Guest

Cisco 7200 Series Routers

Field Notice: Cisco 7200 Series Router with an Integrated Services Adapter (ISA) Module Installed May Fail to Utilize the Hardware Encryption Engine if the I/O Memory is Changed to 40 MB


March 12, 2004


Products Affected

Cisco 7200 Series Router with an Integrated Services Adapter (ISA) Module installed

Problem Description

Cisco 7200 series routers with an Integrated Services Adapter (ISA) installed and running any IOS image in the following trains - 12.1E, 12.2, 12.2T, 12.3 or 12.3T - will fail to utilize the hardware encryption engine if the Input/Output (I/O) memory is changed to 40MB.

All of the following values have been tested and verified to work:

16MB, 32MB, 64MB, and 128MB (where possible).

Background

Support for different I/O memory sizes was added to the 7200 platform. Due to software bug CSCed72623 (registered customers only) , setting the I/O memory size to 40MB causes hardware encryption/decryption to fail.

Problem Symptoms

Customers experiencing this issue will see a drastic performance decrease when trying to encrypt/decrypt their specified traffic.

Workaround/Solution

In order to verify the above issue is occurring, first check to see if the hardware matches the above criteria and that the IOS image is within one of the following trains:

12.1E, 12.2, 12.2T, 12.3 or 12.3T.

Next, verify that the memory-size iomem 40 command has been configured.

Verify whether the ISA card is functioning by issuing the show crypto card slot x command (where x is the slot number of the installed ISA card) and that the system is using it for encryption by issuing the show crypto engine brief command. If the show crypto engine brief command returns the value of "software", it is a good indication this issue is occurring.

The workaround is to change the I/O memory size back to default or any of the following values:

16MB, 32MB, 64MB or 128MB (where possible). This can be accomplished by issuing the memory-size iomem x (where x is the size of the I/O memory).

DDTS

To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.

DDTS

Description

CSCed72623 (registered customers only)

Hardware encyrption does not work with different iomem sizes

Cisco IOS Versions Affected

12.1E, 12.2, 12.2T, 12.3 and 12.3T trains

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.