Cisco Cisco IOS Software Release 12.4(4)T
926
Caveats for Cisco IOS Release 12.4T
OL-8003-09 Rev. Z0
Resolved Caveats—Cisco IOS Release 12.4(15)T3
Conditions: Occurs when there are misconfigurations in an ACL, such as lack of Traffic Encryption
key (TEK)
key (TEK)
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.4(15)T3
Cisco IOS Release 12.4(15)T3 is a rebuild release for Cisco IOS Release 12.4(15)T. The caveats in this
section are resolved in Cisco IOS Release 12.4(15)T3 but may be open in previous Cisco IOS releases.
section are resolved in Cisco IOS Release 12.4(15)T3 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
Symptoms—A description of what is observed when the caveat occurs.
•
Conditions—The conditions under which the caveat has been known to occur.
•
Workaround—Solutions, if available, to counteract the caveat.
Wide-Area Networking
•
CSCeg05149
Symptoms: After a secondary image is loaded by Standby, “NVRAM Verification Failed” messages
show up on Standby console resulting in lost startup and private configuration.
show up on Standby console resulting in lost startup and private configuration.
Conditions: The problem is seen only on a Cisco RSP platform that is running Cisco IOS
12.2SB versions.
12.2SB versions.
Workaround: Issue the write memory command as soon as slave comes up.
•
CSCsj03501
On a Cisco IOS router with both NAT and IOS Firewall configured, if a TCP RST packet is received
for a given TCP session, and the RST does not contain the correct next expected sequence number,
then NAT will tear down the translation without validating it while the firewall will drop the RST
due to the more strict TCP state checking and keep the session. This may cause new TCP sessions
to fail to establish due to the inconsistent session state between the two features.
for a given TCP session, and the RST does not contain the correct next expected sequence number,
then NAT will tear down the translation without validating it while the firewall will drop the RST
due to the more strict TCP state checking and keep the session. This may cause new TCP sessions
to fail to establish due to the inconsistent session state between the two features.
It may be possible to work around this issue by increasing the NAT translation first-timeout to a long
enough value such that the existing NAT translation does not get torn down before the client attempts
to establish new connections.
enough value such that the existing NAT translation does not get torn down before the client attempts
to establish new connections.
•
CSCsj25711
Symptoms: Malformed UDP packets may cause a router with the radius-server local command to
reload.
reload.
Conditions: This symptom occurs under the following conditions:
1.
The debug radius local packet command is turned on.
2.
The UDP packets need to use a source IP address that is permitted explicitly by the nas
ip-address command.
ip-address command.
3.
The key information is not used to cause the reload.
Workaround:
1.
Disable the debug when not in troubleshooting.
2.
Make sure that only traffic from trusted clients can reach the router by Reverse Path Forwarding
(RPF) check or other IP spoofing counter measures.
(RPF) check or other IP spoofing counter measures.