Table Of Contents
Caveats for Cisco IOS Release 11.3 T
Resolved Caveats—Release 11.3(11b)T5
Resolved Caveats—Release 11.3(11b)T4
Resolved Caveats—Release 11.3(11b)T3
Resolved Caveats—Release 11.3(11b)T2
Resolved Caveats—Release 11.3(11b)T1
Open Caveats—Release 11.3(11)T
Resolved Caveats—Release 11.3(11)T
Resolved Caveats—Release 11.3(10)T
Resolved Caveats—Release 11.3(9)T
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Release 11.3(8)T
Resolved Caveats—Release 11.3(7)T
Resolved Caveats—Release 11.3(6)T
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Release 11.3(5)T
Resolved Caveats—Release 11.3(4)T
Resolved Caveats—Release 11.3(3)T
Resolved Caveats—Release 11.3(2)T
Caveats for Cisco IOS Release 11.3 T
June 16, 2004
This document lists severity 1 and 2 caveats for Cisco IOS Release 11.3 T, up to and including Cisco IOS Release 11.3(11b)T5. Caveats describe unexpected behavior or defects in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious. This caveats document is revised for each maintenance release of Cisco IOS Release 11.3 T to document the latest caveats.
To improve this document, we would appreciate your comments. If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically at http://www.cisco.com/feedback/ or contact caveats-doc@cisco.com. For more information, see the "Documentation CD-ROM" section.
How to Use This Document
This document describes open and resolved severity 1 and 2 caveats:
•
The "Open Caveats—Release 11.3(11)T" section lists open caveats that apply to the current maintenance release, and might apply to previous maintenance releases.
•
Within the sections, the caveats are sorted by technology in alphabetical order. For example, AppleTalk caveats are listed separately from, and before, IP caveats. The caveats are also sorted alphanumerically by caveat number.
If You Need More Information
The most up-to-date documentation can be found on the Web through Cisco Connection Online (CCO) and on the latest Documentation CD-ROM. These electronic documents might contain updates and modifications made after the paper documents were printed. For information on CCO, see the "Cisco Connection Online" section. For more information on the CD-ROM, see the "Documentation CD-ROM" section.
For more information on caveats and features in Cisco IOS Release 11.3 T, see the following sources:
•
•
•
•
•
•
•
Note
The following table lists the most recent release notes when this caveats document was published:
Resolved Caveats—Release 11.3(11b)T5
Cisco IOS Release 11.3(11b)T5 is a rebuild release for Cisco IOS Release 11.3(11). The caveats in this section are resolved in Cisco IOS Release 11.3(11b)T5 but may be open in previous Cisco IOS releases.
•
A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.
Cisco has made free software available to address this problem. For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.
•
A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.
Cisco has made free software available to address this problem. For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.
Resolved Caveats—Release 11.3(11b)T4
Cisco IOS Release 11.3(11b)T4 is a rebuild release for Cisco IOS Release 11.3(11). The caveats in this section are resolved in Cisco IOS Release 11.3(11b)T4 but may be open in previous Cisco IOS releases.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOSĀ® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOSĀ® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
Resolved Caveats—Release 11.3(11b)T3
Cisco IOS Release 11.3(11b)T3 is a rebuild release for Cisco IOS Release 11.3(11). The caveats in this section are resolved in Cisco IOS Release 11.3(11b)T3 but may be open in previous Cisco IOS releases.
•
Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.
Cisco has made software available, free of charge, to correct the problem.
This advisory is available at:
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
Resolved Caveats—Release 11.3(11b)T2
Cisco IOS Release 11.3(11b)T2 is a rebuild release for Cisco IOS Release 11.3(11). The caveats in this section are resolved in Cisco IOS Release 11.3(11b)T1 but may be open in previous Cisco IOS releases.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Release 11.3(11b)T1
Cisco IOS Release 11.3(11b)T1 is a rebuild release for Cisco IOS Release 11.3(11). The caveats in this section are resolved in Cisco IOS Release 11.3(11b)T1 but may be open in previous Cisco IOS releases.
