Guest

Cisco IOS Software Releases 12.4 T

Cross-Platform Release Notes for Cisco IOS Release 12.4T, Part 8: Caveats for 12.4(9)T3 through 12.4(15)T8

  • Viewing Options

  • PDF (2.2 MB)
  • Feedback
Caveats for 12.4(9)T3 through 12.4(15)T8

Table Of Contents

Caveats for 12.4(9)T3 through 12.4(15)T8

Resolved Caveats—Cisco IOS Release 12.4(15)T8

Miscellaneous

Resolved Caveats—Cisco IOS Release 12.4(15)T7

Miscellaneous

Resolved Caveats—Cisco IOS Release 12.4(15)T6

Miscellaneous

Resolved Caveats—Cisco IOS Release 12.4(15)T5

Basic System Services

Resolved Caveats—Cisco IOS Release 12.4(15)T4

Miscellaneous

Resolved Caveats—Cisco IOS Release 12.4(15)T3

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.4(15)T2

Miscellaneous

Resolved Caveats—Cisco IOS Release 12.4(15)T1

Basic System Services

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.4(15)T

EXEC and Configuration Parser

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.4(11)T4

Basic System Services

IP Routing Protocols

ISO CLNS

Miscellaneous

TCP/IP Host-Mode Services

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.4(11)T3

Basic System Services

IP Routing Protocols

Miscellaneous

TCP/IP Host-Mode Services

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.4(11)T2

Basic System Services

EXEC and Configuration Parser

IP Routing Protocols

Miscellaneous

TCP/IP Host-Mode Services

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.4(11)T1

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.4(11)T

Basic System Services

EXEC and Configuration Parser

IP Routing Protocols

Miscellaneous

TCP/IP Host-Mode Services

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.4(9)T7

Basic System Services

IP Routing Protocols

Miscellaneous

Resolved Caveats—Cisco IOS Release 12.4(9)T6

Basic System Services

IP Routing Protocols

Miscellaneous

Resolved Caveats—Cisco IOS Release 12.4(9)T5

Basic System Services

IP Routing Protocols

Miscellaneous

TCP/IP Host-Mode Services

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.4(9)T4

Basic System Services

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.4(9)T3

Basic System Services

IBM Connectivity

IP Routing Protocols

Miscellaneous

TCP/IP Host-Mode Services

Wide-Area Networking


Caveats for 12.4(9)T3 through 12.4(15)T8

Resolved Caveats—Cisco IOS Release 12.4(15)T8

Resolved Caveats—Cisco IOS Release 12.4(15)T7

Resolved Caveats—Cisco IOS Release 12.4(15)T6

Resolved Caveats—Cisco IOS Release 12.4(15)T5

Resolved Caveats—Cisco IOS Release 12.4(15)T4

Resolved Caveats—Cisco IOS Release 12.4(15)T3

Resolved Caveats—Cisco IOS Release 12.4(15)T2

Resolved Caveats—Cisco IOS Release 12.4(15)T1

Resolved Caveats—Cisco IOS Release 12.4(15)T

Resolved Caveats—Cisco IOS Release 12.4(11)T4

Resolved Caveats—Cisco IOS Release 12.4(11)T3

Resolved Caveats—Cisco IOS Release 12.4(11)T2

Resolved Caveats—Cisco IOS Release 12.4(11)T1

Resolved Caveats—Cisco IOS Release 12.4(11)T

Resolved Caveats—Cisco IOS Release 12.4(9)T7

Resolved Caveats—Cisco IOS Release 12.4(9)T6

Resolved Caveats—Cisco IOS Release 12.4(9)T5

Resolved Caveats—Cisco IOS Release 12.4(9)T4

Resolved Caveats—Cisco IOS Release 12.4(9)T3

Resolved Caveats—Cisco IOS Release 12.4(15)T8

Cisco IOS Release 12.4(15)T8 is a rebuild release for Cisco IOS Release 12.4(15)T. The caveats in this section are resolved in Cisco IOS Release 12.4(15)T8 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

Miscellaneous

CSCee21263

Symptoms: Fragmented packets might be dropped by the router.

Conditions: This symptom is observed with non-initial fragments, when a reflexive ACL is configured on the router and the return traffic supposed to be allowed by the reflexive ACL is fragmented.

Workaround: There is no workaround. However, normal ACLs are not known to exhibit this behavior.

CSCeg25475

Symptoms: Filtering BGP routes by means of the distribute-list prefix MARTIAN in command applied to address-family IPv4 actually filters out M-BGP routes in address-family VPNv4.

Conditions: This symptom occurs when MPLS-VPNs are configured.

Workaround: Use route maps to filter routes inbound.

Further Problem Description: The show ip bgp neighbors command can be used to check whether the prefixes are actually being filtered out from updates for address-family VPNv4, and not for IPv4, as it is configured.

CSCeg49153

Symptoms: It may take a long time for the IPSec router to detect that the CA server is down while trying to reach it for CRL retrieval.

Conditions: This symptom is observed on a LAN-to-LAN IPSec tunnel between two routers, where one router is configured for CRL checking.

Workaround: The situation may be slightly improved by lowering the "tcp synwait" value, for example: ip tcp synwait-time 5.

CSCei62358

Symptoms: A router may crash when a privilege-level 15 user logs in with the callback or callback-dialstring attribute.

Conditions: This symptom is observed on a Cisco 805 that runs Cisco IOS Release 12.3(15) and on a Cisco 7600 series that has an RSP720 and that runs Release 12.2(33)SRB1 when the following conditions are present:

The router is configured with AAA authentication and authorization.

The AAA server runs CiscoSecure ACS 2.4.

The callback or callback-dialstring attribute is configured on the AAA server for the user.

Workaround: Do not configure the callback or callback-dialstring attribute for the user.

Alternate Workaround: If the callback-dialstring attribute is used in the TACACS+ profile, ensure that the NULL value is not configured for the callback-dialstring attribute.

CSCek55562

Symptoms: A CPUHOG may occur.

Conditions: This symptom is observed with various routing commands, including the clear ip route command, in cases where more than 300,000 routes were learned via a single subnet.

Workaround: There is no workaround.

CSCek65374

Symptoms: The PRE3 may not parse the startup configuration.

Conditions: This symptom is observed on a Cisco router that has dual RPs.

Workaround: There is no workaround.

CSCek73053

Symptoms: A Cisco 181x router may crash when ipsec_cs script is tested.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.4(13.5)PI6.

Workaround: There is no workaround.

CSCek74474

Symptoms: When you enter the protocol ip protocol-address broadcast command on an ISP termination point, the command may not be applied to a connected CPE, preventing the CPE from populating its ARP cache and from properly forwarding traffic.

Conditions: This symptom is observed on a Cisco router that functions as an ISP termination point and that is configured for point-to-point ATM connections when a connected CPE is configured for multipoint-to-point ATM connections.

Reason: Command is not applied until VC recreated or bounced.

Workaround: Configure the protocol ip protocol-address broadcast command as part of a PVC configuration on the CPE.

Alternate Workaround: Configure the connection between the ISP termination point and the CPE as a multipoint-to-point ATM connection.

CSCek75694

Symptoms: A router that is running Cisco IOS Release 12.4T may reload unexpectedly.

Conditions: Occurs when BFD is configured and active.

Workaround: Disable the BFD feature.

CSCek76288

Symptoms: With MLPoATM configured, a router crashes when using the show ppp multilink command after disabling the PA by the hw-module slot slot-number stop command.

Conditions: This symptom has been observed on a Cisco 7200 NPE-G1 loaded with Cisco IOS interim Release 12.4(13.13)T2.

Workaround: There is no workaround.

CSCek77424

Symptoms: A Cisco router that is running Cisco IOS Release 12.4(13b) might unexpectedly reload with a bus error.

Conditions: This symptom happens during normal operation with NAT configured.

Workaround: There is no workaround.

CSCek78237

Symptoms: A short CPU hog seen in the ATM PA Helper process when an interface flaps and the framing configuration is modified on the interface.

Conditions: This symptom is observed on a Cisco 7200 with a PA-A3-T3 adapter that is running Cisco IOS Release 12.2(25)S or 12.2(31)SB (and possibly other Cisco IOS releases).

Workaround: There is no workaround.

Further Problem Description: The CPU hog is enough to cause OSPF adjacencies (with fast hello) to go down on other unrelated interfaces. The same problem is seen if BFD is configured.

CSCek78330

Symptoms: A router that is configured with ATM PVCs may generate the following type of error messages:

%COMMON_FIB-3-FIBIDBINCONS2: An internal software error occurred. Virtual- Access2.1 
linked to wrong idb Virtual-Access2.1

Conditions: This symptom is observed on a Cisco router that has virtual-template subinterfaces.

Workaround: There is no workaround to prevent the symptom from occurring. When the symptom has occurred, enter the no virtual-template subinterface command, save the configuration to the startup configuration, and reload the router.

CSCin94072

Symptoms: Bundle master should have PVC bundle adjacency length of zero and adjacency should be complete. However, the bundle master is showing an encapsulation length of 12.

Conditions: The symptoms are observed on a Cisco 7600 series router and other distributed platforms.

Workaround: There is no workaround.

CSCsa73179

Symptoms: Memory corruption, possibly leading to a crash or other undesired behavior, can occur when the no default-information originate command is entered in router RIP configuration mode.

Conditions: This symptom occurs only if both the RIP routing protocol and the OSPF routing protocol are configured on a router.

Workaround: There is no workaround.

CSCsf98956

Symptoms: Ping/telnet may fail with VRF configurations.

Conditions: This symptom is observed on a Cisco router that is configured for NAT with VRF configurations.

Workaround: There is no workaround.

CSCsg03739

Symptoms: A memory leak may occur in the "Crypto" process.

Conditions: These leaks are independent of any HW accelerator. This bug is not platform dependant.

Workaround: There is no workaround.

CSCsg44748

Symptoms: A Cisco IOS VoIP gateway configured for IPIPGW (CUBE) functionality may crash.

Conditions: A gateway configured for IPIPGW functionality with the allow-connections command under voice service voip will crash under rare conditions while processing VoIP calls.

This has been found to occur in some scenarios where a single voip call loops (meaning the call is from the IPIPGW back to the same IPIPGW) through the IPIPGW.

When this occurs, the following error message may be noticed:

%SYS-6-STACKLOW: Stack for level Network interfaces running low, 0/9000

Workaround: The workaround is to track down the source of the call looping and correct the problem there.

The other possible workaround is to introduce another termination point in the RTP packet flow beside the IPIPGW. For example, if interworking with Cisco Unified Communications Manager (Callmanager), an MTP resource may be used to prevent this loop.

CSCsg92618

Symptoms: Entering the crypto key zeroize rsa command causes traceback.

Conditions: This symptom is observed in router loaded with the Cisco IOS software image.

Workaround: There is no workaround.

CSCsg99677

Symptoms: Crashinfo collection to a disk filesystem will fail and generate the following error message:

File disk#:crashinfo_20070418-172833-UTC open failed (-1): Directory entries are 
corrupted, please format the disk

Or the crashinfo file will be stored as CRASHI~1.

Conditions: This symptom is observed with normal crashinfo collection to a disk filesystem.

Workaround: Configure the crashinfo collection either to a network filesystem (such as tftp or ftp) or to a local filesystem of type "flash". Configuring to a local filesystem is a preferable option.

Further Problem Description: This happens every time, but there is no major negative impact to operation.

CSCsh57509

Symptoms: A Cisco router that is configured for RIPv2 may not delete a path from the routing table when it should do so.

Conditions: This symptom is observed after the router has learned multiple paths for a prefix with different next hops from one neighboring router and after the neighboring router stops advertising one of the paths.

Workaround: Enter the clear ip route * command.

CSCsh72131

Symptoms: When a switch port is configured with voice VLAN and spanning tree port fast is configured, and the router is reloaded, the port loses the connection. By failing to ping the SVI, any other protocol such as DHCP is also failing.

Conditions: Occurs on a router configured with switch port, voice VLAN, and spanning-tree portfast. This occurs on routers running releases after 12.4(9)T.

Workaround: Remove spanning-tree portfast or configure the voice VLAN as an access VLAN. Do not use portfast on an MVAP port.

CSCsh72559

Symptoms: The show pppoe throttled mac command may display no or Invalid output.

Conditions: The problem may be seen when the show pppoe throttled mac command is issued.

Workaround: There is no workaround.

CSCsh75224

Symptoms: An RP crashes in IFS code when an SSH or Telnet session is established while the switch is attempting to download a configuration.

Conditions: This symptom occurs on a Cisco Catalyst 6509.

Workaround: There is no workaround.

CSCsh85531

Symptoms: Some E1 channels may remain down after you have reloaded a router.

Conditions: This symptom is observed on a Cisco 7200 series that function as a PE router and that connects to a CE router. Both routers are connected through 1-port multichannel STM-1 (PA-MC-STM-1) port adapters and the framing no-crc4 command is enabled on all interfaces of both routers.

Workaround: Enter the shutdown command followed by the no shutdown command on the SONET controller of the PA-MC-STM-1 at the PE side to enable all interfaces to come up.

CSCsh86354

Symptoms: Cisco MWAM processor reloads when all the VTY lines are used up and command is executed on the Supervisor remotely using the Remote Console and Logging feature of the MWAM. The output of the command is not displayed on the Supervisor console. Instead it is printed on the MWAM processor console and after the display is finished, the MWAM processor reloads.

Conditions: This problem happens when all the VTY lines are in use. If only a few are in use, then the Remote Console and Logging feature works fine and the output is displayed on the Supervisor console as expected.

Workaround: Currently there is no workaround for this problem. If there are enough VTY lines supported, the chance of encountering this issue is low.

CSCsh96558

Symptoms: A traceback may be generated during the "ipmcast_ipv6_rpf_lookup" function.

Conditions: This symptom is observed on a Cisco router that functions as a PE router when you configure IPv6 multicast routing on both the PE router and a connected CE router, add an IPv6 address to the connected interfaces, and configure PIM sparse or PIM sparse-dense mode on both routers. The traceback is generated when the neighborship comes up after you have configured one of the interfaces as a PIM-RP.

Workaround: There is no workaround.

CSCsi06948

Symptoms: A device crashes with a bus error when the show ip bgp dampening dampened-paths command is used.

Conditions: This symptom is observed when the show ip bgp dampening dampened-paths command is used and the device is at the "More" prompt to continue with remaining output, if the BGP session goes down at that time (for example, receiving a notification) or because of a clear ip bgp command from another vty.

Workaround: There is no workaround.

If dampening is configured, do not run "sh ip bgp neighbors <x.x.x.x> dampened-routes" "sh ip bgp dampening dampened-paths" which can cause this problem.

CSCsi16628

Symptoms: Static NAT may have a memory leak when "vrf route-map reversible extendable" is configured. The router memory decreases dramatically due to creation of multiple child entries for similar flow every time a new packet hits the corresponding NAT static entry.

Conditions: The symptom is observed with Cisco IOS Release 12.4(9)T2 and Release 12.4(11)T1. The problem only occurs when "vrf route-map reversible" is configured (normal static VRF NAT does not have this issue).

Workaround: There is no workaround.

CSCsi17158

Symptoms: Devices running Cisco IOS may reload with the error message "System returned to ROM by abort at PC 0x0" when processing SSHv2 sessions. A switch crashes. We have a script running that will continuously ssh-v2 into the 3560 then close the session normally. If the vty line that is being used by SSHv2 sessions to the device is cleared while the SSH session is being processed, the next time an ssh into the device is done, the device will crash.

Conditions: This problem is platform independent, but it has been seen on Cisco Catalyst 3560, Cisco Catalyst 3750 and Cisco Catalyst 4948 series switches. The issue is specific to SSH version 2, and its seen only when the box is under brute force attack. This crash is not seen under normal conditions.

Workaround: There are mitigations to this vulnerability: For Cisco IOS, the SSH server can be disabled by applying the command crypto key zeroize rsa while in configuration mode. The SSH server is enabled automatically upon generating an RSA key pair. Zeroing the RSA keys is the only way to completely disable the SSH server.

Access to the SSH server on Cisco IOS may also be disabled via removing SSH as a valid transport protocol. This can be done by reapplying the transport input command with "ssh" removed from the list of permitted transports on VTY lines while in configuration mode. For example: line vty 0 4 transport input telnet end.

If SSH server functionality is desired, access to the server can be restricted to specific source IP addresses or blocked entirely using Access Control Lists (ACLs) on the VTY lines as shown in the following URL:

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/swacl.html#xtocid14

More information on configuring ACLs can be found on the Cisco public website:

http://www.cisco.com/warp/public/707/confaccesslists.html

CSCsi21389

Symptoms: Routers that have the ability to use the optional 802.11 b/g card, such as the Cisco ISR series routers, do not pass multicast traffic across the wireless interface.

Conditions: Cisco routers that have the 802.11 b/g HWIC card do not pass multicast traffic across the wireless interface, even though multicast routing is enabled and is otherwise configured normally. Wireless hosts cannot pass multicast traffic between each other, and multicast traffic from the wired network will not be transmitted out the wireless interface.

Workaround: There is no workaround.

CSCsi24939

Symptoms: A router may reload unexpectedly when using a CA that does not support the GetCAPS exchange (part of SCEP), because of a bus error crash after entering the crypto ca authenticate command.

Any response other than a real GetCAPS reply will cause the crash. Before the router crashes, the following error messages and traceback are generated:

%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = Crypto CA. -Traceback= 
0x42AB7410 0x424A6E18 0x42469B7C 0x424651E0 %Software-forced reload
Preparing to dump core... %CRYPTO-4-IKMP_NO_SA: IKE message from xxx.xx.xx.x has no SA 
and is not an initialization offer

Conditions: This symptom is observed on a Cisco 2821 that runs Cisco IOS Release 12.4(10b) but may not be platform-specific.

Workaround: There is no workaround.

CSCsi35544

Symptoms: A router may reload with the message "Unexpected exception to CPU".

Conditions: The symptom is observed when EzVPN remote using client mode is configured on the router. It is seen when an IP address is being removed from one of the EzVPN inside interfaces while having active NAT translations.

Workaround: There is no workaround.

CSCsi45840

Symptoms: ARP requests to an HSRP virtual IP address may fail.

Conditions: This symptom is observed when the same HSRP IP address is used alternatively on different interfaces, and when one of these interfaces has the switchport command configured and unconfigured several times.

Workaround: Remove the HSRP configuration from the interface before you enter the switchport command on the interface.

CSCsi46897

Symptoms: PPP may crash when an snmpwalk command is executed on the cbQosSetStatsTable object.

Conditions: This symptom is observed when a service policy with a child policy that contains marking ("set") actions is applied to an interface before the snmpwalk command is executed on the cbQosSetStatsTable object of the CISCO-CLASS-BASED-QOS-MIB.

Workaround: There is no workaround.

CSCsi47635

Symptoms: The configuration of a deleted subinterface may show up on a new subinterface and may cause a traffic outage.

Conditions: This symptom is observed on a Cisco router that has IP interface commands enabled when a script adds and deletes ATM subinterfaces on a regular basis.

Workaround: Verify the subinterface configuration. When the configuration of a subinterface cannot be deleted, delete the subinterface, and then create a dummy subinterface that will pull the configuration that could not be deleted. Then recreate the first subinterface with a new configuration.

CSCsi48304

Symptom: After a reload, the following error message may be displayed if an OSPFv3 router redistributes large numbers of the external routes:

%OSPFv3-3-DBEXIST: DB already exist

No impact to the operation of the router has been observed.

Conditions: Redistribution is configured, and then the router is reloaded.

Workaround: There is no workaround.

CSCsi48665

Symptoms: When you configure SNMPv3 group access to contexts, each context may need to be configured with a separate CLI command. For large configurations, thousands of CLI command may need to be entered, which is not acceptable.

Conditions: This symptom is observed, for example, when the snmp-server group group-name v3 auth context context-name command must be entered for each group and each context. If there are many VLANs, the command must be entered for each group that is given access to each VLAN, which may mean that thousands of CLI command must be entered.

Workaround: SNMP allows you to specify that a context name is a prefix, and match any context that starts with that name. Use SNMP to create rows in the vacmAccessTable and ensure that the vacmAccessContextMatch object is set to a prefix instead of match. Note that after you reboot the router, you must reconfigure this workaround.

CSCsi57284

Symptoms: A router that is running Cisco IOS may crash due to a software forced crash.

Conditions: This problem is specific to a DLSW configuration with SDLC attached controllers. At the time of the crash, on one SDLC interface, the encapsulation SDLC was removed.

Workaround: There is no workaround.

CSCsi68761

Symptoms: Two dialer interfaces belong to the same dialer pool and each of them is watching different routes. The route watched by one dialer (Dialer 1) is brought down and the call on the other dialer (Dialer 2) is brought up. Dialer 2 mistakenly watches Dialer 1's route and since the route is down, Dialer 1 does not come down at idle timeout.

Conditions: The symptoms are observed with the following conditions:

There are two dialer interfaces which belong to the same dialer pool.

The route watched by one of the dialer interfaces goes down.

A call comes up on the other dialer interface.

Workaround: There is no workaround.

CSCsi68795

Symptoms: A PE that is part of a confederation and that has received a VPNv4 prefix from an internal and an external confederation peer, may assign a local label to the prefix despite the fact that the prefix is not local to this PE and that the PE is not changing the BGP next-hop.

Conditions: The symptoms are observed when receiving the prefix via two paths from confederation peers.

Workaround: There is no workaround.

Further Problem Description: Whether or not the PE will chose to allocate a local label depends on the order that the multiple paths for this VPNv4 prefix are learned. The immediate impact is that the local label allocated takes up memory in the router as the router will populate the LFIB with the labels.

CSCsi68882

Symptoms: A router running EIGRP may crash when removing an EIGRP process.

Conditions: The symptom is observed where there are 30 IP routing protocol processes created and the last one is EIGRP. (Note that this does not include VRFs.) When the 31st routing protocol process is attempted, an error message will be issued stating "too many IP routing processes." If an attempt is then made to remove an EIGRP routing process by using the no router eigrp <as> command, the router will crash.

Workaround: Do not define over 30 IP routing protocol processes.

CSCsi69234

Symptoms: A BFD session does not transition from Init to Up state when it receives a packet from the adjacent router in Init state.

Conditions: The symptom is observed during a BFD three-way handshake when the session transitions to an Init state and it receives a packet from the adjacent router in Init state.

Workaround: There is no workaround.

CSCsi82166

Symptoms: A router may reload during SASL authentication.

Conditions: This symptom is observed when SASL authentication is performed while the sasl command is changed. For example, the symptom may occur when a BEEP session that uses SASL is performing authentication while the sasl command is being unconfigured.

Workaround: Do not configure or unconfigure SASL when SASL authentication is being performed.

CSCsi83287

Symptoms: The following error message is displayed on the console:

%ALIGN-3-SPURIOUS T/B ipv6fib_gre_ipv6_classified

Conditions: Occurs when an IPv6 tunnel transport endpoint receives fragmented IPv6 packets.

Workaround: Use a smaller tunnel MTU on the remote end of the tunnel to prevent fragmentation.

CSCsi85532

Symptoms: A Cisco 851 router may crash with the following message:

Unexpected exception to CPU: vector 300

Conditions: The symptom is observed on a Cisco 851 router that is running Cisco IOS Release 12.4(11)T1. The crash will occur if you do not specify the pw-class in the pseudowire on interface Virtual-PPP1.

Workaround: Specify the pw-class in the pseudowire.

Further Problem Description: This issue only occurs when you try to do encapsulation l2tpv2 (not applicable to l2tpv3) under the Virtual-PPP interface for the very first VC. If there are other VC being configured already, this issue will not show up. If you do pw- class for the first VC instead of encapsulation l2tpv2, then it will be fine for the rest of the configuration.

CSCsi85935

Symptoms: Alignment errors drive the router to crash due to a bus error (TLB exception). These reloads occur about two or three times a day.

Conditions: The symptom is observed on a Cisco 3745 router with module NM- 8AM that is running Cisco IOS Release 12.3(7)T11 or Release 12.4(13a). It is seen when there is great volume of traffic through module NM-8AM. Replacement of all the HW equipment does not solve the issue.

Workaround: Reduce traffic through the NM module or install Cisco IOS Release 12.3 (not T train or 12.4 image).

CSCsj00161

Symptoms: OSPFv3 installs a reachability path without checking that the discard route is already there. As a result, the RIB has a route that load- balances between reachability and drop paths.

Conditions: This symptom may be observed if the summary-address command is configured with exactly the same address as one of the external routes received from a different router.

Workaround: There is no workaround.

CSCsj16007

Symptoms: A PDSN member reloads at find_elt.

Conditions: This symptom is observed on a PDSN using Cisco IOS Release 12.3 (14)YX8.

Workaround: There is no workaround.

CSCsj17271

Symptoms: The show interface command used on HWIC-1FE and HWIC-2FE has an inconsistent count of "input" packets. The input count is greater than the correctly displayed output packet count.

Conditions: The symptom is observed when using show interface packet input count.

Workaround: There is no workaround.

Further Problem Description: There is no actual packet loss, only the "packet input" count is not correct.

CSCsj17304

Symptoms: A multicast source address may not get translated if the Network Address Translation (NAT) outside the interface is a GRE tunnel.

Conditions: The symptom is observed when using NAT to translate a multicast source address for multicast traffic over a tunnel interface. The static NAT translation of the multicast source address does not work.

Workaround: Turn off CEF globally on the router.

Alternate workaround: Turn off the mroute-cache on the NAT inside the interface.

CSCsj22472

Symptoms: When an IXIA-simulated BGP neighbor is not up, BGP is forced to delete the ARP entry for the IXIA host for a while. During that period, the router has to send ARP, and traffic is lost for a while.

Conditions: While observed with other protocols, this symptom was noticed with a typical BGP configuration in which the peers are nonexistent. This would cause the SYN to be retransmitted multiple times, and after some threshold, the ARP entry would be purged.

The ARP entries gets flushed out when the TCP retransmission timer expires. This causes the CEF adjacency to be lost, and performance can drop for packets going to that destination until the ARP is resolved again. This problem is not specific to BGP and is applicable to anything that rides over TCP.

Workaround: There is no workaround.

CSCsj28498

Symptoms: A router may eventually experience depletion in the small buffer pool, leading to MALLOCs and Cisco IOS software crashing.

Conditions: This symptom is observed on a router running STUN SDLC with local- ack and having multiple SDLC primary stations connected and regularly polling (SNRM) router while the remote STUN peers are disconnected (no IP connectivity to the remote STUN peers).

Workaround: There is no workaround.

CSCsj32013

Symptoms: A Cisco 12000 series router may crash unexpectedly.

Conditions: This symptom occurs only in Cisco IOS Release 12.0(32)SY0f.

Workaround: There is no workaround.

CSCsj34557

Symptoms: Router displays following error message and reloads:

Jun 18 06:12:23.008: event flooding: code 10 arg0 0 arg1 0 arg2 0
%SYS-3-OVERRUN: Block overrun at E5D8310 (red zone 00000000) -Traceback= 0x6080CEB0 
0x60982108 0x60982EC0 0x6098511C 0x609853BC %SYS-6-MTRACE: mallocfree: addr, pc 
662B5B1C,608A6F3C 0,608A6D9C 662B5B1C,608A6D4C 662B5B1C,300001A6 662B5B1C,608A6F3C 
0,608A6D9C 662B5B1C,608A6D4C 662B5B1C,300001A6 %SYS-6-MTRACE: mallocfree: addr, pc 
662B5B1C,608A6F3C 0,608A6D9C 662B5B1C,608A6D4C 662B5B1C,300001A6 662B5B1C,608A6F3C 
0,608A6D9C 662B5B1C,608A6D4C 662B5B1C,300001A6 %SYS-6-BLKINFO: Corrupted redzone blk 
E5D8310, words 6088, alloc 61FE2638, InUse, dealloc 80000000, rfcnt 1 -Traceback= 
0x6080CEB0 0x609681D4 0x6098211C 0x60982EC0 0x6098511C 0x609853BC %SYS-6-MEMDUMP: 
0xE5D8310: 0xAB1234CD 0xFFFE0000 0x0 0x63894208 %SYS-6-MEMDUMP: 0xE5D8320: 0x61FE2638 
0xE5DB2D0 0xE5D8144 0x800017C8 %SYS-6-MEMDUMP: 0xE5D8330: 0x1 0x0 0x1 0x64B53478
%Software-forced reload

Conditions: Occurred on a Cisco 7200 running the c7200-ik9s-mz.124-7a.bin image.

Workaround: There is no workaround.

CSCsj37071

Symptoms: All E1 interfaces on a PA-MC-E3 port adapter may flap continuously even after the traffic has been stopped.

Conditions: This symptom is observed on a Cisco Catalyst 6500 series switch and Cisco 7600 series router that have a PA-MC-E3 port adapter when you configure 16 or 128 channel groups on each time slot (that is, time slots 1-31) and then generate traffic just above line rate traffic through all the channel groups. Note that the symptom is not platform-specific.

Workaround: Stop the traffic and reset the E3 controller of the PA-MC-E3 port adapter.

CSCsj47705

Symptoms: An accounting record may indicate that the NAS-Port-Id has an adapter number of 1 when the correct adapter number is greater than 1.

Conditions: This symptom is observed when AAA accounting is configured and a PPP interface that is used as a NAS port has more than two adapters.

Workaround: There is no workaround.

CSCsj55691

Symptoms: A router may crash.

Conditions: The symptom is observed when there are multiple HTTPS requests sent in quick succession to an HTTPS server that is up and running but the service or application processing the requests is unavailable.

Workaround: There is no workaround.

Further Problem Description: The crash will not occur if the HTTPS server and the service handling the request are operating normally.

CSCsj56281

Symptoms: Inherit peer-policy does not work after router reload.

Workaround: There is no workaround.

CSCsj56438

This Cisco Bug ID identifies a vulnerability in Cisco's implementation of Extensible Authentication Protocol (EAP) that exists when processing a crafted EAP Response Identity packet. This vulnerability affects several Cisco products that have support for wired or wireless EAP implementations.

This vulnerability is documented in the following Cisco bug IDs:

* Wireless EAP - CSCsj56438 * Wired EAP - CSCsb45696 and CSCsc55249

This Cisco Security Response is available at the following link:

http://www.cisco.com/warp/public/707/cisco-sr-20071019-eap.shtml

CSCsj58898

Symptoms: While polling the ifStackTable (1.3.6.1.2.1.31.1.2), in some cases the following MIBs contain wrong/missing information:

ifStackHigherLayer (1.3.6.1.2.1.31.1.2.1.1)

ifStackLowerLayer (1.3.6.1.2.1.31.1.2.1.2)

Conditions: The symptom is observed on some CMTSs if the number of LowerLayer interfaces for the HigherLayer interface is equal to or more than 30.

Workaround: There is no workaround.

CSCsj60006

Symptoms: The "match ip rtp" configuration is accepted by CLI but is not showing up when using the show run command. In addition, the traffic classification is not occurring.

Conditions: The symptom only occurs under certain conditions: max_port = "lower bound of UDP destination port" + "Range of UDP ports" min_port = "lower bound of UDP destination port". This issue will only take effect when the sum of min_port and max_port reaches/exceeds 65535.

Workaround: Avoid using big ports; that is, limit the configuration to satisfy (min_port + max_port) < 65535.

CSCsj67110

Symptoms: A router may crash or report an error message similar to the following:

%SYS-6-STACKLOW: Stack for process draco-oir-process running low, 0/6000

This can be seen for a process other than the "draco-oir" process.

Conditions: This symptom is observed on a Cisco 7600 series when HSRP is configured. The symptom occurs when there is an event that requires the HSRP configuration to be removed, for example, when you perform an OIR of a module while the module clear-config command is enabled. The interface with HSRP does not have to be up for the symptom to occur.

Workaround: Remove the HSRP configuration before you perform an OIR.

Alternate workaround: Enter the no module clear-config command. (The module clear-config command is enabled by default. You must enter no form of the command to disable it.)

CSCsj75575

Symptoms: A router may crash when applying Dynamic Bandwidth Selection (DBS) parameters to a PPPoE session.

Conditions: This issue arises only when the dbs enable command is configured on an ATM PVC and QoS parameters are applied from RADIUS. This can be reproduced only with one PPPoE PTA session. If the dbs enable command is not configured, the crash is not seen.

Workaround: Disable DBS.

Further Problem Description: Operational impact.

CSCsj93195

Symptoms: A bus error may occur on an MSFC when ISAKMP is enabled, and the following error message may be generated in the logs:

%CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON Address Error (load or instruction fetch) 
exception, CPU signal 10, PC = 0x41579EB0

Conditions: This symptom is observed on a Cisco 7600 series that has a Supervisor Engine 720 and that runs Cisco IOS Release 12.2(33)SRA2.

Trigger: Executing the crypto map cm redundancy public command.

Impact: This crash prevent customer to configure their crypto, as they do not want to have the box crashing again.

Workaround: There is no workaround.

Further Problem Description: Cisco IOS Release 12.2(33)SRAs is developed for and intended to run on Cisco 7600 series routers. We do not encourage you to run this release on Cisco Catalyst 6500 series switches. However, if you do run Cisco IOS Release 12.2(33)SRA2 on a Cisco Catalyst 6500 series switch, the symptom may occur.

CSCsj95534

Symptoms: High CPU is observed on SNMP Engine while polling dsx1FracIfIndex for DS3s.

Conditions: This has been observed on a Cisco 7206 VXR platform having NPE-G1 that is running Cisco IOS Release 12.4(14).

Workaround: Applying a view on DS1 MIB prevents such high CPU usage. This prevents the user to monitor those entries.

Further Problem Description: The SNMP Engine comes into a loop and Get-NEXT always reports the same values. This happens while coming to the first interface channelized E3 card. Deleting this interface created the problem on the channelized E3 one.

CSCsj99269

Symptoms: With some VPN configurations, such as configurations with a multipath import or an import map, the CPU usage of the router may be very high for a long time, even after BGP convergence has occurred.

Conditions: This symptom is observed on a Cisco router that functions in a highly scaled environment involving several hundred VRFs and occurs after the router has been reloaded or after a switchover has occurred.

Workaround: There is no workaround.

CSCsk05653

Symptoms: The aaa group server radius subcommand ip radius source-interface will cause the standby to fail to sync.

c10k-6(config)# aaa group server radius RSIM  
c10k-6(config-sg-radius)# ip radius source-interface GigabitEthernet6/0/0  
c10k-6# hw-module standby-cpu reset 
c10k-6# 
 
   
Aug 13 14:49:31.793 PDT: %REDUNDANCY-3-STANDBY_LOST: Standby processor fault 
(PEER_NOT_PRESENT) Aug 13 14:49:31.793 PDT: %C10K_ALARM-6-INFO: ASSERT MAJOR RP A 
Secondary removed Aug 13 14:49:31.793 PDT: %REDUNDANCY-3-STANDBY_LOST: Standby 
processor fault (PEER_DOWN) Aug 13 14:49:31.793 PDT: %REDUNDANCY-3-STANDBY_LOST: 
Standby processor fault (PEER_REDUNDANCY_STATE_CHANGE) Aug 13 14:49:31.793 PDT: 
%REDUNDANCY-3-STANDBY_LOST: Standby processor fault (PEER_NOT_PRESENT) Aug 13 
14:49:31.793 PDT: %REDUNDANCY-3-STANDBY_LOST: Standby processor fault (PEER_DOWN) Aug 
13 14:49:31.813 PDT: %REDUNDANCY-3-IPC: cannot open standby port no such port Aug 13 
14:49:32.117 PDT: %RED-5-REDCHANGE: PRE B now Non-participant(0x1C11 => 0x1421) Aug 13 
14:49:32.117 PDT: %REDUNDANCY-5-PEER_MONITOR_EVENT: Active detected a standby 
insertion (raw-event=PEER_REDUNDANCY_STATE_CHANGE(5))
Aug 13 14:50:52.617 PDT: %RED-5-REDCHANGE: PRE B now Standby(0x1421 => 0x1411) Aug 13 
14:50:54.113 PDT: %C10K_ALARM-6-INFO: CLEAR MAJOR RP A Secondary removed Aug 13 
14:51:33.822 PDT: -Traceback= 415C75D8 4019FB1C 40694770 4069475C Aug 13 14:51:33.822 
PDT: CONFIG SYNC: Images are same and incompatible
Aug 13 14:51:33.822 PDT: %ISSU-3-INCOMPATIBLE_PEER_UID: Image running on peer uid (2) 
is the same -Traceback= 415CCC2C 415C75FC 4019FB1C 40694770 4069475C Aug 13 
14:51:33.822 PDT: Config Sync: Bulk-sync failure due to Servicing Incompatibility. 
Please check full list of mismatched commands via: show issu config-sync failures mcl
Aug 13 14:51:33.822 PDT: Config Sync: Starting lines from MCL file: aaa group server 
radius RSIM ! <submode> "sg-radius" - ip radius source-interface GigabitEthernet6/0/0

Conditions: This symptom is observed if the aaa group server radius subcommand ip radius source-interface CLI is configured on a box with dual PREs.

Workaround: If the customer does not use the aaa group server radius subcommand ip radius source-interface interface, this will not be a problem.

If they use the aaa group server radius subcommand ip radius source-interface interface on a Cisco 10000 router in simplex mode (a single PRE), this will not be a problem.

If they run with dual PREs, then they will need to remove the aaa group server radius subcommand ip radius source- interface interface from the configuration as a workaround.

Removing the aaa group server radius subcommand ip radius source-interface interface from the configuration could cause problems for the customer. The radius server may be expecting the request to come from a specific source address. The router will now use the address of the interface the packet egresses the router from, which may change over time as routes fluctuate.

CSCsk09933

Symptoms: The configured max-threshold/minimum-threshold option on Selective Packet Discard (SPD) is lost after reloading the router.

Conditions: If the configured minimum threshold value is greater than default maximum threshold value or the maximum threshold value is less than default minimum threshold value, the router will report "min-threshold must be less than default max-threshold" or "max-threshold must be greater than min-threshold" while doing the system reload.

Workaround: Reconfigure the appropriate ip spd threshold command.

CSCsk10057

Symptoms: A packet sent by the responder may not be received by the initiator with an ipsec-gre tunnel.

Conditions: This symptom is observed when process switching is configured.

Workaround: Use CEF switching at the tunnel interfaces.

CSCsk16290

Symptoms: A crash occurs when iosca enrolls with itself.

Conditions: This symptom is observed when the client and server are on the same device.

Workaround: Upgrade to Cisco IOS Release 12.4(20)T. The problem was fixed in Cisco IOS Release 12.4(18.4)T1.

CSCsk25046

Symptoms: For a policy applied to an interface with an ifindex of 14, the corresponding entry will not appear in cbQosServicePolicyTable. This is impacting device monitoring.

Conditions: The following two conditions are required for the issue to exist:

There should be an interface with an ifindex of 14 with a policy applied.

There should a be a policy applied on the control plane.

Workaround: Remove the policy on the control plane.

CSCsk26165

Symptoms: A router may crash because of a bus error.

Conditions: The router must be configured for L2TP.

Workaround: There is no workaround.

CSCsk28748

Symptom: When an IMA group subinterface (atm1/ima1.14016) is configured before a no shut is done on the IMA group interface, the maximum value VBR-NRT peak cell rate (PCR) option is displayed as 1536/1920(T1/E1) instead of 1523/1904.

Conditions: Occurs when IMA group subinterface is configured before assigning ATM interface to the IMA group.

Workaround: Configure the IMA group interface first and then configure image group sub- interface.

CSCsk35804

Symptoms: A Cisco router may experience a bus error crash preceded by the following error message:

%HMM_ASYNC-4-NO_MODEMS_PRESENT: HMM Digital Modem Card 1 contains no active modems

Conditions: This symptom is seen if the router contains a Digital Modem Network module that contains no SIMMs.

Workaround: Remove the card or install an NM-xDM card with valid SIMM modules.

CSCsk42261

Symptoms: A router reloads by address error after registering to a key server.

Conditions: The symptom is observed under normal conditions. The trigger is when the router is used as GDOI hub.

Workaround: There is no workaround.

CSCsk43463

Symptoms: Router was forced to reload when the no router ospf <#> command is entered.

Conditions: The problem happens when "memory record" was also configured.

Workaround: There is a work around. Disable memory lite (using "no memory lite" configuration command) in which case crash will not be seen.

CSCsk49705

Symptoms: The ip nat inside source static network command does not have the <cr> option.

Conditions: This symptom is observed on a Cisco 7200 router that is loaded with Cisco IOS Release 12.4 or 12.4T.

Workaround: There is no workaround.

CSCsk57114

Symptoms: CPUHOG messages may be generated when an "snmpwalk" is performed on the cpwVcMplsNonTeMappingTable object.

Conditions: This symptom is observed on a Cisco router that has a large number (about 30,000) of pseudowires configured.

Workaround: Reduce the number of pseudowires that are configured on the router.

CSCsk57730

Symptoms: The show flash and dir commands cause an error message.

Conditions: This symptom is observed only on Cisco AS5400XM and Cisco AS5350XM products that are running a Cisco IOS Release 12.4(17.7) image.

Workaround: To upgrade to a newer Cisco IOS version, we must do a netboot because we cannot do a copy tftp flash:.

CSCsk64158

Symptoms: Several features within Cisco IOS software are affected by a crafted UDP packet vulnerability. If any of the affected features are enabled, a successful attack will result in a blocked input queue on the inbound interface. Only crafted UDP packets destined for the device could result in the interface being blocked, transit traffic will not block the interface.

Cisco has released free software updates that address this vulnerability.

Workarounds that mitigate this vulnerability are available in the workarounds section of the advisory. This advisory is posted at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20090325-udp.shtml.

CSCsk66339

Symptoms: A Cisco 7600 router running Cisco IOS Release 12.2(18)SFX6 may encounter a condition such that when intermediate system-to-intermediate system (IS-IS) and traffic engineering (TE) are configured, IS-IS should remove the native path from its local RIB and call RIB code to remove the path from global RIB but fails by either not passing the "delete" msg to RIB properly or RIB does not react when it received the "delete" call.

Conditions: The show mpls traffic-engineering tunnel command output may indicate "Removal Trigger: setup timed out" status.

Workaround: Perform a shut/no shut on the interface or change the metric temporarily to force an update with the tunnel mpls traffic-eng autoroute metric 1 command.

CSCsk72676

Symptoms: PVC does not come up after removing vc-class from it.

Conditions: This issue happens only when vc-class with constant bit rate (CBR) is configured on the main interface, and another vc-class is applied to the VC. This occurs under the following scenario:

1. Boot the router afresh.

2. Apply a vc-class (class1) to the ATM interface.

3. Configure PVCs with the range command.

4. Apply another vc-class (class2) under the range-pvc configuration.

5. Remove the vc-class (class2) from under the range-pvc configuration.

After this step the PVCs are expected to come up having attributes of vc-class class1. The PVCs do not come up and stay in inactive mode.

Workaround: There is no workaround.

CSCsk76478

Symptoms: The Interfaces Multilink are down, and the following error message is seen:

ATMPA-3-BADTXPACKET: Switch1: bad tx packet on vcd 9 size 0 -Traceback= 0x60391080 
0x60100024 0x6085BC6C 0x6090EF0C 0x6090F858 0x6030691C 0x60306CD4 0x611F7748 
0x611DFF70 0x611E0174 0x602A34BC 0x606E57D8 0x603077F4 0x60307E14 0x60863A18 
0x60118294$f

Conditions: This symptom occurs only when:

1. RTP packets are switched from one PPPoA interface to another PPPoA interface, and IP Header Compression is configured on both interfaces. That is, frames are decompressed, switched, and then recompressed.

2. Traffic that is being pumped has no RTP payload. The RPM has configured RTP, and RTP traffic starts to be sent.

Workaround: Enable the ip rtp coalesce command.

CSCsk86381

Symptoms: A memory leak occurs in "Crypto IKMP" and "IPSEC key engine."

Conditions: Occurs on a WS-C6509-E running internal image s72033-advipservicesk9_wan-mz.NAT-D- 5.

Workaround: There is no workaround.

CSCsk92854

Symptoms: Traceback may be seen while testing L2TP scaling 32k functionality on a Cisco 10000 series router.

Conditions: The symptom is seen with scaling scenarios and with a Cisco 10000 series router.

Workaround: There is no workaround.

CSCsk99687

Symptoms: A router may crash.

Conditions: The symptoms are very rare, but if it occurs it will be seen during ISSU runversion.

Workaround: There is no workaround.

CSCsl00472

Symptoms: A Cisco router unexpectedly reloads with memory corruption after showing multiple "%SYS-2-INPUT_GETBUF: Bad getbuffer" messages.

Conditions: Occurs during normal operation.

Workaround: There is no workaround.

CSCsl01118

Symptoms: When a GD vIPer attempts to establish a secure call across a T1 with one-way delay exceeding 188ms, the DSP will crash and reset.

Conditions: The crash occurs when there is a high delay (>185ms one way) placed between two connected interfaces of a T1.

Workaround: There is no workaround.

Further Problem Description: Set-up of equipment showing the problem is as follows:

Secure IP phone (IP) <-connect to->(IP) 3745GW (T1) <== connect with 185ms delay 
to==>(T1) Switch <-connect to-> Secure analog phone

An unsecured phone call operates without problems when there is a high delay, but when either side of the call initiates secure, the T1 interface on the Cisco 3745 Gateway will crash, and the call will fail.

CSCsl07297

Symptoms: Router may crash when a sequence of commands is executed in quick succession.

Conditions: Occurs when a Border Gateway Protocol (BGP) neighbor belongs to a particular peer group and when the following commands are entered in quick succession:

no neighbor a.b.c.d peer-group pgroup-name

no neighbor a.b.c.d description xyz

If these commands executed quickly, such as when they are pasted into the interface, the router may crash.

Workaround: Use the no neighbor a.b.c.d peer-group pgroup-name command to remove the neighbor. This command removes the neighbor and eliminates the need for the second command.

CSCsl40687

Symptoms: Router reloads due to a bus error. This occurs with the following messages:

%ALIGN-1-FATAL: Illegal access to a low address 08:32:13 AEST Tue Nov 20 2007 
addr=0xB8, pc=0x40099888 , ra=0x44020000 , sp=0x465870E8
08:32:13 AEST Tue Nov 20 2007: TLB (store) exception, CPU signal 10, PC = 0x40099888
-Traceback= 0x40099888 0x402F6358 0x415102F4 0x41510C7C 0x402FF5C4 0x414F1140 
0x402FF7B8 0x41C8B8E0 0x41C8EFC0 0x41C8F064
0x41C85260 0x421EA0C4 0x421EA224

Conditions: This occurs after applying a Modular Quality of Service Command-Line Interface (MQC) class on a PVC.

Workaround: Use frame relay traffic shaping (FRTS) instead of MQC under the PVC.

Further Problem Description: MQC policy is not a supported configuration for MLPoFR connections. The above configuration is not valid. Currently, the MQC policies are configurable under MLPoFR PVCs and this results in router reload. However, the router should not crash even under those circumstances. This fix prevents MQC QOS policy from being configured on MLPoFR connections at config time when MLP may not yet be active. So, in effect, the config is blocked both if MLP is active or if MLP is just configured.

CSCsl42627

Symptoms: When sf/ami/56 are configured, the protocol interface is down at both ends.

Conditions: These symptoms are observed when we configure speed 56, framing sf, and linecode ami at both ends, as follows:

service-module t1 timeslots all speed 56
service-module t1 framing sf
service-module t1 linecode ami

This causes the protocol to be down and an increased error count at both ends.

Workaround: Change the speed to 64 and then configure again to 56. The protocol will then be up and ping is OK.

CSCsl46683

Symptoms: Tracebacks may be observed while rebooting the device.

Conditions: The symptoms are observed when there are no other SNMP CLI and SNMP-server manager is the first CLI to be configured.

Workaround: There is no workaround.

CSCsl51495

Symptoms: A memory leak may be observed on the standby node.

Conditions: The symptom is observed only when broadcast accounting is configured in the standby node. The memory leak is verified by using the show processes memory | i AAA ACCT command.

Workaround: There is no workaround.

CSCsl51848

Symptoms: Router crashes when a command is entered from the aux console to remove an interface.

Conditions: Occurs when a show command for that interface is presently paused at the "more" prompt on the main console. The show commands are show controllers serial and show interface serial.

Workaround: Avoid configuration while show commands are being run on the router.

CSCsl63494

Symptoms: AAA server does not count active user sessions correctly. User authentication may be denied by the AAA server because max session limit has been reached.

Conditions: This may occur with AAA authentication, when max session limit is configured on Cisco Secure ACS server (may happen with other AAA servers too). When user initiates X.25,ssh,rsh,rlogin or telnet sessions and later disconnects them, AAA server does not decrement active sessions counter due to wrong attributes present in the accounting records sent by the device. Eventually, the misbehaving counter may reach max session limit, and user will be denied a login.

Workaround: Removing max session limit can be considered.

CSCsl90187

Symptoms: Low memory leak may occur on VoIP gateway in VTSP process, which may cause router to reload.

Conditions: The issue is specific to the C549 DSPs on Cisco 3700 series routers. The leak occurs when a call is disconnected due to non-availability of the circuit (cause code 0x22).

Workaround: There is no workaround.

CSCsl92316

Symptoms: Router may experience mwheel CPUHOG condition.

Conditions: This condition is observed on Cisco router while clearing all L2TP sessions when there are more than 2500 sessions with multicast traffic flowing on the sessions.

Workaround: There is no workaround.

CSCsl99071

Symptoms: A router may crash while unconfiguring a policy-map attached to a PPPoA session.

Conditions: The symptoms occur with the following scenario:

Initially service-policy is configured both on input and output on the virtual-template.

The sessions are brought up.

The input service-policy on v-template is removed.

The output service-policy on v-template is removed.

The (global) policy-map is removed.

Workaround: There is no workaround.

CSCsl99883

Symptoms: The X.25 PVC experiences window closed on both the sides.

Conditions: The problem is seen under heavy traffic conditions. The testing scenario passes 1000 packets containing 2000 bytes of data.

Workaround: Reset the connection.

CSCsm01126

Symptoms: The standby fails to come up in SSO. The following message is displayed on the active:

%FILESYS-4-RCSF: Active running config access failure (0) <file size>

Conditions: This symptom is observed when the router has a configuration greater than 0.5 megabytes.

Workaround: There is no workaround.

CSCsm08030

Symptoms: A router may crash while parsing "x28 profile <profile name>". This occurs when x28 mode is configured. The crashinfo file will show:

%SYS-2-FREEFREE: Attempted to free unassigned memory at [...]

Conditions: This symptom is observed on a Cisco AS5400 gateway that is running Cisco IOS Release 12.4(1c) and Release 12.4(18).

Workaround: There is no workaround.

CSCsm13263

Symptoms: The router may crash with a bus error while executing the show ip arp interface-name command.

Conditions: This symptom occurs when two executive processes are initiated by two different telnet sessions. One process is doing show ip arp interface while the other process is doing no ip address or ip address ip-address under the configuration mode. Both commands are accessing the same interface. There is a chance that the show ip arp command will cause the system crash.

Workaround: Configure the show ip arp interface command and the ip address command sequentially.

CSCsm13763

Symptoms: A memory leak may occur with the chunk manager process.

Conditions: The symptom is observed when SIP-to-TDM (PRI) calls are terminated by a Cisco 3845 gateway. This issue occurs for transcoding calls and is found during stress tests.

Workaround: There is no workaround.

CSCsm14915

Symptoms: A router crashes and automatically reloads.

Conditions: The problem occurs when a large number of GLBP IPv6 groups are configured.

Workaround: The only workaround is to reduce the number of GLBP IPv6 groups that span a full hardware interface. Any groups that are configured on a subinterface contribute to the total for the full interface.

CSCsm20994

Symptoms: Kron occurrences are not rescheduled properly when the clock is set near the end of a calendar year.

Conditions: A kron occurrence is scheduled daily or hourly. The clock is reset near the end of the year such that the next occurrence of the kron policy would happen in the next year.

Workaround: After clock reset, remove/restore kron occurrences to cause them to be scheduled properly.

CSCsm27071

A vulnerability in the handling of IP sockets can cause devices to be vulnerable to a denial of service attack when any of several features of Cisco IOS software are enabled. A sequence of specially crafted TCP/IP packets could cause any of the following results:

The configured feature may stop accepting new connections or sessions.

The memory of the device may be consumed.

The device may experience prolonged high CPU utilization.

The device may reload. Cisco has released free software updates that address this vulnerability.

Workarounds that mitigate this vulnerability are available in the "workarounds" section of the advisory. The advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090325-ip.shtml

CSCsm27943

Symptoms: When dlsw timer explorer-wait-time is set, Ethernet redundancy could not establish DLSW circuit sometimes with the following message in the debug:

Jan 15 15:32:22.643 JST: DLSW-ER:(CSM):startdl_pend timer expired for transparent 
circuit

Conditions: The symptom only occurs when the router is configured for dlsw timer explorer- wait-time with DLSw Ethernet Redundancy and dlsw transparent switch-support.

Workaround: There is no workaround.

CSCsm27958

Symptoms: After upgrading a Cisco 7600 to Cisco IOS Release 12.2(33)SRC, SSO does not come up and router stays in RPR.

Conditions: Occurs only if the passive-interface default command is configured under OSPF.

Workaround: After upgrade, unconfigure and configure again the passive-interface default.

CSCsm34002

Symptoms: CPU utilization goes to 99%. It stays there for few seconds, then reduces to around 50%, then 2%. After few seconds, CPU utilization reaches 99%, and this cycle continues.

Router# show proce cpu sorted CPU utilization for five seconds: 99%/0%; one minute: 47%; five minutes: 25%

Conditions: This symptom is observed when around 2000 PPPOE sessions are initiated.

Workaround: There is no workaround.

CSCsm39308

Symptoms: There may be a system crash while trying to configure router isis or router iso-igrp.

Conditions: The symptom is observed when router isis or router iso-igrp is already configured without a tag.

Workaround: Use a tag in router isis and router iso-igrp configurations.

CSCsm48357

Symptoms: When FlexWAN card configured for Frame Relay over MPLS (FRoMPLS) is subjected to online insertion and removal (OIR), the standby will crash when FRoMPLS is unconfigured.

Conditions: Occurs when FRoMPLS is unconfigured following an OIR

Workaround: There is no workaround.

CSCsm50741

Symptoms: When a non-DC router is removed from a DC enabled area and the area becomes DC enabled, some of the LSAs are not refreshed correctly with DoNotAge (DNA) bits set. Crash may happen when customer deploys iptivia probes in the network. Fixed in CRS.

Conditions: The symptom is observed when a router without DC capability is removed from a DC enabled area.

Workaround: Use the clear ip ospf command.

CSCsm55817

Symptoms: When configuring ATM PVCs, under the PVC syntax you can provide a handle to describe the PVC. If this handle starts with "00" (zero zero) then the command will fail.

Conditions: The symptom is observed when configuring ATM PVCs and where the PVC handle starts with "00".

Workaround: Do not use handles that start with "00".

CSCsm62215

Symptoms: A Cisco router may reload unexpectedly when the DMVPN tunnel is bounced.

Conditions: The symptom is observed with Cisco IOS Release 12.4(11)T2. The information points to an SW issue when upon bouncing the DMVPN GRE tunnel the NHRP is automatically cleared which triggers the bus error crash.

Workaround: Clear the DMVPN session only using the following command (note: the static must be used to clear the individual session or all will be cleared): clear dmvpn session [peer {nbma | tunnel ip- address] [interface tunnel number] [vrf vrf- name] [static]

CSCsm69989

Symptoms: Class maps are not seen is show running output after executing show auto qos. This is a display issue with no functional impact. However, when the router is reloaded, the policy-map and the QoS configuration gets rejected as the class-maps are not present.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.4(15)T3 and all releases prior to that. Occurs when the router is configured for Auto QoS. This is also observed in Cisco IOS Release 12.4(21).

Workaround: There is no workaround.

