Cisco Cisco IOS Software Release 12.2(55)SE
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
9
Release Notes for the Cisco IE 3000 Switch, Cisco IOS Release 12.2(55)SE and Later
OL-23061-05
Limitations and Restrictions
•
When port security is enabled on an interface in restricted mode and the switchport block unicast
interface command has been entered on that interface, MAC addresses are incorrectly forwarded
when they should be blocked
interface command has been entered on that interface, MAC addresses are incorrectly forwarded
when they should be blocked
The workaround is to enter the no switchport block unicast interface configuration command on
that specific interface. (CSCee93822)
that specific interface. (CSCee93822)
•
A traceback error occurs if a crypto key is generated after an SSL client session.
There is no workaround. This is a cosmetic error and does not affect the functionality of the switch.
(CSCef59331)
(CSCef59331)
•
The far-end fault optional facility is not supported on the GLC-GE-100FX SFP module.
The workaround is to configure aggressive UDLD. (CSCsh70244)
•
When you enter the boot host retry timeout global configuration command to specify the amount
of time that the client should keep trying to download the configuration and you do not enter a
timeout value, the default value is zero, which should mean that the client keeps trying indefinitely.
However, the client does not keep trying to download the configuration.
of time that the client should keep trying to download the configuration and you do not enter a
timeout value, the default value is zero, which should mean that the client keeps trying indefinitely.
However, the client does not keep trying to download the configuration.
The workaround is to always enter a non zero value for the timeout value when you enter the boot
host retry timeout timeout-value command. (CSCsk65142)
host retry timeout timeout-value command. (CSCsk65142)
•
On a switch running both Resilient Ethernet Protocol (REP) and Bidirectional Forwarding Detection
(BFD), when the REP link status layer (LSL) age-out value is less than 1 second, the REP link flaps
if the BFD interface is shut down and then brought back up.
(BFD), when the REP link status layer (LSL) age-out value is less than 1 second, the REP link flaps
if the BFD interface is shut down and then brought back up.
The workaround is to use the rep lsl-age-out timer interface configuration command to configure
the REP LSL age timer for more than 1000 milliseconds (1 second). (CSCsz40613)
the REP LSL age timer for more than 1000 milliseconds (1 second). (CSCsz40613)
Ethernet
Traffic on EtherChannel ports is not perfectly load-balanced. Egress traffic on EtherChannel ports are
distributed to member ports on load balance configuration and traffic characteristics like MAC or IP
address. More than one traffic stream may map to same member ports based on hashing results calculated
by the ASIC.
distributed to member ports on load balance configuration and traffic characteristics like MAC or IP
address. More than one traffic stream may map to same member ports based on hashing results calculated
by the ASIC.
If this happens, uneven traffic distribution will happen on EtherChannel ports.
Changing the load balance distribution method or changing the number of ports in the EtherChannel can
resolve this problem. Use any of these workarounds to improve EtherChannel load balancing:
resolve this problem. Use any of these workarounds to improve EtherChannel load balancing:
•
for random source-ip and dest-ip traffic, configure load balance method as src-dst-ip
•
for incrementing source-ip traffic, configure load balance method as src-ip
•
for incrementing dest-ip traffic, configure load balance method as dst-ip
•
Configure the number of ports in the EtherChannel so that the number is equal to a power of 2 (i.e.
2, 4, or 8)
2, 4, or 8)
For example, with load balance configured as dst-ip with 150 distinct incrementing destination IP
addresses, and the number of ports in the EtherChannel set to either 2, 4, or 8, load distribution is
optimal.(CSCeh81991)
addresses, and the number of ports in the EtherChannel set to either 2, 4, or 8, load distribution is
optimal.(CSCeh81991)
IP
When the rate of received DHCP requests
exceeds 2,000 packets per minute for a long time, the response
time might be slow when you are using the console. The workaround is to use rate limiting on DHCP
traffic to prevent a denial of service attack from occurring. (CSCeb59166)
traffic to prevent a denial of service attack from occurring. (CSCeb59166)