Cisco OL-4015-08 Bedienungsanleitung PDF herunterladen (Seite 94)

100

101

446

Cross-Platform Release Notes for Cisco IOS Release 12.0S

OL-1617-14 Rev. Q0

Caveats

Resolved Caveats—Cisco IOS Release 12.0(33)S1

Conditions: This has been seen on RSP running Cisco IOS Release 12.4(10).

Workaround: There is no workaround.

• CSCsg35077

Symptoms: A device that is running Cisco IOS software may crash during processing of an Internet

Key Exchange (IKE) message.

Conditions: The device must have a valid and complete configuration for IPsec. IPsec VPN features

in Cisco IOS software that use IKE include Site-to- Site VPN tunnels, EzVPN (server and remote),

DMVPN, IPsec over GRE, and GET VPN.

Workaround: Customers that do not require IPsec functionality on their devices can use the no

crypto isakmp enable command in global configuration mode to disable the processing of IKE

messages and eliminate device exposure.

If IPsec is configured, this bug may be mitigated by applying access control lists that limit the hosts

or IP networks that are allowed to establish IPsec sessions with affected devices. This assumes that

IPsec peers are known. This workaround may not be feasible for remote access VPN gateways where

the source IP addresses of VPN clients are not known in advance. ISAKMP uses port UDP/500 and

can also use UDP/848 (the GDOI port) when GDOI is in use.

Further Problem Description: This bug is triggered deep into the IKE negotiation, and an exchange

of messages between IKE peers is necessary.

If IPsec is not configured, it is not possible to reach the point in the IKE negotiation where the bug

exists.

• CSCsg42672

Symptoms: On a Cisco router running Cisco IOS Release 12.0(32)S4 and configured with BGP and

peer-groups, if the Fast Peering Session Deactivation feature is configured in the peer-group, the

router automatically configures on the command a route-map with the same name as the peer- group.

Conditions: Occurs with the following configuration sequence:

RR#conf t Enter configuration commands, one per line. End with CNTL/Z. RR(config)#router /jointfilesconvert/415844/bgp

65001 RR(config-router)#neighbor rrs-client fall-over ? bfd Use BFD to detect failure route-map

Route map for peer route <cr>

RR(config-router)#neighbor rrs-client fall-over

RR#sh ru <snip> router bgp 65001

neighbor rrs-client peer-group neighbor rrs-client remote-as 20959 neighbor rrs-client

update-source Loopback0 neighbor rrs-client fall-over route-map rrs-client <<<<<<<

the route-map does not exist.

Workaround: Configure the neighbor individually or use peer-templates.

• CSCsh31546

Symptoms: Applying L4 operators (used with an ACL) on many interfaces at the same time

generates a traceback.

Conditions: There is no set procedure for generating the traceback. You must play around with the

configuration to generate it.

Workaround: Configure the ACL batch by batch; for example, 20 to 30 interfaces at a time.

• CSCsh75224

Symptoms: RP crashes in IFS code when a SSH or TELNET session is established while the switch

is attempting to download a configuration.

1 2 ... 89 90 91 92 93 94 95 96 97 98 99 ... 677 678

Kommentare zu diesen Handbüchern

Keine Kommentare

Cisco OL-4015-08 Bedienungsanleitung Seite 94

Kommentare zu diesen Handbüchern

Verwandte Produkte und Handbücher für Vernetzung Cisco OL-4015-08