Cisco 7600-ES20-GE3CXL-RF - Ethernet Services 20G Line Card Switch Manual de usuario Pagina 49
- Pagina / 398
- Tabla de contenidos
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
495
Caveats for Cisco IOS Release 12.2(33)SRD through 12.2(33)SRD8
OL-10394-05 Rev. R0
Alternate workaround: Enter the tclquit command to end the Tcl shell and return to privileged
EXEC mode, then enter the tclsh command to enable the Tcl shell again.
• CSCsz71787
Symptoms: A router crashes when it is configured with DLSw.
Conditions: A vulnerability exists in Cisco IOS software when processing UDP and IP protocol 91
packets. This vulnerability does not affect TCP packet processing. A successful exploitation may
result in a reload of the system, leading to a denial of service (DoS) condition.
Cisco IOS devices that are configured for DLSw with the dlsw local- peer automatically listen for
IP protocol 91 packets. A Cisco IOS device that is configured for DLSw with the dlsw local-peer
peer-id IP- address command listen for IP protocol 91 packets and UDP port 2067.
Cisco IOS devices listen to IP protocol 91 packets when DLSw is configured. However, it is only
used if DLSw is configured for Fast Sequenced Transport (FST). A DLSw FST peer configuration
will contain the following line:
dlsw remote-peer 0 fst ip-address
It is possible to disable UDP processing in DLSw with the dlsw udp-disable command. However,
disabling UDP only prevents the sending of UDP packets; it does not prevent the device from
receiving and processing incoming UDP packets.
Workaround: The workaround consists of filtering UDP packets to port 2067 and IP protocol 91
packets. Filters can be applied at network boundaries to filter all IP protocol 91 packets and UDP
packets to port 2067, or filters can be applied on individual affected devices to permit such traffic
only from trusted peer IP addresses. However, since both of the protocols are connectionless, it is
possible for an attacker to spoof malformed packets from legitimate peer IP addresses.
As soon as DLSw is configured, the Cisco IOS device begins listening on IP protocol 91. However,
this protocol is used only if DLSw is configured for Fast Sequenced Transport (FST). A DLSw FST
peer configuration will contain the following line:
dlsw remote-peer 0 fst ip-address
If FST is used, filtering IP protocol 91 will break the operation, so filters need to permit protocol 91
traffic from legitimate peer IP addresses.
It is possible to disable UDP processing in DLSw with the dlsw udp-disable command. However,
disabling UDP only prevents the sending of UDP packets; it does not prevent the receiving and
processing of incoming UDP packets. To protect a vulnerable device from malicious packets via
UDP port 2067, both of the following actions must be taken:
1. Disable UDP outgoing packets with the dlsw udp-disable command.
2. Filter UDP 2067 in the vulnerable device using infrastructure ACL.
* Using Control Plane Policing on Affected Devices
Control Plane Policing (CoPP) can be used to block untrusted DLSw traffic to the device. Cisco IOS
software Releases 12.0S, 12.2SX, 12.2S, 12.3T, 12.4, and 12.4T support the CoPP feature. CoPP
may be configured on a device to protect the management and control planes to minimize the risk
and effectiveness of direct infrastructure attacks by explicitly permitting only authorized traffic sent
to infrastructure devices in accordance with existing security policies and configurations. The
following example, which uses 192.168.100.1 to represent a trusted host, can be adapted to your
network. If FST is not used, protocol 91 may be completely filtered. Additionally, if UDP is disabled
with the dlsw udp-disable command, UDP port 2067 may also be completely filtered.
!--- Deny DLSw traffic from trusted hosts to all IP addresses
!--- configured on all interfaces of the affected device so that
!--- it will be allowed by the CoPP feature.
