Guest

Cisco IOS Software Releases 12.0 S

Cisco IOS Release 12.0(32)SY

  • Viewing Options

  • PDF (2.3 MB)
  • Feedback
Cross-Platform Release Notes for Cisco IOS Release 12.0SY

Table Of Contents

Cross-Platform Release Notes for Cisco IOS Release 12.0SY

Contents

Introduction

System Requirements

Supported Hardware

Supported Platforms

Supported Modules for the Cisco 10720 Router

Supported Line Cards for the Cisco 12000 Series Routers

Determining the Software Version

Upgrading to a New Software Release

Microcode Software

Shared Port Adapter FPD Image Packages for the Cisco 12000 Series

Feature Support

Determining the Software Images (Feature Sets) That Support a Specific Feature

Determining the Features Supported in a Specific Software Image (Feature Set)

Memory Recommendations

New and Changed Information

New Hardware Features in Cisco IOS Release 12.0(32)SY8

New Software Features in Cisco IOS Release 12.0(32)SY8

BGP Support for 4-Byte ASN

QinQ and QinAny over L2TPv3

New Hardware Features in Cisco IOS Release 12.0(32)SY4

SPA-2X1GE-V2

New Software Features in Cisco IOS Release 12.0(32)SY4

Cisco 12000 Series Router SIP and SPA Software Configuration Guide

New Hardware Features in Cisco IOS Release 12.0(32)SY3

New Software Features in Cisco IOS Release 12.0(32)SY3

Enhanced Ingress Hierarchical Policing on Engine 5

New Hardware and Software Features in Cisco IOS Release 12.0(32)SY1 to Cisco IOS Release 12.0(32)SY2

New Hardware Features in Cisco IOS Release 12.0(32)SY

SPA-8X1FE-TX-V2

SPA-1X10GE-L-V2

SPA-5X1GE-V2

SPA-10X1GE-V2

SPA-2XOC12-POS SPA Support on Cisco 12000

SPA-4XOC12-POS SPA Support on Cisco 12000

SPA-8XOC12-POS SPA Support on Cisco 12000

SPA-4XOC3-POS-V2 SPA Support on Cisco 12000

SPA-8XOC3-POS SPA Support on Cisco 12000

New Software Features in Cisco IOS Release 12.0(32)SY

BGP Multipath Load Sharing for MPLS VPN over IP Tunnels for Cisco 12000 Engine 5 Line Cards

Cisco 12000 Series Router SIP and SPA Software Configuration Guide

Configuring RTP Header Compression for Cisco 12000 Series Routers

Cos-Based Tunnel Selection on Engine 5 Line Cards

DPT (SRP) Support for the 1-port OC-192 SPA on 12000-SIP-600/601

DPT (SRP) Support for the 2-port OC-48 SPA on 12000-SIP-600/601

Hierarchical QoS for MPLS VPN over IP Tunnels for Cisco 12000 Engine 5 and Engine 3 Line Cards

Hierarchical Shaping for MPLS VPNs over IP Tunnels on the Cisco 12000 Series Internet Router

Inter-AS Hybrid for MPLS VPN over IP Tunnels

IP Header Compression

IP SLAs—LSP Health Monitor

L2TPv3 Layer 2 Packet Fragmentation

L2TPv3 Like-to-Like Native for Cisco 12000 Engine 5 Line Cards

Layer 2 Local Switching

Layer 2 Tunnel Protocol Version 3 on Cisco 12000 Engine 5 Line Cards

Layer 2 Virtual Private Network Interworking on Cisco 12000 IP Services Engine and Engine 5 Line Cards

Layer 2 Virtual Private Network Interworking

Microcode Manager for Multiservice Engine Line Cards on Cisco 12000 Series Routers

MPLS Embedded Management—LSP Ping/Traceroute for LDP

MPLS LDP Autoconfiguration

MPLS LDP—IGP Synchronization

MPLS—LDP MD5 Global Configuration

MPLS VPN—Show Running VRF

MPLS VPN Carrier Supporting Carrier Support on the Cisco 10720 Router

MPLS VPN Carrier Supporting Carrier over IP Tunnels for Cisco 12000 Engine 5 Line Cards

MPLS VPNs over IP Tunnels

Multicast-VPN—IP Multicast Support for MPLS VPNs

PXF Accelerated IPv6 Multicast for 802.17 RPR

QoS: Enhanced show Commands for Active Policies

Virtual Private LAN Service over MPLS on Cisco 12000 Series Router Line Cards

VPLS Fast Reroute

VPLS QinQ

VRF-aware PBR

MIBs

Limitations and Restrictions

Important Notes

Deferrals

Field Notices and Bulletins

Important Notes for Cisco IOS Release 12.0(32)SY9

The bgp default ipv6-nexthop Command

Caveats

Resolved Caveats—Cisco IOS Release 12.0(32)SY16

Resolved Caveats—Cisco IOS Release 12.0(32)SY15

Resolved Caveats—Cisco IOS Release 12.0(32)SY14

Resolved Caveats—Cisco IOS Release 12.0(32)SY13

Resolved Caveats—Cisco IOS Release 12.0(32)SY12

Resolved Caveats—Cisco IOS Release 12.0(32)SY11

Resolved Caveats—Cisco IOS Release 12.0(32)SY10

Resolved Caveats—Cisco IOS Release 12.0(32)SY9b

Resolved Caveats—Cisco IOS Release 12.0(32)SY9a

Resolved Caveats—Cisco IOS Release 12.0(32)SY9

Basic System Services

Resolved Caveats—Cisco IOS Release 12.0(32)SY8

Resolved Caveats—Cisco IOS Release 12.0(32)SY7

Resolved Caveats—Cisco IOS Release 12.0(32)SY6

Resolved Caveats—Cisco IOS Release 12.0(32)SY5

Resolved Caveats—Cisco IOS Release 12.0(32)SY4

Basic System Services

IBM Connectivity

IP Routing Protocols

ISO CLNS

Miscellaneous

TCP/IP Host-Mode Services

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.0(32)SY3

Basic System Services

Miscellaneous

Resolved Caveats—Cisco IOS Release 12.0(32)SY2

IP Routing Protocols

Miscellaneous

TCP/IP Host-Mode Services

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.0(32)SY1

IP Routing Protocols

ISO CLNS

Miscellaneous

Wide-Area Networking

Open Caveats—Cisco IOS Release 12.0(32)SY

Basic System Services

Interfaces and Bridging

IP Routing Protocols

ISO CLNS

Miscellaneous

TCP/IP Host-Mode Services

Wide-Area Networking

Troubleshooting

Related Documentation

Release-Specific Documents

Cisco IOS Release 12.0S

Cisco IOS Release 12.0

Platform-Specific Documents

Feature Modules

Cisco Feature Navigator

Cisco IOS Software Documentation Set

Documentation Modules

Cisco IOS Release 12.0S Documentation Set Contents

Obtaining Documentation and Submitting a Service Request


Cross-Platform Release Notes for Cisco IOS Release 12.0SY


April 5, 2013

Cisco IOS Release 12.0(32)SY16

Part Number: OL-10924-01 Rev. X0

These release notes support Cisco IOS Release 12.0(32)SY, up to and including Cisco IOS Release 12.0(32)SY16. These release notes are updated as needed to describe new features, memory requirements, hardware support, software platform deferrals, and related documents.

Cisco IOS Release 12.0(32)SY is based on Cisco IOS Release 12.0(32)S and is tailored for service provider and large-scale enterprise networks. Cisco IOS Release 12.0(32)S includes features that were initially supported in Cisco IOS Release 12.0.

For a list of the software caveats that apply to Cisco IOS Release 12.0S, see the "Caveats" section and the caveat parts of the Cross-Platform Release Notes for Cisco IOS Release 12.0S document located on Cisco.com. The caveats document is updated for every maintenance release and is located on Cisco.com.

Use these release notes in conjunction with the Cross-Platform Release Notes for Cisco IOS Release 12.0S document located on Cisco.com.

We recommend that you view the field notices for this release to see if your software or hardware platforms are affected. If you have an account on Cisco.com, you can find field notices at http://www.cisco.com/warp/customer/tech_tips/index/fn.html. If you do not have a Cisco.com login account, you can find field notices at http://www.cisco.com/warp/public/tech_tips/index/fn.html.

Contents

Introduction

System Requirements

New and Changed Information

MIBs

Limitations and Restrictions

Important Notes

Caveats

Troubleshooting

Related Documentation

Obtaining Documentation and Submitting a Service Request

Introduction

Cisco IOS Release 12.0(32)SY is the first general availability release of this software. Many of the features and the hardware supported in this software have been previously released to customers on other software releases.

For information on new features and Cisco IOS commands that are supported by Cisco IOS Release 12.0(32)SY, see the "New and Changed Information" section and the "Caveats" section.

System Requirements

This section describes the system requirements for Cisco IOS Release 12.0(32)SY and includes the following sections:

Supported Hardware

Determining the Software Version

Upgrading to a New Software Release

Microcode Software

Feature Support

Memory Recommendations

Supported Hardware

This section consists of the following subsections:

Supported Platforms

Supported Modules for the Cisco 10720 Router

Supported Line Cards for the Cisco 12000 Series Routers

Supported Platforms

Cisco IOS Release 12.0(32)SY supports the following platforms:

Cisco 10720 router

Cisco 12000 series routers (including the Cisco 12006, Cisco 12008, Cisco 12010, Cisco 12012, Cisco 12016, Cisco 12404, Cisco 12406, Cisco 12410, Cisco 12416, Cisco 12810, and Cisco 12816.)

For additional information about supported hardware for this platform and release, please see the Hardware/Software Compatibility Matrix in the Cisco Software Advisor at the following location:

http://www.cisco.com/cgi-bin/front.x/Support/HWSWmatrix/hwswmatrix.cgi

For detailed descriptions of the new hardware features, see the "New and Changed Information" section.

Supported Modules for the Cisco 10720 Router

Table 1 lists the modules (also referred to as cards) that are supported for the Cisco 10720 in Cisco IOS Release 12.0(32)SY. The number in the "In" column indicates the Cisco IOS 12.0S release in which the module was introduced. For example, (22) means that a module was introduced in Cisco IOS Release 12.0(22)S. Note that, before their introduction in Cisco IOS Release 12.0(32)SY, most of these modules were introduced in Cisco IOS Release 12.0S.

Table 1 Supported Line Cards for the Cisco 10720 Router 

Common Abbreviation
Cisco Product Number 1
Module Description
In
Fast Ethernet (FE) an Gigabit Ethernet (GE) Modules

24-port Fast Ethernet

10720-FE-TX

24-port 10/100 Ethernet access module

(22)

10720-FE-FX-MM

24-port 100 Mbps fiber Ethernet access module,
multimode, 2 km

(22)

10720-FE-FX-SM

24-port 100 Mbps fiber Ethernet access module,
single mode, 15 km

(22)

4-port Gigabit Ethernet + 8-port Fast Ethernet

10720-GE-FE-TX

Combined 4-port Gigabit Ethernet 8-port 10/100 Ethernet TX access module

(22)

10720-GE-FE-TX-B

Combined 4-port Gigabit Ethernet 8-port 10/100 Ethernet TX access module, Revision B

(25)

Gigabit Ethernet (GE) Small-Form-Factor Pluggable (SFP) Modules

GE SFP

10720-GE-SFP-SX

GE SFP module—short reach (550 m)

(22)

10720-GE-SFP-LH

GE SFP module—intermediate reach (10 km)

(22)

GLC-ZX-SM

GE SFP module—long reach (70 km)

(23)

SFP-GE-T

GE SFP module—1000BASE-T

(31)

SFP-GE-S

GE SFP module—short reach (550 m), extended temperature

(31)

SFP-GE-L

GE SFP module—intermediate reach (10 km), extended
temperature

(31)

Cisco Wavelength Division Multiplexing (CDWM) Small-Form-Factor Pluggable (SFP) Transceiver Modules

CWDM SFP

CWDM-SFP-1470

CWDM SFP module—longwave 1470 nm laser, single mode, gray

(31)

CWDM-SFP-1490

CWDM SFP module—longwave 1490 nm laser, single mode, violet

(31)

CWDM-SFP-1510

CWDM SFP module—longwave 1510 nm laser, single mode, blue

(31)

CWDM-SFP-1530

CWDM SFP module—longwave 1530 nm laser, single mode, green

(31)

CWDM-SFP-1550

CWDM SFP module—longwave 1550 nm laser, single mode, yellow

(31)

CWDM-SFP-1570

CWDM SFP module—longwave 1570 nm laser, single mode, orange

(31)

CWDM-SFP-1590

CWDM SFP module—longwave 1590 nm laser, single mode, red

(31)

CWDM-SFP-1610

CWDM SFP module—longwave 1610 nm laser, single mode, brown

(31)

Packet over SONET (POS)/Synchronous Digital Hierarchy (SDH) Modules

2-port OC-48/STM-16 POS

10720-SR-LC-POS

2-port OC-48c/STM-16c POS/SDH uplink module, short reach (2 km)

(23)

10720-IR-LC-POS

2-port OC-48c/STM-16c POS/SDH uplink module,
intermediate reach (15 km)

(23)

10720-LR1-LC-POS

2-port OC-48c/STM-16c POS/SDH uplink module, long reach (40 km)

(23)

10720-LR2-LC-POS

2-port OC-48c/STM-16c POS/SDH uplink module, (extra) long reach (80 km)

(23)

Dynamic Packet Transport (DPT) Modules 2

2-port OC-48/STM-16 SRP

10720-SR-LC

2-port OC-48c/STM-16c SRP uplink module, short reach (2 km)

(22)

10720-IR-LC

2-port OC-48c/STM-16c SRP uplink module, intermediate reach (15 km)

(22)

10720-LR1-LC

2-port OC-48c/STM-16c SRP uplink module, long reach (40 km)

(22)

10720-LR2-LC

2-port OC-48c/STM-16c SRP uplink module, (extra) long reach (80 km)

(22)

Other Modules

Console/Auxiliary

10720-CON-AUX=

10720 console/auxiliary module

(22)

RPR/SRP

10720-RPR-SFP=

Dual-Mode IEEE 802.17 RPR/SRP uplink module

(30)

1 For a spare product number, append an equal sign (=) to the product number. For End-of-Sale (EOS) and End-of-Life (EOL) information about modules, refer to the Cisco product bulletins at:

http://www.cisco.com/en/US/products/hw/routers/ps147/prod_eol_notices_list.html

2 DPT modules are also referred to as Spatial Reuse Protocol (SRP) modules.


Supported Line Cards for the Cisco 12000 Series Routers

Table 2 lists the line cards that are supported for the Cisco 12000 series routers in Cisco IOS Release 12.0(32)SY and uses the following conventions:

Yes—The line card is supported in the software image.

No—The line card is not supported in the software image.

In—The number in the In column indicates the Cisco IOS 12.0S release in which the line card was introduced. For example, (11) means a that line card was introduced in Cisco IOS Release 12.0(11)S. If a cell in this column contains a dash (—), support for the line card was included in the initial base release.

Table 2 Supported Line Cards for Cisco 12000 Series Routers 

Common Abbreviation
Cisco Product Number 1
Engine Type 2
Line Card Description
In
Chassis
2.5 Gbps 3
10 Gbps 4
40 Gbps 5
Core Line Cards—Packet over SONET (POS)

1-port OC-48 POS6

OC48E/POS-SR-SC-B

 2

1-port OC-48c/STM-16c POS/SDH short reach

(10)

 Yes

 Yes

 Yes

OC48E/POS-LR-SC-B

 2

1-port OC-48c/STM-16c POS/SDH long reach

(10)

 Yes

 Yes

 Yes

1-port OC-48 POS ISE

OC48X/POS-SR-SC

 3

1-port OC-48c/STM-16c POS/SDH ISE short reach

(21)

 Yes

 Yes

 Yes

OC48X/POS-LR-SC

 3

1-port OC-48c/STM -16c POS/SDH ISE long reach

(21)

 Yes

 Yes

 Yes

4-port7 OC-48 POS ES8

4OC48E/POS-SR-SC9

 4+

4-port OC-48c/STM-16c POS/SDH ES short reach

(15)

 No

 Yes

 Yes

4OC48E/POS-LR-SC10

 4+

4-port OC-48c/STM-16c POS/SDH ES long reach

(15)

 No

 Yes

 Yes

8-port OC-48 POS11

8OC48/POS-SFP

 6

8-port OC-48c/STM-16c POS/SDH Small Form-Factor Plugable (SFP)

(27)

 No

 Yes

 Yes

1-port OC-192 POS

OC192R0/POS-SR-SC

 2

1-port OC-192c/STM-64c POS Enabler short reach

(10)

 Yes

 Yes

 Yes

OC192R0/POS-IR-SC

 2

1-port OC-192c/STM-64c POS Enabler intermediate reach

(10)

 Yes

 Yes

 Yes

1-port OC-192 POS ES8

OC192E/POS-VSR

 4+

1-port OC-192c/STM-64c POS/SDH ES very short reach

(21)

 No

 Yes

 Yes

OC192E/POS-SR-SC

 4+

1-port OC-192c/STM-64c POS/SDH ES short reach

(21)

 No

 Yes

 Yes

OC192E/POS-IR-SC

 4+

1-port OC-192c/STM-64c POS/SDH ES intermediate reach

(21)

 No

 Yes

 Yes

OC192E/POS-LR-SC

 4+

1-port OC-192c/STM-64c POS/SDH ES long reach

(24)

 No

 Yes

 Yes

2-port OC-192 POS11

2OC192/POS-VSR

 6

2-port OC-192c/STM-64c POS/SDH very short reach

(27)

 No

 Yes

 Yes

2OC192/POS-SR-SC

 6

2-port OC-192c/STM-64c POS/SDH short reach

(27)

 No

 Yes

 Yes

2OC192/POS-IR-SC

 6

2-port OC-192c/STM-64c POS/SDH intermediate reach

(27)

 No

 Yes

 Yes

Edge Line Cards—DS3, E3, and Packet over SONET (POS)

6-port DS312

6DS3-SMB-B

 0

6-port DS3 with ECC

(10)

 Yes

 Yes

 Yes

12-port DS312

12DS3-SMB-B

 0

12-port DS3 with ECC

(10)

 Yes

 Yes

 Yes

6-port E312

6E3-SMB

 0

6-port E3 with ECC

(15)

 Yes

 Yes

 Yes

12-port E312

12E3-SMB

 0

12-port E3 with ECC

(15)

 Yes

 Yes

 Yes

8-port OC-3 POS

8OC3/POS-SM

 2

8-port OC-3c/STM-1c POS/SDH single mode

(10)

 Yes

 Yes

 Yes

8OC3/POS-MM

 2

8-port OC-3c/STM-1c POS/SDH multimode

(10)

 Yes

 Yes

 Yes

16-port OC-3 POS

16OC3/POS-SM

 2

16-port OC-3c/STM-1c POS/SDH single mode

(10)

 Yes

 Yes

 Yes

16OC3/POS-MM

 2

16-port OC-3c/STM-1c POS/SDH multimode

(10)

 Yes

 Yes

 Yes

4-port7 OC-3 POS

LC-4OC3/POS-SM

 0

4-port OC-3c/STM-1c POS/SDH single mode

(5)

 Yes

 Yes

 Yes

LC-4OC3/POS-MM

 0

4-port OC-3c/STM-1c POS/SDH multimode

(5)

 Yes

 Yes

 Yes

4OC3/POS-LR-SC

 0

4-port OC-3c/STM-1c POS/SDH long reach

(5)

 Yes

 Yes

 Yes

4-port7 OC-3 POS ISE

4OC3X/POS-MM-MJ-B

 3

4-port OC-3c/STM-1c POS/SDH ISE multimode

(22)

 Yes

 Yes

 Yes

4OC3X/POS-IR-LC-B

 3

4-port OC-3c/STM-1c POS/SDH ISE intermediate reach

(22)

 Yes

 Yes

 Yes

4OC3X/POS-LR-LC-B

 3

4-port OC-3c/STM-1c POS/SDH ISE long reach

(22)

 Yes

 Yes

 Yes

8-port OC-3 POS ISE

8OC3X/POS-MM-MJ-B

 3

8-port OC-3c/STM-1c POS/SDH ISE multimode

(22)

 Yes

 Yes

 Yes

8OC3X/POS-IR-LC-B

 3

8-port OC-3c/STM-1c POS/SDH ISE intermediate reach

(22)

 Yes

 Yes

 Yes

16-port OC-3 POS ISE

16OC3X/POS-M-MJ-B

 3

16-port OC-3c/STM-1c POS/SDH ISE multimode

(22)

 Yes

 Yes

 Yes

16OC3X/POS-I-LC-B

 3

16-port OC-3c/STM-1c POS/SDH ISE intermediate reach

(21)

 Yes

 Yes

 Yes

1-port OC-12 POS

LC-1OC12/POS-SM13

 0

1-port OC-12c/STM-4c POS/SDH single mode

(10)

 Yes

 Yes

 Yes

LC-1OC12/POS-MM14

 0

1-port OC-12c/STM-4c POS/SDH multimode

(10)

 Yes

 Yes

 Yes

4-port7 OC-12 POS6

4OC12/POS-IR-SC-B

 2

4-port OC-12c/STM-4c POS/SDH single mode

(8)

 Yes

 Yes

 Yes

4OC12/POS-MM-SC-B

 2

4-port OC-12c/STM-4c POS/SDH multimode

(8)

 Yes

 Yes

 Yes

4-port7 OC-12 POS ISE

4OC12X/POS-I-SC-B

 3

4-port OC-12c/STM-4c POS/SDH ISE single mode

(21)

 Yes

 Yes

 Yes

4OC12X/POS-M-SC-B

 3

4-port OC-12c/STM-4c POS/SDH ISE multimode

(21)

 Yes

 Yes

 Yes

Channelized Edge Line Cards—Optical Carrier (OC) and T3

2-port CHOC-3, DS1/E1

2CHOC3/STM1-IR-SC

 0

2-port channelized OC-3/STM-1 (DS1/E1)

(17)

 Yes

 Yes

 Yes

1-port CHOC-12, DS3

LC-OC12-DS3

 0

1-port channelized OC-12 (DS3)

(5)

 Yes

 Yes

 Yes

1-port CHOC-12, OC-3

CHOC12/STS3-IR-SC

 0

1-port channelized OC-12/STM-4 (OC-3/STM-1)

(5)

 Yes

 Yes

 Yes

1-port CHOC-12,
OC-3 ISE11

CHOC12/DS1-IR-SC

 3

1-port channelized OC-12/STM-4 (DS1/E1) ISE

(27)

 Yes

 Yes

 Yes

4-port7 CHOC-12 ISE

4CHOC12/DS3-I-SCB

 3

4-port channelized OC-12/STM-4 (DS3/E3, OC-3c/STM-1c) POS/SDH ISE

(21)

 Yes

 Yes

 Yes

1-port CHOC-48 ISE

CHOC48/DS3-SR-SC

 3

1-port channelized OC-48/STM-16 (DS3/E3, OC-3c/STM-1c, OC-12c/STM-4c) POS/SDH ISE

(21)

 Yes

 Yes

 Yes

6-port Ch T3

6CT3-SMB

 0

6-port channelized T3 (T1)

(14)

 Yes

 Yes

 Yes

ATM Line Cards

4-port7 OC-3 ATM

4OC3/ATM-IR-SC

 0

4-port OC-3c/STM-1c ATM
single mode

(5)15

 Yes

 Yes

 Yes

4OC3/ATM-MM-SC

 0

4-port OC-3c/STM-1c ATM multimode

(5)15

 Yes

 Yes

 Yes

4-port OC-3 ATM ISE11

4OC3X/ATM-IR-SC

 3

4-port OC-3/STM-1 ATM ISE single mode

(27)

 Yes

 Yes

 Yes

4OC3X/ATM-MM-SC

 3

4-port OC-3/STM-1 ATM ISE multimode

(27)

 Yes

 Yes

 Yes

8-port OC-3 ATM

8OC03/ATM/TS-IR-B

 2

8-port OC-3c/STM-1c ATM
single mode

(22)

 Yes

 Yes

 Yes

8OC03/ATM/TS-MM-B

 2

8-port OC-3c/STM-1c ATM multimode

(22)

 Yes

 Yes

 Yes

1-port OC-12 ATM

LC-1OC12/ATM-SM

 0

1-port OC-12c/STM-4c ATM single mode

(5)15

 Yes

 Yes

 Yes

LC-1OC12/ATM-MM

 0

1-port OC-12c/STM-4c ATM multimode

(5)15

 Yes

 Yes

 Yes

4-port7 OC-12 ATM

4OC12/ATM-IR-SC

 2

4-port OC-12c/STM-4c ATM single mode

(13)

 Yes

 Yes

 Yes

4OC12/ATM-MM-SC

 2

4-port OC-12c/STM-4c ATM multimode

(13)

 Yes

 Yes

 Yes

4-port7 OC-12 ATM ISE

4OC12X/ATM-IR-SC

 3

4-port OC-12c/STM-4c ATM ISE single mode

(25)

 Yes

 Yes

 Yes

4OC12X/ATM-MM-SC

 3

4-port OC-12c/STM-4c ATM ISE multimode

(25)

 Yes

 Yes

 Yes

Fast Ethernet (FE) and Gigabit Ethernet (GE) Line Cards

1-port GE

GE-GBIC-SC-B

 1

1-port Gigabit Ethernet with ECC

(5)

 Yes

 Yes

 Yes

10-port GE

10x1GE-SFP-LC-B

 4

10-port Gigabit Ethernet

(19)

 Yes

 Yes

 Yes

8-port FE12

8FE-FX-SC-B

 1

8-port Fast Ethernet, 100BASE-FX, with ECC memory

(10)

 Yes

 Yes

 Yes

8FE-TX-RJ45-B

 1

8-port Fast Ethernet, 100BASE-TX, with ECC memory

(10)

 Yes

 Yes

 Yes

3-port GE

3GE-GBIC-SC

 2

3-port Gigabit Ethernet

(11)

 Yes

 Yes

 Yes

4-port7 GE ISE

4GE-SFP-LC

 3

4-port Gigabit Ethernet ISE

(25)

 Yes

 Yes

 Yes

1-port 10-GbE

1X10GE-LR-SC

 4+

1-port 10-Gigabit Ethernet
long reach

(23)

 No

 Yes

 Yes

1X10GE-ER-SC

 4+

1-port 10-Gigabit Ethernet extended reach

(23)

 No

 Yes

 Yes

Modular GbE

EPA-GE/FE-BBRD and
EPA-3GE-SX/LH-LC

 4+

Modular Gigabit Ethernet:
Gigabit Ethernet modular baseboard and 3-port Gigabit Ethernet port adapter

(23)

 No

 Yes

 Yes

Dynamic Packet Transport (DPT) Line Cards

2-port OC-12 DPT12

OC12/SRP-IR-SC-B

 1

2-port OC-12c/STM-4c DPT with ECC single mode
intermediate reach

(10)

 Yes

 Yes

 Yes

OC12/SRP-LR-SC-B

 1

2-port OC-12c/STM-4c DPT with ECC single mode long reach

(10)

 Yes

 Yes

 Yes

OC12/SRP-XR-SC

 1

2-port OC-12c/STM-4c DPT with ECC single mode extra long reach

(10)

 Yes

 Yes

 Yes

OC12/SRP-MM-SC-B

 1

2-port OC-12c/STM-4c DPT with ECC multimode

(10)

 Yes

 Yes

 Yes

4-port7 OC-12 DPT ISE

4OC12X/SRP-IR-LC

 3

4-port OC-12c/STM-4c DPT ISE intermediate reach

(24)

 Yes

 Yes

 Yes

4OC12X/SRP-XR-LC

 3

4-port OC-12c/STM-4c DPT ISE extended long reach

(24)

 Yes

 Yes

 Yes

1-port OC-48 DPT6

OC48/SRP-SR-SC-B16

 2

1-port OC-48c/STM-16c DPT single mode short reach

(15)

 Yes

 Yes

 Yes

OC48/SRP-LR-SC-B17

 2

1-port OC-48c/STM-16c DPT single mode long reach

(15)

 Yes

 Yes

 Yes

4-port7 OC-48 DPT

4OC48/SRP-SFP

 4+

4-port OC-48c/STM-16c DPT

(23)

 No

 Yes

 Yes

1-port OC-192 DPT

OC192/SRP-VSR

 4+

1-port OC-192c/STM-64c DPT very short reach

(23)

 No

 Yes

 Yes

OC192/SRP-SR-SC

 4+

1-port OC-192c/STM-64c DPT short reach

(23)

 No

 Yes

 Yes

OC192/SRP-IR-SC

 4+

1-port OC-192c/STM-64c DPT intermediate reach

(23)

 No

 Yes

 Yes

Shared Port Adapters (SPAs)

2-port T3/E3 Serial

SPA-2XT3/E3

 3

2-port clear channel T3/E3

(31)

 Yes

 Yes

 Yes

4-port T3/E3 Serial

SPA-4XT3/E3

 3

4-port clear channel T3/E3

(31)

 Yes

 Yes

 Yes

2-port CT3

SPA-2XCT3/DS0

 3

2-port channelized T3 to DS0

(31)

 Yes

 Yes

 Yes

4-port CT3

SPA-4XCT3/DS0

 3

4-port channelized T3 to DS0

(31)

 Yes

 Yes

 Yes

1-port CHOC-3

SPA-1XCHSTM1/OC3

 5

1-port channelized STM-1/OC-3

(32)

 No

 Yes

 Yes

8-port Ch T1/E1

SPA-8XCHT1/E1

 5

8-port channelized T1/E1

(32)

 No

 Yes

 Yes

8-port FE

SPA-8XFE

 5

8-port Fast Ethernet

(32)

 No

 Yes

 Yes

1-port 10GE

SPA-1XTENGE-XFP

 5

1-port 10-Gigabit Ethernet

(31)

 No

 Yes

 Yes

2-port GE

SPA-2X1GE

 5

2-port Gigabit Ethernet SPA

(32)

 No

 Yes

 Yes

5-port GE

SPA-5X1GE

 5

5-port Gigabit Ethernet

(31)

 No

 Yes

 Yes

10-port GE

SPA-10X1GE

 5

10-port Gigabit Ethernet

(31)

 No

 Yes

 Yes

2-port OC-48 POS

SPA-2XOC48c

 5

2-port OC-48 POS/RPR

(31)S2

 No

 Yes

 Yes

1-port OC-192 POS/RPR VSR

SPA-OC192POS-VSR

 5

1-port OC-192/STM64 POS/RPR VSR Optics

(32)

 No

 Yes

 Yes

1-port OC-192 POS/RPR

SPA-OC192POS-LR

 5

1-port OC-192/STM64 POS/RPR SMLR Optics

(31)

 No

 Yes

 Yes

1-port OC192 POS/RPR XFP

SPA-OC192POS-XFP

 5

1-port OC-192/STM64 POS/RPR XFP Optics

(31)

 No

 Yes

 Yes

SPA Interface Processors (SIPs)

SIP-400

12000-SIP-400

 3

2.5G ISE SPA Interface Processor.

(31)

 Yes

 Yes

 Yes

SIP-600

12000-SIP-600

 5

10G Engine 5 SPA Interface Processor.

(31)

 No

 Yes

 Yes

SIP-40118

12000-SIP-401

 5

2.5G Multiservice Engine SPA Interface Processor.

(32)

 Yes

 Yes

 Yes

SIP-501

12000-SIP-501

 5

5G Multiservice Engine SPA Interface Processor.

(32)

 No

 Yes

 Yes

SIP-601

12000-SIP-601

 5

10G Multiservice Engine SPA Interface Processor.

(32)

 No

 Yes

 Yes

1 For a spare product number, append an equal sign (=) to the product number. For End-of-Sale (EOS) and End-of-Life (EOL) information about line cards, refer to the Cisco product bulletins at:

http://www.cisco.com/en/US/partner/products/hw/routers/ps167/prod_eol_notices_list.html

2 Engine 3 (E3) is commonly referred to as IP Services Engine (ISE); Engine 4 plus (E4+) is commonly referred to as Enhanced Services (ES) engine.

3 Cisco 12006, Cisco 12008, Cisco 12010, Cisco 12012, and Cisco 12016 routers. SIPs and SPAs are only supported on the Cisco 12006 and Cisco 12010 chassis. None of the SIP cards and SPAs are supported in either the Cisco 12008 or the Cisco 12012 routers (reference note 18 for Cisco 12016 support). The enhanced fabric which supports Single Router APS, BITS and Dual Priority is available in Cisco IOS Release 12.0(32)SY2 and higher for the Cisco 12010 and Cisco 12016 routers. The enhanced fabric without the Single Router APS, BITS and Dual Priority functionalities can also be used on the Cisco 12006 routers with Cisco IOS 12.0(32)SY8 or later releases. For support of these features on Cisco 12006 chassis, reference the Cisco IOS Release 12.0(33)S release notes. The Cisco Part Number for the Cisco 12010 fabric option and fabric kit is 12010E/50 and 12010E/50=. The Cisco Part Number for the Cisco 12016 fabric option and fabric kit is 12016E/80 and 12016E/80=. The Cisco Part Number for the Cisco 12006 fabric option and fabric kit is 12006E/30 and 12006E/30=. The SR APS feature is supported using the Engine3 ATM line cards. BITS feature is supported on Engine3 and Engine5 POS and ATM line cards. DP feature is supported on Engine5 (2.5G mode) line cards.

4 Cisco 12404, Cisco 12406, Cisco 12410, and Cisco 12416. The enhanced fabric which supports Single Router APS, BITS and Dual Priority is available in Cisco IOS Release 12.0(32)SY2 and higher for the Cisco 12410 and Cisco 12416 routers. The enhanced fabric without the Single Router APS, BITS and Dual Priority functionalities can also be used on the Cisco 12406 routers with Cisco IOS 12.0(32)SY8 or later releases. For support of these features on Cisco 12406 chassis, reference the Cisco IOS Release 12.0(33)S Release notes. The Cisco Part Number for the Cisco 12410 fabric option and fabric kit is 12410E/200 and 12410E/200=. The Cisco Part Number for the Cisco 12416 fabric option and fabric kit is 12416E/320 and 12416E/320=. The Cisco Part Number for the Cisco 12406 fabric option and fabric kit is 12406E/120 and 12406E/120=. The SR APS feature is supported using the Engine3 ATM line cards. BITS feature is supported on Engine3 and Engine5 POS and ATM line cards. DP feature is supported on Engine4, Engine4+ and Engine5 line cards. The enhanced fabric without the Single Router APS, BITS and Dual Priority functionalities can also be used on the Cisco 12404 routers with Cisco IOS 12.0(32)SY11 or later releases. The Cisco Part Number for the Cisco 12404 fabric option and fabric kit is 12404E/80 and 12404E/80=.

5 Cisco 12810 and Cisco 12816. The enhanced fabric which supports Single Router APS, BITS and Dual Priority is available in Cisco IOS Release 12.0(31)S and higher for the Cisco 12810 and Cisco 12816 routers. The Cisco Part Number for the Cisco 12810 fabric option and fabric kit is 12810E/800 and 12810E/800=. The Cisco Part Number for the Cisco 12816 fabric option and fabric kit is 12816E/1280 and 12816E/1280=. The SR APS feature is supported using the Engine3 ATM line cards. BITS feature is supported on Engine6 POS line cards in addition to those listed in note 4. DP feature is supported on Engine4, Engine4+, Engine5 and Engine6 line cards.

6 Revision B replaces the initial version.

7 A 4-port line card is also referred to as a "Quad" line card.

8 This Engine 4+ version replaces the initial Engine 4 version.

9 The part number may also be referred to as 4OC-48E/POS-SR-SC.

10 The part number may also be referred to as 4OC-48E/POS-LR-SC.

11 This line card was released in Cisco IOS Release 12.0(27)S1.

12 This version with ECC memory replaces the initial version without ECC memory.

13 The part number may also be referred to as LC-1OC12-POS-SM.

14 The part number may also be referred to as LC-1OC12-POS-MM.

15 Cisco IOS Release 12.0(10)S is recommended.

16 The part number may also be referred to as OC-48/SRP-SR-SC-B.

17 The part number may also be referred to as OC-48/SRP-LR-SC-B.

18 SIP-401 is not supported on the Cisco 12008, Cisco 12012 and Cisco 12016 (with non-enhanced fabric) routers. This line card is supported on a Cisco 12016 router that is configured with the enhanced fabric.


Determining the Software Version

To determine the version of Cisco IOS software that is running on your Cisco router, log in to the router and enter the show version EXEC command:

Router> show version
 
   
Cisco Internetwork Operating System Software 
IOS (tm) 10720 Software (c10700-p-mz), Version 12.0(32)SY, EARLY DEPLOYMENT RELEASE 
SOFTWARE

Upgrading to a New Software Release

For information about selecting a new Cisco IOS software release, see How to Choose a Cisco IOS Software Release at:

http://www.cisco.com/warp/public/130/choosing_ios.shtml

For information about upgrading to a new software release, see the appropriate platform-specific document:

Cisco 10700 Series Routers

http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note09186a0080094c07.shtml

Cisco 12000 Series Routers

http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note09186a0080094c07.shtml

For Cisco IOS upgrade ordering instructions, see the document at:

http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/957_pp.htm

To choose a new Cisco IOS software release by comparing feature support or memory requirements, use Cisco Feature Navigator. Cisco Feature Navigator is a web-based tool that enables you to determine which Cisco IOS and Catalyst OS software images support a specific set of features and which features are supported in a specific Cisco IOS image. You can search by feature or by feature set (software image). Under the release section, you can compare Cisco IOS software releases side by side to display both the features unique to each software release and the features that the releases have in common.

Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at:

http://www.cisco.com/go/fn

To choose a new Cisco IOS software release based on information about defects that affect that software, use Bug Toolkit at:

http://www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl

Microcode Software

This section consists of the following subsections:

Shared Port Adapter FPD Image Packages for the Cisco 12000 Series

Shared Port Adapter FPD Image Packages for the Cisco 12000 Series

Field-Programmable Device (FPD) image packages are used to update Shared Port Adapter (SPA) FPD images. If a discrepancy exists between an SPA FPD image and the Cisco IOS image that is running on the router, the SPA is deactivated until this discrepancy is resolved. For additional information on FPDs, including the upgrade process, see the "Upgrading Field-Programmable Devices" section of the Cisco 12000 Series Router SIP and SPA Software Configuration Guide:

http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/lc_spa/spa_swcs/index.htm


Note The maximum time to upgrade the FPD images on one SPA is 2 minutes. The total FPD upgrade time depends on the number of SPAs.


Shared Port Adapter FPD Image Package for Cisco IOS Release 12.0(32)SY

The FPD image package that is used to upgrade SPAs on a router that runs Cisco IOS Release 12.0(32)SY is the c12k-fpd-pkg.120-32.S.pkg file. This SPA FPD image package file is accessible from the page from which you download your specific Cisco IOS image in the Software Center on Cisco.com and contains the components that are listed in Table 3.

Table 3 Cisco 12000 Series FPD Image Package Contents for Release 12.0(32)S 

Supported SPAs
FPD ID
FPD Component Name
FPD Component Version
Minimum Required Hardware Version

2-port T3/E3 Serial SPA

1

T3E3 SPA ROMMON

2.12

0.0

2

T3E3 SPA I/O FPGA

0.24

0.0

3

T3E3 SPA E3 FPGA

1.0

0.0

4

T3E3 SPA T3 FPGA

1.0

0.0

4-port T3/E3 Serial SPA

1

T3E3 SPA ROMMON

2.12

0.0

2

T3E3 SPA I/O FPGA

0.24

0.0

3

T3E3 SPA E3 FPGA

1.0

0.0

4

T3E3 SPA T3 FPGA

1.0

0.0

2-port Channelized T3 SPA

1

CT3 SPA ROMMON

2.12

0.100

2

CT3 SPA I/O FPGA

2.2

0.100

3

CT3 SPA T3 FPGA R1

0.11

0.100

3

CT3 SPA T3 FPGA R2

0.15

0.200

4-port Channelized T3 SPA

1

CT3 SPA ROMMON

2.12

0.100

2

CT3 SPA I/O FPGA

2.2

0.100

3

CT3 SPA T3 FPGA R1

0.11

0.100

3

CT3 SPA T3 FPGA R2

0.15

0.200

1-port Channelized STM-1/OC-3 SPA

1

STM1/OC-3 SPA ROMMON

2.12

0.0

2

STM1/OC-3 SPA I/O FPGA

1.2

0.0

3

STM1/OC-3 SPA ET3 FPGA

1.1

0.0

8-port Channelized T1/E1 SPA

1

CTE1 SPA ROMMON

2.12

0.14

1

CTE1 SPA ROMMON NP

2.12

0.0

2

CTE1 SPA I/O FPGA

2.1

0.0

8-port FE SPA

1

FE SPA FPGA

1.0

0.0

1-port 10GE SPA

1

10GE SPA FPGA

1.7

0.0

2-port GE SPA

1

GE SPA FPGA

1.8

0.0

5-port GE SPA

1

GE SPA FPGA

1.8

0.0

10-port GE SPA

1

GE SPA FPGA

1.8

0.0

2-port OC-48 POS/SRP HH SPA

1

Multiport OC-48 POS/RPR SPA FPD

1.0

0.0

1-port OC-192 POS/SRP FH SPA

1

1-port POS/RPR SPA IOFPGA P1

1.2

0.0

1

1-port POS/RPR SPA IOFPGA P3

1.3

5.0

1-port OC-192 POS/SRP HH SPA

1

1-port POS/RPR SPA IOFPGA P1

1.2

0.0

1

1-port POS/RPR SPA IOFPGA P2

1.2

2.0


Feature Support

Cisco IOS software is packaged in feature sets that consist of software images that support specific platforms. The feature sets available for a specific platform depend on which Cisco IOS software images are included in a release. Each feature set contains specific Cisco IOS features.


Caution Cisco IOS images with strong encryption (including, but not limited to 168-bit [3DES] data encryption feature sets) are subject to U.S. government export controls and have limited distribution. Strong encryption images to be installed outside the United States are likely to require an export license. Customer orders may be denied or subject to delay because of U.S. government regulations. When applicable, the purchaser/user must obtain local import and use authorizations for all encryption strengths. Please contact your sales representative or distributor for more information, or send an e-mail to export@cisco.com.

Feature-to-image mapping is available through Cisco Feature Navigator. Cisco Feature Navigator is a web-based tool that enables you to determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image. You can search by feature or by feature set (software image). You can compare Cisco IOS software releases side-by-side to display both the features unique to each software release and the features that the releases have in common.

Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at the following URL:

www.cisco.com/go/cfn

For help with Cisco Feature Navigator, see the help information at the following URL:

http://www.cisco.com/web/applicat/CFNTOOLS/Help_Docs/help/cfn_support.html

Determining the Software Images (Feature Sets) That Support a Specific Feature

To determine which software images (feature sets) in a Cisco IOS release support a specific feature, go to the Cisco Feature Navigator home page and perform the following steps.


Step 1 From the Cisco Feature Navigator home page, click Research Features.

Step 2 Select your software type or leave the field as "All".

Step 3 To find a feature, you can search by either Feature or Technology (select the appropriate button). If you select Search by Feature, you can further filter your search by using the Filter By text box.

Step 4 Choose a feature from the Available Features text box, and click the Add button to add the feature to the Selected Features text box.


Note To learn more about a feature in the list, click the View Desc button in the Available Features text box.


Repeat this step to add features. A maximum of 20 features can be chosen for a single search.

Step 5 Click Continue when you are finished choosing features.

Step 6 In the Release/Platform Tree area, select either your release (from the Train-Release list) or your platform (from the Platform list).

Step 7 The "Search Result" table will list all the software images (feature sets) that support the features that you chose.


Note You can download your results into an Excel spreadsheet by clicking on the Download Excel button.



Determining the Features Supported in a Specific Software Image (Feature Set)

To determine which features are supported in a specific software image (feature set), go to the Cisco Feature Navigator home page and perform the following steps.


Step 1 From the Cisco Feature Navigator home page, click Research Software.

Step 2 Select your software type from the drop-down list and chose the Release button in the "Search By" area.

Step 3 From the Major Release drop-down list, chose the appropriate major release.

Step 4 From the Release drop-down list, choose the appropriate maintenance release.

Step 5 From the Platform drop-down list, choose the appropriate hardware platform.

Step 6 From the Feature Set drop-down list, choose the appropriate feature set. The Image Details area will provide details on the specific image. The Available Features area will list all the features that are supported by the feature set (software image) that you chose.


Note To learn more about a feature in the list, click the View Desc button in the Available Features text box.



Memory Recommendations

To determine memory recommendations for software images (feature sets) in your Cisco IOS release, go to the Cisco Feature Navigator home page and perform the following steps.


Step 1 From the Cisco Feature Navigator home page, click Research Software.

Step 2 Select your software type from the drop-down list and choose the Release button in the "Search By" area.

Step 3 From the Major Release drop-down list, choose the appropriate major release.

Step 4 From the Release drop-down list, choose the appropriate maintenance release.

Step 5 From the Platform drop-down list, choose the appropriate hardware platform.

Step 6 From the Feature Set drop-down list, choose the appropriate feature set.

Step 7 The Image Details area will provide details on the specific image including the DRAM and flash memory recommendations for each image. The Available Features area will list all the features that are supported by the feature set (software image) that you chose.


New and Changed Information

This section lists the new hardware and software features supported by Cisco IOS Release 12.0(32)SY and contains the following subsections:

New Hardware Features in Cisco IOS Release 12.0(32)SY8

New Software Features in Cisco IOS Release 12.0(32)SY8

New Hardware Features in Cisco IOS Release 12.0(32)SY4

New Software Features in Cisco IOS Release 12.0(32)SY4

New Hardware Features in Cisco IOS Release 12.0(32)SY3

New Software Features in Cisco IOS Release 12.0(32)SY3

New Hardware and Software Features in Cisco IOS Release 12.0(32)SY1 to Cisco IOS Release 12.0(32)SY2

New Hardware Features in Cisco IOS Release 12.0(32)SY

New Software Features in Cisco IOS Release 12.0(32)SY


Note These release notes are not cumulative and list only features that are new to Cisco IOS Release 12.0(32)SY. The parent release for Cisco IOS Release 12.0(32)SY is Cisco IOS Release 12.0S. For information about inherited features, refer to Cisco.com or Cisco Feature Navigator. For Cisco.com, either go to Cisco.com and select the appropriate software release under Products and Service and IOS Software or go to http://www.cisco.com/univercd/home/index.htm and select the appropriate software release under Cisco IOS Software and Release Notes. You can use the Cisco Feature Navigator tool at http://www.cisco.com/go/fn.


New Hardware Features in Cisco IOS Release 12.0(32)SY8

There are no new hardware features in Cisco IOS Release 12.0(32)SY8.

New Software Features in Cisco IOS Release 12.0(32)SY8

This section describes new and changed features in Cisco IOS Release 12.0(32)SY8. Some features may be new to Cisco IOS Release 12.0(32)SY but were released in earlier Cisco IOS software releases. Some features may have been released in earlier Cisco IOS software releases and have been changed in Cisco IOS Release 12.0(32)SY8. To determine if a feature is new or changed, see the feature history table at the beginning of the feature module for that feature. Links to feature modules are included below. If a feature listed below does not have a link to a feature module, that feature is documented only in the release notes, and information about whether the feature is new or changed will be available in the feature description provided below.

BGP Support for 4-Byte ASN

QinQ and QinAny over L2TPv3

BGP Support for 4-Byte ASN

Platform: Cisco 12000-GRP, Cisco 12000-PRP

The BGP Support for 4-Byte ASN feature introduces support for 4-byte autonomous system numbers. Because of increased demand for autonomous system numbers, in January 2009 the IANA will start to allocate 4-byte autonomous system numbers in the range from 65536 to 4294967295. The Cisco implementation of 4-byte autonomous system numbers uses asplain as the default output display format for autonomous system numbers, but you can configure 4-byte autonomous system numbers in both the asplain format and the asdot format as described in RFC 5396. In addition, the default format for matching 4-byte autonomous system numbers in regular expressions is asplain, so you must ensure that any regular expressions to match 4-byte autonomous system numbers are written in the asplain format. If you want to change the default show command output to display autonomous system numbers in the asdot format, use the bgp asnotation dot command under router configuration mode. When the asdot format is enabled as the default, any regular expressions to match 4-byte autonomous system numbers must be written using the asdot format, or else the regular expression match will fail. Cisco also supports RFC 4893, which was developed to allow BGP to support a gradual transition from 2-byte autonomous system numbers to 4-byte autonomous system numbers.

For detailed information about this feature, see the "Cisco BGP Overview" and "Configuring a Basic BGP Network" modules of the Cisco IOS IP Routing Protocols Configuration Guide and the Cisco IOS IP Routing Protocols Command Reference at the following URLs:

http://www.cisco.com/en/US/docs/ios/iproute/configuration/guide/irp_bgp_overview.html

http://www.cisco.com/en/US/docs/ios/iproute/configuration/guide/irp_bgp_basic_net.html

http://www.cisco.com/en/US/docs/ios/iproute/command/reference/irp_book.html

QinQ and QinAny over L2TPv3

The purpose of the IEEE 802.1 QinQ VLAN tag is to expand the VLAN space by tagging the tagged packets to produce a double-tagged frame. In the QinAny tag, the incoming packet is also doubled-tagged, where the user specifies only the outer tag explicitly and the inner tag can be any number (1 to 4095).

QinQ—The attachment circuit is a subinterface where the user specifies the inner and outer dot1q VLAN tags explicitly.

QinAny—The attachment circuit is a subinterface where the user specifies only the outer dot1q VLAN tag explicitly and the inner dot1q tag can be any VLAN value (1 to 4095).

The Stacked VLAN Processing feature supports the encapsulation of IEEE 802.1Q VLAN tags within a second layer of 802.1Q tag on provider edge (PE) routers to allow service providers to use a single VLAN to support customers who have multiple VLANs. The core service-provider network carries traffic with double-tagged, stacked VLAN (802.1 QinQ) headers of multiple customers while maintaining the VLAN and Layer 2 protocol configurations of each customer and without impacting the traffic of other customers. The Stacked VLAN Processing feature preserves VLAN IDs and keeps traffic in different customer VLANs segregated.

For more information, see the Layer 2 Tunnel Protocol Version 3 document at the following URL:

http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/l2tpv30s.html

New Hardware Features in Cisco IOS Release 12.0(32)SY4

This section describes new and changed features in Cisco IOS Release 12.0(32)SY. Some features may be new to Cisco IOS Release 12.0(32)SY but were released in earlier Cisco IOS software releases. Some features may have been released in earlier Cisco IOS software releases and have been changed in Cisco IOS Release 12.0(32)SY. To determine if a feature is new or changed, see the feature history table at the beginning of the feature module for that feature. Links to feature modules are included below. If a feature listed below does not have a link to a feature module, that feature is documented only in the release notes, and information about whether the feature is new or changed is available in the feature description provided below.

SPA-2X1GE-V2

SPA-2X1GE-V2

This release introduces the SPA-2X1GE-V2. For details about this feature, see the Cisco documents at:

http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/lc_spa/spa_swcs/1232sy/index.htm

New Software Features in Cisco IOS Release 12.0(32)SY4

This section describes new and changed features in Cisco IOS Release 12.0(32)SY4. Some features may be new to Cisco IOS Release 12.0(32)SY but were released in earlier Cisco IOS software releases. Some features may have been released in earlier Cisco IOS software releases and have been changed in Cisco IOS Release 12.0(32)SY4. To determine if a feature is new or changed, see the feature history table at the beginning of the feature module for that feature. Links to feature modules are included below. If a feature listed below does not have a link to a feature module, that feature is documented only in the release notes, and information about whether the feature is new or changed will be available in the feature description provided below.

Cisco 12000 Series Router SIP and SPA Software Configuration Guide

Cisco 12000 Series Router SIP and SPA Software Configuration Guide

This release introduces support for the following SPAs:

SPA-2X1GE-V2

For details about software configuration support for these SPAs, see the Cisco 12000 Series Router SIP and SPA Software Configuration Guide at the following location:

http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/lc_spa/spa_swcs/1232sy/index.htm

New Hardware Features in Cisco IOS Release 12.0(32)SY3

There are no new hardware features in Cisco IOS Release 12.0(32)SY3.

New Software Features in Cisco IOS Release 12.0(32)SY3

This section describes new and changed features in Cisco IOS Release 12.0(32)SY3. Some features may be new to Cisco IOS Release 12.0(32)SY but were released in earlier Cisco IOS software releases. Some features may have been released in earlier Cisco IOS software releases and have been changed in Cisco IOS Release 12.0(32)SY3. To determine if a feature is new or changed, see the feature history table at the beginning of the feature module for that feature. Links to feature modules are included below. If a feature listed below does not have a link to a feature module, that feature is documented only in the release notes, and information about whether the feature is new or changed will be available in the feature description provided below.

Enhanced Ingress Hierarchical Policing on Engine 5

Enhanced Ingress Hierarchical Policing on Engine 5

This release introduces an enhancement to Ingress Hierarchical Policing. The policer does not discard the conforming traffic on the child policy. Excess credits of the parent policer are shared.

New Hardware and Software Features in Cisco IOS Release 12.0(32)SY1 to Cisco IOS Release 12.0(32)SY2

There are no new hardware or software features in Cisco IOS Release 12.0(32)SY1 to Cisco IOS Release 12.0(32)SY2.

