[f-nsp] Brocade Tech support Bulletin TSB 2016-242-A

Takahiro Masuda tmasuda at vpls.net
Fri Sep 23 03:33:47 EDT 2016 

Ran into this on our routers. 

This fix may help if you can't upgrade. 

ip access-list extended BLOCK_IKE 

deny udp any any eq isakmp 

deny udp any any eq 4500 

permit ip any any 

! 

ip access-list extended PERMIT_ANY 

permit ip any any 

ip receive access-list BLOCK_IKE sequence 5 

ip receive access-list PERMIT_ANY sequence 99 

ip receive access-list enable-deny-logging 

    * If the customer is already using receive ACLs they might want to skip seq 99 and also "permit ip any any" line in BLOCK_IKE ACLs 
    * To verify the packets blocked: 

sh access-list receive accounting name BLOCK_IKE 

> From: "Clement Cavadore" <clement at cavadore.net>
> To: foundry-nsp at puck.nether.net
> Sent: Thursday, September 22, 2016 3:18:22 AM
> Subject: [f-nsp] Brocade Tech support Bulletin TSB 2016-242-A

> Hi all,

> Be advised that if you run MLXe with 5.8.00 > 5.8.00e, 5.9.00 >
> 5.9.00bd, or 6.0.00 > 6.0.00a, you should consider upgrading to the
> latest release immediately.

> A critical defect (DEFECT 617836) may cause unexpected MLX Line Card
> reloads due to some IPSec packets received.

> Regards,
> --
> Clément Cavadore

> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
> From: "Clement Cavadore" <clement at cavadore.net>
> To: foundry-nsp at puck.nether.net
> Sent: Thursday, September 22, 2016 3:18:22 AM
> Subject: [f-nsp] Brocade Tech support Bulletin TSB 2016-242-A

> Hi all,

> Be advised that if you run MLXe with 5.8.00 > 5.8.00e, 5.9.00 >
> 5.9.00bd, or 6.0.00 > 6.0.00a, you should consider upgrading to the
> latest release immediately.

> A critical defect (DEFECT 617836) may cause unexpected MLX Line Card
> reloads due to some IPSec packets received.

> Regards,
> --
> Clément Cavadore

> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20160923/34130da1/attachment.html>

More information about the foundry-nsp mailing list