Guest

Cisco MDS 9000 NX-OS and SAN-OS Software

Cisco MDS 9000 Family Release Notes for Cisco MDS SAN-OS Release 1.2(2a)

 Feedback

Table Of Contents

Cisco MDS 9000 Family Release Notes
for Cisco MDS SAN-OS Release 1.2(2a)

Contents

Introduction

System Requirements

Hardware Supported

Determining the Software Version

Image Upgrade

New Features in Release 1.2(2a)

The 32-Port Fibre Channel Advanced Services Module

ASM—Virtualization Documentation

Tested Cisco Modems

New Commands

ASM-specific commands

line console Commands

modem connect line

Hardware Documentation Update

Limitations and Restrictions

The install all Command

Caveats

Resolved Caveats

Open Caveats

Related Documentation

Obtaining Documentation

Cisco.com

Documentation DVD

Ordering Documentation

Documentation Feedback

Cisco Product Security Overview

Reporting Security Problems in Cisco Products

Obtaining Technical Assistance

Cisco Technical Support Website

Submitting a Service Request

Definitions of Service Request Severity

Obtaining Additional Publications and Information


Cisco MDS 9000 Family Release Notes
for Cisco MDS SAN-OS Release 1.2(2a)


Release Date: October 27, 2003

Text Part Number: OL-4391-02, Rev. F0

This document describes the caveats and limitations for switches in the Cisco MDS 9000 Family. Use this document in conjunction with documents listed in the "Related Documentation" section.


Note Releases notes are sometimes updated with new information on restrictions and caveats. Refer to the following website for the most recent version of the Cisco MDS 9000 Family Release Note: http://www.cisco.com/en/US/products/hw/ps4159/ps4358/prod_release_notes_list.html


Table 1 shows the on-line change history for this document.

Table 1 On-Line Change History 

Revision
Date
Description

A0

9/2/2004

Added DDTS CSCed64425.

B0

01/21/2005

Modified DDTS CSCee06496

C0

03/24/2005

Added workaround information to all resolved caveats.

Modified DDTS CSCdz12179, CSCec00031, CSCec03539

Added DDTS CSCeb13329, CSCeb84217, CSCec46067, CSCed21583, CSCed32729, CSCed58155, CSCed65607, CSCed75825, CSCee01143, CSCee43249, CSCee89946, CSCeg61535, CSCeh21199.

Removed DDTS CSCdz31332, CSCdz43106, CSCea60652, CSCea80896, CSCeb01264, CSCeb05095, CSCeb10797, CSCeb16270, CSCeb18066, CSCeb83751, CSCec09545. All caveats were resolved in previous releases.

D0

06/23/2005

Added DDTS CSCei25319

E0

05/02/2006

Added DDTS CSCeg84871.

F0

02/26/2007

Added DDTS CSCsh27840.


Contents

This document includes the following section:

Introduction

System Requirements

Image Upgrade

New Features in Release 1.2(2a)

Limitations and Restrictions

Caveats

Related Documentation

Obtaining Documentation

Documentation Feedback

Cisco Product Security Overview

Obtaining Technical Assistance

Obtaining Additional Publications and Information

Introduction

The Cisco MDS 9000 Family of multilayer directors and fabric switches offer intelligent fabric-switching services that realize maximum performance while ensuring high reliability levels. They combine robust and flexible hardware architecture with multiple layers of network and storage management intelligence. This powerful combination enables highly available, scalable storage networks that provide advanced security and unified management features.

The Cisco MDS 9000 Family provides intelligent networking features such as multiprotocol and multitransport integration, virtual SANs (VSANs), advanced security, sophisticated debug analysis tools, and unified SAN management.

System Requirements

This section describes the system requirements for Cisco MDS SAN-OS Release 1.2(2a) and includes the following topics:

Hardware Supported

Determining the Software Version

Hardware Supported

Table 2 lists the hardware components supported on the Cisco MDS 9000 Family and the minimum software version required. See the "Determining the Software Version" section.

Table 2 Cisco MDS 9000 Family Supported Hardware Modules and Minimum Software Requirements 

Component
Part Number
Description
Applicable Products

Software

M95S1K9-1.2.2

MDS 9500 Series supervisor/fabric-I, enterprise software

MDS 9500 Series only

M92S1K9-1.2.2

MDS 9216 enterprise software

MDS 9216 only

M91S1K9-1.2.2

MDS 9100 Series enterprise software

MDS 9100 Series only

Chassis

DS-C9509

MDS 9509 director, base configuration (9-slot modular chassis includes 7 slots for switching modules and 2 slots for supervisor modules—SFPs sold separately)

MDS 9509 only

DS-C9506

MDS 9506 director (6-slot modular chassis includes 4 slots for switching modules and 2 slots for supervisor modules—SFPs sold separately.

