THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
Revision | Publish Date | Comments |
---|---|---|
1.0 |
26-Jan-18 |
Initial Release |
1.1 |
26-Jan-18 |
update workaround section |
Affected OS Type | Affected Release | Affected Release Number | Comments |
---|---|---|---|
NON-IOS |
1.1 |
1.1(4g), 1.1(4e), 1.1(2i), 1.1(4m), 1.1(4f), 1.1(4l), 1.1(1s), 1.1(2h), 1.1(3f), 1.1(1o), 1.1(4i), 1.1(1r), 1.1(1j) |
Affected Cisco ACI software versions with AVS: ACI software versions prior to 2.3 or ACI 2.3 onward if upgraded from prior to 2.3 version |
NON-IOS |
2.1 |
2.1(2g), 2.1(3j), 2.1(1h), 2.1(2k), 2.1(1i), 2.1(3h), 2.1(2e), 2.1(3g) |
Affected Cisco ACI software versions with AVS: ACI software versions prior to 2.3 or ACI 2.3 onward if upgraded from prior to 2.3 version |
NON-IOS |
2.2 |
2.2(3r), 2.2(2e), 2.2(3s), 2.2(2j), 2.2(2k), 2.2(2q), 2.2(2f), 2.2(2i), 2.2(1n), 2.2(1o), 2.2(3p), 2.2(3j) |
Affected Cisco ACI software versions with AVS: ACI software versions prior to 2.3 or ACI 2.3 onward if upgraded from prior to 2.3 version |
Defect ID | Headline |
---|---|
CSCvh70579 | Odev cert doesn't get updated to site based cert after fabric upgrade |
Cisco has recently identified an SSL certificate defect, documented in Cisco bug ID CSCvh70579, that could potentially affect customers that run Cisco Application Virtual Switch (AVS) with Cisco Application Centric Infrastructure (ACI).
Virtual machines on a VMware ESXi host that runs on Cisco AVS might lose connectivity to the network after any of these events:
After any of these events, Cisco AVS might use an invalid or expired SSL certificate in order to authenticate with the ACI infrastructure and will not be able to establish a connection. This will cause all the virtual machines on that particular ESXi host to lose network connectivity.
The virtual machines on that particular ESXi host will lose network connectivity.
The affected Cisco ACI software versions with AVS are:
The unaffected Cisco ACI software versions with Cisco AVS are:
If you run the affected software versions, open a Technical Assistance Center (TAC) case in order to resolve the issue. Cisco TAC Engineers will use root access to check the validity of the SSL certificate. If the SSL certificate is invalid, Cisco TAC will update the SSL certificate in Application Policy Infrastructure Controller (APIC). It is recommended to perform this procedure in a maintenance window. If you are not able to determine the affected version, open a support ticket and Cisco TAC will validate your deployment and complete the necessary fixes if required. This process does not require any upgrades on APIC, the switch, or AVS.
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Cisco Notification Service—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.