Guest

Cisco Catalyst 6000 Series Switches

Release Notes for Catalyst 6500 Series ATM Modules Cisco IOS Release 12.1E

 Feedback

Table Of Contents

Release Notes for Catalyst 6500 Series ATM Modules Cisco IOS Release 12.1E

Early Deployment Releases

Current Release Image Names for ATM Modules

Software Releases and Orderable Product Number Matrix

Usage Guidelines and Restrictions

Important Notes

Software Image Download

New and Changed Information

New Features in Release 12.1(27b)E4

New Features in Release 12.1(27b)E3

New Features in Release 12.1(27b)E2

New Features in Release 12.1(27b)E1

New Features in Release 12.1(27b)E

New Features in Release 12.1(26)E9

New Features in Release 12.1(26)E8

New Features in Release 12.1(26)E7

New Features in Release 12.1(26)E6

New Features in Release 12.1(26)E5

New Features in Release 12.1(26)E4

New Features in Release 12.1(26)E3

New Features in Release 12.1(26)E2

New Features in Release 12.1(26)E1

New Features in Release 12.1(26)E

New Features in Release 12.1(23)E4

New Features in Release 12.1(23)E3

New Features in Release 12.1(23)E1

New Features in Release 12.1(23)E

New Features in Release 12.1(22)E6

New Features in Release 12.1(22)E4

New Features in Release 12.1(22)E1

New Features in Release 12.1(22)E

New Features in Release 12.1(20)E6

New Features in Release 12.1(20)E3

New Features in Release 12.1(20)E1

New Features in Release 12.1(20)E

New Features in Release 12.1(19)E2

New Features in Release 12.1(19)E

New Features in Release 12.1(14)E4

New Features in Release 12.1(14)E1

New Features in Release 12.1(13)E

New Features in Release 12.1(12c)E1

New Features in Release 12.1(12c)E

New Features in Release 12.1(11b)E12

New Features in Release 12.1(11b)E11

New Features in Release 12.1(11b)E

New Features in Release 12.1(10)E5

New Features in Release 12.1(10)E4

New Features in Release 12.1(10)E

New Features in Release 12.1(8a)E

New Features in Release 12.1(7a)E5

New Features in Release 12.1(6)E8

New Features in Release 12.1(5c)E12

New Features in Release 12.1(5c)E10

New Features in Release 12.1(5a)E3

New Features in Release 12.1(4)E2

New Features in Release 12.1(2)E2

New Features in Release 12.1(2)E1

New Features in Release 12.0(5)XS2

Caveats

Release 12.1(27b)E4

Open Caveats in Release 12.1(27b)E4

Resolved Caveats in Release 12.1(27b)E4

Release 12.1(27b)E3

Open Caveats in Release 12.1(27b)E3

Resolved Caveats in Release 12.1(27b)E3

Release 12.1(27b)E2

Open Caveats in Release 12.1(27b)E2

Resolved Caveats in Release 12.1(27b)E2

Release 12.1(27b)E1

Open Caveats in Release 12.1(27b)E1

Resolved Caveats in Release 12.1(27b)E1

Release 12.1(27b)E

Open Caveats in Release 12.1(27b)E

Resolved Caveats in Release 12.1(27b)E

Release 12.1(26)E9

Open Caveats in Release 12.1(26)E9

Resolved Caveats in Release 12.1(26)E9

Release 12.1(26)E8

Open Caveats in Release 12.1(26)E8

Resolved Caveats in Release 12.1(26)E8

Release 12.1(26)E7

Open Caveats in Release 12.1(26)E7

Resolved Caveats in Release 12.1(26)E7

Release 12.1(26)E6

Open Caveats in Release 12.1(26)E6

Resolved Caveats in Release 12.1(26)E6

Release 12.1(26)E5

Open Caveats in Release 12.1(26)E5

Resolved Caveats in Release 12.1(26)E5

Release 12.1(26)E4

Open Caveats in Release 12.1(26)E4

Resolved Caveats in Release 12.1(26)E4

Release 12.1(26)E3

Open Caveats in Release 12.1(26)E3

Resolved Caveats in Release 12.1(26)E3

Release 12.1(26)E2

Open Caveats in Release 12.1(26)E2

Resolved Caveats in Release 12.1(26)E2

Release 12.1(26)E1

Open Caveats in Release 12.1(26)E1

Resolved Caveats in Release 12.1(26)E1

Release 12.1(26)E

Open Caveats in Release 12.1(26)E

Resolved Caveats in Release 12.1(26)E

Release 12.1(23)E4

Open Caveats in Release 12.1(23)E4

Resolved Caveats in Release 12.1(23)E4

Release 12.1(23)E3

Open Caveats in Release 12.1(23)E3

Resolved Caveats in Release 12.1(23)E3

Release 12.1(23)E1

Open Caveats in Release 12.1(23)E1

Resolved Caveats in Release 12.1(23)E1

Release 12.1(23)E

Open Caveats in Release 12.1(23)E

Resolved Caveats in Release 12.1(23)E

Release 12.1(22)E6

Open Caveats in Release 12.1(22)E6

Resolved Caveats in Release 12.1(22)E6

Release 12.1(22)E4

Open Caveats in Release 12.1(22)E4

Resolved Caveats in Release 12.1(22)E4

Release 12.1(22)E1

Open Caveats in Release 12.1(22)E1

Resolved Caveats in Release 12.1(22)E1

Release 12.1(22)E

Open Caveats in Release 12.1(22)E

Resolved Caveats in Release 12.1(22)E

Release 12.1(20)E6

Open Caveats in Release 12.1(20)E6

Resolved Caveats in Release 12.1(20)E6

Release 12.1(20)E3

Open Caveats in Release 12.1(20)E3

Resolved Caveats in Release 12.1(20)E3

Release 12.1(20)E1

Open Caveats in Release 12.1(20)E1

Resolved Caveats in Release 12.1(20)E1

Release 12.1(20)E

Open Caveats in Release 12.1(20)E

Resolved Caveats in Release 12.1(20)E

Release 12.1(19)E2

Open Caveats in Release 12.1(19)E2

Resolved Caveats in Release 12.1(19)E2

Release 12.1(19)E

Open Caveats in Release 12.1(19)E

Resolved Caveats in Release 12.1(19)E

Release 12.1(14)E4

Open Caveats in Release 12.1(14)E4

Resolved Caveats in Release 12.1(14)E4

Release 12.1(14)E1

Open Caveats in Release 12.1(14)E1

Resolved Caveats in Release 12.1(14)E1

Release 12.1(13)E

Open Caveats in Release 12.1(13)E

Resolved Caveats in Release 12.1(13)E

Release 12.1(12c)E1

Open Caveats in Release 12.1(12c)E1

Resolved Caveats in Release 12.1(12c)E1

Release 12.1(12c)E

Open Caveats in Release 12.1(12c)E

Resolved Caveats in Release 12.1(12c)E

Release 12.1(11b)E12

Open Caveats in Release 12.1(11b)E12

Resolved Caveats in Release 12.1(11b)E12

Release 12.1(11b)E11

Open Caveats in Release 12.1(11b)E11

Resolved Caveats in Release 12.1(11b)E11

Release 12.1(11b)E

Open Caveats in Release 12.1(11b)E

Resolved Caveats in Release 12.1(11b)E

Release 12.1(10)E5

Open Caveats in Release 12.1(10)E5

Resolved Caveats in Release 12.1(10)E5

Release 12.1(10)E4

Open Caveats in Release 12.1(10)E4

Resolved Caveats in Release 12.1(10)E4

Release 12.1(10)E

Open Caveats in Release 12.1(10)E

Resolved Caveats in Release 12.1(10)E

Release 12.1(8b)E13

Open Caveats in Release 12.1(8b)E13

Resolved Caveats in Release 12.1(8b)E13

Release 12.1(8a)E

Open Caveats in Release 12.1(8a)E

Resolved Caveats in Release 12.1(8a)E

Release 12.1(7a)E5

Open Caveats in Release 12.1(7a)E5

Resolved Caveats in Release 12.1(7a)E5

Release 12.1(6)E8

Open Caveats in Release 12.1(6)E8

Resolved Caveats in Release 12.1(6)E8

Release 12.1(5c)E12

Open Caveats in Release 12.1(5c)E12

Resolved Caveats in Release 12.1(5c)E12

Release 12.1(5c)E10

Open Caveats in Release 12.1(5c)E10

Resolved Caveats in Release 12.1(5c)E10

Release 12.1(5a)E3

Open Caveats in Release 12.1(5a)E3

Resolved Caveats in Release 12.1(5a)E3

Release 12.1(4)E2

Open Caveats in Release 12.1(4)E2

Resolved Caveats in Release 12.1(4)E2

Release 12.1(2)E2

Open Caveats in Release 12.1(2)E2

Resolved Caveats in Release 12.1(2)E2

Release 12.1(2)E1

Open Caveats in Release 12.1(2)E1

Resolved Caveats in Release 12.1(2)E1

Release 12.0(5)XS2

Open Caveats in Release 12.0(5)XS2

Resolved Caveats in Release 12.0(5)XS2

Related Documentation

Notices

OpenSSL/Open SSL Project

License Issues

Obtaining Documentation and Submitting a Service Request


Release Notes for Catalyst 6500 Series ATM Modules Cisco IOS Release 12.1E


March 4, 2008

Current Release: 12.1(27b)E4
Previous Releases:
12.1(27b)E3, 12.1(27b)E2, 12.1(27b)E1, 12.1(27b)E, 12.1(26)E9, 12.1(26)E8, 12.1(26)E7, 12.1(26)E6, 12.1(26)E5, 12.1(26)E4, 12.1(26)E3, 12.1(26)E2, 12.1(26)E1, 12.1(26)E, 12.1(23)E3, 12.1(23)E1, 12.1(23)E, 12.1(22)E6, 12.1(22)E4, 12.1(22)E1, 12.1(22)E1, 12.1(22)E, 12.1(20)E6, 12.1(20)E3, 12.1(20)E1, 2.1(20)E, 12.1(19)E2, 12.1(19)E, 12.1(14)E4, 12.1(14)E1, 12.1(13)E, 12.1(12c)E, 12.1(11b)E11, 12.1(11b)E, 12.1(10)E5, 12.1(10)E4, 12.1(10)E, 12.1(8a)E, 12.1(7a)E5, 12.1(6)E8, 12.1(5c)E12, 12.1(5c)E10, 12.1(5a)E3, 12.1(4)E2, 12.1(2)E2, 12.1(2)E1, and 12.0(5)XS2

The most current release notes for Cisco IOS Release 12.1E are available on Cisco.com:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.1E/hybrid/atm/release/notes/OL_2904.html


Caution MPOA does not work in Cisco IOS Release 12.1(4)E2 on the Catalyst 6500 series ATM platform.

This publication describes all the Catalyst 6500 series ATM modules in Cisco IOS Release 12.1E.

These modules are supported in Cisco IOS Release 12.1E:

Single-port OC-12 SMF ATM module (WS-X6101-OC-12-SMF)

Single-port OC-12 MMF ATM module (WS-X6101-OC-12-MMF)

Table 1 lists the current release image names on Cisco.com for the Catalyst 6500 series ATM modules.

This publication consists of these sections:

Early Deployment Releases

Current Release Image Names for ATM Modules

Software Releases and Orderable Product Number Matrix

Usage Guidelines and Restrictions

Important Notes

Software Image Download

New and Changed Information

Caveats

Related Documentation

Early Deployment Releases

Cisco IOS Release 12.1 supports the Catalyst 6500 series switch ATM module. Release 12.1E is based on Release 12.1(1). All features and functionality in Releases 12.0(5)XS1, 12.0(5)XS, and 12.1(4)E2 are in Release 12.1E.

For more information about the Cisco IOS software release process, refer to Cisco IOS Releases: Product Bulletin 537 located on Cisco.com at this location:

http://www.cisco.com/warp/public/cc/pd/iosw/iore/prodlit/537_pp.htm

This publication does not describe features that are available in Release 12.1, Release 12.1 T, or other Release 12.1 Early Deployment (ED) releases.

All caveats in Release 12.0(5)XS1 and Release 12.0(5)XS are also in Release 12.1(2)E3. For a list of the software caveats that apply to Release 12.1(2)E3, see the "Open and Resolved Caveats in Software Release 12.0(5)XS1" section on page 5, the Release Notes for Catalyst 6000 Family ATM Module Release 12.0(5)XS1 on Cisco.com, and the Caveats for Cisco IOS Release 12.1 document at this URL:

http://www.cisco.com/en/US/docs/ios/12_1/relnotes/crossplatform/release/notes/121mcavs.html

Current Release Image Names for ATM Modules

Table 1 lists the current release image names for the Catalyst 6500 series ATM modules.

Table 1 Current Release Image Names for ATM Modules 

ATM Module
Module Product Number
LANE
SW Release
PVC Traffic-Shaping
SW Release
MPOA
SW Release
Supervisor Engine
SW Release

LANE Single PHY
OC-12 MMF

WS-X6101-OC-12-MMF

12.1(27b)E4
c6atm-lc-mz

12.1(27b)E4
c6atm-lc-mz

12.1(27b)E4
c6atm-lc-mz

5.3.2 and later

LANE Single PHY
OC-12 SMF

WS-X6101-OC-12-SMF

12.1(27b)E4
c6atm-lc-mz

12.1(27b)E4
c6atm-lc-mz

12.1(27b)E4
c6atm-lc-mz

5.3.2 and later


Software Releases and Orderable Product Number Matrix

Table 2 lists the software releases and applicable ordering information for the Catalyst 6500 series ATM module software.

Table 2 Software Release/Orderable Product Number Matrix 

Software Release
Image Filename
Orderable Product Number Flash on System
Orderable Product Number
Spare Upgrade (Floppy Media)

12.1(27b)E4

c6atm-lc-mz.121-27b.E4

SC6ATM-121027bE

SC6ATM-121027bE=


Usage Guidelines and Restrictions

This section describes the usage guidelines and restrictions for Cisco IOS Release 12.1E for the Catalyst 6500 series ATM module:


Note Cisco IOS Release 12.0(5)XS and later requires that the supervisor engine run software release 5.3.2 or later. Supervisor engine software release 5.3.1 will recognize the ATM module but does not support it. Do not use supervisor engine software release 5.3.1 with Cisco IOS Releases 12.0(5)XS, 12.0(5)XS1, 12.1(2)E2, 12.1(8a)E, and later.



Note You must have Cisco IOS Release 12.0(4a)WX5(11) or later to support the ATM module.


CSCdm60024

During bootup, you may see this message:

%ATMSSCOP-4-UNMATCHUNIVERSION:(ATM0):rcv non-0 NUU in BeginPdu at UNI  3.0.Please 
verify peer UNI version. 

The software will recover and negotiate again. No action is required.

CSCdp14928

Under certain conditions of heavy data traffic (sustained traffic greater than two thirds of OC-12 line rate) with a large number of Ethernet MACs in an ATM LANE network that result in many LE-ARP messages, the transmitter might encounter temporary buffer starvation leading to this error message:

## ATMDRV ERROR REPORT ## THost:Host Response Status: P1CMDS_GET_BUFFERS(44 or
0x2c) Response Status = P1CMDS_STATUS_NO_BUFS(7) 

Workaround: If you see these messages frequently, we recommend that you dedicate one OC-12 ATM module to LES/BUS traffic to reduce the amount of control and data traffic on any one particular module transmitter.

CSCdr92553

On the Catalyst 6500 series ATM modules that are running Release 12.1(4)E2 and have QoS-enabled LAN Emulation Clients (LECs), a new QoS VCC may not be established if you change the QoS parameters in the QoS database.

Workaround: Enter the clear cam dynamic vlanid command on the Catalyst 6500 series switch.

CSCds61726

On the Catalyst 6500 series ATM modules running Cisco IOS Release 12.1(4)E with QoS-enabled LECs, when moving the LECs from QoS capable mode to non-QoS capable modes, it is possible that the LECs will continue to use the UBR+ VCC and will not revert to the UBR VCC.

Workaround: Enter the clear cam dynamic vlanid command on the Catalyst 6500 series switch.

CSCdt07421

The supervisor engine can reset the WS-X6101 module in a Catalyst 6500 series switch under extreme conditions, such as the following:

Rebooting the WS-X6101 module configured with 2500 PVCs.

Entering shutdown and no shutdown commands on a major ATM interface of the WS-X6101 module configured with 100 LECs.

Attempting to create more than 8000 MPOA cache entries.

Under certain conditions of heavy data traffic (sustained traffic greater than two thirds of OC-12 line rate) and when there is a large number of Ethernet MACs in an ATM LANE network that result in many LE-ARP messages, the transmitter may encounter temporary buffer starvation leading to the following error message:

## ATMDRV ERROR REPORT ## THost:Host Response Status: P1CMDS_GET_BUFFERS(44 or
0x2c) Response Status = P1CMDS_STATUS_NO_BUFS(7) 

Workaround: If you see this message frequently, we recommend that you dedicate one OC-12 ATM module to LES/BUS traffic to reduce the amount of control and data traffic on any one particular module transmitter.

CSCdm93794

When an LEC has been removed from an ELAN, it still appears to be up for approximately 30 seconds after removal. This delay is due to the Fast PHY switchover implementation.

When the LAN Emulation Configuration Server (LECS) is configured on an ATM module, you might see this message when you reload the module or when you enter the shutdown and no shutdown commands on the major interface:

LANE-3-LECS_ERROR:vc out of sync:updating old call parameters...

This is an informational message and does not indicate a problem.

The minimum peak cell rate (PCR) or sustainable cell rate (SCR) is 64 kbps.

Octet counters are supported on a per-physical-interface basis only. Octet counters per VLAN or per LEC are not supported.

When you use the Hot Standby Router Protocol (HSRP) with the Catalyst 6500 series ATM module, we recommend that you also use the standby use-bia command when configuring the routers. This command speeds up the HSRP switchover time.

When you insert or replace ATM modules, enter the clear config mod_num command to clear the ATM module configuration information in the supervisor engine and to obtain the correct spanning tree parameters for the modules. Enter this command from the supervisor engine module command prompt.

Due to cell-rate granularity, the actual PCR value may differ from the value you specify for the RFC 1483 PVC. Only certain values of output rate are supported. The output rate is (line-rate/N, where N is an integer) a value that is less than or equal to the rate you specified.