MDS 9506 only

DS-C9216-K9

MDS 9216 16-port semi-modular fabric switch (includes sixteen 1 / 2-Gbps Fibre Channel ports, power supply, and expansion slot—SFPs sold separately)

MDS 9216 only

DS-C9120-K9

MDS 9120 fixed configuration, non-modular, fabric switch (includes 4 full rate ports and 16 oversubscribed ports)

MDS 9120 only

DS-C9140-K9

MDS 9140 fixed configuration (non-modular) fabric switch (includes 8 full rate ports and 32 oversubscribed ports)

MDS 9140 only

Supervisor modules

DS-X9530-SF1-K9

MDS 9500 supervisor/fabric-I, module

MDS 9500 Series only

Switching modules

DS-X9016

MDS 9000 16-port 2/1-Gbps Fibre Channel module (SFPs sold separately)

MDS 9500 Series and 9216

DS-X9032

MDS 9000 32-port 2/1-Gbps Fibre Channel module (SFPs sold separately)

Services modules

DS-X9308-SMIP

An 8-port Gigabit Ethernet IP storage services module.

DS-C9032-SMV

A 32-port Fibre Channel Advanced Services Module (ASM).

LC-type fiber-optic SFP1

DS-SFP-FC-2G-SW

2/1-Gbps Fibre Channel — short wave SFP

MDS 9000 Family

DS-SFP-FC-2G-LW

2/1-Gbps Fibre Channel — long wave SFP

DS-SFP-FCGE-SW

1-Gbps Ethernet and 2/1-Gbps Fibre Channel—short wave SFP

DS-SFP-FCGE-LW

1-Gbps Ethernet and 2/1-Gbps Fibre Channel — long wave SFP

CWDM2

CWDM-SFP-xxxx-2G

Gigabit Ethernet and 2/1-Gbps Fibre Channel SFP LC interface xxxx nm, where xxxx = 1470, 1490, 1510, 1530, 1550, 1570, 1590, or 1610 nm

MDS 9000 Family

CWDM-MUX-4

Add/drop multiplexer for four CWDM wavelengths

CWDM-MUX-8

Add/drop multiplexer for eight CWDM wavelengths

CWDM-CHASSIS-2

Two slot chassis for CWDM add/drop multiplexer(s)

Power supplies

DS-CAC-300W

300W AC power supply

MDS 9100 Series only

DS-CAC-845W

845W3 AC power supply

MDS 9216 only

DS-CAC-2500W

2500W AC power supply

MDS 9509 only

DS-CDC-2500W

2500W DC power supply

DS-CAC-4000W-US

4000W AC power supply for US (cable attached)

DS-CAC-4000W-INT

4000W AC power supply international (cable attached)

DS-CAC-1900W

1900W AC power supply

MDS 9506 only

DS-CDC-1900W

1900W DC power supply

CompactFlash

MEM-MDS-FLD512M

MDS 9500 supervisor CompactFlash disk, 512MB

MDS 9500 Series only

Port analyzer adapter

DS-PAA

A standalone Fibre Channel-to-Ethernet adapter that allows for simple, transparent analysis of Fibre Channel traffic in a switched fabric.

MDS 9000 Family

1 SFP = small form factor pluggable

2 CWDM = coarse wave division multiplexing

3 W = Watt


Determining the Software Version


Note We strongly recommend that you use the latest available software release for all Cisco MDS 9000 Family products.


To determine the version of the Cisco SAN-OS software currently running on a Cisco MDS 9000 Family switch, log in to the switch and enter the show version EXEC command.

Image Upgrade

The Cisco MDS SAN-OS software is designed for mission-critical high availability environments. To realize the benefits of nondisruptive upgrades on the Cisco MDS 9500 Directors, we highly recommend that you install dual supervisor modules.

You can nondisruptively upgrade to (or downgrade from) Release 1.2(2a) using any Cisco MDS SAN-OS software release other than Release 1.0(2a).

New Features in Release 1.2(2a)

SAN-OS Release 1.2(2a) is a maintenance release for switches in the Cisco MDS 9000 Family. See the "Caveats" section for details on closed and outstanding caveats and limitations.

The following new features are introduced in Release 1.2(2a):

The 32-Port Fibre Channel Advanced Services Module

ASM—Virtualization Documentation

Tested Cisco Modems

New Commands

Hardware Documentation Update

The 32-Port Fibre Channel Advanced Services Module

The hot-swappable Advanced Services Module (ASM) provides virtualization services for the Cisco MDS 9000 Family supports up to 32 Fibre Channel ports. It provides the following distributed intelligent storage services:

Network-based volume management

Management and copy services

Optimal bandwidth of 32 Gbps

Auto-sensing 2/1 Gbps Fibre Channel interfaces.

Hot-swappable Fibre Channel small form-factor pluggable (SFP) transceiver connectivity

Short wavelength (SWL) for connectivity up to 500m

Long wavelength (LWL) for connectivity up to 10km.

Coarse wavelength-division multiplexing (CWDM) for connectivity up to 100km and aggregation of up to 8 ports onto a single optical fiber.

Refer to the documents listed in the "ASM—Virtualization Documentation" section.

ASM—Virtualization Documentation

For ASM information, refer to the Cisco MDS 9216 Switch Hardware Installation Guide or the Cisco MDS 9500 Family Hardware Installation Guide.