New Hardware Features in Cisco IOS Release 12.0(32)SY

This section describes new and changed features in Cisco IOS Release 12.0(32)SY. Some features may be new to Cisco IOS Release 12.0(32)SY but were released in earlier Cisco IOS software releases. Some features may have been released in earlier Cisco IOS software releases and have been changed in Cisco IOS Release 12.0(32)SY. To determine if a feature is new or changed, see the feature history table at the beginning of the feature module for that feature. Links to feature modules are included below. If a feature listed below does not have a link to a feature module, that feature is documented only in the release notes, and information about whether the feature is new or changed is available in the feature description provided below.

SPA-8X1FE-TX-V2

SPA-1X10GE-L-V2

SPA-5X1GE-V2

SPA-10X1GE-V2

SPA-2XOC12-POS SPA Support on Cisco 12000

SPA-4XOC12-POS SPA Support on Cisco 12000

SPA-8XOC12-POS SPA Support on Cisco 12000

SPA-4XOC3-POS-V2 SPA Support on Cisco 12000

SPA-8XOC3-POS SPA Support on Cisco 12000

SPA-8X1FE-TX-V2

This release introduces the SPA-8X1FE-TX-V2. For details about this feature, see the Cisco documents at:

http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/lc_spa/spa_hw/32sy/index.htm

http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/lc_spa/spa_swcs/1232sy/index.htm

SPA-1X10GE-L-V2

This release introduces the SPA-1X10GE-L-V2. For details about this feature, see the Cisco documents at:

http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/lc_spa/spa_hw/32sy/index.htm

http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/lc_spa/spa_swcs/1232sy/index.htm

SPA-5X1GE-V2

This release introduces the SPA-5X1GE-V2. For details about this feature, see the Cisco documents at the following locations:

http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/lc_spa/spa_hw/32sy/index.htm

http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/lc_spa/spa_swcs/1232sy/index.htm

SPA-10X1GE-V2

This release introduces the SPA-10X1GE-V2. For details about this feature, see the Cisco documents at:

http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/lc_spa/spa_hw/32sy/index.htm

http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/lc_spa/spa_swcs/1232sy/index.htm

SPA-2XOC12-POS SPA Support on Cisco 12000

This release introduces the SPA-2XOC12-POS SPA support on the Cisco12000 router. For details about this feature, see the Cisco documents at:

http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/lc_spa/spa_hw/32sy/index.htm

http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/lc_spa/spa_swcs/1232sy/index.htm

SPA-4XOC12-POS SPA Support on Cisco 12000

This release introduces the SPA-4XOC12-POS SPA support on the Cisco12000 router. For details about this feature, see the Cisco documents at:

http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/lc_spa/spa_hw/32sy/index.htm

http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/lc_spa/spa_swcs/1232sy/index.htm

SPA-8XOC12-POS SPA Support on Cisco 12000

This release introduces the SPA-8XOC12-POS SPA support on the Cisco12000 router. For details about this feature, see the Cisco documents at:

http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/lc_spa/spa_hw/32sy/index.htm

http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/lc_spa/spa_swcs/1232sy/index.htm

SPA-4XOC3-POS-V2 SPA Support on Cisco 12000

This release introduces the SPA-4XOC3-POS-V2 SPA support on the Cisco12000 router. For details about this feature, see the Cisco documents at:

http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/lc_spa/spa_hw/32sy/index.htm

http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/lc_spa/spa_swcs/1232sy/index.htm

SPA-8XOC3-POS SPA Support on Cisco 12000

This release introduces the SPA-8XOC3-POS SPA support on the Cisco12000 router. For details about this feature, see the Cisco documents at:

http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/lc_spa/spa_hw/32sy/index.htm

http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/lc_spa/spa_swcs/1232sy/index.htm

New Software Features in Cisco IOS Release 12.0(32)SY

This section describes new and changed features in Cisco IOS Release 12.0(32)SY. Some features may be new to Cisco IOS Release 12.0(32)SY but were released in earlier Cisco IOS software releases. Some features may have been released in earlier Cisco IOS software releases and have been changed in Cisco IOS Release 12.0(32)SY. To determine if a feature is new or changed, see the feature history table at the beginning of the feature module for that feature. Links to feature modules are included below. If a feature listed below does not have a link to a feature module, that feature is documented only in the release notes, and information about whether the feature is new or changed appears in the feature description below.

BGP Multipath Load Sharing for MPLS VPN over IP Tunnels for Cisco 12000 Engine 5 Line Cards

Cisco 12000 Series Router SIP and SPA Software Configuration Guide

Configuring RTP Header Compression for Cisco 12000 Series Routers

Cos-Based Tunnel Selection on Engine 5 Line Cards

DPT (SRP) Support for the 1-port OC-192 SPA on 12000-SIP-600/601

DPT (SRP) Support for the 2-port OC-48 SPA on 12000-SIP-600/601

Hierarchical QoS for MPLS VPN over IP Tunnels for Cisco 12000 Engine 5 and Engine 3 Line Cards

Hierarchical Shaping for MPLS VPNs over IP Tunnels on the Cisco 12000 Series Internet Router

Inter-AS Hybrid for MPLS VPN over IP Tunnels

IP Header Compression

IP SLAs—LSP Health Monitor

L2TPv3 Layer 2 Packet Fragmentation

L2TPv3 Like-to-Like Native for Cisco 12000 Engine 5 Line Cards

Layer 2 Local Switching

Layer 2 Tunnel Protocol Version 3 on Cisco 12000 Engine 5 Line Cards

Layer 2 Virtual Private Network Interworking on Cisco 12000 IP Services Engine and Engine 5 Line Cards

Layer 2 Virtual Private Network Interworking

Microcode Manager for Multiservice Engine Line Cards on Cisco 12000 Series Routers

MPLS Embedded Management—LSP Ping/Traceroute for LDP

MPLS LDP Autoconfiguration

MPLS LDP—IGP Synchronization

MPLS—LDP MD5 Global Configuration

MPLS VPN—Show Running VRF

MPLS VPN Carrier Supporting Carrier Support on the Cisco 10720 Router

MPLS VPN Carrier Supporting Carrier over IP Tunnels for Cisco 12000 Engine 5 Line Cards

MPLS VPNs over IP Tunnels

Multicast-VPN—IP Multicast Support for MPLS VPNs

PXF Accelerated IPv6 Multicast for 802.17 RPR

QoS: Enhanced show Commands for Active Policies

Virtual Private LAN Service over MPLS on Cisco 12000 Series Router Line Cards

VPLS Fast Reroute

VPLS QinQ

VRF-aware PBR

BGP Multipath Load Sharing for MPLS VPN over IP Tunnels for Cisco 12000 Engine 5 Line Cards

This release introduces BGP Multipath Load Sharing for MPLS VPN over IP Tunnels support on Engine 5 shared port adapters (SPAs) and SPA Interface Processors (SIPs) on Cisco 12000 series router. For details about this feature, see the Cisco documents at the following location:

MPLS VPNs over IP Tunnels:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s30/csgl3vpn.htm

BGP Multipath Load Sharing for Both eBGP and iBGP in an MPLS-VPN:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122sx/12218sxe/fsxeibmp.htm

Cisco 12000 Series Router SIP and SPA Software Configuration Guide

This release introduces support for the following SPAs:

SPA-8X1FE-TX-V2

SPA-1X10GE-L-V2

SPA-5x1GE-V2

SPA-10X1GE-V2

SPA-2XOC12-POS

SPA-4XOC12-POS

SPA-8XOC12-POS

SPA-4XOC3-POS-V2

SPA-8XOC3-POS

For details about software configuration support for these SPAs, see the Cisco 12000 Series Router SIP and SPA Software Configuration Guide at the following location:

http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/lc_spa/spa_swcs/1232sy/index.htm

Configuring RTP Header Compression for Cisco 12000 Series Routers

This release introduces Configuring RTP Header Compression for Cisco 12000 series routers. For details about this feature, see the Cisco documents at:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120sy/120sy32/iphdcmp.htm

Cos-Based Tunnel Selection on Engine 5 Line Cards

This release introduces Cos-based Tunnel Selection (CBTS) on Engine 5 line cards. For details about this feature, see the Cisco documents at:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s29/gscbts.htm

DPT (SRP) Support for the 1-port OC-192 SPA on 12000-SIP-600/601

This release introduces DPT (SRP) Support for 1-port OC-192 SPA on 12000-SIP-600/601. For details about this feature, see the Cisco documents at:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s27/srpapsgs.htm

DPT (SRP) Support for the 2-port OC-48 SPA on 12000-SIP-600/601

This release introduces DPT (SRP) Support for the 2-port OC-48 SPA on 12000-SIP-600/601. For details about this feature, see the Cisco documents at:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s27/srpapsgs.htm

Hierarchical QoS for MPLS VPN over IP Tunnels for Cisco 12000 Engine 5 and Engine 3 Line Cards

This release introduces Hierarchical QoS for MPLS VPN over IP Tunnels for IP Services Engine (ISE) for Engine 5 and Engine 3 line cards on the Cisco 12000 series router. For details about this feature, see the Cisco documents at:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120sy/120sy32/hiershap.htm

Hierarchical Shaping for MPLS VPNs over IP Tunnels on the Cisco 12000 Series Internet Router

This release introduces Hierarchical Shaping for MPLS VPNs over IP Tunnels on the Cisco 12000 Series Internet Router. For details about this feature, see the Cisco documents at:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120sy/120sy32/hiershap.htm

Inter-AS Hybrid for MPLS VPN over IP Tunnels

This release introduces Inter-AS Hybrid for MPLS VPN over IP Tunnels support on Engine 5 shared port adapters (SPAs) and SPA Interface Processors (SIPs) on the Cisco 12000 series router. For details about this feature, see the Cisco documents at:

http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/hybrd10b.html

IP Header Compression

This release introduces IP Header Compression. For details about this feature, see the Cisco documents at:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120sy/120sy32/iphdcmp.htm

IP SLAs—LSP Health Monitor

For details about this feature, see the Cisco documents at:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124newft/124t/124t6/ht_hmon.htm

L2TPv3 Layer 2 Packet Fragmentation

For details about this feature, see the Cisco documents at the following locations:

Cisco IOS Software Configuration for the Cisco 10720 Internet Router:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s24/10720.htm

Layer 2 Tunnel Protocol Version 3:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s31/l2tpv31s.htm

L2TPv3 Like-to-Like Native for Cisco 12000 Engine 5 Line Cards

This release introduces support for customer-facing interfaces on Engine 5 shared port adapters (SPAs) and SPA Interface Processors (SIPs) on the Cisco 12000 series router. For details about this feature, see the Cisco documents at:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s27/fslocal.htm

Layer 2 Local Switching

On the Cisco 12000 series Internet router, support was added for like-to-like local switching on customer-facing interfaces on Engine 5 shared port adapters (SPAs) and SPA Interface Processors (SIPs). For details about this feature, see the Cisco documents at:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s27/fslocal.htm

Layer 2 Tunnel Protocol Version 3:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s31/l2tpv31s.htm

Layer 2 Tunnel Protocol Version 3 on Cisco 12000 Engine 5 Line Cards

On the Cisco 12000 series Internet router, support was added for Engine 5 line cards, including shared port adapters (SPAs) and SPA interface processors (SIPs). For detailed information about this feature, see the Cisco document at the following location:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s31/l2tpv31s.htm

Layer 2 Virtual Private Network Interworking on Cisco 12000 IP Services Engine and Engine 5 Line Cards

This release introduces L2TPv3 Interworking for IP Services Engine (ISE) and Engine 5 line cards on the Cisco 12000 series router. For details about this feature, see the Cisco documents at the following locations:

Layer 2 Tunnel Protocol Version 3 on Cisco 12000 Engine 5 Line Cards:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s31/l2tpv31s.htm

Layer 2 Virtual Private Network Interworking

On the Cisco 12000 series router, support was added for IP Services Engine (ISE) and Engine 5 line cards that are configured for L2TPv3 tunneling. For details about this feature, see the Cisco documents at the following location:

Layer 2 Virtual Private Network Interworking:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s26/fsinterw.htm

Layer 2 Tunnel Protocol Version 3:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s31/l2tpv31s.htm

Microcode Manager for Multiservice Engine Line Cards on Cisco 12000 Series Routers

This release introduces Microcode Manager for Multiservice Engine Line Cards on Cisco 12000 Series Routers. For details about this feature, see the Cisco documents at:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120sy/120sy32/microbun.htm

MPLS Embedded Management—LSP Ping/Traceroute for LDP

This release introduces MPLS Embedded Management—LSP Pin/Traceroute for LDP. For details about this feature, see the Cisco documents at:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124newft/124t/124t6/ht_lspng.htm

MPLS LDP Autoconfiguration

This release introduces MPLS LDP Autoconfiguration. For details about this feature, see the Cisco documents at:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s30/fsldpaut.htm

MPLS LDP—IGP Synchronization

This release introduces MPLS LDP—IGP Synchronization. For details about this feature, see the Cisco documents at:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s30/fsldpsyn.htm

MPLS—LDP MD5 Global Configuration

This release introduces MPLS—LDP MD5 Global Configuration. For details about this feature, see the Cisco documents at:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122sb/newft/122sb28/sb_md5.htm

MPLS VPN—Show Running VRF

This release introduces MPLS VPN—Show Running VRF. For details about this feature, see the Cisco documents at:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122sb/newft/122sb28/sb_svrf.htm

MPLS VPN Carrier Supporting Carrier Support on the Cisco 10720 Router

Starting in Cisco IOS Release 12.0(32)SY, the Carrier Supporting Carrier feature is supported in an MPLS VPNs over IP Tunnels configuration on the Cisco 10720 router. For details about this feature, see the Cisco documents at:

Cisco IOS Software Configuration for the Cisco 10720 Internet Router:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s24/10720.htm

MPLS VPNs over IP Tunnels:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s30/csgl3vpn.htm

MPLS VPN Carrier Supporting Carrier over IP Tunnels for Cisco 12000 Engine 5 Line Cards

This release introduces support for the MPLS VPN Carrier Supporting Carrier over IP Tunnels feature on Engine 5 line cards, including shared port adapters (SPAs) and SPA Interface Processors (SIPs), on the Cisco 12000 series router. For details about this feature, see the Cisco documents at:

http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/hybrd10b.html

MPLS VPNs over IP Tunnels

This release introduces MPLS VPNs over IP Tunnels support for Engine 5 shared port adapters (SPAs) and SPA Interface Processors (SIPs) on the Cisco 12000 series router. For details about this feature, see the Cisco documents at:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s30/csgl3vpn.htm

Multicast-VPN—IP Multicast Support for MPLS VPNs

This release introduces the Multicast-VPN—IP Multicast Support for MPLS VPNs feature on Engine 5 shared port adapters (SPAs) and SPA Interface Processors (SIPs) on the Cisco 12000 series router. This feature allows a service provider to configure and support multicast traffic in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment. For details about this feature, see the Cisco documents at:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fs_mvpn.htm

PXF Accelerated IPv6 Multicast for 802.17 RPR

This release introduces support for PXF Accelerated IPv6 Multicast on the Dual Mode IEEE 802.17 RPR/SRP uplink card in SRP and RPR-IEEE mode on the Cisco 10720 internet router. For details about this feature, see the Cisco documents at:

Cisco IOS Software Configuration for the Cisco 10720 Internet Router:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s24/10720.htm

QoS: Enhanced show Commands for Active Policies

This release introduces support for the QoS: Enhanced Show Commands for Active Policies feature on Engine 5 shared port adapters (SPAs) and SPA Interface Processors (SIPs) on the Cisco 12000 series router. For details about this feature, see the Cisco documents at:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122sb/newft/122sb28/sb_acpm.htm

Virtual Private LAN Service over MPLS on Cisco 12000 Series Router Line Cards

This release introduces Virtual Private LAN Service (VPLS) over MPLS on edge facing Engine 5 shared port adapters (SPAs) and SPA Interface Processors (SIPs) on the Cisco 12000 series router. For details about this feature, see the Cisco documents at:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s32/vpls_qos.htm

VPLS Fast Reroute

This release introduces the VPLS Fast Reroute feature. For details about this feature, see the Cisco documents at the following location:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s32/vpls_qos.htm

VPLS QinQ

This release introduces support for 802.1ad (QinQ) on VPLS for version 2 Engine 5 shared port adapters (SPAs) and SPA Interface Processors (SIPs) on the Cisco 12000 series router. For details about this feature, see the Cisco documents at:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s32/vpls_qos.htm

VRF-aware PBR

This release introduces the VRF-aware PBR (Policy-Based Routing) feature on IP Services Engine (ISE) and Engine 5 line cards. A VRF is an IOS route table instance for connecting a set of sites to a VPN service. This feature adds the ability to configure Policy-Based Routing on a VPN routing/forwarding instance.

For a detailed description of Policy-Based Routing, see the Cisco documents at:

https://www.cisco.com/en/US/docs/ios/12_1/qos/configuration/guide/qcdpbr.html

For a details on configuring Policy-Based Routing, see the Cisco documents at:

https://www.cisco.com/en/US/docs/ios/12_1/qos/configuration/guide/qcdpbr.html

MIBs

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at:

http://tools.cisco.com/ITDIT/MIBS/servlet/index

If Cisco MIB Locator does not support the MIB information that you need, you can also obtain a list of supported MIBs and download MIBs from the Cisco MIBs page at:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at:

http://tools.cisco.com/RPF/register/register.do

Limitations and Restrictions

The following sections contain information about limitations and restriction in Cisco IOS Release 12.0(32)SY that can apply to the Cisco 10720 series routers and Cisco 12000 platform.

Important Notes

The following sections contain important notes about Cisco IOS Release 12.0S that can apply to the Cisco 10720 series routers and Cisco 12000 platform.

Deferrals

Cisco IOS software images are subject to deferral. We recommend that you view the deferral notices at the following location to determine if your software release is affected:

http://www.cisco.com/kobayashi/sw-center/sw-ios-advisories.shtml

Field Notices and Bulletins

For general information about the types of documents listed in this section, see the following document:

http://www.cisco.com/warp/public/cc/general/bulletin/software/general/index.shtml

Field Notices—We recommend that you view the field notices for this release to see if your software or hardware platforms are affected. If you have an account with Cisco.com, you can find field notices at http://www.cisco.com/warp/customer/tech_tips/index/fn.html. If you do not have a Cisco.com login account, you can find field notices at http://www.cisco.com/warp/public/tech_tips/index/fn.html.

Product Bulletins—If you have an account with Cisco.com, you can find product bulletins at http://www.cisco.com/warp/customer/cc/general/bulletin/index.shtml. If you do not have a Cisco.com login account, you can find product bulletins at http://www.cisco.com/warp/public/cc/general/bulletin/iosw/index.shtml.

What's Hot in Software Center—What's Hot in Software Center provides information about caveats that are related to deferred software images. If you have an account on Cisco.com, you can access What's Hot in Software Center at http://www.cisco.com/kobayashi/sw-center or by logging in and selecting Technical Support: Software Center: Cisco IOS Software: What's Hot in Software Center.

What's New for IOS—What's New for IOS lists recently posted Cisco IOS software releases and software releases that have been removed from Cisco.com. If you have an account on Cisco.com, you can access What's New for IOS at http://www.cisco.com/kobayashi/sw-center/sw-ios.shtml or by logging in to Cisco.com and selecting Technical Support: Software Center: Products and Downloads: Cisco IOS Software.

Important Notes for Cisco IOS Release 12.0(32)SY9

This section describes important issues that you should be aware of for Cisco IOS Release 12.0(32)SY9.

The bgp default ipv6-nexthop Command

The bgp default ipv6-nexthop command has been introduced in Cisco IOS Release 12.0(32)SY9. This command enables BGP to choose the IPv6 next hop automatically for IPv6 address family prefixes. This command is enabled by default and is not shown in the running configuration. Use the no bgp default ipv6-nexthop command to disable automatic next-hop selection in situations when IPv6 next-hop selection is configured to propagate over IPv4 sessions. For more information about this new command, see the Cisco IOS IPv6 Command Reference at:

http://www.cisco.com/en/US/docs/ios/ipv6/command/reference/ipv6_01.html

Caveats

Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious. Severity 3 caveats are moderate caveats, and only select severity 3 caveats are included in this section.

Because Cisco IOS Release 12.0(32)SY is based on Cisco IOS Release 12.0S, many caveats that apply to Cisco IOS Release 12.0S also apply to Cisco IOS Release 12.0(32)SY. For information on severity 1 and 2 caveats in Cisco IOS Release 12.0(32)SY, see the caveat parts of the Cross-Platform Release Notes for Cisco IOS Release 12.0S document located on Cisco.com.

In this section, the following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.


Note If you have an account on Cisco.com, you can also use the Bug Toolkit to find select caveats of any severity. To reach the Bug Toolkit, log in to Cisco.com and click Technical Support & Documentation > Tools & Resources > Bug Toolkit (listed under Troubleshooting). Another option is to go to http://www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl. (If the defect that you have requested cannot be displayed, this may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect is marked Cisco Confidential.)


This section consists of the following subsections:


Release 12.0(32)SY and Its Rebuilds

Resolved Caveats—Cisco IOS Release 12.0(32)SY16

Resolved Caveats—Cisco IOS Release 12.0(32)SY15

Resolved Caveats—Cisco IOS Release 12.0(32)SY14

Resolved Caveats—Cisco IOS Release 12.0(32)SY13

Resolved Caveats—Cisco IOS Release 12.0(32)SY12

Resolved Caveats—Cisco IOS Release 12.0(32)SY11

Resolved Caveats—Cisco IOS Release 12.0(32)SY10

Resolved Caveats—Cisco IOS Release 12.0(32)SY9b

Resolved Caveats—Cisco IOS Release 12.0(32)SY9a

Resolved Caveats—Cisco IOS Release 12.0(32)SY9

Resolved Caveats—Cisco IOS Release 12.0(32)SY8

Resolved Caveats—Cisco IOS Release 12.0(32)SY7

Resolved Caveats—Cisco IOS Release 12.0(32)SY6

Resolved Caveats—Cisco IOS Release 12.0(32)SY5

Resolved Caveats—Cisco IOS Release 12.0(32)SY4

Resolved Caveats—Cisco IOS Release 12.0(32)SY3

Resolved Caveats—Cisco IOS Release 12.0(32)SY2

Resolved Caveats—Cisco IOS Release 12.0(32)SY1

Open Caveats—Cisco IOS Release 12.0(32)SY


Resolved Caveats—Cisco IOS Release 12.0(32)SY16

Cisco IOS Release 12.0(32)SY16 is a rebuild release for Cisco IOS Release 12.0(32)SY. The caveats in this section are resolved in Cisco IOS Release 12.0(32)SY16 but may be open in previous Cisco IOS releases.

CSCsj82324

Symptoms: This is a modification on the product to adopt new secure code best practices to enhance the security posture and resiliency of the product.

Conditions: This symptom is seen when the device is configured with default configuration.

Workaround: There is no workaround.

PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 2.6/1.9: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C

No CVE ID has been assigned to this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

CSCsk70446

Symptoms: Cisco IOS software emits the TACORRUPTION-1-DATAINCONSISTENCY error message whenever it detects an inconsistency in its internal data structures.

A traceback appears after the error message. This traceback is encountered with long URLs.

Conditions: The conditions under which these symptoms occur are unknown.

Workaround: There is no workaround.

Further Problem Description: It is important to note that this error message does not imply that packet data is corrupted. However, it does provide an early indicator of other conditions that can eventually lead to poor system performance or a Cisco IOS restart.

CSCtl59814

Symptoms: Kerberos/Encrypted Telnet code needs to be improved. There is a potential buffer overflow condition in the code. There is no proof of an attack vector/exploit. However, the code needs to be improved.

Conditions: Cisco IOS device configured for Kerberos/Encrypted Telnet access.

Workaround: There is no workaround.

PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5.4/4.1: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:H/Au:N/C:N/I:N/A:C/E:U/RL:U/RC:UC

No CVE ID has been assigned to this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

CSCtw53776

Symptoms: A Cisco 12000 line card crashes when NetFlow version 1 is configured on the router.

Conditions: The crash occurs if the ip flow export x.x.x.x port command is used instead of the ip flow export destination x.x.x.x port command.

Workaround: Configure NetFlow version 5 or version 9.

CSCty77445

Symptoms: The SPA-2X1GE-V2 interface is in down/down status on RJ45 connection after moving the cable from RJ45 to SFP and back to RJ45 (SFP removed at the end).

Conditions: This symptom is observed when following these steps:

1. Make the interface up in RJ-45 mode (configure interface to RJ-45 mode with "media rj45" and you may also need to reboot the router without the SFP installed, if it is already in faulty condition).

2. Have the transceiver inserted into the corresponding SFP port and move the cable to the SFP.

3. Now, remove the transceiver and the cable together. Then move the cable to the RJ-45 port and that should trigger the problem. Port will not come up. Make sure that before you insert the cable into the RJ-45 port, the transceiver should be removed from the corresponding SFP port.

Workaround:

1. Use the SFP port.

2. Reload the router.

CSCud28759

Symptoms: SPA crash is seen when invoking spa_choc_dsx_cleanup_atlas_ci_config with no data packed.

Conditions: This symptom is observed when the packed data size should be 1 and the status should be success.

Workaround: There is no workaround.

CSCud28937

Symptoms: Two issues are observed:

1. Fasttag rewrite is not updated with new label after a route flap.

2. There are 2 load-shared paths and when one of the paths (say path2) goes down, the fasttag rewrite is not being set using path1. The clear ip route affected prefix command is needed to set the fasttag rewrite. Now if the path2 comes up, fasttag rewrite is not removed until you do a clear ip route affected prefix command.

Conditions: These symptoms are seen under the following conditions:

1. For the first issue, a Cisco 12000 series router connected to a non- cisco device, which will send a new MPLS label to the Cisco 12000 series router after each session flap.

2. For the second issue, there should be two load-shared MPLS paths for a recursive destination prefix.

For both cases, the prefix should be a recursive prefix.

Workaround: Use the clear ip route affected prefix command for both issues.

CSCue51713

Symptoms: Prefix changes its path from iBGP to eBGP.

Conditions: This symptom occurs when the same prefix is learned through two paths, iBGP and eBGP.

Workaround: Use the clear ip route affected prefix command.

Resolved Caveats—Cisco IOS Release 12.0(32)SY15

Cisco IOS Release 12.0(32)SY15 is a rebuild release for Cisco IOS Release 12.0(32)SY. The caveats in this section are resolved in Cisco IOS Release 12.0(32)SY15 but may be open in previous Cisco IOS releases.

CSCed68723

Symptoms: Packets that are destined for an MPLS VPN may not reach their destination. The output of the show ip cef vrf vrf-name detail command may show the following tag information:

10.0.0.0/16, version 437, epoch 0, cached adjacency to POS4/0
0 packets, 0 bytes
  Flow: AS 0, mask 16
  tag information set, all rewrites inherited <---------
    local tag: assigned-when-resolved-later <---------
  via 10.1.1.1, 0, 0 dependencies, recursive
    next hop 10.2.2.2, POS4/0 via 10.1.1.1/32
    valid cached adjacency

Conditions: This symptom is observed on a Cisco router that is configured for MPLS VPN forwarding and CEF.

Workaround: Clear the affected route by entering the clear ip route vrf vrf-name network mask command.

CSCsa49922

Symptoms: When an EIGRP internal route goes down, it may remain in the routing table though it is deleted from the EIGRP topology table.

Conditions: This symptom may happen when a router has EIGRP internal route and external route as Successor and Feasible Successor respectively for the same network and then the internal route goes down.

Workaround: Use either internal or external for the same network.

CSCso20649

A Cisco 12000 series router that is running Cisco IOS Release 12.0(32)S6r as an MPLS-VPN-PE router might have labels on the RP that have not been downloaded to the linecards. When a packet is received with a label that the linecard does not know about, the linecard will the packets.

Below is an example of the problem:

Router# show mpls forwarding-table vrf 1:28886
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
6243 Untagged 0.0.0.0/0[V] 1464 Mu17128 point2point
6244 Untagged 172.16.1.0/24[V] 44121215 Mu17128 point2point

Router# execute-on slot 15 show mpls forwarding-table vrf 1:28886
========= Line Card (Slot 15) =========

Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
6244 Untagged 172.16.1.0/24[V] 0 Mu17128 point2point

The above commands show that label for the 0.0.0.0/0 route is missing on the linecard.

Workaround: Remove and re-install the route; this will cause a new label to be allocated and downloaded to the linecard.

CSCso88138

Symptoms: When there is a link flap or a reload, RSVP shows that the interface is down while actually the interface is up. Because of this, the tunnel may take a backup path even when the interface is up.

Conditions: Unknown at this time.

Workaround: Perform a shut/no shut on the interface.

CSCsv73754

Symptoms: A router crashes during VRF configuration. A traceback decode points to a function bgp_vpn_impq_add_vrfs_cfg_changes.

Conditions: The symptom is observed while unconfiguring VRFs. It is most likely to be seen when 100 VRFs or more are unconfigured.

Workaround: There is no workaround.

CSCsz70537

BFD goes down after applying service-policy.

CSCtc90579

Symptoms: Router crashes due to memory corruption during MPLS TE auto backup tunnel deletion.

Conditions: Caused by topology changes triggering backup tunnel deletion and RSVP hello mechanism.

Workaround: Globally, disable RSVP hello and enable BFD hello:

Router(config)# no ip rsvp signalling hello  
Router(config)# ip rsvp signalling hello bfd  
Per MPLS TE enabled interface:  
Router(config-if)# no ip rsvp signalling hello  
Router(config-if)# ip rsvp signalling hello bfd 
 
   

CSCte80997

Symptoms: When a linecard is reloaded, the LFIB entries do not match the RP CEF entries. Reloading the linecard and clearing CEF and CEF adjacencies on the linecard do not clear the problem.

Conditions: eiBGP enabled so the routes are learned through an iBGP path and an eBGP path, multipath, CEF enabled.

Workaround: Add static default routes, one via the directly connected CE router with outgoing information as eBGP path and the other for the remote CE router with outgoing information as iBGP path.

CSCtg72961

Symptoms: A Cisco 12000 router may retain the old label for a VPNv4 route when the primary route has disappeared.

Conditions: You also need to have the ip cef table loadinfo force command configured on the router.

Workaround: Clear the affected route to recover from the problem.

CSCth51102

Symptoms: Primary PRP crashed with the following trace:

06:30:41 UTC Fri Jun 4 2010: Unexpected exception to CPUvector 700, PC = 2F7EB4

-Traceback= 2F7EB4 51214B0 2DA970 2DB098 2D2D04 10B7968 12E78C 17AB48 17AD60 17B474 289A2C 243640 256D28 256F7C 444EF8 51E0E0

Conditions: Problem is seen after upgrading to SY11 code. This issue is seen only when standby RP is reloaded more than 10 times with same active is the up. That is, active maintains array of 10 element, every time standby reloaded active uses next new entry. Hence, when it reloads successively 11 times as above with same active being up (without any reload), causes active to go beyond the array boundary as boundary check missing in the code.

Workaround: There is no workaround.

CSCti55312

Symptoms: When multilink interfaces (connected to CE device) are flapped on a Cisco 12000, the Cisco 12000 hardware does not set the HW adjacency correctly. It happens because LDP assigns imp-null instead of a real local label after multilink comes up.

Conditions: Static route pointing to multilink interfaces.

Workaround: Force LDP to assign a real local label instead of an imp-null after multilink comes up with shut/no shut on affected multilink interface.

Further Problem Description: Hardware CEF adjacency is NULL at ingress LC, for few static route prefixes going through multilink interfaces. It seems to occur when LDP does not assign a real label for a prefix, but this is a coincidence, not the root cause of the HW IP entry being NULL.

CSCtj66485

Symptoms: Asymmetric carrier delay (ACD) does not work appropriately. It happens the additional delay more than the configured value.

Conditions: This problem happens Down and Up of ACD. The trigger is cable OIR and shut/no shut of neighbor router. This does not seem Conventional Carrier Delay.

Workaround: None.

Recovery: None.

CSCtk13378

Symptoms: High CPU utilization is experienced by the "CEF LC IPC Backg" process on the E5 card.

Conditions: When there are multiple loadbalancing paths and a "cef clear linecard" command is issued on the peer router or a shut/no shut is performed on one interface of this router, high CPU utilization occurs from the CEF process.

Workaround: There is no workaround.

CSCtl82483

Symptoms: When we have a parent policy-map on main interface with "match vlan" and have subinterfaces with IPv6 traffic, then after shut and no shut of the main interface the QOS for IPv6 traffic stops working.

Conditions: Using "match vlan" with the parent policy.

Workaround: Remove and reapply the policy map on main interface.

Also, if you enable "debug eelc qos" debug on LC, the problem goes away.

CSCtn58005

Symptoms: The prefix-list does not filter local routes configured in the L1-L2 domain.

Conditions: The symptom is observed on a router running IPv6 ISIS L1-L2 domain and when L1 routes are redistributed into L2 routes.

Workaround: There is no workaround.

CSCtq97113

Symptoms: High CPU utilization is observed on the linecard with the "CEF LC IPC Backg" process. It is followed by memory depletion in the RP, which results in the FIB being disabled.

Conditions: This symptom is observed when multipath load balancing is configured in the core network and these paths keep flapping.

Workaround: Stop the path flaps in the core network.

CSCtr28857

A vulnerability in the Multicast Source Discovery Protocol (MSDP) implementation of Cisco IOS Software and Cisco IOS XE Software could allow a remote, unauthenticated attacker to cause a reload of an affected device. Repeated attempts to exploit this vulnerability could result in a sustained denial of service (DoS) condition.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-msdp

CSCtr79205

Symptoms: The following error message is displayed ENV_MON-2-VOLTAGE: Card 1.8v supply (slot 20) volts has reached WARNING level at 1892 m(V).

Conditions: Warning messages displaying when the envmon voltage exceeds 1.89V.

Workaround: There is no workaround.

CSCtr88610

Symptoms: Five Cisco 12000 series Internet routers have similar problems. Few free buffers are seen in the Tofab Q, and linecard fish_status stuck or ToFab Q stuck is seen. The E5 card crashes due to a ToFab FIA FIFO overflow.

SLOT 2:Aug 10 15:17:19.984 PRC: %FIA-3-FIFOERRS: To Fabric FIFO Error was detected. Cell FIFO Overflow, Data = 0x400, 0x2, 0x0, 0x0. SLOT 2:Aug 10 15:17:19.984 PRC: TFIA is halted. Waiting for RP to initiate recovery 044884: Aug 10 15:17:22.202 PRC: %FABRIC-3-ERR_HANDLE: Due to FIA HALT error, reconfigure FIA on slot 2

Conditions: On E5 cards with oversubscribed traffic to an egress linecard.

Workaround: Change the FIA FIFO threshold value to 33 from default value of 37.

Attach<Failed slot #>

test write 2 11400020 0x21 test write 2 11400022 0x21
test write 2 11400024 0x21 test write 2 11400026 0x21
test write 2 11400028 0x21 test write 2 1140002A 0x21
test write 2 1140002C 0x21 test write 2 1140002E 0x21
test write 2 11400030 0x21 test write 2 11400032 0x21
test write 2 11400034 0x21 test write 2 11400036 0x21
test write 2 11400038 0x21 test write 2 1140003A 0x21
test write 2 1140003C 0x21 test write 2 1140003E 0x21

CSCtr98532

Symptoms: A Cisco 12000 series router that is running a Cisco IOS 12.0(32) SY6 image or later and that has an Engine 5 linecard and channelized SPAs might occasionally see a spurious SPA reload or linecard reload.

Conditions: This issue is seen only with channelized SPAs (1xCHOC3, 4xCT3, or 8xCHT1/E1) and when the Control Plane Policing feature is configured. If the CoPP configuration is configured to examine Layer 4 headers (for example, TCP, UDP, or ICMP), the issue might be seen. The issue is seen along with the L3VPN over IP feature.

Workaround: There is no workaround. The issue is very random in nature and is dependent on network configuration.

CSCtt10671

Symptoms: At the customer site, it was seen that the 4-slot Cisco 12000 series router chassis displayed that the power was not sufficient to support three SIPs.

Conditions: Occurs whenever the Cisco 12000 series router power manager is enabled.

Workaround: There is no workaround.

CSCtw61050

Symptoms: Ping with large packet size failed.

Conditions: When there is more than seven buffer pools.

Workaround: Configure carve-level default or reduce the set of MTUs so that none of pools is reduced.

CSCtx36490

Symptoms: There is a stuck stale nexthop 0.0.0.0 for routes that are redistributed into EIGRP from BGP. This stale nexthop gets promoted to the top of the EIGRP topology table upon a route/router flap. This will result in a redistribution loop in the RIB.

Conditions: The redistribution loop in the RIB causes the route to be continuously installed in the RIB from BGP and EIGRP, resulting in a high number of CEF updates. This high number of CEF updates results in the RP running out of memory due to CSCtq97113.

Workaround: Clear out the stale nexthop 0.0.0.0 from the EIGRP topology table by issuing the "clear ip eigrp [vrf <vrf-name>] <AS-number> topology <prefix> <mask>" command.

In a PE-CE environment, if there is a peering between two PEs that are learning the prefix from the same CE site, the stale nexthop 0.0.0.0 could get promoted in the EIGRP topology table upon a route flap. This could, in turn, trigger the looping. To avoid this, you may remove any such redundant peering.

A detailed explanation of this workaround is provided in the enclosure "explanation of workaround".

CSCtx63661

Symptoms: When configure "isis metric xxx" (xxx > 63) before "ip router isis ...", this command "isis metric xxx" will not be synced to standby RP.

Conditions:

1. xxx > 63

2. Command sequence is "isis metric xxx" and then "ip router isis ..."

Workaround: Always configure "isis metric xxx" after "ip router isis ..."

Resolved Caveats—Cisco IOS Release 12.0(32)SY14

Cisco IOS Release 12.0(32)SY14 is a rebuild release for Cisco IOS Release 12.0(32)SY. The caveats in this section are resolved in Cisco IOS Release 12.0(32)SY14 but may be open in previous Cisco IOS releases.

CSCtf14397

Symptoms: When "bgp send-label" is used along with LDP along the path, the label information for a prefix learned via iBGP multipath is not updated in the FIB and LFIB table after the route flaps. This happens intermittently.

Conditions: This symptom occurs when "bgp send-label" is used with LDP along the path.

Workaround: Use the clear ip route x.x.x.x command for the prefix in question.

CSCtn51121

Symptoms: ATOM traffic is being punted after error recovery.

Conditions: This symptom is observed when ATOM services are configured, and error recovery is due to some interrupts.

Workaround: There is no workaround.

CSCtq33005

Symptoms: When BFD goes down on a Cisco 12000 series router that is running Cisco IOS Release 12.0S, BGP may not tear the session down until the hold timer expires.

Conditions: This problem is seen on a subinterface that has been deleted and re-added.

Workaround: Create a new, unused subinterface and move the BFD session to the subinterface.

CSCtq33480

Symptoms: New link bundling entries may stop forwarding traffic.

Conditions: This symptom is seen with CEF link bundling entries on Engine 3 line card. The entries appear corrupted.

Workaround: Reload line card.

Resolved Caveats—Cisco IOS Release 12.0(32)SY13

Cisco IOS Release 12.0(32)SY13 is a rebuild release for Cisco IOS Release 12.0(32)SY. The caveats in this section are resolved in Cisco IOS Release 12.0(32)SY13 but may be open in previous Cisco IOS releases.

CSCsy73123

Symptoms: A connected route on a port-channel subinterface is not removed when the port channel is down.

Conditions: This symptom occurs when using a /22 subnet; it does not occur when using a /24 subnet.

Workaround: There is no workaround.

CSCtc72553

Symptoms: An E5 linecard on a Cisco 12000 crashes.

Conditions: This symptom occurs with high traffic on OC48, E5, and possibly corrupt packets (MPLS packets without an MPLS label) received on the linecard.

The logs show the following:

Sep 30 01:41:01.958 PRC: %MBUS_SYS-3-NOBUFFER: Message from slot 1 in stream 1 dropped Sep 30 01:41:02.062 PRC: %FIB-2-FIBDISABLE: Fatal error, slot 1: IPC Failure: timeout Sep 30 01:41:02.062 PRC: %RP-4-RSTSLOT: Resetting the card in the slot: 1,Event: CEF failure

Workaround: There is no workaround.

Further Problem Description: The crash is seen on E5 OC48. Forwarding engine error interrupts are observed.

There is a basic configuration on the interface; a plain IPv4 configuration without MPLS.

CSCth75212

Symptoms: On a Cisco 12000, the if_number of a deleted subinterface is the same as that of an active and working interface.

Conditions: This symptom occurs in Cisco IOS Release 12.0S on the Cisco 12000 after deleting an interface, creating a new subinterface, and performing a PRP switchover.

Workaround: There is no workaround.

CSCti08185

Symptoms: WRED Min and Max threshold values appear as "0" in "show policy-map interface" output on an RP.

Conditions:

1. There are many multilink interfaces on a Cisco 12000 node bearing policies that have class maps sharing the same WRED min/max threshold configuration.

2. The multilink interfaces must have multiple members (the more members, the more the probability to hit the issue).

3. There must be a series of member addition/deletion events at the same time, such as during a reload.

4. The order in which the interfaces (the members of these multilink interfaces) come up also plays a role in hitting the issue.

Workaround:

1. Remove and re-apply the service policy (this will surely resolve the issue; however this is more of a recovery procedure).

2. Perform a shut/no shut on the interface (again, a recovery procedure; traffic impacting as well).

3. Before the upgrade, you can identify the policy (with the WRED configuration) that is attached to more than one multilink interface (with more than one member link). Remove that policy from the interface and apply it back after the upgrade after all member links of the interface have come up.

CSCti25339

Symptoms: Cisco IOS device may experience a device reload.

Conditions: This issue occurs when the Cisco IOS device is configured for SNMP and receives certain SNMP packets from an authenticated user. Successful exploitation causes the affected device to reload. This vulnerability could be exploited repeatedly to cause an extended DoS condition.

Workaround: There is no workaround.

PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.8/5.6:

https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:S/C:N/I:N/A:C/E:F/RL:OF/RC:C

CVE ID CVE-2010-3050 has been assigned to document this issue.

Additional information on Cisco's security vulnerability policy can be found at the following URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

CSCtj57910

Symptoms: A serial interface on a Cisco 12000 is Up/Down after a PRP switchover.

Conditions: This symptom can occur after a PRP switchover. Any Layer 2 encapsulation type (PPP, Frame Relay, and HDLC) is affected.

Workaround: Delete the interface (no channel-group) and recreate the interface (channel-group).

CSCtk13378

Symptoms: High CPU utilization is experienced by the "CEF LC IPC Backg" process on the E5 card.

Conditions: When there are multiple load-balancing paths and a "cef clear linecard" command is issued on the peer router or a shut/no shut is performed on one interface of this router, high CPU utilization occurs from the CEF process.

Workaround: There is no workaround.

CSCtl04159

Symptoms: A BGP route map that is using a prefix list is not filtering outbound routes.

Conditions: A route map with a next hop and prefix list does not work.

Workaround: There is no workaround. You can use an access list if required.

Resolved Caveats—Cisco IOS Release 12.0(32)SY12

Cisco IOS Release 12.0(32)SY12 is a rebuild release for Cisco IOS Release 12.0(32)SY. The caveats in this section are resolved in Cisco IOS Release 12.0(32)SY12 but may be open in previous Cisco IOS releases.

CSCsr27794

Symptoms: BGP does not generate updates for certain peers.

Conditions: BGP peers show a neighbor version of 0 and their update groups as converged. Out queues for BGP peers are not getting flushed if they have connection resets.

Workaround: There is no workaround other than entering the clear ip bgp * command.

CSCsv22754

Symptoms: The default originate route is not getting withdrawn when a peer template is used on a neighbor.

Conditions: Configure default-originate in the peer template (say ptemp) and apply it on the neighbor; then the default route will be advertised to the neighbor. But when you remove this configuration on ptemp, the route will not be withdrawn.

Workaround: Enter the following command:

clear ip bgp * soft in

CSCsy58115

Symptoms: In a router that is running BGP, the BGP process may hold increased amounts of memory over time without freeing any memory. This symptom may also be seen in the output of the show proc mem sort command and in the output of the show ip bgp sum or show ip bgp vpnv4 all sum commands and by looking at the number of BGP attributes, which may be increasing over time in relation to the BGP prefixes and paths, which may remain roughly the same.

Conditions: Some BGP neighbors are not in an established state and are not exchanging prefixes.

Workaround: Remove the configuration lines related to the inactive neighbors (neighbors in the Idle or Active states).

CSCtg41086

Symptoms: A customer observed multiple errors on the E1 on the Cisco 7206 side, which caused the interface to bounce continuously. The customer created a test VC on the Cisco 12000 series SPA and measured its clocking in comparison to the ethalon. The difference was with an accuracy of 10^-3 and should be at least 10^-6.

Further tests showed that the E1 on the Cisco 12000 series takes clocking from the SPA card, although it should take clocking from the SIP linecard backplane.

Conditions: This symptom is observed on a Cisco 12000 series with a SPA-1XCHSTM1/OC3 that is used for channelized E1.

Workaround: Turn synchronization around for the other side to be the clocking source.

CSCth59276

Symptoms: Upon bouncing the v6 policy map on the interface with the match criteria as ipv6 protocol, sometimes the output of the show policy-map int Serial10/0/0/2:0 output command shows Queue Limit 0.

Conditions: Bounce the v6 policy map on the interface.

Workaround: There is no workaround.

CSCth90331

Symptoms: Interface flaps on an ISE ATM linecard that is running Cisco IOS Release 12.0(32)SY11 will cause a leak in the encap table (show gsr ha encap-table slot3 for that linecard, and the encap table will fill up). When that happens, any interface that flaps or is bounced will not be able to pass outbound traffic.

To see the encap table, issue the show gsr ha encap-table slot# command. If the table is full, every entry will be FFFFFFFF.

SNIP....
09BC9E60: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF ................
09BC9E70: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF ................
09BC9E80: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF ................
09BC9E90: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF ................
09BC9EA0: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF ................
09BC9EB0: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF ................
09BC9EC0: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF ................
09BC9ED0: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF ................
09BC9EE0: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF ................
09BC9EF0: FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF ................

Workaround: Stop any excessive interface flapping to prevent the encap table from filling up. If it is full, a microcode reload of the affected linecard will clear the table.

Resolved Caveats—Cisco IOS Release 12.0(32)SY11

Cisco IOS Release 12.0(32)SY11 is a rebuild release for Cisco IOS Release 12.0(32)SY. The caveats in this section are resolved in Cisco IOS Release 12.0(32)SY11 but may be open in previous Cisco IOS releases.

CSCsd47863

Symptoms: Summary Refresh messages are not sent downstream; consequently, the downstream router notices missing refreshes, and, after some time, the tunnel goes down.

Conditions: This symptom is observed when there is an alternate FRR path and it becomes active. The router that has refresh reduction enabled creates the problem. The command that creates the problem is:

ip rsvp signalling refresh reduction

Workaround: Disable Refresh Reduction on the router using the following command:

no ip rsvp signalling refresh reduction

Further Problem Description: When an incoming interface on a router is shut down, FRR is triggered, and tunnels takes another path.

Now the Path messages on this router come via a different incoming interface. This router had ip rsvp signalling refresh reduction enabled.

We can now see the that this router stops sending Refresh reduction messages downstream. After some time, the downstream router will say that it has missed the refreshes and then after some time (around 5 minutes), the tunnel will be down.

CSCsd95545

Symptoms: Long unconfiguration times are seen for very large QoS configurations (in excess of 40,000 policy maps).

Conditions: This symptom is observed with very large QoS configurations (in excess of 40,000 policy maps).

Workaround: There is no workaround.

CSCsj56281

Symptoms: Inherit peer policy does not work.

Conditions: This symptom is observed after a router reload.

Workaround: There is no workaround.

CSCsk35688

Symptoms: Aggregate routes are not processed if all aggregated child routes are deleted prematurely.

Conditions: The symptom is observed when all aggregated child routes are marked for deletion and the periodic function which processes the routes to be deleted deletes the route before the aggregate processing function gets a chance to process them and the aggregate route to which they belong.

Workaround: Configuring "bgp aggregate-timer" to 0 or the lowest value would considerably reduce the chances of hitting this problem. In case this problem does occur, in order to delete the stale aggregate route, configure a temporary local BGP route (say, redistribute a static route or network a loopback) with its address being a subnet of the stale aggregate address and then remove the aggregate address and the added route. This should delete the route from table and send withdraws to the other routes also.

Further Problem Description: The periodic function is by default called at 60-second intervals. The aggregate processing is normally done based on the CPU load. If there is no CPU load, then the aggregate processing function would be triggered within one second. As the CPU load increases, this function call will be triggered at higher intervals and if the CPU load is very high it could go as high as the maximum aggregate timer value configured via command. By default, this maximum value is 30 seconds and is configurable with a range of 6 to 60 seconds and in some trains 0. So, if default values are configured, then as the CPU load increases, the chances of hitting this defect is higher.

CSCsk61790

Symptoms: Syslog displays password when copying the configuration via FTP.

Conditions: This symptom occurs when copying via FTP. The Syslog message displays the password given by the user as part of syntax of FTP copy.

Workaround: There is no workaround.

CSCsq63070

Symptoms: The link local next-hop address is not included in the BGP update message.

Conditions: Origin AS of affected prefix is not the AS that an update message sending router belongs to.

Workaround: There is no workaround.

CSCsu24425

Symptoms: The standby RP can crash upon bootup.

Conditions: This symptom is observed under the following conditions:

1. "clock timezone .." is configured.

2. config-register = 0x2142.

3. The router is running Cisco IOS Release 12.0S based code.

Workaround: Use config-register 0x2102 and unconfigure the clock timezone.

CSCsu96698

Symptoms: More specific routes are advertised and withdrawn later even if config aggregate-address net mask summary-only is configured. The BGP table shows the specific prefixes as suppressed with s>.

Conditions: This symptom occurs only with very large configurations.

Workaround: Configure a distribute-list in the BGP process that denies all of the aggregation child routes.

CSCsv89643

Symptoms: If an Ethernet interface is configured as an Open Shortest Path First (OSPF) point-to-point network, then adjacency is being established using only multicast packets. As a result, routes calculated over the link do not have MAC address of next-hop's IP resolved prior to routes being installed into the routing table.

This leads to a delay for routes to become usable as lower-level protocols have to trigger MAC resolution. During a short period of time, traffic that is sent over the interface is lost when routes are just installed for the first time.

Conditions: This symptom is observed when an Ethernet interface is configured for OSPF point-to-point.

Workaround: The problem will self-correct because passing traffic triggers MAC address resolution.

CSCsy83266

Symptoms: When a large-scale police configuration applies (for example, two-level policy map, 200 (parent class) x 15 (child class) = 3000 policers), a router experiences a CPU hog or crashes when doing snmpwalk.

Conditions: This symptom is observed when a large-scale police configuration applies (for example, two-level policy map, 200 (parent class) x 15 (child class) = 3000 policers).

Workaround: There is no workaround for walking the table. To get a specific entry, use snmpget.

CSCsz12469

Symptoms: It was observed on a Cisco 12816 router that was running Cisco IOS Release 12.0(32)S6r that some linecard would not fully load to STRTIOS. Some slot would not completely boot a linecard, which would be stuck in WAITTRY.

Conditions: The following can be can be observed in the log when this symptom occurs on slot 11:

%MBUS_SYS-3-NOBUFFER: Message from slot 11 in stream 1 dropped

%PRP-3-CHP_DESCQ_FULL: Chopper desc queue 11 full - enq 3383072 deq 3382050 blog 1022

-Traceback= 2044B0 2045B8 534840 535218 5353A4 351284 351350 5F6BE8 60AD34 5FA7D0 5FB24C 2EDFBC

Workaround: If route-processor redundancy exists, perform an RP forced switchover to reset the Chopper queue and clear the issue. If there is no redundant RP, then reload the RP to clear the Chopper queue.

CSCsz71787

Symptoms: A router crashes when it is configured with DLSw.

Conditions: A vulnerability exists in Cisco IOS software when processing UDP and IP protocol 91 packets. This vulnerability does not affect TCP packet processing. A successful exploitation may result in a reload of the system, leading to a denial of service (DoS) condition.

Cisco IOS devices that are configured for DLSw with the dlsw local- peer command automatically listen for IP protocol 91 packets. A Cisco IOS device that is configured for DLSw with the dlsw local-peer peer-id IP- address command listens for IP protocol 91 packets and UDP port 2067.

Cisco IOS devices listen to IP protocol 91 packets when DLSw is configured. However, it is only used if DLSw is configured for Fast Sequenced Transport (FST). A DLSw FST peer configuration will contain the following line:

dlsw remote-peer 0 fst <ip-address>

It is possible to disable UDP processing in DLSw with the dlsw udp-disable command. However, disabling UDP only prevents the sending of UDP packets; it does not prevent the device from receiving and processing incoming UDP packets.

Workaround: The workaround consists of filtering UDP packets to port 2067 and IP protocol 91 packets. Filters can be applied at network boundaries to filter all IP protocol 91 packets and UDP packets to port 2067, or filters can be applied on individual affected devices to permit such traffic only from trusted peer IP addresses. However, since both of the protocols are connectionless, it is possible for an attacker to spoof malformed packets from legitimate peer IP addresses.

