Cisco Cisco IOS Software Release 12.4(23) Notas de publicación
665
Caveats for Cisco IOS Release 12.4
OL-7656-15 Rev. J0
Resolved Caveats—Cisco IOS Release 12.4(7)
•
CSCsc74783
Symptoms: Intrusion Prevention System (IPS) signatures that require inspection of TCP flows
below port 550 may not be triggered on a Cisco IOS IPS device.
below port 550 may not be triggered on a Cisco IOS IPS device.
Conditions: This symptom is observed on a Cisco IOS router that is configured for IPS functionality.
Workarounds: Apply CBAC (Context Based Access Control) in addition to IPS.
Further Information: On a Cisco IOS router with IPS (Intrusion Prevention System) enabled, all
TCP flows should be subject to TCP stateful inspection until the TCP 3-way handshake is complete.
This does not work for TCP sessions with a destination port that is less than 550, if it does not match
a predefined signature on the router.
TCP flows should be subject to TCP stateful inspection until the TCP 3-way handshake is complete.
This does not work for TCP sessions with a destination port that is less than 550, if it does not match
a predefined signature on the router.
•
CSCsc80794
Symptoms: 100% CPU utilization will be observed on Cisco 2811, Cisco 2821, and Cisco 2851
routers even with no or minimal traffic.
routers even with no or minimal traffic.
Conditions: This will happen on the Cisco 2811, Cisco 2821, and Cisco 2851 routers with the images
that have integrated the CSCsc10961 fix and have Serial, or DSL interfaces on the native HWIC
slots.
that have integrated the CSCsc10961 fix and have Serial, or DSL interfaces on the native HWIC
slots.
Workaround: There is no workaround.
•
CSCuk59798
Symptoms: The router crashes on removal of a Virtual-TokenRing subinterface. The router also
crashes on removal of a main Virtual-TokenRing interface when that main interface also has
subinterfaces configured.
crashes on removal of a main Virtual-TokenRing interface when that main interface also has
subinterfaces configured.
Conditions: This symptom has been observed under the following conditions: 1. Create a main
Virtual-Tokenring interface. 2. Create a Virtual-TokenRing subinterface on the interface created in
step 1. 3. Remove either the Virtual-TokenRing main interface created in step 1, or the
Virtual-TokenRing subinterface created in step 2.
Virtual-Tokenring interface. 2. Create a Virtual-TokenRing subinterface on the interface created in
step 1. 3. Remove either the Virtual-TokenRing main interface created in step 1, or the
Virtual-TokenRing subinterface created in step 2.
Workaround: There is no workaround.
Protocol Translation
•
CSCei15942
Symptoms: You may not be able to download a complete file from an FTP during a V.120 session.
Conditions: This symptom is observed on a Cisco AS5400 and Cisco AS5850 that runs Cisco IOS
Release 12.2(15)ZK6 or Release 12.3(11)T5. The symptom could also occur in other releases such
as Release 12.3 or Release 12.4.
Release 12.2(15)ZK6 or Release 12.3(11)T5. The symptom could also occur in other releases such
as Release 12.3 or Release 12.4.
Workaround: This problem can be circumvented by disabling the negotiation of multilink on the
client adapter or the router. Alternatively, configuring ppp multilink queue depth fifo 10 on the
Virtual-Template interface should allow for a successful FTP download.
client adapter or the router. Alternatively, configuring ppp multilink queue depth fifo 10 on the
Virtual-Template interface should allow for a successful FTP download.
TCP/IP Host-Mode Services
•
CSCsb51019
Symptoms: A TCP session does not time out but is stuck in the FINWAIT1 state and the following
error message is generated:
error message is generated:
%TCP-6-BADAUTH: No MD5 digest from x.x.x.x to y.y.y.y(179) (RST)