Cisco Cisco IOS Software Release 12.4(4)T
1203
Caveats for Cisco IOS Release 12.4T
OL-8003-09 Rev. Z0
Resolved Caveats—Cisco IOS Release 12.4(6)T7
•
CSCsg00102
Symptoms: SSLVPN service stops accepting any new SSLVPN connections.
Conditions: A device configured for SSLVPN may stop accepting any new SSLVPN connections,
due to a vulnerability in the processing of new TCP connections for SSLVPN services. If “debug ip
tcp transactions” is enabled and this vulnerability is triggered, debug messages with connection
queue limit reached will be observed. This vulnerability is documented in two separate Cisco bug
IDs, both of which are required for a full fix: CSCso04657 and CSCsg00102.
due to a vulnerability in the processing of new TCP connections for SSLVPN services. If “debug ip
tcp transactions” is enabled and this vulnerability is triggered, debug messages with connection
queue limit reached will be observed. This vulnerability is documented in two separate Cisco bug
IDs, both of which are required for a full fix: CSCso04657 and CSCsg00102.
•
CSCsg48725
Symptoms: A TLB exception may occur on a Cisco platform that functions as a PE router in an
MPLS environment, and the following error message may be generated:
MPLS environment, and the following error message may be generated:
TLB (load or instruction fetch) exception, CPU signal 10 (BadVaddr : DEADBEF3)
Conditions: This symptom is observed on a Cisco platform when TACACs accounting and
authorization is enabled and when the TACACs server is reachable through the global routing table.
authorization is enabled and when the TACACs server is reachable through the global routing table.
Workaround: Disable AAA. If this not an option, there is no workaround.
IP Routing Protocols
•
CSCec12299
Symptoms: EIGRP-specific Extended Community 0x8800 is corrupted and shown as 0x0:0:0.
Conditions: This symptom is observed when EIGRP-specific Extended Community 0x8800 is
received via an IPv4 EBGP session on a CE router. This occurs typically in the following
inter-autonomous system scenario:
received via an IPv4 EBGP session on a CE router. This occurs typically in the following
inter-autonomous system scenario:
ASBR/PE-1 <----> VRF-to-VRF <----> ASBR/PE-2
Workaround: Use a configuration such as the following to remove extended communities from the
CE router:
CE router:
router bgp 1
address-family ipv4 vrf one
neighbor 1.0.0.1 remote-as 100
neighbor 1.0.0.1 activate
neighbor 1.0.0.1 route-map FILTER in
exit-address-family
!
ip extcommunity-list 100 permit _RT.*_
!
!
route-map FILTER permit 10
set extcomm-list 100 delete
!
•
CSCsh80678
Symptoms: New or flapping IGP routes may be injected into BGP even though no corresponding
network statements exist.
network statements exist.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(22) or a
later release when the auto-summary command is enabled for BGP.
later release when the auto-summary command is enabled for BGP.
Workaround: Enter the no auto-summary command.