For SAN-OS CLI commands, refer to the Cisco MDS 9000 Family Command Reference.

For information on VERITAS Storage Foundation for Networks 1.0, Cisco, refer to the following Veritas documents available at http://support.veritas.com/

VERITAS Storage Foundation for Networks Overview

VERITAS Storage Foundation for Networks Installation and Configuration Guide

VERITAS Storage Foundation for Networks Obtaining and Installing Licenses

VERITAS Storage Foundation for Networks GUI Administrator's Guide

VERITAS Storage Foundation for Networks CLI Administrator's Guide

VERITAS Storage Foundation for Networks README

Tested Cisco Modems

The following Cisco modems have been verified to work in the SAN-OS environment:

MultiTech MT2834BA (http://www.multitech.com/PRODUCTS/Families/MultiModemII/)

Hayes Accura V.92 (http://www.hayesmicro.com/Products/accura-prod-v92.htm)

Modems can only be configured if you are connected to the console or COM1 ports. A modem connection to a switch in the Cisco MDS 9000 Family does not affect switch functionality.


Note If you plan on connecting a modem to the console port or the COM1 port of a switch in the Cisco MDS 9000 Family, refer to the Cisco MDS 9216 Switch Hardware Installation Guide or the Cisco MDS 9500 Series Hardware Installation Guide. We recommend the use of the COM1 port for modem connections to these switches. COM1 ports are not supported on switches in the Cisco MDS 9100 Series, refer to the Cisco MDS 9100 Series Hardware Installation Guide.


Refer to the Cisco MDS 9000 Family Configuration Guide for further information.

New Commands

The following commands were introduced in Release 1.2(2a):

ASM-specific commands

line console Commands

modem connect line

ASM-specific commands

The following commands are specific to the ASM module:

attach moduleshow fcdd, show vec, show ves, show version, show virt-lookup, show virt-lookup, terminal, and show vsha.

attachpriv module

asm mgmt-vsan

interface cpp

show asm

Refer to the Cisco MDS 9000 Family Command Reference for further information.

line console Commands

The following commands can also be configured from the line console configuration mode:

modem in

modem init-string default

modem set-string user-input

Initially, these commands could only be configured using the line com1 configuration mode.

Refer to the Cisco MDS 9000 Family Configuration Guide or the Cisco MDS 9000 Family Command Reference for further information:

modem connect line

The modem connect line EXEC mode command enables a modem connection when the switch is already in operation. This command must be issued before an initialization string is configured for any line connection.

Refer to the Cisco MDS 9000 Family Configuration Guide or the Cisco MDS 9000 Family Command Reference for further information.

Hardware Documentation Update

Switches in the Cisco MDS 9000 Family are supported with platform-specific hardware documentation that applies to all Cisco SAN OS releases. Effective Release 1.2(2a), the following hardware documents will be independent of Cisco MDS SAN-OS releases.

Cisco MDS 9100 Series Hardware Installation Guide

Cisco MDS 9216 Switch Hardware Installation Guide

Cisco MDS 9500 Series Hardware Installation Guide

The same document will be revised and updated as required. All changes will be identified in a section titled "New and Changed Information." Release-specific information will be called out with special notes, tips, or cautions where appropriate.

Limitations and Restrictions

The following limitations and restrictions apply to all switches in the Cisco MDS 9000 Family:

The install all Command

The install all Command

We recommend you issue the install all command from the console terminal of the active supervisor module while having an additional console terminal open for the standby supervisor module. Once the install all command is issued in the console terminal of the active supervisor module, the console terminal of the active supervisor module is closed. The standby supervisor module's console terminal remains open and displays the full set of messages printed by the install all command process.

If you choose to issue the install all command from a telnet or SSH session, you will not be able to view the full set of messages.

Refer to the Cisco MDS 9000 Family Configuration Guide or the Cisco MDS 9000 Family Command Reference for further information.

Caveats

This section lists the caveats and corrected caveats for this release. Use Table 3 to determine the status of a particular caveat. In the table, "R" indicates a resolved caveat, and "O" indicates an open caveat.

Table 3 Release Caveats and Caveats Corrected Reference 

DDTS Number
Software Release (Resolved or Open)
1.2(1a)
1.2(2a)

Severity 1

CSCeb13329

 

O

Severity 2

CSCeb71406

O

R

CSCeb82753

R

R

CSCec13140

 

R

CSCec15273

O

R

CSCec20105

 

R

CSCec24378

O

R

CSCec27835

O

R

CSCec30443

O

R

CSCec38706

O

R

CSCec46067

 

O

CSCec52509

O

R

CSCec53210

O

R

CSCec62235

 