To automatically boot a software image other than the first image in the bootflash, enter the following commands:

boot system flash bootflash: image name  
config-register 0x2

After a reload, the ATM module boots with the image name that you specified.

Important Notes

Deferrals and field notices for the specified releases are located at the following URLs:

Release 12.1(5c)E8: http://www.cisco.com/pcgi-bin/Software/Iosplanner/Planner-tool/printdefer.pl?platform=&majorRel=12.1&release=12.1.5cE8&data_from=&file=12.1.5cE8..c.html

Release 12.1(5a)E3: http://www.cisco.com/pcgi-bin/Software/Iosplanner/Planner-tool/printdefer.pl?platform=&majorRel=12.1&release=12.1.5aE3&data_from=&file=12.1.5aE3..c.html

Release 12.1(4)E2: http://www.cisco.com/pcgi-bin/Software/Iosplanner/Planner-tool/printdefer.pl?platform=&majorRel=12.1&release=12.1.4E2&data_from=&file=12.1.4E2..c.html

Release 12.1(2)E1: http://www.cisco.com/pcgi-bin/Software/Iosplanner/Planner-tool/printdefer.pl?platform=&majorRel=12.1&release=12.1.2E1&data_from=&file=12.1.2E1..c.html

Release 12.1: http://www.cisco.com/pcgi-bin/Software/Newsbuilder/Builder/newsbuilder.cgi?f_dir=kobayashi%2Fsw-center%2Farticles&head=ios_whot_header.html&foot=ios_whot_footer.html&dtype=deferral&viewer=CUSTOMER&subject=ios%3A12.1

Software Image Download

This section describes the two methods for downloading a new image to the OC-12 ATM module:

Downloading from a TFTP server

Downloading from the supervisor engine PC card

To download an image from a TFTP server, at the OC-12 ATM module's console, enter the following command: copy tftp bootflash

You will be asked the following question:

Address or name of remote host []? 

Enter the IP address of the TFTP server.


Note Entering the name does not work.


Erase bootflash:before copying? [confirm]

Answer yes. This step is necessary due to an issue in which autoboot, which is enabled by default, boots the first image in the bootflash. If you do not erase the old image after downloading the new image, the old image will be booted.

To download an image from the supervisor engine PC card, perform this two-step process:

a. Copy the image from the TFTP server to the slot0 in the supervisor engine software by entering the copy tftp slot0 command from the supervisor engine console.

b. After the image is copied to the supervisor engine slot0, enter the copy sup-slot0:<imagename> bootflash command in enable mode from the OC-12 ATM module console.

You will be asked the following question:

Erase bootflash:before copying? [confirm]

Answer yes.

After the image is copied to the bootflash, boot the new image by entering the reload command.

New and Changed Information

New Features in Release 12.1(27b)E4

There are no new features in Release 12.1(27b)E4.

New Features in Release 12.1(27b)E3

There are no new features in Release 12.1(27b)E3.

New Features in Release 12.1(27b)E2

There are no new features in Release 12.1(27b)E2.

New Features in Release 12.1(27b)E1

There are no new features in Release 12.1(27b)E1.

New Features in Release 12.1(27b)E

There are no new features in Release 12.1(27b)E.

New Features in Release 12.1(26)E9

There are no new features in Release 12.1(26)E9.

New Features in Release 12.1(26)E8

There are no new features in Release 12.1(26)E8.

New Features in Release 12.1(26)E7

There are no new features in Release 12.1(26)E7.

New Features in Release 12.1(26)E6

There are no new features in Release 12.1(26)E6.

New Features in Release 12.1(26)E5

There are no new features in Release 12.1(26)E5.

New Features in Release 12.1(26)E4

There are no new features in Release 12.1(26)E4.

New Features in Release 12.1(26)E3

There are no new features in Release 12.1(26)E3.

New Features in Release 12.1(26)E2

There are no new features in Release 12.1(26)E2.

New Features in Release 12.1(26)E1

There are no new features in Release 12.1(26)E1.

New Features in Release 12.1(26)E

There are no new features in Release 12.1(26)E.

New Features in Release 12.1(23)E4

There are no new features in Release 12.1(23)E4.

New Features in Release 12.1(23)E3

There are no new features in Release 12.1(23)E3.

New Features in Release 12.1(23)E1

There are no new features in Release 12.1(23)E1.

New Features in Release 12.1(23)E

There are no new features in Release 12.1(23)E.

New Features in Release 12.1(22)E6

There are no new features in Release 12.1(22)E6.

New Features in Release 12.1(22)E4

There are no new features in Release 12.1(22)E4.

New Features in Release 12.1(22)E1

There are no new features in Release 12.1(22)E1.

New Features in Release 12.1(22)E

There are no new features in Release 12.1(22)E.

New Features in Release 12.1(20)E6

There are no new features in Release 12.1(20)E6.

New Features in Release 12.1(20)E3

There are no new features in Release 12.1(20)E3.

New Features in Release 12.1(20)E1

There are no new features in Release 12.1(20)E1.

New Features in Release 12.1(20)E

There are no new features in Release 12.1(20)E.

New Features in Release 12.1(19)E2

There are no new features in Release 12.1(19)E2.

New Features in Release 12.1(19)E

There are no new features in Release 12.1(19)E.

New Features in Release 12.1(14)E4

There are no new features in Release 12.1(14)E4.

New Features in Release 12.1(14)E1

There are no new features in Release 12.1(14)E1.

New Features in Release 12.1(13)E

There are no new features in Release 12.1(13)E.

New Features in Release 12.1(12c)E1

There are no new features in Release 12.1(12c)E1.

New Features in Release 12.1(12c)E

There are no new features in Release 12.1(12c)E.

New Features in Release 12.1(11b)E12

There are no new features in Release 12.1(11b)E12.

New Features in Release 12.1(11b)E11

There are no new features in Release 12.1(11b)E11.

New Features in Release 12.1(11b)E

There are no new features in Release 12.1(11b)E.

New Features in Release 12.1(10)E5

There are no new features in Release 12.1(10)E5.

New Features in Release 12.1(10)E4

There are no new features in Release 12.1(10)E4.

New Features in Release 12.1(10)E

This section describes the new features in Release 12.1(10)E:

(CSCdv40427)

Jumbo frame support is provided for the Catalyst 6500 series ATM module (WS-X6101). Configuring the MTU size on the subinterface does not affect the maximum frame size that can be transferred on a Catalyst 6500 series ATM module. The maximum frame size (9218 bytes) is initialized when the module comes up and will not change when the MTU size changes using the CLI.

To bridge the jumbo frames, the feature should be enabled for the ATM module on the supervisor engine by using the set port jumbo mod/port command.

The PVCs on the ATM module can bridge frame size up to 9218 bytes. LECs also transfer frame size up to 9218 bytes. Interoperability issues may arise if the Catalyst 6500 series ATM module interacts with devices not supporting jumbo frames. The jumbo frame feature should not be enabled for the ATM module to interoperate with devices not supporting jumbo frames.

New Features in Release 12.1(8a)E

There are no new features in Release 12.1(8a)E.

New Features in Release 12.1(7a)E5

There are no new features in Release 12.1(7a)E5.

New Features in Release 12.1(6)E8

There are no new features in Release 12.1(6)E8.

New Features in Release 12.1(5c)E12

There are no new features in Release 12.1(5c)E12.

New Features in Release 12.1(5c)E10

There are no new features in Release 12.1(5c)E10.

New Features in Release 12.1(5a)E3

There are no new features in Release 12.1(5a)E3.

New Features in Release 12.1(4)E2

This section describes the new LANE QoS feature in Release 12.1(4)E2:

LANE QoS

The LANE Quality of Service (QoS) feature provides the capability to differentiate multiple classes of traffic. Traffic class differentiation is achieved by creating (multiple) VCCs with the desired QoS parameters. When the prioritized traffic is received, LEC forwards it on a VCC with matching QoS parameters.

LANE QoS supports the creation of Unspecified Bit Rate+ (UBR+) VCCs. A UBR+ VCC is a UBR VCC for which minimum cell rate (MCR) is guaranteed by the switch. If the switch cannot guarantee the rate you have specified for the UBR+ VCC, the LEC will revert to UBR with no MCR guarantee.

You can enable or disable the LANE QoS feature on a per-LEC basis by entering the qos option in the lane client command. The same ELAN can contain both QoS-capable and non-QoS capable LECs.


Note If a QoS VCC setup is rejected due to insufficient resources at the switch, the VCC setup falls back to UBR VCC.


On the Catalyst 6500 series ATM platform, the routed packet is classified by the class of service (CoS) value before it is handed over to the LANE. The LEC determines the VCC based on the packets' CoS. The CoS to VCC mapping is determined by the user configuration. Non-IP traffic and bridged traffic streams are always sent over the UBR+ VCC.

The Switched Port Analyzer (SPAN) feature will be added in a future maintenance release.

New Features in Release 12.1(2)E2

There are no new features in Release 12.1(2)E2.

New Features in Release 12.1(2)E1

There are no new features in Release 12.1(2)E1.

New Features in Release 12.0(5)XS2

There are no new features in Release 12.0(5)XS2.

Caveats

These sections describe the open and resolved caveats for the Cisco IOS software in Catalyst 6500 series ATM modules:

Release 12.1(27b)E4

Release 12.1(27b)E3

Release 12.1(27b)E2

Release 12.1(27b)E1

Release 12.1(27b)E

Release 12.1(26)E9

Release 12.1(26)E8

Release 12.1(26)E7

Release 12.1(26)E6

Release 12.1(26)E5

Release 12.1(26)E4

Release 12.1(26)E3

Release 12.1(26)E2

Release 12.1(26)E1

Release 12.1(26)E

Release 12.1(23)E4

Release 12.1(23)E3

Release 12.1(23)E1

Release 12.1(23)E1

Release 12.1(23)E

Release 12.1(22)E6

Release 12.1(22)E4

Release 12.1(22)E1

Release 12.1(22)E

Release 12.1(20)E6

Release 12.1(20)E1

Release 12.1(20)E

Release 12.1(19)E2

Release 12.1(19)E

Release 12.1(14)E4

Release 12.1(14)E1

Release 12.1(13)E

Release 12.1(12c)E1

Release 12.1(12c)E

Release 12.1(11b)E12

Release 12.1(11b)E11

Release 12.1(11b)E

Release 12.1(10)E5

Release 12.1(10)E4

Release 12.1(11b)E

Release 12.1(8a)E

Release 12.1(7a)E5

Release 12.1(6)E8

Release 12.1(5c)E12

Release 12.1(5c)E10

Release 12.1(5a)E3

Release 12.1(4)E2

Release 12.1(2)E2

Release 12.1(2)E1

Release 12.0(5)XS2

Release 12.1(27b)E4

These sections describe the open and resolved caveats in Release 12.1(27b)E4:

Open Caveats in Release 12.1(27b)E3

Resolved Caveats in Release 12.1(27b)E3

Open Caveats in Release 12.1(27b)E4

None.

Resolved Caveats in Release 12.1(27b)E4

Resolved Caveats for Product `all' and Component `dlsw'

CSCsk73104—Resolved in 12.1(27b)E4

Cisco IOS contains multiple vulnerabilities in the Data-link Switching (DLSw) feature that may result in a reload or memory leaks when processing specially crafted UDP or IP Protocol 91 packets.

Cisco has released free software updates that address these vulnerabilities. Workarounds are available to mitigate the effects of these vulnerabilities.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20080326-dlsw.html

Resolved Caveats for Product `all' and Component `vpdn'

CSCsj58566—Resolved in 12.1(27b)E4

Two vulnerabilities exist in the virtual private dial-up network (VPDN) solution when Point-to-Point Tunneling Protocol (PPTP) is used in certain Cisco IOS releases prior to 12.3. PPTP is only one of the supported tunneling protocols used to tunnel PPP frames within the VPDN solution.

The first vulnerability is a memory leak that occurs as a result of PPTP session termination. The second vulnerability may consume all interface descriptor blocks on the affected device because those devices will not reuse virtual access interfaces. If these vulnerabilities are repeatedly exploited, the memory and/or interface resources of the attacked device may be depleted.

Cisco has made free software available to address these vulnerabilities for affected customers.

There are no workarounds available to mitigate the effects of these vulnerabilities.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20080326-pptp.html

Identifier
Product
Component
Description

CSCsg39295

all

snmp

Syslog Displays Password if SCP or FTP Selected in CISCO-COPY-CONFIG-MIB

CSCsk26719

all

ip-acl

show ip access crash with per-user acl

CSCed52749

all

ospf

OSPF: route missing even though OSPF database still exists

CSCed95187

all

tcp

IP ID field is predictable for connectionless RST packets .


Release 12.1(27b)E3

These sections describe the open and resolved caveats in Release 12.1(27b)E3:

Open Caveats in Release 12.1(27b)E3

Resolved Caveats in Release 12.1(27b)E3

Open Caveats in Release 12.1(27b)E3

None.

Resolved Caveats in Release 12.1(27b)E3

CSCin95836—Resolved in Release 12.1(27b)E3.

The Cisco Next Hop Resolution Protocol (NHRP) feature in Cisco IOS contains a vulnerability that can result in a restart of the device or possible remote code execution.

NHRP is a primary component of the Dynamic Multipoint Virtual Private Network (DMVPN) feature.

NHRP can operate in three ways: at the link layer (Layer 2), over Generic Routing Encapsulation (GRE) and multipoint GRE (mGRE) tunnels and directly on IP (IP protocol number 54). This vulnerability affects all three methods of operation.

NHRP is not enabled by default for Cisco IOS.

This vulnerability is addressed by Cisco bug IDs CSCin95836 for non-12.2 mainline releases and CSCsi23231 for 12.2 mainline releases.

This advisory is posted at

http://www.cisco.com/en/US/products/csa/cisco-sa-20070808-nhrp.html.

Some UDP packets that have the Terminal Access Controller Access Control System (TACACS) port (49) as their destination might remain suspended in the interface queue. This problem occurs when TACACS+ is configured. This problem is resolved in Release 12.1(27b)E3. (CSCsb11698)

Release 12.1(27b)E2

These sections describe the open and resolved caveats in Release 12.1(27b)E2:

Open Caveats in Release 12.1(27b)E2

Resolved Caveats in Release 12.1(27b)E2

Open Caveats in Release 12.1(27b)E2

None.

Resolved Caveats in Release 12.1(27b)E2

CSCsd95616—Resolved in Release 12.1(27b)E2

Two crafted Protocol Independent Multicast (PIM) packet vulnerabilities exist in Cisco IOS software that may lead to a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

This advisory is posted at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20080924-multicast.

CSCsg70474—Resolved in Release 12.1(27b)E2

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Session Initiation Protocol (SIP)

Media Gateway Control Protocol (MGCP)

Signaling protocols H.323, H.254

Real-time Transport Protocol (RTP)

Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20070808-IOS-voice.html

Closing a Telnet session may cause a reload. This problem is resolved in Release 12.1(27b)E2. (CSCds33629)

In rare situations, intensive SNMP polling might use all available I/O memory. This problem is resolved in Release 12.1(27b)E2. (CSCeg11566)

For a system configured as an IP HTTP server, tracebacks and a reload might occur during HTTP transactions with URL tokens greater than 128 characters long. A token is a string delimited by slashes in a URL. This problem is resolved in Release 12.1(27b)E2. (CSCeg62070)

A Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.

Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.

Cisco IOS is affected by the following vulnerabilities:

Processing ClientHello messages, documented as Cisco bug ID CSCsb12598

Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304

Processing Finished messages, documented as Cisco bug ID CSCsd92405

Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20070522-SSL.html.


Note Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/en/US/products/csa/cisco-sa-20070522-crypto.html.


A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.

This problem is resolved in Release 12.1(27b)E2. (CSCsb12598, CSCsb40304, CSCsd92405)

A vulnerability exists in the Data-link Switching (DLSw) feature in Cisco IOS where an invalid value in a DLSw message could result in a reload of the DLSw device. Successful exploitation of this vulnerability requires that an attacker be able to establish a DLSw connection to the device.

There are workarounds available for this vulnerability.

This advisory is posted at

http://www.cisco.com/en/US/products/csa/cisco-sa-20070110-dlsw.html

This problem is resolved in Release 12.1(27b)E2. (CSCsf28840)

This bug documents the deprecation and removal of the Cisco IOS FTP Server feature. This problem is resolved in Release 12.1(27b)E2. (CSCsg16908)

Release 12.1(27b)E1

These sections describe the open and resolved caveats in Release 12.1(27b)E1 for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(27b)E1

Resolved Caveats in Release 12.1(27b)E1

Open Caveats in Release 12.1(27b)E1

None.

Resolved Caveats in Release 12.1(27b)E1

CSCsf04754—Resolved in Release 12.1(27b)E1.

Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server is an optional service that is disabled by default. Only SNMPv3 is impacted by these vulnerabilities. Workarounds are available for mitigating the impact of the vulnerabilities described in this document.

The United States Computer Emergency Response Team (US-CERT) has assigned Vulnerability Note VU#878044 to these vulnerabilities.

Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0960 has been assigned to these vulnerabilities.

This advisory will be posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20080610-snmpv3.html

CSCse68138—Resolved in Release 12.1(27b)E1.

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Session Initiation Protocol (SIP)

Media Gateway Control Protocol (MGCP)

Signaling protocols H.323, H.254

Real-time Transport Protocol (RTP)

Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20070808-IOS-voice.html

Cisco Catalyst 6000, 6500 series and Cisco 7600 series that have a Network Analysis Module installed are vulnerable to an attack, which could allow an attacker to gain complete control of the system. Only Cisco Catalyst systems that have a NAM on them are affected. This vulnerability affects systems that run Cisco IOS or Catalyst Operating System (CatOS).

Cisco has made free software available to address this vulnerability for affected customers.

A Cisco Security Advisory for this vulnerability is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20070228-nam.html

This problem is resolved in Release 12.1(27b)E1. (CSCsd75273, CSCse52951)


Note Cisco IOS software images for the Catalyst 6500 Series ATM modules do not support the Network Analysis Module, but Release 12.1(27b)E1 contains some of the software code modules affected by this problem.


The Cisco IOS Transmission Control Protocol (TCP) listener in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable memory leak that may lead to a denial of service condition.

This vulnerability only applies to traffic destined to the Cisco IOS device. Traffic transiting the Cisco IOS device will not trigger this vulnerability.

Cisco has made free software available to address this vulnerability for affected customers.

