Cisco Gigabit Ethernet Switch Module for HP BladeSystem p-Class Release Notes, Cisco IOS Release 12.2(37)SE and later
16
Cisco Gigabit Ethernet Switch Module for HP BladeSystem p-Class Release Notes, Cisco IOS Release 12.2(37)SE and Later
383623-009
Open Caveats
• CSCse14774
If a switch is connected to a third-party router through an EtherChannel and the EtherChannel is
running in Link Aggregation Control Protocol (LACP) mode, the interfaces in the EtherChannel
might go down after you enter the switchport trunk native vlan vlan-id interface configuration
command to change the native VLAN from VLAN 1 (the default) to a different VLAN ID.
These are the workarounds. You only need to do one of these:
–
Do not change the native VLAN ID from the default setting of VLAN 1.
–
If you need to change the native VLAN ID to a VLAN other than VLAN 1, do not run the
EtherChannel in LACP mode, and change the mode to On by using the channel-group
channel-group-number mode on interface configuration command.
• CSCsg21537
When MAC addresses are learned on an Etherchannel port, the addresses are incorrectly deleted
from the MAC address table even when the MAC address table aging timeout value is configured to
be longer than the ARP timeout value. This causes intermittent unicast packet flooding in the
network.
The MAC address is automatically relearned after the ARP refresh. The workaround is to enter the
ping ip address privileged EXEC command from the switch to the next hop router to avoid the
intermittent flooding.
• CSCsg79506
During repeated reauthentication of supplicants on an IEEE 802.1x-enabled switch, if the RADIUS
server is repeatedly going out of service and then coming back up, the available switch memory
might deplete over time, eventually causing the switch to shut down.
There is no work-around, except to ensure that the RADIUS server is stable.
• CSCsg81334
If IEEE 802.1x critical authentication is not enabled and the RADIUS authentication server is
temporarily unavailable during a reauthentication, when the RADIUS server comes back up, MAC
authentication bypass (MAB) does not authenticate a previously authenticated client.
The workaround is to enter the shutdown interface configuration command followed by the no
shutdown command on the port connected to the client. An alternative, to prevent the problem from
occurring, is to enable critical authentication by entering the dot1x critical {eapol | recovery delay
milliseconds} global configuration command.
• CSCsi63999
Changing the spanning tree mode from rapid STP to MSTP can cause tracebacks when the virtual
port error-disable feature is enabled when the STP mode is changed.
There is no workaround.
• CSCsi75246
An address learned as a supplicant that is aged out by port security aging is never relearned by port
security under any of these conditions:
–
IEEE 802.1x authentication, port security, and port security aging are enabled on a port.
–
An address is cleared by port security.
–
Yo u en te r t h e clear port security privileged EXEC command.
The workaround is to use the dot1x timeout interface configuration command instead of the port
security aging timer as the reauthentication timer for IEEE 802.