Cisco OL-4015-08 Manual de usuario descargar pdf (Pagina 22)

100

101

374

Cross-Platform Release Notes for Cisco IOS Release 12.0S

OL-1617-14 Rev. Q0

Caveats

Resolved Caveats—Cisco IOS Release 12.0(33)S7

To determine the Cisco IOS Software release that is running on a Cisco product, administrators can

banner confirms that the device is running Cisco IOS Software by displaying text similar to “Cisco

Internetwork Operating System Software” or “Cisco IOS Software.” The image name displays in

parentheses, followed by “Version” and the Cisco IOS Software release name. Other Cisco devices

do not have the show version command or may provide different output.

The following example identifies a Cisco product that is running Cisco IOS Software

Release 12.3(26) with an installed image name of C2500-IS-L:

Router # show version

Cisco Internetwork Operating System Software IOS (tm) 2500 Software (C2500-IS-L),

Version 12.3(26), RELEASE SOFTWARE (fc2) Technical Support:

Compiled Mon 17-Mar-08 14:39 by abcde

The following example shows a product that is running Cisco IOS Software release 12.4(20)T with

an image name of C1841-ADVENTERPRISEK9-M:

Router# show version

Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T,

RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright )

1986-2008 by Cisco Systems, Inc. Compiled Thu 10-Jul-08 20:25 by prod_rel_team

Additional information about Cisco IOS Software release naming conventions is available in “White

Paper: Cisco IOS and NX-OS Software Reference Guide” at the following link:

http://www.cisco.com/web/about/security/intelligence/ios-ref.html

Workaround: There are no workarounds other than disabling NTP on the device. The following

mitigations have been identified for this vulnerability; only packets destined for any configured IP

address on the device can exploit this vulnerability. Transit traffic will not exploit this vulnerability.

Note: NTP peer authentication is not a workaround and is still a vulnerable configuration.

* NTP Access Group

Warning: Because the feature in this vulnerability utilizes UDP as a transport, it is possible to spoof

the sender’s IP address, which may defeat access control lists (ACLs) that permit communication to

these ports from trusted IP addresses. Unicast Reverse Path Forwarding (Unicast RPF) should be

considered to be used in conjunction to offer a better mitigation solution.

! Configure trusted peers for allowed access.

access-list 1 permit 171.70.173.55

! Apply ACE to the NTP configuration.

ntp access-group peer 1

For additional information on NTP access control groups, consult the document titled “Performing

Basic System Management” at the following link:

http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_basic_sys_manage.html#

wp1034942

* Infrastructure Access Control Lists

1 2 ... 17 18 19 20 21 22 23 24 25 26 27 ... 677 678

Comentarios a estos manuales

Sin comentarios

Cisco OL-4015-08 Manual de usuario Pagina 22

Comentarios a estos manuales

Relacionado con productos y manuales para Redes Cisco OL-4015-08