Catch Me If You Can
Customer Fund Bug Analysis
Liang Gao
Analysis Customer Found Bug is Good
• Why we didn’t find it through our internal
testing
• What test case can be designed ...
Bug
• Title: 在向某防火墙发送 version 字段为 0 的
IPv6 报文时,打开防火墙的 snoop ,会造
成防火墙重启 .
• How would you design test case?
• Why it was no...
Bug
• 处理 IPv6 分片 ICMP 大包 . 防火墙上结果是
未通过
• How would you design test case?
• Why it was not caught internally
• What kind of...
Bug
• 某网络安全代理产品:当访问已有代理的
Web 服务器时候访问不了
• How would you design test case?
• Why it was not caught internally
• What kind of...
Bug
• 配置了 65535 个 RP 和 1785 个 vlan 的 IP
地址后, wr ,死机,重新断电启动,
等待 10 分钟后仍然无法启动
• How would you design test case?
• Why it was...
Bug
• 当使用 BGP PEER GROUP 时,当邻居
实际 AS 与配置的 AS 不同时,仍能建
立连接
Bugs
• A Cisco Secure Access Control Server (ACS) that is
configured to use Extensible Authentication Protocol-
Transport ...
Bugs
• CSCdv24925 It is possible to read stored
configuration file from the Storage Router
without any authorization.
• CS...
Bugs
• Versions of the Cisco ACE 4710 Application
Control Engine appliance prior to software
version A1(8a) use default ad...
Bugs
• Phone number displayed as 214-748-3647 in
some occasion.
Boundary Testing Bugs
13
 214-748-3647
Most popular
phone number
in US
 Largest 32 bit
signed number
 Store phone
numbe...
Bugs
• 某上网行为管理产品:早上 9 点左右时候
系统重启 .
• 某交换机产品:每两年左右自动重启一次
Bugs
• WLC ARP Storm
• A vulnerable WLC may mishandle unicast
ARP requests from a wireless client leading
to an ARP storm....
Bugs
• In a topology that uses VLAN interfaces for
intermediate router connections, PIM
register and PIM register stop mes...
Bugs
• With PIM dense mode configured, multicast
traffic might get dropped when all routers
have the multicast group in a ...
Bugs
• UP and DOWN status messages may be
displayed on the console. This symptom is
observed when a leased-line configurat...
Bugs
• MPLS does not work if you configure fall-
back bridging on the MPLS subinterface. This
problem is resolved in Relea...
Bugs
• When an OSPF topology change occurs, an
MPLS provider edge (PE) router might not
forward IP-to-Tag traffic to some ...
Bugs
• If you delete and recreate Frame Relay
subinterfaces in random order on OSM POS
interfaces, some traffic might be s...
Bugs
• After a few weeks of normal operation, an interface on a PA- MC-8E1
port adapter begins flapping and finally pauses...
Bugs
• Illegal memory accesses when a dGRE test is configured on HSSI Frame
Relay encapsulation for a FlexWAN module might...
Bugs
• With a large number of static multicast entries configured
(approximately 8,000), some entries might not propagate ...
Bugs
• On WS-X6548-GE-TX and WS-X6548V-GE-TX
modules, CEF-switched Ethernet egress
packets that are less than 64-bytes lon...
Bugs
• When there is insufficient memory, crash information is not generated
after a Supervisor Engine reload. This proble...
Bugs
• An OSPF designated router does not generate a network link-state
advertisement (LSA) for a broadcast network when a...
Bugs
• When more than 12 VLOUs are used in a
policy attached to an interface, the entries
are expanded. If the expanded en...
Bugs
• An IGMP packet flood might cause a reload.
This problem is resolved in
Release 12.1(20)E2. (CSCec39132)
• The ip pi...
Bugs
• With both static and dynamic Port Address Translation (PAT) configured
and if the ip nat pool inside_pool_name comm...
Bugs
• OSPF area border routers (ABRs) might
continue to generate summary link-state
advertisements (LSAs) for obsolete
no...
Bugs
• With ISIS routing configured, an E3 or T3 port adapter might have its
neighbors flap after a reload. This problem i...
Bugs
• HSRP packets are sent with the IP TTL field set to 2 instead of 1. This
does not affect HSRP operation because HSRP...
