Release Notes for Cisco IOS Release 12.2SXF and Rebuilds
Caveats in 12.2(18)SXD
Downloads: This chapterpdf (PDF - 435.0KB) The complete bookPDF (PDF - 8.72MB) | Feedback

Resolved Caveats in Release 12.2(18)SXD

Table Of Contents

Resolved Caveats in Release 12.2(18)SXD


Resolved Caveats in Release 12.2(18)SXD

Resolved IPServices Caveats

CSCee50294—Resolved in 12.2(18)SXD

Cisco IOS devices running branches of Cisco IOS version 12.2S that have Dynamic Host Configuration Protocol (DHCP) server or relay agent enabled, even if not configured, are vulnerable to a denial of service where the input queue becomes blocked when receiving specifically crafted DHCP packets. Cisco is providing free fixed software to address this issue. There are also workarounds to mitigate this vulnerability. This issue was introduced by the fix included in CSCdx46180 and is being tracked by Cisco Bug ID CSCee50294.

This advisory is available at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20041110-dhcp .

There are multiple workarounds for this issue: There are four possible workarounds for this vulnerability:

Disabling the dhcp service

Control Plane Policing

Two versions of Access Control Lists

Disabling the DHCP Service

This vulnerability can be mitigated by utilizing the command:

no service dhcp 
 
   

However, this workaround will disable all DHCP processing on the device, including the DHCP helper functionality that may be necessary in some network configurations.

Control Plane Policing Feature

The Control Plane Policy feature may be used to mitigate this vulnerability, as in the following example:

access-list 140 deny   udp host 192.168.13.1 any eq bootps
access-list 140 deny   udp any host 192.168.13.1 eq bootps
access-list 140 deny   udp any host 255.255.255.255 eq bootps
access-list 140 permit udp any any eq bootps
 
   
class-map match-all bootps-class
  match access-group 140
 
   
policy-map control-plane-policy
  class bootps-class
 
   
     police 8000 1500 1500 conform-action drop exceed-action drop
 
   
control-plane
 service-policy input control-plane-policy
 
   

For this example 192.168.13.1 is a legitimate DHCP server.

Additional information on the configuration and use of the CPP feature can be found at this link:

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6642/prod_white_paper0900aecd804fa16a.html .

This workaround is only applicable to Cisco IOS 12.2S, as this feature is only available in Cisco IOS versions 12.2S and 12.3T. Cisco IOS 12.3T is not impacted by this advisory.

Access Lists - Two Methods

Access lists can be applied to block DHCP/BootP traffic destined to any router interface addresses, as in the following example:

In this example, the IP address192.168.13.1 represents a legitimate DHCP server, the addresses 10.89.236.147 and 192.168.13.2 represent router interface addresses, and 192.168.61.1 represents a loopback interface on the router.

In this example, any bootp/dhcp packets destined to the router interface addresses are blocked.

access-list 100 remark permit bootps from the DHCP server
access-list 100 permit udp host 192.168.13.1 any eq bootps 
access-list 100 remark deny bootps from any to router f1/0
access-list 100 deny   udp any host 10.89.236.147 eq bootps
access-list 100 remark deny bootps from any to router f0/0
access-list 100 deny   udp any host 192.168.13.2 eq bootps
access-list 100 remark deny bootps from any to router loopback1
access-list 100 deny   udp any host 192.168.61.1 eq bootps
access-list 100 remark permit all other traffic
access-list 100 permit ip any any
 
   

access-list 100 is applied to f0/0 and f1/0 physical interfaces.

interface FastEthernet0/0
 ip address 192.168.13.2 255.255.255.0
 ip access-group 100 in
interface FastEthernet1/0
 ip address 10.89.236.147 255.255.255.240
 ip access-group 100 in
 ip helper-address 192.168.13.1
 
   

An alternate configuration for the interface access-list workaround.

This example would also need to be applied to all physical interfaces, but deny statements for all of the IP addresses configured on the router are not necessary in this approach. In this example, the address 192.168.13.1 represents a legitimate DHCP server.

access-list 100 permit udp host 192.168.13.1 any eq bootps
access-list 100 permit udp any host 192.168.13.1 eq bootps
access-list 100 permit udp any host 255.255.255.255 eq bootps
access-list 100 deny   udp any any eq bootps
 
   
interface FastEthernet0/0
 ip address 192.168.13.2 255.255.255.0
 ip access-group 100 in
interface FastEthernet1/0
 ip address 10.89.236.147 255.255.255.240
 ip access-group 100 in
 ip helper-address 192.168.13.1
 
   

Resolved Routing Caveats

CSCec16481—Resolved in 12.2(18)SXD

A Cisco device running Internetwork Operating System (IOS) and enabled for the Open Shortest Path First (OSPF) Protocol is vulnerable to a Denial of Service (DoS) attack from a malformed OSPF packet. The OSPF protocol is not enabled by default.

The vulnerability is only present in IOS release trains based on 12.0S, 12.2, and 12.3. Releases based on 12.0, 12.1 mainlines and all IOS images prior to 12.0 are not affected. Refer to the Security Advisory for a complete list of affected release trains.

Further details and the workarounds to mitigate the effects are explained in the Security Advisory which is available at the following URL:

http://www.cisco.com/en/US/products/csa/cisco-sa-20040818-ospf.html

CSCed40933—Resolved in 12.2(18)SXD

Cisco Internetwork Operating System (IOS) Software is vulnerable to a Denial of Service (DoS) attack from crafted IPv6 packets when the device has been configured to process IPv6 traffic. This vulnerability requires multiple crafted packets to be sent to the device which may result in a reload upon successful exploitation.

More details can be found in the security advisory which is posted at

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20050126-ipv6.