CSCsm70668

Symptoms: A soft OIR over E3:POS impacts complete traffic with a biscuit tunnel.

Condition: A soft OIR over E3:POS impacts complete traffic with a biscuit tunnel configured. In OIR "test mbus power 6 off" and "test mbus power 6 on" are performed followed by a microcode reload on slot 6.

Workaround: There is no workaround.

CSCsm70774

Symptoms: The router crashes when a kron policy-list is modified from the console after that kron policy-list has been deleted by another user on a different vty.

Conditions: This symptom can be observed on a Cisco router when the kron policy-list word is issued from the console and removed from the VTY. Using the command cli abcd in the console, while still in the kron policy-list word mode, causes the router to crash.

Workaround. There is no workaround.

CSCsm75286

Symptoms: A route map that is configured with both IPv4 and IPv6 for a BGP peer does not work as expected.

Conditions: This symptom is observed after the route map is modified to delete a sequence.

Workaround: Apply a fresh route map.

CSCsm77171

Symptoms: Router will crash.

Conditions: Occurs with high traffic conditions where NetFlow has no free flows and multicast egress NetFlow is configured.

Workaround: Disable multicast egress NetFlow.

CSCsm86039

Symptoms: After switchover, DHCP relay is unable to forward the DHCP REQUEST received from client during RENEW to the server.

Conditions: Occurs when unnumbered DHCP relay with server address configured under class submode in relay pool config mode.

Workaround: Configure the server address directly under relay pool mode (rather than class submode) or under the interface (helper address).

CSCsm87166

Symptoms: The list command under ephone-hunt cannot have 20 numbers configured if the number is 8 digits each.

Conditions: The following configuration example shows the issue:

Router(config)# ephone-hunt 1 
Router(config)# list 17465301, 17465302, 17465303, 17465304, 17465305, 17465306, 
17465307, 17465308, 17465309, 17465310, 17465311, 17465312, 17465313, 17465314, 
17465315, 17465316, 17465317, 17465318, 17465319, 17465320 
 
   

Number 1746531 is not a normal ephone-dn or a *. The maximum numbers of ephone-dn we can input is 14 for 8 digits ephone-dn.

However, it is okay to have 20 ephone-dn in the list if the ephone-dn is of 4 digits each, as an example:

ephone-hunt 1 longest-idle 
pilot 17465711 
list 5301, 5302, 5303, 5304, 5305, 5306, 5307, 5308, 5309, 5310, 5311, 5312, 5313, 
5314,5315, 5316, 5317, 5318, 5319, 5320

Workaround: There is no workaround.

CSCsm89642

Symptoms: Cisco router may experience bus crash when the show crypto sessions command is entered.

Conditions: Occurred on a Cisco 7301 router configured as an VRF-aware IPSEC EzVPN server with clients using RADIUS x-authentication.

Workaround: There is no workaround.

CSCsm89795

Symptoms: The router keeps reloading and complaining about unavailability of memory.

Conditions: This symptom is observed if the router is directly connected to a DHCP server or if an attack is made by flooding DHCP replies.

Workaround: There is no workaround.

CSCsm92206

Symptoms: A router may crash when a range of interfaces is set to default configurations.

Conditions: The crash occurs when a range of interfaces is configured in a console connection to belong to a bridge group and when the same set of configurations is removed simultaneously from a vty connection.

Workaround: Avoid simultaneous tasks (configuring/unconfiguring) through the console and vty.

CSCsm95129

Symptoms: The no ip next-hop-self eigrp command does not work after mutual redistribution with BGP (either iBGP or eBGP).

Conditions: This has been observed on any platform. The combination RIP/EIGRP or OSPF/EIGRP works instead.

Workaround: There is no workaround.

CSCsm96785

Symptoms: You may observe a problem which the OSPF neighbor is down after switch-over in spite of using OSPF Non-Stop Forwarding (NSF).

Conditions: This occurs with the following conditions:

"nsf cisco" is only affected. If "nsf ietf", this problem does not occur.

You may observe this problem if the OSPF interface is "point-to-multipoint non-broadcast" or "point-to-multipoint". If the interface is "broadcast", this problem does not occur.

When this problem occurs after switch-over, DBD packet may not be exchanged between two neighbors. And the neighbor is down in spite of NSF.

Workaround: Change the OSPF config to "nsf ietf" and change the OSPF interface to "broadcast".

CSCsm97220

Devices that are running Cisco IOS Software and configured for Mobile IP Network Address Translation (NAT) Traversal feature or Mobile IPv6 are vulnerable to a denial of service (DoS) attack that may result in a blocked interface.

Cisco has released free software updates that address these vulnerabilities.

This advisory is posted at the following link http://www.cisco.com/warp/public/707/cisco-sa-20090325-mobileip.shtml

CSCso06542

Symptoms: On a Cisco router configured for NAT VPN routing/forwarding (VRF), ip nat inside source commands might get corrupted at boot up time in running config even though they are perfectly fine in startup config. The corruption could be observed in the following form (but not only):

ip nat inside source list [ACL] pool[pool-name] vrf [vrf-name] match-in-vrf overload vrf [vrf-name]

The "vrf [vrf-name]" after overload should not be there.

Conditions: This was observed on a Cisco 3845 running Cisco IOS Release 12.4(18.3)T configured with NAT VRF but it could be observed on other platforms and IOS versions.

Workaround: Remove and re-configure the affected VRFs. The problem might reappear after bootup.

CSCso10596

Symptoms: Polling cvpdnSessionAttrDevicePhyId from the CISCO-VPDN-MGMT MIB may show that multiple users are mapped to the same Virtual-Access SNMP ifIndex. This affects statistics collection or billing using IF-MIB counters.

Conditions: This symptom is observed when PPP renegotiates an existing PPP connection on a Virtual-Access interface.

Workaround: When possible, use RADIUS accounting for gathering statistics or billing.

CSCso15740

Symptoms: The "set metric" clause in the continue route-map sequence is not setting metric correctly in some particular conditions. This is also applicable in case where the nexthop setting is done via route-map with a continue clause.

Conditions: The symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(32)SY4. This is platform independent. This symptom occurs if the route-map has a continue clause and the match condition does not allow the continue clause to be executed. The following route-map sequence which has to be executed will not execute properly if the metric or nexthop of the prefix are to be modified via the route-map.

Workaround: Avoid using "continue" in a route-map and modifying metric or nexthop via the following route-map sequence.

CSCso19662

Symptoms: Tracebacks are seen after unconfiguration when using the clear ip nat translation * command.

Conditions: Cisco device with NAT configured. Not platform dependant.

Workaround: There is no workaround.

CSCso27236

Symptoms: Cisco IOS CA shows incorrect renew date (Jan 1 1979). Example:

Before restart Start Date: 1 Jan 2008 10:00:00 End Date : 1 Jan 2011 10:00:00 Renew Date : 1 Jan 2008 09:58:00

After restart Start Date: 1 Jan 2008 10:00:00 End Date : 1 Jan 2011 10:00:00 Renew Date : 1 Jan 1970 08:00:00

Conditions: Occurs when auto-enroll is enabled and the router is reloaded.

Workaround: There is no workaround.

CSCso40618

Symptoms: A Cisco 871 router may crash with error %SYS-2-NOTQ with Process="DNS Resolver" after loading an image.

Conditions: Firewall application inspection for IM protocols is configured. Protocol-info parameter-map is configured to resolve the IM server host names and is associated to IM protocols in firewall class-map.

Trigger: Issue is caused when router uses "parameter-map protocol-info" which has a list of IM server host names, to resolve list of IM servers.

Workaround: Do not associate the protocol-type parameter-map to IM protocol in firewall class-map.

CSCso53496

Symptoms: When using Group Encrypted Transport VPN (GET VPN) feature, the df-bit override (on IPSec packets) feature is not working. This means that crypto ipsec df-bit set|clear commands have no effect, both on a global or per-interface basis.

Conditions: The bug is only seen when GETVPN is used. Legacy IPSec tunnels are not affected.

Workaround: There is no workaround.

CSCso63693

Symptoms: Configuring the passive-interface default command in ISIS when existing interfaces exceed 255, or loading/reloading the router when interfaces exceeding 255 exist in the startup-configuration, may generate the following error message: ISIS: Maximum circuit limit (255) has reached. Subsequent interfaces are not advertised into ISIS as expected.

Conditions: The symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(33)SXH1 and where interfaces exceeding the 255 limitation exist in the startup-configuration and the router is loaded/reloaded. It is also observed when interfaces exceeding the 255 limitation are configured after the command passive-interface default is used.

Workaround: Use the passive interface command to manually configure all interfaces.

CSCso67195

Symptoms: Router may crash due to memory corruption:

*Apr 7 12:32:14: %SEC-6-IPACCESSLOGRP: list 111 denied pim 0.0.0.0 -> <removed>, 1 
packet
*Apr 7 12:32:29: %SYS-2-CHUNKBADMAGIC: Bad magic number in chunk header, chunk 
680A5374 data 680A79A4 chunkmagic FFFFFFFF chunk_freemagic 0 - Process= "Mwheel 
Process", ipl= 0, pid= 274, -Traceback= 0x6169C450 0x60102E78 0x601031E4 0x61D418E4 
0x61D4230C 0x61CF1A48 0x61D1280C 0x61D05FE4 0x61D0E9FC
chunk_diagnose, code = 1
chunk name is PIM JP GroupQ

Conditions: This symptom occurs when PIM is enabled on an interface and access-list logging is enabled.

ip pim sparse-dense-mode 
access-list 98 deny any log

Workaround: Remove access-list logging.

CSCso78991

Symptoms: An L2TPv3 tunnel fails to establish between Cisco routers when one is running Cisco IOS Release 12.4(T) and the other is running Cisco IOS Release 12.2(33)SRC.

Conditions: This issue is only seen when the L2TPv3 tunnel terminates on Cisco routers running Cisco IOS Release 12.4(T) on one side and Cisco IOS Release 12.2(33)SRC on the other. Other combinations of IOS versions allow the L2TPv3 to establish successfully.

Workaround: There is no workaround.

CSCso87348

Symptoms: A Catalyst 6500 or a Cisco 7600 may reload unexpectedly.

Conditions: Occurs when NetFlow is configured on one of the following:

Cisco 7600 running Cisco IOS Release 12.2(33)SRC.

Catalyst 6500 running Cisco IOS Release 12.2SXH.

Workaround: Disable NetFlow. This is done with the following commands:

no ip flow ingress
no ip flow egress
no ip route-cache flow

Enter the appropriate command for each subinterface for which NetFlow is currently configured.

Other Notes:

Only the 12.2SRC and 12.2SXH code trains are affected. The specific versions affected are 12.2(33)SXH, 12.2(33)SXH1, 12.2(33)SXH2, 12.2(33)SXH2a, 12.2(33)SRC, and 12.2(33)SRC1.

The issue is fixed in the two affected code trains from the 12.2SXH3 and 12.2SRC2 releases onwards.

The following release trains do not have this issue: 12.2(18)SXF, 12.2(33)SRA, 12.2(33)SRB, 12.2(33)SXI, and all other release trains after those affected.

CSCso91230

Symptoms: A router may display the following error:

%LINK-2-INTVULN: In critical region with interrupt level=0, intfc=ATM0 -Process= "IGMP 
Snooping Receiving Process"

Conditions: The symptom is observed when bridged traffic is passing to an MLPP interface.

Workaround: Disable IGMP snooping with the no ip igmp snooping command.

CSCso92494

Symptoms: Spurious access may be seen on a Cisco 7200 series router.

Conditions: The symptom is observed when LFIoFR is configured on a Cisco 7200 series router and when attaching a QoS policy to a Virtual-Template.

Workaround: There is no workaround.

CSCso94463

Symptoms: GET VPN group members may fail to register to the key server.

Conditions: The problem is found under these two conditions:

1. GDOI crypto map (with local address) is applied to multiple interfaces; and

2. One of these applied interfaces is down.

Workaround: There is no workaround.

CSCsq03005

Symptoms: Fax fails when the supervisory disconnect command is applied on a voice port. The default fax detect script, app_fax_detect.2.1.2.2.tcl, is being used.

voice-port 2/0/20 supervisory disconnect dualtone mid-call

When the supervisory disconnect dualtone mid-call command is removed, fax works.

Conditions: This symptom is observed with Cisco IOS Release 12.4(15)T4.

Workaround: There is no workaround.

CSCsq03115

Symptoms: The PIM configuration may be missing and the following traceback is seen:

%SYS-3-MGDTIMER: Running timer, init, timer = 895661C. -Process= "Exec", ipl= 0, pid= 
80, -Traceback= 0x14C0F30 0x31DA638 0x31DA7C8 0x31DA914 0x1E019B4 0x1E35634 0x1E34AD0 
0x15160F8 0x1515234 0x1542208 0x695548

Conditions: The symptom is observed symptom is observed after performing an OIR of the PA-T3+ serial port adapter. The symptom occurs twice.

Workaround: Reconfigure the PIM mode.

CSCsq05099

Symptoms: User can only configure a maximum of 500 SWMTP sessions per profile.

Conditions: This symptom is observed when using SWMTP.

Workaround: Configure multiple SWMTP profiles.

CSCsq12128

Symptoms: If the WAN connection is DOWN on the VGW, the Media Gateway Control Protocol (MGCP) fallback mode may not load. The gateway remains in "MGCP Fallback mode: Enabled/OFF" mode.

Conditions: This symptom is observed with Cisco IOS Release 12.4(16).

Workaround: Shut down the interface.

Further Problem Description: It is possible that the link goes up and down frequently. The call manager application tries to download the XML file from CCM+TFTP even when the link is down. This sets a flag. The flag prevents the fallback.

CSCsq15994

Symptoms: Low CPS may be observed.

Conditions: The symptoms are seen with PPPoA and PPPoE sessions.

Workaround: There is no workaround.

CSCsq23391

Symptoms: Memory leak was found after voice stress testing on a Cisco 3845.

Conditions: Occurred on router configured for E1, Direct Inward Dial (DID), G.711, and voice activity detection (VAD). Testing was performed for 2 hours, and call duration was 60 seconds.

Workaround: There is no workaround.

CSCsq24935

Symptoms: A switch reloads when the distance bgp command is configured under IPv6 address family.

Conditions: This symptom is observed on a Cisco 3560 that is running Cisco IOS Release 12.2(44)SE2. The same symptom is also seen on a Cisco 3750. The following commands are issued:

router bgp <>
address-family ipv6 unicast
distance bgp <> <>

The router subsequently reloads because of an Instruction access Exception.

Workaround: There is no workaround. BGP/IPv6 is not supported on such platforms.

CSCsq36269

Symptoms: Packets being sent towards a Cisco 7200 that are group domain of interpretation (GDOI) encapsulated but which in fact the router wants to send out through the same interface (due to a routing problem) will not leave the router with the TTL decreased by one, but increased by one.

As it is likely that the upstream router will send the packet again to the GDOI endpoint this will lead to a never-stopping flow of packets that will overwhelm the router.

Conditions: Occurs when using GDOI on a Cisco 7200 and having a routing issue where the upstream router forwards packets towards the GDOI router, but the GDOI router wants to send the same traffic towards the upstream router.

Workaround: There is no workaround.

CSCsq41361

Symptoms: When the PIX initiates a phase 2 rekey, it sends the QM1 and the router responds with QM2 and immediately after that it sends IKE delete notify for the previous inbound SPI before receiving the QM3 from the PIX. The PIX after that sends the QM3 and the tunnel is rekeyed, but this causes the VPN tunnel to flap a bit and then PIX drops all TCP connections associated with that VPN tunnel.

Conditions: Occurs when PIX initiates a phase 2 rekey.

Workaround: There is no workaround.

CSCsq46336

Symptoms: Radio transmissions from LMR voice ports to PMCs may intermittently drop packets in the router.

Conditions: The symptom is seen where multiple PMC users monitoring the same stream cause more than three simultaneous RTP streams to be present on the LMR router.

Workaround: If customer is running PMC, turn off the keepalive on the PMCs.

CSCsq54601

Symptoms: SCCP and SIP registration fails with EzVPN and NAT configured. Only Voice traffic is affected.

Condition: Occurs when SCCP registration traffic is passing through the NAT router.

Workaround: There is no workaround.

CSCsq70473

Symptoms: An MWAM processor Gigabit Ethernet interface stops processing traffic.

Conditions: This symptom is observed at a high rate of incoming traffic.

Workaround: Restart the interface (enter the shutdown command followed by the no shutdown command) to restore traffic forwarding.

CSCsq73501

Symptoms: Unable to create sessions and ACLs.

Conditions: The symptom is observed when testing with DACL.

Workaround: There is no workaround.

CSCsq75787

Symptoms: Cannot enable AutoQoS on ATM subinterface.

Conditions: This happens on a Cisco 3800 router running Cisco IOS Release 12.4(15)T06.

Workaround: There is no workaround.

CSCsq77043

Symptoms: A Cisco IOS device configured for an Embedded Event Manager (EEM) Tool Command Language (TCL) policy that uses the TCL CLI library may have the policy hang if the devices hostname is longer than 20 characters long.

Conditions: If the device is configured with a TCL policy that uses the cli_open TCL command and that device has a hostname longer than 20 characters the policy may hang.

Workaround: Reduce the size of the hostname.

CSCsq83501

Symptoms: Router crashes while configuring more than 256 channel-groups in PA-MC-2T3-EC.

Conditions: The crash is seen after configuring more than 256 channel-groups in PA-MC-2T3-EC.

Workaround: Do not configure more than 256 channel-groups.

CSCsq87204

Symptoms: A router may reload due to a crash after configuring the no multi-path command or the shut command.

Conditions: This symptom occurs when the router is configured with Mobile IP, Mobile Router, and the multi-path command on Cisco IOS Release 12.4(9)T.

Workaround: There is no workaround.

CSCsr03713

Symptoms: Secure Real-Time Transfer protocol (SRTP) calls failing.

Conditions: Occurs with the following topology:

OGW---srtp,sip-----TGW

When SRTP is disabled, calls are passed.

Workaround: Fall back to RTP.

CSCsr06282

Symptoms: Causes router to reload following a SNMP get operation.

Conditions: Only occurs when a DHCP operation is configured with option-82 parameters.

Workaround: Do not query MIB objects relating to the DHCP operation configured with option-82

CSCsr08750

Symptoms: A router may crash.

Conditions: The router will crash with IO memory corruption when the memory reserve critical [1-5] command is executed.

Workaround: Configure the memory reserve critical command with a much greater size.

Further Problem Description: This issue occurs only when the ratio of free processor memory and free IO memory is high (say greater than 90).

CSCsr13521

Symptoms: Memory chunk allocated for LDP-IGP Sync may leak.

Conditions: The symptom is observed on a router with a dual link to its neighbor. LDP and LDP Graceful Restart are enabled on both routers. When LDP is disabled and re-enabled globally on the neighbor router, a small memory leak occurs on this router.

To verify the memory leak, on Router 1, enable memory leak debug with the set memory debug incremental starting-time command. On Router 2, disable LDP globally with the no mpls ip. Wait for LDP session go down, then re-enable LDP. On Router 1, the memory chunk leak for LDP should be seen with the sh mem debug leaks chunks command.

Workaround: There is no workaround.

CSCsr17719

Symptoms: A crash may be observed from name_age_cache API.

Conditions: There is no specific situation under which this crash is seen.

Workaround: There is no workaround.

CSCsr19440

Symptoms: A router crashes if the zone cluster local command is configured with a cluster ID that is an empty string.

Conditions: This symptom is observed when the local cluster ID and the local zone associated with the cluster are an empty string and when the no service alignment detection command is configured.

Workaround: Configure the local cluster ID and the local zone associated with the cluster with a nonempty string. Also, configure the service alignment detection command to prevent the crash.

CSCsr20566

Symptoms: A router may log SCHED-3-STUCKMTMR for Dampening process, after which point all dampened interfaces will be permanently dampened from a routing-protocol viewpoint.

Conditions: This symptom is observed when multiple interfaces are configured with dampening feature.

Workaround: There is no workaround.

CSCsr23975

Symptoms: Build breakage with -Wuninitialized flag in ips_base.c and ips_sme_service_smb.c.

Conditions: The symptom is observed when the -Wuninitialized flag is used.

Workaround: Use -Wno-uninitialized.

CSCsr27305

Symptoms: A Cisco 1801 router withdraws power to Polycom 430 IP phone and phone power cycles continuously.

Conditions: The symptom is observed with a Cisco 1801 router with POE-180x daughter card and external power module with default switchport configuration that powers a Polycom 430 IP phone. CDP is enabled so that phone can detect Voice VLAN. The phone requests 4.5W of power and the router is only giving 4W.

Workaround: Turn off CDP on switchport.

Further Problem Description: The same Polycom IP phone works correctly on any DSBU POE switch.

CSCsr48828

Symptoms: A Cisco router may display the following traceback:

%SYS-2-GETBUF

Conditions: The symptom occurs when ACLs are configured on the WAN interfaces of the router. When outbound packets fail and are dropped on an outbound ACL, a traceback is generated. If the packets are stopped or the ACLs removed, the tracebacks stop. The problem is seen with the VSA accelerator, but not seen when software crypto is used.

Workaround: There is no workaround.

CSCsr49316

Symptoms: A crash happens when the show ipv6 rpf x:x:x::x command is given.

Conditions: This symptom is observed only when there are more than 16 adjacencies for a single static route. The crash happens when the show ipv6 rpf command is given for this particular static route.

Workaround: There is no workaround. This problem occurs as long as there are more than 16 adjacencies for single static route even if some of them are not active.

CSCsr51101

Symptoms: A router may crash when a PAD call is made after unconfiguring "xot access-group".

Conditions: The symptom is observed with a router that is running Cisco IOS Release 12.4(15)T7.

Workaround: There is no workaround.

CSCsr54170

Symptoms: A router may crash when removing policy-map configuration with policy-map still in use (with traffic through).

Conditions: The symptom is observed if a policy-map is removed from configuration and that policy-map is still referenced by an interface service-policy statement (with traffic through).

Workaround: Stop traffic before removing policies.

CSCsr55278

Symptoms: Fast switching of multicast packets may not occur on the interface of a PE router. All multicast packets are forwarded in process switching.

Conditions: The symptom is observed after the interface is changed from a forwarding interface of one VRF to another VRF.

Workaround: There is no workaround.

CSCsr55713

Symptoms: A crash occurs.

Conditions: The crash is caused by a ping across an ISATAP tunnel. The symptom is observed only in Cisco IOS Release 12.4(15)T7 on the Cisco 7200 (it is not known to affect other platforms), since the crash is dependent on the Cisco IOS memory map (which varies with each image).

Workaround: There is no workaround.

CSCsr59242

Symptoms: EIGRP may lose some routes from stub neighbors in a DMVPN setup.

Conditions: If EIGRP graceful restart happens on an interface and the interface update queue is busy, then it may lose some routes from the stub neighbors on that interface.

For example, issuing the below commands can trigger this issue:

clear ip eigrp vrf abc as-number neighbors interface Wait 30 seconds clear ip eigrp vrf abc as-number neighbors interface soft

Workaround: Use the clear ip eigrp vrf abc neighbors command to fix the problem.

Another workaround is that graceful restart can be turned off by the no eigrp graceful-restart command under the router or the address-family command. This will cause the symptom to go away but will revert back to hard resetting peers on configuration changes or the clear ip eigrp neighbor soft command.

CSCsr61729

Symptoms: WIC-2AM-V2 and WIC-1AM-V2 card is recognized but the ping functionality may be broken.

Conditions: The symptoms are observed with a back-to-back connection of WIC-2AM-V2 and WIC-1AM-V2 modules with a third-party vendor connector.

Workaround: There is no workaround.

Further Problem Description: The problem is due to a prior checkin, which made the state of the device dependent on the physical connection of the cable. This code was interfering with the software state machine, which internally maintains the state of the machine.

CSCsr67289

Symptoms: Router hangs when online insertion and removal (OIR) is performed.

Conditions: Occurs after changing the interface bandwidth followed by an OIR operation.

Workaround: Stop traffic before making these changes.

CSCsr67788

Symptoms: IPv6 traffic is classified as IPv4 traffic.

Conditions: The symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.4(20)T.

Workaround: There is no workaround.

CSCsr69433

Symptoms: A router may experience %SYS-3-CPUHOG: errors and then a watchdog crash in the FR LMI process.

Conditions: The symptoms are observed when ISDN is configured on the router.

Workaround: There is no workaround.

CSCsr70197

Symptoms: A router running Dynamic Multipoint VPN (DMVPN) may crash.

Conditions: The symptom is observed when trying to unconfigure an MGRE tunnel interface running Next Hop Resolution Protocol (NHRP).

Workaround: There is no workaround.

CSCsr70459

Symptoms: The network is not converged after initial configuration. A BGP session will not be established between Route Reflector 2 and Route Reflector 1.

Conditions: The symptoms are observed with a Cisco 7200 series router that is running Cisco IOS Release 12.4(15)T7.

Workaround: There is no workaround.

Further Problem Description: This issue is not seen with Cisco IOS Release 12.4(15)T6.

CSCsr82895

Symptoms: When a router has many PPPoE sessions and the router is configured as an RP-mapping agent, the router crashes following a switchover.

Conditions: The symptom is observed when the router has 8000 PPPoE sessions and it is configured as an RP-mapping agent. Following a switchover, the issue is seen.

Workaround: Another router that does not have as many interfaces in the network should be configured as the RP-mapping agent.

CSCsr85766

Symptoms: After an IP SLA operation finishes, all status variables that are expected to be conserved until the next operation become "Unknown."

Conditions:

If there is timezone offset and the local time date is advancing to the UTC date.

Found in Cisco IOS Release 12.4(20)T.

Workaround: Schedule the operation so that it starts on the UTC date and the local date configured by the clock timezone command becomes the same.

CSCsr87229

Symptoms: Callers that use a caller-ID length of 15 characters or greater cannot call out of analog MGCP ports.

Example:

MGCP Packet received from ---> CRCX 132 AALN/S0/SU1/0@nicmatth-ipipgw MGCP 0.1 C: A000000001000026000000F5 X: 23 L: p:20, a:PCMU, s:off, t:b8 M: recvonly R: L/hd S: L/rg, L/ci(08/08/15/44,1002,This is my long name) Q: process,loop <---

MGCP Packet sent to ---> 510 132 unsupported caller id length

Conditions: The BELLCORE standards support only 15 characters, and the MGCP gateway disconnects the call because of unsupported caller-ID length and displays the following message:

510 unsupported caller id length.

Workaround: Configure a caller ID less then 15 character, or use the port with SCCP or H323 to prevent this. Also, the following cptones are not affected: FR, DE, NO, IT, ES, ZA, TR, GB, AT.

CSCsr87466

Symptoms: An outgoing INVITE from the Cisco IOS sip stack with SDP and authorization configured over the SIP trunk is failing because of an incorrect Response field generated within the Proxy Authorization header when the auth-int method is used as QOP. The Cisco IOS sip stack does not include SDP message body in the md5 hash calculation.

Conditions: This symptom is observed under the following conditions:

Cisco IOS sip stack.

The auth-int method is used.

The outgoing INVITE packet contains SDP body.

Workaround: Potential workarounds are to:

Disable early offer (not sure how to do it on IOS sip-ua).

Use the auth method instead of the auth-int method. This should work if the incoming Proxy Authorization reply contains only the auth method.

CSCsr97030

Symptoms: Service policy is missing from the running configuration after a device is reloaded.

Conditions: The symptom is observed when the service policy contains a "police rate percent" that is 13 percent or less and is applied to an MLPPP interface. It is observed with Cisco IOS Release 12.4(8c) and Release 12.4T.

Workaround: Use any one of the following:

1. Re-apply service policy each time after rebooting.

2. Change service policy to use "police rate XXXX bps".

3. Configure bandwidth XXXX on the MLPPP interface.

4. Change service policy to use more than 13 percent for the policing.

CSCsr97343

Symptoms: An MSDP peer may flap randomly.

Conditions: The symptom is observed when the device is configured with logging host ip-address ... or logging host ip-address.

Workaround: It has been observed that removing the "logging host" configuration helps in preventing the peer-flap: no logging host ip-address no logging ip-address.

CSCsu00266

Symptoms: The following crash is observed after configuring a policy-map.

SegV exception, PC 0x2142818 at 10:04:23

Conditions: Occurred on a Cisco 7206VXR (NPE-G2) running Cisco IOS Release 12.4(15)T5.

Workaround: There is no workaround.

CSCsu04446

Symptoms: A Cisco router that is running a PfR Master Controller crashes under stress.

Conditions: This symptom is observed when traffic with more than 2000 prefixes with about 500 unreachable prefixes is flowing through the router.

Workaround: Minimize the number of prefixes learned during an interval. The default of 100 should be sufficient.

oer master learn prefixes 100 

CSCsu06350

Symptoms: T.38 fax call not terminating audio properly.

Conditions: RE-INVITE from SIP Fax application changes connection IP address in SDP. PGW sends changed IP address in MDCX to GW. GW responds with 200 acknowledging this change. GW still sends audio to IP address where original call terminated.

Workaround: There is no workaround.

CSCsu10229

Symptoms: cdpCacheAddress(OID:1.3.6.1.4.1.9.9.23.1.2.1.1.4) MIB is not showing GLOBAL_UNICAST address.

Conditions: Occurs on a Cisco 7200 router running Cisco IOS Release 12.4(15)T7.

Workaround: There is no workaround.

CSCsu10606

Symptoms: A device crashes with the following error message:

Breakpoint exception, CPU signal 23, PC =0x606CE1B4

Conditions: The symptom is observed during Online Certificate Status Protocol (OCSP) use.

Workaround: There is no workaround.

CSCsu11069

Symptoms: A Cisco router configured with WCCP may unexpectedly reload due to a bus error or generate spurious access when an interface used to communicate with a WCCP client goes down.

Conditions: The symptoms are observed when the router is configured with WCCP and traffic is redirected to the WCCP client at the time, or shortly after the time, when the line protocol on the interface goes down.

Workaround: There is no workaround.

CSCsu11522

A vulnerability exists in the Session Initiation Protocol (SIP) implementation in Cisco IOS software that can be exploited remotely to cause a reload of the Cisco IOS device.

Cisco has released free software updates that address this vulnerability. There are no workarounds available to mitigate the vulnerability apart from disabling SIP, if the Cisco IOS device does not need to run SIP for VoIP services. However, mitigation techniques are available to help limit exposure to the vulnerability.

This advisory is posted at the following link:

http://www.cisco.com/warp/public/707/cisco-sa-20090325-sip.shtml.

CSCsu18232

Symptoms: When a port becomes active the endpoints stay in "Not Ready" state and the RSIP message is not sent.

Conditions: The symptoms are observed when a new E1/T1 is configured with new DS0 groups controlled by MGCP. It is observed only during initial configuration.

Workaround: Remove the entire configuration under the controller before reloading/configuring a new set. After the problem occurs, the only workaround is to reload router.

CSCsu25797

Symptoms: When the router is running with an on-board VPN module, the module driver should update the maximum IKE SA limit to support more tunnels than software encryption. However, the on-board driver may not update the limit when Cisco IOS Release 12.4(11)T or later is used. Therefore, only 100 IKE SA are supported with the on-board module.

Conditions: The symptom is observed with a Cisco 2811 or 2821 router that is running Cisco IOS Release 12.4(11)T or later.

Workaround: Use Cisco IOS Release 12.4(9)T.

CSCsu25833

Symptoms: An ISR router may crash with the following error message:

%ALIGN-1-FATAL: Corrupted program counter

Conditions: The symptoms are observed on a Cisco 2811 and 2801 router. The trigger has not yet been identified.

Workaround: There is no workaround.

CSCsu26174

Symptoms: A Cisco 1800 series router may stop passing traffic on FastEthernet interface 0/1 when FastEthernet interface 0/0 is administratively shut down using the interface configuration command shutdown. When FastEthernet 0/0 is shutdown, the following message is displayed:

%GT96K_FE-5-LATECOLL: Late Collision on int FastEthernet0/0

Conditions: The symptoms are observed with FastEthernet 0/0 on a Cisco 1841 router and when the device at the far end of interface FastEthernet 0/0 is configured manually to speed 10 or 100.

Workaround: Configure the far-end device to auto-negotiate the speed with the 1800 router.

Further Problem Description: This problem does not occur when pulling out cable and re-inserting in FastEthernet 0/0. It also does not occur when FastEthernet 0/1 is reversed to FastEthernet 0/0.

CSCsu31444

Symptoms: A BR continuously displays errors messages on the console.

Router#%Error: timeout value is less than threshold 5000  
%Error: timeout value is less than threshold 5000  
%Error: timeout value is less than threshold 5000  
%Error: timeout value is less than threshold 5000  
%Error: timeout value is less than threshold 5000  
%Error: timeout value is less than threshold 5000  
%Error: timeout value is less than threshold 5000  
%Error: timeout value is less than threshold 5000  
%Error: timeout value is less than threshold 5000

OER jitter probes are not created because of this error.

Conditions: This symptom is observed with the jitter probe configuration below for VOIP optimization:

oer-map BRANCH 20 match traffic-class access-list Optimize_Voice_Traffic set mode 
route control set mode monitor fast set resolve mos priority 1 variance 30 set resolve 
delay priority 2 variance 30 set active-probe jitter 10.100.10.1 target-port 1025 
codec g729a << set probe frequency 4

Workaround: Set higher probe frequency (higher than 5).

CSCsu31954

Symptoms: A router reloads.

Conditions: Under certain crypto configurations with NetFlow also configured, the router will reload when required to fragment CEF-switched traffic on a Cisco 7200 router.

Workaround: There is no workaround.

CSCsu32104

Symptoms: A PRE-3 that is running Cisco IOS Release 12.2(31)SB code may encounter a Redzone overrun memory corruption crash.

Conditions: Unknown at this time.

Workaround: Turn off Auto IP SLA MPLS by entering the auto ip sla mpls reset command.

CSCsu32154

Symptoms: Calls through an MGCP-controlled FXS may fail to complete. The user will hear fast-busy signal when attempting to make inbound or outbound calls from or to that port. Outbound calls to the port in this state may return a 400 error "Previous message in-progress" in response to the CRCX.

Conditions: The symptom is observed under rare conditions with an MGCP-controlled FXS port on a Cisco IOS Voice over IP (VoIP) gateway.

To verify that a port is in this state, compare the output of show mgcp connection to the output of show voice call summary. If a call appears with the mgcp show command output for a port but that port appears idle (FXLS_ONHOOK) in the voice call output, this would indicate the problem being seen.

An example of such output is here showing port 2/1 in this state:

VG224# sh voice call summ PORT CODEC VAD VTSP STATE VPM STATE ============== ========= 
=== ==================== ====================== 2/0 - - - FXSLS_ONHOOK 2/1 - - - 
FXSLS_ONHOOK
VG224# sh mgcp conn Endpoint Call_ID(C) Conn_ID(I) (P)ort (M)ode (S)tate (CO)dec 
(E)vent [SIFL] (R)esult[EA (ME)dia (COM)Addr:Port 1. aaln/S2/1 C=,34,-1 I=0x0 P=0,0 
M=0 S=9,0 CO=0 E=3,10,10,10 R=41,0 ME=0 COM=0.0.0.0:0

Workaround: Reload the gateway to recover a port once it is in this state. Attempting to restart the MGCP service on the gateway by removing and adding the mgcp command in the configuration has been shown at times to be ineffective once in this state.

Alternate workaround: Use of H323/SIP signaling instead of MGCP will prevent ports from getting into this state.

Further Problem Description: Changes applied through CSCsq97697 have been found to greatly reduce the instances of this issue from occurring. If using H323/SIP instead of MGCP is not an option, it is recommended to use a Cisco IOS Release that contains the changes in CSCsq97697 (for example, Cisco IOS Release 12.4(15)T7).

The changes applied to CSCsu32154 introduce a new MGCP CLI command which is not enabled by default. If upgrading to obtain a fix for this issue, configure mgcp disconnect-delay.

CSCsu35963

Symptoms: IPIPGW/CUBE will not respond to a H.245 EmptyCapabilitySet (ECS) (i.e. TerminalCapabilitySet(TCS)=0) message from Cisco Voice Portal (CVP) with a CloseLogicalChannel (CLC) message. This will result in call failure.

Conditions: The symptom occurs when IPIPGW is deployed in H.323-H.323 mode, running Cisco IOS Release 12.4(20)T and interacting with CVP.

Workaround: There is no workaround.

CSCsu36836

Symptoms: TCL scripts and policies attempting to work with open files and sockets simultaneously may not operate properly. One symptom is the vwait command may fail by reporting "would wait forever."

Conditions: Occurs when a TCL script opens both a file and a client or server socket simultaneously.

Workaround: Open and close files and sockets separately. Avoid having them open simultaneously.

CSCsu45425

Symptoms: Label Forwarding Information Base (LFIB) shows incorrect information for Global BGP prefix after route flap. LFIB/FIB shows prefix as having a tag when it should be not. Routing table is correct.

Conditions: Occurred on a Cisco 12000 router running Cisco IOS Release 12.0(33)S1.

Workaround: Enter the clear ip route command.

CSCsu46060

Symptoms: A router may crash under low memory conditions.

Conditions: The symptom is observed with a router running GetVPN and Cisco IOS Release 12.4(15)T7.

Workaround: There is no workaround.

CSCsu48898

Symptoms: A Cisco 10000 series router may crash every several minutes.

Conditions: The symptom is observed with a Cisco 10000 series router that is running Cisco IOS Release 12.2(31)SB13.

Workaround: Use Cisco IOS Release 12.2(31)SB11.

CSCsu51095

Symptoms: If connected routes are optimized using PfR, there will be a routing loop.

Conditions: This symptom can occur if, for some reason, PfR is learning connected routes or if the user has configured them.

Workaround: Create an oer-map with a prefix-list that contains the prefixes with the IP addresses of the connected routes (the next hops). Set the set observe mode in the oer-map.

CSCsu53032

Symptoms: In rare cases, a router will crash upon removing a trustpoint in global configuration mode.

Conditions: This defect will occur in all Cisco IOS platforms; however the symptoms observed may differ. Many platforms will handle this gracefully, while others do not, due to different hardware handling of memory errors. The only platforms that have reported intermittent crashes to date are the Cisco 831, Cisco 871, and Cisco 3845.

Workaround: Reload the router and use a version with the fix.

CSCsu55941

Symptoms: NAT CIE contains the invalid NBMA address of "0.0.0.0" when a spoke sends out a resolution request or resolution reply.

Conditions: The symptom is observed when NHRP fetches the NBMA address (i.e., tunnel source interface address) during bootup and whenever the tunnel source address is changed to a new address.

Workaround: There is no workaround. However, once the issue is seen it can be rectified by changing the tunnel source interface to some other interface and then change it back to the same interface.

Further Problem Description: As a result of the NBMA address being 0.0.0.0, the spoke might incorrectly think that it is behind NAT and might add the NAT CIE (with 0.0.0.0) when resolving other spokes. As a result spoke-spoke tunnels might not come up.

CSCsu60252

Symptoms: A Cisco router may unexpectedly reload when running IPS.

Conditions: The symptom is observed when either the "deny-attacker-inline" or the "deny-connection-inline" event actions are configured on at least some of the IPS signatures. The default event action is always just to alarm, so additional configuration is required to cause this particular crash.

When the "deny" event actions are configured, the router may crash if a "shun acl" is applied on an interface where IPS is NOT configured.

This can happen in a situation such as in the following example, if IPS is configured on E0 but not E1:

E0 (packet triggering the alarm) --> ROUTER <-- (attacker) E1

IPS is configured on E0 and a packet which triggers an alarm comes in on E0. This packet matches a signature which has the "swap-attacker-victim" parameter in its signature definition. Therefore, if a "deny" event action has been configured, the ACL will be created on E1. If IPS is NOT configured on E1, this scenario can trigger the crash.

Workaround: If the "deny" actions are being used, a workaround would be to configure IPS on all affected interfaces.

CSCsu61741

Symptoms: The lsp ping command is missing.

Conditions: This issue is specific to the Cisco 7301 router.

Workaround: There is no workaround.

CSCsu62921

Symptoms: %SYS-2-BADSHARE tracebacks are reported. Eventually the router will stop passing all traffic over the interface.

Conditions: Occurs when sending traffic over xDSL interfaces that have QoS configured.

Workaround: Remove the service-policy from the xDSL interface.

CSCsu65189

Symptoms: If router is configured as follows:

router ospf 1
...
passive-interface Loopback0

And later LDP/IGP synchronization is enabled using the following commands:

Router(config)# router ospf 1
Router(config-router)# mpls ldp sync
Router(config-router)# ^Z

MPLS LDP/IGP synchronization will be allowed on interface loopback too.

Router# sh ip ospf mpls ldp in Loopback0 Process ID 1, Area 0 LDP is not configured through LDP autoconfig LDP-IGP Synchronization : Required < ---- NOK Holddown timer is not configured Interface is up

If the clear ip ospf proc command is entered, LDP will keep the interface down. Down interface is not included in the router LSA, therefore IP address configured on loopback is not propagated. If some application like BGP or LDP use the loopback IP address for the communication, application will go down too.

Conditions: Occurs when interface configured as passive. Note: all interface types configured as passive are affected, not only loopbacks.

Workaround: Do not configure passive loopback under OSPF. Problem only occurs during reconfiguration.

The problem will not occur if LDP/IGP sync is already in place and:

Router is reloaded with image with fix for CSCsk48227.

Passive-interface command is removed/added.

CSCsu69750

Symptoms: MTP is not able to handle G729a codec and G729 codec on both call legs at same time.

Conditions: The symptoms are observed with Cisco IOS Release 12.4T.

Workaround: There is no workaround.

Further Problem Description: If enabling "debug sccp all", the debug output indicates that it is an "Unsupported mtp req".

CSCsu71853

Symptoms: Transfer calls are failing due to the fact that the router does not have anything for "Replaces:" and "Referred-By:" fields.

Conditions: Occurs in routers running Cisco IOS Release 12.4(15)T6 and Cisco IOS Release 12.4(15)T7.

Workaround: There is no workaround.

CSCsu73128

Symptoms: Router crashes.

Conditions: Occurs when large number of remote end points try to connect to the gateway at the same time. The router may crash if "rsa-sig" is used as authentication method.

Workaround: There is no workaround.

CSCsu76993

Symptoms: EIGRP routes are not tagged with matching distribute-list source of route-map.

Conditions: Problem is observed where the route-map is applied to a specific interface. When the route-map is applied globally without the specific interface things appear to work fine.

Workaround: There is no workaround.

CSCsu77945

Symptoms: Performance Routing (PfR) echo probe shows 0 completes, even when the debug icmp command shows that the reply was correctly received.

Conditions: The symptom is observed when using the command sh oer border active-probes, which shows the active probes as incomplete even if the reply was correctly received.

Workaround: There is no workaround.

Further Problem Description: IP SLA code invoked by OER sets the completions to zero.

CSCsu92395

Symptoms: Router crashes.

Conditions: This issue occurs on a Cisco 870 router that is running Cisco IOS Release 12.4(15)T7 and 12.4(20)T and that has an EEM configuration like the following:

event manager applet RTR-MYPRIVATE_DOWN trap event syslog pattern 
"%LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to 
down" action Mail mail server "mailaddress@cisco.com" to "mailaddress@cisco.com" from 
"mailaddress@cisco.com" subject "rtr-myprivate - down" body "Sorry, I'm Down" event 
manager applet RTR-MYPRIVATE_UP trap event syslog pattern "%LINEPROTO-5-UPDOWN: Line 
protocol on Interface Virtual-Access1, changed state to up" action Mail mail server 
"mailaddress@cisco.com" to "mailaddress@cisco.com" from "mailaddress@cisco.com" 
subject "rtr-myprivate - up" body "Hi, I'm Active now"

When Virtual-Access1 interface flaps, the router crashes.

Workaround: Remove the EEM action mail configuration.

CSCsu95319

Symptoms: Igmp-proxy reports for some of the groups are not forwarded to the helper. This causes members not to receive the multicast traffic for those groups.

Conditions: The problem is seen when the igmp-proxy router is receiving UDP control traffic. That is, the router is receiving any UDP control-plane traffic on any interface.

Workaround: There is no workaround.

CSCsu97507

Symptoms: After removing one of "ip name-server xxxx" entries, the command show ip dns view displays broken output.

Conditions: The symptoms are observed with the following steps:

1. Add several "ip name-server xxxx".

2. Remove one of the middle entries.

3. Use the show ip dns view command.

Workaround: There is no workaround.

Further Problem Description: This issue has been recreated with Cisco IOS Releases 12.4(15)T5, 12.4(15)T7, and 12.4(20)T.

CSCsu97934

Symptoms: NPE-G1 is crashing with "pppoe_sss_holdq_enqueue" as one of the last functions.

Conditions: Unknown.

Workaround: Entering the deb pppoe error command will stop the crashing.

CSCsv00168

Symptoms: Junk values are being displayed on the router when characters/commands are inputted. For example, enter "enable", it shows "na^@^@"; enter "show version", it shows "h ^v^@e^@^r^@^@^@^@^@".

Conditions: The symptoms are observed with Cisco IOS Release 12.4(23.2)T.

Workaround: There is no workaround.

Further Problem Description: The CLI function is not affected by the junk values.

CSCsv04836

Multiple Cisco products are affected by denial of service (DoS) vulnerabilities that manipulate the state of Transmission Control Protocol (TCP) connections. By manipulating the state of a TCP connection, an attacker could force the TCP connection to remain in a long-lived state, possibly indefinitely. If enough TCP connections are forced into a long-lived or indefinite state, resources on a system under attack may be consumed, preventing new TCP connections from being accepted. In some cases, a system reboot may be necessary to recover normal system operation. To exploit these vulnerabilities, an attacker must be able to complete a TCP three-way handshake with a vulnerable system.

In addition to these vulnerabilities, Cisco Nexus 5000 devices contain a TCP DoS vulnerability that may result in a system crash. This additional vulnerability was found as a result of testing the TCP state manipulation vulnerabilities.

Cisco has released free software updates for download from the Cisco website that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090908-tcp24.shtml.

CSCsv06608

Symptoms: SXP is set up between two devices but fails to initialize.

Conditions: This symptom is observed when SXP is set up between two devices.

Workaround: There is no workaround.

CSCsv14826

Symptoms: An EasyVPN tunnel may get stuck in an IPSEC_Active state after a dialer interface flap. The ISAKMP SA can get stuck in Config_XAuth state after the dialer interface flaps: show crypto isakmp sa IPv4 Crypto ISAKMP SA dst src state conn-id slot status 10.10.10.10 10.10.10.11 CONF_XAUTH 2090 0 ACTIVE

Conditions: The symptoms are observed when EasyVPN is configured on a router and where a dialer interface flaps often.

Workaround: There is no workaround.

CSCsv17370

Symptoms: Some applications do not work properly when VSA is used as the crypto engine in the hub router. In the trace, you might observe TCP checksum corruption. This is not true in all cases. However, it might be a symptom if in the sniffer trace taken on the application client server, the last packet received before terminating the application is around 56 to 64 bytes.

Conditions: This symptom might happen in a very specific scenario. As a condition, you need to have a VSA on the hub router, and the client and server application needs to be in two different remote locations connected via a VPN tunnel through the hub. In addition, the issue has been verified with a tunnel that is configured with a static crypto map. This issue has also been verified with Fast Ethernet ports only.

Workaround: Disable the crypto engine or use VAM2+.

CSCsv24742

Symptoms: A Cisco router may report exit link out of policy (OOP) when the 32- bit interface utilization counter wraps. At 100 Mbps traffic rate, this can happen once every 6 minutes.

Conditions: The symptom is observed on a Cisco router running Performance Routing (PfR) and when the 32-bit interface utilization counter wraps.

Workaround: There is no workaround.

CSCsv30075

Symptoms: A Cisco router may reload due to a bus error.

Conditions: This symptom has been experienced on a Cisco router that is running Cisco IOS Release 12.4(15)T7 and that is configured with NAT.

Workaround: There is no workaround.

CSCsv38804

Symptoms: VIC2 BRI Layer 2 will not come up after boot up.

Conditions: The symptom is observed with VIC2-2BRI-NT/TE cards.

Workaround: There is no workaround.

CSCsv46240

Symptoms: A flow exporter that is configured for v9 may export corrupt data.

Conditions: This symptom occurs under the following configuration sequence:

Create a flow exporter, but do not set any values within the exporter.

Create a flow monitor, and apply the exporter to it.

Apply the flow monitor to an interface.

Configure the destination of the exporter.

Workaround: Configure the destination of the exporter before applying it to any flow monitors. Alternatively, remove the flow monitor from all interfaces and reapply it, which causes correct export packets to be sent.

CSCsv50666

Symptoms: While lrq forward-queries is configured, the gatekeeper blasting does not work as expected.

Conditions: This symptom is observed when lrq forward-queries is configured.

Workaround: There is no workaround.

CSCsv50958

Symptoms: A router reloads when DTMF digits are dialed out while making an MGCP call.

Conditions: This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.4(23.5).

Workaround: No workaround is known.

CSCsv52459

Symptoms: A Cisco device that is running Cisco IOS Release 12.3(7)T or later Cisco IOS code may see an increase in CPU usage when upgrading from a previous image.

Conditions: NAT must be enabled for the contributing factor described here to be applicable. RTSP and MGCP NAT ALG support was added, which requires NBAR. However, there is no way to disable it if that feature code is not needed.

Workaround: There is no workaround.

Resolved Caveats—Cisco IOS Release 12.4(15)T7

Cisco IOS Release 12.4(15)T7 is a rebuild release for Cisco IOS Release 12.4(15)T. The caveats in this section are resolved in Cisco IOS Release 12.4(15)T7 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

Miscellaneous

CSCek34097

Symptoms: The router may display CPUHOG errors and/or reload when you enter the no ipv6 multicast-routing global configuration command.

Conditions: This symptom is observed with configurations that include large numbers of dot1q subinterfaces.

Workaround: There is no workaround.

CSCek52234

Symptoms: A Cisco Gigabit Ethernet Interface goes down when set to speed 100 / Full Duplex and when the remote end is third party LAN extension service equipment.

Conditions: This symptom has been observed on Cisco 3800 Gigabit Ethernet interface. A Cisco 2811 FastEthernet interface or Cisco 2821 Gigabit Ethernet do not show the problem. The symptom is also not seen if a Cisco Catalyst 4506 is used in place of the third party equipment.

Workaround: Use hardware other than Cisco 3800 Gigabit Ethernet when connecting to third party equipment.

CSCek64863

Symptoms: DHCP Relay crashes while sending a DHCP offer to the client with binding as relay binding. (0.0.0.0).

Conditions:

1. Client is either not sending the client-id option or sending the MAC address as the client-id option in all the DHCP messages toward DHCP Relay.

2. Either smart relay is configured on the relay or relay is unnumbered so that relay bindings get created on the router.

Workaround: Disable smart-relay functionality if enabled. Use numbered relay instead of unnumbered relay.

CSCek71050

Symptoms: Compared to other Cisco IOS software releases, unusually high CPU usage may occur in the BGP router process on a Cisco 7600 series that runs Cisco IOS Release 12.2(33)SRB1.

Conditions: This symptom is observed when BGP is learning routes from the RIB, even if redistribution is not directly configured under BGP. (Redistribution from other routing protocols to BGP can exacerbate the CPU usage.)

Workaround: There is no workaround.

CSCek74114

Symptoms: ASL Rollback was not able to remove ASL configuration configuration mode exclusive auto lock-show from the running configuration.

Conditions: Failure is seen using ASL Rollback on a Cisco 7600.

Workaround: There is no workaround.

CSCek79311

Symptoms: Under stress conditions, an L2TP multihop node may crash.

Conditions: This symptom is observed when a session is being disconnected.

Workaround: There is no workaround.

CSCse03637

Symptoms: PIM dense mode interoperability issues are seen with Cisco and third party boxes.

Conditions: This symptom is observed when PIM dense mode is in operation. After the multicast forwarder is decided, based on the assert mechanism, a prune is erroneously sent. Multicast stream ceases to flow.

Workaround: There is no workaround.

CSCse61834

Symptoms: When you modify an ATM PVC by entering the pvc vpi/vci command, any subsequent modifications in the VC class that is assigned to this PVC do not take effect.

Conditions: This symptom is observed when the PVC is preconfigured with a VC class when the following events occur:

1) You make a configuration change in the PVC.

2) You change the configuration in the VC class.

The configuration change in the VC class does not take effect.

Workaround: First complete the configuration changes in the VC class. Then, change the configuration in the PVC.

CSCse90294

Symptoms: In the connect command, the ATM option is either coming twice or not coming at all in different platforms.

Conditions: When local switching-related connect command is configured.

Workaround: There is no workaround.

CSCsg09423

Symptoms: When IPsec SAs flap, traffic loss may occur during the IPsec and IKE rekey.

Conditions: This symptom is observed on a Cisco 7600 series that runs Cisco IOS Release 12.2(33)SRA when there is a large number of IKE and IPsec SAs (that is, more than 2000 IKE SAs and 4000 IPsec SAs) and when RSA signature authentication is configured.

Workaround: Reduce the number of IKE and IPsec SAs.

CSCsg90726

Symptoms: Not all the NetMeeting sessions (h323) are obtained in the firewall when enabling the h323 protocol inspection.

Conditions: This is observed when inspection is done with double ACL configured.

Workaround: This workaround applies to the following versions of NetMeeting:

Microsoft NetMeeting 2.11

Microsoft NetMeeting 2.1 Standard Edition

Microsoft NetMeeting 2.11

Microsoft NetMeeting 2.1 Standard Edition

Microsoft NetMeeting 3.01 Standard Edition

Microsoft NetMeeting 2.11

Microsoft NetMeeting 2.1 Standard Edition

Microsoft NetMeeting 2.0 Standard Edition

Microsoft Windows 98 Standard Edition

Microsoft Windows 98 Second Edition

Microsoft NetMeeting 3.01 Standard Edition

Microsoft NetMeeting 3.01 Standard Edition

Microsoft NetMeeting 3.01 Standard Edition

(http://support.microsoft.com/kb/158623#appliesto)

NetMeeting uses the following IP ports to communicate with other meeting participants:

Port          Purpose
----------------------
389          Internet Locator Server (TCP)
522          User Location Server (TCP)
1503        T.120 (TCP)
1720        H.323 call setup (TCP)
1731        Audio call control (TCP)
Dynamic H.323 call control (TCP)
Dynamic H.323 streaming (RTP over UDP)

To enable NetMeeting traffic, you must open a pinhole for these fixed TCP ports also with h323 inspection on the interface.

So the workaround for this is as follows:

1. Create the port-map as:

ip port-map user-NMAUX port tcp 522 1731 1503 description `Port-map configuration for NetMeeting'

2. Configure inspection rule as:

ip inspect name test h323 ip inspect name test user-NMAUX ip inspect name test ldap

(Here ldap (Lightweight Directory Access Protocol) is included for port 389).

