Cross-Platform Release Notes for Cisco IOS Release 15.3S
Release 15.3(3)S Caveats
Downloads: This chapterpdf (PDF - 134.0KB) The complete bookPDF (PDF - 2.28MB) | Feedback

Caveats for Cisco IOS Release 15.3(3)S

Table Of Contents

Caveats for Cisco IOS Release 15.3(3)S

Resolved Caveats—Cisco IOS Release 15.3(3)S1

Resolved Caveats—Cisco IOS Release 15.3(3)S


Caveats for Cisco IOS Release 15.3(3)S

Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious. Severity 3 caveats are moderate caveats, and only select severity 3 caveats are included in this section.

In this section, the following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.


Note If you have an account on Cisco.com, you can also use the Bug Toolkit to find select caveats of any severity. To reach the Bug Toolkit, log in to Cisco.com and go to http://www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl. (If the defect that you have requested cannot be displayed, this may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential.)


This section consists of the following subsections:

Resolved Caveats—Cisco IOS Release 15.3(3)S1

Resolved Caveats—Cisco IOS Release 15.3(3)S

Resolved Caveats—Cisco IOS Release 15.3(3)S1

The caveats in this section are resolved in Cisco IOS Release 15.3(3)S1 but may be open in previous Cisco IOS releases.

CSCtn72925

Symptoms: PFR fails to get notified about interface state changes.

Conditions: The issue is seen specifically when using Frame Relay and Multilink Frame Relay subinterfaces as PFR external exits and the main interface flaps.

Workaround: Use the clear pfr master * command.

CSCts99455

Symptom: BR FP crash occurs on a Cisco ASR 1000 series router when the Master Controller controls applications through PBR.

Conditions: This symptom occurs when the PfR Master Controller tries to enforce its path selection for application traffic (PBR based route control). The FP on BRs crashes and reloads.

Workaround: There is no workaround.

CSCtz98228

Symptom: On the Cisco 3900e platform, a crash and router reload occurs without generating any crashinfo and traceback.

Conditions: This symptom could be seen with HTTP traffic intercepted by the content-scan feature. It is mostly seen during the content-scan session creation.

Workaround: Disable the content-scan feature.

CSCue50101

Symptom: ATM OAM packets are not being sent on the L2TPv3 tunnel when configured in transparent mode.

Conditions: This symptom is observed when you enable oam-pvc manage on the CE.

Workaround: There is no workaround.

CSCuf53543

Symptom: MPLS-TP L2 VCs are down after an SIP reload and RP switchover.

Conditions: This symptom occurs when VCs are configured through an MPLS-TP tunnel in a hardware redundant platform.

Workaround: There is no workaround.

CSCuf56776

Symptom: After a linecard is removed and reinserted (OIR), traffic may fail to pass through some virtual circuits which have been configured for pseudowire redundancy.

Conditions: This symptom is observed when the first segment ID in the redundancy group is numerically greater than the second segment.

PE1#show ssm id | inc 1st 1stMem: 16394 2ndMem: 12301 ActMem: 12301 1stMem: 16394 
2ndMem: 12301 ActMem: 12301
After the OIR is performed, it can be seen that the segments are reversed on the 
linecard.
ESM-20G-12#sh ssm id | inc 1st 1stMem: 12301 2ndMem: 16394 ActMem: 12301 1stMem: 12301 
2ndMem: 16394 ActMem: 12301 
 
   

Workaround: There is no workaround.

CSCuf86171

Symptom: The DHCP snooping database agent can get stuck while using FTP as the transfer protocol.

The following is the output of "show ip dhcp snooping database":

Agent URL : <FTP URL> Write delay Timer : 300 seconds Abort Timer : 300 seconds
Agent Running : Yes Delay Timer Expiry : 0 (00:00:00) <<<<< Delay timer is at zero, 
but process will never re-start Abort Timer Expiry : Not Running
Last Succeded Time : 02:09:53 PDT Thu Jun 6 2013 <<<<< Time will never update Last 
Failed Time : None Last Failed Reason : No failure recorded.
Total Attempts : 12 Startup Failures : 0 Successful Transfers : 11 Failed Transfers : 
0 Successful Reads : 1 Failed Reads : 0 Successful Writes : 10 Failed Writes : 0 Media 
Failures : 0
 
   

Conditions: This symptom occurs while using FTP as the protocol to transfer the DHCP snooping binding database to an external server.