O

CSCed21583

O

Non-Issue

CSCed65607

O

O

CSCed75825

O

O

CSCee01143

O

O

CSCee06496

O

O

CSCee43249

O

O

CSCeg84871

O

O

CSCei25319

O

O

CSCsh27840

O

O

Severity 3

CSCdz12179

O

O

CSCdz43707

O

O

CSCea45726

O

O

CSCea82028

O

O

CSCeb19588

O

O

CSCeb34865

O

O

CSCeb75360

O

R

CSCeb83984

O

O

CSCeb84217

O

R

CSCeb86793

O

R

CSCec00031

O

R

CSCec03298

O

R

CSCec03539

O

R

CSCec06947

O

R

CSCec08028

O

R

CSCec10009

 

O

CSCec17467

O

R

CSCec23079

O

R

CSCec23320

O

R

CSCec25886

O

R

CSCec29150

O

R

CSCec31567

O

R

CSCec34016

O

R

CSCed32729

O

O

CSCed58155

O

O

CSCed64425

O

O

CSCee89946

O

O

CSCeg61535

O

O

CSCeh21199

O

O


Resolved Caveats

CSCeb71406

Symptom: When more than one change is detected within a 50 msec window in the membership of the egress port of an existing route, the Forwarding Information Base (FIB) properly pauses the Virtual Output Queues (VOQs) of the newly added egress ports. When the pause timer expires, instead of resuming the VOQs of the paused ports related to this timer, the FIB resumes the VOQs of the paused ports related to the last timer started.

Workaround: None. Upgrade to Cisco MDS SAN-OS Release 1.2(2a).

CSCeb82753

Symptom: When creating VSANs using the Device Manager (DM), the name automatically assigned by DM may not be as expected, so it appears that the desired VSAN was not created. This situation occurs if a VSAN is created, deleted, then created again without closing the VSAN dialog. For example, if you created VSAN0006, deleted it, then create another VSAN (VSAN0006 again) DM automatically names it VSAN0007 instead of VSAN0006.

Workaround: If you create the VSAN and then delete it, close the VSAN dialog and reopen it before you create the VSAN again.

CSCec13140

Symptom: An Out of Memory message occurs while running the Fabric Manager after extensive changes have been made to the topology map, either by manually rearranging the map or as a result of actual network changes.

Workaround: None. Upgrade to Cisco MDS SAN-OS Release 1.2(2a).

CSCec15273

Symptom: When node positions are fixed on the Fabric Manager topology map, switches may disappear from the topology map if links to devices are physically moved between different switch ports.

Workaround: None. Upgrade to Cisco MDS SAN-OS Release 1.2(2a).

CSCec20105

Symptom: When a VSAN is created using the Device Manager, the dialog returns a classCast error message and the Device Manager does not populate the VSAN Name field automatically.

Workaround: None. Upgrade to Cisco MDS SAN-OS Release 1.2(2a).

CSCec24378

Symptom: The show version command output may create a core file when a image is downgraded. This does not impact system behavior.

Workaround: None. Upgrade to Cisco MDS SAN-OS Release 1.2(2a).

CSCec27835

Symptom: When the port security or the fabric binding features are enabled in switches in the Cisco MDS 9000 Family, you cannot add members to Gigabit Ethernet PortChannels.

Workaround: None. Upgrade to Cisco MDS SAN-OS Release 1.2(2a).

CSCec30443

Symptom: The iSCSI host cannot open an iSCSI session to the IPS module when the TCP selective acknowledgement (SACK) option is enabled. The Cisco iSCSI initiator for Windows 2000, version 3.1.2, is not able to initiate an iSCSI session to an IPS-8 in an MDS 9509 running SAN-OS 1.2(1a).

Workaround: Downgrade to SAN-OS 1.1.

CSCec38706

Symptom: When you issue a REPORT_LUNS inquiry to a XIOtech storage target, an unusual check condition with 0x062900 (Unit Attention due to power down/up, bus reset...) is returned.

Workaround: None. Upgrade to Cisco MDS SAN-OS Release 1.2(2a).

CSCec52509

Symptom: If a Fabric Manager client has two NIC cards and launches the Fabric Manager, the resulting dialog box allows you to choose between the two NICs. SNMP times out, regardless of which NIC is selected.

Workaround: Use Device Manager, or upgrade to Cisco MDS SAN-OS Release 1.2(2a).

CSCec53210

Symptom: After upgrading to Release 1.2(2), a rare combination of removing a switching (or services) module and deleting a VSAN may cause the standby supervisor module to remain in the down state.

Workaround: Follow these steps to reload the switch, or upgrade to Cisco MDS SAN-OS Release 1.2(2a).

1. Issue the command:

copy startup-config bootflash:saved-config

2. Issue the command:

write erase

3. Issue the command:

copy bootflash:saved-config startup-config

4. Reload. Standby should come up properly.

CSCed21583

Symptom: Upgrading from Release 1.2(1a) to 1.2(1b), or downgrading from 1.2(1b) to 1.2(1a) is disruptive. Using the installer does not upgrade line cards and switchover because the SRG is same.

Workaround: None. Do not use "install all" to upgrade from 1.2(1a) to 1.2(1b) or to downgrade from 1.2(1b) to 1.2(1a). The recommended procedure is to copy the images onto the supervisors, set the boot variables and then reboot the system.