Resolved Security Caveats

CSCed65285—Resolved in 12.2(18)SXD

Certain release trains of Cisco Internetwork Operating System (IOS), when configured to use the IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access Control System Plus (TACACS+) as a means to perform remote management tasks on IOS devices, may contain two vulnerabilities that can potentially cause IOS devices to exhaust resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial of Service (DoS) condition. Use of SSH with Remote Authentication Dial In User Service (RADIUS) is not affected by these vulnerabilities.

Cisco has made free software available to address these vulnerabilities for all affected customers. There are workarounds available to mitigate the effects of the vulnerability (see the "Workarounds" section of the full advisory for details.)

This advisory will be posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20050406-ssh.html

CSCed93836—Resolved in 12.2(18)SXD

A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.

All Cisco products which contain TCP stack are susceptible to this vulnerability.

This advisory is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-ios.html, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS software.

A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-nonios.html.

Other Resolved Caveats in Release 12.2(18)SXD

Identifier
Technology
Description

CSCec33028

Access

PA-E3 needs shut/no shut to bring it up

CSCec73063

Access

Output wedge on multilink interface

CSCed08399

Access

NRT:Spurious Accesses seen on 7500 router (etext) for QoS tests

CSCed13350

Access

Ping from PE to CE in VRF not working with dCEF enabled

CSCed65436

Access

Spurious access @ ct3sw_tx_interrupt & ct3sw_fastsend

CSCee64499

Access

CWPA: SYS-3-INVMEMINT invalid mem action interrup level after reload

CSCin66542

Access

line protocol on T1 stays down even when T3 is hard looped

CSCin67296

Access

CWAN SSO :Fram relay PVC down after reload

CSCec03907

ATM

C7500 crashes when interface loopback 10xxxxxxx is configured

CSCec12294

ATM

cfg_atm_vcmode_bcs_func is broken

CSCee04747

ATM

memory leak when removing ATM VCs

CSCin53126

ATM

Router crashed at abort during OIR of ATM OC3 MM PA

CSCin76900

ATM

ATM-IMA stops passing ping after passing traffic for some time

CSCed92290

Content

CE4-NATIVE:wccp redirect issue after reloading the switch

CSCds71171

Infrastructure

Command show snmp ifIndex

CSCdv20075

Infrastructure

%SYS-3-CPUHOG process = IP SNMP

CSCdx30509

Infrastructure

(HUBBLE-ccCopy)no ccCopyCompletion trap sent after copyfile done.

CSCdy65658

Infrastructure

SSO: Policy-map not synched properly with the standby.

CSCdz27562

Infrastructure

snmpwalk on loopback interface gets response from physical int. IP.

CSCea69601

Infrastructure

Disk Corruption on C6400 and/or RSP compatible platforms

CSCeb35205

Infrastructure

Memory corruption and crash in SP after TFTP copying

CSCeb71693

Infrastructure

12.2S: issues with logging snmp-authfail command

CSCeb79675

Infrastructure

SNMP reply packets do not use the correct source address

CSCec55147

Infrastructure

Memory leak in IFS

CSCec63011

Infrastructure

Standby crashes in redundant systems

CSCec69091

Infrastructure

PCMCIA disk 0 is formatted from a diff router error

CSCed16920

Infrastructure

Constant high CPU in TTY background

CSCed44319

Infrastructure

copy produces corrupted files on big ATA disks

CSCed45942

Infrastructure

Bus error due to corrupted managed timer structure

CSCed64664

Infrastructure

SYS-2-LINKED: Bad enqueue messages when terminating multilink vpdn

CSCed81154

Infrastructure

SNMP retrieve configuration file crash SUP720 RP

CSCed86286

Infrastructure

Software forced crash at ssh_process_message_events

CSCin57765

Infrastructure

appending to files on disks can crash/hang system

CSCuk51673

Infrastructure

malloc_aligned adds unnecessary padding

CSCdv89039

IPServices

Bus Error in ipnat_unlock_parent_entry

CSCdw36571

IPServices

NAT: crash while nvgening static entries

CSCdx95455

IPServices

Memory leak in TCP Protocol with translate tcp

CSCea81029

IPServices

show ip igmp int crashed router

CSCeb54853

IPServices

SLB: tcp probes to failed http daemon show OPERATIONAL

CSCec13278

IPServices

IGMP: IGMP_clear_cache() invoked crashed LC when LC OIRed

CSCec29952

IPServices

bgp md5 authentication not working when configured in mpls vpn vrf

CSCec84887

IPServices

Sup720: Disabled STP for VLAN-bridge becomes to enable by shutdown

CSCed25055

IPServices

12.2S RLS3 (IOS): image crashes with copy ftp: bootflash:

CSCed37514

IPServices

HSRP not receiving Hello packets

CSCed52163

IPServices

Crash or CPUHOG when doing HSRP SNMP query

CSCed83740

IPServices

no ip nat source static command should check global and local addres

CSCee06948

IPServices

Sup720 running 12.2(17b)SXA is allowing connections to TCP port 514

CSCea71723

LAN

Qllc/dlsw sends CUR to mac-addr 0000.0000.0000 when x25 host is down

CSCea81145

LAN

SNMP/IFMIB test fails in vLAN env., when ISL in use.

CSCea39508

LegacyProtocols

DLSW SDLC FEP to FEP ( NCP PU4 to NCP PU4 ) FAILS WITH SECONLY

CSCea42831

LegacyProtocols

DLSw FST: Bus error during file transfer on MSFC2

CSCeb22529

LegacyProtocols

Snasw hardcodes llc2 n2=10

CSCeb39238

LegacyProtocols

DLSW bridge-group config changes the bandwidth on bvi int to 56 K

CSCec26432

LegacyProtocols

Router crash when executing show ipx access-lists

CSCec68023

LegacyProtocols

Tracebacks found when executing the command dlsw bridge-group 1

CSCee24464

LegacyProtocols

Router Reload with DLSW Ethernet Redundancy

CSCee39240

LegacyProtocols

certain FE intf can not receive cdp packets with dlsw transparent ER

CSCdz32659

Management

%SYS-2-MALLOCFAIL: -Process= CDP Protocol

CSCeb37746

Management

CDP broadcasts internal address when no address on interface.

