Cisco OL-4015-08 Bedienungsanleitung PDF herunterladen (Seite 21)

100

101

373

Cross-Platform Release Notes for Cisco IOS Release 12.0S

OL-1617-14 Rev. Q0

Caveats

Resolved Caveats—Cisco IOS Release 12.0(33)S7

Conditions: This symptom is observed in a normal production environment when running images

post 12.0(32)S9, 12.0(32)SY05, 12.0(33)S.

Workaround: There is no workaround

• CSCtd62350

Symptoms: Exporting with the VRF aware feature is not working, except if we export to a device

that is reachable via the global routing table.

ip flow-export version 9

ip flow-export destination 10.116.244.61 63636 vrf gestion ip flow- aggregation cache

protocol-port export destination 10.116.244.61 63636 vrf gestion

–

Sourced from global loopback interface, same

–

Sourced from same VRF interface where to export, same

–

Changed sample interval to minimum, same

The output looks fine. You can see the packets being sent from the Cisco 12000, and there are no

IPC drops; however the sniffer is not showing anything.

Conditions: This symptom is observed on a Cisco 12000 that is using NetFlow with VRF support.

Workaround: Use the global routing table.

• CSCtd75033

Symptoms: Cisco IOS Software is affected by NTP mode 7 denial-of-service vulnerability. Note:

The fix for this vulnerability has a behavior change affect on Cisco IOS Operations for Mode 7

packets. See the section Further Problem Description of this release note enclosure.

Conditions: Cisco IOS Software with support for Network Time Protocol (NTP) contains a

vulnerability processing specific NTP Control Mode 7 packets. This results in increased CPU on the

device and increased traffic on the network segments.

This is the same as the vulnerability which is described in http://www.kb.cert.org/vuls/id/568372.

Cisco has release a public facing vulnerability alert at the following link:

http://tools.cisco.com/security/center/viewAlert.x?alertId=19540

Cisco IOS Software that has support for NTPv4 is NOT affected. NTPv4 was introduced into

Cisco IOS Software: 12.4(15)XZ, 12.4(20)MR, 12.4(20)T, 12.4(20)YA, 12.4(22)GC1, 12.4(22)MD,

12.4(22)YB, 12.4(22)YD, 12.4(22)YE, and 15.0(1)M.

All other versions of Cisco IOS and Cisco IOS XE Software are affected.

To see if a device is configured with NTP, log into the device and issue the CLI command

show running-config | include ntp. If the output returns either of the following commands listed

then the device is vulnerable:

ntp master <any following commands>

ntp peer <any following commands>

ntp server <any following commands>

ntp broadcast client ntp multicast client

The following example identifies a Cisco device that is configured with NTP:

Router# show running-config | include ntp ntp peer 192.168.0.12

The following example identifies a Cisco device that is not configured with NTP:

Router# show running-config | include ntp

1 2 ... 16 17 18 19 20 21 22 23 24 25 26 ... 677 678

Kommentare zu diesen Handbüchern

Keine Kommentare

Cisco OL-4015-08 Bedienungsanleitung Seite 21

Kommentare zu diesen Handbüchern

Verwandte Produkte und Handbücher für Vernetzung Cisco OL-4015-08