As soon as DLSw is configured, the Cisco IOS device begins listening on IP protocol 91. However, this protocol is used only if DLSw is configured for Fast Sequenced Transport (FST). A DLSw FST peer configuration will contain the following line:

dlsw remote-peer 0 fst <ip-address>

If FST is used, filtering IP protocol 91 will break the operation, so filters need to permit protocol 91 traffic from legitimate peer IP addresses.

It is possible to disable UDP processing in DLSw with the dlsw udp-disable command. However, disabling UDP only prevents the sending of UDP packets; it does not prevent the receiving and processing of incoming UDP packets. To protect a vulnerable device from malicious packets via UDP port 2067, both of the following actions must be taken:

1. Disable UDP outgoing packets with the dlsw udp-disable command

2. Filter UDP 2067 in the vulnerable device using infrastructure ACL.

* Using Control Plane Policing on Affected Devices

Control Plane Policing (CoPP) can be used to block untrusted DLSw traffic to the device. Cisco IOS software releases 12.0S, 12.2SX, 12.2S, 12.3T, 12.4, and 12.4T support the CoPP feature. CoPP may be configured on a device to protect the management and control planes to minimize the risk and effectiveness of direct infrastructure attacks by explicitly permitting only authorized traffic sent to infrastructure devices in accordance with existing security policies and configurations. The following example, which uses 192.168.100.1 to represent a trusted host, can be adapted to your network. If FST is not used, protocol 91 may be completely filtered. Additionally, if UDP is disabled with the dlsw udp-disable command, UDP port 2067 may also be completely filtered.

!--- Deny DLSw traffic from trusted hosts to all IP addresses
!--- configured on all interfaces of the affected device so that
!--- it will be allowed by the CoPP feature.

access-list 111 deny udp host 192.168.100.1 any eq 2067 access-list 111 deny 91 host 192.168.100.1 any

!--- Permit all other DLSw traffic sent to all IP addresses
!--- configured on all interfaces of the affected device so that it
!--- will be policed and dropped by the CoPP feature.

access-list 111 permit udp any any eq 2067 access-list 111 permit 91 any any

!--- Permit (Police or Drop)/Deny (Allow) all other Layer 3 and Layer 4
!--- traffic in accordance with existing security policies and
!--- configurations for traffic that is authorized to be sent
!--- to infrastructure devices.
!--- Create a Class-Map for traffic to be policed by
!--- the CoPP feature.

class-map match-all drop-DLSw-class match access-group 111

!--- Create a Policy-Map that will be applied to the
!--- Control-Plane of the device.

policy-map drop-DLSw-traffic class drop-DLSw-class drop

!--- Apply the Policy-Map to the Control-Plane of the
!--- device.

control-plane service-policy input drop-DLSw-traffic

In the above CoPP example, the access control entries (ACEs) that match the potential exploit packets with the "permit" action result in these packets being discarded by the policy-map "drop" function, while packets that match the "deny" action (not shown) are not affected by the policy-map drop function. Please note that in the Cisco IOS 12.2S and 12.0S trains, the policy-map syntax is different:

policy-map drop-DLSw-traffic class drop-DLSw-class police 32000 1500 1500 conform-action drop exceed-action drop

Additional information on the configuration and use of the CoPP feature is available at:

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6642/prod_white_paper0900aecd804fa16a.html

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtrtlimt.html

* Using Infrastructure ACLs at Network Boundary

Although it is often difficult to block traffic transiting your network, it is possible to identify traffic that should never be allowed to target your infrastructure devices and block that traffic at the border of your network. iACLs are a network security best practice and should be considered as a long-term addition to good network security as well as a workaround for this specific vulnerability. The iACL example shown below should be included as part of the deployed infrastructure access-list that will protect all devices with IP addresses in the infrastructure IP address range. If FST is not used, protocol 91 may be completely filtered. Additionally, if UDP is disabled with the dlsw udp-disable command, UDP port 2067 may also be completely filtered.

!--- Permit DLSw (UDP port 2067 and IP protocol 91) packets
!--- from trusted hosts destined to infrastructure addresses.

access-list 150 permit udp TRUSTED_HOSTS MASK INFRASTRUCTURE_ADDRESSES MASK eq 2067 access-list 150 permit 91 TRUSTED_HOSTS MASK INFRASTRUCTURE_ADDRESSES MASK

!--- Deny DLSw (UDP port 2067 and IP protocol 91) packets from
!--- all other sources destined to infrastructure addresses.

access-list 150 deny udp any INFRASTRUCTURE_ADDRESSES MASK eq 2067 access-list 150 deny 91 any INFRASTRUCTURE_ADDRESSES MASK

!--- Permit/deny all other Layer 3 and Layer 4 traffic in accordance
!--- with existing security policies and configurations.
!--- Permit all other traffic to transit the device.

access-list 150 permit ip any any

interface serial 2/0 ip access-group 150 in

The white paper entitled "Protecting Your Core: Infrastructure Protection Access Control Lists" presents guidelines and recommended deployment techniques for infrastructure protection access lists. This white paper can be obtained at the following link:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801a1a55.shtml

Further Problem Description: This vulnerability occurs on multiple events to be exploited. It is medium complexity in order to exploit and has never been seen in a customer environment.

CSCsz72591

Symptoms: A router crashes with an Address Error (load or instruction fetch) exception.

Conditions: The router must be configured to act as a DHCP client.

Workaround: There is no workaround.

CSCta05118

Symptoms: An RP crashes during SNMP polling.

Conditions: This symptom is observed during SNMP polling of the ciscoEnhancedWred MIB.

Workaround: There is no workaround.

CSCta37296

Symptoms: On a Cisco 12000 ATM linecard, threshold drops are observed on a service policy that is configured with WRED, and these drops occur even if no random drops are incrementing.

Conditions: This symptom is observed only when using WRED, and it is observed even under low utilization of the service policy. Threshold drops will happen only for RP-generated packets even though there are no random drops.

Workaround: To stop the drops, remove WRED and configure a standard queue limit.

Further Problem Description: Some of the packet types that are generated by the linecard (such as ICMP echo response) will still undergo threshold drops.

CSCta42490

Symptoms: Access to NVRAM through wr mem or copy run start is denied after errors such as the following are logged:

May 13 16:30:15.495 CEST: %SYS-2-NV_BAD_PTR: Bad NVRAM pointer. NV Header values are, nv: .textbase: .textsize: -276819960 .magic: 0x4D80101C .checksum: 0xC000 .system_version: 0 .textptr: v1_ptr: .priv:

-Traceback= 20DC40 20DD48 217140 60D2A0 60EC54 30B9F8 6162E4 30B9F8 217890 2177D0 2563A0 24413C 2599A0 2F959C

Conditions: Cisco 12000 series with PRP/PRP-2. Cisco IOS Release 12.0(32)SY8.

Workaround: There is no known workaround for recovery from this failure.

CSCta77678

Symptoms: RTP timestamp on the RFC 2833 event is modified. IP Phones are using RFC 2833 to transport the DTMF signals, which causes problems with the voicemail systems.

Conditions: This symptom occurs when RTP header compression is enabled.

Workaround: There is no workaround.

Further Problem Description: The problem disappears if cRTP is disabled. The issue is seen with Class-Based cRTP configured and also with other cRTP configuration types.

CSCtb03758

Symptoms: Traffic drops are observed on serial interfaces that are configured with L2VPNs.

Conditions: This symptom is observed during a microcode reload on the linecard.

Workaround: Perform a shut/no shut on the serial interface on PE1.

CSCtc36065

Symptoms: High CPU under interrupt on a linecard.

Conditions: This symptom is observed on a Cisco 12000 series Internet router SIP-600 when multicast traffic that is coming from an interface of the linecard should be dropped due to failed RPF.

Workaround: There is no workaround.

CSCtc36576

Symptoms: In a FR-Ethernet IP interworking scenario, a Cisco 12000 series PE (with an E5 linecard being used as CE facing) corrupts CE-to-CE packets that are less than 58 bytes.

Conditions: One Cisco 12000 series is running Cisco IOS Release 12.0(32)SY8, 12.0(32)SY9, or 12.0(32)SY10. The linecard that is facing the CE must be E5.

Workaround: There is no workaround.

CSCtc45384

Symptoms: With an E3 4xOC3 and E5 serial interface, IPv6 packets stop matching the class in the service policy when the interface is shut/no shut.

Conditions: This symptom is observed when a shut/no shut is performed on the interface.

Workaround: Remove and reapply the service policy.

CSCtc61836

Symptoms: MLPPP sequence numbers that are received by the remote end have missing sequences and/or interrupted multicast traffic with the MLPPP interface as the outgoing link.

Conditions:

The MLPPP interface is configured with multicast.

There are physical errors in the line that would trigger autoDNR.

Workaround:

Disable multicast on the MLPPP link.

Recovery:

Perform a shut/no shut on a member link.

Clear the mroute table using the clear up mroute vrf vrf-name * command.

CSCtc72808

Symptoms: In situations where an enhanced SFC module would experience problems with the clock module, a recovery feature that was introduced in previous releases would try to recover switch fabric system indefinitely:

%FABRIC-3-ERR_HANDLE: Reconfigure all fabric cards due to SUSHI REGISTER RESET ERROR error from slot <..>

And that would lead to linecard resets in the chassis.

Conditions: This behavior is observed when an enhanced SFC module experiences hardware/clock module problems.

Workaround: Disable the faulty module in configuration mode:

hw-module slot slot shutdown

CSCtc79299

Symptoms: Sending TPv6 traffic with a Hop-by-Hop header causes RP CPU utilization to spike up to 40 percent.

Conditions: IPv6 traffic with hop-by-hop headers.

Workaround: There is no workaround.

CSCtd18657

Symptoms: The following message is displayed.

%TFIB-7-SCANSABORTED: TFIB scan not completing. MAC string updated.

Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0S. The router has a large number of prefixes for which the output interface is an MPLS traffic-engineering tunnel.

Workaround: There is no workaround.

CSCtd46318

Symptoms: Multiple tracebacks are seen from the standby RP.

Conditions: This symptom is observed during router bootup.

Workaround: Reload the router again.

CSCtd46847

Symptoms: In an APS setup that involves CHOC12 linecards, the APS switches over from the working line to the protect line for different reasons such as LAIS, LOF/LOS, or SF & SD conditions.

Conditions: This symptom is observed on a Cisco 12000 series router that is running a Cisco IOS Release 12.0(32)S11q image. The issue is applicable only to CHOC12 linecards.

Workaround: There is no workaround.

Further Problem Description: The alarms that are responsible for the APS switchover are spurious. The alarm counters on the SONET controller could be very huge in successive show controller captures.

CSCtd54941

Symptoms: Increased PLIM resets on CHOC12 linecards might be observed on some nodes.

Conditions: This symptom is observed in a normal production environment with images post 12.0(32)S9, 12.0(32)SY05, 12.0(33)S.

Workaround: There is no workaround.

CSCtd62350

Symptoms: Trying to export with the VRF aware feature does not work, except if we export to a device that is reachable via the global routing table.

ip flow-export version 9

ip flow-export destination 10.116.244.61 63636 vrf gestion ip flow-aggregation cache

protocol-port export destination 10.116.244.61 63636 vrf gestion

Sourced from global loopback interface, same

Sourced from same vrf interface where to export, same

Changed sample interval to minimum, same

Outputs look fine. You can see the packets being sent from the Cisco 12000 series router, and no IPC drops; however the sniffer is not showing anything.

Conditions: This symptom is observed on a Cisco 12000 series router that is using NetFlow with VRF support.

Workaround: Use the global routing table.

CSCtd75033

Symptoms: Cisco IOS Software is affected by NTP mode 7 denial-of-service vulnerability.

Conditions: Cisco IOS Software with support for Network Time Protocol (NTP) contains a vulnerability processing specific NTP Control Mode 7 packets. This results in increased CPU on the device and increased traffic on the network segments.

This is the same as the vulnerability which is described in http://www.kb.cert.org/vuls/id/568372.

Cisco has release a public facing vulnerability alert at the following link:

http://tools.cisco.com/security/center/viewAlert.x?alertId=19540

Cisco IOS Software that has support for NTPv4 is NOT affected. NTPv4 was introduced into Cisco IOS Software: 12.4(15)XZ, 12.4(20)MR, 12.4(20)T, 12.4(20)YA, 12.4(22)GC1, 12.4(22)MD, 12.4(22)YB, 12.4(22)YD, 12.4(22)YE and 15.0(1)M.

All other versions of Cisco IOS and Cisco IOS XE Software are affected.

To see if a device is configured with NTP, log into the device and issue the CLI command show running-config | include ntp. If the output returns either of the following commands listed then the device is vulnerable:

ntp master <any following commands>

ntp peer <any following commands>

ntp server <any following commands>

ntp broadcast client

ntp multicast client

The following example identifies a Cisco device that is configured with NTP:

router# show running-config | include ntp

ntp peer 192.168.0.12

The following example identifies a Cisco device that is not configured with NTP:

router# show running-config | include ntp

router#

To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output.

The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with an installed image name of C2500-IS-L:

Router#show version

Cisco Internetwork Operating System Software

IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE

(fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright ) 1986-2008 by cisco Systems, Inc.

Compiled Mon 17-Mar-08 14:39 by dchih

<output truncated>

The following example shows a product that is running Cisco IOS Software Release 12.4(20)T with an image name of C1841-ADVENTERPRISEK9-M:

Router# show version

Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version

12.4(20)T, RELEASE SOFTWARE (fc3)

Technical Support: http://www.cisco.com/techsupport

Copyright ) 1986-2008 by Cisco Systems, Inc.

Compiled Thu 10-Jul-08 20:25 by prod_rel_team

<output truncated>

Additional information about Cisco IOS Software release naming conventions is available in "White Paper: Cisco IOS Reference Guide" at the following link:

http://www.cisco.com/warp/public/620/1.html

Workaround: There are no workarounds other than disabling NTP on the device. The following mitigations have been identified for this vulnerability; only packets destined for any configured IP address on the device can exploit this vulnerability. Transit traffic will not exploit this vulnerability.

Note: NTP peer authentication is not a workaround and is still a vulnerable configuration.

* NTP Access Group

Warning: Because the feature in this vulnerability utilizes UDP as a transport, it is possible to spoof the sender's IP address, which may defeat access control lists (ACLs) that permit communication to these ports from trusted IP addresses. Unicast Reverse Path Forwarding (Unicast RPF) should be considered to be used in conjunction to offer a better mitigation solution.

!--- Configure trusted peers for allowed access

access-list 1 permit 171.70.173.55

!--- Apply ACE to the NTP configuration

ntp access-group peer 1

For additional information on NTP access control groups, consult the document titled "Performing Basic System Management" at the following link:

http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_basic_sys_manage.html#wp1034942

* Infrastructure Access Control Lists

Warning: Because the feature in this vulnerability utilizes UDP as a transport, it is possible to spoof the sender's IP address, which may defeat ACLs that permit communication to these ports from trusted IP addresses. Unicast RPF should be considered to be used in conjunction to offer a better mitigation solution.

Although it is often difficult to block traffic that transits a network, it is possible to identify traffic that should never be allowed to target infrastructure devices and block that traffic at the border of networks.

Infrastructure ACLs (iACLs) are a network security best practice and should be considered as a long-term addition to good network security as well as a workaround for this specific vulnerability. The iACL example below should be included as part of the deployed infrastructure access-list, which will help protect all devices with IP addresses in the infrastructure IP address range:

!---

!--- Feature: Network Time Protocol (NTP)

!---

access-list 150 permit udp TRUSTED_SOURCE_ADDRESSES WILDCARD

INFRASTRUCTURE_ADDRESSES WILDCARD eq 123

!--- Note: If the router is acting as a NTP broadcast client

!--- via the interface command "ntp broadcast client"

!--- then broadcast and directed broadcasts must be

!--- filtered as well. The following example covers

!--- an infrastructure address space of 192.168.0.X

access-list 150 permit udp TRUSTED_SOURCE_ADDRESSES WILDCARD

host 192.168.0.255 eq ntp

access-list 150 permit udp TRUSTED_SOURCE_ADDRESSES WILDCARD

host 255.255.255.255 eq ntp

!--- Note: If the router is acting as a NTP multicast client

!--- via the interface command "ntp multicast client"

!--- then multicast IP packets to the mutlicast group must

!--- be filtered as well. The following example covers

!--- a NTP multicast group of 239.0.0.1 (Default is

!--- 224.0.1.1)

access-list 150 permit udp TRUSTED_SOURCE_ADDRESSES WILDCARD

host 239.0.0.1 eq ntp

!--- Deny NTP traffic from all other sources destined

!--- to infrastructure addresses.

access-list 150 deny udp any

INFRASTRUCTURE_ADDRESSES WILDCARD eq 123

!--- Permit/deny all other Layer 3 and Layer 4 traffic in

!--- accordance with existing security policies and

!--- configurations. Permit all other traffic to transit the

!--- device.

access-list 150 permit ip any any

!--- Apply access-list to all interfaces (only one example

!--- shown)

interface fastEthernet 2/0

ip access-group 150 in

The white paper entitled "Protecting Your Core: Infrastructure Protection Access Control Lists" presents guidelines and recommended deployment techniques for infrastructure protection access lists and is available at the following link:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801a1a55.
shtml

* Control Plane Policing

Provided under Control Plane Policing there are two examples. The first aims at preventing the injection of malicious traffic from untrusted sources, whilst the second looks at rate limiting NTP traffic to the box.

- Filtering untrusted sources to the device.

Warning: Because the feature in this vulnerability utilizes UDP as a transport, it is possible to spoof the sender's IP address, which may defeat ACLs that permit communication to these ports from trusted IP addresses. Unicast RPF should be considered to be used in conjunction to offer a better mitigation solution.

Control Plane Policing (CoPP) can be used to block untrusted UDP traffic to the device. Cisco IOS Software Releases 12.0S, 12.2SX, 12.2S, 12.3T, 12.4, and 12.4T support the CoPP feature. CoPP can be configured on a device to help protect the management and control planes and minimize the risk and effectiveness of direct infrastructure attacks by explicitly permitting only authorized traffic that is sent to infrastructure devices in accordance with existing security policies and configurations. The CoPP example below should be included as part of the deployed CoPP, which will help protect all devices with IP addresses in the infrastructure IP address range.

!--- Feature: Network Time Protocol (NTP)

access-list 150 deny udp TRUSTED_SOURCE_ADDRESSES WILDCARD

any eq 123

!--- Deny NTP traffic from all other sources destined

!--- to the device control plane.

access-list 150 permit udp any any eq 123

!--- Permit (Police or Drop)/Deny (Allow) all other Layer3 and

!--- Layer4 traffic in accordance with existing security policies

!--- and configurations for traffic that is authorized to be sent

!--- to infrastructure devices

!--- Create a Class-Map for traffic to be policed by

!--- the CoPP feature

class-map match-all drop-udp-class

match access-group 150

!--- Create a Policy-Map that will be applied to the

!--- Control-Plane of the device.

policy-map drop-udp-traffic

class drop-udp-class

drop

!--- Apply the Policy-Map to the

!--- Control-Plane of the device

control-plane

service-policy input drop-udp-traffic

In the above CoPP example, the access control list entries (ACEs) that match the potential exploit packets with the "permit" action result in these packets being discarded by the policy-map "drop" function, while packets that match the "deny" action (not shown) are not affected by the policy-map drop function.

- Rate Limiting the traffic to the device The CoPP example below could be included as part of the deployed CoPP, which will help protect targeted devices from processing large amounts of NTP traffic.

Warning: If the rate-limits are exceeded valid NTP traffic may also be dropped.

!--- Feature: Network Time Protocol (NTP)

access-list 150 permit udp any any eq 123

!--- Create a Class-Map for traffic to be policed by

!--- the CoPP feature

class-map match-all rate-udp-class

match access-group 150

!--- Create a Policy-Map that will be applied to the

!--- Control-Plane of the device.

!--- NOTE: See section "4. Tuning the CoPP Policy" of

!--- http://www.cisco.com/web/about/security/intelligence/coppwp_gs.html#5

!--- for more information on choosing the most

!--- appropriate traffic rates

policy-map rate-udp-traffic

class rate-udp-class

police 10000 1500 1500 conform-action transmit

exceed-action drop violate-action drop

!--- Apply the Policy-Map to the

!--- Control-Plane of the device

control-plane

service-policy input drop-udp-traffic

Additional information on the configuration and use of the CoPP feature can be found in the documents, "Control Plane Policing Implementation Best Practices" and "Cisco IOS Software Releases 12.2 S—Control Plane Policing" at the following links:

http://www.cisco.com/web/about/security/intelligence/coppwp_gs.html

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtrtlimt.html

CSCtd90953

Symptoms: A ping delay is seen for E5 interfaces.

Conditions: The delay is seen after a CSC switchover is performed.

Workaround: Reload the linecard.

CSCtd93825

Symptoms: When an E4+ linecard is inserted into a blank slot of a Cisco 12000 series router, MAC addresses of that linecard become 0000.0000.0000.

Conditions: This symptom does not occur if the system boots with the linecard. The symptom occurs only when the E4+ linecard is inserted into a blank slot after booting is complete.

Workaround: Reload the system.

CSCte45025

Symptoms: Gige Main interface flaps on deleting the gige subinterface with IPv6 address.

Conditions: Gige Main interface flaps on deleting the gige subinterface with IPv6 address.

Workaround: There is no workaround.

CSCtf65144

Symptoms: The local LDP binding is not updated with the imp-null label for a summary route after the summary address is added in OSPF.

Conditions: This symptom is observed when the summary prefix is already learned from the OSPF neighbor and when the local label for the summary prefix is assigned.

Workaround: Enter the clear ip route summary-prefix command.

Resolved Caveats—Cisco IOS Release 12.0(32)SY10

Cisco IOS Release 12.0(32)SY10 is a rebuild release for Cisco IOS Release 12.0(32)SY. The caveats in this section are resolved in Cisco IOS Release 12.0(32)SY10 but may be open in previous Cisco IOS releases.

CSCsa58277

Symptoms: All packets toward a specific adjacency get black-holed. The output of show controllers rewrites command on the output E4 linecard indicates that a bad destination MAC is being used for the rewrite.

For example:

LC-Slot1# show controllers rewrites | b 192.168.2.1

Port-channel2 192.168.2.1 0x0E0307CC GigabitEthernet1/2/1 00E0812B28E5000E393CF5010800 ------------ incorrect

Conditions: This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(30)S and that is connected via a link-bundling interface (E4 LC) through a switch to numerous BGP peers, after one of the peers went down because of a long maintenance window.

Workaround: Clearing the adjacencies does not help; the only workaround possible is to remove link-bundling.

CSCsg84306

Symptoms: In certain configurations, when the neighbor router restarts, the following message and some tracebacks may appear:

%CLNS-3-LSPLISTERR: ISIS: LSP list traversal incomplete (ISIS)

Conditions: This symptom is observed when an ION image is running and ISIS is enabled.

Workaround: Configure "no isis optimize lspdb-walk" under "router isis."

CSCsh96294

Symptoms: An OSPFv3 neighbor may go down because of missing OSPFv3 hellos.

Conditions: This symptom is observed after upgrading to Cisco IOS Release 12.0(32)S.

Workaround: There is no workaround.

CSCsh97579

Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service (DoS) attack if configured for IP tunnels and Cisco Express Forwarding.

Cisco has released free software updates that address this vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml.

CSCsi61988

Symptoms: On a Cisco 12000 series router that is running Cisco IOS Release 12.0(31)S6, a Malloc failure is seen on "L3 Engine: 6 - Backbone 2P OC192/ 8P OC48 (20 Gbps)":

SLOT 10:Mar 29 12:41:01: %SYS-2-MALLOCFAIL: Memory allocation of 65556 bytes failed from 0x400DD7C8, alignment 32 Pool: Processor Free: 152456 Cause: Memory fragmentation Alternate Pool: None Free: 0 Cause: No Alternate pool

Conditions: Multicast should be enabled because the memory leak happens from "MDFS LC Process."

Workaround: Reload the linecard.

CSCsj81722

Symptoms: A static address may have an aggregate out label in the BGP and MPLS forwarding entry.

Conditions: This symptom is observed when there is a static route in a VRF, a directly connected network is added, and both the static and connected routes are redistributed to BGP. The BGP table will then have the connected prefix, and both the BGP and forwarding entries will match and have the aggregate out label. But when the connected network is shut down, BGP gets the static route, but the out label remains "aggregate."

Workaround: There is no workaround.

CSCsm75818

Symptoms: Multicast data loss may be observed while changing the PIM mode of MDT-data groups in all core routers.

Conditions: The symptom is observed while changing the PIM mode of MDT-data groups from "Sparse" to "SSM" or from "SSM" to "Sparse" in all core routers in a Multicast Virtual Private Network (MVPN).

Workaround: Use the clear ip mroute MDT-data group command to resolve the issue.

CSCsr24425

Symptoms: There were two symptoms reported for this problem:

1. Continuous increment in the mdfs reload count for some linecards.

2. Clearing of all entries in the global multicast routing table.

This leads to the loss of PIM neighborship with some peer routers.

Conditions: This problem is seen when the number of swidb or hwidb interfaces is at least 1638 in number, and the traffic is active.

Workaround: Configure additional interfaces, like a loopback interface, to resolve the reported issue. But there could still be wrong statistic updates and wrong show interface output.

CSCsr40433

Symptoms: Traffic engineering (TE) tunnel reoptimization fails and tunnel stuck in "RSVP signaling proceeding."

Conditions: Occurs when explicit path with loose next hops and one of the next hops is still reachable and that next hops is a dead-end.

Workaround: Use strict next hop addresses.

CSCsv27607

Symptoms: BGP router filters outbound routes to the peers when doing soft reset with specifying peer address using the clear ip bgp ip-address soft out command. However, the routes to be filtered are not deleted from the routing table on the BGP peer router.

Conditions: The symptom happens when removing and then reapplying an outbound route-map. When issuing the clear ip bgp neighbor-address soft out command for each peer in an update-group after applying the outbound route-map filtering policy. The withdraw for filtered prefixes is sent to the first peer specified in soft reset, but the next peers in the same update-group do not withdraw the routes.

Workaround: Perform a hard BGP reset using the clear ip bgp ip-address command.

CSCsv82120

Symptoms: A CHOC12 T1 continuously flaps when the T1 link that is connected to a third-party CE router flaps. With the Cisco router, the same issue is not observed.

Conditions: This symptom is observed under the following conditions:

Cisco IOS Release 12.0(32)S11n

CHOC12 T1 links with a third-party CE router

Workaround: Disable "yellow detection" on the CHOC12 T1 link. For example, serial interface 12/0.7/6:0:

controller sonet 12/0
 sts-1 7
 no t1 6 yellow detection
 ! Wait for the T1 to stabilize.
 t1 6 yellow detection
 !

CSCsv84690

Symptoms: The source MAC address is not learned properly for the bridge domain associated with a VFI instance.

Conditions: Traffic is from CE2------PE1------CE1 (locally switched). Source MAC addresses of packets from CE2 are not learned correctly. NetFlow is enabled on the interfaces of the PE.

Workaround: Disable NetFlow on the main interface.

CSCsw17390

Symptoms: A PVC flaps with the following error message:

ATM(ATM3/0/0.504): VC(17) Bad SAP received 00AD

Conditions: This symptom is observed on a Cisco 7600 with a FlexWAN and PAA3 when connected to a Cisco 12000 ATM interface and when the PVC is configured for bridging.

Workaround: There is no workaround.

CSCsw50410

Symptoms: The following traceback is seen on the console, and all the channelized serial links on the E3 LC flap.

SLOT 5:1d00h: %EE48-3-INVALID_CFG_DATA: Channel 4: Invalid configuration data. Channel type= 5 -Traceback= 40030F00 40417F44 40418208 40418444 404184B4 40418588 SLOT 5:1d00h: %EE48-3-INVALID_CFG_DATA: Channel 5: Invalid configuration data. Channel type= 5 -Traceback= 40030F00 40417F44 40418208 40418444 404184B4 40418588

Conditions: This symptom occurs with all the serial links configured on a Channelized OC48-DS3/Engine 3 card. Serial interfaces flap, bringing down BGP/OSPF for no apparent reason. No configs were done.

Workaround: There is no workaround.

CSCsw82176

Symptoms: A Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(32)SY7 crashes by Unexpected exception to CPUvector 300.

Conditions: This crash occurs after deleting a couple of subinterfaces that belong to different VRFs. There are many different VRFs and different subinterfaces configured on the router that runs Cisco IOS Release 12.0(32) SY7.

Workaround: Make sure to always shut down the subinterfaces before deleting them.

CSCsw90592

Symptoms: Traffic is not flowing for some VCs through an SR-APS interface.

Conditions: This symptom is observed after a linecard reload and router reload.

Workaround: Shut/no shut the SR-APS interface.

CSCsw98681

Symptoms: Given the following topology:

CE1 <-->PE1 <---->P<---->PE2<------>CE2

xconnect is configured on the serial link, and after the following steps are performed, a ping fails for the xconnect interface.

1) Configure xconnect with HDLC encapsulation.

2) Remove the encapsulation and add PPP encapsulation.

Conditions: All interfaces should be up and running.

Workaround: Remove and add the xconnect configuration.

CSCsx20177

Symptoms: "no int loopback" with "advertise passive-only" causes a stuck prefix.

Conditions: This symptom is observed on a Cisco 7600 series router that is using an RSP720 with Cisco IOS Release 12.2(33)SRD.

Workaround:

Do not use "advertise passive-only." Unconfiguring and reconfiguring this command clears the stuck prefix.

Or with "advertise passive-only":

First remove "passive-interface loopback" from router isis.

Then remove the interface via "no int loopback."

CSCsx32416

Symptoms: A session may go down one or more times before stabilizing in the up state.

Conditions: This symptom is observed when a BFD session is first coming up and the network is suffering from congestion.

Workaround: There is no workaround.

CSCsx55779

Symptoms: A SIP-601 is reset after local switching is configured. After the linecard comes up, traffic does not flow end to end on the local switching attachment circuit.

The issue is seen only when the Frame Relay frame size is less than 12 bytes (4 bytes FR header + 4 bytes FCS + 0-4 bytes payload) and when the NLPID value is 0x00 (that is, an invalid Frame Relay encapsulation). From RFC 2427:

An NLPID value of 0x00 is defined within ISO/IEC TR 9577 as the Null Network Layer or Inactive Set. Because it cannot be distinguished from a pad field, and because it has no significance within the context of this encapsulation scheme, an NLPID value of 0x00 is invalid under the Frame Relay encapsulation.

Conditions: Traffic should be enabled while doing local switching configurations.

Workaround: There is no easy workaround. Shut down the interface before the hw-module reload of the linecard.

CSCsx69785

Symptoms: 8-port OC48 E6 linecards crash when trying to bring up back-to-back connected or looped back (between two OC48 interfaces on the same E6 linecard) interfaces. This can also be seen when the optic cable/SFP is removed and inserted continuously between the back-to-back or loopback OC48 interfaces on the E6 linecard.

Conditions: On back-to-back connected or loopback (through two ports on the same linecard) connected E6 OC48 ports, performing a shut/no shut crashes the E6 linecards. Also, removing and inserting the optic cable/SFP repeatedly in the back-to-back or loopback connection (which is in the "no shut" state) between two OC48 ports on E6 cards crashes the E6 linecard.

Workaround: Configure clock source internal before configuring no shut.

CSCsx70889

Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service (DoS) attack if configured for IP tunnels and Cisco Express Forwarding.

Cisco has released free software updates that address this vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml.

CSCsx81775

Symptoms: An Engine 5 line card (SIP-x01) crashes when a QoS configuration is applied to a serial interface.

Conditions: This symptom is observed when applying a service policy to a serial interface with several classes with a Police + WRED configuration, with more than two of the following:

1. Class-default with WRED+Police action.

2. One or more classes matching on prec/dscp with WRED+Police action.

3. One or more classes matching on Access-group with WRED+Police action.

4. Any class with a "Match Any" condition with WRED+Police.

Workaround: There is no workaround. Such a policy is not supported.

CSCsx90461

Symptoms: A SIP 601 crashes in a PE router mvpn scenario.

Conditions: This symptom is observed while flapping core-facing or edge- facing interface.

Workaround: There is no workaround.

CSCsx93485

Symptoms: While redistributing OSPFv3 into BGP, the redistributed route flaps when the OSPFv3 topology changes.

Conditions: This symptom is observed when the cost of the redistributed route becomes better.

Workaround: There is no workaround.

Further Problem Description: As seen from the BGP debugs, RIB sends a DEL and ADD instead of a MODIFY.

CSCsy20021

Symptoms: Ping and traffic drops occur on LB local switching circuits.

Conditions: This symptom is observed when an RPR+ switchover is performed.

Workaround: There is no workaround.

CSCsy33936

Symptoms: The CEF process is hogging the CPU because of many incomplete fibidbs, because CEF was disabled and re-enabled.

Conditions: This symptom is observed in a scale testbed when an RPR+ switchover is performed.

Workaround: There is no workaround.

CSCsy42615

Symptoms: Entries for ABRs and ASBRs are missing from the OSPF route table. This results in inter-area and external routes being omitted from the Routing Information Base (RIB).

Conditions: The bug will only be seen when MPLS-TE tunnels are being used. Also, specifying non-default SPF timer values with timers throttle spf will increase the risk of hitting this bug.

Workaround: There is no workaround.

CSCsy81103

Symptoms: An E5 crashes when the show contr rewrite command is executed.

Conditions: This symptom is observed on a Cisco 12000 series Internet router that is configured with LB.

Workaround: There is no workaround.

CSCsy92142

Symptoms: The serial interface on a channelized OC48 linecard stays in the UP/DOWN state after encountering Layer 1 alarms (PRID or PAIS). The interface continues to be in the UP/DOWN state even after the Layer 1 alarms are cleared.

The interface is configured for PPP encapsulation, and path level delay triggers are enabled on this interface. The link shows UP, but the PPP negotiation will be stuck in Echo Request Sent.

Conditions: This symptom is observed with a 12.0(32)S11o-based image for channelized DS3 Engine 3 linecards with alarm delay triggers configured. The problem will be seen only with momentary path level alarms.

Workaround:

1. Perform a shut/no shut on the serial interface that is in the UP/DOWN state. However, this needs manual intervention every time.

2. Remove the alarm-delay triggers path 2500 command from the serial interface configuration. However, the side effect of this would cause the serial interface to flap.

CSCsy94776

Symptoms: A Cisco 12000 series Internet router may have missing lfib entries on linecards.

Conditions: This symptom is observed in Cisco IOS Release 12.0(32)s11o.

Workaround: Reload the linecard.

CSCsy96287

Symptoms: A customer experienced a single T1 flapping on controller 0/3/0. It would take between 2,500 and 3,000 path code violations and then drop and come back. It would do this about once every 15 minutes. Problems with our phones losing connectivity to a central call manager when a WAN circuit experiences a problem.

We use Multilink PPP to bundle three T1s for a 4.5-Mb circuit. If any one of the three T1s experiences even a minor issue, phones are resetting. However, we never lose Layer 3 connectivity. The edge router maintains its BGP peering across the Multilink PPP bundle, and none of our management applications ever sees a loss in connectivity.

We recently switched over to Multilink PPP from Multilink Frame due to a requirement by our MPLS provider. We did not have an issue using Multilink Frame; hence, we believe it is an issue with our configuration for Multilink PPP.

Conditions: This issue was first noticed in a 32S6r image, and some nodes running 32s11 showed similar symptoms.

Workaround: Perform a shut/no shut on the serial interface on the Cisco 12000 series side.

Further Problem Description: The root cause of this issue is that the customer was getting exposed to an inherent limitation of a timer that was being used in the T1/E1 line-state processing routine at the PLIM level. The malfunctioning of the timer would result in the PLIM not sending a line-state update message to the linecard and the route processor when a link flapped, and therefore the route processor would not bring the link down even when an alarm was present on the line. This would cause blackholing of traffic for some time until the L2 times out and the protocol comes down.

CSCsz01358

Symptom: A linecard crashes continuously when a microcode reload is performed.

Conditions: The interfaces of the crashing linecard are part of port-channel, and traffic is flowing via that linecard.

Workaround: There is no workaround.

CSCsz11893

Symptoms: Some packet loss is observed when traffic is fragmented on a Cisco 12000 series linecard. The issue has been reported using ping packets with a packet size larger than the egress interface MTU size.

Conditions: This symptom is observed on:

Packets received by the Cisco 12000 series that would require fragmentation on the egress linecard.

E5 linecards.

Workaround: Change the MTU size to prevent fragmentation from happening on the linecard.

CSCsz12423

Symptoms: IP-to-MPLS packets that need to be fragmented might be dropped.

Conditions: This symptom is observed when an E4+ line card is used as ingress and an E4+, E5, or E3 line card is used as egress.

Workaround: There is no workaround.

CSCsz19255

Symptoms: Tag rewrites are missing on linecards for one of the load-shareable interfaces.

Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(32)S11o.

Workaround: Shut/no-shut the interface.

CSCsz28121

Symptoms: A router crashes when NetFlow export configurations are applied and removed.

Conditions: This symptom is observed only when NetFlow export version 9 configurations are toggled.

Workaround: Use NetFlow export version 5 to export the flows.

CSCsz33193

Symptoms: For some VCs, traffic is not flowing through the SR-APS interface.

Conditions: This symptom is observed after a linecard reload and router reload.

Workaround: Perform a shut/no shut of the SR-APS interface.

CSCsz43391

Symptoms: Traffic stops flowing.

Conditions: This symptom is observed after the following procedure is performed:

1) First try ETH(vlan) to FR over MPLS (traffic is fine).

2) Change the dot1q interface to a QINQ interface on both the PE and the CE.

3) Then change back to dot1q on both the PE and the CE (traffic fails).

Workaround: Reload the linecard.

CSCsz46285

Symptoms: MVPN traffic is punted to the line-card CPU.

Conditions: This symptom is observed on the decap side of data mdt traffic.

Workaround: There is no workaround.

CSCsz70552

Symptoms: On the "P" router with four POS links, where two links are working as the primary and two links are working for redundancy; after a telco issue, both POS links go down due to transmission problems. The trigger for this issue is both links going down.

The P router sets LIB local binding changes to implicit null for several prefixes. After that, the PE routers have connectivity issues in some VRFs and do not go through a backup path using POS interface.

Looking into the PE routers that are connected to this P router, the following deviation was observed in their LFIB tables:

Router_PE# show mpls for 10.38.193.192 de 
 
   
Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched 
interface 37 Pop tag 10.38.193.192/32 0 Gi3/0 10.125.93.222 MAC/Encaps=30/30, 
MRU=1530, Tag Stack{} 0000000000000000000000010100000000055FFF99FE000197D0ED808847 No 
output feature configured
 
   
Router_PE# show ip cef 10.38.193.192 de 
 
   
10.38.193.192/32, version 72378, epoch 0, cached adjacency 10.125.93.222 0 packets, 0 
bytes tag information set, shared, all rewrites owned local tag: 37 via 10.125.93.222, 
GigabitEthernet3/0, 3 dependencies next hop 10.125.93.222, GigabitEthernet3/0 valid 
cached adjacency tag rewrite with Gi3/0, 10.125.93.222, tags imposed {}
 
   

It looks as though the P router sends a pop to the PE routers.

Conditions: This symptom is observed under the following conditions:

The P router has two links to the primary path and two links to the backup path.

PPP encapsulation is used.

Workaround:

Change from PPP to HDLC encapsulation on the POS links.

clear ip route prefix or

clear ip route *

CSCsz78479

Symptoms: When the PE routes traffic with a default network, it suddenly stops forwarding the packets from the CE. The PE is still able to reach the Internet.

Conditions: The PE is configured with the ip default network command and has an Engine 5.

Workaround: Remove and re-add the ip default network command.

Further Problem Description: The issue was already reproduced on the CALO case.

CSCsz84906

Symptoms: The ISIS redistribution RIB has a stale route that is not removed after the original ISIS route is deleted when an interface is shut down. This can cause wrong ISIS database information and wrong routing information in the routing table.

Conditions: This symptom is observed when the router is an L1L2 router and the old ISIS route to be deleted after interface shutdown has a backup route from other routing protocols. If the ip routing protocol purge interface command is configured, the issue will not happen.

Workaround: Either configure the ip routing protocol purge interface command or enter the clear isis * command, which may resolve the problem temporarily.

CSCsz89090

Symptoms: When the delay triggers line command is executed under a controller, the configured values are not reflected in the running configuration.

Conditions: This symptom is observed in Cisco IOS Release 12.0(33)S and 12.0 (32)SY9 images.

Workaround: There is no workaround.

CSCsz89107

Symptoms: CPU utilization is high when there is a scaled configuration of more than 1000 interfaces and 100-pps traffic is being sent on UUT along with BGP and multicast traffic.

Conditions: This symptom is observed when several sessions are active and generating traffic.

Workaround: There is no workaround.

CSCta25677

Symptoms: Upon an RPR+ switchover, a few MLPPP interfaces that are configured on an E3 1xChOC12 may start having ping failures.

Conditions: This symptom is observed with a Cisco IOS 12.0(32)S11p fc1 image.

Workaround: Perform a shut/no-shut on the ML interface.

CSCta30330

Symptoms: PIM checksum errors are causing the joins to be dropped in the MVPN.

Conditions:

Topology:

ce3------BR(Pe)(IOS-XR)---------Pe1(IOS)---------source

Initially, we observed a null olist in the VRF mroutes on the Cisco IOS router. Ideally, in this case, a tunnel should have been there in the olist.

Then we checked if the tunnel joins are sent and received by the Cisco IOX and IOS routers, respectively, by enabling the PIM debugs on both routers.

The XR debugs confirmed that joins are sent out by the XR node. Then we checked the debugs on the Cisco IOS router.

Initially, we suspected that the problem is due to "not to us" messages. Then we checked the IP traffic statistics.

PE1# show ip traffic 
 
   
IP statistics: >>>>> PIMv2 statistics: Sent/Received Total: 2087399/4842053, 245046 
checksum errors, 0 format errors Registers: 0/0, Register Stops: 0/0, Hellos: 
571945/560676 Join/Prunes: 1515499/4036576, Asserts: 0/0, grafts: 0/0 Bootstraps: 0/0, 
Candidate_RP_Advertisements: 0/0 Queue drops: 0
 
   
PIMv2 statistics: Sent/Received Total: 2092509/4848529, 245374 checksum errors, 0 
format errors Registers: 0/0, Register Stops: 0/0, Hellos: 573425/561965 Join/Prunes: 
1519100/4041190, Asserts: 0/0, grafts: 0/0 Bootstraps: 0/0, 
Candidate_RP_Advertisements: 0/0 Queue drops: 0
 
   
PIMv2 statistics: Sent/Received Total: 2092834/4848711, 245396 checksum errors, 0 
format errors Registers: 0/0, Register Stops: 0/0, Hellos: 573515/562041 Join/Prunes: 
1519335/4041274, Asserts: 0/0, grafts: 0/0 Bootstraps: 0/0, 
Candidate_RP_Advertisements: 0/0 Queue drops: 0 >>>>>
 
   

We observed checksum errors.

Workaround: After seeing checksum errors in the IP traffic statistics, we tried shutting the core-facing interface in the olist. After that, the problem disappeared. When we added that interface back, the problem was reproduced again. We suspect the following to cause this issue.

When we have core and VRF interfaces on the egress LC (E5), the PIM packet has to be forwarded on the core-facing interface and also has to be punted to the RP. In the E5, this is done by recycling the packet. In the first cycle, the packet will be sent to the core interface; in the second cycle, the packet will be decapsulated and punted to the LC CPU.

Only the head gets recycled for different passes. The tail will be stored in the stingray. When the packet is punted to the LC CPU, the LC CPU will copy the tail from the stingray, attach it to the head, and send it to the RP. We suspect that this copy is not happening properly and the RP is seeing PIM checksum errors.

CSCta45402

Symptoms: In an MVPN setup with a CE connected via an MLPPP interface, auto- RP packets are not being punted to the RP and the RP entry times out after 180 seconds.

Conditions: This symptom is observed either when a link flaps on a member of the MLPPP interface or when output QoS is applied on the MLPPP interface.

Workaround:

1) RP# clear ip mroute vrf <vpn> 224.0.1.40

2) LC# clear ip mds all

3) Configure static RP.

4) Remove the output policy on the outgoing Multilink.

CSCta58995

Symptoms: A Cisco 7200 PE is dropping *small* frames on an AToM FRoMPLS tunnel.

Conditions: This symptom is observed in an FR IP IW case when frames that are less than 60 bytes are sent from a Cisco 12000 series router (PE on the other side).

Workaround: There is no workaround.

CSCta69919

Symptoms: On a Cisco 12000 series router with ISE line cards and an IPv6 ACL, after a reload or RP switchover, the ACL does not match traffic correctly.

Conditions: This applies to IPv6 ACL.

Workaround: Delete and recreate the ACL.

CSCta76975

Symptoms: IPv6 multicast traffic drops are observed when IPv6 multicast traffic is sent at a high rate. These multicast packets are punted to the RP; this can be seen through the show ipv6 mflib <multicast address> CLI.

Conditions: This symptom is observed upon router reload.

Workaround: There is no workaround.

CSCtb51864

Symptoms: An IPv6 ACL is not working on the ingress of an E3 engine.

Conditions: Apply the IPv6 ACL on the ingress of the E3 engine, remove the ACL, and then reapply the same ACL on the same interface.

Workaround: Reload the linecard.

Resolved Caveats—Cisco IOS Release 12.0(32)SY9b

Cisco IOS Release 12.0(32)SY9b is a rebuild release for Cisco IOS Release 12.0(32)SY9. The caveats in this section are resolved in Cisco IOS Release 12.0(32)SY9b but may be open in previous Cisco IOS releases.

CSCsv27607

Symptoms: BGP router filters outbound routes to the peers when doing soft reset with specifying peer address using the clear ip bgp ip-addr soft out command. However, the routes to be filtered are not deleted from the routing table on the BGP peer router.

Conditions: The symptom happens when removing and then reapplying an outbound route-map. When issuing the clear ip bgp neighbor-address soft out command for each peer in an update-group after applying the outbound route-map filtering policy. The withdraw for filtered prefixes is sent to the first peer specified in soft reset, but the next peers in the same update-group do not withdraw the routes.

Workaround: Perform a hard BGP reset using the clear ip bgp ip-addr command.

CSCsw82176

Symptoms: A Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(32)SY7 crashes by Unexpected exception to CPUvector 300.

Conditions: This crash occurs after deleting a couple of subinterfaces that belong to different VRFs. There are many different VRFs and different subinterfaces configured on the router that runs Cisco IOS Release 12.0(32) SY7.

Workaround: Make sure to always shut down the subinterfaces before deleting them.

CSCsz45567

A device running Cisco IOS Software, Cisco IOS XE Software, or Cisco IOS XR Software is vulnerable to a remote denial of service condition if it is configured for Multiprotocol Label Switching (MPLS) and has support for Label Distribution Protocol (LDP).

A crafted LDP UDP packet can cause an affected device running Cisco IOS Software or Cisco IOS XE Software to reload. On devices running affected versions of Cisco IOS XR Software, such packets can cause the device to restart the mpls_ldp process.

A system is vulnerable if configured with either LDP or Tag Distribution Protocol (TDP).

Cisco has released free software updates that address this vulnerability.

Workarounds that mitigate this vulnerability are available.

This advisory is posted at:

http://www.cisco.com/warp/public/707/cisco-sa-20100324-ldp.shtml

CSCsz72591

Symptoms: A router crashes with an Address Error (load or instruction fetch) exception.

Conditions: The router must be configured to act as a DHCP client.

Workaround: There is no workaround.

CSCtb45062

Symptoms: A subinterface does not transmit traffic in the egress direction, the queue head and tail stay frozen, and the txport is consistently back- pressured.

Conditions: These symptoms are observed under the following conditions:

- 12000-SIP-501 with SPA-8X1FE-TX-V2.

- One Fast Ethernet interface with more than 468 subinterface VLANs.

- All subinterfaces with the same policy (SHAPE_OUT_960).

policy-map VBL class class-default police cir 96000 bc 4470 be 4470 conform-action set-dscp-transmit af11 exceed-action set-dscp-transmit default policy-map SHAPE_OUT_960 class class-default shape average 960000 service-policy VBL

Workaround: Create a dummy Fast Ethernet subinterface and force it to allocate the tx-port being back-pressured.

Further Problem Description: Removing the policy and re-applying it or performing a shut/no shut solves the issue temporally, but the issue will move to another subinterface in the same main interface.

CSCtc55200

Symptoms: An E5 line card crashes while the "show ip hardware-cef x.x.x.x detail" command is executed during CEF troubleshooting.

Conditions: This symptom is observed under the following conditions:

- Core-facing interfaces using Eng3 with two Port-Channel and load-balance. - Customer-facing interfaces using Eng5 with exhausted FSRAM memory because of a high number of hosts or load-balance routes from Eng3.

When FSRAM memory becomes exhausted, if you try to add one more host on the port-channel, the following error message will appear:

SLOT 4:02:04:44: %EE192-3-LINKBUNDLE: Cannot create hw link_bundle -Traceback= 40030EE8 4068CAC8 405AF138 413B6CCC 413D7464 413D7FA0 413BB2F4 413BB580 413BB88C 413BC780

Workaround: Reload the line card.

CSCtd75033

Symptoms: Cisco IOS Software is affected by NTP mode 7 denial-of-service vulnerability.

Conditions: Cisco IOS Software with support for Network Time Protocol (NTP) contains a vulnerability processing specific NTP Control Mode 7 packets. This results in increased CPU on the device and increased traffic on the network segments.

This is the same as the vulnerability which is described in http://www.kb.cert.org/vuls/id/568372.

Cisco has release a public facing vulnerability alert at the following link:

http://tools.cisco.com/security/center/viewAlert.x?alertId=19540

Cisco IOS Software that has support for NTPv4 is NOT affected. NTPv4 was introduced into Cisco IOS Software: 12.4(15)XZ, 12.4(20)MR, 12.4(20)T, 12.4(20)YA, 12.4(22)GC1, 12.4(22)MD, 12.4(22)YB, 12.4(22)YD, 12.4(22)YE and 15.0(1)M.

All other versions of Cisco IOS and Cisco IOS XE Software are affected.

To see if a device is configured with NTP, log into the device and issue the CLI command show running-config | include ntp. If the output returns either of the following commands listed then the device is vulnerable:

ntp master <any following commands>

ntp peer <any following commands>

ntp server <any following commands>

ntp broadcast client

ntp multicast client

The following example identifies a Cisco device that is configured with NTP:

router#show running-config | include ntp

ntp peer 192.168.0.12

The following example identifies a Cisco device that is not configured with NTP:

router#show running-config | include ntp

router#

To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output.

The following example identifies a Cisco product that is running Cisco IOS Software Release 12.3(26) with an installed image name of C2500-IS-L:

Router#show version

Cisco Internetwork Operating System Software

IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE

(fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright ) 1986-2008 by cisco Systems, Inc.

Compiled Mon 17-Mar-08 14:39 by dchih

<output truncated>

The following example shows a product that is running Cisco IOS Software Release 12.4(20)T with an image name of C1841-ADVENTERPRISEK9-M:

Router#show version

Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version

12.4(20)T, RELEASE SOFTWARE (fc3)

Technical Support: http://www.cisco.com/techsupport

Copyright ) 1986-2008 by Cisco Systems, Inc.

Compiled Thu 10-Jul-08 20:25 by prod_rel_team

<output truncated>

Additional information about Cisco IOS Software release naming conventions is available in "White Paper: Cisco IOS Reference Guide" at the following link:

http://www.cisco.com/warp/public/620/1.html

Workaround: There are no workarounds other than disabling NTP on the device. The following mitigations have been identified for this vulnerability; only packets destined for any configured IP address on the device can exploit this vulnerability. Transit traffic will not exploit this vulnerability.

Note: NTP peer authentication is not a workaround and is still a vulnerable configuration.

* NTP Access Group

Warning: Because the feature in this vulnerability utilizes UDP as a transport, it is possible to spoof the sender's IP address, which may defeat access control lists (ACLs) that permit communication to these ports from trusted IP addresses. Unicast Reverse Path Forwarding (Unicast RPF) should be considered to be used in conjunction to offer a better mitigation solution.

!--- Configure trusted peers for allowed access

access-list 1 permit 171.70.173.55

!--- Apply ACE to the NTP configuration

ntp access-group peer 1

For additional information on NTP access control groups, consult the document titled "Performing Basic System Management" at the following link:

http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_basic_sys_manage.html#wp1034942

* Infrastructure Access Control Lists

Warning: Because the feature in this vulnerability utilizes UDP as a transport, it is possible to spoof the sender's IP address, which may defeat ACLs that permit communication to these ports from trusted IP addresses. Unicast RPF should be considered to be used in conjunction to offer a better mitigation solution.

Although it is often difficult to block traffic that transits a network, it is possible to identify traffic that should never be allowed to target infrastructure devices and block that traffic at the border of networks.