CSCec25430

Management

IOS may reload from specific packet

CSCed40563

Management

malicious cfg reload neighbor routers by <show cdp entry * protocol>

CSCin67568

Management

Memory leak in CDP process with long host names

CSCdz08851

MPLS

FRR doesnt trigger on ethernet using RSVP HELLO

CSCdz23318

MPLS

Rewrite index passed incorrectly for loadshare rewrites

CSCdz33630

MPLS

Stanby RP crashes when SSO switchover in the HA MPLS co-existence

CSCdz73149

MPLS

Static route exported between vrfs on same pe router not in vrf RT

CSCea65827

MPLS

RP/VIP Crash: OIR Flexwan/loose IGP Route to BGP next hop router

CSCea72889

MPLS

Const2: MPLS VPN CSC bad table id no mpls on RR server 1kvpn

CSCea74222

MPLS

LSNT:Lose tag rewrite information of remote PE in cef table

CSCea76134

MPLS

e-iBGP loadbalancing does not work .

CSCeb08400

MPLS

Cannot see tfib entry for remote BGP routes with CsC config

CSCeb26389

MPLS

BGP allocates same local label to two VPN prefixes

CSCeb40653

MPLS

Bus error crash at vrf_interface_print when deleting vrf config

CSCeb78347

MPLS

Cannot create a VRF

CSCec45307

MPLS

DT:No memory for the expanded TFIB PSA

CSCec56047

MPLS

TE:gtag-rrr: TSP Tunnel not up (Destination IP address not found)

