Cisco Intelligent Gigabit Ethernet Switch Module firmware update v12.122EA13 - IBM BladeCenter

Download Description

• New IBM xSeries firmware and device driver file naming convention

Change history

Severity: Suggested

27 Feb 2009

• CSCsi13344
  Three separate Cisco IOS Hypertext Transfer Protocol (HTTP) cross-site scripting (XSS) vulnerabilities and a cross-site request forgery (CSRF) vulnerability have been reported to Cisco by three independent researchers. The Cisco Security Response is posted at the following link: http://www.cisco.com/warp/public/707/cisco-sr-20090114-http.shtml
• CSCsm27071
  • Symptoms: Memory leak occurs with certain socket applications.
  • Conditions: Occurs with the skinny socket server process after repeated rejected phone registrations.
  • Workaround: There is no workaround.
• CSCsr45344
  During IEEE 802.1x authentication with VLAN assignment, if the VLAN from the Cisco Access Control Server (ACS) is the same as the access VLAN on the switch and if you configure a port as unidirectional by using the dot1x control-direction in interface configuration command, the VLAN is successfully assigned to the switch.
• CSCsr72301
  Three separate Cisco IOS Hypertext Transfer Protocol (HTTP) cross-site scripting (XSS) vulnerabilities and a cross-site request forgery (CSRF) vulnerability have been reported to Cisco by three independent researchers. The Cisco Security Response is posted at the following link: http://www.cisco.com/warp/public/707/cisco-sr-20090114-http.shtml
• CSCsr92741
  • Symptoms: When a TCP packet with all fields set “zero” (at a TCP level) is sent to a remote router (whether using IPv4 and IPv6). The destination router (to which the destination ip belongs), will send a ACK/RST flag set TCP packet back to the source.
  • Workaround: CoPP, FPM and other mechanisms can be used to mitigate and protect against these
    packets.
• CSCsu39185
  If you use the archive upload-sw privileged EXEC command to upload a software image to the server and then use the archive download-sw privileged EXEC command to download a new image from a TFTP server to the switch, the new image is now downloaded to the switch.
• CSCsu68694
  If an ACL is applied to an interface and then a policy map is applied to it, the ACL and the policy map both take effect.
• CSCsv05934
  • Summary: Cisco's VTP protocol implementation in some versions of Cisco IOS and CatOS may be vulnerable to a DoS attack via a specially crafted VTP packet sent from the local network segment when operating in either server or client VTP mode. When the device receives the specially crafted
    VTP packet, the switch may crash (and reload/hang). The crafted packet must be received on a switch interface configured to operate as a trunk port.
  • Workarounds: There are no workarounds available for this vulnerability.
• CSCsv73509
  • Symptoms: If no aaa new-model is configured, authentication occurs through the local even when TACACS is configured. This happens for EXEC users under the VTY configuration.
  • Conditions: The symptom is observed when you configure no aaa new-model; configure login local under line vty 0 4; and configure login tacacs under line vty 0 4.
  • Workaround: There is no workaround.
• CSCsw44728
  The %CDP-4-DUPLEX_MISMATCH message no longer appears when loopback detection is enabled on the port.
• CSCsx70215
  During IEEE 802.1x authentication, the time value in the 044 Acct-Session-Id attribute is now the same for the RADIUS accounting START and STOP events.
• CSCse85652
  • Symptom: The Cisco IOS HTTP server and the Cisco IOS HTTPS server provide web server functionality to be used by other Cisco IOS features that require it to function. For example, embedded device managers available for some Cisco IOS devices need the Cisco IOS HTTP server or the Cisco
    IOS HTTPS server to be enabled as a prerequisite. One of the functionalities provided by the Cisco IOS HTTP server and the Cisco IOS HTTPS
    server is the WEB_EXEC module, which is the HTTP-based IOS EXEC Server. The WEB_EXEC module allows for both show and configure commands to be executed on the device through requests sent over the HTTP protocol. Both the Cisco IOS HTTP server and the Cisco IOS HTTPS server use the locally configured enable password (configured by using the enable password or enable secret commands) as the default authentication mechanism for any request received. Other mechanisms can also be configured to authenticate requests to the HTTP or HTTPS interface. Some of those
    mechanisms are the local user database, an external RADIUS server or an external TACACS+ server. If an enable password is not present in the device configuration, and no other mechanism has been configured to authenticate requests to the HTTP interface, the Cisco IOS HTTP server and the Cisco IOS HTTPS server may execute any command received without requiring authentication. Any commands up to and including commands that require privilege level 15 might then be executed on the device. Privilege level 15 is the highest privilege level on Cisco IOS devices.
  • Conditions: For a Cisco IOS device to be affected by this issue all of the following conditions must be met:
    • An enable password is not present in the device configuration.
    • Either the Cisco IOS HTTP server or the Cisco IOS HTTPS server is enabled.
    • No other authentication mechanism has been configured for access to the Cisco IOS HTTP server or Cisco IOS HTTPS server. Such mechanisms might include the local user database, RADIUS (Remote Authentication Dial In User Service), or TACACS+ (Terminal Access Controller Access-Control System).
    • The Cisco IOS HTTP server is enabled by default on some Cisco IOS releases.
  • Workaround: Any of the following workarounds can be implemented:
    • Enabling authentication of requests to the Cisco IOS HTTP Server or the Cisco IOS HTTPS server by configuring an enable password. Customers requiring the functionality provided by the Cisco IOS HTTP server or the Cisco IOS HTTPS server must configure an authentication mechanism for any requests received. One option is to use the enable password or enable secret commands to configure an enable password. The enable password is the default authentication mechanism used by both the Cisco IOS HTTP server and the Cisco IOS HTTPS server if no other method has been configured. In order to configure an enable password by using the enable secret command, add the following line to the device configuration: enable secret mypassword Replace mypassword with a strong password of your choosing. For guidance on selecting strong passwords, please refer to your site security policy. The document entitled “Cisco IOS Password Encryption Facts” explains the differences between using the enable secret and the enable password commands to configure an enable password. This document is available at the following link: http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00809d38a7.shtml
    • Enabling authentication of requests to the Cisco IOS HTTP Server or the Cisco IOS HTTPS server by configuring an authentication mechanism other than the default. Configure an authentication mechanism for access to the Cisco IOS HTTP server or the Cisco IOS HTTPS server other than the default. Such authentication mechanism can be the local user database, an external RADIUS server, an external TACACS+ server or a previously defined AAA (Authentication, Authorization and Accounting) method. As the procedure to enable an authentication mechanism for the Cisco IOS HTTP server and the Cisco IOS HTTPS server varies across Cisco IOS releases and considering other additional factors, no example will be provided. Customers looking for information about how to configure an authentication mechanism for the Cisco IOS HTTP server and for the Cisco IOS HTTPS server are encouraged to read the document entitled “AAA Control of the IOS HTTP Server”, which is available at the following link: http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a008069bdc5.shtml
    • Disabling the Cisco IOS HTTP Server and/or the Cisco IOS HTTPS server functionality Customers who do not require the functionality provided by the Cisco IOS HTTP server or the Cisco IOS HTTPS server can disable it by adding the following commands to the device configuration:
      