Infrastructure ACLs (iACLs) are a network security best practice and should be considered as a long-term addition to good network security as well as a workaround for this specific vulnerability. The iACL example below should be included as part of the deployed infrastructure access-list, which will help protect all devices with IP addresses in the infrastructure IP address range:

!---

!--- Feature: Network Time Protocol (NTP)

!---

access-list 150 permit udp TRUSTED_SOURCE_ADDRESSES WILDCARD

INFRASTRUCTURE_ADDRESSES WILDCARD eq 123

!--- Note: If the router is acting as a NTP broadcast client

!--- via the interface command "ntp broadcast client"

!--- then broadcast and directed broadcasts must be

!--- filtered as well. The following example covers

!--- an infrastructure address space of 192.168.0.X

access-list 150 permit udp TRUSTED_SOURCE_ADDRESSES WILDCARD

host 192.168.0.255 eq ntp

access-list 150 permit udp TRUSTED_SOURCE_ADDRESSES WILDCARD

host 255.255.255.255 eq ntp

!--- Note: If the router is acting as a NTP multicast client

!--- via the interface command "ntp multicast client"

!--- then multicast IP packets to the mutlicast group must

!--- be filtered as well. The following example covers

!--- a NTP multicast group of 239.0.0.1 (Default is

!--- 224.0.1.1)

access-list 150 permit udp TRUSTED_SOURCE_ADDRESSES WILDCARD

host 239.0.0.1 eq ntp

!--- Deny NTP traffic from all other sources destined

!--- to infrastructure addresses.

access-list 150 deny udp any

INFRASTRUCTURE_ADDRESSES WILDCARD eq 123

!--- Permit/deny all other Layer 3 and Layer 4 traffic in

!--- accordance with existing security policies and

!--- configurations. Permit all other traffic to transit the

!--- device.

access-list 150 permit ip any any

!--- Apply access-list to all interfaces (only one example

!--- shown)

interface fastEthernet 2/0

ip access-group 150 in

The white paper entitled "Protecting Your Core: Infrastructure Protection Access Control Lists" presents guidelines and recommended deployment techniques for infrastructure protection access lists and is available at the following link:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801a1a55.shtml

* Control Plane Policing

Provided under Control Plane Policing there are two examples. The first aims at preventing the injection of malicious traffic from untrusted sources, whilst the second looks at rate limiting NTP traffic to the box.

- Filtering untrusted sources to the device.

Warning: Because the feature in this vulnerability utilizes UDP as a transport, it is possible to spoof the sender's IP address, which may defeat ACLs that permit communication to these ports from trusted IP addresses. Unicast RPF should be considered to be used in conjunction to offer a better mitigation solution.

Control Plane Policing (CoPP) can be used to block untrusted UDP traffic to the device. Cisco IOS Software Releases 12.0S, 12.2SX, 12.2S, 12.3T, 12.4, and 12.4T support the CoPP feature. CoPP can be configured on a device to help protect the management and control planes and minimize the risk and effectiveness of direct infrastructure attacks by explicitly permitting only authorized traffic that is sent to infrastructure devices in accordance with existing security policies and configurations. The CoPP example below should be included as part of the deployed CoPP, which will help protect all devices with IP addresses in the infrastructure IP address range.

!--- Feature: Network Time Protocol (NTP)

access-list 150 deny udp TRUSTED_SOURCE_ADDRESSES WILDCARD

any eq 123

!--- Deny NTP traffic from all other sources destined

!--- to the device control plane.

access-list 150 permit udp any any eq 123

!--- Permit (Police or Drop)/Deny (Allow) all other Layer3 and

!--- Layer4 traffic in accordance with existing security policies

!--- and configurations for traffic that is authorized to be sent

!--- to infrastructure devices

!--- Create a Class-Map for traffic to be policed by

!--- the CoPP feature

class-map match-all drop-udp-class

match access-group 150

!--- Create a Policy-Map that will be applied to the

!--- Control-Plane of the device.

policy-map drop-udp-traffic

class drop-udp-class

drop

!--- Apply the Policy-Map to the

!--- Control-Plane of the device

control-plane

service-policy input drop-udp-traffic

In the above CoPP example, the access control list entries (ACEs) that match the potential exploit packets with the "permit" action result in these packets being discarded by the policy-map "drop" function, while packets that match the "deny" action (not shown) are not affected by the policy-map drop function.

- Rate Limiting the traffic to the device The CoPP example below could be included as part of the deployed CoPP, which will help protect targeted devices from processing large amounts of NTP traffic.

Warning: If the rate-limits are exceeded valid NTP traffic may also be dropped.

!--- Feature: Network Time Protocol (NTP)

access-list 150 permit udp any any eq 123

!--- Create a Class-Map for traffic to be policed by

!--- the CoPP feature

class-map match-all rate-udp-class

match access-group 150

!--- Create a Policy-Map that will be applied to the

!--- Control-Plane of the device.

!--- NOTE: See section "4. Tuning the CoPP Policy" of

!--- http://www.cisco.com/web/about/security/intelligence/coppwp_gs.html#5

!--- for more information on choosing the most

!--- appropriate traffic rates

policy-map rate-udp-traffic

class rate-udp-class

police 10000 1500 1500 conform-action transmit

exceed-action drop violate-action drop

!--- Apply the Policy-Map to the

!--- Control-Plane of the device

control-plane

service-policy input drop-udp-traffic

Additional information on the configuration and use of the CoPP feature can be found in the documents, "Control Plane Policing Implementation Best Practices" and "Cisco IOS Software Releases 12.2 S - Control Plane Policing" at the following links:

http://www.cisco.com/web/about/security/intelligence/coppwp_gs.html and http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtrtlimt.html

CSCte83622

Symptoms: High CPU utilization is seen on Cisco IOS Release 12.0(33)S5 code due to "RIP Send" and "BGP Scanner".

Conditions: RIP in Cisco IOS Release 12.0(33)S does not have a separate database about the routes. When RIP has to send update packets, it will scan the whole routing table, validate each prefix and create the update packets and send out. Above event will have to happen every 15 seconds as per the timers configuration.

With a network where there are 150k routes learned by BGP, it is quite possible the routing table scan during update generation can be CPU intensive. We will see the problem of continuous rip updates and high CPU until an RIP Send process.

Please note that a Supernet prefix needs to be installed in the RIB, and RIP has to include them in its updates. If it is originated by static or other routing protocols, we will see the symptom if they are redistributed into RIP.

Workaround: Filter the Supernet redistribution. See the following example:

access-list 20 deny X.X.X.X 0.0.3.255 >>> need to add all the prefix to this acl

access-list 20 permit any

!

route-map supernet

match ip address 20

!

router rip

.

address-family ipv4 vrf vrf

redistribute protocol route-map supernet metric metric

Resolved Caveats—Cisco IOS Release 12.0(32)SY9a

Cisco IOS Release 12.0(32)SY9a is a rebuild release for Cisco IOS Release 12.0(32)SY9. The caveats in this section are resolved in Cisco IOS Release 12.0(32)SY9a but may be open in previous Cisco IOS releases.

CSCsx70889

Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service (DoS) attack if configured for IP tunnels and Cisco Express Forwarding. Cisco has released free software updates that address this vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml.

CSCsy27511

Symptoms: When a large number of AS numbers (both 2-byte AS numbers and 4- byte AS numbers) are included in the update message from a new neighbor to an old neighbor, the update message, although sent from the new neighbor, is not accepted on the old neighbor. Hence the path is not propagated further.

Conditions: This issue occurs only with an update message from a new neighbor to an old neighbor and only if the update message contains a large number of 2-byte and 4-byte AS numbers. This issue is applicable to all trains where the 4-byte AS feature is implemented.

Workaround: This issue is seen only when the neighbor that supports 4-byte AS sends an update to neighbors that do not support the 4-byte AS and when the path has a large number of AS numbers. This would not occur if both neighbors are 4-byte AS compliant.

Normally in the Internet, the number of AS values on a normal path or prefix is somewhere between 2 and 20, and for VPN prefixes it would be even fewer with a range of around 2 to 7. So if some erroneous upstream peer sends prefixes with a large number of AS numbers, it should be stopped from propagating further. The current issue will not be seen if the AS numbers are limited. This can be done by using the bgp maxas-limit command under router bgp. As a conservative approach, it would be safe to configure the bgp maxas-limit command to a value of 40 because this is a pretty decent value of the number of AS numbers that a prefix should have and is quite higher than the normal Internet values mentioned earlier. This would enable all the prefixes to be exchanged properly without encountering the current problem and would also stop the prefixes with a large number of AS values from being propagated further.

Further Problem Description: When a new neighbor sends an update message to an old neighbor, it must include both 4-byte AS numbers and 2-byte AS numbers (23456) corresponding to each 4-byte AS. While allocating size for the update message, only the total AS path length is considered; the extra space 2-byte AS inclusion for each 4-byte is not considered. This leads to the update message skipping inclusion of nlri and nexthop, which are appended after the AS path, due to a size constraint; hence the problem.

CSCsz12423

Symptoms: IP-to-MPLS packets that need to be fragmented might be dropped.

Conditions: This symptom is observed when an E4+ line card is used as ingress and an E4+, E5, or E3 line card is used as egress.

Workaround: There is no workaround.

CSCsz46285

Symptoms: MVPN traffic is punted to the line-card CPU.

Conditions: This symptom is observed on the decap side of data mdt traffic.

Workaround: There is no workaround.

CSCta33973

Recent versions of Cisco IOS Software support RFC4893 ("BGP Support for Four-octet AS Number Space") and contain two remote denial of service (DoS) vulnerabilities when handling specific Border Gateway Protocol (BGP) updates.

These vulnerabilities affect only devices running Cisco IOS Software with support for four-octet AS number space (here after referred to as 4-byte AS number) and BGP routing configured.

The first vulnerability could cause an affected device to reload when processing a BGP update that contains autonomous system (AS) path segments made up of more than one thousand autonomous systems.

The second vulnerability could cause an affected device to reload when the affected device processes a malformed BGP update that has been crafted to trigger the issue.

Cisco has released free software updates to address these vulnerabilities.

No workarounds are available for the first vulnerability.

A workaround is available for the second vulnerability.

This advisory is posted at the following link:

http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml

CSCta45402

Symptoms: In an MVPN setup with a CE connected via an MLPPP interface, auto- RP packets are not being punted to the RP and the RP entry times out after 180 seconds.

Conditions: This symptom is observed either when a link flaps on a member of the MLPPP interface or when output QoS is applied on the MLPPP interface.

Workaround:

1) RP# clear ip mroute vrf vpn 224.0.1.40

2) LC# clear ip mds all

3) Configure static RP.

4) Remove the output policy on the outgoing Multilink.

Resolved Caveats—Cisco IOS Release 12.0(32)SY9

Cisco IOS Release 12.0(32)SY9 is a rebuild release for Cisco IOS Release 12.0(32)SY. The caveats in this section are resolved in Cisco IOS Release 12.0(32)SY9 but may be open in previous Cisco IOS releases.

Basic System Services

CSCsh56561

Symptoms: Multicast traffic is getting dropped due to "Runt Packets."

Conditions: On the Engine 5 line card when multicast traffic is going out of two interfaces, of which one is a QinQ, then the other interface might detect runt or corrupt packets.

Workaround: There is no workaround.

CSCsv73509

Symptoms: When "no aaa new-model" is configured, authentication happens through the local even when tacacs is configured. This happens for the exec users under vty configuration.

Conditions: Configure "no aaa new-model," configure login local under line vty 0 4, and configure login tacacs under line vty 0 4.

Workaround: There is no workaround.

CSCsx31693

Symptoms: All L2VPN traffic is dropped for more than 1 minute around 20 to 30 seconds after another linecard is reinserted.

Conditions: This symptom is observed under the following conditions:

ToFab QoS is configured (rx-slot-cos commands).

L2VPN (both AToM and VPLS) traffic on E5 is affected.

Cisco IOS Release 12.0(32)SY7.

900 VCs are configured.

Workaround: Remove the rx-slot-cos part of the configuration.

CSCsx75004

Symptoms: In a Carriers Carrier, the CSC-PE router advertises wrong out-label. This causes the end-to-end LSP to be broken in the CSC network, and all traffic is dropped.

This problem is observed by enabling the show ip bgp label command on CSC-CE. See "Out Label" of the route is "imp-null."

Conditions: This condition is observed in routers that are running Cisco IOS Release 12.0(32)SY6.

Workaround: Configure neighbor {ip-address | peer-group-name} next-hop-self on CSC-PE.

CSCsx90461

Symptoms: A SIP 601 crashes in a PE router MVPN scenario.

Conditions: This symptom is observed while flapping core-facing or edge-facing interface.

Workaround: There is no workaround.

CSCsx94448

Symptoms: "oam-ac emulation" gets disabled.

Conditions: This symptom is observed when we configure "oam-ac emulation" or when the router is reloaded or the RP gets switched over "twice."

Workaround: Re-apply the commands to all L2 VCs after a switchover or after the router reloads.

CSCsy06379

Symptoms: In reloading the E5 with CT3, it resets three to four times, and also the core-facing E5 with 10x1GE crashes a couple of times before stabilizing.

Conditions: This symptom is observed in a scale testbed that is running an MVPN profile.

Workaround: Stop the traffic until the linecard comes up and then start the traffic.

CSCsy09839

Symptoms: QoS class of service queues are in an unallocated state on the standby RP on a router configured in SSO mode upon router reload.

Conditions: The following conditions should exist to hit this DDTS:

A Cisco 12000 series Internet router with an E3 LC configured in SSO mode.

A scale number of output service policies configured on the interfaces of the E3 LC.

A reload of the router configured in SSO mode.

Workaround: There are two workarounds:

Reload the E3 LC after the router configured in SSO mode has come up.

Remove and add the affected service policies on the E3 LC.

CSCsy42615

Symptoms: Entries for ABRs and ASBRs are missing from the OSPF route table. This results in inter-area and external routes being omitted from the Routing Information Base (RIB).

Conditions: The bug will only be seen when MPLS-TE tunnels are being used. Also, specifying non-default SPF timer values with timers throttle spf will increase the risk of hitting this bug.

Workaround: There is no workaround.

CSCsy57746

Symptoms: The standby PRP2 crashes many times during a reload.

Conditions: The problem occurs only during the boot-up process. The router:

Should have two processors (in this case PRP2) that are running SSO as the redundancy mode.

Should be running Cisco IOS Release 12.0(32)SY6e.

Should have a high scale (so a large configuration).

Should have many MLPPP interfaces.

Workaround: There is no workaround.

Further Problem Description: The standby processor crashes many times during boot-up when the router has a high scale (a large configuration) and many MLPPP interfaces.

The problem happens on a Cisco 12000 series Internet router with two PRP2s that are working in SSO mode and that are running Cisco IOS Release 12.0(32) SY6e.

After the reload, exactly when MLPPP is coming up (establishing), the Cisco 12000 series Internet router suffers high CPU utilization and it loses communication with the standby router for some seconds. When the timeout occurs (when the time expires), the router requests the standby PRP to reset.

CSCsy74390

Symptoms: ISIS adjacency is not established with an E4 SRP linecard.

Conditions: This symptom is observed when ISIS is configured between SRP interfaces with at least one end having an E4 SRP linecard.

Workaround: There is no workaround.

CSCsz55293

Symptoms: A remote third-party device is resetting the IPv6 BGP session with a Cisco 12000 router.

Conditions: BGP is exchanging only IPv6 capability with the remote EBGP peer, but IPv4 capability will be enabled by default. The remote EBGP peer is sending only IPv6 capability, and we should advertise only IPv6 prefixes because that is the capability negotiated. We are wrongly marking IPv4 capability as negotiated and advertising IPv4 prefixes, and the remote neighbor is resetting the session because IPv4 capability is not negotiated at the peer end.

Workaround: Configure a route map to deny all IPv4 prefixes, and apply it as follows:

Route-map deny-ipv4 deny 10

Router bgp <asnum>
address-family ipv4
Neighbor <IPv6Address> activate
Neighbor <IPv6Address> route-map <deny-ipv4> out

Resolved Caveats—Cisco IOS Release 12.0(32)SY8

Cisco IOS Release 12.0(32)SY8 is a rebuild release for Cisco IOS Release 12.0(32)SY. The caveats in this section are resolved in Cisco IOS Release 12.0(32)SY8 but may be open in previous Cisco IOS releases.

CSCed55180

Symptoms: After a Stateful Switchover (SSO) occurs on a Cisco 7500 series, the traffic interruption may last longer than you would expect.

Conditions: This symptom is observed on Cisco 7500 series that runs Cisco IOS Release 12.2(22)S and that is configured with a Route Switch Processor 4 or 8 (RSP4 or RSP8) when the router is configured with a large number (100,000) of Border Gateway Protocol (BGP) routes and Ethernet interfaces that process traffic.

Workaround: There is no workaround. One way to help reduce the length of the traffic interruption is to add static ARP entries.

CSCsf04035

Symptoms: Upon an SSO switchover, on the new active RP, the MFR interface shows the default bandwidth value instead of the actual bandwidth, which is based on the available bundle links.

Conditions: This symptom is observed on a Cisco 7600 router that is running 12.2SR software and on a Cisco 12000 series Internet router that is running 12.0SY software.

Workaround: Recycle the MFR interface to reset the bandwidth to the correct value.

CSCsf26043

Symptoms: IS-IS protocol packets may not be classified as high-priority. When this situation occurs during stress conditions and when the IS-IS protocol packets are mixed with other packets, the IS-IS protocol packets may be dropped because of their low-priority.

Conditions: This symptom is observed on a Cisco platform that is configured for Selective Packet Discard (SPD).

Workaround: Ensure that DSCP rewrite is enabled and then enter the following command:

mls qos protocol isis precedence 6

CSCsg00102

Symptoms: SSLVPN service stops accepting any new SSLVPN connections.

Conditions: A device configured for SSLVPN may stop accepting any new SSLVPN connections, due to a vulnerability in the processing of new TCP connections for SSLVPN services. If "debug ip tcp transactions" is enabled and this vulnerability is triggered, debug messages with connection queue limit reached will be observed. This vulnerability is documented in two separate Cisco bug IDs, both of which are required for a full fix: CSCso04657 and CSCsg00102.

CSCsh77360

Symptoms: An ATM local switching connection is up on a Cisco 7600. If the ATM interfaces are removed via the SONET controller (these are channelized ATM interfaces; hence they are dynamically created from "controller SONET..." configuration), the Cisco 7600 will reload when a "show running-config" command is issued.

Conditions: This symptom always occurs for SONET controller ATM interfaces doing local switching if the above sequence of steps is done.

Workaround: Unconfigure all ATM local switching connections (configured via the "connect ..." command) before removing the ATM interfaces via the SONET controller.

CSCsi57031

Symptoms: On a pseudowire that is configured on an OC-12 ATM interface, when you delete the oam-ac emulation-enable command, enter the write memory command, and then initiate an SSO switchover, the new standby PRE continues to reboot because of a configuration mismatch with the new active PRE.

Conditions: This symptom is observed on a Cisco 10000 series when the new active PRE has the oam-ac emulation-enable command in its configuration but the new standby PRE does not, causing a configuration mismatch. The symptom may not be platform-specific.

Workaround: Reload the new active PRE, then remove the oam-pvc manage 0 command from its configuration.

CSCsi68795

Symptoms: A PE that is part of a confederation and that has received a VPNv4 prefix from an internal and an external confederation peer, may assign a local label to the prefix despite the fact that the prefix is not local to this PE and that the PE is not changing the BGP next-hop.

Conditions: The symptoms are observed when receiving the prefix via two paths from confederation peers.

Workaround: There is no workaround.

Further Problem Description: Whether or not the PE will chose to allocate a local label depends on the order that the multiple paths for this VPNv4 prefix are learned. The immediate impact is that the local label allocated takes up memory in the router as the router will populate the LFIB with the labels.

CSCsi77983

Symptoms: Netflow cache runs out of space for new flow entry when customer uses heavy traffic.

Conditions: Large amount of traffic which could exhaust netflow cache.

Workaround: There is no workaround.

CSCsi97315

Symptoms: When you remove the neighbor peer-group-name fall-over bfd command for a peer group, the configuration is not removed from the members of the peer group, and the members may still register with through Bidirectional Forwarding Detection (BFD).

Conditions: This symptom is observed on a Cisco router that has the following configuration:

router bgp as-number
 neighbor peer-group-name peer-group
 neighbor peer-group-name remote-as as-number
 neighbor peer-group-name fall-over bfd
 neighbor ip-address peer-group peer-group-name

When you enter the neighbor peer-group-name fall-over bfd command, the IP address that is associated with this command is not removed.

Workaround: Remove and reconfigure the neighbor.

CSCsk07875

Symptoms: MPLS LDP autoconfig functionality is broken in OSPF.

Conditions: This symptom is observed in the following two scenarios:

When adding all areas via the mpls ldp autoconfig command and removing a specific area via the no mpls ldp auto area X command, LDP is disabled.

If you disable LDP autoconfig completely and enable the mpls ldp autoconfig command for all OSPF areas, LDP does not come up until you enable the specific area X via the mpls ldp autoconfig area X command.

Workaround: Enable the specific area with the following command:

mpls ldp autoconfig area X

CSCsk64158

Symptoms: Several features within Cisco IOS software are affected by a crafted UDP packet vulnerability. If any of the affected features are enabled, a successful attack will result in a blocked input queue on the inbound interface. Only crafted UDP packets destined for the device could result in the interface being blocked, transit traffic will not block the interface.

Cisco has released free software updates that address this vulnerability.

Workarounds that mitigate this vulnerability are available in the workarounds section of the advisory. This advisory is posted at the following link:

http://www.cisco.com/warp/public/707/cisco-sa-20090325-udp.shtml

CSCsl51616

Symptoms: The v6-vrf-lite configuration does not synch properly with the standby; hence 100 percent of the traffic is lost after an SSO switchover.

Conditions: The conditions under which this symptom is observed are unknown.

Workaround: There is no workaround.

CSCsl61164

Symptoms: Router may crash @ipflow_fill_data_in_flowset when changing flow version.

Conditions: Occurs when netflow is running with data export occurring while manually changing the flow-export version configuration from version 9 to version 5 and back to version 9 again.

Workaround: Do not change the netflow flow version while the router is exporting data and routing traffic.

CSCsm27071

A vulnerability in the handling of IP sockets can cause devices to be vulnerable to a denial of service attack when any of several features of Cisco IOS software are enabled. A sequence of specially crafted TCP/IP packets could cause any of the following results:

The configured feature may stop accepting new connections or sessions.

The memory of the device may be consumed.

The device may experience prolonged high CPU utilization.

The device may reload. Cisco has released free software updates that address this vulnerability.

Workarounds that mitigate this vulnerability are available in the "workarounds" section of the advisory. The advisory is posted at:

http://www.cisco.com/warp/public/707/cisco-sa-20090325-ip.shtml

CSCsm49112

Problem Description: When eBGP sessions that carry a full routing table (200,000+ routes) are brought up, a prolonged period of 100-percent CPU utilization (5 to 7 minutes) is experienced.

During this time, the router is unresponsive in the CLI, and it stops responding to icmp/snmp polls.

The router is a Cisco 12406/PRP and is running Cisco IOS Release 12.0(32)S5 (c12kprp-k4p-mz.120-32.S5).

When bringing up a BGP session with a full routing table, the router seems to load the first several thousand prefixes quickly and then stops dead for several minutes before loading the rest.

Workaround: After changing the outbound prefix list on the eBGP session to a deny all (ip prefix-list test-nothing-out seq 1 deny 0.0.0.0/0 le 32), clearing the BGP session does not produce the problem anymore.

CSCsm86832

Symptoms: The line protocol of the serial interface keeps flapping.

Conditions: This symptom is observed after the Atlas BERT pattern is run on a fractional T1 (1 or 2 timeslots).

Workaround: Add/Remove the T1.

CSCso04657

Symptoms: SSLVPN service stops accepting any new SSLVPN connections.

Conditions: A device configured for SSLVPN may stop accepting any new SSLVPN connections, due to a vulnerability in the processing of new TCP connections for SSLVPN services. If "debug ip tcp transactions" is enabled and this vulnerability is triggered, debug messages with connection queue limit reached will be observed. This vulnerability is documented in two separate Cisco bug IDs, both of which are required for a full fix: CSCso04657 and CSCsg00102.

CSCso54167

Symptoms: BGP peers are stuck with table versions of 0. BGP peers do not announce any routes to neighbors.

Conditions: Whenever the interfaces flap with online insertion and removal (OIR) multiple times, all of the BGP peers using such interfaces for peering connections encounter this issue.

Workaround: Delete and reconfigure the neighbor.

CSCso87348

Symptoms: A Catalyst 6500 or a Cisco 7600 may reload unexpectedly.

Conditions: Occurs when NetFlow is configured on one of the following:

Cisco 7600 running Cisco IOS Release 12.2(33)SRC.

Catalyst 6500 running Cisco IOS Release 12.2SXH.

Workaround: Disable NetFlow. This is done with the following commands:

no ip flow ingress
no ip flow egress
no ip route-cache flow

Enter the appropriate command for each subinterface for which NetFlow is currently configured.

Other Notes:

Only the 12.2SRC and 12.2SXH code trains are affected. The specific versions affected are 12.2(33)SXH, 12.2(33)SXH1, 12.2(33)SXH2, 12.2(33)SXH2a, 12.2(33)SRC, and 12.2(33)SRC1.

The issue is fixed in the two affected code trains from the 12.2SXH3 and 12.2SRC2 releases onwards. However, for the SXH train, Cisco would recommend the use of SXH4 due to ddts CSCso71955.

The following release trains do not have this issue: 12.2(18)SXF, 12.2(33)SRA, 12.2(33)SRB, 12.2(33)SXI, and all other release trains after those affected.

CSCso92169

Symptoms: A traceback is seen on the E3 and E5 line cards.

Conditions: This symptom is observed under normal traffic conditions after a clear ip route * command is issued.

Workaround: There is no workaround.

CSCsq31233

Symptoms: The following error messages are received on a 1xoc12 eng3 line card:

SEC 8:May 16 06:41:09.216: %IDBINDEX_SYNC-3-IDBINDEX_ENTRY_SET: Cannot set
entry to interface index table: "", 73
-Process= "RP Standby", ipl= 0, pid= 63
-Traceback= 20A640 20A748 11D29D8 27F7A8 281F80 439B64 436AC4 5187B8 4FF360
5006FC 523434 240B7C 5C0514 5C0A14 34BC74 350B0C
SEC 8:May 16 06:41:09.216: %FIB-2-HW_IF_INDEX_ILLEGAL: Attempt to create CEF
interface for Serial4/0.1/1:1 with illegal index: -1
-Traceback= 20A640 20A748 178438 17A198 17A7E8 17A980 439C1C 436ACC 5187B8
4FF360 5006FC 523434 240B7C 5C0514 5C0A14 34BC74
SEC 8:May 16 06:41:09.216: %EERP-2-UIDB_ERR: Unable to allocate resources.
Null fibhwidb for free 0

Conditions: This symptom is observed when either of the two tasks mentioned below is performed in the specific order and HA is configured in SSO mode.

A. Configure/Unconfigure channels:

1. Under sonet framing, configure some T1 lines.

2. Unconfigure these T1 lines.

3. Change the framing to sdh and configure some E1 lines.

4. Unconfigure these E1 lines.

5. Change the framing to sonet and configure some T1 lines.

B. Change framing:

1. Change the framing without deleting all the channels; a warning message to delete all channels before changing the framing will be issued.

2. Delete all the channels.

3. Change the framing multiple times from sonet to sdh, from sdh to sonet, and then from sonet to sdh again.

Workaround: There is no workaround.

CSCsq31776

Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service (DoS) attack if configured for IP tunnels and Cisco Express Forwarding. Cisco has released free software updates that address this vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml.

CSCsq45502

Symptom: Serials that are part of MLPPP/MFR remain in a down state. This issue can also happen for serial interfaces with PPP, FR, and HDLC encapsulation.

Conditions: This symptom is observed when T1/E1 controllers remain down. Trigger for this issue is not clear.

Workaround: There is no workaround.

CSCsq96435

Symptoms: Line cards get stuck in the WAITRTRY state after an RP switchover and a router reload.

Conditions: This symptom is observed on a Cisco 12810 and 12816 Internet series router that is booted with Cisco IOS Release 12.0(32)S11. The symptom is seen on both E4+ and E6 line cards and also during reload.

Workaround: There is no workaround.

CSCsr16693

A series of TCP packets may cause a denial of service (DoS) condition on Cisco IOS devices that are configured as Easy VPN servers with the Cisco Tunneling Control Protocol (cTCP) encapsulation feature. Cisco has released free software updates that address this vulnerability. No workarounds are available; however, the IPSec NAT traversal (NAT-T) feature can be used as an alternative.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090325-ctcp.shtml.

Note: The March 25, 2009, Cisco IOS Security Advisory bundled publication includes eight Security Advisories. All of the advisories address vulnerabilities in Cisco IOS Software. Each advisory lists the releases that correct the vulnerability or vulnerabilities in the advisory. The following table lists releases that correct all Cisco IOS Software vulnerabilities that have been published in Cisco Security Advisories on March 25, 2009, or earlier.

http://www.cisco.com/warp/public/707/cisco-sa-20090325-ctcp.shtml#software

CSCsr22043

Symptoms: A controller goes into an admin down state.

Conditions: This symptom is observed when an STS path under the SONET controller is shut down.

Workaround: Perform a no shutdown on the controller.

CSCsr53541

Symptoms: A TE tunnel from a mesh group disappears after the tailend router is reloaded.

Conditions: The IGP is OSPF, and OSPF is used to advertise the mesh-group membership. The problem appears only if the OSPF network type is point-to- point.

Workaround: Enter the clear mpls traffic-eng auto-tunnel mesh command after the TE tunnel disappears from the mesh group.

CSCsr64777

Symptoms: A router crashes because of a block overrun (overwriting the memory block).

Conditions: This symptom is observed only when NetFlow version 5 is used.

Workaround: NetFlow version 9 could be used for exporting.

CSCsr64998

Symptoms: Low BGP keepalive timer sessions flap too often during periods of high CPU utilization.

Conditions: This symptom is observed when low BGP keepalive timers are set (for example, 20/60, 10/30, 1/3). This symptom is specific to Cisco IOS Release 12.0S and 12.4T.

Workaround: Do not configure very aggressive BGP keepalive timers. Also, try not to overload the CPU.

CSCsr67137

Symptoms: An Engine 3 (E3) Channelized OC12 (CHOC12) line card can reload after a switchover in Route Processor Redundancy Plus (RPR+) mode.

Conditions: This symptom is observed on a Cisco 12416 Internet series router:

The router is booted with Cisco IOS Release 12.0(32)S11n and contains the following:

Redundant PRP-2 processor running in RPR+ mode.

E3 CHOC12 line card.

All other slots in the chassis are populated with E3, E4+, and E5 line cards.

Workaround: There is no workaround.

CSCsr68528

Symptoms: When there is heavy traffic on the 10-GE SPA (that is, 80 percent or more of line rate), and the interface is shut/no shut, there is a low probability that the interface may become stuck and incorrectly send pause frames on the connected link, interrupting traffic flow.

Conditions: This symptom is observed when the link is shut/no shut while there is a high level of traffic on the link.

Workaround: Add and remove auto-negotiation on the interface configuration to recover the link.

CSCsr71139

Symptoms: The following messages are displayed in the syslog:

%QM-4-SW_SWITCH: Interface GigabitEthernet7/0/1.558 routed traffic will be software switched in egress direction(s)

Another symptom is that the "show policy-map interface" command for the affected interface displays "Class of service queue: 0" for all queues.

Conditions: These symptoms are observed on Engine 5 line cards when attaching to an interface a policy map that requires more WRED resources than what is available in the line card.

Workaround: Verify whether the line card has enough WRED resources available before attaching a new policy map to one of its interfaces.

Further Problem Description: On Engine 5 line cards, when attaching to an interface a policy map that requires more WRED resources than what is available in the line card, no verification for available WRED resources is performed and the command is accepted. This is because Engine 5 line cards, as opposed to Engine 3 line cards, have Line Card Based QoS Manager. Because the policy cannot be programmed in hardware (there are not enough RED resources), the traffic is punted to the line card CPU (that is, it is software-switched). This fix makes the error message more prominent.

CSCsr79573

Symptoms: The member link of a multilink bundle goes into an up/down state.

Conditions: This symptom is observed when multilink is swapped from one multilink bundle to another multilink bundle through a script.

Workaround: Enter the hw-module subslot slot/subslot reload command.

CSCsr85656

Symptoms: On removal of an xconnect from the L2 transport PVC (ATM portmode), the policy map is not removed and entries still exist.

Conditions: This symptom is observed when an xconnect is removed from the L2 transport PVC (ATM portmode).

Workaround: Remove the policy map first and then remove the xconnect configuration.

CSCsr88705

Symptoms: Redistributed routes are not being advertised after a neighbor flap.

Conditions: This symptom is observed if BGP is redistributing local routes and if there are multiple neighbors in the same update-group and then a neighbor flaps. For the flapped neighbor, some redistributed routes are not being advertised.

Workaround: Undo and redo the redistribution.

CSCsr99774

Symptoms: An engine 5 line card is queueing on egress the GRE precedence rather than the original IP packet precedence.

Conditions: This symptom is observed under the following conditions:

1. Send MVPN traffic.

2. Configure an egress QoS policy on the decap side.

3. Configure a QoS policy in the core to set the GRE IP precedence.

Workaround: There is no workaround.

CSCsu09595

Symptoms: A SIP-601 crashes while changing the CRC/encap/MTU on MLPPP and MFR.

Conditions: This symptom is observed under the following conditions:

1. Change the CRC of the members of the bundle (from crc 16 to 32 and then back again to crc 16).

2. Remove the members from the bundle.

3. Add serials back to MFR and MLPPP.

4. Change the MTU.

5. Flap the links (serials and bundle).

Workaround: There is no workaround.

CSCsu12146

Symptoms: On a Cisco 12404 that is running Cisco IOS Release 12.0(32)SY5, a SIP-401 reloads when lawful intercept (LI) is used on it.

Conditions: This symptom is observed when LI is activated.

Workaround: Deactivate LI.

CSCsu33246

Symptoms: IPv6 PIM RP embedded functionality is not working properly in Cisco IOS Release 12.0(32)S or Release 12.0(32)SY even after the fix for CSCsf28907.

Conditions: If a first-hop router (that is connected to the IPv6 multicast source) is configured for a PIM RP embedded operation, the register packets will not be sent to the RP and the mroute table will remain in the Registering state. No IPv6 multicast traffic will flow.

Workaround: Configure an IPv6 PIM static RP.

CSCsu36958

Symptoms: A router cannot be reloaded after the RP switches over three times.

Conditions: The router restarts three times, and each time due to watchdog timeout due to failure to allocate memory. This symptom is related to a flood of multicast messages. Once this symptom occurs, attempts to manually reload the router are unsuccessful as the NVRAM is locked, indicating that it is being updated.

Workaround: There really is no workaround except to manually remove and re- insert the RP or power-cycle the chassis.

CSCsu41338

Symptoms: Set cos is not being applied for VPLS packets in E5 Gig. The source MAC address of the VPLS packet from the disposition PE is getting corrupted.

Conditions: This symptom is observed only for VPLS packets in E5 cards when a service policy with set cos is applied to the egress interface of the disposition PE.

Workaround: There is no workaround.

CSCsu54160

Symptoms: An RP becomes stuck.

Conditions: This symptom is observed after an SSO mode redundancy force switchover is executed.

Workaround: Reload the secondary RP.

CSCsu59282

Symptoms: The following message is continuously seen on SSO switchover even if the maximum scale numbers are not configured.

%RP-3-ENCAP: Failure to allocate encap table entry, exceeded max number of entries, slot 3 (info 0xC0000

Conditions: This symptom is observed upon SSO switchover.

Workaround: Reload the RP.

CSCsu61336

Symptoms: The prefix of a serial interface that is configured for PPP or HDLC and that functions as a passive interface for IS-IS may not be installed in the local IS-IS database.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(18)SXF6 but is not release-specific.

Workaround: Remove and reconfigure the passive-interface command.

First Alternate Workaround: Enter the clear isis * command.

Second Alternate Workaround: Enter any command that triggers the generation of the local IS-IS database.

CSCsu63081

Symptoms: The delay triggers path delay command does not function as it is provisioned on an E3 CHOC12 controller.

Conditions: This symptom is observed on a Cisco 12000 Internet series router booted with c12kprp-p-mz.120-32.S11n. This router contains an E3 CHOC12 line card.

Workaround: There is no workaround.

CSCsu66119

Symptoms: If "set exp" is configured on the ingress AC, local switching (AC - AC) traffic does not copy the exp value to the cos bits in the egress direction.

Conditions: This symptom is observed with E3 as ingress and "set exp" configured on VPLS interface.

Workaround: There is no workaround.

CSCsu73675

Symptoms: In the case of E5 AToM QinQ, set cos is being set on the inner vlan_id.

Conditions: This symptom is observed in an E5 AToM with QinQ configuration that has set cos in the policy map.

Workaround: There is no workaround.

CSCsu74140

Symptoms: In E5 L2TPv3 dot1q set cos is not setting on the vlan-id.

Conditions: This symptom is observed in a configuration that has set cos in the policy.

Workaround: There is no workaround.

CSCsu79988

Symptoms: Before this BGP aspath memory optimization, the memory consumption for aspath has increased. With this memory optimization, the memory consumption for aspath has reduced.

Workaround: There is no workaround.

CSCsu84357

Symptoms: The show mac address-table bridge-domain domain command may display unexpected MAC addresses.

Conditions: This symptom has been reported on a Cisco 12000 series Internet router that is configured with VPLS. When a service policy with input policing is applied on an interface that also has bridge-domain configured and when police drops happen, ghost MAC addresses are present in the MAC address table for that bridge-domain ID.

Workaround: There is no workaround. But no immediate impact on system behavior has been observed.

Further Problem Description: This issue can occur with either ACL drops or policer drops on a VPLS-enabled interface. If there are no ACL or CAR drops, this issue will not occur.

This unexpected MAC address might conflict with another real MAC address and may lead to some other issues such as traffic being sent over the wrong interface for the same customer.

Let us assume that the customer is having two ACs on the same PE and that AC1 learned the proper MAC address and the unexpected MAC address. If this unexpected MAC address is a valid MAC address on AC2, then the traffic for this MAC address may be sent to AC1 instead of to AC2.

CSCsu86288

Symptoms: A line card on a Cisco 12000 series Internet router generates tracebacks during LI provisioning while installing a 50th tap request. After the appearance of the first traceback, LI functionality stops working for newly requested taps.

Conditions: This symptom is observed when there are 48 active taps and 2 new taps arrive.

Workaround: Reload the line card or the whole router.

CSCsu89509

Symptoms: When PEM PS is inserted, there is an increase in CPU utilization by the PowerMgr Main process. The utilization is from 10 percent to 99 percent; the difference is caused by inserting timing.

Conditions: This issue is observed under the following conditions:

16-slot chassis

Enhanced fabric

Enhanced CSC

DC PEM

Workaround: There is no workaround.

CSCsu92317

Symptoms: Pings fail on an MLPPP interface.

Conditions: There is an MFR interface used for L2 services such as xconnect and an MLPPP interface on the same SPA. When the member links are removed/added from these bundles back-to-back, the ping on the MLPPP interface may fail. This symptom is observed so far only on E5 cards.

Workaround: Reload the line card.

CSCsu93472

Symptoms: Whenever a service policy that has an action as bandwidth or shaping is applied as output to the core-facing interface in an imposition PE in a VPLS setup, the egress multicast packets that are passing through the core-facing interface are being dropped.

Conditions: This symptom is observed when:

A service policy with action as bandwidth or shaping is applied as output to the core-facing interface in an imposition PE in a VPLS setup; and

Multicast traffic is flowing through the interface.

Workaround:

1) Remove and re-add the bridge-domain.

2) Reload the ingress line card that has bridge-domain configured on it.

CSCsv00039

Symptoms: A customer observed the following messages in the log:

SLOT 0:Sep 26 13:30:48.693: %TX192-3-PAM_MODULE: status = 0x2, mask= 0x3F - MODULE: Error signal from PIM module. SLOT 0:Sep 26 13:30:48.697: %TX192-3-PAM_PIM: status = 0x2D6, mask= 0x181 - PIM: header start offset >= 16kB. SLOT 0:Sep 26 13:30:58.313: %TX192-3-PAM_MODULE: status = 0x2, mask= 0x3F - MODULE: Error signal from PIM module. SLOT 0:Sep 26 13:30:58.317: %TX192-3-PAM_PIM: status = 0x356, mask= 0x181 - PIM: header pkt length >= 16kB. SLOT 15:Sep 26 13:33:37.718: %TX192-3-PAM_MODULE: status = 0x2, mask= 0x3F - MODULE: Error signal from PIM module.

The PAM_PIM created confusion as it was being referred to Protocol Independent Multicast and not to the Packet Assembly Module/Packet Interface Module.

Conditions: This symptom occurs because of a corrupted packet.

Workaround: There is no workaround.

CSCsv04836

Multiple Cisco products are affected by denial of service (DoS) vulnerabilities that manipulate the state of Transmission Control Protocol (TCP) connections. By manipulating the state of a TCP connection, an attacker could force the TCP connection to remain in a long-lived state, possibly indefinitely. If enough TCP connections are forced into a long-lived or indefinite state, resources on a system under attack may be consumed, preventing new TCP connections from being accepted. In some cases, a system reboot may be necessary to recover normal system operation. To exploit these vulnerabilities, an attacker must be able to complete a TCP three-way handshake with a vulnerable system.

In addition to these vulnerabilities, Cisco Nexus 5000 devices contain a TCP DoS vulnerability that may result in a system crash. This additional vulnerability was found as a result of testing the TCP state manipulation vulnerabilities.

Cisco has released free software updates for download from the Cisco website that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090908-tcp24.shtml.

CSCsv08408

Symptoms: A router may crash due to a bus error due to an illegal access to a low address because IPC is processing a message that is already returned back to the pool, but still the message's reference is present in IPC's retry table.

Conditions: The conditions under which this symptom occurs are not known.

Workaround: There is no workaround.

CSCsv15604

Symptoms: E4+ on a Cisco 12000 series Internet router stops exporting netflow. Show commands display that packets are correctly captured and exported.

Conditions: Traffic should flow through an E4+ and go out through an E5, which has to be MPLS enabled.

Workaround:

1) Change the outbound interface configuration to IP.

2) Add a static route for the NFC using the non-recursive next hop.

CSCsv23328

Symptoms: Default Q-limit is not getting doubled for low-speed interfaces.

1) Non-channelized SPA

2) For policy without queueing action on non-channelized SPA

Conditions: Default Q-limit for low-speed interfaces should be doubled as required.

This should be done only for low-speed interfaces. Rates that will get 64K queue-limit and above. i.e starting from 32K, the queue-limits will not get doubled.

For example, 64K in will be trimmed to 32K from this release onward and likewise for further queue-limits. Also, it is taken care that the class rate ranges 2097152 - above will get max_queue_depth of 256K as they always got.

For more info, please also refer to DDTS CSCsu60240.

Workaround: Reload the SPA.

CSCsv27470

Symptoms: An Engine 3 CHOC12 fails to bring the T1 controller link down when the delay triggers path command is configured.

Conditions: Shutting down the remote end T1 controller or CHOC12 T1 controller receive AIS will not cause the T1 link to go to down state.

Workaround: Do not configure the delay triggers path command on the CHOC12 SONET controller.

CSCsv57665

Symptoms: A router is not learning MAC addresses when unknown multicast traffic (packet size greater than min_mtu for that VFI towards core) is sent.

Conditions: This symptom is observed when the MTU of the core-facing interface is changed to some value less than the default value and then is increased back to the default. The min_mtu is stuck on the lesser value.

Workaround: There is no workaround.

CSCsv74508

Symptom: If a linecard is reset (either due to error or a command such as hw-module slot reload) at the precise time an SNMP query is trying to communicate with that LC, the RP could reset due to a CPU vector 400 error.

Conditions: In order to experience these symptoms the linecard is reset (either due to error or a command such as hw-module slot reload) at the precise time an SNMP query is received.

Workaround: There is no workaround.

CSCsv94306

Symptoms: On a Cisco 12000 series Internet router E5/SPA POS interface, FRR reroute may take up to 700 msec.

Conditions: This symptom is observed when the far-end RX fiber of the POS link is removed.

Workaround: Configure the pos delay triggers command on the interface to reduce delay in FRR.

Further Problem Description: When the RX fiber is removed on the far-end of the POS interface, the far-end router is supposed to send LRDI to the Cisco 12000 series Internet router, and the LRDI will trigger the FRR reroute. The E5/SPA current implementation is that remote end SONET alarm does not trigger FRR in interrupt mode; it triggers FRR only in process context, which may take up to 700 msec to converge.

CSCsv96395

Symptoms: A SIP-400 and SIP-601 crash continuously after the image is loaded.

Conditions: After the 32SY 11_23-date-coded image is loaded, SIP crashes when channelized SPAs come up.

Workaround: There is no workaround.

CSCsw17389

Symptoms: A SPA_PLIM-3-HEARTBEAT failure and tracebacks are seen for channelized SPAs. All the traffic in the ingress direction is dropped.

Conditions: With traffic present, configure aggregate NF scheme on 4XT3/E3 SPA; channelized SPAs get stuck in the booting state. (SIP comes up fine to IOS RUN state.)

Workaround: Perform a microcode reload to make the SPAs come up.

CSCsw24700

Cisco IOS software contains two vulnerabilities within the Cisco IOS WebVPN or Cisco IOS SSLVPN feature (SSLVPN) that can be remotely exploited without authentication to cause a denial of service condition. Both vulnerabilities affect both Cisco IOS WebVPN and Cisco IOS SSLVPN features:

1. Crafted HTTPS packet will crash device - Cisco Bug ID CSCsk62253.

2. SSLVPN sessions cause a memory leak in the device - Cisco Bug ID CSCsw24700.

Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities. This advisory is posted at the following link:

http://www.cisco.com/warp/public/707/cisco-sa-20090325-webvpn.shtml

CSCsw31009

Symptoms: CEF Scanner takes high CPU for sustained periods of time around 10 minutes.

Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0(32)S11n. It is seen under the following conditions:

When multiple eiBGP paths exist for a certain prefix and the eBGP path is recursive through the attached next-hop.

A large number of prefixes that have one iBGP path that is recursive through an IGP route that has one path, and one iBGP path that is recursive through an IGP route that has multiple paths.

A route modification for load-balanced prefix.

Workaround: Configure a static route.

CSCsw34455

Symptoms: After a reboot, GEs remain down/down on a SPA-10X1GE-V2.

Conditions: This symptom is observed on a Cisco 12000 series Internet router that is using a 12000-SIP-601 with a SPA-10X1GE-V2 and Cisco IOS Release 12.0 (32)SY6.

Workaround: Shut and unshut the port that is down/down.

CSCsw35638

Symptoms: When a Cisco router is the Merge Point (MP) for a protected TE tunnel, and FRR is triggered, two things happen:

The primary LSP goes down, and traffic is lost on the protected tunnel.

Any PLR that is downstream of the failure will lose its backup.

Conditions: When a competitor's router is a point of local repair (PLR) and a Cisco router is a merge point, then when FRR is triggered, the Cisco router drops the backup tunnel (in some cases immediately and in other cases after 3 minutes). This causes the primary tunnel that is protected by this backup to go down. The issue has been identified as related to the fact that session attribute flags (link/node protection desired) are being cleared by the competitor PLR when the Path is sent over the backup tunnel.

Workaround: There is no workaround.

CSCsw47868

Symptoms: An IPv6 ping fails on an E3 Gigabit line card because of a PRECAM 1 Exception.

Conditions: This issue pertains to the dropping of IPv6 packets because of a precam exception on the egress side. It looked as if the profile for IPv6 was wrong when IPv4 QoS was already applied even on different subinterfaces on the same port.

Workaround:

1) Add/Remove an ACL.

2) Add/Remove the subinterface.

CSCsw51017

Symptoms: In the case of egress MVPN QoS, some packets are going to the wrong queue.

Conditions: This symptom is observed with an egress MVPN QoS configuration.

Workaround: There is no workaround.

CSCsw64956

Symptoms: The no ppp lcp fast-start command is added to all PPP-encapsulation interfaces.

Conditions: This symptom is observed after a router is upgraded from Cisco IOS Release 12.0(32)SY7 to the latest 32sy throttle image.

Workaround: There is no workaround.

CSCsw69322

Symptoms: Given the following topology:

PE1 (CT32/2/1) <------- > (CT34/0/1) CE1

Configuring t1 <1-28> loopback remote line feac at PE1 and then removing the loopback causes the serial interface at CE1 to start flapping continuously.

Conditions: All the interfaces should be up and running.

Workaround: There is no workaround.

CSCsw75136

Symptoms: Policy is not applied, and CEF gets disabled.

Conditions: Load the latest 32sy8 with a large QoS policy on the E3 Gigabit line card.

Workaround: There is no workaround.

CSCsw79733

Symptoms: RTP timestamp is getting corrupted with a sequence of RTP packets.

Conditions: Conditions are FH/cRTP/cUDP/cRTP. cUDP is sent if there is some change in RTP header like the Marker bit is set, the payload type changes, the CSRC list is there. This symptom is seen only with the IPHC compression format.

Workaround: Configure the IETF compression format.

CSCsw80606

Symptoms: A router crashes.

Conditions: This symptom is observed when the copy scp: disk0: command is issued to transfer the file to disk0: of the router.

Workaround: There is no workaround.

CSCsw82329

Symptoms: A SIP-601 crashes continuously. The line card (LC) stops crashing when the SPA-1XCHSTM1/OC3 SPA is shut. The LC does not stop crashing with any other exercise like LC OIR, SPA OIR, or router reload.

Conditions: This symptom was observed while the router was being brought up. The router was initially shut and was later powered up.

Workaround: Shut the SPA to cause the LC to stop crashing.

CSCsw92550

Symptoms: In a scaled mVPN setup, expect PIM with other PEs over tunnel to flap when the master line card is reloaded.

Conditions: This defect can be observed with the latest 12.0(32)S- and 12.0(32)SY-based Cisco IOS images on the Cisco 12000 series Internet router.

Workaround: There is no workaround.

CSCsx08901

Symptoms: The following message is received from the standby RP:

SEC 8:Jan 13 23:11:09.991: SPA CHOCX ALARM MSG:
spa_chocx_update_sonet_ctrlr_alarm_status : mib is NULL plugin = 0xA7357E4
line_id = 0
SEC 8:Jan 13 23:11:09.991: -Traceback= 20E8FC 929F50 929E1C 929D64 928B58
928A98 9335D8 4FAA38 4C09E0 362A84 35EED8 35EF30 2F92DC
Jan 13 23:11:10.987 UTC: %SONET-4-ALARM: SONET 14/2/0: SLOS
Jan 13 23:11:10.987 UTC: %CONTROLLER-5-UPDOWN: Controller SONET 14/2/0,
changed state to down
SEC 8:Jan 13 23:11:10.991: spa_chocx_update_sonet_ctrlr_alarm_status :
mib is NULL plugin = 0xA7357E4 line_id = 0
SEC 8:Jan 13 23:11:10.991: -Traceback= 20E8FC 929F50 929E1C 929D64 928B58
928A98 9335D8 4FAA38 4C09E0 362A84 35EED8 35EF30 2F92DC

Conditions: This symptom is observed after the framing on the chstm1 spa card is changed.

Workaround: There is no workaround.

CSCsx10140

Recent research (1) has shown that it is possible to cause BGP sessions to remotely reset by injecting invalid data, specifically AS_CONFED_SEQUENCE data, into the AS4_PATH attribute provided to store 4-byte ASN paths. Since AS4_PATH is an optional transitive attribute, the invalid data will be transited through many intermediate ASes which will not examine the content. For this bug to be triggered, an operator does not have to be actively using 4-byte AS support.

The root cause of this problem is the Cisco implementation of RFC 4893 (4-byte ASN support) - this RFC states that AS_CONFED_SEQUENCE data in the AS4_PATH attribute is invalid. However, it does not explicitly state what to do if such invalid data is received, so the Cisco implementation of this RFC sends a BGP NOTIFICATION message to the peer and the BGP session is terminated.

RFC 4893 is in the process of getting updated to avoid this problem, and the fix for this bug implements the proposed change. The proposed change is as follows:

"To prevent the possible propagation of confederation path segments outside of a confederation, the path segment types AS_CONFED_SEQUENCE and AS_CONFED_SET [RFC5065] are declared invalid for the AS4_PATH attribute. A NEW BGP speaker MUST NOT send these path segment types in the AS4_PATH attribute of an UPDATE message. A NEW BGP speaker that receives these path segment types in the AS4_PATH attribute of an UPDATE message MUST discard these path segments, adjust the relevant attribute fields accordingly, and continue processing the UPDATE message."

The only affected version of Cisco IOS that supports RFC 4893 is 12.0(32)S12, released in December 2008.

For more information, please visit:

http://www.merit.edu/mail.archives/nanog/msg14345.html

CSCsx23559

Symptoms: With a nested policy map, when EF traffic is sent at police rate or above police rate, BFD flaps. The BFD timer is set to 999 ms*3, while the EF traffic average latency is only 50 to 70 microseconds.

Conditions: This symptom is observed when a nested policy is applied to ocpos3 and cht3 SPA with FR encapsulation.

