Cisco Cisco Catalyst 6500 Cisco 7600 Router Anomaly Guard Module
9
Release Note for the Cisco Anomaly Guard Module
OL-16151-03
Software Version 6.1(5) Resolved and Open Caveats
Software Version 6.1(5) Resolved and Open Caveats
The following sections contain the resolved and open in software version 6.1(5):
•
•
Software Version 6.1(5) Resolved Caveats
The following caveats were resolved in software version 6.1(5) for the 1G and 3G Guard modules except
where noted.
where noted.
•
CSCso30607—This caveat applies to the WBM. The following sequence of events causes the Guard
module to incorrectly measure the traffic rate of a policy and produce dynamic filters even though
the traffic rate does not exceed the policy threshold and there is no attack on the zone:
module to incorrectly measure the traffic rate of a policy and produce dynamic filters even though
the traffic rate does not exceed the policy threshold and there is no attack on the zone:
a.
You modify a specific policy using the WBM Config Policy screen.
b.
You activate zone protection.
c.
The device detects traffic packets associated with the modified policy.
•
CSCsq63421—CM subsystem failure and reload of the guard.
•
CSCsu33377 and CSCso41927—Disk becomes full, different show commands stop working, and
logs are not written.
logs are not written.
•
CSCsu33387—When the Guard module processes malformed DNS replies, the watchdog reloads
the module due to an accelerator card failure.
the module due to an accelerator card failure.
•
CSCsu49999 and CSCsu49963—These caveats only apply to the 3G Guard module. Packet dump
is sampling traffic from only one of three ports.
is sampling traffic from only one of three ports.
Software Version 6.1(5) Open Caveats
The following caveats are open in software version 6.1(5):
•
CSCrh01198—After you reload the Guard module, it erases the default gateway if the gateway is
on the same subnet as one of the configured VLAN interfaces on the module. Workaround: Use a
static route instead of a default gateway.
on the same subnet as one of the configured VLAN interfaces on the module. Workaround: Use a
static route instead of a default gateway.
•
CSCsa64914—The name of the Flexible Filter Drop Count counter in the WBM
Zone > Configuration > General menu should be Flexible Filter Drop Rate. This counter accurately
displays the drop rate of the Flex-Content filter. The General menu also contains the Flexible Filter
Action and Flexible Filter Count fields. When the Flexible Filter Action value is displayed as Drop,
the Flexible Filter Count value displays the number of dropped packets. When the value is Count,
the Flexible Filter Count value displays the number of counted packets.
Zone > Configuration > General menu should be Flexible Filter Drop Rate. This counter accurately
displays the drop rate of the Flex-Content filter. The General menu also contains the Flexible Filter
Action and Flexible Filter Count fields. When the Flexible Filter Action value is displayed as Drop,
the Flexible Filter Count value displays the number of dropped packets. When the value is Count,
the Flexible Filter Count value displays the number of counted packets.
Workaround: None.
•
CSCsa78440—The protect-by-packet activation interface does not apply to zones that are on the
same subnet as the Guard module. Workaround: Use another activation interface.
same subnet as the Guard module. Workaround: Use another activation interface.
•
CSCsb07081—The flex-content filter cannot find a pattern in SYN packets. Workaround: None.