)

691

Caveats for Cisco IOS Release 12.2(33)SRD through 12.2(33)SRD8

OL-10394-05 Rev. R0

Conditions: This problem is platform independent, but it has been seen on Cisco Catalyst 3560,

Cisco Catalyst 3750 and Cisco Catalyst 4948 series switches. The issue is specific to SSH version

2, and its seen only when the box is under brute force attack. This crash is not seen under normal

conditions.

Workaround: There are mitigations to this vulnerability: For Cisco IOS, the SSH server can be

disabled by applying the command crypto key zeroize rsa while in configuration mode. The SSH

server is enabled automatically upon generating an RSA key pair. Zeroing the RSA keys is the only

way to completely disable the SSH server.

Access to the SSH server on Cisco IOS may also be disabled via removing SSH as a valid transport

protocol. This can be done by reapplying the transport input command with ’ssh’ removed from

the list of permitted transports on VTY lines while in configuration mode. For example: line vty 0

4 transport input telnet end

If SSH server functionality is desired, access to the server can be restricted to specific source IP

addresses or blocked entirely using Access Control Lists (ACLs) on the VTY lines as shown in the

following URL:

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configur

ation/guide/swacl.html#xtocid14

More information on configuring ACLs can be found on the Cisco public website:

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.

shtml

• CSCsi30873

Symptoms: A VIP crashes when a multilink interface flaps.

Conditions: LFI on a multilink interface and QoS is configured on a port adapter installed in the VIP.

When either the multicast interface, through which traffic is flowing, is cleared or the shut and no

shut commands are entered.

Trigger: Multilink interface flap noticed.

Impact: Impacts normal functioning of the router.

Workaround: There is no workaround.

• CSCsi32646

Symptoms: The following message may appear on the console after a line card reset or OIR.

%UTIL-3-IDTREE_TRACE: PW freelist DB:Duplicate ID free ...

Conditions: This symptom is observed when xconnects are configured on the line card interfaces

and multiple RP switchovers have been performed.

Workaround: There is no workaround.

• CSCsi32894

Symptoms: When a policy with BRR configuration has a priority class configured as well, the

priority class gets a queue update with mincir set to 0 and excess ratio set to 1.

Conditions: The issue is when a policy with BRR configuration has a priority class configured as

well, the priority class gets a queue update with mincir set to 0 and excess ratio set to 1. This should

not be the case for two reasons:

a) Priority should not participate in the BRR calculations (it actually does not, but we end up

invoking the queuing API with incorrect parameters).

b) Though the platforms can determine if a queue update that they get is for a priority queue, and

maybe ignore the mincir if the excess ratio is set, they do not necessarily have to do that.

1 2 ... 240 241 242 243 244 245 246 247 248 249 250 ... 397 398

Comentarios a estos manuales

Sin comentarios

Cisco 7600-ES20-GE3CXL-RF - Ethernet Services 20G Line Card Switch Manual de usuario Pagina 245

Comentarios a estos manuales

Relacionado con productos y manuales para Redes Cisco 7600-ES20-GE3CXL-RF - Ethernet Services 20G Line Card Switch