Workaround: There is no workaround.

CSCsx25461

Symptoms: With a Cisco IOS Release 12.0(32)SY image, BGP I/O spikes CPU up to 9 percent because of a BGP neighbor flap with a single BGP neighbor. When multiple eBGP neighbors flap at the same time, the BGP I/O can sometimes spike up to approximately 20 percent.

Conditions:

bgp neighbor reset

Workaround: There is no workaround.

CSCsx29281

Symptoms: Packets get corrupted along the path. Extra padding is added to the packets, and the packets become unusable by the receiver application.

Conditions: Frame Relay VPWS between Cisco 12000 series Internet router's with small 25-byte non-IP packets.

Workaround: There is no workaround.

CSCsx42179

Symptoms: In MPLS VPN each tunnel is associated with one or more virtual routing and forwarding (VRF) instances. A VRF defines the VPN membership of a customer site attached to a PE router. Traffic entering a network on a non-VRF interface may be incorrectly forwarded to a VRF.

Note: Traffic from a VRF to another private or a public network is not incorrectly routed.

Conditions: This issue is only experienced in Cisco 12000 Series Internet Routers running Cisco IOS versions 12.0(32)S and 12.0(32)SY. Additionally, the affected device must have Netflow enabled and configured with an Engine 3 Line Card (LC).

This issue is only experienced in very rare conditions where routing table fluctuations take place as the result of route flapping.

Workarounds: As a workaround, create a default IP route destined to null 0 in the global routing table, as demonstrated in the following example:

ip route 0.0.0.0 0.0.0.0 null 0

CSCsx46184

Symptoms: In case of E5 FRoMPLS, small-sized frames that are less than 34 bytes are getting corrupted because of the padding that is being added. Traffic is not getting dropped as the L2 header (DLCI) is intact; only the extra padding that gets added to the payload is being dropped.

Conditions: This symptom is observed when E5 is acting as edge for FRoMPLS.

Workaround: There is no workaround.

Resolved Caveats—Cisco IOS Release 12.0(32)SY7

Cisco IOS Release 12.0(32)SY7 is a rebuild release for Cisco IOS Release 12.0(32)SY. The caveats in this section are resolved in Cisco IOS Release 12.0(32)SY7 but may be open in previous Cisco IOS releases.

CSCea53765

Symptoms: Adding a /31 netmask route on a Cisco router may not overwrite an existing /32 CEF entry.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.1(13)E4, Release 12.2, other 12.1 E releases, or Release 12.3. Any 12.2S release past 12.2(20)S is not affected.

Workaround: There is no workaround.

Further Problem Description: The fix for this caveat enables prefixes that are derived from adjacencies in the FIB to be periodically validated against covering prefixes that originate from the RIB. Validation ensures that an adjacency prefix is only active when it points out of the same interface as a covering attached prefix. To enable this validation, enter the ip cef table adjacency-prefix validate global configuration command.

Note that because validation is periodic, there could be a time lag between RIB changes and subsequent validation or withdrawal of covered adjacencies in the FIB.

CSCeb54456

Symptoms: A Data-link switching plus (DLSw+) circuit may not function when a TCP connection gets stuck. After about 90 seconds, the TCP connection is closed by DLSw+, and a new TCP connection is built for DLSw+. Once the new TCP connection is up, the DLSw+ circuit starts functioning again.

Conditions: This symptom is observed on a Cisco router that is configured with both a DLSw+ interface and an ATM interface.

Workaround: This is a possible workaround. Remove the ATM interface from the router. When you configure the DLSw+ interface and the ATM interface on different routers, the symptom does not occur.

CSCek77589

Symptoms: The following message is observed in syslog/console.

%UTIL-3-IDTREE_TRACE: SSM SEG freelist DB:Duplicate ID free

Conditions: This symptom was observed during scalability testing of a large number (over 2000) of PPP sessions being brought up and torn down continuously.

Workaround: There is no workaround.

CSCsa73179

Symptoms: Memory corruption, possibly leading to a crash or other undesired behavior, can occur when the no default-information originate command is entered in router RIP configuration mode.

Conditions: This symptom occurs only if both the RIP routing protocol and the OSPF routing protocol are configured on a router.

Workaround: There is no workaround.

CSCsb63652

Symptoms: BGP convergence is very slow, and CPU utilization at the BGP Router process is always near 100 percent during the convergence at the aggregation router. This issue obviously shows the following tendencies:

1) The greater the number of component prefixes that belong to the aggregate- address entry, significantly slower convergence is seen at the aggregation router.

2) The greater the number of duplicate aggregation component prefixes for the aggregate-address entry, seriously slower convergence is seen at the aggregation router.

Conditions: Any release would be affected if "aggregate-address" is configured and routing updates are received every few seconds.

Workaround: Remove the "aggregate-address."

Further Problem Description: If you configure "aggregate-address" lines after BGP convergence has been achieved, the BGP process only holds about 60 or 80 percent of the CPU for about 1 minute. However, if you do peer reset after "aggregate-address" entries have been configured, the convergence time is about 32 minutes (it is about 6 minutes if "aggregate-address" entries are removed).

CSCse05292

Symptoms: A static map configuration for an ATM PVC that uses the protocol ip ip-address command is rejected, giving an ambiguous command error.

Conditions: This symptom is observed when you configure a static map on an ATM PVC using the protocol ip ip-address command.

Workaround: Explicitly configure the [broadcast | no broadcast] option:

Router(config-if-atm-vc)# protocol ip 10.10.100.2 broadcast  
Router(config-if-atm-vc)# protocol ip 10.10.100.2 ?  
<cr> 
broadcast     Pseudo-broadcast  
no             Prevent Pseudo-broadcast on this connection <cr>
Router(config-if-atm-vc)# protocol ip 10.10.100.2 no broadcast  
Router(config-if-atm-vc)# 
 
   

CSCse50781

Symptoms: After executing the no ipv6 multicast-routing command on a dual-RP router, IPC communication to the standby RP may be broken, and the following messages may be seen every minute:

%IPCGRP-3-ERROR: standby set time: timeout seen

Conditions: This symptom is observed on a Cisco 12000 series router that is running the c12kprp-p-mz image of Cisco IOS Release 12.0(32)SY.

Workaround: Reload the router.

Further Problem Description: This bug is seen only while operating in SSO mode (not in RPR mode).

CSCse56910

Symptoms: Bundle links are added or removed when an MFR bundle is in the Administrative Down state; when the bundle is brought back to the Up state, its interface bandwidth value is not properly reflected.

Conditions: This symptom is observed with Cisco IOS Release 12.2SRB software.

Workaround: Shutting a bundle link interface down and bringing it back up can refresh the bundle interface bandwidth value.

CSCsf07760

Symptoms: When many MLP sessions come up at once, the router may leak packet memory. In some cases, this may cause the router to reload.

Conditions: This symptom has been observed on Cisco 7600 and Cisco 12000 series routers. It may also occur on other models.

Workaround: There is no workaround.

CSCsg19546

Symptoms: The standby RP may reload unexpectedly because of a Redundancy Facility (RF) synchronization error.

Conditions: This symptom is observed on a Cisco router that is configured for SNMP, dMLP, and SSO.

Workaround: Do not configure SSO. Rather, configure RPR+.

CSCsg43140

Symptoms: A router may crash and return to ROMmon when it is configured with BGP and VPNs.

Conditions: This symptom is observed on a Cisco router when with BGP VPN import, a locally sourced path from VRF A is imported into VRF B and the bestpath of the exporting net is lost. The loss of the bestpath will trigger the crash if RIB installation takes place before import manages to clean up the imported path.

Workaround: There is no workaround.

CSCsg50187

Symptoms: CEF-switching does not function, and the output of the show adjacency interface interface-number detail command does not show any packets.

Conditions: This symptom is observed on a Cisco router when packets are switched to a multilink interface via CEF and when you enter the show adjacency interface interface-number detail command or a multilink interface.

Workaround: There is no workaround.

CSCsh44649

Symptoms: The standby router may crash in SSO mode.

Conditions: This symptom is observed when a multilink interface is removed and the partner router is reloaded.

Workaround: Use RPR-PLUS mode.

CSCsh61119

Symptoms: ARP may be refreshed excessively on the default interface, causing high CPU usage in the "Collection Process."

Conditions: This symptom is observed on a Cisco router that has point-to-point interfaces that have non-/32 interface addresses or secondary addresses and that constantly come up or go down.

Workaround: There is no workaround.

CSCsh64365

Symptoms: A ping does not yield a 100-percent result after you have entered the no set-overload-bit command for an IS-IS configuration.

Conditions: This symptom is observed on a Cisco 7200 series but is not platform-specific.

Workaround: There is no workaround.

CSCsi06948

Symptoms: A device crashes with a bus error when the show ip bgp dampening dampened-paths command is used.

Conditions: This symptom is observed when the show ip bgp dampening dampened-paths command is used and the device is at the "More" prompt to continue with remaining output, if the BGP session goes down at that time (for example, receiving a notification) or because of a clear ip bgp command from another vty.

Workaround: There is no workaround.

If dampening is configured, do not run:

sh ip bgp neighbors <x.x.x.x> dampened-routes
sh ip bgp dampening dampened-paths

Which can cause this problem.

CSCsi30873

Symptoms: A VIP crashes when a multilink interface flaps.

Conditions: LFI on a multilink interface and QoS is configured on a port adapter installed in the VIP. When either the multicast interface, through which traffic is flowing, is cleared or the shut and no shut commands are entered.

Trigger: Multilink interface flap noticed.

Impact: Impacts normal functioning of the router.

Workaround: There is no workaround.

CSCsi48304

Symptom: After a reload, the following error message may be displayed if an OSPFv3 router redistributes large numbers of the external routes:

%OSPFv3-3-DBEXIST: DB already exist

No impact to the operation of the router has been observed.

Conditions: Redistribution is configured, and then router is reloaded.

Workaround: There is no workaround.

CSCsi84089

Symptoms: A few seconds after OSPF adjacencies come up, a router crashes because of a bus error.

Conditions: This symptom is observed on a Cisco router that functions as an ISR that is configured for OSPF.

Workaround: Add area 0 in the OSPF VRF processes.

Alternate Workaround: Enter the no capability transit command in the OSPF VRF processes.

CSCsj00161

Symptoms: OSPFv3 installs a reachability path without checking that the discard route is already there. As a result, the RIB has a route that load- balances between reachability and drop paths.

Conditions: This symptom may be observed if the summary- address command is configured with exactly the same address as one of the external routes received from a different router.

Workaround: There is no workaround.

CSCsj23805

Symptoms: Using the show isis timers command causes the router to crash.

Conditions: This symptom is observed on a router that is running Cisco IOS Release 12.0(31)S2y.

Workaround: There is no workaround.

CSCsj30005

Symptoms: Changing the encapsulation on a member of a multilink bundle while the bundle is up may cause the router to reload.

Conditions: This symptom has been observed when changing an interface that is an active member of a multilink bundle from PPP to Frame Relay encapsulation.

Workaround: Shut down the interface before changing the encapsulation.

CSCsj30417

Symptoms: In Eng3 ATM, when a subinterface flaps, traffic to certain destinations is forwarded to the wrong subinterface.

Conditions: This symptom is observed in Cisco IOS Release 12.0(32)S05 and 12.0 (32)S06. The symptom is not found in Cisco IOS Release 12.0(31)S2.

Workaround: There is no workaround; however, reloading the line card solves the problem.

CSCsj47347

Symptom: Using CLI to delete a child policy on a Cisco 7500 Series Router causes the VIP to crash.

Conditions: The router has a hierarchical QoS policy attached to an interface. Traffic is flowing through the QoS policy. There are BGP updates happening on the router. The no policy- map command is executed to delete the child policy. The router is running Cisco IOS Release 12.0(32)S6.

Workaround: There is no workaround.

CSCsj74173

Symptoms: Egress E0 - Two ports OC3 channelized to DS1/E1 are crashing continuously just as traffic starts.

Conditions: E0 - In an IP->Tag fragmentation case with E4/E4P/E6 POS cards as the ingress and E0 as the egress card, for certain frame sizes larger than the egress MTU, the E0 egress card crashes. This happens only with the E0 card as egress.

Workaround: Make sure that the packets sent are less than the egress MTU of the E0 linecard to avoid any fragmentation.

CSCsj95637

Symptoms: A policy gets detached from an mLPPP interface.

Conditions: This symptom is observed under the following conditions:

1. Configure a policy-map with strict priority and Police.

2. Apply this service-policy on an mLPPP interface.

3. Unconfigure and reconfigure the priority.

4. Perform a shut/no shut on one of the member links of the multilink bundle.

Workaround: Always configure strict priority before configuring the police command.

CSCsk35985

Symptoms: The system crashes when the show ipv6 ospf lsdb-radix hidden command is entered.

Conditions: This symptom is observed when the show ipv6 ospf lsdb-radix hidden command is entered.

Workaround: Do not enter the show ipv6 ospf lsdb-radix command.

CSCsk59579

Symptoms: The error message "eelc_add_a_port_to_root: port number not contiguous" is displayed, and SPAs may eventually go out of service.

Conditions: This symptom is observed under a race condition due to a back-to-back removal and addition of a member from the bundle.

Workaround: Shut down the member before removing it from the bundle.

CSCsk65647

Symptoms: A CE-CE ping is failing in an AAL5oMPLS scenario.

Conditions: This symptom is observed when an E3 POS card is being used as disposition.

Workaround: There is no workaround.

CSCsk68742

Symptoms: The show ip mds stats linecard command shows MDFS reloads on all line cards.

Conditions: This symptom is observed when multicast distributed routing is added on a VRF through the configuration of the ip multicast-routing vrf vpn distributed command.

Workaround: There is no workaround.

Further Problem Description: Note that while the MDFS reload is a real reload, it is without a preceding clear, so it will not generally cause traffic interruption because it merely causes the same information to be downloaded to the line cards again. However, in a highly scaled system that is running close to the limit, the additional load introduced by a full MDFS reload of every line card may cause additional failures owing to maxing out of the CPUs.

CSCsk70840

Symptoms: MQC input poling on Eng5 will stop working.

Conditions: This symptom is observed after an L2 link flaps.

Workaround: Performing an administrative shutdown/no shutdown on the interface could be useful to recover. Detaching/attaching the service policy would also be useful to recover.

CSCsk89546

Symptoms: OSPF routes are not populated in the Routing Information Base (RIB) with the next hop as traffic engineering (TE) tunnels.

Conditions: Occurs when multiple TE tunnels are configured and the tunnels come up or are shut/no shut simultaneously.

Workaround: Shut/no shut tunnels one at a time.

CSCsl05174

Symptoms:

Issue 1: A non-deleted PPP configuration inside the interface reappears when the interface is created again.

Issue 2: Some multilink configuration is not being synced to the standby (hold-queue).

Conditions: This symptom is observed when running RPR+.

Workaround: Reapply the original configuration.

Further Problem Description: Deletion of a multilink interface and subsequent creation using the same name may cause portions of the original configuration to return even if not explicitly configured. The hold- queue command is not being synchronized to the standby RP.

CSCsl35174

Symptoms: Perm one-way traffic.

Conditions: Setting Scorpion int MTU < packets injected.

Workaround: Reload the card/sublsot.

Further Problem Description: Setting Scorpion interface MTU to a value momentarily less than inject traffic packet size results in one-way traffic after the MTU is returned to the default value. This issue is specific to 1x10G only.

CSCsl36013

Symptoms: A Cisco 12000 series router with an Engine 0 ATM OC12 line card may experience a problem in which a Layer 2 adjacency rewrite string for an ATM PVC becomes invalid. The invalid rewrite results in packets being forwarded out the interface with the wrong Layer 2 details prepended.

Conditions: This symptoms is observed on a Cisco 12000 series router with an Engine 0 ATM OC12 line card.

Workaround: Use the following command for the affected IP address:

clear ip arp x.x.x.x

Further Problem Description: This problem can be identified using the execute-on [slot#] show controller rewrite Cisco IOS command, compared to the rewrite string in the show adjacency internal command:

Router# execute-on 1 show controller rewrite
========= Line Card (Slot 1) =========
Local MAC rewrite table Interface Address Output_Info 
-------------------------------------------------------- ... ATM1/0.1 192.168.1.1 
0x1C062340 4BA72000AABA031180C2000700000004 757122D600081008B0560800 <-- incorrect ...
 
   
Router# execute-on all show adjacency internal
========= Line Card (Slot 1) =========
Protocol Interface Address ... IP ATM1/0.1 192.168.1.1(9) 131229862 packets, 
74135640171 bytes 02710100AABA031180C2000700000017 E0DC040200072009B0450800 <-- 
correct ...
 
   
Router# clear ip arp 192.168.1.1
 
   
Router# execute-on 1 show controller rewrite
========= Line Card (Slot 1) =========
Local MAC rewrite table Interface Address Output_Info 
-------------------------------------------------------- ... ATM1/0.1 192.168.1.1 
0x1C025340 6EA82000AABA031180C2000700000017 E0DC040200072009B0450800 <-- correct ... 
 
   

CSCsl68227

Symptoms: An E3 linecard may drop packets larger than a certain size because of a buffer carving problem when the mtu command is used for multilink interfaces.

Conditions: This symptom is observed with images based on Cisco IOS Release 12.0(32)S10.

Workaround: Changing the MTU or reloading the linecard may clear the problem.

CSCsm02749

Symptoms: When multicast VPN routing/forwarding instance (mVRF) is un-configured, memory leak may occur in line cards.

Conditions: This symptom is observed in Cisco 12000 Series Routers and Cisco 7500 series routers when multicast distributed routing is enabled on VPN routing/forwarding instance.

Workaround: There is no workaround.

CSCsm26130

Symptoms: When removing a subinterface from the configuration that contains an IP address that falls into the major net of the static route, the static route is no longer injected into the BGP table. Since the route is not in the BGP table, it is not advertised to any peers.

Conditions: This symptom is observed with auto-summary enabled in BGP. A static summary route is configured to null0 and is injected into the BGP table with a network statement.

Workaround: There are four possible workarounds:

1) Use an "aggregate-address" configuration instead of the static route to generate the summary.

2) Remove auto-summary from the BGP process.

3) Enter the clear ip bgp * command.

4) Remove and reconfigure the BGP network statement for the summary route.

CSCsm48176

Symptoms: Line cards on a Cisco 12000 series router or a Cisco 7500 router might crash.

Conditions: This symptom is observed when the no ip multicast- routing distributed command for a VRF is issued when multicast tunnels are up. This symptom is also observed when MVRFs are deleted.

Workaround: Stop multicast traffic before deleting VRFs or issuing the no ip multicast-routing distributed command.

CSCsm66635

Symptoms: E5 BF/CFI on same line card, PIM-DM traffic may not flow for CFI or Auto-RP information may also not flow. So far the problem is identified to be in E5 BFI/CFI card which drops the DM data packets instead of punting them which is needed for the (*,G)/(S,G) state creation and packet flooding for DM to work.

Conditions: This defect is observed with Cisco IOS Release 12.0(32)SY5.

Workaround: Use the clear ip mds line command on the E5 and core line cards to solve the problem.

CSCso15740

Symptoms: The "set metric" clause in the continue route-map sequence is not setting metric correctly in some particular conditions. This is also applicable in case where the nexthop setting is done via route-map with a continue clause.

Conditions: The symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(32)SY4. This is platform independent. This symptom occurs if the route-map has a continue clause and the match condition does not allow the continue clause to be executed. The following route-map sequence which has to be executed will not execute properly if the metric or nexthop of the prefix are to be modified via the route-map.

Workaround: Avoid using "continue" in a route-map and modifying metric or nexthop via the following route-map sequence.

CSCso32397

Symptoms: An unexpected reboot occurs because of a software-forced crash.

Conditions: This symptom is observed when changes are made in the policy map.

Workaround: There is no workaround.

CSCso46427

Symptoms: A device may crash when the show clns interface command is issued on the wrong interface.

Conditions: The symptom is observed when there are a number (around 100 or more) CLNS interfaces on the device.

Workaround: There is no workaround.

CSCso65266

Symptoms: A customer upgraded to Cisco IOS Release 12.0(32)Sy4, and now the customer is seeing a memory leak in the BGP process. The memory leak is happening with the BGP router process at the rcache chunk memory when the route map has a "continue" clause in the configuration.

Conditions: The leak is seen when a "continue" statement is configured in an outbound route map.

Workaround: There is no workaround.

CSCso74028

Symptoms: The local PE is sending graft messages even after receiving data from the remote PE on an MVPN network.

Conditions: This symptom is observed when the graft-ack messages are lost in transit (could be due to misconfiguration/ACL, etc.).

Workaround: Fix the misconfiguration so that graft-ack messages are forwarded as expected.

CSCso82147

Symptoms: Line card crashes when packet over SONET (POS) shared port adapter (SPA) is present.

Conditions: Occurs the first time router is reloaded.

Workaround: There is no workaround.

CSCso82178

Symptoms: Configuring a PBR at the E5 GE subinterface may cause buffer depletion. The buffer cannot be released except by reloading the linecard.

Conditions: This symptom is observed when a PBR is configured at the subinterface.

Workaround: There is no workaround.

CSCso92950

Symptoms: IPv6 multicast unnecessarily copied when join -> prune is repeated multiple times.

Conditions: Occurs when IPv6 multicast routing is enabled on a Cisco 12000 series router.

Workaround: Reload the router.

CSCso93957

Symptoms: New T1s cannot be provisioned on a CT3 SPA.

Conditions: When a customer tries to create a new T1 on one of the controllers of a CT3-SPA that is inserted into a SIP-401, the following errors are displayed:

Router(config-controller)# t1 15 channel-group 7 timeslots 1-24  
%Failed to configure channel group  
Router(config-controller)# 
Apr 24 22:51:05.283 UTC: %GRPSPA-3-VC_PROV_ERROR: Provision T1 15 channel group 7 of 
T3 4/0/1 unsuccessful (error code 44) -Traceback= 20A640 20A748 954AA4 94DB80 94DC90 
9582D0 4FF4E0 5006FC 240B7C 2563B0 13D7410 13C6F3C 2F517C SLOT 4:Apr 24 22:51:05.271 
UTC: %SPA_CHOC_DSX-3-SPA_SW_ERR: SPA on Subslot 0: HDLC controller device driver 
failure: Failed to start operation Software error was encountered.
-Traceback= 40031128 408B4020 408BCE40 408BD374 408BF114 408C004C 408C0ED8 408D24E0 
408D25F8
 
   

Workaround: There is no workaround.

CSCso93959

Symptoms: Newer SDRAM devices on the 2- and 4-port OC48 POS/RPR SPA require an additional initialization sequence as recommended by the vendor. Without this new initialization sequence, packets that go through the transit buffer in RPR/SRP mode or in subscription mode may get corrupted, or packet loss may occur.

Conditions: Card initialization after inserting the SPA or removing an unpowered shutdown.

Workaround: Perform an OIR on the SPA.

Customers are advised to upgrade to the newer image with this new initialization sequence. Newer software will be backward compatible with older SPA boards.

CSCsq02826

Symptoms: The MDFS state of the line card stays in a "disabled" state, which may lead to multicast traffic being punted to the RP.

Conditions: This symptom may be observed with the following sequence of operation:

1. The router is booted without configuring the ip multicast-routing distributed command.

2. The ip multicast-routing distributed command is configured.

The issue will not be seen if the ip multicast-routing distributed command is present in the startup configuration when the router is reloaded.

Workaround: Enter the clear ip mds linecard slot-number command.

CSCsq03170

Symptoms: An input service policy with only the class-default class shows no matches.

Conditions: This symptom is observed after a reload of Cisco 12000 series routers, Linecard Engine 3, with an ATM interface configured for AToM, Port Mode.

Workaround: Move traffic and the configuration to another interface.

CSCsq05128

Symptoms: Performance Route Processor (PRP) crashes after loading image from disk0.

Condition: Occurs when multiservice edge (MSE) router reloads with the image in the disk0. The RP crashes, and tracebacks are displayed. Both the active and standby RPs toggle each time.

Workaround: There is no workaround.

CSCsq08131

Symptoms: Ping packets of 8180 or larger cause sourcing POS linecard/SIP to reload and remain in a boot state waiting for IPC connection.

Conditions: This symptom is observed with ping packets that are sourced from PRP2 with part number 800-27058-03.

Workaround: Reload the router.

Further Problem Description: This symptom is observed only on PRP2 with part number 800-27058-03.

CSCsq15994

Symptoms: Low CPS may be observed.

Conditions: The symptoms are seen with PPPoA and PPPoE sessions.

Workaround: There is no workaround.

CSCsq16156

Symptoms: This is not a bug but rather a build breakage.

Conditions: Build breakage.

Workaround: There is no workaround.

CSCsq18916

Symptoms: A copy tftp operation failed with a Socket error when the FPD of an SPA was updated or when the SPA was reloaded, OIRed.

Conditions: This symptom is related to the number of (nnets) non-virtual interfaces on the box. Depending on that, a number of SPA reloads must be done.

Workaround:

1. Reload the SPA or the router.

2. Configure one loopback interface.

CSCsq28627

Symptoms: CPU hogs are seen in a 1-port E3 channelized OC48.

Conditions: This symptom is observed when any of the following is done:

controller shut/no shut - mic reload <slot>

hw-mod slot <xx> shut/no shut

hw-module slot <xx> reload

Workaround: There is no workaround.

CSCsq42001

Symptoms: The following error messages appear:

SLOT 5:*May 9 21:43:48.547: %LC_SPA_DMLP-1-SPAHWBUNDLEERROR: Could not perform required operation in SPA H/w for bundle Multilink2 in bflc_cx3_dmlp_frag_on_off SLOT 5:*May 9 21:44:10.727: %SPA_CHOC_DSX-3-ERROR: Multilink2 (cmd 203) Serial5/0/1/8:0: response parsing failed. chnl 36, bid 1 -Traceback= 40031008 408924C0 4072B1BC 40899F64 4033DB90 4033E190 4033E5C0 4033E930 4033F448 4033F600 4015B53C 4015C020 SLOT 5:*May 9 21:44:10.735: %LC_SPA_DMLP-3-CFG_FAIL: bundle Multilink2 (id 1): bay 0 err 7 (del rx link)

Conditions: When we remove/add/remove all members from all the configured MLP bundles once or several times, these tracebacks are seen.

Workaround: There is no workaround.

Further Problem Description: spabrg EFC mapping goes to a mismatch state, and the following is seen:

SLOT 5:*May 9 21:59:26.771: %SPA_CHOC_DSX-3-HDLC_CTRL_ERR: SPA 5/0: 20 TX Chnl Queue Overflow events on HDLC Controller were encountered.

CSCsq42803

Symptoms: The hw-module slot x qos account layer2 encapsulation command does not take effect for an AToM connection.

Conditions: This symptom is observed when xconnect is configured under a VLAN.

Workaround: There is no workaround.

CSCsq49823

Symptoms: MDFS may get disabled in a scaled mVPN environment that has many global mroutes. Once disabled, it may keep on changing between the "active" and "disabled" states. Linecard CPU utilization may also go high.

Conditions: This symptom is observed with a Cisco IOS Release 12.0(32)S10 image.

Workaround: There is no workaround.

CSCsq55258

Symptoms: After a router reloads, sometimes the configuration for the gigE and POS OC12 SPA is lost from the running configuration.

Conditions: This symptom is observed when the router is reloaded.

Workaround: There is no workaround.

CSCsq58341

Symptoms: If both L2 and L3 services co-exist on the same interface, you can no longer configure urpf on the L3 subinterface after the fix for CSCsl09772. After the router reloads, the urpf command will be erased from the L3 subinterface. You have to use the workaround to reapply the urpf command.

Conditions: This symptom is observed when both L2 and L3 services are configured on the same interface.

Workaround: Do the following:

1. Remove the L2 connection.

2. Add urpf on the L3 subinterface.

3. Re-add the L2 connection.

CSCsq61316

A heartbeat error is showing up only on subslot 9/1, and there are no traceback errors. Based on the observation that "all spa's experienced the HB in the same LC at the same time," it seems that the Qs are stuck and that is the reason for IPC failures that are resulting in HBs.

CSCsq62803

Symptoms: CPU Hog and related tracebacks are seen from the E3 Gig linecard.

Conditions: Attach a scaled policy/LC reload/router reload.

Workaround: There is no workaround.

CSCsq67266

Symptoms: The pos delay triggers line command is configurable at the interface level of E3 channelized POS interfaces.

Conditions: This symptom is observed on a Cisco 12416 Internet series router that is booted with the Cisco IOS Release 12.0(32)S nightly build of 05/19/08. The router contains an E3 CHOC48 linecard.

Workaround: There is no workaround.

CSCsq67270

Symptoms: ACLs are not programmed in hardware (TCAM) for the E4+ Gig (10GE E4+) line card after an RPR+ switchover.

Conditions: This symptom is observed when an RPR+ switchover is executed with ACLs applied on E4+ Gig interfaces. This issue is specific to 10GE Engine4+ line cards. This issue does not apply to E4+ POS or any other line cards.

Workarounds: Remove and reapply the ACLs.

CSCsq68156

Symptoms: FRF12 packets are dropped by a PE router.

Conditions: This symptom is observed on a Cisco 12000 series Internet router that has a SPA-1XCHSTM1/OC3, SPA-2XCT3/DS0, or SPA-8XCHT1/E1.

Workaround: There is no workaround.

CSCsq70534

Symptoms: A router crashes because of a block overrun (overwriting the memory block).

Conditions: This symptom is observed only when templates are exported in the export packet, which is used in only version 9 of exporting.

Workaround: Version 5 could be used for exporting.

CSCsq71212

Symptoms: EFC clock interrupts are causing a line card to crash.

Conditions: The conditions under which this symptom occurs are unknown.

Workaround: There is no workaround.

CSCsq80773

Symptoms: Slow-path multicast fragmentation is not happening correctly. One of the output interfaces is not receiving the packets in case of MVPN traffic.

Conditions: This symptom is observed with MVPN traffic with fragmentation on one of the interfaces on E5.

Workaround: There is no workaround.

CSCsq83540

Symptoms: A Cisco 12000 works as a PE, and an Eng5 SIP line card is used to face the CE. In the VRF, the default route 0.0.0.0 is learned from the remote PE. When the problem occurs, all traffic from the CE that is forwarded via the VRF default route is dropped.

Conditions: This symptom is observed on a Cisco 12000 Eng5 SIP line card that is running Cisco IOS Release 12.0(32)SY04, 12.0(32)SY05, or 12.0(32)SY06. When VRFs are created and deleted, new VRFs that are created will have a problem if they are allocated with a table ID allocated for older deleted VRFs.

Workaround:

1. Reload the ingress Eng5 line card that is facing the CE.

or

2. If the customer does not want to reload the line card, a second workaround can be attempted, but it is not a reliable workaround and may not always be successful. Create a new VRF without removing any VRFs, which gets a new table ID, and apply the VRF configuration completely wherever the old VRF configuration is applied.

Further Problem Description: This problem cannot be cleared by using the clear cef linecard x or clear ip route vrf xxx 0.0.0.0 commands.

CSCsq85868

Symptoms: Performance Route Processor (PRP) crashes after loading image from disk0.

Condition: Occurs when multiservice edge (MSE) router reloads with the image in the disk0. The RP crashes, and tracebacks are displayed. Both the active and standby RPs toggle each time.

Workaround: There is no workaround.

CSCsq91217

Symptoms: There is a heartbeat failure, and an SPA goes out of service.

Conditions: This symptom is observed when a link is swapped from MLPPP to MLFR.

Workaround: Reload the line card.

CSCsq93004

Symptoms: Removal of a subinterface may cause memory corruption or a crash. The symptoms are unpredictable.

Conditions: The symptoms are rare and will only be observed if a sub- interface is configured for mpls traffic-eng auto-tunnel primary use, and the sub-interface is later removed from the configuration.

Workaround: Do not remove sub-interfaces.

CSCsq96425

Symptoms: MVPN inner packet with IP option causes depletion of FrFab buffers of Cisco 12000-SIP-401.

Conditions: This symptom occurs on Cisco 12000 routers that are running the c12kprp-k4p-mz.120-32.SY2g image and with Cisco 12000-SIP-401. This is triggered by multicast traffic.

Workaround: Only a reload of the card solves the problem.

CSCsr09376

Symptoms: After a router reloads, the SPAs on the SIP601 may take twice as long to come up in OK mode. When this occurs, the problem documented in CSCsq55258 is also experienced.

Conditions: This symptom is observed after the router reloads.

Workaround: There is no workaround.

CSCsr11332

Symptoms: In rare situations, the show controller SONET port command might crash the RP.

Conditions: This symptom has been observed on a 4CHOC12/DS3-I-SCB= line card, but it can be seen on other similar channelized line cards. It may be reproducible by executing the show controller SONET port command on a nonexistent port like sonet 3/4 (that is, only sonet 0/0, 0/1, 0/2, and 0/3 are valid on a 4CHOC line card). When the problem can be seen, the CLI help indicates an incorrect unit number:

Router# show controller sonet 12/? 
 
   
<0-48>  Controller unit number
 
   

If the controller unit number is shown fine (for example, <0-3>), then the crash will not occur.

Workaround: There is no workaround.

CSCsr13314

Symptoms: The pos delay triggers line command is configurable on APS-enabled interfaces of E3 clear channel POS line cards. After the commit of CSCsq45452, the pos delay triggers path command is not configurable on APS-enabled interfaces of E3 channelized POS line cards.

Conditions: This issue is seen on a Cisco 12000 series Internet router that is booted with Cisco IOS Release 12.0(32)S. The router contains ISE OC48 POS and ISE CHOC48 POS line cards.

Workaround: There is no workaround.

CSCsr20377

Due to eng3 HW limitation, there is more overhead added to like to like ethernet PW or ethernet interworking PW if hw-module slot <> qos account layer2 encapsulation length <> is configured. "Without" the fix of CSCsq42803, the overhead impact is less. Request to return the behavior of 12.0(32)SY back to pre-CSCsq42803.

CSCsr36775

Symptoms: On router reload, many SPA-related tracebacks may pop up for 1xChOC3/STM1 SPA.

Conditions: This defect is observed with a Cisco IOS 12.0(32)SY datecode 20080713 image.

Workaround: There is no workaround.

CSCsr42364

Symptoms: All line cards may crash after a switchover in Route Processor Redundancy Plus mode.

Conditions: This issue is seen on Cisco Gigabit Switch Routers with PRP2 processors. This issue usually requires multiple line card reloads prior to the switchover. This is seen under conditions of high utilization on line cards.

Workaround: There is no workaround.

CSCsr47477

Symptoms: After a router reload, sometimes there may be mbus message gets timed out on the SIP601 located in the lower cage of a Cisco 12816.

Conditions: This symptom is observed when the router reloads.

Workaround: There is no workaround.

CSCsr47795

Symptoms: Running Cisco IOS 120-(32)SY4 or SY6 on Eng3. After flapping interfaces the FIB converge pointing the correct outgoing interface while the FIB in hardware point to other interface, ex: GE 6/0/0 as outgoing interface.

The trigger is when the interface is flapping cause the default route is updated. The BGP session always is stable, never went down.

Topology: ======== End customer------(eng3)slot4 c12k_Lab_router-42 slot5 and slot6(Eng5) ------ router_B------ Internet The router Lab-router-42 receive a default route coming from neighbors router_B

snapshots from Eng3 Linecard on slot4.

Lab-router-42 #exec slot 4 sh ip hardware-cef 10.1.1.1 detail ========= Line Card (Slot 4) =========

Root: 0x240CE000 Location: 0x240CE404 Data: 0x81819380 Offset: 0x93D96404 Leaf pointer: 0x300C9C00

Leaf FCR 2 Addr 0x300C9C00 : 0xE0000100 0x0285C008 found 2 deep SRAM Loadbalance addr 0x28170020 default alpha ip loadbalance: 0x28170020 (0 paths, hw maxpath 0) Hash 1: alpha adjacency: 0x2001FA60 (cef adj NULL or alpha_default_lb) [0] oi 0x200006 oq 4080 in A ab 50 hl 20 gp 19 tl 4 loq 9800 6/0/0 mtu 1520 Output interface is GigabitEthernet6/0/0 <== Here ^^^^^^ Here

1 tag: 23 current counters 95059, 5157246 last reported 93252, 5059668

Output Queue / Local Output Queue Bundle: [0-7] output queue 0x4080 local output queue 0x9800 PLU leaf data: 0xE0000100 0x0285C008 0xA1020304 0xA5080000 Mask bits: 1 Origin AS: 0 Source lookup drop: yes QOS group: 0 Traffic index: 0 Precedence not set Default Route: yes PBR enabled: no

While the FIB was updated to properly interface outgoing

LAB_router_42#exec slot 4 sh ip cef 10.1.1.1 ========= Line Card (Slot 4) =========

0.0.0.0/0, version 38, epoch 0, cached adjacency 10.125.72.74 0 packets, 0 bytes Flow: AS 0, mask 0 tag information from 10.38.192.6/32, shared, all rewrites owned local tag: 34 via 192.168.225.0, 0 dependencies, recursive next hop 10.125.72.74, GigabitEthernet5/0/0 via 192.168.225.0/24 (Default) <=== HERE valid cached adjacency tag rewrite with Gi5/0/0, 10.125.72.74, tags imposed {} <=== HERE LAB_router_42#

Conditions: When there is a default route configured.

Workaround: Clear ip route 0.0.0.0 or <default-network>.

CSCsr62644

Symptoms: Only one interface in the POS-channel bundle is used for traffic forwarding.

Conditions: This symptom is observed on Cisco 12000 series routers running Cisco IOS Release 12.0(32)SY5 or later, on Engine 3 linecards, on ip2tag path.

Workaround: There is no workaround.

Further Problem Description: ip2tag path means that a plain IP packet is received by the router and an MPLS label has to be imposed before the packet is sent out of the router.

CSCsr65767

Symptoms: MVPN Traffic is being punted to slowpath for packets of size ranging from 1476 to 1500 (min ip mtu of the out going interfaces is 1500).

Packets of size ranging from 1476 to 1500 are being punted to slowpath which is not required. During fragmentation check, we should check the packet size with minimum of 1) min ip mtu of customer facing interfaces 2) min ip mtu of core facing interfaces - gre header (24).

If it is greater than the above value, then only the packet should be punted Slowpath for fragmentation.

Conditions: This issue applies to the MVPN on the GSR with E5 line card as the Egress LC (line card). The issue is not seen with E3 LC.

Workaround: There is no workaround.

CSCsr70530

LC crashed after swapping members of the MLPPP from one bay to another bay and vice-versa on the same LC.

CSCsr70985

Symptoms: A Cisco router crashes following multiple accesses to NVRAM.

Conditions: This symptom has been observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(32)SY5. May not be platform specific. When the dir tar: command is executed parallel with the write mem command, the issue is seen.

Workaround: Avoid using the dir tar: command.

CSCsr80321

Symptoms: Unable to send any cmd to the SPA.

Conditions: Swapping the members of MLPPP and MLFR.

Workaround: Reload the LC.

CSCsr83626

Symptoms: Line card in slot 0 does not boot up completely. It does not go pass the UP IOS state.

Conditions: After upgrading the router to sy5 and having ATM LC in slot 6 send LAIS alarm.

Workaround: Move the ATM card to another slot or shut down the ATM line card in slot 6.

CSCsr89261

Symptoms: The Gigabit Ethernet link does not come up.

Conditions: When the interfaces that make the link are of 2x1GE V2 gig interface.

Workaround: There is no workaround.

CSCsu08935

Symptoms: bgp as-override doesn't work properly on a PE to overwrite the AS in the AS4_PATH.

Conditions: When a 4-byte CE is peered to a 2 byte capable PE using AS 23456 and the command as-override is configured on the neighbor, the PE router does not override the AS in the AS4_PATH with its own AS number, mapped to 4 bytes.

Workaround: Use "allowas-in" on the CE.

CSCsu12040

Symptom: BGP neighbors configured with as-override and send-label (CsC) together may not work after interface flap or service reset.

Conditions: neighbor xxx as-override neighbor xxx send-label.

Workaround: clear ip bgp * soft in

Further Problem Description: Peers (neighbors) with CsC (IPv4+label) BGP configuration with as-override option should be separated into different dynamic update groups during BGP update generation process. After CSCef70161 fix in 12.0(32)SY4 it is no longer the case, this fix CSCsu12040 enhance the CSCef70161 fix to handle the CsC (IPv4+label) case separately.

CSCsu21668

Symptoms: Customer is using carve-level 0 in their SY5 nodes (SIP-601) to avoid unnecessary buffer recarving and subsequent traffic disruption.

Conditions: carve-level 0

Workaround: There is no workaround.

CSCsu32015

Symptoms: Ping fails across FR subinterfaces over non channelized SPA.

Conditions: When channelized SPA is used on a bay and there are around more than 30 interfaces are created and used, later that SPA is removed and moved to some other bay or some other slot and this current empty bay is used for non channelized SPA and used for frame relay subinterface circuits, ping fails across FR sub interfaces.

Workaround: There is no workaround.

CSCsu40491

Symptom: When a second multilink is enabled between a PE to a connected CPE, the route may not be propagated to the remote PE. Ping from the local PE to the CPE always works fine over both multilinks; however ping from the remote PE to the CPE does not work when both links are enabled.

Conditions:

1. Routing protocol between the PE and the CE is BGP.

2. Two static route are defined on the PE toward the CE.

3. MLPPP is used on both links.

4. The PE is a Cisco 12000 series Internet router.

5. Both links are enabled.

These conditions do not guarantee that the problem will happen, but it may happen under certain circumstances.

Workaround: Either:

1. Redefine the static routes or shut/no shut both multilinks.

Or

2. Enable only one multilink.

Further Problem Description: The MPLS label shows as "aggregate" instead of "untagged" during the problem.

Resolved Caveats—Cisco IOS Release 12.0(32)SY6

Cisco IOS Release 12.0(32)SY6 is a rebuild release for Cisco IOS Release 12.0(32)SY. The caveats in this section are resolved in Cisco IOS Release 12.0(32)SY6 but may be open in previous Cisco IOS releases.

CSCse51041

Symptoms: A router crashes with an L2VPN error with L2VPN and L3VPN traffic on the node.

Conditions: This symptom is observed with L2VPN and L3VPN traffic on the node.

Workaround: There is no workaround.

CSCse56501

A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the device. Packets that are routed throughout the router can not trigger this vulnerability. Successful exploitation will prevent the interface from receiving any additional traffic. The only exception is Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash. Only the interface on which the vulnerability was exploited will be affected.

Cisco is providing fixed software to address this issue. There are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml.

CSCsf29803

Symptoms: An engine 3 linecard in an mVPN PE router with multicast egress QoS configured may report the following error message and may also reload after this message:

SLOT 10:Sep 5 15:12:43.879 UTC: %EE48-3-CONGA_MCAST: Table indices not linked: (tbl1=262129, tbl2=262136, prev=0, oiq_id=0, oi=0, oq=0)

Conditions: This symptom is observed when an engine 3 linecard in an mVPN PE router has both core interfaces and VRF interfaces configured and an output service policy applied to one or more of these interfaces.

Workaround: Limit engine 3 linecards with service policies to either core interfaces or VRF interfaces, and do not combine both interface types on a single linecard. Note that Cisco recommends that core and VRF interfaces not be configured on the same linecard anyway because any multicast packet that needs to egress on both interfaces will be software-forwarded and not hardware-forwarded. Alternatively, replace the engine 3 linecard with an engine 5 linecard.

CSCsg35077

Symptoms: A device that is running Cisco IOS software may crash during processing of an Internet Key Exchange (IKE) message.

Conditions: The device must have a valid and complete configuration for IPsec. IPsec VPN features in Cisco IOS software that use IKE include Site-to-Site VPN tunnels, EzVPN (server and remote), DMVPN, IPsec over GRE, and GET VPN.

Workaround: Customers that do not require IPsec functionality on their devices can use the no crypto isakmp enable command in global configuration mode to disable the processing of IKE messages and eliminate device exposure.

If IPsec is configured, this bug may be mitigated by applying access control lists that limit the hosts or IP networks that are allowed to establish IPsec sessions with affected devices. This assumes that IPsec peers are known. This workaround may not be feasible for remote access VPN gateways where the source IP addresses of VPN clients are not known in advance. ISAKMP uses port UDP/500 and can also use UDP/848 (the GDOI port) when GDOI is in use.

Further Problem Description: This bug is triggered deep into the IKE negotiation, and an exchange of message between IKE peers is necessary.

If IPsec is not configured, it is not possible to reach the point in the IKE negotiation where the bug exists.

CSCsg89512

Symptoms: In an MVPN topology, sparse mode, Auto RP, if the PE router has the same line card as the core and customer-facing router, and if there are two RP announcers, the RP point may not be selected correctly, and traffic will not go through.

Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(33)S.

Workaround: Select values for offset using the hw-module slot x ip multicast hw-accelerate source-table size a offset b command, which will prevent collision from happening.

CSCsh43283

Symptoms: Engine 2 line cards stop forwarding multicast traffic when the hw-module slot 2 ip multicast hw-accelerate command is issued.

Conditions: This symptom is observed when a higher priority bundle such as uRPF is already running.

Workaround: Unconfigure all the features to revert back to the vanilla bundle, and then reconfigure only the features that do not collide.

CSCsi17590

Symptoms: A CPUHOG message at the check heaps process is displayed when a large number of VRFs are configured. This may lead to BGP flapping.

Conditions: This symptom is observed when a large number of VRFs are configured on the box.

Workaround: Reduce the number of VRFs configured, if possible.

CSCsj10909

Symptoms: If you add the ip flow ingress command, it shows up in the running configuration. Once you add the no ip route-cache command, the ip flow ingress command disappears from the running configuration. If you add the ip route-cache command, it does not show the ip flow ingress command. You have to re-apply the ip flow ingress command to make it show up.

Conditions: This symptom is observed when the ip flow ingress and no ip route-cache commands are added.

Workaround: Re-apply the ip flow ingress command after adding the ip route-cache command.

CSCsj21785

Symptoms: A Traffic Engineering (TE) tunnel does not re-optimize to explicit path after an MTU change.

Conditions: The TE tunnel is operating via explicit path. The MTU on outgoing interface is changed. OSPF is flapped, and it does not come up as there is MTU mismatch (MTU is not changed on peer router). Meanwhile the TE re- optimizes to a dynamic path-option as expected. Now the MTU is reverted back to the previous value, and the OSPF adjacency comes up. The TE tunnel does not re-optimize to explicit path. Manual re-optimization of the TE tunnel fails as well, and the TE tunnel sticks to the dynamic path.

Workaround: Enter the shutdown command followed by the no shutdown command on the particular interface.

CSCsj22472

Symptoms: When an IXIA-simulated BGP neighbor is not up, BGP is forced to delete the ARP entry for the IXIA host for a while. During that period, the router has to send ARP, and traffic is lost for a while.

Conditions: While observed with other protocols, this symptom was noticed with a typical BGP configuration in which the peers are nonexistent. This would cause the SYN to be retransmitted multiple times, and after some threshold, the ARP entry would be purged.

The ARP entries gets flushed out when the TCP retransmission timer expires. This causes the CEF adjacency to be lost, and performance can drop for packets going to that destination until the ARP is resolved again. This problem is not specific to BGP and is applicable to anything that rides over TCP.

Workaround: There is no workaround.

CSCsj97877

Symptoms: Matching IP precedence does not match labelled packets, and matching experimental bits does not match pure IP packets.

Conditions: Occurs when E4P is egress and policing is configured in the policy.

Workaround: Match experimental bits for labelled packets and IP precedence for pure IP packets.

CSCsk10104

Symptoms: MPLS-TE tunnels do not come up after a core interface is brought down and then up again by entering the shutdown command followed by the no shutdown command.

Conditions: This symptom is observed when there are 200 MPLS-TE tunnels and 1000 VRFs configured on an NES-150 and when entering the shutdown command followed by the no shutdown command for the core interface when the traffic is on for all 1000 VRFs end to end.

Workaround: Enter the no mpls traffic-eng tunnels command followed by the mpls traffic-eng tunnels command, and all tunnels come up.

CSCsk98123

Symptoms: Tx traffic may get dropped due to a "precam 1 exception."

Conditions: This symptom is observed when vrf vlite and strict urpf are configured on the interfaces. This happens in all releases when adjacency indexes between 65528 to 65531 are used in TX SRAM Adjacency programming on line cards. This happens only on port 0.

Workaround: To recover from the situation, remove and re-apply the configuration on the interface when the problem is seen.

Alternate Workaround: Do not use port 0 on the line card. Using a subinterface will mitigate the issue.

CSCsl67149

Symptoms: A sync issue is observed with the standby and active configuration.

Conditions: This symptom is observed on a Cisco 12000 series router that is configured for MLPP/MFR. When an attempt is made to remove and add the members before the unprovisioning is completed, the member is added in standby but not in active; hence the configuration sync issue.

Workaround: Add the member after the unprovisioning is completed.

CSCsl89425

Symptoms: Bidirectional Forwarding Detection (BFD) sessions do not scale. This symptom is especially visible with OSPF client when one of the peers is rebooted after configuring the maximum number of BFD sessions.

Conditions: Occurs when configuring the maximum BFD sessions or total number of BFD sessions too close to maximum limit.

Workaround: Configure 90 percent of the maximum allowed BFD sessions.

CSCsl93596

Symptoms: When the MTU is changed on the core-facing E0 LC, all the E0 cards in the router crash.

Conditions: This symptom is observed with bidirectional traffic with an L3VPN, L2VPN configuration. There are also MPLS TE tunnels.

Workaround: There is no workaround.

CSCsm07692

Symptoms: A SIP600 crashes.

Conditions: When the primary CSC is shut, the SIP600 crashes.

Workaround: There is no workaround.

CSCsm32438

Symptoms: The ifStackStatus results for SPA-4XCT3/DS0 on GSR intermittently do not show relationship between Serial interface and T1, nor T1 to CT3.

Conditions: Occurs when running Cisco IOS Release 12.0(32)S6d with SPA-4XCT3/DS0. Polling ifStackStatus results do show layered relationship with Serial interface, T1 to CT3.

Workaround: Remove and add again the T1 link channel-group if possible.

CSCsm41303

Symptoms: A Cisco 12000 router with SIP-601 linecards may experience high CPU in the Tag Input process because of many packets being punted by the linecards to the PRP CPU. The packets are MPLS TTL expired packets that require an unreachable to be sent back. These packets should be processed on the linecard, but they are not.

Conditions: This symptom is observed only on SIP-601 10G linecards.

Workaround: There is no workaround.

CSCsm43195

Symptoms: A configuration of L2VPN interworking between SIP-601/GE SPA to SIP- 401/CT3/FR DLCI switching and with a QoS egress policy applied on the SIP-601 GE SPA interface, traffic may propagate egress on the GE port.

Conditions: When the policy is not applied, traffic flows egress on the GE SPA based interface. When the policy is applied, no traffic is seen egress on the GE interfaces.

Workaround: There is no workaround.

CSCsm45634

Symptoms: A BGP VPNv4 route is not imported and available immediately after an update is received. After approximately 3 to 20 minutes elapse since the router receives the update, the VPNv4 route becomes available.

Conditions:

This problem may occur once out of 15 attempts.

When the debug ip bgp vpnv4 unicast updates command is enabled, the following debug message can be observed.

BGP(4): no valid path for NNNNN:NNNNN:XX.XX.XX.XX/XX

When the show ip bgp vpnv4 command is entered for the prefix, an "(inaccessible)" state can be observed in spite of the available route.

Even if a General Scan is run after this problem occurs, the route is not available.

Workaround: There is no workaround.

CSCsm55274

Symptoms: Class Based Tunnel Selection (CBTS) stops working. Packets are sent through the wrong tunnel.

Conditions: This symptom is observed when the tunnel flaps.

Workaround: There is no workaround. Once CBTS is broken, only a reload of the Line card clears the problem.

CSCsm57369

Symptoms: On switchover, we see the overhead message appearing in config if we have not configured.

Conditions: This symptom is observed only if there is a switchover in RPR+ or SSO mode.

Workaround: Manually change the config to restore the previous config.

CSCsm70668

Symptoms: A soft OIR over E3:POS impacts complete traffic with a biscuit tunnel.

Condition: A soft OIR over E3:POS impacts complete traffic with a biscuit tunnel configured. In OIR "test mbus power 6 off" and "test mbus power 6 on" are performed followed by a microcode reload on slot 6.

Workaround: There is no workaround.

CSCsm92567

Symptoms: After an RP switchover (SSO), or performing the following procedure, the VPWS DLCI output queues become unallocated.

1. Add VPWS DLCI with service-policy to the FR main interface.

2. Add an FR subinterface but with LFI enabled.

3. Bounce the service policy class on the DLCI under the main interface.

Conditions: When a VPWS circuit is configured on the FR main interface and L3 subinterface has LFI enabled. QoS is applied to both L2VPN and L3VPN services.

Workaround:

1. Delete the LFI FR service-policy.

2. Bounce QoS again on the VPWS DLCI.

CSCso19748

Symptoms: An 80-byte buffer depletion occurs on E5, leading to an outage of all serial links.

Conditions: The conditions under which this symptom is observed are unknown.

Workaround: There is no workaround.

CSCso21681

Symptoms: An output policy on an MFR interface disappears when the SIP 601 card is reset.