•
Cisco IOS software releases based on versions 11.x and 12.0 contain a defect that allows a limited number of SNMP objects to be viewed and modified without authorization using a undocumented ILMI community string. Some of the modifiable objects are confined to the MIB-II system group, such as "sysContact", "sysLocation", and "sysName", that do not affect the device's normal operation but that may cause confusion if modified unexpectedly. The remaining objects are contained in the LAN-EMULATION-CLIENT and PNNI MIBs, and modification of those objects may affect ATM configuration. An affected device might be vulnerable to a denial-of-service attack if it is not protected against unauthorized use of the ILMI community string.
The vulnerability is only present in certain combinations of IOS releases on Cisco routers and switches. ILMI is a necessary component for ATM, and the vulnerability is present in every IOS release that contains the supporting software for ATM and ILMI without regard to the actual presence of an ATM interface or the physical ability of the device to support an ATM connection.
To remove this vulnerability, Cisco is offering free software upgrades for all affected platforms. The defect is documented in DDTS record CSCdp11863.
In lieu of a software upgrade, a workaround can be applied to certain IOS releases by disabling the ILMI community or "*ilmi" view and applying an access list to prevent unauthorized access to SNMP.
Any affected system, regardless of software release, may be protected by filtering SNMP traffic at a network perimeter or on individual devices.
This notice will be posted at http://www.cisco.com/warp/public/707/ios-snmp-ilmi-vuln-pub.shtml.
•
A Border Gateway Protocol (BGP) UPDATE contains Network Layer Reachability Information (NLRI) and attributes that describe the path to the destination. Each path attribute is a type, length, value (TLV) object.
The type is a two-octet field that includes the attribute flags and the type code. The fourth high-order bit (bit 3) of the attribute flags is the Extended Length bit. It defines whether the attribute length is one octet (if set to 0) or two octets (if set to 1). The extended length bit is used only if the length of the attribute value is greater than 255 octets.
The AS_PATH (type code 2) is represented by a series of TLVs (or path segments). The path segment type indicates whether the content is an AS_SET or AS_SEQUENCE. The path segment length indicates the number of autonomous systems (ASes) in the segment. The path segment value contains the list of ASes (each AS is represented by two octets).
The total length of the attribute depends on the number of path segments and the number of ASes in them. For example, if the AS_PATH contains only an AS_SEQUENCE, then the maximum number of ASes (without having to use the extended length bit) is 126 [= (255-2)/2]. If the UPDATE is propagated across an AS boundary, then the local Abstract Syntax Notation (ASN) must be appended and the extended length bit used.
The caveat was caused by the mishandling of the operation during which the length of the attribute was truncated to only one octet. Because of the internal operation of the code, the receiving border router would not be affected, but its iBGP peers would detect the mismatch and issue a NOTIFICATION message (update malformed) to reset their session.
The average maximum AS_PATH length in the Internet is between 15 and 20 ASes, so there is no need to use the extended length. The failure was discovered because of a malfunction in the BGP implementation of another vendor. There is no workaround.
[Part of the text was taken from rfc 1771.]
•
Cisco IOS software contains a flaw that permits the successful prediction of TCP Initial Sequence Numbers.
This vulnerability is present in all released versions of Cisco IOS software running on Cisco routers and switches. It only affects the security of TCP connections that originate or terminate on the affected Cisco device itself; it does not apply to TCP traffic forwarded through the affected device in transit between two other hosts.
To remove the vulnerability, Cisco is offering free software upgrades for all affected platforms. The defect is described in DDTS record CSCds04747.
Workarounds are available that limit or deny successful exploitation of the vulnerability by filtering traffic containing forged IP source addresses at the perimeter of a network or directly on individual devices.
