Cisco Cisco IOS Software Release 12.0 S
398
Cross-Platform Release Notes for Cisco IOS Release 12.0S
OL-1617-14 Rev. Q0
Caveats
Resolved Caveats—Cisco IOS Release 12.0(33)S4
Router bgp <asnum>
address-family ipv4
Neighbor <IPv6Address> activate
Neighbor <IPv6Address> route-map <deny-ipv4> out
address-family ipv4
Neighbor <IPv6Address> activate
Neighbor <IPv6Address> route-map <deny-ipv4> out
•
CSCta24441
Symptoms: Under certain circumstances, an E5 linecard may stop forwarding traffic to a certain
subinterface. We see ARP entries updated, but traffic is not arriving on the connected equipment.
Accordingly, we see on the connected equipment that ARP ages out. The connected VLAN becomes
isolated to the rest of the network. Also, control protocols on the affected interface can go down.
subinterface. We see ARP entries updated, but traffic is not arriving on the connected equipment.
Accordingly, we see on the connected equipment that ARP ages out. The connected VLAN becomes
isolated to the rest of the network. Also, control protocols on the affected interface can go down.
Conditions: The Cisco 12000 is connected to a dot1q trunk. The issue is seen on subinterfaces with
or without VRF, and with various lengths of subnet masks. This issue is seen when the adjacencies
of the affected interface have an adjacency index with a value greater than 16383. This issue can be
seen in a scaled testbed where there is a lot of churn in adjacency creation and deletion as a result
of subinterface deletion and creation or ARP entries getting timed-out and refreshed.
or without VRF, and with various lengths of subnet masks. This issue is seen when the adjacencies
of the affected interface have an adjacency index with a value greater than 16383. This issue can be
seen in a scaled testbed where there is a lot of churn in adjacency creation and deletion as a result
of subinterface deletion and creation or ARP entries getting timed-out and refreshed.
Workaround: Perform a shut/no shut on the subinterface. Make sure to pause before bringing the
subinterface back up. If this does not work, remove the subinterface and configure the same again.
subinterface back up. If this does not work, remove the subinterface and configure the same again.
If the above workaround does not work, reloading the RP is the only solution.
•
CSCta33973
Recent versions of Cisco IOS Software support RFC4893 (“BGP Support for Four-octet AS Number
Space”) and contain two remote denial of service (DoS) vulnerabilities when handling specific
Border Gateway Protocol (BGP) updates.
Space”) and contain two remote denial of service (DoS) vulnerabilities when handling specific
Border Gateway Protocol (BGP) updates.
These vulnerabilities affect only devices running Cisco IOS Software with support for four-octet AS
number space (here after referred to as 4-byte AS number) and BGP routing configured.
number space (here after referred to as 4-byte AS number) and BGP routing configured.
The first vulnerability could cause an affected device to reload when processing a BGP update that
contains autonomous system (AS) path segments made up of more than one thousand autonomous
systems.
contains autonomous system (AS) path segments made up of more than one thousand autonomous
systems.
The second vulnerability could cause an affected device to reload when the affected device
processes a malformed BGP update that has been crafted to trigger the issue.
processes a malformed BGP update that has been crafted to trigger the issue.
Cisco has released free software updates to address these vulnerabilities.
No workarounds are available for the first vulnerability.
A workaround is available for the second vulnerability.
This advisory is posted at the following link:
Resolved Caveats—Cisco IOS Release 12.0(33)S4
All the caveats listed in this section are resolved in Cisco IOS Release 12.0(33)S4. This section
describes only severity 1, severity 2, and select severity 3 caveats.
describes only severity 1, severity 2, and select severity 3 caveats.
Basic System Services
•
CSCsw76894
Symptoms: IPv6 traps are not sent. And sometimes “%IP_SNMP-3-SOCKET: can't open UDP
socket” messages can also be seen.
socket” messages can also be seen.