Cross-Platform Release Notes for Cisco IOS Release 15.3M&T
Release 15.3(1)T Caveats
Downloads: This chapterpdf (PDF - 1.12MB) The complete bookPDF (PDF - 3.05MB) | Feedback

Table of Contents

Caveats for Cisco IOS Release 15.3(1)T

Caveats

Resolved Caveats—Cisco IOS Release 15.3(1)T4

Resolved Caveats—Cisco IOS Release 15.3(1)T3

Resolved Caveats—Cisco IOS Release 15.3(1)T2

Resolved Caveats—Cisco IOS Release 15.3(1)T1

Open Caveats—Cisco IOS Release 15.3(1)T

Resolved Caveats—Cisco IOS Release 15.3(1)T

Caveats for Cisco IOS Release 15.3(1)T

Caveats

Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious. Severity 3 caveats are moderate caveats, and only select severity 3 caveats are included in this section.

In this section, the following information is provided for each caveat:

  • Symptoms—A description of what is observed when the caveat occurs.
  • Conditions—The conditions under which the caveat has been known to occur.
  • Workaround—Solutions, if available, to counteract the caveat.

NoteIf you have an account on Cisco.com, you can also use the Bug Toolkit to find select caveats of any severity. To reach the Bug Toolkit, log in to If you have an account on Cisco.com, you can also use the Bug Toolkit to find select caveats of any severity. To reach the Bug Toolkit, log in to Cisco.com and go to http://www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl. (If the defect that you have requested cannot be displayed, this may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential.)


This document contains the following sections:

Resolved Caveats—Cisco IOS Release 15.3(1)T

Resolved Caveats—Cisco IOS Release 15.3(1)T4

  • CSCtz73473

Symptom: In a rare multipath import configuration on IOS router, the following traceback is seen:

SW0: *May 4 12:08:40.175 PDT: %IPRT-3-INVALID_NEXTHOP: Duplicate ID 0x3 113.1.1.0/24 from bgp decode: 0x6770760 ---> ip_route_update+37C 0x59F7B20 ---> bgp_ipv4_rib_install+578 0x59F87C8 ---> bgp_ipv4_rib_update+108 0x5A8C524 ---> bgp_vpnv4_update_iprib+2C 0x59F8C24 ---> bgp_v4class_update_fwdtable_walker+60 ...

Though there is no operational impact, it disturbs the console with the above traceback.

Conditions: This symptom is observed when you configure the following in the VRF address family:

router bgp 200000 ! address-family ipv4 vrf 5 import path selection multipaths maximum-paths eibgp 8

Workaround: Do not log output on console but make it buffered to keep console clean.

  • CSCub45809

Symptom: Cisco IOS configured for Voice over IP may experience stack corruption due to multiple media loops.

Conditions: This requires a special configuration of IP features along with disabling the recommended media flow-around command. IOS version 15.2(2)T

Workaround: Apply media flow-around command.

PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5.4/4.4: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:H/Au:N/C:N/I:N/A:C/E:U/RL:W/RC:C

CVE ID CVE-2012-5044 has been assigned to document this issue. Additional information on Cisco’s security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

  • CSCub72198

Symptom: Executed CLI fails to sync to standby and results in standby reload.

Conditions: This occurs when the following conditions are met:

1. Active and standby are running different version of IOS image.

2. The CLI being applied is not PRC compliant, meaning that this CLI does not return a valid parser return code.

Workaround: Avoid applying CLIs that are not PRC compliant during image upgrade or downgrade.

  • CSCuc50398

Symptom: Client is crashing while doing telnet from host to server.

Conditions: The symptom is observed with the following set up:

host <---> client <---> mid-router <---> server

It crashes consistently due to memory overrun.

Workaround: There is no workaround.

  • CSCue00996

Symptom: The Cisco IOS Software implementation of the Network Address Translation (NAT) feature contains two vulnerabilities when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

Cisco has released free software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-nat


Note The March 26, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2014 bundled publication.


Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html

Conditions: See published Cisco Security Advisory

Workaround: See published Cisco Security Advisory

PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.1/5.9:

https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C

CVE ID CVE-2014-2111 has been assigned to document this issue.

Additional information on Cisco’s security vulnerability policy can be found at the following URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

  • CSCue18443

Symptom: Command authorization is denied while entering an access list that includes a host address and a subnet mask.

Conditions: This symptom occurs in Cisco IOS Release 15.1(4)M2.

Workaround: There is no workaround.

  • CSCue68714

Symptom: Newer released IOS-XE BGP, post Cisco IOS Release 15.2(4)S/XE3.7 not forming BFD session with the older implementations. This happens when using eBGP multi-hop to peer between two loopback interfaces on directly connected routers.

Conditions: This ddts adds a couple of options “[single-hop | multi-hop]” to the existing BGP-BFD knob “neighbor x.x.x.x fall-over [bfd] [check-control-plane-failure]”.

So, after the change the knob would be: “neighbor x.x.x.x fall-over [bfd] [single-hop | multi-hop] [check-control-plane-failure]”


Note Note: Existing: “neighbor x.x.x.x fall-over [bfd]” --- This behavior would not be disturbed; so that we do not change the behavior that has been released as part of all the releases for more than three years now.


Add-on in this ddts:

1. neighbor x.x.x.x fall-over [bfd] [single-hop] -- NEW-option “ingle-hop”; would force BGP to open a single-hop bfd session. Even in case of back-to-back ebgp update-source loopback with 2 hop BGP peering.

2. neighbor x.x.x.x fall-over [bfd] [multi-hop] -- NEW-option “multi-hop”; would force BGP to open a multi-hop bfd session.

Workaround: There is no work around. ISR G2 should support BFD multi-hop feature.

More Information: ISR-G2 does not support multi-hop BFD, while ISR4400 supports multi-hop BFD. BFD multi-hop support for ISR-G2 needs to be provided, so that they can interop with ISR4400 and ASRs.

  • CSCuf51357

Symptom: A vulnerability in the Secure Sockets Layer (SSL) VPN subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to a failure to process certain types of HTTP requests. To exploit the vulnerability, an attacker could submit crafted requests designed to consume memory to an affected device. An exploit could allow the attacker to consume and fragment memory on the affected device. This may cause reduced performance, a failure of certain processes, or a restart of the affected device.

Cisco has released free software updates that address these vulnerabilities. There are no workarounds to mitigate this vulnerability.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ios-sslvpn


Note The March 26, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2014 bundled publication.


Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html

Conditions: See published Cisco Security Advisory

Workaround: See published Cisco Security Advisory

PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.8/6.4:

https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C

CVE ID CVE-2014-2112 has been assigned to document this issue.

Additional information on Cisco’s security vulnerability policy can be found at the following URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

  • CSCui59185

Symptom: ASR901 crashes while booting up with memory lite disabled.

Conditions: This symptom is observed when RFLA is enabled with memory lite disabled.

Workaround: Enable memory lite.

  • CSCui59540

Symptom: A vulnerability in the implementation of the IP version 6 (IPv6) protocol stack in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause I/O memory depletion on an affected device that has IPv6 enabled. The vulnerability is triggered when an affected device processes a malformed IPv6 packet.

Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ipv6

Note: The March 26, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2014 bundled publication.

Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html

Conditions: See published Cisco Security Advisory

Workaround: See published Cisco Security Advisory

PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.8/6.4:

https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C

CVE ID CVE-2014-2113 has been assigned to document this issue.

Additional information on Cisco’s security vulnerability policy can be found at the following URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

  • CSCui63461

Symptom: Router crashes when using CCP 2.6 and 2.7 to provision the device

Conditions: This symptom is observed under normal condition

Workaround: There is no workaround.

  • CSCui88426

Symptom: A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected device that would lead to a denial of service (DoS) condition.

The vulnerability is due to how an affected device processes certain malformed IKEv2 packets. An attacker could exploit this vulnerability by sending malformed IKEv2 packets to an affected device to be processed. An exploit could allow the attacker to cause a reload of the affected device that would lead to a DoS condition.

Although IKEv2 is automatically enabled on a Cisco IOS Software and Cisco IOS XE Software devices when the Internet Security Association and Key Management Protocol (ISAKMP) is enabled, the vulnerability can be triggered only by sending a malformed IKEv2 packet.

Only IKEv2 packets can trigger this vulnerability.

Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-ikev2

Note: The March 26, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2014 bundled publication.

Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html

Conditions: See published Cisco Security Advisory

Workaround: See published Cisco Security Advisory

PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.8/6.4:

https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C

CVE ID CVE-2014-2108 has been assigned to document this issue.

Additional information on Cisco’s security vulnerability policy can be found at the following URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

  • CSCuj41494

Symptom: The Cisco IOS Software implementation of the Network Address Translation (NAT) feature contains two vulnerabilities when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

Cisco has released free software updates that address these vulnerabilities.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140326-nat


Note The March 26, 2014, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2014 bundled publication.


Individual publication links are in Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication at the following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar14.html

Conditions: See published Cisco Security Advisory

Workaround: See published Cisco Security Advisory

PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.8/6.4:

https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C

CVE ID CVE-2014-2109 has been assigned to document this issue.

Additional information on Cisco’s security vulnerability policy can be found at the following URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

  • CSCuj99819

Symptom: MVPN GRE tunnels are not established.

Conditions: BGP has a VPN peer configured using an update-source that does not have PIM enabled.

Workaround: There is no workaround.

  • CSCul14571

Symptom: Cisco router can crash after OSPFv3 is unconfigured from an interface.

Conditions: This symptom is observed when NSR is enabled.

Workaround: Unconfigure NSR before unconfiguring OSPFv3 from an interface.

More Information: This is extremely rare issue; the OSPFv3 should be in a process of check pointing LSA from primary RP to standby while an interface from which the LSA was received is unconfigured.

  • CSCul54254

Symptom: Invalid LSAs are not flushed by the router which has their Advertising Router ID. Specifically, Router LSAs which do not have LSID of 0 will not be flushed if the router does not re-originate them, and any LSA with a type that the router does not recognize.

Lingering LSAs could lead to incorrect routing in some very obscure instances. For example, stale Router LSA fragments from two neighboring routers would need to remain in the network. There would not be a routing problem if only one router’s stale Router LSA fragment was allowed to linger.

Conditions: There are several possible scenarios that could lead to this symptom. One example is that a router is configured with many interfaces attached to an OSPFv3 instance such that it originates more than one Router LSA fragment. Then the router is reloaded before the configuration is saved, and after the reload it does not reoriginate some of the Router LSA fragments.

Workaround: There is no workaround.

  • CSCul75876

Symptom: A router may crash in an OSPF process during reconfiguration.

Conditions: This symptom occurs under the following conditions:

1. Configure the router with “ipfrr” in area 0.

2. Connect router to area 0 through two links. For some route one interface is the primary path, and the second is the repair path.

3. Configure router as ABR, that is, have a non-zero area with a neighbor.

4. Do not configure “ipfrr” in the non-zero area.

5. Quickly remove the IP address from both the interfaces in area 0 and router the may crash.

Workaround: Changes to the reconfiguration procedure will avoid the crash.

1. Shutdown the interface before removing the IP

2. Remove the IP from one interface in area 0, wait for a few seconds and remove the IP address from the second interface in area 0.

  • CSCum02221

Symptom: A vulnerability in BGP processing code of Cisco IOS could allow an unauthenticated, remote attacker to cause a reload of the affected device.

The vulnerability is due to improper parsing of malformed BGP packets. An attacker could exploit this vulnerability by sending malformed BGP packets to an affected device. An exploit could allow the attacker to cause a reload of the affected device.

Conditions: Device configured for BGP.

Workaround: There is no workaround.

Resolved Caveats—Cisco IOS Release 15.3(1)T3

All the caveats listed in this section are resolved in Cisco IOS Release 15.3(1)T3. This section describes only severity 1, severity 2, and select severity 3 caveats.

  • CSCtl55445

Symptom: CUBE logs the following message:

%SIP-3-INTERNAL: Cannot insert call history entry for callID
 

Conditions: This symptom occurs when the calling party cancels the call before the connection:

INVITE --------------->--------------->
100 Trying
<--------------<----------------
180 Ringing
<--------------<----------------
CANCEL
---------------->--------------->
200 OK
<----------------<-----------------
487 Request Cancelled
<------------------<---------------
ACK
-------------------->--------------->
 

Workaround: There is no workaround.

  • CSCtx20903

Symptom: TACACS authentication fallback does not work.

Conditions: This symptom occurs in single connection TACACS host.

Workaround: Disable the single connection.

  • CSCty77441

Symptom: Memory leaks are observed after unconfiguring BFD sessions.

Conditions: This symptom occurs after BFD sessions are unconfigured.

Workaround: There is no workaround.

  • CSCtz13023

Symptom: A crash occurs during registration in SRST mode.

Conditions: This symptom occurs during registration in SRST mode.

Workaround: This issue is fixed and committed.

  • CSCtz19192

Symptom: Router crashes with the following message:

Unexpected exception to CPU: vector 1200.
 

Conditions: This symptom occurs due to a change in the bandwidth or policing rate of the dialer interface.

Workaround: Downgrade to Cisco IOS Release 15.1(4)M4.

  • CSCtz98228

Symptom: On the Cisco 3900e platform, a crash and router reload occurs without generating any crashinfo and traceback.

Conditions: This symptom could be seen with HTTP traffic intercepted by the content-scan feature. It is mostly seen during the content-scan session creation.

Workaround: Disable the content-scan feature.

  • CSCua44483

Symptoms: Mcast stops sending for all groups once all flows have ceased, due to timeout.

Conditions: This symptom occurs during normal operation, after senders have stopped sending and/or flows have timed out as normal.

Workaround: Disable and reenable mcast routing.

  • CSCua73191

Symptoms: Anyconnect fails to work with IOS SSL VPN and reports the following message:

The AnyConnect package on the secure gateway could not be located. You may be experiencing connectivity issues. Please try connecting again
 

Conditions: The issue was seen after upgrading to Cisco IOS Release 15.2(3)T.

Workaround: Connecting via the portal might help.

  • CSCub17971

Symptoms: There is no reregistration after switching from HW to SW crypto engine.

Conditions: The symptom is observed after switching from HW to SW crypto engine.

Workaround: There is no workaround.

  • CSCub83800

Symptom: The Copperopolis interface configuration gets rejected.

Conditions: This symptom occurs due to the following NBAR configurations:

flow record type mace sfr-avcrec collect application http host flow exporter LO-exp destination 10.88.128.253 source GigabitEthernet0/1
 

Workaround: Move NBAR related configurations after shdsl controller configurations.

  • CSCuc11958

Symptom: 7600-SIP-400 linecard crash seen with SPA reload.

Conditions: The symptom is observed with a SPA reload.

Workaround: There is no workaround.

  • CSCud62864

Symptoms: When the Mid-call Re-INVITE consumption feature is active, CUBE consumes Re-INVITE which should change the media state from “sendonly” to “sendrcv”. This results in a one way or no way audio on the call.

Conditions: This symptom occurs when the CUBE Mid-call Re-INVITE consumption feature is enabled.

Workaround: There is no workaround.

  • CSCud66669

Symptoms: On the Cisco 7200, the tunnel is established correctly and encryption and decryption occur correctly. However, after decryption, the packet is not punted to the iVRF in which the tunnel interface resides, leading to a broken IPSec-DataPath.

Conditions: This symptom is observed with the Cisco 7200 with VSA under the following conditions:

– Tunnel (GRE/mGRE) in an iVRF with Tunnel protection configuration.

– iVRF not equal to fVRF.

Workaround: This issue has been observed with Cisco IOS Release 15.0(1)M9 and Cisco IOS Release 12.4(24)T8, so downgrade might be an option. There is no known configuration-related workaround yet, although software crypto will work just fine.

  • CSCud67105

Symptoms: Virtual-Access is not removed when “clear ip nhrp” or “clear crypto session” are issued or when spoke-spoke FlexVPN session is gone. This is seen only in case of FlexVPN.

Conditions: This symptom is seen only when CSCuc45115 is already in image.

Workaround: There is no workaround.

  • CSCue68714

Symptom: Newer released IOS-XE BGP, post Cisco IOS Release 15.2(4)S/XE3.7 not forming BFD session with the older implementations. This happens when using eBGP multi-hop to peer between two loopback interfaces on directly connected routers.

Conditions: This ddts adds a couple of options “[single-hop | multi-hop]” to the existing BGP-BFD knob “neighbor x.x.x.x fall-over [bfd] [check-control-plane-failure]”.

So, after the change the knob would be: “neighbor x.x.x.x fall-over [bfd] [single-hop | multi-hop] [check-control-plane-failure]”

**Note: Existing: “neighbor x.x.x.x fall-over [bfd]” --- This behavior would not be disturbed; so that we do not change the behavior that has been released as part of all the releases for more than three years now.

Add-on in this ddts:

1. neighbor x.x.x.x fall-over [bfd] [single-hop] -- NEW-option “single-hop”; would force BGP to open a single-hop bfd session. Even in case of back-to-back ebgp update-source loopback with 2 hop BGP peering.

2. neighbor x.x.x.x fall-over [bfd] [multi-hop] -- NEW-option “multi-hop”; would force BGP to open a multi-hop bfd session.

Workaround: There is no work around. ISR G2 should support BFD multi-hop feature.

More Info: ISR-G2 does not support multi-hop BFD, while ISR4400 supports multi-hop BFD. BFD multi-hop support for ISR-G2 needs to be provided, so that they can interop with ISR4400 and ASRs.

  • CSCue76102

Symptom: Redistributed internal IPv6 routes from v6 IGP into BGP are not learned by the BGP neighboring routers.

Conditions: This symptom occurs because of a software issue, due to which the internal IPv6 redistributed routes from IGPs into BGP are not advertised correctly to the neighboring routers, resulting in the neighbors dropping these IPv6 BGP updates in inbound update processing. The result is that the peering routers do not have any such IPv6 routes in BGP tables from their neighbors.

Workaround: There is no workaround.

  • CSCue85804

Symptom: A memory allocation error occurs in the standby log after a switchover.

Conditions: This symptom occurs after an RP switchover on a router configured with the Locator ID Separation Protocol (LISP).

Workaround: There is no workaround.

  • CSCue95644

A limited number of Cisco IOS and Cisco IOS XE releases based on theCisco IOS 15 code base include support for a new algorithm to hashuser-provided plaintext passwords. This algorithm is called Type 4,and a password hashed using this algorithm is referred to as a Type 4password. The Type 4 algorithm was designed to be a strongeralternative to the existing Type 5 and Type 7 algorithms to increasethe resiliency of passwords used for the “enable secret password” and “username username secret password” commands against brute-forceattacks.For additional information please see the full Cisco Security Responseat the link below.

This Cisco Security Response is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4

  • CSCuf09198

Symptom: After deleting a VRF, you are unable to reconfigure the VRF.

Conditions: The symptom is observed when BGP SAFI 129 address-family is not configured, but unicast routes are installed into multicast RIB to serve as upstream multicast hop, as described in RFC 6513. This applies to VRFs configured before BGP is configured.

Workaround: Beyond unconfiguring BGP, there is no workaround once the issue occurs. Configuring a dummy VRF multicast address-family under BGP before the issue occurs can prevent the problem from occurring.

  • CSCug24114

Symptom: CTS environment-data download fails from ISE.

Conditions: The symptom is observed if there is less PAC and environment-data refresh timer is configured in ISE. After multiple refreshes of PAC and environment data and the switch is reloaded, sometimes a CTS environment-data download fails from ISE on the switch.

Workaround: Unconfigure pac key CLI and configure it again as below:

no pac key pac key <key-id>
 
  • CSCug50606

Symptom: Sometimes, IPCP assigns an different address for clients from wrong address pool.

Conditions: This symptom is observed under the following conditions:

– peer default ip address command is configured on dialers.

– There are some dialers on the Cisco router.

– The issue could happen on Cisco IOS Release 15.2(4)M3.

Workaround: There is no workaround.

  • CSCug71832

Symptom: I/O memory leaks occur with the following error messages:

SYS-2-MALLOCFAIL Memory allocation of 268 bytes failed from 0x6076C1C0, alignment 32 Pool: I/O Free: 3632 Cause: Memory fragmentation Alternate Pool: None Free: 0 Cause: No Alternate pool -Process= "SCCP Application", ipl= 0, pid= 234 -Traceback= 6082E5B4z 60761188z 607618A8z 60764930z 6237DFA4z 62379CB4z 623873A4z 62373474z 62374E64z 607FAE64z 607FAE48z

Conditions: This symptom occurs due to a slow memory leak in the SMALL and MIDDLE buffers.

Workaround: There is no workaround.

  • CSCug78098

Symptom: Supervisor engine crashes and the Cisco IOS software is forced to reload due to the PIM process.

Conditions: This symptom is observed when using the show ip pim rp-hash command right after the BSR RP times out and causes the crash.

Workaround: Perform these steps in the following order:

1. Wait for a minute after BSR RP times out before using this command.

2. Configuring no ip domain lookup will make the time taken to execute show ip pim rp-hash to a few milliseconds. This will prevent the crash from being reproduced manually.

  • CSCug85947

Symptom: OSPFv3 routes go missing after an NSR switchover.

Conditions: This symptom occurs after an SSO.

Workaround: Clear the IPv6 OSPF process.

  • CSCug86298

Symptom: The “l4f mgt task” process takes up memory and does not release it.

Conditions: This symptom occurs with scansafe configuration.

Workaround: There is no workaround.

  • CSCug99771

Symptom: OSPF N2 default route missing from Spoke upon reloading Hub. Hub has a static default route configured and sends that route over DMVPN tunnel running OSPF to spoke. When hub is reloaded, the default route is missing on Spoke. NSSA-External LSA is there on Spoke after reload, but the routing bit is not set. Hence, it is not installed in RIB on Spoke.

Conditions: Default originated using command area X nssa default-information-originate.

Workaround: Removing & re adding area X nssa default-information-originate on Hub resolves the issue.

  • CSCuh07657

Symptom: VRF Aggregate label is not re-originated after a directly connected CE facing interface (in VRF) is shut down.

Conditions: This symptom occurs in an MPLS VPN set-up with Cisco 7600(PE) Router running on Cisco IOS Release 12.2(33)SRE4 with per VRF aggregation.

For example:

mpls label mode vrf TEST protocol all-afs per-vrf
 

Workaround: Downgrade to Cisco IOS Release 12.2(33)SRE3 or earlier.

  • CSCuh24040

Symptom: BGP routes are not marked Stale and considered best routes even though the BGP session with the peer is torn down. A hard or soft reset of the BGP peering session does not help.

For BFD-related triggering, the following messages are normally produced with the BGP-5-ADJCHANGE message first, and the BGP_SESSION-5-ADJCHANGE message second. Under normal conditions, the two messages will have identical timestamps. When this problem is seen, the order of the messages will be reversed, with the BGP_SESSION-5-ADJCHANGE message appearing first, and with a slightly different timestamp from the BGP-5-ADJCHANGE message. In the problem case, the BGP_SESSION-5-ADJCHANGE message will also include the string “NSF peer closed the session”

For example when encountering this bug, you would see:

May 29 18:16:24.414: %BGP_SESSION-5-ADJCHANGE: neighbor x.x.x.x IPv4 Unicast vpn vrf VRFNAME topology base removed from session NSF peer closed the session May 29 18:16:24.526: %BGP-5-ADJCHANGE: neighbor x.x.x.x vpn vrf VRFNAME Down BFD adjacency down
 

Instead of:

May 29 18:16:24.354: %BGP-5-ADJCHANGE: neighbor x.x.x.x vpn vrf VRFNAME Down BFD adjacency down May 29 18:16:24.354: %BGP_SESSION-5-ADJCHANGE: neighbor x.x.x.x IPv4 Unicast vpn vrf VRFNAME topology base removed from session BFD adjacency down
 

Log messages associated for non-BFD triggers are not documented.

Conditions: This symptom is observed when BGP graceful restart is used in conjunction with BFD, but it is possible (but very low probability) for it to happen when BGP graceful restart processing happens when any other type of BGP reset (example: clear command) is in progress.

Affected configurations all include: router bgp ASN ... bgp graceful-restart ...

The trigger is that BGP exceeds its CPU quantum during the processing of a reset, and gives up the CPU, and then BGP Graceful Restart processing runs before BGP can complete its reset processing. This is a very low probability event, and triggering it is going to be highly dependent on the configuration of the router, and on BGP’s CPU requirements.

It is not possible to trigger this bug unless BGP graceful-restart is configured.

Workaround: If you are engaged in active monitoring of router logs, and the bug is being triggered by a BFD-induced reset, you can detect this situation by watching for the reversal of log message order described in the Symptoms section, and then take manual steps to remedy this problem when it occurs.

On the problematic router, issue no neighbor <xxx> activate command under the proper address-family will clear the stale routes.

The other option is to manually shutdown the outgoing interface which marks the routes as “inaccessible” and hence not been used anymore. This prevents the traffic blackhole but the routes will stay in the BGP table.

More Info: This bug affects all releases where CSCsk79641 or CSCtn58128 is integrated. Releases where neither of those fixes is integrated are not affected.

  • CSCuh27343

Symptom: A CUBE router may reload.

Conditions: This is only seen on a router processing voice traffic with CPA feature enabled.

Workaround: There is no workaround.

  • CSCuh32177

Symptom: The no passive-interface <if-name> command will be added automatically after configuring the "ipv6 enable" command on the interface even though the passive-interface default command is configured for OSPFv3.

(config)#interface FastEthernet0/2/0
(config-if)#ipv6 enable
(config-if)#end
#sh run | sec ipv6 router ospf ipv6 router ospf 100 router-id 10.1.1.1 passive-interface default no passive-interface FastEthernet0/2/0 <<< Added automatically.
 

Conditions: This symptom occurs when the “passive-interface default” command is configured for OSPFv3.

Workaround: Adjust the configuration manually. In this example it would be “passive-interface FastEthernet0/2/0”.

  • CSCuh40275

Symptom: SNMP occupies more than 90% of the CPU.

Conditions: This symptom is observed when polling the cefFESelectionTable MIB.

Workaround:Execute the following commands:

snmp-server view cutdown iso included
snmp-server view cutdown cefFESelectionEntry excluded
snmp-server community public view cutdown ro
snmp-server community private view cutdown rw
 
  • CSCuh40329

Symptom: OSPFV3 runs as PE-CE, but used to learn IPv4 prefixes. Core facing interface is GRE tunnel where OSPF and LDP runs. OSPV3 based Shamlinks are created between PEs. When tunnel flaps , OSPF and LDP recovers, but in a few seconds tunnel locks up. In locked up condition, all traffic fails on the tunnel, even directly connected pings. The only way to recover is to reconfigure the tunnel from scratch. It happens fairly consistently after every re-convergence, not every time though.

Conditions: Issue is seen only on ISRG2s that are configured as PEs. They are so far seen with 3925 running Cisco IOS Release 15.3(2)T and 2911 running Cisco IOS Release 15.2(4)M3.

Workaround: Use OSPF V2 based shamlinks.

  • CSCuh43027

Symptom: Prefixes withdrawn from BGP are not removed from the RIB although they are removed from the BGP table.

Conditions: A withdraw message contains more than one NLRI, one of which is for a route that is not chosen as best. If deterministic med is enabled, then the other NLRI in the withdraw message might not eventually be removed from the RIB.

Workaround: Forcibly clear the RIB.

Further Problem Description: This issue may also occur if BGP PIC is enabled and the withdraw message contains a route that is currently serving as a backup path.

  • CSCuh43252

Symptom: After upgrading to Cisco IOS Release 15.0(2)SE3, you can no longer authenticate using TACACS. The TPLUS process on the switch will be pushing the CPU up to 99%.

Conditions: The symptom is observed when you use TACACS for authentication.

Workaround: Downgrade the switch to a version prior to 15.0(2)SE3.

  • CSCuh43255

Symptom: The BGP task update-generation process may cause the router to reload, in a rare timing condition when there is prefix flap and there is high scale of prefixes going through update-generation, including the flapping prefix.

Conditions: The symptom is observed when the Cisco ASR router is acting as a route server for BGP along with having various route-server contexts. The router does not do any forwarding. It merely processes control plane traffic.

Workaround: There is no workaround.

More Info: The setup is the same as mentioned in this doc: http://www.cisco.com/en/US/docs/ios/ios_xe/iproute_bgp/configuration/guide/irg_route_server_xe.html.

  • CSCuh53544

Symptom: OSPF ABR router does not flush type-4 ASBR summary LSA after NSR swithover if the connection to ASBR is lost during NSR switchover.

Conditions: This symptom is occurs when the VSS system acts as ABR and loses connection to an ASBR during NSR switchover. This configuration is not recommended and Layer 3 topology should not change during the switchover.

Workaround: Clear ip ospf proc.

  • CSCuh57439

Symptom: The router crashes from some heap memory exception, such as “FREEFREE” or “BADMAGIC” within the checkheaps process.

Conditions: The router has experienced heavy, likely prolonged voice traffic, especially CUBE (IP-IP gateway) calls.

Workaround: There is no workaround.

  • CSCuh57618

Symptom: The gateway sends the following NOTIFY message before receiving an unsubscribe request.

Subscription-State Terminated
 

Conditions: This symptom occurs when the router is loaded with the “c2900-universalk9-mz.SPA.153-2.25.M0.1” image.

Workaround: There is no workaround.

  • CSCuh68693

Symptom: RP crashes [active RP, in the case of a dual RP setup] when the show otv isis database standard detail command is used to check details related to MAC addresses.

Conditions: This symptom occurs in valid OTV configurations (OTV state is UP and AED State is Yes).

Workaround: There is no workaround.

  • CSCuh72031

Symptom: System might crash while trying to enter into exec mode through VTY.

Conditions: IPv4 TACACS server configured for login authentication with send-nat-address option.

Workaround: Remove send-nat-address option.

  • CSCuh80914

Symptom: When using HWIC-4SHDSL with “PPP multilink fragment size” configured, packet drops with packet size which range from 472-544 bytes and also from 981-1053 bytes. The packet drops are observed only when pinging from the host systems in the LAN segment of the Cisco 1841 router and no packet drops are observed while pinging from the router. Packet drops are not observed if “PPP multilink fragement size” is not configured.

Conditions: This symptom occurs when “ppp mulitlink fragment size” is configured.

Workaround: There is no workaround.

  • CSCuh98328

Symptom: The Cisco router software restarts.

Conditions: This symptom is observed when a Cisco router is configured for waas-express. It is possible that the trigger is due to one of following reasons:

1. WAAS Express was disabled and reenabled.

2. CIFS-Express Accelerator was disabled and reenabled.

3. The “clear waas cache cifs-express” command was executed.

Workaround: There is no workaround.

  • CSCui07997

Symptom: Route over OSPFv2 sham-link shows two next hop.

Conditions: This symptom is observed when the route entry is ECMP route between the sham-link and another path.

Workaround: Break ECMP by adjusting the OSPF cost.

  • CSCui21030

Symptom: A vulnerability in OSPF implementation of Cisco IOS and Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a reload of the affected device.

The vulnerability is due to improper parsing of certain options in OSPF LSA type 11 packets. An attacker could exploit this vulnerability by sending LSA type 11 OSPF packet with unusual options set. An exploit could allow the attacker to cause a reload of the affected device.

Conditions: This symptom occurs when a bad RI opaque LSA with some unusual options is received.

Workaround: There is no workaround.

PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5.7/4.7: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:A/AC:M/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C

CVE ID CVE-2013-5527 has been assigned to document this issue.

Additional details about the vulnerability described here can be found at: http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5527

Additional information on Cisco’s security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html.

  • CSCui21348

Symptom: A router with ISM-VPN and running a 6 in 6 tunneling mode generates a “Too Big” notification only after receiving a packet with 40 bytes larger than the MTU of the outgoing interface to which a crypto map is applied.

Conditions: This symptom occurs when ISM-VPN is activated.

Workaround: Switch to onboard encryption.

  • CSCui29499

Symptom: ISIS going into INIT state.

Conditions: BFD flap leads to ISIS adjacency not coming up if the following conditions are true:

1. In P2P mode only

2. When the local node supports RFC6213 and its remote neighbor does not support RFC6213

3. The P2P link is down and adjacency is deleted on the remote neighbor and up again before the adjacency hold down timer expires on the local node that has the RFC6213 support

Workaround: Any of the following work around will work.

– Remove BFD on 903, wait for ISIS to come up and configure BFD again

– Shut and no shut the interface on the local node with RFC6213

– Not to use P2P link at all

More Info: Deviation not experienced when EIGRP or OSPF routing protocols were running over the same link as ISIS in testing.

  • CSCui42069

Symptom: A wrong classification of packets is observed.

Conditions: This symptom occurs when “match not” is used for class-map based filters in the parent class and is a part of a policy applied to an interface and the same child classes are used directly in a different policy and is applied to another interface. Classification happens wrongly for the latter.

Workaround: In a policy, do not use the same class that was used as a nested class with “match not” in another policy.

  • CSCui46593

Symptom: CPU hog crash due to Mwheel Process.

Conditions: This symptom is observed in a normal operation.

Workaround: There is no workaround.

  • CSCui82817

Symptom: Tunnel with lower absolute metric is not advertised properly.

Conditions: This issue is seen under the following conditions:

1. When there are multiple tunnels to a destination and

2. The tunnel with better metric comes up and

3. When ISIS is used as IGP and both L1 and L2 are present and configured for TE.

Workaround: Clear ISIS sessions.

  • CSCui89069

Symptom: An ISIS flap is observed on performing SSO.

Conditions: This symptom occurs when nsf ietf is configured and one or more loopbacks are configured as passive interfaces.

Workaround 1. Use nsf cisco.

Workaround 2. Continue to use nsf ietf but configure ip router isis <process_name> on the loopback interfaces.

Resolved Caveats—Cisco IOS Release 15.3(1)T2

All the caveats listed in this section are resolved in Cisco IOS Release 15.3(1)T2. This section describes only severity 1, severity 2, and select severity 3 caveats.

  • CSCty57970

Symptom: A crash occurs when “content-scan out” is unconfigured from the egress interface.

Conditions: This symptom occurs when “content-scan out” is unconfigured after router runs continuously for around two days.

Workaround: There is no workaround.

  • CSCty59423

Symptoms: Memory leak seen with following messages:

Alternate Pool: None Free: 0 Cause: No Alternate pool -Process= "VOIP_RTCP", ipl= 0, pid= 299 -Traceback= 0x25B1F0Cz 0x25AB6CBz 0x25B1029z 0x46C02Ez 0x46C89Bz 0x46BCC2z 0x471D12z 0x43EF59Ez 0x43DD559z 0x43DCF90z %SYS-2-MALLOCFAIL: Memory allocation of 780 bytes failed from 0x46C02E, alignment 32
 

Conditions: The conditions are unknown.

Workaround: There is no workaround.

  • CSCtz07902

Symptom: Standby RP crashes.

Conditions: This symptom is observed in a scaled setup with redundant RP, and with a BFD configuration on the interfaces.

Workaround: There is no workaround.

  • CSCtz53214

Symptom: The “ clear counter pseudowire <#> ” commands do not clear the pseudowire specific counters.

Conditions: This symptom is reported to be present in all Cisco IOS Release 15.X(S) versions.

Workaround: Issuing global clear count (“clear counters”) will clear counters including pseudowire specific counters.

  • CSCtz55979

Symptom: The router crashes due to memory corruption.

Conditions: This symptom occurs when you configure CFM, SCE over MPLS, VPLS, or G.8032 services while running SNMP polling.

Workaround: There is no workaround.

  • CSCtz83221

Symptom: Active or standby route processor crashes.

Conditions: This symptom can be seen during the configuration or removal of ATM virtual circuits.

Workaround: There is no workaround.

  • CSCtz90697

Symptom: EIGRP authentication is not working.

Conditions: The symptom is observed when authentication is configured with key-id 0.

Workaround: Use any other key-id for authentication.

  • CSCua26981

Symptom: A Cisco ASR router may crash due to a CPU Watchdog upon invocation of “show ip eigrp neighbor detail”.

sh ip eigrp nei detail <snip> ASR1000-WATCHDOG: Process = Exec %SCHED-0-WATCHDOG: Scheduler running for a long time, more than the maximum configured (120) secs. -Traceback= ... ========= Start of Crashinfo Collection ==========
 

Conditions: This symptom occurs when the Cisco ASR router is experiencing rapid changes in EIGRP neighborship, such as during a flap. One way to artificially create this scenario is to mismatch the interface MTU.

Workaround: There is no workaround.

  • CSCua82947

Symptom: Encapsulation for CFM messages may not be correct after the service instance encapsulation is changed. IOS-FMAN-EAOM-ERR message may be observed.

Conditions: This symptom occurs on an Ethernet CFM configured on a bridge-domain or xconnect service instance.

Workaround: There is no workaround.

  • CSCub03351

Symptom: The NBAR protocol discovery does not function correctly on the dialer in any router running NBAR on the Cisco IOS Release 15.1(4)M3.

Conditions: This symptom occurs in routers with basic NBAR configuration.

Workaround: There is no workaround.

  • CSCub04965

Symptom: Multiple symptoms may occur including the following:

– Multiple sessions established to TACACS+ server which never clear are seen in the output of show tcp brief .

– Pings to the loopback address from directly connected equipment suffers packet loss.

– Traffic and pings through the switch suffers packet loss.

– CPU utilization remained stable and below 10% when the issue was occurring ,the interface counters s were not reporting any errors or drops.

– TACACS+ Authentication errors, Authorization errors, or accounting errors.

– SSH/TELNET via VTY not accessible.

– If condition exists for a period of time the switch may stop passing traffic.

Conditions: This symptom occurs in devices configured with TACACS+. It is seen mostly on Cisco Catalyst 3750 and Cisco Catalyst 3760 switches, but has also been observed on Cisco Catalyst 6500 switches.

Workaround: Remove the AAA and TACACS+ server configuration. Clear the existing tcp connections with clear tcp tcb . Reconfigure the TACACS+ server configuration to use “single-connection’’ mode. Reconfigure the AAA configuration.

Mitigation using EEM: A Cisco IOS Embedded Event Manager (EEM) policy that is based on Tool Command Language (Tcl) can be used on vulnerable Cisco IOS devices to identify and detect a hung, extended, or indefinite TCP connection that causes the symptoms to be observed. The policy allows administrators to monitor TCP connections on a Cisco IOS device. When Cisco IOS EEM detects hung or stale TCP connections, the policy can trigger a response by sending a syslog message or a Simple Network Management Protocol (SNMP) trap to clear the TCP connection. The example policy provided in this document is based on a Tcl script that monitors and parses the output from two commands at defined intervals, produces a syslog message when the monitor threshold reaches its configured value, and can reset the TCP connection. The EEM script is available at:

https://supportforums.cisco.com/docs/DOC-19344

PSIRT Evaluation: The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels.

If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation.

Additional information on Cisco’s security vulnerability policy can be found at the following URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

  • CSCub10950

Symptom: The router crashes when an MR-APS switch is made. The crashes occur randomly.

Conditions: This symptom occurs when the MLP is configured with 12 links.

Workaround: There is no workaround.

  • CSCub19185

Symptom: Path confirmation fails for a SIP-SIP call with IPV6 enabled.

Conditions: This symptom occurs when UUTs are running Cisco IOS Release 15.2(2)T1.5.

Workaround: There is no workaround.

  • CSCub98623

Symptom: The show int command output displays the input queue size as bigger the 0, and never goes down. Shut/no shut does not help as well.