This notice will be posted at http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml.
Open Caveats—Release 11.3(11)T
This section describes possibly unexpected behavior by Release 11.3(11)T. Unless otherwise noted, these caveats apply to all 11.3 releases up to and including 11.3(11)T.
Basic System Services
•
The disconnect-cause and disconnect-cause-ext attributes are missing in the Terminal Access Controller Access Control System Plus (TACACS+) network accounting stop record.
There is no known workaround.
•
When Ascend compression is configured to Microsoft Point-to-Point Protocol (PPP) compression, Cisco RADIUS code misinterprets the Ascend compression as a stac compression.
There is no known workaround.
•
When the terminal issues a printing command on a Cisco 2600 series router to the UNIX host, the router loses the first frame collections.
There is no known workaround.
•
On a Cisco AS5200 series access server, AAA Accounting using RADIUS retransmits an accounting stop record with the delay-time equal to the radius-server timeout. This only happens on bonded ISDN calls that last for 2 minutes or longer.
There is no known workaround.
IBM Connectivity
•
If you have a data-link switching (DLSw) direct encapsulation serial link WAN with an Ethernet LAN on one side and Token Ring LAN on the other, connections can only be established from the Token Ring side.
Workaround: Raise the maximum transmission unit (MTU) of the serial WAN to approximately 1800 bytes.
•
A reload might occur when removing a serial tunnel from a Cisco 2600 series router.
There is no known workaround.
Interfaces and Bridging
•
When the MAC address of an ATM interface is changed, the interface is reset and the switched virtual circuits on the interface are removed. Later, when the upper layer code tries to disconnect these virtual circuits, the requests are rejected. This causes the virtual circuit descriptors (VCDs) of these virtual circuit (VCs) to be in a "Delete Pending" state, and they cannot be used again.
Workaround: Use the shutdown command on the interface before changing the MAC address and then use the no shutdown command to enable the interface.
•
When encapsulation is changed on a PRI interface, B-channel interfaces are set in the Up state. This causes the first call to the B channel to fail, but subsequent calls to that channel work after the first failure.
Workaround: When changing encapsulation on a PRI interface, you must first use the shutdown command on the interface before configuring the new encapsulation.
•
A Cisco router might experience high (55-99%) CPU utilization.
Workaround: Turn off Frame Relay compression.
•
ISDN Layer 2 will not initialize with High-Level Data Link Control (HDLC) and Stac compression combined.
Workaround: Run Cisco IOS Release 11.3(8.3)AA or disable Stac compression.
•
When stac compression and no fair-queuing are configured on a channel-group interface and traffic increases, delays can occur on other channel groups. This can result in poor voice quality if VoIP is running over the other channel groups.
Workaround: Use PPP instead of HDLC.
•
A Cisco 7500 series router running the rsp-jsv40-mz (Enterprise 40) software image on Cisco IOS Release 11.3 (9.2)T might experience a bus error.
There is no known workaround.
IP Routing Protocols
•
A ping from a Cisco 7200 series router fails to reach to an IP address of a physical unit under the channel while using Cisco IOS Release 11.3(9)T with XCPA-26-8.
There is no known workaround.
•
When an ethernet line is disconnected on a Cisco 2600 series router, the Switched Multimegabit Data Service (SMDS) link might fail.
There is no known workaround.
Miscellaneous
•
Modem or asynchronous calls appear to overwrite the channel data that is already in use by an ISDN call (CISCO-POP-MIB).
There is no known workaround.
•
Configuring Cisco IOS Release 11.3(4)T1 on a Cisco 2600 router and attempting to establish an IPSec tunnel to an Ascend router that is running beta IPSec code might cause the router to reload.
There is no known workaround.
•
When the serial 0:23 interface is used as a backup interface, the "return to operational" status of the backed up interface might cause the T1 line to go down and put the switch (a Nortel DMS250) into an "alarm/locked out" state. This problem is caused by what the switch sees as an abnormal shutdown of the T1 line.