Workaround: Use another file transport mechanism like SCP or TFTP. Once the issue occurs, the only known workaround is to reload the affected device.

CSCug50340

Symptom: PW traffic is not flowing after SSO/card reset the active PTF card.

Conditions: The symptom is observed with the following conditions:

1. Create a unprotected tunnel between the active PTF card and create a PW.

2. Apply the table map. Bi-directional traffic is flowing fine.

3. SSO/reset the active PTF card in node 106 (4/1).

4. Now tunnel core port is in standby card.

5. Observed bi-directional traffic is not flowing once the card becomes up.

6. Again reset the active PTF card (5/4).

7. Observe uni-directional traffic only is flowing.

Workaround: Delete the PW and recreate it again. However, note that if you do an SSO/card reset, the issue reappears.

CSCug71297

Symptom: An SP crash is observed at the below RPC call block during an ISSU upgrade after commit version. SP: Frames of RPC pf_issu_sp2rp process (pid 579) on 16 (proc|slot) after blocking rpc call failed: 42342B84

Conditions: This symptom occurs during ISSU commit version while saving the configuration.

Workaround: There is no workaround.

CSCuh21740

Symptom: There is a deletion and addition of VRFs with MVPNV6 configurations.

Conditions: This symptom occurs when PIM VRF neighbors are not up.

Workaround: Reload the router.

CSCuh32439

Symptom: A linktrace targeted at the MAC address of a remote MIP fails with no response seen from the router with the target MIP despite the fact that a linktrace targeted at a MEP or MIP beyond that MIP fully succeeds (including recording the existence of the MIP that cannot be targeted directly).

Conditions: This symptom is seen only when all of the following conditions are true:

a. The router on which the target MIP is on uses the "Bridgeport" model of assigning MAC addresses to MPs (currently, this is just Cisco ASR 901 router).

b. The target MIP is on a port channel interface.

c. The target MIP is not on the port that the linktrace will ingress on.

Workaround: Linktraces to MIPs or MEPs beyond the failing MIP will succeed and return the relevant information for the untargetable MIP.

CSCuh40617

Symptom: Ping fails when "encap dot1q" is configured on an FE SPA inserted in bay 1 of flexwan.

Conditions: This symptom is observed when FE SPA is inserted in bay 1 of flexwan.

Workaround: Move the SPA to bay 0 of flexwan.

CSCuh44420

Symptom: When a Cisco IOS router with one or more mpls ldp neighbors undergoes an mpls ldp router-id configuration change and non-stop routing had been previously enabled and disabled prior to the router-id configuration change, sessions fail to become NSR-ready once mpls ldp nsr is reconfigured.

Conditions: This symptom occurs when the mpls ldp router-id is reconfigured after mpls ldp nsr has been enabled and then disabled. After the router-id change, mpls ldp nsr must be reconfigured in order to encounter this issue.

Workaround: Reload the standby RP.

CSCuh44476

Symptom: After an SSO, some VCs are not displayed for certain neighbors.

Conditions: This symptom occurs after an SSO on a box which has VFIs with autodiscovery BGP and BGP signalling with more than two remote PEs.

Workaround: There is no workaround.

CSCuh48840

Symptom: Cisco Router crashes.

Conditions: This symptom is observed under the following conditions:

a. Sup-bootdisk formatted and copied with big size file, like copy 7600 image file around 180M size

b. Reload box, and during bootup try to write file to sup-bootdisk (SEA write sea_log.dat 32M bytes)

c. Then the issue appear

d. When the issue seen, check the sea_log.dat always with 0 byte

e. No matter where (disk0 or bootdisk) to load image.

f. No matter sea log disk to sup-bootdisk or disk0:. I reproduced the issue with "logg sys disk disk0:" config.

SEA is calling IFS API to create sea_log.dat, looks like IFS creating file hungs SP.

sea_log.c : sea_log_init_file() -> ifs_open() -> sea_zero_log() -> ifs_lseek() -> 
ifs_write()
 
   

Workaround: There is no workaround.