This issue is documented as Cisco bug ID CSCek37177.

There are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20070124-crafted-tcp.html

This problem is resolved in Release 12.1(27b)E1. (CSCek37177)

Symptoms: A router may crash if it receives a packet with a specific crafted IP option as detailed in Cisco Security Advisory: Crafted IP Option Vulnerability:

http://www.cisco.com/en/US/products/csa/cisco-sa-20070124-crafted-ip-option.html

Conditions: This DDTS resolves a symptom of CSCec71950. Cisco IOS with this specific DDTS are not at risk of crash if CSCec71950 has been resolved in the software.

Workaround: Cisco IOS versions with the fix for CSCec71950 are not at risk for this issue and no workaround is required. If CSCec71950 is not resolved, see the following Cisco Security Advisory: Crafted IP Option Vulnerability for workaround information:

http://www.cisco.com/en/US/products/csa/cisco-sa-20070124-crafted-ip-option.html

This problem is resolved in Release 12.1(27b)E1 (CSCek26492)

A vulnerability exists in the IOS HTTP server in which HTML code inserted into dynamically generated output, such as the output from a show buffers command, will be passed to the browser requesting the page. This HTML code could be interpreted by the client browser and potentially execute malicious commands against the device or other possible cross-site scripting attacks. Successful exploitation of this vulnerability requires that a user browse a page containing dynamic content in which HTML commands have been injected.

Cisco will be making free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at:

http://www.cisco.com/en/US/products/csa/cisco-sa-20051201-http.html

This problem is resolved in Release 12.1(27b)E1. (CSCsc64976)

When CDP packets are received over a virtual circuit (VC), the ATM module might not be able to receive any cells on any VC. This problem is resolved in Release 12.1(27b)E1. (CSCse89073)

Release 12.1(27b)E

These sections describe the open and resolved caveats in Release 12.1(27b)E for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(27b)E

Resolved Caveats in Release 12.1(27b)E

Open Caveats in Release 12.1(27b)E

None.

Resolved Caveats in Release 12.1(27b)E

Symptoms: Router may generate and/or forward crafted IP packets with the source IP address being the routers tunnel interface for GRE or mGRE tunnels. Incorrect packet decoding may be seen with "debug tunnel."

Conditions: The router needs to receive a specially crafted GRE packet sent to the tunnel end-point. The outer IP packet must come from the configured tunnel source and be sent to the configured tunnel destination IP address Present Routed bit must be set to 1.

Workaround: Upgrade Cisco IOS to a version containing fixes for: CSCuk27655 or CSCea22552 or CSCei62762.

Further information: On the 6th September 2006, Phenoelit Group posted an advisory:

Cisco Systems IOS GRE decapsulation fault

Cisco's statement and further information are available on the Cisco public website at:

http://www.cisco.com/en/US/products/csr/cisco-sr-20060906-gre.html

This problem is resolved in Release 12.1(27b)E. (CSCei62762)

Release 12.1(26)E9

These sections describe the open and resolved caveats in Release 12.1(26)E9 for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(26)E8

Resolved Caveats in Release 12.1(26)E8

Open Caveats in Release 12.1(26)E9

None.

Resolved Caveats in Release 12.1(26)E9

CSCin95836—Resolved in Release 12.1(26)E9.

The Cisco Next Hop Resolution Protocol (NHRP) feature in Cisco IOS contains a vulnerability that can result in a restart of the device or possible remote code execution.

NHRP is a primary component of the Dynamic Multipoint Virtual Private Network (DMVPN) feature.

NHRP can operate in three ways: at the link layer (Layer 2), over Generic Routing Encapsulation (GRE) and multipoint GRE (mGRE) tunnels and directly on IP (IP protocol number 54). This vulnerability affects all three methods of operation.

NHRP is not enabled by default for Cisco IOS.

This vulnerability is addressed by Cisco bug IDs CSCin95836 for non-12.2 mainline releases and CSCsi23231 for 12.2 mainline releases.

This advisory is posted at

http://www.cisco.com/en/US/products/csa/cisco-sa-20070808-nhrp.html.

CSCse24889—Resolved in Release 12.1(26)E9.

Symptoms: Malformed SSH version 2 packets may cause a memory leak, causing the platform to operate under a degraded condition. Under rare circumstances, the platform may reload to recover itself.

Conditions: This symptom is observed on a Cisco platform that is configured for SSH version 2 after it has received malformed SSHv2 packets.

Workaround: As an interim solution until the affected platform can be upgraded to a Cisco IOS software image that contains the fix for caveat CSCse24889, configure SSH version 1 from the global configuration mode, as in the following example:

config t
ip ssh version 1
end

Alternate Workaround: Permit only known trusted hosts and/or networks to connect to the router by creating a vty access list, as in the following example:

10.1.1.0/24 is a trusted network that is permitted access to the router, all other access is denied

access-list 99 permit 10.1.1.0 0.0.0.255
access-list 99 deny any
line vty 0 4
access-class 99 in
end

Further Problem Description:

For information about configuring vty access lists, see the Controlling Access to a Virtual Terminal Line document:

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_cntrl_acc_vtl.html

For information about SSH, see the Configuring Secure Shell on Routers and Switches Running Cisco IOS document:

http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml

CSCsg40567—Resolved in Release 12.1(26)E9.

Symptoms: Malformed SSL packets may cause a router to leak multiple memory blocks.

Conditions: This symptom is observed on a Cisco router that has the ip http secure server command enabled.

Workaround: Disable the ip http secure server command.

CSCsg70474—Resolved in Release 12.1(26)E9.

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Session Initiation Protocol (SIP)

Media Gateway Control Protocol (MGCP)

Signaling protocols H.323, H.254

Real-time Transport Protocol (RTP)

Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20070808-IOS-voice.html

Some UDP packets that have the Terminal Access Controller Access Control System (TACACS) port (49) as their destination might remain suspended in the interface queue. This problem occurs when TACACS+ is configured. This problem is resolved in Release 12.1(26)E9. (CSCsb11698)

With RCP enabled, a reload might occur when the system receives a spoofed RCP packet that contains a specific data content. This problem is resolved in Release 12.1(26)E9. (CSCse05736)

Release 12.1(26)E8

These sections describe the open and resolved caveats in Release 12.1(26)E8 for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(26)E8

Resolved Caveats in Release 12.1(26)E8

Open Caveats in Release 12.1(26)E8

None.

Resolved Caveats in Release 12.1(26)E8

CSCsf04754—Resolved in Release 12.1(26)E8.

Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server is an optional service that is disabled by default. Only SNMPv3 is impacted by these vulnerabilities. Workarounds are available for mitigating the impact of the vulnerabilities described in this document.

The United States Computer Emergency Response Team (US-CERT) has assigned Vulnerability Note VU#878044 to these vulnerabilities.

Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0960 has been assigned to these vulnerabilities.

This advisory will be posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20080610-snmpv3.html

CSCse68138—Resolved in Release 12.1(26)E8.

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Session Initiation Protocol (SIP)

Media Gateway Control Protocol (MGCP)

Signaling protocols H.323, H.254

Real-time Transport Protocol (RTP)

Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20070808-IOS-voice.html

A Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.

Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.

Cisco IOS is affected by the following vulnerabilities:

Processing ClientHello messages, documented as Cisco bug ID CSCsb12598

Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304

Processing Finished messages, documented as Cisco bug ID CSCsd92405

Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20070522-SSL.html.


Note Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/en/US/products/csa/cisco-sa-20070522-crypto.html.


A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.

This problem is resolved in Release 12.1(26)E8. (CSCsb12598, CSCsb40304, CSCsd92405)

Cisco Catalyst 6000, 6500 series and Cisco 7600 series that have a Network Analysis Module installed are vulnerable to an attack, which could allow an attacker to gain complete control of the system. Only Cisco Catalyst systems that have a NAM on them are affected. This vulnerability affects systems that run Cisco IOS or Catalyst Operating System (CatOS).

Cisco has made free software available to address this vulnerability for affected customers.

A Cisco Security Advisory for this vulnerability is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20070228-nam.html

This problem is resolved in Release 12.1(26)E8. (CSCsd75273, CSCse52951)


Note Cisco IOS software images for the Catalyst 6500 Series ATM modules do not support the Network Analysis Module, but Release 12.1(26)E8 contains some of the software code modules affected by this problem.


Closing a Telnet session may cause a reload. This problem is resolved in Release 12.1(26)E8. (CSCds33629)

A vulnerability exists in the IOS HTTP server in which HTML code inserted into dynamically generated output, such as the output from a show buffers command, will be passed to the browser requesting the page. This HTML code could be interpreted by the client browser and potentially execute malicious commands against the device or other possible cross-site scripting attacks. Successful exploitation of this vulnerability requires that a user browse a page containing dynamic content in which HTML commands have been injected.

Cisco will be making free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at:

http://www.cisco.com/en/US/products/csa/cisco-sa-20051201-http.html

This problem is resolved in Release 12.1(26)E8. (CSCsc64976)

Release 12.1(26)E7

These sections describe the open and resolved caveats in Release 12.1(26)E7 for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(26)E7

Resolved Caveats in Release 12.1(26)E7

Open Caveats in Release 12.1(26)E7

None.

Resolved Caveats in Release 12.1(26)E7

The Cisco IOS Transmission Control Protocol (TCP) listener in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable memory leak that may lead to a denial of service condition.

This vulnerability only applies to traffic destined to the Cisco IOS device. Traffic transiting the Cisco IOS device will not trigger this vulnerability.

Cisco has made free software available to address this vulnerability for affected customers.

This issue is documented as Cisco bug ID CSCek37177.

There are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20070124-crafted-tcp.html

This problem is resolved in Release 12.1(26)E7 (CSCek37177)

Symptoms: A router may crash if it receives a packet with a specific crafted IP option as detailed in Cisco Security Advisory: Crafted IP Option Vulnerability:

http://www.cisco.com/en/US/products/csa/cisco-sa-20070124-crafted-ip-option.html

Conditions: This DDTS resolves a symptom of CSCec71950. Cisco IOS with this specific DDTS are not at risk of crash if CSCec71950 has been resolved in the software.

Workaround: Cisco IOS versions with the fix for CSCec71950 are not at risk for this issue and no workaround is required. If CSCec71950 is not resolved, see the following Cisco Security Advisory: Crafted IP Option Vulnerability for workaround information:

http://www.cisco.com/en/US/products/csa/cisco-sa-20070124-crafted-ip-option.html

This problem is resolved in Release 12.1(26)E7 (CSCek26492)

Symptoms: The VTP feature in certain versions of Cisco IOS software may be vulnerable to a crafted packet sent from the local network segment which may lead to denial of service condition.

Conditions: The packets must be received on a trunk enabled port.

Further Information: On the 13th September 2006, Phenoelit Group posted an advisory containing three vulnerabilities:

VTP Version field DoS

Integer Wrap in VTP revision

Buffer Overflow in VTP VLAN name

These vulnerabilities are addressed by Cisco IDs:

CSCsd52629/CSCsd34759—VTP version field DoS

CSCse40078/CSCse47765—Integer Wrap in VTP revision

CSCsd34855/CSCei54611—Buffer Overflow in VTP VLAN name

Cisco's statement and further information are available on the Cisco public website at http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20060913-vtp

This problem is resolved in Release 12.1(26)E7. (CCSCsd34759)

Symptoms: The VTP feature in certain versions of Cisco IOS software is vulnerable to a locally-exploitable buffer overflow condition and potential execution of arbitrary code. If a VTP summary advertisement is received with a Type-Length-Value (TLV) containing a VLAN name greater than 100 characters, the receiving switch will reset with an Unassigned Exception error.

Conditions: The packets must be received on a trunk enabled port, with a matching domain name and a matching VTP domain password (if configured).

Further Information: On the 13th September 2006, Phenoelit Group posted an advisory containing three vulnerabilities:

VTP Version field DoS

Integer Wrap in VTP revision

Buffer Overflow in VTP VLAN name

These vulnerabilities are addressed by Cisco IDs:

CSCsd52629/CSCsd34759—VTP version field DoS

CSCse40078/CSCse47765—Integer Wrap in VTP revision

CSCsd34855/CSCei54611—Buffer Overflow in VTP VLAN name

Cisco's statement and further information are available on the Cisco public website at http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20060913-vtp

This problem is resolved in Release 12.1(26)E7. (CSCsd34855)

Symptoms: Router may generate and/or forward crafted IP packets with the source IP address being the routers tunnel interface for GRE or mGRE tunnels. Incorrect packet decoding may be seen with "debug tunnel."

Conditions: The router needs to receive a specially crafted GRE packet sent to the tunnel end-point. The outer IP packet must come from the configured tunnel source and be sent to the configured tunnel destination IP address Present Routed bit must be set to 1.

Workaround: Upgrade Cisco IOS to a version containing fixes for: CSCuk27655 or CSCea22552 or CSCei62762.

Further information: On the 6th September 2006, Phenoelit Group posted an advisory:

Cisco Systems IOS GRE decapsulation fault

Cisco's statement and further information are available on the Cisco public website at:

http://www.cisco.com/en/US/products/csr/cisco-sr-20060906-gre.html

This problem is resolved in Release 12.1(26)E7. (CSCei62762)

Release 12.1(26)E6

These sections describe the open and resolved caveats in Release 12.1(26)E6 for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(26)E6

Resolved Caveats in Release 12.1(26)E6

Open Caveats in Release 12.1(26)E6

None.

Resolved Caveats in Release 12.1(26)E6

None.

Release 12.1(26)E5

These sections describe the open and resolved caveats in Release 12.1(26)E5 for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(26)E5

Resolved Caveats in Release 12.1(26)E5

Open Caveats in Release 12.1(26)E5

CSCsc38900

Occasionally, large IP packets become corrupted on a Catalyst 6500 series ATM module WS-X6101, which interrupts IP connectivity over the ATM virtual circuit (VC). The problem is unrelated to hardware, although the cause is unknown.

Workaround: You can recover IP connectivity temporarily by reloading the ATM module, reloading the switch, or performing OIR.


Note CSCsc38900 is not seen in later releases.


Resolved Caveats in Release 12.1(26)E5

CSCeh73049

Symptoms: A vulnerability exists within the Cisco IOS Authentication, Authorization, and Accounting (AAA) command authorization feature, where command authorization checks are not performed on commands executed from the Tool Command Language (TCL) exec shell. This may allow authenticated users to bypass command authorization checks in some configurations resulting in unauthorized privilege escalation.

Conditions: Devices that are not running AAA command authorization feature, or do not support TCL functionality are not affected by this vulnerability.

This vulnerability is present in all versions of Cisco IOS that support the tclsh command.

Workaround: This advisory with appropriate workarounds is posted at

http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20060125-aaatcl

CSCin93225

When a supervisor engine switchover occurs on the Catalyst 6500 series LANE ATM module WS-X6101, the supervisor engine does not recognize that the active VLANs are forwarding packets on the spanning tree.

Workaround: Enter the shut/no shut command on the ATM module interface so that the supervisor engine will recognize that the active VLANs are forwarding packets on the spanning tree.

CSCsb84790

On a Catalyst 6500 series ATM module, the Section BIP-8 errors should increment only when the module is first installed or when there is a problem on the fiber WAN segment. However, when you enter the show controllers command, the number of Section BIP-8 errors that display will increment, even when no fiber is connected to the physical a or physical b interfaces. This problem appears on the Catalyst 6500 series ATM module WS-X6101.

Workaround: Disregard the Section BIP-8 error count.

Release 12.1(26)E4

These sections describe the open and resolved caveats in Release 12.1(26)E4 for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(26)E4

Resolved Caveats in Release 12.1(26)E4

Open Caveats in Release 12.1(26)E4

CSCin93225

When a supervisor engine switchover occurs on the Catalyst 6500 series LANE ATM module WS-X6101, the supervisor engine does not recognize that the active VLANs are forwarding packets on the spanning tree.

Workaround: Enter the shut/no shut command on the ATM module interface so that the supervisor engine will recognize that the active VLANs are forwarding packets on the spanning tree.

CSCsb84790

On a Catalyst 6500 series ATM module, the Section BIP-8 errors should increment only when the module is first installed or when there is a problem on the fiber WAN segment. However, when you enter the show controllers command, the number of Section BIP-8 errors that display will increment, even when no fiber is connected to the physical a or physical b interfaces. This problem appears on the Catalyst 6500 ATM module WS-X6101.

Workaround: Disregard the Section BIP-8 error count.

Resolved Caveats in Release 12.1(26)E4

None.

Release 12.1(26)E3

These sections describe the open and resolved caveats in Release 12.1(26)E3 for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(26)E3

Resolved Caveats in Release 12.1(26)E3

Open Caveats in Release 12.1(26)E3

CSCin93225

When a supervisor engine switchover occurs on the Catalyst 6500 series LANE ATM module WS-X6101, the supervisor engine does not recognize that the active VLANs are forwarding packets on the spanning tree.

Workaround: Enter the shut/no shut command on the ATM module interface so that the supervisor engine will recognize that the active VLANs are forwarding packets on the spanning tree.

CSCeg25504

When a Catalyst 6500 series LANE ATM module uses Cisco IOS software Release 12.1E1 and acts as a LAN Emulation Client (LEC), it is possible for a connected router to be a member of an ELAN that uses BUS to send traffic. In such configurations, some Catalyst 6500 LANE ATM modules will not perform correctly, while other devices on same ELAN will be fully operational.

Workaround: Clear the LAN Emulation Address Resolution Protocol (LE-ARP) entry for the module MAC address.

Resolved Caveats in Release 12.1(26)E3

CSCei76358

Through normal software maintenance processes, Cisco is removing deprecated functionality. These changes have no impact on system operation or feature availability.

CSCei61732

Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.

Cisco has made free software available that includes the additional integrity checks for affected customers.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20051102-timers.html.

Release 12.1(26)E2

These sections describe the open and resolved caveats in Release 12.1(26)E2 for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(26)E2

Resolved Caveats in Release 12.1(26)E2

Open Caveats in Release 12.1(26)E2

CSCin93225

When a supervisor engine switchover occurs on the Catalyst 6500 series LANE ATM module WS-X6101, the supervisor engine does not recognize that the active VLANs are forwarding packets on the spanning tree.

Workaround: Enter the shut/no shut command on the ATM module interface so that the supervisor engine will recognize that the active VLANs are forwarding packets on the spanning tree.

