Guest

Cisco 10000 Series Routers

Cisco IOS Release 12.3(7)XI2

  • Viewing Options

  • PDF (622.4 KB)
  • Feedback
Release Notes for the Cisco 10000 Series Router for Cisco IOS Release 12.3(7)XI2

Table Of Contents

Release Notes for the Cisco 10000 Series Router for Cisco IOS Release 12.3(7)XI2

Contents

System Requirements

Route Processor Redundancy Mode

Before You Upgrade the Cisco IOS Software

Upgrading to a New Software Release

New Features—Cisco IOS Release 12.3(7)XI2

Define Interface Policy-Map AV Pairs AAA

Dynamic ATM VP and VC Configuration Modification

Local Template-Based ATM PVC Provisioning

MQC Policy Map Support on Configured VC Range ATM

RADIUS Attribute 31: PPPoX Calling Station ID

Scaling Enhancements

Queue Scaling

VC Scaling

Shaped UBR PVCs

Limitations and Restrictions

ATM PVC Autoprovisioning

Controlling the Rate of Logging Messages

Define Interface Policy-Map AV Pairs AAA

Dynamic ATM VP and VC Configuration Modification

Frame Relay

Local Template-Based ATM PVC Provisioning

MQC Policy Map Support on Configured VC Range ATM

PRE Network Management Ethernet Port

RADIUS Attribute 31: PPPoX Calling Station ID

Scalability

Shaped UBR PVCs

Testing Performance of High-Speed Interfaces

Important Notes

Configuring the aaa new-model Command

Enhancing Scalability of Per-User Configurations

Setting VRF and IP Unnumbered Interface Configurations in User Profiles

Setting VRF and IP Unnumbered Interface Configuration in a Virtual Interface Template

Redefining User Profiles to Use the ip:vrf-id and ip:ip-unnumbered VSAs

Inserting a New Line Card

Local AAA Server, User Database—Domain to VRF

Multilink PPP

Provisioning for Scaling

PPPoA Sessions with IP QoS Static Routes

AAA Authentication on the NME Port

Call Admission Control

Open Caveats—Cisco IOS Release 12.3(7)XI2

Resolved Caveats—Cisco IOS Release 12.3(7)XI2

Obtaining Documentation

Cisco.com

Ordering Documentation

Documentation Feedback

Obtaining Technical Assistance

Cisco TAC Website

Opening a TAC Case

TAC Case Priority Definitions

Obtaining Additional Publications and Information


Release Notes for the Cisco 10000 Series Router for Cisco IOS Release 12.3(7)XI2


November 11, 2004

These release notes provide information about Cisco IOS Release 12.3(7)XI2, which provides broadband aggregation and leased-line features for the Cisco 10000 series router.

These release notes are updated as needed to describe new features, memory requirements, hardware support, software platform deferrals, and changes to the microcode and related documents.

Cisco IOS Release 12.3(7)XI2 is based on the following releases:

Cisco IOS Release 12.2(16)BX

Cisco IOS Release 12.3T

Cisco IOS Release 12.3(7)XI1

To review the release notes for Cisco IOS Release 12.2(16)BX, go to the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/aggr/10000/10krn/122bx/index.htm

To review the release notes for Cisco IOS Release 12.3, go to the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123relnt/xprn123/index.htm

Contents

This document contains the following sections:

System Requirements

New Features—Cisco IOS Release 12.3(7)XI2

Limitations and Restrictions

Important Notes

Open Caveats—Cisco IOS Release 12.3(7)XI2

Obtaining Documentation

Documentation Feedback

Obtaining Technical Assistance

Obtaining Additional Publications and Information

System Requirements

Cisco IOS Release 12.3(7)XI2 requires that you have the performance routing engine (PRE), Part Number ESR-PRE2 installed in the Cisco 10000 series router chassis. To verify which PRE is installed in the router, use the show version command.

Route Processor Redundancy Mode

The Cisco 10000 series router supports route processor redundancy (RPR) mode or RPR+ mode to provide fault resistance and to ensure high availability. In RPR mode, one supervisor engine is active and operational while the second supervisor engine is in standby mode waiting for the active supervisor to fail so that it can take over and maintain the operation of the router. In RPR+ mode, the standby supervisor engine is fully initialized and configured, which shortens the time needed to switch over to the standby supervisor.

When upgrading or downgrading the Cisco IOS software, the RPR mode used on the Cisco 10000 series router depends upon the Cisco IOS software currently running on the Cisco 10000 series router and the Cisco IOS software to which you want to upgrade or downgrade.

Table 1 lists the RPR modes used when upgrading or downgrading Cisco IOS software. For example, when upgrading to Cisco IOS Release 12.3(7)XI2 from Release 12.2(16)BX, the router uses RPR mode instead of RPR+ mode. When downgrading to Cisco IOS Release 12.2(16)BX from Cisco IOS Release 12.3(7)XI2, the router uses RPR mode.

Table 1 RPR Modes for Cisco IOS Software Releases

Releases
12.2(16)BX
12.3(7)XI2

12.2(16)BX

RPR+

RPR

12.3(7)XI2

RPR

RPR+


Before You Upgrade the Cisco IOS Software

Before you upgrade (or downgrade) the Cisco IOS software running on the Cisco 10000 series router, save the running configuration file. In RPR mode, the router synchronizes only the startup configuration.

Upgrading to a New Software Release

For specific information about upgrading your Cisco 10000 series router to a new software release, refer to the Cisco 10000 Series Router Software Configuration Guide.

For general information about upgrading to a new software release, refer to the product bulletin Cisco IOS Upgrade Ordering Instructions.

For additional information about ordering Cisco IOS software, refer to the Cisco IOS Software Releases.

New Features—Cisco IOS Release 12.3(7)XI2

The following new features and improvements are supported on the Cisco 10000 series router in Cisco IOS Release 12.3(7)XI2.

Define Interface Policy-Map AV Pairs AAA

Dynamic ATM VP and VC Configuration Modification

Local Template-Based ATM PVC Provisioning

MQC Policy Map Support on Configured VC Range ATM

RADIUS Attribute 31: PPPoX Calling Station ID

Scaling Enhancements

Shaped UBR PVCs

For more information about the new features in Cisco IOS Release 12.3(7)XI2, refer to the following documentation:

Cisco 10000 Series Broadband Aggregation and Leased-Line Configuration Guide

For information about new features supported on the Cisco 10000 series router in other releases, see the appropriate Release Notes at the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/aggr/10000/10krn/index.htm

Define Interface Policy-Map AV Pairs AAA

The Define Interface Policy-Map AV Pairs AAA feature introduces two Cisco Remote Authentication Dial-In User Service (RADIUS) vendor-specific attributes (VSAs) that allow a policy map to be applied on the virtual circuit (VC) via RADIUS during a Point-to-Point Protocol over ATM (PPPoA) or Point-to-Point Protocol over Ethernet over ATM (PPPoEoA) session establishment.

The Define Interface Policy-Map AV Pairs AAA feature introduces two Cisco VSAs that allow you to apply a policy map at the ATM VC level using RADIUS. The purpose of the Cisco VSA (attribute 26) is to communicate vendor-specific information between the network access server (NAS) and the RADIUS server. The Cisco VSA encapsulates vendor specific attributes that allow vendors such as Cisco to support their own extended attributes.

The Define Interface Policy-Map AV Pairs AAA feature allows a policy map to be applied ("pulled") on the VC during a PPPoA or PPPoEoA session establishment.

In earlier releases a policy map could only be configured on a VC or ATM point-to-point subinterface by using modular QoS CLI (MQC). A service policy could be applied to the sessions on these VCs using RADIUS or manually with the virtual template. In this release, this feature allows a service policy to be applied on the VC using RADIUS for a PPPoA or PPPoEoA session. (However, configuring a service policy on the ATM subinterface still requires CLI configuration.)

In Cisco IOS Release 12.3(7)XI2, the Define Interface Policy-Map AV Pairs AAA feature allows a service policy to be applied on the VC using RADIUS for a PPPoA or PPPoEoA session. (However, configuring a service policy on the ATM subinterface still requires CLI configuration and enabling DBS
on the VC in particular.)

For more information about this feature, see the Define Interface Policy-Map AV Pairs AAA feature guide at http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123limit/123x/123xi7/123xiqos.htm#wp1043332

Dynamic ATM VP and VC Configuration Modification

In Cisco IOS Release 12.3(7)XI1, when you change the weight of a VC or the VP shaping parameters, the VC or VP gets torn down at the SAR and the session goes down. In Cisco IOS Release 12.3(7)XI2, the Dynamic ATM VP and VC Configuration Modification feature allows you to change the VC weight or VP shaping parameters without affecting the state of the VC or VP. In other words, the VC and VP remain up and operational.

The dynamic parameters include ATM VP parameters (PCR or CDVT) and VC parameters (weight, PCR, SCR, MBS, and CDVT). When you change VC parameters or the VP rate, there can be a momentary change in the VP's shaped rate, in which the rate cells are sent might be over or under the configured rates. The session stays up and no data is lost.

In Cisco IOS Release 12.3(7)XI2, the range of integer values supported by the weight-value parameter of the weight command is 1 to 255. In Cisco IOS Release 12.3(7)XI1, the range is 5 to 255.

Local Template-Based ATM PVC Provisioning

The Local Template-Based ATM PVC Provisioning feature supports PVC autoprovisioning for an infinite range of VPI/VCI combinations on an ATM interface.

The Local Template-Based ATM PVC Provisioning feature enables ATM permanent virtual circuits (PVCs) to be provisioned automatically as needed from a local configuration, making the provisioning of large numbers of digital subscriber line (DSL) subscribers easier, faster, and less prone to error. ATM PVC autoprovisioning can be configured on a PVC, an ATM PVC range, or a VC class. If a VC class configured with ATM PVC autoprovisioning is assigned to the main interface, all the PVCs on that main interface will be autoprovisioned; this configuration is sometimes referred to as an infinite range.

MQC Policy Map Support on Configured VC Range ATM

In releases prior to Cisco IOS Release 12.3(7)XI2, MQC policy maps on ATM VCs were supported, but to attach a service policy to an ATM VC you had to configure the service policy in PVC mode. The MQC Policy Map Support on Configured VC Range ATM feature simplifies this configuration by allowing you to implement a service policy under range PVC mode and under PVC in range mode.

RADIUS Attribute 31: PPPoX Calling Station ID

The RADIUS Attribute 31: PPPoX Calling Station ID feature enables service providers to provide more information about the call originator to the RADIUS server in a DSL environment, such as the physical lines on which customer calls originate. Specifically, this feature allows operators to track customers through the physical lines on which customer calls originate. Service providers can better maintain the profile database of their customers as they move from one physical line to another.

Because this feature provides a virtual port that does not change as customers move from one physical line to another, RADIUS attribute 31 (Calling-Station-ID) can also be used for additional security checks. The Calling-Station-ID attribute is included in both ACCESS-REQUEST and ACCOUNTING-REQUEST messages.

Scaling Enhancements

Cisco IOS Release 12.3(7)XI2 provides increased limits with queue scaling and VC scaling.

Queue Scaling

At least two queues are allocated for every interface or subinterface for which separate queues are created. The first queue is the default queue for normal traffic, and the second queue, known as the system queue, is used for a small amount of router-generated traffic that bypasses the normal drop mechanisms. For 32,000 VCs, this would require the allocation of a minimum of 64,000 queues. While Cisco IOS Release 12.3(7)XI1 added support for up to 128,000 queues, a more effective use of these limited resources is realized by having the subinterfaces on a given main interface share the single system queue of the main interface.

In Cisco IOS Release 12.3(7)XI2, the subinterfaces on a given main interface share the single system queue of the main interface, and this allows for 32,000 subinterfaces with a three-queue model that supports assured forwarding (AF) queues and expedited forwarding (EF) queues, in addition to the default best effort (BE) queues. Because there isn't a system queue for every subinterface, this frees up queues for a 4-queue model.

VC Scaling

When configured for hierarchical shaping, ATM line cards support the following number of VCs:

OC-12 ATM line card supports a maximum of 16,384 VCs (previously 14,436)

OC-3 ATM line card and the E3/DS3 line card support a maximum of 28,672 VCs (previously 8,192).

In atm pxf queuing mode, ATM line cards support the following number of VCs:

Line Card
Maximum VCs per Port
Maximum VCs per Module
VBR, CBR, Shaped UBR VCs

E3/DS3

4,096

32,768

28,672

OC-3

8, 192

32,768

28,672

OC-12

16,384

16,384

16,384


You can configure the maximum number of VCs across the ports in any fashion, provided that you do not exceed the per-port maximum.

Shaped UBR PVCs

Prior to Cisco IOS Release 12.3(7)XI2, you could configure shaped unspecified bit rate (UBR) PVCs but only when the no atm pxf queuing command was configured. In Cisco IOS Release 12.3(7)XI2, you can configure shaped UBR PVCs when the atm pxf queuing command is configured.

When shaped UBR is specified, the layer 3 scheduling for the UBR VC is set up in the same fashion as VBR and CBR VCs are set up. The VC has its own VTMS link and a set of queues assigned to it. The rate of the link is based on the PCR you specify. Flowbits are assigned to the VC. Unlike VBR and CBR VCs, only a single flowbit is assigned to the VC; it is not based on rate.

Like VBR and CBR VCs, the shaped UBR VCs can have queuing service policies applied to them. The UBR VCs are not subject to any CAC checks, but the number of shaped UBR VCs must be within existing limits. These limits include: the maximum number of VCs per system, maximum number of VCs per port, and maximum number of VCs with flowbits.

Limitations and Restrictions

This section describes limitations and restrictions for the following areas. Be sure to review the following limitations and restrictions before using the features in the Cisco IOS Release 12.3(7)XI2:

ATM PVC Autoprovisioning

Controlling the Rate of Logging Messages

Define Interface Policy-Map AV Pairs AAA

Dynamic ATM VP and VC Configuration Modification

Frame Relay

Local Template-Based ATM PVC Provisioning

MQC Policy Map Support on Configured VC Range ATM

PRE Network Management Ethernet Port

RADIUS Attribute 31: PPPoX Calling Station ID

Scalability

Shaped UBR PVCs

Testing Performance of High-Speed Interfaces

For more information about the restrictions for a specific feature, refer to the Cisco 10000 Series Broadband Aggregation and Leased-Line Configuration Guide.

ATM PVC Autoprovisioning

The following restrictions apply to the ATM PVC Autoprovisioning feature:

The SAR translates the external VPI/VCI values into an internal 32-bit logical header. Router interfaces can support 510 unique bit field combinations in the 32-bit logical header. While there are 512 total SAR pages, page 0 is unused due to a hardware limitation and page 511 is reserved for tunnels.


Note Note: The limit of 510 usable SAR pages in Cisco IOS Release 12.3(7)XI2 represents a reduction from the limit of 512 usable SAR pages in earlier releases.


The Local Template-Based ATM PVC Provisioning feature (infinite range) can be configured only on a main ATM interface; that is, it cannot be configured on a subinterface. When you use the class-int command to attach an ATM VC class to a subinterface, the create on-demand command is ignored.

PVCs or PVCs within a range specified as create on demand PVCs, count against the interface limit for configured PVCs, regardless of whether the PVCs become active. These PVCs count against the maximum number of VCs allowed per interface port.

Controlling the Rate of Logging Messages

It is important that you limit the rate that system messages are logged by the Cisco 10000 series router. This helps to avoid a situation in which the router becomes unstable and the CPU is overloaded. To control the output of messages from the system, use the logging rate-limit command.

Cisco recommends that you configure the logging rate-limit command as follows. This limits the rate of all messages to the console to 10 per second, except for messages with critical priority (level 3) or greater.

Router(config)# logging rate-limit console all 10 except critical

For more information, refer to the logging rate-limit command in the Cisco IOS Configuration Fundamentals and Network Management Command Reference, Release 12.3.

Define Interface Policy-Map AV Pairs AAA

You cannot configure a service policy on a VC and on a session at the same time.

Dynamic ATM VP and VC Configuration Modification

The following restrictions apply to the Dynamic ATM VP and VC Configuration Modification feature:

A weight of less than 10 should not be used, because it can adversely affect the performance of the ATM port.

When you change VC parameters or the VP rate, there can be a momentary fluctuation in the VP's effective shaped rate, in which the rate that cells are sent might be over or under the configured rates.

The Dynamic ATM VP and VC Configuration Modification feature does not allow you to dynamically change the queue depth or the type of VC (for example, from CBR to VBR-nrt).

