Cisco Cisco Catalyst Blade Switch 3020 for HP 發佈版本通知
18
Release Notes for the Cisco Catalyst Blade Switch 3020 for HP, Cisco IOS Release 12.2(25)SEF1 and Later
OL-8918-03
Open Caveats
•
CSCek37177
The Cisco IOS Transmission Control Protocol (TCP) listener in certain versions of Cisco IOS
software is vulnerable to a remotely-exploitable memory leak that may lead to a denial of service
condition.
software is vulnerable to a remotely-exploitable memory leak that may lead to a denial of service
condition.
This vulnerability only applies to traffic destined to the Cisco IOS device. Traffic transiting the
Cisco IOS device will not trigger this vulnerability.
Cisco IOS device will not trigger this vulnerability.
Cisco has made free software available to address this vulnerability for affected customers.
This issue is documented as Cisco bug ID
CSCek37177
.
There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at
•
CSCea80105
When a Cisco IP Phone is connected to a switch, only the voice VLAN (VVID) of the switch learns
the MAC address of phone. This is the correct behavior.
the MAC address of phone. This is the correct behavior.
In previous releases, the MAC address was learned on both the VVID and the Data VLAN (PVID).
When the dynamic MAC addresses were removed (manually or automatically) either by a topology
change or by enabling or disabling the port security or the IEEE 802.1x feature, the MAC address
of Cisco IP Phones MAC address was relearned only on the VVID.
When the dynamic MAC addresses were removed (manually or automatically) either by a topology
change or by enabling or disabling the port security or the IEEE 802.1x feature, the MAC address
of Cisco IP Phones MAC address was relearned only on the VVID.
•
CSCei80087
It is no longer necessary to detach and then reapply a hierarchical policy map to force changes to a
VLAN level class-map to take effect.
VLAN level class-map to take effect.
•
CSCsb79198
A switch no longer fails IEEE 802.1x authentication if it downloads an access control list (ACL)
that has more than 20 ACL access control entries (ACEs) from a RADIUS server.
that has more than 20 ACL access control entries (ACEs) from a RADIUS server.
•
CSCsb82422
The switch can now forward an IEEE802.1x request that has null credentials.
•
CSCsc84880
When the radius-server source-ports 1645-1646 global configuration command is removed, the
switch no longer sends the RADIUS server requests with incorrect source ports, which caused failed
authentication attempts.
switch no longer sends the RADIUS server requests with incorrect source ports, which caused failed
authentication attempts.
•
CSCsd16908
If you globally disable IEEE 802.1x authentication by using the no dot1x system-auth-control
global configuration command and if the dot1x port-control auto or the dot1x port-control
force-unauthorized interface configuration command was previously entered, the dot1x
port-control auto or the dot1x port-control force-unauthorized interface configuration command
no longer takes effect, and the host can now access the port.
global configuration command and if the dot1x port-control auto or the dot1x port-control
force-unauthorized interface configuration command was previously entered, the dot1x
port-control auto or the dot1x port-control force-unauthorized interface configuration command
no longer takes effect, and the host can now access the port.
•
CSCsf31435
SFP interfaces now reliably connect to a Cisco Catalyst 6500 series switch.