CSCeg25504

When a Catalyst 6500 series LANE ATM module uses Cisco IOS software Release 12.1E1 and acts as a LAN Emulation Client (LEC), it is possible for a connected router to be a member of an ELAN that uses BUS to send traffic. In such configurations, some Catalyst 6500 LANE ATM modules will not perform correctly, while other devices on same ELAN will be fully operational.

Workaround: Clear the LAN Emulation Address Resolution Protocol (LE-ARP) entry for the module MAC address.

Resolved Caveats in Release 12.1(26)E2

CSCsa69110

On a Catalyst 6000 series switch or a Catalyst 6500 series switch, if PVCs that are configured on a WS-X6101 LANE ATM module and mapped to a VLAN are shutting down, the spanning-tree process continues to recognize the ATM port as active in the VLAN. This problem occurs only when the PVC on the LANE module is configured for Operation, Administration, and Maintenance (OAM) and shuts down because of an OAM failure.

Workaround: None.

Release 12.1(26)E1

These sections describe the open and resolved caveats in Release 12.1(26)E1 for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(26)E1

Resolved Caveats in Release 12.1(26)E1

Open Caveats in Release 12.1(26)E1

CSCsa61190

On a Catalyst 6500 series switch, if PVCs that are configured on a WS-X6101 LANE module and mapped to a VLAN are shut down, the spanning-tree process continues to see the ATM port as active in the VLAN. This problem occurs only when the PVC on the LANE module is configured for Operation, Administration, and Maintenance (OAM) and shuts down because of an OAM failure.

Workaround: None.

CSCeg25504

A Catalyst 6500 series ATM LANE module that uses Cisco IOS Release 12.1E1 as a LAN Emulation Client (LEC) might have a connected router as a member of the ELAN and use a broadcast and unknown server (BUS) to send traffic. The module might not perform correctly, while other devices on the same ELAN are performing correctly.

Workaround: Clear the le-arp entry for the specific MAC address.

Resolved Caveats in Release 12.1(26)E1

CSCef53501

On a Catalyst 6500 series switch operating in hybrid mode, peripheral interface manager (PIM) hello packets that need to be transmitted on a WS-X6101 module are dropped when an ATM PVC is configured on a WS-X6101 module. This condition appears only on a Supervisor Engine 720 when IGMP snooping is enabled. This condition appears in Catalyst operating system software release 8.3(1) and later releases.

Workaround: Disable IGMP snooping, or use Catalyst operating system software release 8.2 or an earlier release.

CSCin71412

When you configure approximately 1000 PVCs for traffic shaping on a Catalyst 6500 series switch, and the WX-X6101 ATM module sends multicast traffic at 300 Mbps, an excessive interface flapping THOST timeout occurs, and the module fails to forward the traffic.

Workaround: None.

CSCeg53817

The CAM entry on the supervisor engine does not get updated on the core switch. If the Ethernet connection to the end station is disconnected and then reconnected to the LANE switch, there is no IP connectivity. If the station was disconnected and reconnected after four hours, the connection works properly.

Workaround: Ping the switched virtual interface (SVI) IP address on the core switch. The station which was moved might be pinging another station that is connected to the Ethernet behind the core switch.

CSCef60659

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20050412-icmp.html.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected.

CSCsa59600

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20050412-icmp.html.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected.

CSCef44699

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20050412-icmp.html.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected.

Release 12.1(26)E

These sections describe the open and resolved caveats in Release 12.1(26)E for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(26)E

Resolved Caveats in Release 12.1(26)E

Open Caveats in Release 12.1(26)E

CSCeg25504

A Catalyst 6500 series ATM LANE module that uses Cisco IOS Release 12.1E1 as a LAN Emulation Client (LEC) might have a connected router as a member of the ELAN and use a broadcast and unknown server (BUS) to send traffic. The module might not perform correctly, while other devices on the same ELAN are performing correctly.

Workaround: Clear the le-arp entry for the specific MAC address.

CSCef53501

On a Catalyst 6500 series switch operating in hybrid mode, peripheral interface manager (PIM) hello packets that need to be transmitted on a WS-X6101 module are dropped when an ATM PVC is configured on a WS-X6101 module. This condition appears only on a Supervisor Engine 720 when IGMP snooping is enabled. This condition appears in Catalyst operating system software release 8.3(1) and later releases.

Workaround: Disable IGMP snooping, or use Catalyst operating system software release 8.2 or an earlier release.

CSCin71412

When you configure approximately 1000 PVCs for traffic shaping on a Catalyst 6500 series switch, and the WX-X6101 ATM module sends multicast traffic at 300 Mbps, an excessive interface flapping THOST timeout occurs, and the module fails to forward the traffic.

Workaround: None.

Resolved Caveats in Release 12.1(26)E

CSCee45196

A Catalyst 6500 series ATM module (WS-X6101) using Cisco IOS Release 12.1(20)E1 with RFC 1483 PVCs and bind statements configured will not parse the atm bind pvc commands into the running configuration if the interface is in a down/down (not connected) state when the module is reset.

Workaround: If the main interface is administratively shut down when the module is reset, the problem does not occur. If you enter the copy start run command after reloading the module, the atm bind pvc commands are parsed into the running configuration.

CSCdy39020

When you use the show port command on the Catalyst 6500 series supervisor engine for the LANE ATM module, the output mistakenly shows that both ports are connected, even if they are disconnected. Functionality is not affected.

Workaround: None.

CSCed78149

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20050412-icmp.html.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected.

CSCef44225

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20050412-icmp.html.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected.

Release 12.1(23)E4

These sections describe the open and resolved caveats in Release 12.1(23)E4 for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(23)E4

Resolved Caveats in Release 12.1(23)E4

Open Caveats in Release 12.1(23)E4

None.

Resolved Caveats in Release 12.1(23)E4

CSCeh13489

Receipt of a Border Gateway Protocol (BGP) Autonomous System (AS) path with a length that is equal to or greater than 255 might reset the BGP session. This problem is resolved in Release 12.1(26)E3.

CSCei61732

Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.

Cisco has made free software available that includes the additional integrity checks for affected customers.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20051102-timers.html.

Release 12.1(23)E3

These sections describe the open and resolved caveats in Release 12.1(23)E3 for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(23)E3

Resolved Caveats in Release 12.1(23)E3

Open Caveats in Release 12.1(23)E3

None.

Resolved Caveats in Release 12.1(23)E3

CSCef60659, CSCef44225, CSCsa59600, CSCef44699

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages

2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks

3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type. Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at

http://www.cisco.com/en/US/products/csa/cisco-sa-20050412-icmp.html

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected.

Release 12.1(23)E1

These sections describe the open and resolved caveats in Release 12.1(23)E1 for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(23)E1

Resolved Caveats in Release 12.1(23)E1

Open Caveats in Release 12.1(23)E1

CSCef53501

On a Catalyst 6500 series switch operating in hybrid mode, peripheral interface manager (PIM) hello packets that need to be transmitted on a WS-X6101 module are dropped when an ATM PVC is configured on a WS-X6101 module. This condition appears only on a Supervisor Engine 720 when IGMP snooping is enabled. This condition appears in Catalyst operating system software release 8.3(1) and later releases.

Workaround: Disable IGMP snooping, or use Catalyst operating system software release 8.2 or an earlier release.

CSCee45196

A Catalyst 6500 series ATM module (WS-X6101) using Cisco IOS Release 12.1(20)E1 with RFC 1483 PVCs and bind statements configured will not parse the atm bind pvc commands into the running configuration if the interface is in a down/down (not connected) state when the module is reset.

Workaround: If the main interface is administratively shut down when the module is reset, the problem does not occur. If you enter the copy start run command after reloading the module, the atm bind pvc commands are parsed into the running configuration.

CSCin71412

When you configure approximately 1000 PVCs for traffic shaping on a Catalyst 6500 series switch, and the WX-X6101 ATM module sends multicast traffic at 300 Mbps, an excessive interface flapping THOST timeout occurs, and the module fails to forward the traffic.

Workaround: None.

Resolved Caveats in Release 12.1(23)E1

CSCed78149

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20050412-icmp.html.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected.

Release 12.1(23)E

These sections describe the open and resolved caveats in Release 12.1(23)E for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(23)E

Resolved Caveats in Release 12.1(23)E

Open Caveats in Release 12.1(23)E

A Catalyst 6500 series ATM module (WS-X6101) using Cisco IOS Release 12.1(20)E1 with RFC 1483 PVCs and bind statements configured will not parse the atm bind pvc commands into the running configuration if the interface is in a down/down (not connected) state when the module is reset.

Workaround: If the main interface is administratively shut down when the module is reset, the problem does not occur. If you enter the copy start run command after reloading the module, the atm bind pvc commands are parsed into the running configuration.

(CSCee45196)

When you configure approximately 1000 PVCs for traffic shaping on a Catalyst 6500 series switch, and the WX-X6101 ATM module sends multicast traffic at 300 Mbps, an excessive interface flapping THOST timeout occurs, and the module fails to forward the traffic.

Workaround: None.

(CSCin71412)

Resolved Caveats in Release 12.1(23)E

Cisco routers and switches running Cisco IOS or Cisco IOS XR software may be vulnerable to a remotely exploitable crafted IP option Denial of Service (DoS) attack. Exploitation of the vulnerability may potentially allow for arbitrary code execution. The vulnerability may be exploited after processing an Internet Control Message Protocol (ICMP) packet, Protocol Independent Multicast version 2 (PIMv2) packet, Pragmatic General Multicast (PGM) packet, or URL Rendezvous Directory (URD) packet containing a specific crafted IP option in the packet's IP header. No other IP protocols are affected by this issue.

Cisco has made free software available to address this vulnerability for affected customers.

There are workarounds available to mitigate the effects of the vulnerability.

This vulnerability was discovered during internal testing. This advisory is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20070124-crafted-ip-option.html

This problem is resolved in Release 12.1(23)E. (CSCec71950)

CSCed65285

Certain release trains of Cisco Internetwork Operating System (IOS), when configured to use the Cisco IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access Control System Plus (TACACS+) as a means to perform remote management tasks on Cisco IOS devices, may contain two vulnerabilities that can potentially cause Cisco IOS devices to exhaust resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial of Service (DoS) condition. Use of SSH with Remote Authentication Dial In User Service (RADIUS) is not affected by these vulnerabilities.

Cisco has made free software available to address these vulnerabilities for all affected customers. There are workarounds available to mitigate the effects of the vulnerability (see the "Workarounds" section of the full advisory for details.)

This advisory will be posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20050406-ssh.html

CSCed94665

If you reload a WS-X6101-OC12-MMF ATM module when using Cisco IOS Releases 12.1(19)E2 and later, the module will not retain the atm uni-version command, even when you enter the
no atm auto-configuration command under the ATM0 interface.

CSCin70148

Under stress conditions and with PVC traffic shaping configured, THOST timeout occurs on a WS-X6101-OC12-MMF ATM module, and it fails to forward traffic.

Workaround: None

Release 12.1(22)E6

These sections describe the open and resolved caveats in Release 12.1(22)E6 for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(22)E6

Resolved Caveats in Release 12.1(22)E6

Open Caveats in Release 12.1(22)E6

None.

Resolved Caveats in Release 12.1(22)E6

CSCef60659, CSCef44225, CSCsa59600, CSCef44699

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages

2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks

3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at

http://www.cisco.com/en/US/products/csa/cisco-sa-20050412-icmp.html

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected.

Release 12.1(22)E4

These sections describe the open and resolved caveats in Release 12.1(22)E4 for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(22)E4

Resolved Caveats in Release 12.1(22)E4

Open Caveats in Release 12.1(22)E4

CSCef53501

On a Catalyst 6500 series switch operating in hybrid mode, peripheral interface manager (PIM) hello packets that need to be transmitted on a WS-X6101 module are dropped when an ATM PVC is configured on a WS-X6101 module. This condition appears only on a Supervisor Engine 720 when IGMP snooping is enabled. This condition appears in Catalyst operating system software release 8.3(1) and later releases.

Workaround: Disable IGMP snooping, or use Catalyst operating system software release 8.2 or an earlier release.

CSCee45196

A Catalyst 6500 series ATM module (WS-X6101) using Cisco IOS Release 12.1(20)E1 with RFC 1483 PVCs and bind statements configured will not parse the atm bind pvc commands into the running configuration if the interface is in a down/down (not connected) state when the module is reset.

Workaround: If the main interface is administratively shut down when the module is reset, the problem does not occur. If you enter the copy start run command after reloading the module, the atm bind pvc commands are parsed into the running configuration.

CSCin71412

When you configure approximately 1000 PVCs for traffic shaping on a Catalyst 6500 series switch, and the WX-X6101 ATM module sends multicast traffic at 300 Mbps, an excessive interface flapping THOST timeout occurs, and the module fails to forward the traffic.

Workaround: None.

Resolved Caveats in Release 12.1(22)E4

None.

Release 12.1(22)E1

These sections describe the open and resolved caveats in Release 12.1(22)E1 for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(22)E1

Resolved Caveats in Release 12.1(22)E1

Open Caveats in Release 12.1(22)E1

CSCed94655

A Catalyst 6500 series ATM module WS-X6101-OC12-MMF that uses Cisco IOS software Release 12.1(19)E2 and later releases will not save the atm uni-version command after the module is reloaded on the switch, even after you enter the no atm auto-configuration command from the ATM0 interface.

Workaround: Reconfigure the atm-universion command after reloading the module on the switch.

Resolved Caveats in Release 12.1(22)E1

CSCed71266

When an ATM module WS-X6101 running a LAN emulation client (LEC) receives a gratuitous ARP packet from a Catalyst 6500 series NMP (Network Management Processor) (such as an HSRP configured on an MSFC) the packet is forwarded to all LECs on the emulated LAN (ELAN). The LEC on the WS-X6101 ATM module receives this packet on the BUS VC and places this ARP packet in the NMP queue, even though the LEC on the WS-X6101 module sourced it.

CSCed27956

A vulnerability in Transmission Control Protocol specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in much shorter time then was previously publicly discussed. This can lead to a Denial of Service attack. Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated session, which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (e.g., router, switch, computer) and not to the sessions that are only passing through the device (e.g., transit traffic that is being routed by a router).

All Cisco products which contain TCP stack are susceptible to this vulnerability.

This advisory is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-ios.html, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS software.

CSCed38527

A vulnerability in Transmission Control Protocol specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in much shorter time then was previously publicly discussed. This can lead to a Denial of Service attack. Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated session, which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (e.g., router, switch, computer) and not to the sessions that are only passing through the device (e.g., transit traffic that is being routed by a router).

All Cisco products which contain TCP stack are susceptible to this vulnerability.

This advisory is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-ios.html, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS software.

CSCed93836

A vulnerability in Transmission Control Protocol specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in much shorter time then was previously publicly discussed. This can lead to a Denial of Service attack. Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated session, which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (e.g., router, switch, computer) and not to the sessions that are only passing through the device (e.g., transit traffic that is being routed by a router).

All Cisco products which contain TCP stack are susceptible to this vulnerability.

This advisory is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-ios.html, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS software.

CSCdz84583

A vulnerability in Transmission Control Protocol specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in much shorter time then was previously publicly discussed. This can lead to a Denial of Service attack. Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated session, which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (e.g., router, switch, computer) and not to the sessions that are only passing through the device (e.g., transit traffic that is being routed by a router).

All Cisco products which contain TCP stack are susceptible to this vulnerability.

This advisory is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-ios.html, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS software.

CSCed35253

Symptoms: A router may reload unexpectedly after it attempts to access a low memory address.

Conditions: This symptom is observed after ACLs have been updated dynamically or after the router has responded dynamically to an IDS signature.

Workaround: Disable IP Inspect and IDS.

Release 12.1(22)E

These sections describe the open and resolved caveats in Release 12.1(22)E for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(22)E

Resolved Caveats in Release 12.1(22)E

Open Caveats in Release 12.1(22)E

CSCed94655

A Catalyst 6500 series ATM module WS-X6101-OC12-MMF that uses Cisco IOS software Release 12.1(19)E2 and later releases will not save the atm uni-version command after the module is reloaded on the switch, even after you enter the no atm auto-configuration command under the ATM0 interface.

Workaround: Reconfigure the atm-universion command after reloading the module on the switch.

Resolved Caveats in Release 12.1(22)E

CSCed65778

Certain release trains of Cisco Internetwork Operating System (IOS), when configured to use the Cisco IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access Control System Plus (TACACS+) as a means to perform remote management tasks on Cisco IOS devices, may contain two vulnerabilities that can potentially cause Cisco IOS devices to exhaust resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial of Service (DoS) condition. Use of SSH with Remote Authentication Dial In UserService (RADIUS) is not affected by these vulnerabilities.

Cisco has made free software available to address these vulnerabilities for all affected customers. There are workarounds available to mitigate the effects of the vulnerability. (See the "Workarounds" section of the full advisory for details.)

This advisory will be posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20050406-ssh.html

Release 12.1(20)E6

These sections describe the open and resolved caveats in Release 12.1(20)6 for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(20)E6

Resolved Caveats in Release 12.1(20)E6

Open Caveats in Release 12.1(20)E6

This section describes the open caveats in Release 12.1(20)E6:

CSCed65778

Certain release trains of Cisco Internetwork Operating System (IOS), when configured to use the Cisco IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access Control System Plus (TACACS+) as a means to perform remote management tasks on Cisco IOS devices, may contain two vulnerabilities that can potentially cause Cisco IOS devices to exhaust resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial of Service (DoS) condition. Use of SSH with Remote Authentication Dial In UserService (RADIUS) is not affected by these vulnerabilities.

Cisco has made free software available to address these vulnerabilities for all affected customers. There are workarounds available to mitigate the effects of the vulnerability (see the "Workarounds" section of the full advisory for details.)

This advisory will be posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20050406-ssh.html

CSCds22874

When a LAN Emulation Client (LEC) on a Catalyst 6500 series ATM module receives wrongly formatted LANE control frames, the module generates this message:

%LANE-3-LEC_CONTROL_MSG: Received bad control message on interface ATM1/0.101

Workaround: The LEC does not have to be reset because this message usually appears only a few times. However, if the message keeps reappearing, the LEC can be restarted, or the LAN Emulation Server (LES) can be moved from the Catalyst 6500 series ATM module to another device.