Frame Relay

The following limitations apply to the Cisco 10000 series router implementation of Frame Relay:

The ip rtp reserve command is not supported.

Only one priority queue per VC is allowed.

Local Template-Based ATM PVC Provisioning

The Local Template-Based ATM PVC Provisioning feature (infinite range) can be configured only on a main ATM interface; that is, it cannot be configured on a subinterface. When you use the class-int command to attach an ATM VC class to a subinterface, the create on-demand command is ignored.

MQC Policy Map Support on Configured VC Range ATM

The MQC Policy Map Support on Configured VC Range ATM feature applies to ATM VCs only.

PRE Network Management Ethernet Port

Ensure that the Fast Ethernet NME port on the PRE is configured for auto-negotiation mode, which is the system default. Duplex mode can cause problems, such as flapping. If the port is experiencing such problems and has been configured for duplex mode, use the no half-duplex or no full-duplex command to disable duplex mode.

RADIUS Attribute 31: PPPoX Calling Station ID

The following limitations apply to the RADIUS Attribute 31: PPPoX Calling Station ID feature:

Do not use the RADIUS Logical Line ID feature with the RADIUS Attribute 31: PPPoX Calling Station ID feature. Using both features causes two instances of the attribute in the RADIUS IOS database for a particular user.

While this feature can be used with any vendor's RADIUS server, some RADIUS servers can require modifications to their dictionary files to allow the Calling-Station-ID attribute to be presented correctly in the RADIUS logs.

This feature supports only RADIUS; TACACS+ is not supported.

Currently, PPPoEoVLAN and PPPoEoQinQ do not provide information on VLAN tags; only the MAC address is provided to the RADIUS server.

RADIUS attribute 31 (Calling-Station-ID) is not supported for L2TP Network Server (LNS) environments. If you enable this attribute on an LNS, the attribute is not sent to the RADIUS server.

Scalability

If you configure create on demand PVCs (individual and within a range) and PPP sessions, RP CPU utilization can be extremely high when bringing up and tearing down sessions and PVCs. This is only a concern when the configuration contains approximately 30,000 PPP sessions, and additional services are enabled such as DBS, ACLs, and service policies.

To reduce the RP CPU usage for PPPoA sessions, reduce the number of configured PVCs in a single subinterface. To reduce the RP CPU usage for PPPoEoA sessions, use call admission control (call admission limit command).

Shaped UBR PVCs

Only variable bit rate (VBR) VCs are allowed in the VP tunnel. You cannot configure unspecified bit rate (UBR) VCs or constant bit rate (CBR) VCs in the tunnels.

Testing Performance of High-Speed Interfaces

Cisco IOS software running on the Cisco 10000 series router has multiple queues for all classes of traffic over high-speed interfaces. The software selects a queue based on the source and destination address for the packet. This ensures that a traffic flow always uses the same queue and the packets are transmitted in proper order.

When the Cisco 10000 series router is installed in a real network, the high-speed interfaces work efficiently to spread traffic flow equally over the queues. However, using single traffic streams in a laboratory environment may result in less-than-expected performance.

Therefore, to ensure accurate test results, you should test the throughput of the gigabit Ethernet, Packet over SONET (POS), or ATM uplink with multiple source or destination addresses.


Tip To determine if traffic is being properly distributed, use the show hardware pxf cpu queue command.


Important Notes

This section provides important information about the following topics:

Configuring the aaa new-model Command

Enhancing Scalability of Per-User Configurations

Inserting a New Line Card

Local AAA Server, User Database—Domain to VRF

Multilink PPP

Provisioning for Scaling

Configuring the aaa new-model Command

The aaa new-model command is disabled by default on the Cisco 10000 series router. In previous releases, the default configuration did not appear in the running configuration file. However, in Cisco IOS Release 12.3(7)XI2 or later releases, the running configuration file now includes the no aaa new-model command. This is an intentional change in behavior for this command and is the first step in a three-step process to change the default configuration to aaa new-model.


Note This change in behavior differs from Cisco IOS software, which typically does not include default configurations in the running configuration file.


For example, when you enter the show running-config command, no aaa new-model appears in the configuration if either of the following conditions previously occurred:

You did not configure the aaa new-model command on the router and instead accepted the default configuration of the file: no aaa new-model.

You entered the no aaa new-model command to remove the previously configured aaa new-model command.

Enhancing Scalability of Per-User Configurations

To enhance scalability of per-user configurations without changing the router configuration, use the ip:vrf-id and ip:ip-unnumbered RADIUS attributes. These per-user vendor specific attributes (VSAs) are used to map sessions to VRFs and IP unnumbered interfaces. The VSAs apply to virtual access subinterfaces and are processed during PPP authorization.

In releases earlier than Cisco IOS Release 12.2(16)BX1, the lcp:interface-config RADIUS attribute is used to map sessions to VRFs. This per-user VSA applies to any type of interface configuration, including virtual access interfaces. Valid values of this VSA are essentially any valid Cisco IOS interface command; however, not all Cisco IOS commands are supported on virtual access subinterfaces. To accommodate the requirements of the lcp:interface-config VSA, the per-user authorization process forces the Cisco 10000 series router to create full virtual access interfaces, which consume more memory and are less scalable.

In Cisco IOS Release 12.2(16)BX1 and later releases, the ip:vrf-id is used to map sessions to VRFs. Any profile that uses the ip:vrf-id VSA must also use the ip:ip-unnumbered VSA to install IP configurations on the virtual access interface that is to be created. PPP that is used on a virtual access interface to be created requires the ip:ip-unnumbered VSA. An Internet Protocol Control Protocol (IPCP) session is not established if IP is not configured on the interface. You must configure either the ip address command or the ip unnumbered command on the interface so that these configurations are present on the virtual access interface that is to be created. However, specifying the ip address and ip unnumbered commands on a virtual template interface is not required because any pre-existing IP configurations are removed when the ip:ip-vrf VSA is installed on the virtual access interface. Therefore, any profile that uses the ip:vrf-id VSA must also use the ip:ip-unnumbered VSA to install IP configurations on the virtual access interface that is to be created.

These per-user VSAs can be applied to virtual access subinterfaces; therefore, the per-user authorization process does not require the creation of full virtual access interfaces, which improves scalability.

Setting VRF and IP Unnumbered Interface Configurations in User Profiles

Although the Cisco 10000 series router continues to support the lcp:interface-config VSA, the ip:vrf-id and ip:ip-unnumbered VSAs provide another way to set the VRF and IP unnumbered interface configurations in user profiles. The ip:vrf-id and ip:ip-unnumbered VSAs have the following syntax:

Cisco:Cisco-AVpair = "ip:vrf-id=vrf-name"
Cisco:Cisco-AVpair = "ip:ip-unnumbered=interface-name"

Specify only one ip:vrf-id and one ip:ip-unnumbered value in a user profile. However, if the profile configuration includes multiple values, the Cisco 10000 series router applies the value of the last VSA received, and creates a virtual access subinterface. If the profile includes the lcp:interface-config VSA, the router always applies the value of the lcp:interface-config VSA, and creates a full virtual access interface.

Whenever you specify a VRF in a user profile, but you do not configure the VRF on the Cisco 10000 series router, in Cisco IOS Release 12.2(15)BX, the router accepted the profile. However, in Cisco IOS Release 12.2(16)BX1 and later releases, the router rejects the profile.

Setting VRF and IP Unnumbered Interface Configuration in a Virtual Interface Template

You can specify one VSA value in the user profile on RADIUS and another value locally in the virtual template interface. The Cisco 10000 series router clones the template and then applies the values configured in the profiles it receives from RADIUS, resulting in the removal of any IP configurations when the router applies the profile values.

Redefining User Profiles to Use the ip:vrf-id and ip:ip-unnumbered VSAs

The requirement of a full virtual access interface when using the lcp:interface-config VSA in user profiles can result in scalability issues, such as increased memory consumption. This is especially true when the Cisco 10000 series router attempts to apply a large number of per-user profiles that include the lcp:interface-config VSA. Therefore, when updating your user profiles, we recommend that you redefine the lcp:interface-config VSA to the scalable ip:vrf-id and ip:ip-unnumbered VSAs.

Example 1 shows how to redefine the VRF named newyork using the ip:vrf-id VSA.

Example 1 Redefining VRF Configurations

Change:
Cisco:Cisco-Avpair = "lcp:interface-config=ip vrf forwarding newyork"

To:
Cisco:Cisco-Avpair = "ip:vrf-id=newyork"

Example 2 shows how to redefine the Loopback 0 interface using the ip:ip-unnumbered VSA.

Example 2 Redefining IP Unnumbered Interfaces

Change:
Cisco:Cisco-Avpair = "lcp:interface-config=ip unnumbered Loopback 0"

To:
Cisco:Cisco-Avpair = "ip:ip-unnumbered=Loopback 0"

Inserting a New Line Card

Unlike other Cisco routers, if you insert a new or different line card into a Cisco 10000 series router chassis slot that previously had a line card installed, the line card initially reports that it is administratively up.

Local AAA Server, User Database—Domain to VRF

The Local AAA Server, User Database—Domain to VRF feature is not working correctly in Cisco IOS Release 12.3(7)XI2. For more information, refer to CSCef83376 in Open Caveats—Cisco IOS Release 12.3(7)XI2.

Multilink PPP

Multilink PPP (MLPPP) is working correctly in Cisco IOS Release 12.3(7)XI2. (It was not working correctly in Cisco IOS Release 12.3(7)XI1).

Provisioning for Scaling

The following configuration parameters enhance scalability on the Cisco 10000 series router:

PPPoA Sessions with IP QoS Static Routes

AAA Authentication on the NME Port

Call Admission Control

To configure the Cisco 10000 series router for high scalability, be sure to configure the configuration parameters as described in the sections that follow.

For more information, refer to the Cisco 10000 Series Broadband Aggregation and Leased-Line Configuration Guide.

PPPoA Sessions with IP QoS Static Routes

To scale to 32,000 PPPoA sessions with IP QoS enabled, you must limit the number of IP QoS static routes to 4,000 unidirectional QoS static routes.

AAA Authentication on the NME Port

If you use AAA authentication on the NME port, set both the in and out interface hold queues to 4096. For example:

Router(config)# int fa 0/0/0
Router(config-if)# hold-queue 4096 in
Router(config-if)# hold-queue 4096 out

Call Admission Control

We recommend that you set the Call Admission Control (CAC) to a maximum of 95. For example:

Router(config)# call admission limit 95

Open Caveats—Cisco IOS Release 12.3(7)XI2

Table 2 describes Open Caveats in Cisco IOS Release 12.3(7)XI2.

Table 2 Open Caveats in Cisco IOS Release 12.3(7)XI2  

Caveat
Description

CSCdt94857

High impact commands or commands used in high scaling environments impact scaling by increasing CPU cycles, increasing boot time, and decreasing control plane run-time efficiency.

Workaround: There is no workaround for this problem.

CSCdy45049

When scaling over 3000 serial interfaces, line rate traffic may not be achieved. This problem occurs when thousands of serial interfaces (PPP or HDLC) are used on the port and line rate traffic is sent through all interfaces.

Workaround: There is no workaround for this problem.

CSCdz40002

When you remove APS and then re-activate it, traffic convergence after an APS switchover takes longer than 2 seconds.

Workaround: There is no workaround for this problem.

CSCea63115

When you enter the redundancy force-failover main-cpu privileged EXEC command on a router that is configured with two Performance Routing Engines (PREs), an automatic protection system (APS) switchover occurs on OC-12 Packet-over-SONET (POS) line cards, which is incorrect behavior.

This problem occurs when APS is configured on OC-12 POS line cards in two different Cisco 10000 series routers that are connected back-to-back and you enter the following sequence of commands:

1. Enter the aps force pos slot/subslot/port from working interface configuration command on both routers.

2. Enter the show aps EXEC command. The output displays the active channels for both routers.

3. Enter the redundancy force-failover main-cpu privileged EXEC command on one of the routers, causing an APS switchover to occur on this router.

Workaround: There is no workaround for this problem. However, when problem occurs, there is no loss of data.

CSCea63638

When Automatic Protection Switching (APS) is enabled, if you issue the hw-module reset command on the primary APS slot, no change is observed because the router does not switch to the secondary APS slot. This problem occurs when the hw-module reset command is issued.

Workaround: There is no workaround for this problem.

CSCec13372

The router can generate wrong or misleading sub-pool or global pool flooding messages when up or down thresholds for MPLS TE resource availability (bandwidth) are crossed. The configured thresholds for MPLS TE resource availability are crossed when defining bandwidth on the MPLS tunnel interface reserved on the physical interface/subinterface.

Workaround: There is no workaround for this problem.

CSCec37207

On Cisco 10000 series routers running in PTA mode, PPPoEoA sessions using bandwidth queues drop packets if a priority queue is also configured in the policy map. When there is traffic sent to priority queue, all other queues can drop packets below line rate if the traffic consists of small packets.

Workaround: There is no workaround for this problem.

CSCec42315

When scaling to 12000 Frame Relay DLCI interfaces, line rate traffic may not be achieved. This problem occurs when thousands of Frame Relay DLCIs are used on the port and line rate traffic is sent through all interfaces.

Workaround: There is no workaround for this problem.

CSCec42451

The RIP routing protocol does not function properly over VLAN interfaces with IP unnumbered.

Workaround: There is no workaround for this problem.

CSCec43937

When you run hierarchical shaping, a small number of UPC violations can occur on a DS3 ATM interface on an LS1010 that is connected to a LAC. The traffic shaped by the LAC is slightly above the tunnel PCR. The number of violations does not depend on the tunnel oversubscription but seems to be proportional to the tunnel PCR.

Workaround: There is no workaround for this problem.

CSCec48111

When sending 64 byte packets through 300 serial interfaces or more, line rate traffic may not be achieved. This problem occurs with 64 byte packets and a large number of interfaces.

Workaround: There is no workaround for this problem.

CSCec80927

Call setup rate slower is for a particular configuration running on a 12.3(6)TX image compared with 12.2(16)BX. If the mtu command is added to the vtemplate for sessions, the command processing for the command takes significantly longer on a 12.3(6)TX image as compared to a 12.3(16)BX image.

Workaround: Remove the mtu command from the vtemplate configuration.

CSCec85628

Outgoing traffic is above VP speed on an 8e3d3atm line card. For this problem to occur, the total SCR value of all VBR-nrt VCs in a VP is above 80 percent of the VPs PCR value but still smaller than the total VP bandwidth (PCR). All the VCs should be overdriven by outgoing traffic.

Workaround: There is no workaround for this problem.

CSCed03248

The CLI error "IP address is already defined as an interface" appears when the address is not used anywhere in the running configuration. The error occurs when the IP address was used by a serial interface and the interface was removed or unconfigured from the system.

Workaround: Use the no ip address command before removing a serial interface or use a different IP address (if possible).

CSCed17570

When using thousands of QoS queues with WRED configured in each queue, a traceback message can appear when you execute the microcode reload pxf command. The traceback message appears only when thousands of PXF queues are configured with random-detect enabled and the microcode reload pxf command is issued.

Workaround: There is no workaround for this problem.

CSCed20626

'Exec' process CPUHOG occurs. This is caused by the dir all command, probably due to the attempted accesses to the secondary's PCMCIA slots.

Workaround: None needed. The router continues to function, but the console is unusable for a short while(10-30 seconds). Alternatively, use the dir device commands only for known good device names.

CSCed29494

The maximum queue limit for a low -peed link is 4096, but the system allows you to set the queue limit to 8192.

Workaround: There is no workaround for this problem.

CSCed54867

The input service policy does not match traffic as shown by the show policy-map interface command if there is no action associated for that class.

Workaround: The workaround is to set up an action such as "set" or "police".

CSCed59185

When you apply the following example configuration to an output interface that is MPLS enabled, and send traffic from the CPU of the local router (ping other routers or hosts), the traffic is not policed by the policy map.

Policy Map exp2cos 
Class exp0 
set cos 1 
Class exp1 
police 104000 5000 150800 conform-action transmit exceed-action drop 
violate-action drop 
Class exp2 

This problem only affects the traffic from the router CPU, and does not affect traffic passing through the router.

Workaround: There is no workaround for this problem.

CSCed62503

When you apply a policy map to a tunnel interface on a router configured with a PRE2 processor, a traceback message appears. This problem occurs when the policy map is applied to a tunnel interface.

Workaround: There is no workaround for this problem.

CSCed65349

When you configure 2000 PPP interfaces, traffic does not reach 99percent of the line rate after performing 4 HA RPR switchovers. The traffic rates keep fluctuating.