CSCec69982

MPLS

MPLS-AToM: LDP is not restablished after remove/add xconnect

CSCec86102

MPLS

Inconsistent tag info between RSP and VIP

CSCed22837

MPLS

Bus error ALIGN-1-FATAL:Corrupted program counter

CSCed39059

MPLS

LFIB is inconsistent when P-AIS injected on APS interface

CSCed45746

MPLS

duplicate tag between 2 VRFs

CSCed52578

MPLS

vrf route thru recursive tagged loadshared global route bogus label

CSCed55962

MPLS

Connected subnet not in TFIB

CSCed66160

MPLS

Router crashed while verifying if FRR is active at Backup Head

CSCed72297

MPLS

CPUHOG and watchdog timeout crash in LDP process

CSCed81317

MPLS

can not see bgp routes from CE after import map

CSCed82562

MPLS

TFIB/FIB not updated for static route to interface

CSCee07279

MPLS

TFIB NULLADJ errmsg triggered, fix root cause of null tagout_adj

CSCee15974

MPLS

ICMP message generated by LSR should have TTL=255 in all labels

CSCee26700

MPLS

memory leak caused by LSR MIB queries

CSCee43569

MPLS

TE-DB corruption on headend after NHop reload

CSCee56225

MPLS

Alignment errors in tfib_request_all_tags

CSCee59585

MPLS

Duplicate label in sh ip cef on LC

CSCee61423

MPLS

Traffic drop over TE tun from PE to PE when no LDP in core

CSCuk47482

MPLS

crash after no mpls ip

CSCeb30338

Multicast

Mcast traffic loss each minute as MMLS entry deleted and reinstalled

CSCec70366

Multicast

Mwheel process aborted on watchdog timeout and then SW forced crash

CSCec70428

Multicast

DVMRP segment remain pruned when main forwarder fails

CSCed02952

Multicast

filter-autorp option denys all in announce pkt

CSCed95515

Multicast

Pkts drop in all VLANs when last host in one VLAN leave this group

CSCee88700

Multicast

TCAM entry not built for secondary subnet with multicast stub

CSCee89438

Multicast

MSDP doesnt build S,G state after rxing *,G join

CSCec59728

platform-12000

SSO: Standby RP reloads once it is fully-up

CSCea57792

platform-76xx

13E5/GBIC:GE-WAN int with 1000baseT gbic is down after oir with traf

CSCea74537

platform-76xx

GEWAN:Input counter does not work when packet was received

CSCeb61377

platform-76xx

CWTLC fabric related alignment correction

CSCec59550

platform-76xx

OSM-POS crash @ sky4302_enter_drop_mode

CSCec62800

platform-76xx

20E:CWAN-QOS:Increased PQ latency when increasing default queue traf

CSCed07253

platform-76xx

512 Meg SODIMM chip not recognized and shows 256 instead

CSCed19431

platform-76xx

GigabitEthernet negotiation is broken on 7600

CSCed33881

platform-76xx

fatal errors in lc and line protocol down after reload

CSCed48085

platform-76xx

Stats incorrect for all BB2 OSMs with SUP720

CSCed49872

platform-76xx

SYS-2-GETBUF: Bad getbuffer SCP Hybrid process tracebacks

CSCed51835

platform-76xx

OSM/POS/BB1: OC12 IP 64 bytes performance may degrade

CSCed78077

platform-76xx

LRDI is not reported after reload on OSM-2OC12-ATM-SI PRDI is seen

CSCed86778

platform-76xx

: PQ problems with HQoS policy applied to 100 PWAN2 sub-intf

CSCed92724

platform-76xx

OSM-1CHOC12/T3-SI reporting false path E3 ais after shut/no shut

CSCee01868

platform-76xx

OSM-2+4GE-WAN+:Interface UP/UP with GBIC installed but not connected

CSCee45508

platform-76xx

OSM CHOC-OC12 freezes up while proccessing PPP keepalives

CSCee54642

platform-76xx

OSM local bus out of SYNC after stress

CSCee55056

platform-76xx

OSM interface byte counts are inaccurate

CSCee59667

platform-76xx

GE-WAN+ MTU config inconsistent with other IOS devices

CSCee84887

platform-76xx

OSM interface byte counters broken with high pps + large route table

CSCef19811

platform-76xx

MPLS:VPN:MLPPP:PE not receiving packets from connected CE

CSCed09364

PPP

bridge over multilink ppp cant pass traffic larger than 1499 bytes

CSCed42332

PPP

Distributed link fragmentation and interleaving caused VIP reload

CSCin54720

PPP

Bad refcount at datagram done with mlp_transmit_fragments

CSCin61922

PPP

dLFIoATM : mlp_qos - UUT crash with ALIGN-1-FATAL send_one_bufhdr_pk

CSCin67741

PPP

RP crashes on removing encap from multilink interface

CSCuk47905

PPP

Cannot ping across distributed MLPoATM interface

CSCeb43847

QoS

policy with set cos is accepted in main interface with error msg

CSCeb61825

QoS

VIP quantum not udpdated when MTU changed on PA-A3

CSCec49042

QoS

IPP not being trusted using nbar type class map

CSCec71488

QoS

MSFC2 crashed @ stile_in_policymap when SRM switchover

CSCec75389

QoS

Packet drops not seen in class 2 due to pkt count error on POS intf.

CSCed62637

QoS

CWPA: priority traffic latency varies with default traffic load

CSCee23845

QoS

Policer stops counting on egress after ingress poicy is reapplied.

CSCee31618

QoS

C2SUP2/FW2/CT3+:Voice packet drops at low rates with cRTP+LLQ conf

CSCee68344

QoS

GE-WAN card crashes in /enqueue/process-policymap_msg/policymap_hash

CSCin52060

QoS

After the policy got rejected hqf was not cleaned on vip

CSCin72437

QoS

MQC: Concurrent access crashes the Flexwan during switchover

CSCdr28078

Routing

traceback in MLSM Process on a TRBRF interface, MLS not configured

CSCdt38401

Routing

Frame-relay packets processed by cpu due to CEF inconsistency

CSCdv33550

Routing

%ADJ-3-ADJFIBIDB: Adjacency update with invalid fibidb(8) error

CSCdv33860

Routing

cef adjacency on a lane interface may drop packets

CSCdz40426

Routing

Configuring multiple eigrp processes under a VRF reloads router

CSCdz45031

Routing

distance eigrp missing from config after reload

CSCdz54875

Routing

translate-update broken under AFI mode

CSCdz77047

Routing

network backdoor is not working

CSCea66299

Routing

%BGP-3-NEGCOUNTER messages appear during route flapping

CSCea90941

Routing

IOS Ignores EIGRP Stub Command In Startup-Config at Initial Power On

CSCeb17467

Routing

BGP: RP crashes on clearing the BGP table

CSCeb40561

Routing

[SNMP] GGSN reloads during get next operation

CSCeb41095

Routing

no spf calc or dynamic update to ospf database if better learned rte

CSCeb62136

Routing

OSPF default-information originate not advertised on force-failover

CSCeb71671

Routing

NHRP on multi-point GRE tunnel interface causes router crash

CSCeb73578

Routing

FIB Adjacencies take a long time for static ARP entries

CSCeb82273

Routing

OSPFv3:DR fail to flood Netork LSA after neighbor flapping

CSCec04496

Routing

High CPU utilization when ospfIfEntry.* objects are polled

CSCec07636

Routing

snmpwalk on ospfnbrrtrld does not display all switch1 interfaces

CSCec19811

Routing

PE ping to CE router failed due to wrong source IP address.

CSCec29953

Routing

retrans counter not getting cleared / continuous ospf neighbor flap

CSCec38322

Routing

CEF reloader holding up memory when toggling DCEF-CEF-DCEF

CSCec44556

Routing

RIP updates not sent over ATM subints

CSCec55418

Routing

router crash when trying ospf authen several times

CSCec66162

Routing

On 10Gig LC pkts are route cached on rel due to missing cef entries

CSCec72160

Routing

ospf fa suppression failed to set forwarding address to zero.