CSCuh51897

Symptom: LC crashed with following error messages:

Jun 11 03:55:05.641: %SYS-DFC2-2-NOBLOCK: printf with blocking disabled. -Process= 
''NDE - IPV6'', ipl= 7, pid= 165 Jun 11 03:55:44.165: %CPU_MONITOR-SP-6-NOT_HEARD: 
CPU_MONITOR messages have not been heard for 31 seconds [2/0] Jun 11 03:56:44.761: 
%CPU_MONITOR-SP-6-NOT_HEARD: CPU_MONITOR messages have not been heard for 91 seconds 
[2/0] Jun 11 03:57:02.441: %XDR-6-XDRIPCNOTIFY: Message not sent to slot 2/0 (2) 
because of IPC error timeout. Disabling linecard. (Expected during linecard OIR) Jun 
11 03:57:14.761: %CPU_MONITOR-SP-6-NOT_HEARD: CPU_MONITOR messages have not been heard 
for 121 seconds [2/0] Jun 11 03:58:14.762: %CPU_MONITOR-SP-3-TIMED_OUT: CPU_MONITOR 
messages have failed, resetting module [2/0] Jun 11 03:58:14.826: 
%C7600_PWR-SP-4-DISABLED: power to module in slot 2 set off (Heartbeat Messages Not 
Received From Module)
 
   

Conditions: IPv6 NetFlow enabled on device

Workaround: Disable IPv6 NetFlow

CSCuh80492

Symptom: The system crashes and it causes a reload. Messages that can be seen on the console indicate there is a "NULL pointer dereference". For example:

BUG: unable to handle kernel NULL pointer dereference
 
   

This is followed by a stack trace.

Conditions: This symptom occurs due to lack of proper locking semantics on the variables controlling the IPC namespace. This crash is unlikely to occur in normal situations. The user will need to have shell access and then access a task file under /proc (for example: /proc/29208/ns/ipc) which gives statistics on the IPC namespace.

Workaround: There is no workaround.

CSCuh91225

Symptom: A router crashes at pki_import_trustpool_bundle.

Conditions: The call-home reporting command will enable smart callhome using HTTPS and send an inventory message to register for smart callhome. If the certificate which is required by HTTPS does not exist in the device, it will try to download it which causes the crash.

Workaround: There is no workaround.

CSCuh94799

Symptom: When a Port-channel interface with a carrier delay of 0 milliseconds and one or more service instances configured is removed, an unexpected process termination occurs.

Conditions: The issue will be seen only when there is both carrier delay of ms 0 configuration and service instance configuration under a Port channel interface, and that Port-channel interface is removed.

Workaround: There are several work arounds:

1. Remove the service instance(s) from the Port-channel interface before deleting the interface.

2. Remove the carrier delay from the Port-channel before deleting the interface.

3. Configure a non-zero carrier delay instead of a 0 carrier delay.

4. Don't use carrier-delay on port-channel interfaces in conjunction with service instances. Instead use carrier-delay on port-channel member interfaces.

The use of "lacp fast-switchover" on the port-channel interface can also help to avoid the need for carrier-delay in cases where redundant LACP member links are in use.

CSCuh97838

Symptom: Increased CPU Interrupt utilization due to process switching of packets.

Conditions: Configured CESoUDP on the remote PE, but no CESoUDP is configured on the local Cisco ASR 901 router.

Workaround: There are two workarounds:

a. Configure the CESoUDP on the local 901 before configure on the remote PE. Or,

b. Remove the CESoUDP from the remote PE.

CSCui04530

Symptom: Upon FPD upgrade, you get this error on Cisco IOS c7600 switch:

! %FPD_MGMT-3-BUNDLE_EXTRACT_ERROR: Cannot extract the ssc-600-fpd.bndl bundle from 
sup-bootdisk:c7600-fpd-pkg.151kg - The required bundle is not in the package file. 
Please make sure that you have the right FPD image package file. % Cannot get the 
required data from the indicated file, please verify that you have a valid file and 
entered a valid URL. ! 
 
   

Conditions: This symptom is observed under the following conditions:

IOS: c7600s72033-advipservicesk9-mz.122-33.SRB3
CARDS: WS-SSC-600 WS-IPSEC-3
CLI: upgrade hw-module slot x fpd file sup-bootdisk:c7600-fpd-pkg.151-3.S2.pkg
 
   

Workaround: Upgrade to FPD image that includes corresponding *.bndl image.