Bugs
• In IP packets with the IP options field
populated, the IP type-of-service (ToS) byte
might be truncated to a 3-bit ...
Bugs
• A reload might occur if you do the following on a FlexWAN module interface:
– – Attach an egress queueing policy
– ...
Bugs
• If there are more than 50 files on the flash
card, access from CiscoView Device Manager
(CVDM) might cause a reload...
Bugs
• High traffic flow rates (for example, 60
percent or more of capacity) through a PA-
A3 ATM port adapter might cause...
Bugs
• If you enable PIM on a VLAN interface and configure a bridge group on
the VLAN interface, and then remove the PIM c...
Bugs
• When you configure a static PIM rendezvous point (RP) IP address with
an ACL that specifies the groups for the RP, ...
Bugs
• When an EXEC session is at the "More" prompt, the session fails to time
out. This problem is resolved in Release 12...
Bugs
• An autonomous system boundary router (ASBR) that is running open
shortest path first (OSPF) and is configured with ...
Bugs
• With a tunnel configured to use an ATM interface, one end of the tunnel
cannot ping the other end until you bring e...
Bugs
• A reload occurs when you delete a policy
map that was attached in both the in and out
direction. This problem is re...
Bugs
• You cannot configure the MTU size on VLAN
interfaces. For Supervisor Engine 2, this
problem is resolved in Release ...
Why we didn't catch that
Why we didn't catch that
Upcoming SlideShare
Loading in …5
×

Why we didn't catch that

679 views
555 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
679
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Why we didn't catch that

  1. 1. Catch Me If You Can Customer Fund Bug Analysis Liang Gao
  2. 2. Analysis Customer Found Bug is Good • Why we didn’t find it through our internal testing • What test case can be designed to catch that • What kind of test strategy can cover that • How can we make sure we can catch this kind if bug from now on
  3. 3. Bug • Title: 在向某防火墙发送 version 字段为 0 的 IPv6 报文时,打开防火墙的 snoop ,会造 成防火墙重启 . • How would you design test case? • Why it was not caught internally • What kind of test strategy can cover this?
  4. 4. Bug • 处理 IPv6 分片 ICMP 大包 . 防火墙上结果是 未通过 • How would you design test case? • Why it was not caught internally • What kind of test strategy can cover this?
  5. 5. Bug • 某网络安全代理产品:当访问已有代理的 Web 服务器时候访问不了 • How would you design test case? • Why it was not caught internally • What kind of test strategy can cover this?Content secure gateway Proxy Web Server
  6. 6. Bug • 配置了 65535 个 RP 和 1785 个 vlan 的 IP 地址后, wr ,死机,重新断电启动, 等待 10 分钟后仍然无法启动 • How would you design test case? • Why it was not caught internally • What kind of test strategy can cover this?
  7. 7. Bug • 当使用 BGP PEER GROUP 时,当邻居 实际 AS 与配置的 AS 不同时,仍能建 立连接
  8. 8. Bugs • A Cisco Secure Access Control Server (ACS) that is configured to use Extensible Authentication Protocol- Transport Layer Security (EAP-TLS) to authenticate users to the network will allow access to any user that uses a cryptographically correct certificate which can be expired, or come from an untrusted Certificate Authority (CA) and still be cryptographically correct. • CSCse58195. The WLC contains a bug when processing WLAN ACLs that causes the WLANvACL configuration to be saved with an invalid checksum. When the configuration is subsequently reloaded at boot time, the checksum fails and the WLAN ACLs are not installed.
  9. 9. Bugs • CSCdv24925 It is possible to read stored configuration file from the Storage Router without any authorization. • CSCdu45417 It is possible to halt the Storage Router by sending a fragmented packet over the Gigabit interface. • CSCdv24925 An unauthorized person may read the configuration of the Storage Router. That may lead to unauthorized access of a storage space.
  10. 10. Bugs • Versions of the Cisco ACE 4710 Application Control Engine appliance prior to software version A1(8a) use default administrator, web management, and device management account credentials. The appliance and module do not prompt users to modify system account passwords during the initial configuration process. • Crafted SSH Packet Vulnerability • Crafted SNMPv2c Packet Vulnerability
  11. 11. Bugs • Phone number displayed as 214-748-3647 in some occasion.