CSCec82144

Routing

NRT:Router crashed at ospf_set_rpf_nexthop_for_te_tunnel in AToM FRR

CSCec83353

Routing

type7 fw addr set to 0 if next hop address is on VA intf

CSCed12382

Routing

CONST2/IPV6: %IPV6FIB-3-ASSERT messages with traceback on reload

CSCed20042

Routing

IPv6 CEF crash when encountering a recursion loop

CSCed26217

Routing

Unnecessary ARP was sent on OSPF non broadcast network

CSCed29557

Routing

Static routes are not deleted when PEs VRF interface is shut

CSCed29745

Routing

OSPF: first dbd packet not sent when MASTERs initial seq no == 1

CSCed39619

Routing

No passive-interface virtual 0 not working

CSCed43873

Routing

MPLS TE CLNS LSPLISTER traceback mls cef max on head router

CSCed46620

Routing

Reducing reflexive timeout causes CPU to go 100% while ACL creation

CSCed52749

Routing

OSPF: route missing even though OSPF database still exists

CSCed53047

Routing

OSPFv3: indication-lsa from non-Cisco router is ignored

CSCed55180

Routing

ARP process takes too long to update after switchover

CSCed57077

Routing

Crash on displaying expired reflexive ACL entries

CSCed60800

Routing

Routing Table not updated when BGP next hop is withdrawn

CSCed62835

Routing

IPV6FIB-SP-4-RECURSION,CEF IPC STACKLOW msg followed by crash

CSCed62901

Routing

PE failed to switch from BGP route to OSPF route across Sham links

CSCed63692

Routing

input high ospf tag number = output negative value

CSCed70694

Routing

commands entered on ipv6 address family config mode gives error

CSCed70979

Routing

Bus error at db_install

CSCed72062

Routing

ABR does not flood Type3 LSA from MPLS TE Tunnel

CSCed82207

Routing

CEF inconsistenancy between RP SP

CSCed86534

Routing

EIGRP traceback in dual_restart_finish after switchover

CSCed90943

Routing

dual_process_acked_unicast crash and dual_packetize_interface trace

CSCed91798

Routing

DHCP not working when CEF enabled

CSCed96062

Routing

RP crash at mgd_timer-set_exptime_internal

CSCee02786

Routing

IPX EIGRP fails to set originating router id on startup

CSCee18136

Routing

Integrate CSCed63152 and CSCee14378 into common commit

CSCee21263

Routing

Fragments from return traffic are being dropped by reflexive ACL

CSCee23517

Routing

Inconsistent Fib tables between RP and LCs

CSCee25019

Routing

OSPFv3/modifying redistribute route-map on the fly wont take effect

CSCee28148

Routing

OSPF NSF: LSA not removed from ospf database after SSO switchover

CSCee30050

Routing

FIB-3-FIBDISABLE Fatal error, no window message, LC to RP IPC non-op

CSCee34076

Routing

CEF entry not removed even if route removed on SSO switchover

CSCee35125

Routing

RP crashed on rip_redist_check on clear ip route *

CSCee36622

Routing

Summary LSA stuck in database

CSCee36721

Routing

OSPF does not adv Net LSA when two interfaces have same address

CSCee39853

Routing

CEF getting disable on Standby PRE

CSCee49764

Routing

OSPF redistribute max prefix fails if applied after SSO switchover

CSCef00037

Routing

SSO:T/B DUAL-3-INTERNAL IP-EIGRP(0) internal error after S/W

CSCef00535

Routing

RP crash on validblock when neighbor did SSO switchover

CSCef26976

Routing

Removing one vrf messes up ospf config of other vrf

CSCin30562

Routing

a2a l2tp Et-Vl:dCEF fails in ingress dirn after rpr-plus switchover

CSCin72573

Routing

IP directed-broadcast does not work with CEF enabled

CSCin73487

Routing

BGP Conditional advertisement broken

CSCuk48314

Routing

CEF LC IPC Background - %SCHED-7-WATCH:Attempt to monitor uninit Q

CSCuk52062

Routing

RIB link failure after memory exhaustion

CSCdz84583

Security

IOS fw allowing forged packets for a session initiated from inside

CSCec35857

Security

PKI: crash when authenticating a sub CA after auth the root

CSCed35253

Security

Router crash due to corrupted data in list with IOS-firewall

CSCed69858

Security

show ssh command issued repeatedly may crash the system

CSCee34939

Security

Memory leak when SSH client closes connection after key exchange

CSCin74155

Security

SSHv2:router crashes under heavy load at tcb_isvalid

CSCdx91720

Unknown

12.1(12c):Qos:Request to support L4 port expansion in QM code

CSCdy23659

Unknown

Need a way to clear alarms from SFM display

CSCdy53121

Unknown

outbound v.110 calls fail if taking longer 10 seconds to connect

CSCdy62969

Unknown

ALIGN-3-SPURIOUS messages do not include traceback

CSCdy85215

Unknown

Incorrect busy tone played to FXS on call-disconnect

CSCdz14210

Unknown

TCP Intercept watch mode w/conn time pkts SW switched

CSCdz39541

Unknown

Crash when no internal vlan available for pchannel

CSCdz46544

Unknown

MAN: Xponder FPGA version return wrong info, when show hard detail

CSCdz46944

Unknown

MF: Vlan not added to routing table after reload

CSCdz49171

Unknown

Cat4000-Sup3 sends IGMP Leave with 0.0.0.0 source IP address

CSCdz56449

Unknown

MAN:low alarm/low warning not reported in 14e throttle image

CSCdz56613

Unknown

no shut on a layer 3 interface doesnt work sometimes

CSCdz69546

Unknown

4006 SupIII Reload on tcp_putbyte process

CSCdz71462

Unknown

cbQosPostPolicyByte had been incorrectly set to cbQosPrePolicyByte

CSCdz83820

Unknown

RPF unicast(No ACL) forwards both valid & forged pkts

CSCea05915

Unknown

dMFIB: for HW engine use stats instead of signal for liveness

CSCea08556

Unknown

MMLS: OIF inconsistency results in duplicated traffic.

CSCea50629

Unknown

c-hyb:spt-threshold with mmls causes duplicate packets to be egress

CSCea60918

Unknown

(*,g) not removed after (s,g) del results in blackholing traffic

CSCea66218

Unknown

PA-MC-STM1 - Alarmed VCs can bring other VCs down

CSCea69733

Unknown

SPD does not work on AS5300 ethernet

CSCea71016

Unknown

station-id [name

CSCea71130

Unknown

MMLS/CEF: inconsistent OIFs. Exist on SP but not on RP

CSCea80003

Unknown

IPSec HA RRI injected routes not deleted on hsrp state change

CSCea84998

Unknown

Memory leak in Crypto IKMP

CSCeb01318

Unknown

Switchport trunk allowed vlan list broken on span destination ports

CSCeb14435

Unknown

19E, 8bE14: Mcast shortcuts take long to install after become DMode

CSCeb58952

Unknown

FlexWAN II OC3 LLQ Profiling: latency and voice pkt loss issues

CSCeb64666

Unknown

SPURIOUS mem at isakmp_send send_nat_keepalive in nat

CSCec07456

Unknown

BOOT variable should not have a semi-colon at the end

CSCec09193

Unknown

HA: Fix data descriptor and IfIdx sync key fields/widths

CSCec12236

Unknown

19E:OIR of fabric capabale card on SUP1/SupW causes crash

CSCec32173

Unknown

VSEC:VPN-SM-C2: Traffic is lost if the tunnel mac address is changed

CSCec34010

Unknown

OSM2-GE 64 bit main interface counters stay 0

CSCec36878

Unknown

DEL:no traffic switched when OIF MTU smaller than IIF on EARL6

CSCec39132

Unknown

I/O memory corruption due to IGMP packet flood.