CSCeb75360

Symptom: When issuing a command that shows PortChannels (such as show interface port-channel or show port-channel summary), EtherChannel interfaces are also displayed in the VSAN membership database. This does not cause any performance issues.

Workaround: None. Upgrade to Cisco MDS SAN-OS Release 1.2(2a).

CSCeb84217

Symptom: When running the install module loader command, you must wait for this command to finish before issuing the reload module command or the system will hang.

Workaround: None. Upgrade to Cisco MDS SAN-OS Release 1.2(2a).

CSCeb86793

Symptom: If SNMP role-based users modify their own roles using the Device Manager, then the rules for those role are removed and those users will not be able to connect to the switch using SNMP.

Workaround: None. Upgrade to Cisco MDS SAN-OS Release 1.2(2a).

CSCec00031

Symptom: While configuring an IP access list and a switchover occurs for any reason, the standby may only have partial IP access list information. This results in an inconsistency in applying the IP access list policy after switchover. If this occurs, remove the recently configured IP access list and configure it again.

Workaround: None. Upgrade to Cisco MDS SAN-OS Release 1.2(2a).

CSCec03298

Symptom: For iSCSI hosts connected to Cisco MDS switches, XIOtech storage devices may not be visible as iSCSI targets.

Workaround: None. Upgrade to Cisco MDS SAN-OS Release 1.2(2a).

CSCec03539

Symptom: You cannot configure a NULL server address for both syslog and RADIUS servers using the Fabric manager.

Workaround: None. You must set the correct address, or upgrade to Cisco MDS SAN-OS Release 1.2(2a).

CSCec06947

Symptom: A FC-tunnel interface is not completely displayed when configured as a SPAN destination using the Fabric Manager application.

Workaround: None. Upgrade to Cisco MDS SAN-OS Release 1.2(2a).

CSCec08028

Symptom: The Fabric Manager provides an option to choose a NIC from within a multi-NIC system, but the Device Manager does not provide this option. If the Device Manager is opened from the Fabric Manager, this feature still works. If the Device Manager is opened from a desktop, a timeout error occurs.

Workaround: Start the Device Manager from the command line, using the option -Dmds.nmsAddress=XX to set a preferred address.

CSCec17467

Symptom: After creating a read-only zone using Fabric Manager version 1.2(1), if you select the zone in the left hand pane (in the tree), the Members tab in the top pane may be empty.

Workaround: None. Upgrade to Cisco MDS SAN-OS Release 1.2(2a).

CSCec23079

Symptom: Incorrect, large values are returned for SysUptime queries by the MDS SNMP agent.

Workaround: None. Upgrade to Cisco MDS SAN-OS Release 1.2(2a).

CSCec23320

Symptom: Removing enclosures using the Fabric Manager removes member ports from fabric map.

Workaround: None. Upgrade to Cisco MDS SAN-OS Release 1.2(2a).

CSCec25886

Symptom: While upgrading from 1.0(x) to 1.2(1a) space is not created in forwarding tables for new MPLS segments using remote span. This causes RSPAN to fail.

Workaround: None. Upgrade to Cisco MDS SAN-OS Release 1.2(2a).

CSCec29150

Symptom: Activating a zone using the Fabric Manager fails when the interop mode is enabled, but works from the CLI.

Workaround: None. Upgrade to Cisco MDS SAN-OS Release 1.2(2a).

CSCec31567

Symptom: When a VSAN with the interop 2 option in a Cisco MDS 9000 Family switch is configured to interoperate with a Brocade switch running in Native mode, the Cisco MDS switch permits the use of $ and - characters in zone set, zone, and alias names. The Brocade switch rejects zone updates containing objects with these special characters, and in some situations may isolate the ISL and segment the fabric.

Workaround: When administering zoning from an MDS switch, be sure that the zone set, zone, and alias names do not include "$" and "-" characters. The underscore character is permitted.

CSCec34016

Symptom: When two TE ports are configured as a part of port channels, the transition ports intermittently show up as invalid ports in the Fabric Manager. They later merge to come up as PortChannel.

Workaround: None. Upgrade to Cisco MDS SAN-OS Release 1.2(2a).

Open Caveats

CSCeb13329

Symptom: Under certain configuration scenarios, the VXSVC daemon in the Application Services Module (ASM) may run out of memory.

Workaround: None.

CSCec46067

Symptom: During relayout or recovery operations, the I/O performance of the ASM was lower than expected.

Workaround: None.

CSCec62235

Symptom: HBA ports require a different area ID than storage ports when they are both connected to the same switch. For example, if the storage port FCID is 0x6f0004, the area for this port is 00. In this case, the HBA port's area can be anything other than 00. The HBA port's FC ID must be manually configured to be different from the storage port's FC ID.

Workaround: Refer to the Release 1.2(2a) Cisco MDS 9000 Family Configuration Guide for a detailed procedure on assigning different area FC IDs.

CSCed65607

Symptom: A vulnerability in the Transmission Control Protocol (TCP) specification (RFC 793) was discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the attacked protocol, a successful attack may have additional consequences beyond terminated connection. This attack vector is only applicable to those sessions terminating in a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality. All Cisco products which contain TCP stack are susceptible to this vulnerability.