  12. 12. Boundary Testing Bugs 13  214-748-3647 Most popular phone number in US  Largest 32 bit signed number  Store phone number in a signed 32 bits and didn’t check buffer overflow
  13. 13. Bugs • 某上网行为管理产品:早上 9 点左右时候 系统重启 . • 某交换机产品:每两年左右自动重启一次
  14. 14. Bugs • WLC ARP Storm • A vulnerable WLC may mishandle unicast ARP requests from a wireless client leading to an ARP storm. In order for the vulnerability to be exposed, two WLCs attached to the same set of Layer-2 VLANs must each have a context for the wireless client. This can occur after a Layer-3 (cross- subnet) roam or when guest WLAN (auto- anchor) is in use.
  15. 15. Bugs • In a topology that uses VLAN interfaces for intermediate router connections, PIM register and PIM register stop messages might loop between the intermediate routers until the TTL count expires. (CSCea51320 ) • Hardware failures on the WS-X6548-RJ-45 module are not detected. (CSCea17192) • A reload might occur if you configure an IP address that is a duplicate of an IP address
  16. 16. Bugs • With PIM dense mode configured, multicast traffic might get dropped when all routers have the multicast group in a pruned state even though interested receivers are present. (CSCea26993) • An interface that is defined in an Enhanced Interior Gateway Routing Protocol (EIGRP) network statement may fail to come up in the EIGRP topology table. This symptom is observed after a system reload. The occurrence of the symptom depends on the
  17. 17. Bugs • UP and DOWN status messages may be displayed on the console. This symptom is observed when a leased-line configuration is in the UP state, but the peer is not responding. This symptom occurs because PPP calls the interface reset vector regularly if the peer is not responding to the PPP attempts to communicate. This problem is resolved in Release 12.1(19)E. (CSCdx55880) • A redundant supervisor engine might not reload if you enter the reload command on the redundant supervisor engine's console or
  18. 18. Bugs • MPLS does not work if you configure fall- back bridging on the MPLS subinterface. This problem is resolved in Release 12.1(19)E. (CSCdz75507 • Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No
  19. 19. Bugs • When an OSPF topology change occurs, an MPLS provider edge (PE) router might not forward IP-to-Tag traffic to some IP destinations when it has equal cost load- sharing paths to the IP destinations. This problem is resolved in Release 12.1(20)E. (CSCeb52169) • An E3 link to an OC-12 channelized OSM might not come up. This problem is resolved in Release 12.1(20)E. (CSCec39689)
  20. 20. Bugs • If you delete and recreate Frame Relay subinterfaces in random order on OSM POS interfaces, some traffic might be sent to the wrong subinterface. This problem is resolved in Release 12.1(20)E2. (CSCec67501) • An OC-12 POS OSM might reset as a result of memory corruption. This problem is resolved in Release 12.1(20)E2. (CSCec59550) • A Catalyst 6509 switch with a Supervisor Engine 1 and an MSFC2 repeatedly reboots
  21. 21. Bugs • After a few weeks of normal operation, an interface on a PA- MC-8E1 port adapter begins flapping and finally pauses with the output queue stuck as follows: • You can attach a service policy that contains invalid configuration to an interface. If you apply a Frame Relay map-class with both input policing and output queuing to a DLCI twice, the FlexWAN module might reload. This problem is resolved in Release 12.1(20)E. (CSCin52060) • Ignore messages from a 1-port multichannel STM-1 port adapter (PA- MC-STM-1) that reports a large number of degraded minutes on an E1 controller. For example, after 15 minutes of operation since startup, 35,000,000 degraded minutes might be reported and these values might increase every second. Code violations might also be reported. This problem is resolved in Release 12.1(20)E. (CSCec08973)
  22. 22. Bugs • Illegal memory accesses when a dGRE test is configured on HSSI Frame Relay encapsulation for a FlexWAN module might cause a reload. This problem is resolved in Release 12.1(20)E2. (CSCin29514) • An administratively shut-down subinterface that is configured for Frame-Relay encapsulation might forward packets. This problem is resolved in Release 12.1(20)E3. (CSCed78803) • With a high traffic load, PA-A3-OC3, PA-A3-T3, and PA-A3-E3 port adapters might display an increasing "rx_no_buffer" counter in the output of the show controllers atm privileged EXEC command and some PVCs configured on the PA-A3 port adapter might stop receiving traffic. This problem is resolved in Release 12.1(20)E3. (CSCin49458)