3. Apply this inspection rule `test' on the interface where NetMeeting inspection is required.

Example configuration:

Router# show running-config 
 
   
Building configuration...
Current configuration : 2700 bytes ! version 12.4 service timestamps debug datetime 
msec service timestamps log datetime msec no service password-encryption ! hostname 
fwodc1-2 ! boot-start-marker boot-end-marker ! no logging console enable password lab 
! no aaa new-model ! ! ip cef ! ! no ip domain lookup ip inspect name test tcp ip 
inspect name test udp ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 
! frame-relay switching ! voice-card 0 no dspfarm ! ! ! ! ! ! ! ! ! ! ! ! ! ! no 
crypto engine onboard 0 ! ! ! ! crypto isakmp policy 1 hash md5 authentication 
pre-share crypto isakmp key letmein address 0.0.0.0 0.0.0.0 ! ! crypto ipsec 
transform-set test esp-des ! crypto map test 10 ipsec-isakmp set peer 10.0.0.1 set 
transform-set test match address ipsec_acl ! ! ! ! interface GigabitEthernet0/1 ip 
address 192.168.101.2 255.255.255.0 ip access-group 102 in ip virtual-reassembly 
duplex auto speed auto ! interface Serial0/0/0 no ip address shutdown clock rate 
2000000 ! interface Serial0/0/1 no ip address encapsulation frame-relay clock rate 
128000 no frame-relay inverse-arp frame-relay intf-type dce ! interface 
Serial0/0/1.587 point-to-point ip address 10.0.0.2 255.0.0.0 ip access-group 101 out 
ip inspect test in ip virtual-reassembly snmp trap link-status frame-relay 
interface-dlci 587 crypto map test ! router eigrp 100 network 10.0.0.0 network 
192.168.101.0 no auto-summary no eigrp log-neighbor-changes no eigrp 
log-neighbor-warnings ! ip forward-protocol nd ! ! ip http server no ip http 
secure-server ! ip access-list extended ipsec_acl permit ip 192.168.101.0 0.0.0.255 
192.168.1.0 0.0.0.255 ! access-list 101 permit udp any any eq isakmp access-list 101 
permit esp any any access-list 101 permit ahp any any access-list 101 permit icmp any 
any access-list 101 permit eigrp any any access-list 101 deny ip any any access-list 
102 permit udp any any eq isakmp access-list 102 permit esp any any access-list 102 
permit ahp any any access-list 102 permit icmp any any access-list 102 permit eigrp 
any any access-list 102 deny ip any any access-list 110 permit tcp any any fragments 
access-list 110 permit udp any any fragments access-list 110 deny tcp any any 
access-list 110 deny udp any any access-list 110 permit ip any any ! ! ! ! 
control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 line aux 0 exec-timeout 
0 0 speed 115200 line vty 0 4 login ! scheduler allocate 20000 1000 ! end 
 
   

CSCsh06117

Symptoms: When the ATM Software Segmentation and Reassembly (SAR) feature is enabled, VBR-rt PVCs may be deactivated before VBR-nrt PVCs in an over-subscription scenario.

Conditions: This symptom is observed on a Cisco 2600 series and Cisco MC3810 that have oversubscribed ATM PVCs with a VBR-rt and VBR-nrt class of service.

Workaround: Configure all PVCs with an SCR of less than or equal to the line rate.

CSCsh12294

Symptoms: The voice path between already connected secure analog VG224 phones is broken when a new call is made to one of the party.

Conditions: PhoneA calls PhoneB. PhoneA and PhoneB are connected, and the voice path confirmation is established. PhoneC calls PhoneB. Once PhoneB hears the call-waiting tone, the voice path from PhoneB to PhoneA is lost. But when PhoneA talks, PhoneB can hear it.

Workaround: The only workaround is to block call-waiting or use non-secure phones.

Further Problem Description: This symptom occurs only when both the analog phones are secure endpoints. Non-secure phones work fine.

CSCsh71993

Symptoms: SIP may not pass the correct calling number in the header when an e164 address is used. SIP should block the population of the calling party number if the user portion of the "From" header is not an e164 address, preventing the calling party number IE from being populated when ISDN sends the SETUP message. However, this does not occur, and SIP may pass an incorrect number.

Conditions: This symptom is observed on a Cisco gateway that sends Microsoft Communicator SIP calls to the PSTN.

Workaround: There is no workaround.

CSCsh72664

Symptoms: With a DMVPN setup running OSPF, tracebacks are seen.

*Feb 9 12:20:34.147: %SYS-2-MALLOCFAIL: Memory allocation of 1708 bytes failed from 
0x605270B0, alignment 32 Pool: I/O Free: 396512 Cause: Memory fragmentation Alternate 
Pool: None Free: 0 Cause: No Alternate pool

Conditions: With an mGRE tunnel with tunnel protection configured and OSPF running, the symptom can occur if there is a route for a tunnel transport destination address for a spoke through the tunnel itself.

Workaround: The symptom is seen with a DMVPN setup that is misconfigured so that a tunnel transport destination address is through the tunnel. The symptom will be avoided if there are no routes for tunnel destination addresses through the tunnel.

CSCsi51014

Symptoms: Disk access causes router to crash.

Conditions: Occurs after fsck execution.

Workaround: Format disk, which causes the data loss on the affected disk.

CSCsi57927

Symptoms: A Cisco router that is running Cisco IOS Release 12.2, Release 12.3, or Release 12.4 will show TCP connections that are hung in CLOSEWAIT state. These connections will not time out, and if enough accumulate, the router will become unresponsive and need to be reloaded.

Conditions: This symptom occurs on a Cisco router that is running Cisco IOS Release 12.2, Release 12.3, or Release 12.4 when a copy source-url ftp: command is executed and the FTP server fails to initiate the FTP layer (no banner) but does set up a TCP connection. This may occur when the FTP server is misconfigured or overloaded.

The CLI command will time out, but will not close the TCP connection or clean up associated resources. The FTP server will eventually answer and time itself out, and close the TCP connection, but the router will not clean up the TCP resources at this time.

Workaround: Manually clear TCP resources using the clear tcp command, referencing the show tcp brief command output.

CSCsi69009

Symptoms: High CPU usage may occur when IPCP is being renegotiated. Eventually, the high CPU usage may cause buffers to be backed up, may cause error message to be generated, and may cause L2TP tunnels to be dropped.

Conditions: This symptom is observed on a Cisco router when clients renegotiate IPCP unnecessarily. You can verify this situation by enabling the debug ppp negotiation command or by configuring RADIUS authorization and then checking the virtual-access interface for the phrase "cloned from: AAA, AAA, ..." (that is, multiple instances of AAA) as identification.

Workaround: There is no workaround.

Further Problem Description: You can alleviate the situation somewhat by configuring the NCP Timeout to 15 seconds to disconnect clients that take a long time to renegotiate IPCP. You can also do the following:

Increase the hello timers for L2TP and for the receive windows.

Configure the timers under the virtual template.

Do not configure the redistribution connected command under a routing protocol such as (but not limited to) EIGRP, RIP, or OSPF.

Ensure that the IP local pools are concise. For example, create one statement for multiple /24s instead of splitting all /24s on single lines, because with single lines, the look-up becomes long and contributes to the high CPU usage.

CSCsi80525

Symptoms: The ip ospf prefix-suppression [disable] command might get lost on a loopback interface when the router is reloaded.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.4(13.13)T1.

Workaround: There is no workaround.

CSCsi82336

Symptoms: Plugging a V.35 DTE cable into an HWIC-4T serial port in a "shutdown" state may result in the shutdown command being removed and the interface coming up/up.

Conditions: This symptom is observed on a Cisco 3845 HWIC-4T that is using the c3845-advsecurityk9-mz.124-13b image.

Workaround: Manually re-add the shutdown command to the serial interface.

CSCsi84605

Symptoms: The show IMA interface IMA X/Y command displays the wrong timing reference link after the clock source is changed.

Conditions: After the network clock priority is changed to be the source clock, IMA still shows the previous clock source. The previous interface was also shut down and brought back up.

Workaround: There is no workaround.

CSCsi89511

Symptoms: With IKE accounting enabled, memory leaks are found when IKE sessions are terminated abnormally.

Conditions: This symptom is observed only when IKE sessions are terminated abnormally (for example, by removing a crypto map from the interface).

Workaround: There is no workaround.

Further Problem Description: The leak is caused by "uncommon" termination of IKE sessions. Basically, there are two code paths to clean up the (IKE) accounting data structure. One (1) does a good job of freeing everything and can be taken most of the time in a normal call's setup/teardown sequence (for example, IPsec tunnel and IKE are both brought down in sequence). The second one (2) is taken due to a racing condition of termination causes which the IKE peer gets notified first and cleans its accounting structure (partially). It might be said that the leak is "slow" as the second path is not regularly taken. It does not affect the actual functionality.

CSCsj01025

Symptoms: Using dsapp on dial peers with FXS ports to use hookflash transfer with IVR system. After a series of calls, the FXS calls will no longer accept calls, and debugs show an error:

May 22 13:57:44.340 edt: //5690//Devi:/DS_ContactingDest_SetupDone: Unable to Register 
module

Conditions: This symptom is observed when using dsapp on a dial peer with an FXS port.

Workaround: FXS will no longer accept incoming calls, so the workaround is to reload the gateway.

CSCsj09249

Symptoms: A Cisco IOS router performing Cisco Performance Routing (PfR) Optimized Edge Routing (OER) Master Controller function crashes due to internal timing issue. The traceback may be similar to:

__udivmoddi4 __udivdi3 oer_br_update_iface_counters oer_br_recv_iface_configured 
oer_br_cc_tlv_process oer_cc_read_tcp oer_br_cc_process_socket_event oer_br_process

or

oer_br_update_iface_counters oer_pep_iface_update_timer_handler 
oer_br_process_timer_event tw_timer_tick oer_br_process

or

__udivmoddi4 __udivdi3 oer_br_update_iface_counters oer_pep_iface_update_timer_handler 
tw_notify tw_timer_tick oer_br_process

Conditions:

1) PfR/OER border router configuration mode is accessed or modified on the master controller.

2) OER external interface goes UP/DOWN on the border router.

Workaround: There is no workaround.

CSCsj49293

Symptoms: The interface output rate (214 Mb/s) is greater than the interface line rate (155 Mb/s).

Conditions: This symptom is observed with a Cisco 7600/7500/7200-NPE400 and below. That is, PA-POS-2OC3/1OC3 (PULL mode).

Workaround: There is no workaround.

Further Problem Description: From the Ixia, packets are transmitted at 320 Mb/s. On the UUT (Cisco 7600), the outgoing interface (POS-Enhanced Flexwan) shows the output rate as 200 Mb/s. But the interface bandwidth is 155 Mb/s.

CSCsj53804

Symptoms: When running double auth crypto (ah encap and esp encap auth together) configurations and passing large packet data that requires fragmentation, errored packets can be observed.

Conditions: This defect affects only routers with AIM-VPN-SSL AIM cards installed. Routers that support this AIM are Cisco 1800, 2600, 2800, 3700, and 3800.

Workaround: Do not use ESP and AH double authentication, or use the no crypto engine accel command in the configuration to run encryption in the SW engine.

CSCsj55043

Symptoms: On certain specific router platforms, if multiple subinterfaces are configured on a Gigabit Ethernet motherboard interface and if these subinterfaces are configured with HSRP and the same VMAC, then whenever the router becomes HSRP standby for at least one of these subinterfaces, the router drops all traffic that is directed to the same VMAC on other subinterfaces.

The following is a sample configuration that would be exposed to this issue:

interface GigabitEthernet0/0.1  
 encapsulation dot1Q 1 native  
 ip address 10.1.0.100 255.255.0.0  
 standby 1 ip 10.1.0.1  
 standby 1 mac-address 0000.0000.0001 
!  
interface GigabitEthernet0/0.2  
 encapsulation dot1Q 2 
 ip address 10.2.0.100 255.255.0.0  
 standby 2 ip 10.2.0.1  
 standby 2 mac-address 0000.0000.0001
 
   

Conditions: This symptom is observed only on Cisco 3800 (both 3825 and 3845), 7200/NPE-G1 and 7301 motherboard Gigabit Ethernet interfaces. It is not observed on Fast Ethernet/WAN modules or on other router platforms.

Workaround: The problem does not occur if different VMAC addresses are configured on different subinterfaces or if static VMACs are not used.

If the problem is encountered in a production environment, a quick workaround is to shut down the Gigabit Ethernet interface of the other router in order to make one router HSRP active in all VLANs.

CSCsj74102

Symptoms: DTMF digits are not recognized by the remote side.

Conditions: Occurs on a Cisco MGW using MGCP configured for DTMF RFC2833 standard under control of Cisco PGW2200. When the first digit is pressed it contains a wrong synchronization source identifier in an RTP header.

Workaround: There is no workaround.

CSCsj94561

Symptoms: A router may crash because of a bus error when you perform an OIR of a PA-MC-8TE1+ port adapter or when you enter the hw-module slot slot-number stop command for the slot in which the PA-MC-8TE1+ port adapter is installed.

Conditions: This symptom is observed on a Cisco 7200 series.

Workaround: There is no workaround.

CSCsk21764

Symptoms: A Cisco router may reload unexpectedly due to a bus error crash.

Conditions: The symptoms can be observed when the router is running Voice XML.

Workaround: There is no workaround.

CSCsk22496

Symptoms: Spurious access or a router crash may be seen when a crytpo key is removed.

Conditions: The crypto key was not generated in the router. When we try to remove the unconfigured crypto key, the spurious access may be seen.

Workaround: There is no workaround.

CSCsk23972

Symptoms: A router running an IOS image may stop accepting incoming TELNET connections.

Conditions: Occurs when 20 or more VRFs are configured and they have incoming TCP connections arriving at the host for non-existing services from different VRFs.

Workaround: Use the show tcp brief all command to view TCB that have local and foreign addresses as "*.*". Clear those entries using the clear tcp tcb address-of-the-TCB command.

Further Problem Description: When an incoming SYN is received for a non-existing service, for example to BGP port with BGP not configured, TCP leaks a TCB that has laddr and faddr as *.*. This TCB is usually reused for the next incoming connection.

However when VRFs are configured, such TCB can be reused only for that VRF. If there are several VRFs configured in the box, one TCB per VRF will be leaked. And there is a limit of 20 such "wild TCBs" in the system. So, once we reach the limit of 20, because we leak one per each different VRF, any connection request coming in will be denied.

CSCsk26331

Symptoms: After upgrading router code to Cisco IOS Release 12.4.13a, the CLI will not allow any changes to an ATM PVC. The following error appears:

Possibly multiple users configuring IOS simultaneously.
 
   

Conditions: This symptom is observed with a Cisco 7206vxr router with an npe-g1, when an IMA interface is configured with a bandwidth value higher than the allowed value before the "ima-group" has been added on the ATM interface.

When the no shutdown command is configured on the IMA interface, the PVC cannot be deleted.

Workaround: Reload the router.

Further Problem Description:

RouterA (config)# interface atm 1/ima1.14016 
RouterA (config-subif)# no pvc innac 20/14018 
 
   
Unable to delete PVC 20/14018 on ATM1/ima1.14016. 
Possibly multiple users configuring IOS simultaneously.
 
   

CSCsk32095

Symptoms: The Ethernet interface flaps after configuring QoS on the interface.

Conditions: Occurs on PA-2FE-TX port adapter after applying QoS to the interface.

Workaround: There is no workaround.

CSCsk50163

Symptoms: The help returned by the ? in the "crypto pki certificate storage on with-keypair" CLI is incomplete.

Conditions: This issue is seen while loading Cisco IOS Release 124-17.4.T1 and 124-12.9.PI6.

Workaround: There is no workaround.

CSCsk50208

Symptoms: Shape average percentage calculations seem to be wrong, and the configured shape average percentage cannot be changed.

Conditions: This symptom is observed on a Cisco router that is configured with the MQC-Based Frame Relay Traffic Shaping feature.

Workaround: There is no workaround.

CSCsk63655

Symptoms: A Media Gateway Control Protocol (MGCP) gateway may return a 524 or 510 error code with the reason as "invalid local connection option" for a valid "L:" parameter in a CRCX message.

Conditions: The symptoms can be observed on a router that is running Cisco IOS Interim Release 12.4(17.4)T1 or later, when the debug mgcp parser command with verbose tracelevel is disabled.

Workaround: Enable the debug mgcp parser command with verbose tracelevel.

CSCsk76053

Symptoms: When using route-map to redirect the traffic from one physical interface to be rerouted to the loopback interface, the traffic is not redirected.

Conditions: Occurs when router is configured for "EZvpn client on stick" 1interface inside/outside, loop being the inside.

Workaround: Configure interface vlan1.

CSCsk90416

Symptoms: Spurious Access is seen while configuring Instant Messenger Application Firewall Inspection.

Conditions: This failure is seen in Cisco IOS image c7200-adventerprisek9- mz.124-11.T4.

Workaround: There is no workaround.

CSCsk97261

Symptoms: A router crashes with an Unexpected exception to CPUvector traceback.

Conditions: Issuing the modemui command with a large input parameter in the [modem-commands], such as:

host> modemui ATZaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa OK OK OK Host: 
 
   
00:05:30 UTC Mon Mar 1 1993: Unexpected exception to CPUvector 1200, PC = 804829C4 
-Traceback= 804829C4 8049E4B0 8049E798 80492924 803CAE9C 803CB7E0 803CB6D8 803CDE88 
80574D04 805759 78 803A6CC8 80CA1B60 80CA2008 80CA21FC 80CA21FC 80CA21FC

More information about the Cisco Modem User Interface feature is available at the following URL:

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t4/feature/guide/ftcmodui.html

Workaround: There is no workaround.

CSCsl09874

Symptoms: OSPF may generate traceback when interface of router goes down or shut down administratively.

Conditions: Affects Cisco IOS Release 12.4(15)T and later and Cisco IOS Release 12.2SRC.

Workaround: There is no workaround.

CSCsl10459

Symptoms: Routers that are running Cisco IOS Release 12.4(13b) and Release 12.4(16) may crash when the show crypto pki timers command is executed.

Conditions: This symptom is observed under a narrow set of conditions. Offending conditions occur when certificates are issued Certificate Distribution Point formatted in URL format. Certain other unknown circumstances must also occur.

Workaround: Avoid using the show crypto pki timers command.

CSCsl13104

Symptoms: Recursive static routes are not being resolved. The show ipv6 rpf command does not show the recursion count in the RPF recursion count field.

Conditions: This symptom occurs when nonlooping recursive IPv6 static mroutes are configured. This symptom is triggered when IPv6 is configured with PIM Sparse-Mode. The impact of this symptom is that Multicast traffic flow is affected.

Workaround: There is no workaround.

CSCsl25904

Symptoms: A router that is configured with an IPSLA RTP operation crashes intermittently.

Conditions: No particular scenario has been identified so far. Sometimes the crash does not occur for several days.

Trigger: Configuration of IPSLA.

Impact: The router crashes with tracebacks.

-Traceback= 0x62236E18 $0 : 00000000, AT : 64AB0000, v0 : 66A57B74, v1 : 65263668 a0 : 
66A57B74, a1 : 65200000, a2 : 00000000, a3 : 00000000 t0 : 00000000, t1 : 3400FF01, t2 
: 00000000, t3 : FFFF00FF t4 : 60D265D8, t5 : 00000001, t6 : 0D0D0D0D, t7 : 3400FF00 
s0 : 00000000, s1 : 00000000, s2 : 651FD7C8, s3 : 649D0000 s4 : 641B0000, s5 : 
651FD7C8, s6 : 65200000, s7 : 00000000 t8 : 00000003, t9 : 6419234C, k0 : 30408001, k1 
: B0020000 gp : 64AB27C0, sp : 653B1298, s8 : 00000000, ra : 62236E0C EPC : 62236E18, 
ErrorEPC : BFC05CFC, SREG : 3400FF03 MDLO : 00000000, MDHI : 00000000, BadVaddr : 
0D0D0D3D DATA_START : 0x62891060 Cause 00000010 (Code 0x4): Address Error (load or 
instruction fetch) exception
 
   

Workaround: Remove the IPSLA RTP operation configuration.

CSCsl30331

Symptoms: Prefixes are allowed by the outbound route-map even though the match condition is met and the action is set to deny.

Conditions: Occurs in the following scenario:

1. The iteration with the deny action contains a match community.

2. The continue statement is used in one of the previous iterations.

Workaround: If there is single match clause based on NLRI, the condition is avoided.

Further Problem Description: Route-maps can be used without continue to avoid the problem.

CSCsl32122

Symptoms: VPN client users using a certificate to connect to a Catalyst 6000 or Cisco 7600 with VPN blade fail to connect. IPSec negotiation fails during mode configuration.

Conditions: Conditions are unknown at this time.

Workaround: Preshared key authenticated VPN clients can connect without problem.

CSCsl32142

Symptoms: A router may reload after reporting SYS-3-OVERRUN or SYS-3-BADBLOCK error messages. SYS-2-GETBUF with `Bad getbuffer' error may also be reported.

Conditions: Occurs when PIM auto-RP is configured and IP multicast boundary is enabled with the filter-autorp option.

Workaround: Configure IP multicast boundary without the filter-autorp option.

CSCsl34481

Symptoms: Router crashes due to IPv6 multicast routing.

Conditions: This happens after applying multicast routing configurations, and again while unconfiguring.

Workaround: There is no workaround.

CSCsl47935

Symptoms: A router that is configured to be an EZVPN client in Network Extension Mode fails to rekey the phase 2 SAs.

Conditions: The conditions under which this symptom is observed are unknown.

Workaround: Any one of the following workarounds will get the tunnel up.

1. Clear the crypto SAs.

2. Pass interesting traffic from the EZVPN client.

3. Reload the router.

CSCsl58230

Symptoms: 100 percent CPU utilization at the interrupt level is observed on a Cisco router following an upgrade from Cisco IOS Release 12.3(8)YG5 to Release 12.3(8)YG6.

Conditions: The symptom is observed on a Cisco 837 router.

Workaround: The only workaround is to not upgrade to Cisco IOS Release 12.3(8)YG6 from Release 12.3(8)YG5.

CSCsl58881

Symptoms: A Cisco 2950 switch or any Cisco router may crash unexpectedly.

Conditions: Occurs under the following scenario:

Cisco Discovery Protocol (CDP) is enabled globally.

The show cdp neighbor command is executed on the CLI.

The Cisco 2950 is connected to Cisco IP phones.

A third-party power-over-Ethernet adapter powers the IP phones.

Workaround: Disable CDP.

CSCsl63212

Symptoms: L2TP network server (LNS) router crashes while establishing virtual private dial-up network (VPDN) and shutting down client interface.

Conditions: Occurs while making call from client to LNS with specific configurations.

Workaround: There is no workaround.

CSCsl63409

Symptoms: A Cisco 2851 router continuously crashes after booting up.

Conditions: Misconfigurations could be the trigger for this symptom.

Workaround: There is no workaround.

Further Problem Description: This defect is triggered when PVDMs are present in the platform. Also, this defect appears every time the router is rebooted.

CSCsl81170

Symptoms: When adding a static NAT translation, a permanent ARP entry is added. When configuring multiple translations for the same address and removing one, the ARP entry is removed even though there may be a NAT translation that still requires it.

Conditions: The symptoms are observed when there are multiple translations with the same addresses, for example: ip nat inside source static tcp 192.168.2.1 20 192.168.4.5 20 extendable ip nat inside source static tcp 192.168.2.1 21 192.168.4.5 21 extendable

Workaround: Remove and re-add the NAT configuration lines for the IP address.

CSCsl87404

Symptoms: L2TP tunnels are not getting established.

Conditions: Occurs on a router running Cisco IOS Release 12.4(15)T2.

Workaround: There is no workaround.

CSCsl95431

Symptoms: A router may reload when malformed packets are sent to the TFTP UDP port.

Conditions: This symptom is observed when malformed traffic is sent to the router's TFTP UDP port 69 (TFTP). The TFTP server port must be listening within Cisco IOS software.

TFTP port 69 is opened in Cisco IOS software under the following circumstances:

TFTP-Server is explicitly enabled with the tftp-server filename command:

For further information on the TFTP Server functionality, see:

http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/ffun_c.html

E-Phones are configured.

If Cisco Unified Communications Express (CME) is being used and ephones are configured, port UDP 69 (TFTP) will be opened within Cisco IOS software. If the configuration contains ephone-dn arguments .., then port 69 is opened.

For further information on the CME ephone functionality, see:

http://www.cisco.com/en/US/docs/voice_ip_comm/cucme/admin/configuration/guide/cmebasic.html#wp1013086

Workaround: There is no workaround; however the following mitigation may be suitable for some customer environments:

Infrastructure ACLs (iACL)

----------------------------------

Although it is often difficult to block traffic transiting your network, it is possible to identify traffic which should never be allowed to target your infrastructure devices and block that traffic at the border of your network. iACLs are a network security best practice and should be considered as a long-term addition to good network security as well as a workaround for this specific vulnerability. The iACL example shown below should be included as part of the deployed infrastructure access-list which will protect all devices with IP addresses in the infrastructure IP address range:

!--- Permit TFTP (UDP port 69) packets 
!--- from trusted hosts destined to infrastructure addresses. 
access-list 150 permit udp TRUSTED_HOSTS MASK INFRASTRUCTURE_ADDRESSES MASK eq tftp 
!--- Deny TFTP (UDP port 69) packets 
!--- from all other sources destined to infrastructure addresses. 
access-list 150 deny udp any INFRASTRUCTURE_ADDRESSES MASK eq tftp 
!--- Permit/deny all other Layer 3 and Layer 4 traffic in accordance 
!--- with existing security policies and configurations 
!--- Permit all other traffic to transit the device. 
access-list 150 permit ip any any 
interface serial 2/0 
ip access-group 150 in
 
   

The white paper entitled "Protecting Your Core: Infrastructure Protection Access Control Lists" presents guidelines and recommended deployment techniques for infrastructure protection access lists. This white paper can be obtained here:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801a1a55.shtml

CSCsl96370

Symptoms: A CPUHOG message may be seen.

Conditions: This symptom is observed when the following three conditions are met:

1. HSRP debugs are enabled.

2. The router is logging to console.

3. An interface with more than 50 HSRP groups is shut down.

Workaround: There is no workaround.

CSCsm08010

Symptoms: A Cisco IOS VG224 voice gateway may reload unexpectedly if an FXS voice port configured with the caller-id enable command, receives a call where the calling number (ANI) is greater than 32 digits.

Conditions: The symptom is observed when caller-id is enabled and the ANI is greater than 32 characters in length.

Workaround: The workaround is to disable caller-id in the FXS voice port and restrict the ANI to less than 32 digits.

CSCsm13968

Symptoms: A router crashes when a service policy with FPM is configured, removed, and reconfigured on an interface.

Conditions: This symptom is seen only when the service policy is configured, then removed, and reconfigured on the same or a different interface.

Workaround: There is no workaround.

CSCsm20351

Symptoms: AAL2 trunk alarm is not generated for a resource availability indication (RAI) condition when a T1 is disconnected from a VWIC module.

Conditions: This issue is seen when AAL2 trunking is configured on a Cisco 2811 running Cisco IOS Release 12.4(17a).

Workaround: There is no workaround.

Further Problem Description: This issue is not seen on non-ISR platforms running Cisco IOS Release 12.3.

CSCsm21335

Symptoms: When the cm-manager config server ip-address command is used, the router fails to configure or misconfigures the gateway voice ports. This results in non-functional voice ports.

Conditions: Occurred on a Cisco 3845 running the c3845-advipservicesk9-mz.124-13d.bin image. Example of the errors follow:

voice-port 1/0/0 signal unknown <--- should have been default loop start ring frequency unknown <--- should have been default ring freq timing hookflash-in 400 20 shutdown <--- should have been no shut

In addition, PRI E1 trunks fail with no dial tone yet there is no indication why. The Cisco IOS configuration looks okay.

Workaround: Do not use these commands. Configure the MGCP gateway manually.

CSCsm21831

Symptoms: Voice calls are not successful.

Conditions: Call flow is through a NAT-SBC router, which crashes when the call is initiated.

Workaround: There is no workaround.

CSCsm27979

Symptoms: A router crashes with "Address Error (load or instruction fetch) exception" when the show ip vrf vrf-name command is used.

Conditions: On one vty session, enter the show ip route vrf vrf-name command and leave it in the "more" condition. From other user interface session, go to configuration mode, and then enter the no ip vrf vrf-name command using the same VRF name. After at least 5 minutes, the router will crash after hitting the any key on the session that is doing the show ip vrf command.

Workaround: Make sure that there is no show ip route vrf command pending before entering the no ip vrf command.

CSCsm34226

Symptoms: Router crashed during stress test of 5000-6000 56-byte UDP packets per second.

Conditions: Occurred on a Cisco 878 router running 12.4(15)T1.

Workaround: There is no workaround.

CSCsm34361

Symptoms: TCP ports may not show open as required during port scanning using NMAP.

Conditions: This symptom is observed on a Cisco 7200 router.

Workaround: There is no workaround.

CSCsm34632

Symptoms: PPTP connection does not get established properly. Users are stuck in authentication phase

Conditions: Occurs when PPTP server is behind a NAT router configured with a static NAT entry.

Workaround: There is no workaround.

CSCsm47916

Symptoms: Memory fragmentation and tracebacks occur after an uptime of 10 days of handling calls related to AA, ICD, and conference.

Conditions: This is seen on a Cisco 1861 configured for Cisco Unified CallManager Express (CME) and interacting with Unified Contact Center Express (UCCX).

Workaround: There is no workaround.

CSCsm69147

Symptoms: An H.323 gateway may crash with memory corruption.

Conditions: The symptom is observed on a Cisco platform that functions as an H.323 gateway and that is running Cisco IOS Release 12.4(7e) and 12.4(13e). It may be observed in other releases as well. It occurs whenever the H.323 gateway wants to connect to a remote host and there are no free sockets available for this process.

Workaround: There is no workaround.

CSCsm73602

Symptoms: High CPU load due to VTEMPLATE Backgr process.

Conditions: Occurs when the ip multicast boundary command is used on many interfaces (8000 or more).

Workaround: There is no workaround.

CSCsm74168

Symptoms: Cisco Unified Border Element (CUBE) crashes.

Conditions: CUBE crashes when Org. transferred to party (also on terminating side) answers the call. Call flow is as follows:

Org.--(SIP Trk)--CSPS--(SIP Trk)--CUBE1--(SIP Trk)--CUBE2--(H323 Trk)--Term.

Workaround: There is no workaround.

CSCsm85249

Symptoms: Mobile IP (MoIP) tunnel never comes up on a mobile router when roaming to the cellular interface. This is because the HWIC-3G-GSM never receives or accepts the registration reply from the Home Agent.

Conditions: Occurred on a Cisco 3845 router.

Workaround: There is no workaround.

CSCsm87959

Symptoms: An HSRP IPv6 address may become :: if the IP address of an interface is changed.

Conditions: At least one HSRP IPv4 group should exist on the interface.

Workaround: Delete the group completely from the configuration, and then reconfigure it.

Once the problem occurs, the HSRP IPv6 group must be deleted and re-added.

CSCsm88305

Symptoms: A router running Cisco IOS may crash with a bus error.

Conditions: This is seen on the Cisco 2800 series platform when one or both of the onboard ethernet ports are configured as part of an etherchannel. Under low to medium traffic loads, the device may crash when executing show run or write mem commands. It also might crash without user intervention under high traffic loads.

Workaround: Do not use the etherchannel feature for onboard ethernet ports on the Cisco 2821.

CSCso00104

Symptoms: Modifying the aggregation-type prefix-length under Optimized Edge Routing (OER)/learning, along with the ACL used by oer-map for traffic matching can lead to router crash.

Conditions: The router crash was observed when aggregation-type prefix-length and the ACL used by OER-MAP was changed. The aggregation-type prefix-length can be configured as:

oer master learn aggregation-type prefix-length 16

The OER-MAP can be configured as follows: (in this case, oer-map is used to set monitor mode to active for the traffic matching the ACL) ! oer-map BRANCH 10 match traffic-class access-list OerMapAclHttp set mode route control set mode monitor active set unreachable threshold 10 set active-probe echo 10.1.6.254 set probe frequency 10

Workaround: After making the configuration changes, if the configuration is saved right away, and then the router is reloaded, the crash was not observed. This can be used as a workaround for this crash.

CSCso00792

Symptoms: After receiving disconnect message from ISDN, the actual call disconnection is delayed by 64 seconds.

Conditions: The symptom is observed when the disconnect is received from the incoming ISDN call leg for a TDM-hairpin, DSPless call.

Workaround: There is no workaround.

CSCso01307

Symptoms: On a Hot Standby Router Protocol (HSRP) standby router, all accounting records for aaa accounting commands and aaa accounting system on the standby router of the HSRP pair are only available if those two commands are applied.

Conditions: AAA accounting is configured on a router pair running HSRP.

Workaround: Change the router to the active state before making changes that are to be logged.

Further Problem Description: The following message will appear when the debug aaa accounting command is executed and a record is suppressed: *<time/date>: AAA/ACCT/CMD(00000003): Suppressed record

CSCso02348

This is an enhancement request to add more description to the OER fields. Right now it is very hard to follow unless you are familiar with the command.

CSCso03047

Symptoms: The multilink interfaces stop forwarding traffic, and the serial interfaces out of the multilink start to flap.

Conditions: This symptom is observed when the E3 controller is saturated.

Workaround: Enter the shutdown command followed by the no shutdown command on the controller.

CSCso13102

Symptoms: Configuring a QoS policy, including Control Plane Protection (CPPr) and Control Plane Policing (CoPP), using ACLs with overlapping ACEs can cause ACEs to be skipped or processed out of order.

Conditions: When ACLs are used with CPPr, CoPP, or standard QoS policies, ACEs may be skipped when examining traffic that may match more than one ACE.

For example, the following ACL is used with a CPPr configuration that is applied to the aggregate control-plane interface.

access-list 110 deny   icmp host 192.168.100.1 any 
access-list 110 permit icmp host 192.168.100.1 any 
access-list 110 deny   icmp any any 
access-list 110 permit icmp any any
 
   

Sending pings from 192.168.100.1 to 10.255.255.102 results in the following show access-list output, and the incoming pings are in fact dropped.

Router# show access-list 
 
   
Extended IP access list 110
10 deny icmp host 192.168.100.1 any 
20 permit icmp host 192.168.100.1 any (11 matches) 
30 deny icmp any any 
40 permit icmp any any (5 matches)
 
   

Workaround: Remove overlapping ACE entries or rework the ACL.

CSCso15220

Symptoms: A Cisco router may experience a memory leak in the VTSP process. The router appears to lose its free memory until it starts to display "SYS-2-MALLOCFAIL" messages in the log and finally crashes per low memory condition.

Conditions: The symptoms occur only when a call fails before it reaches the connect state.

Workaround: The only workaround is to schedule router manual reloads at regular intervals, so that the outages occur at the lowest-impacting moments.

CSCso21888

Symptoms: Router may spontaneously reload.

Conditions: Occurs on routers configured with iSPF computation algorithm in OSPF.

Workaround: Disable iSPF.

CSCso22331

Symptoms: A Cisco 2811 router running as voice gateway may crash after enabling the debug voip vtsp event command.

Conditions: The symptom can be seen when 2-stage dialing is enabled and SETUP_ACK with a Progress Indicator is received on the outbound leg of the router.

Workaround: Disable the debug voip vtsp event command.

CSCso28309

Symptoms: Ping fails from reflector during internal testing.

Conditions: The goal of the test is to verify the successful termination of PPP/PPPoE over ATM sessions on router's ATM interface using auto sensing. It is performed with auth_pap, process switch, and keepalive disabled. This has a functional impact as the virtual access entry is not getting added to the routing table after doing clear ip route.

Workaround: There is no workaround.

CSCso34076

Symptoms: A Cisco router may reload when unconfiguring ccm-manager.

Conditions: This is seen on MGCP gateway running Cisco IOS Release 12.4(15)T4 while entering the no ccm-manager config command.

Workaround: There is no workaround.

CSCso37578

Symptoms: When issuing media play command to play media in TCL IVR, it does not play. Script itself is working.

Conditions: This problem is observed in the following conditions:

Using Cisco 1760 chassis (The problem is not observed on Cisco 2801 chassis).

Using Cisco IOS Release 12.4(15)T (Cisco IOS Release 12.4(11)T or earlier releases do not have this problem).

Using its-CISCO.2.0.1.0.tcl.

Workaround: Type the debug voip app kadis_togg in the router enable mode. The prompt play will start working on Cisco 1700 series router.

CSCso38132

Symptoms: Attempt fails while placing analog dial-in call to as5400 router. Ping fails in caller by throwing error as Timeout expecting: CONNECT.

Conditions: Occurs on a Cisco AS5400 running Cisco IOS Release 12.4(19.9)T1.

Workaround: There is no workaround.

CSCso39886

Symptoms: A router crashes when PPPoE sessions are coming up.

Conditions: This symptom is observed on a Cisco 7301 router when QoS policing is applied to the PPPoE sessions.

Workaround: There is no workaround.

CSCso47048

Symptoms: A router may crash with the following error message:

%SYS-2-CHUNKBADFREEMAGIC: Bad free magic number in chunk header, chunk 6DF6E48 data 
6DF7B48 chunk_freemagic EF430000 -Process= "Check heaps", ipl= 0, pid= 5,
-Traceback= 0x140C170 0x1E878 0x1EA24 0x1B4AC 0x717DB8 chunk_diagnose, code = 2 chunk 
name is PPTP: pptp_swi
current chunk header = 0x06DF7B38 data check, ptr = 0x06DF7B48
next chunk header = 0x06DF7B70 data check, ptr = 0x06DF7B80
previous chunk header = 0x06DF7B00 data check, ptr = 0x06DF7B10
 
   

Conditions: Issue has been seen on Cisco 7200 router with NPE-G2 configured for L2TP and running Cisco IOS Release 12.4(15)T3 and Cisco IOS Release 12.4(15)T4.

Workaround: There is no workaround.

CSCso47627

Symptoms: A Cisco router may crash while doing a simultaneous operation in pvc-in-range 0/32 and vc-class atm word.

Conditions: This symptom is observed while configuring simultaneously in pvc-in-range 0/32 and vc-class atm word.

Workaround. There is no workaround.

CSCso47738

Symptoms: Gateway sends 200 OK with media direction as SENDRECV for a reINVITE with offer having media direction INACTIVE.

Conditions: This is seen for the supplementary services when the call is put on HOLD and then RESUMED.

Workaround: There is no workaround.

CSCso47788

Symptoms: Customer initially running a 6xT1 MLP bundle using three VWIC-2MFT-T1 modules on same slot 0 of a Cisco 3825 router. The Customer is running both voice and data over this MLP link with QoS (LLQ/CBWFQ) applied to the multilink. The MLP circuit is connected to an MPLS network. The customer has fragmentation disabled on the multilink.

The issue occurs when customer adds a 7th and/or 8th T1 to the MLP bundle, which is connected on slot 2 (VWIC2-2MFT-T1/E1). The customer sees increased latency and jitter using extended pings over the MLP bundle.

Conditions: Occurs on a Cisco 3825 running the c3825-spservicesk9-mz.124-7b Cisco IOS image and using a VWIC2-2MFT-T1/E1 module installed in slot 2 (NM-HDV2-2T1/E1).

Workaround: Manually configure tx-ring-limit 2under serial interfaces residing on the VWIC2-2MFT-T1/E1.

CSCso54391

Symptoms: An MLPP call receiving preemption for reuse on unanswered call from the PBX fails to complete.

Conditions: This symptom is observed on all platforms.

Workaround: There is no workaround.

CSCso55047

Symptoms: Router crashes while unconfiguring debug condition all on L2TP network server (LNS).

Conditions: This symptom occurs when no debug condition all is configured to remove the condition that was initially set.

Workaround: There is no workaround.

CSCso56185

Symptoms: L2TP Start-Control-Connection-Reply (SCCRQ) and Start-Control-Connection-Reply (SCCRP) messages have incorrect setting of mandatory-bit for the receive window Size attribute-value pair (AVP). This may cause L2TP/VPDN sessions to fail to connect.

Conditions: Occurs in VPDN environments where the peer requires tight protocol adherence.

Workaround: There is no workaround.

CSCso60063

Symptoms: Router crashes when the no password pass is issued from the console while configuring "dot1x credentials" in configuration mode.

Conditions: Occurs only when the no password pass1 command is entered.

Workaround: There is no workaround.

CSCso62266

Symptoms: Router forwards Bridge Protocol Data Unit (BPDU) after disabling spanning-tree. But after reload, it blocks the BPDU.

Conditions: Occurs when switch-port is configured.

Workaround: Enable spanning-tree. You may then disable it again if it is not desired.

CSCso62511

Symptoms: A router may crash. The log file before the crash indicates:

%SYS-3-CPUHOG: Task is running for (44004)msecs, more than (2000)msecs (1/1),process = 
IP NAT Ager. -Traceback= 0x61F9B630 0x61FA31BC 0x61F6B9F8 0x62E47F04 0x62E48048 
0x61F6BDF4
 
   

Conditions: The symptom is observed on a router configured for NAT and running SIP calls.

Workaround: There is no workaround.

CSCso64104

Symptoms: A router may crash after applying the configurations related to PA- MC-2T3-EC immediately after the router reloads.

Conditions: The symptom is observed on Cisco 7200 series and a 7301 router.

Workaround: Do not configure PA-MC-2T3-EC immediately after the router reloads.

CSCso64585

Symptoms: Jitter or voice quality issues may occur.

Conditions: The symptoms are observed when there is more than one ephone monitoring the same Park DN. This causes more than one of the same SCCP message to be sent to the phone in a few milliseconds.

Workaround: There is no workaround.

CSCso64889

Symptoms: A router log contains the following error message, and its performance becomes severely degraded:

%SYS-3-CPUHOG: Task is running for (2004)msecs, more than (2000)msecs 4/3),process = 
DNS Server.
 
   

Conditions: This symptom is observed on a Cisco router that performs many DNS lookups.

Trigger: This symptom occurs when there are many DNS lookups, but it may also occur otherwise.

Impact: This bug impacts performance.

Workaround: Configure the router in such a way to prevent it from performing many DNS lookups, and do not configure the router as a DNS server for other devices.

Further Problem Description: Note that CSCsg64586 can produce very similar symptoms, even in the absence of a large number of DNS queries.

CSCso66396

Symptoms: If the dialing process is interrupted with a Carrier Drop message, it is not possible to attempt a new call for that remote site.

Conditions: After receiving a Carrier Drop message, the dialer is not cleared. The show dialer session command reports status 6 for that call. Traffic directed to the remote site is dropped. The dialer map is still active. All the traffic is still routed to the dialer and dropped.

Workaround: Clear the dialer session.

Further Problem Description: This will impact traffic forwarding.

CSCso66473

Symptoms: A router may crash when the user moves from one segment to another and attempts to log in to SSG.

Conditions: The symptom is observed in the following situation:

1. Open a user known to SSG through accounting-start, with an IP address of "IP1."

2. User then logs in to SSG.

3. User moves to another segment that generates another accounting-start for the same MAC address but a different IP address, IP2.

4. The SSG then crashes.

Workaround: There is no workaround.

CSCso70587

Symptoms: The RTP ports are being opened at H323 and the SSRC for the SRTP call is being updated before the PROCEEDING/ALERTING indication is received on the ISDN end. This may result in a "%DSM-3-INTERNAL" error message.

Conditions: The symptoms are observed on a Cisco 2811 series and an AS5xxx router.

Workaround: Disable the SRTP configuration and initiate normal RTP calls.

CSCso73533

Symptoms: Traceback is seen after unconfiguring the tunnel interface.

Conditions: The symptom is seen when using Ipv4 multicast PIM tunnels where the route to the Rendez-Vous Point (RP) is via another tunnel interface. If this tunnel interface was unconfigured, then there is a race condition between: 1. learning about the new route to the RP via another interface; and 2. periodic update of the PIM tunnel adjacency. If the latter occurs first the traceback is seen

Workaround: There is no workaround.

CSCso78897

Symptoms: A Cisco 870 router will process and forward packets received with a multicast MAC address even though it should not, such as when the interface controller does not own the multicast MAC address.

Conditions: This was observed on a Cisco 878 Router running Cisco IOS Release 12.4(15)T4.

Workaround: Make sure the switch connecting to the Cisco 870 does not send packets with multicast MAC addresses that should not be received by the Cisco 870.

CSCso80288

Symptoms: The value of AOC is missing for the Release Message.

Conditions: The symptom is seen for switch type basic-net3. It occurs when configuring OGW and TGW with the isdn global-disconnect command.

Workaround: There is no workaround.

CSCso81854

Multiple Cisco products are vulnerable to DNS cache poisoning attacks due to their use of insufficiently randomized DNS transaction IDs and UDP source ports in the DNS queries that they produce, which may allow an attacker to more easily forge DNS answers that can poison DNS caches.

To exploit this vulnerability an attacker must be able to cause a vulnerable DNS server to perform recursive DNS queries. Therefore, DNS servers that are only authoritative, or servers where recursion is not allowed, are not affected.

Cisco has released free software updates that address these vulnerabilities.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml.

This security advisory is being published simultaneously with announcements from other affected organizations.

CSCso83840

Symptoms: Certain reserved characters (for example, the ampersand character: "&") may get lost if they are used in the http submit URL.

Conditions: The symptom is observed on an IVR Voice Browser that is running Cisco IOS Release 12.4(15)T.

Workaround: There is no workaround.

CSCso84983

Symptoms: E1R2 channels remain up/up/idle/idle even though the call has finished.

Conditions: The conditions under which this symptom occurs are unknown.

Workaround: Shut down the interface and bring it back up again.

CSCso91078

Symptoms: A Cisco IAD2430 may reload unexpectedly due to a bus error (Sig=10).

Conditions: The symptom is seen on a Cisco IAD2430 that is running Cisco IOS Release 12.4(15)T4.

Workaround: There is no workaround.

CSCso97695

Symptoms: Config replace used to fail with TFTP.

Conditions: No special conditions.

Workaround: TFTP copy worked fine. The workaround is to copy it and then do a config replace from the disk.

CSCso97946

Symptoms: An H320 GW2 may crash when a call is made from an H323 endpoint.

Conditions: The symptom is observed when an H323 endpoint that sends the audio codecs G.729, G.711 u-law, G.711 A-law, G.728, G.722 64k, G.722 56k, G.722 48k in the TCS to the H320 GW.

Workaround: Configure a single audio codec under the VOIP dial-peer.

CSCso98579

Symptoms: A router configured with ccm-manager config may crash.

Conditions: The symptom is observed on a router that is configured with ccm- manager config. If there is an interface with a configuration line longer than 100 bytes, the problem will be seen when Call Manager tries to configure the router.

Workaround: Remove any lines of configuration longer than 100 bytes from controllers, interfaces and voice ports.

Further Problem Description: This issue has been seen most often with a long description on either T1/E1 controller, or corresponding serial interface, but any long configuration line would cause the problem.

CSCsq03286

Symptoms: A Cisco Communication Media Module (CMM) with an Adhoc Conferencing and Transcoding (ACT) port adaptor module configured for MTP/XCODING may get into a state where further attempts to utilize DSP resources in a transcoding profile may fail.

Conditions: Under rare conditions, a CMM module used for MTP/XCODING may see the DSP resource on the module become unresponsive. When this occurs, a DSP recovery algorithm on the CMM module will be invoked to attempt to recover the DSP resource.

This algorithm may in some circumstances leave the associated transcoding resource in a state where further calls to invoke these resources will fail.

When the DSP recovery mechanism is invoked, the following message at debug level will be logged:

ac_mtrDsp_ev(slot 2 dspId 1 heartBeat 0000058D) reset[hbErr 0]

If the recovery mechanism fails to properly recover the resources, there will be hung calls seen in the output of the show mediacard connection command (0 packets tx/rx will be displayed).

Further calls that attempt to use this resource will see OpenReceiveChannel failures as displayed in the output of the show sccp statistics command.

An example of this is below:

CMM-01# show mediacard connection 
 
   
Id  Type  Slot/  RPort SPort RxPkts TxPkts Remote-Ip
          DSP/Ch
25  xcode 2/4/23 18300 22684 0      0      172.16.175.160 
26  xcode 2/4/24 16710 22540 0      0      172.16.175.116 
 
   
CMM-01# show sccp statistics 
 
   
SCCP Application Service(s) Statistics: 
Profile Identifier: 1, Service Type: Transcoding 
TCP packets rx 1676, tx 443 
Unsupported pkts rx 0, Unrecognized pkts rx 0 
Register tx 1, successful 1, rejected 0, failed 0 
KeepAlive tx 25, successful 25, failed 0 
OpenReceiveChannel rx 412, successful 398, failed 24 
CloseReceiveChannel rx 412, successful 398, failed 14 
StartMediaTransmission rx 412, successful 398, failed 14 
StopMediaTransmission rx 412, successful 380, failed 0 
Reset rx 0, successful 0, failed 0 
MediaStreamingFailure rx 0 
Switchover 0, Switchback 0
 
   

Workaround: Work to prevent the DSP from becoming unresponsive.

CSCsq05997

Symptoms: The following error messages may appear in the log file multiple times:

%ARP-3-ARPINT: ARP table accessed at interrupt level 1, -Traceback= 0x61013944 
0x60B61F80 0x60B5A2A4 0x6019DDAC 0x600FA37C 0x600FCC6C 
 
   

Because the message is generated frequently, the log file may fill up too soon.

Conditions: The symptom is observed because a Cisco IOS component is accessing the ARP cache table in the interrupt context, which goes against the design of the Cisco IOS module. The error message indicates that the software is in danger of causing the router to crash.

Workaround: There is no workaround.

CSCsq06222

Symptoms: The following error message will be seen now and then (when sending traffic):

%SYS-2-NULLCHUNK: Memory requested from Null Chunk -Process= "<interrupt level>", ipl= 
1, -Traceback 
 
   

This will not cause any problems in the network.

Conditions: Occurs when VSA/crypto is enabled with process switching.

Workaround: Configure a dummy CM with qos-preclassify enabled, such as in the following example:

crypto map dummy 10 ipsec-isakmp qos pre-classify 
 
   

CSCsq09592

Symptoms: The router is black-holing traffic that is going to be encrypted. The crypto-counters are not showing an increase.

Conditions: The symptoms are observed when service-policy is configured on the main interface and crypto map is configured on a subinterface and when IP CEF is enabled.

Workaround: Redesign the configuration to apply service policy on the subinterface. Disable CEF globally.

Further Problem Description: Clear text-traffic is effectively received by the router. It triggers the creation of Phase I/Phase II. However, it then appears to be blackholed:

interface Ethernet0/0 no ip address service-policy output shape ! interface 
Ethernet0/0.10 encapsulation dot1Q 10 ip address 10.0.0.1 255.255.255.252 crypto map 
mymap 

CSCsq09836

Symptoms: 1. For some 3660 platform images, the connect command is not working and as a result local switching does not work. 2. For some images, the no connect command is not working to remove an existing connection.

Conditions: The symptoms are observed with 3660 platform images where both ac_atm and atm_switching subsystems are responsible for local switching.

Workaround: Remove ac_atm and use only atm_switching for local switching.

Further Problem Description: Problems may arise for other 3660 platform images having both ac_atm and atm_switching.

CSCsq09942

Symptoms: NM-CEM-4TE1 modules installed in Cisco 3845 routers running 12.411T or 12.4.15T3 codes with nine TS CEM groups configured have alignment issues. When the issue occurs, all show cem commands do not show any problems with the cards or CEM groups.

Conditions: This symptom is observed on an NM-CEM-4TE1 module installed in Cisco 3845 routers with nine TS groups configured and connected to another vendor's PBX.

Workaround:

1. Shut/no shut the CEM group on either side. This fixes the issue temporally.

2. Change the CEM group configuration to have one TS per CEM group.

Further Problem Description: The issue can be observed with more details using a WAN analyzer between the CEM card and the PBX. There you can see that the traffic is entering through a specific TS and leaving through a different TS.

CSCsq10730

Symptoms: A Cisco router may display the following messages after enabling the advanced signature set in IOS-IPS: Too many UUIDs in pdu type 0x0E Too many UUIDs in pdu type 0x0B Too many UUIDs in pdu type 0x0E Too many UUIDs in pdu type 0x0B

Conditions: The symptom is observed on a Cisco router that is running Cisco IOS Release 12.4(15)T, that is utilizing IOS IPS v5 feature, and is running with the advanced signature set (MSRPC). Symptom occurs when incoming MSRPC packets are malformed or do not comply with protocol.

Workaround: There is no workaround. The message is informational (cosmetic).

CSCsq11620

Symptoms: Crashes may be caused by the code which uses "strncpy" and "sprintf".

Conditions: The symptoms are observed when accessing a specific string.

Workaround: There is no workaround.

CSCsq11750

Symptoms: A Cisco router may crash when the no mgcp and the no mgcp profile profile-name commands are issued from the VTY, and the command call- agent ip-address is configured through the console in "config- mgcp-profile" mode.

Conditions: The symptom is observed when there is simultaneous operation between the console line and the VTY line.

Workaround: Configure using a single telnet connection instead of two.

CSCsq13348

The Cisco IOS Intrusion Prevention System (IPS) feature contains a vulnerability in the processing of certain IPS signatures that use the SERVICE.DNS engine. This vulnerability may cause a router to crash or hang, resulting in a denial of service condition.

Cisco has released free software updates that address this vulnerability. There is a workaround for this vulnerability.

NOTE: This vulnerability is not related in any way to CVE-2008-1447 - Cache poisoning attacks. Cisco Systems has published a Cisco Security Advisory for that vulnerability, which can be found at http://www.cisco.com/en/US/products/products_security_advisory09186a00809c2168.shtml.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-iosips.shtml.

CSCsq13576

Symptoms: The router may crash when the multilink interface goes down.

Conditions: The symptoms are observed when the multilink interface has interleave configured.

Workaround: There is no workaround.

CSCsq13938

Symptoms: In Cisco IOS software that is running the Border Gateway Protocol (BGP), the router may reload if BGP show commands are executed while the BGP configuration is being removed.

Conditions: This problem may happen only if the BGP show command is started and suspended by auto-more before the BGP-related configuration is removed, and if the BGP show command is continued (for example by pressing the SPACE bar) after the configuration has been removed. This bug affects BGP show commands related to VPNv4 address family. In each case the problem only happens if the deconfiguration removes objects that are being utilized by the show command. Removing unrelated BGP configuration has no effect.

This bug is specific to MPLS-VPN scenarios (CSCsj22187 fixes this issue for other address-families).

Workaround: Terminate any paused BGP show commands before beginning operations to remove BGP-related configuration. Pressing "q" to abort suspended show commands, rather SPACE to continue them, may avoid problems in some scenarios.

CSCsq15560

Symptoms: In creating a multi-party video conference by calling into a Cisco IPVC MCU device, a call may intermittently suffer from one-way video.

Conditions: The symptom is seen with a multi-party video conference which calls into a Cisco IPVC MCU device and where a local CME video endpoints calls the MCU via a gatekeeper over H323. This is a timing issue in the H.323 state machine. In a call flow, two sets of OLCs (for audio and video) are exchanged. BRQ is sent for audio OLC. Before BCF is received, GW gets video OLC. This updates the total channel bandwidth and checks if it is less then the approved BW. As it is not so, OLC is rejected resulting in one-way video.

Workaround: There is no workaround.

Further Problem Description: This scenario works fine with third party H323 endpoints with their own H323 stacks working with the same gatekeeper and MCU. A more heavily loaded (for instance, with debugs) CME gateway will experience the problem less often.

CSCsq19047

Symptoms: A VXML gateway may stop handling calls due to lack of memory. The memory leak occurs in Chunk Manager process.

Conditions: The symptom is observed on a VXML gateway that is running Cisco IOS Release 12.4(15)T and when the SIP Take back application is configured to initiate a REFER-based call transfer in a CVP scenario.

Workaround: There is no workaround.

Further Problem Description: Page 374 of this configuration and administration guide states how this configuration must be set up:

http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/customer_voice_portal/cvp4_0/configuration/guide/cvp40cfg.pdf

CSCsq21347

Symptoms: Sometimes WebVPN login page may not come up when a client browser connects to the gateway. Sometimes, login page may come up, but after entering the login credentials portal page does not come up. The following syslog messages are seen.

1) We are able to enter the webvpn login page, but after entering the username and password, the page returns the error message "Internal Error" and does not let us login. Also, the traceback below is seen.