CSCui25696

Symptom: Cisco ASR 1002-X router experiences a watchdog reset due to a kernel core dump triggered by a possible divide-by-zero condition.

Conditions: This symptom can occur under any condition.

Workaround: There is no workaround.

CSCui26581

Symptom: Small memory leak is seen when accessing certain parts of PTP MIB

Conditions: This symptom occurs when the following OIDs in the PTP MIB are accessed:

cPtpClockRunningPacketsSent: 1.3.6.1.4.1.9.9.760.1.2.4.1.5 
cPtpClockRunningPacketsReceived: 1.3.6.1.4.1.9.9.760.1.2.4.1.6 
cPtpClockPortRunningPacketsReceived: 1.3.6.1.4.1.9.9.760.1.2.9.1.13 
cPtpClockPortRunningPacketsSent: 1.3.6.1.4.1.9.9.760.1.2.9.1.14 
cPtpClockPortAssociatePacketsSent: 1.3.6.1.4.1.9.9.760.1.2.11.1.8 
cPtpClockPortAssociatePacketsReceived: 1.3.6.1.4.1.9.9.760.1.2.11.1.9 
cPtpClockPortAssociateInErrors: 1.3.6.1.4.1.9.9.760.1.2.11.1.10, 
cPtpClockPortAssociateOutErrors: 1.3.6.1.4.1.9.9.760.1.2.11.1.11
 
   

Workaround: Exclude the above OIDs

CSCui30036

Symptom: Cisco ASR 1001 IDC maverick SPA(ASR1001-IDC-8XT1E1) will not bootup.

Conditions: This issue is observed with latest Cisco IOS Release XE3.10 and mcp_dev image.

Workaround: There is no workaround. Use image prior to Cisco IOS Release XE3.10.

CSCui33454

Symptom: Unidirectional traffic flow is observed for PFC based EoMPLS PW due to lost FIB entries in hardware. Receive counter under VC statistics does not increment on one side of PW.

Counter for VC statistics in "receive" direction does not increment, only send counter increases.

Conditions: This symptom is observed under the following conditions:

a. EoMPLS PW provisioned on PFC/DFC based linecard

b. The issue is triggered with FIB changes toward the xconnect neighbor peer.

Workaround:

1. "Soft" workaround: Remove and configure back affected xconnect, or "hard" WA in case soft will not help

2. "Hard" workaround: Linecard reload in case of DFC based AC linecard - Supervisor reload in case of non-DFC based AC linecard

CSCui47602

Symptom: Traces at IDMGR-3-INVALID_ID when queried for mplsTunnelTable MIB.

Conditions: This symptom occurs when there is a GETONE SNMP query for non-existing mplsTunnelTable entries.

Workaround: Avoid using GETONE SNMP query for non-existing objects. Use GETNEXT queries instead of GETONE whenever possible.

CSCui62441

Symptom: Complete traffic drop for few seconds is seen after few minutes of performing SSO switchover.

Conditions: This symptom occurs only after a few minutes of performing an SSO switchover. NSR is not configed for RSVP.

Workaround: There is no workaround.

CSCui67308

Symptom: Cisco IOS Router constantly crashes after enabling TE tunnel over BDI interface.

Conditions: This symptom is observed when TE tunnel is exits a BDI interface. This is not a supported design.

Workaround: Use physical interface for TE tunnels.

CSCui67919

Symptom: QoS policy applied on AToM SVI is not getting any matches - until user remove and re-apply the policy; once the policy is re-applied, the policy works as expected. However, the QoS counters are not getting updated and you cannot verify the policy statistics with "show policy-map interface x/x".

Conditions: This symptom is observed when the xconnect is applied under SVI and the core facing line card is ES20 running Cisco IOS Release 15.2(4)S3a.

Workaround: Re-apply the policy. Please note that QoS counters in "show policy-map interface xx" will not work but the policy comes in effect after re-applying it.