CSCec45398

Unknown

Align error on SP- Traceback: mcast_mld_accept_group

CSCec50884

Unknown

BGP Multipath failover takes very long time to cnvrge (500K)

CSCec52045

Unknown

Respond Life Notify should be processed after SA is authenticated

CSCec53057

Unknown

crypto_drop_packet causing traceback and memory corruption

CSCec53406

Unknown

ACL ODM give up

CSCec59622

Unknown

CE3-HYB:Vlan interface doesnt come up after resetting DR in SRM

CSCec60933

Unknown

ssl-proxy mod <mod-number> allowed-vlan doesnt add module to vlan

CSCec67980

Unknown

snmp-server packetsize 8192 crashes HA standby

CSCec70454

Unknown

RSPAN on SUP720 running IOS causes spanning tree loop.

CSCec72813

Unknown

Traceback at ipaccess_match_duplicate (CPUHOG)

CSCec73134

Unknown

show crypto ipsec sa cmd can crash when IPSec SAs get deleted

CSCec73525

Unknown

C-hyb: Mcast packets may get dropped if ACL TCAM is full

CSCec74016

Unknown

Const2:Router crash when ipv6 ACL removed after remove isataptunnel

CSCec76910

Unknown

C2SUP2/C2MCAST: BIT-SP-4-OUTOFRANGE, then watchdog crash in LTL MGR

CSCec80654

Unknown

Hardware shortcuts installed without RPF traffic

CSCec86976

Unknown

NATIVE: Extended ACL checks 7 bits for dscp not 6 for class-map

CSCec90162

Unknown

tracebacks seen after enabling gre keepalive

CSCed00394

Unknown

Directly connected mcast subnet are NOT programmed in the SP

CSCed05807

Unknown

NBAR stays active even if removed from config

CSCed06744

Unknown

software flood to fabric issues with cross-DFC etherchannels

CSCed11313

Unknown

Packet drop by applying output ACL on Tunnel interface

CSCed12070

Unknown

switchport configuration changed BW value in show int

CSCed12393

Unknown

CPU-HOG in PIM,MLSM & MWheel and multi-device WATCHDOG crash

CSCed17923

Unknown

Const2:no idprom for module after multiple SSO switchover

CSCed19974

Unknown

:SSO:IPv6 interface stat mismatch messages with SSO swover

CSCed22387

Unknown

Ibc input queue drops constantly incrementing on SP

CSCed22494

Unknown

VPNSM: fail to insert RRI route if dynamic cmap added on the fly

CSCed23477

Unknown

RRI: routes not removed as expected

CSCed29594

Unknown

6500 may not unicast flood packets to rp with fallback bridging

CSCed33380

Unknown

IPC failure with show mls netflow ip

CSCed33793

Unknown

Mcast uflow policer does not work on LAN for > certain rates

CSCed34259

Unknown

SUP720 shows System returned to power-on even after a reload

CSCed35745

Unknown

ARP from CSM to real servers not sent downstream after reload

CSCed35900

Unknown

:CWPA2 mpls QoS classification not working until re-add policy

CSCed36177

Unknown

Cat6000 : RP may crash at tunnel_ip_les_fastswitch

CSCed38413

Unknown

cosmos_e:In 6148-GE-TX qos, trust dscp & prec functionality reversed

CSCed38862

Unknown

g1/1 of WS-X6748-GE-TX not link up after changing speed 10M or 100M

CSCed38956

Unknown

Client Browsers see significant delay in retrieving content from ser

CSCed41095

Unknown

SRM needs enhancement to count for lose packets during config-sync

CSCed46278

Unknown

Const2:C2MCAST Standby sup is resetting continuously

CSCed48412

Unknown

L4 port intersection not happening in port expansion

CSCed48718

Unknown

DEC workaround and SPAN reflector to be mutually exclusive

CSCed49423

Unknown

Temp. values not updated in show environment temperature

CSCed49574

Unknown

12.2S: traffic loss if in/out PO bundled Active/Plus LC

CSCed50556

Unknown

memory leak in Crypto IKMP

CSCed52841

Unknown

In some circumstances, switch is not responding to SNMP requests

CSCed53595

Unknown

INTERNAL ERROR (../pas/atmphy_dsx3mib.c:1370) could not delete inter

CSCed55238

Unknown

MST : Vlans interface on MSFC down after switchover

CSCed55283

Unknown

Catalyst 6500 running IOS in L2PT core displays CEs as CDP neighbors

CSCed55342

Unknown

Jumbo frames fail across etherchannel routed on the same vlan

CSCed56658

Unknown

MSTP: no CAM flushing on boundary port when TCN rx

CSCed61632

Unknown

SUP720 may not ARP after SRM-SSO failover with bridging enabled

CSCed62337

Unknown

OSPF adjacencies fail to come up with Sup720, PFC3a and MPLS

CSCed63590

Unknown

GTP SLB doesnt work with GGSN R5.0 Call Admission Control function

CSCed63897

Unknown

shut/unshut edge port cause TC to be initiated

CSCed65372

Unknown

RP/SP software forced reloaded after removing switchport from FE int

CSCed65584

Unknown

Vip crashed when using switched PVC with mfr

CSCed66865

Unknown

SP crash at earl7_force_crash

CSCed67113

Unknown

OSM-1CHOC12/T1 displays T1 has receiver loss of signal on T1

CSCed69233

Unknown

alignment error in qm_get_card_info_for_police_action

CSCed73700

Unknown

Vlan Translation does not work on WS-X6816-GBIC

CSCed75240

Unknown

: OAL does not work if egress int is Gig Sub-intf

CSCed75689

Unknown

pm assert fail,console hang,stdby crash when toggle mls mpls tunnel-

CSCed75920

Unknown

When Glean Rate Limiter enabled Egress ACLs applied on Ingress Pkts

CSCed76200

Unknown

Un all command after (debug ip csg cpu) causes error from CSM

CSCed77033

Unknown

Rp crash on doing sh glbp interface

CSCed77519

Unknown

Sup720-3BXL:EoMPLS:VLAN_M dot1q tag handling for IPv6 pkt problem

CSCed77602

Unknown

:All ports in the etherchannel being bounced on SSO

CSCed78487

Unknown

EoMPLS: L2 traffic causes l2_lc_add_entry l2_rc(8) num_fails.