- Americas Headquarters: 1
- • CSCts38429 3
- • CSCsw77313 3
- • CSCtg26538 3
- • CSCth25634 6
- • CSCth69364 6
- • CSCtj22457 6
- • CSCtj38606 6
- • CSCsz23099 12
- • CSCsz87710 12
- • CSCta18596 12
- • CSCtd24840 16
- • CSCtd38225 16
- • CSCtd67010 16
- • CSCtd73256 16
- • CSCtd74135 17
- • CSCtd93508 17
- • CSCtd94144 17
- • CSCte00934 18
- • CSCte02089 18
- • CSCte03083 18
- • CSCte10706 18
- • CSCte10790 18
- • CSCte38945 19
- • CSCte48877 19
- • CSCte49283 20
- • CSCte49641 20
- • CSCte74705 20
- • CSCtf35224 24
- • CSCtf39455 24
- • CSCtf44529 24
- • CSCtf48413 24
- • CSCtf50862 24
- • CSCtf50894 25
- • CSCtf51332 25
- • CSCtg44996 32
- • CSCtg49331 32
- • CSCtg52130 32
- • CSCtg62555 32
- • CSCtg73456 32
- • CSCti24657 37
- • CSCti37167 37
- % Authentication failed 41
- Router#conf t 43
- • CSCsy24691 47
- • CSCsy31601 47
- • CSCsy34533 47
- • CSCsy34805 47
- • CSCsz71787 49
- • CSCsz72138 51
- • CSCta73054 55
- • CSCta75687 55
- • CSCta77678 55
- • CSCta79313 55
- • CSCta85026 55
- • CSCta91556 56
- • CSCtb04035 56
- • CSCtb13546 56
- • CSCtb13846 56
- • CSCtb15699 56
- = 0x424ECCE4 61
- • CSCtc36588 63
- • CSCtc37147 63
- • CSCtc38796 63
- • CSCtc40677 63
- • CSCtc41760 64
- • CSCtc46171 64
- • CSCtc46174 64
- • CSCtc46512 64
- • CSCtc94873 68
- • CSCtd00054 68
- • CSCtd00479 68
- • CSCtd15853 68
- • CSCtd21590 71
- • CSCtd25133 71
- • CSCtd25933 71
- • CSCtd75033 75
- • CSCtd75248 80
- • CSCtd77905 80
- • CSCtd83819 80
- • CSCtd87264 80
- • CSCsm26063 87
- • CSCsm85890 87
- • CSCso29141 87
- • CSCsu79754 91
- • CSCsv07467 91
- • CSCsv21612 91
- • CSCsv27372 91
- • CSCsw25200 93
- • CSCsw39190 93
- • CSCsw48359 93
- • CSCsw50069 94
- • CSCsw73196 94
- • CSCsw76817 94
- • CSCsw93867 94
- • CSCsx03301 95
- • CSCsx07159 95
- • CSCsx07537 95
- • CSCsx08861 95
- • CSCsx09343 96
- • CSCsx10086 96
- • CSCsx15138 96
- • CSCsx34584 96
- • CSCsy21885 99
- • CSCsy24878 99
- • CSCsy26883 99
- • CSCsy29534 99
- • CSCsy32000 99
- • CSCsy39667 100
- • CSCsy53076 100
- • CSCsy54365 100
- • CSCsy58115 101
- • CSCsy60498 101
- • CSCsy60668 101
- • CSCsy60846 101
- OL-10394-05 Rev. R0 102
- • CSCsy84862 103
- • CSCsy85171 103
- • CSCsy86078 103
- • CSCsy88134 104
- • CSCsy88640 104
- • CSCsy96407 104
- • CSCsz14273 106
- • CSCsz15931 106
- • CSCsz16723 106
- • CSCsz18711 106
- • CSCta78252 118
- • CSCta79634 118
- • CSCta89002 118
- • CSCta91367 118
- • CSCta46653 120
- • CSCdy26008 120
- • CSCec72958 120
- • CSCec85585 120
- • CSCsk49705 124
- • CSCsk94179 124
- • CSCsl00472 124
- • CSCsl04687 124
- • CSCsl32142 125
- • CSCsl68327 125
- • CSCsl71704 125
- • CSCsm28287 125
- • CSCsm47417 125
- • CSCso29361 127
- • CSCso42170 127
- • CSCso56038 127
- • CSCso57020 127
- • CSCso65266 127
- • CSCsq06208 129
- • CSCsq14261 129
- • CSCsq14311 129
- • CSCsq37953 129