      no ip http server
      
      no ip http secure-server
      
      The second command might return an error message if the Cisco IOS version installed and running on the device does not support the HTTPS server feature. This error message is harmless and can safely be ignored. Please be aware that disabling the Cisco IOS HTTP server or the Cisco IOS HTTPS server may impact other features that rely on it. As an example, disabling the Cisco IOS HTTP server or the Cisco IOS HTTPS server will disable access to any embedded device manager installed on the device.

15 July 2008 Version 12.1(22)EA12 - cigesm-i6q4l2-tar.121-22.EA12.tar and cigesm-i6k2l2q4-tar.121-22.EA12.tar

This release resolves the following issues:

• CSCsl63734
  When the Cisco IGESM switch is connected to AMM and both are in protected mode, the link no longer remains down after the AMM reboots.
• CSCso23104
  This error message no longer appears when you log in to the switch: SCHAN ERROR INTR: unit=0 SRC=13 DST=15 OPCODE=20 ERRCODE=66
• CSCso70964
  You can now save the no errdisable detect cause DHCP-rate-limit global configuration command to the switch saved configuration
• CSCsq92719
  AutoQoS uses incorrect voice signaling (DSCP 26 used not 24). This should not have any impact on CIGESM, as it does not carry VOIP traffic (under normal and expected conditions).