May 10 06:15:19.183 PDT: %SYS-2-CHUNKINVALIDHDR: Invalid chunk header type 0 for chunk 
0, data 0 -Process= "SSLVPN_PROCESS", ipl= 0, pid= 265, -Traceback= 0x61898E8C 
0x6002DFC4 0x63D802FC 0x63D70C64 0x63D78A5C 0x63D79054 0x63D7986C 0x63D736A8
 
   

2) The webvpn login page is not thrown up at all when we try to connect to the webvpn gateway. The "Page is not displayed" due to the following traceback:

May 10 21:57:30.963 PDT: %SYS-2-CHUNKINVALIDHDR: Invalid chunk header type 0 for chunk 
0, data 0 -Process= "IP Input", ipl= 0, pid= 120, -Traceback= 0x61898E8C 0x6002DFC4 
0x63D6D564 0x63D72F48 0x63D5C804 0x62285B20 0x62288158 0x61F81940 0x61F83264 
0x61F8367C 0x61F83738 0x61F83980
 
   

Conditions: This can happen if WebVPN configuration is being removed and a client tries to connect.

Workaround: Avoid removing WebVPN configuration once it is configured.

CSCsq22106

Symptoms: All CAS voice calls fail on a Cisco AS5850 box. This failure is not seen on PRI calls.

Conditions: This symptom is observed for CAS calls but not for PRI calls.

Workaround: There is no workaround.

CSCsq24672

Symptoms: A call through CUBE may not establish for a Re-Invite-based call flow. The call may drop.

Conditions: This symptom is observed if the endpoint to which the CUBE is communicating sends a Re-INVITE for a call before it has received an ACK from the other call leg for the original INVITE. CUBE may not forward this Re-Invite to the other call leg, and the call will disconnect.

Workaround: There is no workaround.

CSCsq29623

Symptoms: A Cisco AS5350 or Cisco AS5350XM that is running Cisco IOS Release 12.4(15)T5 will drop incoming VPN traffic larger than 512 bytes when the traffic is destined for a dialer interface.

Conditions where problem is seen:

When packets arrive on a crypto tunnel that terminates on the Cisco AS5350 AND when the packets are destined for a destination that is reachable over a dialer interface.

With a legacy dialer-map or dialer-pool DDR configuration. No difference is seen between the two.

With CEF disabled.

Conditions where problem is not seen:

Without crypto.

With process-switching (CEF and fast-switching disabled).

When packets are destined for a host that is reachable via an Ethernet interface.

Workaround: There is no workaround.

CSCsq30717

Symptoms: A NPE-G1 resets due to a hardware watchdog timeout. This is indicated in the show version output with "Last reset from watchdog reset".

Conditions: The Cisco 7200 must have an enabled PA-MC-2T3-EC with channelized T1s.

Workaround: Disable the PA-MC-2T3-EC.

CSCsq31776

Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service (DoS) attack if configured for IP tunnels and Cisco Express Forwarding. Cisco has released free software updates that address this vulnerability. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml.

CSCsq31958

Symptoms: In a network with redundant topology, an Open Shortest Path First (OSPF) external route may remain stuck in the routing table after a link flap.

Conditions: Problem observed in Cisco IOS Release 12.4T. Not present in Cisco IOS Release 12.3T.

Workaround: The issue can be cleared by entering the clear ip route command for the affected route.

CSCsq32443

Symptoms: MCP rejecting Start-Control-Connection-Reply (SCCRP) with receive window size missing.

Conditions: Occurs with peers that use or expect the default handling of RxWindowSize of (4) and do not include the attribute-value pair (AVP) in the SCCRQ/SCCRP messages.

Workaround: Force peer to send AVP.

CSCsq33653

Symptoms: The caller ID transmission may fail from FXS port to FXO port.

Conditions: The symptoms are observed when the sub-command caller-id is configured under "voice-port x/y".

Workaround: There is no workaround.

CSCsq37349

Symptoms: A router may crash due to a corrupted Program Counter.

Conditions: The symptom is seen with Zone-based Firewall and IPS, along with VRF and IPSec tunnel configured.

Workaround: There is no workaround.

CSCsq40649

Symptoms: Card is crashing while entries are being added to the access list.

Conditions: Occurs when additional entries are being added to an access list that is already attached to an interface. The card is crashing with memory corruption.

Workaround: There is no workaround.

CSCsq42399

Symptoms: Shortly after upgrade, the router shows the following error:

May 22 09:05:53.109 METDST: %SYS-2-MALLOCFAIL: Memory allocation of 261116 bytes 
failed from 0x61A37948, alignment 0 Pool: Processor Free: 6427012 Cause: Memory 
fragmentation Alternate Pool: None Free: 0 Cause: No Alternate pool -Process= "Virtual 
Exec", ipl= 0, pid= 234, -Traceback= 0x61452110 0x6000A7FC 0x60010638 0x60010C2C 
0x634CB644 0x61A37950 0x61461910 0x 614BD940 0x6149E000 0x614C1B08 0x62AA2494 
0x62AA2478
 
   

Traffic is affected, and the router unable to display output from the show run.

Conditions: Occurs on a Cisco 7200 router running the c7200-adventerprisek9-mz.124-15.T3.bin. Service Selection Gateway (SSG) and RADIUS are involved.

Workaround: There is no workaround.

CSCsq43591

Symptoms: When a session is cleared from the CPE and when it reconnects instantaneously, a ping fails to the CPE.

Conditions: This symptom is observed under the following conditions:

LAC<->LNS setup.

Clearing of session from CPE.

In the show pxf cpu vcci command output, there is no VCCI present for the VAI.

Also seen in lab when the CPE is booted and the first session comes up.

Workaround: Clear the VAI interface from the LNS. The session will reconnect and will work fine.

CSCsq44428

Symptoms: Under certain conditions with IPv6 for EIGRP, the router may log error messages such as the following:

00:00:09: %DUAL-3-INTERNAL: IPv6-EIGRP(0) 80: Internal Error

Conditions: The error message is currently not causing a operational impact.

Workaround: There is no workaround.

CSCsq46742

Symptoms: SIP gateway crashes when a 302 response contains a contact header with the same IP address as that of SIP gateway.

Conditions: The crash occurs only when the 302 response contains a contact header with an IP address the same as that of the gateway IP address. The crash also occurs only when the IP address is mapped to a domain name exceeding the length of the IP address received in the contact header.

Workaround: Ensure that the IP address that is received in the 302 response is mapped to a domain name not exceeding the length of the IP address.

CSCsq46832

Symptoms: The "IP SLAs: RTP VoIP Operation" feature was introduced in Cisco IOS Release 12.4(4)T to allow users to obtain some realistic VoIP Round Trip Time (RTT), Jitter, Packet Loss, and Mean Opinion Score (MOS) measurements from a live VoIP call over a real IP cloud and using a bonafide voice codec supported over voice DSPs. It has been found that in certain versions of the Cisco IOS 12.4T release train this feature is not functioning at all. The output of the show ip sla statistics N EXEC prompt command, where N is the IP SLA probe tag number, returns something similar to the following output reporting all zeroed-out measurements:

VoiceGateWay# show ip sla statistics 3 IPSLAs Latest Operation Statistics 
 
   
IPSLA operation id: 3 Type of operation: rtp Latest operation start time: 11:35:15.606 
EST Tue May 27 2008 Latest operation return code: No connection Latest RTT 
(milliseconds): 0 Source to Destination Path Measurements: Interarrival Jitter: 0 
Packets Sent: 0 Packets Lost: 0 Estimated R-factor: 0 MOS-CQ: 0.00 Destination to 
Source Path Measurements: Interarrival Jitter: 0 Packets Sent: 0 Packets Lost: 0 
Estimated R-factor: 0 MOS-CQ: 0.00 Operation time to live: 72083 sec Operational state 
of entry: Active Last time this entry was reset: Never
 
   

Conditions: This behavior is observed on Cisco 1700, 2600, 3700, 7200, 7500, 2800, and 3800 voice platforms installed with Cisco IOS 12.4(19.18)T or newer in the Cisco IOS 12.4T release family, and configured with the RTP VoIP IP SLA feature.

Workaround: There is no workaround.

CSCsq48201

Symptoms: A crash may occur when creating a Bridge-Group Virtual Interface (BVI) while traffic is flowing.

Conditions: The crash could occur when a BVI interface is first created with the command interface BVI and traffic is being process-switched by a physical interface in the same bridge-group. Once the BVI interface is created, subsequent interface BVI commands to configure that interface will not cause the crash.

Workaround: Remove the physical interface from the bridge-group, or prevent traffic from being process-switched by the interface when the BVI interface is first created.

CSCsq48949

Symptoms: A hierarchical policy cannot be attached.

Conditions: This symptom is observed with a Cisco 7200 router that is running Cisco IOS Release 12.4(19.18)T2.

Workaround: There is no workaround.

CSCsq49100

Symptoms: Removal of last class-map before the qos-group class-map causes the router to crash.

Conditions: Happens every time when the class-maps change from type(Mix) to type(Un-Mix), such as the following:

Mix: dscp precedence qos-group

Un-Mix: qos-group qos-group qos-group

Workaround: There is no workaround.

CSCsq49816

Symptoms: Adding a service policy to a PVC under switch subinterface with PPP multilink configured will cause PXF queue size to become misprogrammed.

Conditions: Occurs when policy-map with priority class is attached to a MLP PVC under switch sub-interface and the MLP bundle is down. The PXF switch1 queue will be misprogrammed.

Workaround: Such a configuration is not allowed and has to be avoided.

CSCsq50100

Symptoms: When a call is placed between secure phone from SIP gateway to secure Cisco Unified CallManager (CCM) phone call is established as SRTP call. After hold/resume the call becomes non-secure.

Conditions: All supplementary services are affected (hold/resume of a secure call, call transfer, conferencing, etc.).

Workaround: There is no workaround.

CSCsq52048

Symptoms: Router crashed while running show vpdn tunnel all command.

Conditions: When there are thousands of L2TP tunnels coming up, going down, running show vpdn tunnel all may result in crash.

Workaround: There is no workaround.

CSCsq52847

Symptoms: Connection establishment failed with the event agent.

Conditions: Occurs when the Event Gateway is killed and restarted on a Cisco 1812 router while running Cisco IOS Release 12.4(19.18)T2.

Workaround: There is no workaround.

CSCsq58748

Symptoms: When a OCSP (Online Certificate Status Protocol) request is made for checking the revocation status for a certificate to the OCSP server, if under some circumstances the TCP connection for the OCSP request goes into a stalled state, then the IKMP process can get blocked. This can cause the router to be unable to process any further IKE packets, and can stop any new tunnel negotiations/rekeys/DPDs from occurring. Existing IPSEC SAs will continue to work until a rekey or DPD is triggered.

Conditions: Occurs on a Cisco IOS router with IPSec VPN and certificates and configured for revocation checking.

Workaround: Perform the following steps:

1) Disable revocation checking and then reload.

2) Reload the router.

CSCsq60016

Symptoms: Router crashes after entering a long RSA key string.

Conditions: Occurs when a very long hex string is entered.

Workaround: Break the entry into shorter strings.

CSCsq60750

Symptoms: "Net Input" process can cause Cisco 2800 and Cisco 2811 routers to crash.

Conditions: Occurs on the Cisco 2800 and Cisco 2811 routers when loaded with Cisco IOS Release 12.4(19.18)T2.

Workaround: There is no workaround.

CSCsq61398

Symptoms: L2TP/IPSec connections fail between Cisco 1800 clients and the Cisco 7200 server when the server is configured for hardware encryption.

Conditions: Occurs with the following topology:

User---1811 (LAC) F0/0 ------- Router--ASA---G0/1 c7200 (LNS)

Occurs when Cisco 1800 routers are L2TP-over-IPsec clients, terminating their connection to a Cisco 7200. The problem exists in Cisco IOS Release 12.4(15)T3 and Cisco IOS Release 12.4(15)T4.

Workarounds: Disable fast switching/CEF on the Cisco 7200. By entering the no ip route-cache command under both interface gigx/y and virtual-template xx of the Cisco 7200, the L2TP connection is stable.

int Gig Ethernet X/Y no ip route-cache int virtual-template XX no ip route-cache 

CSCsq62269

Symptoms: If a Cisco 3270 has no startup configuration, it will crash if the "autoinstall" option is selected.

Conditions: Occurs when there is no startup configuration and the router is using the c3270-adventerprisek9-mz.124-15.XZ.bin image.

Workaround: Execute tftpdnld -r in rommon to boot c3270-entbase-mz.124-15.XZ.bin. Do not allow the "autoinstall" option to run. Save the default configuration and reboot it with the c3270-adventerprisek9-mz.124-15.XZ.bin image.

CSCsq63731

Symptoms: If either the command vlan-id dot1aq vlan-id or the command vlan-range dot1aq start-vlan-id end-vlan-id is configured on a main interface which is also configured for routing, and an ARP packet is sent to the router on the configured VLAN, then the router may send an ARP reply with a VLAN ID of zero.

Conditions: The symptoms are seen on a Cisco 2800 series and a Cisco 7200 series router when the command vlan-dot1q vlan-id is configured on the GigabitEthernet interface of a Cisco 2800 series router and encapsulation dot1q vlan- id is configured on the FastEthernet 2/1/2.1 interface.

Workaround: Change the Cisco 2800 series router's (CE) configuration to use a sub-interface for the vlan-id instead of using the vlan- dot1q vlan-id command on the main interface. With a sub-interface configured on the 2800, we can verify that the ARP packets are sent with proper VLAN ID.

CSCsq71095

Symptoms: SSL connection over L2TP IPSec tunnel does not work. Checksum errors on the Change Cipher Spec messages coming from the server.

Conditions: This has been seen on a Cisco 7200 running Cisco IOS Release 12.4(15)T5 and the ADVENTERPRISEK9-M image. A Cisco 2821 with the same version and feature set was not affected.

Workaround: Use a router other than the Cisco 7200 for this task, or disable IPSec and only use SSL over L2TP.

CSCsq71492

Symptoms: A Cisco Catalyst switch may reload with an address error.

Conditions: The symptoms are most likely to occur when the TACACS+ server (ACS) sends an "authentication error" when ACS is configured, or when a request timeout occurs. There may be other AAA or TACACS related conditions that cause the symptom.

Workaround: There is no workaround.

CSCsq75526

Symptoms: When DNS forwarding source interface is configured in a split DNS environment, the source address being populated in the packet while forwarding the DNS query is wrong. It always takes the first interface in the VPN routing/forwarding (VRF) view even when the DNS forwarding source interface is changed. DNS query fails.

Conditions: The above symptom is seen on a router running Cisco IOS Release 12.4(15)T6.

Workaround: There is no workaround.

CSCsq76338

Symptoms: Call across SIP trunk takes around 10 seconds to resume after called party goes on hold.

Conditions: Occurs during normal operating conditions.

Workaround: There is no workaround.

CSCsq78208

Symptoms: The router is crashing during start up when NTP update is received from SUP.

Conditions: Occurs when there is an NTP update and a Cisco Multi-Processor WAN Application Module (MWAM) is present.

Workaround: There is no workaround.

CSCsq81073

Symptoms: MGX RPM-XF backcard is reset when the test rpm ecc 1bit command is entered.

Conditions: Occurs on an MGX with two-port gigabit Ethernet and two-port POS backcards.

Workaround: There is no workaround.

CSCsq81116

Symptoms: Router may reload when Optimized Edge Routing (OER) master configuration is shut/no shut.

Conditions: Only occurs when OER master controller goes down and then rarely.

Workaround: There is no workaround.

CSCsq83872

Symptoms: There may be a memory leak when applying the command no pppoe enable.

Conditions: The symptom is observed on a Cisco 831 router that is running Cisco IOS Release 12.4(19).

Workaround: There is no workaround.

CSCsq86067

Symptoms: Router will crash while configuring match access-group name with longer string.

Conditions: Occurs when match access-group name is configured with string length greater than 122 characters.

Workaround: There is no workaround.

CSCsq89122

Symptoms: Cisco 7206VXR with NPE-G1, SA-VAM2+, and PA-A3-OC3MM may generate spurious memory accesses.

Conditions: One possible trigger may be ATM link instability.

Workaround: There is no workaround.

CSCsr00967

Symptoms: A router crashes.

Conditions: Clicking an application Citrix Server, for example a calculator, and, within a short period of time, clicking another application causes the router to crash.

Workaround: There is no workaround.

Further Problem Description: The router is crashing when a Citrix application is clicked and before it is launched another application is clicked. For the first application, the Cisco IOS gateway is waiting for a DNS resolution, and meanwhile TCP is closed, which is causing the appl_out_buffer of the corresponding context to be freed. Later, when the DNS resolution has come through, some data is attempted to be written to the server-side appl_out_buffer, and because it is null, the router is crashing.

buffer==NULL check was missed in the function sslvpn_http_write_start_chunk before 
filling some data into it. 
Buffer NULL check is added in sslvpn_http_write_start_chunk function before accessing 
the buffer.

CSCsr09400

Symptoms: The packets decrypted with VSA hardware encryption and with CEF enabled while using L2TP protected by IPsec are not switched correctly.

Conditions:

1. Using the router as an L2TP termination hub.

2. Using hardware encryption, specifically the VSA hardware engine.

3. Using CEF switching.

Workaround: There are several possible workarounds:

Disable CEF.

Apply the crypto map on the corresponding virtual-template interface alongside the physical interface.

Remove and reapply the crypto map (works until the next reboot).

Configure the no ip route-cache command and then the ip route-cache cef command on the virtual-template interface.

Further Problem Description: If this issue is reproduced in lab conditions, and the debug ip packet detail command is enabled, the following can be seen in the debugs:

*Jul 1 04:43:49.183: CEF: Try to CEF switch 10.175.135.48 from Virtual- Access2

The address in this message is "bogus" and corresponds to the data within the packet before the decryption, which essentially contains random bytes, so it can be anything.

CSCsr10335

Symptoms: A router loses its default gateway during autoinstall.

Conditions: This issue was seen on Cisco IOS Release 12.4(15)T5, but should affect every Cisco IOS version.

Workaround:

1. Manually do a shut followed by a no shut on the interface.

2. Create an EEM script, for example:

event manager applet Check-Default-Route event syslog pattern "CNS-3-TRANSPORT: CNS_HTTP_CONNECTION_FAILED" action 1.0 cli command enable action 1.1 cli command config term action 1.2 cli command interface GigabitEthernet0/0 action 1.3 cli command shut action 1.4 cli command no shut action 1.5 cli command end action 1.6 cli command write ! end

3. In network-confg, configure "ip address dhcp" for the interface which is supposed to get the default gateway from DHCP.

interface interface_name ip address dhcp end

CSCsr11449

Symptoms: The ingress decrypted packets do not get through with L2TP/IPSEC, even though they show up in the "decrypted" counter of the show crypto ipsec sa command output.

Conditions: This symptom is observed when the set nat demux command is configured under the crypto map entry and when L2TP over IPSEC termination is used. VSA is used as the crypto engine.

Workaround: There is no workaround.

CSCsr18200

Symptoms: A busy tone is not heard when a 183 message is received before a 4xx busy message.

Conditions: SIP trunk architecture with soft switch. This bug affects both 12.4(15)T and 12.4(11)XW software releases.

Workaround: A patch is required, forcing the media off when a busy message is received.

CSCsr43231

Symptoms: A router crashes when a serial interface is shut down and subsequently brought back up.

Conditions: This symptom is observed when the shut command, followed by the no shut command, is entered on the serial interface.

Workaround: There is no workaround.

CSCsr45986

Symptoms: The memory of the router may become corrupted, which can lead to a crash.

Conditions: This symptom is observed when Flexible NetFlow is configured with a record that has a large packet section in it, and it is applied to capture traffic.

Workaround: Configure Flexible NetFlow with a flow record that does not have a packet section in it.

Further Problem Description: Tracebacks are observed when the following commands are issued, which leads to a Flexible NetFlow crash.

configure terminal 
flow monitor mm_1 
record netflow ipv4 as 
interface Ethernet1/0 
ip flow monitor mm_1 input 
end

CSCsr50821

Symptoms: A router may crash when ARP hits through interrupt level.

Conditions: This symptom is observed when bridging is configured, but it may also be observed when the ARP code hits by interrupt context, which is unpredictable.

Workaround: There is no workaround.

Further Problem Description: This defect was introduced via CSCsq05997. Cisco IOS Release 12.4 and 12.4T are not affected by this defect, but Cisco IOS Release 12.2S may be affected by this defect.

Resolved Caveats—Cisco IOS Release 12.4(15)T6

Cisco IOS Release 12.4(15)T6 is a rebuild release for Cisco IOS Release 12.4(15)T. The caveats in this section are resolved in Cisco IOS Release 12.4(15)T6 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

Miscellaneous

CSCsj09249

Symptoms: A Cisco IOS router performing Cisco Performance Routing (PfR) Optimized Edge Routing (OER) Master Controller function crashes due to internal timing issue. The traceback may be similar to:

__udivmoddi4
__udivdi3 
oer_br_update_iface_counters oer_br_recv_iface_configured oer_br_cc_tlv_process 
oer_cc_read_tcp oer_br_cc_process_socket_event oer_br_process

or

oer_br_update_iface_counters 
oer_pep_iface_update_timer_handler
oer_br_process_timer_event tw_timer_tick 
oer_br_process

or

__udivmoddi4 
__udivdi3
oer_br_update_iface_counters
oer_pep_iface_update_timer_handler tw_notify tw_timer_tick
oer_br_process

Conditions:

PfR/OER border router configuration mode is accessed or modified on the master controller.

OER external interface goes UP/DOWN on the border router.

Workaround: There is no workaround.

CSCsk76053

Symptoms: When using route-map to redirect the traffic from one physical interface to be rerouted to the loopback interface, the traffic is not redirected.

Conditions: Occurs when router is configured for "EZvpn client on stick" 1interface inside/outside, loop being the inside.

Workaround: Configure interface vlan1.

CSCsl19590

Symptoms: An ISR router may crash during start up.

Conditions: Occurs when USB Flash drives are connected to the router. If drives are removed, there is no crash.

Workaround: There is no workaround.

CSCso15220

Symptoms: A Cisco router may experience a memory leak in the VTSP process. The router appears to lose its free memory until it starts to display "SYS-2-MALLOCFAIL" messages in the log and finally crashes per low memory condition.

Conditions: The symptoms occur only when a call fails before it reaches the connect state.

Workaround: The only workaround is to schedule router manual reloads at regular intervals, so that the outages occur at the lowest-impacting moments.

CSCso53839

Symptoms: The router crashes giving bus error when ip inspect WAAS is enabled globally and voice traffic is intercepted.

Conditions: Occurs when ip inspect WAAS is enabled globally and a voice call is made.

Workaround: Disable or remove ip inspect WAAS.

CSCso62166

Symptoms: Device crashes while debugging Border Gateway Protocol (BGP) IPv6 unicast updates entering the clear bgp ipv6 uni * command.

Conditions: Debugging must be on to see the crash

Workaround: Use the no debug bgp ipv6 unicast update command to turn off BGP IPv6 unicast updates debugging.

CSCso78427

Symptoms: A voice gateway is crashing at ccsip_apply_sip_to_pstn_calling_policy with a TLB (store) exception.

Conditions: This symptom is observed on a Cisco AS5400XM that is running either Cisco IOS Release 12.4(19) or Cisco IOS Release 12.3(14)T6.

Workaround: There is no workaround.

CSCso81854

Multiple Cisco products are vulnerable to DNS cache poisoning attacks due to their use of insufficiently randomized DNS transaction IDs and UDP source ports in the DNS queries that they produce, which may allow an attacker to more easily forge DNS answers that can poison DNS caches.

To exploit this vulnerability an attacker must be able to cause a vulnerable DNS server to perform recursive DNS queries. Therefore, DNS servers that are only authoritative, or servers where recursion is not allowed, are not affected.

Cisco has released free software updates that address these vulnerabilities.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml.

This security advisory is being published simultaneously with announcements from other affected organizations.

CSCso93867

Symptoms: Router crashes with bus error exception.

Conditions: This happens when qos service-policy is unconfigured or reconfigured on a virtual-template interface.

Workaround: There is no workaround.

CSCsq06222

Symptoms: The following error message will be seen now and then (when sending traffic):

%SYS-2-NULLCHUNK: Memory requested from Null Chunk -Process= "<interrupt level>", ipl= 
1, -Traceback 

This will not cause any problems in the network.

Conditions: Occurs when VSA/crypto is enabled with process switching.

Workaround: Configure a dummy CM with qos-preclassify enabled, such as in the following example:

crypto map dummy 10 ipsec-isakmp qos pre-classify 

CSCsq13348

The Cisco IOS Intrusion Prevention System (IPS) feature contains a vulnerability in the processing of certain IPS signatures that use the SERVICE.DNS engine. This vulnerability may cause a router to crash or hang, resulting in a denial of service condition.

Cisco has released free software updates that address this vulnerability. There is a workaround for this vulnerability.

NOTE: This vulnerability is not related in any way to CVE-2008-1447 - Cache poisoning attacks. Cisco Systems has published a Cisco Security Advisory for that vulnerability, which can be found at http://www.cisco.com/en/US/products/products_security_advisory09186a00809c2168.shtml.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-iosips.shtml.

CSCsq19957

Symptoms: A numbered access-group does not match traffic when configured under a class-map unless another matching criteria is added to the same class-map, which must be a non-numbered access-group match statement.

Conditions: This has been observed for Gigabit ethernet on an NPE-G1, frame-relay encapsulated serial interface, and POS interfaces on a NPE-G2.

Workaround:

1. Add another match criteria under the same class, which has to be a non-numbered access-group such as match ip dscp or match access-group<name>. This triggers the numbered access-group to start matching traffic correctly.

2. Have only one class defined plus class-default under the policy-map, and it will classify traffic correctly.

CSCsq45734

Symptoms: Router crashes while configuring match access-group name with long string.

Conditions: Occurs when string length greater than 77 characters.

Workaround: There is no workaround.

Resolved Caveats—Cisco IOS Release 12.4(15)T5

Cisco IOS Release 12.4(15)T5 is a rebuild release for Cisco IOS Release 12.4(15)T. The caveats in this section are resolved in Cisco IOS Release 12.4(15)T5 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

Basic System Services

CSCek71254

Symptoms: The output of the show ipv6 eigrp neighbor command indicates that an IPv6 EIGRP process is in SHUTDOWN state when it was previously configured with a no shutdown command to activate the routing process.

Conditions: Occurs after configuring redistribute eigrp number under an IPv6 routing protocol instance, such as RIP or another EIGRP instance. The new IPv6 EIGRP process appears in the running configuration but does not create a functioning routing process.

Workaround: Enter the interface configuration mode and configure the ipv6 eigrp num command. Then enter into the IPv6 EIGRP routing process using ipv6 router eigrp num and configure no shutdown.

The problem does not occur if the IPv6 EIGRP process is configured first at interface configuration level instead of entering the redisttribute eigrp num command.

CSCek76062

Symptoms: A router crashes because of a block overrun (overwriting the memory block).

Conditions: This symptom is observed only when templates are exported in the export pak, which is used only in version 9 version of exporting.

Workaround: Version 5 could be used for exporting.

CSCsg64163

Symptoms: Cisco IOS does not handle packet fragments for port specific NAT rules like:

ip nat inside source static udp 192.168.21.2 500 interface FastEthernet0/0 500 ip nat 
inside source static udp 192.168.21.2 4500 interface FastEthernet0/0 4500

Only first fragment is being translated, others are not. This symptom remains even if the ip virtual-reassembly command is active on interfaces.

Conditions: This symptom has been observed on Cisco IOS Release 12.4 and Release 12.4T.

Workaround: There is no workaround.

CSCsg85810

Symptoms: Cisco 2801 router crashes when the no crypto engine aim 0 command is entered.

Conditions: Occurs when shutting down the AIM-VPN/EPII-Plus card on a Cisco 2801 when there is an active IPSec tunnel.

Workaround: Disable the onboard crypto engine before using AIM/VPN/EPII-Plus card.

CSCsh12493

Symptoms: After addition/deletion/modification of a VRF and the re-addition of associated configuration, it becomes apparent that the RIB is not being updated by BGP after reconvergence, and LDP neighborship is reestablished. As the RIB is not updated, neither is CEF. While BGP VPNv4 has the correct information, the RIB is empty of remote PE VRF subnets, and CEF has a default entry.

Conditions: This symptom is observed on Cisco 12000 series router that is running Cisco IOS Release 12.0(32)S6.

Workaround: Can be recovered by clearing BGP session.

CSCsh88792

Symptoms: A router that is configured for Dynamic DNS (DDNS) may reload unexpectedly.

Conditions: This symptom is observed when you manually change the IP address of an interface that has DDNS configured.

Trigger: Changing the ip address.

Impact: Router reloads.

Workaround: There is no workaround.

CSCsi41769

Symptoms: A PVC that is shut down by OAM may continue to receive and forward traffic. This situation causes problems in an APS 1+1 redundancy configuration in which the standby router has a PVC that is shut down by OAM but continues to receive all traffic.

Conditions: This symptom is observed on a Cisco router that has an ATM port adapter.

Workaround: In an IPv4 configuration, shut down the subinterface manually or enter the ip verify unicast reverse-path command. In an MPLS configuration, shut down the subinterface manually.

CSCsi75001

Symptoms: Router configured for NAT traversal for SIP call using Cisco IOS SBS may experience a bus error crash.

Conditions: Occurs on router running Cisco IOS Release 12.4(11)T1 while forwarding user traffic.

Workaround: There is no workaround.

CSCsi78783

Symptoms: Router crashes when auto qos voip is configured on ATM-PVCs. It does not crash when auto qos voip trust or auto qos voip are configured on any interface.

Conditions: Occurs when auto qos voip is configured the first time on any ATM-PVC.

Workaround: Configure auto qos voip on any interface, such as a serial interface, and then configure auto qos voip on the ATM-PVC. Use auto qos voip trust if it is suitable for the network.

Further Problem Description: If auto qos exists in the startup configuration then the issue is not seen. It is seen only when it is configured on a ATM interface of a router which is up and running.

CSCsj05691

Symptoms: Online insertion and removal (OIR) of PA-MC-T3 PA with Multilink Frame Relay (MFR) configuration may cause a router to crash.

Conditions: Crash is observed only when PA is removed while MFR bundle switching from software to hardware mode or vice-versa.

Workaround: There is no workaround.

CSCsj07189

Symptom: Entering the snmpget of an object identifier (OID) using the interface index (ifIndex) value of an interface for its index will result in an error:

snmpget -c <community> -v1 <device> IF-MIB::ifDescr.92
Error in packet Reason: (noSuchName) There is no such variable name in this MIB. 
Failed object: IF-MIB::ifDescr.92

Conditions: This can occur after port adapters (PA) have been swapped, such as replacing a 4-port PA with an 8-port PA.

Workaround: Use the snmpwalk command to retrieve the IF-MIB values.

CSCsj12867

Symptoms: The following message can be seen after executing the write memory command, even though the version has not been changed.

Router# write memory
Warning: Attempting to overwrite an NVRAM configuration previously written by a 
different version of the system image. Overwrite the previous NVRAM 
configuration?[confirm]
The router then restarts with the following traceback:
-Traceback= 6067F3DC 6067FB38 605E3FE8 60686384 605E3FE8 605188BC 60518830 605444D4 
60539164 6054719C 605AB65C 605AB648

Conditions: This symptom is observed on a Cisco 7206 VXR (NPE-400) with C7200-IO-FE-MII/RJ45= or C7200-I/O= running the Cisco IOS Release 12.2(24a) interim build.

Workaround: There is no workaround.

CSCsj21785

Symptoms: A Traffic Engineering (TE) tunnel does not re-optimize to explicit path after an MTU change.

Conditions: The TE tunnel is operating via explicit path. The MTU on outgoing interface is changed. OSPF is flapped, and it does not come up as there is MTU mismatch (MTU is not changed on peer router). Meanwhile the TE re- optimizes to a dynamic path-option as expected. Now the MTU is reverted back to the previous value, and the OSPF adjacency comes up. The TE tunnel does not re-optimize to explicit path. Manual re-optimization of the TE tunnel fails as well, and the TE tunnel sticks to the dynamic path.

Workaround: Enter the shutdown command followed by the no shutdown command on the particular interface.

CSCsj27390

Symptoms: A router may crash with an exception while updating OSPF routes.

Conditions: Occurs on a router running an Cisco IOS Release 12.4(15)T releases. No other versions are susceptible to this crash

Workaround: Possible workaround is to disable ISPF under router OSPF. Use with caution, as disabling ISPF has caused a router to crash as well.

CSCsj45148

Symptoms: Display IE contained in connect message is not passing through ISDN- to-H323 interworking at Originating Gateway (OGW).

Conditions: This happens when call Initiator makes a voice call to Path Terminating Equipment (PTE) (PC simulating remote-device) passing through VGW and OGW having Cisco IOS interim Release 12.4(16.9) images.

Workaround: There is no workaround.

CSCsj49349

Symptoms: A Cisco Route Switch Processor can unexpectedly reload and experience a switchover when a Versatile Interface Processor in the same router containing an ATM Port Adapter fails.

Conditions: Conditions are unknown at this time.

Workaround: There is no workaround.

CSCsj81722

Symptoms: A static address may have an aggregate out label in the BGP and MPLS forwarding entry.

Conditions: This symptom is observed when there is a static route in a VRF, a directly connected network is added, and both the static and connected routes are redistributed to BGP. The BGP table will then have the connected prefix, and both the BGP and forwarding entries will match and have the aggregate out label. But when the connected network is shut down, BGP gets the static route, but the out label remains "aggregate."

Workaround: There is no workaround.

CSCsk28784

Symptoms: Policy is not reactivated after adding new members.

Conditions: Occurs on a Cisco 7200 router when LFIoLL and QoS are configured and service policy is in suspend mode.

Workaround: There is no workaround.

CSCsk54061

Symptoms: Memory allocation failed atm_vpivci_to_vc error occurs and device crashes.

Conditions: Occurs while configuring for ATM-AutoVC or with incoming ATM traffic.

Workaround: There is no workaround.

CSCsk54092

Symptoms: Link-state advertisement (LSA Type 3) may not get flushed from the database when the route is suppose to be included as LSA Type 5.

Conditions: This symptom is observed when an LSA is changed from type 3 to type 5 on a Cisco router. This is a timing problem between OSPF and BGP. Routes redistributed into OSPF are shown as Type 3 LSAs when the sh ip ospf <process-id> database command is entered, even after the removal of the network command under the router which is advertising these routes. These routes are to be learned via Type 5 LSAs. This problem exists in all branches except Cisco IOS Release 12.2S.

Workaround: Configuring the PE routers in different domains using the domain-id A.B.C.D command can solve the issue.

CSCsk61643

Symptoms: AFW application IVR is causing memory leak in Chunk Manager.

Conditions: Occurred on a Cisco AS5400XM running Cisco IOS Release 12.4(15)T1 and Cisco IOS Release 12.4(11)T2.

Workaround: Reload the router.

CSCsk82370

Symptoms: A Catalyst 6000 running Cisco IOS Release 12.2(33)SXH might crash with an address error (load or instruction fetch) exception, CPU signal 10.

Conditions: The crash is observed when crypto is configured on the switch.

Workaround: There is no workaround.

CSCsk82537

Symptoms: About once every 1 or 2 minutes, the value of the delta time found in the responding router in an IP SLA setup is 1 second behind the value it should have. This is causing false timeout as the RTT is then considered as being around 24 hours. The following output illustrates this problem:

IP SLAs(100) jitter operation: Timed out arrival (rtt=86399012)

For 3 consecutive probes:

ST: 75656998, RT: 75657005, DT: 0, CT: 75657014 => correct ST: 75658006, RT: 75658009, 
DT: 0, CT: 75657018 => should be 75658018 ST: 75659006, RT: 75659009, DT: 0, CT: 
75658018 => should be 75659018 ST: 75659998, RT: 75660005, DT: 0, CT: 75660014 => 
correct

Conditions: This has been seen on a Cisco 1812 running Cisco IOS Release 12.4(6)T7.

Workaround: There is no workaround.

CSCsk86150

Symptoms: When EIGRP goes down, BGP installs the major network in the routing table. When EIGRP comes up again, it installs the subnet routes in the routing table, while the BGP major network remains in the routing table. Also, the BGP local source route is not installed in BGP table.

Conditions: Occurs on routers running Cisco IOS Release 12.4(10b) and 12.4(13c) Enterprise Services images.

Workaround: Reconfigure the network command

CSCsk86596

Symptoms: Traceback below is seen when NAT port-map feature is used:

%SYS-3-INVMEMINT: Invalid memory action (free) at interrupt level, -Traceback= 
0x60DCF214 0x600DE678 0x62444240 0x61400E0C 0x61423574 0x60162C2C 0x601411B8 
0x6012EE48 0x60125008 0x60873574 0x60876730 0x6086F158 0x6030A9B0 0x60947FB8 
0x60950810

Conditions: This traceback is seen when packets match port-map configuration.

Workaround: Disable CEF on the inside interface with the no ip route-cache cef command.

CSCsl08480

Symptom:

The following error messages are seen Memory allocation failed atm_vpivci_to_vc with subsequent device crash.

Conditions: Observed with incoming ATM traffic.

Workaround: None.

CSCsl22080

Symptoms: WebVPN hangs after a few days of working. When this happens, no WebVPN connections are active and no new connections can be established. The debug ip tcp transaction command shows connection queue limit reached: port 443 errors. The show tcp brief command displays many sessions in SYNRCVD and TIMEWAIT states. Problem is recovered either by reload or by entering the clear tcp tcb * command. There are few stale sessions in CLOSED state left after clearing TCP.

Conditions: Issue seen in Cisco IOS Release 12.4.15T and Cisco IOS Release 12.4.15T1 when WebVPN is configured. The issue is intermittent and happens after few days or weeks of working.

Workaround: To restore TCP connectivity, issue clear tcp tcb * or reload the router. Note that this will clear all TCP sessions on the router.

CSCsl78850

Symptoms: When the WAN is restored between a MGCP/SRST gateway and CallManager, MGCP gateway intermittently fails to register back with CallManager.

Conditions: Connectivity to the CallManager from Gateway is stopped. When gateway goes in SRST, a PSTN call is placed to a phone that registers with the gateway. Then WAN connectivity is restored. MGCP has one primary call-agent and two redundant hosts configured.

Workaround: Reload the gateway.

Further Problem Description: When the gateway is in this "stuck" state of not registering with the CallManager, if "no ccm-manager mgcp" is configured, it does not take effect, and "no ccm-manager redundant-host ..." also does not take effect. The following error message is displayed: "cmapp_service_emptying_redun_hostlist: Error: cannot execute CCM host change -- must configure again!"

CSCsl82024

Symptoms: AnyConnect does not work on Cisco 870 and Cisco 1800 routers. The client gets downloaded, and dialog states that the connection has been established. Nevertheless, the IP address has not been assigned, and the connection is actually not established. WebVPN works fine, as well as configuration with SCV.

Conditions: Occurs when SSL VPN is configured with AnyConnect on Cisco 871 and Cisco 1800 routers running Cisco IOS Release 12.4(15)T1.

Workaround: Either disable hardware crypto and use only the software crypto, or change the SSL encryption in the "webvpn gateway" configuration as follows.:

webvpn gateway gateway_1 ssl encryption rc4-md5

CSCsl83415

Symptoms: After executing the following CLI (steps mentioned alphabetically) via a script (not reproducible manually), the router sometimes crashes:

Test10 : 
a. clear ip bgp 10.0.101.46 ipv4 multicast out 
b. clear ip bgp 10.0.101.47 ipv4 multicast out 
Test 1:
c. show ip bgp ipv4 multicast nei 10.0.101.2 
d. show ip bgp ipv4 multicast [<prefix>] 
e. config t

Crash does not happen for each of the following cases: 1. if same CLI is cut-paste manually, there is no crash. 2. if clear cli is not executed, there is no crash. 2. if config term is not entered, there is no crash.

Conditions: The symptom occurs after executing the above CLI.

Workaround: There is no workaround.

CSCsl97050

Symptoms: CNS Zero Touch Frame Relay functionality is broken.

Conditions: The configuration command discover dlci is unable to return a list of active DLCIs.

Workaround: There is no workaround.

CSCsm04442

Symptoms: Delete an interface which has ip summary-address rip configured. The router crashes.

Conditions: In the scenario where different summary addresses are configured for different interfaces, if we delete an interface that has a summary-address configuration which is the last one for that summary-address that it leads to.

Workaround: Remove the ip summary-address rip configuration from an interface which is going to be deleted.

CSCsm05625

Symptoms: Router crashes when IP flow ingress is enabled under interfaces.

Conditions: The crash happens on routers running a pre-release version of Cisco IOS Release 12.4T.

Workaround: Disabling netflow prevents the router from crashing.

CSCsm08291

Symptoms: Virtual access interfaces flap, and the following error message is 
displayed: %SYS-2-BADSHARE: Bad refcount in datagram_done.

Conditions:Occurs on a Cisco 7206VXR with NPE-G2 and running Cisco IOS Release 12.4.(11)T1.

Workaround: There is no workaround.

CSCsm08398

Symptoms: Negative number is displayed in the output for the show ip nat translation command and in rate limiting. This limit entry option fails due to the huge number of entries shown in ip nat statistics.

Conditions: In some situations show ip nat statistic calculation falls negative, which shows as huge number by the NAT. Limit entry looks into this number for stop NAT translation. When this is negative limit entry stops NAT from doing translations.

Workaround: There is no workaround.

CSCsm17110

Symptoms: When setting the "FlipAddr" attribute in an IPS signature, one expects the attacker and victim TCP/IP addresses to be swapped. This is not occurring as expected and signature actions will be created against the improper TCP/IP address.

Conditions: Edit an IPS signature and set the "FlipAddr" attribute to True. Receive traffic that should cause the edited signature to fire. If a deny action is configured, the destination/victim TCP/IP address will be used instead of the expected source/attacker TCP/IP address.

Workaround: There is no workaround.

CSCsm17879

Symptoms: After putting the onboard GE0/0-1 interfaces into promiscuous mode, they still will not accept packets with destination MAC other than the broadcast and the interface MAC.

Conditions: This affects the onboard GE interfaces only.

Workaround: Use FE/GE ports from a module to achieve this, if available.

CSCsm26130

Symptoms: When removing a subinterface from the configuration that contains an IP address that falls into the major net of the static route, the static route is no longer injected into the BGP table. Since the route is not in the BGP table, it is not advertised to any peers.

Conditions: This symptom is observed with auto-summary enabled in BGP. A static summary route is configured to null0 and is injected into the BGP table with a network statement.

Workaround: There are four possible workarounds:

1. Use an "aggregate-address" configuration instead of the static route to generate the summary.

2. Remove auto-summary from the BGP process.

3. Enter the clear ip bgp * command.

4. Remove and reconfigure the BGP network statement for the summary route.

CSCsm26610

Symptoms: Router with QoS policer applied on the physical interface crashed after traffic starts. The crash causes subsequent crashes even after router is reloaded and when traffic rate is very low.

Conditions: Occurs when 1000 IPSec tunnels are built on the same physical interface configured with the policer. This is specific to Cisco 7200 routers with NPE-G2 processors. This issue is not seen with cisco 7200s with NPE-G1s or NPE-400s.

Workaround: There is no workaround.

CSCsm28649

Symptoms: P-IP GW acting as a SBC to route SIP traffic does not handle SIP REFER properly if configured to handle the SIP REFER locally.

Conditions: Occurs on a Cisco AS5400Xm configured as an IP-IP gateway to route traffic from a SIP trunk to the MeetingPlace network. By default it forwards the REFER towards the other peer (SIP trunk) which is not supported by the peer. However if configured to handle the SIP REFER locally (by adding a no supplementary-service sip refer in the voice service voip section), then it:

1. Truncates the called number received in the Refer-to header up to the point where it sees a non- numeric character

2. Routes the corresponding Invite to the wrong host: a) It either sends it to the same host from where the REFER was received OR b) If a dial-peer is defined for the called/transfer number pattern, then it uses the destination in this dial-peer

This causes RSNA transfers in the MeetingPlace environment involving multiple MeetingPlace servers to fail.

Workaround: There is no workaround.

CSCsm54873

Symptoms: Embedded Event Manager (EEM) rules may not trigger properly when performing SIP OIR.

Conditions: EEM policies that interact with the IOS CLI through the command action command and EEM TCL policies that use the CLI library may not interact properly when triggered. Incorrect sequencing with the IOS CLI may result when the policies are triggered resulting in the IOS CLI commands not being invoked.

This problem exists on all shipped versions of IOS XE.

Workaround: There is no workaround.

Further Problem Description: This can impact customers that use the Embedded Event Manager with EEM applets or policies that interact with the CLI.

It was seen on the ASR platform and other platforms when "sched heapchecks process" was enabled. A timing issue can cause EEM action CLI commands to not coordinate with the IOS exec properly.

The SIP2 is probably related to the ASR platform. An OIR event is used to trigger the specific EEM policy. This should occur with any EEM type policy however.

SXF is not impacted by this bug.

CSCsm61105

Symptoms: The router can crash due to bus error. The crash is seen after repeatedly after removing virtual-template interfaces under ATM.

Conditions: The crash is seen under the following conditions. 1) Bring up nearly 3000 PPPoE and PPPoEoA sessions. 2) Configure no interface virtual-template<no> under ATM interfaces

Repeating Step 2 continuously will cause a crash.

Workaround: There is no workaround.

CSCsm65445

Symptoms: IVR prompt playback is garbled.

Conditions: Occurred after the audio-prompt load command was used to load a file from flash into memory.

Workaround: A router reload will correctly load the prompt file.

CSCsm72482

Symptoms: CPUHOG messages due to watchdog timeout when empty ACL's are configured:

Feb 10 04:37:04.242: %SYS-3-CPUHOG: Task is running for (124000)msecs, more than 
(2000)msecs (7/1),process = CEF Reloader. -Traceback= 0x21E6D0D0 0x21CF1324 0x203353AC 
0x20335390 Feb 10 04:37:06.242: %SYS-3-CPUHOG: Task is running for (126000)msecs, more 
than (2000)msecs (7/1),process = CEF Reloader. -Traceback= 0x21E6D0C0 0x21CF1324 
0x203353AC 0x20335390 Feb 10 04:37:08.242: %SYS-3-CPUHOG: Task is running for 
(128000)msecs, more than (2000)msecs (7/1),process = CEF Reloader. -Traceback= 
0x21E6D0C0 0x21CF1324 0x203353AC 0x20335390

Conditions: This issue is seen when ACL are configured but do not have any statements.

Workaround: Remove ACLs that are empty

CSCsm76194

Symptoms: When a client connects to the router's web page, authentication and authorization are successful, and then ACS starts accounting. When the user logs in, the router sends a correct start accounting request, but when the user is disconnected, the stop accounting request does not include the username field. The router sends the radius information to ACS, but in the request there is no user- name parameter. On the ACS the disconnection is logged as "user=.."

Conditions: Occurred on a router configured with SSLVPN and when performing AAA with ACS via RADIUS. If the user is connecting via telnet, the stop-accounting works as expected.

Workaround: There is no workaround.

CSCsm91525

Symptoms: Router may crash during certain types of traffic when IPS is enabled.

Conditions: Occurs on routers running IOS IPS with traffic requiring TCP resets to be sent.

Workaround: There is no workaround.

CSCsm96833

Symptoms: A router may crash when a multicast packet is forwarded on a tunnel interface.

Conditions: Occurred when multicast routing and egress netflow are enabled. This is a platform- independent bug.

Workaround: Disable egress netflow on the tunnel interface.

CSCsm99638

Symptoms: Intermittent hung calls are seen in large numbers on a Cisco AS5400XM with AS5X-FC that handles a large volume of calls.

Conditions: Occurs with calls which are requested as a DSP-less hairpin. This is because DSP-less TDM hairpin calls are not supported on the Cisco AS5400XM with AS5X-FC.

Workaround: Block this type of call at the software level.

CSCso00801

Symptoms: After tuning IOS IPS signatures via CSM or SDM and deploying changes, IOS IPS show commands display change, but newly-applicable traffic is not detected.

If three separate updates to service-ports and regular expressions are applied successively, the device may crash.

Conditions: Occurs when user tunes IOS IPS signatures, modifying the service-ports parameter. User deploys change. To confirm change, user issues show ip ips sig sig SIG_ID subid SUB_ID command on the IOS device. The command output will contain the new value; however, newly-applicable traffic that should now cause this signature to fire, will not. Any originally applicable traffic that would match original values, will still cause the signatures to fire.

This behavior will continue until the device is reloaded.

Workaround: Retiring and un-retiring the altered signature will causes the changes to take effect. To prevent crashes, apply the delta updates in one update rather than multiple ones.

You can also remove IOS IPS configuration from all interfaces, then re-apply IOS IPS configuration back to interfaces.

CSCso03424

Symptoms: Group member (GM) goes into re-registration loop.

Conditions: Occurs when only deny ACLs exist in a security association (SA) in a group.

Workaround: Add at least one permit ACL in all SAs in a group.

CSCso05337

Devices that are running Cisco IOS Software and configured for Mobile IP Network Address Translation (NAT) Traversal feature or Mobile IPv6 are vulnerable to a denial of service (DoS) attack that may result in a blocked interface.

Cisco has released free software updates that address these vulnerabilities.

This advisory is posted at the following link http://www.cisco.com/warp/public/707/cisco-sa-20090325-mobileip.shtml

CSCso05771

Symptoms: When clearing the first entry of local domain lists with similar entries, the router crashes if show run is entered.

Conditions: Occurs with routers configured with a domain list similar to this example:

ip urlfilter exclusive-domain permit www.cisco112.com 
ip urlfilter exclusive-domain permit www.cisco186.com
ip urlfilter exclusive-domain permit www.cisco173.com
ip urlfilter exclusive-domain permit www.cisco21.com
ip urlfilter exclusive-domain permit www.cisco194.com 
ip urlfilter exclusive-domain permit www.cisco78.com
ip urlfilter exclusive-domain permit www.cisco124.com

If the following command is entered: no ip urlfilter exclusive-domain permit www.cisco112.com

The router crashes when show run is entered.

Workaround: Do not delete the first entry in similar domain lists.

CSCso07514

Symptoms: Call drops if both IPPhone1 and IPPhone2, with CUBE (IPIPGW) in between, are put on hold and then Resume.

Conditions: Occurs when CUBE (IPIPGW) interworking with CallManager or CVP, in H323-H323 is configured. If phones from both ends are put on hold and then resume, CUBE sends TCS Reject and drops the call.

Workaround: Configure the h245 passthru all command under "voice service voip" as follows:

#voice service voip h323 h245 passthru all

CSCso14546

Symptoms: Users cannot tune IPS signatures that start with 61.

Conditions: Occurs when the following steps are performed: 1. Configure IPS 5.x on a router. 2. Edit an event action for a signature where signature id starts with 61 and it has more than one subsignature-id. 3. Generate IPS XML files using SDM/CP. 4. The updated event action is missing in the XML file for the corresponding signatures. 5. <var name="event-action">xxxxx</var> tag is missed for the signature id.

Workaround: There is no workaround.

CSCso20810

Symptoms: A buffer leak may occur when a router is configured with the combination of NAT, multicast and encryption. Occurs when multicast subsequently flows out a crypto-enabled interface.

Conditions: This bug will effect only those users whose routers are part of a multicast group. They must also have NAT and crypto configured on one or more of the interfaces in the multicast group.

Workaround: Multicast traffic can be forwarded via a GRE tunnel instead of in the clear.

CSCso21432

Symptoms: Router fails to send out secondary DNS requests when the primary DNS server is down.

Conditions: Occurred on a Cisco 1841 running 12.4(15)T3. The router forwards DNS requests to the primary server as expected. However, the router fails to send requests to the secondary server after the primary DNS goes down.

Workaround: Configure the router to act as a DNS fowarder as follows:

1841(config)#ip dns view default 1841(cfg-dns-view)# dns forwarder <primary dns ip> 
1841(cfg-dns-view)# dns forwarder <secondary dns ip>

Then configure PCs to send DNS requests to the affected router for forwarding.

CSCso21611

Symptoms: Device crashes due to memory allocation issue.

Conditions: Observed on Cisco 7200, but this is not a platform-specific bug.

Workaround: There is no workaround.

CSCso32814

Symptoms: Bytes value in show policy-map session output is zero on LAC router.

Conditions: Occurs on a Cisco 7200 router running Cisco IOS Release 12.4(19.9)T1.

Workaround: There is no workaround.

CSCso36664

Symptoms: Router crashes while removing the match criteria for class-map.

Conditions: Occurs on a Cisco 7200 router loaded with Cisco IOS Release 12.4(19.10)T IOS.

Workaround: There is no workaround.

CSCso39964

Symptoms: The router hangs when attempts are made to modify pure ACL configuration while traffic is still flowing.

Conditions: Occurs on routers running Cisco IOS Release 12.4(15)T4. The router returns back to normal if the traffic is stopped.

Workaround: There is no workaround.

CSCso44547

Symptoms: Router crashes while accessing non-functional Common Internet File System (CIFS) server that is configured in WebVPN NetBIOS Name Service (NBNS) list.

Conditions: Occurs only with a non-functional CIFS server.

Workaround: Configure functional NBNS servers.

CSCso44593

Symptoms: A router with VSA may crash while booting.

Conditions: Occurs when the startup configuration has group domain of interpretation (GDOI) crypto map applied on the interface.

Workaround: Copy the configuration after the router is booted.

CSCso45508

Symptoms: Fragmented multicast rekeys and pings are not acknowledged by a multicast receiver.

Conditions: Occurs when fragmented multicast packets are received on a multicast receiver interface with crypto map attached.

Workaround: There is no workaround.

CSCso47788

Symptoms: Customer initially running a 6xT1 MLP bundle using three VWIC-2MFT-T1 modules on same slot 0 of a Cisco 3825 router. The Customer is running both voice and data over this MLP link with QoS (LLQ/CBWFQ) applied to the multilink. The MLP circuit is connected to an MPLS network. The customer has fragmentation disabled on the multilink.

The issue occurs when customer adds a 7th and/or 8th T1 to the MLP bundle, which is connected on slot 2 (VWIC2-2MFT-T1/E1). The customer sees increased latency and jitter using extended pings over the MLP bundle.

Conditions: Occurs on a Cisco 3825 running the c3825-spservicesk9-mz.124-7b Cisco IOS image and using a VWIC2-2MFT-T1/E1 module installed in slot 2 (NM-HDV2-2T1/E1).

Workaround: Manually configure tx-ring-limit 2under serial interfaces residing on the VWIC2-2MFT-T1/E1.

CSCso61743

Symptoms: Router crashes when stcapp is disabled, stcapp ccm-group is removed from configuration, and then stcapp is re-enabled.

Conditions: Occurred on Cisco 2691 and Cisco 3745 routers running Cisco IOS Release 12.4(15)T05. Can also occur on other platforms running this Cisco IOS release. Can also occur if stcapp is disabled and the user attempts to enable stcapp but stcapp fails to start for any reason.

Workaround: There is no workaround.

CSCso63102

Symptoms: Numerous bad enqueue errors on the console resulting in the reload of the Cisco 2800 or Cisco 1800 routers.

Conditions: Occurs when the router has IPSec and GRE configuration with tunnel route-via Serial0/0/0 mandatory command on the tunnel interface.

Workaround: Avoid using tunnel route-via command.

CSCso65148

Symptoms: Group member crashes after running for 8-10 hours.

Conditions: Occurs in the rare condition that a re-registration happens at the same time as the re-key is being processed.

Workaround: There is no workaround.

CSCso66862

Symptoms: Router crashes due to bus error. The crash is seen after repeatedly removing virtual-template interfaces under ATM.

Conditions: The crash is seen under the following conditions.

1. Bringing up nearly 3k PPPoE and PPPoEoA sessions.

2. Configuring no interface virtual-template <no> under ATM interfaces.

Repeating Step 2 continuously will cause a crash.

Workaround: There is no workaround.

CSCso68864

Symptoms: Shape peak percent and absolute value calculations are wrong while attaching policy-map to interface.

Conditions: Occurs when policy-map is attached to interface.

Workaround: There is no workaround.

CSCso69566

Symptoms: QOS police statistics add encryption header to the packet even if pre-classify is configured.

Conditions: Seen with QOS preclassify and VSA. In this case the police counters indicate the wrong byte counts.