Conditions: This symptom is observed with the following conditions:

– A Cisco IOS router actions as XOT.

– The XOT Server becomes not reachable for sometime while the x25 client is attempting to send traffic.

– Cisco IOS Release 12.4(24)T7, Cisco IOS Release 15.1M ,or later releases.

Workaround: Increase the input hold queue size from default 75 to max. Monitor it periodically manually or by script and perform a planed reload when the queue size is close to max.

  • CSCuc02262

Symptom: A crash is seen at tcp_prepare_for_retransmit with the combination of IPv6 and IPv4 traffic.

Conditions: This symptom is observed in a DMVPN setup with the Cisco 2921 acting as the spoke and the Cisco 3945e as the hub. After passing HTTP traffic using IPv4 as well as IPv6, a crash is seen on the spoke.

Workaround: There is no workaround.

  • CSCuc12685

Symptom: Address Error exception is observed with ccTDUtilValidateDataInstance.

Conditions: This symptom is observed with ccTDUtilValidateDataInstance.

Workaround: There is no workaround.

  • CSCuc13992

Symptom: The Cisco IOSd process crashes due to a segmentation fault in the PPP process:

UNIX-EXT-SIGNAL: Segmentation fault(11), Process = PPP Events
 

The root cause for the PPP process crash is wrong IPCP option processing inside PPP control packets.

Conditions: This symptom occurs when the BRAS functionality is configured, which includes ISG and PPPoE session termination.

Workaround: There is no workaround.

  • CSCuc22651

Symptom: A router may experience a crash in the “BGP Task” process during best path selection. In a rare corner case, when the last two remaining multipaths are deleted around the same time by two different threads of execution, a null pointer exception can be raised in the “BGP Task” process.

Conditions: This symptom occurs when a BGP multipath is configured as shown in the following example:

address-family ipv4 maximum-paths ibgp 4
 

Workaround: Disable BGP multipath.

  • CSCuc42518

Symptom: Cisco IOS Unified Border Element (CUBE) contains a vulnerability that could allow a remote attacker to cause a limited Denial of Service (DoS). Cisco IOS CUBE may be vulnerable to a limited Denial of Service (DoS) from the interface input queue wedge condition, while trying to process certain RTCP packets during media negotiation using SIP.

Conditions: Cisco IOS CUBE may experience an input queue wedge condition on an interface configured for media negotiation using SIP when certain sequence of RTCP packets is processed. All the calls on the affected interface would be dropped.

Workaround: Increase the interface input queue size. Disable Video if not necessary.

PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4/3.1: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

CVE ID CVE-2012-5427 has been assigned to document this issue. Additional information on Cisco’s security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

  • CSCuc46087

Symptom: CUBE does not send a response to an early dialog UPDATE in a glare scenario.

Conditions: This symptom occurs when CUBE receives an early dialog UPDATE when it sends 200OK to INVITE and expects ACK.

Workaround: There is no workaround.

  • CSCuc51879

Symptom: Traffic loss occurs on the Cisco ASR 1000 Series Routers during an RP SSO switchover.

Conditions: This symptom occurs during an RP SSO switchover on the Cisco ASR 1000 Series Routers.

Workaround: There is no workaround.

  • CSCuc59858

Symptom: Valid dynamic authorization requests which are not retransmissions are marked as retransmission.

Conditions: This symptom may occur when valid dynamic authorization requests with the same RADIUS packet identifier is sent from different source ports.

Workaround: There is no workaround.

  • CSCuc69342

Symptom: About 10 minutes after CUBE boot, the router crashes with the following traceback:

-Traceback= 5B01805 46158ED 45F4F57 45BB19E 45BA1CF 451D6DC 4525549 45252D9 4519C30 45196A9 4778FFD
 

After the reload from the crash, it may take some time before it crashes again.

Conditions: This symptom occurs when CUBE receives the SIP REFER message with the Refer-To header having no user part.

Workaround: There is no workaround.

  • CSCuc76298

Symptom: In ASR B2B HA setup, the new active router crashes at ccsip_send_ood_options_ping immediately after switchover with OOD OPTIONS enabled.

Conditions: This crash is seen in the following scenario:

– Standby router has OOD OPTIONS enabled either because it is present in startup configuration or enabled after boot-up.

– Next, disable OOD OPTIONS.

– Switchover happens.

Workaround: Reload standby router once after OOD OPTIONS configuration changes from enabled to disabled.

  • CSCuc77283

Symptom: Upon reload or OIR, the CFM MEP configuration on an xconnect EFP is removed and cannot be reconfigured.

Conditions: This symptom is observed with a CFM MEP on xconnect service instance. This issue is seen when reload or OIR is performed.

Workaround: Remove the domain configuration.

  • CSCuc96241

Symptom: The Cisco Y.1731 Performance Monitoring SLM interworking between the Cisco ME3400 and the Cisco IOS-XR ASR 9000 is not functioning.

Conditions: This symptom is observed when SLM is running on the Cisco ME3400 and Cisco IOS-XR ASR 9000 router.

Workaround: There is no workaround.

  • CSCuc96631

Symptom: Incoming calls through e1 r2 stop working in Cisco IOS Release 15.2(4)M1.

Conditions: This symptom is observed with incoming calls through e1 r2 in Cisco IOS Release 15.2(4)M1. Outgoing calls work fine.

Workaround: Use Cisco IOS Release 15.2(2)T.

  • CSCud04998

Symptom: The Cisco 7600 LC crashes when the frame interval is set less than 25 ms and aggregate interval is greater than 10.

Conditions: This symptom is observed when the frame interval is set less than 25 ms and aggregate interval is greater than 10.

Workaround: Do not set the frame interval to less than 25ms.

  • CSCud05636

Symptom: The MAC-address gets corrupted when user sends the multicast traffic.

Conditions: This symptom is observed with Cisco IOS Release 15.1(4)M3 image, where as the same multicast traffic works as expected with Cisco IOS Release 12.4T image.

Workaround: A possible work around is to enable the ip pim nbma- mode command at the CPE end.

  • CSCud08595

Symptom: After reload, ISDN layer 1 shows as deactivated. Shut/no shut brings the PRI layer 1 to Active and layer 2 to multiframe established.

Conditions: This symptom occurs when “voice-class busyout” is configured and the controller TEI comes up before the monitored interface.

Workaround: Remove the “voice-class busyout” configuration from the voice-port.

  • CSCud11078

Symptom: Removal of the service instance on the target device causes a crash.

Conditions: Not consistently reproducible on all configurations as the underlying cause is a race condition.

Workaround: De-schedule the probe before removing the service instance.

  • CSCud26339

Symptom: Changing policy-map parameters triggers a Cisco IOSd crash.

Conditions: This symptom is observed when the policy-map is attached to a service instance on the Cisco ASR 903.

Workaround: Remove the policy-map from the target and then make the changes.

  • CSCud35416

Symptom: The Jabber application for iPad failed to register with Cisco Unified Border Element(CUBE). This symptom is also seen when CUBE does not respond to the “out-of-dialog” option pings(TCP) which are sent by the Microsoft Lync server.

Conditions: This symptom occurs in the following scenarios:

– Default registration with a TCP length longer than 536 bytes which causes TCP fragment in the Jabber application for iPad.

– When the call flow is as follows:

Microsoft Lync Server >> sip >> Cube
 

The following TCP flow is seen from the packet capture:

LYNC Cube Syn>>>>>> <<<<<<Syn, Ack Ack>>>>>> OPTIONS>> <<<<<<Ack : No SIP 200 OK was sent by the CUBE :

 

Workaround1: Configure the following CLI: ip tcp adjust 1400

Workaround2: Downgrade to Cisco IOS Release 15.2(3)T2.

  • CSCud36208

Symptom: The multilink ID range has to be increased from the existing 65535.

Conditions: This symptom is observed specifically with the Cisco MWR1.

Workaround: There is no workaround. The range is now made configurable based on PD.

  • CSCud41058

Symptom: There is a route-map which matches tags and set a new value. This route-map is used in an EIGRP outbound distribute list. One in 10 times based on the received route tag, the correct route tag value is not set while advertising out.

Conditions: The symptom is observed when you use a route map which matches tags and sets a new tag. Used in distribute-list route-map name out.

Workaround: Clear the EIGRP process or re-advertise the route.

  • CSCud50768

Symptom: For an elected BSR in an HA system, shortly after the standby becomes active, there is a 2-3 minutes period with no BSR messages sent.

Conditions: This symptom occurs when there is an HA switch on the elected BSR.

Workaround: There is no easy workaround other than not configuring a C-BSR on an HA system.

  • CSCud54365

Symptom: The scansafe socket is not closed by reset from the client

Conditions: This symptom occurs when sending a connection request from the client (SYN packet). This issue is seen when ack is sent instead of syn+ack for a syn request from the server. The client will send a Reset(RST) signal for ack received instead of syn+ack. The L4F/scansafe box displays that the flow is not closed.

Workaround: Make sure that the server does not have a stale TCP tuple flow entry before trying for a connection from the client.

  • CSCud55286

Symptom: Traffic drops for sometime after doing a switchover.

Conditions: The symptom is observed when a switchover is performed on a Cisco ASR 903 router.

Workaround: Put a neighbor command where the neighbor has no meaning and will never be up. This will solve the timing issue.

  • CSCud64506

Symptom: HQF does not clear up when the bandwidth remaining ratio is misconfigured on the child policy.

Conditions: This symptom is observed when an incorrect configuration triggers the policy rejection and fails on the cleanup with the nondefault queue-limit setting in the class-default class.

Workaround: Apply the configuration with the correct setting.

  • CSCud64812

A vulnerability in the implementation of the virtual fragmentation reassembly (VFR) feature for IP version 6 (IPv6) in Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to hang or reload, resulting in a denial of service (DoS) condition.

The vulnerability is due to a race condition while accessing the reassembly queue for IPv6 fragments. An attacker could exploit this vulnerability by sending a crafted stream of valid IPv6 fragments. Repeated exploitation may result in a sustained DoS condition.

Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability.

This advisory is available at the following link:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-ipv6vfr

Note: The September 25, 2013, Cisco IOS Software Security Advisory bundled publication includes eight Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the September 2013 bundled publication.

Individual publication links are in “Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication” at the following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep13.html

  • CSCud70577

Symptom: RTSP traffic is being dropped with NAT (PAT) and NBAR.

Conditions: The issue is seen when protocol-disc (cisco-ip-camera or realmedia) and NAT is enabled on the same interface.

Workaround: Disable NBAR feature.

  • CSCud96075

Symptom: A router running Cisco IOS Release 15.2(4)M2 will reload with a bus error soon after the DSP reloads when there is a live transcoding session.

Conditions: This symptom is observed with Cisco IOS Release 15.2(4)M2.

Workaround: There is no workaround.

  • CSCue03316

Symptom: The box crashed during scale testing.

Conditions: During scale testing, the box runs out of memory resulting in MALLOCFAIL. Memory malled is not checked for failure resulting in crash.

Workaround: There is no workaround.

  • CSCue05186

Symptom: FRR LFA will wrongly switch to the alternate path if BFD is unconfigured on the peer router.

Conditions: The symptom is observed if BFD is unconfigured on the peer router.

Workaround: Shut the interfaces with BFD configured, remove the BFD configuration on both routers, then re-enable the interfaces.

  • CSCue06116

Symptom: VG350 gateway crashes when the configuration file is downloaded from CUCM. This occurs when the VG350 has 144 ports configured.

Conditions: The VG350 supports a maximum of 144 FXS ports. Configure MGCP control and download configuration from CUCM, gateway crashes.

Workaround: Use no ccm-manager config to stop the configuration download from CUCM.

  • CSCue16201

Symptom: Crash occurs at IP SLAs XOS Event Processor while executing the ip sla reset command.

Conditions: This symptom is observed when cfm mep is configured on xconnect service with the new cli model, scheduled Y1731 PM session.

Workaround: There is no workaround.

  • CSCue18133

Symptom: The Cisco 7600 Router crashes at show_li_users.

Conditions: This symptom is observed under the following conditions: In li-view, create a username: lawful-intercept and li_user password: lab1. Then, attempt its delete by “no username li_user”. Later, show users of LI.

Workaround: There is no workaround.

  • CSCue26213

Symptom: The connected interface that is enabled for EIGRP will not be redistributed into BGP.

Conditions: This symptom occurs when the prefix of the connected interface is in the EIGRP topology table with “redistribute eigrp” under BGP address-family IPv4.

Workaround: Redistribute the connected interface and EIGRP.

  • CSCue28318

Symptom: A Cisco router doing authentication proxy may unexpectedly reload when running the test aaa command command.

Conditions: This symptom occurs when the router is using LDAP authentication and has a misconfigured LDAP authentication configuration.

Workaround: Correct the misconfiguration.

  • CSCue31321

Symptom: A Cisco router or switch may unexpectedly reload due to bus error or SegV when running the how ip cef ... detail command.

Conditions: This symptom is observed when the output becomes paginated and the state of the CEF adjacency changes while the prompt is waiting on the more prompt.

Workaround: Set “term len 0” before running the how ip cef ... detail command.

  • CSCue31774

Symptom: Ethernet cfm cc does not work on Cisco IOS Release 03.08.00.S on the Cisco ASR 1002 Router.

Conditions: This symptom is observed when in the setup Cisco ASR 1002----L2switch----Cisco ASR 1002, you change the vlan on L2 switch, Cisco ASR 1002 related interface will not turn down. This symptom is not observed when running Cisco IOS Release 03.07.02.S.

Workaround: There is no workaround.

  • CSCue36321

Symptom: A crash occurs when MLP is configured.

Conditions: This symptom is observed with a MLP configuration.

Workaround: There is no workaround.

  • CSCue39206

Symptom: ES crashes after the second 401 challenge.

Conditions: This symptom occurs when the second 401 is received after SDP offer/answer with 183/PRACK is complete. This is a rare scenario.

Workaround: There is no workaround.

  • CSCue48254

Symptom: After an upgrade from Cisco IOS Release 15.0M to Cisco IOS Release 15.2M, the CPU usage with the same traffic load is increased.

Conditions: This symptom is observed with the Cisco ISR-G2 platform.

Workaround: There is no workaround.

  • CSCue51886

Symptom: The SBC CUBE device rejects call connections.

Conditions: This symptom is observed when the Chunk manager holds a lot of memory and calls do not get processed.

Workaround: Reloading the box helps to make the box stable.

  • CSCue59775

Symptom: The device crashes.

Conditions: This symptom is observed when the service-policy is removed.

Workaround: There is no workaround.

  • CSCue61691

Symptom: In a dual-homing topology, switching from the backup mode to the nominal mode ends up with the active “source” router sending a data MDT but transmitting on the default MDT.

Conditions: The symptom is observed on a dual-homing topology with CORE GRE tunnel.

Workaround: Use the clear ip mroute vrf <> command.

  • CSCue68761

Symptom: A leak in small buffer is seen at ip_mforward in Cisco IOS Release 15.1(4)M3. Device: Cisco 2911 Cisco IOS: c2900-universalk9-mz .SPA.151-4.M3.bin

Conditions: This symptom is observed with the Cisco 2911 running Cisco IOS Release 15.1(4)M3.

------------------ show buffers ------------------
Buffer elements: 156 in free list (500 max allowed) 11839912 hits, 0 misses, 617 created
Public buffer pools: Small buffers, 104 bytes (total 45187, permanent 50, peak 45187 @ 10:04:00): 0 in free list (20 min, 150 max allowed) 7968057 hits, 202704 misses, 2128 trims, 47265 created 71869 failures (680277 no memory)
------------------ show buffers usage ------------------
Statistics for the Small pool Input IDB : Mu1 count: 45180 Caller pc : 0x22CF95C4 count: 45180 Resource User: IP Input count: 45180 Caller pc : 0x22381654 count: 2 Resource User: Init count: 2 Output IDB : Mu1 count: 4 Caller pc : 0x2380114C count: 4 Resource User: PIM regist count: 4 Number of Buffers used by packets generated by system: 45187 Number of Buffers used by incoming packets:
+++++++++++++++++++++++++++++small buffer packet++++++++++++++++++++++++++++++++
<snip>
Buffer information for Small buffer at 0x2A815220 data_area 0xD9DEB04, refcount 1, next 0x0, flags 0x2080 linktype 7 (IP), enctype 16 (PPP), encsize 2, rxtype 1 if_input 0x30F21520 (Multilink1), if_output 0x0 (None) inputtime 00:02:46.212 (elapsed 05:55:11.464) outputtime 00:01:22.632 (elapsed 05:56:35.044), oqnumber 65535 datagramstart 0xD9DEB56, datagramsize 38, maximum size 260 mac_start 0xD9DEB56, addr_start 0x0, info_start 0xD9DEB58 network_start 0xD9DEB58, transport_start 0xD9DEB6C, caller_pc 0x22CF0044
source: 10.131.124.33, destination: 224.0.1.40, id: 0x55F0, ttl: 11, TOS: 192 prot: 17, source port 496, destination port 496
0D9DEB56: 002145C0 002455F0 .!E@.$Up 0D9DEB5E: 00000B11 F14C0A83 7C21E000 012801F0 ....qL..|!‘..(.p 0D9DEB6E: 01F00010 82211200 00000000 000000 .p...!.........
 

Workaround: There is no known workaround. Reboot to free up the memory.

  • CSCue71921

Symptom: A crash is seen when WAAS Express is enabled and the show waas auto-discovery list command is issued.

%ALIGN-1-FATAL: Illegal access to a low address 13:37:19 CST Wed Feb 13 2013 addr=0x0, pc=0x23E18C9Cz , ra=0x23E18C90z , sp=0xC1C5E9D8
%ALIGN-1-FATAL: Illegal access to a low address 13:37:19 CST Wed Feb 13 2013 addr=0x0, pc=0x23E18C9Cz , ra=0x23E18C90z , sp=0xC1C5E9D8
TLB (store) exception, CPU signal 10, PC = 0x23E26A9C
 

Conditions: This issue occurs after entering the show waas auto-discovery list command with connections being optimized by CIFS Express Accelerator or WAAS Express.

Workaround: There is no workaround.

  • CSCue75986

Symptom: The active route processor crashes because of a segmentation fault in the PIM IPv6 process after de-configuring a VRF.

Conditions: This symptom is observed when BGP, multicast-routing, or a VRF is de-configured while VRF-forwarding for the affected VRF is still configured on some interfaces and IPv6 multicast state entries exist within the affected VRF.

Workaround: Before removing a VRF using no vrf definition xxx, de-configuring “router bgp ...”, or de-configuring multicast-routing for any VRF or for the global routing table, de-configure the IPv6 and the IPv4 MDT tunnels for affected VRFs as follows:

1. Under the “vrf definition ...”/ “address-family ipv6” configuration sub-mode, execute no mdt default ....

2. Under the "“vrf definition ...”/ “address-family ipv4” configuration sub-mode, execute no mdt default ....

  • CSCue81327

Symptom: Standby RP crashes during bulk sync with:

Unexpected exception to CPU: vector 1400
 

Conditions: The crash occurs while syncing a shutdown TE tunnel interface configuration.

Workaround: Delete the shutdown TE tunnel configuration, if not required.

  • CSCue88659

Symptom: When installing a new signature file, a Cisco router reports traceback or crash with Cisco IOS-IPS.

Conditions: This symptom occurs when installing a new signature file.

Workaround: There is no workaround.

  • CSCue92705

Symptom: The “DHCPD Receive”, “CDP Protocol”, and “Net Background” processes leaks could be seen after disabling “macro auto monitor”.

Conditions: This symptom is observed in Cisco IOS 15.0(2)SE1 Release, 2960S, dhcp, cdp traffic, and link flapping.

Workaround: Configure no service dhcp if the switch is not a DHCP server. Also, configure:

device-sensor filter-spec cdp exclude all device-sensor filter-spec dhcp exclude all device-sensor filter-spec lldp exclude all
 
  • CSCue95542

Symptom: A crash was observed after configuring ethernet CFM on the Cisco router. The crash occurred in the linux_iosd process.

Conditions: The crash was seen on the Cisco ISR4400 and the Cisco CSR1000v.

Workaround: Do not configure CFM.

  • CSCue97986

Symptom: Calls hang at SIP, CCAPI and VOIP RTP components (but are cleared in the dataplane of the Cisco ASR 1000 series platform).

Conditions: This symptom occurs when a video call is setup as an audio call. The call then gets transferred with REFER but the caller hangs up the call before the call gets transferred. This is an intermittent problem.

Workaround: If there is an SIP call dangling (sh sip call sum), then use the clear cal voice causecode 16 command to clear the dangling call.

  • CSCuf01088

Symptom: Memory leaks are observed with a Cisco ASR router with CVP call flows.

Conditions: The symptom is observed under load conditions. Memory leaks are seen in Cisco IOS Release 3.8 XE.

Workaround: There is no workaround.

  • CSCuf03079

Symptom: A Cisco router running IOS with ISIS remote-LFA configured could crash.

Conditions: Do shut and no shut on an interface multiple times.

Workaround: Disable the ISIS remote-LFA configuration.

  • CSCuf09006

Symptom: Upon doing a clear ip bgp * soft out or graceful shutdown on a PE, all VPNv4/v6 routes on an RR from this PE are purged at the expiry of enhanced refresh stale-path timer.

Conditions: The symptom is observed with the following conditions:

– PE must have BGP peering with at least one CE (VRF neighbor) and at least one RR (VPN neighbor).

– PE must have a rtfilter unicast BGP peering with the RR.

– IOS version must have “Enhanced Refresh” feature enabled.

– A clear ip bgp * soft out or graceful shutdown is executed on the PE.

Workaround: Instead of doing clear ip bgp * soft out, do a route refresh individually towards all neighbors.

  • CSCuf15260

Symptom: A Cisco ASR router crashes while sending notify with KPML digit.

Conditions: The symptom is observed on a Cisco ASR router. It is seen when the DTMF type is changing to SIP-KPML midcall.

Workaround: Do not change DTMF type mid-call.

  • CSCuf17023

Symptom: A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger an interface queue wedge on the affected device.

The vulnerability is due to improper parsing of UDP RSVP packets. An attacker could exploit this vulnerability by sending UDP port 1698 RSVP packets to the vulnerable device. An exploit could cause Cisco IOS Software and Cisco IOS XE Software to incorrectly process incoming packets, resulting in an interface queue wedge, which can lead to loss of connectivity, loss of routing protocol adjacency, and other denial of service (DoS) conditions.

Cisco has released free software updates that address this vulnerability.

Workarounds that mitigate this vulnerability are available.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-rsvp

  • CSCuf28733

Symptom: The Cisco IOS Software implementation of the network address translation (NAT) feature contains three vulnerabilities when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-nat

Conditions: See advisory for details

Workaround: There is no workaround.

Note: The September 25, 2013, Cisco IOS Software Security Advisory bundled publication includes eight Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the September 2013 bundled publication.

Individual publication links are in “Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication” at the following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep13.html

  • CSCuf62756

Symptom: If bandwidth qos-reference value is configured on an interface with bandwidth can change, then the actual interface bandwidth will be used for QoS service-policy validation when the interface bandwidth changes. This results in a service-policy being removed if the interface bandwidth is insufficient to meet the requirements of the service-policy, such as bandwidth guarantees.

Conditions: Affects variable-bandwidth interfaces such as EFM interfaces or PPP multilink bundles.

Workaround: Use proportional actions in the QoS service-policy, such as “police rate percent....”, “bandwidth remaining ratio...”, “bandwidth remaining percent...”, and “priority percent”.

Workaround 2: You can configure bandwidth qos-reference with maximum bandwidth of the interface:

interface Ethernet0 bandwidth qos-reference <max bandwidth of interface>
 

This can prevent policy-map getting detached due to interface bandwidth change.

  • CSCuf65255

Symptom: A CPU hog is caused by unnecessary requests to calculate the dynamic MPLS label range for each of the service instances configured (especially for L3VPN services).

Conditions: This symptom will occur if there is any MPLS ip-propagate-ttl, label range, or per-interface MPLS MTU configuration on the Cisco switch or router. When this configuration is present, and there are a large number of interfaces, any operation that involves generating the configuration will be slow (for example, show run, copy run, write mem, etc).

This results in the copy operation taking more than 300 seconds (for an average configuration size of 1000kB) to complete.

Workaround: Reducing the number of BGP routes injected for L3VPN sessions causes the CPU hog to last for a smaller duration as it reduces the number of MPLS labels assigned and thus the amount of unnecessary work being done.

  • CSCuf82179

Symptom: BGP routes remain installed in multicast RIB even after “address-family” configuration has been removed from “vrf definition”.

Conditions: This symptom is observed in MVPN topology, where the stale routes are installed as an upstream multicast hop, as described in RFC: http://tools.ietf.org/html/rfc6513

Workaround: There is no workaround.

  • CSCuf89642

Symptom: Crash is seen for H.323-SIP transcoding calls.

Conditions: This symptom is observed when transcoder is invoked.

Workaround: There is no workaround.

  • CSCuf93376

Symptom: CUBE reloads while testing SDP passthrough with v6.

Conditions: The symptom is observed while testing SDP passthrough with v6.

Workaround: There is no workaround.

  • CSCug04187

Symptom: Build breakage.

Conditions: This symptom occurs due to CSCuf62756.

Workaround: There is no workaround.

  • CSCug17808

Symptom: Redistributed default route not advertised to EIGRP peer.

Conditions: This symptom is observed when Cisco ASR router is rebooted or the route is cleared via the clear ip route command, the route disappears form the spokes.

Workaround: Clearing the EIGRP Neighborship restores the route on the spokes.

  • CSCug17820

Symptom: Random crashes are seen pointing to managed timer in L4F component.

Conditions: The symptom is observed during scansafe traffic.

Workaround: Disable the scansafe feature.

  • CSCug31561

A vulnerability in the DHCP implementation of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability occurs during the parsing of crafted DHCP packets. An attacker could exploit this vulnerability by sending crafted DHCP packets to an affected device that has the DHCP server or DHCP relay feature enabled. An exploit could allow the attacker to cause a reload of an affected device.

Cisco has released free software updates that address this vulnerability. There are no workarounds to this vulnerability.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-dhcp

Note: The September 25, 2013, Cisco IOS Software Security Advisory bundled publication includes eight Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the September 2013 bundled publication.

Individual publication links are in “'Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication” at the following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep13.html

  • CSCug34877

Symptom: Switch crashes with following message

%SYS-2-LINKED: Bad enqueue of 901E0D40 in queue 1AABE690 -Process= "SSH Process", ipl= 0, pid= 392
 

Conditions: Making SSH connection to remote device from the switch, while having multiple SSH connections to the same switch

Workaround: There is no workaround.

  • CSCug38248

Symptom: Watchdog crash is observed on “Common Flow Table” timer process. For example:

%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = CFT Timer Process.
 

Conditions: Error is raised due to a CPU loop while attempting to unbind and delete a child flow in the “CFT Timer” process.

Workaround: There is no workaround.

  • CSCug43453

Symptom: Cellular interface not able to establish a call.

Conditions: The symptom is observed after router bootup or reload, with an EHWIC-4G-LTE-G card and 03.05.19.04 modem firmware.

Workaround: Power-cycle or reset the modem.

  • CSCug44641

Symptom: The clear xconnect all command causes xconnect related CFM configuration to be removed permanently.

Conditions: This symptom is observed only when using xconnect related CFM configuration.

Workaround: Avoid issuing the clear xconnect all command.

  • CSCug52119

Symptom: A RIB route is present for a prefix, but the router continues to LISP encapsulate.

Conditions: This symptom is observed when a LISP map-cache existed for a prefix and then the RIB route was added later.

Workaround: Use the following command:

clear ip/ipv6 lisp map-cache <prefix>
 
  • CSCug62154

Symptom: CPU shoots to 100% with TACACS configuration. VTY to the device does not work due to this.

Conditions: This symptom is observed when the Cisco router or switch is booted up with TACACS configurations and the CPU shoots up to 100%. Telnet to the router is not possible. Any command issued on the console would take lot of time.

Workaround: Remove the TACACS configurations and then reboot the Cisco router.

  • CSCug70151

Symptom: The box crashes on removing the oneP datapath transport CLI configuration.

Conditions: This symptom occurs only on Intel-based platforms (c3945e, c3925e and IOL).

Workaround: There is no workaround.

Resolved Caveats—Cisco IOS Release 15.3(1)T1

All the caveats listed in this section are resolved in Cisco IOS Release 15.3(1)T1. This section describes only severity 1, severity 2, and select severity 3 caveats.

  • CSCta80024

Symptoms: The router crashes while using the string repeat command with the biggest number in the TCL shell.

Conditions: This symptom occurs when the string repeat command is used with the biggest number. This issue also depends on the string being used. For example, the below commands in the TCL shell will lead to crashing of the router.

proc demo foo “set bar [string repeat {$foo} 255]”
demo [string repeat a 16843010]; concat
 

Workaround: There is no workaround.

  • CSCtg82170

Symptoms: The IP SLA destination IP/port configuration changes over a random period of time. This issue is hard to reproduce but has been reported after upgrading to Cisco IOS Release 15.1(1). So far, it only seems to have affected the destination IP and port. The destination IP may be changed to an existing destination IP that has already been used by another probe. The destination port is sometimes changed to 1967 which is reserved for IP SLA control packets. Other random destination ports have also been observed to replace the configured port for some of the IP SLA probes. Each time when the change happens, many of the IP SLA probes will stop running.

Conditions: This symptom is observed in Cisco IOS Release 15.1(1)XB and Cisco IOS Release 15.1(1)T. Other Cisco IOS versions may also be affected.

Workaround: A possible workaround is to downgrade to any Cisco IOS versions older than Cisco IOS Release 15.1.x.

  • CSCtr87413

Symptoms: Static route that is injected by “reverse-route static” in crypto map disappears when the router receives the delete notify from the remote peer. Static route also gets deleted when DPD failure occurs.

Conditions: The symptom is observed when you configure “reverse-route static” and then receive a delete notify or DPD failure.

Workaround: Use clear crypto sa .

  • CSCts75737

Symptoms: Tracebacks are seen at swidb_if_index_link_identity on the standby RP.

Conditions: This symptom is observed when unconfiguring and reconfiguring “ipv4 proxy-etr” under the router LISP.

Workaround: There is no workaround.

  • CSCtw65575

Symptoms: The router may unexpectedly reload when OSPFv3 MIB is polled via SNMP.

Conditions: This symptom occurs when OSPFv3 is configured with area ranges whose prefix length is /128. A router with no area ranges is not vulnerable.

Workaround: Configure area ranges to have a smaller prefix length (that is, in the range of /0 to /127).

  • CSCtw78539

Symptoms: A Cisco ISR router running Cisco IOS Release 15.2(2)T may lose the ability to forward traffic via its Gigabit Ethernet interface due to a stuck Tx ring.

Conditions: This symptom is observed with Cisco IOS Release 15.2(1)T1, 15.2(2)T, and 15.2(4)M. This is a regression issue that does not affect 15.0(1)M3 nor 15.1(4)M2 based on anecdotal accounts. During the event the following logs can be seen which indicate a spurious memory access has occurred:

%ALIGN-3-SPURIOUS: Spurious memory access made at 0xXXXXXXXX reading 0x0
%ALIGN-3-TRACE: -Traceback= 0xXXXXXXXX ...
 

At this time, the Tx ring of the interface becomes hung, causing packet drops to accumulate at the output queue (as seen via “show interface”), effectively preventing traffic flow. Example:

Total output drops: 25185
Output queue: 331/1000/25184 (size/max total/drops)
 

Workaround: Reload the router or bounce the interface via “shut”/ “no shut”.

  • CSCtx31177

Symptoms: RP crash is observed on avl_search in a high scaled scenario.

Conditions: This symptom is observed in a high scaled scenario with continuous traffic flow.

Workaround: There is no workaround.

  • CSCtx36095

Symptoms: A traceback is seen after applying DMLP configurations while doing a line card reload.

Conditions: This symptom occurs during a line card reload.

Workaround: There is no workaround.

  • CSCty44654

Symptoms: The router crashes when trying to test the MVPN6 functionality.

Conditions: This symptom is observed with the following conditions:

– Configure the router to test the MVPN6 functionality.

– Delete the VRF associated with the interface in the MVPN6 test configuration.

Workaround: There is no workaround.

  • CSCty57476

Symptoms: The BGP GSHUT feature needs to add support for the AA:NN format for community.

Conditions: This symptom is observed when support is added for the AA:NN format for community when using the BGP GSHUT feature.

Workaround: The <1-4294967295> community number can be used instead of the AA:NN format.

  • CSCty82414

Symptoms: Frequent crashes are seen with IPS enabled Firewall and passing TCP traffic. Trace decode points to the “ips_dp_feature_action_internal” function or nearby areas.

Conditions: This symptom occurs when IPS is enabled with Firewall in the router.

Workaround: There is no workaround.

  • CSCtz35999

The Cisco IOS Software Protocol Translation (PT) feature contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

Cisco has released free software updates that address this vulnerability.

Workarounds that mitigate this vulnerability are available.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-pt

Note: The March 27, 2013, Cisco IOS Software Security Advisory bundled publication includes seven Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2013 bundled publication.

Individual publication links are in “Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication” at the following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar13.html

  • CSCua47056

Symptoms: The Cisco Catalyst 6000 crashes after the removal of the supervisor module from active VSS with the following traceback:

0x41048F64 ---> ospf_rcv_dbd+F48 0x41041FE8 ---> ospf_router+548 0x4166C0B0 ---> r4k_process_dispatch+14 0x4166C09C ---> r4k_process_dispatch
 

Conditions: This symptom occurs when the following reproduction procedure is performed:

NSF is disabled including helper using the below given commands:

router ospf <AS>
no nsf
nsf cisco helper disable
 

Adjacency flapped.

NSF enabled again.

Performed switchover.

Workaround: Avoid the reproduction procedure in the production. Neighbors should see the router configured for “nsf cisco” as OOB resync capable:

Router#sh ip ospf nei <interface> detail
...
LLS Options is 0x1 (LR) <-- LR bit means OOB resync capability
...
 

If the router is configured for the “nsf cisco”, but the neighbor does not see LR bit set for router with “nsf cisco”, flap the adjacency, and OOB resync capability will be renegotiated.

  • CSCua61330

Symptoms: Traffic loss is observed during switchover if,

1. BGP graceful restart is enabled.

2. The next-hop is learned by BGP.

Conditions: This symptom occurs on a Cisco router running Cisco IOS XE Release 3.5S.

Workaround: There is no workaround.

  • CSCua75069

Symptoms: BGP sometimes fails to send an update or a withdraw to an iBGP peer(missing update).

Conditions: This symptom is observed only when all of the following conditions are met:

1. BGP advertise-best-external is configured, or diverse-path is configured for at least one neighbor.

2. The router has one more BGP peers.

3. The router receives an update from a peer, which changes an attribute on the backup path/repair path in a way which does not cause that path to become the best path.

4. The best path for the net in step #3 does not get updated.

5. At least one of the following occurs:

– A subsequent configuration change would cause the net to be advertised or withdrawn.

– Dampening would cause the net to be withdrawn.

– SOO policy would cause the net to be withdrawn.

– Split Horizon or Loop Detection would cause the net to be withdrawn.

– IPv4 AF-based filtering would cause the net to be withdrawn.

– ORF-based filtering would cause the net to be withdrawn.

– The net would be withdrawn because it is no longer in the RIB.

The following Cisco IOS releases are known to be impacted if they do not

include this fix:

– Cisco IOS Release 15.2T and later releases

– Cisco IOS Release 15.1S and later releases

– Cisco IOS Release 15.2M and later releases

– Cisco IOS Release 15.0EX and later releases

Older releases on these trains are not impacted.

Workaround: If this issue is triggered by a configuration change, you can subsequently issue the clear ip bgp neighbor soft out command.

  • CSCua76157

Symptoms: BGP routes are displayed.

Conditions: This symptom occurs after removing the “send-label” from PE.

Workaround: There is no workaround.

  • CSCua78782

Symptoms: Authentication of EzVPN fails.

Conditions: The symptom is observed with BR-->ISP-->HQ.

Workaround: There is no workaround.

  • CSCub04982

Symptoms: In an IPFRR configuration, a traceback is seen about changing the FRR primary OCE where the new OCE has a different interface and next-hop, which blocks such a linkage.

Conditions: This symptom occurs while changing the FRR primary OCE interface to a new OCE with a different interface.

Workaround: There is no workaround.

  • CSCub14145

Symptoms: A Cisco ISR-G2 with VPN-ISM logs output similar to:

!! Cannot find ISM-VPN counters struct for flowid: 0x44000084
 

Conditions: This symptom is observed when using a VPN-ISM in an IPsec deployment with images from the Cisco IOS 15.2 train.

Workaround: There is no workaround.

Further Problem Description: The issue is cosmetic in nature while the VPN-ISM is queried for counters, for example, show commands.

  • CSCub38559

Symptoms: When static recursive routes are used in an MVPNv6 environment, multicast traffic loss can occur due to failure to determine the correct RPF interface for a multicast source or rendezvous point.

Conditions: This symptom occurs if a static route to an IPv6 address at a remote site (remote side of a VPN cloud) resolves via a BGP route, resulting in a failure to install the required MDT alternate next-hop in the recursively referenced BGP route.

Workaround: Executing “show ipv6 rpf vrf X <address>” for any address within the recursively referenced BGP prefix range will cause installation of the required alternate next-hop.

  • CSCub44898

Symptoms: Stale scansafe sessions are seen on the router. They do not get cleared even with the clear content-scan sessions * command.

Conditions: This symptom occurs when one of the end points (client or server) does not properly close the connection. In TCP terms, when one end does not send an ACK to the FIN request sent by the other end in L4F UNPROXIED state.

Workaround: There is no workaround. The router needs to be rebooted to clear the stale sessions.

  • CSCub55790

The Smart Install client feature in Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

Affected devices that are configured as Smart Install clients are vulnerable.

Cisco has released free software updates that address this vulnerability. There are no workarounds for devices that have the Smart Install client feature enabled.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-smartinstall

  • CSCub56064

Symptoms: Ping fails after doing EZVPN client connect if CEF is enabled.

Conditions: This symptom is observed with the Cisco IOS Release 15.3(0.8)T image. This issue is seen only for a specific topology, where the in/out interface is the same.

Workaround: There is no workaround.

  • CSCub67465

A vulnerability in the T1/E1 driver queue implementation of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an interface wedge condition, which could lead to loss of connectivity, loss of routing protocol adjacency, and could result in a denial of service (DoS) scenario.

The vulnerability is due to incorrect implementation of the T1/E1 driver queue. An attacker could exploit this vulnerability by sending bursty traffic through the affected interface driver. Repeated exploitation could cause a DoS condition.

Workarounds to mitigate this vulnerability are available.

Cisco has released free software updates that address this vulnerability. This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-wedge

Note: The September 25, 2013, Cisco IOS Software Security Advisory bundled publication includes eight Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the September 2013 bundled publication.

Individual publication links are in “Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication” at the following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep13.html

  • CSCub74272

Symptoms: Intermittently during Phase II rekey, after new SPIs are negotiated and inserted into SPD, old SPIs are removed and then the VTI tunnel line protocol goes down.

Conditions: This symptom is observed with Cisco IOS Release 15.2(3)T, with VTI over GRE.

Workaround: There is no workaround.

  • CSCub76103

Symptoms: When callback tries to send a message, there is a traceback.