CSCed21057

When a Catalyst 6500 series switch with a WS-X6101 ATM LANE module is configured with only one LANE client, error messages might appear under normal working conditions, even after you reset the module.

Workaround: None.

CSCed94665

After you reload an ATM module WS-X6101-OC12-MMF that uses Cisco IOS software Release 12.1(19)E2 and later releases, the atm uni-version command will not be saved, even after you enter the no atm auto-configuration command from the ATM0 interface.

Workaround: None.

Resolved Caveats in Release 12.1(20)E6

CSCef60659, CSCef44225, CSCsa59600, CSCef44699

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages

2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks

3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at

http://www.cisco.com/en/US/products/csa/cisco-sa-20050412-icmp.html

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected.

Release 12.1(20)E3

These sections describe the open and resolved caveats in Release 12.1(20)E3 for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(20)E3

Resolved Caveats in Release 12.1(20)E3

Open Caveats in Release 12.1(20)E3

CSCds22874

When a LAN Emulation Client (LEC) on a Catalyst 6500 series ATM module receives wrongly formatted LANE control frames, the module generates this message:

%LANE-3-LEC_CONTROL_MSG: Received bad control message on interface ATM1/0.101

Workaround: The LEC does not have to be reset because this message usually appears only a few times. However, if the message keeps reappearing, the LEC can be restarted, or the LAN Emulation Server (LES) can be moved from the Catalyst 6500 series ATM module to another device.

CSCed21057

When a Catalyst 6500 series switch with a WS-X6101 ATM LANE module is configured with only one LANE client, error messages might appear under normal working conditions, even after you reset the module.

Workaround: None.

CSCed94665

After you reload an ATM module WS-X6101-OC12-MMF that uses Cisco IOS software Release 12.1(19)E2 and later releases, the atm uni-version command will not be saved, even after you enter the no atm auto-configuration command from the ATM0 interface.

Workaround: None.

Resolved Caveats in Release 12.1(20)E3

CSCed65778

Certain release trains of Cisco Internetwork Operating System (IOS), when configured to use the Cisco IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access Control System Plus (TACACS+) as a means to perform remote management tasks on Cisco IOS devices, may contain two vulnerabilities that can potentially cause Cisco IOS devices to exhaust resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial of Service (DoS) condition. Use of SSH with Remote Authentication Dial In UserService (RADIUS) is not affected by these vulnerabilities.

Cisco has made free software available to address these vulnerabilities for all affected customers. There are workarounds available to mitigate the effects of the vulnerability (see the "Workarounds" section of the full advisory for details.)

This advisory will be posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20050406-ssh.html

CSCed27956

A vulnerability in Transmission Control Protocol specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in much shorter time then was previously publicly discussed. This can lead to a Denial of Service attack. Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated session, which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (e.g., router, switch, computer) and not to the sessions that are only passing through the device (e.g., transit traffic that is being routed by a router).

All Cisco products which contain TCP stack are susceptible to this vulnerability.

This advisory is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-ios.html, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS software.

CSCed38527

A vulnerability in Transmission Control Protocol specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in much shorter time then was previously publicly discussed. This can lead to a Denial of Service attack. Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated session, which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (e.g., router, switch, computer) and not to the sessions that are only passing through the device (e.g., transit traffic that is being routed by a router).

All Cisco products which contain TCP stack are susceptible to this vulnerability.

This advisory is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-ios.html, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS software.

CSCed93836

A vulnerability in Transmission Control Protocol specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in much shorter time then was previously publicly discussed. This can lead to a Denial of Service attack. Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated session, which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (e.g., router, switch, computer) and not to the sessions that are only passing through the device (e.g., transit traffic that is being routed by a router).

All Cisco products which contain TCP stack are susceptible to this vulnerability.

This advisory is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-ios.html, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS software.

CSCdz84583

A vulnerability in Transmission Control Protocol specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in much shorter time then was previously publicly discussed. This can lead to a Denial of Service attack. Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated session, which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (e.g., router, switch, computer) and not to the sessions that are only passing through the device (e.g., transit traffic that is being routed by a router).

All Cisco products which contain TCP stack are susceptible to this vulnerability.

This advisory is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-ios.html, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS software.

CSCed35253

Symptoms: A router may reload unexpectedly after it attempts to access a low memory address.

Conditions: This symptom is observed after ACLs have been updated dynamically or after the router has responded dynamically to an IDS signature.

Workaround: Disable IP Inspect and IDS.

Release 12.1(20)E1

These sections describe the open and resolved caveats in Release 12.1(20)E1 for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(20)E1

Resolved Caveats in Release 12.1(20)E1

Open Caveats in Release 12.1(20)E1

CSCds22874

When a LAN Emulation Client (LEC) on a Catalyst 6500 series ATM module receives wrongly formatted LANE control frames, the module generates this message:

%LANE-3-LEC_CONTROL_MSG: Received bad control message on interface ATM1/0.101

Workaround: The LEC does not have to be reset because this message usually appears only a few times. However, if the message keeps reappearing, the LEC can be restarted, or the LAN Emulation Server (LES) can be moved from the Catalyst 6500 series ATM module to another device.

Resolved Caveats in Release 12.1(20)E1

CSCea46342, CSCdx76632, CSCin56408, CSCdx40184, CSCec76776, CSCeb78836

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and Cisco IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities. Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS). There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks. This advisory is available at

http://www.cisco.com/en/US/products/csa/cisco-sa-20040113-h323.html.

CSCin62577

Packets received over an RFC 1483 PVC link to a WS-X6101 ATM module might become corrupted.

Workaround: To avoid this problem, configure the no atm1483pvc fcs enable command on the device that is sending the packets to the ATM module.

Release 12.1(20)E

These sections describe the open and resolved caveats in Release 12.1(20)E for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(20)E

Resolved Caveats in Release 12.1(20)E

Open Caveats in Release 12.1(20)E

CSCds22874

When a LAN Emulation Client (LEC) on a Catalyst 6500 series ATM module receives wrongly formatted LANE control frames, the module generates this message:

%LANE-3-LEC_CONTROL_MSG: Received bad control message on interface ATM1/0.101

Workaround: The LEC does not have to be reset because this message usually appears only a few times. However, if the message keeps reappearing, the LEC can be restarted, or the LAN Emulation Server (LES) can be moved from the Catalyst 6500 series ATM module to another device.

Resolved Caveats in Release 12.1(20)E

CSCeb57123

In a WS-X6101 module running Cisco IOS Release 12.1(19)E, the ATM interface might show active virtual circuits, (VCs), even while the ATM interface is down.

Workaround: Enter the shut/no shut command on the ATM interface.

Release 12.1(19)E2

These sections describe the open and resolved caveats in Release 12.1(19)E2 for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(19)E2

Resolved Caveats in Release 12.1(19)E2

Open Caveats in Release 12.1(19)E2

CSCea37216

A Catalyst 6500 series ATM module (WS-X6101) that is running Cisco IOS Release 12.1(14)E1 may be reset by the Catalyst 6500 series supervisor engine when approximately 500 Mbps of traffic is sent through the module over multiple PVCs. When the supervisor engine resets the module, it will report this error:

%SYS-5-MOD_NOSCPPINGRESPONSE:Module 3 not responding... resetting module 
%SYS-5-MOD_RESET:Module 3 reset from Software 

This problem occurs only when Integrated Local Management Interface (ILMI) PVCs are configured on the WS-X6101 module and ILMI keepalives are enabled.

Workaround: Disable ILMI keepalives with the no atm ilmi-keepalive interface command, or configure the set poll disable command on the Catalyst 6500 series supervisor engine.

CSCds22874

When a LAN Emulation Client (LEC) on a Catalyst 6500 series ATM module receives wrongly formatted LANE control frames, the module generates this message:

%LANE-3-LEC_CONTROL_MSG: Received bad control message on interface ATM1/0.101 

Workaround: The LEC does not have to be reset because this message usually appears only a few times. However, if the message keeps reappearing, the LEC can be restarted, or the LAN Emulation Server (LES) can be moved from the Catalyst 6500 series ATM module to another device.

CSCeb57123

In a WS-X6101 module running Cisco IOS Release 12.1(19)E, the ATM interface might show active VCs, even while the ATM interface is down.

Workaround: Enter the shut/no shut command on the ATM interface.

Resolved Caveats in Release 12.1(19)E2

CSCeb29847

An ATM module (WS-X6101) might lose some of the bind statements in its running configuration if the fiber is unplugged and then plugged in again. This problem does not occur when you enter a shut/no shut command on the ATM interface, only when you unplug and replug the fiber.

Workaround: Enter the copy startup-config running-config command to restore the bind statements.

Release 12.1(19)E

These sections describe the open and resolved caveats in Release 12.1(19)E for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(19)E

Resolved Caveats in Release 12.1(19)E

Open Caveats in Release 12.1(19)E

CSCea37216

A Catalyst 6500 series ATM module (WS-X6101) that is running Cisco IOS
Release 12.1(14)E1 may be reset by the Catalyst 6500 series supervisor engine when approximately 500 Mbps of traffic is sent through the module over multiple PVCs.

When the supervisor engine resets the module, it will report this error:

%SYS-5-MOD_NOSCPPINGRESPONSE:Module 3 not responding... resetting module 
%SYS-5-MOD_RESET:Module 3 reset from Software

This problem occurs only when Integrated Local Management Interface (ILMI) PVCs are configured on the WS-X6101 module and ILMI keepalives are enabled.

Workaround: Disable ILMI keepalives with the no atm ilmi-keepalive interface command, or configure the set poll disable command on the Catalyst 6500 series supervisor engine.

CSCds22874

When a LAN Emulation Client (LEC) on a Catalyst 6500 series ATM module receives wrongly formatted LANE control frames, the module generates this message:

%LANE-3-LEC_CONTROL_MSG: Received bad control message on interface ATM1/0.101

Workaround: The LEC does not have to be reset because this message usually appears only a few times. However, if the message keeps reappearing, the LEC can be restarted, or the LAN Emulation Server (LES) can be moved from the Catalyst 6500 series ATM module to another device.

Resolved Caveats in Release 12.1(19)E

CSCea37337

Free memory on the Catalyst 5000 family and Catalyst 6500 series ATM modules depletes whenever the ATM link goes up and down.

CSCea10485

The following configuration on the Catalyst 6500 series ATM module (WS-X6101) appears in the running configuration, even when it does not appear in the startup configuration:

! 
interface ATM0 
atm pvc 1 0 5 qsaal 
atm pvc 2 0 16 ilmi 
!

In the above configuration, the QSAAL and ILMI PVCs have to be set up explicitly by using the CLI, either in the startup configuration or the running configuration.

CSCin40188

The Rxhost statistics on the Catalyst 6500 series OC-12 ATM module (WS-X6101) does not display all of the counters for the dropped packets.

Release 12.1(14)E4

These sections describe the open and resolved caveats in Release 12.1(14)E4 for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(14)E4

Resolved Caveats in Release 12.1(14)E4

Open Caveats in Release 12.1(14)E4

CSCea37216

A Catalyst 6500 series module WS-X6101 running Cisco IOS Release 12.1(14)E1 may be reset by the Catalyst 6500 supervisor engine when very high rates of traffic (approximately 500 Mbps) are sent through the module over multiple PVCs. Under such conditions the supervisor engine will report the following error:

%SYS-5-MOD_NOSCPPINGRESPONSE:Moduld 3 not responding... resetting module 
%SYS-5-MOD_RESET:Moduld 3 reset from Software

The problem appears only when the ILMI (Interim Local Management Interface) PVC is configured on the WS-X6101 module and the ILMI keepalives are enabled.

Workaround: Disable ILMI keepalives with the no atm ilmi-keepalive interface command, or configure the set poll disable atm module num command on the Catalyst 6500 series supervisor engine.

Resolved Caveats in Release 12.1(14)E4

CSCdu53656

A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.

Cisco has made free software available to address this problem. For more details, please refer to this advisory, available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040616-bgp.html.

CSCea28131

A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.

Cisco has made free software available to address this problem. For more details, please refer to this advisory, available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040616-bgp.html.

CSCdz71127

Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.

Cisco has made software available, free of charge, to correct the problem.

This advisory is available at this URL:

http://www.cisco.com/en/US/products/csa/cisco-sa-20030717-blocked.html

This problem is resolved in Release {}

CSCea02355

Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.

Cisco has made software available, free of charge, to correct the problem.

This advisory is available at this URL:

http://www.cisco.com/en/US/products/csa/cisco-sa-20030717-blocked.html

This problem is resolved in Release 12.1(14)E4.

CSCea37337

The free memory in Catalyst 5000 family and Catalyst 6500 series modules depletes whenever the ATM link goes up and down.

Workaround: None.

CSCea10485

The following configuration on the Catalyst 6500 series module WS-X6101 appears in the running configuration, even when it does not appear in the startup configuration:

! 
interface ATM0 
atm pvc 1 0 5 qsaal 
atm pvc 2 0 16 ilmi 
!

Workaround: The above mentioned QSAAL and ILMI PVCs have to be set up explicitly, either in the startup configuration or in the running configuration, using the command line interface.

CSCin40188

The Rx host statistics on the Catalyst 6500 series module WS-X6101 do not display all of the counters for the dropped packets.

Workaround: None.

Release 12.1(14)E1

These sections describe the open and resolved caveats in Release 12.1(14)E1 for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(14)E1

Resolved Caveats in Release 12.1(14)E1

Open Caveats in Release 12.1(14)E1

CSCds22874

When a LAN Emulation Client (LEC) on a Cisco device receives wrongly formatted LANE control frames, the following message is generated:

%LANE-3LEC_CONTROL_MSG: Received bad control message on interface ATM1/0.101 

Workaround: The LEC does not have to be brought down because this message usually appears only a few times. If the message continues to appear, the LEC can be restarted or the LAN Emulation Server (LES) can be moved from the Catalyst 6500 series ATM module to another device.

CSCds12349

Inserting a single-port OC-12 ATM module into a switch in which all switching modules are fabric enabled causes the module diagnostics to fail on the ATM module. This symptom occurs only on Catalyst 6500 series switches with Supervisor Engine 2 and when the switching mode is compatible with software release 6.2(1).

Workaround: To put the ATM module into service, enter the reset slot-number command.

Resolved Caveats in Release 12.1(14)E1

CSCdz34430

Through traffic from the PVC stops and does not recover by itself after certain traffic goes through the ATM link for a long time.

CSCdy74673

When customers connect a Catalyst 2900 switch Gigabit Ethernet port or a Catalyst 4000 family switch Gigabit Ethernet port to a Gigabit Ethernet trunk on a Catalyst 6500 series switch with a LANE module, free memory on the LANE module goes down. This situation impacts network performance when a station on the Ethernet side of the Catalyst 6500 series switch tries to reach some other device over that LANE module. However, within the Ethernet, network performance works fine.

CSCdw78193

A Catalyst 5000 LANE module or Catalyst 6500 LANE module running Release 12.0(20)W5(24) or any images in Release 12.1E can display CPUHOG messages similar to the following:

Feb 16 01:35:06: %SYS-3-CPUHOG: Task ran for 2448 msec (0/0), process = ATM
Periodic, PC = 400A77BC.-Traceback= 400A7768 400A77C4 401D3534 401D3AA6

Workaround: None.

CSCds53281

Occasionally, a Catalyst 6500 series switch OC-12 ATM module (WS-X6101-OC12-MMF) might print the following message on the console at regular intervals:

IP address 7F00000B used for nmp. 

This condition prevents normal operation of the ATM module and causes the session command to fail in the affected module. This condition has been observed in Releases 12.1(2)E1 and later.

Workaround: Reset the ATM module.

CSCdy51620

On Catalyst 6509 modules running Release 12.1(12c)E, the VC number does not show up correctly.

CSCdz27420

The if-MIB of the ATM physical interface on module WS-X6101-OC12-SMF running Catalyst 6500 series ATM software cannot be accessed through SNMP.

Release 12.1(13)E

These sections describe the open and resolved caveats in Release 12.1(13)E for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(13)E

Resolved Caveats in Release 12.1(13)E

Open Caveats in Release 12.1(13)E

CSCds22874

When a LAN Emulation Client (LEC) on a Cisco device receives wrongly formatted LANE control frames, the following message is generated:

%LANE-3LEC_CONTROL_MSG: Received bad control message on interface ATM1/0.101

Workaround: The LEC does not have to be brought down because this message usually appears only a few times. If the message continues to appear, the LEC can be restarted or the LAN Emulation Server (LES) can be moved from the Catalyst 6500 series ATM module to another device.

CSCds12349

Inserting a single-port OC12 ATM module into a switch in which all switching modules are fabric enabled causes the module diagnostics to fail on the ATM module. This symptom occurs only on Catalyst 6500 series switches with Supervisor Engine 2 and when the switching mode is compatible with software release 6.2(1).

Workaround: To put the ATM module into service, enter the reset slot-number command.

Resolved Caveats in Release 12.1(13)E

CSCdy31665

The ATM module on the Catalyst 6509 chassis drops the vty login information when it is reset in Release 12.1(12c)E.

Workaround: None.

Release 12.1(12c)E1

These sections describe the open and resolved caveats in Release 12.1(12c)E1 for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(12c)E1

Resolved Caveats in Release 12.1(12c)E1

Open Caveats in Release 12.1(12c)E1

CSCds22874

When a LAN Emulation Client (LEC) on a Cisco device receives incorrectly formatted LANE control frames, the following message is generated:

%LANE-3-LEC_CONTROL_MSG: Received bad control message on interface ATM1/0.101

Workaround: You do not need to shut down because this message usually appears only a few times. If the message continues to appear, the LEC can be restarted or the LAN Emulation Server (LES) can be moved from the Catalyst 6500 series ATM module to another device.

CSCds12349

Inserting a single-port OC-12 ATM module into a switch in which all switching modules are fabric enabled causes the module diagnostics to fail on the ATM module. This symptom occurs only on Catalyst 6500 series switches with Supervisor Engine 2 and when the switching mode is compatible with software release 6.2(1).

Workaround: To put the ATM module into service, enter the reset slot-number command.

Resolved Caveats in Release 12.1(12c)E1

CSCin11648

A recovery mechanism is being added to Release 12.1(12c)E1 to make the WS-X6101 module reset when the Transmit Host encounters a fatal problem.

CSCdw90790

The Catalyst 6500 series ATM module (WS-X6101-OC12-XMF) ignores the boot variable and always boots with the first available boot image. If the first available boot file is deleted by not erased, the ATM module will not boot.