Workaround: There is no workaround for this problem.

CSCed68868

A traceback message appears when you unconfigure the spoke PE router configured for half-duplex VRF over PPPoE. This problem occurs with 32k PPPoE sessions and 40 spoke VRF, therefore scaling to high values.

Workaround: There is no workaround for this problem.

CSCed70202

A traceback message appears when you unconfigure the hub PE router configured for half-duplex VRF. This problem occurs with 32k sessions, therefore scaling to high values.

Workaround: There is no workaround for this problem.

CSCed71107

When 2 time-based ACLs are configured to deny traffic at the same time and are applied to different interfaces, one of the ACLs fails to work properly.

Workaround: There is no workaround for this problem.

CSCed72023

Excessive CPU utilization is detected for 5 minutes after unconfiguring half-duplex VRF with a large number of PPPoE user sessions. This problem occurs with 32k PPPoE sessions, therefore scaling to high values.

Workaround: There is no workaround for this problem.

CSCed72338

The system allows non-nested queuing policy maps to be applied via the frame-relay map-class command on Frame Relay main interfaces and subinterfaces; it should not allow such policy maps to be configured.

Workaround: There is no workaround for this problem.

CSCed86371

Automation Protection Switching (APS) active state does not stay with the lowest active odd port after a PRE switchover.

Workaround: There is no workaround for this problem.

CSCed88782

The secondary port does not go to a working state during a signal degrade of the primary port using threshold SON ERR RAT 1e-6.

Workaround: Set the BIP threshold to 6; do not set the BIP threshold to 7.

CSCee02536

When configuring MPLS Layer 3 VPN, the PXF CEF/FIB table can hold up to 4085 VRFs, although it is designed to hold 4095 VRFs. If more than 4085 VRFs are configured, 10 of those VRFs do not have an entry in PXF CEF/FIB table, so traffic is not forwarded in those 10 VRFs.

Workaround: There is no workaround for this problem.

CSCee03801

After you issue the clear ip bgp * command, a Cisco 10000 series router takes longer than 30 minutes to achieve convergence. eBGP sessions between PE and CE routers can go up and down multiple times, and the IGP routing protocol and LDP session can also go down and up again.

These problems occur under the following conditions:

1. 4095 VRFs are configured on a router
2. 500 eBGP sessions are established between the router (PE) and CE routers
3. 540 VRF routes per VRF in the 500 VRFs that are running eBGP between PE and CE routers
4. 40 VRF routes per VRF in the rest of 3595 VRF

Workaround: There is no workaround for this problem.

CSCee06089

When you apply a nested policy map using the bandwidth command in the child policy map to a POS OC48 interface, PXF stops responding. This problem occurs when you allocate a small amount of bandwidth, and it only occurs on POS OC48 interfaces.

Workaround: Allocate more bandwidth in the child policy map.

CSCee14864

Policing under a created queue, when attached at an MLP interface, accounts for only 2 bytes of the L2 header, so that policing is done at a higher rate than configured. This can cause a problem with priority queue CBWFQ functionality because the priority queue is configured with policing and its dequeue rate can be higher than intended.

Workaround: Do not configure policing under a created queue.

CSCee15674

When broadband PTA is configured with 114,000 queues, executing the microcode reload pxf command causes the ATM interface to display a big number of total output drops.

Workaround: Clear the counters.

CSCee20418

If the you change the amount of intercepted streams from 8 to 2 streams, the wrong amount of packets is intercepted. This occurs in Lawful Interception scenarios.

Workaround: There is no workaround for this problem.

CSCee25615

This problem occurs when almost all the system resources (VCCI) are in use, after an OIR (slot reset) is issued, and in the OC3 ATM line card. The reason it occurs in the OC3 ATM line card is that it happens in an ATM line card with multiple ports. The symptom is that all the sessions in the same port stop passing traffic after OIR.

Workaround: There is no workaround for this problem.

CSCee27630

A low-bandwidth class can be allocated more than its share of bandwidth at the expense of a high-bandwidth class. This problem occurs when the ratio of the configured bandwidths between two data classes is high (8:1 or higher) and when there is a priority class that receives traffic at (at least) 20 percent of the line rate. The traffic that is received by the data classes should be in the ratio of the configured bandwidths.

Workaround: There is no workaround for this problem.

CSCee42746

When using multiple intercepts in Lawful Intercept mode, the MIB information is not completely cleared after intercepts are cleared from SNMP. This problem occurs when 35 or more streams are intercepted at the same time.

Workaround: Use Cisco IOS to delete the stream that was not deleted by SNMP.

CSCee44273

The show activity line card debug command shows the VC configuration from the perspective of the line card, but the autovc information is not shown. Also, after you delete or create an autovc, the counter is inaccurate.

Workaround: There is no workaround for this problem.

CSCee45306

With 40 or more intercept streams in Lawful Intercept mode, the LI engine fails to intercept correctly for UDP traffic. This problem occurs when 40 or more streams are intercepted at the same time.

Workaround: There is no workaround for this problem.

CSCee45378

When intercepting streams at 5 Mbps or above in Lawful Intercept, the router CPU runs at about 78 percent of capacity. This problem occurs when 35 or more streams are intercepted at the same time.

Workaround: There is no workaround for this problem.

CSCee50060

A Cisco 10000 series router with PPPoA VCs can, under abnormal conditions (such as a denial-of-service attack involving the sending of PPPoA data packets before the PPPoA session is up), experience heavy RP CPU use. The router with PPPoA VCs can forward PPPoA data packets for non-existent sessions.

This problem occurs when PPPoA data traffic is sent before the session reaches the PTA forwarded state. A normal PPPoA client does not send traffic before the session is up.

Workaround: Configure RPF on all ATM subinterfaces containing PPPoA sessions. The subinterface should have an RPF check in addition to using an RPF check in the virtual template. Configuring RPF on the subinterface forces all PPPoA data traffic to be dropped by the PXF before the session reaches the PTA forward state.

CSCee54408

When the 1choc12 line card uses SDH framing, the Path Trace Buffer is unstable for au3 mode. This problem occurs only with SDH framing; the Path Trace Buffer is stable with SONET framing.

Workaround: There is no workaround for this problem.

CSCee54426

When the 1choc12 line card uses SDH framing, the J1 Path trace message is not received. This problem occurs only with SDH framing; The J1 Path Trace message is received when SONET framing is used.

Workaround: There is no workaround for this problem.

CSCee54473

A loss of frame (LOF) alarm appears for a T1 when framing SF is configured on both ends. This problem occurs when you configure T1 1 framing sf under AU-3 on a 1 port channelized OC12 line card.

Workaround: There is no workaround for this problem.

CSCee54971

The show policy-map interface command output does not display the layer 2 frame size correctly. The actual output policing rate is 6.6 percent higher than the configured policing rate on gigabit Ethernet and POS OC48 interfaces. The problem occurs when a police command is configured in a policy map, and the policy map is applied to a gigabit Ethernet or POS OC48 interface as an output policy map.

Workaround: Use shaping instead of policing.

CSCee55828

You cannot configure t1 1 framing esf and t1 loopback remote at the same time on a 1-port channelized OC12 line card. This problem occurs when you configure t1 1 framing esf under an AU-4 on a 1-port channelized OC12 line card.

Workaround: Configure t1 1 framing esf without the loopback configured for the T1.

CSCee57219

The set cos command in an output policy map applied to a VLAN subinterface does not work if the outgoing traffic is MPLS packets (with MPLS labels). The problem occurs when outgoing traffic is MPLS packets.

Workaround: There is no workaround for this problem.

CSCee57357

When scaling Frame Relay DLCIs on routers running IOS version 12.3(7)XI, traceback messages can appear on the console when bringing up the high number of DLCIs. This problem occurs when there are more than 3000 DLCIs on the interface.

Workaround: There is no workaround for this problem.

CSCee58454

On a router running 12.3(7)XI, if the LAC tries to redirect a call to the bid-winning LNS and fails after three attempts, a new RADIUS disconnect cause code with the value as 608 is not being sent to RADIUS by the LAC.

Workaround: There is no workaround for this problem.

CSCee60038

When a proxy service profile defined with V & X attributes is configured locally on the router, which is enabled to run SSG, an SSG host cannot activate the service it has been subscribed to.

Workaround: There is no workaround for this problem.

CSCee60101

ALIGN-3 traceback messages are displayed while running regression tests on a channelized OC12 line card with sonet 768 encap with E1 framing. This problem does not seem to affect the functionality of the card.

Workaround: There is no workaround for this problem.

CSCee61067

In 2-level policy map configurations using a parent shaper, the shaped traffic rate might not be within plus or minus 1 percent of the configured value. This problem occurs with certain parent shaper values and mostly small packet sizes.

Workaround: There is no workaround for this problem.

CSCee61485

Several PIM-related messages appear on the console when you remove, then re-apply a PIM configuration on the interface. This problem occurs when the removal and re-application of the configuration is done in a rapid manner.

Workaround: There is no workaround for this problem.

CSCee61502

When configuring an MLPPP interface on a redundant system, the standby PRE adds the no ip route-cache cef interface command to multilink interfaces. This additional line causes the system to generate the following error when the new standby PRE is reloaded:

May 19 13:20:47.222 EDT: %REDUNDANCY-3-CONFIG_SYNC: Active and Standby 
bulk configuration out of sync 

Workaround: Remove the no ip route-cache cef command from each multilink interface.

CSCee62159

Actual output and expected output for packet 1 does not match at nibble 8. This packet (packet_no 1, fragment_no : 1) is received in the wrong order. Other packets are also received in the wrong order. This problem occurs with the bootflash:c10k2-p11-mz.v123_7_xi_throttle.040510 image and the test is passed with Feb17 bba image.

Workaround: There is no workaround for this problem.

CSCee63636

MPLS:Traceroute does not show Labels being switched-propagate-ttl ON.

Workaround: There is no workaround for this problem.

CSCee64067

Traffic is not forwarded to an RBE client in a VRF. This problem occurs when an RBE client that doesn't respond to ARP requests, exists in a MPLS VPN. A static ARP entry for the client must be configured on the access router but the traffic is still not forwarded due to this problem

Workaround: There is no workaround for this problem.

CSCee65789

A 4% packet drop is seen for various packet sizes over a 1choc12-sdh interface when running performance/scalability tests.

Workaround: There is no workaround for this problem.

CSCee66066

BERT testing over a clear channel DS3 interface for the 1CHOC12 line card fails as a result of the DS3 interface, which remains in a DOWN state.

Workaround: There is no workaround for this problem.

CSCee66091

During SNMP polling of the AAA Server MIB, the casDeadCount variable can cause a CPU hog on the router. This problem occurs with a large number of RBE interfaces (16K) and bi-directional traffic running.

Workaround: There is no workaround for this problem.

CSCee66314

In Lawful Intercept mode a traceback message might appear on the Intercept Access Point (IAP) router when the interface to the mediation router is shut down. This problem occurs when traffic is sent through the IAP and interception is turned on.

Workaround: There is no workaround for this problem.

CSCee68404

If a PRE2 is in the early process of booting up, sometimes the SEND-BREAK character sequence can cause the router to crash instead of gracefully dropping back into ROMMON. This problem occurs when the PRE2 is in the early stages of the boot process and the SEND-BREAK is issued. If the PRE2 is already booted up, this is not an issue.

Workaround: To gracefully drop the PRE2 into ROMMON, if the configuration register is set to accept SEND-BREAK, wait until the PRE2 is fully booted.

CSCee68480

Priority queue latency can exceed the threshold of 2MTU+6msec. This problem occurs when more than 3 queues are configured on a interface, in addition to the priority queue.

Workaround: There is no workaround for this problem.

CSCee72919

AAA accounting records for a PPPoA session terminated on a Cisco 10000 series router in a PTA fashion shows repeated entries for the Framed-Route attribute (attribute 22).

Workaround: There is no workaround for this problem.

CSCee72931

When a PPPoA session is cleared on the PTA router using the clear pppatm interface ATM X/Y/Z.A command or the clear int virtual-access command, the accounting stop record does not display the Octet and Packet counters. This problem occurs only when the session is cleared on the PTA router. If the user disconnects the session, the counters are displayed correctly.

Workaround: There is no workaround for this problem.

CSCee81270

When a source sends packets to a destination under the TCP protocol, the destination sends an echo response back to the sender. With the intercepting router configured to intercept "all", those echo packets should also be picked off. This does not occur.

Workaround: There is no workaround for this problem.

CSCee86091

The show version command does not display the bootloader image name.

Workaround: There is no workaround for this problem.

CSCee90904

In the presence of a large number of static routes (16k - 32k), line card flap/ router reload/OIR cause high CPU usage for a long period of time.

Workaround: There is no workaround for this problem.

CSCee93055

When clearing a PPPoE session using the clear pppoe all or clear interface virtual-access x.y command, the router displays the following messages:

XCM access error at ../toaster/c10k_rp/c10kds2_qos.c (4888) Jun 23 
12:34:12.587: c10k_ttcm_read: Invalid Address 3FC110A4

This problem occurs when the ATM interface VC is configured with protocol pppoe and dbs enable (Dynamic Bandwidth Selection).

Workaround: There is no workaround for this problem.

CSCee94457

Actual throughput is lower than expected throughput (94% of expected throughput). This problem occurs when testing CAR (with MQC Policy command) on 4 Port OC3 ATM line card, packet size is 64 bytes, and encapsulation type is aal5snap. There is no problem with a packet size of 128 bytes or higher. If the encapsulation type is aal5mux, no problem is found.

Workaround: There is no workaround for this problem

CSCee95619

Attribute 1 User-Name is not included in Stop records from LNS. This problem occurs when the LNS router runs the 12.3(5a)B image.

Workaround: There is no workaround for this problem

CSCee96582

With broadband multipoint 31,500 PVCs with 30k sessions up, 126k queues, and you add a class with the set command in an output policy map on the fly, the router hangs for a long time then crashes. This problem occurs with broadband multipoint PVCs with 30k sessions up, 120k queues, then you add a class with the set command in a policy map on the fly.

Workaround: There is no workaround for this problem. With a large number of sessions and queue scaling, avoid changing policy map on the fly.

CSCef00808

The show pxf cpu stat security command shows incorrect statistics when Legal Intercept is configured along with time-based or regular access lists. This problem occurs only if Legal Intercept and access lists are configured and are interoperating.

Workaround: There is no workaround for this problem.

CSCef05454

In a router running 12.3(9), the PPPoA sessions can get stuck in LCP_NEGOTIATION. The problem also occurs in 12.2T. The output of the show atm pvc command shows the number of packet and cell drops incrementing continuously:

InPktDrops: 0, OutPktDrops: 13376/0/13376 (holdq/outputq/total) 
InCellDrops: 0, OutCellDrops: 12178 
InByteDrops: 0, OutByteDrops: 198692

The status of the sessions cycles between the following states and gets stuck in LCP_NEGOTIATION:

Jul 1 12:41:54.187: PPPATM: ATM2/0.1 1/176 [1220], State = 
WAIT_FOR_CALL 
Jul 1 12:41:55.139: PPPATM: ATM2/0.1 1/176 [1220], State = 
INCOMING_CALL 
Jul 1 12:41:55.139: PPPATM: ATM2/0.1 1/176 [1220], State = 
NAS_PORT_POLICY_INQUIRY 
Jul 1 12:41:55.139: PPPATM: ATM2/0.1 1/176 [1220], State = PPP_START 
Jul 1 12:41:55.139: PPPATM: ATM2/0.1 1/176 [1220], State = 
LCP_NEGOTIATION 

Workaround: Reload the router.

CSCef08967

The WRED sampling frequency is too slow, which can cause jitter for the overall algorithm.

Workaround: There is no workaround for this problem.

CSCef09119

With broadband PTA 128k queue with input and output policy map, removing the input policy from Virtual-Template causes a CPUHOG traceback message. This occurs when configuring 31.5k ATM subinterfaces with output CBWFQ policy, and input police policy in Virtual-Template, bringing up 30k PPPoE sessions, and removing the input policy map.

Workaround: There is no workaround for this problem.

CSCef14249

When sending traffic with 1024 byte large size packets over 120k queues with 80 percent oc12atm line rate, traffic drops 10 percent due to buffer_low packet drop. This problem occurs when 120k queue scaling is configured with only large packet size traffic.

Workaround: There is no workaround for this problem. Send traffic with mixed size packets, tending to small packets.

CSCef15141

On Cisco 10000 routers running 12.3(7)XI, the Priority Queue latency values (in milliseconds) is higher than 2*MTU + 6ms on 4Mbps and 8Mbps subrates of the 8e3ds3 line card.