Conditions: Configure the service policy and apply it to the output of the MFR interface. Reset the SIP 601 card, and the service policy will disappear from configuration.

Workaround: There is no workaround.

CSCso22730

Symptoms: Prefixes learned via IGP (ISIS) get assigned "imp-null" as the local label for them.

Conditions: The router has ECMP paths to uplink routers via POS interfaces. It runs ISIS as an IGP. There could be TE tunnel configured on the POS interface. And frequent interface flaps.

Workaround: There is no workaround. Clear the route or flap the interface to bring back the correct local label.

CSCso25848

Symptoms: With an ingress E2 GigE line card and an egress E5 line card, packets are dropped in the egress line card with TX bad BMA buffer counts increasing.

Conditions: This symptom is observed when the ingress is E2 and the egress is E5.

Workaround: There is no workaround.

Further Problem Description: This issue is not seen with an E3/E5 combination or an E2/E6 combination.

CSCso31508

Symptoms: CEF and hardware CEF for global default route are inconsistent. This may cause the default traffic to be sent through the wrong interface.

Conditions: This issue occurs under the following conditions:

1. Global default should point toward the core.

2. VRF default should be learned from the remote PE.

Workaround: Enter the clear ip route 0.0.0.0 0.0.0.0 command:

CSCso33290

Symptoms: L2VPN traffic on an MFR interface is unable to pass through FR/IETF encapsulation MPLS trunk. Furthermore, if this MFR interface is deleted and re-added, the following error messages are received.

SLOT 4:Mar 20 11:51:05.459 UTC: %SPA_CHOC_DSX-3-ERROR: Serial4/0/0/1:0: response parsing failed for DLCI (601) provisioning -Traceback= 40031238 408CA0D0 408D15B4 412C0438 412BF87C 412BFEF0 413BC9F0 413BCD3C 413BDC50 SLOT 4:Mar 20 11:51:05.471 UTC: %SPA_CHOC_DSX-3-ERROR: Serial4/0/0/1:0: response parsing failed for DLCI (602) provisioning -Traceback= 40031238 408CA0D0 408D15B4 412C0438 412BF87C 412BFEF0 413BC9F0 413BCD3C 413BDC50

Conditions: This symptom is observed after an MFR interface is deleted and re-added.

Workaround: There is no workaround.

CSCso41824

Symptoms: A router crashes with an unexpected exception to CPUvector 300.

Conditions: This symptom is observed when you configure MPLS trunks on an 4xT3E3 SPA with FR IETF encapsulation.

Workaround: There is no workaround.

CSCso47485

Symptoms: The E4+ line card crashes continuously with the following output:

SLOT 1:Jan 19 02:06:09.559 UTC: %TX192-3-CPUIF: Error=0x40

rd 0x15 base 0x12 hdr 0x14 last 0x14 wr 0x14 insert 0x0 back 0x1 len 0x2474 cnt 0x0

Conditions: There is no exact trigger. But this symptom is observed when there are corrupt packets being sent from the ingress card under unknown circumstances.

Workaround: There is no workaround.

CSCso53048

Symptoms: A router acting as an OSPF ABR for an NSSA area, when announcing a default route into the NSSA area, sets the LSA forwarding address to one of its interfaces instead of to 0.0.0.0. When there is more than one interface from that router into the NSSA area (load balancing), only one interface will be used by NSSA routers to forward traffic toward destinations reachable via the default route. If there is no default route present in the RIB, the forwarding address is set to 0.0.0.0, which will enable load balancing.

Conditions: This behavior is not present in Cisco IOS Release 12.0(32)SY4.

Workaround: To have load balancing, you may want to define a loopback inside the NSSA to be elected as the FA and have the FA visible from the interfaces into the NSSA.

CSCso65289

Symptoms: High CPU utilization is seen on a Cisco 12000 series Internet router caused by the IPC seat manager.

Conditions: This symptom is observed in production.

Workaround: There is no workaround.

CSCso72996

Symptoms: A SIP601 sometimes crashes or gets an alignment error.

SLOT 4:Mar 17 17:59:03.877 UTC: %ALIGN-3-SPURIOUS: Spurious memory access made at 0x408C1E14 reading 0xF SLOT 4:Mar 17 17:59:03.877 UTC: %ALIGN-3- TRACE: -Traceback= 408C1E14 408C03D4 00000000 00000000 00000000 00000000 00000000 00000000

Conditions: The conditions under which this symptom occurs are unknown.

Workaround: There is no workaround.

CSCso84392

Symptoms: In MVPN, on the source PE, multicast packets are punted to the RP CPU, and some packets are also dropped.

Conditions: Ingress E3 and egress E5, and the TUNSEQ error message appears.

Workaround: There is no workaround.

CSCso88575

Symptoms: The l2fwd traffic will stop forwarding, and we see a mismatch of the connection identifier (CI) of the channelized SPA and the CI value in the shim header of the l2 rewrite.

<snip>

Router1# execute-on slot 4 test hw sub 1 pm sho linkrec 4
========= Line Card (Slot 4) =========

Engineering internal use only
tag 0, id 4, anyphy 4, anyphy_flags 15, state 0
crc 0, idle 0, subrate 0, invert 0, priority 0
encap fr
ml_parent_id 1, corrupt_ci 65535, control_ci 2
dlci(0) = seq_ci(10)
dlci(20) = seq_ci(15) <<<< initially CI is 15
dlci(1023) = seq_ci(11)

Router1#

# spa_ct3_test freedm show glob
..
Number of Auto Do Not Resequence events : 1
Number of USN Do Not Resequence events : 1
CI that last experienced a lost sequenced datagram : 13
Number of datagrams detected with an unexpected SN : 6
CI that last experienced a unexpected SN : 15

Router1# execute-on slot 4 test hw sub 1 pm sho linkrec 4
========= Line Card (Slot 4) =========

Engineering internal use only tag 0, id 4, anyphy 4, anyphy_flags 15, state 0
crc 0, idle 0, subrate 0, invert 0, priority 0
encap fr
ml_parent_id 1, corrupt_ci 65535, control_ci 2
dlci(0) = seq_ci(10)
dlci(20) = seq_ci(13) <<< CI changed to 13 due to auto DNR
dlci(1023) = seq_ci(11)

Router2# ping X.X.X.X

Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to X.X.X.X, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Router1# execute-on slot 4 sho l2 hw l2tp 4425 tx de
========= Line Card (Slot 4) =========

Number of rewrites : 3, leaves : 3
Default PLU leaf : 0x14700003 (0 refs)
Default TLU rewrite: 0x1C008BA0 (0 refs)

Circuit ID               VMR ID                           PLU Leaf
20                           0x14600041                     0x0000000000000000800000001C0004FD
FCR                       Leaf Value                        TLU Addess (TLU/CPU)
L2TP-D-TX           0x800000001C0004FD    0x000004FD/0x1C009FA0

mac_len: 4, mac_string: 000F8004 04400000 <<<< bad shim header with old CI 15

Conditions: This problem will occur for l2vpns only on E5 channelized based SPAs.

Workaround: Enter into interface configuration mode.

Alternate Workaround: Remove and re-add the xconnect.

CSCsq00167

Symptoms: A 12000-SIP-401/501/601 has 8 MB of FSRAM with the fix CSCsm13564. But PLU and TLU adjacencies in the 12000-SIP-401/501/601 support up to 4 MB. This is causing a crash on the DT testbed.

Conditions: If the hardware is supporting 8 MB of FSRAM, the PLU can have access to this 8 MB. But this is not happening.

Workaround: Identified through the code review of CSCsm13564. There is no workaround.

CSCsq02883

Symptoms: A device crashes with ACL configurations.

Conditions: The RP will crash when the device is running low on memory or in a highly fragmented situation if an ACL/ACE is added/deleted.

Workaround: There is no workaround.

Resolved Caveats—Cisco IOS Release 12.0(32)SY5

Cisco IOS Release 12.0(32)SY5 is a rebuild release for Cisco IOS Release 12.0(32)SY. The caveats in this section are resolved in Cisco IOS Release 12.0(32)SY5 but may be open in previous Cisco IOS releases.

CSCeb69473

Symptoms: Device crashes with a segmentation violation (SegV) exception.

Conditions: Occurs when the connect target_ip [login|513] /terminal- type value command is entered with a large input parameter to the terminal-type argument such as the following:

router> connect 192.168.0.1 login /terminal-type aaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

Trying 192.168.0.1...Open login:

*** System received a SegV exception *** signal= 0xb, code= 0x1100, context= 0x82f9e688 PC = 0x61616160, Vector = 0x1100, SP = 0x833ae5a8

Workaround:

AAA Authorization: AAA authorization enables you to limit the services available to a user. When AAA authorization is enabled, the network access server uses information retrieved from the user's profile, which is located either in the local user database or on the security server, to configure the user's session. Once this is done, the user will be granted access to a requested service only if the information in the user profile allows it.

For a complete description of authorization commands, refer to the following links:

Configuring Authorization

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_a1.html

ACS 4.1 Command Authorization Sets

http://www.cisco.com/en/US/products/ps7032/index.html

ACS 4.1 Configuring a Shell Command Authorization Set for a User Group

http://www.cisco.com/en/US/products/ps7032/index.html

Role-Based CLI Access: The Role-Based CLI Access feature allows the network administrator to define "views," which are a set of operational commands and configuration capabilities that provide selective or partial access to Cisco IOS EXEC and configuration (Config) mode commands. Views restrict user access to Cisco IOS command-line interface (CLI) and configuration information; that is, a view can define what commands are accepted and what configuration information is visible. Thus, network administrators can exercise better control over access to Cisco networking devices. The following link provides more information about the Role-Based CLI Access feature:

Role-Based CLI Access

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtclivws.html

Device Access Control: Due to the nature of this vulnerability, networking best practices such as access control lists (ACLs) and Control Plane Policing (CoPP) that restrict vulnerable device access to certain IP addresses or Subnetworks may not be effective. Device access best practices provide some mitigation for these issues by allowing systemic control of authenticated and unauthenticated users. Device access best practices are documented in:

Infrastructure Protection on Cisco IOS Software-Based Platforms Appendix B-Controlling Device Access

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps6970/ps1838/prod_white_paper0900aecd804ac831.pdf

Improving Security on Cisco Routers

http://www.cisco.com/warp/public/707/21.html

CSCee24395

Symptoms: A Cisco router may reload if SNMP GetNextObjectInstance request is processed at clogHistoryEntry_get.

Conditions: This symptom is observed on a Cisco 7206VXR series router with NPE- 300 processor board running Cisco IOS Release 12.2(13)T5.

Workaround: Do not query the CISCO-SYSLOG-MIB. You may create a SNMP view to exclude this MIB and attach this view to all communities configured on the device. This will prevent any managers from accessing the CISCO-SYSLOG-MIB.

CSCef70161

Symptoms: External BGP neighbors that are configured in the IPv4 VRF address-family context may fall into different update groups, even if the outbound policy is identical. This situation slightly reduces the overall scalability because BGP cannot use update replication when sending updates to the neighbors.

Conditions: This symptom is observed on a Cisco router and is both release- and platform-independent.

Workaround: There is no workaround.

Further Problem Description: The symptom does not affect neighbors that are configured in the global IPv4 address-family context.

CSCeg25475

Symptoms: Filtering BGP routes by means of the distribute-list prefix MARTIAN in command applied to address-family ipv4 actually filters out M-BGP routes in address-family vpnv4.

Conditions: This symptom occurs when MPLS-VPNs are configured.

Workaround: Use route-maps to filter routes inbound.

Further Problem Description: It can be checked by means of the show ip bgp neighbors command that the prefixes are actually being filtered out from updates for address-family vpnv4, and not for ipv4, as it is configured.

CSCek26629

Symptoms: On doing a reload of the Edge E3 card while Fast Reroute (FRR) is active on a PW tunnel originating on another (core) E5 card, the following occurs:

a. MAC addresses are not learned on certain VLANS.

b. Traffic is not sent in the Tx direction for those VLANS. Traffic is not received at MAC addresses not learned for those VLANs at the remote router too.

The problem was observed for first N VLANs where N varies every time the test is repeated. The result is bi-directional traffic streams of known MAC addresses do not become unicast for those VLANs.

Conditions: The problem happens when FRR is active on a core E5 card, and there is a micro reload of the edge (AC) card, which is an E3.

Workaround: There is no workaround.

CSCek63384

Symptoms: A service policy is unexpectedly removed.

Conditions: This symptom is observed when you apply a service policy to a multilink interface and then the interface is reset.

Workaround: There is no workaround to prevent the symptom from occurring. When the symptom has occurred, reconfigure the service policy after the multilink interface has been brought up.

CSCek76062

Symptoms: A router crashes because of a block overrun (overwriting the memory block).

Conditions: This symptom is observed only when templates are exported in the export pak, which is used only in version 9 version of exporting.

Workaround: Version 5 could be used for exporting.

CSCek78719

Symptoms: While running a Cisco IOS Release 12.0(32)S image, an Engine 3 line card on a Cisco 12000 series router may report some CPUHOG error messages similar to the following:

%SYS-3-CPUHOG: Task ran for 2264 msec (282/155), process = Per-Second Jobs, PC = 400FC51C. -Traceback= 400FC524 400ACC0C 40102FCC 400ACC38 400D7580 400D756C

Conditions: This symptom happens during normal operation.

Workaround: There is no workaround.

CSCek79178

Symptoms: The dot1q tunneling ethertype 0x9100 interface configuration command disappears from the main interface after a route processor (RP) switchover.

Conditions: This symptom is observed after an RP switchover.

Workaround: There is no workaround.

CSCin98630

Symptoms: When an InARP request is received on an AAL5SNAP PVC, the router does not respond with an InARP reply.

Conditions: This symptom has been observed when the source address contained in InARP request is not in the subnet of the sub-interface on which PVC is configured.

Workaround: There is no workaround.

CSCsd10762

Symptoms: The following traceback appears:

FIB-4-FIBNULLIDB: Missing idb for fibidb Virtual4 (if_number 54).

Conditions: This symptom is observed when a router is reloaded.

Workaround: There is no workaround.

CSCsd90876

Symptoms: Memory corruption occurs when a | include is used with a CLI command. An already in-use block gets freed and causes this corruption.

Conditions: This symptom can happen with any usage when a | include is used with a CLI command. It was found using a script for IPSec that resulted in "Crash on OIR of IPSec SLC module."

Workaround: There is no work around. It is a programming defect.

Further Problem Description: It is a rare corner case memory corruption when a block gets freed even when it is in use. It is caught by a script under stress testing conditions which results in such a rare condition.

While using CLI and | include it is rare to get such a corruption. If it happens, it will lead to box reload.

CSCse52184

Symptoms: This issue may cause traffic interruption for a short duration because of FIB updates. This issue happens very frequently and affects traffic forwarding.

Conditions: This issue is seen when MPLS TE tunnels are configured.

This issue is triggered when an interface is shut down and then brought back up if that interface is carrying a large rate of traffic. The problem is intensified by two factors:

1) Tunnel interface is kept flapping because of: a) Reoptimization b) Connection down.

2) One tunnel flapping could trigger entire (or a very large number of) FIB updates.

So if we do not have 2), then traffic may just be lost for a very short duration, and it will not impact application.

Workaround: There is no workaround.

CSCse85151

Symptoms: Cisco Catalyst 4500 Supervisors and Cisco Catalyst 4948 that are running Cisco IOS Release 12.2(31)SG crash when one of the following commands are issued:

show buffers all

show buffers assigned

show buffers input-interface

Conditions: This symptom occurs when one of the following commands is issued:

show buffers all

show buffers assigned

show buffers input-interface

Workaround: Do not use any of the above commands. For troubleshooting high CPU issues use the steps indicated in the following tech tip instead:

http://www.cisco.com/warp/public/473/cat4500_high_cpu.html

CSCse92395

Symptoms: When configured for Layer 2 services, a single VLAN entry should match one or more VLAN tags. However, it was matching only a single tag.

Conditions: The lookup was set up to match only one tag.

Workaround: There is no workaround.

Further Problem Description: If you configure Layer 2 services on a single VLAN entry, packets that have more than a single tag are not passed.

CSCsf01190

Symptoms: The export destination command disappears from the running configuration.

Conditions: This symptom is observed under very specific circumstances. VRFs must be configured for the same destination as that configured for exporting. If these VRFs are deleted, for example with the no ip vrf command, the export destination is also deleted, leaving the code in a state in which the export destination will vanish from the running configuration.

(The fix checks whether any destinations are configured in the deleted VRF, and if yes, the loop that would overwrite this destination is simply exited).

Workaround: Do not delete VRFs when NetFlow is configured.

Alternate workaround: If you do delete VRFs, readd NetFlow export configuration via the CLI.

CSCsf20947

Symptoms: A default route that is originated and advertised to a BGP peer using the neighbor default-originate command may be ignored by the peer in favor of a traditional default route (from the BGP table) which is advertised to the same peer.

Conditions: This symptom is observed on a Cisco router after a route flap in the network causes the traditional 0.0.0.0/0 default route to be relearned by a router. In turn, the router advertises this default route to its peers, overriding the previously sent default-originate route. The result is that the BGP peer router learns the default route which has been propagated through the network, rather than the default route created using the neighbor default-originate command on the adjacent router.

Workaround: Manually clear the BGP neighbor to enable the peer router to correctly relearn the correct default route (the one generated by the neighbor default-originate command).

CSCsf97715

Symptoms: When both ACL and SNF are configured on one 3GE-GBIC-SC, SNF does not work and the CPU usage is high.

Conditions: This problem begins in Cisco IOS Release 12.0(28.4)S1. In the previous version, all works well.

Workaround: Keep only one feature on the LC or downgrade the Cisco IOS software.

CSCsg16778

Symptoms: A router may reload when Border Gateway Protocol (BGP) neighbor statements are removed from the configuration.

Conditions: This symptom is observed in rare circumstances on a Cisco router when BGP neighbors are removed very quickly by a script at a much faster rate than manually possible and when a large BGP table is already present on the router before the script adds and removes the BGP neighbors.

Workaround: There is no workaround.

Further Problem Description: If you manually remove the BGP neighbors, it is less likely that the symptom occurs.

CSCsg32689

Symptoms: A crash or traceback may occur when the route-map option for fall-over is configured for a BGP peer-session template or peer group.

Conditions: This symptom occurs when the fall-over [route-map map-name] is configured under router bgp autonomous-system-number.

Workaround: There is no workaround. Avoid using the route-map option.

CSCsg39295

Symptoms: Password information may be displayed in a Syslog message as follows:

%SYS-5-CONFIG_I: Configured from scp://userid:password@10.1.1.1/config.txt by console

Conditions: When using SNMP to modify a configuration by means of the CISCO-CONFIG-COPY-MIB, selection of ConfigCopyProtocol of SCP or FTP may result in the password being exposed in a syslog message.

Workaround: When using SNMP to modify a configuration by means of the CISCO-CONFIG-COPY-MIB, use the ConfigCopyProtocol of RCP to avoid exposure of the password.

CSCsg42672

Symptoms: On a Cisco router running Cisco IOS Release 12.0(32)S4 and configured with BGP and peer groups, if the Fast Peering Session Deactivation feature is configured in the peer group, the router automatically configures on the command a route map with the same name as the peer group.

For example:

RR# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
RR(config)#
router bgp 65001
RR(config-router)#
neighbor rrs-client fall-over ?
bfd Use BFD to detect failure route-map Route map for peer route <cr>
RR(config-router)#
neighbor rrs-client fall-over
RR# show run

<snip>

router bgp 65001

neighbor rrs-client peer-group neighbor rrs-client remote-as 20959 neighbor rrs-client update-source Loopback0 neighbor rrs-client fall-over route-map rrs-client <<<<<<<

The route-map does not exist.

Workaround: Configure the neighbor individually or use peer templates.

CSCsg48183

Symptoms: A router may unexpectedly send an ARP request from all its active interfaces to the next hop of the network of an SNMP server.

Conditions: This symptom is observed on a Cisco router that has the snmp-server host command enabled after any of the following actions occur:

You reload the router.

A switchover of the active RP occurs.

You enter the redundancy force-switchover main-cpu command.

Workaround: There is no workaround.

CSCsg66635

Symptoms: The IGP metric may be missing from the TE database.

Conditions: This symptom is observed on a Cisco router when TE is configured on a subinterface and when you enter the no shutdown interface configuration command on the physical main interface.

Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the subinterface on which TE is configured.

CSCsg84690

Symptoms: A default route with an incorrect mask may not be installed.

Conditions: This symptom is observed on a Cisco router that is configured for OSPF.

Workaround: There is no workaround.

CSCsg86567

Symptoms: When reloading a Cisco 7500 router (lsnt-ap-pe) with Cisco IOS Release 12.0(32)S5, several IDBINDEX_SYNC-3-IDBINDEX_ENTRY_LOOKUP and tracebacks occur in the standby log.

Conditions: This symptom has been observed on a Cisco 7500 router platform with MVPN configured.

Workaround: There is no workaround.

CSCsg86806

Symptoms: fast_tagrew will be missing in CEF, leading to an imposition failure for those recursive prefixes that are going over a tunnel.

Conditions: Recursive prefixes going over tunnel and tunnel flaps.

Workaround: Enter the clear ip route prefix command.

CSCsh02161

Symptoms: A Route Reflector (RR) does not withdraw a prefix that redistributes itself even if this prefix is removed from the BGP table.

Conditions: This symptom is observed on a Cisco router that functions as an RR that advertises two of the same prefixes with different Route Distinguishers (RDs) when one of these prefixes redistributes itself and when the other prefix is a route that is learned from an RR client via iBGP.

Workaround: There is no workaround.

CSCsh12493

Symptoms: After addition/deletion/modification of a VRF and the re-addition of associated configuration, it becomes apparent that the RIB is not being updated by BGP after reconvergence, and LDP neighborship is reestablished. As the RIB is not updated, neither is CEF. While BGP VPNv4 has the correct information, the RIB is empty of remote PE VRF subnets, and CEF has a default entry.

Conditions: This symptom is observed on Cisco 12000 series router that is running Cisco IOS Release 12.0(32)S6.

Workaround: Can be recovered by clearing BGP session.

CSCsh16951

Symptoms: There is high CPU usage by the TAG process on the E4+ ingress line card.

Conditions: This symptom is observed when MPLS traffic comes in to the ingress E4+ and the MPLS configuration on the ingress interface is removed.

Workaround: There is no workaround.

CSCsh20034

Symptoms: IPv6 traffic drops (in 6PE scenario) on PE (core facing interface). IPv6 version errors are also seen.

Conditions: This symptom is seen in Engine3 line card. This issue is seen in Cisco IOS Release 12.0(33)S and Release 12.0(32)SY2 images.

Workaround: Use the hw-module reload command.

CSCsh31546

Symptoms: Applying L4 operators (used with an ACL) on many interfaces at the same time generates a traceback.

Conditions: There is no set procedure for generating the traceback. You must play around with the configuration to generate it.

Workaround: Configure the ACL batch by batch; for example, 20 to 30 interfaces at a time.

CSCsh44940

Symptoms: Dynamic MAC re-write for port-channel causes around a 50-percent traffic drop.

Conditions:

A---LB1---------LB2---------LB3---B

1) Port-channel between LB2 and LB1 with two E5 members. Removed the member, whose MAC address is used for the port-channel, on both the routers.

2) Added the member back to the port-channel.

Traffic flows from B to A.

Workaround: Reload the microcode of the line card.

CSCsh58729

Symptoms: A router that is configured for MPLS FRR may crash.

Conditions: This symptom is observed on a Cisco 7600 series but is platform-independent.

Workaround: There is no workaround.

CSCsh75224

Symptoms: RP crashes in IFS code when a SSH or TELNET session is established while the switch is attempting to download a configuration.

Conditions: Occurs on a Cisco Catalyst 6509.

Workaround: There is no workaround.

CSCsh96294

Symptoms: An OSPFv3 neighbor may go down because of missing OSPFv3 hellos.

Conditions: This symptom is observed after upgrading to Cisco IOS Release 12.0(32)S.

Workaround: There is no workaround.

CSCsi01578

Symptoms: The MAC address on standby is 0 in Route Processor Redundancy Plus (RPR+).

Conditions: This symptom has been observed when doing RPR+ switchover. The traffic is lost. This was seen after CSCsh41107 was resolved. This is seen in Cisco IOS Release 12.0(32)SY2 and conn_isp.

Workaround: There is no workaround.

CSCsi07219

Symptoms: An Engine 3 4GE-SFP-LC= crashes by a Software Forced Crash after NetFlow-related configuration changes are made at the interface level. The crashes can occur from 30 minutes to several hours later.

Conditions: On a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(32)SY2 with a 4GE-SFP-LC=, NetFlow configuration changes at the interface level (Full NF or SNF) can trigger the crashes. This bug applies to NFv9.

Workaround: There is no workaround.

CSCsi17519

Symptoms: An E5 line card fails to boot up after multiple retries.

Conditions: This symptom is observed only on faulty hardware.

Workaround: There is no workaround.

Further Problem Description: The root cause is bad hardware that causes TCAM parity errors during line card init. In this particular line card, when the parity error interrupt is generated during line card init, the line card is reset. If the interrupt comes after line card init, the line card is not reset. So, in general, if the card reports multiple TCAM parity errors, and they are not correctable, it may be better to replace the hardware.

CSCsi21760

Symptoms: If all line cards are in an IOS RUN state, but one line card in the router that has a few SPAs is not coming up because of, for example, an FPD mismatch, then we just wait thinking that this line card is not ready to be up and hence force all other line cards not to have FIB downloaded.

Conditions: This symptom is observed while having a faulty SPA on a line card while all other line cards are working fine.

Workaround: There is no workaround. We might be seeing a design limitation. But this design can be improved rather than compromising on a 12-minute delayed convergence during router bootup.

CSCsi47635

Symptoms: The configuration of a deleted subinterface may show up on a new subinterface and may cause a traffic outage.

Conditions: This symptom is observed on a Cisco router that has IP interface commands enabled when a script adds and deletes ATM subinterfaces on a regular basis.

Workaround: Verify the subinterface configuration. When the configuration of a subinterface cannot be deleted, delete the subinterface, and then create a dummy subinterface that will pull the configuration that could not be deleted. Then recreate the first subinterface with a new configuration.

CSCsi62559

Symptoms: OSPF packets with IP Precedence 0 are classified by SPD as priority packets. This is an error because only IP Precedence 6 packets should be classified as priority packets by SPD.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(18) or a later release but may also affect other releases.

Workaround: Use ACLs to block invalid IP control packets from reaching the control plane.

CSCsi71283

Symptoms: All IGMP static groups are pruned from the configuration.

Conditions: This symptom is observed on a Cisco 12000 series Internet router with an engine 5 line card.

Workaround: There is no workaround.

CSCsi83259

Symptoms: The MPLS labels for packets that are forwarded via CEF and MPLS over a BGP route may not match the labels in the BGP table.

Conditions: This symptom is observed on a Cisco RPM-XF-512 that runs Cisco IOS Release 12.4(6)T5 but is not platform-specific.

Workaround: Enter the clear ip route command for the prefix in the VRF.

CSCsi93023

Symptoms: A MOD 48 line card gets stuck in the UP IOS state for more than 45 minutes after an RPR switchover.

Conditions: The line card is MOD 48 and contains two 2-port SPA-2XCT3/DS0. This is connected to another router with MOD 48 with two 2-port SPA- 2XCT3/DS0. This is a back-to-back connection with all the T1 links created on both the SPA-2XCT3/DS0. Both MLPPP and MLFR bundles are created with half of the T1 links assigned to MLPPP and the other half assigned to MLFR with traffic flowing in the links.

Under these conditions, when an RPR switchover is performed, the MOD 48 gets stuck in the UP IOS state and does not recover for 50 minutes. After this duration, it comes up automatically.

Workaround: There is no workaround. To recover immediately from this state, reload the card.

CSCsi96067

Symptoms: Process memory leaks on an FRoMPLS router.

Conditions: This symptom is observed under the following conditions:

The service-policy output command is configured on the interface.

Heavy-enough traffic is flowing to be shaped by the configuration.

Workaround: There is no workaround.

Further Problem Description: With about 110 pps of traffic flowing, the router crashes with "%SYS-6-STACKLOW" on the FR LMI process.

CSCsj12867

Symptoms: The following message can be seen after executing the write memory command, even though the version has not been changed.

Router# write memory

Warning: Attempting to overwrite an NVRAM configuration previously written by a different version of the system image. Overwrite the previous NVRAM configuration?[confirm]

The router then restarts with the following traceback:

-Traceback= 6067F3DC 6067FB38 605E3FE8 60686384 605E3FE8 605188BC 60518830 605444D4 60539164 6054719C 605AB65C 605AB648

Conditions: This symptom is observed on a Cisco 7206 VXR (NPE-400) with C7200-IO-FE-MII/RJ45= or C7200-I/O= running the Cisco IOS Release 12.2(24a) interim build.

Workaround: There is no workaround.

CSCsj14143

Symptoms: ifHCOutOctets and ifHCInOctets values retrieved from the IF-MIB are not correct.

Conditions: The circumstances under which this symptom is observed are unknown.

Workaround: There is no workaround.

CSCsj16016

Symptoms: With an ingress E2 GigE and an egress E5 (SIP 600/601 with a 1x10GE SPA), packets are dropped in the egress line card with TX bad BMA buffer counts increasing.

Conditions: This symptom is observed when the ingress is E2 and the egress is E5.

Workaround: There is no workaround.

Further Problem Description: This issue is not seen with an E3/E5 combination or an E2/E6 combination.

CSCsj17447

Symptoms: When the Asymmetric Carrier Delay feature (carrier-delay up <>) is configured in a PE (Cisco 12000)---CE (Cisco 7600) connection, the Cisco 12000 PE will not delay the carrier on link UP for 1-GE and/or 10-GE interfaces.

Conditions: Simply configuring the feature as follows:

carrier-delay up [seconds]

And the Cisco 12000 will not delay the link UP event for the number of seconds specified.

Workaround: There is no workaround.

Further Problem Description: The Asymmetric Carrier Delay feature is useful to prevent a mismatch of carrier delays between the Cisco 7600 and the Cisco 12000. This is especially useful when there are voice gateways behind the Cisco 7600 that rely on fast convergence on link DOWN and dampening routing for enough time on link UP to prevent packet loss.

CSCsj18284

Symptoms: Spaghetti FPGA fails to drain the half packets during error recovery, and an E3 12000-SIP-400 line card may reset.

Conditions: This symptom is observed when error recovery is triggered and traffic passes through the E3 12000-SIP-400 line card.

Workaround: There is no workaround.

CSCsj25144

Symptoms: Some CEF-related commands on a previously removed subinterface are (wrongly) retained when a new subinterface is configured. The following CEF-related commands are retained from previously removed subinterfaces:

ip cef accounting non-recursive external

ip load-sharing per-packet

For example:

Router(config-if)# interface Serial3/3/1:0.100 point-to-point <<< ADD .100
Router(config-subif)# ip cef accounting non-recursive external
Router(config-subif)# ip load-sharing per-packet
Router(config-subif)# no interface Serial3/3/1:0.100 <<< REMOVE .100
Router(config)# interface Serial3/3/1:0.200 point-to-point <<< ADD .200
Router(config-subif)# do show running-config interface Serial3/3/1:0.200

Building configuration...

Current configuration : 166 bytes !

interface Serial3/3/1:0.200 point-to-point
no ip directed-broadcast
ip load-sharing per-packet <<<<
ip cef accounting non-recursive external <<<<
no ip mroute-cache
end

Conditions: This issue is observed in Cisco IOS Release 12.0S on reused and new ATM or serial subinterfaces on a Cisco 12000 series Internet router. The issue is not seen in Cisco IOS Release 12.2S branches and later.

Workaround: Verify the subinterface configuration, and if the configuration cannot be deleted on this subinterface, delete this subinterface and then create a dummy subinterface, which will pull that configuration. Then recreate the prior subinterface.

CSCsj28800

Symptoms: The Engine 5 line cards on a router crash.

Conditions: When a router is configured to have TE tunnels with CBTS, and when the clear cef linecard command is executed, the Engine 5 line cards on the router crash. This problem is seen in any of the Cisco IOS Release 12.0(32)SY releases prior to Cisco IOS Release 12.0(32)SY5.

Workaround: There is no workaround.

CSCsj29012

Symptoms: When a rommon upgrade of the secondary RP is performed after a Cisco IOS upgrade, the active RP may crash.

Conditions: This symptom is observed on a dual RP setup. A Cisco IOS upgrade is performed by reloading the secondary RP, followed by a redundancy forced switchover. When the router is up, a rommon upgrade is performed on the secondary RP.

Workaround: There is no workaround.

CSCsj31964

Symptoms: The BFD protocol may go down if an interface is congested.

Conditions: This symptom is observed on a SIP-401 when 2-Gbps traffic is directed toward a Gigabit Ethernet interface that has a BFD session.

Workaround: On an Engine5 line card, apply 1CnD, nCnD service policy to map precedence 6 packets to low-latency queue. On an Engine3 line card, there is no workaround.

Further Problem Description: The problem is seen on both Engine3 and Engine5 line cards.

CSCsj32013

Symptoms: A Cisco 12000 series router may crash unexpectedly.

Conditions: This symptom is observed only in Cisco IOS Release 12.0(32)SY0f.

Workaround: There is no workaround.

CSCsj43087

Symptoms: VPLS traffic may not be passed.

Conditions: This symptom is observed when an E5 card is used as a P/PE facing card and the Control Word is disabled on the remote PE.

Workaround: Enable the Control Word on the remote PE.

Alternate Workaround: Use an E3 card instead.

Further Problem Description: By default, the Control Word is enabled. So this symptom will show up only when the Control Word is explicitly disabled on one end.

CSCsj44020

Symptoms: Packets may be forwarded to the wrong interface when a service policy is removed from another interface.

Conditions: This symptom is observed when, for example, multiple output service policies are removed on an interface or at the subinterface level.

Workaround: Remove and reapply the service policy on the problematic interfaces. Also you will see the problematic traffic for only a few seconds. The new traffic will go through the right interface; hence you may not even want to remove and reapply the service policy.

CSCsj50513

Symptoms: All line cards go to a WAITRTRY state.

Conditions: Switch Fabric Card and one line card through which traffic is coming is shut down.

Workaround: Reload the router.

CSCsj50619

Symptoms: By default on a Cisco 12000 Internet series router, Network Time Protocol (NTP) packets are marked with precedence 0 instead of precedence 6. This is to change the default behavior of NTP packet marking by the Cisco 12000 Internet series router.

Conditions: Locally generated NTP packets on the Cisco 12000 Internet series router are, by default, marked with precedence 0, instead of precedence 6, in the case that the router is an NTP server. The ip local policy command normally allows the precedence to be changed on locally generated packets. This works for other platforms but not on the Cisco 12000 Internet series router.

Workaround: There is no workaround.

CSCsj50773

Symptoms: Performing the snmpwalk on the ipRouteTable MIB may cause high CPU and reloads.

Conditions: This symptom is observed on a router that is running Cisco IOS Release 12.4(13b) or later releases.

Workaround: Create a view that excludes the ipRouteTable:

snmp-server view cutdown 1.3.6.1.2.1.4.21 exclude
snmp-server view cutdown internet included
snmp-server community <comm> view cutdown RO

This view restricts the objects that the NMS can poll. It excludes access to the ipRouteTable, but allows access to the other MIBs.

CSCsj50949

Symptoms: MVPN Decap node is classifying the multicast traffic stream according to the GRE tunnel IP precedence. The show policy interface command packets counter is incrementing for the wrong class/queue.

Conditions:

P node (Cisco 12000 series Internet router), with ingress E3 line card. Ingress MQC policy re-marking (set ip precedence) multicast traffic.

Cisco 12000 act as an MVPN Decap node, ingress E3 line card with egress multicast policy enabled. Traffic matching P re-marked IP precedence.

Workaround: There is no workaround.

CSCsj53361

Symptoms: IS-IS adjacencies may flap after a stateful switchover (SSO) has occurred.

Conditions: This symptom is observed when there are large number of adjacencies (for example, 16) and when the IS-IS database is large (for example, one LSP containing 5000 routes).

Workaround: Increase the hold time that is advertised in the IS-IS Hello (IIH) packet by entering the router isis nsf advertise holdtime 90 command on the router on which the SSO occurs.

CSCsj58716

Symptoms: Traffic drops occur on egress SIP-X01 interface during congestion.

Conditions: The problem occurs when egress is any SIP-X01 card, there is congestion on the outgoing interface, and no default queue-limit is configured explicitly for the traffic class.

Workaround: The problem does not occur when a low qlimit is configured on the class and WRED is also configured.

CSCsj62182

Symptoms: A Cisco 7200 router may crash.

Conditions: This symptom is observed when MFR is configured on the Cisco 7200 router and you try to attach a QoS service policy to the MFR interface.

Workaround: There is no workaround.

CSCsj62309

Symptoms: Unexpected flows are seen on a GSR configured with aggregate netflow and acting as a provider edge (PE) router. The unexpected flows are seen in the output direction of the CE-facing interface (VRF interface).

Conditions: When traffic is generated (FTP, UDP, ICMP, etc.), we can observe strange flows of IP precedence 5 (TOS A0). If there is no traffic flowing through, then the flows are not seen. The router runs Cisco IOS Software 12.0(32)S6. Both ingress and egress line cards are ISE Engine 3 line cards. The P-facing interfaces are bundled in a port-channel.

Workaround: There is no workaround, and this impacts customer billing.

Further Problem Description: The flows can be seen through the following command:

router# execute-on slot3 sh ip cac ver flow agg as-tos | i Gi3/1.999

========= Line Card (Slot 3) ========= Gi3/1.999 0 PortCh1 0 00 64 121K 46 147.2 Gi2/0 0 Gi3/1.999* 0 00 96 238K 1300 144.6 Gi2/0 0 Gi3/1.999* 0 A0 76 3996 442 115.8 >>> Unexpected

CSCsj68299

Symptoms: The line card crashes when the interface MTU is changed.

Conditions: This symptom is observed when having both ingress and egress E0 cards with MPLS in the core and when an ATOM tunnel is configured on the egress line card.

Workaround: Before changing the MTU, stop the traffic across all the E0 line card interfaces. You can resume traffic after changing the MTU.

CSCsj72032

Symptoms: Control Plane Policing (COPP) fails after line card is reloaded.

Conditions: Occurs when line card is reloaded.

Workaround: There is no workaround.

CSCsj72039

Symptoms: The prefix of a serial interface that is configured for PPP or HDLC and that functions as a passive interface for IS-IS may not be installed in the local IS-IS database.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(18)SXF6 but is not release-specific.

Workaround: Remove and reconfigure the passive-interface command.

First Alternate Workaround: Enter the clear isis * command.

Second Alternate Workaround: Enter any command that triggers the generation of the local IS-IS database.

CSCsj77669

Symptoms: GRP may crash continuously on reload if an MFR interface on the router has the bfd neighbor command configured.

Conditions: This symptom is observed when the bfd neighbor command is configured on an MFR interface.

Workaround: Issue send brk from the telnet> prompt and boot the router with a boot image. Then remove the bfd neighbor configuration from the MFR interface and reload the router with the regular image.

CSCsj77998

Symptoms: Bidirectional Forwarding Detection (BFD) sessions do not come up on Cisco ISR routers.

Conditions: BFD sessions remain in Down state and do not transition to Up state.

Workaround: There is no workaround.

CSCsj84706

Symptoms: The following error message is displayed:

MBUS_C2W-3-PROGRAMMING_FAILURE

Conditions: This symptom is observed after online insertion and removal of an E5 10GE SPA.

Workaround: There is no workaround.

CSCsj87371

Symptoms: When MPLS traffic engineering tunnel (TE Tunnel) and fast reroute (FRR) are configured on a Cisco 12000 Series router, FRR backup tunnel does not restore MPLS LDP/TDP encapsulating packets inputting from E4 Line Card.

Conditions: When next hop is head-end LDP/TDP over TE tunnel and FRR become active, the labeled packets are not protected by the backup TE tunnel, causing continuous packet drop until a new path is installed.

Workaround: There is no workaround.

CSCsj88891

Symptoms: A console message is displayed with an unknown MPLS peer and VCID.

Conditions: This symptom is observed after the xconnect configuration is deleted.

Workaround: There is no workaround.

CSCsj91286

Symptoms: The following traceback is seen on boot when upgrading or downgrading an image:

%MBUS_C2W-3-SPA_UNKNOWN_C2W_DEVICE: cannot find SPA's C2W device for slot:

Additionally, the running configuration for all SPAs may be lost from an engine 5 card.

Conditions: This issue is due to the Mbus Agent ROM and Mbus Agent RAM.

Workaround: Copy the startup configuration to the running configuration.

CSCsj96786

Symptoms: A 10-gigabit link with an SPA-1XTENGE-XFP= might see very sporadic short-time flap although the fiber and signal are clean.

Conditions: This symptom is observed on a 10-gigabit link with an SPA-1XTENGE- XFP=.

Workaround: Configure carrier-delay under the interface of the remote end to prevent the flap. Short packet drop might still be seen.

CSCsj98594

Symptoms: A 12000-SIP-600/601 line card reloads.

Conditions: This symptom is observed when netflows are used.

Workaround: There is no workaround.

CSCsj98725

Symptoms: The following traceback occurs:

SLOT 2:Jan 25 19:13:34 UTC: ee192_tx_q_cleanup_guts(): EE_QM_QOS_INTERNAL_ERROR

Conditions: This symptom occurs when a policy or class is added or deleted, and when an interface goes from available to unavailable.

Workaround: Reload the line card to bring it to a normal state.

CSCsj99269

Symptoms: With some VPN configurations such as configurations with a multipath import or an import map, the CPU usage of the router may be very high for a long time, even after BGP convergence has occurred.

Conditions: This symptom is observed on a Cisco router that functions in a highly scaled environment involving several hundred of VRFs and occurs after the router has been reloaded or after a switchover has occurred.

Workaround: There is no workaround.

CSCsj99715

Symptoms: The queuing ASIC is stalled with bits 56/62 set in the interrupt status register, leading to a traffic outage.

Conditions: This symptom is observed when policies are repeatedly added, leading to a timing issue.

Workaround: There is no workaround.

CSCsk00458

Symptoms: A PRP crashes and displays the following message:

%SYS-3-BADFREEMAGIC: Corrupt free block

Conditions: This symptom is observed after moving to the Cisco IOS Release 12.0SY train when IP SLA HTTP probe is configured via SNMP.

Workaround: Use the CLI to configure the IP SLA HTTP operation.

CSCsk02675

Symptoms: Route processor crashes.

Conditions: Occurs when the CEF line card is cleared and the multilink bundle is unprovisioned at the same time.

Workaround: Do not clear the CEF line card and unprovision the bundle concurrently.

CSCsk02919

Symptoms: IPv6 traffic is interrupted in one direction following an online insertion and removal (OIR) of a line card.

Conditions: This occurs when a CRS1 and GSR are connected by Gigabit Ethernet. When an OIR is performed on the line card of the CRS1, IPv6 traffic going from the GSR to the CRS1 immediately resumes, but then is interrupted for 4 seconds.

Workaround: There is no workaround.

CSCsk03336

Symptoms: Interface counters on line cards may show incorrect packet input statistics in the output of the show interface command.

Conditions: Occurs when the "CEF LC IPC Backg" process causes the line card CPU to exceed 90 percent. This is seen when an unstable network causes excessive CEF updates.

Workaround: There is no workaround.

CSCsk04682

Symptoms: The queuing ASIC is stalled with bit 56/62 as seen when the show controller frfab qm reg command is executed on the line card that corresponds to the Interrupt Status Register field.

Conditions: This symptom is observed when the same service policy is applied on many interfaces with repeated deletion and attachment of service policies.

Workaround: Use unique policy names on each interface.

CSCsk05059

Symptoms: A spurious access error occurs in tfib_post_table_change_sanity_check () function.

Conditions: This symptom occurs if route is deleted. ROUTE_DOWN event is triggered in tfib_post_table_change() function which in turn calls tfib_post_table_sanity_check(). In that function, spurious access is reported, as the only path of route is down.

Workaround: There is no workaround.

CSCsk08317

Symptoms: Output from the show hip hardware-clef command shows incorrect slot.

Conditions: Occurs on Engine4+ line card of Cisco 12000 series router when the prefix has two next hop with load balancing

Workaround: Enter the clear hip route prefix command to correct the problem.

Further Problem Description: The problem is that we have an IP link to a destination and more than one tunnels to the same destination. On a tunnel head router with E4+ as the ingress LC, the primary link is through the IP and not the LSP. When the IP link is down the LSP takes over and when the IP is back on, the LSP should give way to the IP to be the primary path. However, with E4+ the path is not switched back to IP.

CSCsk08440

Symptoms: The E4+ line card crashes continuously with the following output:

SLOT 4:Jul 29 09:40:52.844 UTC: %TX192-3-CPUIF_ERR: Underrun Error: Read Pointer Crosses Write Pointer. -Traceback= 400310C4 411E4614 408E1934 4092B4C8 40A2FE1C 40A304F4 40110920

Conditions: Occurs when packets with corrupted IP header length are received by the Tx E4+ line card.

Workaround: There is no workaround.

CSCsk12399

Symptoms: This may crash the router that is configured for ATM local switching between IMA interfaces that are configured on CEoP SPA cards (that is, a SPA-1CHOC3-CE-ATM or SPA-24CHT1-CE-ATM).

Conditions: When you perform an OIR of the SIP in which the CEoP SPAs are installed or when you attempt to remove the local switching connect statements by entering the no connect connection-name command during the IMA link is flapping.

Workaround: Ensure that the IMA link state is stable before you perform the OIR or enter the no connect connection-name command.

CSCsk12898

Symptoms: After the ip multicast boundary access- list command is applied, in LHR, (*,G) entries are retaining the C flag.

Conditions: This symptom may be observed when the ip multicast boundary configuration command is used.

Workaround: There is no workaround. But there is no expected impact on router operation either.

CSCsk14495

Symptoms: A bogus line card crash is reported during a PLIM reset.

Conditions: This symptom is observed during a PLIM reset.

Workaround: There is no workaround.

CSCsk14770

Symptoms: The following error message is reported by the edge facing card (Eng3CHOC12):

SLOT 1:Aug 20 00:02:17.150: %EE48-3-ALPHA_MCAST: Can't assign new hw_mdb - (S,G)=(192.168.230.46,224.20.10.1), mi=29, side=TX

Duplicate OIQ information for an MGID in an egress line card above can be checked using the following command on the line card:

show ip hardware-mdfs tx entry mgidValue

The above command shows OI and OQ values corresponding to the mgidValue. If two entries have the same OI and OQ information, then the problem has occurred.

Conditions: This symptom is observed with an MVPN configuration with the E4P toward the core and the E3CHOC12 card toward the edge.

Egress E3 interface is configured with QoS policies.

E3 multicast forwarding entries have collision scenario for two (S, G) entries.

Workaround: Configure the E3 hw multicast such that there is no collision in any (S, G) entries.

Further Problem Description: In an egress E3 line card, with QoS, which is passing Multicast/MVPN traffic, two or more (S, G) mroutes may be colliding because of the configuration below.

Hw-mo slot slotNum

ip multicast hw-accel size sizeVal

offset offsetVal

Under the above configuration, while deleting a colliding HW-switched entry, a missing OI/OQ deletion causes the above problem.

CSCsk15520

Symptoms: In loadable case of MPLS-TE, FRR is triggered for interface that does not goes down.

Conditions: Occurs on a Cisco 12000 Series Router with MPLS-TE tunnels using equal cost load balancing. When the protected interface of one of the tunnels does down, FRR is triggered for both tunnels. It is not required to trigger FRR for other tunnel.

Workaround: There is no workaround.

CSCsk15805

Symptoms: If you shut down a TE tunnel interface and you have a static route through the tunnel, the routing table is not updated immediately but only when the static scan runs (every minute by default).

Conditions: This problem is fine if the static route is pointing to a physical interface and happens only with TE tunnel interfaces when it is configured with the ip routing protocol purge command.

Workaround: Remove the ip routing protocol purge command or tune the adjust timer (ip route static adjust-time command).

CSCsk16454

Symptoms: The MPLS-to-IP path might be improperly programmed on an Engine 2 line card that faces the MPLS core, which might cause VPNv4 packet loss.

Conditions: When ACLs are removed from an Engine 1 line card, which might or might not have MPLS enabled, an Engine 2 line card that faces the MPLS core doing label disposition might have improper information in the hardware forwarding path.

Workaround:

1. Enter the shutdown command followed by the no shutdown command on the interface/subinterface that faces the CE.

2. Enter the clear ip route vrf vrf- name * command.

3. Enter the shutdown command followed by the no shutdown command on the Engine 2 interface that faces the MPLS core.

CSCsk25046

Symptoms: For a policy applied to an interface with an ifindex of 14, the corresponding entry will not appear in cbQosServicePolicyTable. This is impacting device monitoring.

Conditions: The following two conditions are required for the issue to exist:

There should be an interface with an ifindex of 14 with a policy applied.

There should a be a policy applied on the control plane.

Workaround: Remove the policy on the control plane.

CSCsk29057

Symptoms: When an MFR interface is configured for L2TPv3, CE-CE pings fail. The imposition rewrite is not getting programmed on the channelized card.

Conditions: This symptom is observed when an MFR interface is configured for L2TPv3.

Workaround: There is no workaround.

CSCsk30567

Symptoms: A Cisco 12000 Internet series router with Eng5 line cards may not pass traffic when acting as an Autonomous System Border Router (ASBR) in an Inter-AS VPN Option B configuration.

Conditions: This symptom is observed when VPN routing/forwarding (VRF) is removed from the ASBR. The MPLS labels advertised on the eBGP peering for the VPNv4 prefixes are not programmed in the line cards, so traffic is dropped. The label for a prefix can be seen on the route processor, but not on the line cards. This occurs when there are numerous prefixes in the BGP and with PRP2 with Eng5 line cards.

Workaround: Disable and enable the affected prefix. This updates the labels on the line cards.

CSCsk30571

Symptoms: Field diagnostics fail (indicating a DOWNLOAD FAILURE) on the standby PRP2 when the PRP2 has 4 GB of memory installed. After 40 minutes, the default download time limit, field diagnostics declare a download failure and reload the board. The failure message for this looks like the following:

Field Diagnostic: ****DOWNLOAD FAILURE**** while preparing slot {#}

Field Diag eeprom values: run 3 fail mode 5 (DOWNLOAD FAILURE) slot {#} last test failed was 0, error code 0 Shutting down diags in slot {#}

Board will reload

Conditions: This symptom is observed for any release of Cisco IOS software when you attempt to run field diagnostics on a standby PRP that has 4 GB of memory.

Workaround: There is no workaround.

CSCsk34458

Symptoms: An E5 line card with a 1x10GE SPA can crash when the laser of a JDSU T-BERD 8000 test set that is connected to the 10GE interface is enabled.

Conditions: This symptom is observed on a router that contains an E5 line card with a 1x10GE SPA and redundant PRP-2 processors that are booted with the c12kprp-p-mz.12.0(32)S7 image and that are running in RPR+ mode.

Workaround: There is no workaround.

CSCsk35283

Symptoms: The following message is observed on the console:

%EE48-3-ALPHA_MCAST: Can't assign new hw_mdb

Conditions: This symptom is observed on an E3-choc12 line card when multicast-egress-qos is enabled on the line card and when at least eight OIF for a VRF mroute are on the same line card.

Workaround: Spread out the VRF interface distribution so that none of the line cards contain more then seven interfaces.

Further Problem Description: The best known way to recover is through a reload of the line card.

CSCsk35970

Symptoms: Excessive CPU usage occurs on a Cisco 12000 Series Router running Cisco IOS Release 12.0(32)S and configured for BGP multipath with several iBGP and eBGP peers.

Conditions: TblVer is incrementing every 5 minutes, causing the BGP router process to use maximum CPU every 5 minutes.

Workaround: There is no workaround.

CSCsk36276

Symptoms: Traceback seen at tfib_post_table_change_label_request_needed.

Conditions: SSO switchover is the reason for the above traceback.

Workaround: There is no workaround.

Further Problem Description: Even during SSO switchover, route cannot have null rdb in index 0 when ROUTE_UP/ROUTE_MODIF is coming. This could be an issue in routing component, but still we fix it in mpls-lfib to handle spurious access.

CSCsk36552

Symptoms: Some packet flows may be dropped when the next hop is load-shared between MPLS-TE tunnel and physical interface.

The next-hop entry for the physical interface is invalid in Hardware-CEF table in ingress line card during this problem. This causes some packet flows that look up the invalid entry as the result of hash calculation to be dropped. The other flows that look up the tunnel interface are not affected.

This problem may be observed when using Engine 3 or Engine 5 as the ingress line card on the Cisco 12000 Internet series router.

You can check the detail of Hardware-CEF table for this problem by the following command in Engine 3 and Engine 5.

show ip hardware-cef prefix detail

Conditions: This problem occurs when the next hop is load-shared between MPLS-TE and physical interface.

Workaround: There is no workaround.

CSCsk47914

Symptoms: Traffic forwarding stops upon mic-reloading the egress card when E4+ is ingress.

Conditions: Mic-reload the egress line card.