Conditions: This symptom is observed when you set the call-home profile’s transport to HTTP but you do not set the HTTP address.

Workaround: When you set the call-home profile’s transport to HTTP, ensure the HTTP address value is also set correctly. For example, in call-home profile mode:

destination address http https://example.xxx.xxx
 
  • CSCub80386

Symptoms: The following interface configuration should be used:

interface Ethernet2/1
description lanethernet1
ipv6 enable
ospfv3 100 network manet
ospfv3 100 ipv6 area 0
 

Dead interval is calculated according to network type; in this case, it is 120s. Issue the no ospfv3 dead-interval command on dead interval. Dead interval is set to the default of 40s instead of 120s, which is correct for manet or P2MP interface types.

Conditions: This symptom is an OSPFv3-specific issue (see the configuration example).

Workaround: Configure dead interval explicitly or reapply the network command.

  • CSCub80710

Symptoms: SSL handshake between Cisco VCS and the Cisco ASR fails if the Cisco ASR is running Cisco IOS XE Release 3.7S.

Conditions: This symptom occurs in a working setup, if the Cisco ASR is upgraded to Cisco IOS XE Release 3.7S, then SSL handshake and subsequently SIP-TLS calls start to fail. If in the same setup, the Cisco ASR is downgraded back to Cisco IOS XE Release 3.5S or Cisco IOS XE Release 3.4.4S, then the calls work (without requiring any additional changes).

Workaround: There is no workaround.

  • CSCub85451

Symptoms: When “Scan Safe” is enabled on the interface, latency may be seen. Some pages may not load at all or show severe latency if the SYN request sent by the ISR does not receive an appropriate SYN ACK response from the Scan Safe Tower.

Conditions: This symptom occurs when “Scan Safe” is enabled on the interface. In this case, there was an ASA in the path that enabled sequence number randomization.

Workaround: Disable sequence number randomization on the firewall in the path before the ISR.

PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4.3/4.1:

https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:N/C:N/I:N/A:P/E:F/RL:U/RC:C

CVE ID CVE-2012-4651 has been assigned to document this issue. Additional information on Cisco’s security vulnerability policy can be found at the following URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

  • CSCub89144

Symptoms: In a VTI scenario with HSRP stateless HA, the tunnel state on standby is up/up.

Conditions: This symptom occurs when HSRP is configured and there is no SSO configuration.

Workaround: There is no workaround.

  • CSCub95261

Symptoms: The device crashes due to a bad reference count:

%SYS-2-CHUNKBADREFCOUNT: Bad chunk reference count, chunk 40A82BB4
data 313E2F40 refcount FFFFFFFF alloc pc
2341E7F4. -Process= "CSDB Timer process", ipl= 3, pid= 274
-Traceback= <HEX TRACEBACK HERE>
chunk_diagnose, code = 3
chunk name is CSDB l4 structu
 
current chunk header = 0x313E2F30
data check, ptr = 0x313E2F40
 
next chunk header = 0x313E2F90
data check, ptr = 0x313E2FA0
 
previous chunk header = 0x313E2ED0
data check, ptr = 0x313E2EE0
 

Conditions: This symptom occurs only when IPS is enabled on the router. The likelihood of the defect increases when there is a sudden surge of concurrent short-lived flows, for example, SYN floods.

Workaround: Disable IPS.

  • CSCuc06307

Symptoms: When an L2TPv3 xconnect with IP interworking is configured on a Switched Virtual Interface (interface vlan), it may fail to pass traffic. With debug subscriber packet error enabled, debug messages like the following are output:

AC Switching[Vl10]: Invalid packet rcvd in process path, dropping packet
 

Conditions: This symptom has been observed in Cisco IOS Release 15.2(3)T4 and earlier.

Workaround: There is no workaround.

  • CSCuc08061

Symptoms: IPv6 DMVPN spoke fails to rebuild tunnels with hubs.

Conditions: This symptom occurs when the tunnel interface on the spoke is removed and reapplied again.

Workaround: Reboot the spoke.

  • CSCuc09483

Symptoms: Under certain conditions, running a TCL script on the box may cause software traceback and reload of the affected device.

Conditions: This symptom occurs when a Privilege 15 user may run TCL commands that may lead to an affected device reloading.

Workaround: There is no workaround.

PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 3.8/3.6:

https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:L/AC:H/Au:S/C:N/I:N/A:C/E:F/RL:U/RC:C

No CVE ID has been assigned to this issue. Additional information on Cisco’s security vulnerability policy can be found at the following URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

  • CSCuc14088

Symptoms: The default class is not being exported with the class option template.

Conditions: This symptom occurs when class-default is not exported when typing the option c3pl-class-table under the flow exporter.

Workaround: There is no workaround.

  • CSCuc15695

Symptoms: The counters are not polling the correct stats.

Conditions: This symptom was first observed on the ATM interfere, but it is not particular to the ATM as this issue was reproduced on the Gigabit Ethernet interface as well.

Workaround: There is no workaround.

  • CSCuc19046

Symptoms: Active Cisco IOSd was found to have crashed following the “clear ip mroute *” CLI.

Conditions: This symptom occurs with 4K mroutes (2k *,G and 2K S,G) running the FFM performance test suite.

Workaround: There is no workaround.

Further Problem Description: So far, this issue is only seen in the FFM performance test script.

  • CSCuc19862

Symptoms: Traceback and CPU hog is seen due to spurious memory access when Flexible NetFlow (FNF) is enabled.

Conditions: This symptom is seen when enabling FNF.

Workaround: Use classic netflow or configure FNF on the tunnel template interface (preferred).

Note: the first option of using classic netflow is not available on some platforms which only support FNF. Notably these are Cat 6k, Sup 2T and the Cat 4K K10.

  • CSCuc31725

Symptoms: CUBE fails to resolve the configured DNS through A query when the SRV query fails.

Conditions: This symptom occurs when running Cisco IOS Release 15.3(0.11)T.

Workaround: Use DNS SRV records for SIP servers.

  • CSCuc37047

Symptoms: VSS crashes on reconfiguring “ipv6 unicast-forwarding” multiple times.

Conditions: This symptom occurs when CTS is configured on an interface and “ipv6 unicast” is toggled multiple times.

Workaround: There is no workaround.

  • CSCuc44438

Symptoms: There is a memory corruption issue with loading NBAR protocol pack.

Conditions: This symptom occurs when an NBAR protocol pack is loaded into the router using the ip nbar protocol-pack command.

Workaround: There is no workaround.

  • CSCuc45115

Symptoms: EIGRP flapping is seen continuously on the hub. A crash is seen at nhrp_add_static_map.

Conditions: This symptom is observed in the case where there are two Overlay addresses of a different Address Family on the same NBMA (such as IPv4 and IPv6 over IPv4). This issue is observed after shut/no shut on the tunnel interface, causing a crash at the hub. A related issue is also seen when there is no IPv6 connectivity between the hub and spoke, causing continuous EIGRP flapping on the hub.

Workaround: There is no known workaround.

  • CSCuc45528

Symptoms: Leaks are seen at nhrp_recv_error_indication.

Conditions: This symptom occurs only when the fix of CSCub93048 is present in the image.

Workaround: There is no workaround.

  • CSCuc47399

Symptoms: IKEv2 STOP Accounting records show wrong counters for packets/octets, when the sessions are locally cleared using “clear crypto sa” or “clear crypto session” on ASR1K.

Conditions: This symptom is observed with latest Cisco IOS XE Release 3.8S images when IKEV2-Accounting is enabled. This issue is easily reproducible with a single session, and may be service impacting as STOP Accounting records are usually used for billing purposes.

Workaround: The STOP records reflect the right counters when the disconnect is through the remote-end.

  • CSCuc48211

Symptoms: Traffic from the Label Edge Router (LER) is dropped at the Label Switch Router (LSR) peer. LER is using a invalid/outdated label, unknown to LSR. This issue can be seen with a regular MPLS connection over a physical interface or with a connection over an MPLS TE tunnel interface. The root cause is that LER is using CEF long-path extension, installed to the prefix by a different routing protocol in the past.

 

TUNNEL-HEADEND/LER#show ip cef 172.25.0.1 internal
172.25.0.0/16, epoch 6, flags rib only nolabel, rib defined all labels, RIB[B],
refcount 5, per-destination sharing
sources: RIB
feature space:
IPRM: 0x00018000
Broker: linked, distributed at 4th priority
LFD: 172.25.0.0/16 0 local labels
contains path extension list
ifnums:
TenGigabitEthernet1/0/0(31): 10.10.243.48
Tunnel11(38)
path 1F13EC1C, path list 1436FC80, share 1/1, type recursive, for IPv4
recursive via 10.10.254.3[IPv4:Default], fib 21B2A5CC, 1 terminal fib,
v4:Default:10.10.254.3/32
path 13A71668, path list 20C50DB0, share 1/1, type attached nexthop, for IPv4
MPLS short path extensions: MOI flags = 0x1 label 1683
nexthop 10.10.243.48 TenGigabitEthernet1/0/0 label 1683, adjacency IP adj
out of TenGigabitEthernet1/0/0, addr 95.10.243.48 20BCED00
path 13A745A8, path list 20C50DB0, share 1/1, type attached nexthop, for IPv4
MPLS short path extensions: MOI flags = 0x1 label 623
MPLS long path extensions: MOI flags = 0x1 label 18
nexthop 10.10.255.130 Tunnel11 label 18, adjacency IP midchain out of
Tunnel11 22923160
long extension for path if Tunnel11 next hop 10.10.255.130:
MPLS long path extensions: MOI flags = 0x1 label 18
long extension for path if Tunnel22 next hop 10.10.255.129:
MPLS long path extensions: MOI flags = 0x1 label 651
output chain:
loadinfo 212F8810, per-session, 2 choices, flags 0083, 4 locks
flags: Per-session, for-rx-IPv4, 2buckets
2 hash buckets
< 0 > label 1683 TAG adj out of TenGigabitEthernet1/0/0, addr
10.10.243.48 20BDC860
< 1 > label 18 TAG midchain out of Tunnel11 20C92B00 label implicit-null
TAG adj out of TenGigabitEthernet1/0/1, addr 10.10.243.50 20B21440
Subblocks:
None
TUNNEL-TAILEND/LSR# sh mpls forwarding-table labels 18
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
TUNNEL-TAILEND#
 

Conditions: This symptom occurs when the prefix is learned by both BGP and IGP, while BGP has lower Administrative Distance, pointing via the MPLS TE tunnel carrying MPLS. This issue is seen once the prefix is installed to RIB by IGP and then by BGP (Reload, BGP flap, etc.); then, the CEF will keep using the IGP/LDPs label without updating it in case of LDP label change.

Workaround: Issue the clear ip route prefix mask command.

  • CSCuc49364

Symptoms: A discrepancy is seen between show profile flow and show metadata table.

Conditions: This symptom is observed on SIP Re-invite.

Workaround: There is no workaround.

  • CSCuc54300

Symptoms: The following error message is seen during a system reboot/boot:

“Notification timer Expired for RF Client: Redundancy Mode RF(5030)”
 

Conditions: This symptom occurs during a system reboot/boot.

Workaround: There is no workaround. This is a rare bug which needs a specific timing sequence to occur. The system reloads after this error. In most cases, the system will come up smoothly after a reload, else it will come up after one or two reloads.

  • CSCuc55346

Symptoms: SNMP MIB cbQosCMDropPkt and cbQosCMDropByte report 0.

Conditions: This symptom is observed with Cisco IOS Release 15.1(3)S1 and Cisco IOS Release 15.2. This issue is not seen with Cisco IOS Release SRE4.

Workaround: Use SNMP MIB cbQosPoliceExceededPkt and cbQosPoliceExceededByte.

  • CSCuc55634

Symptoms: IPv6 static route cannot resolve the destination.

Conditions:

1. A VRF is configured by the old style CLI (for example "ip vrf RED").

2. Configure “ip vrf forwarding RED” under an interface.

3. Configure IPv6 address under the same interface (for example 2001:192:44:1::2/64).

4. Configure IPv6 static route via the interface configured in item 3, (for example IPv6 route 2001:192:14:1::/64 2001:192:44:1::1).

5. Then, we are not able to ping the 2001:192:14:1::2 although we can reach 2001:192:44:1::1.

Workaround: There is no workaround.

  • CSCuc60297

Symptoms: Redistribute or source (network statement) VRF route into BGP. BGP VRF prefix with next hop from global, the next-hop will be inaccessible.

Conditions: This symptom is observed when redistribute VRF routes into BGP with global NH.

Workaround: There is no workaround.

  • CSCuc67687

Symptoms: With a rare combination, and VRF-related RG configurations, the router may crash following the configuration commands.

Conditions: This symptom is observed with the following configuration:

R1-13RU(config-if)#ip vrf forwarding b2b-vrf
% Interface GigabitEthernet0/1/0 IPv4 disabled and address(es) removed due to
enabling VRF b2b-vrf
% Interface GigabitEthernet0/1/0 virtual IP address <ip> removed due to VRF change
% Zone security Z1 is removed due to VRF config change on interface
GigabitEthernet0/1/0
 
R1-13RU(config-if)#ip address <ip> <mask>
R1-13RU(config-if)#zone-member security Z1
R1-13RU(config-if)#redundancy group 1 ip <ip> exc dec 50
 

Workaround: There is no known workaround.

  • CSCuc70310

Symptoms: RRI routes are not installed in DMAP. “reverse-route” is a configuration in the DMAP. This prevents packets from being routed through the intended interface, and hence packet loss occurs.

Conditions: This symptom is observed when a simple reverse-route is configured in DMAP without any gateway options.

Workaround: There is no workaround.

 

  • CSCuc71493

Symptoms: Significant transaction time degradation is observed when an e-mail with attachment(s) is sent from the Windows 7 client using Outlook to a server running Outlook 2010 on the Windows 2008 server and the WAN latency is low, that is, ~12ms RTT.

Conditions: This symptom is observed when the client is Windows 7 and data is being uploaded using the MAPI protocol and the connection is being optimized by WAAS-Express.

Workaround: Disable WAAS-Express.

  • CSCuc71706

Symptoms: Execution of the show run command and other commands such as copy run start and show access-list cause the router to stop for a few minutes before completing.

Conditions: This symptom is observed with Cisco ISR G2 routers. This issue is seen only with IPV6 configured and used.

Workaround: There is no workaround.

  • CSCuc72594

The Cisco IOS Software implementation of the IP Service Level Agreement (IP SLA) feature contains a vulnerability in the validation of IP SLA packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

Cisco has released free software updates that address this vulnerability. Mitigations for this vulnerability are available.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130327-ipsla

Note: The March 27, 2013, Cisco IOS Software Security Advisory bundled publication includes seven Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the March 2013 bundled publication.

Individual publication links are in “Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication” at the following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar13.html

  • CSCuc73677

Symptoms: RSA keys are not generated correctly.

Conditions: This symptom occurs when you first clear the RSA keys that are already generated on the router, and then generate the RSA keys.

Workaround: There is no workaround.

  • CSCuc76130

Symptoms: IPsec SAs are not getting deleted even after removing the ACL.

Conditions: This symptom occurs when using the IPsec feature with Cisco IOS Release 15.3(0.18)T0.1.

Workaround: There is no workaround.

  • CSCuc77704

Symptoms: The GETVPN/GDOI Secondary Cooperative Key Server (COOP-KS) does not download the policy (that is, when the show crypto gdoi ks policy command is issued on the Secondary COOP-KS and the command output shows that no policy is downloaded) and Group Members (GMs) registering to the Secondary COOP-KS fail to register without any warning/error message.

Conditions: This symptom is observed when the GETVPN/GDOI group (with COOP configured) has an IPsec profile configured with one of the following transforms in its transform-set:

– esp-sha256-hmac

– esp-sha384-hmac

– esp-sha512-hmac

Workaround: Use esp-sha-hmac as the authentication transform instead.

  • CSCuc79143

Symptoms: The cellular driver should handle the profile getting inactive and should bring down the cellular interface.

Conditions: This symptom occurs when the profile is deactivated by the HA.

Workaround: Doing a “clear line” will bring down the cellular interface and restore the connection.

 

  • CSCuc82224

Symptoms: When a dynamic-EID host moves from one site to another, the hosts at the old site may not be able to communicate with the host that moved away.

Conditions: This symptom occurs if the xTR at the old site had a map-cache entry for the dynamic-EID host that moved, for example, due to lig self. Then, this map-cache entry prevents communication after the dynamic-EID host moved away.

Workaround: Clear the map-cache entry for the host prefix in question.

  • CSCuc82551

Symptoms: A Cisco ASR 1001 running Cisco IOS XE Release 3.6.2S or Cisco IOS XE Release 3.7.1S crashes with SNMP traffic.

Conditions: This symptom is observed with SNMP polling with an IP SLA

configuration. The crash signature is as follows:

UNIX-EXT-SIGNAL: Segmentation fault(11), Process = SNMP ENGINE
 

Workaround: Remove the SNMP configuration from the router or schedule the probe before polling via SNMP.

  • CSCuc87208

Symptoms: The router crashes while configuring inherit peer-session.

Conditions: A peer-session template is inheriting from another peer-session template where the inherited template has the “ha-mode sso” configured. For example:

router bgp 1 template peer-session ps.rmtAS.10000 remote-as 10000 exit-peer-session template peer-session ps.rmtAS.10000.sso inherit peer-session ps.rmtAS.10000 ha-mode sso exit-peer-session template peer-session ps.rmtAS.10000.sso.bfd inherit peer-session ps.rmtAS.10000.sso
 

Workaround: There is no workaround.

  • CSCud01502

Symptoms: A crash occurs in CME while accessing a stream in sipSPIDtmfRelaySipNotifyConfigd.

Conditions: This symptom occurs in CME.

Workaround: There is no workaround.

  • CSCud01774

Symptoms: Under an extremely rare occurrence, a router can crash during “no router ospf <pid>” execution.

Conditions: This symptom is observed when there is a redistribute statement configured under the OSPF process.

Workaround: There is no workaround.

  • CSCud02361

Symptoms: Sequence number of spoofed ACK sent to the server has a 0x00 value.

Conditions: Once the max-incomplete high is reached, when the next SYN packet is sent from the client, the UUT sends a SPOOFED-ACK after getting the SYN-ACK from the server. When this ACK packet is observed at the server pagent with the packets tool, the sequence number is found to be 0x00.

Workaround: There is no workaround.

  • CSCud03016

Symptoms: The TCP HA connection gets closed with SSO disabled from standby.

Conditions: This symptom is observed when the connection is initiated from a non-HA box to an HA box.

Workaround: There is no workaround.

  • CSCud03250

Symptoms: The performance degradation was seen starting the XE37 throttle build 09/18 (BLD_V152_4_S_XE37_THROTTLE_LATEST_20120918_070025).

 

Conditions: This symptom is observed when the user tries with BLD_V152_4_S_XE37_THROTTLE_LATEST_20120917_070015 label and the performance

number is still good, but the BLD_V152_4_S_XE37_THROTTLE_LATEST_20120918_070025

label image shows much higher performance numbers in the order of 400 seconds. This issue is seen when the user also tries with BLD_V152_4_S_XE37_THROTTLE_LATEST_20120917_070015 label.

Workaround: There is no workaround.

  • CSCud03273

Symptoms: All the paths using certain next-hops under the route-map are marked inaccessible.

Conditions: This symptom occurs under the following conditions:

1. Configure peer groups.

2. Apply BGP NHT with route-map (no BGP neighbors are created or added to peer groups).

3. Configure the Prefix-list.

4. Configure the route-map.

5. Configure the BGP neighbor and add them to peer groups.

Workaround: Configure “route-map permit <seq-num> <name>” or activate at least one neighbor in “address-family ipv4”.

  • CSCud03646

Symptoms: After SSO, sometimes the repair path over the remote LFA tunnel may point to drop adjacency.

Conditions: This symptom is a race condition that appears infrequently in an older code base.

Workaround: Shut/no shut the interface to force recreating the tunnel.

  • CSCud06180

Symptoms: Periodically, the Cisco EHWIC-4G-LTE-V would stop passing traffic. The user would execute “test cellular 0/1/0 mod-power-cycle” to restore service.

Conditions: This symptom is observed during temporary network outage.

Workaround: There is no workaround.

  • CSCud06887

Symptoms: There is no sync of SADB on an active router when it reloads from the current standby router.

Conditions: This symptom occurs when the active and standby routers are up. Whenever a session is up, there is a sync of SADB from active to standby. When active reloads and is up, there is no sync of SADB from the current active router.

Workaround: Remove the isakmp-profile configuration under the crypto map.

  • CSCud08166

Symptoms: The Cisco ASR 1000 router crashes with “Exception to IOS Thread” and the following error:

“UNIX-EXT-SIGNAL: Segmentation fault(11), Process = Virtual Exec”.
 

Conditions: This symptom is observed when an ACL used with “ip pim rp-address” is moved from standard to extended and "no ip multicast-routing" is configured (either in global or in a mVRF). The standard ACL must be deleted and recreated as extended, for example:

The following series of commands are necessary to trigger the crash:

<begin-config>
!
ip multicast-routing
!
ip pim rp-address 10.200.255.42 STATIC-RP-LN-SERVER-FARMS override
!
no ip access-list standard STATIC-RP-LN-SERVER-FARMS
ip access-list extended STATIC-RP-LN-SERVER-FARMS
remark -- STATIC RP LN SERVER FARMS MCAST GROUP ACL --
permit ip 239.255.0.0 0.0.255.255 any
permit ip 224.0.0.0 15.255.255.255 any
!
!
no ip multicast-routing
<end-config>
 

Workaround: The crash can be prevented by any of the following methods:

1. Disassociate the standard ACL from “ip pim rp-address” before deleting the ACL. For example.

no ip pim rp-address 10.200.255.42 STATIC-RP-LN-SERVER-FARMS override
and then
no ip access-list standard STATIC-RP-LN-SERVER-FARMS
 

2. Do not convert a standard ACL to extended while it is still being referenced in “ip pim rp-address”. Use a new name for the new extended ACL.

3. Do not disable multicast routing using “no ip multicast-routing”.

  • CSCud17547

Symptoms: Mismatch of mplsXCLspId CLI and SNMP value is observed.

Conditions: This symptom is seen when snmp query is performed.

Workaround: There is no workaround.

  • CSCud22222

Symptoms: On a router running two ISIS levels and fast-reroute, the router may crash if “metric-style wide level-x” is configured for only one level.

Conditions: This symptom is observed if metric-style wide is configured for only one level on a router running both levels, and fast-reroute is configured.

Workaround: Configure metric-style wide for both levels (by default).

  • CSCud26189

Symptom: The map cache entries are lost after RP switchover when lisp_patr is configured.

Conditions: This symptom occurs after RP switchover.

Workaround: There is no workaround.

  • CSCud27379

Symptoms: WS-SUP720-3B running Cisco IOS Release 12.2(33)SRE4 crashes at

get_alt_mod after issuing “sh run int g4/13” with several trailing white spaces until the cursor stops moving.

Conditions: This symptom occurs when you issue the show run interface command with trailing spaces until the cursor stops moving.

Workaround: Do not specify trailing spaces at the end of the show run interface command.

  • CSCud31808

Symptoms: With the two commands configured listed under the conditions of this release note, the Cisco router might start advertising a low TCP receive window size to the TCP peer for a specific TCP transaction. The value of this receive window size becomes equal to the configured MSS value, and it will never exceed this value anymore. This might impact TCP performance.

Conditions: This symptom happens only if the following two commands are configured on the router:

ip tcp mss x

ip tcp path-mtu-discovery

Workaround: Either change the path-mtu discovery ager timeout to 0, or remove one of the two commands.

  • CSCud33159

Symptoms: Excessive loss of MPLS VPN traffic and high CPU utilization is observed due to the process switching of MPLS traffic over the ATM interface.

Conditions: This symptom occurs when MPLS is enabled on the ATM interface with aal5snap encapsulation.

Workaround: There is no workaround.

  • CSCud36113

Symptoms: Ping fails between CE routers.

Conditions: This symptom is observed when you configure MPLS VPN Inter-AS IPv4 BGP Label Distribution and flaps “mpls bgp forwarding” in the interface between ASBRs.

Workaround: Removing and adding (flapping) the static routes between ASBRs resolves the issue.

  • CSCud36723

Symptoms: RPF information for IPv6 multicast mroutes is not updated when routing changes.

Conditions: This symptom occurs when an IPv6 multicast configuration is present in the startup configuration.

Workaround: After startup, remove all IPv6 multicast configurations, if any, and then apply the configuration as needed.

  • CSCud38774

Symptoms: The router is showing CPU utilization at 99%. LDAP seems to be hogging the CPU process.

Conditions: This symptom is observed randomly when NTLM authentication is deployed. This issue is observed only when the server is not able to handle the churn of requests and requests are being stuck at Bind On-Going state, which can be verified with show ldap server server-name connections.

Workaround: Clearing LDAP server connections by executing the clear ldap server server-name command helps in resolving this issue:

  • CSCud42529

Symptoms: The router crashes when receiving IPv6 ICMP packet.

Conditions: This symptom is observed when ISM-VPN is used as a crypto engine. This does not occur when using an onboard crypto engine.

Workaround: There is no workaround.

  • CSCud53872

Symptoms: After a reload on the Cisco ASR 1000 series router, several key syslogs are sent with the incorrect source address for a few seconds. Due to the wrong source address, the syslogs are dropped at the collector end.

Conditions: This symptom is observed when the loopback interface is configured as the source address of the syslogs.

Workaround: There is no workaround.

  • CSCud64812

A vulnerability in the implementation of the virtual fragmentation reassembly (VFR) feature for IP version 6 (IPv6) in Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to hang or reload, resulting in a denial of service (DoS) condition.

The vulnerability is due to a race condition while accessing the reassembly queue for IPv6 fragments. An attacker could exploit this vulnerability by sending a crafted stream of valid IPv6 fragments. Repeated exploitation may result in a sustained DoS condition.

Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability.

This advisory is available at the following link:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-ipv6vfr

Note: The September 25, 2013, Cisco IOS Software Security Advisory bundled publication includes eight Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the September 2013 bundled publication.

Individual publication links are in “Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication” at the following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep13.html

  • CSCud65119

Symptoms: A crash may occur while using GETVPN with fragmented IPv6 traffic.

Conditions: This symptom occurs when IPv6 IPsec is used. This issue is triggered by fragmented IPv6 packets.

Workaround: There is no workaround.

  • CSCud67792

Symptoms: An invalid modem is detected.

Conditions: This symptom is observed during bootup.

Workaround: Use Cisco IOS Release 15.2T-based images.

  • CSCud74552

Symptoms: Ping on the EHWIC-1GE-SFP-CU interface fails.

Conditions: This symptom is observed when ISM-VPN is installed. However, it is not necessarily utilized for encryption/decryption.

Workaround: There is no workaround.

  • CSCud78618

Symptoms: Router crashes.

Conditions: This symptom is seen when applying IVRF configuration on IKE profile.

Workaround: There is no workaround.

  • CSCud79067

Symptoms: The BGP MIB reply to a getmany query is not lexicographically sorted.

Conditions: This symptom is observed when IPv4 and IPv6 neighbor IP addresses

are lexicographically intermingled, for example, 1.1.1.1, 0202::02, 3.3.3.3.

Workaround: There is no workaround.

  • CSCud86082

Symptoms: Abnormal CPUHUG is observed when doing “config replace”.

Conditions: This symptom is observed with “config replace” in a LISP scaling configuration.

Workaround: There is no workaround.

  • CSCud86954

Symptoms: Some flows are not added to the Flexible Netflow cache, as indicated by the “Flows not added” counter increasing in the show flow monitor statistics command output. “Debug flow monitor packets” shows “FNF_BUILD: Lost cache entry” messages, and after some time, all cache entries are lost. At that moment, debug starts showing “FLOW MON: ip input feature builder failed on interface couldn't get free cache entry”, and no new entries are created and exported (“Current entries” counter remains at 0).

The following is sample output when all cache entries are lost:

Router#sh flow monitor FNF-MON stat
Cache type: Normal
Cache size: 4096
Current entries: 0
High Watermark: 882
 
Flows added: 15969
Flows not added: 32668
Flows aged: 15969
- Active timeout ( 1800 secs) 0
- Inactive timeout ( 15 secs) 15969
- Event aged 0
- Watermark aged 0
- Emergency aged 0
 

Conditions: This symptom occurs when all of the following are true:

– Flexible Netflow is enabled on a DMVPN tunnel interface.

– Local policy-based routing is also enabled on the router.

– Local PBR references an ACL that does not exist or an ACL that matches IPsec packets.

Workaround: Make sure that the ACL used in the local PBR route-map exists and does not match IPsec packets sent over the DMVPN tunnel interface.

  • CSCud94313

Symptoms: PKI_INV_SPI messages are seen on the console.

Conditions: This symptom occurs in a FlexVPN setup where Virtual-template is configured and IPsec drops are seen.

Workaround: There is no workaround.

  • CSCue05844

Symptoms: The Cisco 3925 router running Cisco IOS Release 15.0(2)SG reloads when connecting to a call manager.

Conditions: This symptom is observed with the Cisco 3925 router running Cisco IOS Release 15.0(2)SG.

Workaround: Remove SNMP.

  • CSCue36197

Symptoms: A Cisco IOS router may crash while performing the NSF IETF helper function for a neighbor over a sham-link undergoing NSF restart.

Conditions: This symptom occurs when a router is configured as an MPLS VPN PE router with OSPF as PE-CE protocol. OSPF in VRF is configured with a sham-link and a neighbor router over a sham-link is capable of performing an NSF IETF restart on sham-links.

Note: This problem cannot be seen if both routers on sham-link ends are Cisco

IOS routers.

Workaround: Disable the IETF Helper Mode protocol by entering the following

commands:

enable
configure terminal
router ospf process-id [vrf vpn-name]
nsf ietf helper disable
end
 

Note: Disabling Helper Mode will result in an OSPF peer dropping adjacency if

the peer is reloaded.

  • CSCue46590

Symptoms: HTTP POST messages may not be fixed properly after adding scansafe headers.

Conditions: This symptom was first identified on a Cisco ISR running a Cisco IOS Release 15.2(4)M2 image. A Cisco IOS Release 15.2(4)M1 image does not show the problem.

Workaround: Whitelist the domain from being sent over to the towers.

  • CSCue76102

Symptoms: Redistributed internal IPv6 routes from v6 IGP into BGP are not learned by the BGP neighboring routers.

Conditions: This symptom occurs because of a software issue, due to which the internal IPv6 redistributed routes from IGPs into BGP are not advertised correctly to the neighboring routers, resulting in the neighbors dropping these IPv6 BGP updates in inbound update processing. The result is that the peering routers do not have any such IPv6 routes in BGP tables from their neighbors.

Workaround: There is no workaround.

  • CSCuf17023

Symptom: A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger an interface queue wedge on the affected device.

The vulnerability is due to improper parsing of UDP RSVP packets. An attacker could exploit this vulnerability by sending UDP port 1698 RSVP packets to the vulnerable device. An exploit could cause Cisco IOS Software and Cisco IOS XE Software to incorrectly process incoming packets, resulting in an interface queue wedge, which can lead to loss of connectivity, loss of routing protocol adjacency, and other denial of service (DoS) conditions.

Cisco has released free software updates that address this vulnerability.

Workarounds that mitigate this vulnerability are available.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-rsvp

  • CSCuf28733

Symptom: The Cisco IOS Software implementation of the network address translation (NAT) feature contains three vulnerabilities when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-nat

Conditions: See advisory for details

Workaround: There is no workaround.

Note: The September 25, 2013, Cisco IOS Software Security Advisory bundled publication includes eight Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the September 2013 bundled publication.

Individual publication links are in “Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication” at the following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep13.html

  • CSCug31561

A vulnerability in the DHCP implementation of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability occurs during the parsing of crafted DHCP packets. An attacker could exploit this vulnerability by sending crafted DHCP packets to an affected device that has the DHCP server or DHCP relay feature enabled. An exploit could allow the attacker to cause a reload of an affected device.

Cisco has released free software updates that address this vulnerability. There are no workarounds to this vulnerability.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-dhcp

Note: The September 25, 2013, Cisco IOS Software Security Advisory bundled publication includes eight Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the September 2013 bundled publication.

Individual publication links are in “'Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication” at the following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep13.html

Open Caveats—Cisco IOS Release 15.3(1)T

All the caveats listed in this section are open in Cisco IOS Release 15.3(1)T. This section describes only severity 1, severity 2, and select severity 3 caveats.

  • CSCtc38922

Symptoms: A router crashes when “ip inspect” is configured.

Conditions: This symptom is observed when “ip inspect” is configured.

Workaround: Disable “ip inspect”.

  • CSCtf50867

Symptoms: The router reloads at iprouting_is_hdvrf_idb.

Conditions: This symptom is observed when configuring “pri-group nfas_d” with Cisco IOS Release 15.1(01.05)T.

Workaround: There is no workaround.

  • CSCtg22670

Symptoms: Cisco 2900/3900 routers do not detect spurious memory accesses.

Conditions: This symptom occurs when a bug is present that causes a read from the lowest 16 KB of memory.

Workaround: There is no workaround.

  • CSCti87912

Symptoms: While bringing up PPP sessions, server fails to add a route to the client after the IPCP negotiation happens.

Conditions: This symptom occurs with the following two conditions:

1. “ip unnumbered ...” per user configuration that is received from radius is applied on the virtual-access interface.

2. Virtual-template that used for Virtual-access creation is configured with “ip unnumbered <>”.

Workaround: There is no workaround.

  • CSCtj56811

Symptoms: After successful authorization, traffic does not pass from the IP phone or the data device.

Conditions: This symptom is observed with the following conditions:

– host-mode multi-domain is configured.

– Software version: Cisco IOS Release 12.2(54)SG.

Workaround: There is no workaround.

  • CSCtj89743

Symptoms: The Cisco Catalyst 4000 series switches running Cisco IOS Release 12.2(54)SG experiences high CPU when issuing an unsupported command, https://ip-address, in which ip-address is accessible from this device.

Conditions: This symptom is observed with the Cisco Catalyst 4000 series switches.

Workaround: There is no workaround.

Further Problem Description: Even if SSL handshake fails, the HTTP CORE process is looping and is scheduled repeatedly.

  • CSCto03904

Symptoms: DSP is restarted when PCMU is transcoded to iLBC on DSP-SPA after “rtcp-regenerate” is enabled.

Conditions: This symptom occurs when PCMU is transcoded to iLBC on DSP-SPA after “rtcp-regenerate” is enabled.

Workaround: Do not enable “rtcp-regenerate”.

  • CSCto08904

Symptoms: RTP operations fail to run when using multiple operations.

Conditions: This symptom is observed when more than 16 RTP operations are running. Operations start failing due to scaling issues.

Workaround: There is no workaround.

  • CSCtq23960

Symptoms: A Cisco ISRG2 3900 series platform using PPC architecture crashes and generates empty crashinfo files:

show flash: all

-#- --length-- -----date/time------ path
<<snip>>
2 0 Mar 13 2011 09:40:36 crashinfo_<date>
3 0 Mar 13 2011 12:35:56 crashinfo_<date>
4 0 Mar 17 2011 16:14:04 crashinfo_<date>
5 0 Mar 21 2011 05:50:58 crashinfo_<date>
 

Conditions: This symptom is observed with a Cisco ISRG2 3900 series platform using PPC architecture.

Workaround: There is no workaround.

  • CSCtq36241

Symptoms: ISG session setup fails when per-user IPv4 ACLs are used and IPv6 routing is configured.

Conditions: This symptom is observed when both IPv6 routing and per-user IPv4 ACLs are configured.

Workaround: Remove either IPv6 routing or per-user ACLs.

PSIRT Evaluation: The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels.

If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation.

Additional information on Cisco’s security vulnerability policy can be found at the following URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

  • CSCtr19078

Symptoms: An IO memory leak in a Cisco router occurs with the following error message:

SYS-2-MALLOCFAIL: Memory allocation of x bytes failed
Pool: IO Alternate Pool: None Free: 0 Cause: No Alternate Pool
 

Conditions: This symptom is observed in a Cisco 3270 router with QoS enabled. When IPsec encryption is configured on an SVI (3270 FESMIC Port) using the QoS pre-classify option, the router’s memory is quickly exhausted. This happens because traffic routed out of this interface is encrypted but when the same traffic with pre-classify enabled is directed through the native Layer 3 port (MARC card ports), the Cisco 3270 router works fine.

Workaround: Disable QoS pre-classify using the no qos pre-classify command.

  • CSCtr39781

Symptoms: The router hangs when it crashes at bootup.

Conditions: This symptom occurs when the router crashes at bootup even before registry initialization.

Workaround: There is no workaround.

Further Problem Description: If the router comes up, this issue will not occur later.

  • CSCtr47084

Symptoms: Changing the zone from the multilink interface and replacing the entire configuration by doing a config replace flash:config-file-name crashes the router.

Conditions: This symptom is observed when traffic is running.

Workaround: There is no workaround.

  • CSCtr87413

Symptoms: Static route that is injected by “reverse-route static” in crypto map disappears when the router receives the delete notify from the remote peer. Static route also gets deleted when DPD failure occurs.

Conditions: This symptom is observed when you configure “reverse-route static” and then receive a delete notify or DPD failure.

Workaround: Use clear crypto sa.

  • CSCts11166

Symptoms: A router crashes at cce_dp_ipc_save_feature_objects.

Conditions: This symptom occurs on a Cisco 2951 router running Cisco IOS Release 15.1(2)T1 and Cisco IOS Release 15.1(4)M1.

Workaround: There is no workaround as the trigger of the issue is unknown.

  • CSCts48300

Symptoms: Interface queue wedge may occur when malformed traffic is received on port UDP 465. A maximum of 50 packets will become wedged.

Conditions: This symptom occurs when some malformed traffic exists.

Workaround: There is no know workaround.

PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4.3/3.6: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C

CVE ID CVE-2011-4015 has been assigned to document this issue. Additional information on Cisco’s security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

  • CSCts53278

Symptoms: Garbled voice quality with occasional periods of silence followed by a loud pop when analog STE is in secure mode with LOW line quality setting.

Conditions: This symptom is observed with a VG224 or Cisco 2811 that is running Cisco IOS Release 15.1(4)M and connected to analog STEs with LOW line quality setting.

Workaround: Use Cisco IOS Release 12.4(15)T14 where voice quality is still a bit garbled but there are no periods of silence or loud pops.

  • CSCts86510

Symptoms: Unable to build dIOU images.

Conditions: This symptom is observed while compiling unused dIOU images.

Workaround: There is no workaround.

  • CSCtt29566

Symptoms: A router running TWAMP crashes with memory corruption. This may involve a bad block pointer.

Conditions: This symptom occurs when TWAMP is configured.

Workaround: There is no workaround.

  • CSCtu01606

Symptoms: HWIC-2SHDSL shows no data when the controller and ATM interface are up on Alcatel and Huawei.

Conditions: This symptom is observed with HWIC-2SHDSL when the controller and ATM interface are up on Alcatel and Huawei.

Workaround: Reload the router.

  • CSCtu02543

Symptoms: The assigned address for an EzVPN client is not freed up after a disconnect.

Conditions: This symptom is observed if there is another L2L tunnel terminating on the same interface of the EzVPN server.

Workaround: There is no workaround.

  • CSCtu08717

Symptoms: A Cisco router experiences a watchdog timeout while executing tw_timer_replenish.

