Filter
Top Products
14
Release Notes for the Cisco Catalyst Blade Switch 3040 for FSC, Cisco IOS Release 12.2(35)SE
OL-12212-01
Open Caveats
• CSCsc96474
The switch might display tracebacks similar to these examples when a large number of IEEE 802.1x
supplicants try to repeatedly log in and log out.
Examples:
Jan 3 17:54:32 L3A3 307: Jan 3 18:04:13.459: %SM-4-BADEVENT: Event 'eapReq' is invalid
for the current state 'auth_bend_idle': dot1x_auth_bend Fa9
Jan 3 17:54:32 L3A3 308: -Traceback= B37A84 18DAB0 2FF6C0 2FF260 8F2B64 8E912C Jan 3
19:06:13 L3A3 309: Jan 3 19:15:54.720: %SM-4-BADEVENT: Event 'eapReq_no_reAuthMax' is
invalid for the current ate 'auth_restart': dot1x_auth Fa4
Jan 3 19:06:13 L3A3 310: -Traceback= B37A84 18DAB0 3046F4 302C80 303228 8F2B64 8E912C
Jan 3 20:41:44 L3A3 315: .Jan 3 20:51:26.249: %SM-4-BADEVENT: Event 'eapSuccess' is
invalid for the current state 'auth_restart': dot1x_auth Fa9
Jan 3 20:41:44 L3A3 316: -Traceback= B37A84 18DAB0 304648 302C80 303228 8F2B64 8E912C
There is no workaround.
• CSCsd03580
When IEEE 802.1x is globally disabled on the switch by using the no dot1x system-auth-control
global configuration command, some interface level configuration commands, including the dot1x
timeout and dot1x mac-auth-bypass commands, become unavailable.
The workaround is to enable the dot1x system-auth-control global configuration command before
attempting to configure interface level IEEE 802.1x parameters.
• CSCse06827
When dynamic ARP inspection is configured on a VLAN, and the ARP traffic on a port in the VLAN
is within the configured rate limit, the port might go into an error-disabled state.
The workaround is to configure the burst interval to more than 1 second.
• CSCsg18176
When dynamic ARP inspection is enabled and IP validation is disabled, the switch drops ARP
requests that have a source address of 0.0.0.0.
The workaround is to configure an ARP access control list (ACL) that permits IP packets with a
source IP address of 0.0.0.0 (and any MAC) address) and apply the ARP ACL to the desired DAI
VLANs.
• CSCsg21537
When MAC addresses are learned on an Etherchannel port, the addresses are incorrectly deleted
from the MAC address table even when the MAC address table aging timeout value is configured to
be longer than the ARP timeout value. This causes intermittent unicast packet flooding in the
network.
• CSCsg30295
When you configure an IP address on a switch virtual interface (SVI) with DCHP and enable DHCP
snooping on the SVI VLAN, the switch SVI cannot obtain an IP address.
The workaround is to not enable DCHP snooping on the SVI VLAN or to use a static IP address for
the SVI.
• CSCsg79506
During repeated reauthentication of supplicants on an IEEE 802.1x-enabled switch, if the RADIUS
server is repeatedly going out of service and then coming back up, the available switch memory
might deplete over time, eventually causing the switch to shut down.
There is no work-around, except to ensure that the RADIUS server is stable.