Cisco Cisco IOS Software Release 12.4(23) Notas de publicación
899
Caveats for Cisco IOS Release 12.4
OL-7656-15 Rev. J0
Resolved Caveats—Cisco IOS Release 12.4(1c)
Alternate Workaround: Avoid the need to renegotiate by entering the ppp chap hostname or ppp
multilink endpoint command to configure matching Endpoint Discriminators on the LAC and LNS.
multilink endpoint command to configure matching Endpoint Discriminators on the LAC and LNS.
Warning: Technically, the current behavior of the Cisco IOS software is correct. An LNS should not
accept the results of a LAC proxy negotiation when the LAC negotiates values that do not accurately
represent the LNS. A platform must be configured to either enable the LNS to renegotiate when
necessary, or (if it is desired to avoid such renegotiations, which may be necessary to get around
problematic client implementations) enable the LAC to negotiate adequately as a substitute for the
LNS.
accept the results of a LAC proxy negotiation when the LAC negotiates values that do not accurately
represent the LNS. A platform must be configured to either enable the LNS to renegotiate when
necessary, or (if it is desired to avoid such renegotiations, which may be necessary to get around
problematic client implementations) enable the LAC to negotiate adequately as a substitute for the
LNS.
The fix for CSCsa78148 deliberately introduces the behavior that a mismatched multilink Endpoint
Discriminator is ignored when the LNS is configured to terminate connections on mismatched
conditions. This behavior is introduced to prevent the termination of a connection for a condition
that is harmless for the majority of VPDN users. From a technical standpoint, this behavior is
improper because it means that the VPDN clients have an invalid notion of the identity of the peer.
This situation may pose problems for clients who have more than one multilink-capable link active
at a time because the invalid Endpoint Discriminators may prevent links from being properly
bundled at the client end. In such circumstances, enabling LCP renegotiation or ensuring that the
LAC and LNS agree on negotiation parameters is the only valid option.
Discriminator is ignored when the LNS is configured to terminate connections on mismatched
conditions. This behavior is introduced to prevent the termination of a connection for a condition
that is harmless for the majority of VPDN users. From a technical standpoint, this behavior is
improper because it means that the VPDN clients have an invalid notion of the identity of the peer.
This situation may pose problems for clients who have more than one multilink-capable link active
at a time because the invalid Endpoint Discriminators may prevent links from being properly
bundled at the client end. In such circumstances, enabling LCP renegotiation or ensuring that the
LAC and LNS agree on negotiation parameters is the only valid option.
•
CSCsa81268
Symptoms: A Cisco AS5850 may reload with a software forced crash.
Conditions: This symptom occurs when configuring the isdn ie oli interface configuration
command.
command.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.4(1c)
Cisco IOS Release 12.4(1c) is a rebuild release for Cisco IOS Release 12.4(1). The caveats in this
section are resolved in Cisco IOS Release 12.4(1c) but may be open in previous Cisco IOS releases.
section are resolved in Cisco IOS Release 12.4(1c) but may be open in previous Cisco IOS releases.
IP Routing Protocols
•
CSCei21133
Symptoms: A router reloads because of a watchdog timeout when you perform an snmpwalk.
Conditions: This symptom is observed on a Cisco 7200 series but may be platform-independent. The
traceback stack decode points to an EIGRP function although EIGRP is not configured on the router.
traceback stack decode points to an EIGRP function although EIGRP is not configured on the router.
Possible Workaround: Configure a dummy EIGRP router process, for example one for which the
network covers only a loopback interface, so that the snmpwalk does not cause the router to crash.
network covers only a loopback interface, so that the snmpwalk does not cause the router to crash.
•
CSCin95836
The Cisco Next Hop Resolution Protocol (NHRP) feature in Cisco IOS contains a vulnerability that
can result in a restart of the device or possible remote code execution.
can result in a restart of the device or possible remote code execution.
NHRP is a primary component of the Dynamic Multipoint Virtual Private Network (DMVPN)
feature.
feature.
NHRP can operate in three ways: at the link layer (Layer 2), over Generic Routing Encapsulation
(GRE) and multipoint GRE (mGRE) tunnels and directly on IP (IP protocol number 54). This
vulnerability affects all three methods of operation.
(GRE) and multipoint GRE (mGRE) tunnels and directly on IP (IP protocol number 54). This
vulnerability affects all three methods of operation.