Conditions: This symptom is observed on the Cisco router if the IP SLA and Performance Agent features are configured on it. This timeout may also be observed if traffic is sent for a long time through a router configured with these features.

Workaround: There is no workaround.

  • CSCtu21636

Symptoms: Sometimes calls are dropped if there are active calls on the DSP. The following errors are displayed in the logs:

Power alarm on DSP channel ch=1 is ON
0001 0001 **
 
Power alarm on DSP channel ch=1 is OFF
0001 0000 **
 
Power alarm on DSP channel ch=1 is ON
0001 0001 **
 
Power alarm on DSP channel ch=1 is OFF
0001 0000 **
 

Conditions: This symptom is observed with all conditions.

Workaround: There is no workaround.

  • CSCtw78539

Symptoms: A Cisco 2901 router running Cisco IOS Release 15.2(2)T may lose dynamic routing over a Gigabit Ethernet interface.

Conditions: This symptom is observed with Cisco IOS Release 15.2(2)T and Cisco IOS Release 15.2(1)T1. This issue is not seen with Cisco IOS Release 15.1(4)M2 or Cisco IOS Release 15.0(1)M3.

The log may display the following:

%ALIGN-3-SPURIOUS: Spurious memory access made at <snip>
reading 0x0
%ALIGN-3-TRACE: -Traceback= <snip>
%BGP-3-NOTIFICATION: received from neighbor <snip> (hold
time expired) 0 bytes
%BGP-5-ADJCHANGE: neighbor 192.168.1.1 Down BGP Notification received
%BGP_SESSION-5-ADJCHANGE: neighbor<snip> IPv4 Unicast topology
base removed from session BGP Notification received
 

Inspection of the interface where this routing peer was established may show a lot of input/output queue drops.

Total output drops: 25185

Output queue: 331/1000/25184 (size/max total/drops)

Workaround: Reload the router or shut/no shut the interface.

  • CSCtw89123

Symptoms: A router may crash after configuring “ppp fragment delay”.

Conditions: This symptom is observed when “ppp fragment delay” + policy-map is configured on a multilink interface and traffic crosses the device.

Workaround: Increase “ppp multilink fragment delay” under the multilink interface and the crash will not be seen.

  • CSCtx23421

Symptoms: Leaks are seen at crypto_ceal_duplicate_pak and pak_subblock_allocate.

Conditions: This symptom is observed when the DMVPN spoke has an IPSLA configuration and link flapping is done.

Workaround: There is no workaround.

  • CSCtx37569

Symptoms: A BLF button (with a ephone-dn) that has been configured for park-slot turns red when a call is parked. But, sometimes, after the call has been retrieved, the button stays red and remains red until the phone restarts.

Conditions: This symptom is observed with a BLF button (with a ephone-dn) that has been configured for park-slot.

Workaround: Restart the phone to clear the BLF button.

  • CSCtx52157

Symptoms: SM-ES3G-24-P module installed in a Cisco 3925E chassis shows the status as failed.

Conditions: This symptom is observed with an SM-ES3G-24-P module installed in a Cisco 3925E chassis.

Workaround: Reload the SM-ES3G-24-P switch module.

  • CSCtx56183

Symptoms: The router crashes due to a block overrun:

%SYS-3-OVERRUN: Block overrun at 49156754 (red zone 66616365)
-Traceback= 42806C04z 42809B20z 42809D14z 427AD988z 427AD96Cz
.
.
%SYS-6-BLKINFO: Corrupted redzone blk 49156754....
.
%SYS-6-MEMDUMP: 0x49156754: 0xAB1234CD 0x12A0000 0x12C 0x44395148
%SYS-6-MEMDUMP: 0x49156764: 0x419B243C 0x49157154 0x49156658 0x800004E8
%SYS-6-MEMDUMP: 0x49156774: 0x1 0x0 0x1000133 0x47D7699C
 

Conditions: This symptom occurs when Websense URL filtering is enabled and long URLs have been accessed.

Workaround 1: Disable URL filtering.

Workaround 2: Do not invoke long URLs.

  • CSCtx65384

Symptoms: The L2TPv3 session is not reestablished when a pseudowire is configured with the loopback address and the loopback interface is deleted and readded.

Conditions: This symptom occurs when the local interface used is a loopback interface and the loopback is removed and re-added. This issue was seen with a Cisco 2800 router loaded with Cisco IOS interim Release 15.2(1)T1.11.

Workaround: Remove and readd the pseudowire-class after adding the loopback interface.

  • CSCty09784

Symptoms: The SS7 link does not come up.

Conditions: This symptom is observed with the fix of DDTS CSCta18342.

Workaround: Use the version of Cisco IOS that has the issue of “D channel is not recovering after IP flapping IUA”.

  • CSCty82414

Symptoms: A crash is seen.

Conditions: This symptom is observed when all of ZBFW, SGFW, IPS and Scansafe are configured on the router and traffic as in the traffic profile is sent (http- [tcp], dhcp -[udp] traffic).

Workaround: Unconfigure IPS.

  • CSCtz28855

Symptoms: The router may crash after printing several error messages:

%SYS-2-NOTQ: unqueue didn't find 87FFED94 in queue 865335D8 -Process= "IP
Input", ipl= 0, pid= 113
%SYS-3-MGDTIMER: Uninitialized timer, timer stop, timer = 87FFEDCC. -Process=
"IP Input", ipl= 0, pid= 113
 

Conditions: This symptom is observed with Cisco IOS Release 15.2(2)T1 with Trend URL Filtering configured.

Workaround: There is no workaround.

  • CSCtz54775

Symptoms: Traffic sourced from a 2901 through an EHWIC-4ESG module resumes forwarding within a maximum of 5 minutes (ARP expiry) instead of 30 seconds (STP convergence time).

Conditions: This symptom is observed after an STP failover.

Workaround: Clear the ARP table of the affected interface (after the VLAN is in a forwarding state).

  • CSCtz57013

Symptoms: The Cisco UC540 crashes randomly every few weeks.

Conditions: This symptom is observed with Cisco IOS Release 15.1(2)T2 and Cisco IOS Release 15.1(2)T4.

Workaround: There is no workaround.

  • CSCtz57617

Symptoms: The following logs are reported on the Cisco 1803 router randomly:

Apr 7 19:01:48: %C1800-3-SPIACQUIREFAIL: Failed to acquire SPI due
to internal error, spi_running 1 spi_locked 1
Apr 7 19:01:48: -Traceback= 80D928A0z 8002215Cz 8002D18Cz 8031A100z
8031D36Cz 8031D76Cz 8031E080z 8031F910z 8031C08Cz 8031C770z 8031A09Cz
80121DACz 8001B210z 8001B210z 80121E68z 80122590z
Apr 7 19:01:48: ASSERTION FAILED: file
 

Conditions: This symptom occurs on the Cisco 1803 router.

Workaround: There is no workaround.

  • CSCtz84873

Symptoms: A crash is observed due to stack overflow:

%SYS-6-STACKLOW: Stack for process CCSIP_SPI_CONTROL running low, 0/60000
 

Conditions: This symptom is observd on a SIP gateway. The conditions are still being investigated.

Workaround: There is no workaround.

  • CSCua12317

Symptoms: The Cisco 3900 router resets when configuring Object Group/ACL when there is traffic on the interface where an ACL match is needed.

Conditions: This symptom is observed with the following conditions:

1. The ACL definition should have service OG ACE.

2. Reconfigure the service OG ACE or delete it.

3. Traffic should be passing on the interface where the OG is applied when the above operation is performed.

Workaround:

1. Configure a new ACL with the changes needed and apply it to the interface of interest, instead of modifying the already applied one. This is recommended when a configuration change is needed.

2. Remove ACL checks on the interface when changing the configuration (“no ip access-group..”).

  • CSCua26981

Symptoms: A Cisco ASR router may crash due to a CPU Watchdog upon invocation of “show ip eigrp neighbor detail”.

sh ip eigrp nei detail
<snip>
ASR1000-WATCHDOG: Process = Exec
%SCHED-0-WATCHDOG: Scheduler running for a long time, more than the maximum
configured (120) secs.
-Traceback= ...
========= Start of Crashinfo Collection (09:21:44 EST Wed May 9 2012) ==========
 

Conditions: This symptom occurs when the Cisco ASR router is experiencing rapid changes in EIGRP neighborship, such as during a flap. One way to artificially create this scenario is to mismatch the interface MTU.

Workaround: There is no workaround.

  • CSCua28693

Symptoms: One-way audio is experienced. The gateway is streaming G.729 instead of G.711 which was negotiated through SIP signaling.

Conditions: This symptom is observed with a Cisco 2821 and Cisco IOS Release 15.1(4)M1.

Workaround: Use G.729 instead of G.711.

  • CSCua49735

Symptoms: The WAAS-Express router crashes in HTTP-Express Accelerator.

Conditions: This symptom occurs when HTTP-Express Accelerator is enabled and HTTP traffic is going through the WAAS-Express router.

Workaround: Disable HTTP-Express Accelerator.

  • CSCua50697

Symptoms: After unplugging and reconnecting a T1 cable, the T1 controller remains down or report continuous errors. After a router reload, the T1 controller remains up until the cable is disconnected again.

Conditions: This symptom affects only the following cards: HWIC-xCE1T1-PRI, NM-8CE1T1-PRI, VWIC3-xMFT-T1/E1, and GRWIC-xCE1T1-PRI.

Also, the T1 signal must be somewhat out-of-specification according to T1.403 standards.

Workaround 1: Reload the router with the T1 cable plugged in.

Workaround 2:

1. Upgrade to a fixed-in Cisco IOS version.

2. Issue the following commands (hidden, so tab complete will not work):

 

enable
config t
controller <t1/e1> <slot/subslot/port> ! ( example: controller t1 0/0/0 )
hwic_t1e1 equalize
 

3) Shut/no shut the T1 controller, or reload the router to allow the CLI to take effect.

  • CSCua61330

Symptoms: Traffic loss is observed during switchover if,

1. BGP graceful restart is enabled.

2. The next-hop is learned by BGP.

Conditions: This symptom occurs on a Cisco router running Cisco IOS XE Release 3.5S.

Workaround: There is no workaround.

  • CSCua68587

Symptoms: cvCallVolConnActiveConnection.sip MIB count does not match what is seen on the CLI.

Conditions: This symptom is observed with the Cisco ASR 1006 running Cisco IOS XE Release 3.6.0S or Cisco IOS Release 15.2(2)S with the asr1000rp2-adventerprisek9.03.06.00.S.152-2.S image.

Workaround: There is no workaround.

  • CSCua73191

Symptoms: Anyconnect fails to work with IOS SSL VPN and reports the following message:

The AnyConnect package on the secure gateway could not be located. You
may be experiencing connectivity issues. Please try connecting again
 

Conditions: The issue was seen after upgrading to Cisco IOS Release 15.2(3)T.

Workaround: Connecting via the portal might help.

  • CSCua75069

Symptoms: BGP sometimes fails to send an update or a withdraw to an iBGP peer (missing update)

Conditions: This symptom is observed only when all of the following conditions are met:

1. BGP advertise-best-external is configured, or diverse-path is configured for at least one neighbor.

2. The router has one more BGP peers.

3. The router receives an update from a peer, which changes an attribute on the backup path/repair path in a way which does not cause that path to become the best path.

4. The best path for the net in step #3 does not get updated.

5. At least one of the following occurs:

– A subsequent configuration change would cause the net to be advertised or withdrawn.

– Dampening would cause the net to be withdrawn.

– SOO policy would cause the net to be withdrawn.

– Split Horizon or Loop Detection would cause the net to be withdrawn.

– IPv4 AF-based filtering would cause the net to be withdrawn.

– ORF-based filtering would cause the net to be withdrawn.

– The net would be withdrawn because it is no longer in the RIB.

The following Cisco IOS releases are known to be impacted if they do not include this fix:

– Cisco IOS Release 15.2T and later releases

– Cisco IOS Release 15.1S and later releases

– Cisco IOS Release 15.2M and later releases

– Cisco IOS Release 15.0EX and later releases

Older releases on these trains are not impacted.

Workaround: If this issue is triggered by a configuration change, you can subsequently issue the clear ip bgp neighbor soft out command.

  • CSCua76157

Symptoms: BGP routes are displayed.

Conditions: This symptom occurs after removing the “send-label” from PE.

Workaround: There is no workaround.

  • CSCua92741

Symptoms: Remote neighbors are denied by the allow-list to come up.

Conditions: This symptom occurs when the remote neighbor is configured with a /32 IP address.

Workaround: There is no workaround.

  • CSCub10239

Symptoms: ATM PVC on the Cisco 887M router does not restore itself, if the interface is bounced.

Conditions: This symptom is observed with Cisco IOS versions apart from Cisco IOS Release 15.0(1)M.

Workaround: Reboot the router.

  • CSCub18622

Symptoms: Dynamic ACL does not get applied to the interface ACL, but the user shows up in the show ip auth-proxy cache command output.

Conditions: This symptom occurs when auth proxy is configured on a tunnel interface.

Workaround: Move the auth-proxy rules onto a physical interface.

  • CSCub18682

Symptoms: The phone number is missing in the Sent INVITE from CUBE when testing OutBound Dial-Peer Matching using the phone number and context under destination-uri.

Conditions: This symptom occurs when running Cisco IOS Release 15.2(2)T1.12.

Workaround: There is no workaround.

  • CSCub19185

Symptoms: Path confirmation fails for a SIP-SIP call with IPV6 enabled.

Conditions: This symptom occurs when UUTs are running Cisco IOS Release 15.2(2)T1.5.

Workaround: There is no workaround.

  • CSCub21128

Symptoms: The “cns id udi”-related configuration does not get loaded into running-configuration on the Cisco 1900 router.

Conditions: This symptom is observed when the UDI on the Cisco 1900 router is unavailable during the device startup time.

Workaround: Reconfigure “cns id udi” later.

  • CSCub33087

Symptoms: The router crashes at QOS on the ATM subinterface.

Conditions: This symptom occurs during normal operations at the customer site.

Workaround: There is no workaround.

  • CSCub33602

Symptoms: IGMP query with source IP address 0.0.0.0 triggers a querier election process. As a consequence, port on which this packet is received is marked as mrouter port for that VLAN.

Router#show ip igmp int vlan 1
Vlan1 is up, line protocol is up
Internet address is 1.1.1.1/24
IGMP querying router is 0.0.0.0 <----
 
Router#sh ip igmp snooping mrouter
vlan ports
-----+----------------------------------------
1 Po1,Po8,Router<-----
 

Conditions: This symptom is observed when IGMP query with source IP address 0.0.0.0 is received.

Workaround: Configure an ACL to block packets with source IP address 0.0.0.0 and apply it to relevant interfaces.

access-list 100 deny ip host 0.0.0.0 any
access-list 100 permit ip any any
int vlan 1
ip access-group 100 in
 

Further Problem Description: Per RFC 4541, IGMP query with source IP address 0.0.0.0 is used in special cases. When such query is received by a router, it should not be used in the querier election process.

  • CSCub34396

Symptoms: Because of the fix for CSCtw52819, non-NHRP process switched packets are noticed to go as clear text.

Conditions: This symptom is observed with a DMVPN configuration.

Workaround: There is no workaround.

  • CSCub34534

Symptoms: A basic call between 2 SIP phones over SIP trunk (KPML-enabled) fails.

Conditions: This symptom is observed with Cisco ISR G2 platforms.

Workaround: There is no workaround.

  • CSCub36684

Symptoms: Slow memory leak is observed.

Conditions: This symptom occurs due to the SNMP engine.

Workaround: There is no workaround.

  • CSCub45054

Symptoms: OQD drop counters increment on the mGRE tunnel even though there are no drops.

Conditions: This symptom is observed with an mGRE tunnel when multicast traffic is sent over the tunnel. This issue is seen when EIGRP or OSPF is configured on the tunnel.

Workaround: There is no workaround.

  • CSCub45632

Symptoms: Ping failure occurs after modem-reset and sweep-ping is not intermittent.

Conditions: This symptom occurs after loading the router with the Cisco IOS Release 15.2(4)M1 image.

Workaround: There is no workaround.

  • CSCub52825

Symptoms: The negotiated global IPv6 remains intact on the Dialer interface.

Conditions: This symptom is observed when the physical interface goes down.

Workaround: Remove the global IPv6 address manually from the Dialer interface.

  • CSCub53380

Symptoms: Legitimate PPP frames are dropped on an async interface, incrementing both “runts” and “unknown protocol drops” in the <CmdBold>show interfaces<noCmdBold> command.

Conditions: This issue is observed with Cisco ISR G1/G2 platforms running Cisco IOS Release 15.x with the following modules.

– HWIC-4A/S

– HWIC-8A/S-232

– HWIC-8A

– HWIC-16A

Workaround: There is no workaround.

  • CSCub55303

Symptoms: HWIC-4ESW stops passing the traffic after 5-6 days of operation on Cisco 2911/K9 running Cisco IOS Release 15.2(3)T1.

Conditions: This symptom is observed with Cisco 2911/K9 running Cisco IOS Release 15.2(3)T1.

Workaround: Shut/no shut on the HWIC interface restores connectivity.

  • CSCub56064

Symptoms: Ping fails after doing EZVPN client connect if CEF is enabled.

Conditions: This symptom is observed with the Cisco IOS Release 15.3(0.8)T image. This issue is seen only for a specific topology, where the in/out interface is the same.

Workaround: There is no workaround.

  • CSCub56842

Symptoms: The router stops passing IPsec traffic after some time.

Conditions: This symptom is observed when the show crypto eli command output shows that during every IPsec P2 rekey, the active IPsec-Session count increases, which does not correlate to the max IPsec counters displayed in SW.

Workaround: Reload the router before active sessions reach the max value.

To verify, do as follows:

router#sh cry eli
 
CryptoEngine Onboard VPN details: state = Active
Capability : IPPCP, DES, 3DES, AES, GCM, GMAC, IPv6, GDOI, FAILCLOSE, HA
 
IPSec-Session : 7855 active, 8000 max, 0 failed <<<
 
  • CSCub58146

Symptoms: There is an inconsistency in how NM-16ESW@C2821 handles unregistered multicast groups with IGMP Snooping. It is expected with Cisco IOS is that those groups will be flooded. However, what is observed is that in some VLANs, unregistered groups are flooded and in other VLANs, they are not. Behavior also changes between node reloads and VLAN delete and add (stops flooding). RFC4541 also explicitly requires configuration knob per-interface to enable flooding. On other platforms, this is done by using the switchport block multicast command. Cisco C2821 lacks this functionality. An unregistered packet is defined as an IPv4 multicast packet with a destination address that does not match any of the groups announced in earlier IGMP Membership Reports. If a switch receives an unregistered packet, it must forward that packet on all ports to which an IGMP router is attached. A switch may default to forwarding unregistered packets on all ports. Switches that do not forward unregistered packets to all ports must include a configuration option to force the flooding of unregistered packets on specified ports.

Conditions: This symptom is observed with the following conditions:

– The L2 access port located at NM-16ESW is receiving IPv4 multicast traffic.

– Cisco IOS Release 12.4(25a), Cisco IOS Release 15.1(4)M4, and Cisco IOS Release 15.0(1)M8.

Workaround: There is no workaround.

  • CSCub61009

Symptoms: Spurious errors are observed on the Cisco AS5400.

Conditions: This symptom is observed on the Cisco AS5400 .

Workaround: There is no workaround.

PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.8/6.5: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:S/C:N/I:N/A:C/E:F/RL:U/RC:C

CVE ID CVE-2012-5422 has been assigned to document this issue. Additional information on Cisco’s security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

  • CSCub61795

Symptoms: The log fills with SYS-2-BADSHARE messages, leading to a crash.

%SYS-2-BADSHARE: Bad refcount in retparticle, ptr=69AD4440, count=0
-Traceback= 601E887Cz 601E50B4z 601E56C0z 602D24CCz 60F38F04z 6065B628z
Invalid magic number in receive buffer (0x0)
 

Conditions: This symptom occurs with a large amount of traffic passing through an ATM interface. This issue might be specific to an ATM interface using the CX27470 ATMOC3 driver as seen in the show interface command output. The ATM module that the issue was originally seen on was a NM-1A-OC3-POM. QOS might be needed to trigger the issue.

Workaround: A possible but unconfirmed workaround is to disable QOS on the interface.

  • CSCub65620

Symptoms: Packets being replicated to snoop is taking more time. The calls are also getting successes.

Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 15.3(01.02)T with the Linux server.

Workaround: There is no workaround.

  • CSCub65760

Symptoms: MSP is failing to populate the show profile flow command on the Cisco ISR G2 for a SIP call made from a connected video endpoint.

Conditions: This symptom is observed when the connected endpoint is registered to the call manager and makes a SIP call to another video endpoint. The SIP OK message returning from the call manager is segmented.

Workaround: There is no workaround.

  • CSCub66367

Symptoms: When using HWIC-2SHDSL with “ppp mulitlink fragment” configured, there is some packet loss when pings are sourced from a PC. But, when pings are sourced from the router, there is no ping loss. When “ppp mulitlink fragment” is not configured, no ping loss is experienced even when pinging from the PC.

Conditions: This symptom occurs when “ppp mulitlink fragment” is configured.

Workaround: There is no workaround.

  • CSCub69270

Symptoms: Latency is observed in VPN traffic. Packet drops may also be seen.

Conditions: This symptom occurs when the ISM VPN module is enabled.

Workaround: Disable the ISM module.

  • CSCub69976

Symptoms: Cisco 1941 in a DMVPN setup crashes with Cisco IOS Release 15.2(2)T2. The Cisco 2911 router and the Cisco 3945 router crash in a FlexVPN setup running Cisco IOS Release 15.3(00.14)T

Conditions: This symptom occurs in a DMVPN setup and in the FlexVPN setup.

Workaround: Disable the ISM module and switch to the onboard crypto engine using “no crypto engine slot 0”.

  • CSCub74272

Symptoms: Intermittently during Phase II rekey, after new SPIs are negotiated and inserted into SPD, old SPIs are removed and then the VTI tunnel line protocol goes down.

Conditions: This symptom is observed with Cisco IOS Release 15.2(3)T, with VTI over GRE.

Workaround: There is no workaround.

  • CSCub74692

Symptoms: Path confirmation fails while making H.323 calls in IEC_FORCED_DISENGAGE,IEC_GK_SHUTDOWN and Long call detection scenarios.

Conditions: This symptom is observed while making H.323 calls in IEC_FORCED_DISENGAGE,IEC_GK_SHUTDOWN and Long call detection scenarios.

Workaround: Disable CEF using the no ip cef command in the GW configuration.

  • CSCub79318

Symptoms: Codec changes spontaneously during midsession without a RE-INVITE.

Conditions: This symptom occurs with the following conditions:

– Fax passthrough is configured.

– Codec negotiated is G711alaw, and changes to G729.

Workaround: There is no workaround.

  • CSCub80386

Symptoms: The following interface configuration should be used:

interface Ethernet2/1
description lanethernet1
ipv6 enable
ospfv3 100 network manet
ospfv3 100 ipv6 area 0
 

Dead interval is calculated according to network type; in this case, it is 120s. Issue the no ospfv3 dead-interval command on dead interval. Dead interval is set to the default of 40s instead of 120s, which is correct for manet or P2MP interface types.

Conditions: This symptom is an OSPFv3-specific issue (see the configuration example).

Workaround: Configure dead interval explicitly or reapply the network command.

  • CSCub80654

Symptoms: Randomly, there is no audio if a call comes from the following call flow using G729:

IP Phone -- CUCM -- ICT GK Controlled -- GK -- CME 9.1 -- Phone A and B
 

If one of the phones in CME tries to GPickup the call randomly, it will have no audio. When this happens, if you check the codec directly in the phone, it is G711. However, when it works, it is G729. Everything is configured for G729. Even if you hardcode the phone in CME to use G729, this issue will occur. This issue does not occur in CME 7.1.

Conditions: This symptom occurs if a call comes from GK as G729 and CME 9.1 is being used.

Workaround: Use CME 7.1 or enable fast start in CUCM Trunk by enabling the following check boxes:

– Media Termination Point Required

– Enable Outbound FastStart

– Codec For Outbound FastStart ? G729

Also, configure Cisco IOS MTP to use G729.

  • CSCub80710

Symptoms: SSL handshake between Cisco VCS and the Cisco ASR fails if the Cisco ASR is running Cisco IOS XE Release 3.7S.

Conditions: This symptom occurs in a working setup, if the Cisco ASR is upgraded to Cisco IOS XE Release 3.7S, then SSL handshake and subsequently SIP-TLS calls start to fail. If in the same setup, the Cisco ASR is downgraded back to Cisco IOS XE Release 3.5S or Cisco IOS XE Release 3.4.4S, then the calls work (without requiring any additional changes).

Workaround: There is no workaround.

  • CSCub82495

Symptoms: Channel-group goes down with the HWIC-xCE1T1-PRI controller after reloading the router.

Conditions: This symptom occurs when channel-group goes down after reload.

Workaround: There is no workaround.

  • CSCub83371

Symptoms: Performance degradation with high CPU is seen on CUBE for SIP-SIP flow-through calls.

Conditions: This symptom is observed with Cisco IOS Release 15.2(1)T2.13.

Workaround: There is no workaround.

  • CSCub85451

Symptoms: When Scansafe is enabled on the interface, latency may be seen. Some pages may not load at all or show severe latency if the SYN request sent by the Cisco ISR does not receive an appropriate SYN ACK response from the Scansafe Tower.

Conditions: This symptom occurs when Scansafeis enabled on the interface. In this case, there was an ASA in the path that was doing sequence number randomization.

Workaround: Disable sequence number randomization on the firewall in the path before the Cisco ISR.

PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4.3/4.1: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:N/C:N/I:N/A:P/E:F/RL:U/RC:C

CVE ID CVE-2012-4651 has been assigned to document this issue. Additional information on Cisco’s security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

  • CSCub86011

Symptoms: The embedded event manager (EEM) is not available on the Cisco VG202/204.

Conditions: This symptom is observed with Cisco IOS Release 15.1(3)T or later releases.

Workaround: There is no workaround.

  • CSCub86574

Symptoms: The router crashes if PfR and EIGRP are configured on the router.

Conditions: This symptom is observed with four exit interfaces, that is, two per BR.

Workaround: There is no workaround.

  • CSCub89144

Symptoms: The VTI tunnel is always in up/up state.

Conditions: This symptom is observed when HSRP failover is configured on the HSRP standby router only. This issue was first seen on the Cisco ASR router, but it is platform-independent and is seen on the latest Cisco IOS Release 15M&T and later releases as well.

Workaround: Use GRE or routing protocols for redundancy.

  • CSCub90414

Symptoms: The device crashes when a block of memory is freed, even though it was not in use.

Conditions: This symptom occurs when “crypto pki trustpoint” is configured.

Workaround: Remove the auto-enroll command to prevent any other reloads due to this bug. The ultimate resolution is to upgrade Cisco IOS to a release that contains the fix for this bug.

  • CSCub95261

Symptoms: The device crashes due to a bad reference count.

%SYS-2-CHUNKBADREFCOUNT: Bad chunk reference count, chunk 40A82BB4 data
313E2F40 refcount FFFFFFFF alloc pc
2341E7F4. -Process= "CSDB Timer process", ipl= 3, pid= 274
-Traceback= <HEX TRACEBACK HERE>
chunk_diagnose, code = 3
chunk name is CSDB l4 structu
 
current chunk header = 0x313E2F30
data check, ptr = 0x313E2F40
 
next chunk header = 0x313E2F90
data check, ptr = 0x313E2FA0
 
previous chunk header = 0x313E2ED0
data check, ptr = 0x313E2EE0
 

Conditions: This symptom is still being investigated. The exact conditions are unknown. However, this issue is known to occur when IPS is enabled.

Workaround: There is no workaround.

  • CSCub96176

Symptoms: The router crashes when the DNS server is turned on.

Conditions: This symptom is observed with Cisco IOS Release 15.1(4)M1.

Workaround: There is no workaround.

  • CSCub98623

Symptoms: The show int command output displays the input queue size as bigger the 0, and never goes down. Shut/no shut does not help as well.

Conditions: This symptom is observed with the following conditions:

– A Cisco IOS router actions as XOT.

– The XOT Server becomes not reachable for sometime while the x25 client is attempting to send traffic.

– Cisco IOS Release 12.4(24)T7, Cisco IOS Release 15.1M, or later releases.

Workaround: Increase the input hold queue size from default 75 to max. Monitor it periodically manually or by script and perform a planed reload when the queue size is close to max.

  • CSCuc02262

Symptoms: A crash is seen at tcp_prepare_for_retransmit with the combination of IPv6 and IPv4 traffic.

Conditions: This symptom is observed in a DMVPN setup with the Cisco 2921 acting as the spoke and the Cisco 3945e as the hub. After passing HTTP traffic using IPv4 as well as IPv6, a crash is seen on the spoke.

Workaround: There is no workaround.

  • CSCuc07669

Symptoms: CPU utilization is more under DoS attack using L2TPv3 packets in Cisco IOS Release 15.0M.

Conditions: This symptom is observed with Cisco IOS Release 15.0M only with DoS attacks triggered with L2TPv3 packets.

Workaround: There is no workaround.

  • CSCuc07984

Symptoms: The Cisco 819 router serial interface does not interoperate with modems such as Adtran, Aethra,and Pardayn.

Conditions: This symptom occurs on the serial interface on the Cisco 819 series router while connecting to some specific types of modems.

Workaround: There is no workaround.

  • CSCuc09559

Symptoms: A crash is seen on a Cisco 3900e router running Cisco IOS Release 15.2(2)T when adding a new crypto peer. The device crashes when making configuration changes to add the peer.

The crash is of the following type:

SYS-2-CHUNKBADFREEMAGIC Bad free magic number in chunk header
In the
"SADB Peering Ch" chunk
 

Conditions: This symptom occurs when making configuration changes to add the crypto peer.

Workaround: There is no workaround.

  • CSCuc10588

Symptoms: The router crashes.

Conditions: This symptom occurs when the normalizer engine is running with the traffic being sent.

Workaround: There is no workaround.

  • CSCuc12365

Symptoms: With the ISM module enabled, the tunnel comes up but the OSPF adjacency does not come up, hence no traffic passes. The tunnel shows up without passing traffic for approximately 20 minutes, and after that, the outside interface becomes unresponsive and the SAs go down. Reboot is the only way to bring it back up. A traceback may also be seen.

Conditions: This symptom occurs when the ISM module is being used on Cisco IOS Release 15.2(3)T1 or later releases.

Workaround: Disable the ISM module.

  • CSCuc12685

Symptoms: A router has an unexpected reload in SIP code.

Conditions: This symptom is observed with Cisco IOS Release 15.1(4)M4.

Workaround: There is no workaround.

  • CSCuc14088

Symptoms: The default class is not being exported with the class option template.

Conditions: This symptom occurs when class-default is not exported when typing the option c3pl-class-table under the flow exporter.

Workaround: There is no workaround.

  • CSCuc14674

Symptoms: In a GetVPN configuration, when utilizing the ISM VPN module, traffic does not pass even though IPsec SAs are up when CEF is enabled, and “ip traffic-export” is configured in the crypto map interface.

Conditions: This symptom is observed with Cisco IOS Release 15.2(3)T1 or later releases, and when CEF is enabled. This issue is seen when “ip traffic-export” is configured in the crypto map interface, and ISM is the crypto engine.

Workaround 1: Disable CEF.

Workaround 2: Do not configure “ip traffic-export” in the crypto map interface.

Workaround 3: Disable ISM using “no cry engine slot 0”. Then, the onboard engine will be used.

  • CSCuc16172

Symptoms: When the reset button is pushed on a Cisco C881W-A-K9 router, the start-up configuration is automatically backed up as “startup.backup.xxx” and stored in the flash.

Conditions: This symptom occurs when a xxx.cfg file is present on the flash and the push button is pressed. The Cisco C881W-A-K9 Router boots up with the xxx.cfg file present on the flash, but also backs up the start-up configuration as “startup.backup.xxx” and stores it on the flash.

Workaround: There is no workaround.

  • CSCuc18606

Symptoms: After BGP flap or device reload, the following error is displayed in the log:

BGP-3-DELROUTE Unable to remove route for [XYZ] from radix trie
 

There is also a reachability issue.

Conditions: This symptom is observed during BGP flap, router reload, and when changing the NET statement under the ISIS process.

Workaround: Reconfiguring NET under ISIS or reloading the device may help to resolve the issue.

  • CSCuc19520

Symptoms: The Cisco ISR by default allocates the first available free port in case of port collision. Due to this, there are chances of frequent reuse of the same ports that can potentially lead to some issues.

Conditions: This symptom occurs when Cisco ISR by default allocates the first available free port in case of port collision.

Workaround: This bug is not a functionality impacting bug. However, having this fix will reduce other complications.

  • CSCuc19800

Symptoms: The router crashes.

Conditions: This symptom occurs when the no switchport command is issued under the UCSE x/1 interface.

Workaround: There is no workaround.

  • CSCuc21859

Symptoms: Memory leak is seen at ssf_owner_get_feature_sb.

Conditions: This symptom occurs when the discriminator configuration is with logging, as given in the below examples:

logging discriminator <NAME>
logging host x.x.x.x discriminator DEBUG
logging discriminator SysLog mnemonics drops NAME
 

Workaround: Remove the discriminator configuration from the logging configuration.

  • CSCuc23863

Symptoms: Traffic is dropped over the tunnel when it hits multiple zone Cisco IOS FW.

Conditions: This symptom is observed with the following conditions:

1. ZBFW with three or more zones.

2. Self-zones defined.

3. DVTI configured.

4. Hairpins traffic.

Workaround:

1. Configure only two zones.

2. Disable self-zones.

3. Disable CEF.

4. Allow the same traffic in the outside-to-inside policy to whatever is allowed in inside-to-outside.

  • CSCuc24189

Symptoms: A Cisco NHRP router may unexpectedly reload at function rn_match.

Conditions: This symptom occurs when the router is running NHRP and the NHRP SNMP MIB is enabled.

Workaround: A possible workaround is to disable the NHRP SNMP MIB. Save the configuration and reload the router. This needs to be confirmed with development after the bug is fixed.

  • CSCuc25634

Symptoms: WAAS-optimized traffic gets dropped by ZBFW HA.

Conditions: This symptom occurs when ZBFW HA and SRE-WAAS are configured.

Workaround: There is no workaround.

  • CSCuc26021

Symptoms: The crypto IKEv2 session is shown as active when the VA interface goes down for a spoke-to-spoke FlexVPN.

Conditions: This symptom occurs when the traffic is running and when crypto engine is switched from onboard crypto to software crypto.

Workaround: There is no workaround.

  • CSCuc30438

Symptoms: Capturing the passwords in plain text is possible via the EEM CLI ED option.

Conditions: This symptom occurs when an applet is written to capture the CLIs(_cli_msg) and redirect it to a file.

Workaround: There is no workaround.

  • CSCuc30630

Symptoms: An update to the Cisco IOS-IPS signature package may cause the router to crash in some very rare scenarios, when signature scanning and signature build happens simultaneously.

Conditions: This symptom occurs on a Cisco 2911 ISR G2 router running Cisco IOS Release 15.2(4)M1.

Workaround: There is no workaround.

  • CSCuc30836

Symptoms: Cisco IOS IPS signature auto-updates fail.

Conditions: This symptom occurs on a Cisco c880 router running Cisco IOS Release 15.1(4)M4 on signature definition S636.

Workaround: There is no workaround.

  • CSCuc31371

Symptoms: The IKEv2 session is shown as up for a Spoke-to-Hub FlexVPN.

Conditions: This symptom occurs when the tunnel interface is shut down.

Workaround: There is no workaround.

  • CSCuc31725

Symptoms: CUBE fails to resolve the configured DNS through A query when the SRV query fails.

Conditions: This symptom occurs when running Cisco IOS Release 15.3(0.11)T.

Workaround: Use DNS SRV records for SIP servers.

  • CSCuc32663

Symptomx: User passwords appear in ACS logs.

Conditions: This symptom occurs on a device running Cisco IOS software configured with AAA TACACS configuration command authorization, will transit the user password as entered in any configuration CLI command that requires both the username and password in the command authorization AVs as part of the command authorization request.

Example of CLI commands: username name password password

The password is sent as part of the data for configuration command authorization.

Workaround: Disable the configuration command authorization.

PSIRT Evaluation: The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels.

If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation.

Additional information on Cisco’s security vulnerability policy can be found at the following URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

  • CSCuc33119

Symptoms: WAAS-optimized traffic may get stuck in a loop when ISM VPN is enabled.

Conditions: This symptom occurs only when the ISM VPN module is turned on.

Workaround: There is no workaround.

  • CSCuc33436

Symptoms: After a reload, the first incoming PRI call fails to connect. Subsequent calls work fine.

Conditions: This symptom is observed when using PVDM2-xDM and HWIC-xCE1T1-PRI for data PRI calls on Cisco IOS Release 15.2(3)T.

Workaround: Run “clear modem all” after a reload.

  • CSCuc34107

Symptoms: The shaper does not work.

Conditions: This symptom does not occur under any specific conditions.

Workaround: There is no workaround.

  • CSCuc38552

Symptoms: On SS0, traffic is not resumed within a second and packet loss is seen in EoMPLS port.

Conditions: This symptom occurs on SSO.

Workaround: There is no issue in the release branch “mtrose”. This issue is seen on the child branch “ma3_gcc421_compiler”.

  • CSCuc42518

Symptoms: Cisco IOS Unified Border Element (CUBE) contains a vulnerability that could allow a remote attacker to cause a limited Denial of Service (DoS). Cisco IOS CUBE may be vulnerable to a limited Denial of Service (DoS) from the interface input queue wedge condition while trying to process certain RTCP packets during media negotiation using SIP.

Conditions: This symptom is observed when Cisco IOS CUBE experiences an input queue wedge condition on an interface configured for media negotiation using SIP when a certain sequence of RTCP packets is processed. All the calls on the affected interface would be dropped. Workaround: Increase the interface input queue size. Disable Video if not necessary.

PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4/3.1: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C

CVE ID CVE-2012-5427 has been assigned to document this issue. Additional information on Cisco’s security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

  • CSCuc42558

Symptoms: A Cisco router configured as the VXML gateway may experience a leak in the processor memory pool in CCSIP_SPI_CONTROL in the function url_parseTelUrl.

Conditions: This symptom occurs when a Cisco router is configured as the VXML gateway.

Workaround: Reload the router during a maintenance window to avoid an unexpected crash. You may also downgrade to Cisco IOS Release 15.1(4)M3, which is not affected.

  • CSCuc44438

Symptoms: There is a memory corruption issue with loading NBAR protocol pack.

Conditions: This symptom occurs when an NBAR protocol pack is loaded into the router using the ip nbar protocol-pack command.

Workaround: There is no workaround.

  • CSCuc44629

Symptoms: The switch/router crashes while processing NTP.

Conditions: This symptom occurs if NTP is configured using DNS, along with the source interface. For example:

config# ntp server <dns> source <interface>
 

Workaround 1: config# ntp server <dns>

Workaround 2: config# ntp server <ip>

Workaround 3: config# ntp server <ip> source <interface>

For workarounds 1 and 2, the device automatically selects the source interface. For workarounds 2 and 3, resolve the DNS and use the corresponding IP address for that DNS.

For example:

Router# ping <dns>
 

The above command gives the IP address for DNS. Use that IP address to configure the NTP server.

