Cisco 9134 - MDS Multilayer Fabric Switch Release Note - Page 36

Browse online or download pdf Release Note for Switch Cisco 9134 - MDS Multilayer Fabric Switch. Cisco 9134 - MDS Multilayer Fabric Switch 40 pages. Mds 9000 series
Also for Cisco 9134 - MDS Multilayer Fabric Switch: Specifications (3 pages), Configuration Manual (49 pages), Release Note (48 pages), Release Note (44 pages), Release Note (22 pages), Release Note (3 pages), Release Notes (10 pages), Manual (16 pages), Hardware Installation Manual (36 pages)

Print Page
Cisco 9134 - MDS Multilayer Fabric Switch Release Note
Caveats
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m

Open Caveats

1.
2.
3.
4.
5.
6.
Cisco MDS 9000 Family Release Notes for Cisco MDS NX-OS Release 5.0(4b)
36
CSCtf16263
Symptom: Following an upgrade from Cisco MDS NX-OS Release 4.2(3a) to Release 5.0(1a) on
an MDS 9222i switch, the Encapsulating Security Protocol (ESP) configuration is not applied to
members of a PortChannel. This issue occurs only on the MDS 9222i switch.
Workaround: To workaround this issue, following these steps:
Enable Fibre Channel Security Protocol (FCSP) on the interface and enter
configuration-interface-esp submode.
switch(config)# interface po103
switch(config-if)# fcsp on
switch(config-if)# fcsp esp manual
Add the old egress Security Association (egress-sa) configuration on the switch. Egress-sa is the
other side of the active ingress-sa.
switch(config-if-esp)# egress-sa 258
Add a new ingress-sa on the switch. Do not use the previous SA.
switch(config-if-esp)# ingress-sa 256
On the other side of the PortChannel, reconfigure egress with 256.
switch(config)# interface po103
switch(config-if)# fcsp esp manual
switch(config-if-esp)# egress-sa 256
At this point, the link is fully secured on both sides.
Clean up the old ingress-sa, by deleting it. An error message displays, but the ingress-sa does get
deleted.
switch(config-if-esp)# no ingress-sa 258
ERROR: SA 258 not in ingress list
If you fail to delete the old ingress-sa, an error message displays:
switch(config-if-esp)# ingress-sa 258
ERROR: SA 258 already in ingress list
Add the old ingress-sa.
switch(config-if-esp)# ingress-sa 258
CSCsq20408
Symptom: The show startup command displays aspects of the running configuration when
SANTap is configured and/or SANTap objects are created. When a user creates objects such as a
CVT or DVT, the configuration is showing in the running-configuration and in the
startup-configuration without copying the configuration into the startup-configuration.
Workaround: Issue a copy running-config startup-config command whenever you create objects
such as a CVT or DVT so that the running-configuration and startup-configuration are synchronized.
OL-21012-04