  23. 23. Bugs • With a large number of static multicast entries configured (approximately 8,000), some entries might not propagate to DFCs. This problem is resolved in Release 12.1(20)E. (CSCec50577) • With EoMPLS configured, a reload might occur if you configure a different access VLAN on the CE-facing port. This problem is resolved in Release 12.1(20)E. (CSCec23787) • With QoS and Cisco IOS server load balancing (Cisco IOS SLB) configured on a Supervisor Engine 1, a VACL configured to filter multicast traffic on one VLAN might incorrectly be applied to multicast traffic on other VLANs. This problem is resolved in Release 12.1(20)E. (CSCeb69582)
  24. 24. Bugs • On WS-X6548-GE-TX and WS-X6548V-GE-TX modules, CEF-switched Ethernet egress packets that are less than 64-bytes long are not padded correctly. This problem is resolved in Release 12.1(20)E. (CSCeb47640) • With EoMPLS configured, a reload might occur if you configure a different access VLAN on the CE-facing port. This problem is resolved in Release 12.1(20)E. (CSCec23787) • The running configuration does not show changes in the network time protocol (NTP) password. This problem is resolved in
  25. 25. Bugs • When there is insufficient memory, crash information is not generated after a Supervisor Engine reload. This problem is resolved in Release 12.1(20)E. (CSCeb51785) • When you enter the show policy-map interface [interface] command on a system with a Supervisor Engine 2 and MSFC2, a system reload may occur. This problem is resolved in Release 12.1(20)E. (CSCeb49634) • Occasionally a bus error and reload might occur if an MPLS packet triggers the sending of an Internet Control Message Protocol (ICMP) packet. This problem is resolved in Release 12.1(20)E. (CSCeb27452)
  26. 26. Bugs • An OSPF designated router does not generate a network link-state advertisement (LSA) for a broadcast network when another interface on the designated router has an administratively shut down interface with a duplicate address configured with the OSPF passive-interface command. This problem is resolved in Release 12.1(20)E. (CSCea35186) • With Internet Group Management Protocol (IGMP) and IP Protocol Independent Multicast (PIM) enabled, continual tracebacks might occur when you perform an online insertion and removal (OIR) of a module. This problem is resolved in Release 12.1(20)E. (CSCec13278) • A reload might occur if you delete a VPN routing and forwarding (VRF) instance while the show ip vrf vrf_name EXEC command executes. This problem is resolved in Release 12.1(20)E. (CSCea83675)
  27. 27. Bugs • When more than 12 VLOUs are used in a policy attached to an interface, the entries are expanded. If the expanded entries are for a non-deny ACE, the entries are not accurate. The resulting ACEs for the policy are also inaccurate. This problem is resolved in Release 12.1(20)E2. (CSCed47753) • The ip pim register source command is not supported in Release 12.1E. This problem is resolved in Release 12.1(20)E2. (CSCec70483) • When fragmenting MPLS traffic, a reload
  28. 28. Bugs • An IGMP packet flood might cause a reload. This problem is resolved in Release 12.1(20)E2. (CSCec39132) • The ip pim register source command is not supported in Release 12.1E. This problem is resolved in Release 12.1(20)E2. (CSCec70483) • When fragmenting MPLS traffic, a reload might occur after display of a "SYS-2- GETBUF" message. This problem is resolved
  29. 29. Bugs • With both static and dynamic Port Address Translation (PAT) configured and if the ip nat pool inside_pool_name command has been entered for only one IP address, the IP addresses that are used for overloading might be used as one-to-one translations. This problem is resolved in Release 12.1(20)E3. (CSCdx19396) • Following a reload with a large number of active interfaces, an Open Shortest Path First (OSPF) interface might be in the down state while the port and the line protocol might be in the up state, which causes missing OSPF neighbor adjacencies on the OSPF interface that is in the down state. This problem is resolved in Release 12.1(20)E3. (CSCeb04048) • A reload might occur if you establish an SSHv2 session immediately after the "Press RETURN to get started!" message appears on the console. This problem is resolved in Release 12.1(20)E3. (CSCin48676)