Workaround: Disable QOS preclassify, since classification is done after encryption.

CSCso94780

Symptoms: Router crashes after changing matching criteria, as shown in the following example:

config terminal Enter configuration commands, one per line. End with CNTL/Z. 
7301D(config)#class-map myclass6 7301D(config-cmap)#no match ip prec 6 
7301D(config-cmap)#match ip dscp cs6
%ALIGN-1-FATAL: Corrupted program counter 20:48:36 UTC Wed Apr 23 2008 pc=0x6CFFFFB0 , 
ra=0x625BBA54 , sp=0x66270000
%ALIGN-1-FATAL: Corrupted program counter 20:48:36 UTC Wed Apr 23 2008 pc=0x6CFFFFB0 , 
ra=0x625BBA54 , sp=0x66270000
20:48:36 UTC Wed Apr 23 2008: TLB (load or instruction fetch) exception, CPU signal 
10, PC = 0x6CFFFFB0

Conditions: The above symptom is observed on Cisco 7200 and Cisco 7301 routers.

Workaround: There is no workaround.

Resolved Caveats—Cisco IOS Release 12.4(15)T4

Cisco IOS Release 12.4(15)T4 is a rebuild release for Cisco IOS Release 12.4(15)T. The caveats in this section are resolved in Cisco IOS Release 12.4(15)T4 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

Miscellaneous

CSCee56988

Symptoms: High CPU usage occurs on a Cisco 7301, and the following error message and traceback are generated:

%TCP-2-INVALIDTCPENCAPS: Invalid TCB encaps pointer: 0x0 -Process= "L2X SSS manager", 
ipl= 0, pid= 69 -Traceback= 0x606E43DC 0x60B9FAC8 0x60BA11C4 0x619F502C 0x619F4A2C 
0x619F4D34 0x619F35C4 0x619F4FF4 0x619F6820 0x619F5ED8 0x619F6350 0x619CA1F4 
0x619CA6C4 0x619D2524 0x619CABB4 0x619CAFA0

Conditions: This symptom is observed on a Cisco 7301 that runs Cisco IOS Release 12.4(5b) with PPTP/VPDN connections after, on a connected platform, rate limiting is changed to MQC policy-based limiting of the bandwidth. Note that the symptom may be release-independent.

Workaround: There is no workaround.

CSCsa65314

Symptoms: Inbound calls on a MGCP controlled CAS trunk may experience symptoms where the call does not complete and the calling party hears dead air. When this occurs, it will be experienced at that particular timeslot on the digital trunk until some manual intervention take place to correct this.

Conditions: This has been found to occur at times on Cisco IOS VoIP gateways with CAS trunks configured from MGCP back to Cisco Unified CallManager (CUCM/CCM). An inbound call on a timeslot that is in this state will show the vtsp state in show voice call summary as S_DIGIT_COLLECT and will not progress past this point.

Once source of this issue has been when the status of the timeslot on the CallManager and the gateway are not the same. For example, the CallManager may indicate that the channel is out of service (OOS) while the gateway has the status of this timeslot as in-service (idle). Please refer to CSCef58219 which has seen to lead to this state. If this issue is being seen because of this difference in status between the CallManager and the IOS gateway, the recommended action is to upgrade the CallManager with a release that contains the fix for CSCef58219.

Workaround: The only known workaround to prevent this issue from occurring is to use H323 instead of MGCP with CAS trunks.

Once in this state, to recover the timeslots you can: 1. Enter the shutdown command and the no shutdown command on the voice port. 2. When there are multiple channels stuck enter no mgcp and then mgcp.

CSCsg16778

Symptoms: A router may reload when Border Gateway Protocol (BGP) neighbor statements are removed from the configuration.

Conditions: This symptom is observed in rare circumstances on a Cisco router when BGP neighbors are removed very quickly by a script at a much faster rate than manually possible and when a large BGP table is already present on the router before the script adds and removes the BGP neighbors.

Workaround: There is no workaround.

Further Problem Description: If you manually remove the BGP neighbors, it is less likely that the symptom occurs.

CSCsi09549

Symptoms: CPU HOG messages are displayed, and phones are deregistered.

Conditions: This symptom is observed very rarely when music on hold (MoH) is configured to be played from flash. Specifically, this symptom is observed under either of the following two conditions:

1. When polling ciscoFlashMIB.

2. When playing MoH for more than 30 minutes and also once during a h/w conference.

Workaround: The system will recover by itself after some time. Formatting flash: will also solve the issue temporarily.

CSCsi39799

Symptoms: Incomplete HAPI bundle warning message occurs when removing tunnel-protection profile from tunnel interface.

Conditions: Occurred when after adding tunnel protection to a tunnel interface and then removing it.

Workaround: There is no workaround.

CSCsj64731

Symptoms: EIGRP neighbor relationship fails to establish between two routers connected directly.

Condition: Occurs on a Cisco 2800 series router configured for Dynamic Multipoint VPN (DMVPN).

Workaround: Choose one the following options: 1. Disable CEF. 2. Disable on-board crypto engine and use either software crypto or AIM crypto engine.

CSCsj94902

Symptoms: Softkey label is corrupted on Cisco 7905 and Cisco 7960 IP phones.

Conditions: Occurs with Cisco Unified Communications CallManager Express 4.2(1) and when IP phone is configured for Japanese language.

Workaround: There is no workaround.

CSCsk16618

Symptoms: Cisco 870 router is missing usbflash commands.

Conditions: Occurs on a Cisco 870 router running Cisco IOS Release 12.4(16) and Cisco IOS Release 12.4(16)T.

Workaround: There is no workaround.

CSCsk42759

Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS that can be exploited remotely to trigger a memory leak or to cause a reload of the Cisco IOS device.

Cisco has released free software updates that address these vulnerabilities. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities addressed in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself, if administrators do not require the Cisco IOS device to provide voice over IP services.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-sip.shtml.

CSCsk42985

Symptom: On a 1841/WIC-1/WIC-1B-U-V2/c1841-adventerprisek9-mz.124-13c combo [hereafter UUT], 180s after BRI interface successfully dials HUB PRI, 1/2 PING packets FAIL from HUB routers destined through UUT to a device on FastEthernet of the UUT, through the CEF switching path.

180 seconds after the ISDN Call from UUT successfully dials HUB PRI, "show adj vi1 internal" changed from point2point(21) to point2point(20) (incomplete) which coincides exactly with the PING failure. It also coincides with the CEF refresh timer triggering.

The direction of the failure is UUT--->HUB router with packets being dropped as "encapsulation failed" in "show ip traffic".

Conditions: Issue's been reproduced on 1841/WIC-1/WIC-1B-U-V2 using legacy DDR on BRI interface. Issue also reproducible in 124-16.14 IOS

Issue is NOT reproducible on 1720/WIC-1B-U/c1700-sy-mz.122-40 combo.

Workaround: Disable CEF switching by configuring "no ip route-cache cef" on BRI0/1/0 and Fa0/1 on "nhtest2".

CSCsk47116

Symptoms: Cisco 2811 router acting as a Dynamic Multipoint VPN (DMVPN) hub will corrupt multicast packets sent from spoke to spoke through the hub.

Conditions: The symptom is seen when there are at least three spoke sites with receivers and senders on the same multicast group.

Workaround: Disable hardware encryption on the Cisco 2811.

CSCsl04516

Symptoms: A Cisco router may experience the following errors:

Jan 11 07:06:58: %TCP-2-INVALIDTCB: Invalid TCB pointer: 0x476292F0 -Process= "Skinny 
Socket Server", ipl= 0, pid= 260 -Traceback= 0x41259724 0x41A50418 0x41A54754 
0x41A28134 0x41A2AFA4 0x41A2F30C 0x4095AB80 0x4095B5F4 0x423CD6E4 0x423CD6C8 Jan 11 
07:06:58: %TCP-2-INVALIDTCB: Invalid TCB pointer: 0x476292F0 -Process= "Skinny Socket 
Server", ipl= 0, pid= 260 -Traceback= 0x41259724 0x41A50418 0x41A54754 0x41A28134 
0x41A2AF24 0x41A2F30C 0x4095ABA4 0x4095B5F4 0x423CD6E4 0x423CD6C8

Phones running over secure channels will have registration problems.

Conditions: Occurs on a Cisco 2821 router running Cisco IOS Release 12.4(18).

Workaround: There is no workaround.

CSCsl10489

Symptoms: Optimized Edge Routing (OER) feature may choose an exit with a lower Mean Opinion Score (MOS) when current exit has a better MOS. It does not consider the current exit when it selects the best exit based on MOS.

Conditions: Occurs when MOS is configured as Priority 1 in the OER policy rules for a certain application.

Workaround: There is no workaround.

CSCsl24858

Symptoms: Cisco 7200 router with PA-VXC/B may go into "hang" state and fail to respond to console.

Conditions: Occurs on a Cisco 7200 router with PA-VXC/B and configured for active calls over the PA.

Workaround: There is no workaround.

CSCsl36320

Symptoms: Router crashes after Network Based Application Recognition (NBAR) configuration has been changed with a command like ip nbar custom. The following error message is displayed:

%SYS-3-CPUHOG: %SYS-2-WATCHDOG: Process aborted on watchdog timeout

Conditions: Occurred on a Cisco 2811 router running the c2800nm-advipservicesk9-mz.124-11.T3.bin image.

Workaround: There is no workaround.

CSCsl38029

Symptoms: After several thousand virtual private dial-up network (VPDN) sessions are created and torn down successfully, the router cannot create any new sessions. Either the L2TP Access Concentrator (LAC) or the L2TP Network Server (LNS) may fail with error message "VPDN Failed to obtain session handle." This error message will be seen only when you enable the debug l2tp error command.

Conditions: The maximum number of successful sessions before failure varies by platform.

Workaround: Reload the router.

CSCsl61416

Symptoms: Certain prompts will not play properly. Dead air is heard and call disconnects.

Conditions: Occurs on a Cisco AS5350 acting as a VXML gateway in an IPCC environment and running Cisco IOS Release 12.4(7)b using streaming prompts.

Workaround: Turn off streaming mode. Reloading the gateway temporarily fixes the issue.

CSCsl62609

Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS that can be exploited remotely to trigger a memory leak or to cause a reload of the Cisco IOS device.

Cisco has released free software updates that address these vulnerabilities. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities addressed in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself, if administrators do not require the Cisco IOS device to provide voice over IP services.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-sip.shtml.

CSCsl70143

Symptoms: Under heavy traffic, ISDN calls may be rejected due to high CPU usage with the following messages seen in the log (with tracebacks):

%IVR-3-LOW_CPU_RESOURCE: IVR: System experiencing high cpu utilization (98/100). Call 
(callID=23524) is rejected.
%SYS-3-CPUHOG: Task is running for (2000)msecs, more than (2000)msecs (32/18),process 
= ISDN.

Conditions: This problem occurs only under heavy traffic.

Workaround: There is no workaround.

CSCsl70722

Symptoms: A router running Cisco IOS may crash due to watchdog timeout.

Conditions: Occurs when IP SLA probes are configured and active for a period of 72 weeks. After this much time has passed, polling the rttmon mib for the probe statistics will cause the router to reload. Then the problem will not be seen again for another 72 weeks.

Workaround: There is no workaround.

CSCsl76647

Symptoms: The clear crypto isakmp command deletes SA with connection ID from 0 to 32766. The SA created with the VPN SPA has a connection ID higher than 32766, and cannot be singularly deleted.

Conditions: This symptom occurs when SA is established using the VPN SPA.

Workaround: There is no workaround.

CSCsl87400

Symptoms: H323 setup message is malformed after NAT translation

Conditions: Setup message includes the neededFeatures, desiredFeatures, supportedFeatures extensions.

Workaround: Do not use the extensions listed above.

CSCsl89425

Symptoms: Bidirectional Forwarding Detection (BFD) sessions do not scale. This symptom is especially visible with OSPF client when one of the peers is rebooted after configuring maximum number of BFD sessions.

Conditions: Occurs when configuring maximum BFD sessions or total number of BFD sessions too close to maximum limit.

Workaround: Configure 90% of maximum allowed BFD sessions.

CSCsm03080

Symptoms: Initialization of the encryption card causes traceback on the router.

Conditions: Occurs after installing a Cisco IOS Release 12.4(18.4)T image on the Cisco 7200. The NPE G2 causes the router to crash with a traceback. Shutting down the internal encryption module also causes the traceback.

Workaround: There is no workaround.

CSCsm07760

Symptoms: Router at ROMmon prompt fails to recognize image in slot.

Conditions: Occurred on a router that was upgraded to an internal version of 12.4T.

Workaround: There is no workaround.

CSCsm08085

Symptoms: During performance testing, expected throughput is not achieved when doing QoS marking based on ACL classification.

Conditions: Occurred on a router running Cisco IOS Release 12.4(15)T.

Workaround: There is no workaround.

CSCsm17314

Symptoms: A router may experience a large buffer leak

Conditions: Occurs when WebVPN is configured.

Workaround: There is no workaround.

CSCsm17414

Symptoms: When prompts are being played, the barge-in type-ahead feature works intermittently. During the menu playout, user will make a selection that should stop the rest of the menu from being played. The user is not able to stop the menu playout despite making a selection. Once the menu finishes the prompt accepts the correct digit.

Conditions: Occurred in the Cisco Customer Voice Portal (CVP) VXML application running on Cisco IOS Release 12.4(15)T1. CVP version was 3.1 SR2. CVP VXML Server and Studio 3.1. ICM 7.0 SR4 ES42.

Workaround: Combine two prompts into one.

CSCsm17767

Symptoms: On a gateway configured for ISDN Non-Facility Associated Signaling (NFAS) with a primary and backup D channel, both the primary and backup D channel interfaces may be marked "OUT OF SERVICE" if the gateway sends the first "in-service" message during a D channel switchover.

Conditions: This only occurs when the gateway sends the first ISDN service messaging indicating that it is bringing the backup D channel in service. If the peer sends the message first, the switchover is completed successfully.

Workaround: There is no workaround.

CSCsm24671

Symptoms: Recordings are not saved and a VXML server port is hung until timeout.

Conditions: This occurs when an input element is used prior to the recording element, and the user hangs up during recording. Occurs in CVP 4.0(2) using Cisco IOS Release 12.4.(15)T. The problem is not seen in Cisco IOS Release 12.4(6)XT.

Workaround: There is no workaround.

CSCsm33411

Symptoms: Static virtual tunnel interface (VTI) IPv6 failed to create IPsec security associations during quick mode (QM) negotiation. It reports that the IPSec local address is incorrect, but in fact that local address is correct.

Conditions: Occurs when static VTI IPv6 is configured on the router and IPv6 address has been used as local IPSec endpoint address.

Workaround: There is no workaround.

CSCsm40779

Symptoms: On a PowerPC router the startup configuration size becomes zero and router goes to startup configuration on reboot. As a result the contents of the NVRAM are erased on a reload. The bug is hardware dependent.

Conditions: Occurs only on routers equipped with PowerPC processors and 2MB or more of NVRAM. This issue is caused by large configuration files over 500KB. Likelihood of encountering the issue can be checked by entering the dir nvram: command and looking for startup configuration file size of zero.

Workaround: There is no workaround.

CSCsm45113

Symptoms: Router may install duplicate routes or incorrect route netmask into route table. It could happen on any routing protocol. The problem is introduced by CSCsj50773. See the Integrated-in field of CSCsj50773 for affected images.

Conditions: The problem is triggered by SNMP polling of ipRouteTable MIB. The clear ip route * command can restore the route table until next polling of ipRouteTable MIB.

Workaround: Do not poll ipRouteTable MIB. Instead poll newer replacement MIB, ipForward MIB. The ipRouteTable MIB was replaced by ipForward MIB in RFC 1354.

CSCsm46203

Symptoms: High CPU usage occurs when setting up IPSec tunnels using signature authentication.

Conditions: Occurs on a Cisco 7200 with a VSA accelerator used to perform a large number of signature (RSA) operations.

Workaround: Switch to a pre-shared key method for IKE authentication.

Further Problem Description: Occurs because the VSA card is not used to accelerate RSA operations. Instead those operations are performed in software, which increases CPU usage.

CSCsm46227

Symptoms: Cisco 3845 may crash when there is an incoming trunk call.

Conditions: Occurs if the shared trunk DN is monitored by a FXO port and it is call-forwarded to another trunk DN with "call-forward all".

Workaround: There is no workaround.

CSCsm48415

Symptoms: Cisco Customer Voice Portal (CVP) does not release the port if a user hangs up during database look up.

Conditions: Occurs with the following software configurations: - CVP 3.0 and Cisco IOS Release 12.4.(3g) - CVP 4.1 and Cisco IOS Release 12.4(15)T

Workaround: There is no workaround.

CSCsm48489

Symptoms: PA links do not come up, and the following errors are seen: : 
%T3E3_EC-3-PA_SW_ERR: T3E3_EC on 1: Invalid Link Record anyphy number Software error 
was encountered. : %T3E3_EC-3-PA_CMD_RETURN_ERR: T3E3_EC command T3E3_EC_SCMD_VC_MTU 
return error 2,

Conditions: Occurs on Cisco 7206VXR with NPE-G2, SA-VAM2+, and PA-T3/E3-EC and using the c7200p-advsecurityk9-mz.124-15.T3.bin image.

Workaround: Choose one of the following: - Boot the router without any configuration on PA-T3/E3-EC. Configure card type once the router boots up completely. -Remove the VAM2+ module. -Use a PA-2T3 as an alternate to the PA-T3/E3-EC.

CSCsm50498

Symptoms: During normal operation of Gateway Load Balancing Protocol (GLBP), when state changes from active to listen, the router stops forwarding traffic destined to the virtual MAC. Router still responds to the interface MAC.

Conditions: Occurs on Cisco 1700 routers running Cisco IOS Release 12.4.

Workaround: There is no workaround.

CSCsm57910

Symptoms: All counters stay at zero when the sh policy-map session command is entered and when the forwarding sessions on the LAC router are being terminated on a remote router

Conditions: Occurs on routers running Cisco IOS Release 12.4(15)T3 and earlier releases.

Workaround: There is no workaround.

CSCsm59100

Symptoms: When error.noresource due to a missing audio source occurs in an input state, it will cause handoff to fail.

Conditions: Occurs on Cisco Voice XML Gateway running Cisco IOS Release 12.4T. The handoff failure occurs only in an input state, not in a transition state.

Workaround: There is no workaround.

CSCsm62608

Symptoms: MGDtimer traceback occurs and GM might reregister.

Conditions: Occurs on a Cisco 7200 router when COOP & unicast key is used.

Workaround: There is no workaround.

CSCsm62680

Symptoms: Dynamic NAT using route-map with reversible fails to allow outside-inside traffic when router-map has deny statement first.

Conditions: Occurs when route-map is configured.

Workaround: Remove route-map deny or use ACL.

CSCsm66688

Symptoms: Device may crash due to watchdog timeout or may hang.

Conditions: Occurs when turbo-ACL is enabled, which means that "ip access-list compiled" or "ip access-list compiled reuse" is enabled. The QoS and/or ACL configuration is modified.

Workaround: Remove either "ip access-list compiled" or "ip access-list compiled reuse".

CSCsm67086

Symptoms: Router crashing when attaching a policy-map to an interface.

Conditions: Occurs on a Cisco 2811 running Cisco IOS Release 12.4(15)T2 and 12.4(15)T3. Does not occur in 12.4(15)T1. The router crashes whenever the following policy-map is attached to a multilink bundle interface:

policy-map QOS class af31 priority percent 70 set dscp af31 class af21 bandwidth remaining percent 5 random-detect set dscp af21 class ef set dscp ef bandwidth remaining percent 5 class be bandwidth remaining percent 5 random-detect set dscp default class class-default fair-queue random-detect

The issue also affects other devices and other interfaces.

Workaround: There is no workaround.

CSCsm69163

Symptoms: H.323 process fails to release memory.

Conditions: Occurs on a Cisco IPIPGW configured for PSTN and VXML and running Cisco IOS Release 12.4(15)T2.

Workaround: There is no workaround.

CSCsm72546

Symptoms: Console flooded by syslog messages. User might have to reboot the machine to get back. Problem may persist until KS interfaces are shut down.

Conditions: Occurs when there are misconfigurations in an ACL, such as lack of Traffic Encryption key (TEK)

Workaround: There is no workaround.

Resolved Caveats—Cisco IOS Release 12.4(15)T3

Cisco IOS Release 12.4(15)T3 is a rebuild release for Cisco IOS Release 12.4(15)T. The caveats in this section are resolved in Cisco IOS Release 12.4(15)T3 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

Wide-Area Networking

CSCeg05149

Symptoms: After a secondary image is loaded by Standby, "NVRAM Verification Failed" messages show up on Standby console resulting in lost startup and private configuration.

Conditions: The problem is seen only on a Cisco RSP platform that is running Cisco IOS 12.2SB versions.

Workaround: Issue the write memory command as soon as slave comes up.

CSCsj03501

On a Cisco IOS router with both NAT and IOS Firewall configured, if a TCP RST packet is received for a given TCP session, and the RST does not contain the correct next expected sequence number, then NAT will tear down the translation without validating it while the firewall will drop the RST due to the more strict TCP state checking and keep the session. This may cause new TCP sessions to fail to establish due to the inconsistent session state between the two features.

It may be possible to work around this issue by increasing the NAT translation first-timeout to a long enough value such that the existing NAT translation does not get torn down before the client attempts to establish new connections.

CSCsj25711

Symptoms: Malformed UDP packets may cause a router with the radius-server local command to reload.

Conditions: This symptom occurs under the following conditions:

1. The debug radius local packet command is turned on.

2. The UDP packets need to use a source IP address that is permitted explicitly by the nas ip-address command.

3. The key information is not used to cause the reload.

Workaround:

1. Disable the debug when not in troubleshooting.

2. Make sure that only traffic from trusted clients can reach the router by Reverse Path Forwarding (RPF) check or other IP spoofing counter measures.

Further Problem Description: When router tries to display contents of a UDP packet sent to its RADIUS server process, the malformed structure of packet may cause the router to freeze and then crash.

CSCsk25878

Symptoms: An alignment error may occur.

Conditions: This symptom is observed when using the v9 export protocol with Flexible Netflow.

Workaround: There is no workaround.

CSCsl09929

Symptoms: Ping causes router to crash when running MPLS and LDP.

Conditions: This symptom occurs on the Cisco 3270 router that is running MPLS and LDP. The router will crash if a ping packet is attempted. In this environment the router will respond if it is pinged directly, but it will crash if the ping is destined for location known via MPLS.

Workaround: There is no workaround.

CSCsl17226

Symptoms: A router configured with MPLS TE tunnel crashes when the tunnel interfaces are made active.

Conditions: This problem is observed on a router that is running Cisco IOS interim Release 12.4(17.9)T.

Workaround: There is no workaround.

CSCsm31235

Symptoms: Incoming ISDN calls fail with the following error after the SETUP message is received:

ISDN  **ERROR**: Module-CCPRI  Function-CCPCC_CallIdle  Error-Unknown event received 
in message from L3 or Host:  90

Another SETUP may be sent by the carrier due to no response, which generates this error:

ISDN Se0/0/0:23 **ERROR**: L3_GetUser_NLCB: DUPLICATE SETUP, message ignored.

Conditions: This symptom is observed when running Cisco IOS Release 12.4(15)T2.

Workaround: There is no workaround.

Resolved Caveats—Cisco IOS Release 12.4(15)T2

Cisco IOS Release 12.4(15)T2 is a rebuild release for Cisco IOS Release 12.4(15)T. The caveats in this section are resolved in Cisco IOS Release 12.4(15)T2 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

Miscellaneous

CSCdz55178

Symptoms: A router that is configured for QoS may reload unexpectedly or other serious symptoms such as memory corruption may occur.

Conditions: This symptom is observed on a Cisco router that has a cable QoS profile with a name that has a length that is greater than 32 characters as in the following example:

cable qos profile 12 name g711@10ms_for_any_softswitch_Traa^C
                          00000000011111111111222222222333^ 
                          12345678901234567890123456789012|
                                                          |
                                                       PROBLEM
                                                      (Variable Overflowed).

Workaround: Change the name of the cable QoS profile qos profile to a length that is less than 32 characters.

CSCeg20335

Symptoms: A Cisco 10000 series may lose the PVC configurations for several subinterfaces and high CPU usage may occur. When you attempt to reconfigure the PVCs, error messages similar to the following may be generated:

Router#pvc 35/134 Unable to create PVC 35/134 on ATM1/0/0.10350134. Possibly multiple 
users configuring IOS simultaneously Further info about other user: Process id: 42, 
Process: Slot 1/0 CMD Process, TTY: 0, Location: Console Router(config-subif)#

Conditions: This symptom is observed on a Cisco 10000 series that runs Cisco IOS Release 12.2(7)XI1 or Release 12.2(27)SBB.

Workaround: Reload the router.

CSCeh56808

Symptoms: The ip auth-proxy command may not take effect when it is configured on VLAN interfaces, and the following error message may be generated:

"Auth-Proxy not configured on interface FastEthernet0/0/0".

(This error message is generated when an IP phone is connected to port Fa0/0/0.)

Conditions: This symptom is observed only on a router that is configured with switchport interfaces.

Workaround: Configure the ip auth-proxy command on the ingress interface. If this is not an option because the ip auth-proxy command must be configured on VLAN interfaces, there is no workaround.

CSCej49366

Symptoms: If a default metric and a redistribution metric are configured under EIGRP, the redistributed routes are sometimes removed from the EIGRP topology table. Occurs with the following configuration:

router eigrp 1 redistribute ospf 100 metric 1544 10 255 1 1000 network 1.0.0.0 network 4.0.0.0 default-metric 100 100 100 100 100 auto-summary eigrp event-logging

Conditions: Occurs after the default metric statement is removed.

Workaround: Add the default metric statement back into the configuration, or remove and re-apply the explicit redistribute statement for the donor protocol (OSPF in the above example).

CSCek47667

Symptoms: A router may not clear BGP routes when you enter the clear bgp ipv6 unicast * command.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2SXF but is not release-specific.

Workaround: There is no workaround.

CSCek49107

Symptoms: A router crashes when you unconfigure and then reconfigure MLPoFR.

Conditions: This symptom is observed on a Cisco router that has a QoS service policy with traffic shaping.

Workaround: There is no workaround.

CSCek52673

Symptoms: A router that has DHCP server enabled could reload after receiving a malformed UDP packet.

Conditions: Affects routers running Cisco IOS Release 12.2(31)SB, 12.2(31)XN and 12.2(31)XN1. No other releases are affected.

Workaround: There is no workaround.

CSCek60566

Symptoms: Type of Service (ToS) reflected in a L2TP header is not working in Cisco IOS interim Release 12.4(10.8)T2 after configuring the ip tos reflect command on L2TP.

Conditions: This symptom has been observed with Cisco IOS interim Release 12.4 (10.8)T2.

Workaround: There is no workaround.

CSCek68618

Symptoms: The internet key exchange (IKE) lifetime negotiated between the two IKE peers is set to a very large value on the responder, which is larger than the default value of 24 hours.

Conditions: This problem is seen on IOS with IPsec configuration. When an IKE initiator sends its IKE peer an IKE lifetime of 0x70 0x80, the responder will set the lifetime of the IKE SA to be a very large value of 5 days and 18 hours.

Workaround: Use the default value of 24 hours on both peers.

CSCek71877

Symptoms: IPv6 pings are not working when the atm route-bridged ipv6 command is configured on the UUT.

Conditions: This symptom is observed on a Cisco 7200 series router that is running Cisco IOS interim Release 12.4(13.5)T images.

Workaround: There is no workaround.

CSCek73192

Symptoms: When the radius-server attribute 87 circuit-id command is enabled on an LNS, the "nas-port-id" should be overwritten with the "circuit-id" VSA in the RADIUS access request packets. However, this does not occur.

Conditions: This symptom is observed on a Cisco router that functions as an LNS when the L2TP Forwarding of PPPoE Tag Information feature is enabled.

Workaround: There is no workaround.

CSCek73579

Symptoms: Site of Origin (SoO) filtering appears broken and allows unexpected entries.

Conditions: This symptom is seen during normal use.

Workaround: There is no workaround.

CSCek75732

Symptoms: A router may crash when you attach a service policy to range of PVCs.

Conditions: This symptom is observed when a policy map has a bandwidth configured and when the service policy is attached in the ingress direction.

Workaround: There is no workaround.

CSCek76776

Symptoms: The configuration of a deleted subinterface may show up on a new subinterface and may cause a traffic outage.

Conditions: This symptom is observed on a Cisco router that has IP interface commands enabled when a script adds and deletes ATM subinterfaces on a regular basis.

Workaround: Verify the subinterface configuration. When the configuration of a subinterface cannot be deleted, delete the subinterface, and then create a dummy subinterface that will pull the configuration that could not be deleted. Then recreate the first subinterface with a new configuration.

CSCek76933

Symptoms: A router may crash when you configure an ATM PVC on an ATM point-to-point subinterface.

Conditions: This symptom is observed on a Cisco router when the ATM point-to-point subinterface is already part of a bundle.

Workaround: Configure the ATM PVC on an ATM multipoint subinterface.

CSCek77264

Symptoms: Spurious access error occurs after configuring the tms-class command. This command is used when configuring the Threat Information Distribution Protocol (TIDP).

Conditions: The error is found on the Cisco 7200 router in Cisco IOS Release 12.4(13.13)T4.

Workaround: Configure with a short name with the tms-class.

CSCek77688

Symptoms: A Cisco 3660 series router emits tracebacks and unexpectedly reloads software.

Conditions: This symptom is observed on a Cisco 3660 router that is loaded with Cisco IOS interim Release 12.4(13.13)T4.

Workaround: There is no workaround.

CSCek79230

Symptoms: With redundancy configured for GETVPN, group members (GMs) fail to register with the secondary.

Conditions: This symptom happens only when redundancy is configured and when GMs try to register with the secondary

Workaround: GMs could still register with the primary.

CSCek79614

Symptoms: HTTP client cache entry is not updated.

Conditions: Occurs when VXML application scripts do not specify the "maxage" attribute. The cached entries in the HTTP client are not refreshed until they expire. If any of the files are modified on the HTTP server, you must perform one of the workarounds below.

Workaround: Choose one of the following options: 1) Change the "maxage" attribute of the VXML application scripts. 2) Reload the router. 3) Use the audio-prompt load URL command on the router console for each file that needs to be refreshed.

CSCek79637

Symptoms: Incorrect URI base is seen after HTTP Redirect.

Conditions: This symptom occurs in a voice browser when a VXML downloads document A from an HTTP server but gets an HTTP Redirect response from the server. As a result, document B from another location is fetched. If document B has a reference to another document C using "relative" URI base, the final URL for C is not resolved correctly. This is because URI base is calculated based on the URI base for A instead of B.

Workaround: Place "absolute" URI base in the redirected document, for example, instead of using: <audio src="welcome.au"/>, use <audio src="http://server/path/welcome.au"/>.

CSCsb34180

Symptoms: Output from snmpwalk command on entPhysicalChildIndex is decreasing:

.iso.3.6.1.2.1.47.1.3.3.1.1.19.29 = 29
.iso.3.6.1.2.1.47.1.3.3.1.1.20.21 = 21
.iso.3.6.1.2.1.47.1.3.3.1.1.21.22 = 22
.iso.3.6.1.2.1.47.1.3.3.1.1.21.23 = 23
.iso.3.6.1.2.1.47.1.3.3.1.1.21.28 = 28
.iso.3.6.1.2.1.47.1.3.3.1.1.21.24 = 24
Error: OID not increasing: .iso.3.6.1.2.1.47.1.3.3.1.1.21.28 >= .iso.3.6.1.2.1.4
7.1.3.3.1.1.21.24
 
   

The corresponding entPhysicalIndex is pointing to

SNMPv2-SMI::mib-2.47.1.1.1.1.2.21 = STRING: "DC power supply, 4000 watt 1"
SNMPv2-SMI::mib-2.47.1.1.1.1.2.22 = STRING: "power-supply 1 fan-fail Sensor"
...

power supply entry's.

Conditions: Occurs on Cisco IOS Release 12.2(18)SXE and Cisco IOS Release 12.2(18)SXF among others.

Workaround: Create an SNMP view to exclude this entPhysicalIndex in the entPhysicalContainsTable.

CSCsb84050

Symptoms: Cisco IOS authentication proxy does not work when both HTTP and HTTPS servers are enabled.

Conditions: Occurs only when the HTTPS server is enabled in parallel with the HTTP server.

Workaround: Disable the HTTPS server on the router.

CSCsc86135

The supplied note does not exist in CDETS

CSCse14595

Symptoms: Cisco Unified CallManager Express (CME) allows call to connect after the call forward no answer (CFNA) timer has expired.

Conditions: Occurs with Cisco IOS Release 12.4(5). Occurs when there is a delay between call-proc and alerting messages from the ISDN side.

Workaround: Use a longer CFNA timer or use the application default.c.old command.

CSCse59336

Symptoms: MGCP three-way call conferencing may fail because of an abrupt onhook event at the originating endpoint.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.4(9.13) and that is configured for voice calls over Media Gateway Control Protocol (XGCP).

Workaround: There is no workaround.

CSCse76935

Symptoms: A router that is configured for SNA Switching Services (SNASw) may crash.

Conditions: This symptom is observed when links with an end node go down and when there are multiple links to the end nodes, at least one of which supports CP-CP sessions, and one of which does not. The symptom occurs on rare occasions because of a timing condition.

Workaround: Change the end node device configuration such that all links to the SNASw router support CP-CP sessions. As per the APPN architecture, only one link does actually support CP-CP sessions.

Further Problem Description: The symptom occurs because there is a mix of APPN links (that support CP-CP sessions) and LEN links (that do not support CP-CP sessions) from an end node to the SNASw router. The recommended configuration is to have all links between two partners be of the same type. Because LEN links generally do not support parallel TGs, most likely these should be APPN links, all supporting CP-CP sessions. This is a product-dependent configuration on the end node product.

CSCse85151

Symptoms: Cisco Catalyst 4500 Supervisors and Cisco Catalyst 4948 that are running Cisco IOS Release 12.2(31)SG crash when one of the following commands are issued:

- show buffers all - show buffers assigned - show buffers input-interface

Conditions: This symptom occurs when one of the following commands is issued:

- show buffers all - show buffers assigned - show buffers input-interface

Workaround: Do not use any of the above commands. For troubleshooting high CPU issues use the steps indicated in the following tech tip instead:

http://www.cisco.com/warp/public/473/cat4500_high_cpu.html

CSCse96332

The supplied note does not exist in CDETS

CSCsf11944

Symptoms: A router crashes due to the stack for process Exec running low when configuring the auto qos command on an ATM subinterface.

Conditions: The symptom has been observed on a Cisco router loaded with Cisco IOS interim Release 12.4(10.5).

Workaround: There is no workaround.

CSCsf99057

Symptoms: The OSPF Stub Router Advertisement feature may stop functioning after an RPR+ or SSO switchover has occurred, and the newly active RP does not originate router LSAs with infinity metric as it should do when the max-metric router-lsa on-startup router configuration command is enabled.

Conditions: This symptom is observed on a Cisco router that has dual RPs that function in RPR+ or SSO mode when NSF is not enabled on the router and when the standby RP is in the "Standby-Hot" state.

Workaround: Do not configure RPR+ or SSO. Rather, configure RPR. If this is not an option, there is no workaround.

CSCsg25995

Symptoms: Networks do not show in the Multiprotocol BGP (MBGP) table, as can be seen in the output of the show ip mbgp command.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2SB, Release 12.2SR, Release 12.4, or Release 12.4T.

Workaround: Enter the clear ip bgp neighbor-address command to enable the networks to enter the MBGP table.

CSCsg32689

Symptoms: A crash or traceback may occur when the route-map option for fall-over is configured for a BGP peer-session template or peer-group.

Conditions: Occurs when the fall-over [route-mapmap-name] is configured under router bgpautonomous-system-number.

Workaround: There is no workaround. Avoid using the route-map option.

CSCsg71395

Symptoms: High CPU usage may occur in the "CCH323_CT" process on a gateway.

Conditions: This symptom is observed on a Cisco router that is configured as an H.323 gateway and that functions in the following topology:

IP Phone---CCM--- Incoming VoIP Dial Peer -- Cisco H.323 Gateway---FXS -- IVR

The "app-h450-transfer.2.0.0.9.tcl" application is applied on the incoming VoIP dial peer. The symptom occurs when IVR transfers the call and when the transferred call is put on hold.

Workaround: Enter the clear call voice id call-id command to clear the VoIP leg between the Cisco CallManager and the Cisco H.323 gateway. Doing so decreases the CPU usage. Obtain the Call ID from the output of the show call active voice brief command.

Alternate Workaround: Reload the router. Note, however, that high CPU usage may occur immediately after you have reloaded the router if the scenario that is described in the Conditions re-occurs.

CSCsg76408

Symptoms: Multicast traffic from a DMVPN spoke is dropped by a hub when CEF is enabled on the tunnel interface of the hub. This situation causes the spoke to remain in registering mode and the hub to forward the decapsulated data.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.4(9)T1 or an earlier release in a DMVPN environment when the mGRE tunnel interfaces are within a VRF.

Workaround: Disable CEF on the tunnel interface of the hub. Doing so enables the hub to receive the multicast traffic, although the traffic is then process-switched.

CSCsg84975

Symptoms: MGCP NAS calls are dropped.

Conditions: This problem is seen when there are heavy E1 flaps.

Workaround: There is no workaround.

CSCsg85137

Symptoms: A router that has a Cisco IOS firewall enabled may crash because of a breakpoint exception after the following error message has been generated:

%SYS-3-MGDTIMER: Uninitialized timer, timer stop, timer = 66596A90. -Process= "IP VFR 
proc and %SYS-2-BADSHARE: Bad refcount in pak_enqueue

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.4(7) or Release 12.4.(12) when the ip virtual-reassembly command is enabled on an interface.

Workaround: Disable the virtual fragment reassembly (VFR) configuration on the interface by entering the no ip virtual- reassembly command.

CSCsg86036

Symptoms: Cisco 2800 router experiences memory leak when continuously receiving abnormal MGCP messages.

Conditions: Occurs when MGCP media gateway is enabled.

Workaround: There is no workaround.

CSCsg89222

Symptoms: A PPP session that is initiated from a client may not be forwarded. to an LNS.

Conditions: This symptom is observed on a Cisco router after the PPP session has been established.

Workaround: Enter the vpdn source-ip global configuration command.

CSCsg91306

Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS that can be exploited remotely to trigger a memory leak or to cause a reload of the Cisco IOS device.

Cisco has released free software updates that address these vulnerabilities. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities addressed in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself, if administrators do not require the Cisco IOS device to provide voice over IP services.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-sip.shtml.

CSCsh04686

Symptoms: With X25 over TCP (XOT) enabled on a router or Catalyst switch, malformed traffic sent to TCP port 1998 will cause the device to reload. This was first observed in Cisco IOS Release 12.2(31)SB2.

Conditions: Occurs only when x25 routing is enabled on the device.

Workaround: Use IPSEC or other tunneling mechanisms to protect XOT traffic. Also, apply ACLs on affected devices so that traffic is only accepted from trusted tunnel endpoints.

CSCsh22725

Symptoms: Outbound calls fail on a MGCP-controlled CAS channel on a Cisco VoIP gateway.

Conditions: This symptom is observed when the following conditions occur:

- A timeslot on an E&M T1 trunk is taken out of service from the connected switch side, showing as a permanent inbound seizure. In this situation, the output of the show voice call summary command indicates that the status for this channel is "EM_PARK".

- A Cisco CallManager that interworks with the Cisco VoIP gateway checks the status of the trunk via an MGCP AUEP command. The gateway responds with an "ES: rlc" message, which indicates that the trunk is available for calls.

Because the reported availability and actual availability of the channel are mismatched, all outbound calls on the channel fail.

Workaround: Attempt to clear the out-of-service state from the connected switch side. If this is not possible, when interworking with the Cisco CallManager, first enter the shutdown command followed by the no shutdown command on the voice port and then enter the same commands on the T1 controller. Doing so causes the gateway to send an NTFY message that indicates that there is an inbound seizure on the channel.

CSCsh36203

Symptoms: A Cisco router is crashing at p_dequeue.

Conditions: This symptom is observed when testing the Echo cancelling feature in the Cisco 1700 platform but is not platform dependent.

Workaround: There is no workaround.

CSCsh48919

Symptoms: With an ATA flash card, the dir disk0: command will fail if any filename or directory name stored on disk0 contains embedded spaces. This applies to disk1 or disk2 as well. This situation can also occur with a compact flash (CF) card using the dir flash: command.

Conditions: This symptom has been observed when using a removable flash card, such as an ATA flash car or CF card, that is formatted to use DOSFS. The removable flash card is removed from the router and inserted into a laptop that is running a version of the Microsoft Windows operating system. A "New Folder" directory is created on the flash card and the flash card is removed from the laptop and re-inserted into the router. Entering the dir command on the router may fail to show all of the stored files or may crash the router.

Workaround: Remove or rename all files and directories having names with embedded spaces so that no file or directory names contains embedded spaces.

CSCsh50831

Symptoms: Cisco 3745 router crashes with a bus error exception.

Conditions: The occurs after a WAN outage when Skinny Call Control Protocol (SCCP) and session initiation protocol (SIP) phones try to re-home to Cisco Unified CallManager (CCM) after using Cisco Survivable Remote Site Telephony (SRST).

Workaround: There is no workaround.

CSCsh59375

Symptoms: A DHCP interface may not be switched when you enter the ip dhcp smart-relay command.

Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS interim Release 12.4(12.15a) and that is configured for MPLS VPN.

Workaround: There is no workaround.

CSCsh73782

Symptoms: When Cisco IOS firewall is configured, some TCP connections fail.

Conditions: Occurs on an integrated service router.

Workaround: There is no workaround other than disabling the firewall.

CSCsh76895

Symptoms: Multiple conflicting conform/exceed/violate actions are allowed under a single class-map.

Conditions: Occurs when a user configures multiple conflicting conform/exceed/violate actions under the same class-map.

Workaround: There is no workaround.

CSCsh79893

Symptoms: A Cisco 2800 router running zone-based firewall and URL filtering may reload.

Conditions: Occurs when URL filtering is unconfigured or reconfigured under the policy map during periods of high traffic.

Workaround: There is no workaround.

CSCsh92986

Symptoms: The latency for the RSH command could increase when they are flowing through an FWSM module.

Conditions: The following issue was observed on an FWSM that is running 2.2 (1) software. The long delay was triggered by using either Cisco IOS Release 12.3(13a)BC1 or Release 12.3(17a)BC1 on routers toward which those RSH commands were sent.

Workaround: Either bypass the FWSM module or downgrade to Cisco IOS Release 12.3(9a)BC3 which is not affected by this extra delay issue.

CSCsh93657

Symptoms: When you enter the show auto command, an "% Ambiguous command..." error message is generated.

Conditions: This symptom is observed on a Cisco 3845 that runs Cisco IOS interim Release 12.4(13.13)T4 but may also affect other releases.

Workaround: There is no workaround.

CSCsi03359

Symptoms: A PIM hello message may not reach the neighbor.

Conditions: This symptom is observed on a Cisco router when an interface comes up and a PIM hello message is triggered.

Workaround: Decrease the hello timer for PIM hello messages.

Further Problem Description: The symptom occurs because the PIM hello message is sent before the port can actually forward IP packets. IGP manages to get its neighborship up but PIM does not, causing RPF to change to the new neighbor and causing blackholing to occur for up to 30 seconds.

CSCsi08756

Symptoms: The ringback tone level that is played on a platform that is configured for use in a country in Europe may be very low compared to the ITU specification, which states that tones should be nominal -10dBm0.

Conditions: This symptom is observed on a Cisco AS5400XM.

Workaround: There is no workaround.

CSCsi09465

Symptoms: A router may crash with chunk corruption.

Conditions: This symptom is observed on a router that is running Cisco IOS Release 12.4(11)T or later releases with VSA and is using QoS and IPSec prefragmentation.

Workaround: Disable prefragmentation by using the crypto ipsec fragmentation after-encryption command.

CSCsi10697

Symptoms: With NAT behind spoke, Next Hop Resolution Protocol (NHRP) tables are incorrect on the spoke. Packets from spoke1 destined for spoke2 are incorrectly routed to Hub1.

Conditions: Occurs under the following scenario: 1. Spoke1 is registered to Hub1 and Spoke2 is registered to Hub2. 2. Without Applying NAT on MidRouter1, packets from Spoke1 are routed directly to Spoke2. 3. After applying NAT on MidRouter1, packets from Spoke1 to Spoke2 are routed via Hub1.

Workaround: There is no workaround.

CSCsi11996

Symptoms: The following error message is displayed on a Cisco AS5850 router every hour:

%HA_CLIENT-3-NO_CF_BUFFER: The MARVEL CRYPTO HA client failed to get a buffer 
(len=1120) from CF (rc=1); checkpointing failed  
-Traceback= 0x201C9FBC 0x217C1B58 0x217C2068 0x21BBD32C 0x21BBDFD0 0x21BBE180 
0x21DCF368 0x21DCF5C4

Conditions: This symptom has been observed on a Cisco AS5850 gateway running crypto images (c5850tb-k9p9-mz) in RPR+ mode.

Workaround: There is no workaround.

CSCsi17020

A series of segmented Skinny Call Control Protocol (SCCP) messages may cause a Cisco IOS device that is configured with the Network Address Translation (NAT) SCCP Fragmentation Support feature to reload.

Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-sccp.shtml.

CSCsi18151

Symptoms: Device crashes when an ACL is removed.

Conditions: Occurs when traffic matching that ACL is flowing on the interface.

Workaround: Stop the traffic or remove the ip access-group command from the interface level before deleting the ACL.

CSCsi22034

Symptoms: The clear hostview name command clears all of the host entries in the DNS view, causing DNS resolution to fail.

Conditions: Occurs on a router loaded with Cisco IOS Release 12.4(13.5)T and later releases.

Workaround: There is no workaround.

CSCsi25562

Symptoms: Cisco 2600XM router runs out of memory while trying to boot large images.

Conditions: This defect produces crashes under two scenarios: 1.) During loading of large images, such as a c2600-adventerprisek9-mz. 2.) During reload where router goes into ROMMon.

Workaround: There is no workaround.

CSCsi28543

Symptoms: After reloading, one of two dialer interfaces binds all BRI channels, and finally the dialer uses only one channel. However, the one channel not used remains bound to the dialer. Therefore, the other dialers can not use an idle channel. When the problem occurs, the idle BRI channel interface status will become "hardware:down line:up".

Conditions: This problem is found when a router is rebooting, and its peer router over ISDN begins to transmit packets.

Workaround: There is no workaround.

CSCsi32425

Symptoms: A router that is configured for static NAT translations may lose its external/global ARP entry for a NAT address.

Conditions: This symptom is observed when traffic flows run across the router, for example, when the client is outside and server is inside, and when static NAT translation is used for periods of about two minutes.

Workaround: Configure a route map that matches the static NAT translation, and apply the static NAT entry by entering either one of the following commands:

- ip nat inside source static tcp local-ip local-port global-ip global-port route-map name reversible

- ip nat inside source static local-ip global-ip route-map name reversible

CSCsi34004

Symptoms: The following Serial & Asynchronous High-Speed WAN Interface Cards may ignore data terminal ready (DTR) transitions:

-HWIC-8A/S-232 -HWIC-4A/S

Conditions: This occurs when X25 and X28 calls are cleared.

Workaround: There is no workaround.

CSCsi35679

Symptoms: SIP calls legs may hang on a voice gateway.

Conditions: This symptom is observed when outgoing SIP calls are not answered and when the terminating user agent (UA) does not send the final response to an INVITE message.

Workaround: There is no workaround.

CSCsi42680

Symptoms: After a mapping ID has been removed from the Stateful NAT Translation (SNAT) global configuration, a SNAT router may crash unexpectedly.

Conditions: This symptom is observed on a Cisco router that functions as a SNAT router and that runs Cisco IOS Release 12.4 or Release 12.4T.

Workaround: There is no workaround.

CSCsi45748

The supplied note does not exist in CDETS

CSCsi45749

Symptoms: Telephony Application Programmer's Interface (TAPI) sockets are not released by Cisco Unified CallManager Express (CME) after TCP connection closes.

Conditions: Occurs when multiple TAPI clients are brought up and shut down.

Workaround: There is no workaround.

CSCsi45826

Symptoms: IP phone fails to display the appropriate name and number in the To: field.

Conditions: Occurs when call routing takes more time than usual, such as a call from a SIP trunk to a PSTN gateway. The IP phone displays either garbage characters or the caller's ephone-dn name. There is no other impact on phone functionality.

Workaround: There is no workaround.

CSCsi45974

Symptoms: Datagrams fragmented on a router that is running Cisco IOS Release 12.4T may use the same fragmentation identification.

Conditions: This symptom occurs when datagrams are fragmented due to a lower MTU size.

Workaround: There is no workaround.

CSCsi51340

Symptoms: TCP disconnects occur after HTTP redirect.

Conditions: Occurs immediately after an HTTP redirect that includes a port number in the URL.

Workaround: Do not specify a port number in the redirected URL.

CSCsi54186

Symptoms: A Cisco IAD 2400 series may reject sequence numbers for Q.921, causing calls to be dropped or a PBX to lock up.

Conditions: This symptom is observed when a Cisco IAD 2400 series is connected to a third-party vendor phone system and third-party vendor PBX and occurs only when sequence number 16 or 68 is sent to the IAD.

Workaround: There is no workaround.

CSCsi55964

Symptoms: After a gateway receives a high number of calls, calls may not go through intermittently.

Conditions: This symptom is observed on a Cisco 3800 series that functions as a gateway and that is configured for E1R2 signaling. The symptom occurs when the gateway sends a "clear forward" forward to the PSTN before the PSTN sends a "B1" message.

Workaround: There is no workaround.

CSCsi56413

Symptoms: The output may be stuck on a POS interface that is configured for Frame Relay encapsulation. When this situation occurs, the output queue is not emptied, and LMI remains down.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.4(12) or later. This happens only with very specific hardware configurations including NPE-G1 and PA-POS-OC3SMI. The issue observed when aforementioned Port Adapter is located at slot 4 and not seen with other hardware configurations.

Workaround: Place POS PA in other slot(s). PA location reconfiguration in chassis should fix the problem.

CSCsi57197

Symptoms: The T.37 Fax Offramp process may leak small amounts of memory.

Conditions: This symptom is observed on a Cisco router when the fax call on the PSTN side hangs up before the call completion.

Workaround: There is no workaround.

CSCsi57971

Symptoms: IS-IS may not advertise the prefix of a passive interface to the IS-IS database on a local router.

Conditions: This symptom is observed on a Cisco router when you shut down an interface (for example, G9/1/1) of a 5-port GE SPA (SPA-5X1GE) that is installed in a SIP-600, replace the SPA-5X1GE with another card, and then enter the no shutdown interface configuration command on the interface at the same location (G9/1/1) on the new card. In this situation, the prefix for the interface (G9/1/1) is not advertised.

Possible Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.

A second workaround: Enter the "no passive-interface..." followed by "passive-interface..." under "router isis" configuration mode.

CSCsi59685

Symptoms: One-way audio may occur and DTMF digits may not function.

Conditions: This symptom is observed on a Cisco gateway such as a Cisco AS5400 after a SIP transfer has occurred.

Workaround: Enter the no voice-fastpath disable command to resolve the one-way audio issue. There is no workaround for the DTMF issue.

CSCsi61711

Symptoms: Router experiences tracebacks when client attempts to send email.

Conditions: Occurs on a Cisco 1800 router running Cisco IOS Release 12.4(11)T2. Router is configured as an Enterprise Class Teleworker (ECT) spoke.

Workaround: Enable "Inspect TCP" instead of SMTP.

CSCsi61857

Symptoms: When configured with CEFv6 and VTIv6, all packets routed to the Virtual Tunnel Interface (VTI) drop. The show ipv6 traffic command displays format errors.

Conditions: Occurs only when IPv6, CEF, and VTI are configured.

Workaround: Disable CEF.

CSCsi62559

Symptoms: OSPF packets with IP Precedence 0 are classified by SPD as priority packets. This is an error because only IP Precedence 6 packets should be classified as priority packets by SPD.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(18) or a later release but may also affect other releases.

Workaround: Use ACLs to block invalid IP control packets from reaching the control plane.

CSCsi63363

Symptoms: IKE fragmented packets with offset > 0 cannot pass NAT router from outside to inside.

Conditions: This symptom is observed on a Cisco 7206VXR (NPE-G2) with the c7200p-adventerprisek9-mz.124-11.T1 image with NAT.

Workaround: There is no workaround.

CSCsi63470

The supplied note does not exist in CDETS

CSCsi66299

Symptoms: When shut/no shut is executed on a dialer interface, the associated cellular interface stays down even though the causing dialer interface is up.

Conditions: Occurs when the dialer persistent feature enabled.

Workaround: Reload the router. You can also configure the dialer-group command, although this defeats the purpose of the dialer persistent command.

CSCsi70426

Symptoms: Traceback within Process "EAP Framework" is observed when receiving a crafted EAP-ID- RESPONSE packet. Router will see an accompanying SYS-2-MALLOCFAIL error with the traceback.

Conditions: Router has port configured with dot1x parameters on which the packet is received.

Workaround: There is no workaround.

CSCsi70920

Symptoms: In a scenario where traffic is passed to and from two different interfaces, both with the ip admission command configured, EAP over UDP communication will only be triggered for hosts initiating traffic.

This situation results in return traffic that should be allowed after completing the NAC process (for example, via NAC exemption) to be blocked.

Conditions: This symptom has been observed when the ip admission command is configured on two communicating interfaces and NAC needs to be triggered in order to open traffic for return traffic.

Workaround: Instead of sending traffic from A->B and B->A, trigger traffic from A->B and if B sends traffic to any other dummy destination like C. This results in NAC to be triggered for A when it sends the traffic to B, and B will be posture validated when it sends traffic to C.

CSCsi72045

Symptoms: A bus error crash occurs on a Cisco router that is running Cisco IOS Release 12.2(31)SB3.

Conditions: This symptom is seen with AAA and PPPoE configured.

Workaround: There is no workaround.

CSCsi74472

Symptoms: QoS may not function on a dot11 interface. When this situation occurs, all packets are processed according go to the best-effort queue, regardless of whether the packets are data packets, video packets, or voice packets.

Conditions: This symptom is observed on a Cisco router such as a Cisco 1800 series only when the router functions is in pure bridging mode.

Workaround: Do not configure the router for bridging. Rather, use a routing configuration.

CSCsi74960

Symptoms: A router crashes while sending large control packets between client and L2TP Network Server (LNS) in L2TP callback scenario.

Conditions: This symptom happens with a Cisco 7200 router that is running Cisco IOS interim Release 12.4(13.13)T1.

Workaround: There is no workaround.

CSCsi75628

Symptoms: A CAMA 911 call drops after 6 to 11 minutes.

Conditions: This symptom is observed on a Cisco access server such as an AS5350 or AS5400 that processes CAMA calls over a T1 CAS link in the following configuration:

ds0-group 1 timeslots 1 type fgd-os mf dnis-ani

Workaround: There is no workaround.

Further Problem Description: Note that the symptom does not occur when CAMA calls are made over a PRI link.

CSCsi75769

Symptoms: A router may crash at the "qos_collect_aces" function when you apply a service policy to an interface.

Conditions: This symptom is observed when the policy map contains a class that matches not only on multiple named ACLs but also on numbered ACLs and when the class map is configured with a large number of ACEs that exceeds the threshold limit.

Workaround: Remove a few of the ACEs from the class map to ensure that the number of ACEs does not exceed the threshold limit.

CSCsi76616

Symptoms: LDAP packet is modified while passing through NAT router causing LDAP to fail.

