Guest

Cisco Catalyst 2940 Series Switches

Field Notice: *Expired* FN - 61789 -Catalyst 2900 and 3500 Series Systems Running Cisco IOS Release 12.1(20)EA2 Reload When Receiving an SNMP Community String longer Than 129 Characters


August 12, 2004


NOTICE:

THIS FIELD NOTICE HAS BEEN ARCHIVED AND IS NO LONGER MAINTAINED OR UPDATED BY CISCO.

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE, WARRANTY OR SUPPORT. USE OF THE INFORMATION ON THIS FIELD NOTICE OR MATERIALS LINKED FROM THIS FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Products Affected

Product

Comments

C2940

Running Cisco IOS release 12.1(20)EA2

C2950

Running Cisco IOS release 12.1(20)EA2

C2950-LRE

Running Cisco IOS release 12.1(20)EA2

C2955

Running Cisco IOS release 12.1(20)EA2

C3550

Running Cisco IOS release 12.1(20)EA2

Problem Description

Cisco IOS® Release 12.1(20)EA2 is deferred.

A problem exists where the switches listed above, running IOS 12.1(20)EA2, will reload when receiving an SNMP community string longer than 129 characters.

Background

The problem was identified in the DDTS shown below.

Cisco IOS release 12.1(20)EA2 has been deferred because of this. The deferral notification, originally released on July 20, 2004, is available on the IOS Upgrade Planner on Cisco.com.

Problem Symptoms

A Catalyst switch reloads when it receives an SNMP community string longer than 129 characters.

This affects Cisco IOS release 12.1(20)EA2 only. It does not affect any other IOS release.

Cisco IOS release 12.1(20)EA2 is supported on the Catalyst 2940, 2950, 2950-LRE, 2955, and 3550 series switches.

Workaround/Solution

This problem affects Cisco IOS Release 12.1(20)EA2, running on the above listed platforms only.

The solution to this problem is to either :

  • Upgrade to Cisco IOS Release 12.1(22)EA1 or later

    or

  • Downgrade to 12.1(20)EA1a.

It is not recommended to downgrade to 12.1(20)EA1 or earlier. This release is subject to a separate security advisory, Cisco Security Advisory: Vulnerabilities in SNMP Message Processing.

There is no fully effective workaround for this problem. The impact of this issue can be limited by configuring an Access Control List (ACL) on each of the switches, permitting SNMP queries from known SNMP hosts only. However, since SNMP runs on UDP and UDP packets can be spoofed or impersonated. This issue can be exploited by hosts spoofing valid SNMP hosts.

DDTS

To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.

DDTS

Description

CSCef04275 (registered customers only)

Switch reloads when receiving community string longer than 129 char

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.