Cisco Cisco IOS Software Release 12.2(55)SE
20
Release Notes for Catalyst 2350 Switch, Cisco IOS Release 12.2(55)SE and Later
OL-23019-05
Resolved Caveats
This advisory is posted at
•
CSCto46868
If you configure multidomain authentication (MDA) with Open1x authentication and the restrict
violation mode, only two MAC addresses are allowed to access the interface. A security violation
occurs when a third MAC address on a voice VLAN tries to access the interface. The voice VLAN
is not authenticated, and a syslog message is generated. However, the MAC address is not removed
from the voice VLAN because Open1x authentication is configured. If you have authorized the voice
VLAN with a policy, such as a dynamic VLAN, the policy is not applied.
violation mode, only two MAC addresses are allowed to access the interface. A security violation
occurs when a third MAC address on a voice VLAN tries to access the interface. The voice VLAN
is not authenticated, and a syslog message is generated. However, the MAC address is not removed
from the voice VLAN because Open1x authentication is configured. If you have authorized the voice
VLAN with a policy, such as a dynamic VLAN, the policy is not applied.
The workaround is to not configure a voice VLAN on the phone.
•
CSCto55124
When a member switch port security is used with port-based dot1x authentication and the switch
MAC address is sticky, a connected device authenticates itself. Its MAC address is added as sticky
in the switch configuration and in the port security tables of the stack switches. When the switch is
shut down, the device MAC address is removed from the master switch, but it is retained in the
member switch security tables. When the interface is re-enabled, the device MAC address is restored
to the master switch configuration.
MAC address is sticky, a connected device authenticates itself. Its MAC address is added as sticky
in the switch configuration and in the port security tables of the stack switches. When the switch is
shut down, the device MAC address is removed from the master switch, but it is retained in the
member switch security tables. When the interface is re-enabled, the device MAC address is restored
to the master switch configuration.
Caveats Resolved in Cisco IOS Release 12.2(55)SE1
•
CSCtj86299
If a static MAC address entry is configured for an IP address in the global routing table, ping
requests are sent through the global context, and replies are sent through Virtual Routing and
Forwarding (VRF). This is a VRF leak.
requests are sent through the global context, and replies are sent through Virtual Routing and
Forwarding (VRF). This is a VRF leak.
The workaround is to remove the static MAC address entry.
Caveats Resolved in Cisco IOS Release 12.2(55)SE
•
CSCsg28558
Cisco X2-10GB-CX4 transceiver modules with a version identification number lower than V03
might be difficult to insert because of a dimensional tolerance discrepancy.
might be difficult to insert because of a dimensional tolerance discrepancy.
The workaround is to use modules with a version identification number of V03 or later.
•
CSCsu31853
The buffer space of a switch running TCP applications is full while the TCP sessions are in the
TIME_WAIT state. Buffer space becomes available after the TCP session the closed.
TIME_WAIT state. Buffer space becomes available after the TCP session the closed.
There is no workaround.
•
CSCsz18634
On a switch running Cisco IOS release 12.2(46)SE, the output of the show interfaces privileged
EXEC command shows 0 packets for port channel input and output rates.
EXEC command shows 0 packets for port channel input and output rates.
The workaround is to reload the switch by entering the reload privileged EXEC command.