- • CSCsq39079 129
- • CSCsr81271 135
- • CSCsr82785 135
- • CSCsr82895 135
- • CSCsr84639 135
- • CSCsr86515 135
- • CSCsu27888 139
- • CSCsu27894 139
- • CSCsu31088 139
- • CSCsu31935 139
- • CSCsu31954 139
- • CSCsu39152 141
- • CSCsu39704 141
- • CSCsu40667 141
- • CSCsu42078 141
- • CSCsu42315 141
- • CSCsu57331 144
- • CSCsu57958 144
- • CSCsu62667 144
- • CSCsu63994 144
- • CSCsu63996 144
- • CSCsu64215 145
- • CSCsu64323 145
- • CSCsu65189 145
- • CSCsu65225 145
- • CSCsu67461 145
- (2/0),process = NDE - IPV4 149
- • CSCsu95319 150
- • CSCsu96649 150
- • CSCsu96730 150
- • CSCsu97934 150
- • CSCsu99573 150
- • CSCsv35120 156
- • CSCsv36266 156
- • CSCsv36892 156
- • CSCsv38166 156
- • CSCsv73735 159
- • CSCsv73754 159
- • CSCsv79584 159
- • CSCsv79673 159
- • CSCsv79993 159
- • CSCsv86288 161
- • CSCsv89643 161
- • CSCsv90323 161
- • CSCsw16698 163
- • CSCsw24542 163
- • CSCsw24611 163
- • CSCsw24826 164
- • CSCsw25255 164
- • CSCsw28082 164
- • CSCsw28139 164
- • CSCsw31019 164
- • CSCsw35155 165
- • CSCsw35638 165
- • CSCsw36285 165
- • CSCsw36872 165
- • CSCsw37053 165
- • CSCsx25316 175
- • CSCsx27659 175
- • CSCsx28948 175
- • CSCsx33622 175
- • CSCsx78826 180
- • CSCsx79111 180
- • CSCsx82880 180
- • CSCsx94132 180
- • CSCsx94400 180
- • CSCsy17724 182
- • CSCsy22193 182
- • CSCsy24369 182
- • CSCsy24676 182
- • CSCsz28707 186
- • CSCsz29991 186
- • CSCsz42928 186
- • CSCsx37608 186
- • CSCsx95984 186
- Miscellaneous 187
- • CSCsm53196 190
- • CSCsm71537 190
- • CSCsr80601 196
- • CSCsu44992 201
- • CSCsv30307 212
- • CSCsv30540 212
- • CSCsv33977 212
- • CSCsv81009 214
- • CSCsv85990 214
- • CSCsv86256 215
- • CSCsv92088 215
- • CSCsv97273 215
- • CSCsv99716 216
- • CSCsw14845 216
- • CSCsw41041 217
- • CSCsx23566 220
- • CSCsx37313 220
- • CSCsk23247 220
- • CSCsk35801 220
- • CSCsk28748 227
- • CSCsk48366 227
- • CSCsm55817 227
- • CSCsr44492 230
- • CSCsr49701 230
- • CSCsr55713 230
- • CSCsr55922 230
- • CSCsr62811 230
- • CSCsu73128 233
- • CSCsu87181 233
- • CSCsu88256 233
- • CSCsu89550 233
- • CSCef52919 236
- • CSCeg80842 236
- • CSCeg86665 236
- • CSCek55665 236
- • CSCsb15582 238
- • CSCsb36463 238
- • CSCsc75381 238
- • CSCsc77148 238
- • CSCsc87117 238
- • CSCsh33518 243
- • CSCsh47251 243
- • CSCsh48919 243
- • CSCsh67875 244
- • CSCsh88532 244
- • CSCsh91974 244
- • CSCsi17158 244
- • CSCsi30873 245
- • CSCsi32646 245
- • CSCsi32894 245
- • CSCsj91123 250
- • CSCsj98198 250
- • CSCsk03336 250
- • CSCsk05653 250
- • CSCsk07097 251
- • CSCsk12238 251
- • CSCsk19497 251
- • CSCsk21328 251
- • CSCsk39022 253
- • CSCsk39806 253
- • CSCsk39926 253
- • CSCsk40506 253
- • CSCsk41134 253
- • CSCsk43058 254
- • CSCsk43745 254
- • CSCsk54061 254
- • CSCsk54092 254
- 40CD1924 255
- • CSCsk80552 257
- • CSCsk81396 257
