Cisco Cisco Catalyst 6500 Series Firewall Services Module
21
Release Notes for the Catalyst 6500 Series and Cisco 7600 Series Firewall Services Module, Software Release 4.0(x)
Resolved Caveats
Resolved Caveats in Software Release 4.0(8)
•
CSCsy28731
The capture output of inspected traffic is not readable.
Workaround: None.
•
CSCta73803 (see also CSCtb62411)
In multiple context mode, the FWSM might experience a depletion in the 16384 byte blocks if
multiple contexts are subjected to SNMP polling simultaneously. Once in this condition, you must
reload the FWSM.
multiple contexts are subjected to SNMP polling simultaneously. Once in this condition, you must
reload the FWSM.
To detect if the FWSM is in this state, enter the show blocks command and look for the line starting
with “Slow Path.” If the CNT column is 0 and stays 0, this issue might be the cause.
with “Slow Path.” If the CNT column is 0 and stays 0, this issue might be the cause.
For example:
hostname# show blocks
SIZE MAX LOW CNT
4 1800 1790 1800
80 1000 976 983
256 1600 1529 1586
1550 11575 10483 11540
2048 1384 1349 1383
16384 8192 2181 2182
Additional Block pools for 16384 size blocks
IP Stack 1024 1023 1024
ARP Stack 512 510 512
Slow Path 5500 0 0
<--- Problem here
NP-CP 1024 1017 1024
Others 132 132 132
Additionally, the output of the show blocks old | begin 16384 command will show output relating
to SNMP:
to SNMP:
For example:
hostname# show blocks old | b 16384
Class 8, size 16384
Block allocd_by freed_by data size alloccnt dup_cnt oper location
0x0a7f0aa0 0x00411557 0x00a30608 44 101 0 put
udp_usr_input/ifc:65535/snmp
0x0a7ec780 0x00411557 0x00a30608 39 123 0 put
udp_usr_input/ifc:65535/snmp
0x0a7e8460 0x00411557 0x00a30608 39 132 0 put
udp_usr_input/ifc:65535/snmp
CSCtc71533
IPv6 object-group does not allow group-objects
CSCtc72148
WS-C6506-E-FWM/ High CPU usage
CSCtc97643
Traffic gets drop when acl optimization is on and after modifying ACEs
CSCtd04061
IMPORTANT TLS/SSL SECURITY UPDATE
CSCtd33652
virtual console hang in optimization
CSCtd73676
Only one virtual protocol can be configured with the “virtual” command
Table 8
Resolved Caveats in Release 4.0(10) (continued)
Caveat ID
Description