Workaround: Boot from the ROM monitor or use the image in Release 12.1(5c)E10 or earlier as the first image in the bootflash.

CSCdx70274

A Catalyst 6500 switch with Supervisor Engine 2 and a WS-X6101 LANE module may experience a situation in which the LECs or PVCs on the module are operational, but clients connected by Ethernet to the switch are unable to communicate with clients connected by ATM to the switch.

At the time of the traffic failure, you might see a log message similar to this one in the "Show log" window on the supervisor engine:

07. 5/19/2002,03:20:22: lyra_intr_hdlr:Interrupt Type = 0x4000 register content 0xb0b0f0e, int_status 
0x1004108, ctrl1 0xe66e08a1, ctrl2 0x1f

Workaround: Reload the SW-X6101 LANE module to restore connectivity.

CSCdx54180

Under rare conditions, the GigaPort interface on the Catalyst 6500 series ATM module is not in synchronization with the supervisor engine, and traffic stops.

Workaround: Reset the Catalyst 6500 series ATM module.

CSCdp02052

MIBs do not support LEC uptime. LEC uptime shows how long the LEC has been operating and is the equivalent of the show lane client command output.

This caveat has been resolved in Release 12.1(12c)E1.

CSCdw63532

The WS-X6101 LANE module running Cisco IOS Release 12.1(10)E or Release 12.0(5)XS does not support the configuration option to enable and disable the LE ARP reverify local feature. Attempts to configure the global command lane le-arp reverify local have resulted in the following error message:

ATM(config)#lane le-arp reverify local
% Invalid input detected at '^' marker

This caveat has been resolved in Release 12.1(12c)E1.

Release 12.1(12c)E

These sections describe the open and resolved caveats in Release 12.1(12c)E for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(12c)E

Resolved Caveats in Release 12.1(12c)E

Open Caveats in Release 12.1(12c)E

CSCds22874

When a LAN Emulation Client (LEC) on a Cisco device receives incorrectly formatted LANE control frames, the following message is generated:

%LANE-3LEC_CONTROL_MSG: Received bad control message on interface ATM1/0.101

Workaround: The LEC does not have to be brought down because this message usually appears only a few times. If the message continues to appear, the LEC can be restarted or the LAN Emulation Server (LES) can be moved from the Catalyst 6500 series ATM module to another device.

CSCds12349

Inserting a 1-port OC12 ATM module into a switch in which all switching modules are fabric enabled causes the module diagnostics to fail on the ATM module. This symptom occurs only on Catalyst 6500 series switches with Supervisor Engine 2 and when the switching mode is compatible with software release 6.2(1).

Workaround: To put the ATM module into service, enter the reset slot-number command.

Resolved Caveats in Release 12.1(12c)E

CSCdp02052

MIBs do not support LEC uptime. LEC uptime shows how long the LEC has been operating and is the equivalent of the show lane client command output.

This caveat has been resolved in Release 12.1(12c)E.

CSCdw63532

The WS-X6101 LANE module running Cisco IOS Release 12.1(10)E or Release 12.0(5)XS does not support the LE ARP reverify local feature. Attempts to configure the global command lane le-arp reverify local cause the following error message to appear:

ATM (config) #lane le-arp reverify local
% Invalid input detected at `^' marker

This caveat has been resolved in Release 12.1(12c)E.

Release 12.1(11b)E12

These sections describe the open and resolved caveats in Release 12.1(11b)E12 for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(11b)E12

Resolved Caveats in Release 12.1(11b)E12

Open Caveats in Release 12.1(11b)E12

None.

Resolved Caveats in Release 12.1(11b)E12

CSCdu53656

A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.

Cisco has made free software available to address this problem. For more details, please refer to this advisory, available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040616-bgp.html.

CSCea28131

A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.

Cisco has made free software available to address this problem. For more details, please refer to this advisory, available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040616-bgp.html.

CSCea02355

Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.

Cisco has made software available, free of charge, to correct the problem.

This advisory is available at this URL:

http://www.cisco.com/en/US/products/csa/cisco-sa-20030717-blocked.html

This problem is resolved in Release 12.1(11b)E12.

Release 12.1(11b)E11

These sections describe the open and resolved caveats in Release 12.1(11b)E11 for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(11b)E11

Resolved Caveats in Release 12.1(11b)E11

Open Caveats in Release 12.1(11b)E11

CSCds12349

Inserting a single-port OC-12 ATM module in a switch where all switching modules are fabric enabled causes the module diagnostics to fail on the ATM module. This symptom only occurs on Catalyst 6500 series switches with a Supervisor Engine 2 and when the switching mode is compact with software release 6.1(1). To put the ATM module into service, enter the reset slot-number command.

CSCds22874

A bad control message may lead to LEC instability. When an LEC on a Cisco switch receives LANE control frames that are formatted incorrectly, the following error message is generated:

%LANE-3-LEC_CONTROL_MSG: Received bad control message on interface ATM1/0.101

When the message is generated, LECs may be shut down and brought up again.

Workaround: None.

CSCdu87510

A Catalyst 6500 series switch with a LANE module may start dropping packets traveling through the LANE cloud.

Workaround: Reload the LANE module.

CSCdv38277

The Catalyst 5000 ATM LANE module x5161 running 12.0(14)W5(20), under rare circumstances continues to generate the following messages when you enable the debug lane client stat command:

state ACTIVE event LEC_CTL_TOPO_CHANGE => ACTIVE

This message indicates that ATM module may be considering all BPDUs to be Topology Change messages.

Workaround: None.

Resolved Caveats in Release 12.1(11b)E11

CSCdz60229Cisco devices which run IOS and contain support for the Secure Shell (SSH) server are vulnerable to a Denial of Service (DoS) if the SSH server is enabled on the device. A malformed SSH packet directed at the affected device can cause a reload of the device. No authentication is necessary for the packet to be received by the affected device. The SSH server in Cisco IOS is disabled by default. The malformed packets can be generated using the SSHredder test suite from Rapid7, Inc. Workarounds are available. The Cisco PSIRT is not aware of any malicious exploitation of this vulnerability.

This advisory is available at this URL:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20021219-ssh-packet

Release 12.1(11b)E

These sections describe the open and resolved caveats in Release 12.1(11b)E for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(11b)E

Resolved Caveats in Release 12.1(11b)E

Open Caveats in Release 12.1(11b)E

This section describes open caveats in Release 12.1(11b)E:

CSCds12349

Inserting a single-port OC-12 ATM module in a switch where all switching modules are fabric enabled causes the module diagnostics to fail on the ATM module. This symptom only occurs on Catalyst 6500 series switches with a Supervisor Engine 2 and when the switching mode is compact with software release 6.1(1). To put the ATM module into service, enter the reset slot-number command.

CSCds22874

A bad control message may lead to LEC instability. When an LEC on a Cisco switch receives LANE control frames that are formatted incorrectly, the following error message is generated:

%LANE-3-LEC_CONTROL_MSG: Received bad control message on interface ATM1/0.101

When the message is generated, LECs may be shut down and brought up again.

Workaround: None.

CSCdu87510

A Catalyst 6500 series switch with a LANE module may start dropping packets traveling through the LANE cloud.

Workaround: Reloade the LANE module.

CSCdv38277

The Catalyst 5000 ATM LANE module x5161 running 12.0(14)W5(20), under rare circumstances continues to generate the following messages when you enable the debug lane client stat command:

state ACTIVE event LEC_CTL_TOPO_CHANGE => ACTIVE

This message indicates that ATM module may be considering all BPDUs to be Topology Change messages.

Workaround: None.

Resolved Caveats in Release 12.1(11b)E

CSCdv31314

The following error message displays repeatedly on the WS-X6101 module when the debug ATM error is enabled.

atmConst_get_vc_stats: VPC VCD mismatch!

CSCds07238

According to RFC 1573, support for 64-bit octet counters in theifXTable is mandatory for ATM module interfaces. Although 32-bit counters in the ifTable are supported, support for the corresponding 64-bit counter variables is missing.

CSCw11568

When a LANE module sends src-less LE-ARPs upon receiving a special MAC-addressed packet, but with an incorrect targetMAC address, the LE-ARP tables on LECs are not properly updated.

CSCdw11536

In a HSRP environment consisting of Catalyst 6500 series switch ATM LANE modules and Cisco routers running the current version of Cisco IOS software and third party routers, with the Cisco routers connected to the Ethernet segment running HSRP and LECs configured on the ATM LANE module, the third party routers may lose connectivity to the active router on a HSRP switchover. This condition occurs when the ATM LANE module that is proxying for the router forwards the special MAC-addressed packet to the BUS without sending the no-src le-narp message.

CSCdu79572

The ATM module's display has a random listing of PVCs in the show running- config command. This caveat is fixed in Release 12.0(19)W5(23).

CSCdv22121

When VBR-nrt traffic shaping is configured on an ATM module without a maximum burst size (MBS) value, a value of 0 is assigned to that module. Traffic sent on this permanent virtual circuit (PVC) never spikes at a peak cell rate (PCR) because MBS is always 0.

CSCdv31314

The following message repeatedly appears on the WS-X6101 module when the debug ATM error logging is turned on:

00:31:40: atmConst_get_vc_stats: VPC VCD mismatch!

Workaround: None.

This is an error message, but the condition does not affect the functionality of the ATM LANE module.

CSCdv45391

On the Catalyst 5000 family ATM modules, when the startup configuration has shut down for an interface, the ATM PVC and VLAN bindings are lost from running configurations when you enter the no shutdown command. This caveat existed in Release 12.0(16)W05(21) and has been fixed in Release 12.0(19)W5(23).

Workaround: Copy a configuration from TFTP without the shutdown command, or load an older image.

Release 12.1(10)E5

These sections describe the open and resolved caveats in Release 12.1(10)E5 for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(10)E5

Resolved Caveats in Release 12.1(10)E5

Open Caveats in Release 12.1(10)E5

CSCds12349

Inserting a single-port OC-12 ATM module in a switch where all switching modules are fabric enabled causes the module diagnostics to fail on the ATM module. This symptom only occurs on Catalyst 6500 series switches with Supervisor Engine 2 and when the switching mode is compatible with software release 6.1(1). To put the ATM module into service, enter the reset slot-number command.

CSCds22874

A bad control message may lead to LEC instability. When an LEC on a Cisco switch receives LANE control frames that are formatted incorrectly, the following error message is generated:

%LANE-3-LEC_CONTROL_MSG: Received bad control message on interface ATM1/0.101

When the message is generated, LECs may be shut down and brought up again.

Workaround: None.

CSCdu87510

A Catalyst 6500 series switch with a LANE module may start dropping packets traveling through the LANE cloud.

Workaround: Reloading the LANE module solves the problem.

Resolved Caveats in Release 12.1(10)E5

CSCdw65903

An error can occur with management protocol processing. Use the following URL for further information:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetailshttp://www.cisco.com/pcgi-bin/bugtool/onebug.pl?bugid=CSCdw65903bugId=CSCdw65903

This problem is resolved in Release 12.1(10)E5.

Release 12.1(10)E4

These sections describe the open and resolved caveats in Release 12.1(10)E4:

Open Caveats in Release 12.1(10)E4

Resolved Caveats in Release 12.1(10)E4

Open Caveats in Release 12.1(10)E4

CSCds12349

Inserting a single-port OC-12 ATM module in a switch on which all switching modules are fabric enabled causes the module diagnostics to fail on the ATM module. This symptom only occurs on Catalyst 6500 series switches with Supervisor Engine 2 and when the switching mode is compatible with software release 6.1(1). To put the ATM module into service, enter the reset slot-number command.

CSCds22874

A bad control message may lead to LEC instability. When an LEC on a Cisco switch receives LANE control frames that are formatted incorrectly, the following error message is generated:

%LANE-3-LEC_CONTROL_MSG: Received bad control message on interface ATM1/0.101

When the message is generated, LECs may be shut down and brought up again.

Workaround: None.

CSCdu87510

A Catalyst 6500 series switch with a LANE module may start dropping packets traveling through the LANE cloud.

Workaround: Reloading the LANE module solves the problem.

Resolved Caveats in Release 12.1(10)E4

CSCdw65903

An error can occur with management protocol processing. Use the following URL for further information:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetailshttp://www.cisco.com/pcgi-bin/bugtool/onebug.pl?bugid=CSCdw65903bugId=CSCdw65903

Release 12.1(10)E

These sections describe the open and resolved caveats in Release 12.1(10)E for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(10)E

Resolved Caveats in Release 12.1(10)E

Open Caveats in Release 12.1(10)E

CSCds12349

Inserting a single-port OC-12 ATM module in a switch where all switching modules are fabric enabled causes the module diagnostics to fail on the ATM module. This symptom only occurs on Catalyst 6500 series switches with Supervisor Engine 2 and when the switching mode is compatible with software release 6.1(1). To put the ATM module into service, enter the reset slot-number command.

CSCds22874

A bad control message may lead to LEC instability. When an LEC on a Cisco switch receives LANE control frames that are formatted incorrectly, the following error message is generated:

%LANE-3-LEC_CONTROL_MSG: Received bad control message on interface ATM1/0.101

When the message is generated, LECs may be shut down and brought up again.

CSCdu87510

A Catalyst 6500 series switch with a LANE module may start dropping packets traveling through the LANE cloud.

Workaround: Reloading the LANE module solves the problem.

Resolved Caveats in Release 12.1(10)E

CSCdu79572

ATM modules display has random listing of PVCs in the show running- config command. This caveat is fixed in Release 12.0(19)W5(23).

CSCdv22121

When VBR-nrt traffic shaping is configured on an ATM module without a maximum burst size (MBS) value, a value of 0 is assigned to that module. Traffic sent on this permanent virtual circuit (PVC) never spikes at a peak cell rate (PCR) s MBS is always 0.

CSCdv31314

The following error message repeatedly appears on the WS-X6101 module when debug ATM error logging is turned on.

00:31:40: atmConst_get_vc_stats: VPC VCD mismatch!

Workaround: None. This error message condition does not affect the functionality of the ATM LANE module.

CSCdv45391

On Catalyst 5000 family ATM modules, when the startup configuration has shutdown for an interface, the ATM PVC and VLAN bindings are lost from running configurations when you enter the no shutdown command. This caveat existed in Release 12.0(16)W05(21) and has been fixed in Release 12.0(19)W5(23).

Workaround: Copy a configuration from TFTP without the shut command, or load an older image.

Release 12.1(8b)E13

These sections describe the open and resolved caveats in Release 12.1(8b)E13 for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(8b)E13

Resolved Caveats in Release 12.1(8b)E13

Open Caveats in Release 12.1(8b)E13

CSCds12349

Inserting a single-port OC-12 ATM module in a switch where all switching modules are fabric enabled causes the module diagnostics to fail on the ATM module. This symptom only occurs on Catalyst 6500 series switches with Supervisor Engine 2 and when the switching mode is compatible with software release 6.1(1). To put the ATM module into service, enter the reset slot-number command.

CSCds07238

According to RFC 1573, support for 64-bit octet counters in the ifXTable is required for the ATM module interfaces. Currently, 32-bit counters in the ifTable are supported. Support for the corresponding 64-bit counter variables is missing.

Resolved Caveats in Release 12.1(8b)E13

CSCdz60229Cisco devices which run IOS and contain support for the Secure Shell (SSH) server are vulnerable to a Denial of Service (DoS) if the SSH server is enabled on the device. A malformed SSH packet directed at the affected device can cause a reload of the device. No authentication is necessary for the packet to be received by the affected device. The SSH server in Cisco IOS is disabled by default. The malformed packets can be generated using the SSHredder test suite from Rapid7, Inc. Workarounds are available. The Cisco PSIRT is not aware of any malicious exploitation of this vulnerability.

This advisory is available at this URL:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20021219-ssh-packet

Release 12.1(8a)E

These sections describe the open and resolved caveats in Release 12.1(8a)E for the Catalyst 6500 series ATM modules:

Open Caveats in Release 12.1(8a)E

Resolved Caveats in Release 12.1(8a)E

Open Caveats in Release 12.1(8a)E

CSCds12349

Inserting a single-port OC-12 ATM module in a switch where all switching modules are fabric enabled causes the module diagnostics to fail on the ATM module. This symptom only occurs on Catalyst 6500 series switches with Supervisor Engine 2 and when the switching mode is compatible with software release 6.1(1). To put the ATM module into service, enter the reset slot-number command.

CSCds07238

According to RFC 1573, support for 64-bit octet counters in the ifXTable is required for the ATM module interfaces. Currently, 32-bit counters in the ifTable are supported. Support for the corresponding 64-bit counter variables is missing.

Resolved Caveats in Release 12.1(8a)E

CSCdm63182

The clear counters command does not clear the counters if the ATM interface is in shutdown state. This problem is resolved in Release 12.1(8a)E.

CSCdr89617

Cisco routers, Catalyst 5000 family ATM modules, and Catalyst 6500 series ATM modules running the current releases of Cisco IOS software and with LANE configured may generate the following error messages:

Sep 15 13:13:10: %LANE-3-LEC_CONTROL_MSG: Received bad control message on interface 
ATM5/0/0.1 

The debug lane client error command has been included to provide additional debug support for these error messages and will be integrated into Cisco IOS Release 12.1(8a)E.

CSCds79580

On Catalyst 6500 series platforms, the system CAM entries created by MPOA are never removed when the ATM module is removed, reset, reloaded, or when the ATM module hangs.

Workaround: Reload the Catalyst platform.

Alternate workaround: The problem was fixed and will be available in the following releases:

For supervisor engine software, use images from Catalyst software releases 4.5(12), 5.5(7), 6.1(3), 6.2(1), or later.

For ATM modules, use images from Release 12.1(8a)E or later.

CSCdt65848

Queries on variables of the ciscoAal5MIB and ciscoAtmExtMIB fail for VCs on the ATM major interface (ILMI and signaling VCs) but work fine for VCs configured on subinterfaces. This problem is resolved in Release 12.1(8a)E.

CSCdt47311

Interfaces associated with the ATM subinterface, AAL5 layer, and LECs, register to the IF-MIB using incorrect values of ifIndex when they are first created as part of startup config. Queries on the ifTable variables will fail to get information on these interfaces. However, interfaces created after the module boots register correctly. This problem is resolved in Release 12.1(8a)E.