This advisory is available at the following website, and it describes this vulnerability as it applies to Cisco products that run Cisco IOSĀ® software. http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml

A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.

Workaround: Depending on the application, the connection may get automatically reestablished. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session).

CSCed75825

Symptom: If a spare supervisor module has the local boot variables pointing to Release 1.0(1) or 1.0(2) images, inserting that spare supervisor module into a functioning switch will cause the active supervisor module to fail. This issue exists in all releases up to and including Release 1.3(3c).

Workaround: If the active supervisor runs any of the affected releases, check the version of the spare supervisor module before inserting it, or issue the reload module slot-number force-dnld command immediately after the insertion. The slot-number is the number of the slot in which the spare module is inserted.

CSCee01143

Symptom: When trying to access Fabric or Device Manager using SNMPv3, the user is unable to access the switch and is prompted with the error message "notintimewindow".

Workaround: Set the clock on the switch to the highest, and then to the lowest. From there, set it back to the regular time.

CSCee06496

Symptom: If you are running Cisco MDS SAN-OS releases 1.1(3), 1.2(1a), 1.2(1b), 1.2(2a), 1.3(1), 1.3(2a), 1.3(3), or 1.3(3c), the following sequence of operations might lead to the failure of one or both supervisor modules simultaneously:

a. Removing an IPS-8 module from the switch.

b. Inserting a different type of module in the same slot.

c. Configuring the new module.

d. Issuing the copy running-config startup-config command.

Removing the IPS-8 module at any time and replacing with another IPS-8 module does not cause this problem.

Workaround: Before replacing an IPS-8 module with a different type of module in the same slot, upgrade to Cisco MDS SAN-OS Release 1.3(4a).

CSCee43249

Symptom: If a malfunctioning device does not swap the source and destination FCIDs, a PLOGI frame sent by this device can cause high CPU utilization. These PLOGI frame errors are reported by the zone server.

Workaround: None.

CSCeg84871

Symptom: When an iSCSI initiator logs in to a Gigabit Ethernet port number 1 on an IPS module in slot 1, the switch sends a login response with the value of the Target Session Identifying Handle (TSIH) field set to zero (0), which is an iSCSI protocol violation. This situation can also occur when an iSCSI initiator logs in to Ethernet PortChannel number 1. The Qlogic iSCSI initiator may verify the TSIH value and reject it.

Workaround: None.

CSCei25319

Sympton: An error message in the log file occurs because the platform manager component passes the wrong parameter while responding to a SNMP query. In some cases, this results in the query not being responded to.

Workaround: Perform a refresh on Device Manager to clear the problem.

CSCsh27840

Symptom: While using an FCIP link for remote SPAN, it is possible that the FCIP link may flap.

Workaround: Do not use FCIP links for Remote SPAN.

CSCdz12179

Symptom: When the Fabric Manager or Device Manager communicates with the Cisco MDS switch through Virtual Private Network (VPN) or any Network Address Translation (NAT) scheme, a generic error message occurs while adding duplicate zone members from a VPN connection.

Workaround: None. If an error occurs while running through VPN/NAT, all errors will show up as generic errors without a detailed message describing the error.

CSCdz43707

Symptom: The Fabric Manager or Device Manager reports an error for all operations if the switch is multi-homed (both IPFC-based in-band management and the out-of-band management interface are up) and the Fabric or Device Manager was started using the IPFC address. Typically, you will see a notInTime window error in the Device Manager and all SNMP set operations fail.

Workaround: If the switch is multi-homed, then start the Fabric or Device Manager on the switch using the out-of-band management interface IP address.

CSCea45726

Symptom: The Device Manager shows a port in the down state (red square) when the operational status of the port is up. This rare occurrence is due to the failure cause of the port not being empty (for example, the failure case reflects the initializing state).

Workaround: None.

CSCea82028

Symptom: When a switch is upgraded while the Device Manager for that switch is open, a Java error of class cast exception occurs. When this error occurs, some Device Manager menu items are unusable while other menu items remain in this error state.

Workaround: Close the Device Manager and reopen it.

CSCeb19588

Symptom: Sometimes, the zone merge import command results in isolation.

Workaround: Reissue the command to resolve the isolation problem.

CSCeb34865

Symptom: The following error message is issued when you try configuring switch drop latency:

changing this parameter is not allowed could not update the value

Workaround: None. Switch drop latency is not configurable in this release of the software.

CSCeb83984

Symptom: When downgrading a Cisco MDS 9000 Family switch to an older release version which does not contain the LUN zoning feature, for example, Release 1.1(x), the configuration is not erased completely.

Workaround: Delete the LUN zoning configuration before downgrading the switch.

CSCec10009

Symptom: When a previously-connected port is disconnected and reconnected to a different port, the old port connection displays a red cross. The tool tip continues to shows the presence of the new port and the old port as members of the loop. When this happen the WWN of the new device is both in the tool tip of the nonexistent loop and in the disconnected device. It may take a poll cycle for the PortChannel to appear on the fabric map.