Workaround:

1. Mic-reload the E4+ line card to recover.

2. The clear cef lineard ingress-card-slot command recovers the traffic.

CSCsk49685

Symptoms: With Fast Reroute (FRR) enabled, VPNv4 packets are discarded for up to 5 seconds while the traffic is switched over to the backup TE tunnel.

Conditions: This symptom is observed with Cisco IOS Release 12.0(32)SY4 for VPNv4 traffic ingress to Cisco 12000 Internet router Engine-2 line card.

Workaround: There is no workaround.

CSCsk49843

Symptoms: An E3 4xOC12 ATM line card may crash on enabling feature mode, when there is a VRF configured on an IPv6 enabled interface.

Conditions: E3 4xOC12 ATM line card, IPv4 VRF configured on IPv6 enabled interface, feature mode enabled for the line card.

Workaround: Apply an IPv6 ACL to "permit any any."

CSCsk51658

Symptoms: PLIM is getting reset on 6-port T3 channelized line cards.

Conditions: This symptom is observed on 6-port T3 channelized line cards.

Workaround: There is no workaround.

CSCsk52866

Symptoms: Router crashes after issuing interface SPA 1/1 "hw-module subslot 1/1 reload" command. The SPA remains in the "booting" status, and after a while it comes up. A crashinfo is generated.

Conditions: This card has to be reset because of a problem related to the card: message repeating "%GRPSPA-3-VCCFG_ERROR: VC config command error" as well as other messages.

Workaround: Do not use the interface SPA "hw-module subslot x/y reload" command.

Further Problem Description: This caveat handles the crash only. The messages displayed leading to necessity to reload the card is not covered in this caveat.

CSCsk55768

Symptoms: IP connectivity is lost upon the occurrence of a short flap (microflap) in the optical signal.

Conditions: No particular conditions trigger this situation.

Workaround: There is no workaround.

CSCsk58013

Symptoms: A router is crashing with Unexpected exception to CPUvector.

Conditions: This happens on a Cisco 7200 when removing CBWFQ with encapsulation frame-relay.

Workaround: There is no workaround.

CSCsk62471

Symptoms: T1 controllers are down, serial interfaces are down too, after line card reloaded on both back-to-back router with CT3 and CHSTM1 SPAs.

Conditions: In a scaled configuration, reload the line card within 3 minutes.

Workaround: Reload router, or for CT3 SPA, controller T3 0/3/2/0 no framing m23 commit framing m23 commit

CSCsk64052

Symptoms: When an E3 LC which is also a customer-facing LC for an mVRF is reloaded, PIM neighborship over default MDT may be lost for the same mVRF. This problem is very rare.

Conditions: This occurs when VPN routing/forwarding (VRF) uses interfaces configured on a line card other than the one that was reloaded.

Workaround: Do not reload the line card.

CSCsk66339

Symptoms: A Cisco 7600 router running 12.2(18)SFX6 may encounter a condition such that when ISIS and Traffic Engineering are configured, ISIS should remove the native path from its local RIB and call RIB code to remove the path from global RIB but fails by either not passing the "delete" msg to RIB properly or RIB does not react when it received the "delete" call.

Conditions: Show mpls traffic-engineering tunnel output may indicate "Removal Trigger: setup timed out" status.

Workaround: Shut/no shut the interface or change the metric temporarily to force an update: "tunnel mpls traffic-eng autoroute metric 1".

CSCsk70924

Symptoms: Some Frame Relay interfaces stop forwarding traffic after the shared port adapter (SPA) is reloaded.

Conditions: The issue happens with Frame Relay interfaces configured on an SPA using any of the following SIP on a Cisco 12000 series Internet router:

SIP-401

SIP-501

SIP-601

SIP-600

Workaround: Reload the line card that has the affected interfaces.

CSCsk71509

Symptoms: LC Engine 5/ 12000-SIP-601, running 32SY1 or SY4 stop forwarding after I configured the follow a default network by command. I tested with SPA-8XCHT1/E1 and 10Gigabit under with the same behavior.

ip default-network 192.168.228.0

Conditions: LC Engine 5/ 12000-SIP-601, running 32SY1 or SY4 configured with ip default-network 192.168.228.0.

Workaround: Use an IGP to propagate the default route 0.0.0.0. BGP or OSPF works. The static route 0.0.0.0/0 works too.

CSCsk75759

Symptoms: RP does not boot up if it is power-cycled immediately on upgrading the rommon.

Conditions: Happens only with 12.0(33)S based image.

Workaround: Avoid powercycle of the PRP immediately after the upgrade. Boot IOS after the rommon upgrade.

CSCsk76076

Symptoms: There are no netflow data for the traffic received on the port-channel 1. There is netflow data for the traffic received on port-channel 2, but the data match with the traffic from first interface of the bundle. Netflow data are still correct for the traffic sent to a port-channel interface (netflow destination interface).

Conditions: Sampled netflow configured on a 12416 router, 2 port-channel configured. Upgrade the Cisco IOS software from version 12.0(32).S5 to version 12.0(32).S8.

Workaround: There is no workaround.

Further Problem Description: Sampled netflow configuration was not changed from the one running normally under 12.0(32).S5.

CSCsk78809

Symptoms: If the traffic flow rerouted a couple of times due to routing information changes under heavy load. The LC suddenly stops forwarding traffic and then even if the utilization is zero LC does not forward packets anymore.

Conditions: This problem seen on L3 Engine 5 cards.

Workaround: "reload slot x"

CSCsk81155

Symptoms: OSPFv3 loses hello packets resulting in neighbors flapping.

Conditions: This symptom is observed on a Cisco 12000 series Internet router with 12.0(32)S7 and later when TE tunnels are configured.

Workaround: There is no workaround.

CSCsk81725

Symptoms: All E6 line cards are holding incorrect output slot information in hardware cef for default route; at the same time, other E4+ and E2 line cards have no problem for hardware cef.

Conditions: Unknown.

Workaround: Enter the clear ip route 0.0.0.0 command.

Further Problem Description: CSCek32526 addresses the same problem, but it has been fixed in Cisco IOS Release 12.0(32)S03.

CSCsk82701

Symptoms: HSRP Virtual IP address is unreachable; IP address assigned to the interfaces is reachable.

Conditions: Problem was seen in Cisco 12000 series Internet routers with different SPAs. Problem occurs only when line card is installed for the first time or if it is moved between slots. Problem occurs only if you have under the same interface the HSRP config as well as the interface assigned to a VRF, see below.

interface GigabitEthernet3/0/0.5 ip vrf forwarding CSCsk82701 <<< ip address X.X.X.2 X.X.X.X standby 1 ip X.X.X.1 standby 1 priority 110 standby 1 preempt

Trigger: When module is installed for the first time or moved into different slots. Configuring HSRP on an interface assigned to a VRF.

Frequency: Always.

Impact: HSRP virtual ip is unreachable.

Workaround: Reload active and standby router, because if you reload only active, there is a chance standby router once becomes active may hit the problem.

Or, remove the HSRP configuration before moving the line card.

Issue Verification: Enable debug arp on the active router and have a customer or standby trying to ping the virtual IP; active router does not reply to ARP requests.

CSCsk84729

Symptoms: Protocol independent multicast (PIM) neighbor does not form over tunnel interface when VPN routing/forwarding (VRF) is re-added. If the neighbor does form, the multicast traffic continues to drop on the E3 line card.

Conditions: Occurs after a VRF is removed and later re-added. This was observed in Cisco IOS Release 12.0(32)S.

Workaround: Remove and re-add the hw-module slotXip multicast hw-accelerate source-table size. However, this will impact traffic.

CSCsk86526

Symptoms: After the long haul fiber cut is restored on DWDM equipment, the interface on E4+ is stuck.

Conditions: Test GSR (E4+) ---(local fiber)--- Huawei DWDM ------ long haul fiber -------- Huawei DWDM ---(local fiber)---- Customer GSR

LOF is seen on E4+ which is not getting cleared upon restoration of Long haul fiber cut. This is causing the interface not to come up.

Workaround: Framer is not sending an interrupt to clear the LOF in software. So fixed this issue with a workaround like when LOS interrupt comes to clear LOS, check the status of LOF also and clear it if it is not present.

CSCsk99530

Symptoms: The MPLS forwarding table has an untagged outgoing entry for a VPNv4 prefix in a CSC case.

Conditions: This is an LDP/IGP (OSPF etc.) based CSC-PE. The VPNv4 prefix shall have a local/redistributed (PE-CE OSPF etc.) path as well as an iBGP path. If the CE path is toggled and then there is a LABEL ONLY change from the iBGP neighbor, the issue will be seen. BGP will end up programming "Untagged" for the local/redistributed prefix, overwriting what is given by LDP.

Workaround: There is no real workaround. To clear the problem, issue a clear ip route command for the vrf-prefix in question. If there are redundant paired PEs, make sure to clear the problem on both routers with the clear ip route command.

CSCsl09752

Symptoms: Stale mgids are causing packet drops on a PE router.

Conditions: Send traffic from VRF. Stop the traffic until the mroute entries are cleared. Then send traffic from core. Then we can see the packet drops.

Workaround: There is no workaround. Just reload the line card to clear those stale mgids.

CSCsl11335

Symptoms: The number of entries obtained from the "ciscoMvpnBgpMdtUpdateTable" table via getmany is incorrect.

Conditions: This symptom is observed on a Cisco 7200 router loaded with Cisco IOS Release 12.4(17.9)T.

Workaround: There is no work around

CSCsl15026

Symptoms: Configuration applied to a multilink interface is not reflected on the interface.

Conditions: When the config is applied immediately after adding the first link to a multilink ppp or a multilink frame-relay bundle. The issue is applicable for any configuration applied to the main interface or to the sub-interface of the bundle, if the config is applied immediately after adding the first link to the bundle.

The issue is not applicable while adding subsequent member links to the bundle.

Workaround: After adding the first link, wait for 15 seconds before applying any configuration on the bundle interface or on the sub-interface.

In case any of the configs are missing, re-apply the configs.

CSCsl16385

Symptoms: A line card reloads.

Conditions: Lots of control messages sent across RP and LC which resulted in the IPC process getting blocked and an IPC hog.

Trigger: High availability switchover.

Impact: Traffic through the affected line card affected due to reload.

Workaround: There is no workaround.

CSCsl17766

Symptoms: The following message followed by a traceback appears every time it is attempted to configure the serial interfaces of the router:

%FIB-2-HW_IF_INDEX_ILLEGAL: Attempt to create CEF interface for Serialx/x with illegal index: -1

After checking the ifindex and idb tables of master and standby PRP we can see that either the standby's or master's tables are broken.

Conditions: The ifindex table appears to be broken on the PRP as a result of a race condition related to OIR events. This problem should only occur if SSO redundancy is configured.

Workaround: A workaround if this happens on an HA protected Active RP (which affects traffic) is to check whether the Standby RP has good if-index values for all interfaces by running the show idb EXEC command on the Standby RP. If so, then do an RP switchover, so the RP with good interface indexes becomes the Active RP.

If the Standby RP shows this symptom, the workaround is to reload the Standby RP and check that after it comes up it has good if-index values, which should happen in most cases.

CSCsl18488

Symptoms: Connect SPA-1XCHSTM1/OC3 spa back to back and configured 12 T1 links and did a network loopback from the other router and then follow the below steps then you will hit this issue.

1. Run normal bert patterns on 6 T1 channels.

2. Once the bert is done, run atlas bert pattern on 4 T1 channels.

3. Later run atlas bert pattern on 4 T1 channels.

Once after this I saw that, bert didn't stop on one T1 channel.

Conditions: All the interfaces should be up and running.

Workaround: SPA reload.

CSCsl29991

Symptoms: 1GE link is flapping - Link after coming up is going down and then coming up again even without any interface configs and only auto neg enabled on both ends. This is experienced after reload.

Conditions: Engine 5 LC and 5x1GE SPA in it, reload of SPA or LC.

Workaround: There is no workaround.

CSCsl30331

Symptoms: Prefixes are allowed by the outbound route map even though the match condition is met and the action is set to deny.

Conditions:

1. The iteration with the deny action contains a match community.

2. The continue statement is used in one of the previous iterations.

Workaround: If there is a single match clause based on nlri, the condition is avoided. The issue is not observed.

Further Problem Description: Route maps can be used without continue to avoid the problem.

CSCsl31789

Symptoms: RP Crashed with MLPPP Provisioning / unprovisioning -- followed by SPA reload.

Conditions: RP Crashed with MLPPP Provisioning / unprovisioning -- followed by SPA reload.

Workaround: There is no workaround.

CSCsl32142

Symptoms: A router may reload after reporting SYS-3-OVERRUN or SYS-3-BADBLOCK error message. Also, SYS-2-GETBUF with "Bad getbuffer" error may be reported.

Conditions: PIM Auto-RP is configured and ip multicast boundary is enabled with filter-autorp option.

Trigger: Same as condition.

Impact: Router reload.

Workaround: Configure ip multicast boundary without filter-autorp option.

CSCsl32220

Symptoms: A Cisco 12000 router running Cisco IOS 12SY software may experience intermittent communications problems over bridged VCs and ARP entries are not repopulated.

Conditions: All conditions must be met to run into a problem:

1. VC is configured for half-bridging.

2. SY train is used.

Workaround: The problem is not seen on the S train. Use VCs with routed encapsulation.

CSCsl33471

Symptoms: Anyphy change after Atlas BERT.

Conditions: Anyphy changes after Atlas BERT for an interface if another interface on the same SPA having a lower anyphy value is deleted.

Workaround: LC reload.

CSCsl33781

Symptoms: Primary RP crashes when clear counter executed.

Conditions: Issuing clear counter on the router with some traffic flowing through it.

Workaround: There is no workaround.

CSCsl34355

Two crafted Protocol Independent Multicast (PIM) packet vulnerabilities exist in Cisco IOS software that may lead to a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-multicast.shtml.

CSCsl36723

Symptoms: FIA Halt Error followed by SIP40/Bluenose1 crash.

Conditions: Issue a CSC switchover.

Workaround: There is no workaround.

CSCsl38591

Symptoms: The following message is seen:

%SPA_OIR-3-RECOVERY_RELOAD: subslot 10/0: Attempting recovery by reloading SPA

Conditions: SPA gets reloaded with MLPPP / MLFR prov / unprov.

Workaround: No workaround is needed. As SPA comes up, fine after this and works fine.

CSCsl41107

Symptoms: When explicit-null packets received on urpf bundle. There is a possibility of BMA errors and crash.

Conditions: explicit-null and urpf.

Workaround: There is no workaround.

CSCsl42621

Symptoms: Connected SPA-4XCT3/DS0 spa back to back in which I created T1 links and configured remote loopback. Then run the atlas bert patterns you will hit with this issue.

Conditions: All the interfaces should be up and running.

Workaround: There is no workaround.

CSCsl43723

Symptoms: SIP-400 Crashed with repeated prov/unprov of ML Bundle.

Conditions: SIP-400 Crashed with repeated prov/unprov of ML Bundle.

Workaround: There is no workaround.

CSCsl43735

Symptoms: Multiple OI and OQ information which are same for an (S, G) mroute (MGID) on conga.

Conditions:

1. An E3 card with Multicast output interfaces configured.

2. Colliding sources for same multicast group (S1, G) and (S2, G) for above output interfaces.

3. No Egress QoS in the above interfaces.

Workaround:

1. Reload the E3 LC.

2. Do not have colliding sources for multicast.

CSCsl43782

Symptoms: CE-CE ping is failing in ATM-Ethernet/Vlan/ATM, PW/LS routed interworking scenarios.

Conditions: When E3 ATM is in CE side.

Workaround: There is no workaround.

CSCsl47221

Symptoms: Traffic may stop because of spurious memory access because of shutting qinq subinterface.

Conditions: Shutting of qinq subinterface.

Workaround: shut/ no shut the subinterface.

CSCsl47637

Symptoms: 12000-SIP-401 with SPA-8X1FE-TX-V2 stop forwarding traffic.

Conditions: GSR/IOS c12kprp-k4p-mz.120-32.SY2g/12000-SIP-401 with SPA-8X1FE-TX-V2 (another three SPAs also present), possible trigger - multicast traffic.

Workaround: There is no workaround.

Further Problem Description: Only reload of the card/SPA solves the problem.

CSCsl51587

Symptoms: The entire line card crashes.

Conditions: This symptom is observed when the channelized SPA is in an admin down state and the show hw-module subslot x brief command is issued on the line card.

Workaround: There is no workaround.

CSCsl51615

Symptoms: Channelized SPA out of service after Active RP crash == > Heartbeat failure.

Conditions: Channelized SPA out of service after Active RP crash == > Heartbeat failure.

Workaround: Reload the SPAs.

CSCsl53611

Symptoms: On a Cisco router carrying large number of routes, enabling MPLS IP under an interface with PPP encapsulation causes the PPP protocol to flap. This flapping does not happen with HDLC or Frame Relay.

Conditions: Combination of encapsulation PPP with low keepalive timer value (less than 4 seconds) and carrying large number of routes is the issue when MPLS IP is enabled. In that scenario, PPP will flap.

Trigger: MPLS IP with PPP encapsulation.

Impact: Flapping protocol PPP causes ISIS and BGP to flap as well.

Workaround: Use PPP default keepalive value or use HDLC or FR as choice of encapsulation.

CSCsl53811

Symptoms: Some FRR database entries become active after reoptimization. Traffic on the LSP which become FRR active is forwarded wrong path and continues to drop.

Conditions:

This problem may happen when manual or timer reoptimization is performed during convergence.

This problem may happen when "Tunnel head end item" and "LSP midpoint item" in FRR database have more than one entry in each item.

This problem may happen when midpoint entry in "LSP midpoint item" is the LSP using "loose" path-option on a headend router.

Workaround: There is no workaround.

Further Problem Description: FRR database state and the traffic recover by doing primary tunnel or backup tunnel's "shutdown" / "no shutdown" if this problem occur. If we configure longer reoptimization timer or we perform manual reoptimization after convergence, this problem may not occur.

CSCsl60370

Symptoms: A Cisco 12000 Internet series router is not soaking SLOS and brings down interface immediately.

Conditions: The issue occurs only during a Cisco 12000 Internet series router redundancy switchover.

Workaround: There is no workaround.

CSCsl62276

Symptoms: In the outputs of the show ip psa-cef and show ip cef commands for an Engine 2 ingress line card, the "Local OutputQ (Unicast)" information may point to another and incorrect slot than the slot that the global CEF table points to.

When this symptom occurs, packets that are destined for these specific IP address are dropped.

Conditions: This symptom is observed on a Cisco 12000 series when an Engine 2 line card is used as an ingress line card for traffic that is directed to a default route.

Workaround: Enter the clear ip route 0.0.0.0 or clear ip route * command.

CSCsl63885

Symptoms: Packet drop when doing mpls ip2tag and tag2ip loadbalancing on a engine2 line card.

Conditions: On a Cisco 12000 series router running Cisco IOS Release 12.0(32)sy2d may experience packet drop when doing ip2tag and ip2ip loadbalancing on an engine2 line card.

Workaround: Enable LDP on the tunnel.

CSCsl65264

Symptoms: EF CAR value does not set properly in TCAM for MFR bundle interface.

Conditions: MFR interface is shut and no shut.

Workaround: Remove and re-apply output service policy to the MFR interface.

CSCsl65977

Symptoms: IOS field diagnostics is failing with various error messages about "Slave Clock" such as displayed below:

Error disabling LC Enable register on CSC 0, SCA768_LC_ENABLE_2_S 0x7f, read_count 100 ... Timed out waiting for TX Network Interrupt to happen ... Slot 16, Slave Clock Control Register 0x00000000

Conditions: This has only been observed on a C12k router (GSR) running IOS when there are 12010E-CSC and 12010E-SFC fabric card in the chassis.

Workaround: There is no workaround.

CSCsl67815

Symptoms: On core facing lc reload/core link flap, E5 which is edge facing for mVPN may not forward mVPN traffic.

Conditions: This defect is observed with latest Cisco IOS Release 12.0(33)S fc3 image.

Workaround: Enter the clear ip mds line edge-facing-E5-lc-slot command.

CSCsl70130

Symptoms: When patriots are connected back to back and serials are brought up, serials on one side remain in an "up up" state and on the other side remain in a "down down" state.

Conditions: This symptom is observed when patriots are connected back to back and serials are brought up.

Workaround: When the serials on the "up up" side are removed and added back, then the serials on other side, which were "down down" earlier, will also come up.

CSCsl74425

Symptoms: E5 crashed with prov / unprov/

Conditions: Repeated prov/unprov of MLPPP results in E5 crash.

Workaround: There is no workaround.

CSCsl74820

Symptoms: Standby RP crashed with Prov / unprov on MLFR having HQOS.

Conditions: Standby RP crashed with Prov / unprov on MLFR having HQOS.

Workaround: There is no workaround.

CSCsl81258

Symptoms: On Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(32)SY4, the snmp ifindex is missing for subinterfaces of the first SPA of an Engine 5 SIP-600 line card.

Router# show snmp mib ifmib ifindex GigabitEthernet15/0/3.951

Invalid ifIndex for GigabitEthernet15/0/3.951

This issue is impacting the accounting and therefore the billing; this is to explain the severity of the DDTS.

Conditions: This issue has been observed after upgrading from Cisco IOS Release 12.0.(31)s6 to Cisco IOS Release 12.0.(32)SY4.

Workaround: There is no workaround.

Further Problem Description: The issue has been seen on SIP600 with 2 SPA 5x1GE in slot 15 subinterfaces on the first SPA corresponding to Gi15/0/0 to Gi15/0/4 were not seen with an ifindex in snmp.

The second SPA corresponding to Gi15/1/0 to Gi15/1/4 is okay with ifindex.

CSCsl82857

Symptoms: An RP crashes after the switchover is successful.

Conditions: This symptom is observed when DLCIs are deleted from MFR interface and then an RP switchover is performed.

Workaround: There is no workaround.

CSCsl87418

Symptoms: The process IPC Seat Manager is permanently holding CPU utilization of 40 to 50 percent.

Conditions: This behavior has been observed on several Cisco 12000 series Internet routers with PRP-1 running 12.0(32)SY4 and is conditioned to the following factors:

Several hundreds of interfaces configured like channelized, multilink, or virtual template interfaces. Every physical and each of these interfaces has an hwidb associated with it.

Many line cards in the chassis.

The ip multicast-routing distributed command enabled.

Trigger: Many hwidbs in existence.

Impact: Service providers reporting a considerable decrease in traffic and very slow response from the routers.

Workaround: Upgrade to PRP-2 and CPU would go down to 10 to 15 percent in this same process. Or if feasible, disable the ip multicast-routing distributed command.

CSCsl92482

Symptoms: Fragmentation is handled incorrectly on a Cisco 12000 series Internet router E5 line card. We can send up to around 2 Gbps of fragmented traffic without a performance impact. When the egress line card CPU reaches 100 percent, the rate of the fragmented traffic drops down to 50 Mbps.

Conditions: Issue happens when we use all CPU resources of the egress line card.

Workaround: There is no workaround.

Further Problem Description: While we see the issue on fragmented traffic, normal traffic can still be forwarded at the normal rate.

CSCsl93926

Symptoms: E5 line card having CFI&BFI may crash on passing mVPN traffic.

Conditions: This symptom is observed with a Cisco IOS Release 12.0(32)SY5 image.

Workaround: There is no workaround.

CSCsl94784

Symptoms: Packets drop on output service policy after port swap in Tx BMA of E3 card.

Conditions: The problem is due to the port-burst being changed incorrectly without any real config change on the concerned subinterfaces. When a port-swap in Tx BMA is accompanied by the change in burst value after removing service policy (or subinterface), we are able to see the traffic drop on another subinterface.

Workaround: Remove and re-add the output service policy from the affected subinterface.

CSCsl98882

Symptoms: Traffic stops forwarding after the deletion of a security output ACL which is shared with the other port on the 2 port OC192, with the port carrying the traffic having a feature output ACL.

Conditions: On a 2 port OC192 E6 card, both the ports should be configured with output or input security ACLs and one port which is carrying the traffic should have output or input ACL. For this issue to happen, all the ACLs need to be either output or input type simultaneously.

Workaround: Configure a new ACL which name is different with the original acl and then remove it. The traffic can be forwarded again.

Further Problem Description: This issue is specific to E6 alone and will not happen on E4.

CSCsm04631

Symptoms: RP crash due to memory corruption.

Conditions: LC or SPA sending wrong VC number during stats update.

Workaround: There is no workaround.

CSCsm09927

Symptoms: Interface flaps continuously after running atlas bert.

Conditions: During atlas bert, another interface with lower anyphy number should be deleted.

Workaround: SPA reload.

CSCsm10560

Symptoms: Standby RP crashes when ML is prov/unprov continuously.

Conditions: When ML is prov/unprov continuously.

Workaround: There is no workaround.

CSCsm11787

Symptoms: Customer is seeing intermittent loss of l2 tunnel with no error messages on their Cisco 7500 routers running Cisco IOS Release 12.0(31)S02y.

Conditions: Customer saw this problem in their production network.

Workaround: There is no workaround.

CSCsm12723

Symptoms: L2VPN CoS queue becomes unallocated via the show policy-map int dlci output command after an L3VPN subinterface with another policy map is applied to the same interface.

Conditions: Both L2VPN and L3VPN under the same interface with different policy map on both of them.

Workaround: Delete and redefined the L2 QoS policy to the DLCI.

CSCsm13942

Symptoms: MDFS gets disabled on E4+ line card for around 5 minutes and recovers later.

Conditions: IPC Timeout messages are seen from slots configured for Multicast. Upon router reload, this issue is seen.

Workaround: Reload the line card/clear MDFS.

CSCsm14541

Symptoms: SIP 400 crashes continuously in sprint test setup upon router reload.

Conditions: When router is reloaded and traffic flowing through SIP400, SIP 400 crashes every time it comes up with half packet drain problem.

Workaround: There is no workaround.

Further Problem Description: This is happening due to new hardware FPGA fix that was supposed to fix the FPGA problem, but created this new issue which is not seen earlier during bootup, but it has the same symptoms as the FPGA image should have fixed.

CSCsm17391

Symptoms: Some ISIS routes are missing in the routing table.

Conditions: This symptom occurs when some interfaces flap.

Workaround: There is no workaround.

CSCsm17607

Symptoms: GSP image not getting build.

Conditions: Error in implicit declaration bfr_is_jag48_chocx_card.

Workaround: There is no workaround.

CSCsm24189

Symptoms: 1choc12 ISE: PLIM might reset due to heartbeat failure.

Conditions: When we have the following errors.

[2]T1:5 rx error(crc or non-integer size) 5 [2]T1:5 rx error(crc or non-integer size) 5 on the PLIM console.

AND

When one or more paths have PAIS.

Workaround: Reduce the TEMUX logging level to 0 attach <Frostbite slot#> plim logctl /dev/temux 0.

And, clear the path AIS.

CSCsm33743

Symptoms: QoS causes a crash VIP if the service policy is changed.

Conditions: Policy applied to a serial interface with PPP encapsulation and remove-add the policy is performed the VIP crash by signal bus Illegal access to a low address.

Workaround: There is no workaround.

CSCsm36057

Symptoms: "Warning: error msgs in vc stats" message is displayed continuously on the console.

Conditions: Router reload.

Workaround: There is no workaround.

If at all any stats is not getting updated properly on the serial interfaces on the Ch-SPAs, enable debug hw sub <slot/bay> on the RP.

CSCsm45113

Symptoms: Router may install duplicate routes or incorrect route netmask into route table. It could happen on any routing protocol. The problem is introduced by CSCsj50773. See the Integrated-in field of CSCsj50773 for affected images.

Conditions: The problem is triggered by SNMP polling of ipRouteTable MIB. The clear ip route * command can restore the route table until next polling of ipRouteTable MIB.

Workaround: Do not poll ipRouteTable MIB. Instead poll newer replacement MIB, ipForward MIB. The ipRouteTable MIB was replaced by ipForward MIB in RFC 1354.

CSCsm45311

Symptoms: Active RP crashes because of FIA Error.

Conditions: Crash is seen when ML provisioning/unprovisioning and Buffer Recarve is done.

Workaround: There is no workaround.

CSCsm45666

Symptoms: E5 line card crash on startup with multicast traffic flowing.

Conditions: Reboot the router with multicast traffic flowing.

Workaround: There is no workaround.

CSCsm64491

Symptoms: Connect SPA-4XCT3/DS0 SPA back to back, and execute the following CLI "hw-module subslot x/y reload" and we can see the line card crash.

Conditions: All the interfaces should be up and running.

Workaround: There is no workaround.

CSCsm67248

Symptoms: The following errors occur:

SEC 8:Feb 12 02:16:00.095: %IDBINDEX_SYNC-3-IDBINDEX_ENTRY_SET: Cannot set entry to interface index table: "Serial4/0/0.1/1:0", 73 -Process= "bfrp TSM process", ipl= 0, pid= 114 -Traceback= 20A690 20A798 11D1B10 27F7F8 281608 8EA89C 8EB3D0 8E967C 8E8870 8E8A94 923090 925340 8D834C 8D9720 8DBC28 8EEABC gsrF# SEC 8:Feb 12 02:16:00.095: %FIB-2-HW_IF_INDEX_ILLEGAL: Attempt to create CEF interface for Serial4/0/0.1/1:0 with illegal index: -1 -Traceback= 20A690 20A798 178414 17FFA8 281828 8EA89C 8EB3D0 8E967C 8E8870 8E8A94 923090 925340 8D834C 8D9720 8DBC28 8EEABC

Conditions: This symptom is observed after a router reload and then a line card reload.

Workaround: There is no workaround.

CSCsm74769

Symptoms: if_num mismatch is seen in the uidb, sometimes along with the L2TPv3 bit set to zero. As a result, customer saw L2TPv3 packet drops over FR in Cisco 12000 series Internet router.

Conditions: Removing xconnect on remote PE, resulting in a session(DLCI) FLAP on the local PE. Trigger is L2TPv3 session flap; this may cause a stale CI->Uidb mapping in internal data-structures resulting in if-num mismatch in uidb if the old CI is reused by an DLCI on a different interface.

Workaround: Reload the affected line card.

CSCsm74848

Symptoms:

1. Configure xconnect between PE1 and PE2.

2. Execute the CLI show xconnect all.

3. Then remove T1 channel on which xconnect is configured.

Conditions: All the interfaces should be up and running.

Workaround: There is no workaround.

CSCsm78962

Symptoms: The following message is displayed:

%SPA_OIR-3-RECOVERY_RELOAD: subslot 10/0: Attempting recovery by reloading SPA

Conditions: SPA gets reloaded with MLPPP / MLFR prov / unprov.

Workaround: No workaround is needed because SPA comes up fine after this and works fine.

CSCsm82600

Symptoms: PRP-1 fails to boot up after OIR/ powercycle. LEDs might show RPT SENT or RP RDY.

Conditions: Power-cycle after upgrading mbus-agent-rom of the PRP.

Workaround: Use upgrade mbus-agent-rom slot force command with an older version of Cisco IOS software in the active RP to downgrade the mbus agent rom of the problem RP.

CSCsm84415

Symptoms: ATM aal0-aal0 local switching fails upon SSO switchover, with L2 rewrite information missing for the corresponding VCs, resulting in traffic drops.

Conditions: This symptom is observed after an SSO switchover in a scale testbed with L2TPv3 and local switching configurations.

Workaround: Shutting and unshutting the involved ports resolves the issue.

CSCsm87206

Symptoms: Alternate PVC may go down if reload local PE LC 10 secs after remote PE LC.

Conditions: With Cisco 12000 router loaded with 32sy0i image, local PE is having 4xCT3 and remote PE is having 1xSTM1 and L2TPv3 configured with this. If we reload local PE LC 10 secs after remote PE LC, alternate local PE Frame Relay PVC will go down.

Workaround: Reload with long delay between local and remote PE's LC.

CSCso01440

Symptoms: PE1 2/2/1 <--------> 4/0/1CE1

Connect SPA-4XCT3/DS0 SPA back to back, configure loopback network at CE1, and then run bert on 4 T1 channels in PE1. After this, bert will not stop even though the time interval elapsed.

Conditions: All the interfaces should be up and running.

Workaround: There is no workaround.

CSCuk61910

Symptoms: A PE router crashes.

Conditions: This symptom is observed while configuring MVPN.

Workaround: There is no workaround. The bug is 100 percent reproducible.

Resolved Caveats—Cisco IOS Release 12.0(32)SY4

Cisco IOS Release 12.0(32)SY4 is a rebuild release for Cisco IOS Release 12.0(32)SY. The caveats in this section are resolved in Cisco IOS Release 12.0(32)SY4 but may be open in previous Cisco IOS releases.

Basic System Services

CSCeg62070

Symptoms: Tracebacks or crash are seen during HTTP transactions with long URLs.

Conditions: The crash is seen when the length of any token in the URL of the request is excessively long.

Workaround: Disable HTTP server using the no ip http server command.

CSCsb22489

Symptoms: In the vrf-lite configuration, the supervisor crashes when the vrfs are removed from the configuration.

The crash persists even on interchanging the Wanda card and SIP-2

Conditions: The following command results in a Software forced reload. c7606-b(config)#no ip vrf cisco3

OSPF was the common protocol and the crash has not been reported when bgp is configured on the router.

Workaround: This is a repeatable bug and no workarounds are known at this point.

CSCsh36727

Symptoms: IP SLA MPLS path discovery may not properly discover the number of equal-cost MPLS paths between the router on which the IP SLA MPLS path discovery originates and the router that is the target of the path discovery request.

Conditions: This symptom is observed when an IP SLA MPLS path discovery request is issued on a router for a target IP address and when some of the equal-cost paths between this router (that is, the originating router) and the target router traverse another router on which a single interface provides a connection to multiple downstream neighbors.

Workaround: Do not use a single interface to connect to multiple downstream neighbors. Rather, use separate interfaces to connect to each of the downstream neighbors.

CSCsi77185

Symptoms: The memd recarved on RSP never occur because of the VIP stuck trying to change the MTU under Serial interface.

Before the changes:

================= 
interface Serial5/0/1:1 mtu 2000 < ===== to be changed 
ip address 10.10.10.1 255.255.255.0 
no ip directed-broadcast no keepalive

After the changes:

===============
interface Serial5/0/1:1 
Router(config-if)#mtu 900
RSP logged the follow messages:
=========================== 12:56:45: 
%CBUS-3-CMD: Cmd failed: tx limit, response 0x8010, Serial5/0/1:1 
-Traceback= 40349B68 404CFE38 404D5180 403C30B4 4037CF64 40390CF4 403F22C8 403F22B4 
Router(config-if)# 
Router(config-if)# 12:57:21: 
%HA-2-IPC_ERROR: Failed to open peer port. retry queue flush 12:57:21: 
%HA-3-SYNC_ERROR: CCB sync failed for slot: 1 12:57:21: 
%HA-5-SYNC_RETRY: Reloading standby and retrying sync operation (retry 1). 12:57:36: 
%RSP-3-SLAVECHANGE: Slave changed state from Slave to Non-participant

Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 120(32)S. This Issue happens only on serial interfaces when you change the MTU.

Workaround: There is no workaround.

CSCsj44081

Cisco IOS Software has been enhanced with the introduction of additional software checks to signal improper use of internal data structures. This enhancement was introduced in select Cisco IOS Software releases published after April 5, 2007.

Details:

With the new enhancement in place, Cisco IOS will emit a %DATACORRUPTION-1-DATAINCONSISTENCY error message whenever it detects an inconsistency in its internal data structures. This is a new error message. The following is an example.

The %DATACORRUPTION-1-DATAINCONSISTENCY error message is preceded by a timestamp

May 17 10:01:27.815 UTC: %DATACORRUPTION-1-DATAINCONSISTENCY: copy error

The error message is then followed by a traceback.

It is important to note that this error message does not imply that packet data is being corrupted. It does, however provide an early indicator of other conditions that can eventually lead to poor system performance or an Cisco IOS restart.

Recommended Action

Collect "show tech-support" command output and open a service request with the Technical Assistance Center (TAC) or designated support organization. Pay particular attention to any other error messages or error symptoms that accompany the %DATACORR UPTION-1-DATAINCONSISTENCY message and note those to your support contact.

IBM Connectivity

CSCsf28840

A vulnerability exists in the Data-link Switching (DLSw) feature in Cisco IOS where an invalid value in a DLSw message could result in a reload of the DLSw device. Successful exploitation of this vulnerability requires that an attacker be able to establish a DLSw connection to the device.

There are workarounds available for this vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070110-dlsw.shtml

IP Routing Protocols

CSCdu73495

Enhanced Interior Gateway Routing Protocol (EIGRP) routes cannot be seen even when message digest algorithm 5 (MD5) is authenticated on all routers. This problem is intermittent and may occur when authentication is turned off and subsequently turned back on again. Sometimes, this problem occurs just after authentication is enabled.

Workaround: This problem is intermittent and may be resolved by disabling and reenabling authentication a second time. This problem may automatically be resolved after a few minutes.

CSCek32244

Symptoms: Not all classful networks are locally generated in the BGP table.

Conditions: This symptom is observed on a Cisco router that has the auto-summary command enabled and occurs when classful networks are provided before the routes are made available in the routing table.

Workaround: There is no workaround.

CSCek76776

Symptoms: The issue is observed at big service provider whereas atm-sub interfaces are deleted and new one created on regular basis as they remove and add new end customers.

Because it is not a manual process as scripting is used to perform that task, old configuration from deleted sub-interface are showing up on new sub-interfaces and in some cases are creating outages.

This issue was observed in version Cisco IOS Release 12.0(27)S5d.

Workaround: verify sub-interface configuration and if configuration cannot be deleted on that sub-interface, delete this sub-interface then create a dummy sub-interface which will pull that configuration. Then recreate prior sub-interface.

CSCin95836

The Cisco Next Hop Resolution Protocol (NHRP) feature in Cisco IOS contains a vulnerability that can result in a restart of the device or possible remote code execution.

NHRP is a primary component of the Dynamic Multipoint Virtual Private Network (DMVPN) feature.

NHRP can operate in three ways: at the link layer (Layer 2), over Generic Routing Encapsulation (GRE) and multipoint GRE (mGRE) tunnels and directly on IP (IP protocol number 54). This vulnerability affects all three methods of operation.

NHRP is not enabled by default for Cisco IOS.

This vulnerability is addressed by Cisco bug IDs CSCin95836 for non-12.2 mainline releases and CSCsi23231 for Cisco IOS Release 12.2 mainline releases.

This advisory is posted at: http://www.cisco.com/en/US/products/products_security_advisory09186a008089963b.shtml

CSCsd63038

Symptoms: An MDT address-family session in a BGP environment may not come up between two PE routers. This situation prevents the tunnel interface from being shown in the output of the show ip pim vrf vrf-name neighbor command on one of the PE routers.

Conditions: This symptom is observed on PE routers that are configured for Multicast VPN and that have the following commands enabled:

address-family ipv4 mdt

neighbor neighbor-ip-address activate neighbor

neighbor neighbor-ip-address send-community extended

Workaround: Reconfigure the address-family ipv4 mdt command in the BGP environment.

CSCse07118

Symptoms: A router may reload unexpectedly when you enter the transmit-interface interface configuration command on an interface that has a point-to-point OSPF adjacency.

Conditions: This symptom is observed on a Cisco router when the OSPF network type is configured as point-to-point, either because the interface is, for example, a serial interface, or because the ip ospf network point-to-point interface configuration command is enabled on the interface.

Workaround: When there is an OSPF adjacency on the interface that is being configured, first enter the shutdown interface configuration command before you enter the transmit-interface interface configuration command.

CSCsg55209

Symptoms: When BGP updates are received, stale paths are not removed from the BGP table, causing the number of paths for a prefix to increase. When the number of BGP paths reaches the upper limit of 255 paths, the router resets.

Conditions: This symptom is observed on a Cisco router when the neighbor soft-reconfiguration inbound command is enabled for each BGP peer.

Workaround: Remove the neighbor soft-reconfiguration inbound command. A router that runs a Cisco IOS software image that has a route refresh capability, storing BGP updates is usually not necessary.

CSCsg55591

Symptoms: When there are link flaps in the network, various PE's received the error msg:

%BGP-3-INVALID_MPLS: Invalid MPLS label (1) received in update for prefix 
155:14344:10.150.3.22/32 from 10.2.2.1

OR

Local label is not programmed into forwarding table for a sourced BGP VPNv4 network

Conditions: Occurs when an iBGP path for a VPNv4 BGP network is present, then a sourced path for the same RD and prefix is brought up after.

Workaround: - Remove the iBGP path. If the sourced path comes up first, then the problem will not occur - Use different RDs with the different PEs. If the RD+prefix does not match exactly between the iBGP path and the sourced path, the problem will not occur.

CSCsh53327

Symptoms: It has been observed that Cisco IOS Command Line Interface (CLI) allows user to enter multiple entries of no ip split-horizon eigrp AS# when the interface has not yet been assigned to a VRF interface.

Then when the interface is assigned to a VRF, these "no ip split-horizon eigrp AS#" entries stay under the interface and are not checked against the EIGRP AS number to which this interface belong.

This behavior has been observed with multiple Cisco IOS version included Cisco IOS Release 12.0(32)S5:

interface ATM6/0.64 point-to-point ip vrf forwarding NETWORK 
ip address 10.150.10.113 255.255.255.252
no ip directed-broadcast
ip mtu 1500
no ip split-horizon eigrp 100 
no ip split-horizon eigrp 1 
no ip split-horizon eigrp 2 
no ip split-horizon eigrp 4 
no atm enable-ilmi-trap pvc 1/64

Workaround: before assigning an interface to a VRF, make sure no protocol configuration exist under the interface by using either the "no" statement command or the command itself to get the configuration into a default state.

CSCsh68376

Symptoms: CBB route reflector advertising the route with different next hop, and IPFR route reflector lsanca92c14-0391 still keeps the old route in the routing table. Soft clear needed to perform on lsanca92c14-0391 to refresh the route.

Conditions: The function bgp_suppress_ebgp_update() does not check if the neighbor has the flag BN_AF_NHOP_UNCHANGED. As a result, we supress the EBGP update incorrectly.

Workaround: clear soft in

CSCsi03359

Symptoms: When an interface comes up, Cisco IOS triggers a PIM Hello, this hello does not always make it to the other side. The reason seems to be here that hello is sent before the port can actually forward IP packets. IGP manages to get its neighborship up but PIM not, then RPF will change to the new neighbor and in result blackholing happens up to 30 seconds.

Workaround: You could decrease the hello timer for PIM hello.

ISO CLNS

CSCin99593

Symptoms: The router may reload or there will be traceback showing up.

Conditions: The LDP ISIS sync is configured and sync holddown timeout value is configured.

Workaround: Remove the holddown timeout configuration by using no mpls ldp igp sync holddown global configuration command, in which case the holddown time is infinite.

CSCsg40507

Symptoms: BFD may not come up when an IP address on an interface is changed and when IS-IS is configured as the routing protocol.

Conditions: This symptom is observed only when you first enter the router isis command and then enter the bfd all-interfaces command.

Workaround: Unconfigure BFD, change the IP address, and then reconfigure BFD.

CSCsi57971

Symptoms: IS-IS may not advertise the prefix of a passive interface to the IS-IS database on a local router.

Conditions: This symptom is observed on a Cisco router when you shut down an interface (for example, G9/1/1) of a 5-port GE SPA (SPA-5X1GE) that is installed in a SIP-600, replace the SPA-5X1GE with another card, and then enter the no shutdown interface configuration command on the interface at the same location (G9/1/1) on the new card. In this situation, the prefix for the interface (G9/1/1) is not advertised.

Possible Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.

Miscellaneous

CSCsd95616

Two crafted Protocol Independent Multicast (PIM) packet vulnerabilities exist in Cisco IOS software that may lead to a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-multicast.shtml.

CSCdx77135

Symptoms: The data terminal ready (DTR) signal in a serial connection does not pulse for the configured length of time when the pulse-time interface configuration command is configured and the interface is reset.

Conditions: This symptom is observed on a Cisco router that has a serial interface and that supports the pulse-time interface configuration command. When the pulse-time interface configuration command is not working properly, the Cisco router may lose the capability to resynchronize external encryption equipment, or to cause dial-on-demand equipment to hangup current calls.

Workaround: There is no workaround.

CSCeb72553

Symptoms: The only symptom is noise. Without fan speed control, the blowers run at full speed. This full speed is safe from a thermal point of view, but results in unnecessary noise and a small amount of wasted power, when full cooling is not required in the customer environment.

Conditions: This behavior is found on all GSR chassis.

Workaround: Manually issue a command to reduce the blower speed.

To control fan speed automatically per the automatic fan speed control mechanism, enter configuration mode and enter the sensor fanspeed- control on command. Write the configuration if it is to be retained across router reloads.

In automatic mode, any attempt to override the fan speed control will be over- ridden at the next fan speed update interval, which is no more than a minute later.

To manually set fan speed, first disable the automatic fan speed control by going into configuration mode and entering the sensor fanspeed- control off command. Write the configuration if it is to be retained across router reloads.

Now that automatic fan speed control is disabled, the fan speed can be set to any drive level from 50-100% with the user command:

test mbus set-blower-speed percentage

For example, the test mbus set-blower-speed 80 command would set the blower speed to 80% of full power.

Further Problem Description: Fans are currently run at 100% speed. Given a requirement to set a fixed fan speed for all chassis, the only safe choice is 100% to handle the most heavily-loaded routers without incident. But in most cases, the cooling system is needlessly circulating more air and generating more noise that is actually justified.

CSCee63182

Symptoms: A Cisco 7200 series or another mid-range router may crash or may stop responding.

Conditions: This symptom is observed on a Cisco 7200 series or other mid-range router that runs Cisco IOS Release 12.3(6a). The crash occurs when an interface that is configured with a rate-limit command is deleted by entering the no interface command and then reenabled by entering the interface command.

Workaround: Remove the rate-limit configuration from the interface before deleting the interface.

CSCef68324

Cisco Internetwork Operating System (IOSÆ) Software is vulnerable to a Denial of Service (DoS) and potentially an arbitrary code execution attack from a specifically crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to process IPv6 traffic are affected. Upon successful exploitation, the device may reload or be open to further exploitation.

Cisco has made free software available to address this vulnerability for all affected customers.

More details can be found in the security advisory that is posted at:

http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml

CSCek37068

Symptoms: Engine 5 Line card crashes due to IMEM SBE

Conditions: SBE in IMEM

Workaround: There is no workaround.

CSCek42390

Symptoms: The output of "show ip mds forwarding vrf <X> <group>" command (executed on E3 Line cards) would normally show both the slowpath entries as well as the hardware switching entries. However, after upgrade to 32S2 nightly of 04/28, some of the mVRFs show only the slowpath entries for this command.

Conditions: First reported on 32S2 nightly image of 4/28. However, it could have existed before that.

Workaround: No workaround is required. The hardware entries are still properly programmed and can be still seen using the "show ip hardware-m rx vrf <X> <group>" command.

Further Problem Description: The main concersns are: - Output of the command is not consistent for different vrfs even on the same Cisco IOS image. This can lead to confusion or incorrect interpretation while troubleshooting problems. - Its not clear if the lack of hardware entries in the output of the command should be treated as normal or not. - The "expected" output of this command needs to be documented. It is suggested that this bug be used to document the 'normal'/'expected' output of the command (i.e whether hardware entries should be expected or not).

CSCek49315

Symptoms: LC crash due to a very high rate link flap.

Conditions: This issue was experimented on different SPAs inserted on GSR routers running Cisco IOS Release 12.0(32)SY1 when FEC is disabled on the remote end.

Workaround: Unknown at the moment.

CSCek59056

Symptoms: Engine 4+card netflow drop 5%+ flows

Conditions: This problem is observed on Cisco IOS Release 12.0(26)S with GSR Eng4+ LC sampled netflow.

Workaround: There is no workaround.

CSCek60142

Symptoms: FRR loss is 200 msec

Conditions: Primary tunnel (where the fault happens) is on Ethet SPA interface and remore link is faulted to trigger frr.

Workaround: Trigger FRR by faulting at the local end - workaround only for test If the fault happens at the remote end in the real scenario - frr loss will be 200 ms.

Further Problem Description: This was happening because there was delay put (needed for copper SFPs only) in link failure detection for all Ethernet SPA SFPs.

CSCek61276

Symptoms: IPv6 traffic stops.

Conditions: This symptom is observed on a Cisco router when you first disable and then re-enable IPv6 on an interface.

Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.

CSCek64188

Symptoms: An error message indicating memory leak and pending transmission for IPC messages is displayed as follows:

*Dec 3 01:31:31.792: %IPC-5-WATERMARK: 25642 messages pending in xmt for the port 
Primary RFS Server Port(10000.C) from source seat 2150000 
*Dec 3 01:32:01.489: %SYS-2-MALLOCFAIL: Memory allocation of 4268 bytes failed from 
0x9F32944, alignment 32
 
   

Conditions: This issue is triggered by CSCeb05456 and is applicable only if your Cisco IOS image has integrated the fix of CSCeb05456.

Workaround: Periodically, reload the router so that the IPC buffer pool will be reinitialized.

CSCek64889

Symptoms: Current family of Channelized SPAs will not recognize compressed mlp header and will send such pkt arriving on line to host for processing.

Conditions: If the remote end is thrid-party equipment, it is known to make use of this compressed mlp header format.

Workaround: Remote end should not use this format of pkts. On UUT there is no work around.

CSCek70840

Symptoms: If a multilink interface has one end connected to Cisco 12000 router and the other end connected to a non-Cisco-12000 router, then the multilink interface receiver, at the non-Cisco-12000 router side, may drop all received packets due to packet fragment loss or out-of-order.

Conditions: This may happen immediately when the first member link comes back up again after all member links of the multilink interface have gone down.

Workaround: 1> Create a new multilink interface 2> Move the member links from the current multilink interface to the new multilink interface

CSCek71514

Symptoms: On a Cisco router that has the mpls ldp igp sync delay delay-time command enabled, the master timer may be accessed prior to being initialized, and the following error message is generated:

%SYS-3-MGDTIMER: Uninitialized timer, init with uninitialized master, timer = 53E62C0. 
-Process= "Init", ipl= 0, pid= 3
 
   

Because the master timer was not properly initialized, other symptoms may occur, including the following:

- When the LDP session comes up, further error messages and a traceback regarding the master timer may be generated:

LDP-SYNC: Et1/0: Delay notifying IGP of sync achieved for 60 seconds R1 (config)# %SYS-3-MGDTIMER: Uninitialized timer, set_exptime_internal, timer = 198A980. -Process= "Tag Control", ipl= 0, pid= 61 -Traceback= 2AEAE4 3642DC 364580 364ADC 364BAC 9BF154 9C22C0 9C24D8 9D4500 9CD544 9D1C8C 34AD58 34AD54

- When the "Delay notification" error message is generated (see above), the output of the show mpls ldp igp sync command may shows "0 seconds left" for the synchronization delay time, which contradicts the "Delay notification" error message:

R1#show mpls ldp igp sync Ethernet1/0: LDP configured; LDP-IGP Synchronization enabled. Sync status: sync achieved; peer reachable. Sync delay time: 60 seconds (0 seconds left) IGP holddown time: infinite. Peer LDP Ident: 192.168.1.2:0 IGP enabled:

- OSPF may remain in the "sending maximum metric" state, and the routing table may not be updated, as can be shown in the output of the show ip ospf mpls ldp interface command:

R1#show ip ospf mpls ldp interface Ethernet1/0 Process ID 1, Area 0 LDP is not configured through LDP autoconfig LDP-IGP Synchronization : Required Holddown timer is not configured Interface is up and sending maximum metric

Conditions: These symptoms are observed when an RPR+ switchover has occurred or when you configure the mpls ldp igp sync delay delay-time command while LDP is not enabled or while LDP is enabled but not fully active (for example, when all the interfaces are down).

Workaround: There is no workaround to prevent the initial error message and traceback from being generated. However, after the initial error message and traceback have been generated, you can prevent any further symptoms from occurring by reconfiguring the synchronization timer and re-enabling the mpls ldp igp sync delay delay-time command on the affected interface as in the following example:

R1(config-if) no mpls ldp igp sync delay
R1(config-if) mpls ldp igp sync delay 60 
R1(config-if) no mpls ldp igp sync 
R1(config-if) mpls ldp igp sync 
 
   

CSCek73767

Symptoms: Reload Gige SPA cause line card crash.

Conditions: Do hw-module subslot 0/0 reload then LC in slot zero crashed.

Workaround: There is no workaround.

CSCek73818

Symptoms: A router may crash when the echo revision command is enabled under an MPLS OAM configuration.

Conditions: This symptom is observed on a Cisco 7600 series that runs Cisco IOS Release 12.2SR but is both platform- and release-independent.

Workaround: There is no workaround.

CSCin97912

Symptoms: After LC reset, Intf comes as up-up even if peer is down.

When two FE SPAs are connected back-to-back. Both the ports are configure the up. During reloading one of the LC and shutdown the port on the other End. When the LC on one END will comes up online. The SPA on the LC has to detect that the peer is down and the port on that SPA should go down-down. The interface comes up.

Conditions: This symptom has been observed with two FE SPAs connected back-to-back.

[Router1]<------FE----->[Router2]

Workaround:Enter the shutdown command and then the no shutdown command.

CSCsb54378

Symptoms: A router may reload due to software forced crash.