Conditions: Network Topolgy ============== LDAP server------->(fa00)NAT 
Router(fa(01)------>LDAP client

The packet after the NAT router seems to have been fragmented and expanded to two parts in LDAP:

Case1 - LDAP failed without "no-payload" ===== - case1_before_nat_router -----> NAT 
Router -----> case1_after_nat_router - LDAP packet modified
Case2 - LDAP passed with "no-payload" ===== - case2_before_nat_router -----> NAT 
Router -----> case2_after_nat_router - LDAP packet unchanged

Workaround: There is no workaround.

CSCsi77147

Symptoms: DTMF path confirmation is not received for a SIP call.

Conditions: This problem is due to an issue with the SIP state machine, which may result in an error along the lines of the following:

00:05:10: //-1/xxxxxxxxxxxx/SIP/Error/sipSPISipIncomingMsg: Invalid method for 
(STATE_IDLE): ACK

The call state should not be IDLE.

Workaround: There is no workaround.

CSCsi81801

Symptoms: The h245 caps suppress nte command may not function, causing an IPPIPGW to continue to advertise the NTE capability in an H.245 capability message.

Conditions: This symptom is observed on a Cisco router that functions as an IPIPGW and that runs Cisco IOS Release 12.4 or Release 12.4T.

Workaround: There is no workaround.

CSCsi81891

Symptoms: RTP packets get transmitted when the mode is recvOnly and inactive.

Conditions: This problem is observed on both the Cisco 2800 and the Cisco 3800 platforms that are running Cisco IOS interim Release 12.4(13.9).

Workaround: There is no workaround.

CSCsi84767

Symptoms: A T38 fax outbound to the Cisco AS5850 fails.

Conditions: After upgrading from Cisco IOS Release 12.3(11)T9 to Cisco IOS Release 12.4(7e), it is observed that fax calls from an analog Cisco IAD2420 or Cisco IAD2430 outbound to the Cisco AS5850 fail. It appears the Cisco AS5850 is having trouble falling back from T38 to passthrough. Standard configuration is T38 enabled on the Cisco AS5850 but not on the analog IAD. Disabling T38 on the Cisco AS5850 results in successful faxing.

Workaround: There is no workaround.

CSCsi89769

Symptoms: Router experiences memory leak.

Conditions: Occurs when the router is a group domain of interpretation (GDOI) member and encrypts bulk rate multicast traffic. If the user enters the clear crypto sa command to delete all of the IPsec SAs, the memory leak occurs.

Workaround: Either avoid using multicast fast switch or do not manually clear bulk GDOI SAs.

CSCsi91665

Symptoms: H.323 calls intermittently disconnect.

For each new call the H.323 GW will generate a TCP Port to be used for call setup. Intermittently the GW will generate a TCP Port that is being used for an established connection. When the GW initiates the three way handshake for the new call, it receives a response with an unexpected ACK sequence number. The GW will then send a TCP RST causing the currently established TCP connection/call to be torn down.

Conditions: This problem is observed in both Cisco IOS Release 12.4(13a) and Release 12.4(13b).

Workaround: There is no workaround.

CSCsi92079

Symptoms: If an access control list (ACL) is used for a destination only prefix, a fatal error is declared and shuts down optimized edge routing (OER). For destination only traffic classes, prefix-list should be used, not ACL or access control entry (ACE).

Conditions: This behavior is observed on Cisco IOS Release 12.4(11)T and later releases at this time.

Workaround: Use prefix list instead of ACL/ACE for destination only traffic classes. For example: - use prefix list for a traffic class 100.1.1.0/24 - use ACE for traffic class 100.1.1.0/24 DSCP af11

CSCsi92614

Symptoms: Virtual Switch Interface (VSI) process stack overflow causes card to crash.

Conditions: Occurs when connection goes into condition alarm state while multicast is configured and it is managed by Operation and Maintenance (OAM).

Workaround: There is no workaround.

CSCsi93066

Symptoms: An MGCP endpoint may become stuck and generate the following error message:

400 Nas Software error

Conditions: This symptom is observed when a call agent sends a CRCX message after a modem reset.

Workaround: Execute a shut/no shut on the controller.

CSCsi95862

Symptoms: Router crashes when the mobile router-service roam priority command is entered.

Conditions: Crash is observed during unconfiguration after verifying for generic routing encapsulation.

Workaround: There is no workaround.

CSCsi96874

Symptoms: A Cisco 7206 router may generate a traceback and the following error message:

"SYS-2-CHUNKMALLOCFAIL"

Conditions: Seen when the router is configured for QOS pre-classify and a network failure occurs..

Workaround: There is no workaround.

CSCsi97434

Symptoms: The router will crash when IPSec is established only in the case when both PKI and IKE AAA accounting are configured.

Conditions: This symptom occurs when PKI is configured, and the DN is used as the ISAKMP identity. The crash only occurs when the DN is not available, and the server tries to use the DN in the AAA accounting recording.

Workaround: Do not use this configuration combination (PKI, DN as ISAKMP identity and AAA accounting).

CSCsi97649

Symptoms: Cisco 7200 LAC and Cisco 7300 LNS Router crash when approximately 2100 sessions have connected.

Conditions: Occurs when sending bulk PPPoE sessions on the router.

Workaround: There is no workaround.

CSCsi98120

Symptoms: A router may crash because of a bus error. Spurious accesses may be observed.

Conditions: This symptom is observed on a Cisco 7200 series router that has an NPE-G1 and that runs Cisco IOS Release 12.3(22). The router is configured as a PE router and uses MQC hierarchical policies for some subinterfaces and the legacy rate-limit command for other subinterfaces.

Workaround: There is no workaround.

CSCsi98140

Symptoms: Interface is shown in the Admin Down state after router reloads.

Conditions: Occurs on a Cisco 2800 router with serial WIC-1DSU-T1-V2 configured for Serial Line ARP (SLARP). Occurs with Cisco IOS Release 12.4(9)T1 and Cisco IOS Release 12.4(11)T1.

Workaround: After the router reboots, enter the no shut command under the appropriate interface.

CSCsi98730

Symptoms: The MPLS labels for packets that are forwarded via CEF and MPLS over a BGP route may not match the labels in the BGP table, which may lead to traffic loss.

Conditions: This problem occurs under certain circumstances and timing conditions.

Workaround: When the symptom occurs, enter the clear ip route command for the prefix in the VRF.

CSCsi99281

Symptoms: BSTUN and DLSW features do not work.

Conditions: This symptom has been observed on Cisco 3220 and Cisco 3250 routers.

Workaround: There is no workaround.

CSCsj00727

Symptoms: A platform may crash when you apply a service policy to an interface.

Conditions: This symptom is observed on a Cisco AS5850 with a basic QoS configuration that includes a class map, a policy map, and a service policy on an interface. The symptom may not be platform-specific.

Workaround: There is no workaround.

CSCsj01861

Symptoms: Session initiation protocol (SIP) processing fails on a Cisco 3825. Router fails to send outbound requests and responses.

Conditions: Occurs when router is configured for IPIPGW and is running Cisco IOS Release 12.4(11)XW in the following topology:

IP phone -- Callmanager -- H323 -- IPIPGW -- SIP -- SBC-->PSTN

SIP bind commands are configured on the IPIPGW under "voice service voip"

Workaround: Remove the SIP bind statements in the configuration, then add them again. This defect does not occur when SIP bind commands are not used.

CSCsj04563

Symptoms: SSG memory is leaking in Cisco IOS Release 12.4(13b).

Conditions: This symptom occurs when the RADIUS proxy feature is used. Leaking could be triggered on the following call flow scenario:

1. HostObject(HO) with MSID1, ip-address IP1 and username user1@cisco.com is logged on.

2. PDSN sends an acct-stop with MSID1 with session-continue attribute set to TRUE. When this is received, SSG will start a hand-off timer. Note that SSG will not delete the HO at this time.

3. Hand-off timer expires. HO is deleted.

4. SSG now receives an acct-start with MSID1 and username user1@cisco.com.

5. a) SSG will treat this as an auto-domain user, even though auto-domain is not configured on SSG. b) SSG will try to get the profile by extracting the domain name from the structured username and sending an access-req to AAA with username as the domain name. c) Since AAA server does not have the cisco.com profile, it sends an access-reject to SSG. 6. No HostObject is created.

Workaround: There is no workaround.

CSCsj05212

Symptoms: Cisco MGX Route Processor Module (RPM-XF) is unable to check Multiprotocol Label Switching (MPLS) label switched path (LSP) connectivity.

Conditions: Executing the ping mpls command has no effect.

Workaround: There is no workaround.

CSCsj05287

Symptoms: Incoming traffic from a LAN is not correctly marked, preventing the traffic from being correctly enqueued when it is sent to a DSL interface, and causing the traffic to be dropped.

Conditions: This symptom is observed on a Cisco router when you enable QoS through class-map and policy-map commands.

Workaround: There is no workaround.

CSCsj07936

This caveat consists of two symptoms, two conditions, and two workarounds:

Symptom 1: When the interface controller functions of an NPE-G2 functions in promiscuous mode, for example, when HSRP is configured, packets that are not destined for the router may be forwarded anyway.

Condition 1: This symptom is observed on a Cisco 7200 series with an NPE-G2 that runs Cisco IOS Release 12.2(31)SB5 but is not release-specific.

Workaround 1: If HSRP is configured, enter the standby use-bia command. You may need enter the shutdown command followed by the no shutdown command to change the controller state.

Symptom 2: When BVI is configured on native Gigabit Ethernet interfaces of an NPE-G2 within the same group, a ping may not go through.

Condition 2: This symptom is observed on a Cisco 7200 series with an NPE-G2 that runs Cisco IOS Release 12.2(31)SB5 but is not release-specific.

Workaround 2: Configure a static MAC address.

CSCsj08606

Symptoms: A VWIC2-2MFT-T1/E1 may stay in alarm state after either shut/ no shutting the controller or removing and replacing the interface cable.

Conditions: The controller is configured as follows:

controller E1 0/0/0 framing NO-CRC4 ds0-group 0 timeslots 16 type ext-sig... ds0-group 30 timeslots 30 type ext-sig alarm-trigger blue 0

The problem has been observed in the c3845-spservicesk9-mz.124-9.T3 image.

Workaround: Shut/no shut the controller or remove and replace the cable a second time.

CSCsj09247

Symptoms: The ip nat outside source static command has no effect when used with VPN routing/forwarding (VRF).

Conditions: Traffic from an inside interface is not translated to the outside interface.

Workaround: There is no workaround.

CSCsj09838

Symptoms: When the BGP session between a Route Reflector (RR) and PE router flaps, the RR may no longer send some routes to the PE router.

Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS software image that integrates the fix for caveat CSCsi85222. A list of the affected releases can be found at http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCsi85222. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.

Workaround: There is no workaround to prevent the symptom from occurring. When the symptom has occurred, enter the clear ip bgp * all in command on the PE router to retrieve all routes from the RR.

CSCsj10664

Symptoms: A router may crash because of a watchdog timeout when a second ISDN call is established in an ADSL backup scenario when the ADSL is down.

Conditions: This symptom is observed on a Cisco 2811 router that runs Cisco IOS Release 12.4(11)T2 and on a Cisco 3845 router that runs Cisco IOS Release 12.4(11)T1 when QoS is configured on the dialer interface. The symptom may not be platform-specific.

Workaround: Remove the service policy from the dialer interface.

CSCsj10772

Symptoms: The TTL of a CNAME will be zeroed on a DNS reply after passing through a Cisco router that is configured for Network Address Translation (NAT).

Conditions: This symptom is observed on a Cisco router that is configured for NAT that is running Cisco IOS Release 12.4 or 12.4T. Only CNAME records are affected.

Workaround: Use static NAT translations with the keyword "no-payload".

CSCsj13347

Symptoms: Executing the clear crypto sa command.

Conditions: The problem is that the clear crypto sa and the clear crypto isakmp commands are usually used, but these commands do not trigger the reregistration.

Workaround: Use the clear crypto gdoi command.

CSCsj22945

Symptoms: The received image line from a Cisco Unified CallManager (CCM) is incorrectly presented as an audio line to the switch on the other side.

Conditions: Image line received from CCM has c line = "0.0.0.0".

Workaround: There is no workaround.

CSCsj25056

Symptoms: Crash occurs with the following error message:

%SYS-2-CHUNKBADMAGIC: Bad magic number in chunk header, chunk 173E112C data 173EEFC8 
chunkmagic 15A3C78B chunk_freemagic 185993E4 -Process= "Check heaps", ipl= 0, pid= 5, 
- Traceback= 0x15653E8 0x311CC 0x31440 0x2ED80 0x7D855C chunk_diagnose, code = 2 chunk 
name is L2TP CC

Conditions: Occurs when Cisco NPE-G2 is configured with L2TP running Cisco IOS Release 12.4(11)T1.

Workaround: There is no workaround.

CSCsj25395

Symptoms: Having a configuration similar to the following:

interface Dialer1
ip address ip add <mask>
encapsulation frame-relay
dialer pool 1
dialer remote-name other_end
dialer string 0
dialer string oe_tn
dialer caller oe_tn
dialer max-call 1
dialer-group 1
frame-relay map ip addr oe_dlci broadcast
frame-relay interface-dlci loc_dlci
frame-relay ip tcp header-compression

no shutdown !

And entering in the following will crash the device:

interface Dialer1
shutdown
no interface Dialer1

Conditions: Removing the Dialer interface configuration while having IPHC configured on that interface will crash the platform. This is observed on a Cisco 7200 series router that is running Cisco IOS interim Release 12.4(16.5).

Workaround: Remove any IPHC CLI from the Dialer interface prior to deleting the Dialer interface from the configuration.

CSCsj27183

Symptoms: H323-->SIP interworking fails for a Fast start call when transcoding is enabled on an IPIPGW. Transcoding is done between G711ulaw and G729r8 codecs.

Conditions: This failure is seen for H323--SIP--SIP--SIP and H323--SIP--SIP-- H323 call flows when transcoding is enabled on IPIPGW1. It is also seen on H323--H323--H323--SIP call flow for transcoding on IPIPGW2. This is seen only with a Fast Start call (both with H245 Tunnel enabled and disabled), and the call passes with a slow start call.

Workaround: There is no workaround.

CSCsj27294

Symptoms: Abnormal delay occurs during create connection (CRCX) processing.

Conditions: MGCP receives a CRCX and while processing it, it tries to allocate the necessary resources by calling the RM. The resource allocation should take 40 to 50 ms, and the RM should respond with SUCCESS/FAILURE. But in the failed case, even after 2 seconds, the RM does not respond.

Workaround: There is no workaround.

CSCsj30558

Symptoms: High-availability agent sends keepalive messages to UDP port 0, which causes the keepalive mechanism to fail.

Conditions: Occurs on a mobile router configured to use UDP for keepalive messages.

Workaround: There is no workaround.

CSCsj30582

Symptoms: A Cisco IOS router that is running ZPF (Zone-based Policy Firewall) intermittently drops ESP packets even when it is configured to pass them. This causes traffic over an IPsec VPN tunnel through this router to fail intermittently, although the tunnel is up and phase 1 (isakmp) and phase 2 (ipsec) SAs have been established. If the router is configured to log dropped packets, it will log a %FW-6-DROP_PKT syslog message for these packets.

Conditions: This symptom is observed on a Cisco IOS router that is enabled with ZPF (Zone-based Policy Firewall) and that is configured to pass the ESP traffic based on a "match access-group" policy, where the access list has entries to permit the ESP traffic specifically from one host to another.

For example:

class-map type inspect match-any cm-esp match access-group 100

policy-map type inspect in2out class type inspect cm-esp pass

access-list 100 permit esp host 10.0.0.2 host 10.1.1.2 access-list 100 permit esp host 10.1.1.2 host 10.0.0.2

Workaround: Configure the access list so that the source is "any", for example:

access-list 100 permit esp any host 10.1.1.2 access-list 100 permit esp any host 10.0.0.2

First Alternate Workaround: Use the classic Cisco IOS firewall instead of ZPF; that is, use "ip inspect".

Further Problem Description: If an explicit deny rule is added to the above example, for example:

access-list 100 permit esp host 10.0.0.2 host 10.1.1.2 access-list 100 permit esp host 10.1.1.2 host 10.0.0.2 access-list 100 deny esp any any

Then the show access-list command will indicate that the dropped packets are hitting the deny rule, although they should match one of the permit rules:

Router# show access-lists 100

Extended IP access list 100 10 permit esp host 10.0.0.2 host 10.1.1.2 (999 matches) 20 permit esp host 10.1.1.2 host 10.0.0.2 (999 matches) 30 deny ip any any (1 match)

CSCsj34083

Symptoms: Packets in traffic queues that are below their configured threshold may be dropped.

Conditions: This symptom is observed on a Cisco 877 and Cisco 1801 that run Cisco IOS Release 12.4(9)T3 when one of the queues trespasses its threshold. Note the following scenarios:

- When congestion is present, traffic that exceeds its threshold on a CBWFQ service class causes drops on the LLQ classes although the traffic that is associated with the LLQ classes is below the associated threshold.

- When best-effort bandwidth exceeds its threshold, LLQ traffic is discarded although it is below its own threshold.

- When there is no congestion, the router operates as expected.

Workaround: There is no workaround.

Further Problem Description: Note that the symptom does not occur on a Cisco 878 and Cisco 1803.

CSCsj35884

Symptoms: Relay agent router forwarding fails due to the selection of wrong source address (link- address of 0::0).

Conditions: Occurs on a Cisco 7200 router running Cisco IOS Release 12.4(16.5)T and when interfaces are configured as UNNUMBERED interfaces.

Workaround: There is no workaround.

CSCsj36092

Symptoms: DNS forwarding source interface when configured on a router with split DNS feature, does not send out the DNS queries through the expected configured interface.

Conditions: This symptom is seen on a router that is loaded with Cisco IOS Release 12.4(11)T3.

Workaround: Use DNS forwarder <ip address> under the DNS view.

CSCsj36099

The supplied note does not exist in CDETS

CSCsj37877

Symptoms: Cisco 7200 router crashes when configured as a PE.

Conditions: Router is configured as provider edge (PE) router in a hub and spoke topology. It is located in the hub. When ping/traceroute commands are issued from a LAN on the hub towards a LAN in the spoke, it causes the Cisco 7200 to crash. Ping/traceroute issued from the other end does not cause a crash, but traffic does not go through the PE.

Issue was seen with Cisco IOS Release 12.4(15)T. It was not seen with Cisco IOS Release 12.4(11)T.

Workaround: There is no workaround.

CSCsj38829

Symptoms: When running double authentication crypto configurations (ah encap and esp encap auth together) and passing large packet data that requires fragmentation, errored packets can be observed.

Conditions: This symptom has been observed only on routers with AIM-VPN-PLUS AIM cards installed. Routers that support this AIM are the Cisco 1800, Cisco 2600, Cisco 2800, Cisco 3700, and Cisco 3800 routers.

Workaround: Do not use ESP and AH double authentication. You can use the no crypto engine accel command in the configuration to run encryption in the SW engine.

CSCsj39503

Symptoms: Interface flap on a GET VPN group member (GM) may cause the GM not to re-register immediately to the key server (KS) after the interface is up. It can take up to a maximum of 8 minutes before re-registration happens.

Conditions: An interface is down long enough, eg. greater than eight minute, the problem will be seen after the interface is back up.

Workaround: Use EEM and trace the interface state or routing protocol neighbor. As soon as interface is UP or routing protocol neighbor is UP, issue the clear crypto gdoi command on the GM to force reregistration.

CSCsj39538

Symptoms: Router tracebacks and then crashes during deconfiguration (removal) of VRF. The following message was seen prior to crash:

-Process= "IP RIB Update", ipl= 3, pid= 68 
-Traceback= 609538D8 60D1B8B4 612B2838 612588C8 61258CD4 6125E61C 6125ED04 6125EF30 
61261CDC 6125A14C 61265A08 6126BE10 6097CF00 609547D8 609548B8
Address Error (load or instruction fetch) exception, CPU signal 10, PC = 0x609538FC

Conditions: No specific conditions are known to cause this fault.

Workaround: There is no workaround.

CSCsj40156

Symptoms: Memory is leaking in case of radius-proxy users.

Conditions: This symptom is seen when a rad-proxy host object is already present in the SSG box, and it receives the access-request. The accounting starts from the proxy client, which is sent to the AAA server and AAA replies with an access-accept.

Workaround: There is no workaround.

CSCsj41443

Symptoms: Line protocol goes down on a Cisco 7200 router.

Conditions: Occurs while attaching a policy to a packet over SONET (POS) interface configured for frame relay encapsulation.

Workaround: There is no workaround.

CSCsj43800

Symptoms: Clicking the "About" menu item yields a blank popup window and a Java error.

Conditions: Occurs using Cisco Unified CallManager Express (CME) 4.1 with Java 1.5.0_11.

Workaround: There is no workaround.

CSCsj43861

Symptoms: EzVPN hardware client will not attempt to connect to the same peer or the next peer after QUICK MODE failure during IKE.

Conditions: This symptom is observed when EzVPN hardware client remains in SS_OPEN state after the failure of QUICK MODE.

Workaround: Clear the EzVPN session.

CSCsj44679

Symptoms: Cisco Intrusion Prevention System (IPS) can be evaded by using vertical tab characters in the request.

Conditions: Occurs when IPS functionality enabled. Apache uses the isspace libc function to parse HTTP requests, which will return "true" for 0x9, 0xa, 0xb, 0xc, 0xd, and 0x20 characters.

Workaround: There is no workaround.

CSCsj45211

Symptoms: Percentage-based traffic shaping fails.

Conditions: Occurs on a Cisco router that is configured for percentage-based traffic shaping on output policy.

Workaround: There is no workaround.

CSCsj45426

Symptoms: Cisco AS5850 feature boards crash.

Conditions: This symptom occurs when giving the no pri-group timeslots command.

Workaround: There is no workaround.

CSCsj46150

Symptom:

After a variable amount of time the router hangs and stops responding to pings or to the console. All traffic stops passing through the router.

Workaround:

There is no workaround

CSCsj46178

Symptoms: A Cisco AS5850 responds with a 500 Endpoint Unknown to a CRCX for an endpoint on a channelized T3 card. The endpoint otherwise responds normally to AUEP command.

Conditions: This symptom is observed on a Cisco AS5850 that is controlled via MGCP, and the endpoint naming t3 command is configured on the router in either global MGCP configuration or MGCP profile.

Workaround: Do not configure the endpoint naming t3 command. Use t1 endpoint naming instead.

CSCsj46859

Symptoms: Real Time Streaming Protocol (RTSP) inspection does not work with fragmentation.

Conditions: Occurs only when fragmentation is set. Without fragmentation this problem does not occur.

Workaround: There is no workaround.

CSCsj47356

Symptoms: Phone A believes that its offer (in first INVITE) is not answered yet, but it is wrong because UPDATE is for second leg where SDP answer is already sent in a 183 Session Progress.

Conditions: This symptom occurs in a call forwarding scenario. Call comes in from PSTN to a SIP and forwarded to a another SIP Phone.

Workaround: There is no workaround.

CSCsj49255

Symptoms: If there is an ACL and DSCP being used for packet matching on class- map, only the first packet descriptor will get a match, and everything else will not. If DSCP is removed, the packet matching works again.

Conditions: This symptom is observed on a Cisco 7200 with ACL and DSCP with match all option.

Workaround: There is no workaround.

CSCsj50764

Symptoms: You may not be able to configure ATM over MPLS (ATMoMPLS).

Conditions: This symptom is observed on Cisco 7301 that has an ATM port adapter.

Workaround: There is no workaround.

CSCsj50773

Symptoms: Performing the snmpwalk on the ipRouteTable MIB may cause high CPU and reloads.

Conditions: This symptom is observed on a router that is running Cisco IOS Release 12.4(13b) or later releases.

Workaround: Create a view that excludes the ipRouteTable:

snmp-server view cutdown 1.3.6.1.2.1.4.21 exclude snmp-server view cutdown internet included snmp-server community <comm> view cutdown RO

This view restricts the objects that the NMS can poll. It excludes access to the ipRouteTable, but allows access to the other MIBs.

CSCsj58796

Symptoms: No ringback is generated in calls from VoIP to a PBX end using Cisco Multicast Manager (CMM).

Conditions: This symptom has been observed when a call is made from the VoIP side to the PBX side through an MGCP-controlled CMM.

PBX <-------GW (CMM or Cisco 2620XM) <----CCM <----IP Phone

Workaround: Use a Cisco 2620XM router in place of CMM.

CSCsj58969

Symptoms: Executing the show port modem calltracker command on a Cisco AS5400XM can cause bus error crash.

Conditions: This symptom occurs on a Cisco AS5400XM with multiple calls being made and terminated when running Cisco IOS Release 12.4(13a).

Workaround: There is no workaround.

CSCsj59278

Symptoms: When a label switch controller (LSC) for a BPX has an MPLS binding for an IP route, and that IP route goes away, it will correctly get a binding for a less specific IP route, assuming one exists. The problem occurs when that more specific IP route returns. The MPLS bindings stays with the less specific route, instead of switching to the more specific route.

Conditions: Occurs on Cisco IOS Release 12.4(13a). When an LSC has two routes, the more specific route must be removed, then re-added for this problem to occur.

Workaround: Clear the IP route for both routes to correct the problem.

CSCsj59985

Symptoms: A router may crash or produce a spurious access by giving "no encap frame-relay" on a Multilink Frame Relay (MFR) member link.

Conditions: Occurs when a PA-MC-T3-EC/PA-MC-2T3-EC interface is a member of an MFR bundle. The router with NPE-G2 may crash or the router with NPE-G1 may give a spurious access by giving "no encap frame-relay" on that interface.

Workaround: There is no workaround.

CSCsj63916

Symptoms: All DATA analog dialout calls are setting Bearer Capability to 0x8090 instead of 0x0890A3 (indicating the x-Law) where the A3 suffix is for A- law.

Conditions: This symptom has been observed on a Cisco AS5xxx router that is running Cisco IOS software later than Cisco IOS Release 12.4(7e) and having to make outgoing DATA calls.

Workaround: Change to Cisco IOS Release 12.4(7e).

CSCsj64230

Symptoms: When a bidir PIM, with no directly connected receivers, router has to change its RPF interface to the RP, multicast traffic could be lost for up to 60 seconds.

Conditions: This symptom occurs if the connection to the first RP is lost and the middle router changes its RPF for its bidir upstream interface. The middle router then restarts the election process on all DF interfaces, and purges the interface point in the leaf router out its OI @L. That interface will only get repopulated upon a periodic state refresh from the leaf router because the leaf router does not have an RPF change and therefore has no reason to send a triggered Join.

Workaround: There is no workaround.

CSCsj66282

Symptoms: Router with VPN Services Adapter (VSA) crashes.

Conditions: Occurs when Cisco Unified CallManager (CCM) has an access control entry (ACE) defined for the router. When the port number is removed from the crypto interface, the router crashes.

Workaround: There is no workaround.

CSCsj66692

Symptoms: Data corruption copy error tracebacks are seen on the console or output from the show logging command:

%DATACORRUPTION-1-DATAINCONSISTENCY: copy error, -PC= 0x41224EFC, 
- Traceback= 0x4153A7D0 0x4155BA0C 0x4157FAF0 0x41224EFC 0x41DDC0A8 0x41DDC198 
0x41DC6D84 0x41DF3B0C 0x41DC506C 0x41DCE5A4 0x41D91AF8 0x41D90F88 0x41D9BEFC 
0x41D9C0C0 0x41DAEA68

Conditions: Refer to CSCsj44081 for more information.

Workaround: There is no workaround.

CSCsj72039

Symptoms: The prefix of a serial interface that is configured for PPP or HDLC and that functions as a passive interface for IS-IS may not be installed in the local IS-IS database.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(18)SXF6 but is not release-specific.

Workaround: Remove and reconfigure the passive-interface command.

First Alternate Workaround: Enter the clear isis * command.

Second Alternate Workaround: Enter any command that triggers the generation of the local IS-IS database.

CSCsj72647

Symptoms: On a Cisco IOS voice gateway, the show call active voice brief command output on the IP leg shows rx counters stay at 0 for 46 seconds.

Conditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.4(7e).

Workaround: There is no workaround.

CSCsj74812

Symptoms: A router running Cisco IOS may reload unexpectedly.

Conditions: Occurs when using show commands on an exec session that has been established through one of the integrated modems on a WIC-AM or WIC-2AM.

Workaround: There is no workaround.

CSCsj77747

Symptoms: Cisco Security Device Manager (SDM) does not show Intrusion Prevention System (IPS) signatures deployed for Cisco IOS Release 12.4(15)T and Cisco IOS Release 12.4(15)T1 images. This prevents signature view and tuning. Also on navigating to SEAP related screens, the following warning is displayed. "IPS is not enabled on any interface. Please enable IPS.", even though IPS is already configured and deployed.

Conditions: Occurs when the router is running Cisco IOS Release 12.4(15)T or Cisco IOS Release 12.4(15)T1. Issue is due to missing tags in XML file returned by IOS.

Workaround: Downgrade Cisco IOS Release 12.4(11)T3.

CSCsj77998

Symptoms: Bidirectional Forwarding Detection (BFD) sessions do not come up on Cisco ISR routers.

Conditions: BFD sessions remain in Down state and do not transition to Up state.

Workaround: There is no workaround.

CSCsj80906

Symptoms: A Cisco router may crash due to a bus error.

Conditions: Occurs on multiple Cisco router platforms running Cisco IOS Release 12.4(15)T1. The crash can occur if an access-list linked to a service-policy is removed, or if a service-policy is removed on an interface.

Workaround: There is no workaround.

CSCsj81015

Symptoms: Cisco Multiservice IP-to-IP Gateway (IPIPGW) crashes during a stress scenario.

Conditions: This symptom occurs in a stress scenario with 100 SIP-H323 calls + 150 SIP-H323 DTMF interworking (rtp-nte to h245-alpha) calls.

Workaround: There is no workaround.

CSCsj82622

Symptoms: A router may crash when you configure an access control list (ACL) that has at least 50-60 ACEs (about 100 nodes) that is used in policy maps that are already applied to an interface or when you boot the router after having made the configuration change. When the crash occurs, the following error message is generated:

%ALIGN-1-FATAL: Corrupted program counter pc=0x0 , ra=0x0 , sp=0x66EFB8A0

Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.4(15)T or Release 12.4(15)T1.

Workaround: There is no workaround.

CSCsj85065

A Cisco IOS device may crash while processing an SSL packet. This can happen during the termination of an SSL-based session. The offending packet is not malformed and is normally received as part of the packet exchange.

Cisco has released free software updates that address this vulnerability.

Aside from disabling affected services, there are no available workarounds to mitigate an exploit of this vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-ssl.shtml.

CSCsj85505

Symptoms: QoS does not work on the dot11 driver when VLAN is configured. All packets go to the voice queue.

Conditions: This is seen only when vlan is configured for dot11 interface.

Workaround: Remove the VLAN.

CSCsj85516

Symptoms: An IP phone with video capabilities is unable to set up a video call across a NAT boundary and the phone unregisters from Cisco Unified CallManager (CCM).

Conditions: Occurs if the IP video phone is on the NAT outside and CallManager is on the NAT inside.

Workaround: There is no workaround.

CSCsj87522

Symptoms: RTP and RTCP ports are leaked when a ReleaseComplete (reason=newConnectionNeeded) is received as a response to a FastStart Setup that is sent.

Conditions: This problem is seen in Cisco IOS Release 12.4(11)T and Release 12.4(15)T images for a normal H323 to H323 gatekeeper routed call with no supplementary services.

Workaround: There is no workaround.

CSCsj88665

Symptoms: A device with a PA-MC-2T3+ may reset because of a bus error if a channel group is removed while the show interface command is being used from another telnet session at the same time, and then the telnet session is cleared.

The device may also display Spurious Memory Accesses.

Conditions: These symptoms have been observed in the latest Cisco IOS 12.4T and 12.2S releases.

Workaround: Do not remove a channel group while using the show interface command for that interface.

CSCsj88854

Symptoms: A call made over a SIP trunk from a remote phone registered to Cisco Unified CallManager Express (CME) 4.1 to a phone registered to a SIP proxy server results in router crash due to memory overrun.

Conditions: Occurs under the following conditions: 1. Phone call has to be from remote phone. 2. MLPPP should be configured as the WAN link. 3. SIP trunk also traverses the same WAN link.

Workaround: Remove MLPPP.

CSCsj88961

Symptoms: SNASwitch HPR/IP (Enterprise Extender - EE) receiving retransmissions due to HPR/IP UDP packets being dropped at the UDP socket layer in the SNASw router. This leads to poor throughput across the HPR/IP pipe.

Conditions: This can occur when receiving large bursts of HPR/IP traffic inbound to the SNASwitch router. The UDP socket inbound queue can hold a maximum of 50 packets. If more than 50 HPR/IP packets are received before the SNASwitch process can run and dequeue some, subsequent packets will be dropped.

Workaround: There is no workaround.

Further Problem Description: The output of the show ip socket detail command or the show udp detail command (depending on your release of IOS) will show the number of drops that have occurred, the maximum queue size(50) and the highwater value.

HPR/IP Uses ports 12000 through 12004. Here is an example of UDP port 12003 showing 190577 dropped inbound packets:

Proto Remote Port Local Port In Out Stat TTY OutputIF 17 --listen-- x.x.x.x 12003 0 0 61 0 Queues: output 0 input 0 (drops 190577, max 50, highwater 50)

Resolution Summary: The resolution of this bug adds a new qsize parameter on the snasw port configuration command. This allows the specification of a UDP socket queue size value for HPR-IP ports only.

For example:

snasw port EE hpr-ip GigabitEthernet0/1 qsize 500
Note that the default of 50 was not changed by this. In order to increase the size of 
the UDP socket queue the new parameter must be specified.
Other parameters may need to be adjusted as well:
Global configuration:
ip spd queue max-threshold 512 ip spd queue min-threshold 500
Under each IP interface where HPR/IP packets are flowing in and out of this router 
add:
hold-queue 500 in 

CSCsj90012

Symptoms: Some Cisco 2800 and Cisco 3800 platform routers are observed to crash upon startup after the 256MB-v5 has been loaded, and the signature files saved to flash.

Conditions: This symptom occurs when loading the 256MB-v5.sdf file and saving signature files to flash using the ip ips config location flash. The router will then crash when restarted when the files are read out of flash.

Workaround: The crash has not been observed with the package files, such as IOS-S300-CLI.pkg, nor was it repeatable on a Cisco 3725 or Cisco 2651 router.

CSCsj91069

Symptoms: If the filter within a class-map is changed from DSCP to ACL, classification of packets under any of the class-maps stops working.

Conditions: This happens right after reload while traffic is running and matching using the DSCP filter.

Workaround: Reapply the service policy after you make the change and it will start matching properly.

CSCsj91443

Symptom: Router is getting crashed while removing bundle "no bundle test_p2p" .

Condition: Occurs after configuring no bundle test_p2p on point-to-point interface.

Workaround: There is no workaround.

CSCsj94013

Symptoms: Cisco Security Manager (CSM) rollback fails.

Conditions: Occurs with signatures loaded with version 2006-12-18.

Workaround: Disable Intrusion Prevention System (IPS) to unload signatures and reload the desired signature level.

CSCsj94818

Symptoms: Virtual circuit (VC) goes to inactive state due to the fact that peak cell rate (PCR) is higher than physical bandwidth.

Conditions: Problem occurs on Cisco 877 router with ADSL2+ and with Cisco IOS Release 12.4(11)XJ3 and Cisco IOS Release 12.4(15)T1. Occurs when device is configured for VBR-NRT and PCR rate higher than VC bandwidth.

Workaround: Reset the VC.

CSCsj95475

Symptoms: Multicast replicated packets are dropped when passed through an interface with crypto map attached and VPN Services Adapter (VSA) is active.

Conditions: Occurs when multicast packets are coming in the fast switching path, and multicast packets get replicated on different interfaces.

Workaround: use the no ip mroute-cache command to disable multicast fast switching.

CSCsj95947

Symptoms: The following message is seen on the router:

*Aug 6 16:34:47.188: %DATACORRUPTION-1-DATAINCONSISTENCY: copy error, -PC= 0x8005EC50, 
-Traceback= 0x809971F4 0x809B9C2C 0x809DD8A4 0x8005EC50 0x800651E4 0x800652A8 
0x809E42D4 0x809C4A38 0x800652EC 0x809C4BA0 0x809E42D4 0x80A0854C 0x800DB8C0 
0x800DEE48

Conditions: The conditions under which this symptom occurs are not known at this time.

Workaround: There is no workaround.

CSCsj96577

Symptoms: A Cisco AS5400HPX crashes due to a bus error as indicated by show version "System returned to ROM by bus error at PC 0x61728370, address 0xB0D0B45".

Just before the crash the following error message is seen:

%SYS-2-NOTQ: unqueue didn't find 674D6D40 in queue 3C
-Process= "MGCP Application", ipl= 0, pid= 170

Conditions: This symptom is observed on a Cisco AS5400HPX.

Workaround: There is no workaround.

CSCsj97045

Symptoms: While running a Cisco IOS Release 12.4 Mainline release, a Cisco router mAY crash with a bus error. The error displayed will be similar to:

Address Error (load or instruction fetch) exception, CPU signal 10, PC = 0x605AFF94

Conditions: This symptom has been observed only if gateway is configured for Voice over IP (VoIP).

Workaround: There is no workaround.

CSCsj97416

Symptoms: Packets are not matching access-list entries (ACE) at the bottom of the "permit" list while some more specific "deny" ACE are on top on the ACL. Less specific IP should match the "permit" statement on the end of the ACL, but it does not.

Conditions: Occurs on a NPE-G2 with Cisco IOS Release 12.4(15)T1 after a migration from NPE-G1 with Cisco IOS Release 12.3(15b). Packets are not matching the bottom "permit" access-list entries (ACE) while some more specific "deny" ACE are on top on the ACL. Less specific IP should match the "permit" statement on the end of the ACL, but it isn't.

Workaround: There is no workaround.

CSCsj97602

Symptoms: A Cisco access server may run out of free processor memory. This symptom can be seen in the show process memory command. Increased memory utilization will be seen in the Dead pool.

Conditions: This symptom has been observed only in access servers that participate in Cisco Customer Voice Portal (CVP).

When a VXML application is configured with fetchaudio, the fetchaudio playout fails after user disconnect. The fetchaudio should have been removed from the prompt list, but it was not. This causes the session not to be freed when the application is finished.

Workaround: A reload will temporarily free the leaked memory.

CSCsj99328

Symptoms: When using redundant key server (KS), after losing and regaining connect to the primary KS, group members (GMs) will continually generate thousands of register attempts. A GDOI session is correctly created, so the GMs can encrypt and decrypt traffic. However they will be heavily loaded with register attempts, and a significant number of logging messages will be generated. The thousands of register attempts will also overload the KS, preventing other routers from connecting.

Conditions: When redundant KS are configured, if the GMs do not have a connection to the primary KS on boot or when the IPSEC or GDOI lifetime expires. If they lose connection and regain it before the lifetimes expire, the problem does not occur.

Workaround: Configure the GMs for a single KS.

CSCsk00177

Symptoms: GRE traffic needs to be specifically allowed in the outside interface terminating DMVPN IPSec protected traffic.

Conditions: This symptom is observed on a DMVPN tunnel interface with tunnel protection IPSec, with CEF or fastswitching.

Workaround: - use process switching. - allow the GRE traffic.

CSCsk00612

Symptoms: In the startup-config, the VPN routing/forwarding (VRF) definition comes after the crypto keyring as well as the crypto ISAKMP profile definition. This causes the following error messages when the router boots:

% warning: VRF tag your-vrf is not found in configuration % vrf your-vrf not 
configured

Conditions: Occurs on a router configured for VRF and IPSec.

Workaround: Reconfigure the ISAKMP profile and keyring after the router boots.

CSCsk01413

Symptoms: No Cisco IOS IPS signature category other than "all" may be selected before loading the signature package on to the router.

c2811#conf t
Enter configuration commands, one per line. End with CNTLZ.
c2811(config)#ip ips signature-category c2811(config-ips-category)#category ? all All 
Categories

Conditions: Also seen when CSM loads signatures and tries to set the basic category to retired false.

c2811(config)#ip ips signature-category c2811(config-ips-category)#category ios_ips 
basic ^ ^ unrecognized...

Workaround:

1) Set category all to retired true

2811b#conf t 2811b(config)#ip ips signature-category 
2811b(config-ips-category)#category all 2811b(config-ips-category-action)#retired true 
2811b(config-ips-category-action) 2811b(config-ips-category-action)#exit 
2811b(config-ips-category)#exit Do you want to accept these changes? [confirm] 
2811b(config)#

2) Load signatures using copy command or CSM

3) Set desired categories to retired false

2811b#conf t Enter configuration commands, one per line. End with CNTLZ. 
2811b(config)#ip ips signature-category 2811b(config-ips-category)#category ios_ips 
basic 2811b(config-ips-category-action)#retired false 
2811b(config-ips-category-action)#exit 2811b(config-ips-category)#exit Do you want to 
accept these changes? [confirm] 2811b(config)# 

CSCsk01615

Symptoms: Category processing (the time after the user enters category selection to the time the prompt returns) took 8 minutes to complete.

Conditions: When adding or modifying any signature categories with the following releases: 12.4(11)T2, 12.4(11)T3, 12.4(15)T.

Workaround: There is no workaround.

Further Problem Description: Scenarios that this issue will happen: 1. configure the following categories first category all retired true category ios_ips basic retired false then load sig pkg on to the router, the router then took ~ 2 minutes to build the engines. Afterwards, removing the "ios_ips basic" or add any other sig categories, then the router will take 8 minutes category procesing.

2. configure the following categories first category all retired true

then load sig pkg on to the router, then add "category ios_ips basic" or any other categories, e.g. "web_services", the router then took ~ 8 minutes for category processing. Afterwards, removing the "ios_ips basic" or add any other sig categories, then the router will take 8 minutes for category processing.

CSCsk04941

Symptoms: Semaphore hog messages occur on PA-MC-2T3-EC port adapter.

Conditions: When Multilink Point-to-Point Protocol (MLPPP) or Multilink Frame Relay (MFR) are configured, using shut/no shut or making CRC changes causes the messages.

Workaround: There is no workaround.

CSCsk05059

Symptoms: A spurious access error occurs in tfib_post_table_change_sanity_check () function.

Conditions: This symptom occurs if route is deleted. ROUTE_DOWN event is triggered in tfib_post_table_change() function which in turn calls tfib_post_table_sanity_check(). In that function, spurious access is reported, as the only path of route is down.

Workaround: There is no workaround.

CSCsk05495

Symptoms: Some L2TP clients may fail to establish a secure session with Cisco IOS-based L2TP server.

Conditions: Occurs when the L2TP client is not fully compliant of RFC-3817.

Workaround: There is no workaround.

CSCsk06024

Symptoms: Router crashes when WebVPN client attempts to use Outlook Web Access.

Conditions: Occurs when PKI trustpoint configuration is incomplete or incorrect.

Workaround: There is no workaround.

CSCsk09651

Symptoms: A router crashes while a service policy is being attached, detached, or modified across a virtual template under traffic.

Conditions: This symptom is observed on a Cisco 7200 or Cisco 7301 router that is configured with MLPPP over FR on channelized interfaces.

Workaround: There is no workaround.

CSCsk10133

Symptoms: During a mid-call codec switch from g.711 to g.729 on a gatekeeper- controlled gateway, the gateway may intermittently receive a Bandwidth Confirmation (BCF) message from the gatekeeper and wrongly detect it as a Bandwidth Reject (BRJ) message. This results in a release complete being sent from the gateway with a cause code of 65.

Conditions: This condition appears to be intermittent, due to the order of the OLC and the ECS (Empty Capability Set) messaging. This issue will be seen only on gatekeeper-controlled gateways that are doing bandwidth control. This issue is currently being seen only when codecs are switched mid-call to a codec with less bandwidth utilization.

Workaround: Any of the following workarounds should alleviate this issue:

1. Disable bandwidth requests from the gateway:

voice service voip h323 no ras brq

2. Configure all call legs to use the same codec.

3. Do not use a gatekeeper with this gateway.

Further Problem Description: This issue appears to be a recurrence of CSCee60960 and can be seen by enabling the following debugs:

- debug h225 asn1 - debug ras - debug cch323 all

The following would be seen after the BCF is received:

581565: .Aug 15 13:45:06.376: //-

1/xxxxxxxxxxxx/H323/cch323_ras_handle_recv_msg: received msg of type

BCF_CHOSEN

581566: .Aug 15

13:45:06.376: //94506/5A1D2CEFA2CC/H323/cch323_percall_ras_sm: ccb

0xC2A5CA58: received event CCH323_RAS_EVENT_BCF while at

CCH323_RAS_STATE_ACTIVE state

581567: .Aug 15

13:45:06.376: //94506/5A1D2CEFA2CC/H323/cch323_percall_ras_sm: ccb

0xC2A5CA58: changing to new state CCH323_RAS_STATE_ACTIVE

581568: .Aug 15 13:45:06.376: //-

1/xxxxxxxxxxxx/H323/cch323_iev_queue_service: Dispatch 0x1E internal event

to

H245 IWF SM

581569: .Aug 15 13:45:06.376: //94506/5A1D2CEFA2CC/H323/run_h245_iwf_sm:

received IWF_EV_BRJ while at state IWF_OLC_OUT_AWAIT_BCF

581570: .Aug 15 13:45:06.376: //-

1/xxxxxxxxxxxx/H323/h323_set_release_source_for_peer: ownCallId[94506], src

[6]

581571: .Aug 15

13:45:06.376: //94506/5A1D2CEFA2CC/H323/h245_iwf_set_new_state: changing

from

IWF_OLC_OUT_AWAIT_BCF state to IWF_OLC_IDLE state

581572: .Aug 15 13:45:06.376: //-

1/xxxxxxxxxxxx/H323/cch323_iev_queue_service: Dispatch 0xE internal event

to

H245 IWF SM

581573: .Aug 15 13:45:06.376: //94506/5A1D2CEFA2CC/H323/run_h245_iwf_sm:

received IWF_EV_OLC_FAILED while at state IWF_ACTIVE

581574: .Aug 15 13:45:06.376: //-

1/xxxxxxxxxxxx/H323/h323_set_cc_cause_for_spi_err: Categorized cause:65,

category:278

CSCsk10985

Symptoms: IMA group interface does not come up after the reload.

Conditions: This symptom is observed on a Cisco 2811 router with ATM interface that is using VWIC2-2MFT-T1/E1 connected to MGX AUSUM card.

Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the IMA interface.

CSCsk11273

Symptoms: Secondary key server (KS) (new primary) fails to create new TEKs during rekey intervals after network split.

Conditions: Network split --> merge--->split happens between coop key servers and secondary KS left with no TEKs earlier.

Workaround: Clear crypto gdoi in secondary key server. May also require clear crypto gdoi in group members.

CSCsk12739

Symptoms: Router runs out of free memory after applying service policies.

Conditions: Occurs on a Cisco 7200 router running Cisco IOS Release 12.4(15)T with a large QOS configuration. When service-policy is applied to an interface, the memory consumption becomes too high and the free memory is reduced in 235Mb as each service-policy is applied. The interface can be shutdown, but the behavior is the same.

Workaround: There is no workaround. Downgrade to Cisco IOS Release 12.4(11)T1 or upgrade to Cisco IOS Release 12.4T(15)T2.

CSCsk13250

Symptoms: When Cisco's Secure Device Provisioning Registrar (SDP) is configured on a Cisco 7206 router that has a hardware encryption accelerator card enabled (the VSA card), the registrar fails to process incoming requests properly.

Conditions: Occurs when the SDP Registrar processes registration requests coming from a remote location and when the VSA card is enabled.

Workaround: Disabling the VSA card makes the registrar operations work in software mode, and then it works properly.

CSCsk13966

Symptoms: Traffic is inspected by zone-based firewall even though the policy map has an applicable "pass" statement. Instead traffic should be passed without inspection.

Conditions: Possibly occurs only for dynamic interfaces like "virtual-access."

Workaround: Use the "inspect" policy-map action.

CSCsk14137

Symptoms: Cisco 1812J router fails to forward incoming multicast traffic. This problem might be also seen with HWIC-4ESW on other routers.

Conditions: Occurs when the "ip igmp snooping" feature is used with switch-port and a VLAN interface is used as the incoming interface

Workaround: Disable "ip igmp snooping" or use a routed-port instead of a switch-port.

CSCsk14633

This is the Cisco Product Security Incident Response Team (PSIRT) response to a vulnerability that was reported on the Cisco NSP mailing list on August 17, 2007 regarding the crash and reload of devices running Cisco IOS after executing a command that uses, either directly or indirectly, a regular expression. The original post is available at the following link:

http://puck.nether.net/pipermail/cisco-nsp/2007-August/043002.html

The Cisco PSIRT posted a preliminary response on the same day and is available at the following link:

http://puck.nether.net/pipermail/cisco-nsp/2007-August/043010.html

Preliminary research pointed to a previously known issue that was documented as Cisco bug ID CSCsb08386 (registered customers only) , and entitled "PRP crash by show ip bgp regexp", which was already resolved. Further research indicates that the current issue is a different but related vulnerability.

There are no workarounds available for this vulnerability. Cisco will update this document in the event of any changes.

The full text of this response is available at http://www.cisco.com/warp/public/707/cisco-sr-20070912-regexp.shtml

CSCsk16062

Symptoms: CSM rollback of Cisco IOS IPS device fails.

Conditions: This symptom occurs on signatures loaded that are more recent than 2006-12-18.

Workaround: Disable IPS and reload required signatures.

Further Problem Description: The getConfigInfo request is returning the loaded typedefs and causing CSM to consider the signature package to be out of sync with the database.

CSCsk16821

Symptoms: A Cisco router acting as a DHCP server may experience the following problem when Secure ARP is also configured, and the Secure ARP keepalive time is less than the DHCP lease time. If a client device goes into sleep mode for a period of time less than the DHCP server's configured lease time but more than the Secure ARP time, the DHCP lease will be cancelled at the server. If the client awakes, it will have a valid DHCP lease, for the remainder of the last lease time it was granted. When the device awakes and attempts to renew its IP address, it sends a unicast DHCPREQUEST to the DHCP server. Because the lease has been removed from the DHCP server, and there is no ARP entry for the client, the DHCP Server does not send any reply to the device. The Secure ARP feature will, however, prevent the device from communicating until its lease has expired.

Conditions: This symptom has been observed with a Cisco router acting as a DHCP server when Secure ARP is also configured.

Workaround: Disable Secure ARP on the DHCP server or change the Secure ARP keepalive time to correspond to the lease time.

CSCsk16904

Symptoms: A NAT router fails a H323 connection by ARP resolution failure, which ARP request is triggered by H225/H245 packet. When the problem occurs, the NAT router creates an incomplete entry and sends an unexpected ARP request for the destination IP address instead of the next-hop IP address, whereas the destination prefix is not a directly connected route. Therefore if the next-hop router of NAT router disables proxy ARP, the packet forwarding fails. Ping to same destination succeeds when the problem occurs.

Conditions: This problem happens under the following conditions:

- Static NAT or dynamic NAT is configured.
- The next-hop router of NAT router disables proxy ARP.
- H323 terminal device tries to call for another one over NAT router.

Workaround: Enable proxy ARP on the next-hop router.

CSCsk19108

Symptoms: Before sending initial Invite, a Cisco gateway is doing DNS SRV query which gives the actual server name where SIP service is running. And then DNS A query for this server gives IP address of Proxy Server. So initial call is established through this SIP-proxy server. After getting SIP Refer message, to initiate call-transfer with Transfer-to location as Domain-Name, SIP-gateway is doing just DNS A Record Query for Refer-to Host which is returning an IP address where SIP is not running. This causes Transfer Failure.

Conditions: This symmptom is observed on a Cisco 2800 series router but is not platform dependent. The Transfer-target address received in Refer is a FQDN (with default port -5060 OR no port).

Workaround: There is no workaround.

CSCsk20788

Symptoms: Memory access errors occur at run time, possibly causing the router to crashing.

Conditions: Occurs on routers running Cisco IOS Release 12.4(13.13)T1 and later releases.

Workaround: There is no workaround.

CSCsk22420

Symptoms: Time-based ACL matches packets even though the access list is set to INACTIVE.

Conditions: Occurs on router running Cisco IOS Release 12.4.

Workaround: There is no workaround.

CSCsk25243

Symptoms: Policy-map counters may not be accurate and may yield erroneous bps values. If these values are used in policers, it may mean unexpected packet drops.

Conditions: This issue has been seen in a crypto/QoS environment where packet reassembly is needed (such as tunnel protection scheme with tunnel configured to have IP MTU of 1500).

Workaround: In some platforms, such as Cisco 7200 NPE-G1/VAM2+, it has been seen that disabling hardware encryption fixes the issue.

CSCsk25491

Symptoms: A Cisco router may reload and display a message similar to the following:

Aug 19 12:28:51.960: %SYS-3-MGDTIMER: Previous timer has bad forward linkage, timer = 64176C30. -Process= "IPSEC key engine", ipl= 4, pid= 150 -Traceback= 0x607462F0 0x6084FD88

12:28:52 zulu Sun Aug 19 2007: Address Error (load or instruction fetch) exception, CPU signal 10, PC = 0x60815DD4

Conditions: This symptom has been experienced on a Cisco 7206VXR that is running Cisco IOS Release 12.4(16).

Workaround: There is no workaround.

CSCsk25651

Symptoms: With Cisco Unity Express (CUE) integrated to Cisco Unified Communication Manager (CUCM)/CallManager and utilizing SRST functionality, when the IP phones are registered to the SRST router, the message-waiting indication (MWI) states may be incorrect.

Conditions: When a phone registers to a Cisco SRST router, each directory number (DN) gets a particular ephone-dn number that will have a particular MWI state. If the phone unregisters from the SRST router and later re-registers to the router (possibly due to an intermittent connectivity to the CUCM), the ephone-dn number may be different since the ephone-dn numbers are assigned sequentially in a first-come, first-served fashion. The MWI state, however, is remembered from the previous registration that used that ephone-dn number so the MWI status could be incorrect.

Workaround: Configure both the SRST router and the CUE to use SUBSCRIBE/NOTIFY MWI method.

CSCsk26299

Symptoms: When a service policy is modified after it has been applied to an interface, the changes do not take effect.

Conditions: Occurs on a Cisco 2800 router running Cisco IOS Release 12.4(15)T.

Workaround: Apply the service policy to the interface a second time.

CSCsk26774

Symptoms: Native VLAN information is not included in CDP packets going out ports of an EtherSwitch (ESW) module in Cisco 28xx and Cisco 38xx routers. All the platforms using switchports (of any kind built-in/NM/WIC/HWIC) have this issue: Cisco 8xx, Cisco 17xx, Cisco 18xx, Cisco 26xx, Cisco 36xx, Cisco 37xx, Cisco 28xx, and Cisco 38xx.

Conditions: This symptom causes Cisco IP phone models 7961, 7941 and 7970 that are running SCCP firmware to fail to forward traffic coming from a PC connected at the back of the phone.

Workaround: Enable the "Voice VLAN Access" setting on the phone.

CSCsk26973

Symptoms: A router that is running NHRP leaks memory when many incomplete cache entries are created. The incomplete cache entries can be verified by typing the show ip nhrp command and looking for "type incomplete". The memory leaked can be seen by examining the output of the show chunk command and looking for "NHRP Cache".

Conditions: This symptom could occur when traffic to nonexistent or non- responding addresses are forwarded by the router over the DMVPN/NHRP cloud.

Workaround: There is no workaround.

CSCsk27147

Symptoms: The following SNMP is incorrectly generated:

"%SNMP-3-INPUT_QFULL_ERR: Packet dropped due to input queue full

This issue is affecting the CISCO-MEMORYPOOL-MIB instead.

Conditions: Occurs on a Cisco 2600 series router running Cisco IOS Release 12.4(11)T3. The router keeps dropping SNMP packets. The log shows that the packets are dropped because of the input queue beeing full. Although the utilization is sometimes high, this could not be the root cause, as the router keeps dropping packets regardles of the current utilization. Also, the snmp process takes 5-20% of the CPU load.

