Cisco Cisco IOS Software Release 12.2(55)SE
21
Release Notes for Catalyst 2350 Switch, Cisco IOS Release 12.2(55)SE and Later
OL-23019-05
Resolved Caveats
•
CSCtc02635
On switches running Cisco IOS release 12.2(50)SE3 running MAC authentication bypass with
multidomain authentication (MDA, IP phones connected to a port might not be able to regain
network connectivity in the VOICE domain if the session times out and all RADIUS servers are
unreachable.
multidomain authentication (MDA, IP phones connected to a port might not be able to regain
network connectivity in the VOICE domain if the session times out and all RADIUS servers are
unreachable.
There is no workaround.
•
CSCte14603
A vulnerability in the Internet Group Management Protocol (IGMP) version 3 implementation of
Cisco IOS Software and Cisco IOS XE Software allows a remote unauthenticated attacker to cause
a reload of an affected device. Repeated attempts to exploit this vulnerability could result in a
sustained denial of service (DoS) condition. Cisco has released free software updates that address
this vulnerability.
Cisco IOS Software and Cisco IOS XE Software allows a remote unauthenticated attacker to cause
a reload of an affected device. Repeated attempts to exploit this vulnerability could result in a
sustained denial of service (DoS) condition. Cisco has released free software updates that address
this vulnerability.
This advisory is posted at
Note: The September 22, 2010, Cisco IOS Software Security Advisory bundled publication includes
six Cisco Security Advisories. Five of the advisories address vulnerabilities in Cisco IOS Software,
and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each
advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory.
The table at the following URL lists releases that correct all Cisco IOS Software vulnerabilities that
have been published on September 22, 2010, or earlier:
six Cisco Security Advisories. Five of the advisories address vulnerabilities in Cisco IOS Software,
and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each
advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory.
The table at the following URL lists releases that correct all Cisco IOS Software vulnerabilities that
have been published on September 22, 2010, or earlier:
Individual publication links are in “Cisco Event Response: Semiannual Cisco IOS Software Security
Advisory Bundled Publication” at the following link:
Advisory Bundled Publication” at the following link:
•
CSCtf19991
If the RADIUS authentication server is unavailable and inaccessible authentication bypass is
enabled, the switch grants the client access to the network by putting the connected port in the
critical-authentication state in the RADIUS-configured or the user-specified access VLAN. After
the server is available, the client is not reinitalized and moved out of the critical VLAN.
enabled, the switch grants the client access to the network by putting the connected port in the
critical-authentication state in the RADIUS-configured or the user-specified access VLAN. After
the server is available, the client is not reinitalized and moved out of the critical VLAN.
There is no workaround.
•
CSCtf33948
A PC in 802.1x or multidomain authentication (MDA) mode is connected to an IP phone and
connected to a MDA-enabled switch port. After the PC and phone are authenticated on the port, the
PC is down. The port does not automatically reauthenticate the PC.
connected to a MDA-enabled switch port. After the PC and phone are authenticated on the port, the
PC is down. The port does not automatically reauthenticate the PC.
There is no workaround.
•
CSCtf78276
A switch running Cisco IOS Release 12.2(53)SE1 stops when IEEE 802.1x authentication is
enabled.
enabled.
The workaround is to apply a VLAN that the RADIUS server assigned to the switch.
•
CSCtg26941
Multidomain authentication (MDA) with guest VLAN or MAC authentication bypass (MAB) as a
fallback method is enabled on a switch running Cisco IOS Release 12.2(53)SE. When a non-802.1x
client is connected to a IP phone and the phone connected to a switch port shuts down and then
restarts, the client MAC address status is drop in the MAC address table. It takes 5 minutes for the
client to access the network.
fallback method is enabled on a switch running Cisco IOS Release 12.2(53)SE. When a non-802.1x
client is connected to a IP phone and the phone connected to a switch port shuts down and then
restarts, the client MAC address status is drop in the MAC address table. It takes 5 minutes for the
client to access the network.