Workaround: There is no workaround for this problem.

CSCef17801

When configuring over 2000 Frame-Relay DLCI interfaces on a 1choc12 line card, the router's CPU runs over 30% of its capacity. This problem occurs only if the number of Frame-Relay sub-interfaces is over 2000.

Workaround: There is no workaround for this problem.

CSCef18947

The show vlans command does not report the correct statistics when a second CPU is enabled on 7301/NPPEG1 platforms.

Workaround: Disable the second CPU, however, this affects performance.

CSCef19259

If autovc is configured, tracebacks can occur when an ATM VC is deactivated.

Workaround: There is no workaround for this problem.

CSCef20523

PPPoEoA sessions using CBWFQ experience BQ drops. In some cases, when aggregate traffic is near the VC rate, the BQ tail drops packets. This problem appears with low bandwidth VCs, in this case 196 kbps.

Workaround: Changing the queue-limit via the policy map and/or the VC queue depth will improve the result.

CSCef24008

When using a 4choc3 line card and 300 or more VT T1 interfaces are configured with PPP encapsulation, some T1 links do not achieve full traffic line rate. This problem occurs when all 300+ interfaces are sending traffic at line rate concurrently.

Workaround: There is no workaround for this problem

CSCef24551

When running Automated Protection Switching (APS), the router can experience traffic loss after the hw-module slot x reset command is executed.

Workaround: Avoid executing hw-module slot x reset.

CSCef27202

On Cisco 10000 series routers running in PTA mode, a CPU hog message appears if you execute the show vpdn session command when there are more than 30,000 sessions active. This problem occurs if the number of active sessions is large.

Workaround: There is no workaround for this problem.

CSCef27221

When a router runs as a LAC and the rate at which PPPoA sessions are established is high, some sessions may not be established and the router can display an error message on the console. This problem occurs when 30,000 PPPoA sessions or more are established at high rate, such as when the ATM link to the DSLAM is restored after a link failure.

Workaround: Reduce the call admission rate for the PPPoA sessions.

CSCef27417

Output drops can be erroneously reported on the ATM OC12 interface upon reloading the router and without any traffic sent or received on the interface. The output drops interface counter may also report invalid non-zero values with a light traffic load on the interface (PPPoX session establishment). This problem occurs when a high number of VCs is configured on the interface.

Workaround: There is no workaround for this problem.

CSCef27539

PPPoEoA sessions experience priority traffic drops when using an absolute priority configuration. This problem occurs during traffic congestion; with 8000 PPPoEoA sessions, priority traffic is dropped at the line card.

Workaround: Modifying the VC queue depth improves but does not alleviate the drops. Changing the configuration to a generic PQ configuration (without absolute priority) alleviates the drops.

CSCef30736

When using WRED with 10,000 queues on 4,000 ATM subinterfaces after counters have been cleared, the total output drops on the ATM interface increases without any traffic.

Workaround: There is no workaround for this problem.

CSCef30873

The router can crash due to an "Unexpected Exception" when you flap several Multilink PPP interfaces several times. This problem occurs when over 50 MLPPP interfaces are concurrently brought up, then down, several times in a short period of time.

Workaround: There is no workaround for this problem.

CSCef31662

The first serial interface on a line card is down after adding it to an MLP bundle. This problem occurs when the interface had been configured earlier as a bundle member, removed together with the bundle and then created back again.

Workaround: There is no workaround for this problem.

CSCef32203

A serial interface using PPP encapsulation is in up/down state. All incoming packets are errored. This problem occurs when the serial interface is removed and recreated while forwarding traffic.

Workaround: Reload the linecard code using the hw-module slot <1-8> reset command.

CSCef32601

When configuring 1000 VRFs in a Cisco 10000 series router and injecting 660 static VRF routes per VRF, the route processor cannot hold the total of 660k VRF routes. The CEF is disabled automatically on the router and the router is not able to forward any traffic. When 660 static VRF routes are injected per VRF of 1000 VRFs, the router runs out of memory on the route processor.

If 620 VRF routes per VRF are injected into the router via 1000 eBGP sessions (one eBGP session per VRF), the router runs out of memory on the route processor.

Workaround: There is no workaround for this problem.

CSCef32815

The MQC policer overhead accounting is not consistent between input and output service policies applied to a PPPoA or PPPoEoA virtual-access interface.

Workaround: There is no workaround for this problem.

CSCef36672

The debug aaa pod command shows information pertaining to all sessions, not the session you want to end. There is too much information you are not interested in.

Workaround: There is no workaround for this problem.

CSCef42332

The MLPPP peer router reloads after executing the microcode reload pxf command.

This problem occurs when the Cisco 10000 series router crashes when configured with several Multilink interfaces and is passing traffic after a PXF reload on a peer router.

Workaround: There is no workaround for this problem.

CSCef44918

The Cisco 10000 series router shows incorrect counters when executing the show policy-map interface ATM x vc y command.

Workaround: There is no workaround for this problem.

CSCef47220

The Path Trace buffer value may be displayed as UNSTABLE, when you do a show controller for the AU-3 port and are looking for the overhead bytes.

For a Cisco 10000 series router, the 4-port Channelized OC3 line card is configured as AU-3 E1 configure j1 length 16 and the AU3 controller is configured j1 message CISCO SYSTEMS.

Workaround: There is no workaround for this problem.

CSCef47280

A T1 interface configured under an AU-4 on a 4-port channelized OC3 line card does not come up when interoperating with a 3rd party test analyzer device.

On a Cisco 10000 series router, when you configure the AU-4 T1 interface on a 4-port channelized OC3 line card that is connected to a 3rd party test analyzer device on the far end with the same configuration, the T1 interface does not come up.

Workaround: There is no workaround for this problem.

CSCef47688

When configuring a range of PVCs with more UBR VCs than the limit on the interface, the following error message appears:

PVC Range: Total number of VCs exceeds the interface limit.

Even if you configure oversubscription under that interface, you cannot configure more circuits than the interface limit.

Workaround: There is no workaround for this problem.

CSCef50661

In some configurations the weight (used for round robin scheduling of the VC into a VP) may be more than the queue depth (the amount of cells the line card will hold for the VC). In this scenario the user may not see the proper weighting of the VCs in the VP. The queue depth places a ceiling on how many cells can be sent at one time.

Workaround: Both the weight and queue depth can be configured with CLI. Ensure that the queue depth is at least as high as the weight.

CSCef51082

The discard bit match is not done at the MPLS output interface when it is set at the vrf input interface. This problem occurs when the qos set was initially done with the mpls exp bit, then changed to the discard bit.

Workaround: If the discard bit needs to be matched at the MPLS interface, do not configure the mpls exp bit set at the vrf input interface.

CSCef56348

With PPPoE, PPPoA, or VPDN sessions, the following message may appear in the log: "*Aug 25 06:57:07.759: Reload unknown session type." This problem can occur after a microcode reload.

Workaround: There is no workaround for this problem.

CSCef56455

On rare occasions, configuring speed using the Dynamic Bandwidth Selection (DBS) feature is not fully reliable. Initial user connections are properly set, but subsequent connections will not. This failure to configure the connection speed using DBS occurs when bringing up over 2000 user connections.

Workaround: There is no workaround for this problem.

CSCef59264

The IP shaping rate is changed to the VC shaping rate provisioned via DBS. If the VC shaping rate is provisioned via DBS and there is an IP shaper configured in the service policy attached to this VC, the IP shaping rate is set to the VC shaping rate that was provisioned via DBS.

Workaround: There is no workaround for this problem.

CSCef61177

MLPPP traffic is not utilizing full interface bandwidth. This problem occurs when MLPPP and LFI over a serial interface are configured and traffic is sent at the rate of the serial interface or at a greater rate.

Workaround: There is no workaround for this problem.

CSCef61795

F4 OAM cells are not generated or received for end-to-end loopback. Only end-to-end loopback is affected, whereas segment loopback functions as expected.

Workaround: There is no workaround for this problem.

CSCef64315

A traceback can appear when deconfiguring an ATM PVC on a 4-port ATM line card. This problem occurs on a Cisco 10000 series router, on a 4-port ATM OC3 line card.

Workaround: There is no workaround for this problem.

CSCef64378

The Cisco 10000 series router configured and LNS with tos-reflection applied onto the L2TP tunnel towards the LAC drops packets that do not have TOS field=0 on the original IP Header of the packet. Present in 12.3(7)XI with tos-reflect either configured using "ip tos reflect" in the LNS VPDN group.

Workaround: Disable tos-reflection on the VPDN-group on the LNS.

CSCef69197

When a Cisco 10000 series router is configured for Automatic Protection Switching (APS), a spurious memory access traceback occurs during a router reload. The traceback occurs when one or more pairs of 4 port OC3 ATM line cards are configured for APS, the configuration is saved, and the router is reloaded. There are no subsequent problems related with this traceback.

Workaround: There is no workaround for this problem.

CSCef70580

A Cisco router running Cisco IOS Release 12.3(7)XI1 can reload unexpectedly. Output similar to the following is displayed on the console during the reload:

%SYS-2-CHUNKBADMAGIC: Bad magic number in chunk header, chunk 64A72148  
data 64A72AFC  chunkmagic 15A3C78B  chunk_freemagic 642A4D04
-Process= "Check heaps", ipl= 0, pid= 5
-Traceback= 608960C8 608962D0 60895F08

%Software-forced reload
Unexpected exception, CPU signal 23, PC = 0x60873608

Workaround: There is no workaround for this problem.

CSCef71570

When APS is configured, you see console messages when the PRE2 is rebooted or failed over. There is no impact on the sessions.

Workaround: There is no workaround for this problem.

CSCef72129

When configuring create on demand PVCs (individual and within a range) and PPP sessions, RP CPU utilization can be extremely high when bringing up and tearing down sessions and PVCs. This is only a concern when the configuration contains approximately 30,000 PPP sessions, and additional services are enabled such as DBS, ACLs, and service policies.

Workaround: To reduce the RP CPU usage for PPPoA sessions, reduce the number of configured PVCs in a single subinterface. To reduce the RP CPU usage for PPPoEoA sessions, use call admission control (call admission limit command).

CSCef73055

When switchover is done from the primary PRE2 to the standby PRE2, console messages appear. There is no impact to the system.

Workaround: There is no workaround for this problem.

CSCef74370

At high call rate when the PRE2 is switched over from Primary to Secondary, some of the PTA sessions are stuck in "TRANS" state.

Workaround: Reduce the call rate of the sessions.

CSCef74990

Broadband PPPoE PTA 28,000 subinterfaces (PVCs) with policy-map, total 114,000 queues, CPU about 62% after traffic. This problem occurs when PPPoE PTA 28,000 subinterfaces (PVCs), 114,000 queue scaling configured with traffic.

Workaround: There is no workaround for this problem.

CSCef75434

Inaccurate traffic counters are displayed when running traffic on the Managed LNS router. Cisco 10000 series LNS routers do not match the transmit and receive packets for Managed LNS traffic.

Workaround: There is no workaround for this problem.

CSCef76338

PTA pppoe 8000 pvc 32k queue, send mixed size line rate traffic, packets drop. Condition: Send mixed size packets line rate traffic, packets tail drop on BQ.

Workaround: Lower the traffic rate.

CSCef79045

The auto VCs (infinite range VCs) do not disappear even when the traffic from the client is stopped. If traffic is sent on a large number of VCs at a high rate, then infinite range VCs are created, they do not disappear even when the traffic is stopped or the interface is shut down.

Workaround: Stop the traffic and wait for couple hours for the buffer to clear up and then eventually the VCs to disappear or reload.

CSCef79688

MPLS Packets are punted to the Route Processor. This problem occurs when MPLS Packets are sent over a Frame Relay Interface.

Workaround: There is no workaround for this problem.

CSCef80300

Enabling multicast on a Cisco 10000 series router working as an LNS causes high CPU usage.

Workaround: There is no workaround for this problem.

CSCef81452

On a Cisco 10000 series router, if the router is configured for Multilink PPP (MLPPP) with QoS and the user resets the line card containing member links, traffic can be affected as a result of the reset. This problem occurs when QoS is configured on MLPPP links and the line card is reset using the hw-module card x/y/z reset command.

Workaround: Execute the microcode reload pxf command to resolve the problem.

CSCef81634

Using the external generating tool IXIA Explorer to bring up and tear down SSG sessions quickly, the PRE2 crashes with a Bus Error Exception. This problem occurs when the tool initializes the interface and quickly brings sessions back up while the old sessions are still cleared out.

Workaround: There is no workaround for this problem.

CSCef82322

A line card remains down for more than 10 minutes when you OIR the line card. This problem only occurs with a high number of QinQ sessions [31000 QinQ sessions].

Workaround: There is no workaround for this problem.

CSCef82371

Changing policy map criteria with a high number of QinQ sessions [31,000] results in CPU-Hog Tracebacks.

Workaround: There is no workaround for this problem.

CSCef83376

When using the VRF to local RADIUS feature that was introduced in 12.3(7)XI1, the default authentication fails, causing the PPPoA or PPPoE session to fail.

Workaround: There is no workaround for this problem.

CSCef84595

The OAM ping sent from the client to UUT, does not get a response back. The UUT was configured with infinite range VCs on the interface. When the client sent an OAM ping packet on one VC to the UUT, the UUT did not create the VC and did not send the response back to the client.

Workaround: If the interface on UUT is configured with no pxf queuing, then the client receives the ping response.

CSCef84923

The SAR Rev B chip on an OC12 ATM line card reloads multiple times during ATM card reset or boot up. This problem occurs with the latest SAR Rev 1.7.4 running on the12.3(7)XI2 image on a Cisco 10000 series router

Workaround: There is no workaround for this problem.

CSCef85857

E1 interfaces on the 4-Ch-STM1 line card flap randomly. This problem occurs with very little traffic flowing through the router. Whenever the interface goes down, it comes back up after 10 seconds.

Workaround: There is no workaround for this problem.

CSCef89397

On a Cisco 10000 series router running Cisco IOS Release 12.3(7)XI, alignment errors occur after executing the redundancy force-switchover main-cpu command. This problem was found while running 4000 active PPPoE sessions and running traffic over some of the sessions.

Workaround: There is no workaround for this problem.

CSCef89413

On a Cisco 10000 series router running Cisco IOS Release 12.3(7)XI, there is no message displayed on the router to warn the user that the router has run out of available VCCI interfaces. This problem occurs when more PPPoX sessions come in than there are available VCCIs.

Workaround: There is no workaround for this problem.

CSCef90647

On a Cisco 10000 series router running Cisco IOS Release 12.3(7)XI, copying a large file to disk can render the disk unusable. This problem occurs when copying the file on a router with a busy CPU load.

Workaround: There is no workaround for this problem.

CSCef91000

On a Cisco 10000 series router running Cisco IOS Release 12.3(7)XI2, when create on demand PPPoE and PPPoA VC classes are configured on the same interface, the PPPoA sessions are not established. This problem occurs only if both PPPoE and PPPoA are configured on the interface with create on demand.

Workaround: Configure different VCs for PPPoE and PPPoA.

CSCef92161

The absolute priority queue over an MLP bundle drops traffic after policing even when the traffic load is less than the MLP link capacity. This problem occurs when the MLP bundle has more than 1 member and no LFI enabled.

Workaround: There is no workaround for this problem.

CSCef92176

Packets/Bytes counters in the show interface multilink X are counted twice. This problem only applies to locally generated traffic, such as ICMP packets.

Workaround: There is no workaround for this problem.

CSCef92261

If large numbers of MPLS VPNs are configured, an SNMP mibwalk of the MPLS-VPN-MIB can timeout and cause a high CPU in the mplsVpnVrfPerfTable and the mplsVpnVrfRouteTable. (This MIB is not supported in the 12.2(16)BX or 12.3(7)XI images.)

Workaround: Exclude the mplsVpnMIB (or the mplsVpnVrfPerfTable and mplsVpnVrfRouteTable) from the SNMP view.

CSCef92404

On a Cisco 10000 series router running Cisco IOS Release12.3(7)XI in RPR+ mode, the microcode of an ATM OC12 line card can reload on PRE failure. This problem occurs only when there is a PRE failure and switchover in RPR+ mode.

Workaround: There is no workaround for this problem.

CSCef92424

The nas-port attribute is not sent correctly while authenticating rfc1483 users. This problem occurs with a per-server group nas-port configuration enabled on a Cisco 10000 series router, the nas-port attribute [5] is not sent correctly in the access/accounting requests, while bringing up/down rfc1483 users.