Conditions: This problem has been observed when initiating a Secure Shell (SSH) session from the router or when copying a file to/from the router via SCP.

Workaround: Do not initiate SSH or SCP sessions from the router.

Further Problem Description: This was observed on a Cisco 2811 router that was running Cisco IOS Release 12.4(4)T. Note that the symptom is not platform- or release-specific.

Prior to the crash, the router logs a series of %SYS-3-CPUHOG messages and will eventually crash with %SYS-2-WATCHDOG. See the following example:

%SYS-3-CPUHOG: Task is running for (128004)msecs, more than (2000)msecs 
(1426/5),process = Virtual Exec. 
-Traceback= 0x41DC8E2C 0x41DC9098 0x41BAA6E0 0x41BA6990 0x41B96B4C 0x41BA6768 
0x41BA7490 0x41BA7750 0x41BAC854 0x41BA120C 0x40C27024 0x40C26760 0x41BA203C 
0x40C73E58 0x40C926E8 0x41834200 
%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = Virtual Exec. 
-Traceback= 0x41A23CC8 0x41BAA3D8 0x41BA6A08 0x41B96B4C 0x41BA6768 0x41BA7490 
0x41BA7750 0x41BAC854 0x41BA120C 0x40C27024 0x40C26760 0x41BA203C 0x40C73E58 
0x40C926E8 0x41834200 0x418341E4
%Software-forced reload 
 
   

CSCsb56229

Symptoms: The following message was seen on a GSR:

%SCHED-3-UNEXPECTEDMESSAGE: Unknown message 1 received (ptr arg 54445C84, num arg 3). -Process= "rtty ipc process", ipl= 0, pid= 3 -Traceback= 50F1C720 50F1C964 50F1CD60 50F1DF44 50F1DE74 501BED10 50473854 50473A04

Conditions: The problem was seen while several commands were being executed by a remote script which attached to the router via ssh. It is not clear at the moment which command triggered the message.

Workaround: There is no workaround other than to identify which command was executed and not to execute it again.

CSCsd71911

Symptoms: When you make changes to an active QoS service policy, an already freed block may be accessed. If this situation occurs, a Malloc failure may occur, and the router may crash.

Conditions: This symptom is observed on a Cisco router when you make changes to an active QoS service policy while traffic is being processed.

Workaround: There is no workaround.

CSCse23302

Symptoms: A stale LDP targeted session is not removed after a session flap has occurred, which can be verified in the output of the show mpls ldp neighbor command.

Conditions: This symptom is observed on a Cisco router when the LDP targeted session is removed and quickly re-added.

Workaround: There is no workaround.

CSCse38446

Issue: When walking the MPLS TE MIB, the mibwalk will hang when trying to return a value for OID mplsTunnelResourcePointer.

Symptoms: The system is attempting to look up the numerical code for the OID of mplsTunnelResourcePointer and is failing.

Workaround: There is no workaround.

CSCse67197

Symptoms: On removal of a member from the port channel VRF interface, router crashes.

Conditions: This symptom is observed when removing a member from the port channel VRF interface.

Workaround: There is no workaround.

CSCsf09508

Symptoms: When passing full 10 Gig Traffic into an E5 LC wherein the Dual priority feature is enabled and all the 10 Gig traffic is matching the higher priority criteria, the LC crashes.

Conditions: 1. Dual priority feature enabled on the E5 LC 2. All the 10 Gig traffic matching the higher priority criteria.

Workaround: Don't send all 10 Gig traffic as higher priority.

CSCsf16559

Symptoms: In MVPN topology, after performing RPR+ switchover in PE router, all SIP LCs in the router (SIP 400, SIP 600, SIP 601) may reload. The problem happens only if the LC were previously reloaded.

Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(32.2)S1

Workaround: There is no workaround.

CSCsf19418

Symptoms: A router may reload unexpectedly when you enter the "show mpls ldp graceful-restart&lt" command.

Conditions: This symptom is observed when either of the following conditions are present:

- When the command output has a "Down Neighbor Database" entry that expires by reaching the reconnect timeout limit while the command output is generating the neighbor address list.

- When the command output is paged at the "--More--" string within the context of displaying addresses.

Workaround: Do not enter the "show mpls ldp graceful-restart" command when a graceful-restart database entry is about to expire. When the command output is paged at the "--More--" string within the context of displaying addresses and when the Down Neighbor Database entry may have expired, type the letter "Q" to abort any further output of addresses.

CSCsg05390

Symptoms: %TX192-3-PAM_MODULE:

Is unexpectedly seen on an E4+ LC.

Conditions: Happens when there are MPLS paths out of the E4+ LC and the E3 card receives packets on one of its interfaces and forwards it over E4+ interface on Tx side. If flaps happen resulting in change of forwarding to IP to MPLS or the other way around, we might hit this issue. This issue may be hit for packets of specific sizes, one example being 139 bytes, so it is not very common to hit this problem. We have seen this problem happen around 5 times in a year in a customer case.

Workaround: There is no workaround.

Further Problem Description: This is the complete log seen on router:

SLOT 12:Aug 11 07:51:39: 
%TX192-3-PAM_MODULE: status = 0x2, mask= 0x3F - MODULE: Error signal from PIM module. 
-Traceback= 40030CBC 40862008 408625EC 4096046C 40960B08 4010F8C8 SLOT 12:Aug 11 
07:51:39: 
%TX192-3-PAM_PIM: status = 0x3D6, mask= 0x181 - PIM: header start offset >= 16kB. 
-Traceback= 40030CBC 408621A4 40862634 4096046C 40960B08 4010F8C8 SLOT 12:Aug 11 
07:51:39: 
%GSR-3-INTPROC: Process Traceback= 4011717C 40110290 40011180 
-Traceback= 40030CBC 4075AB8C 40960D60 4010F8C8 SLOT 12:Aug 11 07:51:44: 
%GSR-3-INTPROC: Process Traceback= 400F9B34 40117140 
-Traceback= 40030CBC 4075AB8C 40960D60 4010F8C8 Aug 11 07:51:49: 
%LDP-5-NBRCHG: TDP Neighbor 10.10.10:0 is DOWN (TCP connection closed by peer) Aug 11 
07:51:57: 
%LDP-5-NBRCHG: TDP Neighbor 10.10.10.72:0 is UP SLOT 12:Aug 11 07:52:28: 
%TX192-3-PAM_MODULE: status = 0x2, mask= 0x3F - MODULE: Error signal from PIM module. 
-Traceback= 40030CBC 40862008 408625EC 4096046C 40960B08 4010F8C8 SLOT 12:Aug 11 
07:52:28: %TX192-3-PAM_PIM: status = 0x356, mask= 0x181 
- PIM: header pkt length >= 16kB. 
-Traceback= 40030CBC 408621A4 40862634 4096046C 40960B08 4010F8C8 SLOT 12:Aug 11 
07:52:28: 
%GSR-3-INTPROC: Process Traceback= 409AFC9C 40117178 
-Traceback= 40030CBC 4075AB8C 40960D60 4010F8C8 SLOT 12:Aug 11 07:52:33: 
%GSR-3-INTPROC: Process Traceback= 409AFC9C 40117178
-Traceback= 40030CBC 4075AB8C 40960D60 4010F8C8 
 
   

CSCsg16908

Multiple vulnerabilities exist in the Cisco IOS File Transfer Protocol (FTP) Server feature. These vulnerabilities include Denial of Service, improper verification of user credentials and the ability to read or write any file in the device's filesystem, including the device's saved configuration, which may include passwords or other sensitive information.

The Cisco IOS FTP Server is an optional service that is disabled by default. Devices that are not specifically configured to enable the Cisco IOS FTP Server service are unaffected by these vulnerabilities.

This vulnerability does not apply to the Cisco IOS FTP Client feature.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070509-iosftp.shtml.

CSCsg17957

Symptoms: A router may crash when forwarding an IP fragment.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(28)SB3 and that is configured for L2TP and QoS. Note that the symptom is not release-specific.

Workaround: Remove the QoS configuration. If this is not an option, there is no workaround.

CSCsg50381

This issue is not related to TE/FRR specific. Issue in driver code handling read/write to hardware. Linecard is crashing because we are writting to hardware without stopping the pipeline. TE/FRR config has exposed this issue because TE/FRR updates happen in interrupt mode.

CSCsg78790

Symptoms: The show policy-map interface command output counters are not incrementing if traffic stream is muticast and Eng3 is setting qos-group on ingress.

Conditions: - Ingress policy-map classifying, and setting qos-group for received muticast traffic streams on Eng3 of c12000 node

- Egress policy-map attached to one of Eng5 interfaces, matching the qos-group set previously by Eng3 policy-map.

Workaround: There is no workaround.

CSCsh12380

Symptoms: We may see a duplicate multicast packets for about 3minutes.

Conditions: This happens, when BGP is flapped & brought back up between PE-CE in a MVPN environment. On the UP event, we see PE is maintains the DATA-MDT for the wrong sources until it times out.

Workaround: Wait for longer than 3 minutes.

CSCsh13573

Symptoms: SYS-3-CPUHOG: Tracebacks after SPA reload.

Conditions: This symptom has been observed after an SPA reload.

Workaround: There is no workaround.

CSCsh16396

Symptoms: One or more SIP or Engine 5/Engine 5+ line cards crash with a traceback. Traceback is are seen following some network events like interface flaps and is due to a timing issue.

Workaround: There is no workaround.

CSCsh17373

Symptoms: SIP 601 resting when netflow is unconfigured

Conditions: Problem is seen with c12kprp-p-mz.120-32.S5.1213 build

Workaround: There is no workaround.

CSCsh31832

Symptoms: In a MVPN topology, in P/PE router (router that functions both as P and PE router), if both Core facing and Customer facing interface is on the same LC (E3 4xOC12 LC), after shutting Customer facing interface, multicast traffic will still be forwarded in the Slow path

Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(32)S5.121906.

Workaround: Performing "clear ip mroute" on P/PE router will fix the problem.

CSCsh32191

Symptoms: 12000-SIP-601= with SPA-10X1GE running Cisco IOS Release 12.0(32)S2 in slots 3 and 5 both crash at the same time due to software forced crash. - No logs may be seen other than "%RP-4-RSTSLOT: Resetting the card" - Crashinfo may fail to be generated

Events in the log:

SLOT 4:May 2 16:17:33.195: %GENERAL-3-EREVENT: Failed to delete TCAM entry 
-Traceback= 400310E4 40597080 40597914 40597A60 41345534 41349360 41354978 4136B774 
41362BCC 41362E6C 41363190 413640A4 SLOT 4:May 2 16:17:33.195: 
%SYS-2-CHUNKFREE: Attempted to free nonchunk memory, chunk 45E099A0, data B0D0B0D. 
-Process= "CEF LC IPC Background", ipl= 3, pid= 90 
-Traceback= 400310E4 400E07E0 405986CC 40597A6C 41345534 41349360 41354978 4136B774 
41362BCC 41362E6C 41363190 413640A4
 
   

Conditions: CE to PE is using EIGRP routing protocol. Edge facing linecard is E5

Workaround: Configure the no default-information in command in the EIGRP section on PE.

Example: address-family ipv4 vrf VrfOne redistribute bgp 1800 network 172.16.0.0 network 172.20.0.0 no default-information in no auto-summary autonomous-system 100 exit-address-family !

Further Problem Description: Router may display the following log but not always the case.

SLOT 5:Jan 5 01:05:33 KST: 
%GENERAL-3-EREVENT: Failed to delete TCAM entry 
-Traceback= 40030EF8 40589CE4 4058A554 4058A6A0 4122D3D8 412314B0 41231694 4123C7F8 
41253540 4124AA70 4124AD08 4124B02C 4124BF40 
 
   

CSCsh36851

Symptoms: SIP-501 may crash on manual RPR+ switchover

Conditions: This symptom is observed on a Cisco 12000 series router that runs the c12kprp-p-mz image of Cisco IOS Release 12.0(32)SY2

Workaround: There is no workaround.

CSCsh38340

Symptoms: "show ip mds stats linecard" shows MDFS reloads on all LCs when multicast distributed routing is added on a VRF through the configuration of "ip multicast-routing vrf vpn distributed"

Further Problem Description: Note that whilst the MDFS reload is a real reload, it is without a preceding clear so it will not generally cause traffic interruption as it merely causes the same information to be downloaded to the linecards again. However in a highly scaled system running close to the limit, the additional load introduced by a full MDFS reload of every linecard may cause additional failures owing to maxing out of the CPUs.

CSCsh39887

Symptoms: VRF feature clean-up error messages occur When trying to delete T1 interfaces from a channel-group

Conditions: The condition occurs When trying to delete T1 interfaces from a channel-group

Workaround: Remove all the VRF configurations from the serial interface before trying to delete it.

CSCsh41646

Symptoms: During Cisco IOS upgrade procedure on GSR, configuration from interface may be removed from running configuration.

Conditions: This issue is detected when upgrading from Cisco IOS Release 12.0(31)S2 to Cisco IOS Release 12.0(32)S2 and the missing configuration is from Gigabit Ethernet interface of SPA-1XTENGE-XFP and SIP-600 card in slot 0. Problem only appear on rare situations. Adding back congiguration will restore service.

Workaround: There is no workaround.

CSCsh42798

Symptoms: On Cisco12816 at the end of the upgrade to Cisco IOS Release 12.0(32)SY2, ALL Line Cards continuoulsy crashed with the same traceback

-Traceback= 4145AF6C 41456D64 41457858 41366BB0 41366EFC 41367E10

Conditions: router startup config contains: route-map set traffic-index clause and then upgrading to Cisco IOS Release 12.0(32)SY2.

Workaround: No workaround

Further Problem Description: After downgrading to Cisco IOS Release 12.0(31)S6a the LCs didn't crashed

CSCsh44224

Symptoms: Sending 10 Gig traffic to a 2.5 Gig Interface The egress data rate as seen in the 2.5 gig pos spa interface is 9.4 G/s which is higher than the supported bandwidth.

Conditions:

Workaround: Correctly configure the network to avoid this scenario.

CSCsh46154

Symptoms: On a SIP-600, an error message to be logged on the console appears as shown below.

SPA error interrupts are not yet

Conditions: This symptom has been observed on a SIP-600.

Workaround: Reset the SIP-600 card.

CSCsh46431

Symptoms: After issuing "hw-module slot x reload", the pseudowire vc stays down since there is no local label allocated

Conditions: LC reload.

Workaround: Removed/re-add xconnect command. Shut/no shut the interface does not work.

CSCsh52903

Symptoms: When the linecard runs into some abnormal situation, the communications between SPA and linecard may not be reliable. If it is occurs, it normally triggers the SPA IPC keepalive failure. The failure of SPA keepalive/heartbeat results in SPA IPC restart. However, because of SPA IPC communications, the restarting of SPA may never be completed, leaving SPA in out of service state.

Workaround: Reloading SPA should recover the SPA.

CSCsh55026

Symptoms: After an RPR+ forced switchover, traffic is no longer passed across the affected frame-relay subinterfaces on the CT3 SPA. Commands run on an SPA line card indicate the incorrect mapping of if_number.

Conditions: This symptom has been observed with RPR+ switchover, BGP running, routes injected, and 130k+ IPv4 routes set up.

Workaround: Reload the slot containing the CT3 SPA.

CSCsh55956

Symptoms: 4 Port ISE Packet Over SONET OC-12c/STM-4 line card crashes.

Conditions: feature mode is enabled and traffic is passed through it in ingress direction in PE router in a 6PE setup

Workaround: Disable feature mode using no hw-module slot <x> np mode feature.

CSCsh56006

Symptoms: ce-ce ping/traffic fails, mip reg counter incremets on remote pe.

Conditions: Frompls, with both PE's reload simulataneoulsly.

Workaround: Need to unprovison both atom vc;s on both Pe's, unprovisoning on one Pe doent work.

CSCsh59530

GSR router has been upgraded from Cisco IOS Release 12.0(31)S1C to Cisco IOS Release 12.0(32)S6. On router's reload the following error messages were printed in router's log:

*Jan 30 04:23:28.585 EST: %QM-4-SW_SWITCH: Interface Serial4/0/0/5:0 routed traffic 
will be software switched in ingress direction(s) 
*Jan 30 04:23:29.589 EST: %QM-2-TCAM_ERROR: TCAM pgm error(46): LC based QOS Mgr 
failed RTR2-PE# 
*Jan 30 04:23:29.589 EST: %QM-4-SW_SWITCH: Interface Serial4/0/0/10:0 routed traffic 
will be software switched in ingress direction(s)
 
   

GSR has SIP-400 with 4CT3/DS0 SPA, with approx 30 channalized interfaces. After reload ALL channalized interfaces had both Ingress and Egress TCAM disabled.

RTR2-PE#sh qm int Serial4/0/0/16:0 Interface: Serial4/0/0/16:0 IP is enabled
hw[EGRESS] = 0, hw[INGRESS] = 0 hw_force_default[EGRESS] = 1, 
hw_force_default[INGRESS] = 1 TCAM disabled for egress. All packets punted to LC CPU 
TCAM disabled for ingress. All packets punted to LC CPU flags: message replied
 
   

Also spurious memory access traceback has been recorded in router's log:

*Jan 30 04:23:51.159 EST: %ALIGN-3-SPURIOUS: Spurious memory access made at 0x7A935C 
reading 0x44 
*Jan 30 04:23:51.159 EST: %ALIGN-3-TRACE: 
-Traceback= 007A935C 007A8BE8 0079E1EC 007ACBE0 007AC270 002EC5CC 002F65C4 00000000 
 
   

CSCsh61737

Symptoms: Performing a "no hw-module shutdown" on a shutdown Engine 5 line card may induce a Standby RP reset.

Conditions: This symptom is observed with a SIP-501 line card in a Cisco 12000 series router.

Workaround: There is no workaround.

CSCsh63526

Symptoms: ATM port mode xconnect causing interface flaps when core trunk is down and traffic gets rerouted or the atm interface is down due to framing change

Workaround: If the interface flap continues for few minutes, shut/no shut the interface.

CSCsh68190

Symptoms: After LC reset of Engine 3 CHOC48 or 4xGE or RP toggle, 'sh policy-map interface' shows subinterface attached policy to have ouput queues unallocated. Output also fails to show policing or WRED information.

Conditions: Engine 3 channelized OC48 on c12000 using frame-relay encapsulation on serial and POS interfaces, as well as subinterfaces configured on 4xGE card. Triggered by LC reset or RP toggle.

Workaround: Attach/re-attach policy to interface/subinterface.

CSCsh72734

Symptoms: SPA-1XCHSTM1/OC3 in SIP-601 going out of service

Conditions: SPA inserted in the line card

Workaround: There is no workaround.

CSCsh73935

Symptoms: A router may reload when you perform an snmpwalk on the ciscoMvpnMrouteMdtTable.

Conditions: This symptom is observed when all of the following conditions are present:

- IP multicast routing is enabled on a VPN routing/forwarding instance (VRF)

- This VRF is associated with an interface.

- The Multicast Distribution Tree (MDT) default group address is not configured for the VRF.

Workaround: Configure the MDT default group address for the VRF by entering the mdt default mdt group command in VRF configuration mode.

CSCsh75078

Symptoms: RP failover would cause SIP-601 core-facing line card to crash, and reload.

%RP-4-RSTSLOT: Resetting the card in the slot: 15,Event:linecard error report %LINK-5-CHANGED: Interface GigabitEthernet15/0/0, changed state to administratively down %OSPF-5-ADJCHG: Process 2, Nbr 10.0.0.45 on GigabitEthernet15/0/0 from FULL to DOWN, Neighbor Down: Interface down or detached %LDP-5-NBRCHG: LDP Neighbor 10.0.0.45:0 (1) is DOWN (Interface not operational) %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet15/0/0, changed state to down %PIM-5-NBRCHG: neighbor 10.144.2.13 DOWN on interface GigabitEthernet15/0/0 non DR %LCINFO-3-CRASH: Line card in slot 15 crashed %MBUS_SYS-3-NOBUFFER: Message from slot 15 in stream 1 dropped %MBUSFLASH-3-TIMEOUT: No response from slot 8 (type 5,time 2000) %BGP-5-ADJCHANGE: neighbor 172.16.1.2 vpn vrf m1 Up %BGP-5-ADJCHANGE: neighbor 172.16.2.2 vpn vrf m1 Up %RP-3-EXEC_SLOT: Slot 15 not enabled

Conditions: c12000 node fully populated with E3 line cards, mvpn configuration, and large scale multicast routes and traffic.

Workaround: There is no workaround.

CSCsh82766

Symptoms: remove interfaces from one vrfA to another vrfB and cause mdt tunnel to flap. then remove the "mdt default" statement from vrfA, this causes LC to reset

Conditions: remove "mdt default" under obsolete configuration

CSCsh83815

Symptoms: The problem symptoms can be seen under the condition where 33s_pi image is running and Xconnect is configured on the Gila SPA in a 12000-SIP-601 card. When we attach to the line card and give <LC-Slot4#sh controllers version> command then the line card would crash . After the crash it would recover. Every time the command is given in the line card the card would crash and recover.

Conditions: The symptoms can be seen under the condition where 33s_pi image is running and Xconnect is configured on the Gila SPA in a 12000-SIP-601 card. When we attach to the line card and give <LC-Slot4#sh controllers version> command then the line card would crash .

Workaround: There is no workaround.

CSCsh89375

Symptoms: When a multilink bundle has one end connected to Cisco 12000 router and the other end connected to a non-Cisco-12000 router, the multilink interface receiver, at the non-Cisco-12000 router side, may drop all received packets due to packet fragment loss or out-of-order.

Conditions: This may happen when the first member link of the multilink bundle comes up immediately after all member links of bundle have gone down.

Workaround: There are two workarounds:

(1) First workaround:

Shutdown all member links of the multilink bundle

Wait for 1 minute

Bring up (i.e. no shutdown) the member link interfaces one-by-one

(2) If the above workaround (option 1) does not resove the problem, perform the following steps:

Shutdown all the links in the affected multilink bundle

Remove all the links from the bundle using the CLI "no multilink-group" till the bundle has no link

After a few min (~5 min) add the links back to the same bundle using the CLI "multilink-group <group number>"

Perform "no shut" on all the links

CSCsh89437

Symptoms: If cleanup is not done on CIs used by L2TPV3, and these CIs are reused by other applications, then it will have extremely undesirable effects (like in case of MLP on SIP 400/2 or 4 Port CT3/DS0 SPA, all packets get dropped). To avoid this L2TPv3 codebase has to clean up explicitly.

Conditions: Configure L2TPv3. Configure MLP. Shutdown the L2TPv3 tunnel and then shutdown the MLP. Then do a no shut on the MLP bundle. If the MLP reuses, the CI used by L2TPv3, then packets will get dropped.

Workaround: There is no workaround..

CSCsh90531

Symptoms: Ping failures with MLPPP on SPA-CT3-DS0/SPA-CHOCX-DS0.

Conditions: MFR with xconnect/ATOM and MLPPP configured on the same SPA.

Workaround: Reload the SPA.

CSCsh98714

Symptoms: Memory leak while running MLFR provisioning test script.

Conditions: Test script used for provision/reprovision an MLFR bundle including associated member links appears to trigger a memory leak on the route processor (PRP-2).

Workaround: There is no known work around.

CSCsh99695

Symptoms: Traffic drops occur when ingress is E5 and egress is E4. The problem occurs when ingress is E5 card with service-policy is attached with "set mpls exp imp" action and Egress is a E4 with tx-cos applied.

Conditions: The problem occurs when ingress is E5 card with service-policy is attached with "set mpls exp imp" action and Egress is a E4 with tx-cos applied . The problem occurs particularly when the precedence of traffic going to egress is 0. This happens only for ip2ip and ipv6toipv6 cases.

Workaround: The problem does not occur when the tx-cos is removed from egress or the "set mpls exp" is removed from the ingress policy.

Further Problem Description: When "set mpls exp imp" is part of the ingress service-policy, it corrupts the QOS Bundle information in the Pop stage. Macro "set_exp_code_no_mod_oq" stores the EXP bits into the location PHB.TR_top_of_stack for the action "set mpls exp 0" we have in the policy. PHB.PHB.TR_top_of_stack location is 0x03A, which maps to the same location where QOS Bundle information starts. QOS bundle information starts from PHB.ADJ_queue_bundle_addr_0 whose address is also 0x03A. Thus the LOQ information taken from the bundle information is corrupted and the traffic is not put in to the correct local output queue to reach the egress card.

CSCsi01470

A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml.

CSCsi04459

Symptoms: The line protocol on a POS link connected to a POS port on the SPA-2XOC48POS/RPR SPA may go down and not come back up. This is for a 12000-SIP-601 on the GSR platform.

Conditions: The trigger for the condition is not known currently.

Workaround: There is no workaround. To clear the condition the entire SIP/SPA combination must be reset.

CSCsi07088

Symptoms: Customer has a 12000-SIP-601 that crashes and leaves no crashinfo file.

Conditions: This occurs if MBE (and SBE) parity errors occur in the SIP-601 memory.

Workaround: There is no workaround. Repeated instances would yet point to a defective hardware.

CSCsi12175

Symptoms: E3 LC ( MOD 48 ) Crashed while reloading a router

Conditions: E3 LC ( MOD 48 ) Crashed while reloading a router

Workaround: E3 LC ( MOD 48 ) Crashed while reloading a router

No workaround is needed as after the crash the LC comes up and there is no functionality problem seen with the card after this crash. This crash was one time occurance.

This crash has been seen consistently in 32sy0 image and a fix has been committed to that release. WIll be comitting full changes for the fix in this release as well.

CSCsi12586

Symptoms: When ALPHA has an error due to some bug, the linecard crashes without error recovery.

Workaround: There is no workaround.

Further Problem Description: During any ALPHA errors, there is no trace of the problem occuring. This happens only during SW bugs, but should be fixed to improve debuggablity.

CSCsi13242

Symptoms: Destination interface value showing wrongly in netflow cache.

Conditions: problem can be seen on c12kprp-p-mz.120-nightly.S for engine4+ card.

Workaround: This problemis not seen on engine3 and engine5 cards .

CSCsi13685

Symptoms: 4-port E3 GE LC stuck in UP state for about 45 minutes before coming to RUN state.

Conditions: This issue was seen in scaled IP+L3VPN+mVPN environment when the router was reloaded.

Workaround: Reloading the LC resolves the issue.

Further Problem Description:

CSCsi16530

Symptoms: BFD is not supported on Bundle interface. When user tries to configure BFD on link bundle, the router crashes.

Conditions: Applying BFD config on Pos-channel and ether-channel.

Workaround: There is no workaround.

Fix: This fix will reject the BFD configuration getting applied on bundle interfaces.

CSCsi17737

Symptoms: IP Header Compression (IPHC) on c12000 SIPs does not start RTP/UDP compression. This is observed as "show ip rtp header-compression" showing Sent total increasing while Sent compressed not increasing.

Conditions: 1. Fresh configuration of IPHC at slot level and interface level. 2. SIP reload on a router where IPHC has been configured or reconfigured at slot level or interface level. 3. SIP reload on a router where IPHC has been configured or reconfigured at slot level or interface level.

Workaround: There are TWO corrective workarounds for this issue.

A. Interface level corrective workaround (correction for one interface) --------------------------------------

Reconfigure IP Header Compression at the interface level for the interface of interest. If using IPHC through MQC, reattach service policy to interface. Similarly, enabling and disabling IPHC under the service policy will correct this issue for all interfaces to which the output service policy is attached.

B. Slot level corrective workaround. (correction on ALL interfaces on slot) ----------------------------------

Modifying the configured number of slot level RTP connections using "hw-module slot <slot_number> ip rtp compression-connection <number of connections>" will clear the observed problem on all IPHC configured interfaces on the SIP in the specified slot_number. Example: Increase number of slot level connections by one or decrease number of slot level connections by one. Increase or decrease can be reverted if necessary to accomodate the total of all interface level connections.

CSCsi18200

Symptoms: The following error message is logged:

%LC_MOD48-3-SPAG_MULTIPLE_BAY_EFC_BP_MAPPED_TO_CONGA_PORT: Found EFC channels from 2 different bays mapped to the same Conga port. existing map {bay=1, efc_chn=238}, requested map {bay=2, efc_chn=238}

Conditions: This error message while reloading SPAs that has multilink bundle (Multilink FR or Multilink PPP) configuration. This issue is specific to the SPA interfaces on SIP-400.

Workaround: There is no workaround.:

CSCsi21733

Symptoms: SPA-2XOC48POS/RPR goes to Out Of Service after encountering a SPA BUS ERROR. TRANSCEIVER-6-REMOVED messages were followed by SCC failure resulting the SPA to go to Out Of Service.

Conditions: Lots of L1 errors are found (B2-BER) on the link and the interfaces flapped lot of times before the BUS ERROR.

Workaround: LC reload

CSCsi24487

Symptoms: Interface on E5 linecard with CsC configured (in edge facing side ) is having LDP flaps

Conditions: Not known

Workaround: There is no workaround.

CSCsi25309

Symptoms: Packets from E5 to E2 get dropped on E2. On E2 when the command show contr events is executed it shows the counters for "Tx short encap entry" increases

Conditions: Output ACL is configured on E2.

Workaround: Remove output ACL on E2.

CSCsi31047

Symptoms: At times, E5 SIP-600 does not forward multicast traffic with a valid SW and HW SG entry.

Conditions: - PIM-Sparse with static RP, multiple sources - E5 SIP-600 as both ingress and egress LC.

Workaround: Clear the affected group's mroute using: clear ip mroute <group>

Further Problem Description: - "show ip mroute <group>" shows correct [*,G], and [S,G] entry with T-flag and correct IIF and OIF. - "exec slot <ingress slot#> show ip mds for <group>" shows correct HW entries but the packet counts are not incrementing

CSCsi35926

Symptoms: BMA:ToFab PLIM radar_plim_max_len_err: with l2tpv3 traffic,packet loss is seen with size > 1550 bytes

Conditions: L2tpv3 interworking is On...Sending packets with more than 1550 bytes datagram, ping stops from CE-1 to CE-2, BMA reports error that radar has received packet with maximum header length.

Workaround: Disable path mtu from pseduwire.

CSCsi40941

Symptoms: The use of time-based WRED on an output service policy results in different min-max threshold values on E3 and on E5 for identical policy.

Conditions: Policy configured that is using time-based WRED.

Workaround: conf t hw-module slot <E5-slot#> qos use-e3-std-for-wred

CSCsi44315

Symptoms: E5 crashes

Conditions: Remove a Gig subinterface that has mpls and te configured on it

Workaround: There is no workaround.

CSCsi44753

Symptoms: Traffic stops on removing ip flow-export version config on a MPLS/VPN PE router .

Conditions: removing/adding ip flow-export version config from the running config

Workaround: hw-module slot reload or clear ip bgp *

CSCsi50548

Symptoms: SPA-2XOC48POS/RPR goes to Out Of Service after encountering a SPA BUS ERROR. TRANSCEIVER-6-REMOVED messages were followed by SCC failure resulting the SPA to go to Out Of Service.

Conditions: Lots of L1 errors are found (B2-BER) on the link and the interfaces flapped lot of times before the BUS ERROR.

Workaround: LC reload

CSCsi52321

Symptoms: After inserting a 4OC48E/POS-SR-SC LC it is recognized but when command "upgrade mbus-agent-rom" is used LC is not recognized by the router anymore and displays:

%MBUS-6-OIR: 4 Port ES Packet Over SONET OC-48c/STM-16 Removed from Slot x MBus agent ROM upgrade failed on slot x (rc=5)

Conditions: New LC is inserted in the chassis and have never been upgraded its ROM code before.

Workaround: There is no known workaround.

CSCsi58063

Symptoms: RP crashes when CSC is shut down by command.

Conditons: This symptom has been observed when CSC is shut down.

Workaround: There is no workaround.

CSCsi63432

Symptoms: Tracebacks on microcode reloading SIP-400.

Conditions: Service policy attached on MFR subinterfaces and microcode reload done

Workaround: There is no workaround.

CSCsi63889

Symptoms: SIP always reload by itself when our link were down for one site

Conditions: This issue happens when a NF is configured.

Workaround: Disable NF.

CSCsi64245

Symptoms: C12000 dual RP with Engine 5 line card traceback SEC 0:00:01:48: %EERP-3-INVALID_UIDB_HWIDB_MAP: slot 7, index= 00000004 orig_if= GigabitEthernet7/0/0 given_if= GigabitEthernet7/0/0 free= 0

-Traceback= 212BF8 212D00 82027C 81BDFC 81B0B4 12EEE4 181908 181B04 1826A0 125F6C 1990B4 199434 192BC8 192E2C 193128 193DD0

Conditions: C12000 Engine 5 interface configuration change when system has dual RP

Workaround: There is no workaround.

CSCsi66302

Symptoms: MPLS forwarding entry at an ASBR may not be created.

Conditions: Multiple conditions must be met: 1/ router must be configured as an VPNv4 ASBR in a VPN network using L2TPv3 encapsulation (feature called Dynamic Layer-3 VPNs Using Multipoint GRE (mGRE) Tunnels)

2/ multiple ASBRs must be used between the autonomous system. The ASBRs in the same AS must have an iBGP session (direct, or via a route reflector)

3/ the network (with different RD than the locally configured VRF) must be first learned via an iBGP session (via the second ASBR), and later learned via an EBGP session from the peering AS. The eBGP learned session becomes a best path, but the corr esponding forwarding entry fails to get created

Workarounds: Multiple workarounds are available:

use option A ASBR configuration (back2back VRFs) or

use same RD in the whole network (all Autonomous systems) for a given VRF or

prevent learning prefixes from other ASes on an IBGP session on the ASBR or

prevent advertising prefixes learned from other ASes on an IBGP session to EBGP peers (prevent becoming a transit AS for InterAS traffic).

CSCsi67310

Symptoms: After RP switchover, all configured WRED thresholds are set to 0 in "sh policy-map int" command

Conditions:

1. After RP switchover

2. Only on eng5 MPLS trunk

3. Only when the output policy is an unnested policy-map

Workaround: Remove service-policy from the interface and re-attach it or shut/no shut the interface

CSCsi69492

Symptoms: EoMPLS traffic stops on E4+ on CSC switchover

Conditions: Execute CSC switchover by shutting primary CSC. EoMPLS traffic forwarding stops.

Workaround: To recover, execute mic-reload of E4+ line card.

CSCsi77887

Symptoms: Cos bits in the packets received from the disposition router are not set according to the egress policy for Ethernet over MPLS packets.

Conditions: This is observed on C12000 Engine 5 family cards.

Workaround: There is no workaround.

CSCsi78221

Symptoms: Engine 3 stucks over minutes (found to be 20 minutes)

Conditions: During BMA recovery

Workaround: There is no workaround.

Further Problem Description: Card resets.

CSCsi81511

Symptoms: Spaghetti fails to drain the half packets during error recovery

Conditions: When error recovery is triggered and traffic passes into the Mod48 , during error recovery spaghetti fails to drain the half packets and fails to initialise the congs.

Workaround: No Known workaround

CSCsi89716

Symptoms: RP crashes.

Conditions: Enable feature mode on customer facing SIP-401

Workaround: There is no workaround.

CSCsj02903

Symptoms: On Gigabitethernet interface having copper SFP, toggling negotiation may flap other BFD sessions running on that linecard

Conditions: BFD expiry timers are configured for low value Copper SFP is used

Workaround: With BFD timers configured as 300 msec with multiplier of 3, problem is not seen

CSCsj04991

Symptoms: QoS on egress port of E4+ POS is not taking effect if the tunnel headpoint on the same port as well.

Conditions: The issue happens when we remove the "mpls ip" configuration under the tunnel and re-add it after a delay.

This does two things. 1.This corrupts and resets the feature processing flag in the ingress adjacency which normally enables "feature processing in the egress". Since this is reset to 0, the egress is not able to do QoS.

2. The adjacency rewrite info corresponding to the tunnel in the egress gets removed.

Workaround: Remove "mpls ip" from the tunnel interface once and immediately add it back. This corrects the issue.

CSCsj05541

Symptoms: 'show interface' command indicate that egress data rate on 4GE-SFP-LC shows doubled rate of actual traffic rate.

Conditions: EoMPLS setting on the interface may cause this issue. It can be seen with PRP-2 and GRP-B.

Workaround: There is no workaround.

CSCsj05970

Symptoms: In mVPN topology MDS is disabled for 4xGE engine 3 card. MDS may appear to be active but will cycle between active and disabled states. Constant cycling between these states may cause LC crash.

Conditions: This problem is observed with an mVPN configuration.

Workaround: There is no workaround.

CSCsj06426

Symptoms: With "hw-module slot x qos policing-granularity x" on SIP601, after physical OIR the SIP, this command causes ingress policing not enforcing the police rate.

Conditions: physical OIR

CSCsj08112

Symptoms: On a GSR running Cisco IOS Release 12.0(32)S6o all non ipc tofab queues are depleted on a choc12/ds1-ir-sc line card causing all traffic to be dropped including Layer 2 control traffic for the interfaces.

Condtions: This condition was seen again three days after the first occurence.

Workaround: There is no workaround.

CSCsj09009

Symptoms: Local Switching -- like to like and Interworking is not working on E3 gig LC.

Conditions: Local Switching -- like to like and Interworking is not working on E3 gig LC. Traffic starts and stops forwarding after some time.

Trigger : Doing shut/noshut on the core facing port of the same LC

Workaround: There is no workaround.

CSCsj09104

Symptoms: Line protocol of E3 QOC12 goes down on mic-reload

Conditions: mic-reloading the line card

Workaround: There is no workaround.

CSCsj09250

Symptoms: Tofab Buffer on E3 LC's gets depleted.

Conditions: Tofab Buffer on E3 LC's gets depleted when "mpls ip " was enabled on TE tunnel interface in the Core.

Tofab Buffer Depletion was seen with following E3 LCs.

1) 4 Port ISE ATM Over SONET OC-3/STM-1 Multi Mode 2) 4 Port ISE Gigabit Ethernet 3) 4 port ISE OC12 channelized STS-3c/STM-1 or DS3/E3 Single Mode/IR SC connector

Workaround: There is no workaround.

CSCsj09740

Symptoms: SPA-2XOC48POS/RPR goes to Out Of Service after encountering a SPA BUS ERROR. TRANSCEIVER-6-REMOVED messages were followed by SCC failure resulting the SPA to go to Out Of Service.

Conditions: Lots of L1 errors are found (B2-BER) on the link and the interfaces flapped lot of times before the BUS ERROR.

Workaround: LC reload.

CSCsj09792

The channelized OC12 controller on a GSR might go down and remain down in case of a PLIM CPU reset. If this occurs, APS may not switch to the other channel.

"show aps" will display that the active channel's interface is down: router#sho aps CHOCx 3/0 APS Group 3: protect channel 0 (Active -interface down)

Workaround: There is no workaround.

Recovery: In case of a PLIM cpu reset, if the controller stays in the down state, the line card must be reloaded with the "test mbus <slot> power off/on" commands.

CSCsj12565

Symptoms: RP crashes on removing and adding the "network x.x.x.x" command two or three times under OSPF process.

Conditions: This sympto is observed on a GSR loaded with latest 32.sy3 image configured with 1500 TE tunnels in Scale setup.

Workaround: There is no workaround.

CSCsj14388

Symptoms: BFD session goes down on removing and adding ip address from bfd enabled interface.

Conditions: This symptom is observed on a GSR router loaded with Cisco IOS Release 12.0(32)sy image. After BFD sessions are estalished on adding and removing ip address couple of times the BFD sessions go down

Workaround: Reload the routers.

CSCsj15162

Symptoms: The following error message occurs on CHOC12/DS1-IR-SC linecard indicating that the PLIM is reset:

%LC_CX3-2-PLIM_RESET: PID 49165, CAUSE 0

Conditions: When shutdown / no shutdown was executed on many multilink ppp bundles continuously.

Workaround: There is no workaround.

CSCsj17694

Symptoms: Add/remove of MLPP i/f can cause mod48 crash.

Conditions: This is observed with Cisco IOS Release 12.0(32)SY3_02 Cisco IOS Release 12.june07 image.

Workaround: There is no workaround.

CSCsj19308

Symptoms: MLPPP/MLFR ping failure on SPA-2/4CT3 or SPA-CH-STM

Conditions: MLPPP/MLFR configured on SPA-2/4CT3 or SPA-CH-STM

Workaround: reload the SPA using hw-module subslot <slot>/<subslot> reload

CSCsj28901

Symptoms: When changing mtu on 4xOC3-V2 SPA in SIP-501, the following crash may be seen: %RP-3-CARVE_FAIL: FrFab BMA, slot 9 %RP-3-COREDUMP: Core dump incident on slot 9, error: Safe FrFab buffer carve failure %RP-4-RSTSLOT: Resetting the card in the slot: 9,Event: linecard error report %LCINFO-3-CRASH: Line card in slot 9 crashed

Conditions: This symptom is observed on a Cisco 12000 series router that runs the c12kprp-p-mz image of Cisco IOS pre-Release 12.0(32)SY4.

Workaround: There is no workaround.

CSCsj28914

Symptoms: SPA may reset due to heartbeat failures on doing CSC switchover. Following messages may be seen. SLOT 4:1d19h: %SPA_PLIM-3-HEARTBEAT: Subslot 3 has experienced an heartbeat failure Current Sequence 31064 received Sequence 31057 Time since last keep 1000ms.

Conditions: SPAs in SIP-401/501/601 Doing CSC switchover.

Workaround: There is no workaround.

CSCsj30638

Symptoms: On doing OIR of CSC cards or during Cisco IOS upgrades, the CSC card may be recognised as SFC or vice versa. In case of non-redundant fabric configuration, the linecards may go into low bandwidth mode. This may result in configs being lost.

Conditions: Seen during Cisco IOS upgrades to 32SY or during OIR of CSC cards

Workaround: Reload the router to come out of the situation

CSCsj32625

Symptoms: The CT3 and CHOC3 SPA controllers do not come up after reloading the router with latest 32sy nightly image. /vws/nyb/32sy_nightly/2007-06-18/bin/c12kprp-p-mz

Conditions: CT3 and CHOC3 SPA with image /vws/nyb/32sy_nightly/2007-06-18/bin/c12kprp-p-mz

Workaround: There is no workaround.

CSCsj34705

Symptoms: When upgrading from 120-28.S4c to 120-32.S6p some tcam carve configuration commands are lost for an engine 3 card.

Conditions: Examples of some of the tcam recarve commands are:

hw-module slot 4 tcam carve RX_TOP_NF 3 
hw-module slot 4 tcam carve RX_144b 35 
hw-module slot 4 tcam carve RX_288b 45 
hw-module slot 14 tcam carve RX_TOP_NF 3 
hw-module slot 14 tcam carve RX_144b 35 
hw-module slot 14 tcam carve RX_288b 45

These commands may fail to show up in the configuration after an upgrade.

Workaround: Reconfigure commands and microcode reload linecard.

CSCsj36294

Router crash and crash dumped to bootflash

While loading grp image labelled for 06/16 for 32s image.

no work around

CSCsj36649

Symptoms: Reload of Router or Line card may throw following mesage.. SLOT 4:00:01:24: %LC-4-POLICING_GRAN: WARNING!!! Please reload the Linecard in slot 4 for policing-granularity command to take effect. This may Lead to inconsistency in the behaviour of policing on this slot if Linecard is not reloaded at this point.

Conditions: Policing configured on the Line card.

Workaround: There is no workaround.

CSCsj45048

Symptoms: pw adjacency is created on the RP.

Conditions: Any.

Workaround: There is no workaround.

Further Problem Description: Backing out this fix will cause MLPPP bundle unprovisioning with a traceback "%RP-3-ENCAP:Failure to get output encapsulation:unprovisioning MLPPP mem"

CSCsj47840

Symptoms: Ouput NF not working on 32S8 16/06 dated coded image for Engine5 card

Conditions Configure Output NF on Engine-5 card and check for NF cache

Workaround: There is no workaround.

CSCsj60303

Symptoms: SIP401 crash

Conditions: Stressing the LC with the following set of events : 1) Multilink3 and Multilink8 with 2 members each 2) Flap one of the members of multilink3 by changing crc 3) Shut down the members of multilink3 4) Removed the members of multilink3 and chaged the encap to default encap 5) Delete multilink3 6) Add multilink3 back 7) Add the members back to multilink3 8) Flap the link of multilink8 by changing the crc

This is applicable to both MLPPP as well as MFR Bundles.

Workaround: There is no workaround.

CSCsj66522

Symptoms: Running a script which has same configs as sprint configs, in addition we have 1000 dlci's provisioned on mfr and we are triggering auto dnr on that mfr.

The scripts does adding deleting interfaces bundles, changing encaps, changing CRC etc

Conditions: top#show context slot 5 CRASH INFO: Slot 5, Index 1, Crash at 13:44:02 UTC Sun Jul 15 2007

VERSION: GS Software (GLC1-LC-M), Version 12.0(071407A2.2007-07-14) UBUILDIT Image, CISCO DEVELOPMENT TEST VERSION Compiled Sat 14-Jul-07 15:28 by mbaruah Card Type: ISE 2.5G SPA Interface Card, S/N SAD10250A6D Running a script which has same configs as sprint configs, in addition we have 1000 dlci's provisioned on mfr and we are triggering auto dnr on that mfr.

The scripts does adding deleting interfaces bundles, changing encaps, changing CRC etc

Workaround: There is no workaround.

CSCsj93643

Symptoms: In rare cases, C12000 router with SIP400 and one or more SPA-CT3/DS0 and SPA-T3E3 installed may display the following message:

SLOT 14:Jul 22 06:18:31.790 EDT: %SPA_PLIM-3-HEARTBEAT: Subslot 2 has experienced an 
heart beat failure Current Sequence 1980 received Sequence 1970 Time since last keep 
2952ms.

SPA-CT3/DS0 and SPA-T3E3 may stay in the state and the SPA may not recover in some cases.

Workaround: The following command may be used to disable SPA heartbeat to avoid the SPA failure.

execute-on <slot#> test hw-module subslot <subslot#> ipc keepalive disable

It is not recommended to use this command and it may lead SPA stuck in bad state. The test command shall be used under Cisco Support supervision.

CSCsk13647

Symptoms: E5 SIP-601 LC CPU stays almost at 100% for a very long time, the WAHOO MCAST DELE process utilizing most of the CPU.

Conditions: This is seen after the MSE router reload on the scale testbed with scaled IP, L3VPN and mVPN configs.

Workaround: There is no workaround.

TCP/IP Host-Mode Services

CSCsi43506

Symptoms: IP SLA probes will show no results for command show ip sla statistics <probe>

Conditions: Probe is configured with vrf.

Workaround: There is no workaround.

Wide-Area Networking

CSCsi10322

Symptoms: The interface level commands 'no ppp link reset' and 'no pp lcp fast-start' disappear from the configuration after performing a 'wr mem' or 'show run | inc ppp'. The commands do not reappear after reload.

Conditions: Interface level configuration of 'no ppp lcp fast-start' and 'no ppp link reset'

Workaround: There is no workaround.

Resolved Caveats—Cisco IOS Release 12.0(32)SY3

Cisco IOS Release 12.0(32)SY3 is a rebuild release for Cisco IOS Release 12.0(32)SY. The caveats in this section are resolved in Cisco IOS Release 12.0(32)SY3 but may be open in previous Cisco IOS releases.

Basic System Services

CSCsc64976

A vulnerability exists in the IOS HTTP server in which HTML code inserted into dynamically generated output, such as the output from a show buffers command, will be passed to the browser requesting the page. This HTML code could be interpreted by the client browser and potentially execute malicious commands against the device or other possible cross-site scripting attacks. Successful exploitation of this vulnerability requires that a user browse a page containing dynamic content in which HTML commands have been injected.

Cisco will be making free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051201-http.shtml

Miscellaneous

CSCek58475

Symptoms: Egress slow path packets contain extra 4 bytes.

Conditions: This symptom has been observed when on a Cisco 12000 router with Engine 5/5+ line cards. Access-lists which contain more than 6 different range statements will cause "Hardware TCAM LOU capacity exceeded" message.

Workaround: Change ACL to remove range statement so ACL will no exceed hardware resources.

CSCek60156

Symptoms: Traffic will not be forwarded if the VPLS E5 Pseudo-wires is setup with no control word.

Conditions: This symptom has been observed when the VPLS E5 Pseudo-wires is setup with no control word.

Workaround: There is no workaround.

CSCin98724

Symptoms: On doing SSO while the router with Dual RP setup is till booting/reloading, i see the following message on both standby and active RP.

"%RP-4-CFGSYNC: Failed to sync startup-config to standby RP"

Conditions: This symptom has been observed when:

1. There is Dual RP connection, with Redundancy node SSO.

2. Perform a SSO on the active RP such as RP1.

3. Thus this RP1 now becomes Standby and RP2 becomes Active.

4. RP1 thus starts booting with the image in the boot variables (config-reg 0x2) and the RP2 has taken the role of Active.

5. While the LC is in STRTIOS, I do SSO again on the active RP2, and then see this FAILED SYN message. Startup Config gets erased from standby.

Workaround: There is no workaround.

CSCsd73139

Symptoms: more crash:crashinfo is returning "device or resource ready".

Conditions: If the LC gets reset before the crashinfo file is closed, the open bit is set.

Workaround: There is no workaround.

CSCse11720

Symptoms: On A Cisco GSR running Cisco IOS Release 12.0(31)S the BFD session is dropped after lost of One BFD control packet.

The actual BFD interval is constantly higher than the interval configured, in the traces below the tx interval is configured to 2s and the actual Tx interval is around 3,5s

Conditions: This is a BFD-enabled BGP session between two GSR, x.x.x.1 with a tx timer of 5s, and x.x.x.x.2 with a tx timer of 2s. Both multiplier are 3. Both routers are running Cisco IOS Release 12.0(31)S, and both sides are Engine 3 line cards.

This is a sniffer trace the actual

#30: BFD control packet A from .2 to .1 
#31: BFD control packet A from .2 to .1 (3,575848s after #30) 
#33: BFD control packet A from .2 to .1 (3,511843s after #31) 
#34: BFD control packet A from .2 to .1 (3,623851s after #33) 
#36: BFD control packet A from .2 to .1 (3,167859s after #34) 
#37: BFD control packet A from .2 to .1 (3,655841s after #36)
#38: BFD control packet A from .2 to .1 (3,359866s after #37)
#42: BFD control packet A from .2 to .1 (3,255843s after #38) 
#44: BFD control packet A from .2 to .1 (3,471862s after #42) 
#46: BFD control packet A from .2 to .1 (3,639842s after #44) 
#47: BFD control packet A from .2 to .1 (3,287859s after #46)

After the lost of one BFD control packet the BDF session is down

#48: .1 signals the session down 6.003069 s after having received #47
6.003069 s is the detection time 3 x 2 s (our mult x .1's tx timer)

Workaround: There is no workaround.

CSCse48018

Symptoms: Interface counters are double counted for tag-tag switching. This is seen on Cisco 12000 series router.

Conditions: This symptom has been observed with Engine3 card.

Workaround: There is no workaround.

CSCsf22729

Symptoms: The BFD interface command is not seen in the running configuration on the standby RP. Though it appears that the BFD functionality is not affected on a RP switchover but there could be other side-effects.

Conditions: This symptom has been observed in configuration of the standby RP.

Workaround: There is no workaround.

CSCsf99866

Symptoms: Sending mpls traffic to an E5 LC with oc-192 SPA which doesn't have mpls configured, it will cause this LC crash.

Conditions: This symptom has not been observed if using a 10G SPA or E4+ oc-192.

Workaround: There is no workaround.

CSCsg26943

Symptoms: After perform a RP switchover on a long idle(20 hrs above) GSR router loaded with 092806 nightly build image, all LCs got reset.

Conditions: This symptom has been observed when all LCs got reset after RP switchover on a long idle router.

Workaround: There is no workaround.

CSCsg37491

Symptoms: IPv4/Ipv6 ping failed over L2TPv3 Tunnel. This is happening with PD also and here IPv6 ping fails.

Conditions: This symptom has been observed in the following:

1. Create a L2TPv3 tunnel and establish a Ipv6/ipv4 adj. b/w the CE's .

2. Send a Ipv4/ Ipv6 traffic.

3. Do a reload/SSO of the router.

Workaround: E3 Gig. LC reload on decapsulating router solves the problem.

CSCsg40032

Symptoms: Perform a LC reload on an Engine 0 CT3 or DS3 Line card, upon recovery any frame-relay sub-interfaces on those Line cards which have rate-limit output configured will no longer have this applied.

Conditions: This symptom has been observed

Workaround: Reload of the router or a reload of the ingress Line card resolves the issue.

CSCsg43692

Symptoms: Traffic not forwarding as expected over primary and backup tunnels. TE FRR status is not consistent across RP software components and line cards.

Conditions: POS line events that trigger FRR but do not also alarm IGP link state transitions can result in FRR out of sync. For example, by default POS Path Errors trigger FRR only.

Workaround: If POS Path Errors are the cause configure 'pos delay triggers path 0'

CSCsg45798

Symptoms: After OIR of the SPA-4XCT3/DS0 SPA, some of the frame-relay sub-interfaces no longer forward traffic.

Conditions: This symptom has been observed after performing an online removal and installation.

Workaround: Perform the shutdown command and then the no shutdown command on the sub-interface to correct the issue.