CSCdt29354

The following problem was seen on a Catalyst 6500 series switch with a redundant MSFC2 and HA enabled. When you perform an HA switchover, the traffic recovers for a short while on the WS-X6101 module running Release 12.1(5a)E3. Then, all traffic on the module stops and never resumes until the module is reset. The message "release for semaphore release" keeps repeating on the WS-X6101 console until the module is reset. This problem is resolved in Release 12.1(8a)E.

CSCdt19422

A LEC configured as a LANE v2 client in a multi-vendor LANE environment may experience interoperability problems when the LECS and LES/BUS services reside on the third party vendor equipment. The LEC will send out a tag value in the LAN destination field of the flush request, which is not recognized as an appropriate value by the third party BUS.

Workaround: Disable the flush request sent by the LEC on the switch. This problem is resolved in Release 12.1(8a)E.

CSCdt15587

In the Catalyst 5000 family and Catalyst 6500 series platforms, the ATM module switchover does not happen on an ilmi-keepalive failure.

Workaround: Use images from Release 12.1(8a)E or later on the ATM modules. This problem is resolved in Release 12.1(8a)E.

CSCds04747

Cisco IOS software contains a flaw that permits the successful prediction of TCP Initial Sequence Numbers.

This vulnerability is present in all released versions of Cisco IOS software running on Cisco routers and switches. It only affects the security of TCP connections that originate or terminate on the affected Cisco device itself; it does not apply to TCP traffic forwarded through the affected device in transit between two other hosts.

To remove the vulnerability, Cisco is offering free software upgrades for all affected platforms. The defect is described in the DDTS record.

Workarounds are available that limit or deny successful exploitation of the vulnerability by filtering traffic containing forged IP source addresses at the perimeter of a network or directly on individual devices. This notice will be posted at http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml.

CSCdr59314, CSCdr61016, CSCds32217

Multiple Cisco IOS software and CatOS software releases contain several independent but related vulnerabilities involving the unexpected creation and exposure of SNMP community strings. These vulnerabilities can be exploited to permit the unauthorized viewing or modification of affected devices.

To remove the vulnerabilities, Cisco is offering free software upgrades for all affected platforms. The defects are documented in DDTS records CSCds32217, CSCds16384, CSCds19674, CSCdr59314, CSCdr61016, and CSCds49183.

In addition to specific workarounds for each vulnerability, affected systems can be protected by preventing SNMP access.

This notice will be posted at http://www.cisco.com/warp/public/707/ios-snmp-community-vulns-pub.shtml.

CSCdp11863

Cisco IOS software releases based on versions 11.x and 12.0 contain a defect that allows a limited number of SNMP objects to be viewed and modified without authorization using an undocumented ILMI community string. Some of the modifiable objects are confined to the MIB-II system group, (such as "sysContact," "sysLocation," and "sysNam"). These modifiable objects do not affect the device's normal operation but may cause problems if they are modified unexpectedly during operation. The remaining objects are contained in the LEC and PNNI MIBs, and modification of those objects may affect ATM configuration. An affected device might be vulnerable to a denial-of-service attack if it is not protected against unauthorized use of the ILMI community string.

The vulnerability is only present in certain combinations of Cisco IOS releases on Cisco routers and switches. ILMI is a necessary component for ATM, and the vulnerability is present in every Cisco IOS release that contains the supporting software for ATM and ILMI without regard to the actual presence of an ATM interface or the physical ability of the device to support an ATM connection.

To remove this vulnerability, Cisco is offering free software upgrades for all affected platforms.

In lieu of a software upgrade, a workaround can be applied to certain Cisco IOS releases by disabling the ILMI community or "*ilmi" view and applying an access list to prevent unauthorized access to SNMP. Any affected system, regardless of software release, may be protected by filtering SNMP traffic at a network perimeter or on individual devices.

This notice will be posted at http://www.cisco.com/warp/public/707/ios-snmp-ilmi-vuln-pub.shtml.

CSCdr54230

A Border Gateway Protocol (BGP) update contains Network Layer Reachability Information (NLRI) and attributes that describe the path to the destination. Each path attribute is a type, length, value (TLV) object.

The type is a two-octet field that includes the attribute flags and the type code. The fourth high-order bit (bit 3) of the attribute flags is the extended length bit. It defines whether the attribute length is one octet (if set to 0) or two octets (if set to 1). The extended length bit is used only if the length of the attribute value is greater than 255 octets.

The AS_PATH (type code 2) is represented by a series of TLVs (or path segments). The path segment type indicates whether the content is an AS_SET or AS_SEQUENCE. The path segment length indicates the number of autonomous systems in the segment. The path segment value contains the list of autonomous systems (each autonomous system is represented by two octets).

The total length of the attribute depends on the number of path segments and the number of autonomous systems in them. For example, if the AS_PATH contains only an AS_SEQUENCE, then the maximum number of autonomous systems (without having to use the extended length bit) is 126 [= (255-2)/2]. If the update is propagated across an autonomous system boundary, then the local Abstract Syntax Notation (ASN) must be appended and the extended length bit used.

The problem was caused by the mishandling of the operation during which the length of the attribute was truncated to only one octet. Because of the internal operation of the code, the receiving border router would not be affected, but its iBGP peers would detect the mismatch and issue a notification message (update malformed) to reset their session.

The average maximum AS_PATH length in the Internet is between 15 and 20 autonomous systems, so there is no need to use the extended length. The failure was discovered because of a malfunction in the BGP implementation of another vendor. There is no workaround.

(Part of the text was taken from RFD 1771.)

CSCdr54231

When BGP sessions get reset, currently, with lob neighbor-changes, the event is errlogged. However, to find out the reasons as to why there was a reset, one has to turn on the debugs. This fix will automatically errlog the notification message when the sessions are reset. This feature will be turned on by the same log-neighbor-changes knob. This problem is resolved in software Release 12.1(8a)E.

Release 12.1(7a)E5

These sections describe the open and resolved caveats in Release 12.1(7a)E5:

Open Caveats in Release 12.1(7a)E5

Resolved Caveats in Release 12.1(7a)E5

Open Caveats in Release 12.1(7a)E5

CSCdm63182

The clear counters command does not clear the counters if the ATM interface is in shutdown state.

CSCdp01159

The CLI allows you to set the MTU size to 1500, 4528, and 9218 bytes, but the only supported MTU size is 1500. The ATM module will accept a command setting MTU to a size other than 1500, but this command will have no effect, and the MTU size will remain at 1500.

CSCdp07319

This error message might appear after a LECS failover:

%SCHED-3-STUCKMTMR: Sleep with expired managed timer 60B380CC, time 0x1458758 
(00:00:00 ago).

The LECS failover process will proceed normally. Ignore this message because this problem has not been seen in other releases.

CSCdr92553

On the Catalyst 6500 series ATM modules that are running Release 12.1(4)E2 and have QoS-enabled LECs, a new QoS VCC may not be established if you change the QoS parameters in the QoS database.

Workaround: Enter the clear cam dynamic vlanid command on the Catalyst 6500 series switch.

CSCds89706

If you enter the show interface command on a WS-X6101 running Release 12.1(2).E1, EOBC displays for the Eth0 interface.

CSCds53191

The following message may appear three times when the Catalyst 6500 series ATM module boots up:

Preferred Phy: Phy A is already Selected. 

These repetitions are harmless and can be ignored.

CSCds07238

According to RFC 1573, support for 64-bit octet counters in the ifXTable is required for the ATM module interfaces. Currently, 32-bit counters in the ifTable are supported. Support for the corresponding 64-bit counter variables is missing.

CSCds61726

On Catalyst 6500 series ATM modules that are running Release 12.1(5a)E3 and have QoS enabled LECs, if you move the LECs from QoS capable mode to non-QoS capable mode, it is possible that the LECs continue to use the UBR+ VCC instead of reverting to the UBR VCC.

Workaround: Enter the clear cam dynamic <vlanid> command on the Catalyst family switch.

CSCdt07421

Under the following rare circumstances, the Catalyst 6500 series supervisor engine might reset the WS-X6101 ATM module:

If a WS-X6101 module configured with 2500 PVCs is rebooted.

If the shutdown and no shutdown commands are entered on a major WS-X6101 module ATM interface configured with 100 LECs.

If you attempt to create more than 8000 MPOA cache entries.

Resolved Caveats in Release 12.1(7a)E5

CSCdw65903

An error can occur with management protocol processing. Use the following URL for further information: http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetailshttp://www.cisco.com/pcgi-bin/bugtool/onebug.pl?bugid=CSCdw65903bugId=CSCdw65903

Release 12.1(6)E8

These sections describe the open and resolved caveats in Release 12.1(6)E8:

Open Caveats in Release 12.1(6)E8

Resolved Caveats in Release 12.1(6)E8

Open Caveats in Release 12.1(6)E8

CSCdm63182

The clear counters command does not clear the counters if the ATM interface is in shutdown state.

CSCdp01159

The CLI allows you to set the MTU size to 1500, 4528, and 9218 bytes, but the only supported MTU size is 1500. The ATM module will accept a command setting MTU to a size other than 1500, but this command will have no effect, and the MTU size will remain at 1500.

CSCdp07319

This message might appear after a LECS failover:

%SCHED-3-STUCKMTMR: Sleep with expired managed timer 60B380CC, time 0x1458758 
(00:00:00 ago).

The LECS failover process will proceed normally. Ignore this message because this problem has not been seen in other releases.

CSCdr92553

On Catalyst 6500 series ATM modules that are running software Release 12.1(4)E2 and have QoS enabled LECs, a new QoS VCC may not be established if you change the QoS parameters in the QoS database.

Workaround: Enter the clear cam dynamic <vlanid> command on the Catalyst 6500 series switch.

CSCds89706

If you enter the show interface command on a WS-X6101 running Release 12.1(2).E1, EOBC displays for the Eth0 interface.

CSCds53191

The following message may appear three times when the Catalyst 6500 series 6500 series ATM module boots up:

Preferred Phy: Phy A is already Selected. 

These repetitions are harmless and can be ignored.

CSCds07238

According to RFC 1573, support for 64-bit octet counters in the ifXTable is required for the ATM module interfaces. Currently, 32-bit counters in the ifTable are supported. Support for the corresponding 64-bit counter variables is missing.

CSCds61726

On the Catalyst 6500 series ATM modules that are running Release 12.1(5a)E3 and have QoS-enabled LECs, if you move the LECs from QoS capable mode to non-QoS capable mode, it is possible that the LECs continue to use the UBR+ VCC instead of reverting to the UBR VCC.

Workaround: Enter the clear cam dynamic vlanid command on the Catalyst 6500 series switch.

CSCdt07421

Under the following rare circumstances, the Catalyst 6500 series supervisor engine might reset the WS-X6101 ATM module:

If a WS-X6101 module configured with 2500 PVCs is rebooted

If the shutdown and no shutdown commands are entered on a major WS-X6101 module ATM interface configured with 100 LECs.

If you attempt to create more than 8000 MPOA cache entries.

Resolved Caveats in Release 12.1(6)E8

CSCdw65903

An error can occur with management protocol processing. Use the following URL for further information:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetailshttp://www.cisco.com/pcgi-bin/bugtool/onebug.pl?bugid=CSCdw65903bugId=CSCdw65903

Release 12.1(5c)E12

These sections describe the open and resolved caveats in Release 12.1(5c)E12:

Open Caveats in Release 12.1(5c)E12

Resolved Caveats in Release 12.1(5c)E12

Open Caveats in Release 12.1(5c)E12

CSCdm63182

The clear counters command does not clear the counters if the ATM interface is in shutdown state.

CSCdp01159

The CLI allows you to set the MTU size to 1500, 4528, and 9218 bytes, but the only supported MTU size is 1500. The ATM module will accept a command setting MTU to a size other than 1500, but this command will have no effect, and the MTU size will remain at 1500.

CSCdp07319

This message might appear after a LECS failover:

%SCHED-3-STUCKMTMR: Sleep with expired managed timer 60B380CC, time 0x1458758 
(00:00:00 ago).

The LECS failover process will proceed normally. Ignore this message because this problem has not been seen in other releases.

CSCdr92553

On the Catalyst 6500 series ATM modules that are running Release 12.1(4)E2 and have QoS-enabled LECs, a new QoS VCC may not be established if you change the QoS parameters in the QoS database.

Workaround: Enter the clear cam dynamic vlanid command on the Catalyst 6500 series switch.

CSCds89706

If you enter the show interface command on a WS-X6101 running Release 12.1(2).E1, EOBC displays for the Eth0 interface.

CSCds53191

The following error message may appear three times when the Catalyst 6500 series ATM module boots up:

Preferred Phy: Phy A is already Selected. 

These repetitions are harmless and can be ignored.

CSCds07238

According to RFC 1573, support for 64-bit octet counters in the ifXTable is required for the ATM module interfaces. Currently, 32-bit counters in the ifTable are supported. Support for the corresponding 64-bit counter variables is missing.

CSCds61726

On Catalyst 6500 series ATM modules that are running Release 12.1(5a)E3 and have QoS enabled LECs, if you move the LECs from QoS capable mode to non-QoS capable mode, it is possible that the LECs continue to use the UBR+ VCC instead of reverting to the UBR VCC.

Workaround: Enter the clear cam dynamic <vlanid> command on the Catalyst family switch.

CSCdt07421

Under the following rare circumstances, the Catalyst 6500 series supervisor engine might reset the WS-X6101 ATM module:

If a WS-X6101 module configured with 2500 PVCs is rebooted.

If the shutdown and no shutdown commands are entered on a major WS-X6101 module ATM interface configured with 100 LECs.

If you attempt to create more than 8000 MPOA cache entries.

Resolved Caveats in Release 12.1(5c)E12

CSCdw65903

An error can occur with management protocol processing. Use the following URL for further information:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetailshttp://www.cisco.com/pcgi-bin/bugtool/onebug.pl?bugid=CSCdw65903bugId=CSCdw65903

This problem has been fixed in Release 12.1(5c)E12.

Release 12.1(5c)E10

These sections describe the open and resolved caveats in Release 12.1(5c)E10:

Open Caveats in Release 12.1(5c)E10

Resolved Caveats in Release 12.1(5c)E10

Open Caveats in Release 12.1(5c)E10

CSCdm63182

The clear counters command does not clear the counters if the ATM interface is in shutdown state.

CSCdp01159

The CLI allows you to set the MTU size to 1500, 4528, and 9218 bytes, but the only supported MTU size is 1500. The ATM module will accept a command setting MTU to a size other than 1500, but this command will have no effect, and the MTU size will remain at 1500.

CSCdp07319

This message might appear after a LECS failover:

%SCHED-3-STUCKMTMR: Sleep with expired managed timer 60B380CC, time 0x1458758 
(00:00:00 ago).

The LECS failover process will proceed normally. Ignore this message because this problem has not been seen in other releases.

CSCdr92553

On the Catalyst 6500 series ATM modules that are running software Release 12.1(4)E2 and have QoS-enabled LECs, a new QoS VCC may not be established if you change the QoS parameters in the QoS database.

Workaround: Enter the clear cam dynamic vlanid command on the Catalyst 6500 series switch.

CSCds89706

If you enter the show interface command on a WS-X6101 running Release 12.1(2).E1, EOBC displays for the Eth0 interface.

CSCds53191

The following message may appear three times when the Catalyst 6500 series ATM module boots up:

Preferred Phy: Phy A is already Selected. 

These repetitions are harmless and can be ignored.

CSCds07238

According to RFC 1573, support for 64-bit octet counters in the ifXTable is required for the ATM module interfaces. Currently, 32-bit counters in the ifTable are supported. Support for the corresponding 64-bit counter variables is missing.

CSCds61726

On Catalyst 6500 series ATM modules that are running Release 12.1(5a)E3 and have QoS enabled LECs, if you move the LECs from QoS capable mode to non-QoS capable mode, it is possible that the LECs continue to use the UBR+ VCC instead of reverting to the UBR VCC.

Workaround: Enter the clear cam dynamic <vlanid> command on the Catalyst family switch.

CSCdt07421

Under the following rare circumstances, the Catalyst 6500 series supervisor engine might reset the WS-X6101 ATM module:

If a WS-X6101 module configured with 2500 PVCs is rebooted.

If the shutdown and no shutdown commands are entered on a major WS-X6101 module ATM interface configured with 100 LECs.

If you attempt to create more than 8000 MPOA cache entries.

Resolved Caveats in Release 12.1(5c)E10

CSCdt70983

ATM modules WS-X6101-OC12-SMF and WS-X6101-OC12-MMF on the Catalyst 6500 series platform have failed the diagnostics test (L4A, data loopback test) at high voltage and 0 degree Celsius. Under these conditions, the data path may be affected. There is no workaround for this problem. This problem has been fixed in Release 12.1(5c)E10.

CSCds04747

Cisco Security Advisory:

Cisco IOS Software TCP Initial Sequence Number Randomization Improvements

Revision 1.0: INTERIM

For Public Release 2001 February 27 20:00 US/Eastern (UTC+0500)

_________________________________________________________________

Summary

Cisco IOS software contains a flaw that permits the successful prediction of TCP Initial Sequence Numbers.

This vulnerability is present in all released versions of Cisco IOS software running on Cisco routers and switches. It only affects the security of TCP connections that originate or terminate on the affected Cisco device itself; it does not apply to TCP traffic forwarded through the affected device in transit between two other hosts.

To remove the vulnerability, Cisco is offering free software upgrades for all affected platforms. The defect is described in the DDTS record.

Workarounds are available that limit or deny successful exploitation of the vulnerability by filtering traffic containing forged IP source addresses at the perimeter of a network or directly on individual devices. This notice will be posted at http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml.

CSCdr59314, CSCdr61016, CSCds32217

Cisco Security Advisory:

Cisco IOS Software Multiple SNMP Community String Vulnerabilities

Revision 1.0: INTERIM

For Public Release 2001 February 27 20:00 US/Eastern (UTC+0500)

_________________________________________________________________

Summary

Multiple Cisco IOS software and CatOS software releases contain several independent but related vulnerabilities involving the unexpected creation and exposure of SNMP community strings. These vulnerabilities can be exploited to permit the unauthorized viewing or modification of affected devices.

To remove the vulnerabilities, Cisco is offering free software upgrades for all affected platforms. The defects are documented in DDTS records CSCds32217, CSCds16384, CSCds19674, CSCdr59314, CSCdr61016, and CSCds49183.