- • CSCsk83683 257
- • CSCsk84925 257
- • CSCsk91176 259
- • CSCsk91267 259
- • CSCsk92854 259
- • CSCsk93241 259
- • CSCsl02927 261
- • CSCsl04415 261
- • CSCsl04764 261
- • CSCsl04835 261
- • CSCsl05874 262
- • CSCsl06110 262
- • CSCsl06336 262
- • CSCsl07297 262
- • CSCsl09874 262
- • CSCsl36241 268
- • CSCsl38029 268
- • CSCsl39130 268
- • CSCsl39860 268
- • CSCsl40687 268
- • CSCsl40705 269
- • CSCsl41230 269
- • CSCsl41325 269
- • CSCsl41453 269
- • CSCsl52594 275
- • CSCsl53110 275
- • CSCsl53494 275
- • CSCsl54243 275
- • CSCsl54889 275
- : % vrf v6 doesn’t exist 276
- • CSCsl62076 278
- • CSCsl62341 278
- • CSCsl62344 278
- • CSCsl62626 278
- • CSCsl62963 278
- • CSCsl65179 280
- • CSCsl65327 280
- • CSCsl65335 280
- • CSCsl65407 280
- • CSCsl65820 280
- • CSCsl77525 286
- • CSCsl78159 286
- • CSCsl78582 286
- • CSCsl79141 286
- • CSCsl79195 286
- • CSCsl81243 288
- • CSCsl83211 288
- • CSCsl83212 288
- • CSCsl83415 288
- • CSCsl83479 288
- • CSCsl85041 289
- • CSCsl85391 289
- • CSCsl85847 289
- • CSCsl86316 289
- • CSCsl86614 289
- • CSCsl89425 291
- • CSCsl89627 291
- • CSCsl90265 291
- • CSCsl90341 291
- • CSCsl91038 291
- • CSCsl95664 294
- • CSCsl96254 294
- • CSCsl96335 294
- • CSCsl96370 294
- • CSCsl96417 294
- • CSCsl99629 296
- • CSCsm00570 296
- • CSCsm00811 296
- • CSCsm01126 296
- • CSCsm01334 296
- • CSCsm01389 297
- • CSCsm01399 297
- • CSCsm01509 297
- • CSCsm01577 297
- • CSCsm04442 298
- • CSCsm05646 298
- • CSCsm06057 298
- • CSCsm06740 298
- • CSCsm06762 298
- • CSCsm10603 300
- • CSCsm12247 300
- • CSCsm12664 300
- • CSCsm12692 300
- • CSCsm13263 300
- • CSCsm13408 301
- • CSCsm13783 301
- • CSCsm14007 301
- • CSCsm14833 301
- • CSCsm15350 301
- • CSCsm20599 303
- • CSCsm20994 303
- • CSCsm21126 303
- • CSCsm21435 303
- • CSCsm21728 303
- • CSCsm28791 306
- • CSCsm29120 306
- • CSCsm30569 306
- • CSCsm31688 306
- • CSCsm36500 308
- • CSCsm36745 308
- • CSCsm37834 308
- • CSCsm38142 308
- • CSCsm39002 308
- • CSCsm43938 310
- • CSCsm44147 310
- • CSCsm44353 310
- • CSCsm44620 310
- • CSCsm44720 311
- • CSCsm44905 311
- • CSCsm44914 311
- • CSCsm45483 311
- • CSCsm45950 311
- • CSCsm46170 312
- • CSCsm46290 312
- • CSCsm46903 312
- • CSCsm47111 312
- • CSCsm47544 312
- • CSCsm51299 314
- • CSCsm51333 314
- • CSCsm51729 314
- • CSCsm51942 315
- • CSCsm53035 315
- • CSCsm53392 315
- • CSCsm53489 316
- • CSCsm54548 316
- • CSCsm54873 316
- • CSCsm57474 316
- • CSCsm61105 318
- • CSCsm61571 318
- • CSCsm61726 318
- • CSCsm66774 321
- • CSCsm68773 321
- • CSCsm69368 321
- • CSCsm69981 321
- • CSCsm70668 321
- • CSCsm70774 322
- • CSCsm70913 322
- • CSCsm71240 322
- • CSCsm71592 322
- • CSCsm72807 322
- • CSCsm72944 323
- • CSCsm72987 323
- • CSCsm73220 323
- • CSCsm73365 323
- • CSCsm73592 323
- • CSCsm73602 324
- • CSCsm74143 324