CSCui85019

Symptom: When the command show xconnect is entered, it may result in a memory leak. This can be observed by entering the command show memory debug leaks chunks and seeing entries like this:

router#show memory debug leaks chunks Adding blocks for GD...
I/O memory
Address Size Alloc_pc PID Alloc-Proc Name
Chunk Elements:
AllocPC Address Size Parent Name
Processor memory
Address Size Alloc_pc PID Alloc-Proc Name AA3F8B4 2348 6D0B528 97 Exec
PW/UDP VC event trace 
 
   

Conditions: This symptom is observed when one or more xconnects are configured with UDP encapsulation.

Workaround: There is no workaround.

CSCui87915

Symptom: The VC is not going down after the access interface is down.

Conditions: This symptom occurs in scalabled eompls under port-channel and shut the member link.

Workaround: The EFPs under the member link can be re-configured once the member link is down.

CSCuj16742

Symptom: In a pseudowire redundancy configuration, packets may fail to flow even though the xconnect virtual circuit appears to be up.

Conditions: This symptom has been observed when the xconnect is re-provisioned while the primary pseudowire is down and the backup pseudowire is up. The issue has only been observed on Circuit Emulation (CEM) attachment circuits, but it is possible other attachment circuit types may be affected as well.

Workaround: Completely unconfigure the xconnect and then reconfigure it.

CSCuj17482

Symptom: On a device running low on memory, an EFP is attempted to be deleted, but fails due to lack of memory. The second attempt at removing that same EFP causes the router to restart.

Conditions: This symptom occurs when the a lot of configuration has been applied to the device, causing high memory usage.

Workaround: Do not over-configure the device.

CSCuj30702

Symptom: This bug is specific to port channel sub interface configuration in ES+ card. This bug is not relevant to any other port channel configuration in ES+, that is, EVC/Bridge-Domain over PoCH sub-int etc, and other card types, such as ES20/ LAN cards are free from this bug. Any type of IP communication on port channel sub interfaces in ES+ cards fail. Such an issue is seen only with port channel sub interfaces on ES+ and not seen with port channel main interfaces.

Conditions: This symptom will only be seen with images where the fix of CSCuh40617 is integrated.

Workaround: The connections will work fine if it is moved to the main interface or by using EVC BD configurations.

CSCuj31151

Symptom: If an impedance option is specified for an external clock in the network-clock input-source configuration, other configuration (such as hold-off or wait-to-restore) may fail to be applied.

Conditions: This can be seen when using external clock inputs with an impedance option specified.

Workaround: It may be possible to achieve the desired behaviour using global configuration (for example global hold-off or wait-to-restore configuration), if not, there is no workaround.

Resolved Caveats—Cisco IOS Release 15.3(3)S

CSCtz34776

Symptom: Increased CPU Interrupt utilization due to process switching of packets.

Conditions: The symptom is observed when the CEM circuit goes down, since one of CESoUDP end points also goes down.

Workaround: Bring down the TDM connection at the other end of the CESoUDP.

CSCtz69969

Symptom: Changing the speed of one of the member interfaces of a port-channel causes a traceback on the Cisco ASR 901 and the node reloads.

Conditions: This symptom occurs when you execute the "speed" CLI to change the speed of one of the member interfaces belonging to a port-channel.

Workaround: In order to change the speed of one of the port-channel members, remove that member interface from the port-channel, change the speed, and add it back to the port-channel.

CSCud13208

Symptom: Satellite is showing no alarm on authentication fail.

Conditions: The symptom is observed on 901nv satellite. No alarm (major/critical/minor) is turned on when there is a serial number mismatch. This feature tested on 901nv when it acts in satellite mode which is connected to a Cisco ASR 901 router.

While bringing up the satellite we can configure the "901 serial number" under the configuration "nv satellite" on the host. If there is a serial number mismatch then satellite state will be in "State: Authentication failed" and the connection will not be established. During this authentication fail we expect the major alarm should be signaled on the satellite side. But currently we are not seeing any alarm turned on at the satellite side.

Common Test bed:

IXIA--[Host ASR9k RO chassis]------(ICL)-------[901 Satellite] ----IXIA
RP/0/RSP0/CPU0:umangasr9k#show nv satellite status satellite 111
Tue Nov 20 08:17:13.868 UTC
Satellite 111
-------------
  State: Authentication failed
  Type: asr901
  Description: sat111
  MAC address: 4055.3989.8a34
  IPv4 address: 111.0.0.1
  Configured Serial Number: 123
  Received Serial Number: CAT1546U04V
  Configured satellite fabric links:
    Bundle-Ether111
    ---------------
      State: Satellite Ready
      Port range: GigabitEthernet0/0/0-9
      Discovered satellite fabric links:
        GigabitEthernet0/2/0/17: Satellite Ready; No conflict
        GigabitEthernet0/2/1/0: Satellite Ready; No conflict

Satellite is in Authentication failed state due to difference in serial numbers.