Workaround: Use a dialer interface as the backup interface. This leaves the T1 line alone so that it never goes down, thus avoiding the problem.
•
The Cisco 3600 series modular access platform might cease to output data on the Ethernet and serial interfaces of the 2E2W combo card. The serial interface might react with a "line protocol down" error and severe output drops on the Ethernet and serial interfaces.
Workaround: A reload temporarily corrects the situation.
•
The Dynamic Host Configuration Protocol (DHCP) proxy allows the same IP address to belong to two users on different ports with the same username.
Workaround: Ensure that all users have unique usernames.
•
Authentication using a Vircom RADIUS server stops working after you upgrade to Cisco IOS Release 11.3(6)T1 on a Cisco 5300 series access server.
There is no known workaround.
•
On a Cisco 3600 series router, the voice quality is degraded by misses in the Real-Time Transfer Protocol (RTP) header-compression.
There is no known workaround.
•
When Cisco IOS Release 11.3(4)T, 11.3(6)T, or 11.3(7)T is running on a Cisco 2613 router, the following error message scrolls across the log:
%SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=809E66FC, count=FFFF8093 -Traceback= 801AF4B4 8057413C 80575764 801BD450 801BCB44 801F0D68There is no known workaround.
•
A Cisco 7204 router might restart by arithmetic exception tcp_statestring.
There is no known workaround.
•
A Cisco 2612 router experiences a problem when connecting to a BayStack 504 Hub by way of Bay Networks 354-ST Fiber Extenders.
There is no known workaround.
•
A Cisco router might restart because of a bus error at cd2430_read_cable_id.
There is no known workaround.
•
A Cisco 7206 router running the Cisco IOS c7200-ds-mz.113-8.T1 image restarts with the following error:
Software forced crash, PC 0x602F7AB0The following stack trace decode indicates that memory corruption has occurred:
0x602F7AB0:abort(0x602f7aa8)+0x8 0x602F6368:crashdump(0x602f6284)+0xe4 0x602E3008:validblock(0x602e2e48)+0x1c0 0x602E5CD0:validate_memory(0x602e5c50)+0x80 0x602E7A78:checkheaps(0x602e7a10)+0x68 0x602E7CB0:checkheaps_process(0x602e7bd0)+0xe0 0x602DBB74:r4k_process_dispatch(0x602dbb60)+0x14 0x602DBB60:r4k_process_dispatch(0x602dbb60)+0x0There is no known workaround.
•
If encryption is running on an interface, keepalives are not sent to the other end of the circuit, causing the circuit to fail. Remove encryption statements and the circuit will recover.
There is no known workaround.
•
A Cisco 7200 series router running an Enterprise image (c7200-js-mz) might experience unexpected reloads.
There is no known workaround.
•
Running two Cisco 3640 routers might affect the performance of all the analog voice-ports.
Workaround: Reload the routers.
Protocol Translation
•
In Cisco IOS Release 11.3 running Transmission Control Protocol (TCP) to X.25 protocol translations, translation sessions might be closed prematurely.
There is no known workaround.
•
A Cisco 2600 series router reloads when translating X.25 to PPP on a vty asynchronous interface that is being cloned from a virtual template. When the router receives a connection and tries to clone the virtual template, the router restarts with a SegV fault in pt_run_vtyslip_ppp_connection.
There is no known workaround.
TCP/IP Host-Mode Services
•
When two rlogin sessions are made on a router within 1/2 second, one session might send data while the urgent pointer received from the server was intended for the other rlogin session.
There is no known workaround.
•
A Route Switch Processor in a Cisco 7500 series router might restart with the following error:
a Software forced crash, PC 0x601F750 at %TCP-2-INVALIDTCPENCAPS: Invalid TCB encaps pointer: 0x0 -Process= "IP Input"There is no known workaround.