Workaround: There is no workaround for this problem.

CSCef92479

Nas-port attribute [5] gets sent out, with 'attribute nas-port none' configured while bringing up ssg rfc1483 users. This problem occurs on a Cisco 10000 series router, where ssg is enabled, and with per-server group nas-port configured. In bringing up rfc1483 sessions, the nas-port attribute is sent out, despite 'attribute nas-port none' being configured on the router (which should disable sending out of the nas-port attribute).

Workaround: There is no workaround for this problem.

CSCef92614

An incorrect nas-port value is sent out in authentication requests, based on what the configuration on the router was for the same. This problem occurs when the per-server group nas-port has been configured on the Cisco 10000 series router in such a way that the nas-port value in all authentication requests should be sent out in format e string of 32 I's (VPI value of incoming session) and the accounting requests should be sent out in format e string of 32 C's (VCI value of incoming session). However, on session bring up the authentication requests have a nas-port value representing the format e string value corresponding to 32 C's, which is incorrect.

Workaround: There is no workaround for this problem.

CSCef93639

Workaround: Resetting the 4CHOC3 line card or reloading the router could bring the interfaces to an up/up state.

CSCef93866

On a Cisco 10000 series router running 12.3(7)XI, the router can reload if high numbers of MLPPP and MR-APS are unconfigured via a tftp configuration file. This problem occurs when a high amount of unconfiguration commands are executed at the same time. This problem occurs with a 4CHOC3 line card while tftp-loading an unconfiguration file to unconfigure a Multilink PPP and MR-APS related running configuration.

Workaround: There is no workaround for this problem.

CSCef94282

On a Cisco 10000 series router running Cisco IOS Release 12.3(7)XI, the router could experience longer high CPU Utilization than normal when configuring it with VRFs with VPN overlay. This problem occurs while attempting to bring up 645 PPPoA sessions over 215 VRFs (with VPN overlay) and there are approximately 150,000 BGP routes in the system.

Workaround: There is no workaround for this problem.

CSCef94504

A Cisco 10008 router can reload when reporting a software forced crash (memory corruption). The problem was reported in 12.3(7)XI1.

Workaround: There is no workaround for this problem.

CSC94588

The in/out counters in the output of the show ip multicast interface command display only multicast packets punted to the RP for processing. Punted multicast packets are usually control packets. PXF switched packets are not counted in this display.

Workaround: Do no ip domain server lookup.

CSCef94838

On a broadband PTA with 14336 pppoe sessions and 43,000 queues, the domain server lookup failure causes a CPUHOG traceback message. This problem occurs when broadband PTA pppoe queue scaling is configured and domain lookup is enabled.

Workaround: Do no ip domain server lookup.

CSCef95719

RP CPU utilization can be high when bringing up PPPoA sessions when the following features are enabled: 31,500 PPPoA sessions, 12 VRFs, multipoint I/F, pvc (no range), autosense, pxf queueing, vbr-nrt vc shaping, hierarchical shaping, create-on-demand, ACLs (attribute 11), URPF, DBS, and QoS.

Workaround: There is no workaround for this problem.

CSCef95738

RP CPU utilization can be high when sustaining 30,000 PPPoA sessions when the following features are enabled: 12 VRFs, multipoint I/F, pvc (no range), autosense, pxf queueing, vbr-nrt vc shaping, hierarchical shaping, create-on-demand, ACLs (attribute 11), URPF, DBS, QoS, and keepalive 60.

Workaround: The only changeable parameter is the keepalive; turning it off or changing the value to a larger one might improve the situation.

CSCef96002

No traffic is going out of a few random interfaces on the feed Cisco 10000 series router of an MR-APS setup. This problem occurs with a 4CHOC3 line card on a Cisco 10000 series router that is used as the feed router for an MR-APS setup. Frame Relay is configured on the T1 interfaces and there are two equal weight static routes (one via the MR-APS Working and another via the MR-APS Protect) over each interface for the same traffic destination.

Workaround: Reset the line card or reload the router.

CSCef96748

The output of the sh policy-map interface command shows counter values even before traffic is sent.

Workaround: There is no workaround for this problem.

CSCef96834

Two microcode reloads causes memory corruption and a router reload.

Workaround: There is no workaround for this problem.

CSCef97101

A PXF crash can occur when 3,000 PPPoX sessions are all joining the same multicast group and receiving traffic from a multicast source at a rate of approximately 300 Kbits/sec. The PXF is crashing with the following error in particular:

Oct  8 12:51:47.977: %PXF-2-FAULT: T3 XCM1 FCRAM-C: Address Boundary 
Error 
Oct  8 12:51:47.977: %PXF-2-FAULT: T3 HW Exception: CPU[t3r3c1] IWRA at 
0x0914 LR 0x090C
Oct  8 12:51:47.977: %PXF-2-FAULT: T3 Local Bus Exception: CPU[t3r3c1] 
TBNP at 0x0914 LR 0x090C
Oct  8 12:51:47.977: %PXF-2-FAULT: T3 Exception summary: CPU[t3r3c1] 
Stat=0x00000026 HW=0x00100000 LB=0x00000008 SW=0x00000000

Workaround: There is no workaround for this problem.

CSCef97118

On a Cisco 10000 series router running Cisco IOS version 12.3(7)XI1, removing an ATM subinterface with an MQC service policy configured and active PPPoA sessions causes the PRE2 to reload. This problem occurs when MAC is configured on the interface.

Workaround: Remove the QoS configuration from the subinterface before removing the subinterface.

CSCef97194

OC12POS receive interface counters are not accurate. The OC12POS interface counter on the receive side of the MPLS core is reporting almost twice the value than the value reported on the transmit side of the link.

Workaround: There is no workaround for this problem.

CSCef97242

Routers do not use all MPLS loadsharing interfaces to send traffic at the label imposition direction. This problem occurs with MPLS loadsharing and each interface has a unique label.

Workaround: There is no workaround for this problem.

CSCeg00016

On a Cisco 10000 series router running Cisco IOS Release 12.3(7)XI1, the PXF can crash in PTA mode with 8000 PPPoE sessions configured. This problem occurs when there is a high amount of PPPoE and does not happen in a predictable manner.

Workaround: There is no workaround for this problem.

CSCeg00190

When the VT controller is going down/admindown, an incorrect dsx3LineStatusLastChange trap is sent out. This problem occurs when the VT path is configured ion the 1choc12-1 or 4chstm1-1 line card.

Workaround: There is no workaround for this problem.

CSCeg00438

On a Cisco 10000 series router running Cisco IOS Release 12.3(7)XI1, the policer counters in the output of show policy-map interface do not increment if the policy map is applied to a Virtual Access Interface. The police conformed/exceeded/violated counters are not updated (values are all zeroes) when an output service policy is applied on a virtual- access interface.

Workaround: There is no workaround for this problem.

CSCeg01317

When the resource limitations of cbwfq policy-map are reached, any change to queue limits (even a decrease) displays the "Queue limit failed" error for each and every session on the router.

Workaround: There is no workaround for this problem.

CSCeg01323

Even though policy maps are accepted by the console, they do not appear in sh run output.

Workaround: There is no workaround for this problem.

CSCeg01756

LAC-switched PPPoA sessions do not work when a PVC is configured to use aal5ciscoppp as the encapsulation. IPCP negotiation does not complete and PPP keepalives originating at the client timeout. This problem occurs when the Cisco 10000 series router is used as a LAC switch and the PVC is configured to use an encapsulation type of aal5ciscoppp.

Workaround: Use a different encapsulation type on the PVC such as aal5mux.

CSCeg02916

With a PRE2 system, when pinging another PRE2 across a serial link with a DSCP service policy attached at both ends and a priority queue designed to match ip dscp default, the outgoing pings go out through the priority queue, but the ping replies come back via the default queue at the remote end (not the priority queue). This is indicated by the show pxf cpu queue subinterfacename command. On the PRE1, the ping replies come back via the priority queue.

Workaround: There is no workaround for this problem.

CSCeg03962

PPPoE sessions on standalone VCs don't go down even after the interface is shut down. This problem occurs when PPPoE sessions are created on standalone PVCs, PVC range, and on PVC in range. All sessions are up, and when the interface is shut down all the sessions went down except for the sessions on stand-alone PVCs.

Workaround: There is no workaround for this problem.

CSCeg03964

RP CPU utilization can be extremely high when bringing up PPPoA sessions when using I/F Policy Map AV Pairs.

Workaround: There is no workaround for this problem.

CSCeg04038

Ping fails across native VLAN1. Dot1Q is enabled between 7500a and esr1 and between esr2 and gsr1. In both the cases the ping fails across the native VLAN1.

Workaround: There is no workaround for this problem.

CSCeg04052

Policing CONFORM, EXCEED, VIOLATE counters are incorrect. This problem occurs when attached at an oc48pos interface.

Workaround: There is no workaround for this problem.

CSCeg05090

The Cisco 10000 series router reloads upon disconnecting PPPoX sessions. While disconnecting the sessions the CPU utilization is rising to 100% (or close) and causing other active sessions to be disconnected. Active sessions being disconnected is also due to the inability of the Route Processor to handle the sending and receiving of the PPP keepalive on these active sessions. The reload is causing an RP switchover but the new active RP is logging the following error messages continuously:

Oct 14 17:03:32.401: %C10K-4-LC_WARN: Slot[8/0] 1oc12atm-1 SAR: 25/190 
reassembly device Get_Channel_Stats failure, status 0x02 (port 0, 
handle 0x36B3, id 0x0D3E) 
Oct 14 17:03:32.925: %C10K-4-LC_WARN: Slot[7/0] 1oc12atm-1 SAR: 0/54 
segmentation device Get_Channel_Stats failure, status 0x02 (port 0, 
handle 0x11C7, id 0x00F6) 

The reload and unexpected PPPoX disconnection of active sessions is triggered by the termination of some sessions (Terminate-Request packets sent on a few sessions).

Workaround: There is no workaround for this problem.

CSCeg05765

The session set up rate for more than 15,000 PPPoA sessions decreases to 1 session/second when all of the VCs are configured on the same multipoint subinterface.

Workaround: Spread the VCs over several multipoint interfaces subinterfaces.

CSCeg07002

The sh run command stops working when traffic is sent at 141,000 packets/second on unopened VC's. This problem occurs when trying to test that infinite range VCs are not created when the interface is not configured with 'create on-demand'.

Workaround: There is no workaround for this problem.

CSCeg09143

On a Cisco 10000 series router running Cisco IOS Release 12.3(7)XI, when member links of an MLPPP bundle flap, some links can fail to join the bundle afterwards and therefore stay in down/down state. This problem occurs only when there are over 1000 multilink interfaces configured on the router and all flap at the same time.

Workaround: There is no workaround for this problem.

CSCeg09602

On a Cisco 10000 series router running Cisco IOS Release 12.3(7)XI1 and subsequent releases, QoS shaping may not shape to the desired value when used inside a child policy map. This problem occurs only for certain shape values and traffic rates.

Workaround: There is no workaround for this problem.

CSCeg10311

A Cisco 10008 router can crash reporting a software forced crash (memory corruption). The problem occurs in Cisco IOS Release 12.3(7)XI1 and seems related to AAA.

Workaround: There is no workaround for this problem.

CSCeg10588

On a Cisco 10000 series router running 12.3(7)XI2, the index for oamLoopbackPingCompleted in the oamLoopbackPingCompletion trap is incorrect.

Workaround: There is no workaround for this problem.

CSCeg10833

The CPU stays at 99% for quite sometime while the CLI command does not return to the prompt. This problem occurs when 16,000 AutoVCs are configured on 16 multipoint interfaces with 1000 VCs configured in one VC range on every interface. The same VC class is attached to every range. The modification of the queue depth within the VC class causes the CPU hog.

Workaround: There is no workaround for this problem.

CSCeg12977

The Cisco 10000 series router is configured as an L2TP multi-hop router. The AAA authorization does not use the method list and instead uses the default. The tunnel does not get established. This problem occurs only if "aaa authorization default" is configured along with a method list.

Workaround: Configure a method list or configure the default authorization. Configuring both at the same time can cause this problem.

CSCeg14502

The router ignores the output policy map on a multilink bundle interface for MLPPP-encapsulated packets originating at the router. This problem applies only to locally-originated MLPPP traffic transiting a multilink bundle interface.

Workaround: There is no workaround for this problem.

CSCeg15184

The following errors display when setting up PPPoA sessions under stress:

Oct 25 15:37:09.815: %IDMGR-3-INVALID_ID: bad id in id_to_ptr 

Workaround: There is no workaround for this problem.

CSCeg16612

Invalid authentication requests packet sent out by PRE2 under stress. The invalid packets appear when the CPU is running at 99% and approximately 22,000 Active PPPoA sessions.

Workaround: There is no workaround for this problem.

CSCeg16629

The PRE2 is not able to bring up additional PPPoA sessions when the CPU is running under stress.

Workaround: There is no workaround for this problem.

CSCeg16800

Traffic is not received after an MR-APS switchover from the Protect router back to the Working router. Traffic does not resume on the output side of the Working router, after MR-APS switchover from the Protect router to the Working router.

Workaround: There is no workaround for this problem.

CSCeg17057

Changing the queue depth on more than 28,762 VBR PVCs uses all the VCCIs. This problem occurs when traffic is flowing on 30,000 VBR PVCs and the queue depth is changed. This causes the VCCI count to increase and reach the maximum value.

Workaround: There is no workaround for this problem.

CSCeg17829

Ordinary PVCs in a range don't get created after reload. In a PVC range, if the first and last PVCs in range are create on demand and the rest of the PVCs are ordinary PVCs, then on reload the ordinary PVCs don't get created.

Workaround: There is no workaround for this problem.

CSCeg19192

A traceback message displays when you run out of VCCIs while establishing 32,000 PPPoA sessions.

Workaround: There is no workaround for this problem.

CSCeg20293

Packet classification based on the DSCP IP field (or other matching criteria) may not operate as expected in a MPLS VPN configuration with an output service policy applied on an ATM PVC. This problem occurs when packets with a DSCP value set to 'ef' (101110) are transmitted in the downstream direction over a VC onto which an output policy is applied. The DSCP value should trigger the classification in the priority class. Instead, packets get classified in class-default.

Workaround: Toggle the ATM interface by performing a shut/no shut on the interface.

CSCin74068

When aaa authen login def enable and aaa author exec def gr radius are configured for a new telnet connection, authentication succeeds (with getting a username) on entering the correct enable password, but an access-request is sent to the RADIUS with NULL username for authorization. Authorization should be suppressed when the username is not known and a RADIUS access- request should not be sent with a null username.

Workaround: There is no workaround for this problem.

CSCin74698

Two accounting stop records are seen when "rsh" session is established to the router. This problem occurs when aaa accounting send stop-recod authentication failure command is configured.

Workaround: Disable aaa accounting send stop-record authentication failure command if it's not needed.

CSCin78805

When Auto VCs are configured as part of a range on a point-to-point subinterface, the VCs are made inactive.

Workaround: There is no workaround for this problem.


Resolved Caveats—Cisco IOS Release 12.3(7)XI2

This section describes caveats that were fixed in Cisco IOS Release 12.3(7)XI2.

For information about caveats fixed in other Cisco IOS releases, refer to the appropriate Release Note document at the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/aggr/10000/10krn/index.htm

CSCdy14140

Previously, the router reloaded with a bus error at tcp_outputpending after 2 users connected over a vty executed in parallel the sh running command and the format slot0: command.

CSCdz83304

Previously, a T3 link on a 4-port channelized OC-3 line card did not come up under Synchronous Digital Hierarchy (SDH) framing. This problem occurred when the 4-port channelized OC-3 line card interoperated with third-party vendor test equipment.

CSCea68229

Previously, the traffic flow over multirouter automatic protection switching (MR- APS) connections stopped. This problem occurred under the following conditions:

MR-APS was enabled on both a Cisco 10000 series router and a Cisco ONS15454 platform.

The protect interface was configured on an interface of a 6-port OC-3 Packet-over-SONET (POS) line card in the Cisco 10000 series router.

You entered the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface that was configured as the Protect Group Protocol link while the protect interface was active.

The working interface that was configured for MR-APS on the Cisco ONS15454 platform should have become active but failed to do so, causing the traffic flow over MR-APS connections to stop

CSCec16481

Previously, a Cisco device running Cisco IOS and enabled for the Open Shortest Path First (OSPF) Protocol was vulnerable to a Denial of Service (DoS) attack from a malformed OSPF packet. The OSPF protocol was not enabled by default.