11 January 2008 Version 12.1(22)EA11 - cigesm-i6q4l2-tar.121-22.EA11.tar and cigesm-i6k2l2q4-tar.121-22.EA11.tar

This release resolves the following issues:

• CSCsi53397
  You can now read from and write to the BRIDGE-MIB by using the mst-n suffix.
• CSCsk12508
  The output from the show interface interface-id command for input broadcast packets includes information for both broadcast and multicast packets.
• CSCsk27547
  A switch with a two-port EtherChannel no longer drops packets when one of the channels is shut down. (In previous releases, this occurred when one of the channels was configured as access mode in VLAN 1.)
• CSCsi19656
  When the MIB object c2900PortAdminSpeed is set to a value of 1 (auto), these two commands are no longer automatically configured on that interface:switchport port-security aging type inactivityswitchport port-security aging static

07 August 2007 Version 12.1(22)EA10a - cigesm-i6q4l2-tar.121-22.EA10a.tar and cigesm-i6k2l2q4-tar.121-22.EA10a.tar

This release resolves the following issues:

• CSCsi92350
  The switch no longer might reload with a signal 10 exception.
• CSCsj15899
  When an IEEE (Institute of Electrical and Electronics Engineers) 802.1x-enabled interface has MAC (Media Access Control)authentication bypass (MAB) and guest VLAN enabled and the multiple-host mode configured, the switch no longer reloads if it receives traffic that is not an Extensible Authentication Protocol (EAP) frame and has a MAC address that is not in the MAB profile.
• CSCsb12598
  Cisco IOS (Internetwork Operating System) device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device. Successful repeated
  exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the
  confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information. Cisco IOS is affected by the following vulnerabilities:
  • Processing ClientHello messages, documented as Cisco bug ID CSCsb12598
• CSCsb40304
  Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device. Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information. Cisco IOS is affected by the following vulnerabilities:
  • Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304
• CSCsd92405
  Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device. Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information. Cisco IOS is affected by the following vulnerabilities:
  • Processing Finished messages, documented as Cisco bug ID CSCsd92405

15 May 2007 Version 12.1(22)EA10 - cigesm-i6q4l2-tar.121-22.EA10.tar and cigesm-i6k2l2q4-tar.121-22.EA10.tar

This release resolves the following issues:

• CSCei83729
  Strict priority queuing now works correctly.
• CSCsh77929
  A host with an Intel network interface card (NIC) connected to an external copper switch port no longer loses connectivity when the host reboots.

07 December 2006 Version 12.1(22)EA9 - cigesm-i6q4l2-tar.121-22.EA9.tar

This release supports the following new software features:

• Protected Mode
  In Cisco IOS Release 12.1(22)EA9 and later, you can enable protected mode to prevent the management module from controlling the blade switch. By locking out the management module from control of the switch, server administrators cannot manage the switch from the management module. When protected mode is enabled, the chassis management module cannot control or configure these features and functions of the CIGESM blade switch:
• IP addresses
• Administration of external ports
  Whether the blade switch can be managed with traffic received over external ports
• That the CIGESM will not revert to the manufacturing default configuration
• Management Module code version 1.27 or later is required

This release resolves the following issues:

• CSCeg09032
  Open Shortest Path First (OSPF) routes now appear in the routing table after a topology change when Incremental SPF (Small Form-Factor Pluggable) is enabled.
• CSCeg71620
  Downstream interfaces in a link-state group that are added to an EtherChannel group recover their link state when the link-state group is disabled.
• CSCeg72946
  Downstream interfaces that are members of a link-state group are no longer incorrectly placed in an up state when only one upstream interface is active and this upstream interface is made the destination interface for a local SPAN (Switches Port Analyzer) session.
• CSCeh45771
  When the multicast traffic for a group enters the switch it is directed to both the interface that joined the group entering the ip IGMP (Internet Group Management Protocol) join interface configuration command and to the interface with the static multicast MAC (Media Access Control) address.

09 August 2006 Version 12.1(22)EA8a - cigesm-i6q4l2-tar.121-22.EA8a.tar

This release resolves the following issues:

• CSCsd74990
  When a switch has multiple management VLAN (Virtual Local Area Network) interfaces, the IP (Internet Protocol) addresses for all active interfaces are now reachable from a host or network device.
• CSCse11516
  Configuring the switch for a port monitor session on a remote VLAN no longer causes packet flooding on other interfaces that are not configured for the monitor session.
• CSCse25863
  When you are using a web browser to manage the CIGESM (Cisco Intellegent Gigabit Ethernet Switch Module), Device Manager now correctly requires you to enter username and password, even when the switch is booted without a configuration file or when the configuration file was removed after returning to the manufacturing default configuration.