In addition to specific workarounds for each vulnerability, affected systems can be protected by preventing SNMP access.

This notice will be posted at http://www.cisco.com/warp/public/707/ios-snmp-community-vulns-pub.shtml.

CSCdp11863

Cisco Security Advisory:

Cisco IOS Software SNMP Read-Write ILMI Community String Vulnerability

Revision 1.0: INTERIM

For Public Release 2001 February 27 04:00 US/Eastern (UTC+0500)

_______________________________________________________________

Summary

Cisco IOS software releases based on versions 11.x and 12.0 contain a defect that allows a limited number of SNMP objects to be viewed and modified without authorization using a undocumented ILMI community string. Some of the modifiable objects are confined to the MIB-II system group, (such as "sysContact," "sysLocation," and "sysNam,") that do not affect the device's normal operation but that may cause confusion if modified unexpectedly. The remaining objects are contained in the LEC and PNNI MIBs, and modification of those objects may affect ATM configuration. An affected device might be vulnerable to a denial-of-service attack if it is not protected against unauthorized use of the ILMI community string.

The vulnerability is only present in certain combinations of Cisco IOS releases on Cisco routers and switches. ILMI is a necessary component for ATM, and the vulnerability is present in every Cisco IOS release that contains the supporting software for ATM and ILMI without regard to the actual presence of an ATM interface or the physical ability of the device to support an ATM connection.

To remove this vulnerability, Cisco is offering free software upgrades for all affected platforms. The defect is documented in DDTS record CSCdp11863.

In lieu of a software upgrade, a workaround can be applied to certain Cisco IOS releases by disabling the ILMI community or "*ilmi" view and applying an access list to prevent unauthorized access to SNMP. Any affected system, regardless of software release, may be protected by filtering SNMP traffic at a network perimeter or on individual devices.

This notice will be posted at http://www.cisco.com/warp/public/707/ios-snmp-ilmi-vuln-pub.shtml.

CSCdr54230

A Border Gateway Protocol (BGP) update contains Network Layer Reachability Information (NLRI) and attributes that describe the path to the destination. Each path attribute is a type, length, value (TLV) object.

The type is a two-octet field that includes the attribute flags and the type code. The fourth high-order bit (bit 3) of the attribute flags is the extended length bit. It defines whether the attribute length is one octet (if set to 0) or two octets (if set to 1). The extended length bit is used only if the length of the attribute value is greater than 255 octets.

The AS_PATH (type code 2) is represented by a series of TLVs (or path segments). The path segment type indicates whether the content is an AS_SET or AS_SEQUENCE. The path segment length indicates the number of autonomous systems in the segment. The path segment value contains the list of autonomous systems (each autonomous system is represented by two octets).

The total length of the attribute depends on the number of path segments and the number of autonomous systems in them. For example, if the AS_PATH contains only an AS_SEQUENCE, then the maximum number of autonomous systems (without having to use the extended length bit) is 126 [= (255-2)/2]. If the update is propagated across an autonomous system boundary, then the local Abstract Syntax Notation (ASN) must be appended and the extended length bit used.

The problem was caused by the mishandling of the operation during which the length of the attribute was truncated to only one octet. Because of the internal operation of the code, the receiving border router would not be affected, but its iBGP peers would detect the mismatch and issue a notification message (update malformed) to reset their session.

The average maximum AS_PATH length in the Internet is between 15 and 20 autonomous systems, so there is no need to use the extended length. The failure was discovered because of a malfunction in the BGP implementation of another vendor. There is no workaround.

(Part of the text was taken from RFD 1771.)

CSCdr54231

When BGP sessions get reset, currently, with lob neighbor-changes, the even is errlogged. However, to find out the reasons as to why there was a reset, one has to turn on the debugs. This fix will automatically errlog the notification message when the sessions are reset. This feature will be turned on by the same log neighbor-changes knob.

Release 12.1(5a)E3

These sections describe the open and resolved caveats in Catalyst 6000 ATM Release 12.1(5a)E3:

Open Caveats in Release 12.1(5a)E3

Resolved Caveats in Release 12.1(5a)E3

Open Caveats in Release 12.1(5a)E3

CSCdm63182

The clear count command does not clear the counters if the ATM interface is in shutdown state.

CSCdp01159

The CLI allows you to set the MTU size to 1500, 4528, and 9218 bytes, but the only supported MTU size is 1500. The module will accept a command setting MTU to a size other than 1500, but this command will have no effect and the MTU size will remain at 1500.

CSCdp07319

This error message might appear after an LECS failover:

%SCHED-3-STUCKMTMR: Sleep with expired managed timer 60B380CC, time 0x1458758 
(00:00:00 ago).

The LECS failover process will proceed normally. Ignore this message. CSCdp07319 has not been seen in other releases.

CSCds61726

On the Catalyst 6500 series ATM modules that are running software Release 12.1(4)E2 and have QoS-enabled LECs, if you move the LECs from QoS capable mode to non-QoS capable mode, it is possible that the LECs continue to use the UBR+ VCC instead of reverting to the UBR VCC.

Workaround: Enter the clear cam dynamic <vlanid> command on the Catalyst family switch.

CSCdr92553

On the Catalyst 6500 series ATM modules that are running software Release 12.1(4)E2 and have QoS-enabled LECs, a new QoS VCC may not be established if you change the QoS parameters in the QoS database.

Workaround: Enter the clear cam dynamic vlanid command on the Catalyst 6500 series switch.

CSCds07238

According to RFC 1573, support for 64-bit octet counters in the ifXTable is required for the ATM module interfaces. Currently, 32-bit counters in the ifTable are supported. Support for the corresponding 64-bit counter variables is missing.

CSCds53191

The following error message may appear three times when the Catalyst 6500 series ATM module boots up:

Preferred Phy: Phy A is already Selected. 

These repetitions are harmless and can be ignored.

CSCds89706

If you enter the show interface command on a WS-X6101 running software version 12.1(2).E1, EOBC displays for the Eth0 interface.

CSCdt07421

Under the following rare circumstances, the Catalyst 6500 series supervisor engine might reset the WS-X6101 ATM module:

If a WS-X6101 module configured with 2500 PVCs is rebooted.

If the shutdown and no shutdown commands are entered on a major WS-X6101 module ATM interface configured with 100 LECs.

If you attempt to create more than 8000 MPOA cache entries.

Resolved Caveats in Release 12.1(5a)E3

CSCdt01125

After a switchover to the redundant supervisor engine, the ifIndex for the ATM interface changes, and there are duplicate entries in the ifTable for the interfaces corresponding to the dual PHY (PHY A and PHY B).

CSCdt05579

The password recovery procedure is broken on the Catalyst 6500 series ATM modules.

CSCds74471

Under rare conditions, a QoS-configured LAN Emulation Client (LEC) might drop packets.

Workaround: Assuming the name of the QoS Database is "qosdb" and the problem applies to a LEC on atm subinterface 5, perform the following task:

ATM#configure terminal
ATM(config)#interface a0.5
ATM(config-subif)#no lane client qos qosdb
ATM(config-subif)#shutdown
ATM(config-subif)#no shutdown
ATM(config-subif)#lane client qos qosdb 

CSCds67847

On the Catalyst 6500 series ATM modules running Release 12.1(2)E3 and later, the show lane le-arp brief command may display incorrect counters.

Release 12.1(4)E2

These sections describe the open and resolved caveats in Release 12.1(4)E2:

Open Caveats in Release 12.1(4)E2

Resolved Caveats in Release 12.1(4)E2

Open Caveats in Release 12.1(4)E2

CSCds74471

Under rare conditions, a QoS configured LAN Emulation Client (LEC) might drop packets.

Workaround: Assuming the name of the QoS Database is "qosdb" and the problem applies to a LEC on atm subinterface 5, perform the following task:

ATM#configure terminal
ATM(config)#interface a0.5
ATM(config-subif)#no lane client qos qosdb
ATM(config-subif)#shutdown
ATM(config-subif)#no shutdown
ATM(config-subif)#lane client qos qosdb 

CSCdm63182

The clear count command does not clear the counters if the ATM interface is in shutdown state.

CSCdp01159

The CLI allows you to set the MTU size to 1500, 4528, and 9218 bytes, but the only supported MTU size is 1500. The module will accept a command setting MTU to a size other than 1500, but this command will have no effect and the MTU size will remain at 1500.

CSCds61726

On the Catalyst 6500 series ATM modules that are running Release 12.1(4)E2 and have QoS-enabled LECs, if you move the LECs from QoS capable mode to non-QoS capable mode, it is possible that the LECs continue to use the UBR+ VCC instead of reverting to the UBR VCC.

Workaround: Enter the clear cam dynamic vlanid command on the Catalyst 6500 series switch.

CSCds92553

On the Catalyst 6500 series ATM modules that are running Release 12.1(4)E2 and have QoS-enabled LECs, if you change the QoS parameters in the QoS database, a new QoS VCC may not be established.

Workaround: Enter the clear cam dynamic vlanid command on the Catalyst6500 series switch.

CSCds67847

On Catalyst 6500 series ATM modules running Release 12.1(2)E3 and later, the show lane le-arp brief command may display incorrect counters.

CSCds07238

According to RFC 1573, support for 64-bit octet counters in the ifXTable is required for the ATM module interfaces. Currently, 32-bit counters in the ifTable are supported. Support for the corresponding 64-bit counter variables is missing.

CSCds53191

The following message may appear three times at startup on the Catalyst 6500 series ATM module:

Preferred Phy: Phy A is already Selected. 

These repetitions are harmless and can be ignored.

Resolved Caveats in Release 12.1(4)E2

CSCds84888

On Cisco Routers and Catalyst 6500 series ATM modules running Release 12.1(4)E, the PCR and MCR values that are configured in the LANE QoS database are considered to be User Data Rates but should be considered as Line Rates to prevent incompatibility in the show atm vc command output.

CSCds67844

In rare conditions, entering the clear counters command continuously without at least a 10-15 second break between command entries might cause the WS-X6101 ATM module to reset.

CSCdp42375

Cisco IOS software requires LECs to join ELANs as LANE Version 2 compliant LECs. This causes interoperability problems with third-party LANE Version 1 LECs. The new lane client version 1 command has been added to resolve this problem. This command can be entered in interface configuration mode so that LECs can be configured to join as LANE Version 1 compliant. By default, the LECs are Version 2 compliant.

CSCdj57154

The current VC counters value displayed by the show interface atm0 and the show atm interface atm0 commands are incorrect. Enter the show atm vc command instead.

CSCds37204

Under heavy traffic conditions, the WS-X6101 module may not respond to the Marconi switch poll in a timely manner, and ILMI signaling will be restarted. This will also cause the SSCOP signaling to restart and all VCs to be torn down.

Workaround: Install a Cisco switch between the WS-X6101 and the Marconi switch.

CSCds36615

SNMPwalk for ifIndex on a Catalyst 6509 switch lists all of the interfaces, but when it gets to the ATM OC-12 interface on an WS-X6101-OC12-MMF running Release 12.1(2)E3, it goes into a loop.

CSCds19599

Password recovery on the WS-X6101-OC12 module fails in Release 12.1(2)E3. The module continues to configure from memory even though the configuration register is set to ignore NVRAM. This problem has been fixed so that the NVRAM configuration can be skipped by using the appropriate configuration register setting.

CSCds51952

When 1483 bridged PVCs are configured on the Catalyst 6500 series ATM module, it is possible to send packets with or without FCS enabled. The required CLI is the atm 1483pvc fcs enable command. The default behavior is to send packets with FCS. To disable this behavior, enter the no atm 1483pvc fcs enable interface command.

CSCds12067

In Release 12.1(2)E3, the boot command is missing in global configuration mode. Consequently, the boot variable cannot be set. If the NVRAM configuration file contains a boot command, and the first image in the bootflash is Release 12.1(2)E3, the boot command will be ignored and the module will boot up with the 12.1(2)E3 image.

Workaround: This problem did not exist in Releases 12.0(5)XS and 12.0(5)XS1, and it has been fixed in Release 12.1(4)E2. Having any of these images as the first image in the bootflash will allow the boot command to be recognized during startup.

Release 12.1(2)E2

These sections describe the open and resolved caveats in Release 12.1(2)E2:

Open Caveats in Release 12.1(2)E2

Resolved Caveats in Release 12.1(2)E2

Open Caveats in Release 12.1(2)E2

CSCdj57154

The current VC counters value displayed by the show interface atm0 and the show atm interface atm0 commands are incorrect. Enter the show atm vc command instead.

CSCdm63182

The clear count command does not clear the counters if the ATM interface is in shutdown state.

CSCdp01159

The CLI allows you to set the MTU size to 1500, 4528, and 9218 bytes, but the only supported MTU size is 1500. The ATM module will accept a command setting MTU to a size other than 1500, but this command will have no effect and the MTU size will remain at 1500.

CSCdp07319

This message might appear after an LECS failover:

%SCHED-3-STUCKMTMR: Sleep with expired managed timer 60B380CC, time 0x1458758 
(00:00:00 ago).

The LECS failover process will proceed normally. Ignore this message because this problem has not been seen in other releases.

CSCdp42375

Cisco IOS software requires LECs to join ELANs as LANE Version 2 compliant LECs causing interoperability problems with third-party LANE Version 1 LECs.

Resolved Caveats in Release 12.1(2)E2

CSCdw65903

An error can occur with management protocol processing. Use the following URL for further information:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetailshttp://www.cisco.com/pcgi-bin/bugtool/onebug.pl?bugid=CSCdw65903bugId=CSCdw65903

This problem is resolved in Release 12.1(10)E4.

Release 12.1(2)E1

These sections describe the open and resolved caveats in Release 12.1(2)E1:

Open Caveats in Release 12.1(2)E1

Resolved Caveats in Release 12.1(2)E1

Open Caveats in Release 12.1(2)E1

CSCdj57154

The current VC counters value displayed by the show interface atm0 and the show atm interface atm0 commands are incorrect. Enter the show atm vc command instead.

CSCdm63182

The clear count command does not clear the counters if the ATM interface is in shutdown state.

CSCdp01159

The CLI allows you to set the MTU size to 1500, 4528, and 9218 bytes, but the only supported MTU size is 1500. The ATM module will accept a command setting MTU to a size other than 1500, but this command will have no effect and the MTU size will remain at 1500.

CSCdp07319

This message might appear after an LECS failover:

%SCHED-3-STUCKMTMR: Sleep with expired managed timer 60B380CC, time 0x1458758 
(00:00:00 ago).

The LECS failover process will proceed normally. Ignore this message because this problem has not been seen in other releases.

CSCdp42375

Cisco IOS software requires LECs to join ELANs as LANE Version 2 compliant LECs causing interoperability problems with third-party LANE Version 1 LECs.

Resolved Caveats in Release 12.1(2)E1

CSCdm84992

The Fast Simple Server Redundancy Protocol (FSSRP) feature might not be completely disabled when you enter the no lane fssrp command.

CSCdr06796

The CLI does not allow users to disable the LEC LE-Flush mechanism. The new [no] lane client flush command has been added in Release 12.1(2)E1 to resolve this problem.

CSCdr36952

A defect in multiple versions of Cisco IOS software will cause a Cisco router or switch to stop and reload if you enable the Cisco IOS HTTP service and attempt to browse to http://&lt;router-ip. Thisdefect can be exploited to produce a denial of service (DoS) attack. This defect has been discussed on public mailing lists and should be considered public information.

The vulnerability, identified as Cisco bug ID CSCdr36952, affects virtually all mainstream Cisco routers and switches running Cisco IOS Release 11.1 through Release 12.1. The vulnerability has been corrected and Cisco is making fixed versions available to replace all affected Cisco IOS releases. Customers are urged to upgrade to releases that are not vulnerable to this defect.

Workaround: Nullify the vulnerability by disabling the Cisco IOS HTTP server, by preventing access to the port in use by the HTTP server on the affected router or switch, or by applying an access-class option to the service itself. The Cisco IOS HTTP server is not enabled by default except on a small number of router models in specific circumstances.

You can access the latest complete version of this security advisory at the following World Wide Web site: http://www.cisco.com/warp/public/707/ioshttpserver-pub.shtml.

Release 12.0(5)XS2

These sections describe the open and resolved caveats in Catalyst 5000 ATM Release 12.1(2)E:

Open Caveats in Release 12.0(5)XS2

Resolved Caveats in Release 12.0(5)XS2

Open Caveats in Release 12.0(5)XS2

None.

Resolved Caveats in Release 12.0(5)XS2

CSCdw65903

An error can occur with management protocol processing. Use the following URL for further information:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetailshttp://www.cisco.com/pcgi-bin/bugtool/onebug.pl?bugid=CSCdw65903bugId=CSCdw65903

Related Documentation

For additional information on Catalyst 6500 series switches and command-line interface (CLI) commands, refer to the Catalyst 6500 Series Switch Software Configuration Guide, the ATM Configuration Guide and Command Reference: Catalyst 6000 and 5000 Family Switches, the Catalyst 5000 Family Switch Command Reference, and the Catalyst 6500 Series Switch Command Reference publications.

For detailed hardware configuration and maintenance procedures, refer to the Catalyst 6500 Series Switch Installation Guide.

For additional information on Cisco IOS commands, refer to the Configuration Fundamentals Command Reference publication.

Notices

The following notices pertain to this software license.

OpenSSL/Open SSL Project

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).

This product includes software written by Tim Hudson (tjh@cryptsoft.com).

License Issues

The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org.

OpenSSL License:

Copyright © 1998-2007 The OpenSSL Project. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".

4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact openssl-core@openssl.org.

5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project.

6. Redistributions of any form whatsoever must retain the following acknowledgment:

"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT "AS IS"' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com).

Original SSLeay License:

Copyright © 1995-1998 Eric Young (eay@cryptsoft.com). All rights reserved.

This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).

The implementation was written so as to conform with Netscapes SSL.

This library is free for commercial and non-commercial use as long as the following conditions are adhered to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com).

Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgement:

"This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)".

The word `cryptographic' can be left out if the routines from the library being used are not cryptography-related.

4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: "This product includes software written by Tim Hudson (tjh@cryptsoft.com)".

THIS SOFTWARE IS PROVIDED BY ERIC YOUNG "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

The license and distribution terms for any publicly available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution license [including the GNU Public License].

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What's New in Cisco Product Documentation as an RSS feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service. Cisco currently supports RSS Version 2.0.