Wide-Area Networking
•
Upgrading to Cisco IOS Release 11.3(3a)T creates an authorization when you try to dial out using ISDN.
Workaround: Turn on authorization for the user.
•
A Cisco 7500 series router with channelized E1 lines might reload while removing the channel-group x timeslot y-z command from the E1 controller. This problem occurs when the associated channel-group serial interface is running Point-to-Point Protocol encapsulation.
Workaround: Shut down the E1 controller with the subcommand shutdown when making changes.
•
Pressing the cancel button when asked for a callback number might terminate a connection.
There is no known workaround.
•
This caveat occurs when two routers configured to asynchronous dial each other using static dialer maps with PPP encapsulation and PPP authentication CHAP.
The first router dials into the second router and connects. PPP negotiates with no problem and the IP route is installed. The first router pings the second router and fails. The debug IP packet on the first router indicates that the packets have been sent.
Workaround: Remove the ppp authentication chap/pap command from either router.
•
A Cisco 3640 router might reload by a bus error at ClearTimer when running Cisco IOS Release 11.3(7)T.
There is no known workaround.
•
A Cisco 2600 series router running Cisco IOS Release 11.3 reloads with a SegV exception when you enter the x25 map cmns command.
Workaround: Use the equivalent x25 route command.
•
A Cisco 7500 series router running HP OpenView discovery causes the router to reboot.
Workaround: Disable SNMP on the router.
•
A Cisco 7500 series router with an ATM Interface Processor running Cisco IOS Release 11.3(7)T can reload with the following bus error:
System was restarted by bus error at PC 0x6081E95C, address 0xDEADBF1F"This output appears after you issue a show version or a show stack command.
There is no known workaround.
•
The following caveat occurs on systems containing all of these preconditions:
•
•
ISDN users might experience reloads after connecting to the Internet service provider.
There is no known workaround.
•
Using PIC code for an international call is tagged as a local call as opposed to an international call; therefore, the ISDN 5ESS switch rejects this asynchronous call.
There is no known workaround.
•
When a two-port asynchronous/synchronous serial WAN interface card (WIC-2A/S) is configured as asynchronous, it works properly, but does not show up in the running configuration or the startup configuration. However, when configured as synchronous, the serial interfaces appear in the configurations.
There is no known workaround.
•
A Cisco 2600 series router running Cisco IOS Release 11.3.(9)T reboots when doing an X.25 to TCP translation.
There is no known workaround.
•
A Cisco 2600 series router running Cisco IOS Release 11.3T might reload due to a SegV exception when a LAN Extender (LEX) interface is enabled.
There is no known workaround.
•
A Cisco router running TCP to X.25 translation on a X.25 serial link might reload with a bus error.
There is no known workaround.
•
A Cisco 2610 router running Cisco IOS Release 11.3(9)T connected to a Switched Multimegabit Data Service (SMDS) cloud through a serial interface might experience connectivity problems when fastswitching is enabled.
Workaround: Disable fastswitching.
•
When substitute-source and substitute-destination are configured in the same X.25 route statement, the service adapter substitution might be corrupted.
There is no known workaround.
•
When optimum switching is configured on an RSM/VIP2 Token Ring adapter interface, trace routing through the RSM/VIP2 reports the same next-hop address twice.
Workaround: Use distributed switching on the RSM/VIP2 port adapter interfaces.
Resolved Caveats—Release 11.3(11)T
All the caveats listed in this section are resolved in Release 11.3(11)T. This section describes only severity 1 and 2 caveats.
Basic System Services
•
Certain Internetwork Status Monitor (ISM) NetView users can issue nonenable mode commands without router authentication. Users accessing the router through NetView must be authenticated through NetView's security methods, which may include RACF and SAF. Mainframe users can be restricted from issuing any router commands through the restriction of the RUNCMD within NetView. Users issuing enable mode commands must be authorized to issue this level of command through ISM, and must possess the ENABLE mode password. If the router is controlled by TACACS+, the ISM user must have a TACACS+ user ID and password to issue enable level commands.