09 August 2006 Version 12.1(22)EA8a - cigesm-i6q4l2-tar.121-22.EA8a.tar

This release resolves the following issues:

• CSCsd74990
  When a switch has multiple management VLAN (Virtual Local Area Network) interfaces, the IP (Internet Protocol) addresses for all active interfaces are now reachable from a host or network device.
• CSCse11516
  Configuring the switch for a port monitor session on a remote VLAN no longer causes packet flooding on other interfaces that are not configured for the monitor session.
• CSCse25863
  When you are using a web browser to manage the CIGESM (Cisco Intellegent Gigabit Ethernet Switch Module), Device Manager now correctly requires you to enter username and password, even when the switch is booted without a configuration file or when the configuration file was removed after returning to the manufacturing default configuration.

18 May 2006 Version 12.1(22)EA8 - cigesm-i6q4l2-tar.121-22.EA8.tar

This release resolves the following issues:

• CSCsb82422
  The switch does now forwards an IEEE (Institute of Electrical and Electronics Engineers) 802.1x request that has null credentials.
• CSCsd03880
  When the ciscoEnvMonMib is polled, it no longer returns envmom characteristics for the Cisco Intelligent Gigabit Ethernet Switching Module (CIGESM). The module has no envmon characteristics. In previous releases, the MIB displayed envmom information for the CIGESM.
• CSCsd23228
  The output of the show platform summary privileged EXEC command now appears in the output of the show tech privileged EXEC command.
• CSCsd24154
  When forwarding an IGMP (Internet Group Management Protocol) query, the default CoS (Class of Service) value from the incoming packets no longer changes automatically.
• CSCsd51738
  When the switch is reset to the factory default settings, the CIGESM now responds to ping or Telnet requests from external devices.
• CSCsd6866
  When the management module resets the CIGESM to the factory default settings and the preserve IP (Internet Protocol) address for the module is disabled, the CIGESM can now use the default IP address.
• CSCsb79318
  If the re-authentication timer and re-authentication action is downloaded from the RADIUS (Remote authentication dial-in user service) server using the session-Timeout and Termination-Action RADIUS attributes, the switch no longer performs the termination action when the port is not configured with the
  dot1x timeout reauthenticate server interface configuration command.
• CSCsb82422
  The switch now forwards an IEEE 802.1x request that has null credentials.
• CSCsb99249
  A host attached to an authenticated 802.1X port might no longer loses network access after a 802.1X-enabled port mode or host mode is modified. In previous releases, this occurred when the 802.1X control direction was set to In when the configuration was changed.
• CSCsc84627
  A MAC (Medium Access Control) entry no longer changes from static to dynamic on a switch configured with private VLANs (Virtual Local Area Network).
• CSCsc93698
  Connectivity failures to the management interface no longer occur if the VLAN used is other than VLAN 1.
• CSCsc96385
  The switch now sends the NAS-Identifier (Network Attached Storage), attribute 32, to the RADIUS server when you configure the attribute in the running configuration by using these Cisco IOS (Internetwork Operating System) global configuration commands:
  
  radius-server attribute 32 include-in-access-req
  
  radius-server attribute 32 include-in-accounting-req
  
  
• CSCsd19470
  This error log message no longer randomly appears:
  
  %TCAMMGR-3-HANDLE_ERROR: cam handle [hex] is invalid
  
  
• CSCsd39489
  When port-security aging on the switch is set to inactive, CAM (Content-Addressable Memory ) entries no longer time out when there is continuous traffic.
• CSCsb63404
  A switch is accessible by SSH (Secure Shell) or Telnet after it has been running for 4 to 5 days.

03 January 2006 Version 12.1(22)EA6a - cigesm-i6q4l2-tar.121-22.EA6a.tar

This release resolves the firmware revision contents displayed by the management module. The management module incorrectly displays the version number of version 12.1(22)AY instead of the correct version of 12.1(22)EA6. This new level of firmware corrects this problem.

This release resolves the following DDTS issues:

• CSCsc73761

Description of resolved issues:

• CSCsc73761
  If the CIGEMS has more than one VLAN interface defined, then one of the physical interfaces could be placed into the shutdown state. This problem occurs when the switch is in VTP client or VTP server mode and when the management interface has been changed to a VLAN ID other than the default VLAN ID = 1. If a reboot is done the physical interface matching the managemenet VLAN ID is placed in the shutdown state. For example, it the management VLAN ID = 7, when a reboot is done, the internal physical port 7 goes into the shutdown state and traffic stops.

