Cisco Cisco Catalyst 6500 Series Firewall Services Module
27
Release Notes for the Catalyst 6500 Series and Cisco 7600 Series Firewall Services Module, Software Release 4.0(x)
Resolved Caveats
Resolved Caveats in Software Release 4.0(5)
•
CSCsu69518
Even though SCCP inspection drops the registration message for phones containing IPv6 addresses
(dual mode), the FWSM creates an entry for the SCCP phone as seen in the show skinny command
output. This entry is not cleared until the FWSM is reloaded. After the registration message is
dropped, if the phones keep retrying for registration, then a large number of entries are created for
these phones that do not get cleared. Eventually when a large number of false entries are created,
the FWSM will be unable to add further entries for phones that try to register later.
(dual mode), the FWSM creates an entry for the SCCP phone as seen in the show skinny command
output. This entry is not cleared until the FWSM is reloaded. After the registration message is
dropped, if the phones keep retrying for registration, then a large number of entries are created for
these phones that do not get cleared. Eventually when a large number of false entries are created,
the FWSM will be unable to add further entries for phones that try to register later.
Workaround: None.
•
CSCsw46905
When using Active/Active failover, during configuration replication, the active FWSM might
unexpectedly reload. When the reload occurs, the FWSM becomes unresponsive.
unexpectedly reload. When the reload occurs, the FWSM becomes unresponsive.
Workaround: To reset the FWSM, enter the hw-module module module_number reset command
at the switch CLI, or power cycle the FWSM in configuration mode by entering the no power enable
module module_number command, then the power enable module module_number command.
at the switch CLI, or power cycle the FWSM in configuration mode by entering the no power enable
module module_number command, then the power enable module module_number command.
•
CSCsx09390
When you have an FWSM Active/Active failover pair, with one in an active VSS switch and the
other in the standby VSS switch, then if you shut down the FWSM failover VLAN on the active
switch and then enter redundancy force-switchover on the switch, you cannot session to FWSM on
the standby switch from the active switch.
other in the standby VSS switch, then if you shut down the FWSM failover VLAN on the active
switch and then enter redundancy force-switchover on the switch, you cannot session to FWSM on
the standby switch from the active switch.
This issue also occurs if you shut down the failover VLAN, and then reload the FWSM in the active
switch.
switch.
This issue also occurs if you change from VSS to standalone, and then back to VSS.
Workaround: For the two conditions associated with shutting down the failover VLAN, enter no
shutdown for the FWSM failover VLAN on the active switch. For the condition related to changing
from VSS to standalone, then you need to disable failover on both FWSMs by entering clear
configure failover on the standby unit, and no failover on the active unit after you change from VSS
to standalone. After you change back from standalone to VSS, you can reenable failover.
shutdown for the FWSM failover VLAN on the active switch. For the condition related to changing
from VSS to standalone, then you need to disable failover on both FWSMs by entering clear
configure failover on the standby unit, and no failover on the active unit after you change from VSS
to standalone. After you change back from standalone to VSS, you can reenable failover.
•
CSCsx41274
When using route health injection, if you perform an SSO switchover on the switch, followed by a
failover of FWSMs, static routes associated with the FWSMare not seen on the newly active switch.
failover of FWSMs, static routes associated with the FWSMare not seen on the newly active switch.
Workaround: Remove the route-inject command from the newly active FWSM and re-add it. Static
routes will then get populated on the switch.
routes will then get populated on the switch.
The caveats listed in
were resolved in software Release 4.0(5), and were not previously
documented. If you are a registered Cisco.com user, view more information about each caveat using the
Bug Toolkit at the following website:
Bug Toolkit at the following website:
Table 12
Resolved Caveats in Release 4.0(5)
Caveat ID
Description
CSCeh90462
FWSM silently drops TCP SYN while cleaning up old connection
CSCsg87042
FWSM : Backspace character counts as return for enable password
CSCsi30615
show version output shows: Int: Not licensed