There is no known workaround.
•
The accounting log and the Calling-Station-Id attribute are incorrect in the accounting log.
There is no known workaround.
•
The ip trigger-authentication command is not available on Cisco 1605 routers.
There is no known workaround.
•
When vpdn search-order domain is configured, you might experience the following message, which indicates that a search is done on DNIS and not the domain:
Apr 19 18:04:32.572: %VPDN-6-AUTHORERR: L2F NAS APAS5 cannot locate a AAA server for As19 DNIS 9955555.There is no known workaround.
•
A Cisco 7513 router might reload when you issue the aaa accounting periodic timer event, or aaa accounting periodic commands.
Workaround: Remove the aaa commands.
DECnet
•
Configure DECnet on a Cisco 2611 router running Cisco IOS Release 11.3(7)T causes the router to reload.
There is no workaround.
EXEC and Configuration Parser
•
A MICA line with flowcontrol software configured does not properly respond to an XOFF flow control character received from a modem if the line is running an outbound Telnet session. Issuing the show line command shows that the line is in the "Waiting for XON" state. The IOS software should wait for an XON flow control character; however, it keeps sending data out the line.
There is no known workaround.
IBM Connectivity
•
A Cisco 7206 router running Cisco IOS Release 11.3(9)T that is configured for DLSw priority peers might reload with a bus error.
There is no known workaround.
•
If a Cisco Route Switch Module (RSM) is configured with IBM Spanning Tree, and IP routing is disabled, the RSM does not respond to a single-route or all-route ARP frame destined to its MAC address.
Workaround: Disable IBM spanning tree on the RSM.
Miscellaneous
•
Initiating a Kerberized Telnet session from a router to a remote host causes the router to reload. This only happens when credential forwarding is configured and when the Telnet session is using a Token Ring interface.
There is no known workaround.
•
The following caveat occurs on a system with all of the following attributes:
•
•
The purpose of this setup is to support virtual private dial-up networking (VPDN). The Nortel Rapport acts as the network access server (NAS), and a Frame Relay connection exists between the Rapport and the Cisco 3620 router. The Cisco 3620 router acts as the home gateway. The caveat occurs when a UNIX client dials into the Rapport and interactively logs in and starts a PPP session. The Rapport never attempts to open an L2F tunnel for the UNIX client. The UNIX client receives a gateway login failed error message from the Rapport.
Workaround: The problem does not occur when the router runs Cisco IOS Release 11.2(15a)P.
•
A Cisco AS5300 series access server running Cisco IOS Release 11.3(7)T and MICA code 2.6.1.0 will not make two consecutive outgoing calls. Every second outgoing call fails.
There is no known workaround.
•
A Cisco 3640 NM-4T four-port serial module does not function when a 1FE-1CT1 is in slot 2 and an NM-30DM is in slot 3. This caveat also applies to the HSSI model of the 3640 NM-4T port adapter.
Workaround: Place the 1FE-1CT1 in slot 3 and the NM-30DM in slot 2.
•
DLSw on the route switch module (RSM) does not operate after you delete remote source-route bridging (RSRB) configurations.
Workaround: Reload the RSM.
•
Encryption traffic does not bring up an asynchronous dial-up line.
There is no known workaround.
•
A Cisco AS5300 access server experiences a bus error under heavy load conditions that are caused by outgoing modem calls.
There is no known workaround.
•
After a Cisco router is reloaded, the data encryption service adapter (ESA) cannot reestablish an active crypto connection.
Workaround: Remove the crpto map, reload the router, and apply the crypto map again.
TCP/IP Host-Mode Services
•
There is no flow control in RIF passthrough over DLSw. Therefore, if the steady-state traffic on the LAN is greater than the TCP peer connection, the TCP queue can build up above the TCP-queue maximum. This causes the DLSw TCP peer session to fail eventually.