03 November 2005 Version 12.1(22)EA6 - cigesm-i6q4l2-tar.121-22.EA6.tar

This version of the software includes the updates based on the normally scheduled maintenance release for the entire line of Cisco switch products. Enhancements to the BladeCenter Cisco Intelligent Gigabit Ethernet Switch Module are:

• Default VLAN of 4095 for Serial over LAN (SOL) traffic
• Multiple management VLANs
• IEEE 802.1x with wake on LAN

This release also resolves the following DDTS issues:

• CSCei76358
• CSCeg15130
• CSCeg53741
• CSCeg52581
• CSCeg57925
• CSCeg05952
• CSCeg09791
• CSCeg12120
• CSCeh28757
• CSCeh58797
• CSCeh77474
• CSCei13927
• CSCei77627
• CSCei22387
• CSCsb79318

Description of resolved issues:

• CSCei76358
  Through normal software maintenance processes, Cisco is removing deprecated functionality from the OS boot routine. These changes have no impact on system operation or feature availability.
• CSCeg15130
  If multiple switches are configured in a multicast television application with Multicast VLAN Registration (MVR) is enabled and MVR ports statically configured, IGMP leave messages are no longer sent to the router, and the multicast stream to the set-top boxes is not disrupted.
• CSCeg53741
  If frame sizes larger than 1518 bytes are received and the system MTU is configured as 1530 bytes, the counters no longer display the packets as giants.
• CSCeg52581
  If you start a session on a switch cluster member by using the rcommand user EXEC command, the allowable commands that you enter in the rcommand session now depend on the respective authorization status.
• CSCeg57925
  The switch no longer stops if a port that is assigned to the management VLAN does not have a corresponding access VLAN.
• CSCeg58877
  If a switch uses rapid per-VLAN spanning tree plus (rapid PVST+), a loop no longer occurs when you reconfigure the allowed VLANs on a trunk and remove VLAN 1 from the trunk.
• CSCeg05952
  When the destination-MAC address for data packets is statically configured in a logical EtherChannel port group, the egress traffic on the EtherChannel group no longer uses the default port instead of following the configured load-balancing scheme.
• CSCeg09791
  When you configure an interface for trust CoS and CoS-to-DSCP mapping, the DSCP values of the untagged IP packets received on the interface are now modified as expected.
• CSCeg12120
  When packets matching the permitted UDP fields are attached on an ingress interface, Layer 4 ACLs no longer fail, and Ethernet packets matching the UDP fields are not dropped.
• CSCeh28757
  CiscoView can now distinguish between the switch deployed in the BladeCenter and the BladeCenter T-type chassis.
• CSCeh58797
  If you connect a router FE port to the external port of the switch and set the router FE port to fixed 100 M and half-duplex, the switch negotiates a link to auto-100 M and auto-half duplex.
• CSCeh77474
  On the external Ethernet interfaces of the switch (Gi0/17 - Gi0/20), the LED no longer remains on when the switch has put the Ethernet interface in a shutdown state.
• CSCei13927
  When the management VLAN for the switch is greater than 255, IP communication is nolonger lost. This only effects the IP communication to the switch, not the Ethernet data being switched from data port to data port. This will occur when the VLAN ID of the management VLAN is changed from some number less than 256 to a number greater than 255.
• CSCei77627
  Server Blades no longer fail to detect an Ethernet link-down event from the switch. This was on the internal Ethernet interfaces (Gi0/1 to Gi0/14). When the switch brings down the Ethernet interface to the Server Blade, the Server Blade can adequately detect this, and keeps the link as Ethernet link-up.
• CSCei22387
  CDP and VTP protocols no longer fail when trunk ports are not members of VLAN 1.
• CSCsb79318
  if the re-authentication timer and re-authentication action is downloaded from the RADIUS server using the Session-Timeout and Termination-Action RADIUS attributes, the switch performs the termination action even when the port is not configured with the dot1x timeout reauth server global configuration command and uses the Termination-Action downloaded from a RADIUS server as part of IEEE 802.1x authorization.