  30. 30. Bugs • OSPF area border routers (ABRs) might continue to generate summary link-state advertisements (LSAs) for obsolete nonbackbone intra-area routes. This problem is resolved in Release 12.1(20)E6. (CSCee36622) • If you add VLANs 1002-1005 to the allowed VLAN list for an SSL module, the SSL module might have a connectivity problem. This problem is resolved in Release 12.1(22)E. (CSCec60933)
  31. 31. Bugs • With ISIS routing configured, an E3 or T3 port adapter might have its neighbors flap after a reload. This problem is resolved in Release 12.1(22)E. (CSCeb01905) • TCP FIN and RST packets might be dropped, which causes a 3 to 4 second delay in retrieving web content, if a hardware-switched TCP connection carrying more than 1,000 packets per second is load balanced through IOS Firewall Load Balancing or Cisco IOS server load balancing. This problem is resolved in Release 12.1(22)E. (CSCed38956) • A reload because of memory corruption might occur when an IP Security (IPsec) generic routing encapsulation (GRE) tunnel carries multicast traffic. This problem is resolved in Release 12.1(22)E. (CSCec06341)
  32. 32. Bugs • HSRP packets are sent with the IP TTL field set to 2 instead of 1. This does not affect HSRP operation because HSRP packets are sent to a Layer 2 multicast address. This problem is resolved in Release 12.1(22)E. (CSCuk31498) • A reload might occur if you enter the interface loopback interface_number interface configuration command and the value of theinterface_number argument is a 9-digit number that starts with 10. This problem is resolved in Release 12.1(22)E. (CSCec03907) • With high traffic levels and when the reverse forwarding path (RPF) towards the rendezvous point and the multicast source are different, partially hardware-switched multicast flows might not be forwarded correctly. This problem is resolved in Release 12.1(22)E. (CSCec80654)
  33. 33. Bugs • In IP packets with the IP options field populated, the IP type-of-service (ToS) byte might be truncated to a 3-bit long field. This problem deletes 3 bits of the 6-bit DSCP value and causes incorrect QoS operation. This problem is resolved in Release 12.1(22)E4. (CSCed93264) • Multicast 127-byte UDP packets that egress from OSM-2OC12-POS interfaces have invalid checksums. This problem is resolved in Release 12.1(23)E. (CSCec72798) • The SNMP slbStickyObjectTableEntry MIB
  34. 34. Bugs • A reload might occur if you do the following on a FlexWAN module interface: – – Attach an egress queueing policy – – Attach an ingress policy that uses the same policy-map class – – Remove the ingress policy – – Update a queueing feature in the egress policy • A response time reporter (RTR) probe does not report input or output packets for serial interfaces of PA-MC-8T1, PA-MC-8E1, and PA-MC-8TE1+ port adapters. This problem is resolved in Release 12.1(23)E. (CSCee82681) • When a Multicast Source Discovery Protocol (MSDP)-enabled rendezvous point (RP) for a multicast group fails and an incoming (*,G) join message is received, the RP does not build an (S,G) state from its Source-Active (SA) cache when it should do so. Depending on the topology and if a Shortest Path Tree (SPT) threshold is configured as infinite, this situation might result in a multicast forwarding interruption of up to 2 minutes. This problem is resolved in Release 12.1(23)E. (CSCee89438)
  35. 35. Bugs • If there are more than 50 files on the flash card, access from CiscoView Device Manager (CVDM) might cause a reload. This problem is resolved in Release 12.1(23)E. (CSCef07965) • If you change the STP root bridge, a Layer 2 loop might exist very briefly. This problem is resolved in Release 12.1(23)E. (CSCed85411) • Following switchover to a redundant supervisor engine, any EtherChannels on the newly active supervisor engine are not active and the newly redundant supervisor engine
  36. 36. Bugs • High traffic flow rates (for example, 60 percent or more of capacity) through a PA- A3 ATM port adapter might cause a reload. This problem is resolved in Release 12.1(26)E. (CSCdy46272) • A reload might occur if you apply egress WAN QoS features to an ingress WAN interface. This problem is resolved in Release 12.1(23)E. (CSCin77116) • When the number of routing table entries exceeds the capacity of the hardware- forwarding information base (FIB), the