CSCed78815

Unknown

BT:Shaping with class-default does not work on ATM pvc

CSCed79251

Unknown

Unexplained ro=1: PBIF mem ECC1 P2N popping up on console

CSCed79519

Unknown

Breakpoint exception due to RPC mismatch timeout

CSCed79694

Unknown

C2SUP2: Multi-Link FR fails to forward.

CSCed79711

Unknown

:LTL_DEBUG_ASSERT: Failture on index + j

CSCed80869

Unknown

Pikespeak : mac limit per vlan feature crashed

CSCed81908

Unknown

BOC,DEL,12.2S: HighFabUtil cause Berytos HealthMonitor fail & reset

CSCed82263

Unknown

Fornax / Macedon in slot13 cant switch traffic with reflector enable

CSCed84042

Unknown

SLB-MIB reports 0.0.0.0 for named real servers

CSCed85276

Unknown

VPNSM does not correctly decapsulated nested IPsec traffic.

CSCed85411

Unknown

Rapid-PVST: Short loop forming when root moves

CSCed85509

Unknown

: CWPA Port based EoMPLS packets are corrupted and received

CSCed86486

Unknown

T1 controller errors on cronos card

CSCed88426

Unknown

Extended acl breaks on first switchover (Ctrl-C not synced to stdby)

CSCed90255

Unknown

configuring egress policy silently turns nbar on the inteface

CSCed92837

Unknown

Standby RSP hangs after switchover, never loads current image

CSCed93264

Unknown

RP truncates the TOS byte to upper 3 bits on IP with option field

CSCed93359

Unknown

Startup config synched to stdby,BOOT_STRING_INVALID message appears

CSCed93707

Unknown

VPN-SM:Different comb of DF bit, PMTUD settings in GRE must be corre

CSCed94258

Unknown

Traffic routed on L2 DEC stops when other L2 DEC becomes non DEC

CSCee04176

Unknown

Mac-address-limiting inconsistent between LAN & VPLS

CSCee05413

Unknown

Memory leak in EARL VLAN stats subblock

CSCee05653

Unknown

RPR+: Standby SP can not take over when Active SP fails

CSCee05683

Unknown

crash triggered by clear ip slb sticky radius calling-station-id

CSCee07395

Unknown

Const2:FIB Protocol Allocation mismatch

CSCee07996

Unknown

vacl capture (vlan filter) does not get applied to multilink IF

CSCee08015

Unknown

Fabric TIMEOUT error handling on the NMP.

CSCee09385

Unknown

Request to add support for VACLs on HSSI interfaces

CSCee10614

Unknown

DEV: FibTcamSSRAM test fails

CSCee10773

Unknown

mls ip multi bid gm-scan-interval 10 appears setting PIM-SM

CSCee11200

Unknown

All Firmware debug msgs should print slot# and time stamp

CSCee11672

Unknown

Some static mac entries missing in DFC after module reset

CSCee11910

Unknown

SUP720 standby rp temp sensors missing

CSCee14838

Unknown

Multicast macs added for every L3 destination with igmp snooping

CSCee15581

Unknown

sss_mgr with invalid index into 2 arrays causes crash/traceback

CSCee15798

Unknown

CEF entries not installed on LC/SP after SSO switchover

CSCee15895

Unknown

Sup720 experienced high-rate counter-up on sh int null0

CSCee17030

Unknown

Sporadic delay with multicast leave/joins on Spu 720

CSCee18977

Unknown

T3 PMON do not update/increment caused by atmphy_dsx3mib_init

CSCee19156

Unknown

6PE does not obey mpls ttl propagation command

CSCee21772

Unknown

port-channel dflt results wrong after bootup

CSCee22362

Unknown

Multicast src only detection needs to happen faster

CSCee22993

Unknown

Sup720: Diags detect error on standby Sup after SSO failover

CSCee23058

Unknown

Incorrect Netflow Byte Counts With Large Flows

CSCee23271

Unknown

ifType is incorrect for VLAN Interface

CSCee24424

Unknown

Netflow error checking code reports L3-PS-DRVR: No Req Blks msgs

CSCee28200

Unknown

Performance hit due to Netflow table hash

CSCee28215

Unknown

CLI to output actual pps performance

CSCee28288

Unknown

2 second delay in forwarding the 1st packet of mcast stream on 7600

CSCee30816

Unknown

TTL for decremented on the encap side when hardware switching

CSCee31719

Unknown

MVPN: Encap PE with FS does not send out packets on the MDT Tunnel

CSCee32151

Unknown

Crossbar MIB not working correctly

CSCee33023

Unknown

L2-Aging : l2_aging_do_rm_rma_aging, entry not found by STDBY in SSO

CSCee33136

Unknown

MPLS packets duplicated in SRP ring (OSM-DPT)

CSCee34416

Unknown

Supervisor may crash due to TestSPRPInbandPing

CSCee35193

Unknown

OSPF sessions are not coming up using pos linecards in the core

CSCee36959

Unknown

Software Forced Reload:get_rp_cpu_info

CSCee38860

Unknown

In online diag mode module reset due to TestMacNotification Failure

CSCee38898

Unknown

llq not working under child policy when Fr flat policy is configured

CSCee38924

Unknown

SP crash @ l2_throttle_debug_print

CSCee39170

Unknown

Incorrect mask value set in ACL TCAM when matching on DSCP values

CSCee39798

Unknown

dot1dBase info should be available without SPT enabled

CSCee40846

Unknown

egress multicast to slot 1 ports also goes to Sup slot

CSCee42278

Unknown

OSM-12CT3/T1 fails to boot up

CSCee43090

Unknown

RLB subscriber packets may loop due to incorrect flow-mask.