Workaround: You can identify this issue by executing the following command:

show nv satellite status satellite 111

If state is "Authentication failed" and serial numbers are different then you should reconfigure satellite with the proper serial number.

CSCud33454

Symptom: 10 Gig interface is disabled after reload.

Conditions: The symptom is observed when the REP feature is configured on a 10Gig interface in 1Gig mode. Initially with this configuration, the interfaces comes up fine. But after reloading the Cisco ASR 901 router, the interfaces will be shown in down/down state while the neighbor state will still be up/up.

Workaround: Remove and reapply REP configurations on the interface or toggle the interface on the neighbor end.

CSCud58457

Symptom: Standby interface stays UP/UP after a reload:

BGL.S.15-ASR1004-1#sh int des
Interface                      Status         Protocol Description
Te0/0/0                        down           down     
Te0/1/0                        up             up       
Te0/2/0                        down           down     
Te0/3/0                        up             up       
Gi0                            admin down     down 

It should be like this :

BGL.S.15-ASR1004-1#sh int des
Interface                      Status         Protocol Description
Te0/0/0                        down           down     
Te0/1/0                        up             up       
Te0/2/0                        down           down     
Te0/3/0                        standby mode   down     
Gi0                            admin down     down 

Conditions: The symptom is observed when "backup interface" and "carrier-delay" are configured under the interface:

interface TenGigabitEthernet0/1/0
 backup interface TenGigabitEthernet0/3/0
 ip address 10.163.137.29 255.255.255.224
 logging event link-status
 carrier-delay up 1
 carrier-delay down msec 0
 cdp enable
 hold-queue 4096 in
 hold-queue 4096 out
!
interface TenGigabitEthernet0/3/0
 mac-address d867.d9dd.ff10
 no ip address
 logging event link-status
 carrier-delay up 1
 carrier-delay down msec 0
 cdp enable
 hold-queue 4096 in
 hold-queue 4096 out
!

Workaround: Flap the standby interface.

CSCud67287

Symptom: A bcmx_l3_egress_multipath_destroy error is reported on the console.

Conditions: The symptom is observed with MPLS and ECMP in core.

Workaround: There is no workaround.

CSCud79447

Symptom: Auto negotiation is being disabled on reload if speed is configured on gig port.

Conditions: The symptom is observed if you enable autonegotiation on copper ports and configure speeds then reload the router.

Workaround: There is no workaround.

CSCue54917

Symptom: 10G license is shown "in use" when the interface is admin down after installing the license dynamically (after deleting the license and reinstalling it again).

Conditions: The symptom is observed when you shut down the tengig interfaces then remove the license, then reinstall the license. The tengig license will show "in use" even though the interfaces are admin down.

Workaround: Give a "no shut" to the interfaces.

CSCue67669

Symptom: The CFM session goes down.

Conditions: Default encapsulation cannot be configured on only one CE facing interface. It must be configured on both interfaces of PE (CE facing as well as core facing) when "ethernet cfm global" is configured.

Workaround: Remove "ethernet cfm global".

CSCue68589

Symptom: The imaGroupNumTxCfgLinks missing in the SNMP response for IMA interface detailed CLI. The CLI output shows:

ImaGroupNumTxCfgLinks = 1 ImaGroupNumRxCfgLinks = 1<<<<These are missing in the SNMP 
output
ImaGroupNumTxActLinks = 1 ImaGroupNumRxActLinks = 1

but the same is missing in the SNMP response for the query.

Conditions: The symptom is observed when you configure "ima group" and query for ImaGroupNumTxCfgLinks through SNMP.

Workaround: There is no workaround.

CSCue78182

Symptom: A Cisco ASR 901 Boundary Clock (BC) is not working with ASR 903 BC. PTP stops working after some time and keystone CPU utilization goes to 100%. The ASR 901 stops sending signalling messages.