  37. 37. Bugs • If you enable PIM on a VLAN interface and configure a bridge group on the VLAN interface, and then remove the PIM configuration from the VLAN interface, EIGRP neighborships are lost. This problem is resolved in Release 12.1(26)E. (CSCed12722) • When an OSPF neighbor on a local IP segment has multiple interfaces on that IP segment, OSPF installs only a single next-hop entry to routes reachable through the OSPF neighbor, instead of multiple next-hop entries, as required by RFC 2328. This problem is resolved in Release 12.1(26)E. (CSCee21928) • Policing might not be accurate for packets smaller than 82 bytes. This problem is resolved in Release 12.1(26)E. (CSCee78451)
  38. 38. Bugs • When you configure a static PIM rendezvous point (RP) IP address with an ACL that specifies the groups for the RP, and there is also another RP IP address configured without an ACL, you cannot remove the first RP IP address from the configuration. This problem is resolved in Release 12.1(26)E. (CSCee93574) • When the BGP table is full on an MPLS backbone router, routing updates or configuring additional routes might cause a reload. This problem is resolved in Release 12.1(26)E. (CSCef49199) • After a switchover to a redundant supervisor engine, aggregate policers might not be applied to the interfaces where they are configured. This problem is resolved in Release 12.1(26)E. (CSCin83227)
  39. 39. Bugs • When an EXEC session is at the "More" prompt, the session fails to time out. This problem is resolved in Release 12.1(26)E. (CSCef35192) • If you are using the Open Shortest Path First (OSPF) protocol and the Catalyst 6500 series switch or the Cisco 7600 series router is an Area Border Router (ABR) attached to one or more not-so-stubby areas (NSSAs), the configuration of "summary-address 0.0.0.0 0.0.0.0" can result in the ABR default summary Link State Advertisement (LSA) being repeatedly flushed and reoriginated in each attached NSSA. This problem is resolved in Release 12.1(26)E2. (CSCdx83438) • If an intermittent multicast source is inactive for 3.5 minutes, (S,G) entries in the MSDP cache might become inconsistent with a neighbor's cache which can cause multicast packet loss. This problem is resolved in Release 12.1(26)E4. (CSCsb23433)
  40. 40. Bugs • An autonomous system boundary router (ASBR) that is running open shortest path first (OSPF) and is configured with the area area_idnssa default-information-originate command, might continue to advertise a default route in a not-so-stubby area (NSSA) even after the default Border Gateway Protocol (BGP) route has been withdrawn and removed from the routing table. This problem is resolved in Release 12.1(26)E5. (CSCsc03828) • Static routes that are redistributed into BGP display an incorrect next hop address. This situation might cause a routing loop. This problem is resolved in Release 12.1(26)E7. (CSCeg41727) • A very slow memory leak might occur in the medium buffers. This problem occurs on a system configured with a distributed EtherChannel (DEC). When this problem occurs, MALLOCFAIL messages are displayed in the switch processor log. This problem is resolved in Release 12.1(26)E8. (CSCsf31542)
  41. 41. Bugs • With a tunnel configured to use an ATM interface, one end of the tunnel cannot ping the other end until you bring either end of the tunnel interface down and up. This problem is resolved in Release 12.1(26)E8. (CSCse40423) • Port 2 or port 4 on a WS-X6816-GBIC switching module might go up and down when port 1 is enabled, not connected, and set to autonegotiate. This problem occurs if a 1000BASE-T GBIC was ever inserted since the last time the module was reloaded. This problem is resolved in Release 12.1(26)E8. (CSCse12195) • A Multilink PPP (MLP) link does not forward traffic when MLP is configured on an interface of a FlexWAN port adapter, or an Enhanced FlexWAN PA. This problem is resolved in Release 12.1(27b)E. (CSCeb07656)
  42. 42. Bugs • A reload occurs when you delete a policy map that was attached in both the in and out direction. This problem is resolved in Release 12.1(27b)E. (CSCsb29774) • For multicast flows, the PFC does not provide Layer 3 switching on output interfaces with MTU sizes smaller than the flow's input interface MTU size. • When a redundant supervisor engine is in standby mode, the Ethernet ports on the
  43. 43. Bugs • You cannot configure the MTU size on VLAN interfaces. For Supervisor Engine 2, this problem is resolved in Release 12.1(8a)E. For Supervisor Engine 1, this problem is resolved in Release 12.1(7)E. (CSCdr62024) • For multicast flows, the PFC does not provide Layer 3 switching on output interfaces with MTU sizes smaller than the flow's input interface MTU size. • When a redundant supervisor engine is in

×