  • CSCuc45045

Symptoms: The show ip eigrp neighbors detail vmi command displays large delay values.

Conditions: This symptom is observed only for the VMI interface in MANET networks.

Workaround: There is no functional impact because of this. For any other practical purposes, convert the displayed value from pico second to microsecond as the value displayed is in pico seconds and units displayed are in usec.

  • CSCuc45528

Symptoms: Incremental leaks are seen at :__be_nhrp_recv_error_indication.

Conditions: This symptom occurs when the NHRP error indication is received on the box. This issue is seen only if CSCub93048 is already present in the image. CSCub93048 is available from Cisco IOS Release 15.3M&T onwards.

Workaround: There is no workaround.

  • CSCuc46087

Symptoms: CUBE does not send a response to an early dialog UPDATE in a glare scenario.

Conditions: This symptom occurs when CUBE receives an early dialog UPDATE when it sends 200OK to INVITE and expects ACK.

Workaround: There is no workaround.

  • CSCuc47036

Symptoms: A crash occurs due to memory corruption pointing to TCP/BGP functions.

Conditions: This symptom occurs when eBGP is configured and the link is flapped.

Workaround: There is no workaround.

  • CSCuc47356

Symptoms: Static routes are not getting removed.

Conditions: This symptom is observed with Smap - Smap. Removal of CLI does not remove the static route.

Workaround: Remove the ACL before removing the SA.

  • CSCuc47399

Symptoms: IKEv2 STOP Accounting records show wrong counters for packets/octets, when the sessions are locally cleared using “clear crypto sa” or “clear crypto session”.

Conditions: This symptom is observed with latest Cisco IOS XE Release 3.8S images when IKEV2-Accouting is enabled. This issue is easily reproducible with a single session, and may be service impacting as STOP Accounting records are usually used for billing purposes.

Workaround: The STOP records reflect the right counters when the disconnect is through the remote-end.

  • CSCuc49335

Symptoms: An infinite loop is seen at tunnelInetConfigIfIndex.ipv6 while doing SNMP walk.

Conditions: This symptom occurs when an SNMP walk is done on the Cisco ISRG2 router and the Cisco ASR 1000 router.

Workaround: There is no workaround.

  • CSCuc49364

Symptoms: The Media-service Proxy table gets populated but the Metadata table does not get populated.

Conditions: This symptom is observed in Cisco ISR platforms.

Workaround: There is no workaround.

  • CSCuc51617

Symptoms: Poor video quality is observed.

Conditions: This symptom occurs at the beginning of the call. This issue occurs because of some missing configurations at the dial peer.

Workaround: The quality improves after hold and resume.

  • CSCuc51774

Symptoms: Packet drop is seen on the 4G/LTE cellular interface when QoS is configured with the parent shaper.

Conditions: This symptom is observed QoS with the parent shaper enabled on the 4G/LTE interface.

Workaround: Remove QoS or use QoS without the shaper.

  • CSCuc52038

Symptoms: CUBE is configured with media antitrombone. A call is made from PSTN ---> CUBE and forwarded to another PSTN phone. There is only one-way media from the called device to the calling device. When media antitrombone is disabled, there is media flow both ways. This behavior is seen only when media antitrombone is enabled in CUBE. Please check for enclosures for debug ccsip all messages of both CUBE and the PSTN router.

Conditions: This symptom occurs when media antitrombone is enabled.

Workaround: Disable media antitrombone.

  • CSCuc52757

Symptoms: The encrypt and decrypt packet count does not match.

Conditions: This symptom is observed with encrypt and decrypt packets.

Workaround: There is no workaround.

  • CSCuc55407

Symptoms: The following error message is displayed:

%SYS-2-BADSHARE: Bad refcount in retparticle error logs followed by traceback
 

Conditions: This symptom is observed with STM flapping and a badshare alarm.

Workaround: There is no workaround.

  • CSCuc58194

Symptoms: While configuring the channelized interfaces, SNMP-related tracebacks are seen.

Conditions: This symptom is observed with the module NM-HDV2-2T1/E1 with VWIC2-2MFT-T1/E1. This issue could impact other modules as well.

Workaround: There is no workaround other than from removing SNMP.

  • CSCuc59738

Symptoms: Memory leak is seen in Chunk Manager due to a CCE DP feature.

Conditions: This symptom occurs in ZBFW configurations with a good number of ACLs used for QoS settings.

Workaround: Periodic reload of the router recovers the leaked memory.

  • CSCuc60057

Symptoms: When sending a fax through the Canon machine, through the MGCP BRI, the fax sends three copies instead of one. In the PCM captures taken for the failed fax on the BRI port, an MCF for a EOP is received. However, the machine keeps sending the EOP twice and then disconnects, resulting in the fax being sent thrice.

Conditions: This symptom is observed only with the Canon l140 machine.

Workaround: There is no workaround.

Further Problem Description: Troubleshooting was done as follows:

1. Changed the DSP firmware by using a different Cisco IOS version. Tried the latest Cisco IOS Release 15.2(2)T.

2. Tried increasing the signal strength going from the router to the machine by adjusting the gain and attenuation.

3. Tried reducing the delay between the packets by adjusting the fax play out delay.

4. Stopped any hairpinning by issuing “no local by pass”.

  • CSCuc61771

Symptoms: When upgrading CUBE Cisco IOS to Cisco IOS Release 15.2 code, the RFC2833 packets are transcoded to g.711 packets with a short DTMF duration, which are followed by transcoded RFC2833 packets. With Cisco IOS Release 15.1 code, there are no RFC2833 packets on the PCM side and the inband DTMF duration is correct.

Conditions: This symptom occurs in PCM transcoding mode. One side has DTMF inband and the other side is RFC2833 dtmf-relay, and dtmf-relay is configured. This issue is seen with Cisco IOS Release 15.2.x and PVDM3.

Workaround: Downgrade Cisco IOS to Cisco IOS Release 15.1M&T code or use PVDM2.

  • CSCuc62051

Symptoms: Nile manager crashes on configuring the G.8032 on the Cisco ASR 903 router.

Conditions: This symptom is timing issue and can be seen while configuring the G.8032 configuration, along with interface configurations from bootflash. This issue is not easy to reproduce because of timings.

Workaround: There is no workaround.

  • CSCuc63884

Symptoms: A router configured with HSRP and RF interdev may experience an NMI watchdog during reload after failover, as it transitions from a standby to an active state.

SYS-2-INTSCHED 'sleep for' at level 6
-Process= "RF Interdev reload process", ipl= 6, pid= 316
 
NMI Watchdog timeout!!: vector 2, PC = 0x219B3C
 

Conditions: This symptom is observed with HSRP and interdev configured. HSRP failover is triggered by link failure if the configuration is being saved at the same time.

Workaround: There is no workaround.

  • CSCuc66518

Symptoms: The ISM-VPN: tlb load/fetch exception is seen on the ISM.

Conditions: This symptom is observed with site-to-site FlexVPN traffic.

Workaround: Use the onboard crypto or software crypto engine instead of Reventon.

  • CSCuc67033

Symptoms: A Cisco IOS router with the ISM VPN encryption module enabled can experiences memory corruption-related crashes.

Just before the crash, the router may display some syslog error messages related to the ISM VPN module:

Aug 21 15:55:22: !!! Cannot find Revt counters struct for flowid: 0x4400012A
Aug 21 15:55:24: !!! Cannot find Revt counters struct for flowid: 0x4400012A
Aug 21 15:55:24: !!! Cannot find Revt counters struct for flowid: 0x4400012A
 

Here, the word “Revt” is specific for the ISM VPN module.

Also, some generic syslog error messages related to memory allocation failures may be displayed the crash:

Aug 21 15:55:33: %SYS-3-BADBLOCK: Bad block pointer DD7D7D0
-Traceback= 23B9EA7Cz 23BA1A44z 23BA1E24z 23B712B8z 23B7129Cz
Aug 21 15:55:33: %SYS-6-MTRACE: mallocfree: addr, pc
352791C4,22DB4A50 352791C4,3000006C 38808760,2627EDF0 34C91824,262724A8
352791C4,22DB6214 352791C4,22DB4A50 352791C4,3000006C 352791C4,22DB6214
Aug 21 15:55:33: %SYS-6-MTRACE: mallocfree: addr, pc
352791C4,22DB4A50 352791C4,3000006C 352791C4,22DB6214 3875D9C4,600002CA
3875D5E0,2627EDF0 35092ACC,262724A8 352791C4,22DB4A50 352791C4,3000006C
Aug 21 15:55:33: %SYS-6-BLKINFO: Corrupted next pointer blk DD7D7D0, words
32808, alloc 214E636C, InUse, dealloc 0, rfcnt 1
 

Conditions: This symptom is observed with the following conditions:

– The ISM VPN crypto acceleration module is installed, enabled, and used for crypto operations (IPsec, etc.).

– Cisco IOS supports ISM VPN (Cisco IOS Release 15.2(1)T1 or later releases).

Workaround: Disable the ISM VPN module. The crash is specific to ISM VPN.

  • CSCuc67203

Symptoms: Transferring of multicast over a GRE/IPsec tunnel fails if the payload size of the multicast is greater than 14K. This issue is seen only if the source is connected to a port on the EHWIC-D-8ESG module. If the source is connected to the built-in port, then the transfer is successful.

Setup:

EHWIC-D-8ESG
Vlan1
Source--------Testrouter1-(C1900)---------------Testrouter2(c1900)-----------Receiver
------IPSEC/GRE-

Conditions: This symptom is observed with Cisco IOS Release 15.2(4)M1 and Cisco IOS Release 15.2(2)T1 with the EHWIC-D-8ESG module.

Workaround:

1. Custom applications can be programmed to limit the size of individual packets to 13K and some off-the-shelf software could have configuration options to do the same.

2. The EHWIC switch module could be bypassed by using the external switch and a built-in router port.

  • CSCuc69342

Symptoms: About 10 minutes after CUBE boot, the router crashes with the following traceback:

-Traceback= 5B01805 46158ED 45F4F57 45BB19E 45BA1CF 451D6DC 4525549 45252D9
4519C30 45196A9 4778FFD
 

After the reload from the crash, it may take some time before it crashes again.

Conditions: This symptom occurs when CUBE receives the SIP REFER message with the Refer-To header having no user part.

Workaround: There is no workaround.

  • CSCuc70472

Symptoms: Compression (V.42bis, V.44) is disabled by “modemcap” for PVDM2-DM. After some time, certain modems start to negotiate V.44/V.42bis and drop those calls before PPP. The number of modems negotiating compression is growing over time, leading to an increase in the drop call rate.

Conditions: This symptom occurs when the following modemcap is applied:

"modemcap entry V32bis_noComp1:MSC=&F0+DCS=0,0;+MS=10,0,4800,14400" OR
"modemcap entry V32bis_noComp2:MSC=+MS=10,0,4800,14400;%C0"
 

Breakdown:

"+DCS=0,0=0,0" - V.44 OFF, V.42bis OFF
"+MS=10,0,4800,14400" - V.32bis,No V8.bis, min 4800, max 14400
"%C0" - No compression
 

After reload:

Router#sh modem log 0/463 | i compression
Data compression 69 None
Data compression 69 None
Data compression 69 None
Data compression 69 None << No compression
Router#sh modem configuration 0/463 | i S41|S82
S41 = 137 Compression selection is MNP 5 Retrain and fallback/fall
forward disabled
S82 = 128 Break Handling Options/LAPM Break Control = 0x80
S82 = 21
 

A few hours/days after reload:

Router#sh modem log 0/463 | i compression
Data compression 68 None
Data compression 68 V44 << Starts to negotiate V.44, even
while disabled by modemcap
Data compression 68 V44
Data compression 68 V44
Router#sh modem configuration 0/463 | i S41|S82
S41 = 139 Compression selection is MNP 5 and V.42 bis
S82 = 128 Break Handling Options/LAPM Break Control = 0x80
S82 = 25
 

Workaround: Reload.

  • CSCuc70958

Symptoms: The Cisco ISR-3825 has a latency in traffic processing and tx_ping counter on phy controllers are increasing and not getting emptied.

Conditions: This symptom is observed with Cisco IOS Release 12.4(24)T8.

Workaround: Reload the router.

  • CSCuc71422

Symptoms: CUBE crashes if it fails to route an INVITE that has a Replaces: header.

Conditions: This symptom occurs when an INVITE with a Replaces: header is received but all outbound dial peers failed to connect the call.

Workaround: There is no workaround.

  • CSCuc71493

Symptoms: Significant transaction time degradation is observed when an e-mail with attachment(s) is sent from the Windows 7 client using Outlook to a server running Outlook 2010 on the Windows 2008 server and the WAN latency is low, that is, ~12ms RTT.

Conditions: This symptom is observed when the client is Windows 7 and data is being uploaded using the MAPI protocol and the connection is being optimized by WAAS-Express.

Workaround: Disable WAAS-Express.

  • CSCuc71706

Symptoms: Execution of the show run command and other commands such as copy run start and show access-list cause the router to stop for a few minutes before completing.

Conditions: This symptom is observed with Cisco ISR G2 routers. This issue is seen only with IPV6 configured and used.

Workaround: There is no workaround.

  • CSCuc71885

Symptoms: A crash is seen at cce_dp_csdb_api_retrieve_feature_object.

Conditions: This symptom is observed with spoke-to-spoke UDP traffic, SIP, and DNS, which causes the crash on the traffic initiator.

Workaround: There is no workaround.

  • CSCuc72114

Symptoms: Participating router ports of Etherchannel do not get suspended upon speed/duplex mismatch.

RMS-rtr1-st0159#sh int po1
Port-channel1 is up, line protocol is up
Hardware is GEChannel, address is c47d.4ffd.c390 (bia c47d.4ffd.c390)
Description: ** Store LAN Interface PORT CHANNEL 1 **
MTU 1500 bytes, BW 110000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 255/255, rxload 1/255
Encapsulation 802.1Q Virtual LAN, Vlan ID 1., loopback not set
Keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
No. of active members in this channel: 2
Member 0 : GigabitEthernet0/1 , Full-duplex, 100Mb/s
Member 1 : GigabitEthernet0/0 , Full-duplex, 10Mb/s
 

In conditions like this, the router keeps sending traffic on a suspended link on the switch side due to load balancing and switch drops, which causes network outage. On the switch side, interfaces go into suspended mode as expected.

Conditions: This symptom is observed with the following conditions:

1. Etherchannel is configured between the Cisco ISR/G2 router and a Cisco Catalyst switch.

2. There is a speed mismatch between the participating ports.

Workaround: There is no workaround.

  • CSCuc72325

Symptoms: A router does not recognize a UA frame after sending an SNRM frame.

Conditions: This symptom occurs when SDLC is configured on the Cisco3845 with HWIC-4T.

Workaround: Shut/no shut the serial interface or reload the router.

  • CSCuc73005

Symptoms: The Cisco IOS firewall stops forwarding RTP packets belonging to an established session after around 30 seconds.

Conditions: This symptom is observed with a Cisco IOS Zone-Based Firewall, with SIP inspection. This issue is seen when RTP traffic is flowing.

Workaround: There is no workaround.

  • CSCuc73036

Symptoms: Packets cannot be set with cos value 1 with PPP encapsulation.

Conditions: This symptom is observed with Cisco IOS Release 15.3(0.18)T.

Workaround: There is no workaround.

  • CSCuc73902

Symptoms: An IPsec router configured in a stateful IPsec High Availability (HA) configuration may incorrectly reset the ESP sequence number when it becomes the active router after a switchover. This will result in packets drop on the peer device due to antireplay check failure, as can be observed with the following error:

%CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed connection id=X,
sequence number=1
 

Conditions: This symptom occurs only after an HA switchover event.

Workaround: Disable the antireplay check on the VPN end peer devices by using the crypto ipsec security-association replay disable command.

  • CSCuc74594

Symptoms: The router fails to boot and issues a “*** Machine Check Exception ***” error message. Attempting to break the boot process results in a “WARNING: Break key” message but does not deliver a ROMMON prompt.

Conditions: This symptom occurs when attempting to enable all licensing on a the Cisco 3945 (datak9, securityk9, uck9, hseck9).

Workaround: There is no workaround.

  • CSCuc76130

Symptoms: IPsec SAs are not getting deleted even after removing ACL.

Conditions: This symptom occurs when using the IPsec feature with Cisco IOS Release 15.3(0.18)T0.1.

Workaround: There is no workaround.

  • CSCuc77704

Symptoms: The GETVPN/GDOI Secondary Cooperative Key Server (COOP-KS) does not download the policy (that is, when the show crypto gdoi ks policy command is issued on the Secondary COOP-KS and the command output shows that no policy is downloaded) and Group Members (GMs) registering to the Secondary COOP-KS fail to register without any warning/error message.

Conditions: This symptom is observed when the GETVPN/GDOI group (with COOP configured) has an IPsec profile configured with one of the following transforms in its transform-set:

– esp-sha256-hmac

– esp-sha384-hmac

– esp-sha512-hmac

Workaround: Use esp-sha-hmac as the authentication transform instead.

  • CSCuc78402

Symptoms: EO-EO and DO-DO escalation scenarios fail with CUBE after SSO.

Conditions: This symptom is observed with HA calls.

Workaround: There is no workaround.

  • CSCuc78772

Symptoms: CPU watchdog is observed, followed by the box crashing.

Conditions: This symptom occurs when an IPv6 ACL entry is created with the log option. If there are more than 16 different traffic matching this ACL with a high rate, the box will run out of CPU to send to the log.

Workaround: Remove the log option from the ACL entry or create a more specific ACL to get less than 16 different traffic matching the same ACL entry.

  • CSCuc79143

Symptoms: The cellular driver should handle the profile getting inactive and should bring down the cellular interface.

Conditions: This symptom occurs when the profile is deactivated by the HA.

Workaround: Doing a “clear line” will bring down the cellular interface and restore the connection.

  • CSCuc79606

Symptoms: An unexpected reboot occurs on the Cisco VG224.

Conditions: This symptom occurs when no crashinfo file is generated. The show version indicates “System returned to ROM by power-on”.

Workaround: This issue may not occur when running Cisco IOS Release 15.0.M.

  • CSCuc80398

Symptoms: NBAR does not match the RTP payload.

Conditions: This symptom is observed with NBAR.

Workaround: Configure the Access-list to match the same.

  • CSCuc81117

Symptoms: The router crashes with the reload warm command.

Conditions: This symptom occurs when configuring “warm-reboot” with Cisco IOS Release 15.3(1.2)T.

Workaround: Remove the warm-reboot command.

  • CSCuc83104

Symptoms: Path confirmation fails for blind transfer scenarios for both SIP Line and trunk-side scenarios.

Conditions: This symptom is observed if “no supplementary-service sip refer” is configured.

Workaround: Configure “supplementary-service sip refer”.

  • CSCuc85321

Symptoms: Cisco IOS may crash when AnyConnect is used.

Conditions: This symptom is observed with the following conditions:

– The router is configured as the SSL VPN gateway.

– AnyConnect users make VPN connections to this router.

Workaround: There is no workaround.

  • CSCuc89674

Symptoms: A Cisco IOS device (UC540, ISR) running Cisco IOS Release 15.1(4)M5 experiences memory leak in the Packet Header of Chunk Manager. datagram_done is not called in some feature path which causes *Packet Header* leak, and thus “CCE dp subblock” is not freed.

The output for the show proc mem sorted and show chunk summary commands shows the leak. The device eventually crashes due to low memory.

Conditions: This symptom is observed with the following conditions:

– Cisco IOS Release 15.1(4)M5.

– QoS (service-policy), NAT, and CBAC are configured.

Workaround: Schedule a proactive reload of the device to avoid an unexpected crash.

  • CSCuc90198

Symptoms: Cisco C892FSP-K9 is getting reloads with qos_sanity script configurations.

Conditions: This symptom is observed with Cisco IOS Release 15.3(0.18)T0.1.

Workaround: There is no workaround.

  • CSCuc91717

Symptoms: The router crashes when making a basic x25 configuration change.

Conditions: This symptom occurs when the x25 translation statement is removed from the running configuration when traffic is on.

Workaround: There is no known workaround. A possible workaround may be to shut the interface before making x25 configuration changes.

  • CSCuc91949

Symptoms: When using Cisco ISR Websecurity with Cisco Scansafe, sometimes the redirected HTTP website can fail to load, preventing access to that web page. Tracebacks on the console may accompany this behavior.

Conditions: This symptom occurs only on a Cisco ISR-G2 router running Cisco IOS Release 15.2(4)M, when Cisco ISR Websecurity with Cisco Scansafe connector is enabled.

Workaround: There is no workaround.

  • CSCuc92167

Symptoms: SSH use of Diffie-Hellman (DH) exchange to negotiate keying material is insecure and may lower the security of DH exchange.

Conditions: This symptom occurs when there are known attacks against DH that takes effort of effectively halving the length of the private key. Due to SSH use of DH private values of certain lengths, if the SSH is negotiated using AES-128 and HMAC-MD5, the time needed to recover the keys is lower than expected.

Workaround: There is no workaround.

PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 3.6/3.2:

https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:H/Au:S/C:P/I:P/A:N/E:POC/RL:U/RC:C

No CVE ID has been assigned to this issue.

Additional information on Cisco's security vulnerability policy can be found at the following URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

  • CSCuc93361

Symptoms: “ip” protocol is not accepted in the ping command

with the IPv6 address configured.

Conditions: This symptom occurs when a single interface is configured with an IP address, and later, the mask alone is changed.

For example:

int e0/0
ip addr 10.1.1.1 255.255.255.0
no shut
 

Later,

int e0/0
ip addr 10.1.1.1 255.255.0.0
 

Workaround: Configure a different IP address and then revert to the same address with the changed mask.

For example:

int e0/0
ip addr 10.1.1.1 255.255.255.0
no shut
 

Later,

int e0/0
ip addr 10.1.1.2 255.255.0.0
ip addr 10.1.1.1 255.255.0.0
 
  • CSCuc93763

Symptoms: Browsing is slow on websites that are whitelisted in the Scansafe policy.

Conditions: This symptom is observed with the following conditions:

1. The website advertises a window scale factor (the higher the factor, more will be the impact).

2. Whitelisting is done using the regex pattern of the website URL.

3. “ip tcp window-size” is configured with a value greater than 65535.

Workaround: Change the window-size on the router to less than or equal to 65535.

  • CSCuc94392

Symptoms: The router crashes from memory corruption, but the block dump is empty in the crashinfo.

current memory block, bp = 0xC14F4984,
memorypool type is Processor
data check, ptr = 0xC14F49B4
bp->next(0x0) not in any mempool
bp_prev(0xFFFFFFEC) not in any mempool
========= Dump bp = 0xC14F4984 ======================
 
C14F4884: 0 0 0 0 0 0 0 0
C14F48A4: 0 0 0 0 0 0 0 0
C14F48C4: 0 0 0 0 0 0 0 0
C14F48E4: 0 0 0 0 0 0 0 0
C14F4904: 0 0 0 0 0 0 0 0
C14F4924: 0 0 0 0 0 0 0 0
C14F4944: 0 0 0 0 0 0 0 0
C14F4964: 0 0 0 0 0 0 0 0
C14F4984: 0 0 0 0 0 0 0 0
C14F49A4: 0 0 0 0 0 0 0 0
C14F49C4: 0 0 0 0 0 0 0 0
C14F49E4: 0 0 0 0 0 0 0 0
C14F4A04: 0 0 0 0 0 0 0 0
C14F4A24: 0 0 0 0 0 0 0 0
C14F4A44: 0 0 0 0 0 0 0 0
C14F4A64: 0 0 0 0 0 0 0 0
========= Dump bp->next = 0x0 ======================
 
========== Dump bp->previous = 0x0 =====================
 
Perhaps a Watchdog Forced Crash or CPUHOG preceding.
 

Conditions: This symptom is observed when WAAS is enabled and HTTP express accelerator is configured.

Workaround: Disable either WAAS or HTTP express or both.

  • CSCuc94508

Symptoms: The router crashes in NBAR Flowvar ch chunk.

Conditions: This symptom occurs when the router is configured with NBAR features.

Workaround: Disable NBAR-related commands.

  • CSCuc94687

Symptoms: SHA2 processing in software causes low throughput or high CPU.

Conditions: This symptom is observed with the Cisco 892 with SHA2 configured and the onboard crypto engine enabled running Cisco IOS Release 15.2(4)M and later releases.

Workaround: There is no workaround.

  • CSCuc95160

Symptoms: After receiving the CRCX message, the Cisco AS5400 does not send 200 ok to SSW. SSW sends the CRCX message to the Cisco AS5400 again.

Between these messages, debug outputs are displayed. It seems that the call is not disconnected completely for the end point by the previous disconnect request (the DLCX is received after the CRCX message from SSW). The end point may be stuck in call_disconnecting state.

Conditions: This symptom is observed with MGCP. This issue occurs when the Cisco AS5400 receives DLCX before sending 200 ok for the first CRCX message.

Workaround: There is no workaround.

  • CSCuc96631

Symptoms: Incoming calls through e1 r2 stop working in Cisco IOS Release 15.2(4)M1.

Conditions: This symptom is observed with incoming calls through e1 r2 in Cisco IOS Release 15.2(4)M1. Outgoing calls work fine.

Workaround: Use Cisco IOS Release 15.2(2)T.

  • CSCuc97106

Symptoms: Stale/inactive sessions are seen in Cisco IOS transcoder hosted to CUBE/CME.

Conditions: This symptom is observed when the transcoder in CUBE is invoked, and if the call is escalated to T38 erroneously or intentionally, calls fail, which is normal. But, one leg remains as an inactive/stale connection, which leads to exhaustion of DSPfarm resources, eventually leading to all the calls to fail.

The call flow is as follows:

Sip Service provider---g711alw------CUBE---G729----------CUCM----IP phone/Fax
machine
Cube is configured for transcoder(CUBE controlled Xcoder).
 
CUBE01#sh sccp connections
sess_id conn_id stype mode codec sport rport ripaddr conn_id_tx
 
7602187 48 xcode inactive g711a 19052 2000 X.X.X.X
262209 264 xcode inactive g711a 17120 2000 X.X.X.X
 

Workaround:

– Bounce the SCCP (“no sccp”/“sccp”) or reload the router.

– If downgrading is the option, use Cisco IOS Release 15.1(2)T4 (tested in the lab).

Further Problem Description: Cisco IOS transcoder is invoked by CUBE and not hosted to CUCM, and this defect is exclusive for CUBE/CME hosted transcoders.

  • CSCuc97331

Symptoms: IPv6 EIGRP neighbors flap on a GRE tunnel.

Conditions: This symptom occurs when tunnel protection is enabled on a IPV6 over an IPv4 tunnel.

Workaround: There is no workaround.

  • CSCuc97542

Symptoms: The router may possibly hang during a large download via HTTP.

Conditions: This symptom is observed Cisco IOS Release 15.x content filtering.

Workaround: Disable Cisco IOS content filtering.

  • CSCud01502

Symptoms: A crash occurs in CME while accessing a stream in sipSPIDtmfRelaySipNotifyConfigd.

Conditions: This symptom occurs in CME.

Workaround: There is no workaround.

  • CSCud03003

Symptoms: A crash occurs due to “%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = CCSIP-REGISTER”.

Conditions: This symptom occurs due to “%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = CCSIP-REGISTER”.

Workaround: There is no workaround.

  • CSCud06180

Symptoms: When the SDK crash occurs, the cellular interface is not operational.

Conditions: This symptom occurs when the IPSLA is present on the cellular interface, and you power-cycle the modem 8-10 times, causing the CWAN_SHIM layer to crash.

Workaround: There is no workaround.

  • CSCud06884

Symptoms: Packets sent by CUBE have authentication failures after transfer.

Conditions: This symptom occurs when SRTP is being used.

Workaround: There is no workaround.

  • CSCud06887

Symptoms: IPsec Stateful failover is configured between two routers.

router_1 is chosen as Active.

router_2 is chosen as Standby.

router_3 acts as the VPN end peer.

– A VPN tunnel is created between the VIP of routers 1 and 2 and router_3.

– SPIs are replicated from Active (router_1) to Standby (router_2).

– After switchover from Active to Standby (done by reload of Active router_1), router_2 becomes Active and takes over the VPN connection.

– router_1 comes up after manual reload and then reloads again by itself.

– When router_1 comes up after the second reload, SPIs are not replicated from Active router_2.

Conditions: This symptom occurs when IPsec Stateful failover is configured on Cisco IOS Release 15.2(4)M1. This issue is seen when the HW crypto engine is enabled.

Workaround: There is no workaround. When next switchover from Active to Standby will be triggered, then new VPN connection is being created, packet loss occurs.

  • CSCud08595

Symptoms: After reload, ISDN layer 1 shows as deactivated. Shut/no shut brings the PRI layer 1 to Active and layer 2 to multiframe established.

Conditions: This symptom occurs when “voice-class busyout” is configured and the controller TEI comes up before the monitored interface.

Workaround: Remove the “voice-class busyout” configuration from the voice-port.

  • CSCud12555

Symptoms: The number of active calls looked up through SNMP OID 1.3.6.1.4.1.9.9.63.1.3.8.1.1.2.2 is sometimes displayed incorrectly. The call count does not decrement when a call terminates. The number of active calls seems to slowly increase over a period of time and there are active call display even when there are no calls in the system.

Conditions: This symptom is observed with Cisco 3945E routers running Cisco IOS Release 15.2(4)M1, but the exact condition is unknown.

Workaround: There is no workaround.

  • CSCud13862

Symptoms: The Cisco WS-SUP720 running Cisco IOS Release 12.2(33)SRE3 crashes.

Conditions: This symptom occurs during a CPU process history update.

Workaround: There is no workaround.

  • CSCud15104

Symptoms: The Cisco VG224 loops packets on a blocking port when ports fa0/0 and fa0/1 are bridged and the blocking port resides on the Cisco VG224.

Conditions: This symptom is triggered on reload/power cycle of the Cisco VG224.

Workaround: Shut/no shut the blocking port.

  • CSCud16230

Symptoms: DTR is not detected on the Cisco HWIC-2T after disconnecting the X.21 cable.

Conditions: This symptom is observed with the Cisco HWIC-2T.

Workaround: There is no workaround.

  • CSCud16241

Symptoms: The serial interface does not go up immediately after starting traffic from the X.25 device.

Conditions: This symptom is observed with the following conditions:

– DTR is up when starting traffic from the X.25 device.

– The Cisco HWIC-4A/S is used.

Workaround: There is no workaround.

  • CSCud16512

Symptoms: The EIGRP route is not redistributed into BGP as the VPNv4 route with specific steps.

Conditions: This symptom occurs during redistribution from EIGRP to BGP with VRF.

Workaround: There is no workaround.

  • CSCud16693

Symptoms: The Cisco 3600 may crash when applying a policy-map with multiple conform actions with a table-map configuration.

policy-map IPVPN-10/10/50-Service-testing
class TEST-1
police cir 10000000 bc 312500
conform-action set-qos-transmit 4
conform-action set-cos-transmit dscp table dscp-cos
exceed-action drop
 
class TEST-2
police cir 10000000 bc 312500
conform-action set-qos-transmit 4
conform-action set-cos-transmit dscp table dscp-cos
exceed-action drop
 
class class-default
police cir 50000000 bc 1000000
conform-action set-cos-transmit dscp table dscp-cos
conform-action set-qos-transmit 3
exceed-action drop
 

Conditions: This symptom is observed when applying a policy-map with multiple conform actions with a table-map configuration on the Cisco 3600.

Workaround: Do not apply a policy-map with multiple conform actions with table-map configuration. This configuration is not supported.

  • CSCud16702

Symptoms: After a period of time (usually several days to several weeks), the Cisco AS5400 stops responding to SIP responses from the SIP server for outbound calls. There are no inbound calls from SIP. All calls are from TDM to SIP.

The call flow is as follows:

TDM-->DS3(7 NFAS groups of 3 PRIs each)[-->GW-->SIP]
 

Conditions: This symptom occurs when the Cisco AS5400 upgraded from Cisco IOS Release 12.4(24)T6 to Cisco IOS Release 15.1(4)M4, has been working for over a year. There is no apparent trigger for this issue. The customer needed to upgrade Cisco IOS for a new feature offered by the SIP service provider.

Workaround: Reload the gateway.

  • CSCud20036

Symptoms: The multicast operation operating over a DMVPN topology is inconsistent between Cisco routers/IOS images. The application works correctly with a Cisco 891 or 1841, but fails when using a Cisco 5915.

This issue is seen with two of the DMVPN spoke configurations: one is a Cisco 891 and one is a Cisco 5915 ESR. Multicast traffic from each spoke is intended to be NATed into the DMVPN tunnel using different dynamic NAT address ranges at each spoke.

The routers have identical configurations. The multicat NATed functions as expected on a Cisco 891 running the c890-universalk9-mz.150-1.M7.bin image and on a Cisco 1841 running the with c1841-advipservicesk9-mz.150-1.M2.bin image.

The Cisco 5915 ESR appears to not be performing the Multicast NAT correctly. This symptom is that the PIM-SM Registers from the Cisco 5915 to the DMVPN Hub/RP are not using the NATed source IP address. The Cisco 5915 is running the c5915-adventerprisek9-mz.SPA.152-2.GC.bin image. When this occurs, in a joined group, the Hub never sends a register stop and PIM-SM Register packets continue indefinitely for that (S,G).

Note that this issue is sporadic; sometimes, the Cisco 5915 sends PIM-SM Register packets which are NATed correctly. In this case, the spoke correctly receives a PIM Join and PIM Register-Stop from the Hub for that (S,G) and sends the multicast packets natively (no-longer encapsulated in PIM Register messages). However, even in this case, there is a different issue. These NATed multicasts seem to be duplicated as they are placed into the tunnel before they get encrypted.

Working:

Cisco 891 with c890-universalk9-mz.150-1.M7.bin (show tech-support attached)
Cisco 1841 with c1841-advipservicesk9-mz.150-1.M2.bin (show tech-support attached)
 

Confirmed not working:

Cisco 5915 with c5915-adventerprisek9-mz.SPA.152-2.GC.bin (show tech-support attached)
 

Conditions: This symptom does not occur under any specific conditions.

Workaround: There is no workaround.

  • CSCud20092

Symptoms: The switch crashes.

Conditions: This symptom occurs when you apply policy-map referencing table-map to a service instance on a switch port.

Workaround: There is no workaround. The CLI is unsupported.

  • CSCud21066

Symptoms: The Scansafe feature is not available on the c880-universalk9-voice image.

Conditions: This symptom is observed with the c880-universalk9-voice image.

Workaround: There is no workaround.

  • CSCud22148

Symptoms: The E1 (E&M) controller is down.

Conditions: This symptom is observed with Cisco IOS Release 15.1(4)M2 or later releases. This issue is seen with the Cisco 3945.

Workaround: There is no workaround.

  • CSCud25056

Symptoms: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify fails for connection id=2043 local=20.2.10.2 remote=20.4.10.2 spi=B5891B95 seqno=000069CD.

Conditions: This symptom is observed with data traffic between GMs on the same GETVPN GDOI domain, and the traffic is through the 4G/LTE interface.

Workaround: There is no workaround.

  • CSCud26401

Symptoms: The PVDMs are marked as B, so no more users can log in after all lines are marked as B.

Conditions: This symptom is observed after the router runs for a few days. After around two months, all lines would be marked B.

Workaround: Reload the router.

  • CSCud26633

Symptoms: Throughput performance drop has been seen between Cisco IOS Release 15.2(2)T1.14 and Cisco IOS Release 15.2(2)T2.3.

Conditions: The symptom is observed when you upgrade from Cisco IOS Release 15.2(2)T1.14 to Cisco IOS Release 15.2(2)T2.3.

Workaround: There is no workaround.

  • CSCud27997

Symptoms: The router always crashes when two PVDM2-xDM are installed. If only one is installed, it works regardless of the stick or slot combination.

Conditions: This symptom occurs on the Cisco 3900E router. The Cisco non-E 3900 router has no issue.

Workaround: Use one PVDM or use a plain Cisco 3900 router.

  • CSCud30293

Symptoms: High CPU is seen due to the DSMP process.

Conditions: This symptom is observed with the DSMP process.

Workaround: There is no workaround.

  • CSCud33159

Symptoms: Excessive loss of MPLS VPN traffic and high CPU utilization is observed due to the process switching of MPLS traffic over the ATM interface.

Conditions: This symptom occurs when MPLS is enabled on the ATM interface with aal5snap encapsulation.

Workaround: There is no workaround.

  • CSCud34809

Symptoms: The ISM module on the cisco 3900 router suddenly fails to encrypt IPsec data on specific tunnels.

Conditions: This symptom occurs when ISM-VPN-39 is installed and active on the Cisco 3900 router. This issue is seen when the Cisco 3900 router is an IPsec endpoint.

Workaround: Reloading the router is the only way to resolve this issue. Clearing IPsec SAs and/or crypto configuration will not resolve this issue.

  • CSCud36086

Symptoms: The EZVPN server may initiate negotiation to the client, even though it should not.

Conditions: This symptom was first observed with Cisco IOS Release 15.1(1)S1 but is not exclusive to it.

Workaround: There is no workaround.

  • CSCud36723

Symptoms: RPF information for IPv6 multicast mroutes is not updated when routing changes.

Conditions: This symptom occurs when an IPv6 multicast configuration is present in the startup configuration.

Workaround: After startup, remove all IPv6 multicast configurations, if any, and then apply the configuration as needed.

Resolved Caveats—Cisco IOS Release 15.3(1)T

All the caveats listed in this section are resolved in Cisco IOS Release 15.3(1)T. This section describes only severity 1, severity 2, and select severity 3 caveats.

  • CSCsq83006

Symptoms: When some port-channels go down at the same time on a router, it can cause EIGRP SIA errors.

Conditions: This symptom occurs with full mesh four routers which are connected via port-channels. Additionally, it occurs with over five routers which are connected via a partial mesh port-channel.

Workaround: Use the port-channel interface settings below:

(config)# interface port-channel <port-channel interface number>
(config-if)# bandwidth <bandwidth value>
(config-if)# delay <delay value>
 

Further Problem Description: If a test is done with a physical interface, and not a port-channel, this issue is not seen.

  • CSCsr06399

Symptoms: A Cisco 5400XM may reload unexpectedly.

Conditions: This symptom is intermittent and is seen only when the DSPs available are insufficient to support the number of calls.

Workaround: Ensure that sufficient DSPs are available for transcoding.

  • CSCsy93069

Symptoms: After a period of Telepresence calls, tracebacks and then a router crash is seen.

Conditions: This symptom is observed only when running Cisco IOS firewall with l7 SIP inspect policies applied. This crash happens at low scale with one CTS 3k call cycling with a hold time of 600 secs.

It occurs intermittently and over time in an environment where there may be some call failures.

Workaround: There is no workaround.

  • CSCsz05848

Symptoms: High CPU utilization for DHCP client process.

Conditions: This symptom is observed when 10k PDPs sessions are established.

Workaround: There is no workaround.

  • CSCtd54694

Symptoms: A crash is seen for the show cdp neighbor port-channel no and show cdp neighbor port-channel no de? commands.

Conditions: This symptom is a rare timing issue.

Workaround: Use the show cdp neighbor and show cdp neighbor detail commands for brief and detailed CDP information. Also, the show cdp neighbor interface type no can be used with the exception that the interface type argument should not be port-channel.