Workaround: Working as designed. Refresh or purge the fabric map to remove the nonexistent (dead) link.

CSCed32729

Symptom: When altering an Fx-port state using SNMP, the following error is reported:

snmpset: Agent reported error with variable #1.
.iso.org.dod.internet.mgmt.mib-2.75.1.2.2.1.1.22.0:  SNMP: A general
failure occurred on the agent.

Workaround: None.

CSCed58155

Symptom: The Fabric Manager (FM) cannot correlate an iSCSI host with two NIC cards when the iSCSI initiator is identified by the IP address (either from a matching static iscsi initiator ip-address command or from an iSCSI interface switchport initiator id ip-address command for dynamic initiators). This is a result of the switch putting IP address in the symbolic-node-name field in the FCNS entry for that initiator. This was done to allow zoning based on IP address in ISAN software Release 1.1(x) and 1.2(x) where zone membership for iSCSI initiator can only be based on symbolic-node-name value.

Workaround: To allow FM to show the above-mentioned host properly, the switch will instead fill the FCNS entry's symbolic-node-name field with the actual iSCSI initiator node name (i.e. its IQN name).

This impacts for users who configure zoning based on iSCSI initiator's IP address via the symbolic node name field, e.g.

zone name a vsan 1 
member symbolic-nodename 10.2.2.112

Change the above configuration to the following for this configuration to continue working after upgrading to Release 1.3(4a).

zone name a vsan 1 
member ip-address 10.2.2.112

CSCed64425

Symptom: You can TFTP to a Cisco MDS switch through the management interface from any TFTP client. In SAN-OS Releases 1.3(4a), 1.3(4b) and 1.3(5), a default IP access control list (ACL) rule is added to block frames for ports like TFTP, SUNRP and BOOTP.

Workaround: For SAN-OS Releases 1.2(1a), 1.2(1b), 1.2(2a), 1.3(1), 1.3(2a), 1.3(3), and 1.3(3c), manually create the drop rule by issuing the following commands in succession:

switch(config)# ip access-list abc deny udp any any eq port 69 
switch(config)# ip access-list abc permit ip any any 
switch(config)# interface mgmt 0  
switch(config-if)# ip access-group abc

CSCee89946

Symptom: This caveat applies to Release 1.1(1) up to, and including, Release 1.3(4b). The Fibre Channel port link reinitialization sequence triggered by a link down event does not succeed if the switching module is up for more than 248 days and the last shutdown command on that port was issued 248 days prior to the link failure. After the link-down event, the port remains in the link failure or not connected state as shown in the following command output:

switch# show interface fc2/1
fc2/1 is down (Link failure or not-connected) 

Workaround: Issue the shutdown command, followed by the no shutdown command, on the affected port to bring the port back to link-up state as shown in the following command output:

switch# config t
switch(config)# interface fc2/1 
switch(config)# shutdown
switch(config)# no shutdown

Issue the following commands to verify the module uptime.

switch# attach module 2
Attaching to module 2 ...

To exit type exit, to abort type $.

module-2# show version
Software
BIOS:      version 1.0.8
system:    version 2.0(1) [build 2.0(0.139)]
BIOS compile time:       08/07/03
system compile Time:     10/25/2020 12:00:00
Hardware
RAM 186668 kB
bootflash: 125184 blocks (block size 512b)
lc02   uptime is 11 days 18 hours 18 minute(s) 9 second(s)

Other notes:

Any nondisruptive upgrade or downgrade resets the 248-day window.

Once the shutdown and no shutdown commands are issued, it is good for another 248 days.

If the switch has been up for a long time and the customer wants to connect new devices to the switch ports, then you may start with the shutdown and no shutdown commands on those ports

CSCeg61535

Symptom: The Telnet server may not be disabled even if you disable it through setup. A telnet session will still work in the switch.

Workaround: Issue the no telnet server enable command in configuration mode to disable telnet after you login to the switch.

CSCeh21199

Symptom: If the NetApp file server appliance is configured as an initiator performing a Network Data Management Protocol (NDMP) backup, then the fabric login (FLOGI) process on the MDS switch might terminate because of excessive LSTS requests.

This might happen if your N port or NL port uses extended link services to manage and control a public remote loop. The NetApp file server appliance configuration uses these services, namely LSTS and LINIT, which are documented in the Fibre Channel standards compliance (FC-FLA standard) specification.

Workaround: Upgrade to Cisco MDS SAN-OS Release 2.0(4).