3 April 2005 Version 12.1(22)AY1 - Build ID cigesm-i6q4l2-tar.121-22.AY1.tar

This is the GA-version for the Cisco Intelligent Fiber Ethernet Switch Module. It is also an update to the CIGESM software.

This version of the software includes the updates based on the normally scheduled maintenance release for the entire line of Cisco switch products. Enhancements to the BladeCenter Cisco Intelligent Gigabit Ethernet Switch Module are:

• Jumbo frame support for Ethernet frames up to 9162 bytes
• Ability to force link on the from the Cisco Switch Module to the internal blades as specified in the Retain tip H183647
• Common image for both the CIGESM and the Cisco Intelligent Fiber Gigabit Ethernet Switch Module.

The following Cisco DDTS problems were corrected by this release:

• CSCeh10012
  Multicast flooding within VLAN when no receiver joins
  Two or more physical port can be combined together to form one EtherChannel. The EtherChannel is treated as one logical port with multiple physical ports to increase bandwidth and provide redundancy. For multicast traffic to the logical EtherChannel port, only one port should transmit the traffic. However, the same multicast traffic is flooded on all the ports, and the other side ends up with multiple copies of the same packet.
• CSCeh34702
  Stop u-multicast packet going to the CPU when no mrouter configured IGMP snooping prevents unnecessary broadcast of multicast traffic if the switch detects (or statically told) the location of a multicast driver in the network. If a multicast router is present, any multicast data stream coming to the switch, switch learns the multicast mac address, and configures a hardware port table so that the packet goes to appropriate port connected to the mrouter. The packet floods for a short time taken for snooping program to learn and program the multicast mac address. Once learned the flooding should stop until this entry aged out. However, the multicase packet flooding never stopped.

3 January 2005 Version 12.1(14)AY4 - Build ID cigesm-i6q4l2-tar.121-14.AY4.tar

No DDTS problemshave been corrected in this release. This version adds the following features to the Cisco IOS software:

• Link state tracking to mirror the state of the external ports on the internal BladeCenter Ethernet links. This allows the Cisco switch to bring down internal
  link groups if all the external links in the group are inoperative. With the appropriate NIC driver software on the processor blade, the processor blade
  traffic fails-over to an operational external link on a separate Cisco Ethernet switch.
• Source IP/Destination IP (SIP/DIP) address routing balances traffic loads across links in an EtherChannel connection based on either the source IP address,
  destination IP address, or both IP addresses. This mode of operation applies to all EtherChannels configured on the Cisco Ethernet switch.
• Includes feature for re-establishment of configured default gateway by issuing an icmp ping packet when a chassis Management Module switchover is detected.

17 November 2004 Version 12.1(14)AY3 - Build ID cigesm-i6q4l2-tar.121-14.AY3.tar

This version corrects the following Cisco software problems from those noted in the June version of the Cisco Release Notes Version AY1. No additional features are included with this release. The Release Notes will not be updated for this version of software.

• CSCef46191
• CSCin67568
• CSCdz32659
• CSCed40563
• CSCec25430
• CSCef85910
• CSCeg16833

Problem descriptions

• CSCef46191
  A specifically crafted Transmission Control Protocol (TCP) connection to a telnet or reverse telnet port of a Cisco device running Internetwork Operating
  System (IOS) may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases Hypertext Transport Protocol (HTTP)
  access to the Cisco device. Telnet, reverse telnet, RSH and SSH sessions established prior to exploitation are not affected. All other device services will operate normally. Services such as packet forwarding, routing protocols and all other communication to and through the device are not affected.
• CSCin67568
  • Symptoms: A Cisco device experiences a memory leak in the CDP process.
  • Conditions: The device sending CDP packets sends a hostname that is 256 or more characters. There are no problems with a hostname of 255 or fewer
    characters.
• CSCdz32659
  • Symptoms: Many memory allocation failure (MALLOCFAIL) messages may occur for a
    Cisco Discovery Protocol (CDP) process:
    
    %SYS-2-MALLOCFAIL: Memory allocation of -1732547824 bytes failed from
    x605111F0, pool Processor, alignment 0
    -Process= "CDP Protocol", ipl= 0, pid= 42
    -Traceback= 602D5DF4 602D78A0 605111F8 60511078 6050EC88 6050E684 602D0E2C
    602D0E18
    
    
• CSCed40563
  • Symptoms: Depending upon configuration, issuing The show cdp entry * protocol command may cause a reload of the device.
  • Conditions: This symptom occurs on Cisco products that are speaking CDP with configurable interface MTU.
• CSCec25430
  • Symptoms: A Cisco device reloads on receipt of a corrupt CDP packet. One possible scenario is: Reloading a faulty Cisco IP conference station 7935 or 7936 may cause a connected Cisco switch or router to reload. A CDP message may appear on theterminal, such as the following one:
    
    %CDP-4-DUPLEX_MISMATCH duplex mismatch discovered on FastEthernet5/1
    (not half duplex), with SEP00e0752447b2 port 1 (half duplex).
    