There is no known workaround.
•
TCP intercept only works with NetFlow switching in watch mode.
Workaround: If intercept mode is required, use either optimum or fast switching.
TN3270
•
The TN3270 client available in Cisco IOS software does not display local characters that are typed on the screen. System logon continues, and screens appear in the correct sequence, but locally typed characters are not displayed.
There is no workaround.
Wide-Area Networking
•
When two routers (Router A and Router B) have been configured to asynchronously dial each other using static dialer maps (using the encapsulation ppp and ppp authentication chap commands), Router A dials Router B and connects. PPP negotiates with no problem and the IP routes are installed. Router A pings Router B but fails. The debug IP packet on Router A shows that packets were sent. The debug IP packet on Router B shows "encapsulation failed."
There is no known workaround.
•
A virtual access interface is failing to add packet inputs and outputs of two physical pipes of a multilink PPP bundle connection coming from the same user as an analog call to the asynchronous line of a Cisco AS5200 access server. The client environment is using Windows 98 dial-up networking.
There is no known workaround.
•
A Cisco 4000 series router restarts with a bus error at PC 0x11A26A, address 0x4AFC4C8A. The router reloads approximately twice a day.
There is no known workaround.
•
A Cisco RSP2 might reload several times a week with the following error:
System was restarted by bus error at PC 0x6024BD28[rsp_aip_fs_body(0x6024a310)+0x1a18], address 0x2[__start(0x60010000)+0x9fff0002]rsp_aip_fs_body rsp_process_rawq rsp_qa_intr rsp_aip_fs_bodyThere is no known workaround.
•
When a PRI interface is configured as a backup interface and a router is reloaded with this configuration, the PRI will not establish layer 2 when the primary interface fails. Set asynchronous balance mode extended (SABME) packets are seen from the switch, but the Cisco IOS software does not respond until the interface is physically reset (that is, you unplug and plug in the PRI cable.)
There is no known workaround.
•
If you use Erickson X.25 switches and a call is switched on a router using the second address defined in the x25 route command, the outgoing call has the facility byte changed and the call is cleared.
There is no known workaround.
•
Under certain circumstances, a LANE subinterface that is shut down might be reported as "active" from a Hot Standby Router (HSRP) point of view.
There is no known workaround.
•
AODI might drop the first D-channel link and then drop a B-channel link, but leave a second B channel up.
There is no known workaround.
•
Incoming calls on a Cisco 2619 router might be cleared, and then the following messages appear:
%ISDN-6-NO_TIMER: No Free Timer Entry, caller 0x800AC840, timers used 3839 %ISDN-6-INVALID_TIMER: LIF_RemoveTimer: Invalid Timer Handle, caller 0x800A9DBC handle -1 %ISDN-6-NO_TIMER: No Free Timer Entry, caller 0x800AC840, timers used 3839 %ISDN-6-INVALID_TIMER: LIF_RemoveTimer: Invalid Timer Handle, caller 0x800A9DBC handle -1There is no known workaround.
•
An E1 controller (PRI) might stop responding to the ISDN call setup of a telco switch.
Workaround: Reload the router.
•
You might observe an ISDN memory leak on a Cisco 4500 central router. When the remote sites go down or the ISDN link drops, the central router repeatedly attempts to dial the remote site. If the connection is not established, the central router keeps dialing and eventually runs out of memory and reloads.
Workaround: Reboot the router.
•
A Cisco router that is configured for Dialer Watch needs to call the remote end because of failing watched routes. If the call is unsuccessful for any reason, the router never attempts to dial out. No attempt is made, even when the route has been restored or removed.
Workaround: Reload the router.
•
A Cisco 2600 series router with a Cisco Multiport Basic Rate Interface (MBRI) cannot place outgoing calls because "No free dialer" is reported even if the dialer is idle.