Workaround: Exclude ciscoMemoryPoolMIB from your query with the following commands: snmp-server view public-view iso included snmp-server view public-view ciscoMemoryPoolMIB excluded Apply this view to the RW community string. This view will exclude only ciscoMemoryPoolMib, all other MIBs will be available.

CSCsk27356

Symptoms: Secure copy (SCP) from a server to a router fails.

Conditions: Occurs when attempting to use SCP to copy a file from a server to a router running Cisco IOS Release 12.4(15)T.

Workaround: There is no workaround.

CSCsk28266

Symptoms: A Cisco 871 router that is configured for VPN remote access re-initiates itself when the VPN server is unavailable.

Conditions: Occurs when the VPN server is unavailable. The router repeatedly attempts to connect to the server.

Workaround: Configure a backup VPN server that can be used when the primary server fails.

CSCsk28857

Symptoms: Rekeying may cause unexpected side effects due to a badcodefix in CSCsk03183. As that DDTS and this fix only existed in the v124_15_t_throttle branch for the T2 release candidate, this issue never made it out to the field or customers.

CSCsk29216

Symptoms: On an ATM interface, if tx-ring-limit were set to 1 with heavy traffics then the interface might get wedged. Throughput performance is degraded due to many packets got dropped.

Conditions: This symptom occurs when setting tx-ring-limit to 1 under an ATM interface with heavy burst traffics.

Workaround: Recommend minimal tx-ring-limit is 2 under this circumstance.

CSCsk30100

Symptoms: Cisco 7200 router may crash when members are moved from a Distributed Link Fragmentation and Interleaving over Leased Lines (dLFIoLL) interface to a Multilink Frame Relay (MFR) interface.

Conditions: Occurs when the QoS service policy is in suspend mode on a MFR interface.

Workaround: Ensure the QoS policy is not in suspend mode before moving members from LFIoLL to MFR.

CSCsk30172

Symptoms: When multicast traffic is sent over the Dynamic Multipoint VPN (DMVPN) tunnel, and a policing policy is applied on the physical interface on which the tunnel is built, policing does not happen. This occurs even though the "show policy-map interface" indicates that policing is in place.

Conditions: Occurs when policing is applied for multicast traffic on a DMVPN Tunnel interface.

Workaround: Issue is not seen when policy-map is attached to the tunnel interface.

CSCsk33780

Symptoms: Compressed Real-Time Protocol (cRTP) shows errors and Low Latency Queuing (LLQ) shows drops from default queue although there is no traffic to match it.

Conditions: This problem can be seen under load of MPPP bundle of several serial interfaces with LLQ and cRTP enabled.

Workaround: There is no workaround.

CSCsk34715

Symptoms: Router crashes when the no ip nat outside command is removed while traffic is being processed.

Conditions: Occurs on a Cisco 7200 router that uses ACL as source.

Workaround: There is no workaround.

CSCsk35985

Symptoms: The system crashes when the show ipv6 ospf lsdb- radix hidden command is entered.

Workaround: Do not enter the show ipv6 ospf lsdb-radix command.

CSCsk36324

Symptoms: On a Cisco router, OSPF might go into a loop during SPF calculation, causing high CPU utilization and rendering the router inaccessible.

Conditions: This symptom occurs when router LSAs with a link metric disallowed by RFC 2328 are present in the network (note that Cisco routers do not originate such LSAs) and when the network is unstable (link flapping during the SPF calculation).

Workaround: To fix the problem, reload the router. To prevent the problem, manually configure a link metric according to RFC 2328.

Important Note: CSCsk36324 caused MPLS TE defect CSCsl18176 and has been backed out under defect CSCsl18176. A new fix for this issue will be committed under defect CSCsl32318.

CSCsk36559

Symptoms: When one of the T1 or E1 controller NM-HDV2 goes down, the voice calls in the other controller are dropped.

This condition relates to interface x/0 x/0/0 (for example, 4/0 causes 4/0/0 to go down).

Conditions: This problem could happen in the MGCP PRI backhauled setup with NM- HDV2.

Workaround: There is no workaround.

CSCsk36600

Symptoms: Router might crash when an extended ACL is applied.

Conditions: Occurs when QoS with the extended ACL is configured first and ACL statements are defined later.

Workaround: Configure permitted host statements sucessively and do the same for permitted networks, then configure ACL statements and attacth this ACL to a class-map.

CSCsk36639

Symptoms: Memory leak occurs when multicast packets pass through an interface with crypto map attached and the VSA crypto engine is used.

Conditions: Occurs because multicast packets coming in through the fast-switching path get replicated on different interfaces.

Workaround: Use the no ip mroute-cache command to disable multicast fast- switching.

CSCsk36942

Symptoms: POTS/PRI calls cause phone to ring but have no voice.

Conditions: Occurred on a router configured for zone-based firewall (ZBF).

Workaround: Use Context-Based Access Control (CBAC) instead of ZBF.

CSCsk37675

Symptoms: IKE security associations cause memory leak.

Conditions: Caused by the failure of IKE phase one exchange.

Workaround: There is no workaround.

CSCsk38628

Symptoms: Router fails to process traffic after a reload.

Conditions: IKE/IPSec SA fails to come up, blocking traffic on the serial interface.

Workaround: Either remove the crypto map on the router and reapply them or remove the online diag.

CSCsk38994

Symptoms: Changes made to Network-Based Application Recognition (NBAR) policies are not automatically applied. Instead the policy must be removed and reapplied to the interface.

Conditions: Occurs in Cisco IOS Release 12.4.11(T) and later releases.

Workaround: Upgrade to Cisco IOS Release 12.4(16).

CSCsk39642

Symptoms: A router crashes.

Conditions: This symptom is observed when you are running Cisco IOS Release 12.4(17) or Release 12.4T and when you copy the saved configuration to the running configuration.

Workaround: There is no workaround.

CSCsk40296

Symptoms: A router may crash when the clear pppoe all command is entered.

Conditions: Occurs when a service policy is attached to a virtual template.

Workaround: There is no workaround.

CSCsk40676

Symptoms: The inside interface of a Cisco router running EZVPN may become unresponsive when sending ICMP messages from a remote VPN client connection.

Conditions: Occurs when LZS compression is used on a Windows Vista client.

Workaround: Disable LZS compression.

CSCsk42299

Symptoms: Cisco IPIPGW does not establish TCP connection for H.245 on the TCP port suggested by Cisco Unified CallManager (CCM).

Conditions: The IPIPGW is configured for FS-to-SS interworking. In CCM, the "Wait for Far-End H.245 Terminal Capability Set" option is unchecked.

Workaround: There is no workaround.

CSCsk42419

The Secure Shell server (SSH) implementation in Cisco IOS contains multiple vulnerabilities that allow unauthenticated users the ability to generate a spurious memory access error or, in certain cases, reload the device.

The IOS SSH server is an optional service that is disabled by default, but its use is highly recommended as a security best practice for management of Cisco IOS devices. SSH can be configured as part of the AutoSecure feature in the initial configuration of IOS devices, AutoSecure run after initial configuration, or manually. Devices that are not configured to accept SSH connections are not affected by these vulnerabilities.

Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-1159 has been assigned to this bug.

The Security Advisory for this issue is posted at

http://www.cisco.com/warp/public/707/cisco-sa-20080521-ssh.shtml

CSCsk42469

Symptoms: Router may crash or report a spurious access when a Data-Link Connection Identifier (DLCI) is altered.

Conditions: Occurs on PA-MC-T3-EC and PA-MC-2T3-EC. When the frame-relay fragment command is entered, a router with NPE-G2 will crash or a router with NPE-G1 will produce a spurious access if frame-relay is unconfigured on the interface.

Workaround: Unconfigure "Frame-relay fragment" first and then unconfigure frame-relay encapsulation.

CSCsk43369

Symptoms: HWIC-4SHDSL_IMA responds with a F5 end-to-end cell instead of a F5 segment cell.

Conditions: HWIC-4SHDSL-IMA is used as a CPE and F5 segment cells are sent to it.

Workaround: There is no workaround.

CSCsk44550

Symptoms: The ATM interface line protocol goes down when configuring OAM-related configurations.

Conditions: Occurs when configuring "oam-pvc" and "oam-bundle."

Workaround: There is no workaround.

CSCsk45076

Symptoms: Router experiences traceback: ipnat_dns_fix_resou.

Conditions: Occurs when DNS traffic traverses the router and NAT is configured.

Workaround: There is no workaround.

CSCsk45981

Symptoms:Classification is not happening in third-level policy-map classes

Conditions: Occurs on a Cisco 7200 router running a prerelease build of Cisco IOS Release 12.4(15)T2.

Workaround: There is no workaround.

CSCsk46486

Symptoms: The Gigabit controller of NPE-G2 board does not correctly recognize the QinQ encapsulation. dropping the packets as giants. The packets with double encapsulation above 1496 bytes are not passing through, being dropped at the input of the NPE-G2 as giants. Reverting to single encapsulation on both sides, the behavior returns as expected, allowing the ping with any size.

Conditions: Occurs on a Cisco 7200 router running Cisco IOS Release 12.2(31)SB7.

Workaround: Configure the L2 interface MTU to 1504 instead of 1500.

CSCsk48302

Symptoms: Router crashes after adding link while member links are shut down.

Conditions: Occurs on a Cisco 7200 router with PA-MC-T3-EC.

Workaround: Reloads may be caused by route flapping. Add new members while existing members are active.

CSCsk54153

Symptoms: A Cisco router may reload unexpectedly with a software forced crash.

Conditions: This symptom is observed when the FXS port is configured with a DN and the gateway is being reset by CallManager 4.2.

Workaround: There is no workaround.

CSCsk55016

Symptoms: TCP checksum corruption occurs on A Cisco 7200 NPE-G2 router using VSA for IPSec encryption terminating GRE+IPSec tunnels into VRF's. NAT is applied on the GRE tunnel for translating post decrypted clear packets. If there also exists a Crypto Map (on any other interface), and even if the crypto map is not related to the GRE tunnels, then TCP packets traversing through the GRE+IPSec tunnel and getting NAT'd could lead to TCP checksum corruption.

Conditions: 7200-G2-VSA as headend terminating GRE+IPSec Tunnel Protection tunnels into VRF's. The ingress WAN interface is also in a VRF (front-door VRF). NAT outside applied on the GRE tunnel, and NAT inside applied on the VRF LAN interface. When a spoke sends ICMP or UDP packets, the Cisco 7200 VSA decrypts the packets, NAT's them and sends forwards to the VRF LAN segment. No issues here. When the Spoke sends TCP packets, the 7200-VSA decrypts, NAT's and forwards. But the receiving router on the far-end complains about TCP checksum corruption and drops the packets. So the TCP checksum is not being corectly modified by the 7200-VSA post NAT.

Workaround: Remove any CryptoMaps from all interfaces on the Cisco 7200. Or use VAM2+ instead of VSA.

CSCsk55344

Symptoms: Router crashes with simultaneous format on an ATA file system through CLI and SNMP.

Conditions: This symptom is observed on a router that runs Cisco IOS with ATA file system.

Workaround: There is no workaround.

CSCsk56864

Symptoms: EzVPN configured with virtual interface and using Cellular/Async interface as its outside interface with dial-on-demand routing (DDR), can not bring up a call. Also, when Cellular/Async interface loses its IP address, EzVPN gets stuck waiting for the interface to obtain an IP again.

Conditions: Occurs on a Cisco router with DDR on the Ezvpn outside interface (Async or Cellular). Async/cellular losing its IP address

Workaround: There is no workaround.

CSCsk58019

Symptoms: Low call success rate (CSR) is seen when calls traverse a Cisco 3845 router configured for Network Address Translation (NAT) and acting as a session border controller (SBC).

Conditions: This is seen while doing Performance testing on NAT-SBC. The CSR was as low as 25% while making just 75 SIP calls.

Workaround: There is no workaround.

CSCsk60020

The Secure Shell server (SSH) implementation in Cisco IOS contains multiple vulnerabilities that allow unauthenticated users the ability to generate a spurious memory access error or, in certain cases, reload the device.

The IOS SSH server is an optional service that is disabled by default, but its use is highly recommended as a security best practice for management of Cisco IOS devices. SSH can be configured as part of the AutoSecure feature in the initial configuration of IOS devices, AutoSecure run after initial configuration, or manually. Devices that are not configured to accept SSH connections are not affected by these vulnerabilities.

Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-1159 has been assigned to this bug.

The Security Advisory for this issue is posted at

http://www.cisco.com/warp/public/707/cisco-sa-20080521-ssh.shtml.

CSCsk61275

Symptoms: No ring on Cisco Unified IP Phone 7941 while hunting the second overly number in call forward no answer (CFNA) configuration.

Conditions: Overlay button is configured on Cisco 7941, and CFNA configured from first number to second number.

Workaround: Use Cisco IOS Release 12.4(11)XJ3 or Cisco IOS Release 12.4(11)T3.

CSCsk62253

Cisco IOS software contains two vulnerabilities within the Cisco IOS WebVPN or Cisco IOS SSLVPN feature (SSLVPN) that can be remotely exploited without authentication to cause a denial of service condition. Both vulnerabilities affect both Cisco IOS WebVPN and Cisco IOS SSLVPN features:

1. Crafted HTTPS packet will crash device - Cisco Bug ID CSCsk62253.

2. SSLVPN sessions cause a memory leak in the device - Cisco Bug ID CSCsw24700.

Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities. This advisory is posted at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20090325-webvpn.shtml

CSCsk64021

Symptoms: A VXML gateway intermittently fails to submit a recording.

Conditions: This symptom is observed in Cisco IOS Release 12.4.

Workaround: There is no workaround.

CSCsk64248

Symptoms: Crypto maps support order entry of policy idents using sequence numbers. The sending of packets on the outbound interface cascades through the ordered list and applies encryption according to the first match. The packet is encrypted and encapsulated with the appropriate ESP header, which includes the SPI. When receiving an IPSec packet, the SPI is relevant for identifying the security association and the appropriate keys. Once the packet is decrypted, the IP header is compared against the policy idents, which should match. When an ordered list of policy idents is used, the IP header should be compared against the policy idents associated with the security association. This bug was identified based on the code attempting to compare the IP header against the first match in the ordered set of policy idents as opposed to the policy ident associated with the SPI. As a result, the packet is dropped because of invalid policy idents checking.

Conditions:

1. A crypto map with a point-to-point IPSec SA is established to a remote peer.

2. A crypto map with a group IPSec SA is established to a GET VPN group.

3. The order of the crypto map entries is such that the point-to-point SA is prioritized ahead of the group SA.

4. The proxy idents of the group SA are a superset of the point-to-point SA.

5. Outbound traffic matches the point-to-point SA proxy idents first; therefore, it is encrypted with the point-to-point SA.

6. A received encrypted packet uses the SPI to identify the correct key, which happens to associate with the group SA.

7. The packet is decrypted using the group SA.

8. The packet is subsequently checked against the proxy idents. The check is done in priority order, which matches first on the point-to-point SA. The security association used for decryption and the security association used for proxy ident matching are inconsistent; therefore, the packet is dropped despite the fact that the proxy ident matches for the subsequent group security association.

9. The context of the decryption SHOULD have been preserved such that the group SA proxy idents are used for the matching. This would have made the key used for the decryption and the proxy idents consistent, allowing the packet to be forwarded.

Workaround: There is no workaround. The point-to-point IPSec policy ident must be removed in order for the GDOI policy to be applied. This prevents a graceful transition between point-to-point IPSec and GET VPN.

CSCsk65796

Symptoms: All frames received on gigabit ethernet interface are dropped. All drops are reported as overruns in the output of show interfaces and show controllers.

Conditions: Symptom is observed on gigabit ethernet interfaces on NPE-G2 network processor of Cisco 7200 Series Routers. All IOS trains that support NPE-G2 are affected.

Symptom is observed only when the gigabit ethernet controller is in promiscuous mode and with moderate traffic rate. Line protocol on the interface remains up when the error condition is present.

Workaround: There is no workaround. When the gigabit controller falls into this condition, the only way to recover is to power-cycle the router. Soft reload does not clear the problem.

Further Problem Description: Ethernet controller goes into promiscuous mode under two conditions: - bridging is configured on the interface - number of MAC addresses that have to be stored in its MAC address filter table exceed the capacity of the table.

The latter case may happen when a large number of HSRP groups is configured or a large number of IP multicast groups are to be received on the interface.

CSCsk69758

Symptoms: Router is unable to turn on the message waiting indicator (MWI) lights of phones connected to Siemens PBX systems that run a recent software release. The router fails to convert SIP notify messages into the appropriate QSIG MWI messages.

Conditions: The occurs only on Siemens PBXs that have been upgraded to a recent software release.

Workaround: There is no workaround.

CSCsk70446

Cisco IOS emits the %DATACORRUPTION-1-DATAINCONSISTENCY error message whenever it detects an inconsistency in its internal data structures.

A traceback appears after the error message. This traceback is encountered with long URLs.

It is important to note that this error message does not imply that packet data is corrupted. However, it does provide an early indicator of other conditions that can eventually lead to poor system performance or a Cisco IOS restart.

CSCsk72683

Symptoms: Router reloads while attaching service policy to hierarchical class-maps.

Conditions: Occurs when hierarchical class-map is used, as shown as below:

Class-map c1 Match ip precedence 0 Class-map c2 Match class c1

Policy-map out Class c2

Interface ethernet0/0 Service-policy output out

When the policy-map is applied, the router reloads immediately after "service-policy output out".

Workaround: Instead of hierarchical class-maps, use flat class-maps:

Class-map c1 Match ip precedence 0 Class-map c2 Match ip precedence 0(Instead of "match class c1")

Policy-map out Class c2

Interface ethernet0/0 Service-policy output out

CSCsk73104

Cisco IOS contains multiple vulnerabilities in the Data-link Switching (DLSw) feature that may result in a reload or memory leaks when processing specially crafted UDP or IP Protocol 91 packets.

Cisco has released free software updates that address these vulnerabilities. Workarounds are available to mitigate the effects of these vulnerabilities.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-dlsw.shtml

CSCsk75098

Symptoms: A Cisco 7200 NPE-G2 router with a VSA encryption card, terminating IPSec EasyVPN Dynamic Virtual Tunnel Interfaces, exhibits high CPU utilization during IKE and IPSec rekeys, potentially causing some tunnels to go down.

Conditions: This symptom is observed on a Cisco 7200-G2 router with a VSA card, acting as an IPSec HUB, terminating EasyVPN DVTI remote-access IPSec tunnels into VRFs. At high tunnel scale (more than 1000 tunnels), the CPU can spike close to 100 percent during IKE and/or IPSec rekey, potentially causing traffic and tunnels to drop.

Workaround: Do not use more than 1000 RA EasyVPN DVTI tunnels on a Cisco 7200. Or switch to Legacy EasyVPN tunnels (with dynamic crypto maps).

CSCsk78692

A Cisco router running IOS version 12.4(15)T1 may reload unexpectedly due to a bus error crash. This has been experienced repeatedly. The information gathered points to a software issue. At this stage, the root cause has not been found. This enclosure will be updated as more information is gathered.

Workaround: There is no workaround at the current time.

CSCsk81337

Symptom: multipart post to http server failed

Conditions: http client uses multipart post recroding data to server, the failure was caused by content-disposition filename string being enclosed between a pair of quote (") character.

Workaround: None.

CSCsk81602

Symptoms: IPsec failover facilitated by Hot Standby Routing Protocol (HSRP) does not work because the subsystem is not correctly initialized.

Conditions: Occurs on routers running Cisco IOS Release IOS 12.4(15)T and Cisco IOS Release 12.4(15)T1.

Workaround: There is no workaround.

CSCsk82241

Symptoms: Security Device Manager (SDM) is unable to restore default alert frequency parameters after alert frequency has been set to another value.

Conditions: Occurs when using SDM to manage Intrusion Prevention System (IPS) 5.x signatures on routers running Cisco IOS Release 12.4(11)T2 and later releases.

Workaround: Use CLI to reset the alert frequency to default.

CSCsk86004

Symptom: Need to keep IVR related error debugs enabled all the times for perversive CAP contact center

Conditions: When a voice gateway is used as an IVR "contact center", it is often necessary to turn on error debugs for ivr, vxml, http client, rtsp and mrcp.

Workaround: The error debugs need to be manually enabled each time the router is reloaded or when all debugs are disabled.

CSCsk88637

Symptoms: OAM cells are not generated when a new ATM subinterface and PVC is configured. Check subinterface and PVC status and enable the debug atm oam interface atmx/x.xxx command. Subinterface will be up/up. PVC will be down, and no debug output will be seen.

Conditions: This symptom has been seen in various Cisco IOS 12.4 images.

Workaround: Perform shut/no shut commands on ATM subinterface.

CSCsk90741

Symptoms: Intrusion Prevention System (IPS) causes high CPU usage and crashes on routers with 256MB or less memory.

Conditions: Occurs if IPS 5.x signatures are loaded using the copy <url> idconf command before configuring "ip ips signature-category". If "ip ips signature- category" is configured (and only necessary categories are selected) prior to signature load, crash does not occur.

Workaround: Perform the following steps: 1. remove all IPS configuration from the router 2. make IPS configuration again (do not load the signatures) 3. configure "ip ips signature-category" and enable only necessary categories there 4. load the signatures by "copy <url> idconf"

<B>Further Problem Description:</B>

It is strongly recommended to load only BASIC set of signatures for IOS IPS 5.x.

According to IPS 5.x documentation, enabling all signatures in the same time is NOT recommended as it can cause memory exhaustion and router crash:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124newft/124t/124t11/ips_v5. htm

Enabling signature categories prior to signature load ensures that only necessary signatures will be compiled. Doc link above contains correct configuration example. Follow this sequence to avoid memory ehxaustion.

CSCsk91229

The supplied note does not exist in CDETS

CSCsk94226

Symptoms: PA-MC-2T3-EC interface is not usable.

Conditions: The interface is configured with Multilink Frame Relay (MFR) encapsulation and soft online insertion and removal (OIR) is done in that PA. Issue is seen only with frame-relay mfr encapsulation and is not seen with HDLC/PPP/ frame-relay encapsulations.

Workaround: There is no workaround.

CSCsk94464

Symptoms: Cisco 1801 and Cisco 1803 routers fail to establish ISDN layer 2 connection with a certain third-party PBX.

Conditions: Occurs on routers running Cisco IOS Release 12.4(15)T1 and earlier releases.

Workaround: There is no workaround.

CSCsk97130

Symptoms: VXML application causes memory leak

Conditions:If the calling docuemnt and called docuemnt of a subdialog share the same root document, the tree structure used for the root document will not be released after the call session is finished.

Workaround: There is no workaround.

CSCsk97384

Symptoms: Abnormally large FreshTime value appears in IVR HTTP client cache entry.

Conditions: This symptom is observed when a VXML voice browser downloads a file from an HTTP server. If the file was modified very recently, the FreshTime for that file may show up with a very large value.

Workaround: There is no workaround.

CSCsk99530

Symptoms: The MPLS forwarding table has an untagged outgoing entry for a VPNv4 prefix in a CSC case.

Conditions: This is an LDP/IGP (OSPF etc.) based CSC-PE. The VPNv4 prefix shall have a local/redistributed (PE-CE OSPF etc.) path as well as an iBGP path. If the CE path is toggled and then there is a LABEL ONLY change from the iBGP neighbor, the issue will be seen. BGP will end up programming "Untagged" for the local/redistributed prefix, overwriting what is given by LDP.

Workaround: There is no real workaround. To clear the problem, issue a clear ip route command for the vrf-prefix in question. If there are redundant paired PEs, make sure to clear the problem on both routers with the clear ip route command.

CSCsl01874

Symptoms: Cisco IOS configured with the Dynamic Multipoint VPN (DMVPN) feature allows stale tunnel endpoint entries to remain in the system. This occurs even though the Next Hop Resolution Protocol (NHRP) cache entry does not exist.

Conditions: When a spoke registers with a changed tunnel IP address (overlay address), there will be two overlay addresses mapped to same NBMA address on the hub. As a result when the NHRP mapping for the stale overlay address (old tunnel address) expires on the hub, the tunnel endpoint entry is not deleted, resulting in a stale tunnel endpoint entry.

Workaround: There is no workaround.

CSCsl02427

Symptoms: SIP traffic may not have port range correctly translated when using NAT port map. Destination ports that should be translated into standard SIP port range (16348 - 32768) are instead being translated to port numbers lower than 16384.

Conditions: Symptom has been observed on pre-release version of Cisco IOS Release 12.4(15)T2. May exist in other 12.4T releases of IOS.

Workaround: There is no workaround.

CSCsl03551

Symptoms: If a L2TP packet is fragmented before reaching the L2TP network server (LNS) in a virtual private dial-up network (VPDN) tunnel terminated with VPN routing/forwarding (VRF), it is not reassembled. The first fragment leaks to the global routing table.

Conditions: Occurs in routers running Cisco IOS Release 12.4(11)T and later releases.

Workaround: Avoid L2TP packet fragmentation.

CSCsl04399

Symptoms: Fax call is aborted while testing PRI E1 feature.

Conditions:Occurs in routers running a pre-release version of Cisco IOS Release 12.4(15)T2.

Workaround: Use the fax rate disable command to disable the fax relay feature under the VoIP dialpeer.

CSCsl05987

Symptoms: Router reloads unexpectedly.

Conditions: This occurs when a SSH and WebVPN session are established to the router and a Remote Desktop (RDP) session is brought up through the WebVPN. The interface used by the SSH and WebVPN sessions has IPSec configured and uses a VPN Services Adapter (VSA).

Workaround: Use the no crypto engine accelerator slot command to disable the IPSec hardware encryption card - VSA with the command

CSCsl09596

Symptoms: When the clear crypto gdoi command is entered on the key server, all keys are destroyed, which can seriously impact network traffic.

Conditions: This works as designed, and a warning message has been added to IOS. If the command is issued on a group member, the group member can re-register.

Workaround: There is no workaround.

CSCsl12441

Symptoms: After a software upgrade, router has an unnecessary command, text relay fax rate disable, added to its "voice service pots" configuration.

Conditions: Occurs on routers for which "fax rate disable" is configured when you upgrade from Cisco IOS Release 12.3(11)T10 to Cisco IOS Release 12.4(15)T1.

Workaround: There is no workaround.

CSCsl13216

Symptoms: Warm upgrade does not work as expected.

Conditions: Occurs when you perform a warm upgrade from a small IOS image to a large image.

Workaround: Use the reload command instead of the reload warm fileimage-path command to boot the new image.

CSCsl14635

Symptoms: T38 negotiation is failing for an incoming UPDATE request that has a T38 offer.

Conditions: This symptom occurs when the voice gateway is running Cisco IOS Release 12.4(15)T and is processing incoming Session Initiation Protocol (SIP) calls. When the SIP call is active and an UPDATE request is received that contains a T38 offer, the UPDAE request is rejected. The switchover from voice to fax fails.

Workaround: Fax over T38 works fine when midcall INVITE is used for T38 negotiation.

CSCsl17560

Symptoms: A Cisco router may reload due to a bus error while browsing file shares through SSLVPN.

Conditions: Occurs on a Cisco 2851 router running Cisco IOS Release 12.4(15)T1. The crash occurs after a user opens file in a shared folder. If the user then tries to go to the parent directory by editing the URL to remove the file name, the router will reload.

Workaround: There is no workaround.

CSCsl30214

Symptoms: Router reloads while configuring the ssg vc-service-map command.

Conditions: Occurs on a Cisco 7200 series router running Cisco IOS Release 12.4(18.4)T.

Workaround: There is no workaround.

CSCsl32308

Symptoms: A voice gateway may modify the Presentation Indicator field when processing a voice call.

Conditions: The voice gateway is running Cisco IOS Release 12.4(9)T5 and processing incoming Session Initiation Protocol (SIP) calls. An incoming SIP call that has its Presentation Indicator (PI) field Oct 3a set to 0xA0 or to any other value is changed to 0x00 for no apparent reason when it is forwarded to the Telephony call leg.

Workaround: There is no workaround.

CSCsl32408

Symptoms: SIP gateway does not pass privacy information to the ISDN leg.

Conditions: The voice gateway is running Cisco IOS Release 12.4(15)T and processing incoming session initiation protocol (SIP) calls. When a SIP message is received on the voice gateway with calling number containing non-digit (calling number preceded by a '+'), then octet_3a information present in the SIP mesage is not passed to the ISDN leg.

Workaround: There is no workaround.

CSCsl34303

Symptoms: Cisco 7200 router crashes when unconfiguring service policy from Multilink Frame Relay (MFR) interface.

Conditions: Occurs if one of the MFR bundle link interfaces was previously being used for Multilink PPP over Frame-relay. Changing the encapsulation may not clean up queuing configuration properly - a dual first in first out (FIFO) queue may remain on the interface.

Workaround: Ensure a dual FIFO queue is not present on MFR bundle link interface. It should be plain FIFO queue. If it is a dual FIFO, change the interface to HDLC encapsulation, which should remove the dual FIFO queue, then back to MFR bundle link encapsulation.

CSCsl34404

Symptoms: A router may experience a bus error during a Group Domain of Interpretation (GDOI) rekey:

Conditions: Occurs on routers running Cisco IOS Release 12.4T and serving as a GDOI rekey server.

Workaround: There is no workaround.

CSCsl35605

The supplied note does not exist in CDETS

CSCsl68776

Symptoms: When two Cisco transcoders are connected back-to-back, calls may not be properly torn down when the Cisco Unified CallManager (CCM) goes into Call Preservation mode by sending the transcoder a "StartMediaFailureDetection" message. This can lead to stuck calls until the Skinny Call Control Protocol (SCCP) application is reset or the router is reloaded.

Conditions: Occurs because the transcoder will only send MediaFailure when both RTP streams stop receiving packets for the configured time (default 1200 seconds). If one side continues to receive RTP, MediaFailure will never be sent to CCM.

Workaround: Reset the SCCP application on router or reload the router.

CSCsl81214

Symptoms: Router reloads unexpectedly while unconfiguring policy-map.

Conditions: Occurs on Cisco 7200 routers running a pre-release version of Cisco IOS Release 12.4(15)T2.

Workaround: There is no workaround.

CSCsl89899

Symptoms: Error occurs in a Mobile IP redundancy environment. The standby router reloads when trying to synchronize with the active router with the following error:

%SYS-6-STACKLOW in MobileIP Standby

Conditions: Occurs on a router running Cisco IOS Release 12.4(15)T.

Workaround: There is no workaround.

CSCsl90470

Symptoms: Cisco Intrusion Prevention System (IPS) does not inspect intra-zone traffic when router is configured with zone-based firewall.

Conditions: Occurs on routers using Cisco IOS IPS and zone-based firewall features.

Workaround: Create a separate zone for each interface. Use an appropriate naming scheme to assist in identifying which interfaces would normally be in the same zone if not for this issue. Create service policies that allow all traffic between the interfaces that were previously in the same zone.

Note: This workaround only works on routers running Cisco IOS Release 12.4(15)T and later releases.

CSCsm12247

Symptoms: A Cisco IOS router configured for WCCP may stop redirecting traffic following a change in topology.

Conditions: The router must be configured for WCCP redirection using the hash assignment method. When there is only a single appliance in the service group, the loss of hash assignment details is permanent. However with multiple appliances in the group, the loss of assignment information is transitory; the router soon recovers.

Workaround: To recover the assignment details, the WCCP configuration needs to be removed and readded to the router. Use the no ip wccp service command followed by ip wccp service args command.

Further Problem Description: The changes also address the situation where some WCCP clients are sending modified weight field in the WCCP message, and this way creates a topology change situation.

Resolved Caveats—Cisco IOS Release 12.4(15)T1

Cisco IOS Release 12.4(15)T1 is a rebuild release for Cisco IOS Release 12.4(15)T. The caveats in this section are resolved in Cisco IOS Release 12.4(15)T1 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

Basic System Services

CSCek78644

Symptoms: SNMP does not use the source address in a VRF.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.4 or Release 12.4T.

Workaround: Ensure that an SNMP interface is not defined in a VRF.

CSCsi60004

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Session Initiation Protocol (SIP)

Media Gateway Control Protocol (MGCP)

Signaling protocols H.323, H.254

Real-time Transport Protocol (RTP)

Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

CSCsj24186

Symptoms: A router may intermittently generate the following error message:

%SYS-2-NOBLOCK: may_suspend with blocking disabled. -Process= "Pool Manager"

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.4T.

Workaround: There is no workaround.

IP Routing Protocols

CSCsh51559

Symptoms: The following error message may be generated on a router that is configured for VPN or VPNv4:

For VPN:

ALIGN-3-SPURIOUS: Spurious memory access made at bgp_vpn_afmodify_walk

For VPNv4:

ALIGN-3-SPURIOUS: Spurious memory access made at bgp_vpnv4_afmodify_walk

Conditions: This symptom is observed on a Cisco router that is configured for BGP and IPv4 in a VRF address-family configuration and that imports routes from a VRF.

Workaround: There is no workaround. However, the error message is of a cosmetic nature and can be ignored.

CSCsi59438

Symptoms: When you enter the ip multicast limit rpf command, protection may fail after the RPF link becomes operational.

Conditions: This symptom is observed on a Cisco router that is configured for APS switchover.

Workaround: Clear the state of the corresponding multicast route by entering the clear ip mroute command.

Miscellaneous

CSCek77864

Symptoms: When an MFR interface flaps, and outbound service policy is unexpectedly removed from the interface.

Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.4(15)T and that is configured with a PA-MC-T3-EC port adapter. The symptom is not platform-specific.

Workaround: There is no workaround.

CSCek78033

Symptoms: Packets may drop when the mode of operation for a Multilink Frame Relay (MFR) bundle transitions from hardware to software and then back to hardware.

Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.4(15)T and that has an PA-MC-T3-EC port adapter that is configured for MFR.

Workaround: There is no workaround.

CSCse64750

Symptoms: "%VPA-3-TSBUSY:VPA" and other error messages may be generated intermittently, and calls may fail.

Conditions: This symptom is observed on a Cisco 7206VRX that is configured with multiple VXC voice port adaptors.

Workaround: There is no workaround.

CSCsh70638

Symptoms: When a router boots and when bursty traffic occurs, the following error messages may be generated:

%ALIGN-SP-STDBY-3-SPURIOUS: Spurious memory access made at 0x72AB2370 reading 0xB8 
%ALIGN-SP-STDBY-3-TRACE_SO: -Traceback= 
(s72033-adventerprisek9_wan_dbg-0-dso-bn.so+0x1AE370) ([42:0]+0x1AE47C) 
([31:-3]3-dso-b+0x220994) ([41:0]+0x220FB8) ([41:0]+0x221A90) ([41:0]+0x22214C) 
([41:0] +0x222D6C) ([41:0]+0x2233CC)

Conditions: This symptom is observed when bursty IPC traffic occurs while the router boots or during a switchover, typically with heavy configuration data exchanges.

Workaround: There is no workaround.

CSCsi02038

Symptoms: A Windows XP SP2 L2TP/IPSec client may fail to connect to a Cisco IOS L2TP server when NAT-T is in use and when an embedded crypto accelerator card is enabled.

IKE phase I is established fine (the state is "QM_IDLE"), but IKE phase II fails. When a matching phase II transform is presented on the L2TP client, an SA is created, a traceback is generated, and then the SA is deleted. Phase II fails and the L2TP session is never established.

When you enable the debug l2tp all command, an error message about incorrect L2TP UDP checksums is displayed.

Conditions: This symptom is observed on a Cisco 870 series, Cisco 1800 series, Cisco 2800 series, and Cisco 3800 series that function as an L2TP server.

Workarounds: Disable the onboard crypto accelerator, or install an AIM crypto accelerator.

Further Problems Description: The Windows XP SP2 L2TP/IPSec client connects without any problems when NAT-T is not in use.

CSCsi12104

Symptoms: When you repeatedly change active routers by enabling preemption and then change the priorities on the router interface, the router may crash.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.4(13.5)T after you have shut down the interface of the active router.

Workaround: No known workaround.

CSCsi42490

Symptoms: A Cisco 3700 series with an IMA interface may crash.

Conditions: This symptom is observed when the ATM IMA PVC had an AutoQoS configuration.

Workaround: Remove the AutoQoS configuration.

CSCsi51682

Symptoms: The microcode reload pxf command does not function.

Conditions: This symptom is observed on a Cisco RPM-XF that runs Cisco IOS Release 12.4 or Release 12.4T and occurs either with the microcode reload pxf command or the microcode reload sar command. However, the symptom is not platform-specific.

Workaround: There is no workaround.

CSCsi69731

Symptoms: A Cisco 1812 that is configured with USB devices may not boot.

Conditions: This symptom is observed on a Cisco 1812 that runs Cisco IOS interim Release 12.4(13.13)T1 or Release 12.4(15)T1.

Workaround: There is no workaround.

CSCsi70787

Symptoms: A router may reset and generate a crashinfo file when memory that was allocated by a dead process is freed by another process.

Conditions: This symptom is observed on an RPM-XF-512 that runs Cisco IOS Release 12.4T but is not platform-specific.

Workaround: There is no workaround.

CSCsi70791

Symptoms: A Cisco router can experience a memory corruption crash related to encryption.

Conditions: This symptom has been observed when the memory lite global configuration command is disabled.

Workaround: Enable the memory allocation lite (malloc_lite) feature by using the memory lite command.

CSCsi84417

Symptoms: A router may crash when a service policy is attached to an interface.

Conditions: This symptom is observed only when the service policy is attached to many (more than 100) interfaces and is related to class ID exhaustion. The symptom does not occur when the service policy is attached to a few interfaces.

Workaround: Do not attach a service policy to a large number of interfaces.

CSCsi96685

Symptoms: A router that functions as an LNS and ISG may crash at the "chunk free" function when a call is being freed or disconnected.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(31)SB and is caused by a race condition. The symptom may not be release-specific.

Workaround: There is no workaround.

Further Problem Description: The following configuration suggestions may reduce the likelihood that the race condition occurs:

Change the following in all VPDN groups:

l2tp tunnel receive-window 10000
l2tp tunnel timeout hello 180

Do not configure the router for SSO. Rather, configure RPR+.

If the following command is not required, remove it from the configuration:

aaa authentication ppp user-auth if-needed group csm-auth-acct

Configure the seconds argument of the radius-server timeout seconds command to 5 seconds.

Configure the tries argument of the radius-server dead-criteria tries tries command to its maximum value. (If there is only one RADIUS server, you need to ensure that it is not going to be marked dead.)

Periodic accounting every 90 minutes may be too aggressive and may need to be changed.

Set the time-limit argument of the ppp timeout ncp time-limit command under the virtual template to 45 seconds.

CSCsj06762

Symptoms: A router may crash when both a WIC-1AM or WIC-2AM and PVDMs are installed in the chassis.

Conditions: This symptom is observed when the modem interfaces are in the up/up state, that is, calls do not have to be in process for the symptom to occur.

Workaround: Remove the WIC-1AM or WIC-2AM from router and use only PVDMs.

CSCsj29808

Symptoms: A router crashes because of a watchdog timeout when you apply an extended access control list (ACL) to a crypto map.

Conditions: This symptom is observed on a Cisco 7200 series that has a VPN Service Adapter (VSA) when you apply an extended ACL to a crypto map as in the following example:

access-list 110 permit tcp host x.x.x.x gt 1023x.x.0.0 0.0.255.255

The symptom occurs only when port 65535 is included in the port range.

Workaround: Use an access control entry (ACE) that does not contain port 65535. For example, an ACE that is defined as "greater than 1023" can be defined as "more than 1023 and less than 65534".

CSCsj32707

Symptoms: A "SIP UPDATE" message from a Cisco CallManager or SIP Proxy Server with a "Cseq" value of 0 may be rejected or considered invalid by A Cisco gateway.

Conditions: This symptom is observed on a Cisco gateway that runs Cisco IOS Release 12.4(9)T4 or a later release and that is connected to a SIP endpoint.

Workaround: There is no workaround. Note that the symptom does not occur in Release 12.4(9)T3.

CSCsj34699

Symptoms: A router that is configured for QoS and traffic shaping may crash.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.4(15)T and that functions in a DMVPN environment.

Workaround: There is no workaround.

CSCsj40695

Symptoms: A Cisco router may become unresponsive or reload unexpectedly when an Embedded Event Manager (EEM) Tool Command Language (Tcl) policy that has an invalid policy registration line is registered.

Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS software image later than Release 12.4(11)T when the policy registration line is malformed. This line may become malformed when the Tcl policy is saved with a program that inserts new lines at locations where you do not expect them.

Workaround: Before the policy is registered, inspect the policy by entering the more flashdevice:filename.tcl command to ensure that the script does not have a malformed event registration line.

CSCsj53579

Symptoms: Classification in an inbound policy map fails.

Conditions: This symptom is observed on a Cisco 7200 series that has an NPE-G2 when an access control list (ACL) is used twice in a class map.

Workaround: Do not use an ACL twice in a class map. Rather, create and apply two different ACLs with the same ACEs. Note that the symptom does not occur in Release 12.4(11)T2.

CSCsj53600

Symptoms: A router may crash right after it has booted when it receives traffic over an interface.

Conditions: This symptom is observed on a Cisco 7200 series that has an NPE-G2, that has a policy map that is applied to the interface that receives traffic, and that has a named ACL that is applied in the class map.

Workaround: Do not configure named ACLs. Rather, configure numbered ACLs. Note that the symptom does not occur in Release 12.4(11)T2.

CSCsj53663

Symptoms: A Cisco platform may reload when you configure or unconfigure an EEM policy.

Conditions: This symptom is observed only on a Cisco platform that runs a modular Cisco IOS software image when a syslog message is being generated while you configure or unconfigure the EEM policy.

Workaround: Do not configure or unconfigure an EEM policy while a syslog message is being generated.

Wide-Area Networking

CSCsi13337

Symptoms: The count of the CCB value at the interfaces for the primary and backup channel may be incorrect, and the count of the available B-channels may also be incorrect.

Conditions: This symptom is observed on a Cisco platform after you have entered the isdn test l2 disconnect command on the interface for the backup D-channel.

Workaround: There is no workaround.

CSCsi18698

Symptoms: When a NOTIFY message is forwarded by a terminal gateway to the ISDN side, the NOTIFY message may be incorrectly decoded.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.4(13.11), interim Release 12.4(13.5)T, or interim Release 12.4(13.8)T.

Workaround: There is no workaround.

CSCsi28578

Symptoms: When an LNS renegotiates LCP with a client, a LAC may not forward a CONFREQ message from the client to the LNS. This situation may cause a loop with LCP negotiation and authentication between the client and the LNS, and an L2TP tunnel is established between the LAC and the LNS.

Conditions: This symptom is observed when the debug snmp packet is enabled and when the following configurations are present:

On the LNS, the lcp renegotiation always command is enabled:

vpdn-group vpdn group name
lcp renegotiation always

On the LAC, the snmp-server trap for l2tun session command is enabled:

snmp-server enable traps l2tun session
snmp-server host
ip-address version 2c community

Workaround: Do no enable the debug snmp packet command when the lcp renegotiation always command is enabled on the LSN and when the snmp-server trap for l2tun session command is enabled on the LAC.

CSCsi89048

Symptoms: A call may be present on a backup D-channel but the Call Control Block (CCB) information may be missing.

Conditions: This symptom is observed on a Cisco platform after you have entered the isdn test l2 disconnect command on the interface for a backup D-channel.

Workaround: There is no workaround.

CSCsj09231

Symptoms: You may not be able to establish an L2TP/IPSec connection to a router.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.4(11)T or a release that is based on Release 12.4(11)T such as Release 12.4(11)XJ when the l2tp security crypto-profile profile-name command is enabled.

Workaround: Disable the l2tp security crypto-profile profile-name command. Then, configure a dynamic crypto map to encrypt the L2TP traffic.

Note that the symptom does not occur in earlier releases such as Release 12.4(9)T3.

Further Problem Description: When you enable the debug ppp negotiation, debug vpdn l2x-packets, and debug l2tp all commands, the following (or a similar) output is generated when the PPP negotiation starts after the L2TP connection has been established:

ppp2 PPP: Phase is ESTABLISHING, Passive Open 
ppp2 LCP: State is Listen 
L2X:CEF From tunnel: Received 84 byte pak 
L2TP:(Tnl47793:Sn3):CEF From tunnel: 84 byte buffer returned 
ppp2 LCP: Timeout: State Listen

After this output, the debugs show that the router sends CONFREQ packets until the PPP negotiation times out and the L2TP tunnel is torn down.

Resolved Caveats—Cisco IOS Release 12.4(15)T

This section describes possibly unexpected behavior by Cisco IOS Release 12.4(15)T. All the caveats listed in this section are resolved in Cisco IOS Release 12.4(15)T. This section describes severity 1 and 2 caveats and select severity 3 caveats.

EXEC and Configuration Parser

CSCsi53355

Symptoms: A Cisco 7200 router running Cisco IOS interim Release 12.4(13.13)T may crash.

Conditions: This symptom has been observed while issuing the write terminal or show running-config or copy running-config to startup-config commands.

Workaround: There is no workaround.

Miscellaneous

CSCec12299

Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 and configured for Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs) or VPN Routing and Forwarding Lite (VRF Lite) and using Border Gateway Protocol (BGP) between Customer Edge (CE) and Provider Edge (PE) devices may permit information to propagate between VPNs.

Workarounds are available to help mitigate this vulnerability.

This issue is triggered by a logic error when processing extended communities on the PE device.

This issue cannot be deterministically exploited by an attacker.

Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-vpn.shtml.

CSCek71805

Symptoms: PA-8B-ST might be powered down when booting the image.

Workaround: software OIR will bring UP the card.

CSCek73386

Symptoms: A Cisco router with an ESCORT jacket card crashes.

Conditions: This symptom has been observed with a Cisco 7200 router loaded with Cisco IOS Release 12.4XD crashes if an ESCORT jacket card is present

Workaround: There is no workaround.

CSCsd81407

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Session Initiation Protocol (SIP)

Media Gateway Control Protocol (MGCP)

Signaling protocols H.323, H.254

Real-time Transport Protocol (RTP)

Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

CSCse40276

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Session Initiation Protocol (SIP)

Media Gateway Control Protocol (MGCP)

Signaling protocols H.323, H.254

Real-time Transport Protocol (RTP)

Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

CSCse55425

Symptoms: When configuring a Serial interface or issuing show commands related to that Serial interface, a router may incorrectly configure a different Serial interface or may show output from a different Serial interface in the router.

Conditions: The conditions under which the problem manifest itself are unknown, and appear to be random. The symptom exists only when using a channelized T3 card and configuring one of the T1's.

Workaround: A router reload clears the issue.

CSCse56501

A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the device. Packets that are routed throughout the router can not trigger this vulnerability. Successful exploitation will prevent the interface from receiving any additional traffic. The only exception is Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash. Only the interface on which the vulnerability was exploited will be affected.

Cisco is providing fixed software to address this issue. There are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml.

CSCsf08998

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Session Initiation Protocol (SIP)

Media Gateway Control Protocol (MGCP)

Signaling protocols H.323, H.254

Real-time Transport Protocol (RTP)

Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

CSCsf11855

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Session Initiation Protocol (SIP)

Media Gateway Control Protocol (MGCP)

Signaling protocols H.323, H.254

Real-time Transport Protocol (RTP)

Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

CSCsf30058

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Session Initiation Protocol (SIP)

Media Gateway Control Protocol (MGCP)

Signaling protocols H.323, H.254

Real-time Transport Protocol (RTP)

Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

CSCsg00102

Symptoms: SSLVPN service stops accepting any new SSLVPN connections.

Conditions: A device configured for SSLVPN may stop accepting any new SSLVPN connections, due to a vulnerability in the processing of new TCP connections for SSLVPN services. If "debug ip tcp transactions" is enabled and this vulnerability is triggered, debug messages with connection queue limit reached will be observed. This vulnerability is documented in two separate Cisco bug IDs, both of which are required for a full fix: CSCso04657 and CSCsg00102.

CSCsg22426

A series of segmented Skinny Call Control Protocol (SCCP) messages may cause a Cisco IOS device that is configured with the Network Address Translation (NAT) SCCP Fragmentation Support feature to reload.

Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-sccp.shtml.

CSCsg70474

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Session Initiation Protocol (SIP)

Media Gateway Control Protocol (MGCP)

Signaling protocols H.323, H.254

Real-time Transport Protocol (RTP)

Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

CSCsh48879

A vulnerability exists in the Cisco IOS software implementation of Layer 2 Tunneling Protocol (L2TP), which affects limited Cisco IOS software releases.

Several features enable the L2TP mgmt daemon process within Cisco IOS software, including but not limited to Layer 2 virtual private networks (L2VPN), Layer 2 Tunnel Protocol Version 3 (L2TPv3), Stack Group Bidding Protocol (SGBP) and Cisco Virtual Private Dial-Up Networks (VPDN). Once this process is enabled the device is vulnerable.

This vulnerability will result in a reload of the device when processing a specially crafted L2TP packet.

Cisco has released free software updates that address this vulnerability.

Workarounds that mitigate this vulnerability are available in the "workarounds" section of the advisory.

The advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-l2tp.shtml.

CSCsh51293

The Secure Shell server (SSH) implementation in Cisco IOS contains multiple vulnerabilities that allow unauthenticated users the ability to generate a spurious memory access error or, in certain cases, reload the device.

The IOS SSH server is an optional service that is disabled by default, but its use is highly recommended as a security best practice for management of Cisco IOS devices. SSH can be configured as part of the AutoSecure feature in the initial configuration of Cisco IOS devices, AutoSecure run after initial configuration, or manually. Devices that are not configured to accept SSH connections are not affected by these vulnerabilities.

Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-1159 has been assigned to this bug.

The Security Advisory for this issue is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080521-ssh.shtml.

CSCsh56134

Symptoms: CE-CE connectivity may get broken even though AToM VCs are up.

Conditions: This symptom has been observed on Pseudowire redundancy feature configured with PPPoMPLS or HDLCoMPLS.

Workaround: There is no workaround.

CSCsh60966

Symptoms: SNASw generates a Last Message Fault Error(FFFF0306).

Conditions: SNASw attached PU is including Control Vectors on its Bind Response, although the Bind Response sent by the SNASw attached PU has the Control Vector Bit turned off (Byte 7 Bit 6).

Workaround: There is no workaround.

CSCsh97579

Cisco devices running affected versions of Cisco IOS Software are vulnerable to a denial of service (DoS) attack if configured for IP tunnels and Cisco Express Forwarding.

Cisco has released free software updates that address this vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090923-tunnels.shtml.

CSCsi01470

A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml.

CSCsi03751

Symptoms: Counters in the show policy-map interface command may be wrongly updated.

Conditions: This symptom has been observed on a policy-map with a child policy used multiple times.

Workaround: Clone your child policy to use child policies with unique names.

Further Problem Description: This symptom has been seen in Cisco IOS Release 12.4T, but not seen in Cisco IOS Release 12.3.

CSCsi11217

Symptoms: Some links in an IMA group are shown as down though they are active at the IMA level.

Conditions: With a third party as a DSLAM, when IMA group is made inactive and then active again, some links are shown as down and not counted as active.

Workaround: Entering a shutdown command and then the no shutdown command from the command line at the DSL group recovers from the issue.

CSCsi46028

Symptoms: On routers that are configured for WCCP, interfaces that are connected to the content engine can become locked. By locked, what is meant is that the interface driver is in a state where the physical interface will stop sending and receiving packets.

Conditions: This issue has been introduced by CSCuk61396, only the images that have the fix for CSCuk61396 are affected by this issue.

Workaround: There is no workaround. If an interface becomes locked, the only way to recover the system is to do a reload.

CSCsi50145

Symptoms: A router crashes while attaching or detaching a service policy on a virtual-template.

Conditions: This symptom has been observed on a virtual template with traffic on and IP header compression configured.

Workaround: Do not configure IP header compression on a virtual template or do not send traffic through the router while attaching or detaching a service-policy.

Further Problem Description: The crash occurs due to memory allocated by qos-create_default_fo being corrupted.

CSCsi75154

Symptoms: PPPoEoA/PPPoA sessions may go down while sending traffic more than >=1024 pkt. size

Conditions: This symptom has been observed with 4k/8k sessions over 1k l2tp tunnels. with less no. of tunnel like 1 tunnel the problem not seen.

Workaround: There is no workaround.

CSCsi80749

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Session Initiation Protocol (SIP)

Media Gateway Control Protocol (MGCP)

Signaling protocols H.323, H.254

Real-time Transport Protocol (RTP)

Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

CSCsi84017

Symptoms: When a Cisco 2600 router is loaded with the c2600-entservices-mz.124-9.T4 image, the router hangs during reload.

Conditions: This symptom has been observed when a Cisco 2600 router is loaded with the c2600-entservices-mz.124-9.T4 image.

Workaround: There is no workaround.

CSCsi88612

Symptoms: A PC is not able to connect to a wireless router (871 model) using the protocol EAP-FAST.

Conditions: This symptom has been observed after upgrading the Cisco IOS version and keeping the same configuration in the router.

Workaround: For wireless, go back to the older version of IOS where EAP-FAST is working fine.

CSCsi99217

Symptoms: When 6000 L2TP sessions are disconnected, a Cisco IOS LNS router is stuck on High CPU Utilization (99% or 100%) with PPP IP Route process for 5 minutes.

Conditions: This symptom has been observed under stress test conditions (thousands sessions are disconnected at once) with no traffic and using Cisco IOS Release 12.4(13). This symptom has not been observed on earlier releases.

Workaround: There is no workaround.

CSCsj03494

Symptoms: A Cisco 2811 series router may crash due to I/O memory corruption.

Conditions: This symptom has been observed on a router running CME 4.1 with Cisco IOS Release 12.4(11)XJ3 and using IP communicator and/or IP phones.

Workaround: Stop using IP phones or IP communicator.

CSCsj15221

Symptoms: Crash when unconfiguring IPS with an interface in outbound direction only. IPS is globally unconfigured using the no ip IPS policy-name command.

Conditions: This symptom has been observed with IPS configured with an interface in the outbound direction only. Enter the no ip ips policy-name command where policy name is the name of the created IPS policy.

Workaround: Configure inbound inspection as well as outbound.

Wide-Area Networking

CSCsj10593

Symptoms: The trunking gateway (TGW) crashes when checked for gateway interconnect functionality for SETUP messages with all PRI switch types from User to NT side.

Conditions: This symptom has been observed with Cisco IOS interim Release 12.4 (15.6). This symptom occurs when the isdn test call interface Serial1:23 22222 command is entered at the Call Starter and with Switch Types: OGW: primary-ni TGW: primary-dms100.

Workaround: There is no workaround.

CSCsj12579

Symptoms: The router can reload if using the vpdn-group command lt2p ignore tx-speed on a router acting as a LAC. This command is expected to be used on an LNS, but if it is used on the LAC, a reload can occur.

Conditions: This symptom has been observed on a router acting as an LAC.

Workaround: There is no workaround.

Resolved Caveats—Cisco IOS Release 12.4(11)T4

Cisco IOS Release 12.4(11)T4 is a rebuild release for Cisco IOS Release 12.4(11)T. The caveats in this section are resolved in Cisco IOS Release 12.4(11)T4 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

Basic System Services

CSCek60979

Symptoms: In AAA RADIUS Server Load Balancing feature testing, Computed Retransmit Tries and Outstanding Transactions debug messages are missing. Whether the AAA server is marked dead correctly cannot be determined when the outstanding number of retries is more than the number of tries to mark a server dead.

Conditions: This symptom has been observed in Cisco IOS interim Release 12.4 (11.1)T and interim Release 12.4(10.8)T2.

Workaround: There is no workaround.

CSCsc33348

Symptoms: Memory leak occurs in Cisco IOS AAA module.

Conditions: This symptom is observed when any IP admission sessions are formed.

Workaround: There is no workaround.