Conditions: The symptom is observed with a Cisco ASR 901 BC and an ASR 903 BC.

Workaround: There is no workaround.

CSCue87627

Symptom: 10G interfaces are not coming up with devices other than a Cisco ASR 901.

Conditions: The symptom is observed when you connect 10g or 1g SFPs. In 1og interfaces with other devices links are not coming up.

Workaround: There is no workaround.

CSCue88662

Symptom: Unconfiguration or change of split-horizon group for bridge-domain does not take effect.

Conditions: The symptom is observed when a service instance is already configured with one split-horizon group.

Workaround: Reload the device.

CSCue96798

Symptom: Telnet sessions beyond four are not allowed.

Conditions: The symptom is observed when a line vty configuration is enabled and you access telnet simultaneously with more than four sessions.

Workaround: There is no workaround.

CSCuf25253

Symptom: The following errors are seen:

pstorm_bcm_prog_backup_adj_entry:576: bcmx_mpls_tunnel_initiator_set failed. Err: -6 
Label= 0
pstorm_mfi_backup_adj_endchain_add:1415: pstorm_bcm_prog_adj_entry failed
pstorm_mfi_backup_adj_add:1473: pstorm_mfi_backup_adj_endchain_modified failed.

Conditions: The symptom is observed with a ring set up with remote LFA FRR enabled. Every flap in primary or backup path will trigger the L3 tunnel resource leak in hardware.

Workaround: There is no workaround.

CSCuf26488

Symptom: Traffic for ECMP IPv6 prefixes drops.

Conditions: The symptom is observed immediately after IPv6 neighbors expire.

Workaround: Configure "ipv6 nd cache expire <expiry_timer> refresh" on the IPv6 interface.

CSCuf35663

Symptom: Cisco ASR 901 MST interoperability does not work with RSTP and STP and port will be blocked.

Conditions: The symptom is observed with MSTP interoperability with RSTP or STP.

Workaround: Configure MSTP only on both sides.

CSCuf51632

Symptom: Cisco ASR 901 10G: Default MTU for TenGigabitEthernet port in 1G mode is 1518.

Conditions: The symptom is observed when the TenGigabitEthernet port is in 1G mode.

Workaround: Manually configure MTU to 9215 on the TenGigabitEthernet interface.

CSCuf54567

Symptom: Traffic failure.

Conditions: The symptom is observed with:

RFC3107.

Equal Cost Multipath (ECMP).

EoMPLS.

Workaround: Avoid ECMP.

CSCug15952

Symptom: %QOS-3-INDEX_EXISTS error message is shown and router crashes.

Conditions: The symptom is observed when sessions are bought up and the collision IDs with dynamic policy names are synced to standby from active. When the sessions time out and restart, the same dynamic policy names are synced to HA tree on standby again without cleaning up the tree earlier and the crash will happen.

Workaround: Avoid the same session reestablishment before rebooting the router.

CSCug24016

Symptom: ISIS does not work when MTU is configured as 9216 and even L2 payload allowed is not 9216.

Conditions: The symptom is observed when MTU is configured as 9216.

Workaround: Use MTU as 9198.

CSCug28440

Symptom: Traffic drops with TAG ADJ.

Conditions: The symptom is observed when you boot up with a set of configurations.

Workaround: Shut/unshut EVC and SVI.

CSCug31561

A vulnerability in the DHCP implementation of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability occurs during the parsing of crafted DHCP packets. An attacker could exploit this vulnerability by sending crafted DHCP packets to an affected device that has the DHCP server or DHCP relay feature enabled. An exploit could allow the attacker to cause a reload of an affected device.

Cisco has released free software updates that address this vulnerability. There are no workarounds to this vulnerability.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-dhcp

Note: The September 25, 2013, Cisco IOS Software Security Advisory bundled publication includes eight Cisco Security Advisories. All advisories address vulnerabilities in Cisco IOS Software. Each Cisco IOS Software Security Advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all Cisco IOS Software vulnerabilities in the September 2013 bundled publication.

Individual publication links are in "'Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link:

http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep13.html

CSCug37591

Symptom: Interface status up/up without fiber connection.

Conditions: The symptom is observed under the following conditions:

1. Make the 10G link up.

2. Shut one side interface link.

3. Remove the cable from interface.

4. Unshut the interface.

Interface will be up/up without cable.