    
• CSCef85910
  • Symptoms: Originally all external ports default to VLAN 1 in access mode unless they are connected to an external Cisco switch which implements the Cisco proprietary trunking protocol. The configuration allowed the user the ease of managing and configuring the CIGESM "on-site" with an external laptop. However, if the ports are connected to an external Cisco switch, the ports are reconfigured to VLAN 2 in trunk mode. This mode of operation did not allow for the Cisco switch to be "plug-and-play" because the processor blades are on VLAN 1. In other words an external client could not establish a connection with a BladeCenter processor blade because of the VLAN mismatch. With this new software load, all ports default to VLAN 2. Any external client can be "plug-and-play" with the BladeCenter processor blades. On-site configuration can now be done over the serial interface.
• CSCeg16833
  • Symptoms: After 49.7 days, the internal BladeCenter processor blades will drop link any time a processor blade is restarted for any reason. A 32-bit counter took 49.7 days to reach its maximum value. After this time, the software compare did not work properly. This problem manifested itself whenever any processor blade was restarted for any reason. No DDTS number assigned/Duplicate UUID On some switches a UUID assigned to one CIGESM was inadvertently assigned to another CIGESM during the manufacturing process. This software performs a check on the UUID to ensure that it is unique.

16 July 2004 Version 12.1(14)AY1 - Build ID cigesm-i6q4l2-tar.121-14.ay1.tar

This version corrects four Cisco software problems as noted in the June version of the Cisco Release Notes.

• CSCee42900
• CSCee53625
• CSCee22478
• CSCee34374

Problem descriptions

• CSCee42900
  When the external ports of the switch are forced into a non-autonegotiation mode, this can sometimes cause data flow to cease. It is a problem with the receive path on the CIGESM. The external port of the switch will not receive packets. The workaround is to put the port into auto-negotiation mode.
• CSCee53625
  Configuring RSPAN on the IGESM can cause it to create a data storm for both unicast and multicast traffic similar in behavior to a broadcast storm. When this occurs, the Ethernet traffic of the port being analyzed is duplicated by the configured reflector port and simultaneously transmitted on the RSPAN VLAN
  causing a continuous loop. This traffic floods the VLAN of both the RSPAN port, and the port being analyzed. All other VLANs are unaffected. This condition does not occur every time RSPAN is configured. It occurs whenever the reflector port is changed while an RSPAN session is already active. The workaround is to disable the RSPAN session as soon as possible after this error occurs. If the IGESM cannot be contacted, disable the ports on the upstream switch connection to the IGESM. Another alternative is to use a local SPAN to analyze the port.
• CSCee24478
  If the user has already configured the administrative mode to dynamic and is trying to trunk desirable, he won't be able to make that change. Also if the user
  has configured the mode to be trunk desirable then he won't be able to change it to dynamic. However if the user has configured the mode to be static acces,
  then there is no issue in changing the mode. The workaround is to change the administrative mode to static access first. Apply the configuration and then change again to other desired mode. Note that changing the vlan configuration may result in loss of connectivity to the switch. If you are changing the configuration on a link through which you are connected to the ESM, then make sure you have alternate connection to the switch, otherwisee you may lose the connectivity.
• CSCee34374
  The unique product identifier MIBs for the IGESM are not correct in the original software release - Version 12.1(14)AY. The following MIBs are in error:
  CISCO-PRODUCT-MIB.my (should be 592) CISCO-ENTITY-VENDORTYP-OID-MIB.my (should be 446)
  OLD-CISCO-CHASSIS-MIB.my (should be 422)

There is no workaround. Go to the IBM web site for the latest level of software which corrects these MIBs.

14 June 2004 Version 12.1(14)AY - Build ID cigesm-i6q4l2-tar.121-14.ay.tar

This is the GA-level of the Cisco Switch Module firmware