[c-nsp] Upgrade issue for Cisco Security Advisory: IPv6 Crafted Packet Vulnerability

Zacchello Marco Marco.Zacchello at netengineering.it
Thu Aug 18 09:30:52 EDT 2005 

Hi all,

after Cisco mailed this Advisory, we upgraded some c7206VXR (NPE400) to this release: c7200-jk9o3s-mz.123-15a.bin
(ENTERPRISE/FW/IDS IPSEC 3DES), but after the reload the bgp peer-group configuration slightly changed,
some neighbor statements were deleted (the 'neighbor XXX activate' and the 'neighbor A.B.C.D peer-group XXX' )
in the address-family configuration, and new other were configured ('neighbor A.B.C.D  activate').
The bgp peer-group configuration in the global bgp configuration didn't change.
This happened for all the AF configured:IPV4, IPV4 multicast, VPNV4, IPV6.
Now, is this a bug? Or is a old-style CLI to new-style CLI change like the changes in the CLI when MPLS 
was introduced? Any suggestion or experiences?
We are afraid to do any upgrade or downgrade.
To be more accurate, after the reload obviuosly the startup-config was different from the running config, and after a write, the startup-config
used this new-style CLI. Moreover at the moment the BGP peer-group configuration is working, and the Show commands output is right.
Thanks
Bye 

Marco

p.s.: this is how the configuration changed:


    address-family ipv4
    redistribute connected
    redistribute static
 -  neighbor PGROUP_A activate
    neighbor PGROUP_A next-hop-self
    neighbor PGROUP_A send-community
 -  neighbor vpnv4-internal activate
 -  neighbor 117.12.225.223 peer-group PGROUP_A 
 +  neighbor 117.12.225.223 activate
    exit-address-family
    !
    address-family ipv4 multicast
 -  neighbor PGROUP_A activate
 -  neighbor 117.12.225.223 peer-group PGROUP_A 
 +  neighbor 117.12.225.223 activate
    no auto-summary
    no synchronization
    exit-address-family
    !
    address-family vpnv4
 -  neighbor vpnv4-internal activate
    neighbor vpnv4-internal send-community extended
 -  neighbor 117.12.225.63 peer-group vpnv4-internal
 +  neighbor 117.12.225.63 activate
    exit-address-family
    !
    address-family ipv6
 -  neighbor PGROUP_A-IPV6 activate
 -  neighbor 5001:6F9:D00::E2E0 peer-group PGROUP_A-IPV6
 +  neighbor 5001:6F9:D00::E2E0 activate
    exit-address-family





marco.zacchello at netengineering.it 
Net Engineering S.p.A. 
Tel. +3902241254.1 
Fax.+3902241254323 
cell. +393482302981
Web site: www.netengineering.it


******************* DISCLAIMER *******************************
Le informazioni contenute in questa comunicazione e gli eventuali documenti allegati hanno carattere confidenziale e sono ad uso esclusivo del destinatario. Nel caso questa comunicazione Vi sia pervenuta per errore, Vi informiamo che la sua diffusione e riproduzione è contraria alla legge e preghiamo di darci prontamente avviso e di cancellare quanto ricevuto. Grazie.

This e-mail message and any files transmitted with it contain confidential information intended only for the person(s) to whom it is addressed. If you are not the intended recipient, you are hereby notified that any use or distribution of this e-mail is strictly prohibited: please notify the sender and delete the original message. Thank you.

More information about the cisco-nsp mailing list