CSCee44248

Unknown

Redundant Sup fails to come online after switchover

CSCee45170

Unknown

RPVST: Loopguard blocking both sides of a link without recovery

CSCee45404

Unknown

HSRP does not forward traffic correctly after primary back up

CSCee48296

Unknown

Badevent operator_power_on seen on bootup sometimes

CSCee50911

Unknown

OSM/OC12-ds0:Router crash due to illegal input

CSCee51501

Unknown

Excessive SCP retries and drops while doing shut/no shut repeatedly

CSCee53705

Unknown

cwpa2: Turn on FIFO flow control and EOS driver changes

CSCee53706

Unknown

SSM mapping does not work correctly in presence of IGMPv3 receivers

CSCee53998

Unknown

SUP720: part of config incorrectly written to run-conf after reload

CSCee54526

Unknown

SP: const_mpls_ios_set_hw_taginfo taginfo do not own rew, but ctagre

CSCee54734

Unknown

Need to disable module if a real bad xenpak is plugged in.

CSCee56573

Unknown

L3 traff s/w switched after removing/adding port channel

CSCee59513

Unknown

Broken connectivity over OSM-ATM after VRF unconfig

CSCee59601

Unknown

Interface Input drops/flush counter increment at a high rate

CSCee60121

Unknown

SLB-MIB returns null/zero value when polling <real name xxxx>.

CSCee63221

Unknown

SP crash DIAG_PF_CONST2_TEST_HAS_FAILED

CSCee65953

Unknown

Incorrect Netflow Byte Counts With Large Flows

CSCee68052

Unknown

unsolicited igmp reports do not always reset host join timer

CSCee68381

Unknown

Packet drops on old rev WS-X6516-GBIC

CSCee69687

Unknown

UDP fragments dropped with the VACL configured on the SVI

CSCee75540

Unknown

ltl_ha_sync:Failed to get checkpoint buffer message on reset of stdb

CSCee77817

Unknown

CSM cannot communicate with servers in Private VLAN

CSCee77920

Unknown

CSM needs to FT switchover on the same chassis as HSRP failover

CSCee77961

Unknown

CSM cannot sync configs to the standby CSM system

CSCee80365

Unknown

1st hop router randomly fail to add (s,g) flows oif in HW fib table

CSCee83733

Unknown

L2 traffic/connectivity loss after spanning tree reconvergence.

CSCee85152

Unknown

CEF Hardware switching produces ping failure on every other packet a

CSCee87897

Unknown

CSM needs CLIs to configure failstate improvements

CSCee89232

Unknown

Configuring platform while in automore state crashes switch

CSCee89586

Unknown

VPN-SM:ICMP unreachable sent for pkt w/ iplen+ovhead eq mtu, DF set

CSCee90183

Unknown

Need to change RPC syslog in case of RPC request sent failure

CSCee92719

Unknown

Duplicates in NDE on the Sup720

CSCee95301

Unknown

Unhide and document mls rate-limit multicast non-rpf command

CSCef03723

Unknown

HA Coexistence:MPLS:VPN:VRFs not in sync between primary and standby

CSCef04696

Unknown

Cat6K crashed in pm_cp_vlan_stp_topology_process during HA tests

CSCef07965

Unknown

System crashed when accessing CVDM from the switch

CSCin41024

Unknown

c2sup2:CWPA:DMLFR:FR Relay entry (sh fr map) is taking lot of time

CSCin49358

Unknown

PA-MC-STM1:Serial intf down after rpr+ switchover w/ RSP16

CSCin67400

Unknown

FRF12: Checksum errors with POS, ping fails

CSCin67419

Unknown

A shut of any of the member link or cont traff brings down MFR intf

CSCin68355

Unknown

:Marking with microflow policer not working with layer2 port

CSCin71561

Unknown

Bandwidth of port-channel not sum of bw of individual interfaces

CSCin72202

Unknown

Auth-Proxy do not work with ODM merge algorithm

CSCin74123

Unknown

mst root id becomes 0 after switchover

CSCin74475

Unknown

Connectivity lost to MWAMs for reseting CSM/MWAM modules on switch

CSCin76766

Unknown

Active SP reloads at ipc_send_rpc_blocked failed after RPR+ swover

CSCin78380

Unknown

Issues with isolated private vlan

CSCuk49481

Unknown

GRE packets inot correctly processed (DF) on cat6500

CSCdt36219

Voice

Router returned to ROM by bus error at ccsip_spi_control_main

CSCea71767

Voice

cRTP doesnt work with PPP on 1750 router

CSCea84911

Voice

Gateway not initiating OLC sometimes in slow start call

CSCea85410

Voice

router crash with one T1 of ivr calls

CSCin41335

Voice

Clock goes to local oscillator instead of Priority clock source

CSCdz00624

WAN

After configure no ip cef router starting to drop packets

CSCea43177

WAN

FR-SVC: Router crashes on applying show frame-relay svc maplist

CSCea56560

WAN

Sw crash with NTP config and debug

CSCeb10672

WAN

GSR dual-PRP: standby getting reloaded due to rf timer expiration

CSCeb25177

WAN

SRP interface Fast-switches when it should DCEF switch

CSCec27867

WAN

PA-POS: Interface remains down/down when enabled with critical alarm

CSCed62698

WAN

CWPA: ATM: DSCP bits 4-6 set to zero

CSCed78803

WAN

Packets coming in a shutdown subinterface are forwarded by CEF

CSCin34959

WAN

RP fails to recognize bay 1 ATM PA after bay 0 was test crashed

CSCin47130

WAN

Flexwan support for using CSCdy30984 for rate counters

CSCin54713

WAN

CWAN SSO:CT3 Mailbox hogging CCB Block semaphore on bootup

CSCin68724

WAN

set atm-clp bit not set on outgoing packets but QoS stats increment

CSCin76078

WAN

ATM(Deluxe & IMA) driver code for Flexwan to prefer priority packets