CSCsi45974

Symptoms: Datagrams fragmented on a router that is running Cisco IOS Release 12.4T may use the same fragmentation identification.

Conditions: This symptom occurs when datagrams are fragmented due to a lower MTU size.

Workaround: There is no workaround.

CSCsj44081

Cisco IOS software has been enhanced with the introduction of additional software checks to signal improper use of internal data structures. This enhancement was introduced in select Cisco IOS software releases published after April 5, 2007.

Details: With the new enhancement in place, Cisco IOS software will emit a "%DATACORRUPTION-1-DATAINCONSISTENCY" error message when it detects an inconsistency in its internal data structures. This is a new error message. The following is an example.

The %DATACORRUPTION-1-DATAINCONSISTENCY error message is preceded by a timestamp
May 17 10:01:27.815 UTC: %DATACORRUPTION-1-DATAINCONSISTENCY: copy error

The error message is then followed by a traceback.

It is important to note that this error message does not imply that packet data is being corrupted. It does, however provide an early indicator of other conditions that can eventually lead to poor system performance or an IOS restart.

Recommended Action: Collect show tech-support command output and open a service request with the Technical Assistance Center (TAC) or designated support organization. Pay particular attention to any other error messages or error symptoms that accompany the "%DATACORR UPTION-1-DATAINCONSISTENCY" message and note those to your support contact.

IP Routing Protocols

CSCsg55591

Symptoms: When there are link flaps in the network, various PE routers receive the following error message:

%BGP-3-INVALID_MPLS: Invalid MPLS label (1) received in update for prefix 
155:14344:10.150.3.22/32 from 10.2.2.1

Or, a local label is not programmed into the forwarding table for a sourced BGP VPNv4 network.

Conditions: These symptoms are observed when an iBGP path for a VPNv4 BGP network is present, and then a sourced path for the same route distinguisher (RD) and prefix is brought up.

Workaround: Remove the iBGP path. Note that when the sourced path comes up first, the symptoms do not occur.

Alternate Workaround: Use different RDs with the different PE routers. When the RD and prefix do not match exactly between the iBGP path and the sourced path, the symptoms do not occur.

CSCsg84690

Symptoms: A default route with an incorrect mask may not be installed.

Conditions: This symptom is observed on a Cisco router that is configured for OSPF.

Workaround: There is no workaround.

CSCsi17020

Symptoms: A router that is running Cisco IOS may unexpectedly reload. The crashes can be very different in nature, but the crashinfo should show the IP Input process as the currently running process:

---- Partial decode of process block ----
Pid 84: Process "IP Input" stack 0x46C3C080 savedsp 0x46758540

Conditions: This symptom is seen when the router is configured for NAT and receives a fragmented skinny packet that it needs to reassemble and translate.

Workaround: Prevent the router from receiving a fragmented skinny packet by ensuring the path MTU between the call manager server and the router is large enough. Usually skinny packets are not larger than 800 bytes.

CSCsi63363

Symptoms: IKE fragmented packets with offset > 0 cannot pass NAT router from outside to inside.

Conditions: This symptom is observed on a Cisco 7206VXR (NPE-G2) with the c7200p-adventerprisek9-mz.124-11.T1 image with NAT.

Workaround: There is no workaround.

CSCsi76616

Symptoms: Ldap packet modified passing through NAT router causing ldap to fail.

Conditions:

Network Topolgy

==============

LDAP server------->(fa00)NAT Router(fa(01)------LDAP client

 
   

The packet after the NAT router seems to have been fragmentedexpanded to two

parts in ldap:

Case1 - LDAP failed without "no-payload"

=====

case1_before_nat_router -----> NAT Router -----> case1_after_nat_router

LDAP packet modified

Case2 - LDAP passed with "no-payload"

=====

case2_before_nat_router -----> NAT Router -----> case2_after_nat_router

LDAP packet unchanged

Workaround: There is no workaround.

CSCsi98730

Symptoms: The MPLS labels for packets that are forwarded via CEF and MPLS over a BGP route may not match the labels in the BGP table, which may lead to traffic loss.

Conditions: This problem occurs under certain circumstances and timing conditions.

Workaround: When the symptom occurs, enter the clear ip route command for the prefix in the VRF.

CSCsj10772

Symptoms: The TTL of a CNAME will be zeroed on a DNS reply after passing through a Cisco router that is configured for Network Address Translation (NAT).

Conditions: This symptom is observed on a Cisco router that is configured for NAT that is running Cisco IOS Release 12.4 or 12.4T. Only CNAME records are affected.

Workaround: Use static NAT translations with the keyword "no-payload".

CSCsj39538

Symptoms: Router tracebacks and then crashes during deconfiguration (removal) of VRF. The following message was seen prior to crash:

-Process= "IP RIB Update", ipl= 3, pid= 68
-Traceback= 609538D8 60D1B8B4 612B2838 612588C8 61258CD4 6125E61C 6125ED04 
6125EF30 61261CDC 6125A14C 61265A08 6126BE10 6097CF00 609547D8 609548B8
 
   
Address Error (load or instruction fetch) exception, CPU signal 10, PC = 
0x609538FC

Conditions: No specific conditions are known to cause this fault.

Workaround: There is no workaround.

CSCsk35985

Symptoms: The system crashes when the show ipv6 ospf lsdb- radix hidden command is entered.

Workaround: Do not enter the show ipv6 ospf lsdb-radix command.

ISO CLNS

CSCsi57971

Symptoms: IS-IS may not advertise the prefix of a passive interface to the IS-IS database on a local router.

Conditions: This symptom is observed on a Cisco router when you shut down an interface (for example, G9/1/1) of a 5-port GE SPA (SPA-5X1GE) that is installed in a SIP-600, replace the SPA-5X1GE with another card, and then enter the no shutdown interface configuration command on the interface at the same location (G9/1/1) on the new card. In this situation, the prefix for the interface (G9/1/1) is not advertised.

Possible Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.

A second workaround: Enter the "no passive-interface ..." followed by "passive-interface ..." under "router isis" configuration mode.

CSCsj72039

Symptoms: The prefix of a serial interface that is configured for PPP or HDLC and that functions as a passive interface for IS-IS may not be installed in the local IS-IS database.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(18)SXF6 but is not release-specific.

Workaround: Remove and reconfigure the passive-interface command.

First Alternate Workaround: Enter the clear isis * command.

Second Alternate Workaround: Enter any command that triggers the generation of the local IS-IS database.

Miscellaneous

CSCdz55178

Symptoms: A router that is configured for QoS may reload unexpectedly or other serious symptoms such as memory corruption may occur.

Conditions: This symptom is observed on a Cisco router that has a cable QoS profile with a name that has a length that is greater than 32 characters as in the following example:

cable qos profile 12 name g711@10ms_for_any_softswitch_Traa^C
                          00000000011111111111222222222333^ 
                          12345678901234567890123456789012|
                                                          |
                                                       PROBLEM
                                                      (Variable Overflowed).

Workaround: Change the name of the cable QoS profile qos profile to a length that is less than 32 characters.

CSCek25330

Symptoms: Traffic does not flow in the setup on the LAC----Client connection. The Tx locks up after 5 retries during the GigEth Tx underflow.

Conditions: This symptom has been observed when bidirectional traffic is sent in a hairpinning setup.

Workaround: There is no workaround.

CSCek55486

Symptoms: The native Gigabit Ethernet (GE) interface on an NPE-G1 card may reset unexpectedly.

Conditions: This symptom is observed on a Cisco 7200 series when the underrun counter for the native GE interface increments continuously. You can verify the underrun counter in the output of the show interfaces gigabitethernet slot/port command.

Workaround: There is no workaround.

CSCsb13010

Symptoms: NAT configurations did not go through due to insufficient memory.

Conditions: This behavior was observed on a Cisco 831 router running Cisco IOS Interim Release 12.4(1.2)PI1a and also Interim Release 12.4(2.2)T.

Workaround: There is no workaround.

CSCse85151

Symptoms: Cisco Catalyst 4500 Supervisors and Cisco Catalyst 4948 that are running Cisco IOS Release 12.2(31)SG crash when one of the following commands are issued:

show buffers all

show buffers assigned -

how buffers input-interface

Conditions: This symptom occurs when one of the following commands is issued:

show buffers all

show buffers assigned

show buffers input-interface

Workaround: Do not use any of the above commands. For troubleshooting high CPU issues use the steps indicated in the following tech tip instead:

http://www.cisco.com/warp/public/473/cat4500_high_cpu.html

CSCsg36739

Symptoms: A Cisco AS5850 router may crash while querying ifDescr.

Conditions: This symptom occurs when data and analog calls are active. The router may crash while querying ifDescr.

Workaround: There is no workaround.

CSCsg42246

Symptoms: High CPU use may occur in the "IP Background" process, and the router may reload unexpectedly.

Conditions: This symptom is observed on a Cisco router that is configured for RIP and that receives a RIP host route that is subsequently replaced by a route that is dynamically assigned to an interface. For example, this situation may occur on a PPP interface that has the ip address negotiated command enabled.

Workaround: Use a route map to block the advertised route.

CSCsg51811

Symptoms: When the OER BGP Inbound Optimization feature is configured and when route control is enforced, route control does not prepend autonomous systems or communities. Rather, router control prepends the same autonomous systems or communities to all external OER interfaces.

Conditions: This symptom is observed on a Cisco router when OER manages inside prefixes that are either learned or configured.

Workaround: There is no workaround.

CSCsg87235

Symptoms: When the Embedded Event Manager (EEM) Tcl policies that use cli_lib.tcl are configured, telnet connections to the device result in it sending three quick "Username" prompts and then killing the connection without providing the user the time to actually enter a username.

Conditions: This problem does not happen unless EEM is configured with Tcl policies that use the cli_lib.tcl library.

Workaround: Try telnet twice. The first time it will fail for the above reason, and second time it will work.

CSCsh12480

Cisco IOS software configured for Cisco IOS firewall Application Inspection Control (AIC) with a HTTP configured application-specific policy are vulnerable to a Denial of Service when processing a specific malformed HTTP transit packet. Successful exploitation of the vulnerability may result in a reload of the affected device.

Cisco has released free software updates that address this vulnerability.

A mitigation for this vulnerability is available. See the "Workarounds" section of the advisory for details.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-iosfw.shtml.

CSCsh30617

Symptoms: A Cisco router may unexpectedly reload when the Embedded Event Manager (EEM) applet is removed from the configuration or shortly after the EEM applet has been removed.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.4(10.8)T or a later release and occurs most often when the applet was registered when the router booted. The symptom is not release-specific.

Workaround: There is no workaround.

CSCsh46234

Symptoms: A Cisco 5400XM router reloads unexpectedly during stress.

Conditions: This symptom has been seen during the stress of TDM-IP H.323 calls and SIP-SIP transcoding calls being run simultaneously.

Workaround: There is no workaround.

CSCsh74975

Symptoms: A router may reload or a leak memory may occur when UDP malformed packets are sent to port 2517.

Conditions: This symptom is observed on a Cisco router that functions as a VoIP dial peer and that is configured for H.323.

Workaround: There is no workaround.

CSCsi08756

Symptoms: The ringback tone level that is played on a platform that is configured for use in a country in Europe may be very low compared to the ITU specification, which states that tones should be nominal -10dBm0.

Conditions: This symptom is observed on a Cisco AS5400XM.

Workaround: There is no workaround.

CSCsi09465

Symptoms: A router may crash with chunk corruption.

Conditions: This symptom is observed on a router that is running Cisco IOS Release 12.4(11)T or later releases with VSA and is using QoS and IPSec prefragmentation.

Workaround: Disable prefragmentation by using the crypto ipsec fragmentation after-encryption command.

CSCsi12104

Symptoms: When you repeatedly change active routers by enabling preemption and then change the priorities on the router interface, the router may crash.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.4(13.5)T after you have shut down the interface of the active router.

Workaround: No known workaround.

CSCsi17020

A series of segmented Skinny Call Control Protocol (SCCP) messages may cause a Cisco IOS device that is configured with the Network Address Translation (NAT) SCCP Fragmentation Support feature to reload.

Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-sccp.shtml.

CSCsi41051

Symptoms: A router may go into initial configuration dialog on bootup.

Conditions: This symptom is observed on a router that is running Cisco IOS Release 12.4(11)T2 with the c7200p-adventerprisek9-mz image.

Workaround: There is no workaround.

CSCsi70217

Symptoms: A Cisco 7961 router with a Cisco 7914 sidecar gets the display into a stuck state if a second call arrives while the first call is in progress of call transfer. The phone display is stuck on connected "Active call" even though the first call had been transferred.

This same symptom is found with the following scenario:

1. Call 1 connects on button 1 overlay line 1.

2. Call 2 arrives on button 1 line 2 on the same phone.

3. Caller places call 1 on hold. Takes call 2.

4. Caller places call 2 on hold. Resumes call 1.

5. Caller on call 1 disconnects Phone display is now stuck.

Conditions: This symptom has been observed with a Cisco 7961 router with a Cisco 7914 sidecar configured with shared or overlay lines when a second call arrives on the same shared lines.

Workaround: Reset the IP phone to clear the phone.

CSCsi72121

Symptoms: IPIPGW is not sending h245-address in progress to CCM. As a result of this, IPIPGW receives release complete from CCM and call fails.

Conditions: This symptom is seen in a simple call from CCM to CME with IPIPGW sitting in between CCM and CME.

Workaround: There is no workaround.

Further Problem Description:

CCM--------- IPIPGW --------- CME

Here CCM is making h323 call to CME via IPIPGW. When CME is sending connect to IPIPGW, IPIPGW is sending progress to CCM without h245-address. As a result of this, CCM disconnects the call by sending releaseComplete to IPIPGW.

CSCsi81891

Symptoms: RTP packets get transmitted when the mode is recvOnly and inactive.

Conditions: This problem is observed on both the Cisco 2800 and the Cisco 3800 platforms that are running Cisco IOS interim Release 12.4(13.9).

Workaround: There is no workaround.

CSCsi90461

Symptoms: If many l2tp sessions are brought up and down again continuously, the following error messages will be displayed on the console:

%L2TP-3-ILLEGAL: _____:_____: ERROR: [l2tp_session_get_l2x_cfg::241], 
-Traceback= 0x121FE88 0x25394E8 0x2539730 0x25558CC 0x2555FA0 0x254C0C4
0x254BB88 0x254BCD8 0x254BDD8 0x2554040 0x2548250 0x2541E50 0x2541F6C 0x7D6510
%L2TP-3-ILLEGAL: _____:_____:   No session config,  -Traceback= 0x121FE88
0x25394E8 0x2539748 0x25558CC 0x2555FA0 0x254C0C4 0x254BB88 0x254BCD8 0x254BDD8
0x2554040 0x2548250 0x2541E50 0x2541F6C 0x7D6510

Conditions: This symptom happens in both VPDN and Xconnect applications.

Workaround: Reload the router.

CSCsi92079

Symptoms: If an access control list (ACL) is used for a destination only prefix, a fatal error is declared and shuts down optimized edge routing (OER). For destination only traffic classes, prefix-list should be used, not ACL or access control entry (ACE).

Conditions: This behavior is observed on Cisco IOS Release 12.4(11)T and later releases at this time.

Workaround: Use prefix list instead of ACL/ACE for destination only traffic classes. For example:

use prefix list for a traffic class 100.1.1.0/24

use ACE for traffic class 100.1.1.0/24 DSCP af11

CSCsi97311

Symptoms: OER MC is not notified of subinterface status change (UPDOWN) if the status of physical interface changes.

Conditions: If the physical interface status is changed to DOWN from UP either due to the no shut command or interface on remote side is administratively "no shut" or if the physical cable connects after disconnect, then the status of all the subinterfaces on this physical interface changes as well. If these subinterfaces are OER External or OER Internal interfaces then OER MC is not notified of the changes. OER MC continues to keep in DOWN state would not use this interface to optimize the traffic.

Workaround: Disable and reenable OER MC. Configure the shut command followed by the no shut command under OER master.

Further Problem Description: Workaround is useful if the problem is noticed in time. It is possible that the problem occurs, but it is not noticed. OER would be working under suboptimal conditions or not working at all.

CSCsi97434

Symptoms: The router will crash when IPSec is established only in the case when both PKI and IKE AAA accounting are configured.

Conditions: This symptom occurs when PKI is configured, and the DN is used as the ISAKMP identity. The crash only occurs when the DN is not available, and the server tries to use the DN in the AAA accounting recording.

Workaround: Do not use this configuration combination (PKI, DN as ISAKMP identity and AAA accounting).

CSCsj04563

Symptoms: SSG memory is leaking in Cisco IOS Release 12.4(13b).

Conditions: This symptom occurs when the RADIUS proxy feature is used. Leaking could be triggered on the following call flow scenario:

1. HostObject(HO) with MSID1, ip-address IP1 and username user1@cisco.com is logged on.

2. PDSN sends an acct-stop with MSID1 with session-continue attribute set to TRUE. When this is received, SSG will start a hand-off timer. Note that SSG will not delete the HO at this time.

3. Hand-off timer expires. HO is deleted.

4. SSG now receives an acct-start with MSID1 and username user1@cisco.com.

5. a) SSG will treat this as an auto-domain user, even though auto-domain is not configured on SSG. b) SSG will try to get the profile by extracting the domain name from the structured username and sending an access-req to AAA with username as the domain name. c) Since AAA server does not have the cisco.com profile, it sends an access-reject to SSG. 6. No HostObject is created.

Workaround: There is no workaround.

CSCsj05287

Symptoms: Incoming traffic from a LAN is not correctly marked, preventing the traffic from being correctly enqueued when it is sent to a DSL interface, and causing the traffic to be dropped.

Conditions: This symptom is observed on a Cisco router when you enable QoS through class-map and policy-map commands.

Workaround: There is no workaround.

CSCsj06762

Symptoms: A router may crash when both a WIC-1AM or WIC-2AM and PVDMs are installed in the chassis.

Conditions: This symptom is observed when the modem interfaces are in the up/up state, that is, calls do not have to be in process for the symptom to occur.

Workaround: Remove the WIC-1AM or WIC-2AM from router and use only PVDMs.

CSCsj07936

This caveat consists of two symptoms, two conditions, and two workarounds:

Symptom 1: When the interface controller functions of an NPE-G2 functions in promiscuous mode, for example, when HSRP is configured, packets that are not destined for the router may be forwarded anyway.

Condition 1: This symptom is observed on a Cisco 7200 series with an NPE-G2 that runs Cisco IOS Release 12.2(31)SB5 but is not release-specific.

Workaround 1: If HSRP is configured, enter the standby use-bia command. You may need enter the shutdown command followed by the no shutdown command to change the controller state.

Symptom 2: When BVI is configured on native Gigabit Ethernet interfaces of an NPE-G2 within the same group, a ping may not go through.

Condition 2: This symptom is observed on a Cisco 7200 series with an NPE-G2 that runs Cisco IOS Release 12.2(31)SB5 but is not release-specific.

Workaround 2: Configure a static MAC address.

CSCsj13347

Symptoms: Executing the clear crypto sa command.

Conditions: The problem is that the clear crypto sa and the clear crypto isakmp commands are usually used, but these commands do not trigger the reregistration.

Workaround: Use the clear crypto gdoi command.

CSCsj25395

Symptoms: Having a configuration similar to this

interface Dialer1

ip address <ip add> <mask>

encapsulation frame-relay

dialer pool 1

dialer remote-name <other_end>

dialer string 0

dialer string oe_tn

dialer caller oe_tn

dialer max-call 1

dialer-group 1

frame-relay map ip <addr> <oe_dlci> broadcast

frame-relay interface-dlci <loc_dlci>

frame-relay ip tcp header-compression

no shutdown !

And entering in the following will crash the device:

interface Dialer1

shutdown

no interface Dialer1

Conditions: Removing the Dialer interface configuration while having IPHC configured on that interface will crash the platform. This is observed on a Cisco 7200 series router that is running Cisco IOS interim Release 12.4(16.5).

Workaround: Remove any IPHC CLI from the Dialer interface prior to deleting the Dialer interface from the configuration.

CSCsj27183

Symptoms: H323-->SIP interworking fails for a Fast start call when transcoding is enabled on an IPIPGW. Transcoding is done between G711ulaw and G729r8 codecs.

Conditions: This failure is seen for H323--SIP--SIP--SIP and H323--SIP--SIP-- H323 call flows when transcoding is enabled on IPIPGW1. It is also seen on H323--H323--H323--SIP call flow for transcoding on IPIPGW2. This is seen only with a Fast Start call (both with H245 Tunnel enabled and disabled), and the call passes with a slow start call.

Workaround: There is no workaround.

CSCsj34083

Symptoms: Packets in traffic queues that are below their configured threshold may be dropped.

Conditions: This symptom is observed on a Cisco 877 and Cisco 1801 that run Cisco IOS Release 12.4(9)T3 when one of the queues trespasses its threshold. Note the following scenarios:

When congestion is present, traffic that exceeds its threshold on a CBWFQ service class causes drops on the LLQ classes although the traffic that is associated with the LLQ classes is below the associated threshold.

When best-effort bandwidth exceeds its threshold, LLQ traffic is discarded although it is below its own threshold.

When there is no congestion, the router operates as expected.

Workaround: There is no workaround.

Further Problem Description: Note that the symptom does not occur on a Cisco 878 and Cisco 1803.

CSCsj36092

Symptoms: DNS forwarding source interface when configured on a router with split DNS feature, does not send out the DNS queries through the expected configured interface.

Conditions: This symptom is seen on a router that is loaded with Cisco IOS Release 12.4(11)T3.

Workaround: Use DNS forwarder <ip address> under the DNS view.

CSCsj39503

Symptoms: Interface flap on a GET VPN group member (GM) may cause the GM not to re-register immediately to the key server (KS) after the interface is up. It can take up to a maximum of 8 minutes before re-registration happens.

Conditions: An interface is down long enough, eg. greater than eight minute, the problem will be seen after the interface is back up.

Workaround: Use EEM and trace the interface state or routing protocol neighbor. As soon as interface is UP or routing protocol neighbor is UP, issue the clear crypto gdoi command on the GM to force reregistration.

CSCsj40695

Symptoms: A Cisco router may become unresponsive or reload unexpectedly when an Embedded Event Manager (EEM) Tool Command Language (Tcl) policy that has an invalid policy registration line is registered.

Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS software image later than Release 12.4(11)T when the policy registration line is malformed. This line may become malformed when the Tcl policy is saved with a program that inserts new lines at locations where you do not expect them.

Workaround: Before the policy is registered, inspect the policy by entering the more flashdevice:filename.tcl command to ensure that the script does not have a malformed event registration line.

CSCsj43861

Symptoms: EzVPN hardware client will not attempt to connect to the same peer or the next peer after QUICK MODE failure during IKE.

Conditions: This symptom is observed when EzVPN hardware client remains in SS_OPEN state after the failure of QUICK MODE.

Workaround: Clear the EzVPN session.

CSCsj46178

Symptoms: A Cisco AS5850 responds with a 500 Endpoint Unknown to a CRCX for an endpoint on a channelized T3 card configured with external call control (ss7 calls) and t3 naming. The endpoint would respond normally to AUEP command.

Conditions: This symptom is observed on a Cisco AS5850 that is controlled via MGCP, and the endpoint naming t3 command is configured on the router either in global MGCP configuration or MGCP profile.

Workaround: Do not configure "endpoint naming t3". Use flat t1 endpoint naming instead.

CSCsj47356

Symptoms: Phone A believes that its offer (in first INVITE) is not answered yet, but it is wrong because UPDATE is for second leg where SDP answer is already sent in a 183 Session Progress.

Conditions: This symptom occurs in a call forwarding scenario. Call comes in from PSTN to a SIP and forwarded to a another SIP Phone.

Workaround: There is no workaround.

CSCsj50764

Symptoms: You may not be able to configure ATM over MPLS (ATMoMPLS).

Conditions: This symptom is observed on Cisco 7301 that has an ATM port adapter.

Workaround: There is no workaround.

CSCsj53663

Symptoms: A Cisco platform may reload when you configure or unconfigure an EEM policy.

Conditions: This symptom is observed only on a Cisco platform that runs a modular Cisco IOS software image when a syslog message is being generated while you configure or unconfigure the EEM policy.

Workaround: Do not configure or unconfigure an EEM policy while a syslog message is being generated.

CSCsj66692

Symptoms: Data corruption copy error tracebacks are seen on the console or output from the show logging command:

%DATACORRUPTION-1-DATAINCONSISTENCY: copy error,  -PC= 0x41224EFC,  -
Traceback= 0x4153A7D0 0x4155BA0C 0x4157FAF0 0x41224EFC 0x41DDC0A8 0x41DDC198 
0x41DC6D84 0x41DF3B0C 0x41DC506C 0x41DCE5A4 0x41D91AF8 0x41D90F88 0x41D9BEFC 
0x41D9C0C0 0x41DAEA68 

Conditions: Refer to CSCsj44081 for more information.

Workaround: There is no workaround.

CSCsj81015

Symptoms: Cisco Multiservice IP-to-IP Gateway (IPIPGW) crashes during a stress scenario.

Conditions: This symptom occurs in a stress scenario with 100 SIP-H323 calls + 150 SIP-H323 DTMF interworking (rtp-nte to h245-alpha) calls.

Workaround: There is no workaround.

CSCsj87522

Symptoms: RTP and RTCP ports are leaked when a ReleaseComplete (reason=newConnectionNeeded) is received as a response to a FastStart Setup that is sent.

Conditions: This problem is seen in Cisco IOS Release 12.4(11)T and Release 12.4(15)T images for a normal H323 to H323 Gatekeeper routed call with no supplementary services.

Workaround: There is no workaround.

CSCsj90012

Symptoms: Some Cisco 2800 and Cisco 3800 platform routers are observed to crash upon startup after the 256MB-v5 has been loaded, and the signature files saved to flash.

Conditions: This symptom occurs when loading the 256MB-v5.sdf file and saving signature files to flash using the ip ips config location flash. The router will then crash when restarted when the files are read out of flash.

Workaround: The crash has not been observed with the package files, such as IOS-S300-CLI.pkg, nor was it repeatable on a Cisco 3725 or Cisco 2651 router.

CSCsj99328

Symptoms: When using redundant key server (KS), after losing and regaining connect to the primary KS, group members (GMs) will continually generate thousands of register attempts. A GDOI session is correctly created, so the GMs can encrypt and decrypt traffic. However they will be heavily loaded with register attempts, and a significant number of logging messages will be generated. The thousands of register attempts will also overload the KS, preventing other routers from connecting.

Conditions: When redundant KS are configured, if the GMs do not have a connection to the primary KS on boot or when the IPSEC or GDOI lifetime expires. If they lose connection and regain it before the lifetimes expire, the problem does not occur.

Workaround: Configure the GMs for a single KS.

CSCsk01413

Symptoms: No Cisco IOS IPS signature category other than "all" may be selected before loading the signature package on to the router.

c2811#conf t
 
   
Enter configuration commands, one per line.  End with CNTLZ.
 
   
c2811(config)#ip ips signature-category 
c2811(config-ips-category)#category ?
  all  All Categories

Conditions: Also seen when CSM loads signatures and tries to set the basic category to retired false.

c2811(config)#ip ips signature-category 
c2811(config-ips-category)#category ios_ips basic
                                                             ^
^ unrecognized...

Workaround:

1. Set category all to retired true

2811b#conf t

2811b(config)#ip ips signature-category

2811b(config-ips-category)#category all

2811b(config-ips-category-action)#retired true

2811b(config-ips-category-action)

2811b(config-ips-category-action)#exit

2811b(config-ips-category)#exit

Do you want to accept these changes? [confirm]

2811b(config)#

2. Load signatures using copy command or CSM

3. Set desired categories to retired false

2811b#conf t

Enter configuration commands, one per line. End with CNTLZ.

2811b(config)#ip ips signature-category

2811b(config-ips-category)#category ios_ips basic

2811b(config-ips-category-action)#retired false

2811b(config-ips-category-action)#exit

2811b(config-ips-category)#exit

Do you want to accept these changes? [confirm]

2811b(config)#

CSCsk05059

Symptoms: A spurious access error occurs in tfib_post_table_change_sanity_check () function.

Conditions: This symptom occurs if route is deleted. ROUTE_DOWN event is triggered in tfib_post_table_change() function which in turn calls tfib_post_table_sanity_check(). In that function, spurious access is reported, as the only path of route is down.

Workaround: There is no workaround.

CSCsk10985

Symptoms: IMA group interface does not come up after the reload.

Conditions: This symptom is observed on a Cisco 2811 router with ATM interface that is using VWIC2-2MFT-T1/E1 connected to MGX AUSUM card.

Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the IMA interface.

CSCsk11273

Symptoms: Secondary key server (KS) (new primary) fails to create new TEKs during rekey intervals after network split.

Conditions: Network split --> merge--->split happens between coop key servers and secondary KS left with no TEKs earlier.

Workaround: Clear crypto gdoi in secondary key server. May also require clear crypto gdoi in group members.

CSCsk16062

Symptoms: CSM rollback of Cisco IOS IPS device fails.

Conditions: This symptom occurs on signatures loaded that are more recent than 2006-12-18.

Workaround: Disable IPS and reload required signatures.

Further Problem Description: The getConfigInfo request is returning the loaded typedefs and causing CSM to consider the signature package to be out of sync with the database.

CSCsk19108

Symptoms: Before sending initial Invite, a Cisco gateway is doing DNS SRV query which gives the actual server name where SIP service is running. And then DNS A query for this server gives IP address of Proxy Server. So initial call is established through this SIP-proxy server. After getting SIP Refer message, to initiate call-transfer with Transfer-to location as Domain-Name, SIP-gateway is doing just DNS A Record Query for Refer-to Host which is returning an IP address where SIP is not running. This causes Transfer Failure.

Conditions: This symptom is observed on a Cisco 2800 series router but is not platform dependent. The Transfer-target address received in Refer is a FQDN (with default port -5060 OR no port).

Workaround: There is no workaround.

CSCsk26973

Symptoms: A router that is running NHRP leaks memory when many incomplete cache entries are created. The incomplete cache entries can be verified by typing the show ip nhrp command and looking for "type incomplete". The memory leaked can be seen by examining the output of the show chunk command and looking for "NHRP Cache".

Conditions: This symptom could occur when traffic to nonexistent or non- responding addresses are forwarded by the router over the DMVPN/NHRP cloud.

Workaround: There is no workaround.

CSCsk29216

Symptoms: On an ATM interface, if tx-ring-limit were set to 1 with heavy traffics then the interface might get wedged. Throughput performance is degraded due to many packets got dropped.

Conditions: This symptom occurs when setting tx-ring-limit to 1 under an ATM interface with heavy burst traffics.

Workaround: Recommend minimal tx-ring-limit is 2 under this circumstance.

CSCsk60020

The Secure Shell server (SSH) implementation in Cisco IOS contains multiple vulnerabilities that allow unauthenticated users the ability to generate a spurious memory access error or, in certain cases, reload the device.

The IOS SSH server is an optional service that is disabled by default, but its use is highly recommended as a security best practice for management of Cisco IOS devices. SSH can be configured as part of the AutoSecure feature in the initial configuration of IOS devices, AutoSecure run after initial configuration, or manually. Devices that are not configured to accept SSH connections are not affected by these vulnerabilities.

Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-1159 has been assigned to this bug.

The Security Advisory for this issue is posted at

http://www.cisco.com/warp/public/707/cisco-sa-20080521-ssh.shtml.

TCP/IP Host-Mode Services

CSCsh92986

Symptoms: The latency for the RSH command could increase when they are flowing through an FWSM module.

Conditions: The following issue was observed on an FWSM that is running 2.2 (1) software. The long delay was triggered by using either Cisco IOS Release 12.3(13a)BC1 or Release 12.3(17a)BC1 on routers toward which those RSH commands were sent.

Workaround: Either bypass the FWSM module or downgrade to Cisco IOS Release 12.3(9a)BC3 which is not affected by this extra delay issue.

Wide-Area Networking

CSCsi28543

Symptoms: After reloading, one of two dialer interfaces binds all BRI channels, and finally the dialer uses only one channel. However, the one channel not used remains bound to the dialer. Therefore, the other dialers can not use an idle channel. When the problem occurs, the idle BRI channel interface status will become "hardware:down line:up".

Conditions: This problem is found when a router is rebooting, and its peer router over ISDN begins to transmit packets.

Workaround: There is no workaround.

CSCsi72045

Symptoms: A bus error crash occurs on a Cisco router that is running Cisco IOS Release 12.2(31)SB3.

Conditions: This symptom is seen with AAA and PPPoE configured.

Workaround: There is no workaround.

Resolved Caveats—Cisco IOS Release 12.4(11)T3

Cisco IOS Release 12.4(11)T3 is a rebuild release for Cisco IOS Release 12.4(11)T. The caveats in this section are resolved in Cisco IOS Release 12.4(11)T3 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

Basic System Services

CSCsg63809

Symptoms: Cisco IOS CLI commands that contain the slash character (/) are not interpreted correctly when executed over HTTP using HTTP POST.

Conditions: This symptom is observed when the HTTP POST method is used to configure commands such as the interface GigabitEthernet0/1 command.

Workaround: Execute Cisco IOS CLI commands that contain the slash character over SSH or Telnet.

IP Routing Protocols

CSCek47667

Symptoms: A router may not clear BGP routes when you enter the clear bgp ipv6 unicast * command.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2SXF but is not release-specific.

Workaround: There is no workaround.

CSCsg76408

Symptoms: Multicast traffic from a DMVPN spoke is dropped by a hub when CEF is enabled on the tunnel interface of the hub. This situation causes the spoke to remain in registering mode and the hub to forward the decapsulated data.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.4(9)T1 or an earlier release in a DMVPN environment when the mGRE tunnel interfaces are within a VRF.

Workaround: Disable CEF on the tunnel interface of the hub. Doing so enables the hub to receive the multicast traffic, although the traffic is then process-switched.

CSCsh84102

Symptoms: The following symptoms may occur:

Some DMVPN spokes become unreachable and a loop appears in a traceroute.

When you enter the show adjacency details command on the hub, the output shows that the adjacency rewrite information for a problematic spoke is the same as for another spoke.

There is an inconsistency between the NHRP cache and the adjacency for the problematic spoke.

Conditions: These symptoms are observed in a DMVPN configuration when the hub has CEF enabled.

Workaround: Disable CEF on the hub.

CSCsi32425

Symptoms: A router that is configured for static NAT translations may lose its external/global ARP entry for a NAT address.

Conditions: This symptom is observed when traffic flows run across the router, for example, when the client is outside and server is inside, and when static NAT translation is used for periods of about two minutes.

Workaround: Configure a route map that matches the static NAT translation, and apply the static NAT entry by entering either one of the following commands:

ip nat inside source static tcp local-ip local-port global-ip global-port route-map name reversible

ip nat inside source static local-ip global-ip route-map name reversible

CSCsi62559

Symptoms: OSPF packets with IP Precedence 0 are classified by SPD as priority packets. This is an error because only IP Precedence 6 packets should be classified as priority packets by SPD.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(18) or a later release but may also affect other releases.

Workaround: Use ACLs to block invalid IP control packets from reaching the control plane.

CSCsi84089

Symptoms: A few seconds after OSPF adjacencies come up, a router crashes because of a bus error.

Conditions: This symptom is observed on a Cisco router that functions as an ISR that is configured for OSPF.

Workaround: Add area 0 in the OSPF VRF processes.

Alternate Workaround: Enter the no capability transit command in the OSPF VRF processes.

CSCsi85222

Symptoms: A Cisco router that is configured as a route reflector may cause slow convergence for other peers if one PE router requests a route-refresh.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0(31)S5 and that is configured as a route reflector. The symptom may also affect other releases.

Workaround: There is no workaround.

CSCsi97586

Symptoms: A Cisco MGX-RPM-XF-512 resets after deleting Multicast VPN routing from a VRF and then deleting that VRF.

Conditions: This symptom has been observed on a system running Cisco IOS Release 12.4(6)T5 configured for Multicast VPN routing while deleting an interface.

Workaround: There is no workaround.

Miscellaneous

CSCej42879

Symptoms: A traceback may be generated when packets are transmitted over a basic IPSec connection between two peers in transmission mode and tunnel mode using multilink interfaces.

Conditions: This symptom is observed on a Cisco 3845 that runs Cisco IOS Release 12.4(5). The symptom may also affect other releases.

Workaround: There is no workaround.

CSCek76472

Symptom: A key server that functions in a Dynamic Group VPN (DGVPN) may crash because of a race condition.

Conditions: This symptom is observed when the Key Encryption Key (KEK) timeout value is configured to be equal to the Traffic Encryption Key (TEK) timeout value (for example, both are 300 seconds). When a user changes any GETVPN configurations, a rekey from the key server is triggered. If this rekey is initiated right after a KEK rekey, the key server may crash.

Workaround: Ensure that the KEK timeout value is much larger than the TEK timeout value.

CSCek77355

Symptoms: The locally significant certificate (LSC) cannot be upgraded on an ephone by using CME secure authentication.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.4(11)T2 when the authorization query fails, which you can see by enabling debug commands.

Workaround: Use an earlier release to upgrade the LSC on the ephone.

CSCek77896

Symptoms: In a Dynamic Group VPN (DGVPN) environment with a key server and multiple Group Members (GMs), when a configuration change is made on the key server, the key server sends the GMs new security associations (SAs). After a GM has received these new SAs, when the SAs on the GM are cleared and when a packet is received, the GM may crash.

Conditions: This symptom is observed when the following conditions are present:

1. The key server has the sa receive-only command enabled, causing receive-only SA rekeys to be sent to the GMs (that is, inbound only mode).

2. The no sa receive-only command is entered on the key server so that the GMs install SAs in inbound and outbound mode. This change causes a rekey to occur, and the GMs to receive new SAs.

3. The SAs on one GM are removed by entering the clear crypto sa command.

4. A host initiates a ping to this GM.

In this situation, when the GM receives the packet, the GM crashes.

Workaround: There is no workaround.

CSCin30349

Symptoms: Interface flaps on an ATM IMA port adapter may cause the router to reload.

Conditions: This symptom has been observed when using an PA-A3-8T1IMA/PA-A3- 8E1IMA port adapter on Cisco 7xxx series router platforms. Flaps must be observed or the shutdown and no shutdown commands must be performed on an applicable interface. However, this symptom is a rare condition, and will not necessarily occur with every flap. This symptom can occur with or without traffic.

Workaround: There is no workaround.

CSCsd43903

Symptoms: A Cisco router may experience memory leaks in the Crypto IKMP process when using certificates for Internet Security Association and Key Management Protocol (ISAKMP) for peer authentication.

Conditions: This symptom has been observed on Cisco IOS Release 12.2(18)SXE5 and Release 12.4(9)T2. This symptom is platform independent.

Workaround: There is no workaround to prevent the leak and the only way to recover is to reboot the device.

CSCse24889

Symptoms: Malformed SSH version 2 packets may cause a memory leak, causing the platform to operate under a degraded condition. Under rare circumstances, the platform may reload to recover itself.

Conditions: This symptom is observed on a Cisco platform that is configured for SSH version 2 after it has received malformed SSHv2 packets.

Workaround: As an interim solution until the affected platform can be upgraded to a Cisco IOS software image that contains the fix for caveat CSCse24889, configure SSH version 1 from the global configuration mode, as in the following example:

config t
ip ssh version 1
end

Alternate Workaround: Permit only known trusted hosts and/or networks to connect to the router by creating a vty access list, as in the following example:

10.1.1.0/24 is a trusted network that  
is permitted access to the router, all 
other access is denied

access-list 99 permit 10.1.1.0 0.0.0.255
access-list 99 deny any

line vty 0 4
access-class 99 in
end

Further Problem Description:

For information about configuring vty access lists, see the Controlling Access to a Virtual Terminal Line document:

http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_cntrl_acc_vtl_ps6350_TSD_Products_Configuration_Guide_Chapter.html

For information about SSH, see the Configuring Secure Shell on Routers and Switches Running Cisco IOS document:

http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml

CSCse64750

Symptoms: "%VPA-3-TSBUSY:VPA" and other error messages may be generated intermittently, and calls may fail.

Conditions: This symptom is observed on a Cisco 7206VRX that is configured with multiple VXC voice port adaptors.

Workaround: There is no workaround.

CSCse76935

Symptoms: A router that is configured for SNA Switching Services (SNASw) may crash.

Conditions: This symptom is observed when links with an end node go down and when there are multiple links to the end nodes, at least one of which supports CP-CP sessions, and one of which does not. The symptom occurs on rare occasions because of a timing condition.

Workaround: Change the end node device configuration such that all links to the SNASw router support CP-CP sessions. As per the APPN architecture, only one link does actually support CP-CP sessions.

Further Problem Description: The symptom occurs because there is a mix of APPN links (that support CP-CP sessions) and LEN links (that do not support CP-CP sessions) from an end node to the SNASw router. The recommended configuration is to have all links between two partners be of the same type. Because LEN links generally do not support parallel TGs, most likely these should be APPN links, all supporting CP-CP sessions. This is a product-dependent configuration on the end node product.

CSCsf26617

Symptoms: An MGCP gateway may intermittently unregister from a Cisco CallManager when calls to EVM FXS port are being made.

Conditions: This symptom is observed when a MGCP gateway is configured with an Extension Voice Module (EVM) that uses FXS port. The symptom occurs in the following call scenario:

1. A call is made to the FXS port and the calling party hangs up right away.

2. The FXS called party then answers the call during the first ring.

3. Because the calling party hangs up right away, the Cisco CallManager continues to send the DLCX to the gateway.

4. The gateway does not respond to three DLCXs.

In this call scenario, the Cisco CallManager unregisters the gateway after not responding to the DLCXs.

Workaround: Configure the EVM FXS ports for H.323.

Alternate Workaround: Do not use the EVM. Rather, use the VWIC on the motherboard.

CSCsg30880

Symptoms: After a router is booted or reloaded, a PVC bundle configuration that is established under an IMA interface is lost.

Conditions: This symptom is observed on a Cisco 2800 series that runs Cisco IOS Release 12.3(11)T7 or Release 12.3(14)T7 and that has the service-policy output command enabled on the PVC bundle. The symptom may also affect Release 12.4 and Release 12.4T.

Workaround: Disable the service-policy output command on the PVC bundle.

CSCsg62638

Symptoms: Scan of a router when a DNS server is enabled can cause high CPU usage of the DNS process itself. Overall performance of the device can deteriorate to some extent.

Conditions: This symptom has been observed on a router when a DNS server is enabled when running Cisco IOS software from Cisco IOS interim Release 12.4 (11.1)T up to but not including Cisco IOS interim Release 12.4(13.08)T.

Workaround: The only way to rectify this situation is to reboot the device.

Further Problem Description: Upgrading the software is suggested.

CSCsg70474

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Session Initiation Protocol (SIP)

Media Gateway Control Protocol (MGCP)

Signaling protocols H.323, H.254

Real-time Transport Protocol (RTP)

Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

CSCsg83151

Symptoms: A router may fail to forward packets via a tunnel interface.

Conditions: This symptom is observed when the tunnel interface is configured for Dynamic Multipoint VPN (DMVPN) and QoS.

Workaround: There is no workaround.

CSCsg88997

Symptoms: When a flash card is inserted in slot0 after a Cisco IAD 2430 series voice gateway boots up, the flash card is not found. Using the dir slot0: command to see if the card is recognized displays the following message:

Flash card inserted in slot0. Reading filesystem on the device... Wait for the 
completion message before accessing device Error reading slot0

Conditions: This symptom has been observed on a Cisco IAD2430, Cisco IAD2431, Cisco IAD2432, or Cisco VG224 voice gateway when the gateway is reloaded without the flash card and the flash card is inserted. While observed with Cisco IOS Release 12.4(4)T6, this symptom can occur with any version of Cisco IOS Release 12.4.

Workaround: Keep the flash card in the slot0: when booting the voice gateway or reboot after inserting the flash card.

CSCsg99814

Symptoms: On a router that functions in a GRE over IPSec or Virtual Tunnel Interface (VTI) configuration, an access control list (ACL) may be bypassed when there is an ACL on the tunnel interface.

Conditions: This symptom is observed when the ACL on the tunnel interface is configured on the outbound physical interface on which the IPSec tunnel is terminated.

Workaround: Apply the outbound ACL on the protected LAN interface instead of on the tunnel interface.

CSCsh34327

Symptoms: Classification fails after a router is reloaded.

Conditions: This symptom is observed on a Cisco 7200 series that has an NPE-G2, a PA-2H port adapter, and a PA-MC-8TE1+ port adapter.

Workaround: There is no workaround.

CSCsh58950

Symptoms: When two cooperative Group Domain of Interpretation (GDOI) key servers are set up without a rekey policy, and then the rekey policy is added, either key server may reload unexpectedly.

Conditions: The symptom is observed in a Dynamic Group VPN (DGVPN) configuration.

Workaround: There is no workaround.

CSCsh75827

Symptoms: When a router that has the ssg intercept dhcp command enabled receives a DHCP packet from a host that has already logged out from a Subscriber Edge Services Manager (SESM), the router may unexpectedly reload because of a bus error.

Conditions: This symptom is observed on a Cisco router that functions as an SSG with PBHK enabled, when a host has received an IP address that is associated with a service (via the "J" Service-Info attribute), has logged out from the SESM, and then renews its IP address.

Workaround: There is no workaround.

CSCsh84171

Symptoms: A router that is configured with an HWIC-ADSL-B/ST crashes because of memory corruption and generates the following error message:

%SYS-3-OVERRUN: Block overrun at 3F379450 (red zone 2A2A2A2A)

Conditions: This symptom is observed on a Cisco 2800 series that runs Cisco IOS Release 12.4T.

Workaround: There is no workaround.

CSCsh94757

Symptoms: A RADIUS server that is used for accounting may unexpectedly be marked dead by a router.

Conditions: This symptom is observed when RADIUS extended source ports are used and when the new extended ports potentially overlap with the UDP port range of other applications. For example, the symptom may occur when the router processes UDP packets for RTP such as in an IP-to-IP Gateway setup.

Workaround: Remove the radius-server source-ports extended command from the configuration.

CSCsh95545

Symptoms: When the cooperative key server protocol is running and when a failure occurs, the group member may not re-register.

Conditions: This symptom is observed when a network partition occurs and when the secondary key server does not create its own traffic encryption key (TEK). The group member then fails with an SPI mismatch error (which is addressed in caveat CSCsi42884). After this situation has occurred, the group member does not re-register.

Workaround: Enter the clear crypto gdoi command on the group member.

CSCsi01470

A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml.

CSCsi10157

Symptoms: When you associate and then disassociate a VRF from a tunnel source interface, a DMVPN spoke may crash.

Conditions: This symptom is observed only when a VRF is configured on a tunnel interface.

Workaround: There is no workaround.

CSCsi23968

Symptoms: When IKE phase 1 is cleared and IPSec requests a rekey, IKE fails to rekey.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.4(13.5)T. IKE rekeys phase 1 after two attempts instead of five attempts. IKE does rekey successfully within the time frame of two attempts. However, when the network connection to the peer is down and not restored within the time frame of two attempts, the rekey fails. In this situation, IKE should make five attempts. Note that the symptom is not release-specific.

Workaround: There is no workaround.

CSCsi27540

Symptoms: A VSI session may become stuck in the "RESYNC_UNDERWAY" state, preventing LVC connections from being set up. This situation is not cleared automatically, and error messages are not flushed, as is shown in the output of the show controller vsi session command.

Conditions: This symptom is observed on a Cisco router that functions as a Label Switch Controller (LSC).

Workaround: There is no workaround.

CSCsi35679

Symptoms: SIP calls legs may hang on a voice gateway.

Conditions: This symptom is observed when outgoing SIP calls are not answered and when the terminating user agent (UA) does not send the final response to an INVITE message.

Workaround: There is no workaround.

CSCsi42086

Symptoms: A memory leak may occur on a router that is configured for SSG when unsupported 3GPP attributes are received by SSG.

Conditions: This symptom is observed when SSG is configured to function in RADIUS proxy mode.

Workaround: Ensure that the unsupported 3GPP attributes are removed by filtering them before a RADIUS packet is received by SSG.

CSCsi43819

Symptoms: A cooperative key server that functions in a network split and merge scenario may crash.

Conditions: This symptom is most likely to occur when rekey retransmissions have been configured, which may cause some instability when there is a network split and merge.

Workaround: Disable rekey retransmissions.

Further Problem Description: A network split describes a network partition scenario in which two cooperative key servers can no longer communicate with each other. A network merge describes a scenario in which communication between two partitioned networks is restored and in which the two key servers also start to communicate with each other.

CSCsi54186

Symptoms: A Cisco IAD 2400 series may reject sequence numbers for Q.921, causing calls to be dropped or a PBX to lock up.

Conditions: This symptom is observed when a Cisco IAD 2400 series is connected to a third-party vendor phone system and third-party vendor PBX and occurs only when sequence number 16 or 68 is sent to the IAD.

Workaround: There is no workaround.

CSCsi54519

Symptoms: The first time a Cisco IOS IPS 4.x signature performs an inline deny action against a flow and/or attacker, a dynamic ACL is created. However, subsequent times a deny action is performed, the signature does trigger but no dynamic ACL is created.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.4(9)T3 with advanced IP services when Cisco IOS IPS has a signature action that is configured for "denyinlineflow" and/or "denyattackerinline" and when Cisco IOS IPS is enabled on an interface in the outbound direction.

Workaround: Enable Cisco IOS IPS on an interface in the inbound direction only.

CSCsi57962

Symptoms: The DNS view name is not stored in RAM when the ip dns view command is configured on a router.

Conditions: This symptom is observed on a router that runs Cisco IOS Release 12.4(11)T2.

Workaround: There is no workaround.

CSCsi59685

Symptoms: One-way audio may occur and DTMF digits may not function.

Conditions: This symptom is observed on a Cisco gateway such as a Cisco AS5400 after a SIP transfer has occurred.

Workaround: Enter the no voice-fastpath disable command to resolve the one-way audio issue. There is no workaround for the DTMF issue.

CSCsi60004

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Session Initiation Protocol (SIP)

Media Gateway Control Protocol (MGCP)

Signaling protocols H.323, H.254

Real-time Transport Protocol (RTP)

Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

CSCsi64842

Symptoms: A key server with a lower priority may become the primary key server when the key server with a higher priority is incorrectly marked dead.

Conditions: This symptom is observed randomly during cooperative key server election and seems to occur only with two key servers.

Workaround: Enter the clear crypto gdoi on the current primary key server to restart the cooperative key server election and to enable the correct key server to become the primary key server.

CSCsi67763

The U.S. Computer Emergency Response Team (US-CERT) has reported a network evasion technique using full-width and half-width unicode characters that affects several Cisco products. The US-CERT advisory is available at the following link:

http://www.kb.cert.org/vuls/id/739224

By encoding attacks using a full-width or half-width unicode character set, an attacker can exploit this vulnerability to evade detection by an Intrusion Prevention System (IPS) or firewall. This may allow the attacker to covertly scan and attack systems normally protected by an IPS or firewall.

Cisco response is posted at the following link:

http://www.cisco.com/warp/public/707/cisco-sr-20070514-unicode.shtml

CSCsi70787

Symptoms: A router may reset and generate a crashinfo file when memory that was allocated by a dead process is freed by another process.

Conditions: This symptom is observed on an RPM-XF-512 that runs Cisco IOS Release 12.4T but is not platform-specific.

Workaround: There is no workaround.

CSCsi70791

Symptoms: A Cisco router can experience a memory corruption crash related to encryption.

Conditions: This symptom has been observed when the memory lite global configuration command is disabled.

Workaround: Enable the memory allocation lite (malloc_lite) feature by using the memory lite command.

CSCsi76569

Symptoms: A Cisco 7200 series may crash during bootup or while writing or erasing the configuration during the "flow_def_master_list_lookup" process.

Conditions: This symptom is observed on a Cisco 7200 series that has an NPE-G1 or NPE-G2. The symptom occurs during bootup or when a configuration is written to or erased from memory. The symptom may also occur when you enter the show running-config command.

Workaround: There is no workaround.

CSCsi79331

Symptoms: An ephone DN gets stuck in a busy state. Callers do get a ringback tone but no phone does actually ring.

Conditions: This symptom is observed when an ephone is connected to a Cisco router in a Cisco Unified CallManager Express (CME) configuration.

Workaround: Remove the DN and then add it back. All of the buttons for this DN must be added back on the ephone.

CSCsi80749

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Session Initiation Protocol (SIP)

Media Gateway Control Protocol (MGCP)

Signaling protocols H.323, H.254

Real-time Transport Protocol (RTP)

Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

CSCsi81801

Symptoms: The h245 caps suppress nte command may not function, causing an IPPIPGW to continue to advertise the NTE capability in an H.245 capability message.

Conditions: This symptom is observed on a Cisco router that functions as an IPIPGW and that runs Cisco IOS Release 12.4 or Release 12.4T.

Workaround: There is no workaround.

CSCsi83259

Symptoms: The MPLS labels for packets that are forwarded via CEF and MPLS over a BGP route may not match the labels in the BGP table.

Conditions: This symptom is observed on a Cisco RPM-XF-512 that runs Cisco IOS Release 12.4(6)T5 but is not platform-specific.

Workaround: Enter the clear ip route command for the prefix in the VRF.

CSCsi84017

Symptoms: When you reload a Cisco 2600 series, the router may hang.

Conditions: This symptom is observed on a Cisco 2600 series when you attempt to run the c2600-entservices-mz image of Cisco IOS Release 12.4(9)T4. The symptom may also occur in other releases.

Workaround: There is no workaround.

CSCsi84591

Symptoms: When an SSG does not receive a RADIUS accounting stop message for a particular user from an Access Zone Router (AZR), the same user (with the same MAC address) does receive a new IP address from the AZR (which is also a DHCP server). In this situation, SSG receives the accounting start message from the AZR and does acknowledge the receipt, but may not create any input in the RADIUS proxy user table.

Conditions: This symptom is observed when the hotspot is part of a network that is configured as an SSG RADIUS proxy client.

Workaround: There is no workaround.

CSCsi85641

Symptoms: When the Reverse Route Remote Peer option is enabled, packets may not be forwarded correctly.

Conditions: This symptom is observed when both CEF and the reverse-route remote-peer command are enabled. When you enable the debug ip cef drops command, typically, the following is shown:

CEF-Drop: Stalled adjacency for remote-physical-ip-addr on Ethernet1/0 for destination 
remote-protected-ip-addr  
CEF-Drop: Packet for remote-protected-ip-addr -- encapsulation

Workaround: Disable CEF.

Alternate Workaround: Add a next hop to the reverse route, for example, by entering the reverse-route remote-peer ip-address command.

CSCsi90679

Symptoms: Some Atomic IP signatures may fail to alarm when they are compiled together, although they do fire when they are compiled individually.

Conditions: This symptom is observed with Cisco IOS IPS is configured on one or more interfaces and when multiple Atomic IP signatures are compiled and enabled.

Workaround: There is no workaround.

CSCsi93683

Symptoms: In Cisco IOS software that is running the Bidirectional Forwarding Detection (BFD) protocol, attempts to remove BFD sessions may fail.

Conditions: The symptom has been observed after the maximum number of supported sessions has been configured. The maximum number is 128 in most but not all releases.

Workaround: There is no workaround.

CSCsi96685

Symptoms: A router that functions as an LNS and ISG may crash at the "chunk free" function when a call is being freed or disconnected.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(31)SB and is caused by a race condition. The symptom may not be release-specific.

Workaround: There is no workaround.

Further Problem Description: The following configuration suggestions may reduce the likelihood that the race condition occurs:

Change the following in all VPDN groups:

l2tp tunnel receive-window 10000
l2tp tunnel timeout hello 180

Do not configure the router for SSO. Rather, configure RPR+.

If the following command is not required, remove it from the configuration:

aaa authentication ppp user-auth if-needed group csm-auth-acct

Configure the seconds argument of the radius-server timeout seconds command to 5 seconds.

Configure the tries argument