  • CSCth71093

Symptoms: Routers configured to dump core to flash: or flash0: fail to dump correctly to a 4GB CompactFlash card.

Conditions: This symptom is observed with the following configuration:

(Cisco 3925) exception flash all flash0:
(Cisco 3825) exception flash all flash:
 

Then, when you issue a wr core, it fails to dump core files.

Workaround: Dump cores to TFTP.

  • CSCtj59117

Symptoms: The following error message is seen and the router freezes and crashes:

%SYS-2-BADSHARE: Bad refcount in retparticle
 

A reload is required to recover.

Conditions: This symptom is observed on a Cisco 1803 that is running Cisco IOS Release 12.4(15)T12 or Cisco IOS Release 12.4(15)T14.

Workaround: Remove CEF.

  • CSCtk15666

Symptoms: The Cisco IOS password length is limited to 25 characters.

Conditions: This symptom is observed on Cisco NG3K products.

Workaround: There is no workaround.

PSIRT Evaluation: The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels.

If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation.

Additional information on Cisco’s security vulnerability policy can be found at the following URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

  • CSCtn15610

Symptoms: Cisco IOS may crash with a bus error accessing addr=0x0 after DSP reset.

Conditions: This symptom is observed with Cisco IOS Release 12.4(15)T13a engineering special.

Workaround: There is no workaround at this time.

  • CSCto32884

Symptoms: The IPsec session does not come up.

Conditions: This symptom occurs if the ISM VPN Accelerator is used and dual ACLs are configured with IP inspect turned on.

Workaround: The only possible workaround is to disable IP inspect while this issue is resolved.

  • CSCto87436

Symptoms: In certain conditions, IOS device can crash, with the following error message printed on the console:

%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = SSH Proc
 

Conditions: In certain conditions, if an SSH connection to the IOS device is slow or idle, it may cause a box to crash with the error message printed on the console.

Workaround: There is no workaround.

PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.3/5.5: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:S/C:N/I:N/A:C/E:H/RL:OF/RC:C

CVE ID CVE-2012-5014 has been assigned to document this issue. Additional information on Cisco’s security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

  • CSCto88178

Symptoms: Packet corruption is observed when NAT processes an H.323 packet that has some trailing data beyond the User-User Information Element.

Conditions: This symptom occurs when NAT is configured to process H.323 packets, and it encounters an H.323 packet that has some trailing data beyond the User-User Information Element.

Workaround: Although it is not feasible for most implementations, using the no ip nat service H225 command prevents the packet corruption. Additionally, this issue is not present in those releases that have NAT TCP ALG support enabled.

  • CSCtq17444

Symptoms: A Cisco AS5400 crashes when performing a trunk call.

Conditions: The following conditions are observed:

– Affected Cisco IOS Release: 15.1(3)T.

– Affected platforms: Routers acting as a voice gateway for H.323.

Workaround: There is no workaround.

  • CSCtq41512

Symptoms: After reload, ISDN layer 1 shows as deactivated. Shut/no shut brings the PRI layer 1 to Active and layer 2 to Multi-frame established.

Conditions: This symptom occurs when “voice-class busyout” is configured and the controller TEI comes up before the monitored interface.

Workaround: Remove the “voice-class busyout” configuration from the voice-port.

  • CSCtq91063

Symptoms: A Cisco router may unexpectedly reload due to bus error or generate a spurious access.

Conditions: This symptom occurs due to the F/S particle pool running out of free particles and the next packet failing to successfully obtain a particle. The F/S pool is used for fragmentation, so this issue will only occur when there is a large amount of fragmentation occurring. This issue has only been seen when “ip mtu 1500” is configured on a tunnel interface where the physical mtu is 1500 forcing packets to be fragmented on the physical interface rather than on the tunnel interface.

Workarounds 1: Remove “ip mtu 1500” from the tunnel interface.

Workaround 2: Configure “service disable-ip-fast-frag”.

Workaround 3: Reduce hold queue sizes such that the total size of the queues for all active interfaces in the system does not exceed 512.

  • CSCtr45287

Symptoms: Router crashes in a scale DVTI scenario.

Conditions: This symptom is observed when the IPsec tunnel count reaches around 2500.

Workaround: Use fewer tunnels or use a different platform.

  • CSCts08224

Symptoms: Expected ACL/sessions not found for most of the protocols.

Conditions: This symptom is observed with expected ACL/sessions.

Workaround: There is no workaround.

  • CSCts54641

Symptoms: Various small, medium, or big VB chunk leaks are seen when polling EIGRP MIB or during SSO.

Conditions: This symptom is observed when MIBs are being polled or SSO is done.

Workaround: There is no workaround.

  • CSCts55778

Symptoms: This is a problem involving two SAF forwarders, where one is running EIGRP rel8/Service-Routing rel1 and the other is running EIGRP dev9/Service-Routing dev2. The capabilities-manager, a client of the service-routing infrastructure, will advertise 2 services. When forwarders are peering with the same release image, the services propagate between the forwarders without any problems. But, when you run rel8/rel1 on one forwarder, and dev9/dev2 on the other forwarder, a third service appears in the topology table and the SR database that was not advertised. Note: The problem cannot be recreated if both forwarders are running a Cisco IOS XE Release 3.4S or Cisco IOS XE Release 3.5S image.

Conditions: This symptom occurs if two SAF forwarders peer with each other, where one SAF forwarder is running EIGRP SAF rel9 or above and the other SAF forwarder is running EIGRP SAF rel8 or below.

Workaround: Make sure each SAF forwarder is running EIGRP rel8 or below, or rel9 or above.

  • CSCts87612

Symptoms: Traffic over L2TPv3 becomes very slow. Ping shows high latency.

Conditions: This symptom is observed when EHWIC-1GE-SFP-CU is used as the xconnect interface.

Workaround: Do shut/no shut on the EHWIC-1GE-SFP-CU interface

  • CSCtt40285

Symptoms: The router crashes. The following message is displayed:

System returned to ROM by bus error at PC 0x629D2EBC, address 0xB0D0B11 at
Address Error (load or instruction fetch) exception, CPU signal 10, PC = 0x629D2EBC
 

Conditions: This symptom is observed across multiple Cisco IOS Releases such as Cisco IOS Release 15.1(4)M2 and Cisco IOS Release 15.2(4)M1. This issue occurs only if NAT SIP ALG processing is enabled on the router.

Workaround: This crash can be prevented by disabling NAT SIP ALG processing on the router by issuing the no ip nat service sip command.

  • CSCtt42330

Symptoms: Alignment correction or a crash is seen at dx_mrvl_fdb_next and eswge_mactable_walk.

Conditions: This symptom occurs when the show mac-address-table command is issued, and simultaneously there is a change in the table entries.

Workaround: There is no workaround.

  • CSCtu07968

Symptoms: A Cisco 890 router may provide incorrect performance monitor statistics and omit some incoming packets from being handled by flexible netflow.

Conditions: This symptom is observed when performance monitoring or flexible netflow is enabled with IPsec over a tunnel on an input interface.

Workaround: There is no workaround.

  • CSCtu16862

Symptoms: L4F tracebacks are observed with SMB stress test traffic. You may experience a couple of retransmissions due to that and some small performance degradation.

Conditions: This symptom is observed with stress testing.

Workaround: There is no workaround.

  • CSCtu28696

Symptoms: A Cisco ASR 1000 crashes with clear ip route *.

Conditions: This symptom is observed when you configure 500 6RD tunnels and RIP, start traffic and then stop, then clear the configuration.

Workaround: There is no workaround.

  • CSCtu54300

Symptoms: The router crashes when you try to unconfigure the crypto.

Conditions: This symptom is observed when you clear the crypto and VRF configuration using automated scripts. The crash is seen after the test is repeated three or four times. Before the crash, the VRF and crypto features/functions are working fine.

Workaround: There is no workaround.

  • CSCtw41214

Symptoms: ACEs are not source IP translated in multidomain authentication (MDA) mode.

Conditions: This symptom is observed in MDA mode.

Workaround: There is no workaround.

  • CSCtw45480

Symptoms: Inbound GRE encapsulated traffic is dropped with the “Unknown-l4 sessions drop log” message on the router with ZBFW.

Conditions: This symptom is observed when router self-zone policies are applied and the GRE tunnel is in an intermediate zone between the inside and outside zones.

Workaround: Remove the self-zone policies.

  • CSCtw52819

Symptoms: OQD drops on the mGRE tunnel.

Conditions: This symptom is observed with an mGRE tunnel.

Workaround: There is no workaround.

  • CSCtw76527

Symptoms: The crypto session stays in UP-NO-IKE state.

Conditions: This symptom occurs when using EzVPN.

Workaround: There is no workaround.

  • CSCtw88689

Symptoms: A crash is seen while applying the policy map with more than 16 classes with the Cisco 3900e platform.

Conditions: This symptom occurs when applying the policy map with more than 16 classes.

Workaround: There is no workaround.

  • CSCtw98200

Symptoms: Sessions do not come up while configuring RIP commands that affect the virtual-template interface.

Conditions: This symptom is observed if a Cisco ASR1000 series router is configured as LNS.

RIP is configured with the timers basic 5 20 20 25 command. Also, every interface matching the network statements is automatically configured using the ip rip advertise 5 command. These interfaces include the loopback and virtual-template interfaces too.

On a Cisco ASR 1000 series router, this configuration causes the creation of full VAIs which are not supported. Hence, the sessions do not come up. On Cisco ISR 7200 routers, VA subinterfaces can be created.

Workaround: Unconfigure the timers rip command.

  • CSCtx06813

Symptoms: Installation fails, “rwid type l2ckt” error messages appear, and the VC may fail to come up on Quad-Sup router only. Though this error may appear for multiple other reasons, this bug is specific to Cisco Catalyst 6000 Quad-Sup SSO only.

Conditions: This symptom is observed in a scaled scenario, doing second switchover on Quad-Sup router.

Workaround: There is no workaround.

  • CSCtx15799

Symptoms: An MTP on a Cisco ASR router sends an “ORC ACK” message through CRC for the channel ID that is just received but does not reply to the ORC for the next channel.

Conditions: This symptom is observed when there is a very short time lapse between the ORC and CRC, say 1 msec.

Workaround: There is no workaround.

  • CSCtx34823

Symptoms: OSPF keeps on bringing up the dialer interface after idle-timeout expiry.

Conditions: This symptom occurs when OSPF on-demand is configured under the dialer interface.

Workaround: There is no workaround.

  • CSCtx36095

Symptoms: A traceback is seen after applying DMLP configurations while doing a line card reload.

Conditions: This symptom occurs during a line card reload.

Workaround: There is no workaround.

  • CSCtx39953

Symptoms: KRON policy is causing a system crash.

Conditions: This symptom is observed when using a Cisco 1921/K9 with Cisco IOS Release 15.2(T) and using KRON to schedule telnet sessions in order to check the state of VPN connections. Below is a configuration sample:

kron occurrence START-VPN in 1 recurring
policy-list START-VPN
!
kron policy-list START-VPN
cli telnet xx.xx.xx.xx 12 /source-interface GigabitEthernet 0/1 /quiet
cli telnet yy..yy.yy.yy 42 /source-interface GigabitEthernet 0/1 /quiet
cli telnet zz.zz.zz.zz. /source-interface GigabitEthernet 0/1 /quiet
where xx yy and zz are ip addresses of the remote hosts
 

Workaround: There is no workaround.

  • CSCtx42223

Symptoms: The connection with an FRR client that is registered for a BFD session is lost after an SSO. FRR cut-cover time is much more than 50ms, which is not expected.

Conditions: This symptom is observed after an SSO, when the FRR client is registered for a BFD session.

Workaround: Bring down the BFD session and configure it again.

  • CSCtx48753

Symptoms: Higher memory usage with PPP sessions than seen in Cisco IOS XE Release 3.4S/3.5S.

Conditions: This symptom is observed with configurations with PPP sessions. These will see up to 10 percentage higher IOS memory usage than in previous images.

Workaround: There is no workaround.

  • CSCtx54882

Symptoms: A Cisco router may crash due to a Bus error crash at voip_rtp_is_media_service_pak.

Conditions: This symptom has been observed on a Cisco router running Cisco IOS Release 15.1(4)M2.

Workaround: There is no known workaround.

  • CSCtx66046

Symptoms: The standby RP crashes with a traceback listing db_free_check.

Conditions: This symptom occurs when OSPF NSR is configured. A tunnel is used and is unnumbered with the address coming from a loopback interface. A network statement includes the address of the loopback interface. This issue is seen when removing the address from the loopback interface.

Workaround: Before removing the address, remove the network statement which covers the address of the loopback interface.

  • CSCtx67028

Symptoms: Tracebacks are seen during a traffic condition when DMVPN and WAAS-Express are configured.

Conditions: This symptom is observed while initiating an FTP session from the GW, where GW DMVPN and WAAS-Express are configured.

Workaround: There is no workaround.

  • CSCtx74051

Symptoms: When doing an ISSU downgrade, IPv6 flexible netflow monitors may be displayed and the running configuration is shown with incorrect sub-traffic types.

Conditions: This symptom occurs upon a downgrade to Cisco IOS Release 15.2(1)S (Cisco IOS XE Release 3.5S). The monitors affected are those applied to IPv6. For example, CLI such as:

interface fa0/0/0

ipv6 flow monitor monitor-name input

Workaround: Netflow code should still capture packets as expected on Cisco IOS Release 15.2(1)S. However, a reboot of the device should be done before saving the running configuration as the affected configuration saved will be incorrect and so will then fail to work on startup.

  • CSCtx75190

Symptoms: In a multihomed setup, set up the traffic as explained in the DDTS. Once end-to-end traffic flows fine, do a RP switchover on ED1. Traffic from Ixia 3 to Ixia 1 and Ixia 3 to Ixia 2 on odd VLANs (ED1 is the AED for odd VLANs) is dropped with UnconfiguredMplsFia counters incrementing.

Conditions: This symptom is observed when you do an RP switchover with a scaled OTV configuration in a multihomed setup.

Workaround: There is no workaround.

  • CSCtx80535

Symptoms: DHCP pool that is configured for ODAP assigns the same IP to multiple sessions.

Conditions: This symptom is observed when PPP users receive pool via Radius. The pool is defined on the Cisco 10000 series router to use ODAP. ODAP is receiving the subnets from Radius correctly, and assigns IPs to PPP sessions, but sometimes two users end up having the same IP address.

Workaround: Clear both sessions sharing the same IP.

  • CSCtx82538

Symptoms: This DDTS has been raised to remove platform-specific macros.

Conditions: This symptom is observed with CPU-specific checks. CPU-specific checks should not be in PI code. Use of shims are required.

Workaround: Remove the CPU-specific check.

  • CSCtx85623

Symptoms: The ATM output queue is stuck, and the dialer loses the IP address. The following error messages are displayed:

Jul 5 10:16:45.430: %DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1
Jul 5 10:16:45.442: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
Jul 5 10:16:46.430: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Virtual-Access2, changed state to down
Jul 5 10:16:46.430: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel2,
changed state to down
Jul 5 10:16:46.430: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1,
changed state to down
 
Dialer Interface loses IP Address
n0920ar101#sh ip int brief
Interface IP-Address OK? Method Status
Protocol
Dialer1 unassigned YES IPCP up up
 
Output Queue is Stuck at 40/40 and Drops increment at the VC Level
n0920ar101#sh queueing int atm0/3/0
Interface ATM0/3/0 VC 8/35
Queueing strategy: fifo
Output queue 40/40, 830 drops per VC << reaches 40/40 and drops increment at
the VC level
 
sn0920ar101#sh queueing int atm0/3/0
Interface ATM0/3/0 VC 8/35
Queueing strategy: fifo
Output queue 40/40, 833 drops per VC << reaches 40/40 and drops increment drops
increment at the VC level
 

Conditions: This symptom is observed with a Cisco ISR G1/G2 with HWIC-1ADSL Card, SRE/WAE. Crypto is enabled under the dialer interface, and CEF is also enabled. All these conditions are be necessary to trigger the symptom.

Workaround 1: Reconfigure PVC(PVC reset will work only 23 times, after which reload is required).

Workaround 2: Disable the hardware crypto engine accelerator.

Workaround 3: Disable CEF.

Workaround 4: Reload the router.

  • CSCty01237

Symptoms: The router logs show:

<timestamp> %OER_BR-5-NOTICE: Prefix Learning STARTED
CMD: 'show run' <timestamp>
 

This is followed by the router crashing.

Conditions: This symptom is observed under the following conditions:

1. Configure PfR with a learn-list using a prefix-list as a filter and enable learn.

2. Use a configuration tool, script or NMS that periodically executes show run on the MC over HTTP or some other means.

Workaround 1: If you use the PfR learn-list feature, do not execute show run periodically.

Workaround 2: If you use a monitoring tool that executes show run periodically, avoid using a learn-list configuration in PfR.

  • CSCty03133

Symptoms: Memory leak in IPsec key engine process.

Conditions: This symptom is observed with the following conditions:

– Scale 1000 IKE * 1 Vrf * 4 IPSec, total 4K IPSec sessions.

– Multi-SA enabled.

– CAC=50,DPD=60 periodic.

– ~10M bidirectional traffic.

Workaround: There is no workaround.

  • CSCty12524

Symptoms: A BRI packet from LMA is not handled properly on MAG and MAG is not sending the APN and SSMO option in PBRA.

Conditions: This symptom is observed on the originating or old MAG while clearing sessions in LMA in response to mobile node roaming to a new MAG.

Workaround: There is no workaround.

  • CSCty16106

Symptoms: IKE/GDOI bypass policy entries (four entries) are downloaded to PAL dataplane SADB as part of the initial policy download. But, as IKE/GDOI traffic is never routed to tunnel interfaces, the entries are not required for tunnel protection cases.

Conditions: This symptom is observed with IKE/GDOI bypass policy entries.

Workaround: There is no workaround.

  • CSCty17288

Symptoms: MIB walk returns looping OID.

Conditions: This symptom is observed when a media mon policy is configured.

Workaround: Walk around CiscoMgmt.9999.

  • CSCty24606

Symptoms: Under certain circumstances, the Cisco ASR 1000 series router’s ASR CUBE can exhibit stale call legs on the new active after switchover even though media inactivity is configured properly.

Conditions: This symptom is observed during High Availability and box-to-box redundancy, and after a failover condition. Some call legs stay in an active state even though no media is flowing on the new active. The call legs can not be removed manually unless by a manual software restart of the whole chassis. The call legs do not impact normal call processing.

Workaround: There is no workaround.

  • CSCty27687

Symptoms: A core dump generated by a Cisco 3900/3900e with 2GB or more shows up as being corrupt in GDB. This prevents the core dump from being used to do a more detailed analysis of a crash.

Conditions: This symptom is observed with a core dump generated on a Cisco 3900 or Cisco 3900e with more than 2GBs. Cores generated with 1GB of memory can be loaded into informers.

Workaround: There is no workaround.

  • CSCty35726

Symptoms: The following error message is displayed on the logs:

InterOp:Cube-NavTel : LTI: Video Xcode Call with plain Audio FAILS
 

Conditions: This symptom is seen when video Xcode call with plain audio fails.

Workaround: There is no workaround.

  • CSCty51453

Symptoms: Certificate validation using OCSP may fail, with OCSP server returning an “HTTP 400 - Bad Request” error.

Conditions: This symptom is observed with Cisco IOS Release 15.2(1)T2 and later releases.

Workaround 1: Add the following commands to change the TCP segmentation on the router:

router(config)# ip tcp mss 1400
router(config)# ip tcp path-mtu-discovery
 

Workaround 2: Use a different validation method (CRL) when possible.

  • CSCty57856

Symptoms: The Standby router crashes for an SRTP call on Active.

Conditions: This symptom occurs intermittently. This issue is seen due to a transient scenario, where unstable data from Active is checkpointed on Standby.

Workaround: There is no workaround.

  • CSCty61216

Symptoms: CCSIP_SPI_Control causes a leak with a Cisco AS5350.

Conditions: This symptom is observed with the following IOS image: c5350-jk9su2_ivs-mz.151-4.M2.bin.

This issue is seen with an outgoing SIP call from gateway (ISDN PRI --> AS5350 --> SIP --> Provider SIP gateway).

Workaround: There is no workaround.

  • CSCty64255

Symptoms: BGP L3VPN dynamic route leaking feature from the VRF to global export feature, the prefix-limit is incorrect upon soft clear, or new prefix added, or prefix deleted.

Conditions: This symptom is observed when VRF to global export is enabled, and prefix-limit is configured.

Workaround: BGP hard clear.

  • CSCty65189

Symptoms: Incoming register packets are dropped at the RP when the Zone-Based Firewall (ZBFW) is configured on the RP.

Conditions: This symptom is observed when ZBFW is configured.

Workaround: There is no workaround.

  • CSCty68402

Symptoms: NTT model 4 configurations are not taking effect.

Conditions: This symptom occurs under the following conditions:

policy-map sub-interface-account
class prec1
police cir 4000000 conform-action transmit exceed-action drop
account
class prec2
police cir 3500000 conform-action transmit exceed-action drop
account
class prec3
account
class class-default fragment prec4
bandwidth remaining ratio 1
account
 
policy-map main-interface
class prec1
priority level 1
queue-limit 86 packets
class prec2
priority level 2
queue-limit 78 packets
class prec3
bandwidth remaining ratio 1
random-detect
queue-limit 70 packets
class prec4 service-fragment prec4
shape average 200000
bandwidth remaining ratio 1
queue-limit 62 packets
class class-default
queue-limit 80 packets
 

Workaround: There is no workaround.

  • CSCty71843

Symptoms: Tracebacks are observed at lfd_sm_start and lfd_sm_handle_event_state_stopped APIs during router bootup.

Conditions: This symptom is observed with L2VPN (Xconnect with MPLS encapsulation) functionality on a Cisco 1941 router (acting as edge) running Cisco IOS interim Release 15.2(3.3)T. This issue is observed when a router is reloaded with the L2VPN configurations.

Workaround: There is no workaround.

  • CSCty74859

Symptoms: Memory leaks on the active RP and while the standby RP is coming up.

Conditions: This symptom is observed when ISG sessions are coming up on an HA setup.

Workaround: There is no workaround.

  • CSCty80553

Symptoms: The multicast router crashes.

Conditions: This symptom is observed when multicast traffic is routed through an IPsec tunnel and multicast packets are big causing fragmentation.

Workaround: Make sure multicast packet sizes do not exceed tunnel transport MTU.

  • CSCty86039

Symptoms: Shut down the physical interface of tunnel source interface. The router crashes with traffic going through some of the tunnels.

Conditions: This symptom is seen with tunnel interface with QoS policy installed.

Workaround: There is no workaround.

  • CSCty89224

Symptoms: A Cisco IOS router may crash under certain circumstances when receiving a MVPNv6 update.

Conditions: This symptom occurs when an MVPNv6 update is received.

Workaround: There is no workaround.

PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.8/5.6: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:S/C:N/I:N/A:C/E:F/RL:OF/RC:C

CVE ID CVE-2012-3895 has been assigned to document this issue. Additional information on Cisco’s security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

  • CSCty90223

Symptoms: A crash occurs at nhrp_nhs_recovery_co_destroy during setup and configuration.

Conditions: This symptom is observed under the following conditions:

1. Add and remove the “ip nhrp” configuration over the tunnel interface on the spoke multiple times.

2. Do shut/no shut on the tunnel interface.

3. Rapidly change IPv6 addresses over the tunnel interface on the spoke side and on the hub side multiple times.

4. Replace the original (correct) IPv6 addresses on both the spoke and the hub.

5. Wait for the registration timer to start.

The crash, while not consistently observed, is seen fairly often with the same steps.

Workaround: There is no known workaround.

  • CSCtz02622

Symptoms: FlexVPN spoke crashed while passing spoke-to-spoke traffic.

Conditions: This symptom is observed during passing of traffic from spoke-to-spoke or when clearing IKE SA on the spoke.

Workaround: There is no workaround.

PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.1/5: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:M/C:N/I:N/A:C/E:F/RL:OF/RC:C

CVE ID CVE-2012-3893 has been assigned to document this issue. Additional information on Cisco’s security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

  • CSCtz03779

Symptoms: The standby RSP crashes during ISSU.

Conditions: This symptom occurs when you perform an ISSU downgrade from Cisco IOS XE Release 3.6S to Cisco IOS XE Release 3.5S.

Workaround: There is no workaround.

  • CSCtz08388

Symptoms: The 86x VAE platform DSL line cannot train up with the ADSL2/ADSL2+ profile after you manually shut/no shut the DSLAM port.

Conditions: This symptom is observed with the following conditions:

1. Connect 86x VAE DSL WAN port to DSLAM port (either ADSL2/ADSL2+ profile).

2. Disable/enable the port and the line will not train up again.

Workaround: There is no workaround.

  • CSCtz13465

Symptoms: High CPU is seen on Enhanced FlexWAN module due to interrupts with traffic.

Conditions: This symptom is observed with an interface with a policy installed.

Workaround: There is no workaround.

  • CSCtz15274

Symptoms: When attempting a T.38 fax call on gateway, you may see the following in the logs:

006902: %FLEXDSPRM-3-UNSUPPORTED_CODEC: codec cisco is not supported on dsp 0/0 006903: %FLEXDSPRM-5-OUT_OF_RESOURCES: No dsps found either locally or globally.
 

Conditions: This symptom is observed with a T.38 fax call.

Workaround: There is no workaround.

  • CSCtz21456

Symptoms: A router has an unexpected reload due to CCSIP_SPI_CONTROL process.

Conditions: This symptom is observed with Cisco IOS Release 15.2(3)T.

Workaround: There is no workaround.

  • CSCtz25953

Symptoms: The “LFD CORRUPT PKT” error message is dumped and certain length packets are getting dropped.

Conditions: This symptom is observed with a one-hop TE tunnel on a TE headend. IP packets with 256 or multiples of 512 byte length are getting dropped with the above error message.

Workaround: There is no workaround.

  • CSCtz26683

Symptoms: An unsupported “ip verify unicast ...” configuration applied to an interface may still be shown in show running-config after being rejected. Output similar to the following will appear when applying the configuration:

% ip verify configuration not supported on interface Tu100
- verification not supported by hardware
% ip verify configuration not supported on interface Tu100
- verification not supported by hardware
%Restoring the original configuration failed on Tunnel100 - Interface Support
Failure
 

Conditions: This symptom occurs when there is no prior “ip verify unicast ...” configuration on the interface and when the interface and/or platform do not support the given RPF configuration.

Workaround: In some cases, it may be possible to get back to the previous configuration by using a no form of the command. In other cases, it will be necessary to reload the device without saving the configuration, or editing the configuration manually if already saved.

  • CSCtz26735

Symptoms: The SDP process to provision CVO router is broken in Cisco IOS Release 15.2(3)T.

Conditions: This symptom is seen when you start the SDP process. The connection immediately breaks after the username and password are entered.

Workaround: There is no workaround.

  • CSCtz34228

Symptoms: When NTLM (passive/active) is configured on a Cisco ISR, the user authentication process can generate authentication failure messages.

Conditions: This symptom is observed when user authentication sees multiple GETs from the browser.

Workaround: Increase the max-login attempts from a default of five to a larger number.

  • CSCtz37164

Symptoms: The requests to the RADIUS server are retransmitted even though the session no longer exists, causing unnecessary traffic to RADIUS, and RADIUS getting requests for an invalid session.

Conditions: This symptom occurs when the RADIUS server is unreachable and the CPE times out the session.

Workaround: The fix is currently being worked upon. This issue can be seen as per the conditions mentioned above. This issue can be avoided by making sure that the RADIUS server is always reachable.

  • CSCtz40460

Symptoms: A router running Cisco IOS may crash or hang.

Conditions: This symptom may be observed when SSLVPN is configured with NTLM authentication. NTLM authentication is configured by default.

Workaround: There is no workaround.

  • CSCtz40621

Symptoms: Router crash is observed.

Conditions: This symptom is observed when GetVPN GM tries to register to keyserver and keyserver issues a rekey simultaneously.

Workaround: There is no workaround.

  • CSCtz41048

Symptoms: The trace mpls ipv4 command is unsuccessful.

Conditions: This symptom is observed with the trace mpls ipv4 command.

Workaround: There is no workaround.

  • CSCtz42421

Symptoms: The device experiences an unexpected crash.

Conditions: This symptom is observed when Zone-Based Firewalls are enabled. H225 and H323 inspection is being done during the crash. The actual conditions revolving around the crash is still being investigated.

Workaround: There is no workaround.

  • CSCtz44989

Symptoms: A EIGRP IPv6 route redistributed to BGP VRF green is not exported to VRF RED. Extranet case is broken for IPv6 redistributed routes.

Conditions: This symptom is observed with IPv6 link-local next-hop. When the EIGRP route is redistributed to BGP VRF, it clears the nexthop information (it become 0.0.0.0). Now, this route becomes invalid and BGP is not able to export to another VRF.

Workaround: There is no workaround.

  • CSCtz47309

Symptoms: When using smart defaults in FlexVPN, the mode transport may be sent from initiator even if “tunnel” is configured.

Conditions: This symptom was first observed on a Cisco ASR that is running Cisco IOS Release 15.2(2)S and a Cisco ISR running Cisco IOS Release 15.2(3)T. It is seen with FlexVPN.

Workaround: Use smart defaults on both sides on of the tunnel.

  • CSCtz47595

Symptoms: Dial string sends digits at incorrect times.

Conditions: This symptom is observed with a Cisco 3925 router running Cisco IOS Release 15.2(3)T using PVDM2-36DM modems with firmware version 3.12.3 connecting over an ISDN PRI to an analog modem.

When using a dial string to dial an extension (or other additional digits), the modem should answer before the dial string is sent. If a comma is used, there should be a pause after connecting before sending the digits. The default value of the digital modem is one second per comma; two commas would be 2 seconds, three commas is 3 seconds, and so on.

1. With any number of commas in the string, debugs show the digits are sent at random intervals, sometimes before the call was answered and as much as up to 30 seconds after the call connects, i.e.: 919195551212x,22 or 1212x,,,22.

2. With no comma in the dial string, the digits are sent immediately after being generated without waiting for a connection, that is, 919195551212x22.

Dialing directly to a number with no extension or extra digits works as expected.

Workaround: There is no workaround.

  • CSCtz47873

Symptoms: The command show crypto ikev2 client flex does not work as expected.

Conditions: This symptom is observed with a client/server flexVPN setup.

Workaround: Execute either show crypto IKEv2 sa or show crypto session detail.

  • CSCtz48338

Symptoms: A router may crash with setup with configuration of BGP L3VPN VRF to global export, NSR, and large scale, hard clear or link flap.

Conditions: This symptom is seen under the following conditions:

1. BGP L3VPN VRF to global import.

2. NSR.

3. Large scale.

Workaround: There is no workaround.

  • CSCtz49200

Symptoms: OSPF IPv6 control packets are not encrypted/decrypted.

Conditions: This symptom is observed while configuring the IPv6 OSPF authentication.

Workaround: There is no workaround.

  • CSCtz50204

Symptoms: A crash is observed on EzVPN Server if VRF configuration under the ISAKMP profile is modified.

Conditions: This symptom is observed only if there are active sessions at the time of configuration change.

Workaround: Prior to applying a configuration change, clear the sessions.

  • CSCtz50683

Symptoms: Upon removing 10 x MDLP sessions, one or more hardware adj remains. This issue occurs due to incorrect removal of LSPs.

Conditions: This symptom is observed when more than eight sub-LSPs occur.

Workaround: Use no more than eight sub-LSPs.

  • CSCtz51773

Symptoms: High CPU is seen on routers equipped with an ISM-VPN module. The output of show process cpu shows that the process “REVT Background” is using around 70% of the CPU cycles.

The ISM-VPN module is not visible in show diag, and the output of show crypto engine configuration indicates that the module status is DEAD.

Conditions: This symptom is observed with an ISM VPN with a few IPSec tunnels. This can take between a day and a week.

Workaround 1: Reload the router.

Workaround 2: For a longer-run workaround and if the traffic volume is not too high, switch to the onboard crypto hardware using the configuration no crypto engine slot 0.

  • CSCtz52843

Symptoms: The following messages are displayed whenever the ATM link goes down.(Cu is deploying ADSL.)

Nov 2 05:27:49 EDT: %SYS-2-BADSHARE: Bad refcount in pak_enqueue,
ptr=6431A7E8, count=0,
-Traceback= 0x60BA4218 0x6035E098 0x6035FEC4 0x6064CD48 0x603676F0 0x608BABC8
0x6065D344 0x60666798
0x602D6240 0x600BA8CC 0x621D75E4 0x6004A188
 
 
Nov 2 05:27:49 EDT: %SYS-2-BADSHARE: Bad refcount in datagram_done,
ptr=6431A7E8, count=0,
-Traceback= 0x60BA4218 0x6035937C 0x603600C4 0x6064CD48 0x603676F0 0x608BABC8
0x6065D344 0x60666798
0x602D6240 0x600BA8CC 0x621D75E4 0x6004A188
 
Nov 4 08:29:27 EST: %LINK-3-UPDOWN: Interface ATM0/1/0, changed state to up
 
Nov 4 08:29:27 EST: %SYS-4-CHUNKMALLOCFAIL: Could not allocate chunks for ATM0/1/0
 
Total free: 0, Total inuse: 16, Cause : Not a dynamic chunk
-Process= "ATM Periodic", ipl= 4, pid= 65, -Traceback= 0x60BA4218 0x6027CB94
0x6027CBF8 0x603837A0
0x6027F688
 

Conditions: This symptom occurs when OAM is used to manage the PVC and the peer interface is down.

Workaround: There is no workaround.

  • CSCtz58719

Symptoms: Watchdog timeout is seen under interrupt or process.

Conditions: This symptom is observed with a QoS configuration applied. The issue happens because of resource contention between a process path packet and an interrupt path packet.

Workaround: Disable QoS.

  • CSCtz58941

Symptoms: The router crashes when users execute the show ip route XXXX command.

Conditions: This symptom is observed during the display of the show ip route XXXX, when the next-hops of “XXXX” networks are removed.

Workaround: The show ip route XXXX command (without “XXXX”) does not have the problem.

  • CSCtz59145

Symptoms: A crash occurs randomly. The following error messages are often seen before the crash:

Mar 31 16:30:16.955 GMT: %SYS-2-MALLOCFAIL: Memory allocation of 20 bytes
failed from 0x644DA7E0, alignment 0
Pool: Processor Free: 274176384 Cause: Interrupt level allocation
Alternate Pool: None Free: 0 Cause: Interrupt level allocation
-Process= "<interrupt level>", ipl= 1
Mar 31 16:30:16.963 GMT: %SYS-3-BADLIST_DESTROY: Removed a non-empty
list(707C0248, name: FW DP SIP dialog list), having 0 elements
 
This device is not actually running out of memory. There is a memory action
going on at the interrupt level which is not allowed.
 

Conditions: This symptom occurs when Zone-Based Firewalls inspect SIP traffic. This issue is likely related to the tracebacks and error messages given above. The actual condition is still being investigated.

Workaround: If plausible, disabling SIP inspection could possibly prevent further crashes.

  • CSCtz63438

Symptoms: In a GETVPN environment, the group member continuously registers to keyserver.

Conditions: This symptom is observed when the onboard crypto engine is disabled on a Cisco 1900 series platform.

Workaround: There is no workaround.

  • CSCtz67272

Symptoms: A crash is seen with the following error message:

%SCHED-0-ISRWATCHDOG: Interrupt of level 0 running for a long time
 

Conditions: This symptom is observed with a Cisco 3945 router or any other Cisco ISR-G2 router.

Workaround: There is no workaround.

  • CSCtz69084

Symptoms: The switch crashes when trying to enable IPsec MD5 authentication on the SVI.

Conditions: This symptom is observed with the following conditions:

VLAN 101
SW1---------------SW2
 

1. Configure the IPsec MD5 authentication in global configuration mode.

ipv6 router ospf 1
area 0 authentication ipsec spi 1000 md5 123456ABCDEF123456ABCDEF123456AB
 

2. Configure the IPsec MD5 authentication as below in the interface mode with MD5 key 7 and device crashes.

Workaround: There is no workaround.

  • CSCtz71084

Symptoms: When the prefix from CE is lost, the related route that was advertised as best-external to RR by PE does not get withdrawn. Even though the BGP table gets updated correctly at PE, RIB still has a stale route.

Conditions: This symptom is observed with a topology like shown below, where CE0 and CE1 advertise the same prefixes:

CE0------------------PE0---------------------RR
| |
| |
CE1------------------PE1----------------------|
 

Best-external is configured at PEs. PE0 prefers the path via PE1 and chooses it as its best path and advertises its eBGP path as the best-external path to RR. RR has two routes to reach the prefix, one via PE0 and the other via PE1. This issue occurs when CE0 loses the route; therefore, PE0 loses its best-external path and it has to withdraw, but this does not happen.

This issue does not occur if the interface between PE0-CE0 is shut from either side. Instead, the following command should be issued to stop CE0 from advertising the prefix: no network x.x.x.x mask y.y.y.y

Even though the trigger has SOO, it is not necessary for the repro. This same issue can be observed by PIC (stale backup path at RIB under the similar scenario), diverse-path, and inter-cluster best-external, and is day 1 issue with all.

Workaround: Hard clear.

  • CSCtz72044

Symptoms: EzVPN client router is failing to renew ISAKMP security association, causing the tunnel to go down.

Conditions: This symptom is timing-dependent; therefore, the problem is not systematic.

Workaround: There is no workaround.

  • CSCtz72390

Symptoms: The name mangling functionality is broken. Authorization fails with the “IKEv2:AAA group author request failed” debug message.

Conditions: This symptom is observed with Cisco IOS Release 15.2(3)T.

Workaround: There is no workaround.

  • CSCtz73263

Symptoms: MSP is not getting packets on SVI interface and MSP profile is not getting attached to the flow.

Conditions: This symptom is observed when the profile flow command is configured globally and an MSP profile is applied using media-proxy services profile-name.

Workaround: Disable MSP using no profile flow and enable it again using profile flow.

  • CSCtz73836

Symptoms: The router crashes.

Conditions: This symptom is observed when the router is running NHRP.

Workaround: There is no workaround.

  • CSCtz74685

Symptoms: A router crash is observed on Y1731 DM.

Conditions: This symptom is seen when starting 1DM session.

Workaround: There is no workaround.

  • CSCtz75071

Symptoms: CSCty98523 is not fully published in Cisco IOS Release 15.2M&T.

Conditions: This symptom is observed with CSCty98523. CSCty98523 has changes in the “crypto” and “crypto_engine” components. However, only the “crypto” changes got published in the Cisco IOS Release 15.2M&T code branch. It was causing issues for IKEv2 crypto engine operations. This DDTS was raised to publish the “crypto_engine” change part of CSCty98523 in the Cisco IOS Release 15.2M&T code branch.

Workaround: There is no workaround.

  • CSCtz76287

Symptoms: Sometimes, the spanning tree protocol does not work properly and causes a loop in the network.

Conditions: This symptom occurs when the router with the highest bridge ID has WLAN in the same switch and generates RBCP packets.

Workaround: Change the bridge ID manually.

  • CSCtz76650

Symptoms: In phase 2 IPv6 DMVPN deployment, traffic for IPv6 hosts behind spokes goes via the hub.

Conditions: This symptom is observed in IPv6 DMVPN network when using phase 2 configuration and routing protocols with link-local nexthop.