- • CSCsm74961 324
- • CSCsm76792 324
- • CSCsm76857 324
- • CSCsm79995 326
- • CSCsm80616 326
- • CSCsm80847 326
- • CSCsm82382 326
- • CSCsm83777 327
- • CSCsm83812 327
- • CSCsm83961 327
- • CSCsm84257 327
- • CSCsm84849 327
- • CSCsm95129 331
- • CSCsm95145 331
- • CSCsm95456 331
- • CSCsm96355 331
- • CSCsm96762 331
- • CSCso07811 336
- • CSCso09237 336
- • CSCso09607 336
- • CSCso14979 338
- • CSCso15725 338
- • CSCso15740 338
- • CSCso17473 338
- • CSCso17733 338
- • CSCso48665 345
- • CSCso49388 345
- • CSCso49598 345
- • CSCso50347 345
- • CSCso50363 345
- • CSCso57001 350
- • CSCso57407 350
- • CSCso57886 350
- • CSCso59251 350
- • CSCso59390 350
- • CSCso59642 351
- • CSCso59736 351
- • CSCso59974 351
- • CSCso61282 351
- • CSCso62193 351
- • CSCsq31206 369
- • CSCsq31808 369
- • CSCsq31923 369
- • CSCsq31958 369
- • CSCsq45761 373
- • CSCsq47043 373
- • CSCsq47355 373
- • CSCsq48201 373
- • CSCsq62703 376
- • CSCsq63041 376
- • CSCsq63176 376
- • CSCsq63681 376
- • CSCsq63731 376
- • CSCsr08921 383
- • CSCsr09173 383
- • CSCsr10075 383
- • CSCsr10893 383
- • CSCsr11085 383
- • CSCsr11099 384
- • CSCsr13399 384
- • CSCsr17315 385
- • CSCsr17680 385
- • CSCsr18589 385
- • CSCsr18942 385
- (Incorrect Login/Password) 387
- Conf t redundancy mode rpr 388
- • CSCsr59284 389
- • CSCsr59719 389
- • CSCsr63003 389
- • CSCsr65372 389
- • CSCsr67177 389
- • CSCsr92184 391
- • CSCsr93316 391
- • CSCsr98731 391
- • CSCsu46822 394
- • CSCsu47037 394
- • CSCsu49790 394
- • CSCsu77549 396
- • CSCsu83563 396
- • CSCsu94030 397
- • CSCsu94720 397
Relacionado con productos y manuales para Redes Cisco 7600-ES20-GE3CXL-RF - Ethernet Services 20G Line Card Switch
Redes Cisco 678 Especificaciones
(192 paginas)
(192 paginas)
Redes Cisco ONS 15327 Manual de usuario
(11 paginas)
(11 paginas)
Redes Cisco 820 Series Guía de instalación
(16 paginas)
(16 paginas)
Redes Cisco PIX-515E Guía de instalación
(20 paginas)
(20 paginas)
Redes Cisco WRT300N Guía de usuario
(90 paginas)
(90 paginas)
Redes Cisco 12000 GSR Manual de usuario
(17 paginas)
(17 paginas)
Redes Cisco WS-C2916M-XL Manual de usuario
(20 paginas)
(20 paginas)
Redes Cisco 15216 EDFA2 Especificaciones
(280 paginas)
(280 paginas)
Redes Cisco uBR10-LCP2-MC28C Especificaciones
(32 paginas)
(32 paginas)
Redes Cisco 4430 Manual de usuario
(12 paginas)
(12 paginas)
Redes Cisco MGX 8230 Especificaciones
(282 paginas)
(282 paginas)
Redes Cisco 3620 Guía de instalación
(36 paginas)
(36 paginas)
Redes Cisco Aironet 1000 Series Guía de instalación
(28 paginas)
(28 paginas)
Redes Cisco Ethernet switch Manual de usuario
(84 paginas)
(84 paginas)
Redes Cisco TES301 Guía de usuario
(98 paginas)
(98 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.053 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales