Cisco ASR 1000 Series Aggregation Services Routers Release Notes
Release 3.11S Caveats
Downloads: This chapterpdf (PDF - 1.26MB) | Feedback

Table of Contents

Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S

Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S

Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S

Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S

Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S

Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S

Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S

Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S

Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S

Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S

Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S

Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S

Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S

This chapter provides information about the caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S. Caveats describe unexpected behavior. Severity 1 caveats are the most serious caveats. Severity 2 caveats are less serious. Severity 3 caveats are moderate caveats. This chapter includes severity 1, severity 2, and selected severity 3 caveats.


Note For information about the caveats pertaining to releases earlier than Release 3.6S, see Cisco IOS XE 3S Release Notes.


We recommend that you view the field notices for the current release to determine whether your software or hardware platforms are affected. You can access the field notices from the following location:

http://www.cisco.com/en/US/support/tsd_products_field_notice_summary.html

In each section, the following information is provided for each caveat:

  • Symptom—A description of what is observed when the caveat occurs.
  • Conditions—The conditions under which the caveat has been known to occur.
  • Workaround—Solutions, if available, to counteract the caveat.

Note If you have an account on cisco.com, you can also use the Bug Search Tool to find select caveats of any severity. To reach the Bug Search Tool, log in to cisco.com and go to https://tools.cisco.com/bugsearch/product?name=Cisco+ASR+1013+Router#search (If the defect that you have requested is not displayed, it may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential.)


The Dictionary of Internetworking Terms and Acronyms contains definitions of acronyms that are not defined in this document:

http://docwiki.cisco.com/wiki/Category:Internetworking_Terms_and_Acronyms_(ITA)

Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S

This section contains the following topics:

Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S

This section documents the resolved issues in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S.

  • CSCtz97771

Symptom: During regular operations, a Cisco router running Cisco IOS release 12.4(24)T and possibly other releases experiences a crash. The crash info will report the following:

%SYS-2-FREEFREE: Attempted to free unassigned memory at 4A001C2C, alloc 4180794C, dealloc 417616B0,
 
%SYS-6-BLKINFO: Attempt to free a block that is in use blk 4A001BFC, words 134, alloc 4180794C, Free, dealloc 417616B0, rfcnt 0.
 

Conditions: These is no condition.

Workaround: There is no workaround.

  • CSCud94511

Symptom: Multiple Tracebacks seen on Router reload

Conditions: router reload

The tracebacks are seen if a scaled config is present on any atm/gig spa with POS spa present in the system

Triggers can also vary from router reload to sip reload aur shut/no shut of larg number of tunnels.

Triggers increase the load on router processing which interferes with the working of POS spa and hence tracebacks are seen.

Workaround: There is no workaround.

  • CSCue23898

Symptom: A Cisco router running Cisco IOS Release 15.3(1)T may crash with a bus error immediately after issuing the 'write memory' command.

Example:

14:44:33 CST Thu Feb 14 2013: TLB (load or instruction fetch) exception, CPU signal 10, PC = 0x228B2C70
 

Conditions: This symptom occurs while updating the router's running configuration with the 'write memory' command. It has been seen while updating various different commands

Workaround: There is no workaround.

  • CSCue27980

Symptom: ASR1k suffers a CPP crash triggered by NBAR

Conditions: When NBAR and NAT are both enabled on the same interface there could be some rare conditions which could lead to the crash of the ASR.

Workaround: There is no workaround.

  • CSCue99781

Symptom: VCD id is assigned to ATM pvc interface once it is created, so after remove the pvc and re-create it we will lost the previous VCD id as the handle, and cannot delete the corresponding condition except remove all the conditions at once.

Conditions: Delete intf before unconfig condition debug.

Workaround: Unconfigure condition debug at first

  • CSCuf47613

Symptom: Call waiting tone is not played by the DSP if cptone gb is configured when the second SIP call arrives to the FXS port's number.

Conditions: Issue was found with 15.2(4)M1 and dsapp.

Workaround: Disable cptone GB

  • CSCuh87195

Symptom: A crash is seen on a Cisco router.

Conditions: The device crashes with gw-accounting and call-history configured. The exact conditions are still being investigated.

Workaround: Completely remove gw-accounting. Or disable call-history using the following commands:

gw-accounting file

no acct-template callhistory-detail

  • CSCui22204

Symptom: Below mentioned internal IEC error seen in CUBE logs:

Jul 22 14:50:28.377 IST: %VOICE_IEC-3-GW: CCAPI: Internal Error (Invalid arguments): IEC=1.1.180.1.9.6 on callID -1
CUBE#sh voice iec description 1.1.180.1.9.6
IEC Version: 1
Entity: 1 (Gateway)
Category: 180 (Software Error)
Subsystem: 1 (CCAPI)
Error: 9 (Invalid arguments)
Diagnostic Code: 6
 

Conditions: This IEC error would be seen while processing incoming SIP REFER for call transfer along with local consumption of REFER ('no supplementary-service sip refer' CLI) i.e CUBE is consuming REFER locally and generating INVITE to transfer target.

Workaround: There is no workaround.

  • CSCui48606

Symptom: 3925 voice xml gateway crashed.

Conditions:

vxml configured:
vxml tree memory 500
vxml version 2.0

Workaround: There is no workaround.

  • CSCui64059

Symptom: Router crashes during call forward scenario

Conditions: This symptom is observed when call forward is enabled.

Workaround: This issue is fixed.

  • CSCui68757

Symptom: Enhancement of icmp message rate-limit, for protection of QFP from ICMPv4 Attack.

Conditions: In IPv4 ICMP, some types of ICMP packets will be generated in data plane. To protect QFP from IPv4 ICMP attack, we need a mechanism to do rate-limit of ICMP packets generated by data plane.

There is existing IPV4 ICMP rate-limit mechanism, which is only for ICMP unreachable type. In this fix, we expand this rate-limit mechanism to cover all IPv4 ICMP packets which are generated by data plane.

Workaround: There is no workaround.

  • CSCui73249

Symptom: NHRP local (no socket) entry gets converted to a socket entry causing matching traffic to be blackholed.

Conditions: DMVPN phase 3 network.

Workaround: Configure 'ip nhrp server-only' or remove 'ip nhrp shortcut' on the hub router.

  • CSCui99433

Symptom:

1. INFO not being responded by CUBE (in race condition)

2. INFO not being passed to other leg (in race condition)

Conditions: Race condition - Recvd mid-call RE-INVITE and INFO at almost the same time

Workaround: There is no workaround.

  • CSCuj13596

Symptom: Issuing a command crypto key move rsa aaa non-exportable" throws an error, Failed to move keypair aaa to device.

Conditions: Before issueing the above command, generate the rsa keys with label 'aaa'.

Workaround: There is no workaround.

  • CSCuj19201

Symptom: Re-registration time is recalculated on GM nodes upon receiving a TBAR rekey, based on the remaining TEK lifetime at the time of the TBAR rekey.

This effectively causes a much-shorter re-registration window compared to the one obtained at the GM registration, even if the original TEK lifetime was configured with a long value.

Conditions: These is no condition.

Workaround: There is no workaround.

  • CSCuj72342

Symptom: FP crash occurs with PPP sessions

Conditions: On applying nat settings to CGN mode

Workaround: There is no workaround.

  • CSCuj80245

Symptom: No address prefix flow records get reported when packets get fragmented at Tunnel interface, which has enabled with AVC flow monitor.

Conditions: May occur when packet are fragmented due the maximum packet length limit, called the Maximum Transmission Unit (MTU).

When packet size is bigger than the interface MTU, the packet will be fragmented and will not be monitored by AVC.

Workaround: Increase the size of the MTU to accommodate larger packets. For example, configure an MTU of 3000 bytes with the following CLI:

Device(config)# interface Gig0/2/1
Device(config-if)# mtu 3000
 
  • CSCuj84035

Symptom: Seeing Alignment errors on standby box that is a member of a CUBE-HA pair

000311: Jul 24 10:18:57.198 EDT: %ALIGN-3-CORRECT: Alignment correction made at 0x261B58E0z reading 0x3018F286
000312: Jul 24 10:18:57.198 EDT: %ALIGN-3-TRACE: -Traceback= 0x261B58E0z 0x2617F4F8z 0x261801F4z 0x261811C8z 0x26181430z 0x23C3FF40z 0x23C3FF24z 0xFFFFBA20z
000313: Jul 24 10:58:57.187 EDT: %ALIGN-3-CORRECT: Alignment correction made at 0x261B58E0z reading 0x2BAB686E
000314: Jul 24 10:58:57.187 EDT: %ALIGN-3-TRACE: -Traceback= 0x261B58E0z 0x2617F4F8z 0x261801F4z 0x261811C8z 0x26181430z 0x23C3FF40z 0x23C3FF24z 0xFFFFBA20z
 

Conditions: ISRg2 using Box to Box CUBE-HA with HSRP.

Workaround: There is no workaround.

  • CSCuj88820

Symptom: Router acting as a PKI client continues auto-enrollment to its CA even after the CA certificate has expired.

Conditions: Client router is configured with 'auto-enroll' under its trustpoint.

Workaround: Remove 'auto-enroll' from the trustpoint on the PKI client router, or,

Delete the trustpoint in question on the PKI client router.

  • CSCuj93565

Symptom: %SPA_OIR-3-EVENT_DATA_ERROR: SPA OIR event data error - fail.

Conditions: None.

Workaround: There is no workaround.

  • CSCul07137

Symptom: IFCFG timeouts will happen on Reload or Shut/No shut of Scaled Vlan Port.

Conditions: Ethernet Line card with Scale QinQ having fixed outer vlan and range of VLAN configuration on reload or Shut/No shut, IFCFG Timeouts are observed.

Workaround: There is no workaround.

  • CSCul12835

Symptom: Crash with CGN/BPA configuration.

Conditions: IP pool was extended, single bit in BPA was set.

Not seen with 1000 users. Issue is seen with waround 8000 users.

Workaround: There is no workaround.

  • CSCul27924

Symptom: Customer experienced crash on ASR-1001 during normal operation.

Conditions: These is no condition.

Workaround: There is no workaround.

  • CSCul41442

Symptom: In the M train of IOS and the S train of IOS-XE the "media anti-trombone" feature added in 15.1(3)T CUBE does not appear as an option when configuring "voice class media" groups. It is not present as an option at the dial-peer level as well.

Conditions: This symptom is observed in any non "T" train of IOS and IOS-XE. IOS Tested 15.2(3)T - Available as media option Tested 15.3(3)M - Not there IOS-XE Tested 15.1(3)T - Available as media option Tested 15.3(3)S1 - not there

Workaround: Customer has to have a "T" train IOS of Cisco IOS Release 15.1(3)T or higher. Impacts customers ability to deploy Cube Enterprise solutions.

  • CSCul59525
Symptom: ASR1K cube running Cisco IOS Release XE3.8S, many hung calls are seen over a period of one week. There are three different symptoms of hung call legs.
Example 1: One of the call leg is in stuck state Example 2: Both the call legs are active and connected and stuck for more than a week Example 3: Both call legs are stuck in disconnect state but one of the call is connecting and other leg is in active state.
Topology: VzB ---sip----CUBE------sip------SME Cluster-----sip------Admin04 cluster---------IP Phones | | | ----------------sip trunk to fax server | | ------------------SIP trunk to Unity connection vm

Conditions: Though the reason for this issue is unknown, it is very random in nature. Hung calls are seen for a normal sip to sip calls going to IP phone, or calls that routes to unity connection voicemail and also stuck fax calls.

Workaround: There is no workaround.

  • CSCul73789

Symptom: In an IPv6 IPSEC scenario we see code crashes with traffic flowing. This is seen even with a single tunnel with traffic flowing.

Conditions: The exact conditions under which this problem is seen in unclear.

Workaround: There is no workaround.

  • CSCul81353

Symptom: ASR1006 with RP2 running ES version based on Version 15.3(1)S crash with Segmentation Fault ---snip-- UNIX-EXT-SIGNAL: Segmentation fault(11), Process = CCSIP_SPI_CONTROL -

Traceback= 1#9821b08208133f5124c039ddebb8173b :400000 347A664 :400000 7B14A0F :400000 7B0F5E7 :400000 8F6C8A :400000 9A8C4C :400000 9B6951 :400000 95F2A4 :400000 962772 :400000 BE9018 :400000 BE8E4F ---snip--
 

After the RP Switch over all the new calls were rejected with the following errors as well, which may be unrelated to the crash

--snip-- Dec 2 15:11:47: %VOICE_IEC-3-GW: SIP: Internal Error (INVITE, codec mismatch): IEC=1.1.278.7.110.0 on callID 17334189 Dec 2 15:11:49: %VOICE_IEC-3-GW: SIP: Internal Error (INVITE, codec mismatch): IEC=1.1.278.7.110.0 on callID 17334212 Dec 2 15:11:49: %VOICE_IEC-3-GW: SIP: Internal Error (INVITE, codec mismatch): IEC=1.1.278.7.110.0 on callID 17334218 ---snip---
 

Conditions: After two weeks of uptime and during normal load condition.

Workaround: Reboot the box to recover from the situation. The core file writing is incomplete as

TEMP_IN_PROGRESS ---- show stby-harddisk: all----- 142 2406627691 Dec 02 2013 14:11:14 00:00 /harddisk/core/kernel.rp_20131202191114.core.gz 149 79237120 Dec 02 2013 14:03:52 00:00 /harddisk/core/nyorbgdnesbc-dr_RP_0_linux_iosd-imag_6335.core.gz.TEMP_IN_PROGRESS
 
  • CSCul84373

Symptom: Tech pubs will need to verify that there is no current documentation referencing the FPGA upgrade process for ASR1002-X utilizing the "upgrade hw-module subslot x/y fpd" command structure. This will be replaced with the new "upgrade hw-programmable..." process.

Conditions: This DDTS brings in the support for upgrading the board FPGA on ASR1002-X using CLI 'upgrade hw-programmable fpga filename bootflash:image.pkg r0'. FPD support for BUILT-IN SPA will no longer be required after this so FPD is no longer supported for BUILT-IN SPA.

Workaround: There is no workaround.

  • CSCul86646

Symptom: ESP reload when ping jumbo packet via gre tunnel.

Conditions: Ping packet size > 9800, tunnel mtu>9216 receive side will reload.

Workaround: Config IP MTU < 9216 in tunnel

  • CSCul89581

Symptom: Supervisor not able to monitor Agent conversation Remotely where CCE-CVP at higher version and RSM at 9.1(1)Conditions: These is no condition.

Workaround: There is no workaround.

  • CSCul96421

Symptom: Outbound calls over SIP trunk to provider fails.

Conditions: SIP IP phone (99xx) ------> CME ---------> SIP Trunk --------> ITSP

Cisco IOS - 15.3(3)M and 15.4(1)T versions.

Workaround: Downgrade Cisco IOS version to 15.2(4)M.

  • CSCul96947

Symptom: Traceback appears on standby RP during SPA OIR.

Conditions: T1 channels are configured.

Then a random t1 channel is deleted and spa soft oir is done.

Workaround: There is no workaround.

  • CSCum03790

Symptom: Immediately after the 200 OK is sent in response to the Re-Invite the ITSP sends a BYE as they expected the origin version id to increment. The lack of incrementation cause the call to be torn down by the ITSP.

Conditions: This problem was observed in the following scenarios :

Switchover from voice to fax
Change in codec for voice calls
 

SDP content-length size is different in initial outgoing Invite to perform call setup than it is in 200 OK response to an inbound Re-Invite which causes the origin (o=) version in the SDP not to increment. CUBE however sees the content-length sizes as the same size.

Previous SDP content-length was 250, 399 was the current SDP content-length:

Workaround: There is no workaround.

  • CSCum04325

Symptom: Duplicate entry seen in "sh lldp neighbor"

Conditions: if the physical link is a member of a etherchannel bundle. lldp packets are processed on the bundle UIDB.

Workaround: There is no workaround.

  • CSCum04528

Symptom: An ASR 1002-X router might crash and reload writing a core file in the process.

Conditions: ASR1002-X running NAT with ALG traffic

Workaround: There is no workaround.

  • CSCum13378

Symptom: An ASR1K configured as an IPSec endpoint may fail to reassemble fragmented ESP packets . During this failure state, the router will also log %ATTN-3-SYNC_TIMEOUT errors.

Conditions: UDP packet of a specific size received on the clear side of the ASR is known to trigger this issue.

Workaround: Use software crypto for large packets received on the clear side by configuring post-frag encryption - crypto ipsec fragmentation after-encryption. This will prevent the ASR from getting into the ATTN_SYNC state.

  • CSCum18039

Symptom: Traffic not flowing on a queue following QoS reconfiguration or new interface creation. Also possible inability to change QoS configuration on any interface or create new interfaces/sessions following occurrence of this condition.

Conditions: Queue was previously being over subscribed when it was deleted leaving it in a flowed off congested state such that it would never drain.

Workaround: There is no workaround.

  • CSCum24009

Symptom: Transfer scenarios fail with ANAT and VCC (No DSP) configured

Conditions: Issue is observed for DODO.

Workaround: Apply DOEO configurations.

  • CSCum40043

Symptom: Crypto sessions get stuck in UP-IDLE state in scale scenario on CSR platform.

Conditions: CSR with XE3.11.

Workaround: Bring the sessions up in very small increments e.g. of 40 sessions at a time initially and keep monitoring. When the sessions stop coming up for 40 sessions at a time, switch to smaller number e.g. 20.

  • CSCum40306

Symptom: Router crashes during call transfer in SRST mode.

Conditions: Call transfer in SRST mode, including SCCP phones.

Workaround: There is no workaround.

  • CSCum49213

Symptom: ESP crash

Conditions: None.

Workaround: Use debug platform hardware qfp active datapath trace packet for short periods of time.

  • CSCum49437

Symptom: ucode crash@ipv4_nat_cgn_mode_dp_rel_mem on changing nat mode

Conditions: In a scaled setup on changing nat mode.

Workaround: There is no workaround.

  • CSCum55299

Symptom: Path-confirmation check failed on CUBE in SRTP-RTP call.

Conditions: Configure CUBE for SRTP-RTP call.

Workaround: There is no workaround.

  • CSCum55357

Symptom: CUBE crashes for SIP-H323 Transcoding call.

Conditions: The issue is seen while running regression for Cisco IOS Release 15.3(3)M1.9.

Workaround: There is no workaround.

  • CSCum56514

Symptom: A Cisco router running IOS XE may crash and reload after generating a ucode core file and logs similar to the following:

Notice 1531: KRZ: SIP0: pvp.sh: Process manager is exiting: process exit with reload fru code
Error 1530: KRZ: SIP0: cpp_cp: cpp_cp encountered an error -Traceback=
Error 1529: KRZ: SIP0: pman.sh: The process cpp_ha_top_level_server has been helddown (rc 69)
Error 1528: KRZ: SIP0: pman.sh: The process cpp_cdm_svr has been helddown (rc 69)
Informational 1526: KRZ: F0: cpp_ha: Shutting down CPP MDM while client(s) still connected
Informational 1525: KRZ: SIP0: cpp_cdm: Shutting down CPP MDM while client(s) still connected
Informational 1527: KRZ: F0: cpp_ha: Shutting down CPP CDM while client(s) still connected
Error 1524: KRZ: F0: cpp_ha: CPP 0 microcode crashdump creation completed.
 

Conditions: A Cisco router running IOS XE and traffic passing through the NAT path.

Workaround: There is no workaround.

  • CSCum57306

Symptom: SCB leak seen when the Refer Call with error condition is run under laod

Conditions: Refer Call flow which fails.

Workaround: There is no workaround.

  • CSCum60848

Symptom: Under certain conditions, a DSP will hang in certain call scenarios including REFER passthrough.

Conditions: Under heavy load.

Workaround: There is no workaround.

  • CSCum61595

Symptom: Alignment errors are observed after upgrading to Cisco IOS Release 15.2(4)M5.

Jan 9 19:42:59.623 GMT: %ALIGN-3-CORRECT: Alignment correction made at 0x6477F81Cz reading 0x6BE87495
Jan 9 19:42:59.623 GMT: %ALIGN-3-TRACE: -Traceback= 0x6477F81Cz 0x647805D0z 0x6478FE70z 0x64751088z 0x64B99F4Cz 0x64B99FD4z 0x64752
284z 0x647525ACz
 

Conditions: This symptom does not occur under specific conditions.

Workaround: There is no workaround.

  • CSCum66182

Symptom: SNMP Query on the object dot3StatsDuplexStatus is shown as unknown.

Conditions: While testing Ether-Like MIB for ASR1000-6TGE.

Workaround: There is no workaround.

  • CSCum67150

Symptom: Ingress MAC Acct stops working after doing a no mac acc on egress.

Conditions: None.

Workaround: There is no workaround.

  • CSCum68074

Symptom: many packets are dropped for NatIn2out cause

Conditions: PAT, interface overload.

Workaround: PAT pool overload.

  • CSCum68287

Symptom: GM reloads unexpectedly when enabling V6-crypto map on an interface with VRF-aware GDOI configs on the latest XE3.12 throttle images

Conditions: Seen on all ASR platforms, with latest XE3.12 throttle base images

This is 100% reproducible and extremely service impacting. This happens only when you enable "ipv6 crypto map" which has a local GM deny ACL associated with it.

Enabling v4-crypto map is fine.

Workaround: Do not use the local GM ACL for IPV6 crypto map. This may not be a feasible workaround in the field.

  • CSCum69887

Symptom: NAT cann't handle the tcp sequence properly with LDAP ALG after pdu size changed. NAT will not handle the delta value for the right ack message but thereafter messages, which may cause mis-acked message flows between two endpoints.

Conditions: Send LDAP traffic with empty comment item in LDAP ALG.

Workaround: There is no workaround.

  • CSCum73167

Symptom: LDAP ALG will encode the packet even there is no need to translate them, this will not impact function, but it is not necessary.

Conditions: LDAP ALG will encode the packet even there is no need to translate them.

Workaround: There is no workaround.

  • CSCum75385

Symptom: "show platform hardware qfp active datapath utilization" displays wrong data.

When high priority traffic (ip precedence 6,7) is sent, the counters against "Input Non-Priority" rows increment.

When low priority traffic (ip precedence 0,1,2,3,4,5) is sent, the counters against "Input Priority" rows increment.

Conditions: This can occur when using esp100.

Workaround: There is no workaround.

  • CSCum77922

Symptom: CUBE fails to perform 407 Error Message Passthrough if it receives a 100 Trying before the 407 Proxy Authentication Required and sends a 503 Service Unavailable to the UAC.

Conditions: ITSP sends a 100 Trying before the 407 Proxy Authentication Required.

Workaround: Receive the 407 Proxy Authentication Required as first response to an Invite.

  • CSCum78930

Symptom: The ICMPv6 error packet (too-big packet) with icmpv6 echo reply as payload is dropped by ZBFW.

Conditions: If the intermediate hosts generate icmpv6 error packets with icmpv6 echo reply as

pay load without properly fragmenting the packets as per the mtu of the v6 packet

flow, such icmpv6 errors packets will be dropped.

Workaround: Adjust the mtu of the v6 pack flow so that packets, especially t he icmvp6 echo reply

does not generate an error (too-big message).

  • CSCum80300

Symptom: ASR1k running XE3.10 may crash in RP on executing the CLI "show crypto session"

Conditions: More than 1000 crypto sessions and executing the cli "show crypto session".

Workaround: There is no workaround.

  • CSCum81041

Symptom: One way audio incoming calls redirected through CVP.

Conditions: None.

Workaround: There is no workaround.

  • CSCum81717

Symptom: 183 session progress is blocked by the sip gateway.

Conditions: 183 session Progress is received with SDP and Require:100 rel header and "block 183 sdp absent" is configured.

Workaround: There is no workaround.

  • CSCum83957

Symptom: A router may crash due to a bus error when running "show sccp connections sessionid".

Conditions: This has been observed on a 3900e router running 15.3(2)T.

SCCP features are configured on router.

Workaround: There is no workaround.

  • CSCum84999

Symptom: SUBSCRIBE received from CVP after BYE and NOTIFY with subscription-state : terminates is send by CUBE.

Conditions: when SUBSCRIBE IS recieved after call is terminated with BYE.

Workaround: There is no workaround.

  • CSCum85381

Symptom: CUBE drops Method Notify (OOB Notify DTMF) in SIP to SIP call flows, when 183 Session Progress without SDP is received just after 183 Session Progress with SDP.

For Example:

CUCM --> SIP --> CUBE ---> ITSP

When Cube receives 183 Session (with SDP) from ITSP, it sends out Method Notify back to CUCM.

ITSP sends another 183 Session (without SDP), at this point, CUBE strips out NOTIFY towards CUCM. This causes CUCM to disable DTMF on this call.

Conditions: These is no condition.

Workaround: Add method Notify manually on the first leg using a SIP Profile.

voice class sip-profiles 99
response 183 sip-header Call-Info remove
response 183 sip-header Call-Info add "Call-Info: <sip:10.1.1.1:5060>;method=\"NOTIFY;Event=telephone-event;Duration=500\""
 
  • CSCum88058

Symptom: The following CLI does not work on ELC:-

no ip mac accouting ingress

no ip mac accouting egress

Conditions: Configure the MAC accounting for any direction.

Issue the corresponding "No CLI".

Although No Visible Impact to the operations of the system, a required cleanup

operation is not performed.

Workaround: There is no workaround.

  • CSCum90650

Symptom: When REFER based transfer failed with 503 in NOTIFY , CUBE tried to bridge the call , but CUBE retransmit REFER again even though got 503 service error :

Conditions: REFER passthrough.

Workaround: Eefer consume.

  • CSCum93356

Symptom: CUBE doesn't send mp4a-latm fmtp attributes in early dialog UPDATE.

Conditions: This issue is observed in DO-EO call with flow-around configured and the SDP negotiation happens in early dialog.

Workaround: If SDP is negotiated in confirmed dialog , then this issue is not seen.

  • CSCum93484

Symptom: Cisco 7301 router running EzVPN leaks memory when Crypto IKMP calls AAA API's which allocates memory for AAA attribute list.

Conditions: This symptom is observed in device running EzVPN, when it tries to allocate memory for AAA attribute list.

Workaround: Reload the router.

  • CSCum99077

Symptom: fman_rp process crash. RP card reload.

Conditions: When routing loop occurs in network and caused massive routing information update, an internal logic error may be triggered.

Workaround: Avoid routing loop.

  • CSCun00783

Symptom: channel group wil link id > 4 is not configurable.

Conditions: whiel configuring the vlan based load balance.

Workaround: Use only link id 1-4.

  • CSCun04417

Symptom: GTP U packet forwarding capability is downgraded.

Conditions: 1 firewall session.

Workaround: There is no workaround.

  • CSCun08855

Symptom: ASR router crash with iosd punting packet to port-channel with ERSPAN configured on the router.

Conditions: port-channel and ERSPAN configured on the router.

Workaround: There is no workaround.

  • CSCun09640

Symptom: The following errors are seen when adding a child policy to a parent policy while configuring hierarchical QoS.

%CPPOSLIB-3-ERROR_NOTIFY: F0: cpp_cp: cpp_cp encountered an error
%CPPOSLIB-3-ERROR_NOTIFY: F0: fman_fp_image: fman-fp encountered an error
%PMAN-3-PROCHOLDDOWN: F0: pman.sh: The process cpp_ha_top_level_server has been helddown (rc 69)
%PMAN-3-PROCHOLDDOWN: F0: pman.sh: The process cpp_cp_svr has been helddown (rc 134)
 

This can result in a ESP (F Fabric) reload, causing a traffic outage

*Feb 13 07:39:05.829: %IOSXE_OIR-6-ONLINECARD: Card (fp) online in slot F0
 

Conditions:

An interface with a service-policy applied.

Adding/removing child policies on the parent hierarchical policy applied to the interface.

Workaround: Remove the policy from the interface before making the changes to the child/parent policy then reapply the policy to the parent.

  • CSCun09753

Symptom: Ping failed with input errors when HDLC interf MTU set/removed.

Conditions: 1. set MTU (more than 2950) on HDLC interface , then remove MTU;

2. ping failed to peer HDLC interface.

Workaround: There is no workaround.

  • CSCun10918

Symptom: PPP subscribers cannot be terminated in ASR1K, due to object locked.

Conditions: EVSI Delete Errors: Out-of-Order 0, No dpidb 0, Underrun 0, VAI Recycle Timeouts 90215 =======> large number of VAI recycle timeouts

EVSI wrong dpidb type errors 0

EVSI Async Events: Total 92754, HW error 88050 =======> large number of HW errors as well.

Workaround: remove QOS of the ppp.

  • CSCun17558

Symptom: COS markings not seen properly on the dot1q interface.

Conditions: The issues are seen if fragment happened in data plane on the dot1q interface.

Workaround: There is no workaround.

  • CSCun20274

Symptom: Standy RP source is not participating in clocking selection

Conditions: Stanby RP bits must be configured

Workaround: Remove and re-apply the stby-network-clk Source with different framing.

  • CSCun20279

Symptom: At uRPF loose mode, the suppress drop counter on ASR1K will count packets even in case the packets are symmetric flow. ASR1K should not count symmetric flow packets as sdrop at uRPF loose mode.

Conditions: uRPF loose mode

Workaround: There is no workaround. This ddts does not have any service/traffic impact.

  • CSCun20776

Symptom: An ASR router may display the following logs continuously:

IOSXE-3-PLATFORM R0/0: kernel: Error -5
IOSXE-3-PLATFORM R0/0: kernel: /auto/mcpbuilds14/release/03.11.00.S/BLD-03.11.00.S/os/linux/drivers/binos/ds31408/ds31408_driver.c:ds31408_ioctl (line 522): IDT_IOCG_INTR_STATUS failed, status -5
IOSXE-3-PLATFORM R0/0: kernel: bullseye_altera_spi_rd_guts: Receiver-overrun error: Status = 0xffffffff
IOSXE-3-PLATFORM R0/0: kernel: /auto/mcpbuilds14/release/03.11.00.S/BLD-03.11.00.S/os/linux/drivers/binos/ds31408/ds31408_pll.c:ds31408_get_intr_status (line 76): DS31408 Read failed for 56
 

Conditions: An ASR router running IOS XE with traffic flowing through it.

Workaround: There is no workaround.

  • CSCun22771

Symptom: An ASR 1002-X router might crash and reload writing a core file in the process.

Conditions: ASR1002-X running IOS XE in a NAT-HA B2B scenario

Workaround: There is no workaround.

  • CSCun23803

Symptom: Cisco isr4451-X unable to program extensive ACL entries into the forwarding engine. This is a to add an easy command to see how much of the router's sotware TCAM is available to estimate ACL planning.

Conditions: This is seen when the ACL entries are very long and more common when port ranges are used.

Workaround: Reduce ACL entries.

  • CSCun24943

Symptom: After route processor (RP) switchover, ezPM does not operate on the newly active RP. Records are not exported.

Conditions: Stateful switchover (SSO) is configured. Switchover occurs.

Workaround: Re-apply the ezPM configuration or switchover to the original RP after it recovers from failure.

  • CSCun24965

Symptom: On the ASR1000 series router hen configuring a QoS service policy using the service-fragment type, the shaping value is not correct.

Conditions: A QoS Service Policy is applied using the service-fragment keyword, the shaped value is not correct.

Workaround: There is no workaround.

  • CSCun25912

Symptom: When using the Anyconnect autoreconnect feature on the ASR platform, configurations dynamically applied to the virtual-access interface might be lost over the reconnection.

Example, the interface after initial connection establishment would have a QOS service policy applied:

ROUTER#sh derived-config int virtual-access 1
 
!
interface Virtual-Access1
ip unnumbered GigabitEthernet0/0/1
tunnel source 10.1.1.1
tunnel mode ipsec ipv4
tunnel destination 10.10.1.100
tunnel protection ipsec profile ipsec-profile
no tunnel protection ipsec initiate
service-policy input INPUT-POLICY
end
 

Conditions: This has been observed with configurations being applied from the user AAA profile over Radius authentication.

Affected parameters observed are QOS service policies and access-group.

Workaround: 1. Do not use the reconnect feature

2. Apply those configurations directly to the Virtual-Template (if this is an option).

  • CSCun26943

Symptom: In an INTRA-box redundancy configuration, the STANDBY FP and ACTIVE FP may not be syncing dplane HA records robustly.

The easiest way for the customer to recognize if this *might* be happening is by examining the output of the

show platform hardware qfp active system intra and the show platform hardware qfp standby system intra CLIs.

If the output shows the counters " rx dropped" and/or "retx" continuously incrementing, then this problem may have been encountered.

Conditions: DUAL FP systems with stateful HA features such as NAT configured.

Workaround: There is no workaround.

  • CSCun28965

Symptom: show ip nat translation filter range [inside | outside] [local|glocal] <start-ip> <end-ip> was not filtering the output as per the range specified.Conditions: These is no condition.

Workaround: There is no workaround.

  • CSCun30321

Symptom: Major alarm observed on ASR1001

Conditions: After upgrade to XE3.10.2.

Workaround: There is no workaround.

  • CSCun32035

Symptom: Configured following features as part of IWAN performance testing for UTAH platform

1. AVC

2. PFR

3. QoS

4. Appnav + WAAS

5. DMVPN

6. Crypto.

Make sure DMVPN and MPLS tunnel are up and performance monitor, WAAS and crypto are enabled for these tunnels.

Router crashes with traffic profile.

Conditions: Traffic profile includes, voice + http + media traffic.

Crash is seen as soon the traffic is initialized at less than 15 % of load.

Workaround: There is no workaround.

  • CSCun35149

Symptom: Enable performance monitor on local switching interface.

Conditions: Two interfaces are connected as local switching.

Workaround: There is no workaround.

  • CSCun36785

Symptom: ASR1002X production router acting as WAN-Aggregator reloaded unexpectedly after pushing the AVC configuration from Cisco Prime infrastructure through SSH session.

The config push was successful onto the box, and the flow statistics were exported properly to the PI.

However after Half an hour, the router reloaded with CPP mcplo_ucode crash and fman_fp crash

The box is configured with IKEv2 DMVPN and basic NAT, along with BGP and EIGRP. We had around 4 static NHRP tunnels from different branch locations terminating onto this box. All traffic from the branches were encrypted, decrypted on this router and NAT was applied to the decrypted traffic before sending it out of the Port-channel interface towards production network.

Conditions: Seen on ASR1002X running CCO IOS-XE version 3.10.1

The Crash has occured only once. Currently AVC configs has been backed out and the router is stable. This is seriously affecting the AVC deployment on the network.

Workaround: There is no workaround.

  • CSCun37698

Symptom: An ESP might crash

Conditions: The device has NAT and WCCP configured. It looks like WCCP fails to setup the output interface correctly. This leads to NAT accessing a bad location in memory which causes a crash. The exact conditions are still being looked at.

Workaround: There is no workaround.

  • CSCun44581

Symptom: FOs of CFT features might not be released in case the featrue has unregistered from CFT before the flow aged..

Conditions: Feature of CFT (Stile,FNF,FME,CENT..) that allocated FO in the flow and then un-registered from CFT (i.e feature has been disabled) while another feature is still registered to CFT, the FO of that feature won't be released.

Workaround: Stop traffic before disable the feature or reload.

  • CSCun48994

Symptom: The CP process crashes while collapsing a hierarchy layer node that had once exceeded 4000 entries. The collapse occurs when the number entries falls below 4000.

Conditions: This problem occurs while collapsing a node that had once exceeded 400 entries. The problem is specific to MLPPP, MFR and GEC aggregate because these features require notification when a schedule ID changes. The schedule ID changes when a scheduling node is reconstructed. The issue hit when the operation involves both the flushing and SID notification.

Workaround: There is no workaround.

  • CSCun49087

Symptom: ASR1002x crash.

Conditions: Duty cycle testing with a lot of negative events in DMVPN setup.

Workaround: There is no workaround.

  • CSCun51932

Symptom: Incorrect internal and external Dialtone for CPTONE DE.

Conditions: Cptone DE is configured under FXS ports.

Workaround:

Router# test voice tone DE dialtone 1 425 0 -200 -200 -240 0 0 0 65535 0 0 0 0 0 0 0
Router# test voice tone DE 2nd_dialtone 1 425 0 -200 -200 -240 0 0 0 200 300 200 300 200 800 0 0
Router# shut the voice-port
Router# Unshut the voice port
 
  • CSCun55310

Symptom: An ATM-port might show input-errors of type overrun.

Conditions: They get counted so, because they hit an on-demand AutoVC, where the nature of the packets (for example ILMI or BPDU) should not raise the VC.

Workaround: The concerning VC could be configured as permanent or the packets should be prevented on neighbor device as it is seen as unwanted or unexpected traffic.

  • CSCun56044

Symptom: When there is a small network flap, ASR sends below traps to the Monitoring tool.

1. When the adjacency goes down;

13.2.2014 04:25:08.430 CISCO-SESS-BORDER-CTRLR-EVENT-MIB Enterprise specific=3 enterprises.cisco.ciscoMgmt.ciscoSessBorderCtrlrEventMIB 47 csbAlarmSubsystem=signaling csbAlarmSeverity=0 csbAlarmID=47 csbAlarmTime=Thu Feb 13 02:25:08 UTC 2014 csbSBCServiceName=lah1-sbc1 csbAdjacencyState=detached csbAdjacencyType=sip csbAdjacencyName=Savonvoima-Lync csbAlarmDescription=This alarm is generated when an adjacency is attached to or detached from the sbe.

2. When it comes back;

13.2.2014 04:28:38.126 CISCO-SESS-BORDER-CTRLR-EVENT-MIB Enterprise specific=3 enterprises.cisco.ciscoMgmt.ciscoSessBorderCtrlrEventMIB 48 csbAlarmSubsystem=signaling csbAlarmSeverity=cleared csbAlarmID=48 csbAlarmTime=Thu Feb 13 02:28:37 UTC 2014 csbSBCServiceName=lah1-sbc1 csbAdjacencyState=attached csbAdjacencyType=sip csbAdjacencyName=Savonvoima-Lync csbAlarmDescription=This alarm is generated when an adjacency is attached to or detached from the sbe.

3.13.2.2014 04:28:38.376 CISCO-SESS-BORDER-CTRLR-EVENT-MIB Enterprise specific=3 enterprises.cisco.ciscoMgmt.ciscoSessBorderCtrlrEventMIB 49 csbAlarmSubsystem=signaling csbAlarmSeverity=0 csbAlarmID=49 csbAlarmTime=Thu Feb 13 02:28:37 UTC 2014 csbSBCServiceName=lah1-sbc1 csbAdjacencyState=attached csbAdjacencyType=sip csbAdjacencyName=Savonvoima-Lync csbAlarmDescription=This alarm is generated when an adjacency is attached to or detached from the sbe.

Conditions: ASR Version: asr1000rp1-adventerprisek9.03.11.00.S.154-1.S-std.bin

"snmp-server enable traps sbc adj-status" is added in the ASR configuration.

Workaround: There is no workaround.

  • CSCun58672

Symptom: VTCP not send tcp segments according adjustment mss.

Conditions: TCP sync with mss 1460 from interface B, and Interface A sent out sync with mss 1390

tcp segments (tcp payload 1390) come from interface A observed tcp segments with tcp payload 1460 sent out via interface B

Workaround: There is no workaround.

  • CSCun69811

Symptom: Actually customer on active box would only like to "no activate" a single delegate registration entry below.

subscriber sip:+999999@site.com
sip-contact sip:+001999999999@10.0.0.1
adjacency CUCM-llab
delegate-registration sip:test.site.com
adjacency PSTN-lab-SIP-CONNECT-test-lab
profile SIP-CONNECT_TIMERS
activate
 

Conditions: Sessions are deactivated and the stand-by router crashes.

Workaround: "no activate" command must be executed at the "delegate-registration" sub section. This will prevent the deactivation of the sessions.

  • CSCun73233

Symptom: No way audio (silence) issue is noticed on transcoded SIP-SIP calls on CUBE when supplementary services like Hold/Resume or Call Transfer is invoked. Issue is observed with both SCCP based transcoding and LTI (Local Transcoding Interface) based transcoding.

When using SCCP Based Transcoding, "show sccp connection" output looks as below during no-way audio issue (Mode - Inactive, rport - Empty, ripaddr - Empty, conn_id_tx - Empty)

CUBE-2#show sccp connections
sess_id conn_id stype mode codec sport rport ripaddr conn_id_tx
65545 36 xcode inactive g729 16414 0 ::
65545 40 xcode inactive g711a 16412 0 ::
When using LTI based transcoding, "show dspfarm dsp active" shows no entry of the call during no-way audio
CUBE-2#show dspfarm dsp active
SLOT DSP VERSION STATUS CHNL USE TYPE RSC_ID BRIDGE_ID PKTS_TXED PKTS_RXED
Total number of DSPFARM DSP channel(s) 0
 

Conditions: IOS Release 15.3(3)M

Issue happens only under following condition.

1.When "midcall-signaling passthru media-change" is configured on CUBE

2.There is change in codec in one of the call leg after invoking supplementary services like Hold/Resume or Transfer

Workaround: 1.Disable "midcall-signaling passthru media-change"

Voice service voip

Sip

no midcall-signaling passthru media-change

2.Use same codec through-out the call (Avoid change in codec behavior by controlling supported codec list)

  • CSCun78318

Symptom: ACLs applied to the mgmte do not work on the new active RP after a RP switch over.

Conditions: After a RP switch over as the old standby RP becomes the new active RP.

Workaround: Remove then reapply the ACLs to the mgmte on the new active RP.

  • CSCun83231

Symptom: After sub package ISSU operation is performed, ELC does not come up and following error messages are seen.

*Mar 19 23:10:10.607 PDT: %PMAN-0-PROCFAILCRIT: SIP1: pvp.sh: A critical process mcpcc_lc_ms has failed (rc 127)
*Mar 19 23:10:10.865 PDT: %PMAN-5-EXITACTION: SIP1: pvp.sh: Process manager is exiting: critical process fault, mcpcc_lc_ms, cc_1_0, rc=127
 

Conditions: Issue is specific to ELC.

Issue is specific to sub package upgrade.

Issue is seen across all releases that support ELC.

ELC means ASR1000 Ethernet Line Cards - These are: ASR1000-2T+20X1GE and ASR1000-6TGE line cards.

Workaround: Consolidated upgrade can be performed.

  • CSCun84368

Symptom: Netflow cache entry is not created for IPV6 flows and entries for IPv4 entries is not accurate . For IPv4 entries the BGP next hop is not updated and set to 0.0.0.0

Conditions: Upon Execution of RP switchover.

Workaround: After RP switch-over, remove BGP configuration from Core router ("P") , and conifgure it back updaon BGP update on PE router, the BGP - NH will appear in FNF records.

  • CSCun87352

Symptom: The ESP module in an ASR1000-series router may reload unexpectedly. In systems with an integrated ESP, such as the ASR1001 and ASR1002-X, this may result in a reload of the entire chassis.

Conditions: This has been observed on an ASR1001 running 15.3(3)S2 (IOS-XE 3.10.2S).

Flexible NetFlow is enabled.

Exact conditions currently unknown.

Workaround: Disabling Flexible NetFlow may prevent the crash.

  • CSCun87685

Symptom: ASR1006/15.4(1)S crashed while adding port and host specific deny statements on specifc lines for the WCCP-Redirect ACL.

Conditions: Adding port and host specific deny statements on specifc lines for the WCCP-Redirect ACL.

Workaround: There is no workaround.

  • CSCun89036

Symptom: Traceback when IPV6 traffic is transiting through ATM sub-interface

Conditions: Configuration of "atm route-bridged ipv6" configured at ATM sub-interface level.

Workaround: There is no workaround.

  • CSCun91199

Symptom: NAT ALG not translating in case of multiple sip address in SDP.

Conditions: sip invite message containing oline and cline with different addresses and both need translationdynamic nat with acl configured.

Workaround: Simplify the ACL associated with NAT mapping configuration.

  • CSCun92171

Symptom: CUBE's media anti-trombone feature does not work correctly when combined with the pass-thru content sdp feature. When the two features are enabled CUBE will return the wrong SDP on one call leg and does not properly switch from media flow-through to media flow-around.

Conditions: This was seen on 15.4(1)T with both media anti-trombone and pass-thru content sdp enabled.

Workaround: There is no workaround.

  • CSCun96969

Symptom: During regular operations, a Cisco router running Cisco IOS release 12.4(24)T and possibly other releases experiences a crash. The crash info will report the following:

%SYS-2-FREEFREE: Attempted to free unassigned memory at 4A001C2C, alloc 4180794C, dealloc 417616B0,
 
%SYS-6-BLKINFO: Attempt to free a block that is in use blk 4A001BFC, words 134, alloc 4180794C, Free, dealloc 417616B0, rfcnt 0.
 

Conditions: These is no condition.

Workaround: There is no workaround.

  • CSCtz97771

Symptom: The ASR1002 running IOS_XE 3.7.0 (15.2(4)S) crashed after a configuration change inf FNF.

%FMANRP_NETFLOW-3-INVALIDFLOWDEFCPP: CPP Flow definition can not be
created 1
Mar 19 12:18:33 lns3 1596693: -Traceback=
1#fcbfdf6899eea283341cebf8c5320ad1 :10000000+6FBFE8 :10000000+6FC394
:10000000+5B9F54C fnf_config:9DB4000+1B270 fman_rp:ED4B000+1D0
764 fman_rp:ED4B000+1D0954 :10000000+3326E78 :10000000+330110C
Mar 19 12:18:33 lns3 1596694: Mar 19 12:18:32.268:
%FMANRP_NETFLOW-3-INVALIDFLOWDEFCPP: CPP Flow definition can not be
created 1
Mar 19 12:18:33 lns3 1596695: -Traceback=
1#fcbfdf6899eea283341cebf8c5320ad1 :10000000+6FBFE8 :10000000+6FC394
:10000000+5B9F54C fnf_config:9DB4000+1B270 fman_rp:ED4B000+1D0764
fman_rp:ED4B000+1D0954 :10000000+3326E78 :10000000+330110C
Mar 19 12:18:38 lns3 1596696: Mar 19 12:18:35.546:
%IOSXE_OIR-6-OFFLINECARD: Card (fp) offline in slot F0
Mar 19 12:18:38 lns3 1596697: Mar 19 12:18:35.561:
%ASR1000_RP_ALARM-6-INFO: ASSERT MAJOR module F0 Unknown state
Mar 19 12:18:38 lns3 1596698: Mar 19 12:18:35.561:
%ASR1000_RP_ALARM-6-INFO: ASSERT CRITICAL module R0 No Working ESP
Mar 19 12:18:47 lns3 1596699: Mar 19 12:18:46.919: %SYS-5-CONFIG_I:
Configured from console by icuk on vty0 (46.33.130.1)
Mar 19 12:19:50 lns3 1596700: Mar 19 12:19:49.743:
 

Conditions: An FNF record that includes one of the following key/non-key fields configured along with an extracted field will trigger the trace back.

one or more fields derived from the below:

match/collect routing source/destination [peer] as [4-octet]

along with an extracted field such as :

collect application http host

Example:

flow record test-rec
match routing source as 4-octet
collect application http host
flow monitor test-mon
record test-rec
 

Workaround: There is no workaround.

  • CSCun97294

Symptom: Core dump won't be generated after kernel crash in x86_64 platforms.

Conditions: Kernel crash.

Workaround: There is no workaround.

  • CSCun97760

Symptom: ASR running 15.2(4)S4 saw ESP crash due to corrupted H323 packet.

Conditions: ASR running 15.2(4)S4 saw ESP crash due to corrupted H323 packet.

Workaround: If customer don't need h.323 alg, a workaround is to disable h.323 alg:

no ip nat service h225.

  • CSCun97966

Symptom: txnpMaxMtuExceeded message seen when packets sent to crypto.

Conditions: When nated packet is sent to crypto, txnpMaxMtuExceeded is seen for some packets. Applicable only asr1k-2x, ESP100 and ESP200.

Workaround: There is no workaround.

  • CSCuo02270

Symptom: Issues with source VLAN numbers while using with ERSPAN.

Conditions: VLAN greater than 1005 were not displayed in the running config. There is no service impact.

Workaround: There is no workaround.

  • CSCuo02558

Symptom: Crash in cpp_cp_svr when executing 'show platform packet-trace packet all'.

Conditions: Crash can only occur when executing 'show platform packet-trace packet all'.

Workaround: Display a single packet at a time using 'show platform packet-trace packet <num>' instead of using 'all'.

  • CSCuo02894

Symptom: Packet-trace statistics sometimes appear to report out-of-sync counts.

Conditions: Using packet-trace in IOS-XE3.11.

Workaround: There is no workaround.

  • CSCuo09341

Symptom: ESP crashed.

Conditions: ESP crash observed while running 3.11.1

Workaround: There is no workaround.

  • CSCuo09390

Symptom: ASR1K crash on netflow configuration change.

Conditions: When all current CVLA client features are unconfigured and registration happens from beginning for a new client, allocating initial chunk memory fails.

Workaround: Do not unconfigure every existing CVLA feature at once. Leave atleast one feature configured so that when a new feature is configured, CVLA does not have to allocate the initial chunk memory again. Leaving out atleast one CVLA feature configured will avoid the crash.

  • CSCuo17719

Symptom: An ESP crash is seen with IPv6 ping to or from an interface configured with IPSec and FNF.

Conditions: The crash is seen when the size of the IPv6 ping is greater than the interface IPv6 MTU.

Workaround: There is no known workaround. However, this is not a common scenario for IPv6 as fragmentation is almost always handled by the sending host/application.

  • CSCuo19730

Symptom: Cisco IOS XE includes a version of OpenSSL that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) ID CVE-2014-0160.

This bug has been opened to address the potential impact on this product.

Conditions: Cisco IOS XE devices running release 3.11.0S, 3.11.1S or 3.12.0S and with the WebUI interface over HTTPs enabled. No other versions of Cisco IOS XE are affected.

Devices with the WebUI interface enabled and using HTTPs as transport protocol will include the following configuration:

transport-map type persistent webui http-webui
secure-server
ip http secure-server
transport type persistent webui input http-webui
 

Devices running IOS XE release 3.11.0S, 3.11.1S or 3.12.0S but WITHOUT the WebUI interface enabled, or with the WebUI interface enabled but NOT using HTTPs as transport protocol are NOT AFFECTED by this vulnerability.

Devices running IOS XE release 3.11.0S, 3.11.1S or 3.12.0S and with the HTTPs server enabled (by including in their configuration the line "ip http secure-server") are NOT affected. Both the HTTPs server and the WebUI interface need to be enabled for a device to be vulnerable.

Workaround: There is no workaround.

  • CSCuo20090

Symptom: The saved ACLs applied to the mgmte from startup-config may not work after system reload.

Conditions: After system reload.

Workaround: Remove then reapply the ACLs to the mgmte after system reload.

  • CSCuo27542

Symptom: ASR router crashes when using local static hosts for GTP APN dns resolving.

Conditions: Local hosts statically configured in router.

Workaround: Use external DNS server.

  • CSCuo29770

Symptom: ESP fails to initialize and reboots. A message like the following will be seen on the IOS console:

*Jan 01 16:22:35.562: %CPPHA-3-INITFAIL: F0: cpp_ha: CPP 0 initialization failed - startup init (0x1)
*Jan 01 16:22:35.562: %CPPHA-3-INITFAIL: F0: cpp_ha: CPP 0 initialization failed - start CPP (0x1)
 

The cpp_driver tracelog contains an entry which lists an A41C error code, indicating that the driver was unable to turn on termination. Here is an example:

01/01 16:22:35.120 [cpp-drv]: (ERR): COMP0053/dui/A41C: QFP0.0 - unable to turn on termination for DUI0
 

This is an intermittent failure, so the ESP will likely initialize successfully on the 2nd or 3rd attempt. This is an initialization issue, and once initialization completes successfully there are no further problems related to this condition.

Conditions: Only ASR1002-x, ESP100 and ESP200 are affected. Router configuration or traffic pattern do not affect this problem. The software is fixed in XE3.10.4S, XE3.11.2S, XE3.12.0S and later releases.

Workaround: There is no workaround.

  • CSCuo30472

Symptom: On ASR1K configured to do PBR with over 3000 lines of ACL entries , after a change on the match ACE, it stops working.

Conditions: ASR 1000 RP1 configured with over 3000 ACEs.

Workaround: There is no workaround.

  • CSCuo38164

Symptom: Traceback and log error noticed

Conditions: While initiating H323 call with SBC feature.

Workaround: There is no workaround.

  • CSCuo41590

Symptom: There are compatibility issues between certain IOS-XE versions and SM-ES3X. With some combinations of SM-ES3X firmware and some releases of IOS-XE, the SM-ES3X will not boot.

With the unsupported combinations, the SM-ES3X will not boot. An error

?*May 7 19:44:32.785: %SPA-3-MSG_PARSE_FAILURE:iomd: Failed to parse incoming message from SM-ES3X-24-P slot 2 subslot 0 board 0. The module software may require an update?
 

will be displayed on the IOS-XE console and the SM-ES3X will go into 'out of service' state as shown in the 'show platform' command.

router#show plat
Chassis type: ISR4451-X/K9
Slot Type State Insert time (ago)
--------- ------------------- --------------------- -----------------
0 ISR4451-X/K9 ok 00:16:02
0/0 ISR4451-X-4x1GE ok 00:13:52
1 ISR4451-X/K9 ok 00:16:02
1/0 SM-X-1T3/E3 ok 00:12:29
2 ISR4451-X/K9 ok 00:16:02
2/0 SM-ES3X-24-P out of service 00:07:54
R0 ISR4451-X/K9 ok, active 00:16:02
F0 ISR4451-X/K9 ok, active 00:16:02
P0 Unknown ps, fail never
P1 XXX-XXXX-XX ok 00:15:32
P2 ACS-4450-FANASSY ok 00:15:32
 

Conditions: Versions of SM-ES3X modules is incompatible with some earlier versions of IOS-XE. SM-ES3x version EJ1 is only compatible with the following major release versions of IOS-XE, or later.

15.3(3)S4 (XE 3.10.4)

15.4(1)S3 (XE 3.11.3)

15.4(2)S (XE3.12.1)

Workaround: Ensure that a compatible combination of SM-ES3X and IOS-XE images are used. Upgrade/downgrade one or the other to get to a compatible pair.

  • CSCuo47620

Symptom: Memory is leaked during session tear down. The following error message is logged to the console after the address space limit is exceeded.

on standby-ESP:

%CPPDRV-4-ADRSPC_LIMIT: F1: cpp_cp: Address space limit
 

Conditions: When a policy with conditional policing enabled is removed, the traffic manager leaks 16 bytes of resource DRAM per target. The leak increases exponentially when tearing down more than 20000 PPP sessions. Though the system may still be operation, the control plane performance becomes severely degraded causing subsequent configuration processing to become very slow.

Workaround: There is no workaround.

  • CSCuo55508

Symptom: A cpp-ucode crash is encountered.

Conditions: Using packet-trace to trace packets in a feature environment where packets are replicated using egress conditions.

debug platform packet-trace enable
debug platform packet-trace packet 16 fia-trace
debug platform condition egress
debug platform condition start
 

Workaround: Do not use fia-trace.

  • CSCuo64196

Symptom: When remove OSPF from OTV setting, saw CPP-uCode crash.

Conditions: These is no condition.

Workaround: There is no workaround.

Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S

This section documents the open issues in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S.

This section documents the unexpected behavior that might be seen in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S.

  • CSCtd29571

Symptom: Fix warning message for the maximum MAC address filter supported

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCtt21586

Symptom: Kingpin "cc" bandwidth maxed out at 10G

Conditions: None.

Workaround: There is no workaround.

  • CSCtw74124

Symptom: For a slot housing the Cisco ASR1000-SIP40, or on a Cisco ASR1002-X, the output of the show platform hardware slot <slot#> plim buffer settings detail command always shows the value of Max always as “0“ in the "Fill Status Curr/Max" filed, even when the Rx buffers have been utilized.

Conditions: When the SPA Aggregation ASIC has been flow controlled by the Network Processing Unit, the buffers inside the SPA Aggregation ASIC will start filling up.

Workaround: There is no workaround.

  • CSCtx72973

Symptom: Config-sync failiure is seen when unconfiguring the crypto gdoi group.

Conditions: Seen on HA setup.

Workaround: There is no workaround.

  • CSCtz50465

Symptom: ISSU between incompatible images goes through.

Conditions: This happens for images between ISSU-break.

Workaround: There is no workaround.

  • CSCua48282

Symptom: On ASR1K router, randomly observe the following error during ISSU MDR runversion, the error does not have funcationality impact.

*Jun 13 18:21:04.001 PDT: %CMCC-3-PLIM_STATUS: SIP2: cmcc: A PLIM driver informational error txnpMaxMTUExceeded, block 1e count 1
 

Conditions: None.

Workaround: There is no workaround.

  • CSCua55528

Symptom: %SYS-3-CPUHOG Errors, and Trace backs seen while performing config replace

Conditions: Configurations are done on both ELC ports and 1 GIGE ports.

Workaround: There is no workaround.

  • CSCua62284

Symptom: Can not synchronize SPI4 bus and PLIM error.

Conditions: None.

Workaround: There is no workaround.

  • CSCub42703

Symptom: video_SDP_Passthru call are failing Bandwidth based on CAC.

Conditions: None.

Workaround: There is no workaround.

  • CSCub71548

Symptom: On ANCP session, when DSLAM sends TCP-FIN, then ASR1K replies with TCP-ACK but does NOT send its own TCP-FIN. Or sometimes ASR1K replies, but with a delayed TCP-FIN.

Instead of graceful closure ANCP closed the connection later due to Keepalives Misssed.

Conditions: ANCP session established to DSLAM, and DSLAM terminates the TCP session with TCP-FIN.

Workaround: There is no workaround.

  • CSCub87409

Symptom: Memory leak in oom.sh process RP and FP.

Conditions: None.

Workaround: There is no workaround.

  • CSCuc82799

Symptom: MDR:A PLIM driver has critical error TXPA1 - txmcFifoEopMapUbe

Conditions: None.

Workaround: There is no workaround.

  • CSCuc91397

Symptom: When measuring No Drop Rate (NDR) with FNF configured on either a ESP100 or ESP200 can appear to be lower than expected particularly when compared with other ESP

forwarding cards. However, some of this is misleading as the method of computing NDR makes no distinction between startup effects and steady state peformance. Once traffic is flowing the steady state throughput is in line with what would be expected. Additionally, decreased export performance is seen, more significant in ESP200 then ESP100.

Conditions: Configuring FNF on ESP100 or ESP200 forwarding cards. If NDR script is run such that early drops (before system has reached steady state) are taken into account by the NDR

search then a misleading low NDR will be reported.

Workaround: Start traffic first before measuring NDR so that startup effects are avoided.

  • CSCue61643

Symptom: When the encapsulation on pvc is aal5mux.

Conditions: Ping fails when encapsulation on pvc is aal5mux.

Workaround: Configure a different encapsulation aal2snap and make it default.

  • CSCue76929

Symptom: enhance crypto-engine packet drop cause.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCue91054

Symptom: ESP crashed when sending IPv6-fragmented traffic through DMVPN hub (MGRE tunnel).

Conditions: This condition occurs when sending big IPv6 packets (need to do IPv6 fragmenation after adding tunnel header) traffic through DMVPN hub. Large amout of IPv6 fragment traffic, for example, 5G on ESP20, which exceeds re-assembly performance number that is less than 2G.

Workaround: Change MTU to avoid IPv6 fragmentation.

  • CSCue92637

Symptom: Review comments for CSCue17512/CSCue93536 (Phy Interrupt Handler)

Conditions: None.

Workaround: There is no workaround.

  • CSCuf14884

Symptom: dummy packet generation per SA does not follow configured interval.

Conditions: None.

Workaround: There is no workaround.

  • CSCuf57507

Symptom: EVENTLIB-3-RUNHOG: SIP2: cmcc: undefined: 7179ms

Conditions: While performing an active RP failure during ASR1006 subpackage MDR upgrade

Workaround: There is no workaround.

  • CSCuf73907

Symptom: asr1k:elc:wrong display for EVC in "sh bd" for Ten Gig links of ELC

Conditions: None.

Workaround: There is no workaround.

  • CSCuf82128

Symptom: ASR-CUBE: Crash observed with DSMP.

Conditions: Load scenario issue is observed.

Workaround: There is no workaround.

  • CSCug19588

Symptom: IKEv2 TPS performance degradation over time.

Conditions:This occurs in the lab under extreme test conditions with traffic running during session bring-up.

Workaround: Reduce traffic and or reduce session bring-up rate.

  • CSCug42906

Symptom: eXpresso support for BelAir

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCug47592

Symptom: PLIM Driver Error Messages observe while booting.

Conditions: On ASR1002-X router during booting.

Workaround: There is no workaround.

  • CSCug58572

Symptom: DM Funcunality collapsed for camaro devices.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCug60382

Symptom: NTE payload type is renegotiated as asymmetric which some device cannot support.

Conditions: Mid call late invite to trigger renegotiated and the answer in SDP from initiator has different nte payload type as nte payload from offer 200(invite) in other side.

Workaround: Remove nte payload in ACK using lua script.

  • CSCuh11621

Symptom: Nightster: Shut/No-Shut on Nightster bay0/1 causes PLIM driver Errors

Conditions: None.

Workaround: There is no workaround.

  • CSCuh23721

Symptom: %SNMP-3-DVR_DUP_REGN_ERR tracebacks seen on any-to-any oir, replaced 8CE1T1 (with max channels) with 1CE1T1 and on configuring max (31) channel-groups on 1CE1T1during any-to-any oir.

Conditions: Seen on any-to-any oir configured with max channels.

Workaround: There is no workaround.

  • CSCuh29125

Symptom: in meetme confernece calls, the call-id/tag modification for NOTIFY work for pre-INVITE NOTIFY, but it seems does not work pre-BYE NOTIFY

Conditions: There is no known condition.

Workaround: There is no workaround.

  • CSCuh55816

Symptom: Ensure that all ios-xe image contain the CW_ strings during loadbuild

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCuh62666

Symptom: All packets punt to RP for GEC interface.

Conditions: Config and remove ethertype for GEC interface.

Workaround: There is no workaround.

  • CSCuh95602

Symptom: Self bound traffic dropped by firewall.

Conditions: NAT64 is configured and traffic is sent from IPv6 client (in) to IPv4 egress interface of UUT (self).

Workaround: There is no workaround.

  • CSCui09671

Symptom: GEC: recycle bundle can't keep up on Yoda platforms

Conditions: None.

Workaround: There is no workaround.

  • CSCui20319

Symptom: Pending issues/ack is observed on ESP

Conditions: Must meet all following conditions:

1. When port-channel vlan loadbalacing mode is enabled on Port-channel EVC with large scale of EFPs on one port-channel (8000 in this case)

2. EFPs on Port-channel are assigned to different links.

3. When the efps and port-channel are remove using one command "no int port-channel x"

4. Then the scale config and link assignment are added back by copying back the scale config

Workaround: Separate EFP removal and port-channel link removal (remove efps, the remove int port-channel) separate EFP config and port-channel link config (add EFP first, then add links to port-channel).

  • CSCui43325

Symptom: Traffic blackhole for v6 SSM groups after flapping bgp loopback interface on the egress PE

Conditions: This condition is observed during BGP loopback interface flap

Workaround: Unconfigure-reconfigure the mdt default command under the v6 address-family for the vrf

  • CSCui45088

Symptom: While changes the ip address configuration on Management interface we are seeing link flap from link down to link up.

Conditions: Management interface should be in up state.

Workaround: There is no workaround.

  • CSCui57016

Symptom: Deactivating container takes long time due to symbolic link.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCui64579

Symptom: ping failed with packet size over 10184.

Conditions: MPLS mtu max enabled for MPLSomGRE tunnel

Workaround: Disable MPLS mtu max.

  • CSCui96224

Symptom: show crypto ipsec interface <interface-name> platform is listing the output of show platform software ipsec fp active interface all instead of selecting the right interface ID

Conditions: Using the new platform command.

Workaround: There is no workaround.

  • CSCuj19293

Symptom: Bindings are present after inconfiguring Static NAT mappings

Conditions: This symptom is observed when static NAT is mapped with route-map

Workaround: There are no workaround.

  • CSCuj23729

Symptom: "uc wsapi" cannot be configured on S train platforms (juno)

Conditions: None.

Workaround: There is no workaround.

  • CSCuj25221

Symptom: CPP process crash during a change in the loopback ip address used as a DNS NAT source.

Conditions: Change in the ip address.

Workaround: There is no workaround.

  • CSCuj36793

Symptom: Commit of CSCud71821 is causing a problem during MDR; the reload causes the cc to go offline and a rommon status of bad_rommon is shown.

Conditions: None.

Workaround: There is no workaround.

  • CSCuj38420

Symptom: No alias interface for dynamic NAT.

Conditions: Overload configured for dynamic NAT.

Workaround: remove Overload.

  • CSCuj44771

Symptom: Queue_depth value incorrect with FRR Scaling

Conditions: Queue_depth values are not getting back to the original value(0) while shuting the interface

Workaround: There are no workaround.

  • CSCuj45924

Symptom: Kingpin : intermittent network boot slowdown

Conditions: None.

Workaround: There is no workaround.

  • CSCuj55363

Symptom: In the lisp getVpn solution test, when the getvpn profile is applied in physical interface in the data path flow (such as interface between GM1 to core), the traffic got dropped with qfp error of "IpsecIkeIndicate"/"OUT_V4_PKT_HIT_IKE_START_SP" when the getvpn profile is applied to the LISP0 interface, Encrypted traffic flows in the LISP setup properly

Conditions: getvpn profile is applied to the physical interface instead of lisp interface.

Workaround: Apply getvpn profile in lisp interface.

  • CSCuj55984

Symptom: GetVPN crypto gdoi re-reg fails

Conditions: When active traffic and when the WAN intf flaps

Workaround: Issue "clear crypto gdoi" on UUT.

  • CSCuj56749

Symptom: SPA FPD Recovery Upgrade failure for SPA-4XT-SERIAL

Conditions: None.

Workaround: There is no workaround.

  • CSCuj73916

Symptom: Traceback seen.

Conditions: while running ISAKMP D10 suite during codenomicon testing.

Workaround: There is no workaround.

  • CSCuj76325

Symptom: Build issues occurs in CEL 5.5, as config.sh the older java compliler.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCuj79520

Symptom: Increased use of global addresess over time while running PAP.

Conditions: NAT PAP enabled along with vrf on outside interfaces.

Workaround: If global address pool becomes deleted, it may become necessary to clear ip nat translations or reload the CPP.

  • CSCuj82418

Symptom: CUBE-SP data plane forwording capacity drops.

Conditions: NNI performance test.

Workaround: There is no workaround.

  • CSCuj82421

Symptom: the board will not be shutdown expectedly

Conditions: configure "facility-alarm critical exceed-action shutdown". A sensor in remote FRU exceeded the shutdown temp.

Workaround: shutdown the remote board manually.

  • CSCuj83079

Symptom: AVC performance results are not stable.

The deviation can be up to 13%.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCuj84220

Symptom: Nightster: 10GE Eval license does not transition into In-Use status.

Conditions: None.

Workaround: There is no workaround.

  • CSCuj89036

Symptom: IOSd crashes following an OIR of an eToken.

Conditions: OIR activity on either USB port of a single eToken.

Workaround: Do not OIR an eToken.

  • CSCuj92874

Symptom: Matching ms-office-web-apps traffic under it's attributes doesn't work.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCuj93637

Symptom: NBAR stop to work after reload with getvpn configuration.

Conditions: This symptom is observed when SSO is configure on the box.

Workaround: Remove the crypto map from the interface and attach it again.

  • CSCul01335

Symptom: FP may crash

Conditions: This symptom is observed on changing pap limit from 30 to 60 with traffic on

Workaround: There is no workaround.

  • CSCul01776

Symptom: Oracle-sqlnet signature may be to broad and needs some adjustment. Current implementation may cause some degradation in performance but has no impact on classification.

Conditions: Relevant where protocol discovery (or oracle-sqlnet QOS) is applied.

Workaround: There is no workaround.

  • CSCul03480

Symptom: mcp_dev: Need to fix name of epoch file or change the tdlresolve.sh.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCul10111

Symptom: Loopback Led is not changing to Amber in Javelin T3E3 spa in Encap PPP.

Conditions: None.

Workaround: There is no workaround.

  • CSCul12632

Symptom: SPA-8XCHT1/E1: show version doesn't show serial i/f info sometimes.

Conditions: None.

Workaround: There is no workaround.

  • CSCul16548

Symptom: The 'show crypto ipsec sa peer <address> platform command may be incorrect for ESP 200 on ASR1K.

Conditions: The crypto context information will be incorrect for all the IPSec SAs programmed on crypto device 1 on an ESP 200.

Workaround: Use the 'show platform software ipsec fp active encryption-processor 1 context <context id>' command manually to get the crypto context information.

  • CSCul17693

Symptom: On the ASR1000 platform family, CISCO-ENHANCED-MEMPOOL-MIB & CISCO-MEMORY-POOL-MIB show lsmpi_io pool with little free memory. As a result, various SNMP management software applications may generate an error/notification.

Conditions: This condition is shown from the moment the router boots up.

The lsmpi_io pool is used on the Route Processor of all ASR1000 routers. Unlike other IOS versions IOSd on the ASR is a process running on IOS XE. IOSd has a single logical interface which communicates to IOS XE. This interface is called the Linux Shared Memory Punt Interface (LSMPI). When the ASR1000 boots the lsmpi_io pool is created and nearly all of the memory is allocated up front by design. Therefore, the little free memory shown in the MIBs is by design and does not indicate an error condition.

The LSMPI interface is described further in this document:

http://tools.cisco.com/squish/b64AB

Workaround: There is no workaround for the lsmpi_io pool having little free memory. If some other piece of software is generating alarms for this reason the management software needs to be adjusted.

  • CSCul24025

Symptom: ASR1K crash @__be_slaComponentProcessEvent when unconfigure ip sla udp-jitter.

Conditions: configure 4000 CPP timestamp IP SLA udp-jitter and then unconfig all.

Workaround: There is no workaround.

  • CSCul27478

Symptom: Time sync problem between QFP and IOS.

This out of sync appears at some platforms and causes complete breakage of punt performance monitors.

Conditions: asr1002 RP1 ESP5 and asr1004 RP2 ESP20 after system reload

Workaround: ntp server configuration is must.

delay after reload was done for a system 5-40 mins.

  • CSCul29434

Symptom: ELC MDR: %CWAN_HA-4-IFEVENT_BULKSYNCFAIL: receive failed ifevent: 10 err

Conditions: This condition is observed during Consolidated MDR upgrade

Workaround: There is no workaround.

  • CSCul38930

Symptom: SR 626723873 : Fix the ESP Crash seen with shared memory access.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCul47786

Symptom: failed to initialize qos EA with rp2 super image in mcp_cable_xos branch.

Conditions: None.

Workaround: There is no workaround.

  • CSCul48593

Symptom: Active FP crashed due to stuck threads @ipv4_nat_bpa_free_port.

Conditions: None.

Workaround: There is no workaround.

  • CSCul48986

Symptom: cpuhog is seen when config lma network

Conditions: config pool ipv4 v4pool3 pfxlen 16

Workaround: There is no workaround.

  • CSCul50470

Symptom: false pool exhaustion with route-map + dynmaic nat

Conditions: atleast two nat mapping are present.

Workaround: There is no workaround.

  • CSCul57003

Symptom: ELC MDR:%MDR-3-RESTART_FAILED: SIP1: mdr_cc_client.sh: Failed.

Conditions: When one of the ELC in disable state.

Workaround: There is no workaround.

  • CSCul65261

Symptom: write bus access failed with fpd upgrade

Conditions: This condition is observed during FPD bundled upgrade

Workaround: There is no workaround.

  • CSCul65858

Symptom: GARP for the NAT-inside-global-address is sent from a non-Active HSRP router.

The problem is seen when one of the redundancy pair is reloaded and the interface comes up.

Because of the behavior, traffic loss is seen on the NAT traffic.

When receiving the GARP, active router shows the duplicate address message like below.

%IP-4-DUPADDR: Duplicate address x.x.x.x on GigabitEthernetx/x/x, sourced by xxxx.xxxx.xxxx

Conditions: None.

Workaround: There is no workaround.

  • CSCul66532

Symptom: Packet state was not initialized. This caused a NULLpointer reference when attempting to initialize the onefw packet state for debug.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCul67817

Symptom: max nat translations with ACL not working.

Conditions: With PAT mapping using ACL nat limit config.

Workaround: There is no workaround.

  • CSCul69572

Symptom: Warning messages observed when we configure 'source-interface loopback 'num' on the NVE interface.

Conditions: Issue observed whenever we configure the souce-interface command on the NVE.

Workaround: There is no workaround.

  • CSCul69967

Symptom: Pending issues in show platform software object-manager fp standby stats

Conditions: None.

Workaround: There is no workaround.

  • CSCul71859

Symptom: TCP checksum failure when virtio driver used on KVM.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCul80669

Symptom: 2KP:%IOSXE-3-PLATFORM: R0/0: kernel: bullseye_i2c_ Error seen on mcp_dev

Conditions: None.

Workaround: There is no workaround.

  • CSCul81116

Symptom: Xunlei-kankan signature needs to be strengthenged.

Conditions: Relevant to routers running NBAR2 protocol pack 4.0(0) and above.

Workaround: There is no workaround.

  • CSCul84718

Symptom: ASR1K MLPPP - " Multilink fastsend reentered " on LNS.

Conditions: None.

Workaround: There is no workaround.

  • CSCul86977

Symptom: CSR1000 - Ubuntu + KVM interface stops responding during throughput test.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCul87051

Symptom: ASR1k running 3.7.2S

Two inside global addresses for the same inside local address.

Sufficient pool to handle one-to-one translations.

Conditions: IPv4 nat - ip nat inside source route-map <route-map> pool <pool> reversible

SIP traffic.

Workaround: There is no workaround.

  • CSCul90950

Symptom: re-commit the image file csr_mgmt_rel.tgz to mcp_dev.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCul93069

Symptom: Multiple Tracebacks are seen.

Conditions: no ip arp inspection.

Workaround: There is no workaround.

  • CSCul97900

Symptom: IPSUB EVSI Create Error counter is incremented post churn test.

Conditions: None.

Workaround: There is no workaround.

  • CSCum03117

Symptom: Verify traffic not flood to fwd vfi when efp and vfi in same BD.

Conditions: traffic flood is wrong with same BD

Workaround: There is no workaround.

  • CSCum03368

Symptom: Multiple Tracebacks are seen.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCum03368

Symptom: CSR1000V crash upon applying policy-map.

Conditions: Normal testing condition.

Workaround: There is no workaround.

  • CSCum09359

Symptom: Few sessions remain stuck in "ack-wait" state after overnight churn test.

Conditions: None.

Workaround: There is no workaround.

  • CSCum12453

Symptom: ASR1K: Prowler SPA: Tail drop of imix traffic and ESP crash.

Conditions: None

Workaround: There is no workaround.

  • CSCum25373

Symptom: Traceback is seen

Conditions: MSRPC regression test (mcp_alg_msrpc.tcl) is run.

Workaround: There is no workaround.

  • CSCum52407

Symptom: $$IGNORE Code changes made to run on non-secureboot ARGUS do not work on Secureboot P2 cards.

Conditions: $$IGNORE modify existing rommon so that same code can be compiled to run on both SB and non-SB cards through a compile-time switch.

Workaround: There is no workaround.

  • CSCum68577

Symptom: UCSE sub-interface configuration not available.

Conditions:

Router# conf t
Enter configuration commands, one per line. End with CNTL/Z.
4451-2013(config)#int ucse 1/0/0.1
% Invalid input detected at '^' marker.
4451-2013(config)#int ucse 1/0/1.1
% Invalid input detected at '^' marker.
4451-2013(config)#
4451-2013(config)#end
4451-2013#
4451-2013#
 

Workaround: There is no workaround.

  • CSCum68727

Symptom: Ulord: Utah & CSR hal_state_reset() called multiple times per packet

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCum73773

Symptom: QFP crash

Conditions: remove ip nat setting mode and run "sh pl hard qfp ac statistics drop".

Workaround: There is no workaround.

  • CSCum78764

Symptom: MTP dependent fix.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCum82701

Symptom: MPE max llength filter.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCum89375

Symptom: Kingpin: no kernel core on Watchdog.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCum91756

Symptom: Ultra: DOD part II performance improvements for 1/2/4vCPU.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCum92033

Symptom: 3.13 nbar version needs update.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCum94365

Symptom: 2KP:%IOSXE-3-PLATFORM: R0/0: kernel: bullseye_i2c_ Error seen on mcp_dev.

Conditions: None.

Workaround: There is no workaround.

  • CSCum99115

Symptom: ELine:Def Encap-Access intf connect to PE goes downon shut service Inst.

Conditions: None.

Workaround: There is no workaround.

  • CSCun01920

Symptom: When configured as VTEP [virtual tunnel end point] -Router stops processing any data. It even fails to establish the OSPF neighbor relationship post the reload.

Conditions: When configured as VTEP [virtual tunnel end point] -Traffic stops on all Ports of the Ethernet Linecard after sometime. The problem also happens with packets going out of the ELC Ports having Multicast MAC address as destination MAC in the Ethernet header.

Workaround: The problem occurs only with ASR1000-6TGE/ASR1000-2T+20X1GE if any of the 1G/10G ports have egress Multicast MAC traffic.

  • CSCun09973

Symptom: esp reloaded when received incorrect l2tp packet.

Conditions: l2tp packet with incorrect udp length.

Workaround: enable the checksum ignore.

  • CSCun15169

Symptom: Tracebacks seen after router reload in scaled PPPoE Environment.

Conditions: None.

Workaround: There is no workaround.

  • CSCun30311

Symptom: 'show platform software status control-processor brief' on ASR1K inserted with ASR1000-6TGE & ASR1000-2T+20X1GE will show the card status as unknown.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCun31122

Symptom: Tracebacks are seen on a debug disable when conditions are set for ATM customers using PPPoE.

Conditions: When using debug conditions together with PPPoE debugs on undebug all the Tracebacks are thrown.

Workaround: Currently no workaorund present since also no visible service impact.

  • CSCun32287

Symptom: The maximum number of ifHCInOctets is 2^64-1 but this counter can decrease before reaching the maximum number.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCun39803

Symptom: Intermittent connectivity loss between hosts at different OTV sites. Pinging from one host to the other more than 8 times restores connectivity for about 8-10 minutes. Packet captures show ARP request broadcasts from a host at one site not being received by the host at the other site for about 7-8s, and then suddenly starting to work.

This problem has a tendency to get worse over time, with more and more hosts being affected over the course of a week or two until connectivity between sites is essentially gone

Conditions: ASR1K running 15.4 or 15.3 code, possibly earlier code, with OTV configured.

Workaround: None on the ASR thus far. Statically configuring ARP entries on the hosts will work.

  • CSCun41391

Symptom: FP crash after the IOS-XE upgrade to 3.11.0S

Conditions: ASR1k router running 3.11.0S

Workaround: There is no workaround.

  • CSCun48024

Symptom: SPA in one of the sub-slots of SIP remain in "inserted state" even after the removal and re-insertion. Also the "insert time" does not get reseted even after removal and re-insertion.

Conditions: The problem is seen when there is rapid insert and removal of SPA in a slot on ASR1000. The image in which problem seen is 15.1(3)S ( XE34) release. The problem is not seen in 15.2(4)S XE37 release.

Workaround: Reload of entire router.

  • CSCun52653

Symptom: RP2:"cpp_cp_svr" core seen on XE311

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCun56801

Symptom: Customer is trying to configure a new router with a 3g hwic integrated. When using command show cell 0 all , message error modem no present, but show inventory found modem PID is 819-3g-v.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCun57777

Symptom: Broadcast Packets are droped after adding EVC config to ASR1002. The issue happens on and before 03.09.02. The issue doesn't happen on and after 03.10.00.

After adding evc config, broadcast packets are droped, L2BDReplicationStart is counted, and replication tree information disappears.

Conditions: on and before 03.09.02.

Workaround: To execute 'no shutdown' under service instance before configuration change.

  • CSCun59468

Symptom: CSR1000v MinTu Drops for 1501 through 1505 Byte Packets.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCun59544

Symptom: ASR1k stops processing new PPPoE sessions, IPoE ISG sessions are not affected.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCun61454

Symptom: entPhysicalFirwareRev and entPhysicalHardwareRev is not correct for ASR1000-6TGE/ASR1000-2T+20X1GE.

Conditions: When ENTITY-MIB is queried through SNMP.

Workaround: There is no workaround.

  • CSCun62047

Symptom: ASR1k: Cleanup tracebacks seen while testing CEoP SPA-24CHT1-CE-ATM.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCun69752

Symptom: multicast packet is not reassembled(VFR) on lisp + getvpn.

Conditions: lisp+getvpn configuration, router receive multicast and fragmented packet.

Workaround: There is no workaround.

  • CSCun75663

Symptom: ASR1K Stanbdby RP remains in init state for about 15 minutes during bootup.

Conditions: Atleast one of the SIP should be in shutdown/disabled state during bootup.

Workaround: There is no workaround.

  • CSCun83572

Symptom: Move the src/dst tmp storage out of the if (frag_info) {} scope.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCun86123

Symptom: ATOM port-mode xconnect is up, but all traffic is under that l2 vc is dropped and statistics under "show mpls l2 vc detail" are zero.

Conditions: On reloading the router mutiple times continuously with traffic on port-mode ATOM vc, at times the VC does not come up.

This issue is seen only on the SPA SPA-2CHT3-CE-ATM.

Workaround: shut/no shut of the controller on which the port-mode ATOM vc is created.

Example:

Bnet-A1(config)#controller
Bnet-A1(config)#controller E3 1/3/0
Bnet-A1(config-controller)#shutdown
Bnet-A1(config-controller)#no shutdown
 
  • CSCun88043

Symptom: Active router crashes in B2B scenariio when standby not syncing.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCun88172

Symptom: Added counters for increased visibility of errors in Cablevision network.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCun88935

Symptom: A log message %IOSXE_SPA-6-UPDOWN: Interface TenGigabitEthernet2/0/0, link down due to local fault is seen while 10G interface is configured for admin down.

Conditions: Seen only for 10G interface.

Workaround: There is no workaround.

  • CSCun89310

Symptom: IPv6 DHCP PD based streams get dropped during RPSO due to IPv6 proc hike.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCun90447

Symptom: For 6PE/6VPE MPLS configurations, FNF will report the BGP neighbor for IPv6 flows in the IPv6 BGP Nexthop field as the IPv4 neighbor address interpreted as an IPv6 Address. For example, an IPv4 BGP nexthop address of 107.0.0.2 will be reported as an IPv6 BGP nexthop address of 6B00:2::.

Conditions: The mis-reporting happens when using an FNF MPLS flow monitor configured with a flow record containing an IPv6 BGP nexthop address field with IPv6 flows through an MPLS core configured as either 6PE or 6VPE.

Workaround: The IPv6 prefix value reported can be re-interpreted as an IPv4 address using the first 32-bits of the IPv6 prefix.

  • CSCun91087

Symptom: O2 router crashes with non-default firmware intermittently.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCun92140

Symptom: QFP memory depletion results after a number of NBAR configurations with the traffic flows.

Conditions: Provision and unprovision NBAR on interfaces a number of times with traffic flows.

Workaround: Wait about 3 minutes after unconfiguring complete NBAR feature.

  • CSCun92199

Symptom: ucode crash with sip traffic.

Conditions: After doing couple of events like redudancy reload multiple times and with SIP traffic.

Workaround: There is no workaround.

  • CSCun92244

Symptom: active router creates binds with same gaddr, gport for >1 lport.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCun96598

Symptom: SNMP query on DS3-MIB objects like dsx3LineLength, dsx3LineStatusLastChange, dsx3LoopbackStatus and dsx3Channelization are showing value 'zero' for SPA-2XT3/E3 card.

Conditions: Testing DS3-MIB objects on 2XT3/E3.

Workaround: There is no workaround.

  • CSCun99798

Symptom: SNMP query on dot3Stats counters are not updating on ASR1000-6TGE card and ASR1000-2T+20X1GE.

Conditions: While testing EtherLike MIB.

Workaround: There is no workaround.

  • CSCuo03834

Symptom: Entity alias mapping and if table entry missing for USB ports in ASR1002-X built-in RP.

Conditions: ASR1002-X running with asr1002x-universalk9.03.08.01.S.153-1.S1.SPA.bin.

Workaround: There is no workaround.

  • CSCuo04629

Symptom: ISSU:XE310 ->XE311:SIP fails to come online after CC/SPA upgrade.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCuo05164

Symptom: Sequence number reuse is disabled with anti-replay disabled.

Conditions: sequence number will not be reused.

Workaround: There is no workaround.

  • CSCuo11149

Symptom: SPA FPD recovery fails for SPA-4XT-Serial on 1RU and 2KP if it is done second time.

FIrst time the recovery works fine, but ig the SPA is corrupted again then it is not recovered.

Conditions: OIR/removal of SPA during FPD upgrade send the SPA into out-of-service state.

You can recover it once. But if it again it went to out-of-service state then recovery doesn't works.

Workaround: Either reload the router or recover the SPA on nightster router.

  • CSCuo11179

Symptom: stby-rp crashing with Process = SSS PM SHIM QOS TIMER during session churn + rp fail-over.

Conditions: Switch over with scale sessions.

Workaround: There is no workaround.

  • CSCuo17427

Symptom: CFM ETHER Failed with EVC local connect on dot1q and untag.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCuo26733

Symptom: CAC compound scope src-adj,dst-adj cannot be configured

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCuo31506

Symptom: Traffic drop in getvpn and lisp scale setup.

Conditions: Traffic is dropped after ipsec flap.

Workaround: There is no workaround.

  • CSCuo31517

Symptom: Autoneg status on copper SFP is always displayed as completed.

Conditions: ASR1k-BUILTIN-2x10GE-20x1GE ports with copper SFP (SFP-GE-T) inserted on 1GE port.

Workaround: There is no workaround.

  • CSCuo31667

Symptom: Badly formed RTP" drop counter increases unexpectedly. This issue is recovered by reloading the SBC.

Conditions: This issue is seen with tele-presence call.

Workaround: Reload the SBC.

  • CSCuo31931

Symptom: Fman-fp crash is seen @ aom_obj_str.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCuo37411

Symptom: ASR1K CPP crashes with stuck thread in ipv4_nat_pat_block_to_front.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCuo37461

Symptom: Tunnel interface QoS may not work after route distance change.

Conditions: This happens when there are multiple tunnel interfaces whose traffic is all tunneled to the same physical interfaces, with multiple routes for each tunnel traffic, where route distance determines the physical interface for the tunnel traffic.

With QoS applied to the tunnel interfaces, when the tunnel traffic route distance is changed to select different physical interface, the QoS on that tunnel interface no longer works, after the change.

Workaround: Change the routes for all tunnels to the same physical interface.

  • CSCuo40409

Symptom: Traceback seen in B2B NAT when redundancy group flaps under heavy traffic load.

Conditions: Heavy Traffic Load, Active Router should go down and preempt its role as Active after it comes up.

Workaround: There is no workaround.

  • CSCuo40653

Symptom: A traceback is seen, which is not really pointing to an error.

Conditions: The tracebacks were seen around ESP-crash.

Workaround: There is no workaround.

  • CSCuo42772

Symptom: The user can't configure erspan session destination port.

Conditions: The user can not configure the erspan destination port when the port index exceed the 9215.

Workaround: Reload system.

  • CSCuo43912

Symptom: SNMP Query on the object dot3StatsFrameTooLongs is showing the count of "0" on ISR4451 platform.

Conditions: While testing EtherLike-MIB.

Workaround: There is no workaround.

  • CSCuo45683

Symptom: tail dropping for PPPoEoA sessions

used HW: SPA-3XOC3-ATM-V2.

Conditions: Wrong behavior or congestion although ATM interface load is clearly below any critical value.

conditions are not clear

Workaround: There is no workaround.

  • CSCuo48252

Symptom: ATM SPA console (ipc-console x x; show log) log errors:

*Mar 27 14:47:27.310: tsp3_setup_egress_ch(SPA ATM1/0 SAR) Error: rc=2013 on line 225SPA ATM1/0 SAR: An error was reported by SAR driver, while executing a command:
 
Description: setup VC command failed, port 1 vpi/vci 19 / 61 [Error code 2013]SPA ATM1/0 SAR: An error was reported by SAR firmware while executing a command:
 
Description: rsy open chan: Channel Descriptor in use [Error code 2]
*Mar 28 05:19:20.230: tsp3_setup_ingress_ch() Error: rc=2024 on line 474SPA ATM1/0 SAR: An error was reported by SAR driver, while executing a command:
 
Description: setup VC command failed, port 2 vpi/vci 13 / 141 [Error code 2024]SPA ATM1/0 SAR: An error was reported by SAR firmware while executing a command:
 
Description: rsy open chan: Channel Descriptor in use [Error code 2]

Conditions: Auto VC feature used; VCs set up / tear down at a high rate.

Workaround: There is no workaround.

  • CSCuo49765

Symptom: There's a mismatch between the power threshold values in the "show hw-module subslot x/y transceiver z idprom detail"outputs and the power threshold values in the SNMP polling results.

Conditions: The router is using CWDM SFP.

Workaround: There is no workaround.

  • CSCuo50995

Symptom: The IP Identification field of packets sent from a ASR1000 acting as an IAP to a Mediation Device/MD always have the value set to zero.

Conditions: This behaviour has been observed on multiple IOS-XE release, including the current latest 3.12S release.

Workaround: Configure the MTU of the IAP, MD and interconnecting devices to avoid fragmentation.

  • CSCuo55610

Symptom: Incomplete kernel core file with filename ending in .TEMP_IN_PROGRESS.

Conditions: Active RP kernel core dump in dual RP2 systems.

Workaround: There is no workaround.

  • CSCuo56920

Symptom: ULTRA XE313: KVM Cloned VM stuck in booting.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCuo58520

Symptom: XE313 : NAT Traceback @cpp_nat_ea_trans_common_cb ; changing NAT POOL.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCuo60225

Symptom: XE313 : ucode crash while changing NAT mode with B2B HA

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCuo61455

Symptom: Crash of ASR1k running IOS-XE 3.10.2S or 3.11.1S with Carrier Grade NAT (CGN) configured.

Conditions: ASR1k running IOS-XE 3.10.2S or 3.11.1S with Carrier Grade NAT (CGN) configured.

Workaround: Disable CGN:

"ip nat settings mode default"

  • CSCuo61782

Symptom: XE313 : PAP address allocation issue.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCuo61810

Symptom: XE313 : Crash @ipv4_nat_bpa_free_bpa while changing PAP limit and BPA

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCuo62650

Symptom: While testing ISSU for xe37_netflow_ipfix and xe37_nbar forwading feature , observing cache entries is missing with netflow feature , and nbar gig interface stats count were not shown with nbar feature after Final ISSU upgrade.

Conditions: Issue is seen in both upgrade and downgrade in 4RU-RP1 platform alone.

Workaround: There is no workaround.

  • CSCuo63083

Symptom: Conditional Policing not working correctly.

Conditions: When a conditionally policed node is moved to a different congestion node, the conditionally policed node is still referencing the previous congestion node, resulting in incorrect conditional policing behavior.

Workaround: There is no workaround.

  • CSCuo63433

Symptom: XE313 : ucode crash @ipv4_nat_cgn_mode_dp_rel_mem B2B + NAT + CGN

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCuo65747

Symptom: When adding a Fair-Queue QoS class to a existing QoS policy on a interface, the Fair Queue policy is not added correctly. This results in other queuing classes on the same policy not getting the expected behavior.

Conditions: If the Fair Queue class is added to a existing policy-map which is attached to one or more interfaces.

Workaround: Problem can be overcome by simply removing and reapplying the service-policy to the interface.

  • CSCuo72654

Symptom: On ASR1k copper port, the interface doesn't bring up when it has fixed configuration if taking the following steps.

Also the interface shows 100Mbps when connecting with a 1000Mbs port.

Conditions: The copper port has the following configuration;

interface GigabitEthernet0/0/5

speed 1000

no negotiation auto

1) Connect with a port with 100M speed,

2) Shutdown the peering interface or disconnect the cable,

3) Connect with 1000M full port and the interface doesn't bring up.

Workaround: Configure negotiation auto and then configure no negotiation auto.

shut/no shut doesn't work.

  • CSCuo75385

Symptom: Multicast Extranet Traffic Drops.

Conditions: During RP switchover.

Workaround: There is no workaround.

  • CSCuo76032

Symptom: The following message appears during session churn under scaleMultiple Tracebacks are seen.

Conditions:

May 8 22:05:37.410: %CPPDRV-4-ADRSPC_LIMIT: F1: cpp_cp: Address space limit 786432 KB reached, mapping block dram_dram size 524288 dynamically, over limit space: 108544 KB
May 8 22:05:43.374: %CPPDRV-4-ADRSPC_LIMIT: F1: cpp_cp: Address space limit 786432 KB reached, mapping block dram_dram size 524288 dynamically, over limit space: 109568 KB
May 9 09:48:15.082: %CPPDRV-4-ADRSPC_LIMIT: F1: cpp_cp: Address space limit 786432 KB reached, mapping block dram_dram size 524288 dynamically, over limit space: 110592 KB
May 9 12:17:23.034: %CPPDRV-4-ADRSPC_LIMIT: F1: cpp_cp: Address space limit 786432 KB reached, mapping block dram_dram size 524288 dynamically, over limit space: 111104 K
 

Scale testing with 27000 ppp session.

Tests are done in repetitive cycles.

Workaround: There is no workaround.

  • CSCuo77017

Symptom: The tcam resource has not released after 32k efp configured and deleted on the asr1001

Conditions: with a clear configuration running 3.13 img,configure 32k efp , check the tcam resource on the asr1k, and delete the efp then check the tcam on the asr1k, will find the resource hs not beem released.

Workaround: Reload the router or FP.

  • CSCuo77698

Symptom: when we tried to change slot of SPA-1X10GE-L-V2.

Following messages can be seen continuously. after that SPA cannot boot up.

Step1:use < hw-module subslot 0/3 shutdown> to power off SPA

Step 2:unplug SPA from slot 0/3/0 then insert it into 0/1/0

*May 12 06:14:30.407: %FPD_MGMT-3-MAJOR_VER_MISMATCH: Major image version mismatch detected with 10GE I/O FPGA (FPD ID=1) for SPA-1X10GE-L-V2 card in subslot 0/1. Image will need to be upgraded from version 0.1292 to at least a minimum version of 1.9. Current HW version = 1.2.
*May 12 06:14:30.408: %FPD_MGMT-5-UPGRADE_ATTEMPT: Attempting to automatically upgrade the FPD image(s) for SPA-1X10GE-L-V2 card in subslot 0/1. Use 'show upgrade fpd progress' command to view the upgrade progress ...
*May 12 06:14:30.456: %FPD_MGMT-6-BUNDLE_DOWNLOAD: Downloading FPD image bundle for SPA-1X10GE-L-V2 card in subslot 0/1 ...
*May 12 06:14:30.555: %FPD_MGMT-6-UPGRADE_TIME: Estimated total FPD image upgrade time for SPA-1X10GE-L-V2 card in subslot 0/1 = 00:00:20.
*May 12 06:14:30.560: %FPD_MGMT-6-UPGRADE_START: 10GE I/O FPGA (FPD ID=1) image upgrade in progress for SPA-1X10GE-L-V2 card in subslot 0/1. Updating to version 1.9. PLEASE DO NOT INTERRUPT DURING THE UPGRADE PROCESS (estimated upgrade completion time = 00:00:20)
 

FPD upgrade in progress on hardware, reload/configuration change

on those hardware is not recommended as it might cause HW programming

failure and result in RMA of the hardware.

*May 12 06:14:31.989: %CMCC-3-PLIM_STATUS: SIP0: cmcc: A PLIM driver informational error SBM1 Signal Err_l detected on SPA I/F, block 3 count 1
*May 12 06:14:45.345: %FPD_MGMT-6-UPGRADE_PASSED: 10GE I/O FPGA (FPD ID=1) image in the SPA-1X10GE-L-V2 card in subslot 0/1 has been successfully updated from version 0.1292 to version 1.9. Upgrading time = 00:00:14.785
*May 12 06:14:45.345: %FPD_MGMT-6-OVERALL_UPGRADE: All the attempts to upgrade the required FPD images have been completed for SPA-1X10GE-L-V2 card in subslot 0/1. Number of successful/failure upgrade(s): 1/0.
*May 12 06:14:45.345: %FPD_MGMT-5-CARD_POWER_CYCLE: SPA-1X10GE-L-V2 card in subslot 0/1 is being power cycled for the FPD image upgrade to take effect.
*May 12 06:14:45.346: %SPA_OIR-6-OFFLINECARD: SPA (SPA-1X10GE-L-V2) offline in subslot 0/1
*May 12 06:14:51.395: %FPD_MGMT-3-MAJOR_VER_MISMATCH: Major image version mismatch detected with 10GE I/O FPGA (FPD ID=1) for SPA-1X10GE-L-V2 card in subslot 0/1. Image will need to be upgraded from version 0.1292 to at least a minimum version of 1.9. Current HW version = 1.2.
*May 12 06:14:51.395: %FPD_MGMT-5-UPGRADE_ATTEMPT: Attempting to automatically upgrade the FPD image(s) for SPA-1X10GE-L-V2 card in subslot 0/1. Use 'show upgrade fpd progress' command to view the upgrade progress ...
*May 12 06:14:51.395: %FPD_MGMT-6-BUNDLE_DOWNLOAD: Downloading FPD image bundle for SPA-1X10GE-L-V2 card in subslot 0/1 ...
*May 12 06:14:51.398: %FPD_MGMT-6-UPGRADE_TIME: Estimated total FPD image upgrade time for SPA-1X10GE-L-V2 card in subslot 0/1 = 00:00:20.
*May 12 06:14:51.403: %FPD_MGMT-6-UPGRADE_START: 10GE I/O FPGA (FPD ID=1) image upgrade in progress for SPA-1X10GE-L-V2 card in subslot 0/1. Updating to version 1.9. PLEASE DO NOT INTERRUPT DURING THE UPGRADE PROCESS (estimated upgrade completion time = 00:00:20)
 

Conditions: This issue can not be reproduced by 100%.

we tried to reproduce it with 3 other slots, the issue cannot be reproduce unless

unplug SPA from slot 0/3/0 then insert it into 0/1/0.

Workaround: change other SPAs.

  • CSCuo80647

Symptom: Grub counters in mfib Transport VRF

Conditions: Scenario 1

ASR1K PE is configured with Multicast Extranet VPN to act as Multicast Source.

Transport VRF is configured with mdt default. Multicast vrf rpf select command is configured to do rpf check from Transport to Source VRF. Whenever we clear mfib Source VRF counters we can see grub numbers in Transport VRF mfib output.

Scenario 2

ASR1K PE is configured with Multicast Extranet VPN to act as Multicast Receiver.

Transport VRF is configured with mdt default. Multicast vrf rpf select command is configured to do rpf check from Receiver VRF to Transport VRF. Whenever we clear mfib Transport VRF counters we can see grub numbers in Receiver VRF mfib output.

Workaround: Clear Counters on Transport VRF.

  • CSCuo80873

Symptom: Crash.

Conditions: In b2b or intra-box redundancy configurations with stateful features (ie NAT, FW, etc) and the ha_build_pkt function starts after processing a virtually reassembled pkt.

Workaround: There is no workaround.

  • CSCuo81949

Symptom: Traceback during churng XE3.13 - %FMANRP_ESS-4-WRNPARAM_U.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCuo85982

Symptom: High RP and ESP utilization and generation of many large (~ 1 MB) logging files with names of the form "cpp_cp_F*".

Conditions: IPv4 multicast packets received on interfaces configured for IP subscriber sessions.

Workaround: There is no workaround.

  • CSCuo88928

Symptom: POE Power bal card not bieng recognised on Greyhound P1A unit.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCuo90646

Symptom: Multiple Citrix ICA tags QOS may not work, showing only one of the ICA Tags configured.

Conditions: Applying more then one Citrix ICA Tags QOS rules.

Workaround: Use 15.2(2)S or 15.4(2)S and above images.

  • CSCuo90700

Symptom: ELC: i2c read/write errors on popinac console logs for Cu/100FX SFPs.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCuo92505

Symptom: Could not create CSR.

Conditions: Create Ultra router using .ova file.

Workaround: There is no workaround.

  • CSCuo94935

Symptom: Router generates BINOS_LOGIN-6-PAMAUTHDENY.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCuo99185

Symptom: Multiple IOS-XE CPP Ucode crashes with IPSec + GRE + MPLS

Conditions: There is no condition.

Workaround: There is no workaround.

Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S

This section contains the following topics:

Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S

This section documents the resolved issues in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S.

  • CSCtk05154

Symptom: Not all dtmf is detected by the receiving endpoint. PCM analysis will show two tones too close together to be detected as two.

Conditions: Dial the same number rapidly. For example 99999999.

Workaround: There is no workaround.

  • CSCue18556

Symptom: There is no RP CLI to dump drop counter due to High Priority Policer.

Conditions: On configuring the High Priority Policer there is no RP CLI to dump drop counters.

Workaround: Using the CC CLI. Caveat: CC CLI show "other system drop" "High Priority Policer drop count"

  • CSCue29595

Symptom: SRTP passthrough for h323 calls failing.

Conditions: h323 calls are failing when both the legs are h323 and its SRTP passthrough.

Workaround: There is no workaround.

  • CSCuf51465

Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S

This section contains the following topics:

Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S

This section documents the resolved issues in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S.

  • CSCtk05154

Symptom: Not all dtmf is detected by the receiving endpoint. PCM analysis will show two tones too close together to be detected as two.

Conditions: Dial the same number rapidly. For example 99999999.

Workaround: There is no workaround.

  • CSCue18556

Symptom: There is no RP CLI to dump drop counter due to High Priority Policer.

Conditions: On configuring the High Priority Policer there is no RP CLI to dump drop counters.

Workaround: Using the CC CLI. Caveat: CC CLI show "other system drop" "High Priority Policer drop count"

  • CSCue29595

Symptom: SRTP passthrough for h323 calls failing.

Conditions: h323 calls are failing when both the legs are h323 and its SRTP passthrough.

Workaround: There is no workaround.

  • CSCuf51465

Symptom: On ASR1000-2T 20GE Linecard, TCAM_VLAN_TABLE_FULL Error is not displayed.

Conditions: when Maximum scale of 48K VLAN already configured and user attempts to add more than 48K VLANS on the card.

Workaround: There is no workaround.

  • CSCug37057

Symptom: RSVP hello stays in "PASSIVE".

Conditions: Ospf send bdb packet error for incomplete adj.

Workaround: There is no workaround.

  • CSCug73829

Symptom: Data Conversion Errors seen while configuration changes at Remote end device.

Conditions: Data Conversion Error & traceback can be seen while doing configuration changes on remote end device.

Workaround: There is no workaround.

  • CSCuh03476

Symptom: Tracebacks seen while configuring APS parameters on a POS link.

Conditions: During normal CLI configurations.

Workaround: There is no workaround.

  • CSCuh72004

Symptom: On the Cisco ASR1000 Series Router, the FPD upgrade on the Fixed Ethernet Line Card (ELC) causes line protocol to stay down on its Interfaces. The Route Processor (RP) card on the router goes out of sync. The line protocol status on ELC-console is shown as 'up'; but, the RP is unaware of this. As per RP, all the 1G ELC interfaces are in 'down' state. 'Shut/no shut' of the affected interfaces interface-config does not resolve the issue.

Conditions: FPD upgrade of the DB-FPGA on the Ethernet Line Card, performed via the router command: "upgrade hw-module subslot <> fpd bundled reload" or "upgrade hw-module subslot <> fpd file <filename> reload" causes the issue.

Workaround: Reload the Ethernet Line Card by either a manual removal/insertion of the line card or via the router command "hw-module slot <> reload" This issue happens because the SPA is reloaded after a successful DB-FPGA(FPD) on a line card. However on ELC, SPA OIR is not supported since since it is just a logical subslot. Hence, after a FPD upgrade, the SPA is left in an undefined state causing line protocol to stay down. To resolve this issue, the card is restarted (slot reloaded). As a result of this fix, after a successful FPD upgrade the user would see the following messages on the RP2 console: *<Date_Time>: FPD MSG HANDLER: upgrade result response from 0/0 received, card type=0x75F, fpd id=0x16, num retries=1, upgrade result=2, upgrade id=8 *<Date_Time>: %FPD_MGMT-6-UPGRADE_PASSED: DB FPGA (FPD ID=22) image in the BUILT-IN-2T 20X1GE card in subslot 0/0 has been successfully updated from version 1.12 to version 1.13. Upgrading time = 00:03:51.518 *<Date_Time>: %FPD_MGMT-6-OVERALL_UPGRADE: All the attempts to upgrade the required FPD images have been completed for BUILT-IN-2T 20X1GE card in subslot 0/0. Number of successful/failure upgrade(s): 1/0. *<Date_Time>: %FPD_MGMT-5-CARD_POWER_CYCLE: BUILT-IN-2T 20X1GE card in subslot 0/0 is being power cycled for the FPD image upgrade to take effect. *<Date_Time>: %SPA_OIR-6-OFFLINECARD: SPA (BUILT-IN-2T 20X1GE) offline in subslot 0/0 *<Date_Time>: %IOSXE_OIR-6-OFFLINECARD: Card (cc) offline in slot 0 *Oct 3 03:40:13.214: %IOSXE_OIR-6-REMSPA: SPA removed from subslot 0/0, interfaces disabled *<Date_Time>: %IOSXE_OIR-6-ONLINECARD: Card (cc) online in slot 0 *<Date_Time>: %CMRP-5-PRERELEASE_HARDWARE: R1/0: cmand: 0 is pre-release hardware *<Date_Time>: %IOSXE_OIR-6-INSSPA: SPA inserted in subslot 0/0 *<Date_Time>: %CMRP-5-PRERELEASE_HARDWARE: R1/0: cmand: 0 is pre-release hardware *<Date_Time>: %IOSXE_OIR-6-REMSPA: SPA removed from subslot 0/0, interfaces disabled *<Date_Time>: %IOSXE_OIR-6-OFFLINECARD: Card (cc) offline in slot 0 *<Date_Time>: %CMRP-5-PRERELEASE_HARDWARE: R1/0: cmand: 0 is pre-release hardware *<Date_Time>: %CMRP-5-PRERELEASE_HARDWARE: R1/0: cmand: 0 is pre-release hardware *<Date_Time>: %IOSXE_OIR-6-ONLINECARD: Card (cc) online in slot 0 *<Date_Time>: %CMRP-5-PRERELEASE_HARDWARE: R1/0: cmand: 0 is pre-release hardware *<Date_Time>: %IOSXE_OIR-6-INSSPA: SPA inserted in subslot 0/0 *<Date_Time>: %LINK-3-UPDOWN: SIP0/0: Interface EOBC0/1, changed state to up *<Date_Time>: %SPA_OIR-6-ONLINECARD: SPA (BUILT-IN-2T 20X1GE) online in subslot 0/0 .

  • CSCui14805

Symptom: Dubious QL-SEC seen on 10M src of MN spa after cable removal and reloadng spa.

Conditions: GPS 10M port connected to Symmetricom device.

Workaround: Remove and re-apply the config to go QL-FAILED state. network-clock input-source 3 External 2/0/0 10m

  • CSCui48145

Symptom: On RP platform, the following multiple messages were observed after redundancy force-switchover:

*Jul 19 19:30:58.303: %CMANRP-6-CMHASTATUS: RP switchover, received fastpath \ becoming active event *Jul 19 00:53:28.384: %IOSXE-3-PLATFORM: R0/0: kernel: physmap-flash.0: Chip not \ ready for buffer write. Xstatus = c4, status = c4
 

This is not observed on ELC platforms. The root cause of the above messages on RP was found to be the following: Some revisions of the P30, P33, and J3 Flash memory devices can hang when an ERASE SUSPEND command is issued following an ERASE RESUME without waiting for the minimum delay time to elapse. The result is that when the ERASE appears to be complete (no bits are toggling), the contents of the Flash memory block on which the ERASE was executing could be inconsistent with the expected values. This causes ERASE operation to fail. This was fixed for RP via CSCub14611. However, the fix did not apply fro ELC platforms since ELC-specific changes use the CISCO_CONFIG_ELC instead of CISCO_CONFIG_MCP. This extends the fix for ELC platforms.

Conditions: Redundancy force-switchover on RP.

Workaround: There is no workaround.

  • CSCui68187

Symptom: ASR1001 may reload while downloading a file to modify running config.

Conditions: This symptom is seen when a tftp server which is uncommon freeware for windows PC is used and not seen when the file transfer is done from unix machines.

Workaround: Not to use the particular tftp server.

  • CSCui70561

Symptom: Low performance for AVC 2.0 on ESP100 setup.

Conditions: There are no known conditions.

Workaround: There is no workaround.

  • CSCui72473

Symptom: When the Traffic is flowing through ATM1xOC3 the rate of flow fluctuates very faster and the counters doesn't match.

sh int atm0/3/0 | i pack

Above command can be used repeatedly to check the rate.

Conditions: The traffic should be flowing through ATM SPA.

Workaround: There is no workaround.

  • CSCui74020

Symptom: After configuring on ASR1k: cdp run ! interface gi0 dp enable ASR1k isn't able to find its CDP neighbor

(e.g. a Switch): ASR1k#show cdp nei Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone, D - Remote, C - CVTA, M - Two-port Mac Relay Device ID Local Intrfce Holdtme Capability Platform Port ID while the switch can find its CDP neigbor(ASR1k): Switch#show cdp nei Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ASR1k Gig 1/0/19 134 R I ASR1006 Gig 0
 

Conditions: CDP enabled globally and on Mgmt Interface.

Workaround: There is no workaround.

  • CSCui76166

Symptom: TTB Rx info not getting updated on one asr1k router serial interfaces - Bident

Conditions: ange of framing type

Workaround: default interface and re-configure OR OIR Bident.

  • CSCui86755

Symptom: Add local GM ACL on the Cisco ASR 1000 Router, and remove it. Adding the ACL and removing it changes the flow priority that does not work on the Cisco ASR 1000 Router.

Conditions: When the ACL is changed on KS or GM.

Workaround: There are 2 workarounds:

1. If the permit ACL is appended to KS ACL, or if the ACL is removed from bottom of KS ACL, then there is no flow priority change, and the issue is not observed there. The limitation with this workaround is that the Group config on KS has only one SA. Also, if Deny ACL is added, some packet drops are observed.

2. Clear the GetVPN registration on the Cisco ASR 1000 Router using the clear crypto gdoi command.

  • CSCui95762

Symptom: EoMPLS performance downgrade.

Conditions: On RP1/ESP10

Workaround: There is no workaround.

  • CSCuj14019

Symptom:%CMRP-3-UDI_AUTH: F0: cmand: Quack Unique Device Identifier authentication failed, show up.on ASR1001.

Conditions: After reloading the box or inserting SFPs.

Workaround: There is no workaround.

  • CSCuj14655

Symptom: Traceback seen while boot up

Conditions: Load latest mcp_dev in 6RU-FP80 system.

Workaround: There is no workaround.

  • CSCuj30033

Symptom: ATM interface - SPA-1XOC3-ATM-V2 - shows counters frozen when interface is shut down.

Conditions: Running traffic over an ATM (SPA-1XOC3-ATM-V2) interface and then shutting down the interface - interface counters remain frozen and do not return to zero.

Workaround: There is no workaround.

  • CSCuj33901

Symptom: ASR1000-RP2's actual ACTV/STBY LED state is incorrect. Although RP2 state is active, STBY LED light up. This issue is seen while using V04 RP2.

Conditions: V04 RP2.

Workaround: Refer to Field Notice FN63704.

  • CSCuj44148

Symptom: CPU hog on "SSS Manager" process.

Conditions: With a rate of 10 CoA/s over a period of 4 hours ISG. Issue can also reproduce with a rate of 40 CoA/s over 1 hour period.

Workaround: CPP to rate limit CoA may help to alleviate the issue. However, if the CoA burst remains for a extended period of time, it may not be possible to avoid. Standby RP Should be up to avoid this issue. Have a look Eng-Note-RCA enclosure for more detail.

  • CSCuj44237

Symptom: With Suite-B configured (i.e. esp-gcm / esp-gmac transform) on a GETVPN Key Server (KS), Group Members (GM) the following error message is generated:

"*** SERIOUS ERROR: OVERLAPPING IV RANGES DETECTED ***"

Error message is generated when the following steps are performed:

GM registers to KS and downloads ACL1

KS configures ACL2 which is a subset of ACL1

KS issues "crypto gdoi ks rekey" & GM receives rekey successfully, downloading ACL2

KS configures the original ACL1 again

KS issues "crypto gdoi ks rekey"

After this, the GM begins to re-register.

Conditions: Suite-B is configured (i.e. esp-gcm / esp-gmac transform) on a GETVPN Key Server (KS) with GM's registered The KS policy ACL is changed from ACL1 to ACL2 (where ACL2 is a subset of ACL1) & a rekey is sent from the KS using "crypto gdoi ks rekey" The KS policy ACL is reset back from ACL2 to ACL1 & a rekey is sent from the KS using "crypto gdoi ks rekey"

Workaround: If a KS policy ACL1 must be changed to ACL2 and then changed back to the original ACL1 while Group Members (GM) have already registered and downloaded GETVPN Suite-B policy (i.e. esp-gcm / esp-gmac transform), do one of the following:

Wait for the TEK's of the original ACL1 to expire after the first rekey before changing back to the original ACL1

Issue "crypto gdoi ks rekey replace-now" instead of "crypto gdoi ks rekey" after changing back to the original ACL1.

If the above two workarounds do not work, issue "clear crypto gdoi" on the GM's with the error or "clear crypto gdoi ks members now" on the KS to reset the entire group.

  • CSCuj45298

Symptom: With the ASR1k packet-trace feature, a packet may be shown as "Consumed Silently" in the packet state, where it really should be forwarded. This is only a problem with the packet trace output, and does not impact the actual forwarding functionality.

Conditions: This can happen when packet-trace is tracing a tunnel encapsulated packet.

Workaround: There is no workaround.

  • CSCuj46984

Symptom: ASR1k FNF not possible to clear normal cache contents.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCuj49523

Symptom: On ASR1000-2T 20GE and ASR1000-6TGE line cards, on interfaces with MAC Loopback, the interface Counters are not updating correctly.

Conditions: After setting the MAC loopback on the interface.

Workaround: There is no workaround.

  • CSCuj50396

Symptom: The flow exporter status becomes inactive.

Conditions: This symptom occurs after an RP switchover while checking flow monitor information.

Workaround: There is no workaround.

  • CSCuj52382

Symptom: MAC acl drops on popinac with isis_frr configs.

Conditions: This symptom is observed when verfiying the isis neighbors.

Workaround: There is no workaround.

  • CSCuj52396

Symptom: In a VPLS Inter-Autonomous System Option B configuration, the virtual

circuits between the Autonomous System Border Router (ASBR) and the PE may

fail to come up.

Conditions: This symptom is observed while initially establishing VCs after the ASBR has reloaded.

Workaround: The clear xconnect exec command can be used to clear

the VCs that are down.

  • CSCuj57479

Symptom: Static Pat entries dont work and do not show up in the show ip nat translations output

Conditions: when using both TCP and UDP port on the physical interface in the static pat config

Workaround: instead of specifying interface x overload, use the ip address of the Interface.

  • CSCuj61598

Symptom: ASR1K cpp_cp_svr crash on ASR1002x or ASR1K using ESP100.

Conditions: This issue has only been see on bundle type interfaces such as MLPPP, MLFR, GEC and possibly ATM if a hierarchical QoS policy is replaced with a flat QoS policy and then a rate change event occurs on the interface (such as removing or adding a link on a bundle type interface). The trigger is the bandwidth change following replacement of the hierarchical QoS policy with a flat QoS policy.

Workaround: If a hierarchical QoS policy is replaced with a flat QoS policy this issue can be avoided by first deleting the bundle interface, adding it back, and then applying the flat QoS policy.

  • CSCuj66067

Symptom: Router running out of memory after an upgrade to 15.3(1)S, 15.3(3)S, 15.4(1)S

Conditions: Huge number of Route server contexts configs in the router. Approximately 700+

Workaround: Reduce the number of Route server contexts. Downgrade the IOS version to 15.2(4)S or lower release

  • CSCuj67593

Symptom: ASR1K:Mac-accounting counters are not updating after MDR on Gigabit Ethernet SPA module.

Conditions: This symptom is observed after completion of Minimal Disruptive Restart (MDR) procedure for a GigE SPA module running XE3.8 or higher release.

Workaround: Reload the SPA slots after the MDR.

  • CSCuj68565

Symptom: ASR1000-2T 20X1GE and ASR1000-6TGE Card status will remain unknown in any slot post insertion in slot4/5 of ASR1013 with ESP40.

Conditions: Sequence of events needed: 1. Insert the ASR1000-2T 20X1GE and ASR1000-6TGE in Slot 4 or 5 of ASR1013 with ESP40 2. Remove the card 3. Insert in any other slot other than slot 4 and 5.

Workaround: Wait for minimum 1 minute before reinserting the card in slot other than 4 and 5 (ie 1 min wait between step 2 and 3 of Condition above)

  • CSCuj71234

Symptom: Tracebacks with the following signature "%QFPOOR-4-LOWRSRC_PERCENT" are seen on the console with negative percentage complaining of resource depletion.

Conditions: These tracebacks are usually seen on a clean-up operation performed on a router i.e manual removal of all configs. But it's not limited to only this operation and could be seen with router configuration as well.

Workaround: There is no workaround.

  • CSCuj71839

Symptom: CLI hang in SBC adjacency sip mode.

Conditions: This symptom is observed when over 2000 sbc sip adjacencies are configured.

Workaround: There is no workaround.

  • CSCuj74513

Symptom: The ha test case about 96k sessions of EoGRE can not support on esp40 currently.It hit the system limitation.

Conditions: When it reaches the upper limit, the router crashes. The exmem not enough is not the root cause of crash, but a trigger event. After analyzing, the traceback was caused by the code defect which was fixed in code diff. The exception handling is not very robust for out of memory.

Workaround: There is no workaround.

  • CSCuj75952

Symptom: ASR1K route processor reloads.

Conditions: ASR1K is being used to terminate PPPoA sessions and Call Admission Control (CAC) has been enabled. The crash occurs during PPPoA session establishment if CAC determines that resources are low and HW assisted CAC needs to be enabled.

Workaround: Disabling Call Admission Control is the only known workaround.

  • CSCuj77998

Symptom: All packets that need to be encrypted may be dropped.

Conditions: This happens when traffic is flowing for a long duration without any rekey when the crypto sequence number overflows

Workaround: Have a shorter rekey interval

  • CSCuj78467

Symptom: Memory leaks are seen on exiting the output of "show perf mon cache"

Conditions: The issue is seen on ASR1006 platform with XE3.11 image

Workaround: Do not exit the output of "show perf mon cache"

  • CSCuj79195

Symptom: ASR router crashes when platform hardware debug is enabled.

Conditions: Platform hardware debug is enabled.

Workaround: There is no workaround.

  • CSCuj79732

Symptom: H323 HA adjustment.

Conditions: H323 HA adjustment.

Workaround: There is no workaround.

  • CSCuj80062

Symptom: Unexpected RP reload in asr1k.

Conditions: Stream of corrupted ATM cells on idle VCC due to SIP hardware failure.

Workaround: There is no workaround.

  • CSCuj81174

Symptom: Show commands for pools are incomplete leading to inability to debug pool related issues in the field

Conditions: This is a NAT related issue and only relevant with dynamic translations involving pools

Workaround: This DDTS is needed in order to view complete pool state

  • CSCuj82468

Symptom: Enabling "debug plat pack drop" and pinging large packets (payload > 1500) may result in a CPP crash.

Conditions: In order to hit this crash, either "debug platform packet-trace drop" or "debug platform packet-trace packet 256 circular" must be configured. The router may then crash if it receives a fragmented packet that it reassembles.

Workaround: Avoid configuring "debug plat packet drop" or circular tracing.

  • CSCuj82693

Symptom: ESPs going offline and remaining in "disconnecting" state for a few minutes, until fman_fp and cppc_cp processes failures.

Conditions: This symptom is observed when %CPPBQS-3-QMOVESTUCK: Fx: cpp_cp: QFP 0 schedule xxx queue move operation is not progressing as expected.

Workaround: There is no workaround.

  • CSCuj82922

Symptom: show platform software ip rp active mfib vrf * summary command fails to display multicast routing table of all VRFs.

Conditions: when global table of ip multicast is not enabled, sometimes not display.

Workaround: show ip vrf detailed xxx to get the vrf index.

  • CSCuj85322

Symptom: show platform hardware qfp active inter if-name gi0/0/4 | i STILE IPV4_INPUT_STILE_LEGACY IPV4_OUTPUT_STILE_LEGACY IPV6_INPUT_STILE_LEGACY IPV6_OUTPUT_STILE_LEGACY

Conditions: Configured: policy in, policy out and PD on interface. After removing policies and PD from interface, I see FIAs of STILE still bound to interface.

Workaround: Configure "ip nbar protocol-dicovery" and "no ip nbar protocol-dicovery" on any interface

  • CSCuj85408

Symptom: For VPLS mstp test Bpdus are not receiving.

Conditions: This symptom is observed when packet drops are seen.

Workaround: There is no workaround.

  • CSCuj85993

Symptom: A Cisco ASR1006 (RP2) running Cisco IOS-XE Version: 03.07.04.S (asr1000rp2-adventerprisek9.03.07.04.S.152-4.S4) will crash after a recent High Availability (HA) fail-over event.

Conditions: High Availability (HA) fail-over is implemented with RP2 on the Cisco ASR. When a fail-over is initiated to the active RP2 module (for example by removing the active RP2 module), the ASR fails over fine, but once a hold resume is initiated on an existing call (that was preserved from the fail-over), the ASR reboots.

Workaround: The crash is not observed on IOS-XE version 03.07.03.S

  • CSCuj86393

Symptom: cpp_cp process crashes on ESP100, ESP100 or ASR1002-X.

Conditions: Bring up 4k PPPoLNS sessions. Tear-down large number of sessions (eg. >3k) by performing "shut" on individual Dialer interfaces one-by-one on CPE.

Workaround: There is no workaround.

  • CSCuj88292

Symptom: Once you reboot router with XE3.11 BFD is getting disabled.

Conditions: BFD session showing down

Workaround: Remove interface BFD config and reapply it.

  • CSCuj91680

Symptom: ESP crashes running 3.9.1 when NAT enabled.

Conditions: NAT must be enabled.

Workaround: There is no workaround.

  • CSCuj92006

Symptom: memory leak when remove class map.

Conditions: remove last class class-default.

Workaround: remove policy-map directly.

  • CSCuj92836

Symptom: The described issue is an XE only issue that impacts several AVC fields.

Fields list: Field Export id Introduced in RLS Fix RLS connection sum-duration 279 3.4 3.10.2, 3.11.1 connection new-connections 278 3.4 3.10.2, 3.11.1 connection client counter bytes network long 41106 3.9 3.10.2, 3.11.1 connection server counter bytes network long 41105 3.9 3.10.2, 3.11.1 policy qos queue drops 42129 3.9 3.10.2, 3.11.1
 

These fields show incorrect value. Problem cause: When cache record is reused, these fields are not cleared. Since they are accumulative fields, they report constantly increasing values. Full fix for this issue is clearing these fields using general FNF mechanism that does it. Since this fix has ISSU impact, we will do it in 3.12. In 3.10.2 and 3.11.1 we will provide a partial fix that clears these fields differently.

Conditions: There are no known conditions.

Workaround: There is no workaround.

  • CSCuj94188

Symptom: Unaccounted drops in Ethernet Line card for Multicast traffic.

Conditions: When Multicast traffic is sent more than the ESP performance limit, due to ingress back pressure from ESP causes overruns in the Line card but these drops are not showed in the overruns

Workaround: There is no workaround.

  • CSCuj95903

Symptom: When executing Mediatrace poll from CLI, the following message is displayed:

Escape sequence received. Aborting poll...

However, no escape sequence has been sent.

Conditions: On the Mediatrace poll command, no timeout parameter is specified.

Workaround: Specify a timeout on the Mediatrace poll CLI:

mediatrace poll timeout 60 path-specifier name name perf-monitor profile name

  • CSCuj96123

Symptom: ASR1000 crashed with following log in crashinfo file:

UNIX-EXT-SIGNAL: Segmentation fault(11), Process = SBC main process

Conditions: the ASR1000 router is the standby router in CUBE-SP setup.

Workaround: There is no workaround.

  • CSCuj99471

Symptom: Attempting to configure a xconnect may fail and display the following

error message:

% Invalid i/f handle 0
 

Conditions: This symptom is observed when the peer address or VC ID of an existing

xconnect is configured to a new value, then the xconnect is removed and

reconfigured with the original values.

Workaround: Completely unconfigure the existing xconnect before configuring with a new

peer address or VC ID.

  • CSCul00007

Symptom: Files cannot be downloaded via the management interface via FTP/HTTP/SCP. This can include firmware files, configuration files, or license files.

Conditions: This symptom occurs on using the management interface on a Cisco ASR 1000 or ISR 4450-X router.

Workaround: There are two workarounds for this issue.

1. Use an interface other than the management interface to download the file or use a protocol that does not use TCP as the session transport such as TFTP.

2. Set the IP_ADDRESS rommon variable to the IP address of the management interface.

  • CSCul00709

Symptom: Cisco IOS XE Cisco Packet Processor (CPP) crashes on a device configured with MPLS IP.

Conditions: Device configured with mpls ip

Workaround: There is no workaround.

  • CSCul02534

Symptom: Voltage Drop observed while issuing nominal to nominal command.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCul03067

Symptom: Tunnel interface QoS tail drop counter reported at physical interface. Service policy is applied on the tunnel 5432. --Drops are seen on the output of "show policy-map tunnel 5432" --Drops are seen on the physical interface over which the tunnel is built. --NO drops are seen on the Tunnel interface. --From the output below OQD is "0" for the tunnel interface.

BGL.Q.20-ASR1K-1# show platform hardware qfp active statistics drop ------------------------------------------------------------------------- Global Drop Stats Packets Octets ------------------------------------------------------------------------- TailDrop 753351 63281484 BGL.Q.20-ASR1K-1#show inter summary <snip> Interface IHQ IQD OHQ OQD RXBS RXPS TXBS TXPS TRTL ----------------------------------------------------------------------------------------------------------------- * GigabitEthernet0/0/1 0 0 0 753351 0 0 735000 1094 0 * GigabitEthernet0/0/2 0 0 0 0 8648000 18016 0 0 0 * Tunnel5432 0 0 0 0 0 0 12697000 22674 0
 

Conditions: When packets are dropped on a tunnel interface, the output of: - show platform hardware qfp act interface all statistics drop_summary - show interface summary would only show the dropped packets against the phsyical interface, which made it difficult to determine which tunnel the packets were being dropped on.

Workaround: There is no workaround.

  • CSCul04033

Symptom: LDP stays down over Multilink when connecting to Juniper router.

Conditions: Issue notice with latest IOS as same setup was working with 15.0(1)S1(3.1S) and earlier release.

Workaround: There is no workaround.

  • CSCul06361

Symptom: When subscriber session is created with 'ip subscriber interface' on subinterface in shutdown state, after bringing the subinterface up, the 'out' pkt counters are not increasing. Subscriber does not have IP connectivity, since traffic is going only in one direction.

Conditions: ASR1k ISG running IOS XE 3.7.4.S (15.2(4).S4), with 'ip subscriber interface' created from subinterface in shutdown state.

Workaround: Clearing subscriber session when subinterface is up/up will re-establish session with connectivity restored.

  • CSCul06398

Symptom: Reach max CPU utilization when rate is much below 500K CPS.

Conditions: Do 500K CPS rate performance test on ESP80.

Workaround: There is no workaround.

  • CSCul06682
Symptom: Ixia1°™asr1k1---asr1k2---ixia2
Ixia1 sends 10000pps traffic to ixia2
ixia2 sends 10000pps traffic to ixia1
only normal ip traffic, without labal... and there is no packet lost
the qfp datapath utilization input and output should 20000
but the utilization summary displayed abnormal
asr1k1
shmcp-1013-1#sho platform hardware qfp active datapath utilization summary
CPP 0: 5 secs 1 min 5 min 60 min
Input: Total (pps) 10000 10000 10000 8015
(bps) 27235992 27239832 27234912 21826272
Output: Total (pps) 10009 10004 10004 8022
(bps) 26757256 26739616 26739560 21434288
Processing: Load (pct) 0 0 0 0
shmcp-1013-1#sho platform
Chassis type: ASR1013
 
Slot Type State Insert time (ago)
--------- ------------------- --------------------- -----------------
0 ASR1000-2T+20X1GE unknown 00:42:52
1 ASR1000-2T+20X1GE unknown 00:42:52
2 ASR1000-SIP40 ok 00:42:52
2/0 SPA-1X10GE-L-V2 ok 00:40:50
2/1 SPA-1X10GE-WL-V2 ok 00:40:50
2/2 SPA-1X10GE-L-V2 ok 00:40:50
2/3 SPA-1X10GE-L-V2 ok 00:40:50
3 ASR1000-SIP40 ok 00:42:52
3/0 SPA-1X10GE-L-V2 ok 00:40:50
3/1 SPA-1X10GE-L-V2 ok 00:40:50
3/3 SPA-1X10GE-L-V2 ok 00:40:50
4 ASR1000-SIP40 ok 00:42:52
4/0 SPA-1X10GE-L-V2 ok 00:40:50
4/1 SPA-1X10GE-WL-V2 ok 00:40:50
5 ASR1000-SIP10 unknown 00:42:52
R0 ASR1000-RP2 ok, standby 00:42:52
R1 ASR1000-RP2 ok, active 00:42:52
F0 ASR1000-ESP80 ok, active 00:42:52
P0 ASR1013/06-PWR-AC ps, fail 00:41:42
P1 ASR1013/06-PWR-AC ok 00:41:42
P2 ASR1013/06-PWR-AC ok 00:41:41
P3 ASR1013/06-PWR-AC ps, fail 00:41:41
 
Slot CPLD Version Firmware Version
--------- ------------------- ---------------------------------------
0 N/A N/A
1 N/A N/A
2 00200800 15.3(3r)S
3 00200800 15.3(3r)S
4 00200800 15.3(3r)S
5 N/A N/A
R0 10021901 15.3(3r)S
R1 10021901 15.3(3r)S
F0 11100400 12.2(20111018:223207) [gschnorr-mcp_...
shmcp-1013-1#shdrop
Global Drop Stats Packets Octets
----------------------------------------------------------------
The Global drop stats were all zero
shmcp-1013-1#sho version
Cisco IOS XE Software, Version BLD_V154_1_S_XE311_THROTTLE_LATEST_20131015_120615-std
Cisco IOS Software, ASR1000 Software (X86_64_LINUX_IOSD-ADVENTERPRISEK9-M), Experimental Version 15.4(20131015:142745) [v154_1_s_xe311_throttle-BLD-BLD_V154_1_S_XE311_THROTTLE_LATEST_20131015_120615-ios 174]
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Tue 15-Oct-13 10:03 by mcpre
Asr1k2
shmcp-4ru-2#sho platform
Chassis type: ASR1004
 
Slot Type State Insert time (ago)
--------- ------------------- --------------------- -----------------
0 ASR1000-SIP40 ok 11:46:44
0/0 SPA-1X10GE-L-V2 ok 11:43:54
0/1 SPA-1X10GE-L-V2 ok 11:43:54
1 ASR1000-SIP40 ok 11:46:44
1/0 SPA-1X10GE-L-V2 ok 11:43:54
1/1 SPA-1X10GE-L-V2 ok 11:43:54
R0 ASR1000-RP2 ok, active 11:46:44
F0 ASR1000-ESP80 ok, active 11:46:44
P0 Unknown ps, fail never
P1 ASR1004-PWR-AC ok 11:45:33
 
Slot CPLD Version Firmware Version
--------- ------------------- ---------------------------------------
0 00200800 15.3(3r)S
1 00200800 15.3(3r)S
R0 10021901 15.3(3r)S
F0 11100400 12.2(20111018:223207) [gschnorr-mcp_...
 
shmcp-4ru-2#sh platform hardware qfp active datapath utilization summary
CPP 0: 5 secs 1 min 5 min 60 min
Input: Total (pps) 10000 10000 10000 8136
(bps) 27127392 27040272 27050560 22108000
Output: Total (pps) 7 3 3 3
(bps) 34520 17416 17376 15704
Processing: Load (pct) 0 0 0 0
 
shmcp-4ru-2#shdrop
Global Drop Stats Packets Octets
----------------------------------------------------------------
The Global drop stats were all zero
 

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCul07210

Symptom: ASR1000-2T 20x1GE and ASR1000-6TGE cards can go into reload with certain combinations QinQ scale config.

Conditions: Card reload with scale config.

Workaround: There is no workaround.

  • CSCul07295

Symptom: With L2TPv2, the LNS uses an incorrect mtu of 1464 bytes instead of 1460 bytes on Virtual-Access Interface.

This can cause large packets to be blackholed or post-encapsulation fragmentation.

Conditions: This problem occurs with "ip mtu adjust" under the vdpn-group.

Workaround: Instead of using "ip mtu adjust" under the vpdn-group, set the mtu manually under the virtual template interface.

  • CSCul08311

Symptom: SIP ALG will drop NAT traffic.

Conditions: In a case, FQDN instead of IP address is included in the "c=" line of SDP in the 200 OK response, and SIP ALG will drop this message.

Workaround: Turn off SIP ALG if SIP server (VCS) can support NAT traversal by itself. Another way is to let VCS fill IP address instead of FQDN in the "c=" line of SDP if possible.

  • CSCul11961

Symptom: ISSU xe311->xe312: Stadby FP not coming up after runversion

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCul15444

Symptom: While testing ISSU from xe311<->mcp_dev(super-pkg) with security features, observing fman_fp crash followed by cpp-mcplo-ucode is seen.

Conditions: Issue is seen after issu runversion.

Workaround: There is no workaround.

  • CSCul16541

Symptom: cpp_cp_svr crash with model F QoS and multiple PPPoEoA/PPPoA VCs on one or more ATM PVPs.

Conditions: While bringing up multiple PPPoEoA/PPPoA sessions with model F QoS on one or more ATM PVPs.

Workaround: There is no workaround.

  • CSCul18227

Symptom: A prefix containing the PMSI tunnel attribute (RFC 6513/6514) has the flags portion of the attribute cleared even though the sending peer had set them (the "leaf required" flag is turned into "leaf no required").

Conditions: This occurs upon receiving an MVPN prefix (RFC 6513/6514).

Workaround: There is no workaround.

  • CSCul18806

Symptom: ELC MDR: Reconcile failed for int_num 0x1505F000 bitmap 0x00001E7F.

Conditions: Observed during one-shot consolidated MDR.

Workaround: There is no workaround.

  • CSCul21158

Symptom: ESP crashes for IOS-XE based platforms.

Conditions: Crash may occur when executing the CLI command: show platform hardware qfp active infrastructure exmem map.

Workaround: There is no workaround.

  • CSCul22381

Symptom: Unexpected tracebacks occur randomly at a very slow rate (i.e. once per day or even less). Normal processing will continue.

Conditions: This issue is specific to ESP100, ESP200 or ASR1002-VE.

Workaround: There is no workaround.

  • CSCul24332

Symptom:

000080: *Nov 5 06:20:08.231 UTC: %OCE-3-MISSING_HANDLER_FOR_SW_OBJ_TYPE: Missing handler for 'non choice oce get next' function for type Loadbalance
-Traceback= 1#fa53c8e50eb34ad6b14c6e73742aa633 :400000+8D10D1 :400000+33C98B4 :400000+441693F :400000+6CEEAC2 :400000+33E118C :400000+33ADE6F :400000+3355C80 :400000+335590D :400000+33A9B82 :400000+33A9299 :400000+33AF9C9 :400000+33AF82F :400000+34A0183 :400000+349FF99 :400000+346EE86 :400000+1622694
 

Conditions: in vrf Mgmt-intf, there are 8 prefixes referring to same adjacency.

Workaround: There is no workaround.

  • CSCul25109

Symptom: AVC: Templates are not exported right after reload with RP1.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCul25833

Symptom: Issue with Dual Collector FNFV9 in ASR 1002x only one collector is collecting and the second one is not.

Conditions: under flow-monitor provisioning.

Workaround: Apply each flow monitor with a gap of 5secs. However, this will be customer impacting since many if this is controlled by scripts.

  • CSCul26686

Symptom: Scaled vlan qinq config on SPA. If the TCAM of SPA becomes full and more qinq vlan is configured then TCAM_VLAN_TABLE_FULL message is not displayed.

Conditions: TCAM is full.

Workaround: For verification whether a new entry has been added or not, check for TCAM entry using CLI on SPA console.

  • CSCul27037

Symptom: WebAuth sessions contain duplicate L cookies in accounting and interim watchdog aaa updates

RADIUS: Vendor, Cisco [26] 125
RADIUS: ssg-account-info [250] 119 "L,LoginType=LT1,LocationId=LID1,AccessLinkId=AID1,DeviceManufacturer=DM1,DeviceBrowser=DB1,DeviceOS=DOS1,WebProxy=WS1".
 

Conditions: If an enduser authenticates via a Portal-Page, the ISG (ASR1k) will send out duplicate L cookies to the Radius server.

Workaround: There is no workaround.

  • CSCul27083

Symptom: Ucode crash seen.

Conditions: Ucode crash seen while doing RP switchover with 1000 ipv6_ipsec tunnels and acls with traffic.

Workaround: There is no workaround.

  • CSCul31100

Symptom: COS markings not seen Proper on the dot1q interface.

Conditions: The issue will be seen if met any of following conditions:

1. Crypto-Map implemented in Transport mode implemented on Tunnel.

2. Fragment happened in data plane on the dot1q interface.

Workaround: Remove Encryption from the Tunnel or downgrade IOS to 15.0(1)S3 if the issue is happened with IPSec but no fragment; No workaround if the issue is happened with big enough packet(need fragment);

  • CSCul31192

Symptom: ESP may crash @ipv4_nat_alg_prune_sd.

Conditions: seen with SIP traffic.

Workaround: There is no workaround.

  • CSCul34313

Symptom: Active FP crash on removing nat mapping.

Conditions: Dynamic acl using route-map.

Workaround: There is no workaround.

  • CSCul34776

Symptom: After ISSU process AOR and dependent fields are not working. Also, sampler granularity may be different from the configured.

Conditions: Happens sometimes.

Workaround: Remove AVC configuration and apply it again after the ISSU process is finished.

  • CSCul35389

Symptom: Following error messages re observed with SPA reload

==================================================================
Nov 26 2013 15:14:31.496 EST: %SERVICES-3-NORESOLVE_ACTIVE: SIP0: mcpcc-lc-ms: Error resolving active FRU: BINOS_FRU_RP
Nov 27 2013 17:31:42.464 EST: %SERVICES-3-NORESOLVE_ACTIVE: SIP0: mcpcc-lc-ms: Error resolving active FRU: BINOS_FRU_RP
 

The process mcpcc-lc-ms is held down and the SIP is reloaded.

Conditions: Error are observed when SPA is reloaded.

Workaround: There is no workaround.

  • CSCul38081

Symptom: In a scaled environment, when a preferred path configuration is removed and is followed by a RP switchover the pseudowire interfaces goes down. The psudowire interface comes up if we add the preferred path or just remove and add the neighbor statement.

Conditions: This symptom is not observed under any specific conditions.

Workaround: There is no workaround.

  • CSCul43587

Symptom: ucode crash.

Conditions: on removing at cgn mode.

Workaround: There is no workaround.

  • CSCul47135

Symptom: On Cisco ASR 1000 routers, services are not removed or applied from the active subscriber sessions when CoA is sent from the radius server. The router sends wrong values in response to the CoA request packet.

Conditions: This symptom occurs when 15.2(20130918:081157) is run.

Workaround: There is no workaround.

  • CSCul48822

Symptom: While provisioning an ISG IP Subscriber session it is possible to leak an ESS segment chunk (IOSXE ESS SEG).

Conditions: The memory leak may occur when there is an error provisioning an ISG IP subscriber session.

Workaround: There is no workaround.

  • CSCul48865

Symptom: Some static vrf nat entries which are stored in the startup-config don't appear in the show running.

Conditions: After reloading the router.

Workaround: N/A. Once hitting the symptom, reconfigure those nat entries.

  • CSCul50570

Symptom: Ucode crash followed by cpp crash while scaling to 500 MLPoA bundles PTA.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCul51296

Symptom: Connections timed out after RP switchover.

Conditions: The symptom is observed when connection reset after RP switchover. Not able to establish new connections.

Workaround:Re-enable Service Context. Problem happens in about 1 in 10 RP switchover on ESP20. This had not been with other ESP so far.

  • CSCul54111

Symptom: This issue causes the ESP to crash while applying QoS Model F. The issue occurs with both small and scaling configuration. The problem occurs all ESPs including ISR and CSRs.

Conditions: The problem occurs with both small and large configurations. It is timing related as it occurs after running asynchronously in which case the code executes the deferral path which was not clear the event processing flags upon completion. When these flags are not cleared, the code treats the condition as fatal; hence the ESP crash.

While Model F is understood to be impacted by this problem it is conceivable this issue could occur with any configuration where the target interface handle for the policy is different from the parent interface handle, e.g. vlan queue on a GE interface.

Model F Sample Configuration:

policy-map grandparent
class class-default
shape average 10000000
 
class-map match-all p0
match precedence 0
class-map match-all p1
match precedence 1
class-map match-all p2
match precedence 2
 
policy-map child
class p0
priority
police cir 2000000
class p1
bandwidth remaining ratio 10
class class-default
bandwidth remaining ratio 1
 
policy-map parent
class class-default
shape average 10000000
bandwidth remaining ratio 1
service-policy child
 
interface GigabitEthernet0/0/0.4
encapsulation dot1Q 2
service-policy output grandparent
 

The parent policy would typically be applied on a session on the vlan. The issue would typicall occur when the grandparent policy is processed on ESP.

Workaround: There is no workaround.

  • CSCul55038

Symptom: In mpls-vpn scenario, when the size of packet coming from core network is bigger than mtu set on CE facing interface, the expected ICMPv6 TOO_BIG fail to return.

Conditions: The symptom is observed when 1. packet is bigger than mtu on CE facing interface. 2. the packet comes from core mpls network and try to go through CE facing interface. 3. the issue is found on PE in mpls-vpn scenario.

Workaround: Enable IPv6 on core facing interface, which is receiving the mpls packet to CE.

  • CSCul55180

Symptom: Crash @ fmanrp_fnf_monitor_update seen on ASR1K - RP1 setup after reload.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCul58940

Symptom: Consumed packets may be incorrectly traced when drop tracing is enabled.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCul60101

Symptom: Possible tail drops at lower than expected data rate on an interface following a interface rate change.

Conditions: When the data rate of a interface is increased, the recalculated default queue queue-limit was not always applied. This problem only occurs on data rate increases, updated queue-limit is applied correctly if the data rate is reduced. This issue is mainly applicable to interfaces with no output QoS queuing policy applied.

In addition this issue is specific to interfaces where the bandwidth can change dynamically such as MLPPP, MLFR, and Aggregate GEC interfaces as links are dynamically added and removed from the bundle interface. Can also occur with other interface types such as ATM PVCs, Serial, and ethernet should the user reconfigure the interface data rate.

Workaround: For interfaces where the user can configure the interface speed, if possible configure a higher interface data rate and then reconfigure with the intended lower interface data rate. For interfaces types whose data rate can be changed dynamically (i.e. bundle type interfaces).

  • CSCul61683

Symptom: Error messages similar to below may be displayed on the console due to stale stats usage:

SCOOBY-5-SERIAL_BRIDGE_EVENT_RATE:<Any_Message_Here>
 

Conditions: There are no known conditions.

Workaround: There is no workaround.

  • CSCul64097

Symptom: ZBFW SYN cookie counter shows positive number although the real number of half open sessions have dropped to zero. Since the counter is used to trigger SYN cookie once it is over the configured limit, this is causing the SYN cookie protection to always kick in regardless of the real situation, which drags down the network performance.

Conditions: SYN cookie feature needs to be configured, and it is configured to protect per VRF or global number of half open sessions. The counter error only happens under some race condition which needs particular and supposedly high traffic load to trigger.

Workaround: Disable the SYN cookie. The counter problem only happens under certain corner case. When the counter goes wrong, the SYN cookie protection logic could be triggered erroneously.

  • CSCul64664

Symptom: After VC goes down, the packets are received on xconnect interface are leaked.

Conditions: This symptom is observed when VC goes down -Unicast packet with TTL>=2 are received on that xconnect interface -When having the route for the destination of the unicast packets.

Workaround: Remove the route from the routing table -apply an ACL to deny these leaked packets.

  • CSCul67310

Symptom: ASR1K microde crash with either of the following errors

SOR_CSR32_SOR_ERR_LEAF_INT__INT_SOR_OPF_GRANT_PTCL_UVF OPF_CSR32_OPF_LOGIC_ERR_LEAF_INT__INT_START_OF_BURST_MARKER_ERR
 

Conditions: This issue ONLY affects on ASR1002x and ASR1K RP2/ESP100 based platforms running 15.2(4)S, 15.3(1)S, 15.3(2)S, 15.3(3)S, and 15.4(1)S based images. This issue can occur on platforms with scaled sub-interface or broadband session configurations when the number of sub-interfaces or sessions on a interface is reduced from > 4000 to less than 4000 and moderate to heavy traffic flow is occurring at the time that the sub-interface or session count is reduced. If the the ASR1K is operating below this threshold or above this threshold this issue is not seen.

Workaround: There is no workaround.

  • CSCul68308

Symptom: CPUHOGs will be observed on the system.

Conditions: When Ethernet line card is configured scaled QinQ configuration with inner vlan as a range with and without custom classification configuration, during Reload of linecard or Shut & no Shut of interface causes CPUHOG on the Linecard.

Workaround: Instead of using single sub interface with Range of inner vlan, divide this inner vlan into multiple ranges and configure multiple subinterfaces on the same interface.

  • CSCul68429

Symptom: FP crash while testing PPoE sessions.

Conditions: Applying nat settings to CGN mode.

Workaround: There is no workaround.

  • CSCul70378

Symptom: .Ping from peer PE with packet more than 9216 bytes over MPLSomGRE tunnel, 1002X kinpin crash.

Conditions:

1. only kinpin crash; ping from kinpin, 1002F no crash;

2. if both PES(1002X and 1002F) are running MCP latest image, no crash;

3. crash only when kinpin running MCP lastest image, the peer PE 1002F running old image(perhaps the image before 1029, without fix of CSCui64579);

4. two PEs are connected directly(no switch), and jumbo MTU is enabled on core faced interface;

5. ping packet size more than 9216 over MPLSomGRE tunnel from peer PE;

Workaround:

1. use asr1k for both PE, and running latest image;

2. or, do not enable jumbo MTU on core faced interface;

3. or, do not ping packet size over 9216 from PE to peer PE;

  • CSCul70833

Symptom: Byte-based queue-limit does not work correctly when fair-queue is configured.

Conditions: -Using fair-queue feature simultaneously. The issue can happen on ASR1k. The issue is found on 15.3(3)S.

Workaround: Use packet-based queue-limit instead of byte-based queue-limit.

  • CSCul71193

Symptom: counter is wrong.

Conditions: RAU traffic.

Workaround: There is no workaround.

  • CSCul80160

Symptom: Ucode crash while disabling flow entry.

Conditions: With nat outside mapping.

Workaround: There is no workaround.

  • CSCul81725

Symptom: cpp_cp_svr on ESP crashes.

Conditions: When configuring MLPoEoPTA, the control plane events generated to the data plane cause the data plane to crash if the events are generated in a certain order. This is highly dependent upon timing between the control plane and data plane.

Workaround: There is no workaround.

  • CSCul81777

Symptom: On an ASR1000 series router, the ESP can crash when packet trace is enabled.

Conditions: Conditional debug and packet-trace is enabled.

Workaround: There is no workaround.

  • CSCul83097

Symptom: "dot1q tunneling ethertype 0x88A8" CLI will work for port-channel, which crashes FP. This CLI is not supposed to work for port-channel on ASR1k.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCul83474

Symptom: ESP crash.

Conditions: This symptom is observed when executing "no ip cef load-sharing algorithm include-ports destination" with high throughput about 10Gbps.

Workaround: There is no workaround.

  • CSCul86211

Symptom: When LNS power-offs while the sessions keep on establishing at LAC, LAC finds the l2tp db memory exhausted after sometime. Due to this it failed to update the session in DB and during this period crash is observed.

Conditions: Crash is observed when LAC tries to add l2tp session in DB and failed to do so. In order to handle this error condition LAC frees the l2tp and l2x session twice. This double free is the reason for crash.

Workaround: There is no workaround.

  • CSCul93292

Symptom: Ucode crash with alg traffic when there is flow passing through physical interface with nat configuration vasi interface with nat configuration in the same box.

Conditions: Ucode crash with alg traffic.

Workaround: Disable all the algs

  • CSCul93523

Symptom: CPP 0 failure Stuck Thread(s) detected

Conditions: Setting up about 2.2kps traffic with both nat/non-nat packets.

Workaround: There is no workaround.

  • CSCul94622

Symptom:On an ASR router with ct3 SPA, Malloc Failures and SPA F/W download failures are seen.

Conditions: SPA should have many channels configured (> 50 % of its max capacity) and SPA soft reload is done.

Workaround: There is no workaround.

  • CSCul96767

Symptom: Add IPSLA dataplane timestamping support

Conditions: On Nightster.

Workaround: There is no workaround.

  • CSCul98774

Symptom: ASR1K DSP MIB "cdspCardObjects" are not working after the RP2 switchover happens for various reasons.

Conditions: When RP switch over happens.

Workaround: workaround is to do a hw-module stop/start on the SPA-DSP cards.

  • CSCul99801

Symptom: Following tracebacks may be seen:

002529: Nov 28 10:53:45.898 UTC: L2TP-3-ILLEGAL _____:_____:________:
ERROR: L2TP session, no L2X
-Traceback= 1#fa53c8e50eb34ad6b14c6e73742aa633 :400000+8D10D1
:400000+36F9F5C :400000+36F9D22 :400000+36F9AFA :400000+371DAF0
:400000+3721419 :400000+370EFE7 :400000+370EF7B :400000+3713909
:400000+3713639 :400000+3714FC5 :400000+37165DF :400000+3717003
:400000+3717F11 :400000+3714CF3 :400000+36FAEB4
002530: Nov 28 10:53:45.900 UTC: L2TP-3-ILLEGAL _____:_____:________:
ERROR: L2TP session, no L2X
-Traceback= 1#fa53c8e50eb34ad6b14c6e73742aa633 :400000+8D10D1
:400000+36F9F5C :400000+36F9D22 :400000+36F9AFA :400000+371DAF0
:400000+371ED59 :400000+3720AFE :400000+370EF94 :400000+3713909
:400000+3713639 :400000+3714FC5 :400000+37165DF :400000+3717003
:400000+3717F11 :400000+3714CF3 :400000+36FAEB4
002531: Nov 28 10:53:45.902 UTC: L2TP-3-ILLEGAL _____:_____:________:
ERROR: unexpected
-Traceback= 1#fa53c8e50eb34ad6b14c6e73742aa633 :400000+8D10D1
:400000+36F9F5C :400000+36F9D22 :400000+36F9AFA :400000+3720B2B
:400000+370EF94 :400000+3713909 :400000+3713639 :400000+3714FC5
:400000+37165DF :400000+3717003 :400000+3717F11 :400000+3714CF3
:400000+36FAEB4 :400000+3714E83 :400000+3716B29

 

Root cause is L2TP sessions being torn down at the moment the session is being renegotiated.

This is a very corner case and should remain very rare.

Tracebacks are harmless in this case. (As the L2TP session was being torn down anyway)

Conditions: * Seen on IOS XE 3.10.1

Workaround: There is no workaround.

  • CSCum02221

Symptom: Memory Corruption crash: chunk accessing past redzone

Conditions: while running BGPv4 codenomicon suite; BGP receives an update with repeating valid attributes with flag lengths bigger than data in the packet.

Workaround: There is no workaround.

  • CSCum02329

Symptom: Try to configure MPLS MTU on an interface that will not be programmed.

Conditions: When we configure MPLS MTU on an interface, MPLS MTU value is not programmed in the hardware and a packet larger than mpls mtu value is also allowed and doesn't get dropped.

Workaround: Use IP MTU or interface mtu instead of MPLS MTU.

  • CSCum04298

Symptom: EVFC check is not working.

Conditions: With Priority traffic.

Workaround: There is no workaround.

  • CSCum04414

Symptom: 20 VRFs, 5000 v4 mroutes and 5000 v6 mroutes per VRFs. mLDP based MVPN.

shutdown the physical interface of ingress PE. Ingress PE reload due to PD issue.

Conditions: There is no condition.

Workaround: There is no workaround.

  • CSCum07119

Symptom: Router generates tracebacks or crashes depending on platforms when 'show application ip route' command is used concurrently with application route deletion.

Conditions: show application ip route command is issued when JAVA onePK SDK is handling route replace operations

Workaround:

1. Use 'show ip route' to display the application routes and not 'show application ip route'.

2. Use onePK GET ROUTE API to get the status of application added route

3. Use 'show application ip route' only when there is no route delete is in progress

  • CSCum09702

Symptom: OSPF neighbors can not establish FULL adjacency over dmvPN tunnels.

Conditions: This symptom is observed when dmVPN with OSPF is configured on IOS-XE platforms.

Workaround: There is no workaround.

  • CSCum10676

Symptom: Router crashes during multicast replication.

Conditions: There are no known conditions.

Workaround: Following is the config to change the age timers. You can adjust this age time based on their requirement. ARP aging time config:

------------------- ASR(config)#int BDI164 ASR(config-if)#arp timeout ? <0-2147483> Seconds ASR(config-if)#arp timeout 1800 ASR(config-if)#end MAC aging time config: ------------------- ASR(config)#bridge-domain 164 ASR (config-bdomain)#mac aging-time ? <30-3600> Aging time in seconds, default 300 seconds (or 1800 seconds for overlay bridge domains) ASR(config-bdomain)#mac aging-time 1810
 

This problem will happen if the MAC entry is age out before the ARP entry of the given Host. So, if we configure the MAC age, slightly more than ARP age, then, the crash does not occur.

  • CSCum13126

Symptom: After initiating an RP fail-over either through redundancy force-switchover or by using test crash, MLPPP interface remains down though T1's are up. Either shut/no shut of 1 of the member links or clear ppp all brings the MLPPP interface back up.

Conditions: Trigger: RP fail-over seems to be the Trigger, apart from which there do not have to be any associated config changes made.

Workaround: There is no workaround.

  • CSCum22612

Symptom: Since the ASR fails to send MM6 [being a responder] in the absence of a valid certificate, IKE SAs start leaking and hence get stuck in MM_KEY_EXCH state. Multiple MM_KEY_EXCH exist for a single Peer on the ASR, however the Peer does not retain any SAs for ASR in this case.

Along with CAC for in-negotiation IKE SAs, these stuck SAs block any new SAs or IKE rekeys even after renewing the certificates on the ASR.

Conditions: ASR acting as IKEv1 termination point [sVTI for example] and is a responder.

IKE authentication mode is RSA-SIG [Certificates].

On the ASR, the ID-Certificate is either Expired or Not-present for a given sVTI tunnel

The ASR also has a IKE in-negotiation CAC of a certain value.

Example:

crypto call admission limit ike in-negotiation-sa 30
 

Workaround:

1. Manually delete stuck SAs by using:

clear crypto isakmp 12345

.. where 12345 is conn_id of a stuck SA.

Repeat this for each stuck SA

2. Temporarily increase CAC to accommodate new SA requests:

crypto call admission limit ike in-negotiation-sa 60

  • CSCum23619

Symptom: No counter to show the ATM VC IFM call out and response

Conditions: ATM VC IFM call

Workaround: There is no workaround.

  • CSCum25232

Symptom: ASR1K will fail to verify a message that is signed using a non-standard RSA key length (2024 for example). The failure is commonly seen during SCEP enrollment or when validating a peer certificate when RSA-SIG is used for phase 1 authentication.

Conditions: The failure has been observed on ASRs using an integrated ESP.

Workaround: There is no workaround.

  • CSCum27490

Symptom: after reload, the tunnel traffic is not passed

Conditions: you have tunnel configured, and also have config with:

configure ip cef accounting per-prefix non-recursive

Then, reload the device. After the system is up again, you may find the tunnel traffic is not working.

Workaround: after reload,

Then, you have two options:

1. delete previous tunnel and re-config the same one

2. add a new tunnel with the same tunnel source as previous tunnel , then delete this new tunnel intf. After this config, everything will be recovered.

  • CSCum35386

Symptom: The AVC Sum Duration metric is incorrect on the Utlra platform.

Conditions: AVC Sum Duration metric is enabled via one of the AVC / EzPM tools (e.g. ART), and is assinged to an interface on an Ultra plaform (however it works fine on ASR).

Workaround: There is no workaround.

  • CSCum40367

Symptom: Traceback seen while adding fair queue on existing Subscriber child policy.

Conditions: This symptom is observed with background traffic flow.

Workaround: There is no workaround.

  • CSCum42058

Symptom: These logs come up every 7 seconds filling up logging buffer:

001628: Jan 4 11:48:18.658 pst: UDLD-3-UDLD_IDB_ERROR UDLD error
handling failed to get IDB subblock (rcv) interface: Gi0/0/1.100
-Traceback= 1#bbfe8c0a51f338b185d077b248d1e545 :400000+13C8281
:400000+662BBEC :400000+662A4DE :400000+662A36B
 

Conditions: Recieved an UDLD packets with VLAN tag.

Workaround: There is no workaround.

  • CSCum44943

Symptom: ip mtu adjust feature should consider Ns/Nr 4-bytes sequencing field for auto calculation of vaccess mtu at LNS in the case where LAC wants to enable data packet sequencing by sending "Sequencing Required" AVP in ICCN towards LNS.

Now, the 4-bytes are not considered for the auto calculation of vaccess mtu at LNS in such a case.

Then, data packets having Ns/Nr 4-bytes sequencing fields in L2TP header may need to be fragmented after encapsulation at LNS.

Conditions: - ip mtu adjust is configured under the vdpn-group.

In a case where LAC wants to enable data packet sequencing by sending "Sequencing Required" AVP in ICCN towards LNS.

Workaround: Instead of using "ip mtu adjust" under the vpdn-group, set the mtu manually under the virtual template interface.

  • CSCum48124

Symptom: Occasional crash/traceback and router reload when performing config-replace while both performance monitor/s (e.g. EzPM) and native FNF montor/s are assigned to the same interface.

Conditions:Performing a config-replace to a clean config (i.e. doesn't assign performance monitors or native FNF monitors), while there are both performance monitor/s (e.g. EzPM) and native FNF montor/s assigned to the same interface in the current running config.

Workaround: First un-assign ether or both the perfromance monitors and/or the native FNF monitors before performing the config-replace. In that case, the config-replace works ok.

  • CSCum59909

Symptom: While testing ISSU from XE310<->XE312 with forwarding/security features,observing multiple features fails with both traffic and config failures followed by pendin-objects.

Conditions: Issue is seen after FP upgrade.

Workaround: There is no workaround.

  • CSCum61622

Symptom: Traceback may be seen with sip/sunrpc/rtsp/rcmd/msrpc.

Conditions: scaled ALG.

Workaround: There is no workaround.

  • CSCum66678

Symptom: When per-tunnel QoS is configured on a DMVPN hub, the ESP memory may become exhausted due to a memory leak. This could cause the ESP to reload.

Conditions: If there are a large number of DMVNP spokes and the spokes flap, then memory on the ESP is allocated and not freed. This could cause the memory exhaustion on the ESP and thus case the ESP to reload.

Workaround: One could monitor the ESP memory usage and if it is getting low, then reboot the ESP during a mainance window. The command "show platform software memory qfp-control-process qfp act brief | inc I/F" can be used to determine if memory is being consummed due to this issue. Example:

 
mcp6ru-14#show platform software memory qfp-control-process qfp act brief | inc CPP I/F DB
module allocated requested allocs frees
------------------------------------------------------------------------------
CPP I/F DB 128 48 5 0 <== normal condition is 5 allocs at bootup that is not freed
 
(one spoke flapped)
 
CPP I/F DB 8172 8076 6 0 <== 1 additional alloc of 8028 (2k spokes in network) - with this bug, this memory is not freed
 
  • CSCum67637

Symptom: FP crash while clearing zone pair inspect session.

Conditions: With GTP configs in UUT.

Workaround: There is no workaround.

  • CSCum74275

Symptom: In the current code expected time of the record is dependent on the start time of the first record.

As a result if there are mix and match of records from different interval, there is a possibility of expected record being changed. and the record getting dropped.

Conditions: Send records belonging to two different intervals simultaneously .

Workaround: Removing the dependency of the expected record time on start time of the first record.

Timer will look for the current interval packets and any future records will stored with the new code.

If the record time is lower than the current expected time than the record will be dropped.

  • CSCum84228

Symptom: memory leak for GTP AIC req/res pool

Conditions: send GTP request message.

Workaround: There is no workaround.

  • CSCum86411

Symptom: BGP performance will be slower on RP2 on 15.4(02)S release or newer images.

Conditions: Large scale BGP routes

Workaround: Use Image 15.4(01)S or older.

  • CSCum88382

Symptom: BFD session not established upon RP Switchover and back

Conditions: RP switchover and switchback.

Workaround: There is no workaround.

  • CSCum98137

Symptom: FP reloads due to cpp_cp process crash.

Conditions: Creating a session w/QOS policy and applying a shaper on VLAN for the session where both of these events occuring at the same time.

Workaround: There is no workaround.

  • CSCun00488

Symptom: Duplicate records are exported from MMA.

Conditions: set up a topolgy as below

SRC --- UUT --DST

|

collector

set the configuration at the UUT to export all the records to collector. At exporter notice duplicate records.

Workaround: There is no workaround.

  • CSCun01152

Symptom: An IOS-XE router may reload unexpectedly when zone-based firewall is configured.

Conditions: Zone-based firewall is configured. May be dependent on many active MSRPC sessions.

Workaround: There is no workaround.

  • CSCun02711

Symptom: observing cpp_cp_svr crash

Conditions: Interface Flap with Model4 QoS under Oversubscribe load.

Workaround: There is no workaround.

Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S

This section documents the open issues in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S.

This section documents the unexpected behavior that might be seen in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.5S.

  • CSCud94511

Symptom: Multiple Tracebacks are seen.

Conditions: Router reload.

Workaround: There is no workaround.

  • CSCue61643

Symptom: When the encapsulation on pvc is aal5mux.

Conditions: Ping fails when encapsulation on pvc is aal5mux.

Workaround: Configure a different encapsulation aal2snap and make it default.

  • CSCuh11621

Symptom: Nightster: Shut/No-Shut on Nightster bay0/1 causes PLIM driver Errors

Conditions: None.

Workaround: There is no workaround.

  • CSCuh18853

Symptom: The performance of a TFTP file transfer to/from an ASR1K running XE37 has severly decreased compared to older releases (e.g. XE 2.6.2).

Conditions: is has been observed on an ASR1K running XE373.

Workaround: There is no workaround.

  • CSCui15609

Symptom: IDBINDEX_SYNC-4-RESERVE errors and IDBINDEX_SYNC-3-IDBINDEX_ENTRY_MISMATCH errors logging.

Conditions: ASR1006 running asr1000rp2-advipservicesk9.03.04.05 .S.151-3.S5.bin.

Workaround: There is no workaround.

  • CSCuj43288

Symptom: with presence of POS spa and scaled DMVPN setup, errors and traceback showup, no more sessions come up

Conditions: This symptom is observed under the following conditions:

1) Presence of a POS SPA

2) ter-tunnel-qos applied to ipsec session on DMVPN HUB and flapping some sessions

And console stops to respond to command input.

Workaround: There is no workaround. Remove the SPA.

  • CSCuj56749

Symptom: SPA FPD Recovery Upgrade failure for SPA-4XT-SERIAL

Conditions: None.

Workaround: There is no workaround.

  • CSCuj93565

Symptom: %SPA_OIR-3-EVENT_DATA_ERROR: SPA OIR event data error - fail.

Conditions: None.

Workaround: There is no workaround.

  • CSCul12632

Symptom: SPA-8XCHT1/E1: show version doesn't show serial i/f info sometimes.

Conditions: None.

Workaround: There is no workaround.

  • CSCul38872

Symptom: Nightster:txmcbufferoverflow error while removing native GE loopback mac.

Conditions: None.

Workaround: There is no workaround.

  • CSCul49215

Symptom: IOS-XE side code fixes for Phase transient issue in maverick V2 SPA

Conditions: None.

Workaround: There is no workaround.

  • CSCul83515

Symptom: B3 errors are continously seen on SPA-4XOC48POS/RPR connected to ONT

Conditions: None.

Workaround: There is no workaround.

  • CSCum04518

Symptom: %IPC-2-CANT_SEND: SIP0/1: SPA-24CHT1-CE-ATM[0/1] err msgs seen on NG.

Conditions: %IPC-2-CANT_SEND: SIP0/1 err messages.

Workaround: There is no workaround.

  • CSCum12453

Symptom: ASR1K: Prowler SPA: Tail drop of imix traffic and ESP crash.

Conditions: None

Workaround: There is no workaround.

  • CSCue99781

Symptom: 310: Condebug: Cannot delete ATM pvc intf condition after remove pvc.

Conditions: None.

Workaround: There is no workaround.

  • CSCum03117

Symptom: Verify traffic not flood to fwd vfi when efp and vfi in same BD.

Conditions: traffic flood is wrong with same BD

Workaround: There is no workaround.

  • CSCul24853

Symptom: Whne the command "attribute nas-port format <x>" is configured under an "aaa group server", it is not used by the ASR1k.

Conditions: "attribute nas-port format <x>" is configured under "aaa group server" and no global command for this format is configured.

Workaround: Configure the global command: radius-server attribute nas-port format <x>

  • CSCum03767

Symptom: During a EAPSIM re-authentication with a incomplete challenge, the ISG sends out a wrong Accounting Request to the AAA Server.

Conditions: This will happen only during EAPSIM re-authentication and incomplete call-setup

Workaround: There is no workaround.

  • CSCue40782

Symptom: Traceback@cpp_tunnel_svr_disable_tunnel_protection

Conditions: While unconfiguring vrf vpn on spoke router of DMVPN.

Workaround: There is no workaround.

  • CSCui64579

Symptom: ping failed with packet size over 10184.

Conditions: MPLS mtu max enabled for MPLSomGRE tunnel

Workaround: Disable MPLS mtu max.

  • CSCuj46462

Symptom: Local PBR route-map counter are double the packets sent on ASR1K

Conditions: None.

Workaround: There is no workaround.

  • CSCul37377

Symptom: ESP crashed when receiving packets with 10 stacked labels

Conditions: None.

Workaround: There is no workaround.

  • CSCul97328

Symptom: FP40: FPM IP packets not displayed in "show log" on XE311.

Conditions: None.

Workaround: There is no workaround.

  • CSCum73080

Symptom: Traceback seen while doing a 'default range' on the control, data and InterLink interfaces on a RG Active Router.

Conditions: Stateful HTTP / FTP traffic was being sent through the router.

Workaround: Do a default on all the interfaces one by one instead of doing 'default range Gig x - y'.

  • CSCuh62666

Symptom: All packets punt to RP for GEC interface.

Conditions: Config and remove ethertype for GEC interface.

Workaround: There is no workaround.

  • CSCtz50465

Symptom: ISSU between incompatible images goes through.

Conditions: This happens for images between ISSU-break.

Workaround: There is no workaround.

  • CSCub87409

Symptom: Memory leak in oom.sh process RP and FP.

Conditions: None.

Workaround: There is no workaround.

  • CSCuj84220

Symptom: Nightster: 10GE Eval license does not transition into In-Use status.

Conditions: None.

Workaround: There is no workaround.

  • CSCul17693

Symptom: On the ASR1000 platform family, CISCO-ENHANCED-MEMPOOL-MIB & CISCO-MEMORY-POOL-MIB show lsmpi_io pool with little free memory. As a result, various SNMP management software applications may generate an error/notification.

Conditions: This condition is shown from the moment the router boots up.

The lsmpi_io pool is used on the Route Processor of all ASR1000 routers. Unlike other IOS versions IOSd on the ASR is a process running on IOS XE. IOSd has a single logical interface which communicates to IOS XE. This interface is called the Linux Shared Memory Punt Interface (LSMPI). When the ASR1000 boots the lsmpi_io pool is created and nearly all of the memory is allocated up front by design. Therefore, the little free memory shown in the MIBs is by design and does not indicate an error condition.

The LSMPI interface is described further in this document:

http://tools.cisco.com/squish/b64AB

Workaround: There is no workaround for the lsmpi_io pool having little free memory. If some other piece of software is generating alarms for this reason the management software needs to be adjusted.

  • CSCty54912

Symptom: chunk sibling memory failure.

Conditions: Left the testbed idle for more than 10 hrs.

Workaround: There is no workaround.

  • CSCud67669

Symptom: ASR1k: crash@Segmentation fault(11), Process=SSS Manager.

Conditions: None.

Workaround: There is no workaround.

  • CSCuj51088

Symptom: traceback shown on console log.

Conditions: when clear radius proxy + dhcp sessions.

Workaround: There is no workaround.

  • CSCum79612

Symptom: RADIUS(00000030): Send CoA Ack Response to x.x.x.x:41447 id 250, len 710

<snip>
RADIUS: ssg-account-info [250] 79 "service-name;946;41791249308;37024;98648;2170218;130964086" <= this is the value for downstream bytes and not as document here for upstream:
http://www.cisco.com/en/US/docs/ios/ssg/configuration/guide/ssg_radius_prof_attr_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1055577.

Conditions: ASR1k is configured to function as an ISG.

Workaround: The admin can change the evaluation of these down-/upstream bytes on the portal server

g= <1;servicename;elapsed-time in seconds;username;downstream packets;upstream packets;downstream bytes;upstream bytes>.

 
  • CSCud94511

Symptom: Traceback appeasrs in UUT.

Conditions: Unconfiguring firewall configs from UUT.

Workaround: There is no workaround.

  • CSCum22245

Symptom: Description:

1. Observing following DSP Errors

Dec 5 11:40:08.340 IST: %DSP_SPA-3-BUFF_FAIL: SIP0/1: Not Enough MEM Buffers at dsp receive

Dec 5 11:40:27.774 IST: %FARM_DSPRM-6-CALLDROPINFO: dspfarm active calls on this card dsp 2 channel 12 will be dropped.

2. Observing following memory leaks

ASR_1006#show memory debug leaks summary
 
Adding blocks for GD...
lsmpi_io memory
Alloc PC Size Blocks Bytes What
Processor memory
Alloc PC Size Blocks Bytes What
0x73AC2C6 0000001492 0000000501 0000747492 DSMP
0x740E000 0000000268 0000000028 0000007504 dsp_interface
Alloc PC Size Blocks Bytes What
0x740E000 0000000324 0000000172 0000055728 dsp_interface
Tracebacks:
ASR_1006#show memory traceback totals
-Traceback= 1#5b598b1360a2e5028a2d474cd717da72 [2] :400000+6FAC2C6 :400000+6FAC192 :400000+70089B2 :400000+6EE3088 :400000+6F6A920 :400000+705AD3D :400000+70596BD :400000+6F1F667 :400000+6F1F150 (529519 seen)
Holding: 506864 Num of blocks: 338 Peak Holding: 1294872
-Traceback= 1#5b598b1360a2e5028a2d474cd717da72 [1] :400000+700E000 :400000+6F6A26B :400000+705AD3D :400000+70594E7 :400000+6F1F667 :400000+6F1F150 (289981 seen)
Holding: 111992 Num of blocks: 350 Peak Holding: 275720
-Traceback= 1#5b598b1360a2e5028a2d474cd717da72 [3] :400000+6FAC2C6 :400000+6FAC192 :400000+70089B2 :400000+6EE3088 :400000+6F6AC9A :400000+705AD3D :400000+70596BD :400000+6F1F667 :400000+6F1F150 (2767 seen)
Holding: 18192 Num of blocks: 12 Peak Holding: 739364
 

Conditions: With Contact center callflow:

3. Run Load with the following call flow

4. CPS: 30

5. Hold Time 33secs

Workaround: There is no workaround.

  • CSCum51221

Symptom: Move reload log from /tmp to bootflash during performance analysis.

Conditions: None.

Workaround: There is no workaround.

  • CSCuj82418

Symptom: CUBE-SP data plane forwording capacity drops.

Conditions: NNI performance test.

Workaround: There is no workaround.

  • CSCuh95602

Symptom: Self bound traffic dropped by firewall.

Conditions: NAT64 is configured and traffic is sent from IPv6 client (in) to IPv4 egress interface of UUT (self).

Workaround: There is no workaround.

  • CSCui97375

Symptom: In-active time-based ACL causes traffic dropped.

Conditions: This symptom is observed on a Cisco ASR1000 series router when

time-based Access list Control (ACL) is configured on an interface and the

time-based ACL is not in configured time-range.

Workaround: There is no workaround.

  • CSCuj02884

Symptom: Packet drop with fragmented ipsec and nat64.

Conditions: None.

Workaround: There is no workaround.

  • CSCuj09540

Symptom: ESP remains in "init, standby".

Conditions: The issue is caused by a reset due to a crash.

Workaround: Reload the router.

  • CSCuj38420

Symptom: No alias interface for dynamic NAT.

Conditions: Overload configured for dynamic NAT.

Workaround: remove Overload.

  • CSCuj79520

Symptom: Increased use of global addresess over time while running PAP.

Conditions: NAT PAP enabled along with vrf on outside interfaces.

Workaround: If global address pool becomes deleted, it may become necessary to clear ip nat translations or reload the CPP.

  • CSCul01335

Symptom: FP may crash

Conditions: This symptom is observed on changing pap limit from 30 to 60 with traffic on

Workaround: There is no workaround.

  • CSCul12835

Symptom: Crash with CGN/BPA configuration.

Conditions: IP pool was extended, single bit in BPA was set.

Not seen with 1000 users. Issue is seen with waround 8000 users.

Workaround: There is no workaround.

  • CSCul65858

Symptom: GARP for the NAT-inside-global-address is sent from a non-Active HSRP router.

The problem is seen when one of the redundancy pair is reloaded and the interface comes up.

Because of the behavior, traffic loss is seen on the NAT traffic.

When receiving the GARP, active router shows the duplicate address message like below.

%IP-4-DUPADDR: Duplicate address x.x.x.x on GigabitEthernetx/x/x, sourced by xxxx.xxxx.xxxx

Conditions: None.

Workaround: There is no workaround.

  • CSCul67817

Symptom: max nat translations with ACL not working.

Conditions: With PAT mapping using ACL nat limit config.

Workaround: There is no workaround.

  • CSCul87051

Symptom: ASR1k running 3.7.2S

Two inside global addresses for the same inside local address.

Sufficient pool to handle one-to-one translations.

Conditions: IPv4 nat - ip nat inside source route-map <route-map> pool <pool> reversible

SIP traffic.

Workaround: There is no workaround.

  • CSCum56514

Symptom: A Cisco router running IOS XE may crash and reload after generating a ucode core file and logs similar to the following:

Notice 1531: KRZ: SIP0: pvp.sh: Process manager is exiting: process exit with reload fru code
Error 1530: KRZ: SIP0: cpp_cp: cpp_cp encountered an error -Traceback=
Error 1529: KRZ: SIP0: pman.sh: The process cpp_ha_top_level_server has been helddown (rc 69)
Error 1528: KRZ: SIP0: pman.sh: The process cpp_cdm_svr has been helddown (rc 69)
Informational 1526: KRZ: F0: cpp_ha: Shutting down CPP MDM while client(s) still connected
Informational 1525: KRZ: SIP0: cpp_cdm: Shutting down CPP MDM while client(s) still connected
Informational 1527: KRZ: F0: cpp_ha: Shutting down CPP CDM while client(s) still connected
Error 1524: KRZ: F0: cpp_ha: CPP 0 microcode crashdump creation completed.
 

Conditions: A Cisco router running IOS XE and traffic passing through the NAT path.

Workaround: There is no workaround.

  • CSCum61077

Symptom: Packets dropped while IPV4 to IPV6 translation with size above 1252.

Conditions: NAT64 on ASR1K.

Workaround: Decrease the IPV4 mtu size to 1252.

  • CSCum69887

Symptom: NAT cann't handle the tcp sequence properly with LDAP ALG after pdu size changed. NAT will not handle the delta value for the right ack message but thereafter messages, which may cause mis-acked message flows between two endpoints.

Conditions: Send LDAP traffic with empty comment item in LDAP ALG.

Workaround: There is no workaround.

  • CSCum81447

Symptom: IPv4 fragment with non-zero offset not translated to ipv6 for nat64.

Conditions: None

Workaround: There is no workaround.

  • CSCul47786

Symptom: failed to initialize qos EA with rp2 super image in mcp_cable_xos branch.

Conditions: None.

Workaround: There is no workaround.

  • CSCun10918

Symptom: PPP subscribers cannot be terminated in ASR1K, due to object locked.

Conditions: EVSI Delete Errors: Out-of-Order 0, No dpidb 0, Underrun 0, VAI Recycle Timeouts 90215 =======> large number of VAI recycle timeouts

EVSI wrong dpidb type errors 0

EVSI Async Events: Total 92754, HW error 88050 =======> large number of HW errors as well.

Workaround: remove QOS of the ppp.

  • CSCuh53255

Symptom: no media issue is encountered.

Conditions: By default, without "asymmetric payload full" configured, there will be no end-to-end PT negotiated. CUBE should do payload type interworking at RTP level. But right now, CUBE does not behave correctly, no media issue is encountered.

Workaround: configure "asymmetric payload full" under voice service voip -> sip

  • CSCul48986

Symptom: cpuhog is seen when config lma network

Conditions: config pool ipv4 v4pool3 pfxlen 16

Workaround: There is no workaround.

  • CSCul69967

Symptom: Pending issues in show platform software object-manager fp standby stats

Conditions: None.

Workaround: There is no workaround.

  • CSCum95704

Symptom: iWAG doesn't handle update message received from p-GW/GGSN.

Conditions: None.

Workaround: There is no workaround.

  • CSCun09973

Symptom: esp reloaded when received incorrect l2tp packet.

Conditions: l2tp packet with incorrect udp length.

Workaround: enable the checksum ignore.

  • CSCud29951

Symptom: Ucode Regression Failures (CPP10): ipsec tests.

Conditions: None.

Workaround: There is no workaround.

  • CSCug53518

Symptom: DMVPN NDR drops on ASR1001 with a few feature combination in XE3.10 (FNF plays the major role in degradation).

Conditions: Compared to Version 15.3(20130416:060244) [mcp_dev-BLD-BLD_MCP_DEV_LATEST_20130416_040026-ios 179].

Workaround: There is no workaround.

  • CSCui96224

Symptom: show crypto ipsec interface <interface-name> platform is listing the output of show platform software ipsec fp active interface all instead of selecting the right interface ID

Conditions: Using the new platform command.

Workaround: There is no workaround.

  • CSCuj45711

Symptom: Packets from ASR with IPV6 and TBAR configurations, are not being forwarded, even though the packets are being decrypted on the ASR.

Conditions: ASR with IPV6 and YBAR enabled.

Workaround: There is no workaround.

  • CSCul16548

Symptom: The 'show crypto ipsec sa peer <address> platform command may be incorrect for ESP 200 on ASR1K.

Conditions: The crypto context information will be incorrect for all the IPSec SAs programmed on crypto device 1 on an ESP 200.

Workaround: Use the 'show platform software ipsec fp active encryption-processor 1 context <context id>' command manually to get the crypto context information.

  • CSCuc13721

Symptom: This is a modification on the product to adopt new secure code best practices to enhance the security posture and resiliency of the product.

This is a hardening defect and should not be made visible to customers.

Conditions: Device configured with default configuration.

Workaround: There is no workaround.

  • CSCuj23729

Symptom: "uc wsapi" cannot be configured on S train platforms (juno)

Conditions: None.

Workaround: There is no workaround.

  • CSCuh56746

Symptom: Crash observed when creating a zone for zone based firewalls

Conditions: See when using standard or evaluation licenses.

Workaround: Apply the appropriate premium or advance license to configure zone based firewalls.

  • CSCuh67020

Symptom: crash at add_zone.

Conditions: None.

Workaround: There is no workaround.

  • CSCui72582

Symptom: Invalid CE table name using special characters should be rejected.

Conditions: None.

Workaround: There is no workaround.

  • CSCun14279

Symptom: Traffic to and from a BDI Interface on an ASR 1000 stops.

The command 'show platform software l2fib fp active bd <BDI> unicast all' will show nothing when it should show the following:

Router#sh pla so l2fib fp active bd 2 unicast all
MAC BD Nhop type Nhop Idx Flags
ffff.ffff.ffff 2 olist 1026
Router#sh pla so l2fib fp active mlist index 1026
L2FIB Mlist entries
Type Index AOM ID CPP Info
efp 1020010 aom id: 126, CPP info: 0x15929a4 (created)
 

Conditions: ISSU upgrade from 3.4.0 15.1(3)S2 to 3.10.0 15.3(3)S, followed by a shut / no shut of the BDI interface.

Workaround:

Reload / Power Cycle the entire Router.

Prior to the ISSU, remove all BDI configuration and replace it after the ISSU is completed.

Create new bridge domains to replace misbehaving ones.

  • CSCul95464

Symptom: CAC times of activation constant increment for IPv6 ND FSOL.

Conditions: None.

Workaround: There is no workaround.

  • CSCum94111

Symptom: Breakup spa_generic_ngio.c and miscellaneous cleanup

Conditions: None.

Workaround: There is no workaround.

  • CSCuf31885

Symptom: Users might experience slower network, specially on TCP connections. Delay in SYN/SYN ACK is reported by traffic generator.

Conditions: Heavy traffic and full AVC enabled (Config recommended by Marketing), QFP in ESP40 is higher than 7%. This can be verified by issuing the command of show platform hardware qfp active datapath utilization.

Workaround: Use a less heavy AVC Config or disable AVC.

  • CSCuf73907

Symptom: asr1k:elc:wrong display for EVC in "sh bd" for Ten Gig links of ELC

Conditions: None.

Workaround: There is no workaround.

  • CSCun15914

Symptom: collapse contrib/openssl back to main.

Conditions: None.

Workaround: There is no workaround.

  • CSCuf44203

Symptom: AFW memory corruption.

Conditions: None.

Workaround: There is no workaround.

  • CSCub42703

Symptom: video_SDP_Passthru call are failing Bandwidth based on CAC.

Conditions: None.

Workaround: There is no workaround.

  • CSCud32723

Symptom: [Skyrise]ASR1001: Performance degradation for IPV4-IPV4 FA and FT calls

Conditions: None.

Workaround: There is no workaround.

  • CSCub72573

Symptom: encpas counter in "show crypto ipsec sa" may occasionly show incorrect value

Conditions: IPSec tunnels configured and used on the device

Workaround: There is no workaround.

  • CSCui19103

Symptom: It is observed that no value is returned for an SNMP query (nhrpServerEntry) made by the SNMP server to the UUT (DMVPN Hub) in a Hierarchical DMVPN Scenario, where the HUB is an intermediate device which works as both DMVPN Hub and Spoke.

Conditions: None.

Workaround: There is no workaround.

  • CSCuh81159

Symptom: XE 3.11 : Traceback seen during Xfer on CUBE.

Conditions: None.

Workaround: There is no workaround.

  • CSCui80093

Symptom: CUBE not falling to FT mode for srtp-rtp call in no DSP case.

Conditions: This is seen when DSP resources are shutdown/unavailable in the router.

Workaround: Configure dspfarm profile in the router if available or do not configure "media flow-around" CLI. This issue is particularly observed when Flow-around is configured for srtp-rtp call and when there are DSP resources in the router

  • CSCui87426

Symptom: CUBE moving to FA with one call-leg as srtp and other call-leg as rtp which is wrong.

Conditions: This is seen in srtp-rtp call and in mid-call , inleg fallsback from srtp to rtp.

Workaround: There is no workaround.

  • CSCul04900

Symptom: Hydrogen serviceability Feature crash in Xe 311 image As per crash decode snippet, serviceability/event trace code crashed

Traceback summary ----------------- % 0x8a57439 : __be_strcmp % 0x1372b17 : __be_sympBuffCallingNumCompare % 0x89884ce : __be_avl_search % 0x1373a99 : __be_symp_et_search_cover_buffer_in_filt_table % 0x1373b99 : __be_symp_et_insert_cover_buffer_to_filt_table % 0x13754fc : __be_symp_upd_event_trace_instance % 0x10417a9 : __be_ccsip_api_call_setup_ind % 0xf555a4 : __be_sipSPIContinueNewMsgInvite % 0xf54cf8 : __be_sipSPIHandlePostPreauthInvite % 0xf52a20 : __be_sact_idle_new_message_invite % 0xf523ad : __be_act_idle_new_message % 0xf5127a : __be_sipSPISipIncomingMsg % 0xf4f821 : __be_sipSPILocateInviteDialogCCB % 0xf4e5b5 : __be_ccsip_new_msg_preprocessor % 0xf4c55a : __be_ccsip_spi_process_event % 0xf4bedc : __be_ccsip_process_sipspi_queue_event Call flow : srv_dbg_cat_lvl_03 TC execution. ================================================= Topology sipp----ASRCUBE----SIPP Core file path :/auto/tftp-rts/ASR-CUBE_RP_0_linux_iosd-imag_16315_1382531279.core.gz Passed image :15.4(0.19)S0.4 failed Image :15.4(0.19)S0.8
 

Conditions: This symptom is observed under:

1. Trace commands enabled at common_setup section, monitor event-trace voip ccsip fsm monitor event-trace voip ccsip msg monitor event-trace voip ccsip misc monitor event-trace voip ccsip api monitor event-trace voip ccsip global monitor event-trace voip ccsip limit connections 1000 monitor event-trace voip ccsip stacktrace 8 monitor event-trace voip ccsip history enable" monitor event-trace voip ccsip history clear" monitor event-trace voip ccsip all enable"

2. By default all feature codes and log level are enabled at particular TC setup section

3. Single audio call is established, after 4 to 5 sec. crash occurred.

Workaround: Passed image :15.4(0.19)S0.4

  • CSCul46066

Symptom: Hung Calls with SIP SPI with Refer Consume Load

Conditions: observing hung calls with Refer Consume CVP load test. Hung calls observed with SIP SPI

Steps to reproduce:

Configure max connection with 3 Refer to Dial-peer & outbound dial-peer towards CVP.

Run Load with 1000 calls for few hours.

CPS: 10
CHT: 100 secs
Total Number of active calls : 750
Issue observed with max-conn with multiple dial-peers
 

Workaround: Use dial-peers without max-conn.

  • CSCuf14884

Symptom: dummy packet generation per SA does not follow configured interval.

Conditions: None.

Workaround: There is no workaround.

  • CSCuh77330

Symptom: ASR1K XE 3.7.S3 [crypto_ipsec_pull_dp_sadb_counters]

Conditions: None.

Workaround: There is no workaround.

  • CSCum94837

Symptom: ASR1K does not output %XCONNECT-5-PW_STATUS: message although remote xconnect device's interface is down or up.

Conditions: This happens only remote xconnect device's interface is down or up. When ASR1K xconnect interface is down or up this does not happen.

Workaround: There is no workaround.

  • CSCui09671

Symptom: GEC: recycle bundle can't keep up on Yoda platforms

Conditions: None.

Workaround: There is no workaround.

  • CSCum73445

Symptom: cpp_cp_svr crash.

Conditions: Problem has been intermittently seen when tearing down bundle type interfaces such as MLPPP and MLFR.

Workaround: There is no workaround.

  • CSCum90878

Symptom: Ultra HQF Perf: Eliminate extra scheduling layer/overhead from HQF cfg

Conditions: None.

Workaround: There is no workaround.

  • CSCum99180

Symptom: Latency in PQ gets high under a certain traffic condition

Conditions: In the QoS scenario bellow, latency in PQ gets high in specific situation.

This issue happens when specifically shape rates <= 1Mbps

The interface is shaped as to 1Mbps with "account user-defined 24" in PARENT policy.

CHILD policy has 2 classes which is configured with "priority percent", another is configured with "bandwidth remaining"

Here is configured priority percent and the rate of test traffic in each scenario.

Two streams with different rate and frame size( Both are classified into PQ)

The Maximum Latency is greater than 1100¶Ãs.

class-pq:89% (890 kbps).
DSCP pps byte Maximum Latency(¶Ãs)
CS6 409 85 1100
12 64 1133
 

Workaround: There is no workaround.

  • CSCun09640

Symptom: The following errors are seen when adding a child policy to a parent policy while configuring hierarchical QoS.

%CPPOSLIB-3-ERROR_NOTIFY: F0: cpp_cp: cpp_cp encountered an error
%CPPOSLIB-3-ERROR_NOTIFY: F0: fman_fp_image: fman-fp encountered an error
%PMAN-3-PROCHOLDDOWN: F0: pman.sh: The process cpp_ha_top_level_server has been helddown (rc 69)
%PMAN-3-PROCHOLDDOWN: F0: pman.sh: The process cpp_cp_svr has been helddown (rc 134)
 

This can result in a ESP (F Fabric) reload, causing a traffic outage

*Feb 13 07:39:05.829: %IOSXE_OIR-6-ONLINECARD: Card (fp) online in slot F0
 

Conditions:

An interface with a service-policy applied.

Adding/removing child policies on the parent hierarchical policy applied to the interface.

Workaround: Remove the policy from the interface before making the changes to the child/parent policy then reapply the policy to the parent.

  • CSCui35958

Symptom: GLC-GE-100FX SFP state remains Enabled even when port status admin down.

Conditions: None.

Workaround: There is no workaround.

  • CSCul10111

Symptom: Loopback Led is not changing to Amber in Javelin T3E3 spa in Encap PPP.

Conditions: None.

Workaround: There is no workaround.

  • CSCum04472

Symptom: ASR1K: Pb-free Patriot Prowler: IDB errors on scaling ds0 channels.

Conditions: None.

Workaround: There is no workaround.

  • CSCua48282

Symptom: On ASR1K router, randomly observe the following error during ISSU MDR runversion, the error does not have funcationality impact.

*Jun 13 18:21:04.001 PDT: %CMCC-3-PLIM_STATUS: SIP2: cmcc: A PLIM driver informational error txnpMaxMTUExceeded, block 1e count 1
 

Conditions: None.

Workaround: There is no workaround.

  • CSCua62284

Symptom: Can not synchronize SPI4 bus and PLIM error.

Conditions: None.

Workaround: There is no workaround.

  • CSCuf57507

Symptom: EVENTLIB-3-RUNHOG: SIP2: cmcc: undefined: 7179ms

Conditions: While performing an active RP failure during ASR1006 subpackage MDR upgrade

Workaround: There is no workaround.

  • CSCuj94548

Symptom: Intermittently SCOOBY-3-SERIAL_BRIDGE_CRITICAL error observed on ASR1000-2T+20x1GE card.

Conditions: None.

Workaround: There is no workaround.

  • CSCul32464

Symptom: ASR1K: ELC - Add new MB FPGA ver 1.22 bundle

Conditions: None.

Workaround: There is no workaround.

  • CSCul79546

Symptom: pactrac: show fia-traced packet has unexpected unformatted output.

Conditions: None.

Workaround: There is no workaround.

  • CSCum59137

Symptom: %ASR1000_SPA_ETHER-3-TCAM_VLAN_ERROR: SIP0/0: Failed to add.

Conditions: Seen at the time of port-channel config, viz shut/no shut multiple config calls are sent , hence gives error at the time of adding vlan-entry which is already added and deleting vlan entry which is already removed.

Workaround: There is no workaround.

  • CSCum67150

Symptom: Ingress MAC Acct stops working after doing a no mac acc on egress.

Conditions: None.

Workaround: There is no workaround.

  • CSCum70828

Symptom: SNMP Query on dot3StatsDuplexStatus is shown as unknown on SPA-5X1GE-V2.

Conditions: While testing Ether-like MIB for SPA-5X1GE-V2.

Workaround: There is no workaround.

  • CSCul47786

Symptom: failed to initialize qos EA with rp2 super image in mcp_cable_xos branch.

Conditions: None.

Workaround: There is no workaround.

  • CSCub00482

Symptom: 2 IKEv2 sa created on a crypto session at flexVPN Server

Conditions: system bootup with 4K activity flexVPN clients and data traffic.

Workaround: There is no workaround.

  • CSCui22804

Symptom: CLI: show crypto mib ike flowmib failure doesn't shows correct reason for failure

Conditions: Incorrect failure reason is shown in case when ikev2 profile is configured and shut command is issued on tunnel.

Workaround: There is no workaround.

  • CSCuj73916

Symptom: Traceback seen.

Conditions: while running ISAKMP D10 suite during codenomicon testing.

Workaround: There is no workaround.

  • CSCum80300

Symptom: ASR1k running XE3.10 may crash in RP on executing the CLI "show crypto session"

Conditions: More than 1000 crypto sessions and executing the cli "show crypto session".

Workaround: There is no workaround.

  • CSCuh30746

Symptom: XE3.10 "show version" can not find license information

Conditions: None.

Workaround: There is no workaround.

  • CSCun07481

Symptom: ASR1k - L2TP tunnel password char > 32 chars not working.

Conditions: None.

Workaround: There is no workaround.

  • CSCuj42611

Symptom: MCP asr1k invisibility test for LI fails.

Conditions: None.

Workaround: There is no workaround.

  • CSCue48471

Symptom: Currently, there is no way to detect ILAK OOB CRC error.

Conditions: None.

Workaround: So, a cli is implemented to check if we have any interrupt pending or not.

sh pl hard slot < slot num> plim statistics internal.

  • CSCue92637

Symptom: Review comments for CSCue17512/CSCue93536 (Phy Interrupt Handler)

Conditions: None.

Workaround: There is no workaround.

  • CSCuj36793

Symptom: Commit of CSCud71821 is causing a problem during MDR; the reload causes the cc to go offline and a rommon status of bad_rommon is shown.

Conditions: None.

Workaround: There is no workaround.

  • CSCuj83383

Symptom: This is not visible to customer as it prints a wrong reset cause on being reset through ELC console CLI. ELC Console is not present in production boards.

Conditions: This problem occurs when the user tries to reset the ELC through ELC console CLI.

Workaround: There is no workaround.

  • CSCul09398

Symptom: Ping will not work after replacing Cu SFP with Optics SFP in the same port of ELC.

Conditions: When CU SFP was inserted, speed other than 1000 should be configured and then remove the SFP and insert Optics SFP.

Workaround: Unconfigure speed on CU SFP then remove the SFP or Reload the card.

  • CSCul49981

Symptom: failed to initialize qos EA with rp2 super image in mcp_cable_xos branch.

Conditions: None.

Workaround: There is no workaround.

  • CSCul80246

Symptom: FPD upgrade/downgrade, LC offline message is seen twice.

Conditions: None.

Workaround: There is no workaround.

  • CSCum66182

Symptom: SNMP Query on the object dot3StatsDuplexStatus is shown as unknown.

Conditions: While testing Ether-Like MIB for ASR1000-6TGE.

Workaround: There is no workaround.

  • CSCum85290

Symptom: IOSD Stack and Heap are R/W/X.

Conditions: None.

Workaround: There is no workaround.

  • CSCui57809

Symptom: subscriber template cause session session teardown with no reason cause.

Conditions: None.

Workaround: There is no workaround.

  • CSCuj09925

Symptom: In a PPPoE dual-stack environment, the Delegated-IPv6-Prefix is not sent to the start accounting record. The Delegated-IPv6 Prefix is logged only in the next Interim record, but this can take a long time depending on the configured update period.

Conditions: Delegated prefix allocated from an IPv6 pool which is configured via Cisco-AVPair "ipv6:delegated-ipv6-pool" in the RADIUS server.

Workaround: There is no workaround.

  • CSCul38850

Symptom: Finding the actual root cause of CSCul30317.

Conditions: None.

Workaround: There is no workaround.

  • CSCul97900

Symptom: IPSUB EVSI Create Error counter is incremented post churn test.

Conditions: None.

Workaround: There is no workaround.

  • CSCum62975

Symptom: PPPoE session stuck in LCP,WT_ST upon establisment with CoA-LI noaction.

Conditions: None.

Workaround: There is no workaround.

  • CSCui11721

Symptom: rLFA-FRR convergence time is over 50ms when primary path is ATM.

Conditions: None.

Workaround: config 3.33ms interval BFD in ATM port.

  • CSCuj55984

Symptom: GetVPN crypto gdoi re-reg fails

Conditions: When active traffic and when the WAN intf flaps

Workaround: Issue "clear crypto gdoi" on UUT.

  • CSCul72419

Symptom: GM doesn't process 'clear crypto gdoi ks members'.

Conditions: ASR1K GM configured with 1 GETVPN group.

GETVPN group uses client registration interface loopback.

Apply the crypto map to 2 sub-interfaces.

Workaround: There is no workaround.

  • CSCul69572

Symptom: Warning messages observed when we configure 'source-interface loopback 'num' on the NVE interface.

Conditions: Issue observed whenever we configure the souce-interface command on the NVE.

Workaround: There is no workaround.

  • CSCun06003

Symptom: OTV fragmentation join-interface command cannot be removed from the configuration. When the system is in this state the system fails to fragment large MTU packets.

Conditions: On a ASR1002-X running IOS-XE 03.10.01.S enable otv fragementation on a system with a dot1q sub interface as the join interface then recycle the power of the ASR.

Workaround: Replace the existing configuration.

  • CSCtu43369

Symptom: CFLOW ASR1K: with diff file, cflow image included un-changed functions.

Conditions: None.

Workaround: There is no workaround.

  • CSCuj00564

Symptom: The PL can't add extracted fields for new protocols using ppack

Conditions: None.

Workaround: There is no workaround.

  • CSCuj68160

Symptom: iosd may crash.

Conditions: on doing rpswo with avc config.

Workaround: There is no workaround.

  • CSCul38819

Symptom: Crash on ASR1K with PfR enabled.

========= Exception Tracebacks ==================
Exception to IOS:
Frame pointer 0x7F83892D19D0, PC = 0x2BE0D68
IOS Thread backtrace:
UNIX-EXT-SIGNAL: Segmentation fault(11), Process = OER Border Router
 

Conditions: None.

Workaround: There is no workaround.

  • CSCtu21992

Symptom: MLPPPoEoA: Pending AOM ack for ATM VC create on standby FP.

Conditions: None.

Workaround: There is no workaround.

  • CSCug19720

Symptom: multiple tracebacks related to fman

Conditions: None.

Workaround: There is no workaround.

  • CSCul84718

Symptom: ASR1K MLPPP - " Multilink fastsend reentered " on LNS.

Conditions: None.

Workaround: There is no workaround.

  • CSCun15169

Symptom: Tracebacks seen after router reload in scaled PPPoE Environment.

Conditions: None.

Workaround: There is no workaround.

  • CSCtt21586

Symptom: Kingpin "cc" bandwidth maxed out at 10G

Conditions: None.

Workaround: There is no workaround.

  • CSCtw74124

Symptom: For a slot housing the Cisco ASR1000-SIP40, or on a Cisco ASR1002-X, the output of the show platform hardware slot <slot#> plim buffer settings detail command always shows the value of Max always as “0“ in the "Fill Status Curr/Max" filed, even when the Rx buffers have been utilized.

Conditions: When the SPA Aggregation ASIC has been flow controlled by the Network Processing Unit, the buffers inside the SPA Aggregation ASIC will start filling up.

Workaround: There is no workaround.

  • CSCua55528

Symptom: %SYS-3-CPUHOG Errors, and Trace backs seen while performing config replace

Conditions: Configurations are done on both ELC ports and 1 GIGE ports.

Workaround: There is no workaround.

  • CSCud47058

Symptom: Committed Memory value 96% exceeds warning level 95% on 4RU ISSU SIP upgrade.

Conditions: This symptom is observed when performing a SIP ISSU upgrade in a 4RU.

Workaround: This is just a warning message. There is no impact on the functionality or the traffic.

  • CSCuh36075

Symptom: NSPR: asr1k skips booting sometimes from USB after send break is initia

Conditions: None.

Workaround: There is no workaround.

  • CSCuj44771

Symptom: Queue_depth value incorrect with FRR Scaling

Conditions: Queue_depth values are not getting back to the original value(0) while shuting the interface

Workaround: There are no workaround.

  • CSCul25518

Symptom: Nightster: IOS and Linux mismatched detection of media size.

Conditions: None.

Workaround: There is no workaround.

  • CSCul33598

Symptom: On a dual RP system such as ASR1006 and ASR1013 standby RP polls for power supply sensors along with local environment sensors.

Conditions: An ASR router with dual RPs.

Workaround: There is no workaround.

  • CSCul33952

Symptom: FTP file-transfers running very slowly when source interface is management interface due to excessive check-sum failures.

Conditions: source-interface for the ftp file-transfer is management ethernet interface.

Workaround: There is no workaround.

  • CSCul43601

Symptom: ASR 1RU IOS Boot time Excessive - eUSB File System Correction.

Conditions: None.

Workaround: There is no workaround.

  • CSCul68223

Symptom: We saw RP CPU Spike using ASR1001/3.7.4S from "monitor platform software process rp active".

The config is very simple(the default config, almost).

When the CPU is high, the value is about 30-40%.

Conditions: None.

Workaround: There is no workaround.

  • CSCul80669

Symptom: 2KP:%IOSXE-3-PLATFORM: R0/0: kernel: bullseye_i2c_ Error seen on mcp_dev

Conditions: None.

Workaround: There is no workaround.

  • CSCum27365

Symptom: "show logging persistent" command unexpectedly occurs resource leak.

Conditions: None.

Workaround: There is no workaround.

  • CSCum94365

Symptom: 2KP:%IOSXE-3-PLATFORM: R0/0: kernel: bullseye_i2c_ Error seen on mcp_dev.

Conditions: None.

Workaround: There is no workaround.

  • CSCum75385

Symptom: "show platform hardware qfp active datapath utilization" displays wrong data.

When high priority traffic (ip precedence 6,7) is sent, the counters against "Input Non-Priority" rows increment.

When low priority traffic (ip precedence 0,1,2,3,4,5) is sent, the counters against "Input Priority" rows increment.

Conditions: This can occur when using esp100.

Workaround: There is no workaround.

  • CSCug47592

Symptom: PLIM Driver Error Messages observe while booting.

Conditions: On ASR1002-X router during booting.

Workaround: There is no workaround.

  • CSCui50772

Symptom: layer2_switching CPP10 Functional Regression Failure.

Conditions: None.

Workaround: There is no workaround.

  • CSCum46475

Symptom: TM VC object pending in AON

BRAA04-asr#show platform software object-manager f0 pending-ack-update
Update identifier: 477862718
Object identifier: 227150073
Description: ATM PVC at ATM1/2/1.1, VCD 528, FCID 55163, Hw-FCID 65535, state 0x40608, dirty 0x0
Number of retries: 0
Number of batch begin retries: 0
asr#show platform software object-manager f0 object 227150073
Object identifier: 227150073
Description: ATM PVC at ATM1/2/1.1, VCD 528, FCID 55163, Hw-FCID 65535, state 0x40608, dirty 0x0
Status: Pending-acknowledgement, Epoch: 0, Client data: 0x13d55170
Issued action
Update identifier: 477862718, Batch identifier: 0
Batch type: unknown
Action: Create
 

Conditions: None.

Workaround: There is no workaround.

  • CSCum73826

Symptom: Change LI ucode to use a union for 64-bit access vs. and type cast

Conditions: None.

Workaround: There is no workaround.

  • CSCug60382

Symptom: NTE payload type is renegotiated as asymmetric which some device cannot support.

Conditions: Mid call late invite to trigger renegotiated and the answer in SDP from initiator has different nte payload type as nte payload from offer 200(invite) in other side.

Workaround: Remove nte payload in ACK using lua script.

  • CSCuh29125

Symptom: in meetme confernece calls, the call-id/tag modification for NOTIFY work for pre-INVITE NOTIFY, but it seems does not work pre-BYE NOTIFY

Conditions: There is no known condition.

Workaround: There is no workaround.

  • CSCul50470

Symptom: false pool exhaustion with route-map + dynmaic nat

Conditions: atleast two nat mapping are present.

Workaround: There is no workaround.

  • CSCum03118

Symptom: A complete VRF NAT unconfiguration may take a long time (up to 1 hour or more in some cases).

Conditions: VRF-aware NAT is configured on IOS-XE based platforms.

Workaround: There is no workaround.

  • CSCum49324

Symptom: 200 OK is dropped.

Conditions: 2+ contacts, ip address is to be modified.

Workaround: There is no workaround.

  • CSCum68074

Symptom: many packets are dropped for NatIn2out cause

Conditions: PAT, interface overload.

Workaround: PAT pool overload.

  • CSCuc59324

Symptom: Errors while executing the request platform software package clean command.

Conditions: After executing subpackage ISSU upgrade procedure, the request platform software package clean command is giving errors.

Workaround: There is no workaround.

  • CSCud08001

Symptom: Copying image to the standby RP takes very long time comparing to copying same image to the active RP. For the ASR1K RP2 image, the time can be 20min vs 5 min.

Conditions: None.

Workaround: There is no workaround.

  • CSCul65261

Symptom: write bus access failed with fpd upgrade

Conditions: This condition is observed during FPD bundled upgrade

Workaround: There is no workaround.

  • CSCui20319

Symptom: Pending issues/ack is observed on ESP

Conditions: Must meet all following conditions:

1. When port-channel vlan loadbalacing mode is enabled on Port-channel EVC with large scale of EFPs on one port-channel (8000 in this case)

2. EFPs on Port-channel are assigned to different links.

3. When the efps and port-channel are remove using one command "no int port-channel x"

4. Then the scale config and link assignment are added back by copying back the scale config

Workaround: Separate EFP removal and port-channel link removal (remove efps, the remove int port-channel) separate EFP config and port-channel link config (add EFP first, then add links to port-channel).

  • CSCul37689

Symptom: With 76xx, customer associates more service instances of each access point to the same bridge domain to create a point to point local switching.

Mac-learning in the bridge domain is disabled and therefore NOT limited by number of MAC addresses used.

For asr1k is expected to implement same behavior under this feature.

Conditions: None.

Workaround: There is no workaround.

  • CSCum91081

Symptom: CAM not getting flushed immediately after link flap on ASR1k.

Conditions: None.

Workaround: There is no workaround.

  • CSCum99115

Symptom: ELine:Def Encap-Access intf connect to PE goes downon shut service Inst.

Conditions: None.

Workaround: There is no workaround.

  • CSCue91054

Symptom: ESP crashed when sending IPv6-fragmented traffic through DMVPN hub (MGRE tunnel).

Conditions: This condition occurs when sending big IPv6 packets (need to do IPv6 fragmenation after adding tunnel header) traffic through DMVPN hub. Large amout of IPv6 fragment traffic, for example, 5G on ESP20, which exceeds re-assembly performance number that is less than 2G.

Workaround: Change MTU to avoid IPv6 fragmentation.

  • CSCuh82039

Symptom: mldp: multicast data leaks into other vrfs in sparse-mode on ASR1K scale.

Conditions: None.

Workaround: There is no workaround.

  • CSCui43325

Symptom: Traffic blackhole for v6 SSM groups after flapping bgp loopback interface on the egress PE

Conditions: This condition is observed during BGP loopback interface flap

Workaround: Unconfigure-reconfigure the mdt default command under the v6 address-family for the vrf

  • CSCul61549

Symptom: The requirement is 7.5Mpps for nightster, but the actual is only 5.78Mpps.

Conditions: None.

Workaround: There is no workaround.

  • CSCul69990

Symptom: LSPVIF missing in OIF on flapping mpls mldp for v4 traffic.

Conditions: None.

Workaround: There is no workaround.

  • CSCum71765

Symptom: IGMP reports for autorp group is not punted on flapping BGP address.

Conditions: None.

Workaround: There is no workaround.

  • CSCul40478

Symptom: Crash was seen in periodic accounting process due to the stale reference of the attribute list with AAA accounting DB (this specific attribute list is used by the periodic accounting process for sending the interim accounting records).

Conditions: The trigger is currently unclear. Will update RN after our engineering provided me the final root cause analysis.

Workaround: There is no workaround.

  • CSCul55275

Symptom: Stale shim-db entries on stby rp and same database corrupted.

Conditions: None.

Workaround: There is no workaround.

  • CSCum03411

Symptom: Support for extended RTP ports.

Conditions: None.

Workaround: There is no workaround.

  • CSCuj19293

Symptom: Bindings are present after inconfiguring Static NAT mappings

Conditions: This symptom is observed when static NAT is mapped with route-map

Workaround: There are no workaround.

  • CSCul48593

Symptom: Active FP crashed due to stuck threads @ipv4_nat_bpa_free_port.

Conditions: None.

Workaround: There is no workaround.

  • CSCum04528

Symptom: An ASR 1002-X router might crash and reload writing a core file in the process.

Conditions: ASR1002-X running NAT with ALG traffic

Workaround: There is no workaround.

  • CSCun12095

Symptom: Pool exhaustion msg with 0 trans.

Conditions: unconfiguring 64 pools and re-adding 34 pools and sending traffic.

Workaround: There is no workaround.

  • CSCum40972

Symptom: XE3.11 EoGRE - GTPv2 does not always authenticate session.t

Conditions: None.

Workaround: There is no workaround.

  • CSCts56332

Symptom: ipsec client update platform_db items for Kingpin/FP80/FP160/Nightster.

Conditions: None.

Workaround: There is no workaround.

  • CSCug19588

Symptom: IKEv2 TPS performance degradation over time.

Conditions:This occurs in the lab under extreme test conditions with traffic running during session bring-up.

Workaround: Reduce traffic and or reduce session bring-up rate.

  • CSCui53563

Symptom: Crypto-Engine(h/w encryption) is inactive

Conditions: This condition is observed during rp_switchover the HUB and pass the traffic to bringup the tunnels UP

Workaround: There is no workaround.

  • CSCuj55363

Symptom: In the lisp getVpn solution test, when the getvpn profile is applied in physical interface in the data path flow (such as interface between GM1 to core), the traffic got dropped with qfp error of "IpsecIkeIndicate"/"OUT_V4_PKT_HIT_IKE_START_SP" when the getvpn profile is applied to the LISP0 interface, Encrypted traffic flows in the LISP setup properly

Conditions: getvpn profile is applied to the physical interface instead of lisp interface.

Workaround: Apply getvpn profile in lisp interface.

  • CSCuj67691

Symptom: Seeing performance drop with 82bytes for IPSEC dVTI feature for latest XE3.11 & mcp_dev images when compared to RLS3.8.0 & RLS3.10.0.

Conditions: None.

Workaround: There is no workaround.

  • CSCul52578

Symptom: IPSec does not work properly for 1ru platform, de-capsulation feature is disabled

Conditions: None.

Workaround: There is no workaround.

  • CSCum08112

Symptom: After IPsec tunnel flapping, ASR1k can't send packets over the tunnel though the tunnel seems to be established correctly.

When you encounter this problem, you can see the following syslog on the other side of IPsec.

%IOSXE-3-PLATFORM: SIP0: cpp_cp: QFP:0.0 Thread:147 TS:00000047580322122362 %IPSEC-3-HMAC_ERROR: IPSec SA receives HMAC error, DP Handle 7, src_addr 1.1.1.1, dest_addr 2.2.2.2, SPI 0x9aa8341e
 

Conditions: The "tunnel destination" and "tunnel source" are loopback interfaces.

And ASR1k has a backup route for the tunnel destination.

And the MTU of the outgoing interface of the backup route should be different from the MTU of outgoing interface of primary route.

In this situation, flapping a physical interface that is outgoing interface of an IPsec tunnel causes the symptom above.

Workaround: Making the MTU of outgoing interfaces of both primary and backup routes same can avoid this problem.

Clearing SA on either end of IPsec can recover the situation.

  • CSCum13378

Symptom: An ASR1K configured as an IPSec endpoint may fail to reassemble fragmented ESP packets . During this failure state, the router will also log %ATTN-3-SYNC_TIMEOUT errors.

Conditions: UDP packet of a specific size received on the clear side of the ASR is known to trigger this issue.

Workaround: Use software crypto for large packets received on the clear side by configuring post-frag encryption - crypto ipsec fragmentation after-encryption. This will prevent the ASR from getting into the ATTN_SYNC state.

  • CSCum99823

Symptom: ASR1001 router FP crashed as DMVPN HUB.

Conditions: Crash happens randomly.

Workaround: There is no workaround.

  • CSCun16532

Symptom: SSLVPN:disconnect from client not working

Conditions: None.

Workaround: There is no workaround.

  • CSCun16538

Symptom: SSLVPN:ssl close not notified to control plane.

Conditions: None.

Workaround: There is no workaround.

  • CSCue59450

Symptom: IOS XE Watchdog message seen along with RP and SIP crash

Conditions: This symptom is observed when continuous ARP request on the interface having VRF Receive configured on it.

Workaround: There is no workaround.

  • CSCum81699

Symptom: ASR1000 with low memory on both the RP and ESP

Memory (kB)
Slot Status Total Used (Pct) Free (Pct) Committed (Pct)
RP0 Critical 8098040 7262040 (90%) 836000 (10%) 7964632 (98%)
ESP0 Warning 2009452 1964836 (98%) 44616 ( 2%) 1886368 (94%)
SIP0 Healthy 449328 338084 (75%) 111244 (25%) 358780 (80%)
 

Conditions: ASR1000 running 3.7.1S.

Workaround: There is no workaround.

  • CSCuh83086

Symptom: XE311 RP crashes @%SCHED-2-NOTWATCHTIMER: managed timer not being watche.

Conditions: None.

Workaround: There is no workaround.

  • CSCud77672

Symptom: Add per subdevice IPC queues for FP80/FP160.

Conditions: None.

Workaround: There is no workaround.

  • CSCul27478

Symptom: Time sync problem between QFP and IOS.

This out of sync appears at some platforms and causes complete breakage of punt performance monitors.

Conditions: asr1002 RP1 ESP5 and asr1004 RP2 ESP20 after system reload

Workaround: ntp server configuration is must.

delay after reload was done for a system 5-40 mins.

  • CSCul59422

Symptom: Pending objects seen on ATM on booting mcp_dev image.

Conditions: None.

Workaround: There is no workaround.

  • CSCum49213

Symptom: ESP crash

Conditions: None.

Workaround: Use debug platform hardware qfp active datapath trace packet for short periods of time.

  • CSCum93027

Symptom: ASR1k running IOSXE 3.11.0 and above crashes under the following conditions.

Conditions: Do the following in the same order:

1. Configure a sub-interface with IPv6

2. Configure OSPFv3 on the sub-interface.

3. Configure IPSec auth for OSPFv3 on the sub-interface.

4. Shutdown the sub-interface.

5. Remove the sub-interface.

Workaround: There is no workaround.

  • CSCun13772

Symptom: CPUHOG messages and watchdog timeout crashes are observed on an ASR1000 series router running DMVPN.

Conditions: This has been observed on a router with a very large NHRP table (10-20k individual entries) with a very high number (thousands) of child entries per parent entry.

Workaround: Reduce the number of child entries per parent entry through the use of supernetting.

  • CSCum81041

Symptom: One way audio incoming calls redirected through CVP.

Conditions: None.

Workaround: There is no workaround.

  • CSCum90509

Symptom: No RTP Connections for RSVP Features in XE3.7 image

Conditions: None.

Workaround: There is no workaround.

  • CSCun02605

Symptom: ASR crashes ith no known trigger in CCSIP_SPI_CONTROL process

Conditions: It is an error scenario where crash occurs when router is not able to send ACK for 200 OK where branch parameters differ.

Workaround: There is no workaround.

  • CSCul46792

Symptom: VC's remain down on ISSU from pre XE3.12 to XE3.12

Conditions: VPLS BGP Signalling is configured. VC's are established in the Active RP

Workaround: There is no workaround.

  • CSCun09149

Symptom: PW's down on ISSU from XE3.11/XE3.12 downgrade to XE3.10.

Conditions: LDP Signalling with LDP NSR enabled.

Workaround: Disable NSR during ISSU downgrade.

  • CSCun10276

Symptom: VC's remain down on ISSU from Xe312 -- > XE311.

Conditions: Issue seen after ISSU runversion.

Workaround: There is no workaround.

  • CSCuj94283

Symptom: 2048K clock (unframed)mode fails to come up on MN_BITS of Nightster if we have 2 src on MN SPA.

Conditions: 2048k + synce source config must be present on 1ng.

Workaround: There is no workaround.

  • CSCuc82799

Symptom: MDR:A PLIM driver has critical error TXPA1 - txmcFifoEopMapUbe

Conditions: None.

Workaround: There is no workaround.

  • CSCul29434

Symptom: ELC MDR: %CWAN_HA-4-IFEVENT_BULKSYNCFAIL: receive failed ifevent: 10 err

Conditions: This condition is observed during Consolidated MDR upgrade

Workaround: There is no workaround.

  • CSCum86116

Symptom: IKEv2 static routes are present in the output of "show crypto ikev2 sa remote ... detail" but not in the IP routing table.

Conditions: In some cases with static tunnels, when a new IKEv2 SA is established, after a connectivity issue, the IKEv2 static routes are not present in the routing table.

Workaround: In some cases the customer may be able to manually add static routes.

  • CSCua17796

Symptom: XE3.8: IOSXE-WATCHDOG: Process = Licensing Auto Update Process.

Conditions: None.

Workaround: There is no workaround.

  • CSCum40181

Symptom: Router crash is seen while brining up 15k to 29K PPP ATM sessions using Profile 1b config.

Conditions: IOS image crash is seen on session flap, specifically when ANCP sessions are brought up. IOS image may also crash after HA Switch Test, and bringing up of ANCP Sessions

Workaround: There is no workaround.

  • CSCue94537

Symptom: Tail drops are seen on FP 160 with HP traffic on ASR1000-2T 20X1GE Ethernet Line card.

Conditions: When ASR1000-2T 20X1GE Ethernet Line card interfaces are configured with Service-policy to classify the egress Traffic and sending 40gbps of bi-directional traffic causes Tail drop on the QFP

Workaround: Configure the Service-policy with larger q-limits. Policy-map test class prec1 priority level 1 q-limit 5000 packet More Info:

  • CSCul07137

Symptom: IFCFG timeouts will happen on Reload or Shut/No shut of Scaled Vlan Port.

Conditions: Ethernet Line card with Scale QinQ having fixed outer vlan and range of VLAN configuration on reload or Shut/No shut, IFCFG Timeouts are observed.

Workaround: There is no workaround.

  • CSCum52407

Symptom: $$IGNORE Code changes made to run on non-secureboot ARGUS do not work on Secureboot P2 cards.

Conditions: $$IGNORE modify existing rommon so that same code can be compiled to run on both SB and non-SB cards through a compile-time switch.

Workaround: There is no workaround.

  • CSCuh60925

Symptom: IOSd will crash with the introduction of the two punt path streams with 321 and 1500 byte packets.

Conditions: Two punt path streams with 321 and 1500 byte packets and the policer set to the max. allowed of 146Kpps.

Workaround: Do not allow high traffic rates on the punt path.

  • CSCul49852

Symptom: A router might see PPPoE-sessions in status WAITING_FOR_STATS (or WT_ST).

Conditions: The system is configured as BRAS aggregating PPPoEoA or -oE-sessions. The issue was seen for just specific users or possibly because of using a specific profile or service like ShellMaps and Radius.

Workaround: There is no workaround.

  • CSCum00444

Symptom: Memory leaks after churning sessions (unclassified mac).

Conditions: Error condition in case of second stack (ipv4/ipv6)coming.Happening during session churn.

Workaround: There is no workaround.

  • CSCtx72973

Symptom: Config-sync failiure is seen when unconfiguring the crypto gdoi group.

Conditions: Seen on HA setup.

Workaround: There is no workaround.

  • CSCul14769

Symptom: SSH ver changed from 2 to 1 during upgrade/downgrade [3.4.0aS to 3.7.3]

Conditions: None.

Workaround: There is no workaround.

  • CSCun00236

Symptom: MST TCNs are not sent over a port-channel access interface after an AED change.

Conditions: Dual-home AEDs at a site with port-channels used as the access links. The join or overlay interface goes down to cause an AED change.

Workaround: Use an EEM script to bounce the access interfaces (port-channels). This should cause the access switches to flush their MAC tables and redirect traffic to the new AED.

  • CSCun05927

Symptom: Overlay with join interface in VRF does not come up and gives "overlay DIS not elected" message.

Conditions: Using ASR1002-X and ASR1001 there is a single physical interface to the SP. There are 2 dot1Q sub interfaces off the physical interface with one of the sub interfaces in a VRF and the other in the global table. Both sub interfaces are configured as join interfaces, each with it's own overlay interface.

Workaround: There is no workaround.

  • CSCul27192

Symptom: Few thousand sessions are not synced to standby after session churn.

Conditions: None.

Workaround: There is no workaround.

  • CSCum09359

Symptom: Few sessions remain stuck in "ack-wait" state after overnight churn test.

Conditions: None.

Workaround: There is no workaround.

  • CSCul24025

Symptom: ASR1K crash @__be_slaComponentProcessEvent when unconfigure ip sla udp-jitter

Conditions: configure 4000 CPP timestamp IP SLA udp-jitter and then unconfig all

Workaround: There is no workaround.

  • CSCtu47871

Symptom: ASR crashes without crashinfo and last reload reason as watchdog.

Conditions: Happened once and not been reproducible.

Workaround: There is no workaround.

  • CSCuj45924

Symptom: Kingpin : intermittent network boot slowdown

Conditions: None.

Workaround: There is no workaround.

  • CSCuj50118

Symptom: standby RP crash @mfib_backwalk_adj_notify on doing CC reload

Conditions: None.

Workaround: There is no workaround.

  • CSCuj82421

Symptom: the board will not be shutdown expectedly

Conditions: configure "facility-alarm critical exceed-action shutdown". A sensor in remote FRU exceeded the shutdown temp.

Workaround: shutdown the remote board manually.

  • CSCun06172

Symptom: Non unique region names used for DSO.

Conditions: None.

Workaround: There is no workaround.

  • CSCug91498

Symptom: BFD session flap.

Conditions: When large programming message send down to CPP.

Workaround: There is no workaround.

  • CSCuj96470

Symptom: On performing SPA OIR with configuration of Unicast/Multicast/Broadcast storm control on 32k EFPs,fman_fp core was observed

Conditions: This issue is seen on FP100 card.

Workaround: Stop the traffic before performing a SPA OIR.

  • CSCuf82128

Symptom: ASR-CUBE: Crash observed with DSMP.

Conditions: Load scenario issue is observed.

Workaround: There is no workaround.

  • CSCun08855

Symptom: ASR router crash with iosd punting packet to port-channel with ERSPAN configured on the router.

Conditions: port-channel and ERSPAN configured on the router.

Workaround: There is no workaround.

  • CSCuc23941

Symptom: Our SIP to H323 calls, which are strictly G.729 w/o Annex B, ceased working following the ASR1006-based SBC upgrade from 3.2.1.S.151-1.S1 to 3.4.2.S.151-3.S2. Looks like the SBC now offers G.729wAnnexB at the H323 side, which is configured to reject anything but G.729 w/o Annex B. The calls resume working upon rollback to the old code.

When offering G.729 at the H323 side the SBC must not add AnnexB unless it is being explicitly requested by the caller or as per SBC config.

Conditions: Permanent.

Workaround: There is no workaround.

  • CSCum19739

Symptom: fp crash with ip nat cgn mode enable.

Conditions: config NAT pool overload , start 300cps sip traffic including NAT and non-NAT, Enable cgn mode with "ip nat setting mode cgn"

Workaround: There is no workaround.

  • CSCum73773

Symptom: QFP crash

Conditions: remove ip nat setting mode and run "sh pl hard qfp ac statistics drop".

Workaround: There is no workaround.

  • CSCun04417

Symptom: GTP U packet forwarding capability is downgraded.

Conditions: 1 firewall session.

Workaround: There is no workaround.

  • CSCuj89036

Symptom: IOSd crashes following an OIR of an eToken.

Conditions: OIR activity on either USB port of a single eToken.

Workaround: Do not OIR an eToken.

  • CSCun07772

Symptom: Router crash

Conditions: Deleting subcriber's session in Attempting state by COA script below:

#!/bin/sh
CISCO=$1 # bras
SessionID=$2
CoaSecret='secret'
#clear ISG session on BRAS
/bin/echo "User-Name=\"undef\",Acct-Session-Id=\"$SessionID\",cisco-avpair=\"subscriber:command=account-logoff\"" | /usr/bin/radclient -x $CISCO:1700 coa $CoaSecret
 

Workaround: don't use COA script for deleting subscriber's session.

  • CSCul48126

Symptom: Disambiguate address in gate keeper cache.

Conditions: None.

Workaround: There is no workaround.

Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S

This section contains the following topics:

Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S

This section documents the resolved issues in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S.

  • CSCtw93694

Symptom: No calls shown in show call active voice brief , however many active calls may be running.

Conditions: There are no known conditions.

Workaround: There is no workaround.

  • CSCtz13023

Symptom: A crash occurs during registration in SRST mode.

Conditions: This symptom occurs during registration in SRST mode.

Workaround: This issue is fixed and committed.

  • CSCtz14973

Symptom: When tunnel source pivoting is used, based on track object states with FlexVPN client, it does not change tunnel source when there is change in track object state. Instead, it only changes tunnel source subsequent due to a DPD failure. This can lead to potential one-way traffic and traffic blackholing from spoke to hub.

Conditions: This symptom occurs when tunnel sources are dynamically set using object tracking feature.

Workaround:

Use IKE routes using config-set.

Use RPF (reverse path forwarding) check on the spoke outside interfaces, so that when traffic arrives from a hub on a interface, and there is no route, it will get dropped, thus DPD on spoke will delete existing IKE SA and cause.

Use periodic IKE DPD (dead peer detection) on spoke.

Enable IKE DPD on Hub.

  • CSCtz76181

Symptom: ASR1001 or ASR1002 may report the following message after booting IOS

%IOSXEBOOT-1-BOOTFLASH_FAILED_MISSING: (rp/0): Required Bootflash disk failed or missing, reloading system
 

Conditions: This Error message is due to the internal eUSB memory device rarely not responding to the initial accesses. A reboot will address the issue.

Workaround: Rebooting the system will clear the condition.

  • CSCua73834

Symptom: IOS CA issues incorrect rollover identity certificates to its clients; the rollover certificates issued will have an expiry date corresponding to the end-date of the currently active (and soon to expire) CA certificate. Thus, the rollover identity certificate will not be valid after the CA rollover takes place.

Conditions: The symptom is observed only if the clients have sent the rollover certificate request via an IOS RA certificate server.

Workaround: There is no workaround.

  • CSCub14611

Symptom: %IOSXE-3-PLATFORM: R0/0: kernel: physmap-flash.0: Chip not ready

Conditions: This symptom occurs when performing redundancy force-switchover on ASR1006 (RP1).

Workaround: Reload ASR1006.

  • CSCuc09667

Symptom: Router experiences crashes due to SIP due to a freed pointer in memory.

Conditions: There are no known conditions.

Workaround: There is no workaround.

  • CSCuc11809

Symptom: The number if IPSec SAs on the box keeps increasing.

Conditions: This symptom occurs when IPSec eekeys occurs due to volume lifetime exhaustion.

Workaround: Turn off the volume based rekey.

  • CSCuc25582

Symptom: SIP secure phones drop calls when they Hold and Resume a call to a non-secure phone.

Conditions:

CONDITION I (tested in lab) 8945 SIP Phone Reproduce steps:

3 phone A,B,C register to secure-SRST sip phone A B, sccp phone C. A,B in encrypted mode, phone C in non-secure mode. A call B, establish a secure call. B press transfer to C. After B and C establish a non-secure call, B press transfer. then B toast display call transfered successfully!, but A and C do not establish a call. phone A and C should establish a non-secure call.
 

CONDITION II (Customer scenario) Secure SRST. SIP Phones registered to the router with secure and non-secure profiles. Call Flow:

SIP Phone A (secure) ---> SIP Phone B (non-secure). A pressed Hold, Resume. SIP Phone A (secure) ---> SIP Phone C (secure) -----> Transfers call to SIP Phone B (secure). Phone A is not asked by router to stop transmitting SRTP and switch to RTP. Problem has been observed on 6941, 7962 and 8945 SIP phones.
 

Workaround: There is no workaround.

  • CSCuc25995

Symptoms: A router unexpectedly reboots and a crashinfo file is generated. The crashinfo file contains an error similar to the following:

%ALIGN-1-FATAL: Illegal access to a low address 04:52:23 UTC Wed Sep 19 2012 addr=0x4, pc=0x26309630z , ra=0x26309614z , sp=0x3121BC58
 

Conditions: This symptom occurs when IPsec is used. More precise conditions are not known at this time.

Workaround: There is no workaround.

  • CSCuc28077

Symptom: ASR router drops IPSEC packets that are larger than the MTU and no error message is logged. Following is the error message:

%CRYPTO-4-RCVD_PKT_INV_SPI
 

Error messages were available in earlier releases, but in the newer XE 3S releases no logs are available for troubleshooting even during drops.

Conditions: Router A and router B act as CE access routers in an MPLS/VPN network. The command ipsec fragmentation after-encryption is enabled on router A, but platform ipsec reassemble transit is not enabled on the peer router B.

Workaround: There is no workaround.

  • CSCuc29179

Symptom: ASR1k filters out the ARP requests with its own src address. This leads to ping failure between two interfaces which belong to different vrf and own same IP subnet; vrf v1 1.0.0.1/24 and vrf v2 1.0.0.2/24, for instance.

Conditions: gig0/0/0 connected b2b to another interface on same router (with VRF configured on atleast one of the interfaces).

Workaround: Configure some mac on gig0/0/0 and then unconfigure the mac.

  • CSCuc31339

Symptom: Console error message similar to the following:

%ASR1000_INFRA-3-EOBC_SOCK: R0/0: linux_iosd-image: Socket event for EO0, fd 16, failed to send 1472 bytes; Resource temporarily unavailable.
 

Conditions: This symptom is observed when large number of features are configured.

Workaround: There is no workaround.

  • CSCuc44571

Symptom: Router crash related to DNS and VRF

Conditions: This symptom is observed in ASR running IOS XE image 03.07.03.S

Workaround: There is no workaround.

  • CSCuc58220

Symptom: CME not pushing agent stats fields to tftp.(logged in and out times)

Conditions: This symptom is observed when Benelli specific fields not getting pushed.

Workaround: There is no workaround.

  • CSCud30442

Symptoms: On ASR1002 system, show platform hardware crypto-device context packet count does not show correctly.

Workaround: There is no workaround.

  • CSCud33882

Symptom: SIP phones not registering to SRST when number cli with wild card configured under voice register pool.

Conditions: This symptom occurs when you configure number cli with wild card configuration under voice register pool. number 1 900....

Workaround: Create separate pools for all the phones without wild cards.

  • CSCud68778

Symptom: Reset reason is not correctly displayed for some of the IOS-XE reloads.

Conditions: This symptom is observed when IOS-XE reloads due to punt path keepalive failure.

Workaround: There is no workaround.

  • CSCud69110

Symptom: IKE_CP_ATTR_SPLIT_EXCLUDE support is needed on IOS side for anyconnect client.

Conditions: This symptom is observed when you include local LAN.

Workaround: There is no workaround.

  • CSCud69349

Symptom: Ipsec-MIBs:- cikeTunHistPeerLocalValue and cikeTunHistPeerRemoteValue does not return an IP address

Conditions: There are no known conditions.

Workaround: There is no workaround.

  • CSCud87915

Symptom: EzVPN client cannot access the Internet over the VPN. Access to Hub internal resources works fine. The ZBF firewall on the Hub drops the encrypted ESP(udp) traffic from self to out containing reply from the host on the Internet. Log on the hub:

*Dec 28 15:34:51.189:
%FW-6-DROP_PKT: Dropping udp session 8.8.8.2:0 8.8.8.1:53000 on zone-pair self-out class class-default due to DROP action found in policy-map with ip ident 0 source IP and port is incorrect.
 

Conditions: EzVPN client behind NAT and source port is PATed - is not udp 4500. EzVPN client reaching the Internet with u-turn on the Hub. Hub has ZBF policy from self to outside permitting VPN traffic. Hub has CEF enabled.

Workaround: Remove the ZBF policy from self to outside.

  • CSCue14418

Symptom: Only single L2TP IPSEC vpn client can connect to vpn when they are behind PAT device even though NAT DEMUX is configured.

Conditions: VPN clients behind PAT device.

Workaround: There is no workaround.

  • CSCue18003

Symptom: Packets drops occur when performing a ping-from an ASR1001 console with packets of large size (i.e. several kilobytes).

Conditions: This issue is specific to the ASR1001 and requires a burst of data from the Control Plane to the Forwarding Plane such that internal hardware buffers are saturated. Normal processing will continue, however there will be drops when the hardware buffer is full.

Workaround: The is no workaround.

  • CSCue22769

Symptom: The user should not be allowed to reconfigure an existing NAT64 dynamic mapping if the mapping has active translations.

Conditions: Issue occurs when modifying a dynamic NAT64 mapping with active translations to an overload NAT64 mapping.

Workaround: Clear the translations before modifying the mapping, or delete the mapping with a forced option before configuring overload.

  • CSCue37000

Symptom: We saw again GTP-U drops for communication that should not have been dropped. Swisscom agrees that this might be related to some timers and pending PDP sessions that need to be terminated. Since local tests with mobile devices were all successful, Swisscom wants and needs to go for 24 h test to see if the GTP-U drops really lead to a service impact for mobile users. To document this issue, a SR was opened: SR 624629207 ASR1K? Release 3.7.2 -GTP?U drops due to missing pinholes All log files and a PCAP file are attached to that SR.

Conditions: There are no known conditions.

Workaround: There is no workaround.

  • CSCue39456

Symptom: There is no CLI options and flags for enabling/disabling the EZchip provided debug levels.

Conditions: Popinac ELC.

Workaround: There is no workaround.

  • CSCue40120

Symptom: Small packet performance for multicast traffic has unexpected dip with 03.07.01S on ESP40.

Conditions: A change made while optimizing performance for ESP80 and ESP160 was to use the internal recycle queue for the root of the replication tree instead of the leaves recycle queue used for all other nodes. Unknowingly, this resulted in a big performance impact on the ESP40.

Workaround: Small packet performance can be returned to acceptable levels by disabling MLRE with the configuration command platform multicast lre off . The downside of disabling MLRE is that large packet performance will be reduced by almost half for large packets.

  • CSCue43682

Symptom: Transcoding sessions are intermittently becoming stuck after call is cleared.

Conditions: When transcoding configured in DSPfarm.

Workaround: Reload Gateway F.

  • CSCue48419

Symptoms: The Cisco AS5350 stops processing calls on PRI with a signaling backhaul from PGW. In the packet trace, there is no q931message from PGW. Further analysis shows that as5350 sends a q_hold (0x5)message in BSM, causing peer (PGW) to stop sending signaling traffic. However, there is no BSM_resume message or BSM_reset sent after it. Hence, PGW is stuck in this condition. There was earlier defect for CSCts75818 with similar symptoms in U-state.

Conditions: This symptom is observed due to some RUDP timing issues that cause BSM session switchover.

Workaround: Reload the Cisco AS5350 (but only when CU notices the outage). Also, shutting both Ethernet interfaces may help, but this workaround has not been tested.

  • CSCue50255

Symptom: ASR1K ucode crash with interrupt cause REM_REM_MISC_ERR_LEAF_INT_INT_REM_POP_REQ_TO_EMPTY_SCHED

Conditions: Issue can be seen on when flapping a Multilink PPP or MLFR interfaces. Timing window to hit this issue is very small so not a common occurrence on a bundle flap.

Workaround: There is no workaround.

  • CSCue50353

Symptom: Call failure / disconnect during Call hold seen after SSO.

Conditions: When call hold is with c-line=0.0.0.0 in flow around mode.

Workaround: There is no workaround.

  • CSCue52278

RNE Enclosure Symptom: ASR cube-ent failover happens under heavy load conditions.

Conditions: This issue is caused due to glare condition while destructing an established call under heavy load.

Workaround: There is no workaround.

  • CSCue52655

Symptom: No Video legs out put for DO-DO BWcac with multicodec call.

Conditions: No Video legs out put for DO-DO BWcac with multicodec call.

Workaround: There is no workaround.

  • CSCue60469

Symptom: Asr1001 Series router throws error messages when a RP (IOS) switch over is done.

Conditions: Asr1001 Series router throws error messages when a RP (IOS) switch over is done along with traffic.

Workaround: There is no workaround.

  • CSCue62227

Symptom: SIP PSTN gateway may delay response to BYE message at end of a T.38 call.

Conditions: Incoming call to SIP gateway goes out a PRI Call successfully switches no T.38 BYE is received by SIP gateway. 200 OK response is delayed by a few seconds.

Workaround: There is no workaround.

  • CSCue68380

Symptom: CUBE fails to send options-keepalive after dnslookup.

Conditions: Sending out Options works fine when Dns is configured to IPv4. When Dns is configured to resolve to IPv6 address, Dial-peer is Busied Out with out sending the Options.

Workaround: Disabling Options Keepalive.

  • CSCue69906

Symptom: Video calls are failing with improper call legs.

Conditions: After doing test case specific configurations, basic call is done. while checking the call legs after call is connected improper call-legs are seen on CUBE3.

Workaround: There is no workaround.

  • CSCue75072

Symptom: Consult transfer with remote optional-mandatory strength fails as SDP precondition does not match.

Conditions: This happens only for consult transfer but not for blind transfer.

Workaround: There is no workaround.

  • CSCue75395

Symptom: It is very difficult to debug empty video recordings.

Conditions: For all video recording calls.

Workaround: Do packet capture.

  • CSCue78517

Symptom: mem-leaks found. with eap authentication.

Conditions: flexvpn client using eap authentication. mem-leak at every clint connect

Workaround: There is no workaround.

  • CSCue80506

Symptom: Traceback at DMVPN Spoke registration, DMVPN QoS policy not deployed to datapath component.

Conditions: When there is a routing issue such that the ASR1k acting as the DMVPN hub can receive spoke registrations but does not have a valid route to the spoke (i.e. the spoke's forwarding interface is Null0) and the spoke's QoS configuration include a queuing feature, then the QoS policy will fail to get applied and the ESP will be in a state that requires it to be reloaded to recover from this.

Workaround: There is no workaround, but the following actions can get the router operational again.

1. Correct routing issue and reload the ESP and/or

2. Remove the QoS queuing feature and reload the ESP

  • CSCue83683

Symptom: The Agent Greeting is not played out.

Conditions: This symptom is observed with the Agent Greeting Call Flow using CVP.

Workaround: There is no workaround.

  • CSCue85737

Symptoms: ASR with PKI certificate may crash when issuing show crypto pki certificate command.

Conditions: This symptom is observed when the show crypto pki certificate command is issued on ASR with PKI certificate.

Workaround: There is no workaround.

  • CSCue86166

Symptom: The interrupt infrastructure is in place; the user space handling of interrupt delivery to Aggregation ASIC userspace driver code is not being done correctly.

Conditions: This fixes the user space handling of interrupt delivery to Aggregation ASIC user space driver code.

Workaround: There is no workaround.

  • CSCue86848

Symptom: After execution of 'show platform hardware qfp active feature mma client policy-map name <name> detail' wrong number of classes were presented in detailed view.

Conditions: FAll tools avc config.

Workaround: There is no workaround.

  • CSCue89779

Symptom: A FlexVPN spoke configured with an inside VRF and front-door VRF may have problems with spoke-to-spoke tunnels if they are not the same. During tunnel negotiation, two Virtual-access interfaces are created (while only one is needed), the one in excess may fail to cleanup correctly. As a result, the routes created by NHRP process may lead to loss of traffic, or traffic may continue to flow through the Hub.

Conditions: This symptom occurs when the VRF used on the overlay (IVRF) and the VRF used on the transport (FVRF) are not the same.

Workaround: There is no workaround.

  • CSCue94576

Symptom: Both outgoing RTP streams are dropped on the router interface. When looking into output, both incoming and outgoing RTP streams are clearly visible, however packet capture from the interface contains only two incoming RTP streams. What is more, router console presents the following error message:

IP-3-LOOPPAK Looping packet detected and dropped - src=172.22.233.65, dst=172.22.233.76, hl=20, tl=200, prot=17, sport=16390, dport=20832 in=GigabitEthernet0/1, nexthop=172.22.233.76, out=GigabitEthernet0/1 options=none -Process= "IP Input", ipl= 0, pid= 126 -Traceback= 21127EC4z 21129118z 2112A560z 2112AA38z 2112AFA4z 21110178z 2112C580z 21110918z 21110B58z 21110C38z 21110E50z 23C1ACA4z 23C1AC88z

Conditions: Defect was encountered in 2900 series routers with IOS version: 15.2-3.T2 when using no ip cef command.

Workaround: Issue the ip cef command.

  • CSCue94694

Symptom: cpp_cp_svr crash @ cpp_ifm_if_delete_cntx is seen.

Conditions: While removing PVCs and invalid interfaces.

Workaround: There is no workaround.

  • CSCue98604

Symptom: A Cisco 3845 that is running Cisco IOS Release 15.1(4)M2 may have a processor pool memory leak in CCSIP_SPI_CONTROL.

Conditions: Seen while using DNS as target destination and DNS resolution failure occurs. Sample

config: sip-ua retry invite <snip> timers expires <snip> timers buffer-invite <snip> sip-server dns:<hostname removed>
 

reason-header override Leak can be seen in normal call flow if DNS configured and DNS resolution fails because of insufficient bandwidth, not able to create SDP or container.

Workaround: There is no workaround.

  • CSCue99331

Symptom: if mnc code is 001, aic can not match it.

Conditions: match mcc or mnc.

Workaround: There is no workaround.

  • CSCuf02551

Symptoms: TRP Sessions not found after making Basic SRTP Call.

Conditions: Router loaded with c2951-universalk9-mz.SSA.153-1.4.T.

Workaround: There is no workaround.

  • CSCuf06495

Symptom: GDOI version mismatch on KS1.

Conditions: Script executing show logging | inc CTS-SGT on secp23-11 (KS1). And showing the GDOI ver as 0x13EBE8B0 but instead of this it should show 0x1000002.

Workaround: There is no workaround.

  • CSCuf09056

Symptom: The traffic may not be shaped correctly resulting in more traffic to leak through or the router crashes when model 3/4 subscriber policy is applied.

Conditions: The model 3 and 4 hierarchy is built incorrectly on ESP-100/200 and ASR1002X when the subscriber policy is added after the main interface is already active.

Workaround: There is no workaround.

  • CSCuf09938

Symptom: LSC installation fails if the RSA Key pair size associated with CAPF server is larger than 512 Bytes.

Conditions: Secure CME implementation. Sample config:

! crypto pki trustpoint capf enrollment url http://<ip-addr>:<port-num> serial-number revocation-check none rsakeypair capf 1024 1024 ! capf-server auth-mode null-string cert-enroll-trustpoint <trust-point> trustpoint-label capf source-addr <ip-addr> !
 

Workaround: Use 512 Bytes RSA key size crypto pki trustpoint capf enrollment url http://<ip-addr>:<port-num> serial-number revocation-check none rsakeypair capf 512 512

  • CSCuf16514

Symptom: Only one call leg is shown at stand by router instead of 2 call legs.

Conditions: Issue is seen in HA set up on stand by router for fax call scenario between H323 <---> SIP.

Workaround: There is no workaround.

  • CSCuf25027

Symptom: Substantial drop of performance. High latency and packets drops.

Conditions: Router is configured with full AVC config (NBAR,ART,QoS) and Ipsec. This issue will be seen with high traffic (more than 500mbps). Packet drops can be verified by issuing this command.

show platform hardware qfp active statistics drop clear ------------------------------------------------------------------------- Global Drop Stats Packets Octets ------------------------------------------------------------------------- IpsecOutput 3250 3242721 Ipv4NoAdj 797 1056357 PuntErr 1 276

Workaround: Disable AVC from the interface.

  • CSCuf35287

Symptom: Routes are not routed via the gateway being configured.

Conditions: Routes are not routed via the gateway being configured.

Conditions: There is no workaround.

  • CSCuf39344

Symptom: In SBC-B2B, after no attach/attach an adjacency, calls rejected with 503 Service Unavailable.

Conditions:

config vrf001 on BOX1(ACTIVE) then on BOX2(STANDBY).

config adjacency's vrf&signaling-address and media-address ... vrf ... both refer to vrf001.

switch-over.

no attach/attach adjacency on BOX2(ACTIVE).

later calls rejected with 503 Service Unavailable.

Workaround: Always add or change vrf related SBC config on the same box.

  • CSCuf47227

Symptom: When the configuration option file verify auto is enabled and a local copy operation is done for a file that does not contain a signature, e.g. a log file or configuration back, the copy will fail.

Conditions: file verify auto is enabled in running configuration.

Workaround: Use copy /noverify or disable file verify auto .

  • CSCuf49959

Symptom: A router may crash when the tunnel interface is flapped or while booting the router with VPN configs.

Conditions: The crash occurs in a VPN enabled scenario with either sessions being active and a shut/no shut is issued on the interface or the sessions coming up on the box after a reload.

Workaround: There is no workaround.

  • CSCuf52756

Symptom:

%IOSXE_RP_SPA-4-IFCFG_CMD_TIMEOUT: Interface configuration command.
 

Conditions: Observed tracebacks and traffic drop during MDR upgrade.

Workaround: There is no workaround.

  • CSCuf64333

Symptom: DND does not show any status update unless you are in a hunt group.

Conditions: 6945 phone, running 9.3.3.2 and some earlier loads.

Workaround: There is no workaround.

  • CSCuf73628

Symptom: Trace back is seen when user portion is missing in Req-URI or To Header URI.

Conditions: This symptom is observed in a basic call.

Workaround: There is no workaround.

  • CSCuf73889

Symptom: Copper SFPs always show Half-Duplex in show interface.

Conditions: Basic copper SFP bringup.

Workaround: There is no workaround.

  • CSCuf74026

Symptom: When the ipsec lifetime is changed globally it does not take effect on the ipsec session.

Conditions: Any ipsec implementation with ipsec profile.

Workaround: Unconfigure the lifetime from the ipsec profile.

  • CSCuf74266

Symptom: ASR-CUBE: Crash observed with DSMP.

Conditions: Load scenario issue is observed.

Workaround: There is no workaround.

  • CSCuf78556

Symptom: UPDATE is not being forwarded to UAC and it is being responded with 200OK to UAS. This issue is seen when UPDATE is received from UAS, when 18X transaction is still pending on UAC side.

Conditions: 18x response is transmitted reliably on both call-legs.

Workaround: When UPDATE is received from UAS after some delay (i.e after completion of 18X ?PRACK transaction on UAC side), then CUBE is sending the early dialog UPDATE to the UAC side correctly.

  • CSCuf84655

Symptom: One-way video is seen while CUBE is trying to negotiate packetization mode=1 for H264 video codec in both the legs and one video endpoint doesn't support packetization mode=1 for H264 video codec.

Conditions: When there is DO-DO video call from a video endpoint which supports only Packetization Mode=0 for H264 video codec to a video endpoint which supports both packetization modes like 0 & 1.

Workaround: Make an EO-EO video call from the endpoint which only support packetization mode=0,so that CUBE will negotiate packetization mode=0 for both the legs and two-way video will be seen.

  • CSCuf93376

Symptom: CUBE reloads while testing SDP pass through with v6.

Conditions: The symptom is observed while testing SDP pass through with v6.

Workaround: Do not use SDP pass through and use normal SIP processing call flows.

  • CSCuf93460

Symptom: Certain PKI CLIs may show wrong values.

Conditions: First found on IOS 15.1(4)M6 but not exclusive to it.

Workaround: There is no workaround.

  • CSCuf93471

Symptom: After a brief unavailability of LDAP CRL, no new CRL fetches can be performed. The following messages are seen on the interface: ---- Mar 28 08:23:37.988: CRYPTO_PKI: Retrieve CRL using LDAP DIRNAME Mar 28 08:23:37.988: CRYPTO_PKI: Failed to send the request. There is another request in progress. -----

Conditions: This symptom was first seen in Cisco IOS Release 15.1(4)M6. The issue is not limited to this release.

Workaround: Configure the revocation-check none command under the affected trustpoint. Reload the router.

  • CSCug12136

Symptom: On an ASR1K the clock timezone command is meant to be used as follows: clock timezone zone hours-offset [minutes-offset] where zone is a text field e.g. EDT , PST , and hours-offset and minutes-offset are integers. Incorrectly adding a hyphen or a dash in the zone text field causes unintended and harmful behavior.

Conditions: One way to cause this to happen (essentially a typo) is to configure clock timezone EST-5 0 0 where one really meant to type clock timezone EST -5 0.

Workaround: If 0 is the intended offset it is probably best to simply remove the config line entirely. If 0 is not intended then correcting the typo will correct the issue. In any case the root cause of the issue is the hyphen in the text field and should always be avoided.

  • CSCug14423

Symptom: A packet gets dropped when a spoke-spoke session is triggered in Dynamic Multipoint VPN (DMVPN).

Conditions: This symptom occurs when a ping is sent using a tunnel interface as the source or the destination.

Workaround: Send traffic from host-host.

  • CSCug15520

Symptom: Hit an ucode crash in lisp zbfw scaling case, scaling number is 500 lisp instances, 50k eid table, 500 pair zone. The crash is hit in unconfigure fw data stage. it is reproducible.

Conditions: Unconfigure the lisp fw.

Workaround: There is no workaround.

  • CSCug18685

Symptom: An NHRP resolution request is forwarded to the first NHS on the tunnel interface instead of being forwarded along the routed path.

Conditions: DMVPN phase 3 implementation.

Workaround: There is no workaround.

  • CSCug19697

Symptom: playout-delay fax CLI is not changing T.38 and modem pass through playout buffer to accommodate packet jitter.

Conditions: Ability to reduce the default Fax playout delay.

Workaround: There is no workaround.

  • CSCug21413

Symptom: Call failure.

Conditions: Media antitrombone Call farward cases SDP pass through.

Workaround: There is no workaround.

  • CSCug22238

Symptom: Fields from a refer are not sent out on the corresponding INVITE when this is a SIP GW.

Conditions: 15.1.4M6.

Workaround: There is no workaround.

  • CSCug23145

Symptom: Interface where HSRP is configured , crypto ikev2 clustering feature does not work.

Conditions: Master/Slave do not sync with each other and the socket error is seen.

Workaround: Feature works without vrf.

  • CSCug25041

Symptom: Transcoder insertion failed with specific Contact Center call flow.

Conditions: Transcoder insertion is failing with following call flow:

ISP CUBE CVP Initial Call Leg with RTP-NTE on ISP Leg and Inband on CVP leg INVITE ------> | 100 Trying <------ | | ------> INVITE (g711) | <------ 100 Trying | <------ 180 Ringing | <------ 200 OK (g711, g729) 180 Ringing<------ | | -------> ACK (Invite) 200 OK <------ | ACK ------> | REINVITE from CVP | <------ INVITE (g729 g711) | -------> 100 Trying | -------> 200 OK (g729) | <------ ACK BYE ------> | 200 OK <------ | | ------> BYE | <------ 200 OK
 

Transcoder is not getting invoked when CVP sends reinvite with g729 g711. From logs it is observed that CUBE is sending 200 Ok with g729, but clearing all transcoder reservation.

Configuration:

Midcall-signaling block enabled at outbound.

VCC enabled without offer-all cli.

Workaround: There is no workaround.

  • CSCug28041

Symptom: In a NAT64 configuration, show policy-map type inspect zone-pair sessions shows NATed ipv4 address for the ipv6 host. It should show the hosts' real IP addresses, i.e. v6->v4 or v4->v6, not v4->v4. The PD command sh plat ha qf ac fe fir da scb actually shows the scb's addresses as the real hosts' addresses, i.e. v6->v4 or v4->v6. However, the v6 host's port number is still shown as the translated v4 port number. In the ZBFW datapath log at cpp_cp*.log, the session key printed in the debug messages is showing wrong port number. The session key is supposed to be all v4, but the port number is actually printed as v6 port number. For the PD show scb command filter such as sh plat ha qf ac fe firewall datapath scb ipv6 3000::2 44 ::1d00:2 444 , we can't use the v6 port to match the session and have to use v4 port of the v6 host to match.

Conditions: NAT64 configuration. For the issues involving v6/v4 port numbers, they are only visible if there is PAT configuration, i.e. if the v6 host's port number can be changed after NAT64 translation.

Workaround: There is no workaround.

  • CSCug28860

Symptom: Missing dial tone when pressing new call with existing two-way whisper call.

Conditions: This symptom is observed with whisper intercom only.

Workaround: There is no workaround, however you are able to make outgoing call without dial tone.

  • CSCug29566

Symptom: Mid-call UPDATE with SDP is rejected with 500 Internal Server Error .

Conditions: This issue is seen only for DO-DO call-flow.

Workaround: There is no workaround.

  • CSCug29813

Symptom: A path confirmation failure occurs for Dual Tone Multifrequency (DTMF) tones.

Conditions: This symptom occurs in an SIP-SIP call flow in IPv4 and IPv6 scenarios.

Workaround: There is no workaround.

  • CSCug31717

Symptom: On an ASR involving transcoded calls, hung data plane issue is seen during abnormal disconnect of the calls.

Conditions: On an ASR involving transcoded calls, hung data plane issue is seen during abnormal disconnect of the calls.

Workaround: There is no workaround.

  • CSCug31759

Symptom: DTMF digits are not being heard when there is an interworking between rtp-nte-98 to inband.

Conditions: When working with some third party sip switches that can only RTP-NTE with a payload type of 99 on the ingress side and another third party SIP IVR that can only support INBAND DTMF, ASR CUBE will fail to convert the RTP-Events to Inband even though a Xcoder is invoked on the call flow.

Workaround: Configure voice-class sip asymmetric payload full , voice-class sip midcall-signaling block on the incoming dial-peer and voice-class sip midcall-signaling block on the egress dial-peer.

  • CSCug32688

Symptom: DNS query failure occasionally with MPLS deployed.

Conditions:

dns server response 5k.

Inside mpls interface default MTU.

Repeat dns query for serveral times.

Workaround: Set mpls MTU to 9216 or change tcp mss on both client server side.

  • CSCug34404

Symptom: RP crash seen at be_interface_action_remove_old_sadb.

Conditions: The symptom is observed while unconfiguring the 4K SVTI sessions after an HA test. Workaround: There is no workaround.

  • CSCug34677

Symptom: Topology:

S---asr1k---D1--\ | x.x.x.x/32 ------D2--/ * ISIS, fast-reroute per-prefix configured * LDP on all interfaces * x.x.x.x/32 is reachable via D1 (primary) and D2 (backup) * Sending traffic from S to x.x.x.x * S, D1, and D2 are simulated (Agilent) * Version 15.3(1)S

Upon failing link asr1k-D1 (laser shut on Agilent, equivalent to pulling fiber), FRR is not triggered and traffic flow is restored when ISIS reconverges.

Conditions: The symptom is observed in IP network and when FRR is enabled and when ethernet interface is one of the primary path and protected path and when plugging out ethernet wire or remote shutdown.

Workaround: There is no workaround except changing interface type to POS/ATM.

  • CSCug34758

Symptom: Topology:

S---asr1k---D1--\ | x.x.x.x/32 ------D2--/ * ISIS, fast-reroute per-prefix configured * LDP on all interfaces * x.x.x.x/32 is reachable via D1 (primary) and D2 (backup) * Sending traffic from S to x.x.x.x * S, D1, and D2 are simulated (Agilent) * Version 15.3(1)S.
 

Conditions: Upon failing link asr1k-D1 (laser shut on Agilent, equivalent to pulling fiber), asr1k quickly (<50msec) starts forwarding packets (dest x.x.x.x) to D2 (backup), but with D1's advertised label! Only after ISIS converges the packets are forwarded with the correct label (from D2).

Workaround: There is no workaround.

  • CSCug36075

Symptom: Layer 1 on the ISDN PRI does not come up after a reload.

Conditions: This symptom occurs after a reload.

Workaround: Perform a shut/no shut to bring back the PRI up.

  • CSCug36677

Symptom: A router may crash on 15.3(2)T code when handling SIP video phone calls. After several calls are made, IOS's checkheaps process will crash the device after detecting memory block header or redzone corruption.

Conditions: Call gateway handling SIP-SCCP video calls with h264 codec.

Workaround: There is no workaround.

  • CSCug38023

Symptom: I/O Leak in the middle/DSPRM buffer pools are observed.

Conditions: Flex DSPs are present.

Workaround: There is no workaround.

  • CSCug38621

Symptom: Cisco router crashes at ccsip_spi_incoming_reg_contact_change.

Conditions: This symptom is observed when configuring registrar ipv4:9.60.51.254 under sip-ua .

Workaround: There is no workaround.

  • CSCug38641

Symptom: Ingress IPSec data packets are process switched on an EzVPN server.

Conditions: cTCP encapsulation is configured.

Workaround: Use UDP encapsulation.

  • CSCug40942

Symptom: CUBE is modifying the refresher role in mid-dialog after 491 transaction.

Conditions: Session refresh is enabled for only one call-leg and not for other.

Workaround: There is no workaround.

  • CSCug41599

Symptom: VTCP need to make adjust in case 10k h323 resemble packets size received. Clear DF bit to decrease the impact on MPLS Path Selection & Limit Packet length for assembled h.323 packet to 8K.

Conditions:

Send 10K tcp segments from server.

pmod manipulate the 1st tcp segment into h323 realization format (03 00 length after tcp header).

The response src port 80 and dst 1720.

Workaround: Disable h323 alg.

  • CSCug42286

Symptom: DNS zone transfer fails through NAT.

Conditions: IOS-XE.

Workaround: If you don't need to NAT the DNS payload, use no ip nat service dns tcp .

  • CSCug44667

Symptom: SG3 fax call failures observed for STCAPP audio calls.

Conditions: Fax CM tone detection is turned ON even when all fax and modem related configurations have been disabled on the STCAPP gateway.

Workaround: STCAPP modem pass-through feature can be enabled, but you may run into issues with some answering SG3 fax machines which have stringent requirements for fax CM signal.

  • CSCug44692

Symptom: Audio is skipped when short timeout is configured in Form Element in CVP Studio application.

Conditions: Short timeout.

Workaround: Inserting short silence at the first audio.

  • CSCug45517

Symptom: Topology:

========= < -----(SIP Trunk A)-----CUBE-----(SIP Trunk B)-----> CUBE is not forwarding the REINVITE message received from Trunk A to the SIP Trunk B when 491 Request Pending is received from SIP Trunk B for the previous SIP transaction.
 

Conditions: When 491 Request Pending is received.

Workaround: There is no workaround.

  • CSCug47358

Symptom: Crash on Router.

Conditions: PPTP ALG with BPA.

Workaround: There is no workaround.

  • CSCug47360

Symptom: The order of packets in the packet trace is not stable.

Conditions: When checking the output of packet trace, the order of packets with same flow change every time.

Workaround: Check the output of the specific packet before and after the expected with ~2 packets deviation.

  • CSCug48145

Symptom: ASR DTMF interworking failed after reinvite with block configured.

Conditions: Dtmf with different preference configured will result in issue.

Workaround: There is no workaround.

  • CSCug49783

Symptom: ESP continuously crashes while traffic is going through the box.

Conditions: The issue will occur when a performance-monitor with ART (Application-Response-Time) metrics is applied on a tunnel interface that is running crypto (DMVPN, IPSEC, etc...) and also the subsequent physical interface from which the packets are transmitted is configured with performance-monitor that contains ART metrics (not necessarily the same monitor). It is important to note that the TCP traffic is encrypted on the tunnel interface and is encapsulated using IPSec protocol (#50), so when the packets are received on the physical interface they are no longer of type TCP. Nuances: In case AOR (Account-on-Resolution) feature is enable on the physical interface then statefull traffic is necessary in order to hit the crash. Stateful traffic is the common case in life production networks.

Workaround: Stop all traffic on the impacted interfaces then remove the performance-monitor(s) configured on the physical output interface.

  • CSCug50150

Symptom: During MDR in a APS Setup, under certain conditions, IOSXE_APS-3-CCCONFIGFAILED, message is seen.

Conditions: If the MDR of Protect interface is Started first followed by a MDR of the Working, then the above TB will occur.

Workaround: Ensure that the working Interface is the first which goes through the MDR. IF the interfaces are on the SAME SIP, the traffic must be flowing through the Working interface, to ensure zero traffic drops.

  • CSCug52953

Symptom: Reload of QFP occurs with one of the following backtraces:

Driver Interrupt: DPE5_CPE_CPE_DPE_INT_SET_0_LEAF_INT_INT_S4_WPT_ERROR or

BackTrace #0 hal_abort () at /scratch/mcpre/BLD-BLD_V153_3_S_XE310_THROTTLE_LATEST_20130428_224613/cpp/dp/hardware/cpp/hal/hal_logger.c:81 #1 0x8032998a in tw_fire_timer_events () at /scratch/mcpre/BLD-BLD_V153_3_S_XE310_THROTTLE_LATEST_20130428_224613/cpp/dp/infra/logger.h:207 #2 0x8032a4bc in time_process_timer_hb () at /scratch/mcpre/BLD-BLD_V153_3_S_XE310_THROTTLE_LATEST_20130428_224613/cpp/dp/infra/time.c:837 ...

Conditions: These type of cores can appear of various conditions. The caveat only addresses when this condition occurs after unconfiguring NAT PAP mode. This includes changing PAP or BPA configuration.

Workaround: After unconfigure PAP it is recommend to reload the box which is more desirable than an uncontrolled reset.

  • CSCug53310

Symptom: ICMP v6 traffic is observed to drop.

Conditions: ICMP v6 traffic is observed to drop with cxsc configured under the zbfw policy-map. Drops are observed the zone is applied on a DMVPN tunnel.

Workaround: There is no workaround.

  • CSCug53415

Symptom:

%SMC-2-BAD_ID_HW: is output, and SPA is not disabled.

SPA should be disabled if authentication fail.

Conditions: ASR1001 Built-in SPA.

Workaround: There is no workaround.

  • CSCug53833

Symptom: When attaching/detaching performance monitor to/from interface, memory is leaking <conf t> perf mon context perf-mon prof appl traffic-monitor all <conf t> interface GigabitEthernet0/0/3 performance monitor context perf-mon no performance monitor context perf-mon.

Conditions: FAll tools avc config.

Workaround: There is no workaround.

  • CSCug54138

Symptom: Crash.FP is reloading.

Conditions: SIP ALG with BPA.

Workaround: Single session from user.

  • CSCug54468

Symptom: ASR1002-X acting as LNS, RP Crashes after shutting the interface which is connecting LAC.

Conditions: 5000 sessions with per-session QoS. All these sessions are setup on 1 L2TP tunnel.

Workaround: There is no workaround.

  • CSCug55996

Symptom: Memory leak and crash preceded with error messages like

Apr 24 15:52:40.776: %DIALPEER_DB-3-ADDPEER_MEM_THRESHOLD: Addition of dial-peers limited by available memory memory leak due to skinny msg server and alloc_pc = asnl_get_new_evInfo

Conditions: 2951 router running 15.3(2)T.

Workaround: There is no workaround.

  • CSCug56862

Symptom: ESP may crash with NAT BPA.

Conditions: ESP may crash with NAT BPA with ALG Traffic.

Workaround: There is no workaround.

  • CSCug56942

Symptom: CUOM could not process MOSCQEReachedMajorThreshold clear trap from CUBE SP. For MOSCqe alert clear trap, CUBE should not sent CurrentLevel Varbind but should send csbQOSAlertCurrentValue Varbind .

Conditions: This symptom is observed when CUBE SP generates clear trap for voice quality alerts.

Workaround: The code fix is included in CUBE Cisco IOS Release 15.2(4)S4. Manually clean the alarm at CUOM after root cause is rectified if earlier CUBE version is used.

  • CSCug58617

Symptom: Usernames do not show up in CCP Express. Username shows up on a router with default configuration.

Conditions: The symptom is observed on routers with configurations that break show run | format.

Workaround: Use default configuration.

  • CSCug59729

Symptom: An ASR1001 may reload when used as a hub in a scaled DMVPN environment.

Conditions: This is seen when the traffic rates approaches the limit of the encryption capabilities of the router.

Workaround: There is no workaround.

  • CSCug59765

Symptom: The output show sip-ua status registrar is used to display all the SIP endpoints that are currently registered with the contact address. In the call-id field of the output the last octet is missing:

Router#show telephony-service | i Version CONFIG (Version=9.1) Version 9.1
Router#show sip-ua status registrar Line destination expires(sec) contact transport call-id peer ============================================================ 1004 10.106.118.105 3021 10.106.118.105 UDP 68bdaba5-19070002-63993ca0-73066260@10.106.118 40006 1098 10.106.118.105 3021 10.106.118.105 UDP 68bdaba5-19070003-4f9a3f93-4572d758@10.106.118 40010 1005 10.106.118.104 3024 10.106.118.104 UDP e8ba7006-23010002-5bfc761c-4a34d712@10.106.118 40009 1097 10.106.118.104 3024 10.106.118.104 UDP e8ba7006-23010003-627c6fe9-524366a5@10.106.118 40008
 

Conditions: The issue is seen only with recent CME versions (8.6 and above). This functionality was working before and broken with newer CME/SRST releases.

Workaround: There is no workaround.

  • CSCug60707

Symptom: After FP switchover, new standby does not boot up.

Conditions: This symptom is observed in dual FP configured boxes, when a FP boot up and pulls entire configures from RP, it may crash and can not boot into ready state.

Workaround: Complete reload of the box.

  • CSCug61097

Symptom: In some traffic conditions running AVC configuration on the ASR1002-X platform may lead to a crash.

Conditions: Under heavy load and with specific traffic pattern, usually found at ISP network, running AVC configuration on ASR1002-X may lead to a crash.

Workaround: There is no workaround.

  • CSCug61466

Symptom: CUBE crashes for DO-EO ReINV_HD call.

Conditions: CUBE crashes for DO-EO ReINV_HD call.

Workaround: Issue fixed and committed.

  • CSCug61559

Symptom: Matching the last protocol under it's attributes will not work.

Conditions: Using the default protocol-pack.

Workaround: There is no workaround.

  • CSCug63013

Symptom: A DMVPN spoke router running Cisco IOS Release 15.2(4)M3 and configured with if-state nhrp might not re-form eigrp neighbourship if the line protocol on the interface goes down and comes back automatically.

Conditions: This symptom occurs in a DMVPN spoke router running 15.2(4)M3 with if-state nhrp configured and interface line protocol going down. It must also be using the new multicast code (15.1(4)M onwards).

Workaround: Removing ip nhrp map multicast x.x.x.x y.y.y.y and reading it resolves the problem.

  • CSCug63564

Symptoms: Under certain conditions, malformed IKEv2 packets may cause a traceback in the Crypto IKEv2 process:

Feb 13 21:07:15.812: %SYS-2-MALLOCFAIL: Memory allocation of 4294967078 bytes failed from 0x16A15FF8, alignment 0.

Conditions: The condition is only causing traceback message to be printed. No actual crash is happening.

Workaround: There is no workaround.

  • CSCug63959

Symptom: DSPs are getting hung when receiving an incoming Video call.

Conditions: When making the incoming video call On the AS5400XM gateway, the DSP's channels are not freed up after the call is disconnected. Because of this issue, if there is any incoming call (normal audio call) the calls fail with resource unavailable. We need to reboot the router to clear the DSPs.

Workaround: Reloading the Router temporarily fixes it.

  • CSCug65541

Symptom: Traceback observed @ service_controller_delete_sc_node on doing RP switchover.

Conditions: On performing RP switchover and when the ASR is registered with the CM.

Workaround: There is no workaround.

  • CSCug65636

Symptom: MQC Shaper not working correctly for specific CIR rates.

Conditions: When there are more than one QoS policy-maps applied to different sub-interfaces, with shape rates having a huge disparity, such as more than 1000:1, this problem can occur.

Workaround: Do not configure shape rates on subinterfaces with a disparity > 500:1.

  • CSCug65706

Symptom: Attaching performance monitor to OTV interface should be blocked.

<conf t> interface Overlay1 otv control-group 239.1.1.1 service-policy type performance-monitor output new-policy ==>
 

This configuration line should be blocked.

Conditions: FAll tools avc config.

Workaround: There is no workaround.

  • CSCug66565

Symptom: A previous code commit to address the same issue caused a catastrophic issue wherein SPA is going out of service, during the SPA reload & chassis reload after the RP switchover on 1ru. This bug improves the fix so that this catastrophe is not seen again. The original issue was exposed during regression testing while doing an ISSU upgrade.

Conditions: Aforementioned commit should be present in the image and chassis should be ASR1001. Issue is seen when SPA is reloaded after RP switchover.

Workaround: The issue is not seen if:

1. Chassis is not ASR1001

2. Aforementioned fix is not present in the image.

  • CSCug66784

Symptom: DSP fails to recover using Test DSP Device 0 All Reset .

Conditions: This symptom is observed when a crashed DSP (LSI PVDM3) fails to recover via the CLI command test voice dsp device 0 all reset .

Workaround: A complete reload of the router is required to recover the DSP.

  • CSCug67754

Symptom: ESP Crash observed during HSRP failover Test.

Conditions: HSRP Enabled on BDI Interface with OTV feature combination configured.

Workaround: There is no workaround.

  • CSCug68282

Symptom: ASR1000 RP crash after software upgrade

Conditions: Device configured with SBC with interchassis redundancy

redundancy mode none application redundancy group 1 name ECS preempt priority 150 failover threshold 100 timers delay 100 control Port-channel30.8 protocol 1 data Port-channel30.9 track 1 decrement 200 track 2 decrement 200 protocol 1 name BFD timers hellotime msec 250 holdtime msec 1000
 

Workaround: Do not setup B2B redundancy between XE36(or older) and XE37(or later)

  • CSCug69049

Symptom: ESP fails to initialize and reboots. A message like the following will be seen on the IOS console:

*Jan 01 16:22:35.562: %CPPHA-3-INITFAIL: F0: cpp_ha: CPP 0 initialization failed - startup init (0x1) *Jan 01 16:22:35.562: %CPPHA-3-INITFAIL: F0: cpp_ha: CPP 0 initialization failed - start CPP (0x1)

The cpp_driver tracelog contains an entry indicating the Hoover PLL failed to lock. This could be on CIF,FIF, or ICM. Here is an example from CIF:

01/01 16:22:35.120 [cpp-drv]: (ERR): COMP0053/CIF/1028: QFP0.0 - timeout waiting for Hoover TX PLL to lock.

Conditions: Router configuration or traffic pattern does not affect this problem. This software error is fixed in to XE3.7.4, XE3.9.2, XE3.10.0 and later releases.

Workaround: There is no workaround.

  • CSCug69107

Symptom: Crypto session does not comes up in EZVPN.

Conditions: This symptom is observed when a Crypto session is being established.

Workaround: There is no workaround.

  • CSCug69540

Symptom: ESP fails to initialize and reboots. Cman-fp indicates error due to Hoover PLL lock failure.

Conditions: Router configuration or traffic pattern does not affect this problem. This software error is fixed in to XE3.7.4, XE3.9.2, XE3.10.0 and later releases.

Workaround: There is no workaround.

  • CSCug70196

Symptoms: Match on precedence and dscp do not work properly.

Conditions: Does not work under all conditions.

Workaround: Development fix to back out the implementation of bit0 and bit1 of TOS byte.

  • CSCug71832

Symptom: I/O memory leaks occur with the following error messages:

SYS-2-MALLOCFAIL Memory allocation of 268 bytes failed from 0x6076C1C0, alignment 32 Pool: I/O Free: 3632 Cause: Memory fragmentation Alternate Pool: None Free: 0 Cause: No Alternate pool -Process= "SCCP Application", ipl= 0, pid= 234 -Traceback= 6082E5B4z 60761188z 607618A8z 60764930z 6237DFA4z 62379CB4z 623873A4z 62373474z 62374E64z 607FAE64z 607FAE48z

Conditions: This symptom occurs due to a slow memory leak in the SMALL and MIDDLE buffers.

Workaround: There is no workaround.

  • CSCug72547

Symptom: Static DMVPN spoke-spoke tunnel initially comes up when tunnel comes up, but if IPsec SAs go down (cleared or are not rekeyed) then the IPsec SAs will not come backup. Data traffic that is supposed to got directly over the spoke-spoke tunnel is forwarded over the spoke-hub-spoke path.

Conditions: Running DMVPN Phase 3 on an ASR1k as spoke routers, on both ends of the spoke-spoke tunnel. If the IPsec SAs for the spoke-spoke tunnel are cleared either because there was no spoke-spoke traffic for long enough for the IPsec SAs to not be rekeyed or or the idle-timer to expire or the IPsec SAs are cleared manually.

Workaround: Have a process (like IP SLA) ping the remote spokes tunnel IP address to keep the IPsec SAs up or to bring them back up if they happen to go down. Probably ping about every 60-120 seconds.

  • CSCug72874

Symptom: Group Member is registering the third Key Server in its list in a redundant KS scenario, when certificate of first KS has been revoked.

Conditions: This has been observed under the following conditions: - GM has a list of 3 or more Key server - Certificate based authentication with OCSP validation - First KS certificate has been revoked.

Workaround: There is no workaround.

  • CSCug73374

Symptom: ASR1001 prints following error messages and crashes:

% Internal error: Connection to peer process lost %MCP_SYS-0-ASSERTION_FAILED: SIP0: cmcc: Assertion failed: Assertion failed: cman/cc/./src/cmcc_util.c:322: bay < cmcc_max_spas_per_cc()

Conditions: Issue show platform hardware subslot 0/3 plim statistics command in CLI.

Workaround: Not issuing show platform hardware subslot 0/3 plim commands will avoid this problem.

  • CSCug73476

Symptom: Customer is running a CME Environment with Cisco 2901 series Router. Once or twice every week during high Call Volume, the soft key such as Transfer, End Call Stops responding.

Conditions: Once phone sends EndCall softkey(0x26) to CUCME the CUCME does not send CallState (0x111) and CloseReceiveChannel (0x106) and StopMediaTransmission(0x8B) to phone, so the call is not terminated.

Workaround: There is no workaround.

  • CSCug73700

Symptom: Failed to do ISSU in CC/SPA upgrade.

Conditions: Seen when the user does a subpackage ISSU in a system for only sip* packages.

Workaround: There is no workaround.

  • CSCug74947

Symptom: When down physical interfaces on remote site routers, local router physical interface go down and tunnel interfaces become up down. The ISAKMP for the tunnel that is connected with serial T3 goes down but for Gig link, ISAKMP remain QM_LDLE.

Conditions: Irrespective of the Serial and Ethernet links, sometimes, multiple IKE SAs (duplicate SAs) get created with the same peer. When the dpd is configured and the interface of the peer is shutdown, the duplicate SA continues to exist.

Workaround: There is no workaround.

  • CSCug77212

Symptom: ASR1K CUBE RP may crash with Segmentation fault(11), Process = CCSIP_SPI_CONTROL when sip headers are manipulated using a sip profile for 200 response messages for KPML notify.

Conditions: Crash seems to be happening due to SIP profiles configs being wrongly applied to Notify response (this profile was meant for 200 OK Invite response).

Workaround: Do not configure sip profiles to manipulate the headers for 200 responses.

  • CSCug77988

Symptom: ZBFW syslog for passing and dropping ICMPv6 packets shows wrong value in the port number fields. The src/dst port numbers should be the ICMP type and code. In addition, the passing syslog is showing Passing Unknown L4 protocol .

Conditions: The router is configured in 66, 64 or 46 case. syslog for pass or drop logging is enabled. Sending ICMPv6(or ICMP from v4 side) packets.

Workaround: There is no workaround.

  • CSCug78153

Symptom: Traffic drops seen with FTP NAT PAP mode.

Conditions: With FTP NAT PAP configured on BOX.

Workaround: There is no workaround.

  • CSCug78227

Symptom:

ASR1001-5-DEV(config-sbc-sbe-sip-hdr-ele)# sip header-profile hprof2 ASR1001-5-DEV(config-sbc-sbe-sip-hdr)# store-rule entry 1 ASR1001-5-DEV(config-sbc-sbe-sip-hdr-ele-act)# condition request-uri sip-uri-user store-as uname Error: sip-uri-user is only valid for To, From and Request-Line
Conditions: This happens if following config is paste into config terminal or on reading startup-config with following config ---------------------------------------------------------------------------------------------- sip header-profile hprof1 store-rule entry 1 condition header-name Allow header-value store-as Avalue store-rule entry 2 condition request-uri sip-uri-user store-as uname.
 

Workaround: exit sbc, re-enter the specified store-rule/condition

---------------------------------------------------------------------------------------------- sip header-profile hprof1 store-rule entry 1 condition header-name Allow header-value store-as Avalue exit exit exit exit sbc test sbe sip header-profile hprof1 store-rule entry 2 condition request-uri sip-uri-user store-as uname
 
  • CSCug79260

Symptom: It takes a long time (5 seconds) to disconnect the call after the user pressing Endcall soft key.

Conditions: - A new voicemail is read/deleted. Every phone has two sidecars (7914s) attached to it. Thus, 20 additional lines per phone.

Workaround: Use MWI outcall method instead of SIP NOTIFY method.

  • CSCug80427

Symptom: Bursty shape rate on high bandwidth queue.

Conditions: When there are 2 vlans configured each with a single simple shape queue, one with a very high rate (ex. 400,000,000bps) and another with a very low rate (ex 128,000bps), the high rate queue's rate may be bursty and fluctuate - 10% of the configured rate.

Workaround: Configure a hierarchical policymap on the vlans where the shape is on the parent class, not on the queue.

  • CSCug81259

Symptom: When configuring performance monitor, when registration to CFT fails, the router crashes.

Conditions: FAll tools avc config.

Workaround: There is no workaround.

  • CSCug81754

Symptom: Router c2800 with CME9.1 crashes with signal 10 TLB (store) exception in CCSIP_SPI_CONTROL process.

Conditions: There are no known conditions.

Workaround: There is no workaround.

  • CSCug81812

Asymmetric Payload Inter-working was introduced in XE310. Hence adding HA support for asymmetric payload inter-working here to provide complete solution as requested by some customers.

  • CSCug82610

Symptom: NAT translations could be stranded on the standby with NAT B2B and AR config.

Conditions: NAT translations could be stranded on the standby with timeout of zero.

Workaround: In a MW or downtime execute clear ip nat trans * on the active box.

  • CSCug82939

Symptom: ICMP error packets having icmp message in the payload are being dropped when NAT64 and ZBFW are configured.

Conditions: The configuration should include nat64 and zbfw.

Workaround: There is no workaround.

  • CSCug83231

Symptom: ip load-sharing per-packet is configurable while it is officially not supported.

Conditions: There are no known conditions.

Workaround: There is no workaround.

  • CSCug83538

Symptoms: Static routes injected through RRI (reverse-route static) are not getting removed.

Conditions: This symptom is observed when a static crypto map that has reverse-route static enabled is applied on two different interfaces with a local-address.

Workaround: Reload the Router.

  • CSCug84557

Symptom: CUBE SBC does not forward mid-call Re-INVITE in a glare condition.

Conditions: This symptom is observed in a condition where both legs of a SIP call through the SBC sends in Re-INVITE within 100ms of each other. Instead of forwarding the first arriving Re-INVITE to the other leg and then rejecting the other with a 491 Request Pending response, SBC does not forward either of the Re-INVITE and gets into a deadlock condition leading to no audio and an eventual call tear down.

Workaround: There is no workaround.

  • CSCug86085

Symptom: SBC SRTP ucode crash when doing srtp-rtp interworking.

Conditions: It seems this can happen in hairpined srtp calls, though not able to reproduce in lab. the test scenario is rtp----SBC-----SRTP--------SBC-------rtp

Workaround: There is no workaround.

  • CSCug86432

Symptom: Incorrect statistic from SNMP OID 1.3.6.1.4.1.9.9.171.1.3.1.1 , related to a number of IPSec tunnels after running clear crypto sa / session command.

Conditions: Configured DMVPN, running clear crypto sa / session command.

Workaround: Reloading of router helps to solve the issue.

  • CSCug87214

Symptom: Inconsistent behavior when Phase1 rekey fails. Phase2 is deleted on one side but is kept on the remote end till IPSec SA expires.

Conditions: When DPDs are enabled.

Workaround: Clearing the IPSec SA manually.

  • CSCug88265

Symptom: Looking at the output of show platform software process list r0 sort memory , the memory of fman_rp keeps increasing.

Conditions: This symptom is observed when this box is configured as PfR border router and enabled.

Workaround: There is no workaround.

  • CSCug88270

Symptom: E1 R2 channels randomly get stuck in S_WAIT_RELEASE.

Sample output from "show voice call summary" : 0/1/0:0.14 g711ulaw n S_WAIT_RELEASE R2_Q421_WAIT_IDLE

Conditions: Outgoing calls that get Ring no answer (RNA) might get stuck when the Service provider clears the channel.

Workaround: Shutdown and un-shutdown the controller.

  • CSCug90054

Symptom: The FTP ALG is on by default. The user should be allowed to disable the FTP ALG via configuration.

Conditions: FTP traffic will go through FTP ALG when the traffic is NATted.

Workaround: There is no workaround.

  • CSCug91204

Symptom: The following error message on the console:

/usr/binos/conf/mdrfuncs.sh: line <line>: em_mdr_NODE_ISSU_SPA_WAIT: command not found

Conditions: SPA does not complete MDR when performing OneShot ISSU with MDR.

Workaround: Manually complete ISSU.

  • CSCug91447

Symptom: Packets are lost on transmission to an MLP bundle. Lost packets show up in drop statistics as tail drops.

Conditions: Occurs after removal and re-insertion of SPA module which contains one or more links in the MLP bundle.

Workaround: After the SPA re-insertion, remove the serial link from the bundle and add it back.

  • CSCug92464

Symptom: NAT timeout when used with port CLI doesn't work as expected.

Conditions: This symptom is observed when ip nat translation port-timeout tcp <port #> <timeout value> command is used with ip nat translation tcp-timeout <timeout value> command.

Workaround: Use only ip nat translation tcp-timeout <timeout value>

  • CSCug93301

Symptom: NGVM will fail to boot, causing DSP to be in downloading state.

Conditions: This condition may occur on the first attempt to boot a new NGVM module.

Workaround: Use the NGVM boot loader to set the PID environment variable to match the PID as shown in the show diag subslot x/x eeprom command.

  • CSCug95485

Symptom: UUT is crashing.

Conditions: After switching from default mode to CGN mode, Sending multiple sessions of PPTP.

Workaround: There is no workaround.

  • CSCug95820

Symptom: Netconf features do not work when AAA is used for access control.

Conditions: Netconf features do not work when AAA is used for access control.

Workaround: Use local authentication instead of AAA. Or, use other XML interface such as WSMA features instead.

  • CSCug97705

Symptom: Configured PPTP Timeout is not taking effect on Translations for PPTP ALG.

Conditions: Sending Traffic for PPTP-ALG.

Workaround: There is no workaround.

  • CSCug97910

Symptom: High CPP_CP process CPU load on ESP100 caused by session counter collection.

Conditions: ESP100 and ISG scale.

Workaround: Reduce number of counters associated with ISG session.

  • CSCug98010

Symptom: Crash seen on Primary RP due to Null Pointer send during Bulk Policy Map delete.

Conditions: Deleting Bulk Cos Policies.

Workaround: There is no workaround.

  • CSCug98593

Symptom: When the ZBFW SYN cookie protection feature is enabled and is being triggered, the firewall will generate and send SYN packets to the server on behalf of the client. If the response from the server isn't received in time, the firewall will re-generate and resend the SYN packet. In this retransmitted SYN packet, the MSS option is missing and the sequence number is incorrect (it is one number bigger than the ISN).

Conditions: ZBFW SYN cookie protection is configured and is being triggered. Server doesn't respond in time and is causing the firewall to resend the SYN packet to the server.

Workaround: There is no workaround.

  • CSCug98723

Symptom: The TCP RST packets generated by ZBFW are dropped by ZBFW on ASR box.

Conditions: TCP flow specific TCP RST packets generated by ASR to reset the connection to the client and server when TCP packet inspection is on.

Workaround: There is no workaround.

  • CSCug98820

Symptom: Multicast RP-Announcement/RP-Advertisement packet is replicated more than one copy per incoming packet. The number of copies is equal to the number of interfaces/IO items with IC flag enabled (show ip mfib to get the number of IC interfaces).

Conditions: This symptom is observed when AUTO-RP filter is configured on PIM interfaces.

Workaround: There is no workaround.

  • CSCuh01007

Symptom: After ESP 100 reload, show policy-map interface counters does not populate results.

Conditions: With an egress service policy on SPA gige interface and sending high/low priority traffic.

Workaround: Reload the SPA after FP reload.

  • CSCuh03859

Symptom: If customer configured snmp server enable traps sbc sla-violation-rev1 , csbSLAViolationRev1 trap is not sent.

Conditions: Normal operation.

Workaround: There is no workaround.

  • CSCuh04018

Symptom: fman-fp traceback: cgm begin batch error.

Conditions: While adding classes to the ZBFW policy.

Workaround: There is no workaround.

  • CSCuh04779

Symptom: Unable to import an ECDSA CA certificate.

Conditions: IOS router running any version of code up through 15.3(2)T.

Workaround: There is no workaround.

  • CSCuh06678

Symptom: 1 Local address can be mapped to multiple global address.

Conditions: With PAP configured.

Workaround:

  • CSCuh06849

Symptom: Fragmented PPTP ALG traffic may not be processed as expected.

Conditions: Fragmented PPTP ALG traffic may be dropped, with NAT PAT configuration.

Workaround: Turn off PPTP ALG if not required.

  • CSCuh07535

Symptom: crypto context show command display unknown authentication and confidentiality output.

Conditions: sha256, sha384, sha512, gmac and gcm.

Workaround: There is no workaround.

  • CSCuh09403

Symptom: ESP may reload in B2B NAT ZBFW setup.

Conditions: B2B NAT ZBFW setup with stateful traffic.

Workaround: There is no workaround.

  • CSCuh09451

Symptom: Exception to IOS Thread:UNIX-EXT-SIGNAL: Segmentation fault(11), Process = SBC main process.

Conditions: There are no known conditions.

Workaround: There is no workaround.

  • CSCuh09580

Symptom: With IOS-XE 3.7.3S on ASR1K and global crypto ikev2 dpd configuration, all crypto sessions have dpd enabled as expected, after performing RP Switch-Over, the crypto ikev2 dpd configuration is missed, all crypto session are re-established with dpd disabled.

Conditions: DPD and RP Switch Over.

Workaround: There is no workaround.

  • CSCuh09872

Symptom: Issue seems to happen when we check the bridge-domain related platform command, first on the RP, then on the FP repeatedly.

Conditions: Usage of the show platform software bridge-domain rp active 11 mac-table followed by show platform software bridge-domain fp standby 11 mac-table <> multiple times results in this RP crash.

Workaround: There is no workaround.

  • CSCuh10186

Symptom: This issue happens when a previous bad call with impairment shows a low MOS 2.5 (as expected) and then the call is disconnected and the n/w impairment is removed, and when a subsequent new call is placed, the MOS does *not* start at 4.5(even though audio is perfect), instead it will be in the low 2's and take 10 minutes to get to 4.5 range even though audio is perfect for whole duration of the call.

Conditions: This symptom occurs when a bad call is started.

Workaround: Start with normal call.

  • CSCuh12245

Symptom: cpp_cp process crashes.

Conditions: Change to the parent class of a session which causes a rate update event to be performed in the QFP HW. At the same time, ANCP causes rate change on a VLAN shaper using mode-F QoS. The shaper rate change causes the shaper on the vlan to be removed and then re-applied. Depending upon RP and FP CPU utilization, these events can be processed on the ESP as one QoS transaction. where the sessions parent class has a rate change event and the session is also being moved to an aggregation schedule node on the GE from the VLAN shaper schedule node. And then the shaper is re-applied to the VLAN and the session is moved back to the VLAN shaper. This all occurs in the same QoS transaction/commit on the ESP, causing the ESP to crash.

Workaround: There is no workaround.

  • CSCuh12779

Symptom: The ASR1k does not reply to IPv6 ping packets sent to its LISP IPv6 EID address, when these are received over a LISP IPv4 RLOC space.

Conditions: This only applies to ICMPv6 echo reply packets, that are generated on the RP, and received over an IPv4 RLOC core.

Workaround: There is no workaround.

  • CSCuh14012

Symptom: The crypto session remains UP-ACTIVE after tunnels are brought down administratively.

Conditions: This symptom occurs in tunnels with the same IPsec profile with a shared keyword.

Workaround: There is no workaround.

  • CSCuh17401

Symptom: NAT pool exhaustion with addresses with 0 recount.

Conditions: when running NAT ALG when port allocation failure occurs.

Workaround: To recover, issue clear ip nat trans * in off hours (as this is disruptive operation).

  • CSCuh18253

Symptom: gtpv2 message with invalid imsi is not dropped.

Conditions: Invalid IMSI is used.

Workaround: There is no workaround.

  • CSCuh18797

Symptom: ESP crashed while removing policy-map from configuration. Issue is seen while removing the Qos configuration from standalone chassis and all the ports are down.

Conditions: ESP crashed because of object-pending issue. This issue can only be reproduced when the QoS config is from NVRAM, and not when it's added on a live box. This may be related to ordering issue.

Workaround: There is no workaround.

  • CSCuh20209

Symptom: ucode crash on clear ip nat translations.

Conditions: Very rarely with stateful traffic.

Workaround: Use clear ip nat translations vrf <vrf_name> to clear vrf aware translations.

  • CSCuh22742

Symptom: Callflow: Verizon ? SIP trunk ? CUBE (ASR 1000)? CUSP ? Genesys ? Interactions IVR. CUBE does not ACK and BYE (glare handling case) after sending Cancel and receiving 200 Ok for cancel from CUSP.

Conditions: Verizon cancelled the call 300 milliseconds (aprox) after sending the invite, it caused the 200Ok of the invite and the Cancel to cross wire between CUSP and Genesy. By that time CUSP had already sent 200 Ok for CANCEL to CUBE, thus CUBE did not respond to the following 200 OK (for Invite).

Workaround: There is no workaround.

  • CSCuh23178

Symptom: Call failure when supplementary services (hold/resume, transfer) is attempted on a call traversing a Cisco CUBE Enterprise gateway. Dead air will be heard and the call will timeout. output from debug ccsip error shows the following error.

SIP/Error/ccsip_api_response_answer: Media Negotiation failure in 200 OK

Conditions: Calls traversing a CUBE Enterprise gateway configured for SIP-SIP call-flow. IOS versions impacted vary. So far, all IOS between 15.1(1)T3 and 15.3(2)T is impacted. Failure is reproduced when a consult transfer is attempted on a call that's established with codec g729r8 in a CUCM environment but can occur when there is a codec mis-match during a mid-call event (RE-INVITE) where media is renegotiated.

Workaround: Resolve the codec mismatch. The most common one is when g729r8 is established as the codec. CUCM will, when acting as the UAS, send a 200 OK advertising g729r8 with no annexb= parameter to specify either yes or no . Per RFC 3555, section 4.1.9, this implies that the parameter is set to yes triggering CUBE to determine CUCM is advertising g729br8. If this is not configured on the dial-peers matched or voice-class codec configured, the call will fail to negotiate a codec and fail.

  • CSCuh23859

Symptom: With Suite-B configured (i.e. esp-gcm / esp-gmac transform) on a GETVPN Key Server (KS), Group Members (GM) will see the following un-gated error message on the console when the KS policy ACL is changed or edited and a rekey is sent from the KS using crypto gdoi ks rekey ...

May 31 09:56:49.906 IST: *** SERIOUS ERROR: OVERLAPPING IV RANGES DETECTED ***

When the GM receives the rekey, the policy is installed successfully. However, after this the GM re-registers twice and then these errors are displayed.

Conditions: Suite-B is configured (i.e. esp-gcm / esp-gmac transform) on a GETVPN Key Server (KS), the KS policy ACL is changed or edited and a rekey is sent from the KS using crypto gdoi ks rekey This issue was seen with at least 50 Group Member (GM) instances using VRF-Lite on a ASR1K GM box and no more than 30 ACE's in the KS policy ACL, however this issue should also be seen on a ISRG2 GM box with less GM instances and less ACE's as well.

Workaround: If a Key Server (KS) policy ACL must be changed or edited while Group Members (GM) have already registered and downloaded GETVPN Suite-B policy (i.e. esp-gcm / esp-gmac transform), issue crypto gdoi ks rekey replace-now instead of crypto gdoi ks rekey after changing the KS policy ACL. (NOTE: a very small amount of traffic loss may be expected) If possible, do not change the KS policy ACL after a GETVPN network using Suite-B is up and running. NOTE: The fix requires both an upgrade of the KS and GM to properly work.

  • CSCuh25309

Symptom: IPSec tunnel is not programmed in data plane; but IPSec control plane may show tunnel is established.

Conditions: This symptom is observed on a Cisco ASR1000 series router when functions as an IP Security (IPSec) termination.

Workaround: There is no workaround.

  • CSCuh27137

Symptom: phone-proxy failed to attach to the second dial-peer.

Conditions: This symptom is observed when you configure two phone-proxy.

Workaround: Using one phone proxy.

  • CSCuh27266

Symptom: CPP core not generated when FP crash happen.

Conditions: Perform SPA OIR with Unicast/Multicast/Broadcast storm control on 32k EFPs.

Workaround: There is no workaround.

  • CSCuh27343

Symptom: A CUBE router may reload.

Conditions: This is only seen on a router processing voice traffic with CPA feature enabled.

Workaround: There is no workaround.

  • CSCuh28721

Symptom: icmp packet size 1439-1454 will be drop at next hop because the L2 frame size is bigger than 1518, 1500 MTU acceptable frame size.

Conditions: crypto map with NAT in between tunnel end point.

Workaround: There is no workaround.

  • CSCuh29771

Symptom: There will be more SIP phones register than what it is configured in max-pool in case max-ephones is not yet reached.

Conditions: ISR2921 IOS 15.1(4)M5.

Workaround: There is no workaround.

  • CSCuh31480

Symptom: Traceback observed when Interface Virtual-Access3(for ezVPN server) changed state to down on MCP_DEV(XE311).

Conditions: Interface Virtual-Access3(for ezVPN server) changed state to down.

Workaround: There is no workaround.

  • CSCuh32165

Symptom: CVLA memory is not released. Check FNF_AOR CVLA memory usage. show platform hardware qfp active infrastructure cvla client handles

<snip> Entity name: FNF_AOR Handle: 2344906752 Number of allocations: 176 Memory allocated: 14144 <snip> show platform hardware qfp active feature fnf datapath aor <snip> Extracted Field objects Alloc 1200 0 Free 100 <snip>

Conditions: AVC with IPv6 protocol.

Workaround: There is no workaround.

  • CSCuh35993

Symptom: Create an RRI route for deny ACL lines in the crypto map.

Conditions: 15.x code and L2L ipsec tunnel.

Workaround: There is no workaround.

  • CSCuh36706

Symptom: A call waiting beep is heard intermittently on incoming calls to an extension that has the no call-waiting beep command configured. This is seen on Cisco IOS Software 15.1(4)M5.

Conditions: The Cisco IOS Software version 15.1(4)M5 exhibits this behavior. So far, we don't know if the same issue is seen on lower IOS trains, but it is confirmed that Cisco IOS Software 15.0(1)M and lower don't exhibit the same symptoms.

Workaround: Downgrade to Cisco IOS Software 15.0(1)Mx or lower. There might be feature loss due to a change in the IOS version.

  • CSCuh36750

Symptom: ESP crashes.

Conditions: Subscriber session w/QoS over tunnel or shaped vlan.

Workaround: There is no workaround.

  • CSCuh37526

Symptom: - show crypto entropy stat, output, shows Status = Faulted - syslog message A pseudo-random number was generated twice in succession was logged two hours after boot.

Conditions: ISM 15.2(4)M Crypto features enabled.

Workaround: There is no workaround.

  • CSCuh38425

Symptom: ASR1K fails to initialize with cpp_driver held down message.

Conditions: ESP-100, ESP-200 or ASR1002-VE configured with 40MB or 80MB TCAM devices manufactured by Renesas may fail to initialize.

Workaround: There is no workaround.

  • CSCuh38488

Symptom: An ASR with zone-based firewall enabled may drop SIP INVITE packets with the following drop reason:

Router#show plat hardware qfp active feature firewall drop ------------------------------------------------------------------------------- Drop Reason Packets ------------------------------------------------------------------------------- L7 inspection returns drop 1
Router#

Conditions: This symptom is observed when the application (L7) inspection for SIP is be enabled for the flow.

Workaround: Any of the following workarounds are applicable:

Disable the port-to-application mapping for SIP with the <CmdBold>no ip port-map sip port udp 5060<noCmdBold> command. This prevents ZBF from treating UDP/5060 as SIP. Instead, it is treated as simple UDP.

Use the 'pass' action in both directions instead of 'inspect'. This disables all inspection (even L4) for the traffic. Symptom: An ASR with zone-based firewall enabled may drop SIP INVITE packets with the following drop reason:

Router#show plat hardware qfp active feature firewall drop ------------------------------------------------------------------------------- Drop Reason Packets ------------------------------------------------------------------------------- L7 inspection returns drop.
 
  • CSCuh39771

Symptom: Traffic fails to pass through the VPN tunnel intermittently on a router running 15.14M6 or 15.2(4)M3. The encrypts/encaps counter increments on the IPsec SA, but the encrypted packet does not egress the router.

Conditions:

The IOS running on the router may be 15.1(4)M6 or 15.2(4)M3.

The clear-text packet ingresses the router on the same interface on which the crypto map is applied.

Workaround: If we use acess-list on crypto interface with permit ip any any log or removing ip route-cache cef from crypto interface, it starts to work.

  • CSCuh41555

Symptom: Scenario : Expected conditional profiles not shown for Midcall update to re-Invite.

Conditions: Midcall update to re-Invite in conditional profiles.

Workaround: There is no workaround.

  • CSCuh41597

Symptom: Memory leak is seen when SDP pass through is configured.

Conditions: When SDP pass through is configured.

Workaround: There is no workaround.

  • CSCuh42565

Symptom: ASR1K CPP crashes and tracebacks.

Conditions: Reboot ASR1K DMVPN hub with image.

Workaround: There is no workaround.

  • CSCuh42885

Symptom: Changing modes in cgn and sending traffic results in ucode crash.

Conditions: Unconfiguring one mode and switching to another mode and sending traffic.

Workaround: There is no workaround.

  • CSCuh43018

Symptom: QFP reloads.

Conditions: Rarely occurs when issuing sh platform hard qfp active feature nat da stats . Most likely to occur in CGN mode specifically after switching from classic to CGN mode.

Workaround: There is no workaround.

  • CSCuh43137

Symptom: With Suite-B configured (i.e. esp-gcm / esp-gmac transform), GETVPN Key Sever (KS) shows TEK SPI's for deny ACE's when show crypto gdoi ks policy is issued while a Group Member (GM) does not show TEK SPI's for deny ACE's when show crypto gdoi is issued.

Conditions: The command show crypto gdoi ks policy is issued with Suite-B configured (i.e. esp-gcm / esp-gmac transform) deny ACE's in the policy ACL for GETVPN / GDOI.

Workaround: There is no workaround.

  • CSCuh44888

Symptom: PBHK update failure traceback from CPP-CP. AOM object download failure from FMAN-FP.

Conditions: ISG sessions have PBHK features and RP switch-over.

Workaround: There is no workaround.

  • CSCuh46031

Symptom: The Cisco ASR 1000 router sends a different Acct-Session-Id in the Access-Request and Accounting-Request for the same user.

Conditions: This symptom occurs when Flex VPN IPsec remote access is configured.

Workaround: There is no workaround.

  • CSCuh47047

Symptom: An IOS router may fail IKE Main Mode negotiation if the peer device sends both the seconds and kilobytes Life Type with their respective Life Duration attributes.

Conditions: This condition can occur when an IOS router is the responder for an IKE session, and the peer proposes both seconds and kilobytes Life Duration in its SA proposal.

Workaround: The workaround is to remove one of the Life Type attributes from the peer device configuration.

  • CSCuh48261

Symptom: Tunnel entry are deleted together.

Conditions: Primary pdp context and secondary pdp context. tear down ind is 0 in delete pdp context request.

Workaround: There is no workaround.

  • CSCuh48747

Symptom: Multiple NAT entries are created.

Conditions: UUT Configured with PAT with route-map.

Workaround: There is no workaround.

  • CSCuh49507

Symptom: Call legs are not seen.

Conditions: When Xcoder is needed for only Inband to NTE DTMF interworking.

Workaround: There is no workaround.

  • CSCuh50125

Symptom:ESP crashes.

Conditions: On ASR1002-X, ESP100 or ESP200 based platforms, ESP can crash when you have interfaces where the bandwidth can change dynamically and you have a hierarchical QoS policy-map applied.

Workaround: When applying a hierarchical QoS policy-map to ain interface that supports dynamic bandwidth changes, be sure to apply the QoS policy while there are no bandwidth changes to the interface as the same time.

  • CSCuh51607

Symptom: Traceback occur.

Conditions: Delete acl for IPSec with live traffic.

Workaround: There is no workaround.

  • CSCuh52011

Symptom: SNMP Trap Informs to monitor GETVPN service. In each Trap Informs customer wants the <CgmGdoiIdentificationValue> attribut to be in ASCII string (and not binary value) when they use <crypto isakmp identity hostname> However IOS always sends an IP address identity (type and value) in the trap. They should have type 2 and the FQDN of the KS which is not the case.

Conditions: GETVPN setup between KS and GM and crypto isakmp identity as hostname (FQDN).

Workaround: There is no workaround.

  • CSCuh54693

Symptom: Crypto Socket remains CLOSED on DmVPN setup.

Conditions: This symptom is observed when DmVPN with extended CLI mentions IKE profile as the ISAKMP profile.

Workaround: Remove the IKEv2 profile configuration from the IPSEC profile.

  • CSCuh56175

Symptom: One way audio after about 22 minutes with SRTP-RTP interworking.

Conditions: This symptom is observed in Cisco IOS Release 15.3.2T.

Workaround: Use one codec on the SRTP to RTP legs. (Make calls all G711 or all G729, not one leg G711 and the other G729).

  • CSCuh56534

Symptom: Bad ipcksum when tcp segment from inside.

Conditions: Send tcp segments from inside (sip ALG).

Workaround: There is no workaround.

  • CSCuh57439

Symptom: The router crashes from some heap memory exception, such as FREEFREE or BADMAGIC within the checkheaps process.

Conditions: The router has experienced heavy, likely prolonged voice traffic, especially CUBE (IP-IP gateway) calls.

Workaround: There is no workaround.

  • CSCuh57618

Symptom: The gateway sends the following NOTIFY message before receiving an unsubscribe request. Subscription-State Terminated

Conditions: This symptom occurs when the router is loaded with the c2900-universalk9-mz.SPA.153-2.25.M0.1 image.

Workaround: There is no workaround.

  • CSCuh58880

Symptom: ipsec:route-set=prefix av-pair is not pushed to the anyconnect client from the router.

Conditions: Radius server is used for AAA. IKEv2 is used. Anyconnect client 3.1. ASR version 3.10.00a.S.

Workaround: Use a split tunnel ACL on the router.

  • CSCuh59216

Symptom: Dedicated bearer is failed to be setup.

Conditions: Dedicated bearer.

Workaround: There is no workaround.

  • CSCuh61999

Symptom: After configure and then remove match access, the flow remains optimized.

Conditions: After configure and then remove match access, the flow remains optimized. It should be Pass-through.

Workaround: After following steps, it functions correctly.

1. no enable service context.

2. no service policy

3. add service policy back

4. enable service context

  • CSCuh62307

Symptom: ASR1000 router may crash when customer uses call-policy-set copy source XXX destination YYY command to create a new call-policy-set.

Conditions: there is na-src-address-table configured within the call-policy-set. enter this table with na-src-address-table XXX after it was created by call-policy-set copy command.

Workaround: instead of using call-policy-set copy source XXX destination YYY command, copy and paste the text into config terminal to create a new call-policy-set.

  • CSCuh62529

Symptom: ASR router crashes for media forking HA feature.

Conditions: This symptom is observed when media forking feature crashes in B2BHA standby router.

Workaround: There is no workaround.

  • CSCuh62579

Symptom: CUBE send 403 response for untrusted Requests by default. This request to make the TDOS feature enabled by default came from marketing for Ease-of-use to the customer.

Conditions: Request should come from untrusted host.

Workaround: Enable silent-discard explicitly.

  • CSCuh63682

Symptom: Router crash in automatic test. The trigger to the crash is the following show command: show flow monitor <name> cache format csv .

Conditions: No delay between configuration phase and show command execution.

Workaround: Delay of 10 seconds between configuration phase and show command execution.

  • CSCuh63727

Symptom: Router may crash when unconfiguring large (8k) redirect ACL list in MASK config.

Conditions: There are no known conditions.

Workaround: There is no workaround.

  • CSCuh64174

Symptom: During IKE QM exchange, the IKE SA can be prematurely deleted without sufficient retransmission because the maximum IKE SA error count is reached during a transient network failure that causes the QM exchange to fail.

Conditions: This condition can occur if there are multiple simultaneous QM negotiations that are happening around the same time, and they are not successful.

Workaround: There is no workaround.

  • CSCuh64810

Symptom: Call failure or one way audio when 180 ringing is received by the CUBE.

Conditions: The call is failed by the LYNC because it then generates a new SIP URI using the updated contact header.

Workaround: Use sip-profiles on the CUBE to convert the number in the 'contact' header to the proper number on that call leg.

  • CSCuh65933

Symptom: When ingress-PE switch the encapsulation of multicast traffic from default MDT to data MDT, the first packets after switchover will be added two labels (including both default and data MDT labels).

Conditions: When the traffic rate exceeds the threshold, the ingress-PE will switch to data MDT (encapsulate multicast packets into data MDT, instead of default MDT).

Workaround: There is no workaround.

  • CSCuh66373

Symptom: KS not sending rekey to the registered GM.

Conditions: KS not sending rekey to the registered GM.

Workaround: If we enable retransmission on KS, rekey are received by the GMs.

  • CSCuh66510

Symptom: The router crashes during the display of history traces, that is during execution of command show monitor event-trace voip ccsip history all .

Conditions: When history buffer is set to 20 and total calls made is 50, that is buffer required is 100. In this case, history buffer is reused. The crash happens when history buffer is reused and show command is used to display the history traces.

Workaround: By increasing the limit of connections to 1000, this can be avoided.

  • CSCuh66763

Symptom: Following phrases are displayed in English irrespective of locale configured on CME. "Next" "Previous" "Please modify number" "Invalid speed dial number" "Invalid personal speed dial number" "Invalid blf speed dial number" "Personal speed dial number can not exceed 32 digits" "Personal speed dial label can not exceed 30 characters" "Speed dial number can not exceed 24 digits" "The record is full" "Please delete unuse entry" "Logging Out" "CME hardware conference" "CME software conference" "add party allowed" "add party not allowed" "Whisper" "CME group pickup" "CME pickup" "Access Mailbox (trnsfVM)" "Failed to send call to Mobile Phone" "Live Record is not enable" "Live Record already in progress" "Not conference creator" "Live Record has stopped" "Live Record timeout"

Conditions: This symptom is observed when you configure non-English user-locale.

Workaround: There is no workaround.

  • CSCuh68961

Symptom: In a DO-DO scenario, the CUBE is not able to send re-invite on other leg if the CUBE receives re-invite immediately followed by ACK.

Conditions:

SIP (PSTN) -- CUBE -- SIP -- CUCM -- IP phone transfers to another IP phone Message Sequence in CUBE CUCM --> reINVITE --> CUBE --> reINVITE --> Provider <-- 200OK 200OK <-- ACK --> reINVITE --> --> ACK reINVITE from CUCM is not forwarded to the provider.

Workaround: There is no workaround.

  • CSCuh70537

Symptom: Memory leak at Crypto session Element.

Conditions: Flapping flexvpn sessions.

Workaround: There is no workaround.

  • CSCuh71310

Symptom: Modify bearer response is dropped.

Conditions: Control plane teid in modify bearer request is changed from teid in create session request.

Workaround: There is no workaround.

  • CSCuh72818

Symptom: When inserting a SPA-4XT-SERIAL or after booting of a chassis containing SPA-4XT-SERIAL, the following messages are displayed:

*Jun 18 17:18:31.741 EDT: %IOSXE-4-PLATFORM: R0/0: kernel: ERROR: No thresholds defined for slot 1, BW 150 (mbps) *Jun 18 17:18:31.741 EDT: %IOSXE-4-PLATFORM: R0/0: kernel: ERROR: SPA 1: get buf 56 thresholds failed.

These are only messages and have no affect on SPA functionality.

Conditions: Occurs during reload/bootup of chassis which contains the SPA-4XT-SERIAL or during insertion of this SPA.

Workaround: There is no workaround.

  • CSCuh73422

Symptom: ASR1k With MAP-T Configs crashes.

Conditions: When Ping Initiated to public IPV4 Address, ASR1K crashes with Core dump, and the packet was translated but the packet causes an ICMP error message to be generated, and in some cases of ICMP error generation, the box could crash.

Workaround: There is no workaround.

  • CSCuh73986

Symptom: Dns response get dropped with no-payload configured and NAT FW.

Conditions: Configure nat FW (dns inspect) send dns query from inside, server then reply the response.

Workaround: There is no workaround.

  • CSCuh74069

Symptom: Super-package MDR ISSU fails with the following message:

MDR:FAILED: Insufficient memory available on harddisk: to support MDR Conditions: Super-package MDR ISSU operation is issued.

Workaround: Issue sub-package MDR ISSU.

  • CSCuh75393

Symptom: When subject name is used as secondary under truspoint for authorization without primary configured, it doesn’t pick the correct value.

Conditions: Only subject name is configured as secondary without primary.

Workaround: Configure subject name as primary.

  • CSCuh75480

Symptom: QFP reload occurs.

Conditions: When running NAT in CGN mode and doing a removal of a mapping.

Workaround: Switch to classic mode, to mapping removal, switch back to CGN mode.

  • CSCuh76529

Symptom: There is no known symptoms.

Conditions: Astro can require a core voltage of up to 1.00V. However, the voltage was defaulted to 0.9V for all Astro chips. If an Astro requires 1.0V is on a board, it is only operating at 0.9V and could fail to operate properly at speed.

Workaround: There is no workaround.

  • CSCuh78055

Symptom: MN-BITS IN stays in Locked state even when MN-BITS OUT is removed.

Conditions: MN-BITS IN stays in Locked state even when MN-BITS OUT is removed.

Workaround: There is no workaround.

  • CSCuh80368

Symptom: Erspan performance downgrade in FP160.

Conditions: Erspan under FP160.

Workaround: There is no workaround.

  • CSCuh81556

Symptom: Crash is happened on list_enqueue_default intermittent.

Conditions: After no voice class sip-options-keepalive <tag> to delete the sip options keepalive profile.

Workaround: Do not use no voice class sip-options-keepalive <tag> . Use shutdown command from the sip options keep alive profile instead to put the profile inactive state.

  • CSCuh82492

Symptom: NBAR doesn't activate.

Conditions: With NAT under SIP, DNS traffic.

Workaround: Disable alg.

  • CSCuh82871

Symptom: Traceback @cpp_alg_ipc_handler with msrpc traffic.

Conditions: No specific conditions with MSRPC traffic.

Workaround: There is no workaround.

  • CSCuh85883

Symptom: mplssetvrf bgp routes are not coming up along with multi-vrf PBR.

Conditions: The destination address of the packet is ASR local address.

Workaround: There is no workaround.

  • CSCuh87017

Symptom: The ESP goes down logging messages

Conditions: On issuing sh ip nat trans when there are a large number of static networks translations the ESP may reset with the above messages. The issue is caused by a calculation dealing with the number of static network translations that are configured. It is possible to avoid this issue by moving out of the impacted range of static network translations (see workaround).

Workaround: Use AAA/Authorization functionality to restrict show ip nat translations OR clear ip nat translation from being issued.

  • CSCuh87618

Symptom: Configured two APS groups (one for OC3/hdlc and other with OC12/PPP) between ASR1013 and ASR1006 using back to back connections. APS group 1 interfaces Inactive after RP-switchover.

Conditions: During ASR1013 Subpackage MDR.

Workaround: There is no workaround.

  • CSCuh87919

Symptom: Seeing PuntPerCausePolicerDrops on sending traffic through LISP router.

Conditions: No traffic drops associated.

Workaround: There is no workaround.

  • CSCuh88723

Symptom: Plim Ingress classification doesn't work on Clearchannel-SPAs.High priority traffic will continue to be treated as normal traffic and flows in Low Priority queue.

Conditions: With PLIM ingress classification, despite assigning map ip dscp 16 - 31 queue strict-priority traffic flows in Low Priority queue.

Workaround: There is no workaround.

  • CSCuh90153

Symptom: Directed Call Park FAC (Feature Access Codes) not working when CME SIP Phone uses ENBLOC dialing. If a SIP Phone dials a FAC code to retrieve a directed parked call, CME will not detect the FAC code, and will disconnect the call with cause value=1.

Conditions: The issue is observed with phones registered with SIP CME version 8.8 and later.

Workaround: Downgrade to an earlier CME version (8.6, 8.5, 8.1).

  • CSCuh90658

Symptom: QFP crash.

Conditions:

Create normal GTPv1 session and primary PDP.

Delete request with teardown false.

Update QOS with different data TEID at both SGSN/GGSN, crashed.

Workaround: There is no workaround.

  • CSCuh91025

Symptom: Unable to authenticate to Root CA if already authenticated with Sub CA of the Root CA.

Conditions: When authentication with SubCA is already successful, authentication with Root CA fails.

Workaround: Authenticate Root CA first and then SubCA.

  • CSCuh91266

Symptom: VTCP is not robust enough when received tcp segments with abnormal sequence id. This may result FP crash. We observed a TCP packet much older than the current window on customer network.

Conditions: Abnormal sequenced tcp segments received when vtcp buffering current flow.

Workaround: There is no workaround.

  • CSCuh91563

Symptom: ucode crash seen on unconifugring nat with nbar.

Conditions: Seen during a script run.

Workaround: There is no workaround.

  • CSCuh92837

Symptom: When fax tones are detected in the early media phase of the call, the gateway does not initiate a fax mode switchover.

Conditions: The call must establish early media, and fax tones must be detected in this phase of the call.

Workaround: There is no workaround.

  • CSCuh93142

Symptom: show hw-module subslot <> sensor may show the rail-0 as Margined .

Conditions: The output may show up on normal boot up of the BUILT-IN SPA of Ethernet Line Card.

Workaround: There is no workaround.

  • CSCuh93572

Symptom: Certain sequence of config/unconfig of PLIM comands resulted in error.

Conditions:

Add DSCP based Plim config.

Mark certain DSCP value as high or low priority with PLIM config command.

Delete the config added in step 1.

Now try to add a TOS bases Plim config. It will through error stating "config done in step 2" must be deleted. But config in step 2 is a subset of config in step1. It should be enough if the config in step1 is removed to add any new plim config.

Workaround: Remove the DSCP based config completely before adding any new TOS based config.

  • CSCuh93698

Symptom: The Calling-Station-Id is not sent in the accounting-request.

Conditions: Easy VPN server or Flex VPN remote access is configured along with the radius-server attribute 31 remote-id command.

Workaround: There is no workaround.

  • CSCuh94630

Symptom: In a scenario where the same router is used as a CUBE and as an SRST router, a problem can occur where numbers registered with an ITSP via the credentials command will drop, and not show in show SIP-ua reg status after a failback from SRST.

Conditions: CUBE gateway registering numbers with their ITSP using the credentials command. SRST also in use on the same router.

Workaround:

Remove and re-add the credentials commands under SIP-UA.

Reload the gateway.

  • CSCuh95125

Symptom: ESP-100 may crash continuously on an ASR1K box with cpp_svr crashes causing the FP to go down.

Conditions: Numerous QoS sessions with a single queue being created on an interface in a per-session basis on a Yoda platform (ASR1002-X/ESP100/ESP200).

Workaround: There is no workaround.

  • CSCuh95747

Symptom: Hash table updated incorrectly when more than one interface assigned with ip address on wae.

Conditions: Apply ip and configs with uut and wae.

Workaround: Issue not seen when there is only one interface assigned with ip address on wae.

  • CSCuh95890

Symptom: Memory leak is seen in the below code path.

Conditions: While processing incoming SIP INVITE with Replaces header.

Workaround: There is no workaround.

  • CSCuh96558

Symptom: Router crashes when the command show voip rtp forking is issued during load.

Conditions: Media Forking Enabled.

Workaround: s how voip rtp forking CLI should not be used under load.

  • CSCuh96846

Symptom: Peer destination SIP trunk doesn't establish trunk due to option ping failover towards CUBE. This occurs when the peer to CUBE sends CUBE OPTION PINGS with max-forwards set to zero. The response from CUBE is to incorrectly respond back with a 483 message to many hops. Unified Communications Manager does accept that as a valid response but other User Agents might interpret it incorrectly and not consider the peer active unless receiving a 200OK.

Conditions: There are no known conditions.

Workaround: There is no workaround.

  • CSCuh97072

Symptom: Under certain rare circumstance, ZBFW will not properly build the connection for the first packet of the flow. This causes subsequent packets to be dropped due to TCP state checking.

Conditions: This was first observed when NAT, ZBFW and HA were all enabled on the ASR platform. This only affects ASR platforms.

Workaround: Removing and re-adding the NAT configuration resolves the issue. Sometimes it requires re-adding the NAT configuration without any redundancy keywords before re-adding it with the redundancy keywords.

  • CSCuh98167

Symptom: Spurious Accesses messages on router.

Conditions: There are no known conditions.

Workaround: There is no workaround.

  • CSCuh98929

Symptom: IFNF support a single L3 byte counter for a connection. There are no separate counter for the connection client and server. This fix adds client and server counters.

Conditions: Current supported CLI: flow record test collect counter bytes long end. With this fix, two additional counters can be collected: flow record test collect counter bytes long collect connection client counter bytes network long collect connection client counter bytes server long end.

Workaround: There is no workaround.

  • CSCui01133

Symptom: ATM autovc padi timeout.

Conditions: This symptom is observed during autovc scaling.

Workaround: There is no workaround.

  • CSCui01834

Symptom: FMAN-FP crash may occur while broadband sessions are torn down.

Conditions: This symptom is observed when a large number of broadband sessions are being torn down, there is a possibility of a crash in FMAN-FP.

Workaround: There is no workaround.

  • CSCui02551

Symptom: There are two possible symptoms for this problem, one is related to the show CLI and one is related to configuration (functional).

QoS Show CLI: Traceback on FP/ESP (in cpp_cp) when executing a s how plat hard qfp act feat qos ... command. This is a non-functional problem.

QoS Configuration Error: Traceback on FP/ESP (in cpp_sp) when configuring QoS features. This is a functional problem.

Conditions: This symptom is observed during specific sequences of events.

QoS Show CLI (non-functional): Removing class(es) from attached service policies, attaching new targets, then issuing QoS platform show commands.

QoS Configuration Error (functional): Removing class(es) from attached service policies, attaching new targets, detaching old targets, re-adding same class(es) back to policy-map.

Workaround: Detach service policy from all targets before removing classes from service policy. The non-functional traceback (1) is benign, no corrective action is needed. If the functional traceback (2) has occurred, FP/ESP must be rebooted/reloaded to clear the QoS configuration error.

  • CSCui04655

Symptom: Cisco IOS router with WEBVPN and anyconnect client using DTLS is not working and the traffic gets dropped.

Conditions: This symptom is observed when WebVPN using DTLS is used.

Workaround: Disable DTLS.

  • CSCui04860

Symptom: HA sync is not happening from active to standby.

Conditions: This symptom is observed when HA Sync-up is not happening for PKI Server on Cisco IOS Release 15.3(2.25)M0.1.

Workaround: There is no workaround.

  • CSCui05425

Symptom: FP160 is not able to be brought up after router reload.

Conditions: Using latest development branch image, it is occasionally observed FP160 fails to be come up. On the ASR1003 router with dual FP160 setup, if you try to reload the box 10-20 times, FP fails at the initial state.

Workaround: There is no workaround.

  • CSCui06014

Symptom: Creating 2000 GRE IPSEC tunnels (sample configuration shown below, repeated 2000 times) causes RP crash.

interface tunnel10001 bandwidth 1000 ipv6 address 1003:0:0:1::1/64 ipv6 enable tunnel source Loopback10001 tunnel dest 1004:0:1:1::1 tunnel mode gre ipv6 tunnel protection ipsec profile hub10001.
 

Conditions: This symptom is observed under the following conditions:

On ASR1K: Works fine when scaled up to 2500 sessions. At 4000, a crash is observed. The in between numbers are not available.

Workaround: Bring up the tunnels in staggered manner (booting with the configurations can also cause the issue) by shutting down the interface and the start them in batches.

  • CSCui06921

Symptom: An FP crash and core file is generated.

Conditions: Use of the engineering/debug CLI sh pla ha qfp act datapath infra chunk basic <addr> with an invalid addr passed.

Workaround: Do not use this debug CLI with an invalid address.

  • CSCui06926

Symptom: Initiator sends identity certificate based on ca trustpoint under the isakmp-profile. However, the responder does not do this. Instead it gets the identity certificate from the *first* trustpoint (out of the list of trustpoints) based on peer's cert_req payload in MM3.

Conditions: This symptom is observed under the following conditions:

IKEv1 with RSA-SIg Authentication, where each Peer has two certificates issued by the same CA.

Each Peer has isakmp profiles defined that match on certificate-map and have ca trustpoint statements with self-identity as fqdn.

Workaround: There is no workaround.

  • CSCui07002

Symptom: When two routers attempt to build an IKE session and use PKI for authentication, if the CRL has expired the responding router crashes and reloads.

Conditions: This symptom is observed during PKI chain-validation, CRL check, expired CRL.

Workaround: Disable CRL check.

  • CSCui09501

Symptom: RP_Crash is seen at _be_crypto_ipsec_key_engine_sa_req.

Conditions: This symptom is observed when unconfiguring the vrfs on spoke-side.

Workaround: There is no workaround.

  • CSCui10109

Symptom: When provisioned, Fax CM tone is not suppressed on a receiving GW leading to G3 fax-relay failures.

Conditions: This symptom is observed when fax-relay sg3-to-g3 command is provisioned on a receiving gateway(TGW) and T.38 version 0 is provisioned, G3 fax failures are observed due to fax CM tone not being suppressed.

Workaround:

Enable fax-relay sg3-to-g3 suppression on the emitting GW.

Use NSE based modem pass through.

Enable T.38 v3 on the emitting and receiving GWs to negotiate T.38 version 3.

  • CSCui10537

Symptom: When E1 interface have both channel-group and ds0-group, some ds0-group may not come up on the remote side (suppose it's argot), and voice call cannot be made.

Conditions: This symptom is observed when both channel groups and ds0-groups are configured on the same Fortitude card.

Workaround: Configure ds0-group first, then configure channel-group or tdm-group.

  • CSCui11009

Symptom: clear controller wanphy x/x/x command cannot clear counters of sh controller wanphy x/x/x . This issue is seen on ASR1006.

Conditions: This symptom is observed when you insert the SPA after the router is up.

Workaround: Reload the router with the SPA.

  • CSCui12023

Symptom: OIR of Metronome-spa_BITSOUT results in QL-DNU at connected input source (Metronome-spa/Kingpin BITSIN).

Conditions: This symptom is observed during OIR of Metronome-spa_BITSOUT.

Workaround: Remove and Re-apply BITSOUT clocking configuration.

  • CSCui13063

Symptom: QoS on Service instances using COS matching in the child level of a hierarchical policy-map may fail to properly match traffic. Traffic may be classified into an incorrect QoS class.

Conditions: This symptom is observed when using COS matching in the child level of a hierarchical QoS policy-map on a service instance.

Workaround: Use a flat policy-map if possible.

  • CSCui13781

Symptom: FP may crash with HTTP and FTP traffic.

Conditions: This symptom is observed when you configure NAT, NBAR, and appnav over GRE tunnel and HTTP.

Workaround: There is no workaround.

  • CSCui14753

Symptom: Named IP ACL does not work for Hash assignment.

Conditions: This symptom is observed when you apply IP and ACL configured on UUT.

Workaround: There is no workaround.

  • CSCui15035

Symptom: Path confirmation failure in T.38 Fax call with re-invite.

Conditions: This symptom is observed when voice to fax switch over, T38 fax is not working.

Workaround: There is no workaround.

  • CSCui17100

Symptom: Ucode crash seen.

Conditions: Crash observed when you perform cc_oir with scaled EVC-EOMPLS config.

Workaround: There is no workaround.

  • CSCui22356

Symptom: During Sub package ISSU Upgrade is performed on ASR1002-X router after upgrading the standby RP (R0/1) with new RP subpackages, Switchover is forced from the active IOS process to the standby IOS process. During the switchover, new active performs configuration Bulk-Sync with the standby. During this Bulk Sync operation, the configuration related to the Interfaces is not synced to the standby due to Bulk Sync MCL failures.

Conditions: The symptom is observed after redundancy force-switchover step in ISSU upgrade procedure.

Workaround: Perform a standby IOS reload.

  • CSCui24927

Symptom: Data rate for a QoS shaped MLPPPoA/MLPPPoEoA traffic class may exceed the configured QoS shape rate.

Conditions: This symptom is observed when a parent or child shaper is defined on the MLPPP bundle interface that is less than the configured PVC data rate.

Workaround: The user can explicitly tell the shaper to account for the ATM Cell Overhead by appending the account user-defined 0 atm configuration option to the shaper configuration.

  • CSCui26458

Symptom: Call flow: Verizon -- CUBE -- CUSP -- Genesys/IVR, transfered with SIP Refer back to PSTN hair-pining the call on CUBE. When the call is put on hold to be transferred from IVR to PSTN, the codec negotiation fails, dropping the call with reason code 47 and hanging the UDP port used. All subsequent calls that try to re-use the same UDP port for RTP stream are dropped with reason code 47 and provisional RSP failure is logged on show voip fpi stats.

Conditions: This symptom is observed when Hair-pinned calls that received multiple Audio M-Lines on the SDP received from Verizon on the original SIP Invite

Workaround: There is no workaround.

  • CSCui26516

Symptom: Currently, SIP profiles copy variables data is available only in CCB, but not in SCB.

Conditions: When sip profiles copy variables data is used along with in-dialog subscribe/notify.

Workaround: There is no workaround.

  • CSCui27725

Symptom: when ASR1000 connect with ISO HDLC equipment, the ATOM PW traffic could not transparent successfully.

Conditions: in L2VPN ATOM PW configuration, AC on the PE is CISCO HDLC encapsulation, and CE equipment is ISO HDLC.

Workaround:

CE configure CISCO HDLC.

CE configure as the FR, and PE configure as HDLC.

  • CSCui32300

Symptom: Tracebacks on sdby sup on reload of LC containing Pb free Patriot SPA Where we see vc number mismatch tracebacks on standby when we do an LC OIR with ct3 spas inserted

Conditions: Fix of CSCud67270 Traceback @ spa_choc_dsx_create_vcidb should be present and CT3 SPA should be there and its OIR should be done.

Workaround: There is no workaround.

  • CSCui37419

Symptom: ASR1k CPP ucode crash

Conditions: This symptom is observed when very big DNS packet is processed.

Workaround: There is no workaround.

  • CSCui38300

Symptom: High latency observed in customer network

Conditions: Under certain conditions, particularly under forced test conditions, it is possible to create scenarios where flow lock contention will be very high because of NAT gatekeeper failures.

Workaround: There is no workaround.

  • CSCui38316

Symptom: The ESP crashes when updating a highly scaling configuration with a large number of flow-controllable nodes. The crash could be observed during dynamic reconfigurations such as changing the rates of a scheduling node, e.g. an ATM VC due to changing L2 shaping or QOS via MQC. The crash could also occur due to growing a scheduling node or moving an ATM VC from one class-of-service node to another. There are several other scenarios that could lead to a transformation of a hierarchy in order to lay out the tree correctly to meet the hardware requirements. One such example is applying a flat policy to or removing a child policy from a policy attached to an ATM VC.

Conditions: While transforming a hierarchy, there are hardware primitives used to execute the update logic safely. One of requirements for this procedure is to move flow-control from the old tree to the new tree in a particular order to prevent packets from getting out of order. The BQS resource manager had a bug that caused the update to deplete internal flow-control IDs.

Workaround: There is no workaround.

  • CSCui39098

Symptom: With XFP OIR, TX Power is stuck at -40db sometime and the link fails to come up

Conditions: This symptom is observed with XFP OIR.

Workaround: Perform another XFP OIR.

  • CSCui40812

Symptom: Call transfer using refer method on CUBE will fail, if end UA, which involved in transfer, tries to de-activate the media with "c=IN IP4 0.0.0.0 and a=recvonly".

Conditions: When a CUBE is trying to transfer the call using Refer method to a UA, and the UA responds with re-invite to de-activate the media with :

"c=IN IP4 0.0.0.0 and a=recvonly", then CUBE will respond with 491.
007326: Jul 26 19:48:02.028 UTC: //2336/171907168923/SIP/Error/sact_media_event_send_invite_response: Failure in media negotiation -- Sending 491 response
 

Workaround: There is no workaround.

  • CSCui41298

Symptom: UDP tunnel header udp_len is definitely 0, not correctly fixedup

Conditions: The tunnel intf is changed from un-udp tunnel to udp tunnel mode.

vxlan case, the nve will auto create a UDP tunnel. the tunnel interface also have the processing with tunnel mode updation, so cause the tun_mode is wrong saved in the uidb subblock

pmip UDP tunnel case, the tunnel is created with UDP mode, not changed from other tunnel mode. so the tunnel mode saved in the uidb subblock is correct and the issue is not exposed.

Workaround: There is no workaround.

  • CSCui42810

Symptom: Memory exhausted under load

Conditions: In a SIP-SIP call, when offer is with inband to nte and later in response it falls back to inband to inband resulting in memory leak.

Workaround: Don’t configure the NTE in outbound dial-peer where it will be inband.

  • CSCui42826

Symptom: fman_fp crash seen with 1K tunnels and routemaps

Conditions: This symptom is observed when sending traffic with 1K tunnels and routemaps with ipv6 ACL.

Workaround: here is no workaround.

  • CSCui43804

Symptom: Traceback seen at ace_crypto_free_hw_spi.

Conditions: This symptom is observed under load using static VTI.

Workaround: There is no workaround.

  • CSCui44808

Symptom: Inconsistencies with addition and removal of debug crypto conditions

Conditions: This symptom is observed when using crypto debug conditions

Workaround: There is no workaround.

  • CSCui45213

Symptom: Unable to configure interface Multilink greater than 65535. Previously able to configure Multilink interfaces in the range of 1 to 2147483647.

Conditions: Unable to configure interface Multilink greater than 65535.

Workaround: There is no workaround.

  • CSCui47798

Symptom: packet lost over GRE tunnels

Conditions: This symptom is observed when ERSPAN is configured on the device, ping the gre tunnel address there are packets lost

Workaround: Disable ERSPAN

  • CSCui47819

Symptom: Configure URL tool ezpm and run traffic. Following fields have wrong values: connection to server netw delay sum, connection to client netw delay sum, connection client, server netw delay sum, connection application delay sum, connection application delay max, connection client server resp delay sum, connection server packets counter, connection initiator octets, connection client packets counter

Conditions: This symptom is observed when url tool is configured alone.

Workaround: Enable other ezpm tool additionally.

  • CSCui48381

Symptom: Callers receiving general voice-mail greeting when forwarded to CUE voice-mail.

Conditions: If one "voice register dn" is forward all, or, forward unregistered to another voice register DN that is also forward all or forward unregistered to CUE voice-mail, there is no Diversion header in the SIP INVITE to CUE. This results in CUE returning the general voice-mail greeting.

Workaround: There is no workaround.

  • CSCui49644

Symptom: AToM(Ethernet over MPLS), FP crashes

Conditions: AToM(Ethernet over MPLS) is configured, link or protocol flapping causes timing issue. It is hard to hit.

Workaround: There is no workaround.

  • CSCui50964

Symptom: VLAN Stats would not be displayed on RP

Conditions: When Scaled Vlans are configured and multiple times shut no shut or configure and unconfigure of vlans causes VLAN stats not collected to RP

Workaround: Reload of the line card.

  • CSCui52964

Symptom: In CME, Transferred call will not be moved to Flow-around

Conditions: This seen during call transfer @ alert without 183 in CME

Workaround: There is no workaround.

  • CSCui53561

Symptom: Link interfaces of multilink bundles may not report any packet or byte counts in either direction. This behaviour may be seen in "show interface Virtual-Access <if number>" outputs, and in "show pppoe session packets" outputs.

Conditions: This behaviour is observed on ASR1000 routers, on broadband link interfaces. Broadband link interfaces affected may include PPPoE, PPPoEoA, and possibly PPPoA.

Workaround: It may be possible to get similar stats through the show command "show platform hardware qfp active feature mlppp datapath bundle Virtual-Access <if number>".

  • CSCui54042

Symptom: ASR crashes when running command "no crypto pki certificate pool"

Conditions: This has been seen on the ASR1004 running the following: asr1000rp2-advipservicesk9.03.07.03.S.152-4.S3 asr1000rp2-advipservicesk9.03.07.03.S.152-4.S2 asr1000rp2-advipservicesk9.03.07.03.S.152-4.S1

Workaround: Do not run the command "no crypto pki certificate pool".

  • CSCui54359

Symptom: Fax relay is not used when t38 v3 were used for SG3 fax calls. Calls were processed with passthrough mode.

Conditions: This symptom is observed when SG3 fax on both end and GWs were configured with H323 protocol and T38 v3 fax relay.

Workaround: Use SIP protocol. Symptom: fax relay is not used when t38 v3 were used for SG3 fax calls. Calls were processed with passthrough mode.

  • CSCui55146

Symptom: Crash seen during SSO.

Conditions: This symptom is seen in ISR G2 in HSRP HA configuration, and is not seen in ASR1K. It is also seen under a race condition when deleting a dial-peer/unconfiguring bind CLI's under dial-peer.

Workaround: Do not change configuration during SSO.

  • CSCui55472

Symptom: While removing IPSEC configuration and unconfiguration, command no crypto pki server ra is issued followed by answer "yes", the router's CPU utilization reaches to 100% which degrades its performance badly, while the script keeps on running in background and finally this leads to failure/aborting of further listed test cases.

Conditions: This symptom is observed under no specific conditions. Workaround: There is no workaround.

Symptom: while removing ipsec configuration and unconfiguration, command "no crypto pki server ra" is issued followed by answer "yes",router's CPU utilization reaches to 100% which degrades its performance badly, whereas script keeps on running in background and finally this all leads to failure/aborting of further listed testcases.

  • CSCui57866

Symptom: "Show plat soft flow fp active exporter name <name>" displays invalid source and destination addresses if using IPv6.

Conditions: This is simply a display issue. The addresses are displayed in an IPv4 format. This fix checks the address type before displaying the addresses in the correct IPv4 or IPv6 format.

Workaround: There is no workaround.

  • CSCui58879

Symptom: FP crashes

Conditions: This symptom is observed when changing tunnel mode to cgn

Workaround: There is no workaround.

  • CSCui59290

Symptom: If CUBE received a REFER without Refer-To header , CUBE crashed in some platforms and there were trace backs in others.

Conditions: When REFER without Refer-To heaer is received.

Workaround: Refer-To is mandatory header in REFER Request. Hence might not encounter this case.

  • CSCui61103

Symptom: After an NHRP network spoke-spoke mapping entry refresh, the mapping entry is missing teh 'rib' or 'rib nho' flag settings and NHRP has cleared corresponding NHRP route or next-hop-override from route in the RIB. Data packets are forwarded via the spoke-hub-spoke tunnel path rather than the direct spoke-spoke tunnel path.

Conditions: This symptom is observed under the following conditions:

Running DMVPN Phase 3 on ASR1k or with IOS code 15.2(1)T or later.

Data traffic loading spoke routers using spoke-spoke tunnel.

Multiple NHRP network mapping entries for different subnets using the same spoke-spoke tunnel.

Workaround: There is no workaround.

  • CSCui64057

Symptom: no ip address trusted authenticate is configured, 403 for REGISTER failed to pass-through via cube.

Conditions: This symptom is observed when CUBE receives 403 for Register in Registration passthrough case while no ip address trusted authenticate under voice service voip and silent-discard untrusted under sip is configured.

Workaround: Disable silent discard "no silent-discard untrusted".

  • CSCui64796

Symptom: cpp_cp_svr crash in LNS

Conditions: while tearing down PPPoX sessions. On ESP=100, ESP-200 or ASR1K 2RU VE systems, if more than 4000 sessiions are created on one interface and then all sessions on that interface are torn down, this leads to a cpp_cp_svr crash on the ESP.

Workaround: There is no workaround.

  • CSCui64953

Symptom: ASR1002-x crashed with rtsp alg

Conditions: pa_remove fail, the memory will be double free in RTSP ALG, then cause ASR crash

Workaround: There is no workaround.

  • CSCui65881

Symptom: The MLPPP bundle bandwidth is not updated which led to non-priority packet drops when traffic exceeds the current rate. A bundle rate is supposed to be set to 12M but it was instead set to 1.5M.

Conditions: The Bundle rate was not being updated when QoS events preceded the rate update from MLPPP. If the MLP event is processed before the QoS event then there is correct behavior, however if the QoS event is processed before the MLP rate update event then the MLP event is lost and never gets processed to update the bundle bandwidth. This results in tail drops when the interface becomes congested prematurely.

Workaround: The workaround is to apply QoS after all member links have been successfully added to the bundle.

  • CSCui68274

Symptom: DMVPN spoke sometimes fails to replicate the multicast packet thereby not being able to send multicast packets to the hub (including the routing protocol updates)

Conditions: DMVPN Spokes where the NHS recovery feature is used.

Workaround: Shut - no shut of the tunnel interface clears this.

  • CSCui70820

Symptom: Some WCCP issues are not easy to reproduce.

Conditions: There are no known conditions.

Workaround: There is no workaround.

  • CSCui74757

Symptom: ESP crashes running 3.9.1 when NAT enabled

Conditions: NAT must be enabled.

Workaround: There is no workaround.

  • CSCui75072

Symptom: Traffic counter shows higher than expected value.

Conditions: ISG policy templating ON and uni-directional TC in service policy

Workaround: Use bi-directional TC in service policy

  • CSCui75391

Symptom: Sometime there will not be any output for the command "show sbc global sbe sip subscribers filter <prefix>".

Conditions: Observed on a Cisco ASR1k platform configured as CUBE using the Service Provider (SP) feature set running IOS-XE version 15.3(1)S2.

Workaround: The command output is not granular enough. For example: If we execute command like this then it works:

#v1-z11#show sbc global sbe sip subscribers filter sip:1037@a.b.c.d #SBC Service "global" # #There are currently 2060 subscribers registered on this SBC. # #SIP subscribers: # #AOR: sip:1037@a.b.c.d #Subscriber Location[s]: sip:1037@x.x.x.x:5063 -> ENDPOINTS/PUBNET # Fast register active, fast time remaining 58 sec #Registrar adj: SIPCORE #Time left: 163 secs #Subscriber Category[s]: VRF Global IPv4 a.b.x.y then we see expected information about "sip:1037@a.b.c.d" subscriber.
 

But if we execute:

#v1-z11#show sbc global sbe sip subscribers filter sip:1037 #SBC Service "global"
 

we donot see anything. Use the first option.

  • CSCui77763

Symptom: show platform software memory qfp-control-process qfp active command is not working.

Conditions: Execution of the show command.

Workaround: There is no workaround.

  • CSCui80058

Symptom: On the ASR1000 platform, if ip tcp adjust-mss is configured on an interface with a crypto map, then the TCP MSS value is not adjusted for egress TCP flows that are encrypted.

Conditions: This is only a problem when there is a crypto map configured on the same interface ip tcp adjust-mss is enabled.

Workaround: Configure ip tcp adjust-mss on the ingress LAN interface when crypto map is configured on the egress interface.

  • CSCui80542

Symptom: Sending a PING to an IPv6 EID from a Proxy ITR without specifying the source interface can cause a crash which resets the FO.

Conditions: When sending an ICMPv6 packet, we try to set the source UDP port, and depend on the source interface supplied in the exec command to do that. When the source interface is not included in the ping command, the source UDP port is invalid, and a crash ensues when LISP attempts to use it.

Workaround: Include 'source <interface>' to ping commands on the Proxy ITR

  • CSCui80961

Symptom:The output of the following command shows that the QM CPP DRAM increases but does not decrease when fair-queue is removed from a class before it is active in HW. show plat hard qfp act inf exmem stat user | incl QM Over time the system runs out resource DRAM causing subsequent configuration events that require CPP DRAM objects to fail. The impact could be the system being unable to process new configuration events or the data plane being unable to allocate resource DRAM during packet processing.

Conditions:When fair-queue is removed from a class before it is activated in the hardware, the BQS RM was not freeing the WRED DRAM object used to store the fair-queue configuration. Over time, the system runs out of CPP resource DRAM. The error message described in the description is displayed and all configurations start failing. This conditions impacts the whole system as opposed to just queueing features.

Workaround: There is no workaround.

  • CSCui81155

Symptom: Packet trace showing incorrect ICMP type for ping terminated on router.

Conditions: When using packet trace with IOS-XE and ICMP traffic is traced.

Workaround: There is no workaround.

  • CSCui84532

Symptom: RP is again fragmenting it.

Conditions: Giant pkts are sent from SPA after LAF.

Workaround: There is no workaround.

  • CSCui85434

Symptom: Transfer is failing with midcall invite.

Conditions: This symptom is observed when CUBE is not able to send out DO invite on to other leg in RE-INVITE based transfer.

Workaround: This issue has been fixed.

  • CSCui87681

Symptom: In video forking call CUBE always choose video packetization mode as "0" for H264 codec while passing across any request or response if the cLI to select preferred packetization mode is not configured.

Conditions: When video forking is enabled,CUBE always choose packetization mode=0 for H264 codec when the CLI to set preferred packetization mode is not configured..

Workaround: By using the existing CLI,media profile video 1/

  • CSCui88113

Symptom: EIGRP over IKEV2 DMVPN is not coming UP between ISR Spoke and ASR Hub

Conditions: This is seen with IKEv2 Configs

Workaround: Downgrade ASR image to XE3.8.

  • CSCui88210

Symptom:QinQ inner vlan configuration on Native Asr1k Ethernet Linecard traffic would not pass

Conditions:QinQ Sub interface configuration with inner vlan as ANY, Native Asr1k Ethernet Linecard traffic to that sub interface will be dropped in the linecard.

Workaround: There is no workaround.

  • CSCui88245

Symptom: The CPP process could while adding fair-queue on the fly. This does not require scaling to occur.

Conditions: When fair-queue is added on the fly while a default parent schedule is being deleted, a crash could occur because the RM cleanup code is destroying a wrong tree.

Workaround: There is no workaround.

  • CSCui91537

Symptom: When new flows are established through an ASR configured with PAP; PAP does not allocate the new flows to GA that may have existing flows mapped it but their LA to GA mapping have not reached the limit as configured via the ip nat setting pap limit command, this causes an exhaustion of the pool and flows that require a translation are eventually dropped.

Conditions: ASR running NAT PAP

Workaround: There is no workaround.

  • CSCui91855

Symptom: vrf-mismatch is seen under "show service-insertion statistics connection summary" after ESP Switch over in same box

Conditions: - Multiple ACs - At least 1 AC with dual FP - VRF configured - 1 VRF flows alive while reloading standby FP - Standby FP will come up with vrf mismatches

Workaround: Ignore the error

  • CSCui91872

Symptom: When configuring following commands on ASR1k platform: exception memory ignore overflow io frequency 30 maxcount 5 exception memory ignore overflow processor frequency 30 maxcount 5 Get following error:

F340.09.25-ASR1000-1(config)#$re overflow processor frequency 30 maxcount 5 F340.09.25-ASR1000-1(config)# *Aug 22 12:54:24.920: exception configuration not implemented *Aug 22 12:54:24.920: PARSE_RC-4-PRC_NON_COMPLIANCE< http://www.cisco.com/cgi-bin/Support/Errordecoder/index.cgi?action=search&counter=0&paging=5&links=reference&index=all&query=PARSE_RC-4-PRC_NON_COMPLIANCE> ; `exception memory ignore overflow processor frequency 30 maxcount 5'
 

Conditions: HW/SW: ASR1k/All IOS Non zero values in following commands:

exception memory ignore overflow io

exception memory ignore overflow processor

exception memory ignore overflow io frequency 30 maxcount 5
exception memory ignore overflow processor frequency 30 maxcount 5
 

Workaround: There is no workaround.

  • CSCui95380

Symptom: sis neigh can not be setup and stuck at "init" status

Conditions: when configured the MTU bigger than default value

Workaround: There is no workaround.

  • CSCui96679

Symptom: On a Cisco ASR1k running the Cisco CUBE SP (Service Provider) feature set, IOS-XE version 15.1(3)S1, it is sometimes observed that a specific call transfer will have no way audio (dead air) upon the transfer completion.

Conditions: The CUBE SP has at least three physical interfaces that terminate three different SIP trunks (for example to ITSP, SIP based IVR and to a Cisco Callmanager) and the problematic transfer call flow signaling traverses all three SIP trunks on the same CUBE.

Workaround: If you have more than one CUBE available and if one of the transfer call leg traverses this second CUBE then the problem is not observed.

  • CSCui97039

Symptom: CUBE fails to send INVITE with credentials when ITSP sends 401 Unauthorized. CUBE instead sends 503 Service Unavailable

Conditions: "error-passthru" is configured under voice service voip

Workaround: Disable "error-passthru"

  • CSCui97685

Symptom: While testing "default_zone_basic_vrf_lite.tcl" script with latest mcp_dev "BLD-BLD_MCP_DEV_LATEST_20130821_003026" iam observing connectivity failure

Conditions: Firewall and PBR interworking after CSCuh98033

Workaround: There is no workaround.

  • CSCui98934

Symptom: ATM PVC gets stuck in "IN" state when SPA-24CHT1-CE-ATM is reloaded.

Conditions: Occurs during SPA reload or SPA OIR

Workaround: Reload router

  • CSCuj00449

Symptom: Hung sessions for protocol vilolations

Conditions: CUBE handling of unsupported flows and violations/attacks

Workaround: There is no workaround.

  • CSCuj01244

Symptom: CUBE crashes during T38 fax call.

Conditions: This symptom is observed in an enclosed configuration.

Workaround: There is no workaround.

  • CSCuj01420

Symptom: ESP ucode crash observed with a SIPvicious packet observed

%CPPHA-3-FAULT: F0: cpp_ha: CPP:0.0 desc:INFP_INF_SWASSIST_LEAF_INT_INT_EVENT0 det:DRVR(interrupt) class:OTHER sev:FATAL id:2121 cppstate:RUNNING res:UNKNOWN flags:0x7 cdmflags:0x8
 

Conditions: The crashes are seen with SIPvicious packets

Workaround: Disable the SIP ALG for this port using no ip nat service sip udp port 5060 no ip nat service sip tcp port 5060

  • CSCuj02519

Symptom: Chunk memory leak in Crypto Proxy

Conditions: This is only seen with IPSEC HA configured

Workaround: There is no workaround.

  • CSCuj03101

Symptom: permit error all is not working

Conditions: log dropped message is enabled

Workaround: log dropped message is disabled.

  • CSCuj03148

Symptom: show platform hardware slot r0 led status may cause ASR1002X reload.

Conditions: show platform hardware slot r0 led status command on standalone ASR1002X.

Workaround: Do not use the command.

  • CSCuj04086

Symptom: On-demand dpd triggered

Conditions: Configure on-demand dpd on peer3. Keep receiving the traffic from peer1

Workaround: There is no workaround.

  • CSCuj04100

Symptom: ASR1k crashed with error message

CPPHA-3-FAULT F0: cpp_ha: CPP:0.0 desc:INFP_INF_SWASSIST_LEAF_INT_INT_EVENT0 det:DRVR(interrupt) class:OTHER sev:FATAL id:2121 cppstate:RUNNING res:UNKNOWN flags:0x7 cdmflags:0x8
 

Conditions: ASR1k running 03.10.00.S with configured zone based firewall

Workaround: There is no workaround.

  • CSCuj04321

Symptom: ASR crashed with CGN NAT configuration.

Conditions: Seen with CGN BPA feature configured.

Workaround: Removing the CGN BPA configuration, the router stops crashing.

  • CSCuj05175

Symptom: Crash with Unexpected exception to CPU: vector 400, PC = 0x6B09EF1C, LR = 0x8B78034

Conditions: Interface is "no shut", and SIP bindings are in place on that interface: sip bind control source-interface GigabitEthernet0/0 bind media source-interface GigabitEthernet0/0

Workaround: Unknown, may need bindings configured, so removal of them should keep the crash from occurring.

  • CSCuj05743

Symptom: unexpected logs are printed.

Conditions: run show platform hardware qfp active feature alg statistics

Workaround: There is no workaround.

  • CSCuj05759

Symptom: Customer has some VG350 and phones. They have FAC configured and all users need to enter the FAC code before make an external call. Customer are not able to hear the zipzip tone they used have before enter the FAC. User has cptone tw configured under voice-port.

Conditions: On all stcapp voice-port.

Workaround: under voice-port, change "cptone tw" to "cptone us"

  • CSCuj10937

Symptom: TDL meta file compat check issue

Conditions: There are no known conditions

Workaround: There is no workaround.

  • CSCuj11301

Symptom: Standby SBC ASR1k seeing "SNMP-3-INPUT_QFULL_ERR". SNMP input queue never drops, it continues to increase until it gets stuck at 1000, causing SNMP unresponsiveness to the device.

Conditions: When polling ciscoSbcCallStatsMIB on Standby-RP ASR1k

Workaround: "default snmp-server" to soft reset the SNMP Engine to make the ASR1K respond again (refresh the input queue); then apply SNMPVIEW configuration to block the MIB.

******************************************** snmp-server view cutdown iso included snmp-server view cutdown ciscoSbcCallStatsMIB excluded snmp-server community <insert_your_community_string_here> view cutdown RO snmp-server community <insert_your_community_string_here> view cutdown RW ********************************************
 
  • CSCuj11722

Symptom: ESP reload using packet-trace tool.

Conditions: debug platform packet-trace enable debug platform packet-trace packet 16 show platform packet-trace packet all

Workaround: Display packets individually rather than all at once: show platform packet-trace packet <0-8191>

  • CSCuj14045

Symptom: There is a field that was not displayed

Conditions: show sip-ua registration passthrough status detail

Workaround: sip-ua registration passthrough status

  • CSCuj14693

Symptom: modify bearer request is dropped.

Conditions: handoff from gtpv1 to gtpv2

Workaround: SGW recreate session

  • CSCuj16006

Symptom: Egress TCAM Look up failure for Vlan Scale on 6 Port 10G ELC.

Conditions: 24k vlan scale across ELC & interface reset.

Workaround: There is no workaround.

  • CSCuj17402

Symptom: Lite session related traceback in CPP client.

Conditions: ESP100, very high scale.

Workaround: Reduce number of sessions.

  • CSCuj20520

Symptom: GetVPN GM gdoi policy installation fails.

Conditions: This symptom is observed after reboot.

Workaround: Issue the command clear crypto gdoi after the reboot.

  • CSCuj21502

Symptom: show run only shows 191 na-dst-prefix-table out of 200

Conditions: configured a lot of na-dst-prefix-table, specially, more than 191

Workaround: There is no workaround.

  • CSCuj21826

Symptom: Traceback appeasrs in UUT

Conditions: Unconfiguring firewall configs from UUT

Workaround: There is no workaround.

  • CSCuj23603

Symptom: The ESP may crash in cpp_mcplo

%CPPHA-3-FAULT: F0: cpp_ha: CPP:0.0 desc:INFP_INF_SWASSIST_LEAF_INT_INT_EVENT0 det:DRVR(interrupt) class:OTHER sev:FATAL id:2121 cppstate:RUNNING res:UNKNOWN flags:0x7 cdmflags:0x8
 

Conditions: NAT is enabled and mode has been changed between "Classic"/default and CGN

Workaround: There is no workaround.

  • CSCuj24935

Symptom: Flow entries are created with "no ip nat create flow-entries" command.

Conditions: UUT is configured more than 3 static mappings

Workaround: There is no workaround.

  • CSCuj25418

Symptom: The ESP-100 and ASR1K-2X crash when flat policies are applied on both the tunnel and the destination sub-interface. This issue is observed when QOS is applied first on the tunnel then on the sub-interface as follows:

policy-map tunnel-shaper class class-default shape aver per 20 policy-map sub-int-shaper class class-default shape ave per 90 Be sure the tunnel is active and pointing to the sub-interface with QoS applied before applying the sub-interface policy. See the attached repro-steps for details. int tunnel1 service-policy out tunnel-shaper int g2/3/0.100 service-policy out sub-int-shaper
 

Conditions: When a sub-interface policy is applied after QoS is active on a tunnel, the tunnel is reparented from the current aggregation node to the sub-interface node. Since reparenting a leaf node requires adding a temporary node in the hierarchy to be able to move flow-control gracefully, the logic to detach the source leaf node from the temporary node was missing. As a result, the code generated a fatal error while attempting to free the temporary node before it is empty.

Workaround: There is no workaround.

  • CSCuj28985

Symptom: FP Crash during Multiple PPP(PTA/LNS) Session Flaps

Conditions: "subscriber accounting accuracy" is enabled

Workaround: There is no workaround.

  • CSCuj29429

Symptom: FP100 test CPLD image with version 13012900 is added in hw-programmable package.

Conditions: The FP100 test CPLD will be installed when the CPLD is upgraded.

Workaround: Do not upgrade FP100 CPLD.

  • CSCuj29469

Symptom: Waas and pfr features don't interoperate

Conditions: When both Appnav-waas and pbr/pfr are turned on

Workaround: There is no workaround.

  • CSCuj33916

Symptom: For VC type 4 PW, Ethernet VLAN, with single dot1q header packet, if one configure rewrite pop 1, expected situation is to copy COS from this header into dummy tag. In reality, we hit a bug, when COS 0 is copied into dummy tag into CORE.

Conditions: When transported traffic has outer vlan tag only, packet in MPLS core does NOT have copied priority field from dot1q header into MPLS EXP bits. Instead there is 0. When transported traffic has outer vlan tag and some vlan tags (QinQ) , packet in MPLS core DOES have copied priority field from outer dot1q header into MPLS EXP bits.

Workaround: Configure input policy-map under service-instance, where each class match dot1Q COS and impose EXP bits.

  • CSCuj39478

Symptom: ASR100x running IOS XE version 15.3(1)S configured as a CUBE Ent has been seen to have segmentation fault in certain rare circumstances. CUBE(Ent) on ASR has gone through really hard performance testing and this bug was not seen. Exception to IOS:

Frame pointer 0x7F98F04FB980, PC = 0x3A534E6 IOS Thread backtrace: UNIX-EXT-SIGNAL: Segmentation fault(11), Process = IOSXE-RP Punt Service Process -Traceback= 1#9821b08208133f5124c039ddebb8173b :400000 36534E6 :400000 203F6E8 :400000 1A9972F :400000 1A2C3B4 :400000 1A52F50 :400000 6487473 :400000 6486359
 

Conditions: Trigger of the issue is unknown.

Workaround: Since the crash is reported when port 26132 was used, by not using this port (udp port 26132 which was corresponding to the index 4874 in port_array). crash can be avoided. This can be done by changing the port range to something like 26134 to 32767 (currently it is 16384 to 32767) but this will reduce the number of CUBE calls from 4000 to around 1600 calls. In Cisco IOS XE3.10.1, this port range is 8000 to 48199 by default, so we will have a bigger port range to start with, and in this case the port corresponding to index 4874 is 17748, so we will have to change the port range to 18000 ? 48199 using the configuration. In addition Cisco IOS XE3.10.1 also allows configuration where the packets can be dropped in DP if no session exists in DP. This will not cause any one way audio as the IOSd is not really meant to process the media on ASR, and if there are any media issues those need to be addressed differently.

  • CSCuj39496

Symptom: When configuring Input MPLS aware FNF (under interrface config --- mpls flow mon MON_NAME in ) it can happen that FNF will cease to function due to cache entry leak/exhaustion.

Conditions: This can only occur with Input MPLS FNF and moreover only will occur with certain labels. In particular it will occur for MPLS labels for which the output of show plat hard qfp active feature cef-mpls prefix mpls <LABEL NUM> does *not* have an IPV4 adjacency.

Workaround: There is no workaround

  • CSCuj39901

Symptom: Crash with "ip nat settings mode cgn" in teh config

Conditions: There are no known conditions.

Workaround: Reload after changing settings.

  • CSCuj42585

Symptom: When a flat policy is applied to a MLPPP, MFR or GEC aggregation bundle, the current leaf schedule object is replaced with a new one. The code was not updating the cached object which resulted in accessing invalid memory when the bundle bandwidth is updated. The bandwidth is updated when a member link is added to or removed from the bundle. Configuration example: policy-map foo class prec1 bandwidth percent 10 interface Port-channel1 aggregate ip address 8.0.0.1 255.255.255.0 no negotiation auto lacp min-bundle 2 service-policy output foo

Conditions: When a bundle schedule is replaced, the cached object was not being updated leading to interface bandwidth update event to access invalid memory. The problem is not easy to recreate as would require the QOS event for processing the flat policy to be interleaved with an interface bandwidth update event.

Workaround: There is no workaround.

  • CSCuj43914

Symptom: The msg, %SMC-2-BAD_ID_HW: SIP0/0: Failed Identification Test in 0/0 [2/0] appears.

Conditions: This symptom is observed after bootup

Workaround: There is no workaround

  • CSCuj44868

Symptom: Wrong traffic distribution after adding new class with fair-queue and bandwidth percent 15 to the existing policy on fly

Conditions: After adding new class with fair-queue and bandwidth percent 15 to the existing policy on fly

Workaround: There is no workaround.

  • CSCuj46180

Symptom: echo request is dropped.

Conditions: echo request without private extension IE

Workaround: There is no workaround.

  • CSCuj46330

Symptom: Both ESP may crash

Conditions: while disabling flow entries with running traffic

Workaround: There is no workaround.

  • CSCuj51514

Symptom: ucode crash on clear nat translations

Conditions: ucode crashes when doing clear ip nat translations * on a scaled setup

Workaround: There is no workaround.

  • CSCuj51538

Symptom: Standby FP crashes

Conditions: standby fp continuously crashes on configuring pap with NAT,NAT64 on same box

Workaround: There is now workaround.

  • CSCuj52287

Symptom: ESP crashed with error message: %CPPHA-3-FAULT: F0: cpp_ha: CPP:0.0 desc:INFP_INF_SWASSIST_LEAF_INT_INT_EVENT0 det:DRVR(interrupt) class:OTHER sev:FATAL id:2121 cppstate:RUNNING res:UNKNOWN flags:0x7 cdmflags:0x8

Conditions: The crash is caused by a defect in BFD though no BFD is configured on any interface

Workaround: There is now workaround.

  • CSCuj56505

Symptom: SCCM phone registration on CCM via ASR1k is not happening

Conditions: ASR1k is configured with NAT configuration

Workaround: There is now workaround.

  • CSCuj58272

Symptom: The CP process crashes when reparenting more than 128 entries from one tree to the other. A reparenting event could be stimulated by either an internal or external event but this issue is more likely to caused by an internal reparenting. An internal reparenting could occur when a leaf node is transformed into a hierarchy layer node or when de-aggregating an aggregation node after the schedule size is below the 4000 threshold.

Conditions: When reparenting either a leaf or hierarchy layer entries, the resource manager was not clearing the counter that tracks the number of entries that need to be flushed after processing the first batch. This caused the code to run incorrectly to a point of completing the request prior to reprogramming the HW correctly. As a result some entries may be left in the source parent which cause a crash when the tree is freed before it is empty.

Workaround: There is now workaround.

  • CSCuj62858

Symptom: Active NAT tables in a VRF are cleared unexpectedly when unconfiguring a static NAT belonged to other VRF.

Conditions: The problem happens when following conditions are met. - 'network' option is used in the NAT rule. - The NAT rule which is to be unconfigured has overlapped local/global addresses with other NAT rules.

Workaround: There is no workaround.

  • CSCuj68747

Symptom: Trace back is seen while testing 2 and 3-way voice Xgcp calls in NAT environment

Conditions: UUT's are running with 15.4(0.26)T0.1

Workaround: There is now workaround.

  • CSCuj69001

Symptom: Crash after adding the ACL with the ttl option to QoS policy

Conditions: Create a policy with ACL containing ttl option. AND Attach this policy to an interface AND Send non-ip traffic (mpls or l2) to this interface. This has been seen on ASR1002 running asr1000rp1-advipservicesk9.03.06.00.S.152-2.S after adding the following: permit icmp host x.x.x.x host x.x.x.x ttl gt 20

Workaround: Don’t use an ACL with ttl option in QoS policy. OR -Add IPv6 class-map also to QoS policy

Ipv6 access-list v6_acl Permit ipv6 any Class-map match-any v6_class <---< Add this class to QoS policy Match access-group name v6_class
  • CSCuj91203

Symptom: Call Forward all/Blind Transfer to Ephone Hunt group scenarios fail from 15.4(0.21)T. The issue is seen only when:

There is a SIP trunk between two CMEs.(i.e incoming call to the CME is via SIP trunk)

There is a call-forward all to ephone hunt-pilot and none of the list members pick up the call and the final number has to pick up the call.(i.e When Incoming call is forwarded to the ephone hunt-pilot and none of the list members picks up the call, the call is not made to the final number rather a 302 response is sent to the caller)

The issue does not occur for:

The h323 trunk.

voice hunt groups

Direct call to the ephone hunt-pilot.

Conditions: 15.4(0.21)T & ephone-hunt group

Workaround: Local handling of 302 with below CLI: voice service voip no supplementary-service sip moved-temporarily.

  • CSCuj98769

Symptom: ESP crash after entering "debug platform condition stop" on an ASR1k with ISG feature set enabled and active subscribers.

Conditions:

ASR1k(config)#ip access-list extended SMTP ASR1k(config-ext-nacl)#permi ASR1k(config-ext-nacl)#permit tcp ASR1k(config-ext-nacl)#permit tcp any any eq 25 ASR1k(config-ext-nacl)#end
 
debug platform condition ipv4 access-list SMTP
debug platform packet-trace packet 8192
debug platform condition start
debug platform packet-trace enable
show platform packet-trace summary
debug platform condition stop
 

Workaround: There is no workaround

  • CSCul02786

Symptom: The original issue fails silently and it is only detected via traffic or inspecting the hierarchy via the CLI, show plat hard qfp act feat qos que out int <ifname> hier detail. The QoS rates are in accurate due to a bad hierarchy. Subsequent crashes and the issue that is documented in this DDTS were regression from the original fix intended to build the hierarchy on ESP-100 correctly. All issues involved fair-queue in a flat or hierarchical policy when applied on the fly.

Conditions: Applying fair-queue on the fly resulted in the bad hierarchy. As a result the provisioned services could not be guaranteed.

Workaround: There is no workaround.

  • CSCul10907

Symptom: ASR1002x or ASR1000 with an ESP100 may crash when Broadband MLPPP sessions with QoS applied are brought up or the sessions flap.

Conditions: This issues causes a ASR1K crash (cpp_cp_svr) when a Broadband MLPPP bundle with QoS is applied is brought up or the session flaps. Problem is most prevalent on MLPPP Bundles with two or more member links. Affects MLPPPoE, MLPPPoA, MLPPPoEoA, and MLPPPoLNS.

Workaround: There is no workaround.

Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S

This section documents the open issues in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S.

  • CSCuh17896

Symptom: CPU hog syslog (SYS-3-CPUHOG) followed by a traceback.

Conditions: Configured 2 KSs with coop - one of them is 1941. KS policy uses suite B and 100 ACEs. The KSs get split, send rekeys and get merged - their policy with now has 200 SPIs. Then, issue show crypto gdoi ks policy on the 1941.

Workaround: There is no workaround.

  • CSCuh24911

Symptom: Erroneous FRF12 configuration can result in an MLFR DLCI

Conditions: This symptom is observed under the following conditions:

Start with bundle level configuration for FRF12 that applies to all PVC/sub-intfs int mfr11 frame-relay fragment 80 end-to-end

Add a sub-interface and DLCI for it

Change the DLCI of that sub-interface to a different one- this leaves two DLCI config tables; one enabled the other disabled, but, both with FRF12

Remove the bundle level FRF12 from the bundle int mfr11 no frame-relay fragment 80 end-to-end

After this the one DLCI config in "disabled" is left with FRF12, while the active/enabled DLCI is removed of FRF12

Change the DLCI to the one currently disabled - now, this DLCI becomes enabled with FRF12, though the IOS says it is not with FRF12

After this point, there no way to remove FRF12 from this DLCI on this sub-interface/PVC

Even removing the sub-interface with "no interface MFR11.1" will not chang this situation

Workaround: Ensure to remove the FRF12 configuration from the MLFR interface prior to changing the DLCIs.

  • CSCui64059

Symptom: Router crashes during call forward scenario

Conditions: This symptom is observed when call forward is enabled.

Workaround: This issue is fixed.

  • CSCui79775

Symptom: Object 'cieIfCarrierTransitionCount' is incrementing three times for the interface, when interface configured to 'no shutdown' on the UUT router

Conditions: This symptom is observed when the object 'cieIfCarrierTransitionCount' is queried.

Workaround: There is no workaround.

  • CSCuj06344

Symptom: Tail drops on 1gig/10 Gig with 64 byte performance test

Conditions: This symptom is observed when FP160 and 50%HP 50% LP

Workaround: There is no workaround.

  • CSCuj16358

Symptom: ATM interface status is not stable, we have observed the following:

Topology: C10k-1(5/0/0)-------------- (0/2/0)ASR1002x(0/1/0)------------(5/0/1)c10k-2

1. link between c10k-1 and ASR1k goes down on either a link flap, session clear etc. (though not always).

2. When we change the framing on atm 5/0/0 to sonet while that on ASR 1002x is SDH the interface comes up (again this behavior is not consistant).

3. when the framing is SDH on both 5/0/0 and 0/2/0 the link remains down (with exceptions when we have interfaces up).

4. when we have framing configured as sdh on all teh four interfaces, 0/2/0 and 0/1/0 of ASR1k and 5/0/0 and 5/0/1 of c10k-1 and c10k-2, and the interface down between c10k-1 and asr1k. At this stage if we swap the cables between interfaces 0/1/0 and 0/2/0 of ASR1k both the interfaces come up.

Conditions: There are no specific conditions, this issue occurs at random

Workaround: There are no workaround.

  • CSCuj19293

Symptom: Bindings are present after inconfiguring Static NAT mappings

Conditions: This symptom is observed when static NAT is mapped with route-map

Workaround: There are no workaround.

  • CSCuj33062

Symptom: show flow monitor name link_usage_monitor cache format csv output is not seen for nbar feature

Conditions: This symptom is observed after RP upgrade

Workaround: There are no workaround.

  • CSCuj35488

Symptom: RP not coming up

Conditions: This symptom is observed after RP upgrade

Workaround: There are no workaround.

  • CSCuj43288

Symptom: with presence of POS spa and scaled DMVPN setup, errors and traceback showup, no more sessions come up

Conditions: This symptom is observed under the following conditions:

1) Presence of a POS SPA

2) ter-tunnel-qos applied to ipsec session on DMVPN HUB and flapping some sessions

And console stops to respond to command input.

Workaround: There is no workaround. Remove the SPA.

  • CSCuj44237

Symptom: With Suite-B configured (i.e. esp-gcm / esp-gmac transform) on a GETVPN Key Server (KS), Group Members (GM) the following error message is generated:

"*** SERIOUS ERROR: OVERLAPPING IV RANGES DETECTED ***"

Error message is generated when the following steps are performed:

GM registers to KS and downloads ACL1

KS configures ACL2 which is a subset of ACL1

KS issues "crypto gdoi ks rekey" & GM receives rekey successfully, downloading ACL2

KS configures the original ACL1 again

KS issues "crypto gdoi ks rekey"

After this, the GM begins to re-register.

Conditions: Suite-B is configured (i.e. esp-gcm / esp-gmac transform) on a GETVPN Key Server (KS) with GM's registered The KS policy ACL is changed from ACL1 to ACL2 (where ACL2 is a subset of ACL1) & a rekey is sent from the KS using "crypto gdoi ks rekey" The KS policy ACL is reset back from ACL2 to ACL1 & a rekey is sent from the KS using "crypto gdoi ks rekey"

Workaround: If a KS policy ACL1 must be changed to ACL2 and then changed back to the original ACL1 while Group Members (GM) have already registered and downloaded GETVPN Suite-B policy (i.e. esp-gcm / esp-gmac transform), do one of the following:

Wait for the TEK's of the original ACL1 to expire after the first rekey before changing back to the original ACL1

Issue "crypto gdoi ks rekey replace-now" instead of "crypto gdoi ks rekey" after changing back to the original ACL1.

If the above two workarounds do not work, issue "clear crypto gdoi" on the GM's with the error or "clear crypto gdoi ks members now" on the KS to reset the entire group.

  • CSCuj44771

Symptom: Queue_depth value incorrect with FRR Scaling

Conditions: Queue_depth values are not getting back to the original value(0) while shuting the interface

Workaround: There are no workaround.

  • CSCuj47459

Symptom: SVTI/GRE_V6 packets fails to decrypt

Conditions: This symptom is observed when RP_switches over the HUB and checks for ipsec status

Workaround: There are no workaround.

  • CSCuj49807

Symptom: Traceback seen while validating syslog

Conditions: This symptom is occurs when when validating syslog

Workaround: There are no workaround.

  • CSCuj53771

Symptom: Only audio is recorded for basic DO_EO video call.

Conditions: If the outbound leg is the anchor leg for a basic DO_EO video call,then only audio is getting recorded for the EO leg.

Workaround: It works fine for DO_DO and EO-EO video calls.Also if we make inbound as the anchor leg for DO_EO video call,video is getting recorded.

  • CSCuj55363

Symptom: In the lisp getVpn solution test, when the getvpn profile is applied in physical interface in the data path flow (such as interface between GM1 to core), the traffic got dropped with qfp error of "IpsecIkeIndicate"/"OUT_V4_PKT_HIT_IKE_START_SP" when the getvpn profile is applied to the LISP0 interface, Encrypted traffic flows in the LISP setup properly

Conditions: getvpn profile is applied to the physical interface instead of lisp interface.

Workaround: Apply getvpn profile in lisp interface.

  • CSCuj55984

Symptom: GetVPN crypto gdoi re-reg fails

Conditions: When active traffic and when the WAN intf flaps

Workaround: Issue "clear crypto gdoi" on UUT.

  • CSCuj66573

Symptom: ASR1k Flexvpn hub leaks at crypto_ep_alloc

Conditions: VPN migration between DMVPN and flexvpn

Workaround: There is no workaround.

  • CSCuj72342

Symptom: FP crash occurs with PPP sessions

Conditions: On applying nat settings to CGN mode

Workaround: There is no workaround.

  • CSCuj85322

Symptom: show platform hardware qfp active inter if-name gi0/0/4 | i STILE IPV4_INPUT_STILE_LEGACY IPV4_OUTPUT_STILE_LEGACY IPV6_INPUT_STILE_LEGACY IPV6_OUTPUT_STILE_LEGACY

Conditions: Configured: policy in, policy out and PD on interface. After removing policies and PD from interface, I see FIAs of STILE still bound to interface.

Workaround: Configure "ip nbar protocol-dicovery" and "no ip nbar protocol-dicovery" on any interface

  • CSCuj85340

Symptom: Enhancement request to improve datapath IPSEC debugs in XE3.11 and above

Conditions: This symptom is observed when you use datapath IPSEC debugs

Workaround: There is no workaround.

  • CSCuj87687

Symptom: Configure the erspan on kingpin and found the tail drop @128bytes

Conditions: This symptom is observed when get NDR under erspan on kingpin @128bytes

Workaround: There is no workaround.

  • CSCuj93637

Symptom: NBAR stop to work after reload with getvpn configuration.

Conditions: This symptom is observed when SSO is configure on the box.

Workaround: Remove the crypto map from the interface and attach it again.

  • CSCuj96470

Symptom: On performing SPA OIR with configuration of Unicast/Multicast/Broadcast storm control on 32k EFPs,fman_fp core was observed

Conditions: This issue is seen on FP100 card.

Workaround: Stop the traffic before performing a SPA OIR.

  • CSCuj99969

Symptom: NAT translations are getting dropped with scaling nat configs

Conditions: On applying 4k scaling vrf_nat configs .

Workaround: There is no workaround.

  • CSCul00248

Symptom: There are no records exported by media tool or any punt performance monitor.

Conditions: There is a clock mismatch between IOS and QFP.

Workaround: Configure NTP server.

  • CSCul01335

Symptom: FP may crash

Conditions: This symptom is observed on changing pap limit from 30 to 60 with traffic on

Workaround: There is no workaround.

  • CSCul01776

Symptom: Oracle-sqlnet signature may be to broad and needs some adjustment. Current implementation may cause some degradation in performance but has no impact on classification.

Conditions: Relevant where protocol discovery (or oracle-sqlnet QOS) is applied.

Workaround: There is no workaround.

  • CSCul04700

Symptom: ASR1K-PKI_Enhancment - Session is down while Matching Cert Map(UPN) under PKI Trustpoint.

Conditions: ASR1K-PKI_Enhancment - Session is down while Matching Cert Map(UPN) under PKI Trustpoint.

Workaround: There is no workaround.

  • CSCul17417

Symptom: While testing ISSU from mcp_dev->XE311(sub-pkg) with "otv" feature in 4RU-RP1 platform, Otv adjacency informations between the neighbours is missing

Conditions: This symptom is observed after active and standby RP upgrade

Workaround: There is no workaround.