Workaround: Do not use link-local nexthop routing, instead use unicast next-hops (for example, BGP as the routing protocol).

  • CSCtz77171

Symptoms: Subscriber drops are not reported in mod4 accounting.

Conditions: This symptom is observed on checking the policy-map interface for account QoS statistics on a port-channel subinterface.

Workaround: There is no workaround.

  • CSCtz78194

Symptoms: A Cisco ASR 1000 that is running Cisco IOS XE Release 3.6S or Cisco IOS Release 15.2(2)S crashes when negotiating multi-SA DVTI in an IPsec key engine process.

Conditions: This symptom is observed with the Cisco ASR configured to receive DVTI multi-SA in aggressive mode and hitting an ISAKMP profile of a length above 31.

Workaround: Shorten the ISAKMP profile name to less than 31.

  • CSCtz78943

Symptoms: A Cisco router experiences a spurious access or a crash. Cisco ISR-G1 routers such as a 1800/2800/3800 experience a spurious access. ISR-G2 routers such as the Cisco 2900/3900 routers that use a Power PC processor crash because they do not handle spurious accesses.

Conditions: This symptom occurs after enabling a crypto map on an HSRP-enabled interface. The exact conditions are being investigated.

Workaround: There is no workaround.

Further Problem Description: The CSCtx90408 DDTS was originally filed to fix this issue. Unfortunately, this caused another issue, which was addressed by backing out of the changes. The fix was backed out in the CSCty83376 DDTS, so this DDTS (CSCtz78943) will address both issues.

  • CSCtz79991

Symptoms: The router crashes @lic_install_notify_and_print_output.

Conditions: This symptom is observed when license files are copied to flash of the router. After checking for EULA, the router crashes.

Workaround: There is no workaround.

  • CSCtz80643

Symptoms: A PPPoE client’s host address is installed in the LNS’s VRF routing table with the ip vrf receive vrf name command supplied either via RADIUS or in a Virtual-Template, but is not installed by CEF as attached. It is instead installed by CEF as receive, which is incorrect.

Conditions: This symptom is observed only when the Virtual-access interface is configured with the ip vrf receive vrf name command via the Virtual-Template or RADIUS profile.

Workaround: There is no workaround.

  • CSCtz86747

Symptoms: The router crashes upon removing all the class-maps from the policy-map.

Conditions: This symptom is observed when a route crashes while removing all user-defined class-maps with live traffic.

Workaround: Shut the interface first before removing the class-map.

  • CSCtz86763

Symptoms: Sessions remain partially created, and memory is consumed and not returned.

Conditions: This symptom occurs when sessions are churned and reset before they reach active state.

Workaround: There is no workaround.

  • CSCtz88595

Symptoms: The NTLM VIP pop-up shows the actual server URL instead of the VIP address.

Conditions: This symptom is observed with the NTLM authentication method and when virtual IP is configured. If GET request comes for the session already in INIT state, this issue will occur.

Workaround: There is no workaround.

  • CSCtz89334

Symptoms: A traffic blackhole is seen while a single pair of 4-wire EFM bond connections is down on a Cisco 888E router.

Conditions: This symptom occurs when connecting to an Ericsson DSLAM from a Cisco 888E router.

Workaround: There is no workaround.

  • CSCtz94902

Symptoms: Memory allocation failure occurs when attaching to SIP-40 using a web browser.

Conditions: This symptom occurs on the line card.

Workaround: Reset the line card.

  • CSCtz96167

Symptoms: QoS DSCP cases fail.

Conditions: This symptom is observed with a QoS profile (with DSCP as 31 configured under SBE) is being hit but DSCP bit is still sent as 0.

Workaround: There is no workaround.

  • CSCtz98486

Symptoms: The Flexwan QoS Offered Rate is not updated.

Conditions: This symptom occurs when traffic is flowing properly in both pos interfaces, where the offered on the policy-map o/p is not updated.

Workaround: There is no workaround.

  • CSCtz99916

Symptoms: The Cisco 3945 router does not respond to a reinvite from CVP.

Conditions: This symptom occurs when call legs are not handled in a proper IWF container.

Workaround: There is no workaround.

  • CSCua01641

Symptoms: The router’s NAS-IP address contained in the RADIUS accounting-on packet is 0.0.0.0:

RADIUS: Acct-Session-Id [44] 10 "00000001"
RADIUS: Acct-Status-Type [40] 6 Accounting-On
[7]
RADIUS: NAS-IP-Address [4] 6 0.0.0.0
 
RADIUS: Acct-Delay-Time [41] 6 0
 

Conditions: This symptom occurs when you restart the router.

Workaround: There is no workaround.

  • CSCua04049

Symptoms: If a capture is stopped because of the limits reached and the capture is started immediately, the capture fails to stop.

Conditions: This symptom occurs after immediate activation of a capture.

Workaround: Clear buffer before activating the capture or wait for a minimum of 5 seconds before reactivation of a capture point.

  • CSCua06476

Symptoms: When “clear crypto sa vrf” is executed to clear a non-GETVPN SA, there is an attempt to reregister the GETVPN group members irrespective of their data plane VRF.

Conditions: This symptom occurs when “clear crypto sa vrf” is executed to clear a non-GETVPN SA, and there is an attempt to reregister the GETVPN group members irrespective of their data plane VRF.

Workaround: There is no workaround.

  • CSCua06598

Symptoms: The router may crash with a breakpoint exception.

Conditions: This symptom is observed when SNMP polls IPv6 MIB inetCidrRouteEntry and there is a locally sourced BGP route installed in IPv6 RIB.

Workaround: Disable SNMP IPv6 polling.

  • CSCua06629

Symptoms: The sh ipv6 mobile pmipv6 mag globals command does not show any output.

Conditions: This symptom is observed only when domain and MAG configurations are present.

Workaround: If MAG configuration is complete (all requisite access interfaces and peers are configured), then this issue will not be seen.

  • CSCua07791

Symptoms: A Cisco ISR G2 running Cisco IOS Release 15.2(2)T or later shows a memory leak in the CCSIP_SPI_CONTRO process.

Conditions: This symptom is apparent after 3-4 weeks and occurs when the process is CCSIP_SPI_CONTRO.

Workaround: There is no workaround.

  • CSCua10556

Symptoms: A few IKEv2 SAs get stuck in delete state.

Conditions: This symptom is observed when bringing up 2k flex sessions.

Workaround: There is no workaround.

  • CSCua12945

Symptoms: Applying QoS under the serial interface is causing the interface to flap and most of the time causes line protocol to be DOWN.

Conditions: This symptom occurs during both congestion and noncongestion on the link.

Workaround: Doing a shut/no shut on the interface makes the interface come UP and running.

  • CSCua15003

Symptoms: When a call is canceled midcall, the CUBE may not release the transcoder resource for the call. As a result, there is a DSP resource leak.

Conditions: This symptom is observed with the following conditions:

– CUBE receives 180 ringing with SDP session.

– “media transcoder high-density” is enabled.

Workaround: Disable “media transcoder high-density”.

  • CSCua15292

Symptoms: The router may report unexpected exception with overnight stress traffic.

Conditions: This symptom is observed with the following conditions:

– Cisco ISR 3925E is deployed as DMVPN hub router and about 100Mbps traffic is controlled by PfR MC with dynamic PBR.

– The router logs with

%CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for
destaddr=172.8.9.8, prot=50, spi=0xE8FB045F(3908764767), srcaddr=10.0.100.1,
input interface=GigabitEthernet0/0
 

Workaround: There is no workaround.

  • CSCua16561

Symptoms: Jumbo-frame packets sent over IPsec VPN from a Cisco 800 series router are dropped on the receiving VPN peer.

Conditions: This symptom is observed when the packet size is above the standard FastEthernet MTU size (the problem was observed for any packet more than 1512 bytes), and the path MTU is such that no fragmentation is needed.

Workaround: Disable the onboard crypto accelerator:

no crypto engine onboard 0
 
  • CSCua17746

Symptoms: IKEv2 with RSA-Sig as auth session will fail.

Conditions: This symptom is observed with IKEv2 + RSA-Sig auth + ISM VPN or - IKEv2 + RSA-Sig auth + 7200 with VSA.

Workaround: Disable ISM VPN or VSA or do not use IKEv2 RSA-Sig as auth.

  • CSCua18138

Symptoms: If you enable the mobile IP function, a Cisco 819 will crash after a cable is removed.

Conditions: This symptom is observed when redundancy group is configured under “ip mobile router”.

Workaround: There is no workaround.

  • CSCua18166

Symptoms: When subappid is triggered by end points, the network does not recognize it and displays it as “Unknown identifier”.

Conditions: This symptom occurs when the limitation results in not supporting traffic classification based on sub appid.

Workaround: There is no workaround.

  • CSCua19207

Symptoms: A Cisco ASR 1000 is unable to support class-default shaping on subinterface used with tunnel QoS from the Cisco IOS XE Release 3.1S.

Conditions: This symptom occurs on a Cisco ASR 1000 when trying to configure class-default shaping on a subinterface used with tunnel QoS.

Workaround: There is no workaround.

  • CSCua19425

Symptoms: RP crashes at the far end, pointing to Watchdog Process BGP.

Conditions: This symptom is observed when doing an FP reload at the near end. This issue is seen with EBGP sessions with BFD configured between near end and far end routers.

Workaround: There is no workaround.

  • CSCua21049

Symptoms: The recursive IPv6 route is not installed in the multicast RPF table.

Conditions: This symptom occurs in the multicast RPF table.

Workaround: There is no workaround.

  • CSCua21166

Symptoms: Unable to form IPsec tunnels due to the “RM-4-TUNNEL_LIMIT: Maximum tunnel limit of 225 reached for Crypto functionality with securityk9 technology package license.” error.

Conditions: This symptom is observed when even though the router does not have 225 IPsec SA pairs, the error will prevent IPsec from forming. Existing IPsec SAs will not be affected.

Workaround: Reboot to clear out the leaked counter, or install hsec9, which will disable CERM (Crypto Export Restrictions Manager).

PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 2.8/2.3: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:M/C:N/I:N/A:P/E:U/RL:W/RC:C

No CVE ID has been assigned to this issue. Additional information on Cisco’s security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

  • CSCua21201

Symptoms: RP2 reloads unexpectedly.

Conditions: This symptom is observed with one dynamic crypto map with 8k tunnels running 700Mbps 64B packets overnight.

Workaround: There is no workaround.

  • CSCua21238

Symptoms: Cisco IOSd crashes at ipv6_address_set_tentative.

Conditions: This symptom occurs while unconfiguring IPv6 subinterfaces during the loading phase of a box with Netflow configuration.

Workaround: There is no workaround.

  • CSCua22313

Symptoms: SSLv3.0- and TLSv1.0-based data transfer using certain older client applications (like IE6) fails.

Conditions: This symptom is observed when the HTTPS page is fetched by a client application that does not have a fix for the BEAST vulnerability ( http://blogs.cisco.com/security/beat-the-beast-with-tls/ ) and the connection is optimized by SSL-Express Accelerator in WAAS-Express.

Workaround: Upgrade the client application to the latest version or at least a version that has a fix for BEAST in case of Internet Explorer version 8 or higher.

  • CSCua23217

Symptoms: Ping failure is observed.

Conditions: This symptom is observed with DSL group pairs configured on controllers.

Workaround: There is no workaround.

  • CSCua24676

Symptoms: The VRF to the global packet’s length is corrupted by -1.

Conditions: This symptom occurs when the next-hop in the VRF is global and recursive going out labeled. This issue is seen from Cisco IOS Release 15.0(1)S3a onwards, but is not seen in Cisco IOS Release 15.0(1)S2.

Workaround: Use the next-hop interface IP instead of the recursive next-hop.

  • CSCua24689

Symptoms: Fragments are sent without label resulting in packet drops on the other side.

Conditions: This symptom is observed with the following conditions:

– MPLS enabled DMVPN tunnel on egress.

– VFR on ingress.

Workaround: Disable VFR if possible.

  • CSCua27852

Symptoms: Traffic loss is seen in pure BGP NSR peering environment.

Conditions: This symptom is seen on a Cisco router that is running Cisco IOS Release 15.2(2)S, and the BGP peerings to CEs and RR are all NSR enabled.

Workaround: Enable the bgp graceful-restart command for RR peering.

  • CSCua28346

Symptoms: A router crashes during second rekey.

Conditions: This symptom occurs with IKEv2 with RSA authentication.

Workaround: There is no workaround.

  • CSCua29095

Symptoms: Spurious memory access is seen when booting the image on a Cisco 7600 router.

Conditions: This symptom occurs while booting the image.

Workaround: There is no workaround.

  • CSCua29428

Symptoms: When you try to configure router rip, the “version” subcommand does not exist.

Conditions: This symptom is observed with the router rip command.

Workaround: There is no workaround.

  • CSCua30053

Symptoms: Authentication is failing for clients after some time because the radius_send_pkt fails, because it complains about the low IOMEM condition.

Conditions: This symptom is observed in AAA, where the minimum IO memory must be 512KB to process the new request. If the memory is less than this, AAA does not process the new authentication request. This is an AAA application threshold. This application barriers are not valid in dynamic memory case. Such conditions are removed for the NG3K platform.

Workaround: There is no workaround.

  • CSCua31157

Symptoms: One-way traffic is seen on a DMVPN spoke-to-spoke tunnel one minute after the tunnel is built. Issue is only seen intermittently.

Logs on the spoke that fails to receive the traffic show “Invalid SPI” error messages exactly one minute after the tunnel between the spokes came up.

Conditions: This symptom is observed with Cisco IOS Release 15.1(3)T1.

Workaround: There is no workaround.

  • CSCua31934

Symptoms: Crash seen at __be_address_is_unspecified.

Conditions: This symptom is observed with the following conditions:

1. It occurs one out of three times and it is a timing issue.

2. DMVPN tunnel setup between Cisco 2901 as spoke and Cisco ASR 1000 as hub.

3. Pass IPv4 and IPv6 traffic between the hub and the spoke for 5-10 minutes.

4. It can occur with v6 traffic alone.

5. If you remove the tunnel interface on the ASR and add it again using conf replace nvram:startup-config the crash will occur.

Workaround: Use CLI to change configuration instead of the rollback feature.

  • CSCua32379

Symptoms: Cisco ASR 1000 hubs crash at crypto_ss_set_ipsec_parameters.

Conditions: This symptom is observed with dual-hubs switchover between active-standby and active-active.

Workaround: There is no workaround.

  • CSCua33527

Symptoms: Traceback is seen after second or third switchover:

%LFD-SW2-3-SMBADEVENT: Unexpected event CO_WAIT_TIMEOUT for state RUNNING
-Traceback= 7908E9Cz 7909848z 79099CCz 7909B9Cz 78DBF20z 523292Cz 522C1D4z
 

Conditions: This symptom is observed with a quad-sup scenario/setup. This traceback is seen on the new active RP after second switchover onwards.

Workaround: There is no workaround.

  • CSCua33821

Symptoms: CPU utilization shoots up to 99% after configuring crypto maps.

Conditions: This symptom is observed after applying crypto maps.

Workaround: There is no workaround.

  • CSCua35884

Symptoms: The ipv6 cef option is missing from serial and ATM interface commands.

Conditions: This symptom is observed with the following CLI:

conf t int s0/2/0 ipv6 c?

Returns
 

Workaround: There is no workaround.

  • CSCua37898

Symptoms: Memory leaks are observed with @crypto_ss_enable_ipsec_profile on VSS.

Conditions: This symptom is observed when OSPFv3 authentication is enabled over virtual link, and the OSPFv3 process is restarted.

Workaround: There is no workaround.

  • CSCua38881

Symptoms: The router reloads at clear_dspm_counter_per_bay.

Conditions: This symptom is observed from Cisco IOS interim Release 15.2(3.16)M0.1 on Cisco 5350 and Cisco 5400 routers.

Workaround: There is no workaround.

  • CSCua39107

Symptoms: In a FlexVPN Spoke-to-Spoke setup, Resolution reply goes via the Tunnel interface to the Hub.

Conditions: This symptom is only observed when NHO is added for the V-Access, overriding an existing route. This issue is not seen when H route is added.

Workaround: Distribute the summarized address from the Hub, thus avoiding addition of NHO at the Spokes. The Spokes will then add H route instead of NHO.

  • CSCua39390

Symptoms: The PRI configuration (voice port) is removed after a reload:

interface Serial1/0:23 ^
% Invalid input detected at '^' marker.
no ip address
% Incomplete command.
encapsulation hdlc
^
% Invalid input detected at '^' marker.
isdn incoming-voice voice
^
% Invalid input detected at '^' marker.
no cdp enable
^
% Invalid input detected at '^' marker.
voice-port 1/0:23
^
% Invalid input detected at '^' marker.
Also getting trace back
%SYS-2-INTSCHED: 'may_suspend' at level 3 -Process= "Init", ipl= 3, pid= 3
-Traceback= 0x607EE41Cz 0x630F0478z 0x607F72C0z 0x60722F38z 0x6070A300z
0x6070A9CCz 0x603E1680z 0x6029541Cz 0x60298F6Cz 0x6029AD48z 0x6029D384z
0x6062BC68z 0x60632424z 0x60635764z 0x60635CE0z 0x60877F2Cz
%SYS-2-INTSCHED: 'may_suspend' at level 3 -Process= "Init", ipl= 3, pid= 3
-Traceback= 0x607EE41Cz 0x630F04E4z 0x607F7154z
 

Conditions: This symptom is observed with Cisco IOS Release 15.1(3)T and Cisco IOS Release 15.1(4)M4. The issue is not observed with Cisco IOS Release 12.4(24)T6 or earlier releases. The issue occurs after reload.

Workaround: Reapply the configuration after the router comes back up.

  • CSCua40273

Symptoms: The Cisco ASR 1000 router crashes when displaying MPLS VPN MIB information.

Conditions: This symptom occurs on the Cisco ASR 1000 router with Cisco IOS Release 15.1(02)S.

Workaround: Avoid changing the VRF while querying for MIB information.

  • CSCua40790

Symptoms: Memory leaks when SNMP polling cbgpPeer2Entry MIB.

Conditions: This symptom occurs when BGPv4 neighbors are configured.

Workaround: There is no workaround if this MIB is to be polled.

  • CSCua41398

Symptoms: The Cisco SUP720 crashes.

Conditions: This symptom occurs when you issue the sh clns interface | i ^[A-Z]| Number of active command multiple times via script with the following error and decodes:

%ALIGN-1-FATAL: Corrupted program counter 00:53:22 EET Tue Jun 5 2012
pc=0x0 , ra=0x411514F4 , sp=0x55A8B080
 
c7600s72033_rp-adventerprisek9-m.122-33.SRE5.symbols.gz read in
Enter hex value: 0x407F5B70 0x407F612C 0x407E026C 0x42BCA588 0x407EDDFC
0x41A78BB8 0x41A78B9C
0x407F5B70:get_alt_mode(0x407f5b68)+0x8
0x407F612C:get_mode_depth(0x407f6118)+0x14
0x407E026C:parse_cmd(0x407ded18)+0x1554
0x42BCA588:parser_entry(0x42bca360)+0x228
0x407EDDFC:exec(0x407ed344)+0xab8
0x41A78BB8:r4k_process_dispatch(0x41a78b9c)+0x1c
0x41A78B9C:r4k_process_dispatch(0x41a78b9c)+0x0
 

Workaround: There is no workaround.

  • CSCua42104

Symptoms: CUBE with a transcoder generates malformed RTCP packets.

Conditions: This symptom is observed with SIP-to-SIP CUBE with a transcoder registered to CUCM.

CIPC -- CUCM -- SIP -- CUBE -- SIP -- ITSP
CIPC -- G.729 -- CUBE (with transcoder) -- G.711 -- ITSP
 

RTCP packets sent from ITSP are sometimes malformed when CUBE them sends to the originating device.

Workaround: There is no workaround.

  • CSCua42523

Symptoms: The router crashes and reloads when “options-keepalive” is enabled on a dial peer which has the session target as sip-server.

Conditions: This symptom is observed when enabling “options-keepalive” which has a session target as sip-server. Also, “sip-server” is configured under “sip-ua” and has a DNS address which resolves to an IPv6 address.

Workaround: Do not enable “options-keepalive” for the dial peer.

  • CSCua43930

Symptoms: The checksum value parsed from the GRE header is not populating, causing the GRE tunnel checksum test case to fail.

Conditions: This symptom occurs on a Cisco ISR G2.

Workaround: There is no workaround.

  • CSCua44462

Symptoms: DNS reply is not cached.

Conditions: This symptom is observed with DNS-based X25 routing. The DNS server is reachable via IPsec over a Gigabit link and SHDSL links. There are Cisco devices at different locations. Few of communicate to the DNS server via IPsec over a Gigabit link and few of them communicate via IPsec over ATM (EHWIC-4SHDSL-EA and HWIC-4SHDSL). It is seen that the UDP reply contains the x25 address to IP address resolution but it is not being used by the router, causing X25 calls to fail.

Workaround: There is no workaround.

  • CSCua45122

Symptoms: Multicast even log preallocated memory space needs to be conserved on the low-end platform.

Conditions: This symptom is observed with multicast even log.

Workaround: There is no workaround.

  • CSCua45548

Symptoms: The router crashes with show ip sla summary on longevity testing.

Conditions: This symptom is observed with Cisco 2900, 1900, and 3945 routers configured with IPSLA operations. The router which was idle for one day crashes on issuing the command show ip sla summary.

Workaround: There is no workaround.

  • CSCua45685

Symptoms: A Cisco 2951, 3925, or 3945 crashes during rekey when GetVPN is configured and rekey packet size > MTU.

Conditions: This symptom is observed if a rekey is coming through the interface where a crypto map is applied.

Workaround: There is no workaround.

  • CSCua46304

Symptoms: A crash is seen at __be_nhrp_group_tunnel_qos_apply.

Conditions: This symptom is observed when flapping a DMVPN tunnel on the hub in a scale scenario.

Workaround: There is no workaround.

  • CSCua47570

Symptoms: The show ospfv3 event command can crash the router.

Conditions: This symptom is observed when “ipv4 address family” is configured and redistribution into OSPFv3 from other routing protocols is configured.

Workaround: Do not use the show ospfv3 event command.

  • CSCua48060

Symptoms: A Cisco 3945 UUT router reloads after applying PPP and AAA authentication as well as authorization. The same issue is seen for other platforms, namely Cisco 1803 and Cisco 3845 for the same script.

Conditions: This symptom is observed when applying the AAA and PPP configurations with Cisco IOS interim Release 15.2(3.16)M0.1.

Workaround: There is no workaround.

  • CSCua49764

Symptoms: The WAAS-Express device goes offline on WCM.

Conditions: This symptom occurs when a certificate is generated using HTTPS when using the Cisco IOS Release 15.1(3)T image. Once upgraded to Cisco IOS Release 15.2(3)T, the WAAS-Express device goes offline on WCM.

Workaround: Configure an rsakeypair on the TP-self-signed trustpoint with the same name and execute the enroll command again or delete the self-signed trustpoint point and reenable the HTTP secure-server.

  • CSCua50247

Symptoms: Dropped ping packets on an NM-16ESW module.

Conditions: This symptom is observed with ping packets with a size between 1501-1524 and between NM-16-ESW modules.

Workaround: There is no workaround.

  • CSCua50490

Symptoms: Parts of the IOS configuration for the interface UCSE are not automatically applied onto the UCSE after a module OIR.

Conditions: This symptom is observed after a module OIR or when a UCSE interface configuration is being changed while the module is not fully up and running.

Workaround: Repeat the interface UCSE configuration in Cisco IOS after the module comes up completely.

  • CSCua51991

Symptoms: An invalid SPI message is seen throughout the lifetime of IPsec SA.

Conditions: This symptom is observed with SVTI-SVTI with a GRE IPv6 configuration. When bringing up 1K sessions, an invalid SPI is seen. There is also inconsistency between the number of child SAs in IKEv2 and the number of IPsec SAs on the same box.

Workaround: There is no workaround.

  • CSCua53772

Symptoms: The router crashes when scheduling a y1731 DMM IP SLA probe to run.

Conditions: This symptom happens when the probe’s target cfm mep is configured under service instance with double tag encapsulation.

Workaround: There is no workaround.

  • CSCua55785

Symptoms: Build breakage is observed due to the fix of CSCtx34823.

Conditions: This symptom occurs with the CSCtx34823 fix.

Workaround: CSCtx34823 change may be unpatched from the code-base.

  • CSCua55797

Symptoms: The privilege exec level 0 show glbp brief command causes the memory to be depleted when the show running or copy running-config startup-config commands are used. The configurations will then show this:

privilege exec level 0 show glbp GigabitEthernet0/0 brief brief brief brief
brief brief brief
privilege exec level 0 show glbp GigabitEthernet0/0 brief brief brief brief
brief brief
privilege exec level 0 show glbp GigabitEthernet0/0 brief brief brief brief
brief
privilege exec level 0 show glbp GigabitEthernet0/0 brief brief brief brief
privilege exec level 0 show glbp GigabitEthernet0/0 brief brief brief
privilege exec level 0 show glbp GigabitEthernet0/0 brief brief
privilege exec level 0 show glbp GigabitEthernet0/0 brief
privilege exec level 0 show glbp
privilege exec level 0 show
 

Removing the configurations causes this to happen over and over until the telnet session is terminated:

priv_push : no memory available
priv_push : no memory available
priv_push : no memory available
priv_push : no memory available
priv_push : no memory available
 

If the configurations are saved and device is reloaded, the device will not fully boot until the configurations are bypassed.

Conditions: This symptom occurs after the privilege exec level 0 show glbp brief command is entered and saved.

Workaround: Reload the router before saving the configurations.

  • CSCua56184

Symptoms: Multiple RP switchovers occur within a very short span of time.

Conditions: This symptom is observed with multiple RP switchovers on a Cisco ASR 1000 router and it fails to allocate an IPsec SPI.

Workaround: There is no workaround.

  • CSCua56802

Symptoms: QoS will not work on one of the subinterfaces/EVC.

Conditions: This symptom occurs when HQoS policy is configured on more than one subinterface/EVC on ES+ and then add flat SG on them.

Workaround: Remove and reapply SG.

  • CSCua58100

Symptoms: The syslog is flooded with the following traceback message:

Jun 20 10:05:23.961 edt: %SYS-2-NOTQ: unqueue didn't find 7F3D26BDCCD8 in queue
7F3CA5E4A240 -Process= "RADIUS Proxy", ipl= 0, pid= 223
-Traceback= 1#e0ee0ce60492fdd11f0b03e0f09dc812 :400000+873623 :400000+2547652
:400000+20F9217 :400000+6C70C9C :400000+6C69C71 :400000+6C682BC :400000+6C68183
 

Conditions: This symptom occurs under the following conditions:

– You establish 36k EAPSIM sessions using a RADIUS client on server A.

– You establish 36k roaming sessions using a RADIUS client on server B.

– The roaming sessions have the same caller-station-id but use a different IP address than the EAPSIM sessions.

Workaround: There is no workaround.

  • CSCua60100

Symptoms: The router crashes at ip_acl_peruser_ctxt_free while clearing the calls.

Conditions: This symptom is observed when an ACL filter is applied on the input direction and then the session is established. When you try to clear the session, the router crashes.

Workaround: There is no workaround.

  • CSCua60785

Symptoms: Metadata class-map matches only the first of the following filter, if present, in a class-map (the other media-type matches are skipped):

match application attribute [category, sub-category, media-type, device-class] value-string match application application-group value-string

Conditions: This symptom is observed in a case where the class-map has the aforementioned filters.

Workaround: There is no workaround.

  • CSCua61814

Symptoms: Overhead accounting configuration needs to be configured on both the parent and child policy, rather than just the parent.

Conditions: This symptom is observed with overhead accounting.

Workaround: There is no workaround.

  • CSCua63182

Symptoms: Incorrect minimum bandwidth is displayed when 0k bandwidth is received from a peer of a different version.

Conditions: This symptom occurs under the following conditions:

– Different behavior in Cisco ASR code when the bandwidth for a route is very high, that is, more than 10G.

– Cisco IOS XE Release 2.6.2 and earlier releases send 0K when the bandwidth for a route is more than 10G.

– Cisco IOS XE Release 2.6.2 and earlier releases use incoming interface bandwidth, when BW = 0 is received.

– Cisco IOS XE Release 3.4.3S and later releases send the real bandwidth, even if it is more than 10G.

– Cisco IOS XE Release 3.4.3S and later releases use the lesser value between “received bandwidth” and “incoming interface bandwidth”.

– Cisco IOS XE Release 3.4.3S and later releases convert incoming bandwidth to 1K in case BW = 0 received.

– When the peers are of the same or compatible version, that is, both peers are Cisco IOS XE Release 2.6.2 and earlier releases or both peers are Cisco IOS XE Release 3.4.3S and later releases, there is no issue. However, when the peers are of different or incompatible version, that is, one peer is Cisco IOS XE Release 2.6.2 or an earlier release and the other peer is Cisco IOS XE Release 3.4.3S or a later release, then this issue is seen.

Workaround: There is no workaround.

  • CSCua63440

Symptoms: A crash is seen on executing show metadata flow local-flow-id id.

Conditions: This symptom is observed when “metadata flow” is configured and metadata flows are present in the metadata table.

Workaround: There is no workaround.

  • CSCua64100

Symptoms: SCTP receives message fails.

Conditions: This symptom occurs when sock-test testing infrastructure is used for SCTP testing.

Workaround: Use another test tool for SCTP testing. Issue is in sock-test. Not in SCTP.

  • CSCua65278

Symptoms: Modem disappears with the cellular 0 cdma mode evdo command.

Conditions: This symptom is observed with the cellular 0 cdma mode evdo command when loaded with Cisco IOS interim Release 15.3(0.4)T.

Workaround: There is no workaround.

  • CSCua66908

Symptoms: Build fails on Cisco IOS Release 15.3M&T.

Conditions: This symptom was observed after the commit of CSCua06101 due to unnecessary duplication of a line.

Workaround: Remove the line before building.

  • CSCua67998

Symptoms: System crashes.

Conditions: This symptom occurs after adding or removing a policy-map to a scaled GRE tunnel configuration.

Workaround: There is no workaround.

  • CSCua69657

Symptoms: Traceback is seen when executing the show clock detail command.

Conditions: This symptom is seen when executing the show clock detail command with Cisco IOS interim Release 15.3(0.4)T image.

Workaround: There is no workaround.

  • CSCua70065

Symptoms: CUBE reloads on testing DO-EO secure video call over CUBE when SDP passthru is enabled.

Conditions: This symptom is observed when running Cisco IOS interim Release 15.3(0.4)T.

Workaround: There is no workaround.

  • CSCua70158

Symptoms: NBAR fails to recognize traffic with match protocol http url/host.

Conditions: This symptom is seen when “protocol discovery” is enabled.

Workaround: There is no workaround.

  • CSCua70738

Symptoms: Ping between UUT and peer does not work.

Conditions: This symptom is observed with a simple IP and PVC configuration under both UUT and the peer’s ATM interface.

Workaround: There is no workaround.

  • CSCua71038

Symptoms: The router crashes.

Conditions: This symptom is observed with a Cisco router that is running Cisco IOS Release 15.2(3)T1. The router may crash during the failover test with OCSP and CRL configured.

Workaround: Configure OCSP or CRL but not both

  • CSCua73419

Symptoms: Transform set including SHA2 does not work on ISM.

Conditions: This symptom is observed with esp-sha256-hmac, esp-sha384-hmac, or esp-sha512-hmac.

Workaround: There is no workaround.

  • CSCua75781

Symptoms: CME reloads for E911 call ELIN translation for incoming FXS/FXO trunk.

Conditions: This symptom is observed from Cisco IOS interim Release 15.3(0.2)T.

Workaround: There is no workaround.

  • CSCua77729

Symptoms: Embedded AP in the Cisco 1941 ISR becomes unreachable after using the “reload in” command on the Cisco ISR CLI. This issue is seen when using “reload in” on the Cisco ISR CLI and choosing the option to reload embedded AP.

CISCO1941W-E/K9 Version 15.1(4)M4
AP801 Software (AP801-K9W7-M), Version 12.4(21a)JA1
 
Router#reload in 10
 
Do you want to reload the internal AP ? [yes/no]: yes
 
Do you want to save the configuration of the AP? [yes/no]: no
 
System configuration has been modified. Save? [yes/no]: no
Reload scheduled for 13:57:01 UTC Mon May 21 2012 (in 10 minutes) by console
Reload reason: Reload Command
Proceed with reload? [confirm]
Router#
May 21 13:47:03.759:
%SYS-5-SCHEDULED_RELOAD:<http://www.cisco.com/cgi-bin/Support/Errordecoder/index.cgi?action=search&counter=0&paging=5&links=reference&index=all&query=SYS-5-SCHEDULED_RELOAD>
Reload requested for 13:56:51 UTC Mon May 21 2012 at 13:46:51 UTC Mon May 21
2012 by console. Reload Reason: Reload Command.
 

After that, AP becomes unreachable, and the user cannot session to AP with “service-module wlan-ap 0 session”.

Conditions: This symptom is observed when using “reload in” on the Cisco ISR CLI and choosing the option to reload embedded AP. This issue is seen under the following conditions:

CISCO1941W-E/K9 Version 15.1(4)M4
AP801 Software (AP801-K9W7-M), Version 12.4(21a)JA1
using the "reload in" command on ISR CLI with Do you want to reload the
internal AP ? [yes/no]: yes
 

Workaround 1: Use “reload in” on the Cisco ISR CLI and do not choose the option to reload embedded AP.

Router#reload in 2
Do you want to reload the internal AP ? [yes/no]: no
 

Workaround 2: Use the normal reload command.

  • CSCua79446

Symptoms: Building Cisco c3900/c2900 images is not possible due to double commit of DDTS CSCtb88203.

Conditions: This symptom occurs due to the double commit of DDTS CSCtb88203, which impacts H323 ISSU.

Workaround: There is no workaround.

  • CSCua82425

Symptoms: A Cisco router may unexpectedly reload when using EMM when choosing a menu option that executes “reload” or “do reload”.

Conditions: This symptom occurs if there are unchanged configuration changes.

Workaround: Change the menu option to save the configuration before the reload. If you do not want to save the configuration, then there is no currently known workaround.

Further Description: In the newer code, the crash does not occur with “do reload” (though “reload” still crashes), but it still does not result in the desired behavior or reloading the device.

  • CSCua84879

Symptoms: A crash is seen at slaVideoOperationPrint_ios.

Conditions: This symptom is observed when IPSLA video operations are configured and show running-config is issued.

Workaround: There is no workaround.

  • CSCua84923

Symptoms: Following a misconfiguration on a two-level hierarchical policy with a user-defined queue-limit on a child policy, the UUT fails to attach the QoS policy on the interface even when corrected queuing features are used.

Conditions: This symptom is observed with the following conditions:

1. The issue must have the user-defined queue-limit defined.

2. This error recovery defected is confirmed as a side effect with the c3pl cnh component project due to ppcp/cce infrastructure enhancement.

Workaround: There is no workaround.

  • CSCua85239

Symptoms: Flapping BGP sessions are seen if large BGP update messages are sent out and BGP packets are fragmented because midpoint routers have the smaller “mtu” or “ip mtu” configured.

*Jun 3 18:20:20.792 UTC: %TCP-6-BADAUTH: Invalid MD5 digest from 6.6.6.5(179)
to 2.2.2.5(17744) tableid - 0
*Jun 3 18:20:30.488 UTC: %TCP-6-BADAUTH: Invalid MD5 digest from 6.6.6.5(179)
to 2.2.2.5(17744) tableid - 0
*Jun 3 18:20:36.451 UTC: %BGP-5-ADJCHANGE: neighbor 6.6.6.5 Down BGP
Notification sent
*Jun 3 18:20:36.451 UTC: %BGP-3-NOTIFICATION: sent to neighbor 6.6.6.5 4/0
(hold time expired) 0 bytes
*Jun 3 18:20:36.569 UTC: %BGP_SESSION-5-ADJCHANGE: neighbor 6.6.6.5 VPNv4
Unicast topology base removed from session BGP Notification sent
*Jun 3 18:20:40.184 UTC: %TCP-6-BADAUTH: Invalid MD5 digest from 6.6.6.5(179)
to 2.2.2.5(17744) tableid - 0
*Jun 3 18:20:44.619 UTC: %BGP-5-ADJCHANGE: neighbor 6.6.6.5 Up
*Jun 3 18:20:49.926 UTC: %TCP-6-BADAUTH: Invalid MD5 digest from 6.6.6.5(179)
to 2.2.2.5(17744) tableid - 0
*Jun 3 18:20:59.604 UTC: %TCP-6-BADAUTH: Invalid MD5 digest from 6.6.6.5(179)
to 2.2.2.5(17744) tableid - 0
 

Conditions: This symptom is observed between two BGP peers with matching MD5 passwords configured and can be triggered by the following conditions:

– If the midpoint path has the “mtu” or “ip mtu” setting that is smaller than the outgoing interface on BGP routers, it will be force the BGP router to fragment the BGP packet while sending packets through the outgoing interface.

– Peering down and the MD5 error do not always occur. They occur only once or twice within 10 tests.

Workaround: There is no workaround.

  • CSCua85934

Symptoms: A session provisioning failure is seen in the ISG-SCE interface. The deactivate or disconnect request has the message authenticator wrongly calculated.

Conditions: This symptom is observed with the ISG-SCE interface.

Workaround: There is no workaround.

  • CSCua86620

Symptoms: The vmware-view application is not detected/classified.

Conditions: This symptom is observed when vmware-view applications are used.

Workaround: There is no workaround.

  • CSCua91104

Symptoms: ISIS adjacency process shows traceback messaging related to managed timer.

Conditions: This symptom is observed when configuring isis network point-to-point on LAN interface with isis bfd or isis ipv6 bfd enabled. The traceback does not happen always. It depends on timing.

Workaround: Disable isis bfd or isis ipv6 bfd before issuing the isis network point-to-point command. Restore the isis bfd or isis ipv6 bfd configuration on the LAN interface.

  • CSCua91473

Symptoms: Memory leak occurs during rekey on the IPsec key engine process.

Conditions: This symptom occurs after rekey, when the IPsec key engine does not release KMI memory, causing the IPsec key engine holding memory to keep increasing.

Workaround: Clear crypto session for IPsec key engine to release memory.

  • CSCua91698

Symptoms: ephone-type disappears from the running-configuration.

Conditions: This symptom occurs in SRST mode and after reload.

Workaround: Reconfigure the ephone-type commands and again save to startup-configuration.

  • CSCua93688

Symptoms: When pinging from the Cisco 1921 router to connected devices, the response time is unexpectedly slow.

round-trip min/avg/max = 8/46/92 ms
 

Conditions: This symptom is observed with the EHWIC-1GE-SFP-CU module on Cisco ISR-G2 platforms.

Workaround: Shut/no shut the EHWIC-1GE-SFP-CU interface. The ping time resumes to normal.

  • CSCua94334

Symptoms: Hung calls are seen on CME. Hung calls seen in “show call active voice brief” are as follows:

1502 : 26 36329310ms.1 +-1 pid:1 Answer XXXYYY4835 connected
dur 00:00:00 tx:0/0 rx:0/0
IP 0.0.0.0:0 SRTP: off rtt:0ms pl:0/0ms lost:0/0/0 delay:0/0/0ms g729r8
pre-ietf TextRelay: off
media inactive detected:n media contrl rcvd:n/a timestamp:n/a
long duration call detected:n long duration call duration:n/a timestamp:n/a
 

Conditions: This symptom is observed when an inbound H225 call setup request to a CME gateway results in a hung call if a release complete is received while still in alerting state. This issue occurs only when the shared line is configured on the phone and the shared line is not registered.