The vulnerability was only present in IOS release trains based on 12.0S, 12.2, and 12.3. Releases based on 12.0, 12.1 mainlines and all IOS images prior to 12.0 were not affected. Refer to the Security Advisory for a complete list of affected release trains.

CSCec21464

Previously, VPDN per user authentication was not working when "vpdn authen-before-forward" was configured on the LAC, authentication and authorization was via RADIUS, and the RADIUS full username profile did not contain tunnel attributes and contained service-type = outbound. Under these conditions, a second RADIUS request for domain authorization was not sent and the call was locally terminated.

CSCec23717

Previously, there was a moderate memory leak that affected 120 bytes+ message data. Over a period of time and if the BGP session flapped frequently, there was a memory loss of a few megabytes.

CSCec38308

Previously, SSG only supported one class attribute rather than several of them, although a RADIUS client was supposed to put all class attributes that it received in Access-Accept messages into Accounting-Request messages that it sent for a session. (See RFC2865/2866.) This problem occurred on a Cisco platform that was configured as an SSG.

CSCec62993

Previously, the following error message appeared with debug vpdn l2x-errors enabled when users were trying to connect to an LNS and user@domain was the username and domain being used to connect with:

vpn_set_ppp_remote_name: Error inserting username, user@domain, into String DB

This problem occurred in a DSL environment with L2TP. The message appeared on the LNS. It did not affect the functioning of the router.

CSCec63011

Previously, standby Performance Routing Engines (PREs) reloaded because of the configuration of each PRE. This problem occurred on a standby PRE that was installed in a Cisco 10000 series router that was running Cisco IOS Release 12.0(26) or 12.0(26)SZ. However, the problem also occurred in other releases.

CSCec64461

Previously, when the load was increased to simulate multiple outstanding transactions, the default number of tries was not being calculated as per the formula defined to perform the computation.

CSCec78662

Previously, time-based ACLs did not work when placed inside a policy map. The results of placing a time-based ACL inside a policy map was either that the time-based rules were always active or inactive.

CSCec90041

Previously, BGP update generation entered a deadlock. This problem occurred when the RR configuration was changed.

CSCed09146

Previously, extra network Accounting STOP records were seen when an sync call failed on authentication. These were unwanted records and should not have been generated. This problem occurred for an async call on a 5300-T1 platform running Cisco IOS Release 12.3(5.8).

CSCed15391

Previously, there was spurious memory access at atm_vcmode_subcommands. This problem occurred under low memory conditions.

CSCed17693

Previously, when a policy map was configured on a Cisco 10000 series router running 12.3(7)XI and the queue limit was set to something higher than the default of 64, the interface queue limit on the serial interface did not change when the service policy was applied.

Policy Map downlink 
Class class-default 
queue-limit 128 
shape 1500 

CSCed18557

Previously, a memory leak may occurred in the "dead process" on a Cisco router, and memory allocation failures (MALLOCFAIL) was reported in the processor pool. The authentication, authorization, and accounting (AAA) User Identifier (UID) database could leak about 200,000 bytes for each failed EXEC call or vty session because of internal errors during the initiation process. This problem occurred when EXEC Accounting and Network Accounting were enabled and when a failure occurred during an EXEC call or a vty session. The reasons for the EXEC call failure or vty session failure could have been low processor memory on the Cisco router, an internal message processing error, or a timeout during the prompting for a username and password.

CSCed27086

Previously, a Cisco router that functioned as a PPPoX aggregator reloaded because of a bus error. this problem occurred in a highly scaled environment when many sessions were simultaneously established and torn down.

CSCed40933

Cisco Internetwork Operating System (IOS) Software is vulnerable to a Denial of Service (DoS) attack from crafted IPv6 packets when the device has been configured to process IPv6 traffic. This vulnerability requires multiple crafted packets to be sent to the device which may result in a reload upon successful exploitation.

More details can be found in the security advisory, which is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050126-ipv6.shtml.

CSCed59172

Previously, an SNMP trap configuration was erased when you entered the snmp-server enable traps snmp global configuration command with any trap type followed by the snmp-server enable traps [syslog | entity] global configuration command. This problem occurred on multiple Cisco platforms that run Cisco IOS Release 12.2 or Release 12.3.

CSCed63357

This caveat consisted of 6 separate problems, of which the first 3 apply to all Cisco IOS releases and the last 3 apply only to Cisco IOS Release 12.3 T:

1) There were 3 symptoms for this problem:

There was an inconsistent or duplicate display of files between the show disk slot-number and dir disk slot-number commands.

When a file was deleted from the CLI, the file was deleted but a "No such file" message appeared.

One cluster leaked. Entering the fsck command truncated the original file and created an orphan file for the leaked cluster.

This problem occurred when an application created or opened a file without the O_TRUNC: mode, as in the following example:

show version | append disk#:
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#vtp file new
Setting device to store VLAN database at filename new.
Router(config)#^Z

2) The show disk slot-number and dir disk slot-number commands showed inconsistent information (such as inconsistent file sizes) when multiple images were copied. This problem occurred when you make two copies of the image file to the disk by using two vtys and by entering the dir disk slot-number command at the same time.

3) There were 2 symptoms for this problem:

The show disk slot-number and dir disk slot-number commands may showed inconsistent information.

Entering the fsck command deleted or truncated the valid files or created an orphan file for an unused cluster.

This problem occurred when you renamed a directory that consisted of many subdirectories or files.

4) There were two symptoms for this problem:

There was a duplicate entry for each file when you entered the show disk slot-number command.

An SNMP Get on a ciscoFlashFileSize object entered a loop.

This problem occurred on a router running Cisco IOS Release 12.3 T after the router booted up.

5) There were 2 symptoms for this problem:

The show disk slot-number and dir disk slot-number commands may showed inconsistent information.

Entering the fsck command deleted or truncated the original file.

This problem occurred on a router running Cisco IOS Release 12.3 T when an application or a CLI command overwrote a file on the disk.

6) A router running Cisco IOS Release 12.3 T reloaded. This problem occurred when an application created or opened a file without the O_TRUNC mode and attempted to delete the file, as in the following example:

show version | append disk0:redirect.out" and issuing
delete disk0:disk0:redirect.out

CSCed68523

Previously, a LAC sent incorrect connection speed information in the L2TP setup message to the LNS, which in turn was forwarded to the AR RADIUS server for authentication. Conditions: This problem occurred on a router running Cisco IOS Release 12.3(6.2)T2. This problem could also occur in other releases.

CSCed84912

Previously, a Cisco router reloaded unexpectedly with a bus error when you entered the show caller command. This problem occurred when PPP was configured on a router running Cisco IOS Release 12.3, 12.3(3)B1, or 12.3 T. The problem was more likely to occur when the show caller output was lengthy, and particularly so if the output causes a ---More--- prompt. The problem was also more likely to occur when there was a high rate of connection and disconnection of PPP sessions, for example, when an interface flapped.

CSCed88169

Previously, when virtual-access interfaces were created for PPP over ATM connections, the bandwidth set on the virtual-access interface was not correctly set to match the bandwidth of the underlying ATM virtual circuit. This in turn impaired other facilities that needed the bandwidth value for their own purposes.

CSCed88805

Previously, a router reloaded unexpectedly with a bus error with the same address. The system was restarted by a bus error at PC 0x606B2BE4, address 0xB0D0C11. Decodes indicated that a PPP problem could be the cause of the symptom. This problem was not platform dependent and occurred with any type of IP PPP connection. This problem also occurred when there was a high volume of call connections and disconnections, for example, when an interface carrying multiple calls flapped.

CSCed91769

Previously, the interface counters through Virtual Access sub interfaces on ATM OC3 and OC12 line cards, did not get updated when configured as SSG interfaces. The output of the show int vi interface command indicated the input and output counters could be zero when a subinterface was configured as SSG.

CSCed93630

Previously, a Cisco router reloaded unexpectedly when a bgp debug command was enabled, and if IPv4 unicast was disabled for a BGP peer but there was vpnv4 configured with that same BGP peer. This problem occurred on a Cisco router running Cisco IOS Release 12.0S, 12.2S, or 12.3T.

CSCed94283

Previously, when scaling to 128K PXF queues with a policer configured on all queues, the router's CPU utilization ran at approximately 48 percent of capacity. This problem occurred with 128K PXF queues configured on ATM interfaces

CSCee03702

Previously, a Cisco router that was configured for SSG reloaded with a bus error. This problem occurred on a Cisco router that was configured for SSG and that had PPP SSG users when there were IPCP renegotiations on an active PPP session and a new IP address was assigned to the session.

CSCee08584

Cisco Internetwork Operating System (IOS) Software release trains 12.1YD, 12.2T, 12.3 and 12.3T, when configured for Cisco's IOS Telephony Service (ITS), Cisco CallManager Express (CME) or Survivable Remote Site Telephony (SRST) may contain a vulnerability in processing certain malformed control protocol messages.

A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS). This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml

Cisco has made free software upgrades available to address this vulnerability for all affected customers.

This vulnerability is documented by Cisco bug ID CSCee08584.

CSCee12235

Previously, a Cisco platform reloaded because of a watchdog timer expiration. This problem occurred on a Cisco platform running Cisco IOS Release 12.2(20)S2 or Release 12.3 under the following conditions: a service policy A was attached to an ATM PVC, policy map A was renamed to B, and service policy B was attached to the ATM PVC.

CSCee12452

Previously, the idle-timeout command under Auto VC range disappeared upon reload of the router. This problem occurred when a Cisco 7200 series router with a PA-A6 and running 12.3(5a)B was reloaded.

CSCee16150

Previously, the router did not respond to valid packet of disconnect (PoD) packets by disconnecting the user. Instead, the router returned a RADIUS-format packet with a Code of Disconnect-Request-NAKed (42 in decimal) and a Reply-Message attribute with a value set to the string "No Matching Session." This problem occurred when you used PoD to disconnect users, and have aaa pod server ... auth-type all ... configured, and used a PoD server that included an exact copy of RADIUS attribute 151 from an earlier accounting request in the PoD packet.

In RADIUS accounting packets, Cisco IOS generates attribute 151 values as a string of hexadecimal digits, corresponding to a 32-bit integer. When running an IOS version affected by this bug, the router IOS expects a copy of that 32-bit unsigned integer as a 32-bit unsigned integer, rather than as a string of ASCII characters representing a hexadecimal number. In Cisco IOS versions where the fix for this bug has been integrated, Cisco IOS will accept either the string which IOS sent out, or the 32-bit unsigned integer which unfixed versions accept.

CSCee19267

Previously, when a match criteria for a class was changed in a class that was attached to an interface, the change was rejected even though it was valid.

CSCee27421

Previously, on a Cisco 10000 series router running Cisco IOS Release 12.3(7)XI1, when configuring a service policy that contained a priority queue on a multilink interface the delay experienced by packets in queues other than the priority queue were sometimes very high. On MLPPP the delays experienced were as high as 2 seconds. When the same service policy was placed on a PPP or HDLC link the delays were acceptable.

CSCee24899

Previously, a router that was configured for multicast routing could reload due to a bus error. This problem occurred on a Cisco router running a Cisco IOS software release that contains the fix for CSCec80252.

CSCee25048

Previously, the router experienced a Spurious Accesses Violation when attempting to change an SSG service binding with live sessions under it.

CSCee29574

Previously, a child policy bandwidth calculation was wrongly mixed with the specified rate of an old parent policy. This problem occurred after you changed the configuration of a policy map in a hierarchical policy.

CSCee31627

Previously, with the command radius-server dead-criteria [time seconds] [tries number-of-tries] configured, the ALLDEADSERVER event was not sent when all servers were declared DEAD. This event was sent only after all servers had been re-tried for the configured number of tries.

CSCee36063

Previously, the Cisco 10000 series router did not forward traffic after changing the PVC settings of CBR, VBR or UBR.

CSCee36235

Previously, for PPPoX sessions, the Calling-Station-Id Radius Attribute (31) had to be filled with a customized field like: hostname.domainname:VPdescription:vpi:vci or hostname.domainname:VPdescription:macaddress. This problem occurred only for PPPoEoE, PPPoEoA and PPPoA (autodetecting and non-configurable) sessions.

CSCee36429

Previously, if you configured or modified random detect parameters for a policy map that was already applied to an interface, the router displayed an error message. This problem occurred if the modified policy map was part of a hierarchical policy map configuration.

CSCee42617

Previously, users were unable to authenticate using RADIUS, or accounting was not sent to the RADIUS server. In addition, when you entered the debug radius command, the following information was generated:

RADIUS(00000049): sending 
%RADIUS-3-NOSERVERS: No Radius hosts configured. 
RADIUS/DECODE: parse response no app start; FAIL 
RADIUS/DECODE: parse response; FAIL 

The output of the show running-config command indicated that there were in fact RADIUS servers in the server group.

This problem occurred after following these steps:

1. Remove and recreate a server group that was still referenced by one or more method lists, by entering the following commands:

no aaa group server radius XXXX
aaa group sever radius XXXX
server x.x.x.x ... 

2. Allow one of these method lists to be used, causing a transaction to be sent to a RADIUS or TACACS+ server in the server group.

3. Remove and re-add the radius-server host ... command lines for all authentication-capable (or accounting-capable if this group is used for accounting) servers in this server group.

If you entered the debug aaa sg-ref-count command before Step 2 a debug message similar to the following one was generated: AAA/SG: Server group ref count decoalesced sg_type for public group XXXX and is reduced by 2 to 0.

CSCee44988

Previously, when vpdn authen-before-forward and aaa authorization network default local group radius were configured, a second unwanted access request for authorization was sent.

CSCee59870

Previously, if the SAR page limit was reached while you were creating ATM PVCs, the router continued to create ATM PVCs but they were inactive. This problem has been fixed so that the router checks the SAR page limit before creating an ATM PVC. If the SAR page limit has been reached, a message displays indicating that there are no more SAR pages available for the PVC.

CSCee61353

Previously, AAA server counters, private and global, were not cleared. The AAA server counters were not reset to 0 (zero) when the clear aaa counters servers radius all command or clear aaa counters servers all command was issued.

CSCee69394

Previously, clearing the counter did not clear the police counter in a Virtual-Access interface. This problem occurred when you attached an input police policy map under a Virtual-Template, attached an output cbwfq policy map under an ATM subinterface, sent traffic, and then cleared the counter.

CSCee66183

Previously, if you reloaded the peer router (containing 768CGs MLPPP configuration in startup-config) while the traffic was flowing over the configured bundles, upon reload the configured interface remained in an up/down state, and bundles in a down/down state. Additionally, the router log indicated traceback and IPC failure messages.

CSCee70018

Previously, a router sent 3 access requests for 1 call session: the first request was the normal request, the second request had the right password but the wrong user name, and the third request had just the domain name as the user name. This problem occurred with a call rate condition of above 20 calls per second and occurred randomly for a view call sessions only.

CSCee71816

Previously, when traffic engineering tunnels were active, issuing the show pxf cpu statistics drop tunnel command caused the following traceback message to appear:

*May 31 20:12:04.947: %GENERAL-3-EREVENT: pxf_drop_interface: No c10k_tt_hwdb -Traceback= 
60D8F458 60D8BD98 60D8D9BC 603B322C 601404D0 603CD1B4 6045DD88 6045DD6C PE-1# 

CSCee72995

Previously, the debug condition username command did not filter as expected. This problem occurred on Cisco 10000 series routers running a Cisco IOS 12.2.16BX2a based release.

CSCee73535

Previously, in Lawful Intercept mode, the intercept stream sometimes was not deleted after the configured time to live (TTL) expired. This problem occurred if the TTL value was changed while the intercept was active.

CSCee74107

Previously, when a new bandwidth value was assigned using the bandwidth x command to an interface configured with hierarchical policy maps, the child QoS policy map (if configured with percentage values) incorrectly showed the earlier allocated bandwidth value and the new value assigned was not reflected in the child QoS policy map. This problem occurred only when changing the bandwidth value of the interfaces.

CSCee76540

Previously, the radius-server attribute 4 NAS IP address attribute was not accepted This problem occurred when you tried to configure RADIUS attribute 4.