Related Documentation

Regulatory Compliance and Safety Information for the Cisco MDS 9000 Family

Cisco MDS 9100 Series Quick Start Guide

Cisco MDS 9500 Series and Cisco MDS 9216 Quick Start Guide

Cisco MDS 9100 Series Hardware Installation Guide

Cisco MDS 9216 Switch Hardware Installation Guide

Cisco MDS 9500 Series Hardware Installation Guide

Cisco MDS 9000 Family Command Reference

Cisco MDS 9000 Family Configuration Guide

Cisco MDS 9000 Family Fabric Manager User Guide

Cisco MDS 9000 Family Troubleshooting Guide

Cisco MDS 9000 Family System Messages Guide

Cisco MDS 9000 Family MIB Reference Guide

For information on VERITAS Storage Foundation™ for Networks 1.0, Cisco, refer to the following Veritas documents available at http://support.veritas.com/

VERITAS Storage Foundation for Networks Overview

VERITAS Storage Foundation for Networks Installation and Configuration Guide

VERITAS Storage Foundation for Networks Obtaining and Installing Licenses

VERITAS Storage Foundation for Networks GUI Administrator's Guide

VERITAS Storage Foundation for Networks CLI Administrator's Guide

VERITAS Storage Foundation for Networks README

Obtaining Documentation

Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.

Cisco.com

You can access the most current Cisco documentation at this URL:

http://www.cisco.com/univercd/home/home.htm

You can access the Cisco website at this URL:

http://www.cisco.com

You can access international Cisco websites at this URL:

http://www.cisco.com/public/countries_languages.shtml

Documentation DVD

Cisco documentation and additional literature are available in a Documentation DVD package, which may have shipped with your product. The Documentation DVD is updated regularly and may be more current than printed documentation. The Documentation DVD package is available as a single unit.

Registered Cisco.com users (Cisco direct customers) can order a Cisco Documentation DVD (product number DOC-DOCDVD=) from the Ordering tool or Cisco Marketplace.

Cisco Ordering tool:

http://www.cisco.com/en/US/partner/ordering/

Cisco Marketplace:

http://www.cisco.com/go/marketplace/

Ordering Documentation

You can find instructions for ordering documentation at this URL:

http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm

You can order Cisco documentation in these ways:

Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Ordering tool:

http://www.cisco.com/en/US/partner/ordering/

Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 1 800 553-NETS (6387).

Documentation Feedback

You can send comments about technical documentation to mdsfeedback-doc@cisco.com.

You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:

Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Cisco Product Security Overview

Cisco provides a free online Security Vulnerability Policy portal at this URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

From this site, you can perform these tasks:

Report security vulnerabilities in Cisco products.

Obtain assistance with security incidents that involve Cisco products.

Register to receive security information from Cisco.

A current list of security advisories and notices for Cisco products is available at this URL:

http://www.cisco.com/go/psirt

If you prefer to see advisories and notices as they are updated in real time, you can access a Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed from this URL:

http://www.cisco.com/en/US/products/products_psirt_rss_feed.html

Reporting Security Problems in Cisco Products

Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you might have identified a vulnerability in a Cisco product, contact PSIRT:

Emergencies — security-alert@cisco.com

Nonemergencies — psirt@cisco.com


Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product to encrypt any sensitive information that you send to Cisco. PSIRT can work from encrypted information that is compatible with PGP versions 2.x through 8.x.

Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one that has the most recent creation date in this public key server list:

http://pgp.mit.edu:11371/pks/lookup?search=psirt%40cisco.com&op=index&exact=on


In an emergency, you can also reach PSIRT by telephone:

1 877 228-7302

1 408 525-6532

Obtaining Technical Assistance

For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, Cisco Technical Support provides 24-hour-a-day, award-winning technical assistance. The Cisco Technical Support Website on Cisco.com features extensive online support resources. In addition, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not hold a valid Cisco service contract, contact your reseller.

Cisco Technical Support Website

The Cisco Technical Support Website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, 365 days a year, at this URL:

http://www.cisco.com/techsupport

Access to all tools on the Cisco Technical Support Website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:

http://tools.cisco.com/RPF/register/register.do


Note Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting a web or phone request for service. You can access the CPI tool from the Cisco Technical Support Website by clicking the Tools & Resources link under Documentation & Tools. Choose Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product Identification Tool link under Alerts & RMAs. The CPI tool offers three search options: by product ID or model name; by tree view; or for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call.


Submitting a Service Request

Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco TAC engineer. The TAC Service Request Tool is located at this URL:

http://www.cisco.com/techsupport/servicerequest

For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco TAC engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.

To open a service request by telephone, use one of the following numbers:

Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447

For a complete list of Cisco TAC contacts, go to this URL:

http://www.cisco.com/techsupport/contacts

Definitions of Service Request Severity

To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.

Severity 1 (S1)—Your network is "down," or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.

Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.

Severity 3 (S3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.

Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

Cisco Marketplace provides a variety of Cisco books, reference guides, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:

http://www.cisco.com/go/marketplace/

Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:

http://www.ciscopress.com

Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and networking investments. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can access Packet magazine at this URL:

http://www.cisco.com/packet

iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies learn how they can use technology to increase revenue, streamline their business, and expand services. The publication identifies the challenges facing these companies and the technologies to help solve them, using real-world case studies and business strategies to help readers make sound technology investment decisions. You can access iQ Magazine at this URL:

http://www.cisco.com/go/iqmagazine

Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:

http://www.cisco.com/ipj

World-class networking training is available from Cisco. You can view current offerings at this URL:

http://www.cisco.com/en/US/learning/index.html