Workaround: There is no workaround.

CSCug58253

Symptom: Traffic drop seen for 40ms in one stream when access interface which carries another stream is shut.

Conditions: The symptom is observed when the failure and recovery of one shorthaul interface impacts another shorthaul's uplink/downlink traffic.

Workaround: There is no workaround.

CSCug61041

Symptom: The command rewrite ingress tag pop 1 symmetric has no effect.

Conditions: This has been observed on Cisco IOS Release 15.3(2)S with the below steps:

1. Configure xconnect without rewrite as:

interface GigabitEthernet0/10
negotiation auto
cdp enable
service instance 100 ethernet
  encapsulation dot1q 100
  xconnect 10.0.0.1 100 encapsulation mpls

2. Then if you configure rewrite ingress tag pop 1 symmetric the issue is hit (no rewrite happens).

Workaround: The clear xconnect all command will solve the problem.

CSCuh07349

Symptom: A Cisco 7600 Sup may crash due to SP memory corruption.

Conditions: This issue is observed on an REP enabled router, which is part of an REP segment. The exact trigger for this issue is not clear.

Workaround: There is no workaround.

CSCuh09412

Symptom: A Cisco ASR 1000 running ISG with "radius-proxy session-restart" crashes when WiFi clients are roaming between hotspots.

Conditions: The symptom is observed if a client roams between WiFi access points and the accounting-stop message from the initial access point does not reach the ISG where the subscriber session is active as can sometimes be the case of roaming between access points on a wireless LAN controller.

Workaround: Disable "radius-proxy session-restart" and reload the chassis to clear the session-cache.

CSCuh43252

Symptom: After upgrading to Cisco IOS Release 15.0(2)SE3, you can no longer authenticate using TACACS. The TPLUS process on the switch will be pushing the CPU up to 99%.

Conditions: The symptom is observed when you use TACACS for authentication.

Workaround: Downgrade the switch to a version prior to 15.0(2)SE3.

CSCuh43255

Symptom: The BGP task update-generation process may cause the router to reload, in a rare timing condition when there is prefix flap and there is high scale of prefixes going through update-generation, including the flapping prefix.

Conditions: The symptom is observed when the Cisco ASR router is acting as a route server for BGP along with having various route-server contexts. The router does not do any forwarding. It merely processes control plane traffic.

Workaround: There is no workaround.

More Info: The setup is the same as mentioned in this doc:

http://www.cisco.com/en/US/docs/ios/ios_xe/iproute_bgp/configuration/guide/irg_route_server_xe.html.

CSCuh46481

Symptom: Cisco ASR 901 crashes while booting up.

Conditions: The symptom is observed while booting up the router with a weekly image which has a profile configuration (L3VPN, L2VPN, REP).

Workaround: There is no workaround.

CSCuh48666

Symptom: Router crashes and reloads with dynamic EID scaling.

Conditions: The symptom is observed with dynamic EID scaling.

Workaround: There is no workaround.

CSCuh57839

Symptom: Clock quality level stuck and QL-DNU and not synchronized with the quality level of the clock source.

Conditions: This occurs when a synchronization interface that was previously down comes back up.

Workaround: There is no workaround.

CSCuh60010

Symptom: Router crashes after defaulting the interface and also while unconfiguring the RSVP.

Conditions: The symptom is observed after defaulting the interface.

Workaround: There is no workaround.

CSCtx34208

Symptom: Gig 0/4 is not getting selected as sync-e clock source.

Conditions: The symptom is observed with the following conditions:

1. Gig 0/4 has media-type as SFP.

2. Gig 0/4 is selected as clock source for the board.

Workaround: Increase the global hold-off time from 300ms to 1800ms using the following command will allow gi0/4 to be selected as clock source:

Router(config)# network-clock hold-off 1800 global
 
   

Increase the global hold-off time to 1800ms and the flap will not be seen. However, traffic drops will still be present.

More Information: This issue is not seen on other ports or copper mode of Gig 0/4.

CSCui03965

Symptom: Standby RP keeps on booting after ISSU upgrade of standby RP

Conditions: The symptom is observed after an ISSU upgrade of the standby RP.

Workaround: There is no workaround.