CSCee78997

Previously, when changing the MTU of a serial interface on a CH-OC12 or CH24E1T1 line card, the optional sizes provided was in the range 64-17940. This was not correct. The correct range should have been 64-9108. If you changed the MTU to a value greater than 9108, the following error appeared:

 %GENERAL-3-EREVENT: c10k_ttcm_icb_update: attempt to set max_mtu to 9320 , overriden to 
9216  
-Traceback= 60D24E68 60D28294 6011B36C 60423510 604241A0 603B3110 601405A8 603CD098 
6045DD30 6045DD14

example:


router(config-if)#int s3/0/23:0 
router(config-if)#mtu ?
  <64-17940>  MTU size in bytes

router(config-if)#mtu 9200 
router(config-if)#
*Jun  8 16:45:50.950 EDT: %GENERAL-3-EREVENT: c10k_ttcm_icb_update: attempt to set max_mtu 
to 9320 , overriden to 9216  
-Traceback= 60D24E68 60D28294 6011B36C 60423510 604241A0 603B3110 601405A8 603CD098 
6045DD30 6045DD14
router(config-if)#
router(config-if)#

CSCee79228

Previously, on a Cisco 10000 series router configured as PTA device, some very small amount of memory was not released as PPP sessions were brought up and torn down. This problem caused the router to run out of memory after a long period of time.

CSCee81662

Previously, PPP sessions got stuck in the TERMSENT state. This problem occurred on a Cisco platform that has a high CPU utilization.

CSCee82413

Previously, the following errors appeared when setting up 31,500 PPPoX sessions on a PRE2 as LAC with DBS enabled:

Jun 9 12:34:48.520: %C10KATM-3-DBS: C10K internal DBS error, DBS: modify() failure: 
validation of params unsuccessful(1) ATM3/0/0 2277 1/2377 -Traceback= 600878C0 60162C30 
60C6C344 60C6C4D8 60C68348 60C6ACE8 60C6B2EC 60C63094 
Jun 9 12:34:48.524: %ATM-3-FAILMODIFYVC: ATM failed to modify VC(VCD=2277, VPI=1, 
VCI=2377) on Interface ATM3/0/0, (Cause of the failure: Failed to have the driver to 
modify the VC)
Jun 9 12:34:48.524: %C10KATM-3-DBS: C10K internal DBS error, DBS: modify() failure: vali 
dation of params unsuccessful(1) ATM3/0/0 2277 1/2377 -Traceback= 600878C0 60162C30 
60C6C344 60C6C508 60C6989C 60C60F00 60C6B1A8 60C6B2EC 60C63 094 
Jun 9 12:34:48.524: %C10KATM-3-DBS: C10K internal DBS error, DBS: modify() failure: vali 
dation of params unsuccessful(1) ATM3/0/0 2279 1/2379

The result was that QoS parameters that should be derived from RADIUS via DBS were not set for some ATM VCs.

CSCee85029

Previously, the class attribute was not sent in prepaid authorization requests for PPP users. This problem occurred in all releases after 12.3(2)T.

CSCee86374

Previously, after the installation of an IPCP negotiated IP address, the peer IP address was missing from various show commands, such as the show user and show caller ip commands. The actual IP address and the IP route were installed correctly. This problem occurred whenever an IPCP negotiated IP address was installed. The data was removed after being used, but it should have been retained for display purposes.

CSCee86557

Previously, All SWIDBs were used. This problem occurred when PPPoE or VPDN sessions flapped continuously.

CSCee90736

Previously, the ATM line card experienced a crash when there was a lot of change activity going on (VCs being added and deleted). On the Cisco IOS console, messages similar to the following appeared:

#sh log Jun 16 15:19:00.423 BST: %SYS-5-CONFIG_I: Configured from console by provuser on 
vty2 (address deleted) Jun 16 15:56:56.961 BST: %IPCGRP-3-SYSCALL: System call for command 
405 (slot3/0) : ipc_send_rpc_blocked failed (Cause: timeout) -Traceback= 6053D6BC 6053D994 
6053DB50 60096EAC 60083294 60164CC8 60DB8FB4 60DB96F0 60DB9BE8 Jun 16 15:57:02.962 BST: 
%IPCGRP-3-SYSCALL: System call for command 401 (slot3/0) : ipc_send_rpc_blocked failed 
(Cause: timeout) -Traceback= 6053D6BC 6053D994 6053DB50 60096EAC 60083294 60164CC8 
60DB8FB4 60DB96F0 60DB9BE8 Jun 16 15:57:03.962 BST: %IPCOIR-3-TIMEOUT: Timeout waiting for 
a response from slot 3/0. Jun 16 15:57:03.962 BST: %IPCOIR-2-CARD_UP_DOWN: Card in slot 
3/0 is down. Notifying 4oc3atm-1 driver. Jun 16 15:57:03.962 BST: %IPCGRP-3-CMDOP: IPC 
command 401 (slot3/0): line card ipc is disabled - dropping non-blocking ipc command 
-Traceback= 6053D940 6053E410 Jun 16 15:57:05.970 BST: %LINK-3-UPDOWN: Interface ATM3/0/1, 
changed state to down Jun 16 15:57:08.362 BST: %LINK-3-UPDOWN: Interface ATM3/0/0, changed 
state to down Jun 16 15:57:08.786 BST: %LINEPROTO-5-UPDOWN: Line protocol on Interface 
ATM3/0/1, changed state to down Jun 16 15:57:09.362 BST: %LINEPROTO-5-UPDOWN: Line 
protocol on Interface ATM3/0/0, changed state to down Jun 16 15:57:14.123 BST: 
%IPCOIR-5-CARD_DETECTED: Card type 4oc3atm-1 (0x2D8) in slot 3/0 Jun 16 15:57:14.123 BST: 
%IPCOIR-5-CARD_LOADING: Loading card in slot 3/0 Jun 16 15:57:15.315 BST: 
%C10K-5-LC_NOTICE: Slot[3/0] 4oc3atm-1 Image Downloaded...Booting... Jun 16 15:57:37.124 
BST: %IPCOIR-5-CARD_DETECTED: Card type 4oc3atm-1 (0x2D8) in slot 3/0 Jun 16 15:57:37.124 
BST: %IPCOIR-2-CARD_UP_DOWN: Card in slot 3/0 is up. Notifying 4oc3atm-1 driver. Jun 16 
15:57:50.161 BST: %LINK-3-UPDOWN: Interface ATM3/0/0, changed state to up Jun 16 
15:57:50.421 BST: %LINK-3-UPDOWN: Interface ATM3/0/1, changed state to up Jun 16 
15:57:51.201 BST: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM3/0/0, changed state 
to up Jun 16 15:57:51.421 BST: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM3/0/1, 
changed state to up Jun 16 16:19:04.759 BST: %IPCGRP-3-CMDOP: IPC command 405 (slot3/0): 
waiting for a keepalive -Traceback= 6053D6BC 6053D994 6053DB50 60096EAC 60083294 60166834 
601637E8 60DB8E90 60DB9A14 60DB9BE8

(display text omitted)

On the line card console the following appeared:

#if-con 3/0 Connecting console for slot 3/0 Type "^C^C^C" or "if-quit" to end this session 
log dump ----- Start of console log ----- oc3atm-3/0> FPGA: fatal FPGA interrupt 
encountered (0x00000010) ASSERT Failed: in 
../src-c10k-atm/ocXatm_fpga.c::fpga_int_handler() L1407 backtrace: 8000CCA4 80008334 
8003A754 80007880 

CSCee92098

Previously, the router experienced a CPUHOG when querying the cbQosQueueingCfgBandwidth MIB variable. This problem occurred in a Cisco 10008 (PRE2) with 28K ATM PVC configured when querying with snmpbulkwalk or snmpwalk.

CSCee92980

Previously, a router could reload if an NM-CEM-4TE1 and an NM-2CE1T1-PRI/NM-1CE1T1-PRI were used on the same router.

CSCee95684

Previously, the ability to configure CDVT in PVC and PVC-in-Range mode was not available. This problem occurred while configuring a VC in PVC mode or in PVC-in-Range mode.

CSCef00499

Previously, with broadband queue scaling with an input police policy on virtual-template and output CBWFQ policy on ATM 31,500 subinterfaces was configured, and then the output policy was removed, an XCM access error message occurred continuously. This problem occurred with broadband queue scaling with input and output policies configured, and then the output policy was subsequently removed.

CSCef01772

Previously, Cisco IOS could crash when receiving a malformed PPPoE packet. Without having a PPPoE configuration on the router, the router could crash if it received a PPPoE session Packet (0x8864) with Session ID = 0. This problem occurred on a Cisco 10000 series router running the 12.3(7)XI image.

CSCef03281

Previously, error messages that occurred during bandwidth oversubscription with ATM PVPs did not contain information for which interfaces or features were oversubscribed. Messages indicated the peak rate exceeding the available bandwidth Link oversubscribed by 92240 kbps. The error messages occurred when the sum of ATM PVP Peak Cell Rates exceeded the interface bandwidth.

CSCef09165

Previously, with SSG configured, VPDN parameters were locally provisioned but VPDN tunnels were not established between the LAC and the LNS. SSG VPDN services were not working.

CSCef11074

Previously, the following errors appeared when starting up 31,500 PPPoX sessions at 5 CPS on a PRE2 as PTA with SSG auto-logon configured:

*Jul  7 10:05:38.602: SSG-CTL-ERR: Unable to add HostRoute in CEF table x.x.x.x 
*Jul  7 10:05:38.602: SSG-CTL-ERR: host route addition failed 
*Jul  7 10:05:41.770: SSG-CTL-ERR: Unable to add HostRoute in CEF table x.x.x.x 
*Jul  7 10:05:41.770: SSG-CTL-ERR: host route addition failed

The result was that the Active HostObject Count in sho ssg host output did not match the ConnectionCount in sh ssg serv output. There was no upstream traffic on these lost connections.

CSCef13148

Previously, an unexpected spurious memory access error occurred when executing a show atm command.

CSCef13860

Previously, Cisco IOS Release 12.3(9.11) and later releases displayed an INVALIDTCB error message on the terminal after exiting a telnet session. This problem did not affect router functionality.

CSCef14453

Previously, under load conditions with a high number of PPP sessions in transit, a traceback in the ipigrp2_network_command displayed.

CSCef14961

Previously, the "%ATM-3-FAILCREATEVC: ATM failed to create VC" and "Attempting to over-subscribe tunnel bandwidth" messages were erroneously logged upon deletion and addition of VCs and VPs (hierarchical traffic shaping).

CSCef16734

Previously, an SNMP trap was not received. The DS3 line status object did not change.

CSCef17789

Previously, a performance degradation occurred when VP and VC shaping were configured on the same interface. Output drops occurred at the SAR level and affected the established PPPoX sessions. This problem occurred with a configuration that included shaped VPs (hierarchical traffic shaping), as well as VC's not mapping to any of the shaped VPs all configured on the same interface.

CSCef19196

Previously, the PVC weight configurable parameter was not visible under the show atm pvc or show atm vc command. This problem occurred when configuring the weight parameter of a VC mapping to a shaped VP (hierarchical traffic shaping).

CSCef20554

Previously, the CPU stayed at 100 percent utilization after a session was cleared. This problem occurred with 1000 VLANs and 32k sessions and 32 sessions per VLAN, clearing sessions while traffic was being sent over the sessions.

CSCef22603

Previously, ATM common code needed to classify VCs traffic-class versus rate change for Cisco 10000 series router platforms because they did not allow dynamic modification of the ATM QoS Traffic Class.

CSCef22724

Previously, there were traceback messages and malloc failures while running MLPPP regressions.This problem occurred when a bundle was bounced for some reason during high traffic. When this problem occurred, a CRITEVENT appeared in the log and the message "IPC Bundle Flush Failure" appeared.

CSCef22815

Previously, some memory was lost when you configured and removed several Multilink PPP interfaces. This problem led to buffer exhaustion over time and required a reload of the router.

CSCef24338

Previously, when a service policy configured with the police percent command was applied onto a Virtual-Access interface bound to a shaped PVC, the calculated police class bandwidth was not based on the PVC rate but on a 100 Mbps value.

CSCef24564

Previously, accounting of input packets/bytes was not happening correctly. When a client was connected to SSG and further on to a service linked via a gigabit Ethernet uplink subinterface, on an extended ping from client to service, the accounting of input packets/bytes was erroneous. The same result was reflected in output of the RADIUS accounting logs.

CSCef24716

Previously, a traceback message appeared when trying to log in an rfc1483 SSG host to a service over a gigabit Ethernet uplink. With a gigabit Ethernet uplink interface to the services, when an rfc1483 SSG host tried to log in to the service, a traceback message appeared.

CSCef25686

Previously, when changing the parameters of a VC class on an active PVC, a number of PVCs became locked in an INAC state while viewing PVC status using the show atm vc interface atm interface command. The following type of message appeared in the log:

%ATM-3-FAILREMOVEVC: ATM failed to remove VC(VCD=X, VPI=X, VCI=X) on Interface ATM X/X/X, 
(Cause of the failure: PVC removal during recreation failed) 

CSCef26366

Previously, an ACL had no effect even though it was configured. In show pxf cpu statistics security, packets were neither denied nor permitted. In show pxf cpu context, there were no feedback packets. The ACL had to be split. In show pxf cpu access-list security, the value of the table column had to be greater than 1 to have a split ACL.

CSCef26525

Previously, when a router had over 100 BGP peers, traceback messages appeared on the console after an RPR+ switchover. The system recovered and normal activities were resumed afterwards. This problem occurred only when the router had over 100 BGP peers and a switchover was performed.

CSCef28612

Previously, adding a new T1 on a 4OC3-CHSTM1 line card caused all other existing T1 lines on same STS to flap. Corresponding serial interfaces also flapped. All T1 lines then recovered by themselves. This problem did not occur when SDH framing, Au-4-tug-3,mode C-12 were used. This problem occurred under normal operational conditions for both HDLC and PPP encapsulation on serial links.

CSCef28767

Previously, if Multilink PPP was configured, Quality of Service (QoS) did not function properly when using a strict priority queue with other bandwidth queues. This problem occurred when the traffic sent to the priority queue exceeded the configured policer bandwidth. All traffic was forwarded through the priority queue regardless of the policer configuration, which had a negative effect on the effective bandwidth of the other queues.

CSCef28798

Previously, PPPoX sessions failed to connect on an ATM interface with the following error message logged on the console port:

XCM access error at../toaster/c10k_rp/c10kds2_qos.c (4874)

This problem occurred when several thousand QoS service policies were applied on the ATM PVCs.This problem potentially cause the active PRE2 to crash if the ATM PVCs were configured as create on-demand and the idle-timeout was enabled.

CSCef29360

Previously, when a router had over 8000 PPPoEoQinQ active sessions and input and output policing applied to all subinterfaces, the router reported a spurious memory access after you executed the microcode reload pxf command. This problem occurred only when the microcode reload pxf command was executed.

CSCef29940

Previously, on Cisco 10000 series routers running as PTA and terminating 31,500 PPPoA sessions, the router could run out of I/O memory when communications to the RADIUS server was lost and PPPoA sessions continued to be established. This problem occurred when the router could not communicate with the RADIUS server.

CSCef30497

Previously, with Q-in-Q configured on the subinterfaces, policy maps applied to the main interface were not inherited by the subinterfaces. This problem only affected subinterfaces configured with Q-in-Q. Policy maps applied to the main interface were not inherited by the subinterfaces.

CSCef30521

Previously, when booting up an 8e3ds3 ATM line card, 8 of the following messages appeared in the syslog: Failed to assert Physical Port Link Down alarm for ATMx/x/x.

CSCef31108

Previously, during the reload of a primary PRE2, the standby PRE2 logged numerous messages indicating that SNMP interface indices were exhausted. These messages displayed on the console log for the standby PRE2, and were also logged to a syslog server, if used. There could also be another error message and traceback in the standby PRE2 log indicating that the SONET MIB was not initializing:

%IFINDEX-4-NOIFINDEX: All SNMP if indices are exhausted %C10KATM-3-MIBINITFAIL: Sonet MIB 
initialization failed, ATM7/0/3 2 
-Traceback= 6007D5C4 6007F304 6009E5F8 60543224 6054A14C 603B468C 603CC044 603CC220 
603CC384 603CC428 604B9798 604B4934 604AEA20 604B6AB4 604B6CA0 601343C4 

These error messages occurred only on the standby PRE2 and appeared only when the router reloaded. The router continued to function normally, for example, when the standby PRE2 was fully booted up to become primary, traffic and management functioned properly.

CSCef31633

Previously, the input traffic for PPPoEoE sessions was not displayed when the show int gi command was executed. The output rate was displayed.

CSCef31712

Previously, a CPU hog message was generated when you executed the show pppoe summary command. This problem occurred when there were high-scaling unambiguous QinQ sessions and interfaces configured.