Workaround: Remove the shared line or register the shared line.

  • CSCua94947

Symptoms: RP crashes when downloading FreeRadius Framed-IPv6-Route on MLPPP sessions.

Conditions: This symptom occurs when downloading radius Framed-IPv6-Route.

Workaround: There is no workaround.

  • CSCua96106

Symptoms: MSP is not enabled on Cisco 890 platform images.

Conditions: This symptom is observed when the profile flow global command is not available.

Workaround: There is no workaround.

  • CSCua96354

Symptoms: Reload may occur when issuing the show oer and show pfr commands.

Conditions: This symptom is observed with the following commands:

– show oer master traffic-class performance

– show pfr master traffic-class performance

Workaround: There is no workaround.

  • CSCua97209

Symptoms: The analysis-module CLI is missing under “interface GigabitEthernet”.

Conditions: This symptom is observed with Cisco ISRs running a Cisco IOS Release 15.2(4)M image with either SRE or UCSE modules inserted and the module software publish NAM subsystem capability.

Workaround: There is no workaround.

  • CSCua97981

Symptoms: The Cisco IOS redundancy facility is slow to come up after master router reload and gets stuck in the “final progression” state.

Conditions: This symptom was first seen in Cisco IOS Release 15.2(3)T and was also observed in Cisco IOS Release 15.2(3)T1.

Workaround: Manually reloading the Standby router will resolve the issue.

  • CSCua98902

Symptoms: fibidb is not getting intialized.

Conditions: This symptom is observed when LFA FRR is configured in Cisco ME 3800x and ME 3600x switches.

Workaround: There is no workaround.

  • CSCua99687

Symptoms: BFD does not come up with Zone-Based Firewall (ZBFW) applied on the same interface.

Conditions: This symptom is observed when BFD and ZBFW are configured on a Gigabit interface on a Cisco CGR 2010 running Cisco IOS Release 15.1(4)M4. It works fine on Cisco IOS Release 15.1(4)M.

Workaround: There is no workaround.

  • CSCub02830

Symptoms: The analysis-module command is missing under the Gigabit Ethernet interface even when the UCS E-Series Server module has the publish NAM subsystem type.

Conditions: This symptom occurs on Cisco ISRs running a Cisco IOS 15.2(4)M image with UCS E-Series Server modules inserted and the module software publish NAM subsystem capability.

Workaround: There is no workaround.

  • CSCub04112

Symptoms: The router may lose OSPF routes pointing to the reconfigured OSPF interface.

Conditions: This symptom occurs after quick removal and adding of the interface IP address by script or copy and paste.

For example, configure the following:

interface Ethernet0/0
ip address 1.1.100.200 255.255.255.0
ip ospf network point-to-point
ip ospf 1 area 0
end
 

Then, quickly remove/add the IP address:

conf t
interface Ethernet0/0
no ip address 1.1.100.200 255.255.255.0
ip address 1.1.100.200 255.255.255.0
ip ospf network point-to-point
ip ospf 1 area 0
end
 

Workaround: Insert a short delay in between commands for removing/adding the IP address. The delay should be longer than the wait interval for LSA origination; by default, it is 500 ms. Or, refresh the routing table by “clear ip route *”.

  • CSCub04345

Symptoms: Cisco ASR-1002-X freezes after four hours with a scaled “path-jitter” sla probe configuration.

Conditions: This symptom is observed with a scaled “path-jitter” sla probe configuration.

Workaround: There is no workaround.

  • CSCub05907

Symptoms: Reverse routes are not installed for an IPsec session while using dynamic crypto map.

Conditions: This symptom occurs when the remote peer uses two or more IP addresses to connect and it goes down and comes back at least twice.

Workaround: Issue “clear crypto session” for that peer.

  • CSCub06131

Symptoms: The IPSLA sender box can reload with the following message:

SYS-6-STACKLOW: Stack for process IP SLAs XOS Event Processor running low, 0/6000
 

Conditions: This symptom is observed with the IPSLA sender box.

Workaround: There is no workaround.

  • CSCub06859

Symptoms: OSPFv2 NSR on quad-sup VSS does not work. The router stops sending hello packets after switchover.

Conditions: This symptom is observed with quad-sup VSS with OSPFv2 NSR.

Workaround: Clear the IP OSPF process after NSR switchover.

  • CSCub07382

Symptoms: NHRP cache entry for the spokes gets deleted on NHRP hold timer expiry even though there is traffic flowing through the spoke-to-spoke tunnel.

Conditions: This symptom is observed with a flexVPN spoke-to-spoke setup.

Workaround: Configure the same hold time on both tunnel interface and the virtual-template interface.

  • CSCub07673

Symptoms: IPsec session does not come up for spa-ipsec-2g if ws-ipsec3 is also present. “Volume rekey” is disabled on Zamboni.

Conditions: This symptom occurs if we have “volume rekey” disabled on Zamboni.

Workaround: Do not disable the volume rekey on Zamboni.

  • CSCub07855

Symptoms: The VRF error message is displayed in the router.

Conditions: This symptom occurs upon router bootup.

Workaround: There is no workaround.

  • CSCub09124

Symptoms: MDT tunnel is down.

Conditions: This symptom is seen in MVPN. If the ip multicast boundary command on non-current RPF interface blocks the MDT group, it may cause MDT tunnel failure.

Workaround: Adding the static join command under PE loopback interface may work around the problem temporarily.

  • CSCub10951

Symptoms: At RR, for an inter-cluster BE case, there are missing updates.

Conditions: This symptom is observed with the following conditions:

1. The following configuration exists at all RRs that are fully meshed:

– bgp additional-paths select best-external

– nei x advertise best-external

2. For example, RR5 is the UUT. At UUT, there is,

– Overall best path via RR1.

– Best-external (best-internal) path via PE6 (client of RR5): for example, the path is called “ic_path_rr5”.

– Initially, RR5 advertises “ic_path_rr5” to its nonclient iBGP peers, that is, RR1 and RR3.

3. At PE6, unconfigure the route so that RR5 no longer has any inter-cluster BE path. RR5 sends the withdrawals to RR1 and RR3 correctly.

4. At PE6, reconfigure the route so that RR5 will have “ic_path_rr5” as its “best-external (internal) path”. At this point, even though the BGP table at RR5 gets updated correctly, it does not send the updates to RR1 and RR3. They never relearn the route.

Workaround: Hard/soft clear.

  • CSCub13317

Symptoms: The Cisco 2900 with VWIC2-2MFT-T1/E1 in TDM/HDLC mode does not forward any traffic across the serial interface after a certain amount of time.

Conditions: This symptom is observed when frame relay is configured over VWIC2 channel-group in TDM/HDLC mode.

Workaround: Configure VWIC2 channel-group in NMSI mode.

PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4.3/3.6: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:M/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C

CVE ID CVE-2012-3918 has been assigned to document this issue. Additional information on Cisco’s security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

  • CSCub14044

Symptoms: A crash with traceback is seen, and all calls are dropped.

Conditions: This symptom is observed under all conditions.

Workaround: There is no known workaround. The gateway crashes, and the soak time appears to be six weeks.

  • CSCub14299

Symptoms: The router reloads when “no mediatrace initiator” is issued.

Conditions: This symptom occurs when traceroute is enabled for a mediatrace session.

Workaround: Disable traceroute under each configured mediatrace session.

  • CSCub16372

Symptoms: In extremely rare cases, an ISR-G2 cannot boot up with certain ROMMON versions with the error “Signature did not verify”. So far, only one image is found to have this problem: c3900-universalk9-mz.SPA.152-1.T3.bin.

Conditions: This symptom occurs when all the following three conditions are met at the same time:

1. The platform is affected.

2. The ROMmon version running at the router is within the affected ROMmon version range.

3. The first calculated hash value is 0 during the Cisco IOS image building process.

Since it is extremely rare that the third condition will occur, so far only one CCO image is found to have this problem.

Workaround: Upgrading ROMmon to the latest version of 15.0(1r)M16 or 151(1r)T5 will fix the issue completely.

The ROMmon upgrade can be done using one single CLI command in the router’s enable mode:

Router# upgrade rom-monitor file flash:<ROMMON_file_name>
 
<ROMMON_file_name> is the ROMMON file name for the specific platform that is
downloadable from CCO. For example, C3900_RM2.srec.SPA.150-1r.M16 is the
latest ROMMON version for C39xx platforms located at CCO download site:
http://www.cisco.com/cisco/software/release.html?
mdfid=282774222&flowid=7437&softwareid=280805687&release=15.0%281r%
29M16&relind=AVAILABLE&rellifecycle=&reltype=latest.
 
  • CSCub17985

Symptoms: A memory leak is seen when IPv6 routes are applied on the per-user sessions.

Conditions: This symptom is seen if IPv6 routes are downloaded as a part of the subscriber profile. On applying these routes to the sessions, a memory leak is observed.

Workaround: There is no workaround.

  • CSCub19471

Symptoms: A crash occurs during bootup with MACE and SNMP configurations.

Conditions: This symptom is observed when the startup configuration contains MACE type (policy-map type mace) configured with both filter (match access-group) and action (except flow monitor). The SNMP configuration is as follows:

flow record type mace mace-record
collect art all
!
!
flow exporter ndeget
destination 172.25.215.96
!
!
flow monitor type mace mace-monitor
record mace-record
!
!
!
class-map match-all mace-class
match access-group name mace-acl
!
policy-map type mace mace_global
class mace-class
flow monitor mace-monitor
!
interface e0/0
mace enable
 
 
ip access-list extended mace-acl
permit tcp any any
!
snmp-server community public RO
snmp-server community cisco RW
snmp-server ifindex persist
snmp mib persist cbqos
snmp mib persist circuit
 

Reload the router, then during router boot up there will be a crash.

Workaround: Remove the SNMP configuration.

  • CSCub21340

Symptoms: A segmentation fault crash is seen and the router reloads continuously.

Conditions: This symptom occurs when a router is reloaded with CFM over an xconnect scale configuration (configuring 500 meps).

Workaround: There is no workaround.

  • CSCub24355

Symptoms: IPv4 mVPN inactive (S,G) are not removed on the egress PE.

Conditions: This symptom occurs when you stop traffic, causing the timers to stop.

Workaround: Remove entries manually.

  • CSCub28913

Symptoms: The Cisco ISR G2 with VPN-ISM drops packets over an IPsec tunnel-protected Tunnel interface.

Conditions: This symptom is observed with Cisco IOS Release 15.2(3)T images, when there is a crypto map (static or dynamic) applied to the interface.

Workaround:

– Disable the ISM-VPN (issue “no crypto engine slot xx”, where xx is the slot number where the ISM is located).

– Alternatively, change the configuration to use either static or dynamic VTIs for the tunnels where you need a crypto-map.

  • CSCub31477

Symptoms: A Cisco ISG router configured for Layer 2 Connected Subscriber Sessions does not respond to ARP replies once a subscriber ARP cache has expired.

Conditions: This symptom occurs when the router is configured as ISG L2-Connect, the router has configured HSRP as the high-availability method, and the subscriber-facing interface is configured with “no ip proxy arp”. This issue is not seen if either HSRP is removed or if “ip proxy arp” is enabled.

Workaround: Clear the subscriber session. After the subscriber is reintroduced, the issue is resolved. You can also configure “ip proxy arp” on the HSRP-configured interface.

  • CSCub32500

Symptoms: The router crashes in EIGRP due to chunk corruption.

Conditions: This symptom is observed on EIGRP flaps.

Workaround: There is no workaround.

  • CSCub33877

Symptoms: During “issue loadversion”, when downgrading from Texel (or later) to Yap (v151_1_sg_throttle or earlier), the standby RP keeps reloading due to the out of sync configuration.

Conditions: This symptom occurs during the “issu loadversion” operation. The newer version of the image supports IPv6 multicast while the older version of image does not.

Workaround: There is no workaround.

  • CSCub39124

Symptoms: Only secure cookies will be sent to HTTPS (HTTP over SSL) servers. If secure is not specified, a cookie is considered safe to be sent in the clear over unsecured channels.

Conditions: This symptom is the current default behavior.

Workaround: There is no workaround.

Further Problem Description: This defect has been opened to ensure that the default value of the WebVPN cookie is hardened and includes the secure keyword as per RFC 2109.

  • CSCub39268

Symptoms: Cisco ASR 1000 devices running an affected version of Cisco IOS XE are vulnerable to a denial of service vulnerability due to the improper handling of malformed IKEv2 packets. An authenticated, remote attacker with a valid VPN connection could trigger this issue, resulting in a reload of the device. Devices configured with redundant Route Processors may remain active as long as the attack is not repeated before the affected Route Processor comes back online.

Conditions: This symptom occurs when Cisco ASR1000 devices are configured to perform IPsec VPN connectivity. Devices running an affected version of Cisco IOS XE are affected. Only an authenticated IKEv2 connection is susceptible to this vulnerability.

Workaround: There is no workaround.

PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.8/5.6: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:S/C:N/I:N/A:C/E:F/RL:OF/RC:C

CVE ID CVE-2012-5017 has been assigned to document this issue. Additional information on Cisco’s security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

  • CSCub42181

Symptoms: The router crashes continuously after a normal reboot due to power or some other reason.

Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M4,
RELEASE SOFTWARE (fc1)
uptime is 4 days, 11 hours, 38 minutes
System returned to ROM by error - a Software forced crash, PC 0x88D26F0 at
07:42:45 UTC Sat May 5 2012
System restarted at 07:43:55 UTC Sat May 5 2012
System image file is "flash:c3900-universalk9-mz .SPA.150-1.M4.bin" ;
Last reload type: Normal Reload
----------------------------
generated Traceback:
 
Pre Hardware Replacement Crashinfo:
------------------------------------
#more flash0:crashinfo_20120519-165015-UTC
 
------------------
Traceback Decode:
------------------
 
tshakil@last-call-2% rsym c3900-universalk9-mz.150-1.M4.symbols.gz
Uncompressing and reading c3900-universalk9-mz.150-1.M4.symbols.gz via
/router/bin/zcat
c3900-universalk9-mz.150-1.M4.symbols.gz read in
Enter hex value: 0x88D1D88z 0x88D27C0z 0x729E558z 0x729E6F4z 0x495F298z 0x4962FC8z
0x88D1D88:fsm_crank(0x88d1d2c)+0x5c
0x88D27C0:fsm_exec_w_option(0x88d2650)+0x170
0x729E558:htsp_process_event(0x729e1d4)+0x384
0x729E6F4:htsp_main(0x729e62c)+0xc8
0x495F298:ppc_process_dispatch(0x495f274)+0x24
0x4962FC8:process_execute(0x4962e24)+0x1a4
Enter hex value: 0x88D1D88z 0x88D27C0z 0x729E558z 0x729E6F4z 0x495F298z 0x4962FC8z
0x88D1D88:fsm_crank(0x88d1d2c)+0x5c
 
0x88D27C0:fsm_exec_w_option(0x88d2650)+0x170
0x729E558:htsp_process_event(0x729e1d4)+0x384
0x729E6F4:htsp_main(0x729e62c)+0xc8
0x495F298:ppc_process_dispatch(0x495f274)+0x24
0x4962FC8:process_execute(0x4962e24)+0x1a4
Enter hex value:
 
 
--------------------------------
Crash File Post Installation:
------------------------------
 
#more flash0:crashinfo_20120519-185725-UTC
 
 
------------------
Traceback Decode:
-----------------
 
Enter hex value: 0x88D1D88z 0x88D27C0z 0x729E558z 0x729E6F4z 0x495F298z 0x4962FC8z
0x88D1D88:fsm_crank(0x88d1d2c)+0x5c
0x88D27C0:fsm_exec_w_option(0x88d2650)+0x170
0x729E558:htsp_process_event(0x729e1d4)+0x384
0x729E6F4:htsp_main(0x729e62c)+0xc8
0x495F298:ppc_process_dispatch(0x495f274)+0x24
0x4962FC8:process_execute(0x4962e24)+0x1a4
Enter hex value: 0x88D1D88z 0x88D27C0z 0x729E558z 0x729E6F4z 0x495F298z 0x4962FC8z
0x88D1D88:fsm_crank(0x88d1d2c)+0x5c
0x88D27C0:fsm_exec_w_option(0x88d2650)+0x170
0x729E558:htsp_process_event(0x729e1d4)+0x384
0x729E6F4:htsp_main(0x729e62c)+0xc8
0x495F298:ppc_process_dispatch(0x495f274)+0x24
0x4962FC8:process_execute(0x4962e24)+0x1a4
 
---------------------------------------------------
 

Conditions: This symptom is observed with the following conditions:

– MGCP gateway.

– Take out all the modules from the router.

– Put the modules one by one.

– Apply the configuration.

– The router is stable.

The lab test is recreated as follows:

1. Disable auto-configuration, that is, “no ccm-manager config” .

2. Reload the gateway.

3. Enable the CCM manager configuration and the router does not crash.

Workaround 1: Bypass the start-up configuration and log in via ROMmon without any configuration. Add the configuration one by one. Once the configuration is added, save the configuration and reload the gateway.

Workaround 2: Shut down the router and add the cards one by one in slots 0, 1, 2, 3, and 4. The device is stable until the third slot is inserted and brought up. As soon the router is powered on, after adding the fourth slot, the crash starts. Shut down the router and remove the card in slot 4 (EVM-HD-8FXS/DID). Bring the device up without the card in slot 4 (EVM-HD-8FXS/DID). Remove the “mgcp” and “ccm-manager fallback-mgcp” configuration from the device because the console log is displaying the “Call Manager backhaul registration failed” error message. Shut down the router and add the card which was removed. Bring up the router. Readd the ccm-manager fallback-mgcp command and do a “no mgcp/mgcp”. The router becomes stable.

Workaround 3: Remove the ccm-manager config command by no ccm-manager config which tears down the connection from the call manager to the MGCP gateway. The gateway will not download the configuration from the call agent at the time of startup. Reload the router. Once the router is back and stable, readd the command.

  • CSCub42920

Symptoms: Keyserver rejects rekey ACK from GM with message (from debug crypto gdoi ks rekey all):

GDOI:KS REKEY:ERR:(get:0):Hash comparison for rekey ack failed.
 

The keys and policies in the rekey packet are correctly installed by the GM, but the rekey ACK does not get processed by the keyserver. This leads to rekey retransmissions, GM reregistration, and potential disruption of communication.

Conditions: This symptom is observed when rekey ACK validation in versions Cisco IOS Release 15.2(4)M1 (Cisco ISR-G2) and Cisco IOS Release 15.2(4)S/Cisco IOS XE Release 3.7S (Cisco ASR 1000) is incompatible with other software releases.

A keyserver that runs Cisco IOS Release 15.2(4)M1 or Cisco IOS Release 15.2(4)S/Cisco IOS XE Release 3.7S will only be able to perform successful unicast rekeys with a GM that runs one of those two versions. Likewise, a keyserver that runs another version will only interoperate with a GM that also runs another version.

Workaround: Use multicast rekeys.

  • CSCub43088

Symptoms: The following console messages are seen:

Delayed UCSE configuration: Wrong module type in slot 2
 

whenever the SRE-SM modules register with IOS version:

c2951-universalk9-mz.SPA.152-4.M.

Conditions: This symptom is observed when you have SM-SRE modules register with the router via RBCP. Typically when the application on the module boots up or when the you issue SRE sm status command in IOS.

Workaround: There is no workaround.

Further Problem Description: This is a benign message and can be ignored.

  • CSCub45763

Symptoms: The switch may crash following SYS-2-FREEFREE and SYS-6-MTRACE messages while a CDP frame is being processed.

Conditions: This symptom occurs when the switch is running Cisco IOS Release 12.2(53)SG7 and has CDP enabled.

Workaround: Disable CDP using “no cdp run”.

  • CSCub45809

Symptoms: Cisco IOS configured for Voice over IP may experience stack corruption due to multiple media loops.

Conditions: This symptom requires a special configuration of IP features, along with disabling the recommended media flow-around command. This issue is seen with Cisco IOS Release 15.2(2)T.

Workaround: Issue the media flow-around command.

PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5.4/4.4: https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:H/Au:N/C:N/I:N/A:C/E:U/RL:W/RC:C

CVE ID CVE-2012-5044 has been assigned to document this issue. Additional information on Cisco’s security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

  • CSCub46423

Symptoms: Connecting from Windows 7 L2TP/IPSec client to the VPN fails when using HSRP virtual IP as a gateway IP and Error 788 is displayed.

Conditions: This symptom is observed with Cisco IOS Release 15.2(3)T or later releases, and the Windows 7 L2TP/IPsec VPN client.

Workaround: Downgrade to Cisco IOS Release 15.1(3)T.

  • CSCub46570

Symptoms: The image cannot be built with an undefined symbol.

Conditions: This symptom occurs as the commit error triggers the compiling issue.

Workaround: There is no workaround.

  • CSCub47910

Symptoms: Unexpected reboot is seen due to a cBus Error when using Cisco IOS Release 15.2(4)M1.

Conditions: This symptom is observed when SSL VPN is configured on the Cisco ISR in Cisco IOS Release 12.5(4)M1, where the CEF process running in the context of SSL is being interrupted or asked for relinquishing of CPU.

Workaround: There is no workaround.

  • CSCub49291

Symptoms: Static tunnels between hubs and spokes fail to rebuild.

Conditions: This symptom is observed when you reload the hub on the DMVPN IPv6 setup with DPD on-demand enabled on all spokes.

Workaround: There is no workaround.

  • CSCub51862

Symptoms: The router crashes when MACE is applied to an interface and traffic is sent through that interface.

Conditions: This symptom is observed when there is no flow record configured inside any of the MACE flow monitors.

Workaround: Configure flow records and exporter inside the MACE flow monitors.

  • CSCub52892

Symptoms: The options “log” and “reset” are not configurable in the URL filter policy. The existing configuration is removed if upgrading from previous/good releases.

Conditions: This symptom is observed with the options “log” and “reset” in the URL filter policy.

Workaround: There is no workaround.

  • CSCub52943

Symptoms: When executing Media Forking with midcall codec change, memory leaks are found in Cisco ASR for CCSIP_SPI_CONTROL. After decoding, the memory leak is found to be for the function is_x_participant_sips() as it is not releasing the memory after allocated with some memory. This seems to be a side effect of one of the DDTS that was committed to Cisco IOS Release 15.3M&T (CSCtz96408).

Conditions: This symptom occurs when executing Media Forking with midcall codec change.

Workaround: The fix is done and is committed to Cisco IOS Release 15.3M&T.

  • CSCub54872

Symptoms: A /32 prefix applied to an interface (for example, a loopback) is not being treated as connected. This can impact the connectivity of the /32 prefix.

Conditions: This symptom is observed when the prefix applied to an interface is for a host route (/32 for IPv4 or /128 for IPv6).

Workaround: Use a shorter prefix.

Further Problem Description: This issue does not affect software switching platforms.

  • CSCub55297

Symptoms: The CEM interface (Serial Interface Network Modules - NM-CEM-4SER and NM-CEM-4TE1) does not come up with the latest Cisco IOS Release 15.3(1)T image.

Conditions: This symptom is observed with Cisco IOS Release 15.3(1)T.

Workaround: There is no workaround.

  • CSCub58932

Symptoms: PA export times shift one minute ahead after a certain period of time. For example, instead of exporting at times 5:00, 5:05, 5:10, 5:15 (a 5-minute interval), the export times are shifted to 4:59, 5:04, 5:09 etc.

Conditions: The conditions are unknown.

Workaround: There is no workaround. A countermeasure would be restart the PA timer by reissuing the cache timeout update ... command. This will likely remedy the issue.

  • CSCub59493

Symptoms: The CPU remains at 100% after the SNMPv 2c walk even after 5 minutes.

Conditions: This symptom occurs when an SNMP walk is done on mplsLsrStdMIB.

Workaround: There is no workaround.

  • CSCub62116

Symptoms: Traceback is seen when sending HTTP traffic.

Conditions: This symptom is observed when MACE is enabled on an interface. After several minutes, traceback is seen.

Workaround: There is no workaround.

  • CSCub62729

Symptoms: MTU-Size issue is seen with ppp-max-payload enabled.

Conditions: This symptom occurs when ppp-max-payload is enabled in Cisco c887VA (with ppp-max-payload enabled).

Workaround: There is no workaround. The same configuration works fine in Cisco c881/c1921.

  • CSCub67243

Symptoms: The router crashes under heavy traffic when configured as DMVPN HUB. No crashinfo or core file is generated.

Conditions: This symptom is observed on a Cisco 3900e router, but not on a Cisco 3900 router.

Workaround: Configure “no scheduler allocate”.

  • CSCub67465

A vulnerability in the T1/E1 driver queue implementation of Cisco IOS Software could allow an unauthenticated, remote attacker to cause an interface wedge condition, which could lead to loss of connectivity, loss of routing protocol adjacency, and could result in a denial of service (DoS) scenario.

The vulnerability is due to incorrect implementation of the T1/E1 driver queue. An attacker could exploit this vulnerability by sending bursty traffic through the affected interface driver. Repeated exploitation could cause a DoS condition.

Workarounds to mitigate this vulnerability are available.

Cisco has released free software updates that address this vulnerability. This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-wedge

Note: The September 25, 2013, Cisco IOS Software Security Advisory bundled publication includes eight Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the September 2013 bundled publication.

Individual publication links are in “Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication” at the following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep13.html

  • CSCub71162

Symptoms: The VLAN interface is not working.

Conditions: This symptom occurs because of a change in the netmask.

Workaround: Shut/no shut resolves the interface.

  • CSCub71981

Symptoms: The show voice register pool on-hold brief command displays the same number (for both phone number and remote number) when both local and remote phone are put on on-hold.

Conditions: This symptom is observed when with Cisco IOS Release 15.3(8)T.

Workaround: There is no workaround.

  • CSCub78299

Symptoms: Ping fails from host1 (192.168.1.2) to host2 (192.168.4.2).

Conditions: This symptom occurs when Suite-B is configured on IPsec SA.

Workaround: There is no workaround.

  • CSCub79590

Symptoms: The match user-group commands do not appear in the running configuration after being configured.

Configure an inspection type class-map:
class-map type inspect TEST
match protocol tcp
match user-group cisco
 
Save the configuration. Try to view the configuration in the running configuration:
hostname# show run class-map
building configuration...
 
Current configuration : 66 bytes
!
class-map type inspect match-all TEST
match protocol tcp
end
 

But, view the configuration directly in the class-map:

hostname# show class-map type inspect
Class Map type inspect match-all TEST (id 1)
Match protocol tcp
Match user-group cisco
 

The configuration never shows up in the running configuration, but it is in the class-map configuration. As a note, the functionality exists on the ZBFW, but the configuration does not show up in the running configuration.

Conditions: This symptom is only observed with the match user-group commands.

Workaround: This issue only affects devices after a reload as the router will read the startup configuration, which will not have the match user-group command. As a result, the match user-group commands need to be reentered after ever reload.

  • CSCub80491

Symptoms: A Cisco router may experience alignment errors. These alignment errors may then cause high CPU.

Conditions: This symptom occurs as the alignment errors require using Get VPN. It is currently believed to be related to having the Get VPN running on a multilink interface, but this is not yet confirmed.

Workaround: There is no workaround.

  • CSCub84471

Symptoms: WAAS-optimized traffic is stuck in a loop when ISM VPN is enabled.

Conditions: This symptom occurs when the ISM-VPN Module is turned on.

Workaround: There is no workaround.

  • CSCub85754

Symptoms: Ping does not work on a Cisco 897VA.

Conditions: This symptom is observed with an upgrade to 37h DSL firmware.

Workaround: There is no workaround.

  • CSCub90459

Symptoms: If CUBE has midcall reinvite consumption enabled, it also consumes SIP 4XX responses. This behavior can lead to dropped or hung calls.

Conditions: This symptom occurs when midcall reinvite consumption is enabled.

Workaround: There is no workaround.

  • CSCub91111

Symptoms: Outgoing packet drop on the HSPA+R7 cellular interface with SWI MC8705 firmware T3.5.x (not released).

Conditions: This symptom is observed on HSPA+R7 SKU with MC8705 T3.5 firmware (not released firmware).

Workaround: Use MC8705 firmware T1.x release.

  • CSCub91815

Symptoms: Certificate validation fails with a valid certificate.

Conditions: This symptom is observed during DMVPN setup with an empty CRL cache. This issue is usually seen on the responder side, but the initiator can also show this behavior.

Workaround: There is no known workaround.

  • CSCub93496

Symptoms: One-way video from CTS-1000 to TS-7010 is seen in the following topology:

CTS-1000 (v1.9.1) >>> CUCM 8.6.2aSU2 >>> CUCM 9.0 >>> CUBE 15.1.2T (2811) >>>
CUBE 15.1.4M4 (2951) >>> CUCM9.0 >>> VCS X7.1 >>> TS-7010 2.2
 

Conditions: This symptom occurs when SDP Passthru mode on CUBE is used.

Workaround: RTP payload types 96/97, which are associated with fax/faxack need to be remapped to some other unused values.

  • CSCub94825

Symptoms: After Cisco IOS XE bootup, there are no static reverse routes inserted as a result of applying/installing and HA crypto map. The same issue is present on the HSRP standby device, namely, the static RRI routes will not get installed in case a failover occurs. The show cry map command can be used to verify that RRI is enabled. The show cry route command can be used to determine if RRI has happened and if it has been done correctly.

Conditions: This symptom is observed with the following conditions:

– Cisco IOS XE Release 3.5S up to Cisco IOS XE Release 3.7S

– VRF-aware IPSec with stateless HA and static RRI

– IPv4

Workaround: Removing and reentering the reverse-route static command into the the configuration will actually trigger the route insertion.

  • CSCub99756

Symptoms: The Cisco ASR 1000 router running Cisco IOS Release 15.2(4)S acting as a GM in a Get VPN deployment starts using the most recent IPsec SA upon KS rekey instead of using the old key up to 30 seconds of expiration.

Conditions: This symptom is observed only in Cisco IOS Release 15.2(4)S.

Workaround: There is no workaround.

  • CSCub99778

Symptoms: The Cisco ASR 1000 router being GM in a Get VPN deployment fails to start GDOI registration after a reload.

Conditions: This symptom occurs when running Cisco IOS Release 15.2(4)S. The following error is displayed in the show crypto gdoi command output after reload.

Registration status : Not initialized
 

Workaround: Use an EEM script to issue “clear crypto gdoi” some time after boot time or issue this manually.

  • CSCuc05631

Symptoms: Tracebacks are seen in the ISM-VPN background.

Conditions: This symptom is observed when Get VPN and DMVPN are turned by having the ISM-VPN Module.

Workaround: Disable ISM-VPN and use the onboard VPN ACCL.

  • CSCuc07799

Symptoms: The router crashes while booting with Cisco IOS Release 15.2(4)M weekly images.

Conditions: This symptom occurs when the ISM-VPN Module is inserted in the router.

Workaround: There is no workaround.

  • CSCuc08061

Symptoms: IPv6 DMVPN spoke fails to rebuild tunnels with hubs.

Conditions: This symptom occurs when the tunnel interface on the spoke is removed and reapplied again.

Workaround: Reboot the spoke.

  • CSCuc12907

Symptoms: The waas config remove-all and waas config restore-default commands fail.

Conditions: This symptom occurs when the waas config remove-all and waas config restore-default commands fail. WAAS-Express class-maps, policy-maps, and parameter-map fail to be removed when the previous commands are issued. The following error is seen:

% Remove All Config failed: Unable to remove WAAS class-map(s).
 

Workaround: On Cisco c3900, c2951, c2900, and c1900, install the datak9 package. The CLIs are successful then.

  • CSCuc15203

Symptoms: If the ISM-VPN module is turned on and ZBFW is configured, when asymmetric routing occurs, the router crashes.

Conditions: This symptom occurs when the ISM-VPN module is turned on and ZBFW is configured, and when asymmetric routing occurs.

Workaround: There is no workaround.

  • CSCuc15695

Symptoms: The counters are not polling the correct stats.

Conditions: This symptom was first observed on the ATM interfere, but it is not particular to the ATM as this issue was reproduced on the Gigabit Ethernet interface as well.

Workaround: There is no workaround.

  • CSCuc24937

Symptoms: The voice gateway router is configured as a CME for handling ephone reloads due to spurious memory access.

Conditions: This symptom occurs as the voice gateway router is capable of handling ephones. Reload is very specific to ephone handling.

Workaround: There is no workaround.

  • CSCuc29310

Symptoms: TD probes in fast mode are gone when the link flaps (not PfR external interfaces).

Conditions: This symptom is observed with TD, fast mode, and link flap, which cause SAF session flap.

Workaround: Issue “clear pfr mas tr”.

  • CSCuc33328

Symptoms: Memory leaks are seen in the statistics.

Conditions: This symptom occurs when the probe is executed and statistics are updated.

Workaround: There is no workaround.

  • CSCuc37365

Symptoms: The bandwidth command under the cellular interface goes back to the default bandwidth of 50K after a reload or modem reset/power-cycle.

Conditions: This symptom is observed when you configure the bandwidth command.

Workaround: There is no workaround.

  • CSCuc37407

Symptoms: If configuration replace is tried after session-based poll, which has an address type (IPv4/IPv6) mismatch with initiator source-IP, then a crash is seen.

Conditions: This symptom occurs when configuring Mediatrace initiator with a particular type of address, for example, IPv4 only or IPv6 only. This issue is seen when trying a session-based poll with the address type for a path-specifier not matching the address type of the initiator. Then, configuration replace on the same configurations leads to a crash.

Workaround: There is no workaround.

  • CSCuc39963

Symptoms: Spurious memory access/crash is seen at mdb_tree_classify.

Conditions: This symptom occurs when the egress QoS policy is configured.

Workaround: There is no workaround.

  • CSCuc40448

Symptoms: No-way audio is observed on hair-pinned calls back from CUBE to SIP Provider.

The call flow is as follows:

PSTN caller --Verizon---(sip)---ASR CUBE---(sip)---CUSP---(sip)---Genesis ( SIP
Refer sent to transfer back to Verizon) -- CUSP - CUBE - Verizon -- PSTN
 

Conditions: This symptom is observed only after upgrading to Cisco IOS Release 15.2(2)S.

Workaround: Modify the diversion header on the transfer leg invite, so Verizon handles the call differently.

  • CSCuc41531

Symptoms: Forwarding loop is observed for some PfR-controlled traffic.

Conditions: This symptom is observed with the following conditions:

– Traffic Classes (TCs) are controlled via PBR.

– The parent route is withdrawn on selected BR/exit.

Workaround: This issue does not affect configured or statically defined applications, but only affects learned applications so this can be used as one workaround. Another option is to issue shut/no shut on PfR master or clear the related TCs with the clear pfr master traffic-class ... command (this fixes the issue until the next occurrence).

  • CSCuc45115

Symptoms: EIGRP flapping is seen continuously on the hub. A crash is seen at nhrp_add_static_map.

Conditions: This symptom is observed after shut/no shut on the tunnel interface, causing a crash at the hub. A related issue is also seen when there is no IPv6 connectivity between the hub and spoke, causing continuous EIGRP flapping on the hub.

Workaround: There is no known workaround.

  • CSCuc56259

Symptoms: A Cisco 3945 that is running 15.2(3)T2 and running as a voice gateway may crash. Just prior to the crash, these messages can be seen:

%VOIP_RTP-6-MEDIA_LOOP: The packet is seen traversing the system multiple times
 

and

Delivery Ack could not be sent due to lack of buffers.
 

Conditions: This happens when a media loop is created (which is due to misconfiguration or some other call forward/transfer scenarios).

Workaround: Check the configurations for any misconfigurations, especially with calls involving CUBE and CUCM.

  • CSCuc59541

Symptoms: Spoke fails to learn networks behind other spokes and EIGRP flapping occurs.

Conditions: This symptom is observed with a FlexVPN spoke-to-spoke setup.

Workaround: There is no workaround.

  • CSCuc66122

Symptoms: A crash occurs with the show ip sla summary command with the IP SLAs RTP-Based VoIP Operation.

Conditions: This symptom occurs when the IP SLAs RTP-Based VoIP Operation is configured on the box.

Workaround: Use the show ip sla statistics command to check the status and statistics of the IP SLAs RTP-Based VoIP Operation rather than show ip sla summary command, when the IP SLAs RTP-Based VoIP Operation is configured on the box.

  • CSCuc68743

Symptoms: A crash occurs while running CME smoke regression.

Conditions: This symptom is observed while running CME smoke regression.

Workaround: There is no workaround.

  • CSCuc70310

Symptoms: RRI routes are not installed in DMAP. “reverse-route” is a configuration in the DMAP. This prevents packets from being routed through the intended interface, and hence packet loss occurs.

Conditions: This symptom is observed when a simple reverse-route is configured in DMAP without any gateway options.

Workaround: There is no workaround.

  • CSCuc73677

Symptoms: RSA keys are not generated correctly.

Conditions: This symptom occurs when you first clear the RSA keys that are already generated on the router, and then generate the RSA keys.

Workaround: There is no workaround.

  • CSCuc82992

Symptoms: The router crashes upon execution of “no crypto engine slot 0”. when RG-infr feature is enable.

Conditions: This symptom occurs when RG-Infra and ISM-VPN are configured and when issuing “no crypto engine slot 0”.

Workaround: There is no workaround.

  • CSCuc88175

Symptoms: When a dynamic cryptomap is used on the Virtual Template interface, SAs do not created and thus the testscripts fail. This issue occurs because the crypto map configurations are not added to the NVGEN, and hence there is no security policy applied on the Virtual Template interface.

Conditions: This symptom occurs only when a dynamic map is used on the Virtual Template interface. However, this issue is not seen when tunnel protection is used on the Virtual Template interface or when a dynamic map is used on the typical physical interface.

Workaround: There is no workaround apart from using tunnel protection on the Virtual Template interface.

  • CSCuc95573

Symptoms: A call with the VCC feature enabled does not work properly, resulting in media problems, when DSP is not configured. The inleg sends all the codecs configured, even though DSP is not configured. It should send only the codecs negotiated on the outleg.

Conditions: This symptom occurs when DSP is not configured. Configure VCC offer all in the dial peer.

Workaround: Only negotiated codecs are sent out in 200 OK from the inleg when DSP resource is unavailable.

  • CSCud07504

Symptoms: SRE-WAAS optimized traffic gets dropped by ZBFW.

Conditions: This symptom occurs when ZBFW, WCCP, and SRE-WAAS are configured.

Workaround: There is no workaround.

  • CSCud64812

A vulnerability in the implementation of the virtual fragmentation reassembly (VFR) feature for IP version 6 (IPv6) in Cisco IOS Software could allow an unauthenticated, remote attacker to cause an affected device to hang or reload, resulting in a denial of service (DoS) condition.

The vulnerability is due to a race condition while accessing the reassembly queue for IPv6 fragments. An attacker could exploit this vulnerability by sending a crafted stream of valid IPv6 fragments. Repeated exploitation may result in a sustained DoS condition.

Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability.

This advisory is available at the following link:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-ipv6vfr

Note: The September 25, 2013, Cisco IOS Software Security Advisory bundled publication includes eight Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the September 2013 bundled publication.

Individual publication links are in “Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication” at the following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep13.html