Cisco OL-4015-08 Manuel d'utilisateur télécharger pdf (Page 160)

512

Cross-Platform Release Notes for Cisco IOS Release 12.0S

OL-1617-14 Rev. Q0

Caveats

Resolved Caveats—Cisco IOS Release 12.0(32)S11

Workaround: Customers that do not require IPsec functionality on their devices can use the no

crypto isakmp enable command in global configuration mode to disable the processing of IKE

messages and eliminate device exposure.

If IPsec is configured, this bug may be mitigated by applying access control lists that limit the hosts

or IP networks that are allowed to establish IPsec sessions with affected devices. This assumes that

IPsec peers are known. This workaround may not be feasible for remote access VPN gateways where

the source IP addresses of VPN clients are not known in advance. ISAKMP uses port UDP/500 and

can also use UDP/848 (the GDOI port) when GDOI is in use.

Further Problem Description: This bug is triggered deep into the IKE negotiation, and an exchange

of messages between IKE peers is necessary.

If IPsec is not configured, it is not possible to reach the point in the IKE negotiation where the bug

exists.

• CSCsg52336

Symptoms: A router may crash when you remove an unused and unassigned VRF by entering the

no ip vrf vpn-name command.

Conditions: This symptom is observed on a Cisco router that functions as a PE router and that has

the Multi-VRF capability for OSPF routing configured along with other VRFs that are unused and

unassigned.

Workaround: There is no workaround.

• CSCsg89512

Symptoms: In an MVPN topology, sparse mode, Auto RP, if the PE router has the same line card as

the core and customer-facing router, and if there are two RP announcers, the RP point may not be

selected correctly, and traffic will not go through.

Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS

Release 12.0(33)S.

Workaround: Select values for offset using the hw-module slot x ip multicast hw-accelerate

source-table size a offset b command, which will prevent collision from happening.

• CSCsh43283

Symptoms: Engine 2 line cards stop forwarding multicast traffic when the hw-module slot 2 ip

multicast hw-accelerate command is issued.

Conditions: This symptom is observed when a higher priority bundle such as uRPF is already

running.

Workaround: Unconfigure all the features to revert back to the vanilla bundle, and then reconfigure

only the features that do not collide.

• CSCsj22472

Symptoms: When an IXIA-simulated BGP neighbor is not up, BGP is forced to delete the ARP entry

for the IXIA host for a while. During that period, the router has to send ARP, and traffic is lost for

a while.

Conditions: While observed with other protocols, this symptom was noticed with a typical BGP

configuration in which the peers are nonexistent. This would cause the SYN to be retransmitted

multiple times, and after some threshold, the ARP entry would be purged.

The ARP entries gets flushed out when the TCP retransmission timer expires. This causes the CEF

adjacency to be lost, and performance can drop for packets going to that destination until the ARP

is resolved again. This problem is not specific to BGP and is applicable to anything that rides over

TCP.

1 2 ... 155 156 157 158 159 160 161 162 163 164 165 ... 677 678

Commentaires sur ces manuels

Pas de commentaire

Cisco OL-4015-08 Manuel d'utilisateur Page 160

Commentaires sur ces manuels

Produits connexes et manuels pour Mise en réseau Cisco OL-4015-08