CSCef34640

Previously, traffic did not go through when authen-before-forward was configured on UUT with default search order. This problem occurred on a Cisco 7200 series router running 12.3(10) images.

CSCef34879

Previously, the DS3-MIB dsx3LineType shows as dsx3other for full rate t3 on 6ct3, 1choc12 and 4chstm1 au-3 mode c-3 with cbitparity. This problem occurs when using the SNMP DS3-MIB to get the line type for full rate T3.

CSCef38472

Previously, on a Cisco 10000 series router running Multi-Router Automatic Protection Switching (MRAPS), the 4-port ChSTM1 line card crashes when the controller port is in physical loopback. This problem occurs on a router running the 12.3(7)XI image.

CSCef42277

Previously, when applying new VC class parameters to the existing established PPPoEoA session, the virtual-access values for the session remained unchanged until the VC virtual-access interface was removed and added back to the configuration. This problem occurred during modification of VC class ATM PVC parameters on a VC over which a PPPoEoA session was established.

CSCef42849

Previously, there was a timing violation in the PRE2/PRE1 temperature sensor routine. Because the temperature sensor routines violated timing requirements, the temperature reading failed in a new device from a new vendor.

CSCef42982

Previously, the output of the show pxf cpu queue interface command was stuck in an infinite loop when VCs were configured on that interface. You could not track the output queues for the specified interface, and you had to use a different telnet session to continue using the device.

CSCef4345s

Previously, Some PVCs on a router acting as a LAC and also terminating PTA became locked. This problem occurred after the primary PRE2 was pulled from the chassis several times.

CSCef43562

Previously, the counters displayed with the show policy-map interface virtual-access command could be invalid and return negative rate values, especially when modifying the policy map parameters.

CSCef46191

Previously, a specifically crafted Transmission Control Protocol (TCP) connection to a telnet or reverse telnet port of a Cisco device running Internetwork Operating System (IOS) could block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases Hypertext Transport Protocol (HTTP) access to the Cisco device. Telnet, reverse telnet, RSH and SSH sessions established prior to exploitation were not affected. All other device services operated normally.

This problem occurred if you initiated a specially crafted TCP connection to a telnet or reverse telnet port, which resulted in blocking further telnet sessions. Services such as packet forwarding, routing protocols, and all other communication to and through the device remained unaffected.

CSCef47801

Previously, the chassis reset while modifying the running configuration with service compress-config enabled The L2 Watchdog timeout occurred after 4-24 hours of consistent running-config modifications and write-mem (~ 80 per hour).

CSCef48590

Previously, you could not change the VP rate without VC teardown.

CSCef49065

Previously, the input rate counter of the virtual access interface belonging to PPPoEoE of Gigabit Ethernet was not displayed when the sh int virtual-access command was executed. The output rate was displayed.

CSCef49206

Previously, the primary PRE2 experienced a software forced crash due to memory corruption. This problem occurred with a Cisco 10000 series router connected to a 6400 via 8 unprotected OC3 ATM connections and 4 APS protected connections. The crash occurred when the working 4-port ATM linecard in the Cisco 10000 series router was reset using the hw-module slot 7 reset command.

CSCef49314

Previously, as part of nas-port feature extensions in DDTS CSCee08931, format D was modified to include the Session-id in the 24 least-significant bits. Further discussion with devtest and PPPoX groups concluded that this change was inappropriate for format D, because it would cause more confusion than solve any problem. As such, this change was backed out.

CSCef50650

Previously, a router reloaded when it attempted to access a TACACS+ server. This problem occurred when the TACACS+ server was not up or was unreachable.

CSCef51809

Previously, when configuring more than 128,000 queues, "cannot create default queues" messages were displayed.

CSCef54042

Previously, after a PXF crash the per User statistics for L2TP sessions active at the Cisco 10000 series router acting as a LAC were much to high. This affected only very few sessions out of a couple of thousand.

CSCef54663

Previously, when configuring an ATM interface, under pvc-in-range mode, the queue depth and weight options were not available.

CSCef56689

Previously, the show pxf cpu police command caused a console hang or system crash. This problem occurred when a Virtual template, with sessions, and the same service policy was configured on both input and output. If you changed the input service policy and then changed the output service policy, executing the show pxf cpu police command caused a console hang or system crash.

CSCef60271

Previously, the router experienced a software forced crash when executing the show atm vc interface command and at the same time changing the class on several VCs. This problem occurred when VCs are configured for create on-demand.

CSCef63167

Previously, a Multilink interface was in a down/down state. All MLPPP member interfaces were in an up/up state. This problem occurred right after the Multilink interface was created or the member interfaces changed state to up/up. There were no queues associated with the Multilink interface. This could confirm using the show pxf cpu queue multilink number command. The system log also had following message: "Cannot attach bundle FIFO".

CSCef63785

Previously, the router reloaded upon clearing the PPPoEoA session when MQC with fair queue was configured on the ATM VC and a pulled policy is rejected.

CSCef67270

Previously, it was not possible to configure a VC weight to a value less than 5. The weight controls how many cells the VC can send into the VP tunnel before the SAR moves to the next VC. It is only applicable when shaped VPs are configured. A weight of 5 limited the dynamic range of bandwidths the VCs within a VP could get, but it helped ensure the ATM port could reach line rate performance. Lowering the weight increased the dynamic range and allows better delay characteristics, at the expense of significant degradation relative to line rate performance for some configurations.

CSCef71926

Previously, the PRE2 as PTA/PE was not able to setup more than +/- 21500 PPPoA sessions due to a leak in rewrite strings. This problem occurred when the following features were enabled: MPLS/VPN + HDVRF, DBS, output policy per VC, input policy via RADIUS, no PVC range, create on-demand, auto encapsulation, mini ACLs on all sessions, and hierarchical shaping.

CSCef73237

Previously, SSG authentication and accounting requests were sent with nas-port-type = Ethernet.

CSCef74690

Previously, the in range pvc mode output policy was incorrectly accepted with MLPPPoATM

CSCef75555

Previously, a Cisco 7200 series router with an ATM PA-A3 might crash when ATM PA-A3 was OIR removed. This problem occurred when dynamic VC modification was enabled on the interface using the dbs enable command and the ATM PA-A3 is OIR removed.

CSCef76280

Previously, you could not recreate PPPoE sessions after removing a PVC range on an interface and then reinserting the same PVC range on that interface.

CSCef76324

Previously, on a Cisco 10000 series router using Multilink PPP interfaces, control packets such as keepalives and routing updates were dropped when the interface was congested. This problem occurred only on congested MLPPP links.

CSCef77245

Previously, removing the vbr-nrt parameter from the VC class did not change the attributes of the existing PVCs correctly. Changing a parameter in the VC class did not recreate the PVCs and so they did not acquire the new parameters. If they were infinite range VCs, removing and re-adding "create on-demand" brought up the PVCs up with the new attributes.

CSCef81912

Previously, an MLP member could not pass IP traffic after having been added back to the bundle. This problem occurred only with the PRE2.

CSCef84213

Previously, changing the ATM over subscription factor dynamically, with active VCs on the interface, caused all the VCs to go down and become permanently inactive.

CSCef84697

Previously, the following traceback messages were displayed on the Cisco 10000 series router:

*Sep 24 20:35:57.035: -Traceback= 60D1DB6C 60D67FB8 60DA70C4 60DA6CF4 60C68020 6 0C5E618 
60847618 6084411C 6083A760 60847168 60420B00 6001A2E8 6003CE20 60C6C770 60C6C988 60517474 
*Sep 24 20:35:57.035: Illegal attempt to direct read from PXF memory in an interrupt 
context. 

CSCef85065

Previously, the router generated line status change traps for an interface with errors continuously, even though it was not flapping or experiencing any state transitions.

CSCef85838

Previously, if a create on demand PVC that was initially configured as part of range was changed to a pvc-in-range (with a vc-class change as well), the VC remained inactive and a traceback message was displayed.

CSCef87098

Previously, in a network topology where thousands of PPPoX clients were disrupted on an L2TP LAC, there was the opportunity for client traffic to have null or zero session IDs. This condition caused an LNS router to reload and display the message, "*** System received an abort due to Break Point ***."

CSCef89921

Previously, when running Multilink PPP (MLPPP), traceback error messages appeared on the router's logging buffer when member links were removed from the MLPPP bundle on the neighbor router. This problem occurred only when the neighbor router removed member links.

The traceback error message displayed was:

*Sep 30 16:21:49.059: %GENERAL-3-EREVENT: 
diverted MLP packet's bundle vcci 2 has invalid master idb 
-Traceback= 60EBA164 60DAF224 60EB0EDC 60EA9BD4 60EA5980 60517668 604862FC 

Once this message appears, all outgoing local traffic is dropped.

CSCef92313

The configuration was: MLPPP was configured on 2 different channelized T3 (CT3) line cards. 2 T1s were configured on one T3, and 2 T1s were configured on another T3 but on a different line card. These 4 T1s were in the same multilink group. Multilink fragmentation was disabled.

Previously, when a PRE2 failed with this configuration, traffic forwarding through the MLPPP T1 circuits took over 70 seconds to start forwarding traffic on the new PRE2.

If these 4 T1s were configured on the same T3 port or on different T3 ports but on the same CT3 card, the failover recovery time was a lot quicker for traffic to be forwarded again (less than 20 seconds is typical). This indicated something was broken with RPR+ in this configuration.

When using a PRE1 with 12.0(27)S and doing this same test of configuring T1s across multiple CT3 line cards, RPR+ seemed to work. Failover time was approximately 20 seconds.

CSCef93639

Previously, some Multilink PPP member links went up/down after an MR-APS switchover. This problem occurred with T1 interfaces over a 4CHOC3 line card on the Cisco 10000 series router. The T1 Multilink PPP member links were going up/down after a couple of MR-APS switchovers.

CSCef92458

Previously, some PPP interfaces were up/down before and between MR-APS switchovers. This problem occurred with the 4CHOC3 line card on the Cisco 10000 series router, on both the MR-APS Working and Protect ports.

CSCef92470

Previously, on a Cisco 10000 series router running Cisco IOS Release 12.3(7)XI1, some PPPoA sessions did not come up after a router reload if the PVC range was high.

CSCef93984

Previously, a service policy was not applied on a VC. This problem occurred when a QoS configuration depended on the DBS AV pair that was applied by AAA code after the policy AV pair.

CSCef94712

Previously, MPLS core routers did not establish LDP neighbors to directly connected routers even though the routers were able to ping each other's router_id IP address. In the show mpls ldp discovery command, LDP only had transmit instead of both transmit and receive to the neighbors. This problem occurred when OSPF was in the core and between PE/CE routers.

CSCef97190

Previously, on a Cisco 10000 series router running Cisco IOS Release 12.3(7)XI1, input and Giant errors occurred on the serial T1 interfaces when running MR-APS on a 4-port channelized STM-1 line card. Giants incremented continuously even when fiber was pulled from an OC3 port or if the inactive (protect) OC3 was up/down.

CSCef97586

Previously, hanging the queue depth parameter on a VC with active PPP sessions and bidirectional traffic distorted the counters on a VAI. Virtual Access interface input packet and byte counters were unusable.

CSCeg00499

Previously, a standalone auto VC came up after a reload. The state machine at reload was behaving differently and led to further complications.

CSCeg02022

Previously, the subscribed bandwidth for ATM VCs was not calculated properly.

CSCeg03658

Previously, a system crash occurred when adding a class map to a policy map. This problem occurred when the virtual-template interface had a service policy that was the same as the physical interface, but configured for the reverse direction, and there were active sessions. Adding or removing a class map from the policy map caused a system crash.

CSCeg08894

Previously, the SAR counter was not decrementing while removing a PVC range.

CSCeg10143

Previously, support for shaped UBR VCs under atm pxf queueing was not working.

CSCeg17019

Previously, when attempting to bring up a multilink bundle, the bundle interface got stuck in a state where it continued to bounce up and down. This problem occurred when attempting to bring up large numbers of multilink interfaces at the same time. For instance, initiating a PXF reload caused this problem to occur.

CSCeg20402

Previously, PPP could hang after an LCP renegotiation on a serial interface.

CSCeg21692

Previously, the command to set the weight was not available in vc mode or in pvc-in-range mode. Also, the weight had a minimum value of 5.

CSCin66200

Previously, the show l2tun command needed large contiguous memory (64MB/128MB) to display 16,000/32,000 sessions.

CSCin66374

Previously, when a server group was reconfigured while there was an active transaction, that transaction went into an infinite loop.

CSCin76251

Previously, the LAC could crash when 8,000 or more PPPoA/LT2P sessions were retrying to connect all at the same time after the LNS and user had all their sessions cleared. The LAC crashed only under low memory conditions.

CSCin78460

Previously, traceback messages were reported when doing the following show commands on the POS interface configured with frame-relay encapsulation: sh pxf cpu queue POS x/y/z sum and sh pxf cpu queue POS x/y/z.a sum. The tracebacks were reported only if the subinterfaces were without DLCI configuration.

CSCin81507

Previously, PPP sessions for SSG users went down immediately after coming up. This problem occurred when the virtual-template was configured as a downlink interface with the ssg direction downlink command. The PPP session went down immediately after IPCP came up.

Obtaining Documentation

Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.

Cisco.com

You can access the most current Cisco documentation on the World Wide Web at this URL:

http://www.cisco.com/univercd/home/home.htm

You can access the Cisco website at this URL:

http://www.cisco.com

International Cisco websites can be accessed from this URL:

http://www.cisco.com/public/countries_languages.shtml

Ordering Documentation

You can find instructions for ordering documentation at this URL:

http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm

You can order Cisco documentation in these ways:

Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Ordering tool:

http://www.cisco.com/en/US/partner/ordering/index.shtml

Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).

Documentation Feedback

You can submit e-mail comments about technical documentation to bug-doc@cisco.com.

You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:

Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Obtaining Technical Assistance

For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, the Cisco Technical Assistance Center (TAC) provides 24-hour-a-day, award-winning technical support services, online and over the phone. Cisco.com features the Cisco TAC website as an online starting point for technical assistance. If you do not hold a valid Cisco service contract, please contact your reseller.

Cisco TAC Website

The Cisco TAC website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The Cisco TAC website is available 24 hours a day, 365 days a year. The Cisco TAC website is located at this URL:

http://www.cisco.com/tac

Accessing all the tools on the Cisco TAC website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a login ID or password, register at this URL:

http://tools.cisco.com/RPF/register/register.do

Opening a TAC Case

Using the online TAC Case Open Tool is the fastest way to open P3 and P4 cases. (P3 and P4 cases are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Case Open Tool automatically recommends resources for an immediate solution. If your issue is not resolved using the recommended resources, your case will be assigned to a Cisco TAC engineer. The online TAC Case Open Tool is located at this URL:

http://www.cisco.com/tac/caseopen

For P1 or P2 cases (P1 and P2 cases are those in which your production network is down or severely degraded) or if you do not have Internet access, contact Cisco TAC by telephone. Cisco TAC engineers are assigned immediately to P1 and P2 cases to help keep your business operations running smoothly.

To open a case by telephone, use one of the following numbers:

Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447

For a complete listing of Cisco TAC contacts, go to this URL:

http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml

TAC Case Priority Definitions

To ensure that all cases are reported in a standard format, Cisco has established case priority definitions.

Priority 1 (P1)—Your network is "down" or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.

Priority 2 (P2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.

Priority 3 (P3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.

Priority 4 (P4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

Cisco Marketplace provides a variety of Cisco books, reference guides, and logo merchandise. Go to this URL to visit the company store:

http://www.cisco.com/go/marketplace/

The Cisco Product Catalog describes the networking products offered by Cisco Systems, as well as ordering and customer support services. Access the Cisco Product Catalog at this URL:

http://cisco.com/univercd/cc/td/doc/pcat/

Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press online at this URL:

http://www.ciscopress.com

Packet magazine is the Cisco quarterly publication that provides the latest networking trends, technology breakthroughs, and Cisco products and solutions to help industry professionals get the most from their networking investment. Included are networking deployment and troubleshooting tips, configuration examples, customer case studies, tutorials and training, certification information, and links to numerous in-depth online resources. You can access Packet magazine at this URL:

http://www.cisco.com/packet

iQ Magazine is the Cisco bimonthly publication that delivers the latest information about Internet business strategies for executives. You can access iQ Magazine at this URL:

http://www.cisco.com/go/iqmagazine

Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:

http://www.cisco.com/ipj

Training—Cisco offers world-class networking training. Current offerings in network training are listed at this URL:

http://www.cisco.com/en/US/learning/index.html