Loading...
Loading...
If all the specific conditions from section below are met then the Catalyst 9000 Switch loses the content of the vlan.dat file, resulting in a loss of connectivity as the Vlans are gone. This issue affects all variants of Catalyst 9000 Switches (C9200 / C9300 / C9400 / C9500 and C9600). The issue is seen on standalone, Switch Stack and Stackwise Virtual deployments.
The issue will be seen after doing a manual reload once an IOS upgrade/downgrade was performed on the switch. Will be seen in the versions where "vtp version" is nvgened, which was done to add yang support for this cli, This fix is present from releases 17.12.1, 17.6.6, 17.9.4. Where downgrading/upgrading from these releases to other releases is causing this. This is due to the "vtp version" being nvgened, that is present in "show running", which is a design change done to enable yang for this CLI.
For releases, which does not have this infra, we dont have a way to fix this issue. Please apply following work-arounds to resolve this issue. a. configure vtp version to 1,(please make sure no vtp version cli is present in show running), will not nvgen and no parsing of the config will be done, no issue will be seen- Applicable from 17.13 b. as vtp domain config loss is happening after downgrade/upgrade, before reloading create a new vlan which will populate the vlan.dat file after downgrade/upgrade and issue will resolved.
If the code update is performed via ISSU (for Stackwise Virtual setups) then issue is seen after the second reloads. Meaning, the first reload is the one done via ISSU triggers the issue where the domain loss will happen(vlan.dat file shows 564 Bytes), then a second reload the issue hit and vlans will lost. Besides Catalyst 9000 Switches, other IOS-XE based Switching platforms such as the IE9300 and the IE3x00 Rugged Series Switches are also affected by this issue. Catalyst 8300 Routers using SM-Based Switching Modules are also affected by this issue. Verify the vlan.dat file size (RT# dir | inc vlan.dat), as it is seen on all Catalyst Switches) then we know the issue will happen on the next reload. This issue triggered while implementing the fix of CSCwe51080 which was later backed out on CSCwn20712. The changes in CSCwi46941 address the issues in both CSCwe51080 and CSCwi46941.
The Cisco PSIRT has evaluated this issue and determined that it does not have a security impact that requires PSIRT ownership or involvement. This issue will be addressed via normal resolution channels. There is no PSIRT restriction that prohibits making this bug visible. If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation. Additional information on Cisco's security vulnerability policy can be found at the following URL: https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.