There is no known workaround.
Resolved Caveats—Release 11.3(10)T
All the caveats listed in this section are resolved in Release 11.3(10)T. This section describes only severity 1 and 2 caveats.
Access Server
•
Malloc failures might be seen on a Cisco AS5300 access server when virtual templates are configured under heavy stress conditions.
Workaround: Configure the input hold queue size on the virtual template to 10.
•
A Cisco AS5200 access server might not able to dial out using channel-associated signalling (CAS). This condition occurs intermittently.
There is no known workaround.
•
When you change the maximum transmission unit (MTU) from the default settings on a serial interface in High-Level Data Link Control (HDLC) mode on the channelized group of a four-port E1 controller, the serial interface goes into the administratively shut down state.
Workaround: Use an eight-port E1 controller.
•
T1 timeslots can become blocked and they cannot be reinstated without reloading the router. The problem occurs under extremely heavy traffic conditions, with a switch placing calls on timeslots within 800-900 ms of clearing a prior call. The call logs show some calls placed by the switch being cleared within 40 ms of the seizure.
Workaround: Check whether the counter is negative and treat it as "0" available timeslots. The race condition itself is handled by the CSM state machine. All states have protocol timeouts to handle this type of situation.
Basic System Services
•
If you use reverse Telnet to a binary Telnet port with RFC-2217 COM port extensions, and if you make multiple successive dialouts from a single Telnet session, after several outgoing calls, the Cisco IOS Telnet server prematurely sends a FIN to the RFC-2217 client.
There is no known workaround.
IBM Connectivity
•
A Channel Port Adapter (CPA) might not recover from a fatal error reload. This requires that you manually reload the microcode for this card. While in this mode, if you enter the show running or write term commands, the console locks up and displays the "SCHED-3-THRASHING" error message.
Workaround: After a CPA fatal error, if the card does not restart, issue the microcode reload [ecpa|pcpa] slot n command to reload the microcode for the card having problems. If you get the "SCHED-3-THRASHING" error message, Telnet to the router on a different vty and perform the microcode reload there.
Interfaces and Bridging
•
Multilink PPP interleaving causes a delay in outbound traffic on RSP platforms.
There is no known workaround.
Miscellaneous
•
When a Certificate Revocation List (CRL) size is larger than 2K, the router might reload.
Workaround: Have a smaller CRL issued from the server.
•
There is no method of configuring MICA modem lines for dial-out only on a Cisco 3640 router. The modem-dtr-active command fails with a "no dialtone" message.
There is no known workaround.
•
If voice traffic is process-switched (for example when using RTP header-compression), the execution of certain EXEC commands on the router (show running-config), can have an adverse effect on the quality of voice calls during the execution of the command when it is competing with voice packets for CPU time.
There is no known workaround.
•
In Cisco IOS Release 11.3(8)T1, a Cisco router running 56-bit encryption and configured to run IPSec over a Frame Relay Point-to-Point circuit fails. The packets from the source IP address are dropped at the router configured for IPSec.
There is no known workaround.
•
A router running Cisco IOS Release 11.3(6)T might experience unexpected system restarts when configured with crypto IPSec commands when receiving Cisco Encryption Technology (CET) connection messages.
Workaround: Add an access control list (ACL) statement to explicitly deny the connection message.
•
A Cisco 2610 router reloads with a SegV exception in ccGetCall Active.
There is no known workaround.
•
On a Cisco 7200 series router, the Channel Port Adapter with a microcode version of 26.0 or later might reload with the following error message:
%XCPA-3-OUTHUNG: Channel2/0 - output stuck - resetting %ECPA-2-MSG: slot2 %XCPA-2-MBX: Force dump requested -0There is no known workaround.
•
If mismatched access control lists (ACLs) are used in crypto maps—that is, one side of the crypto connection has an ACL statement that the other side lacks—existing crypto connections might stop working.
There is no known workaround.
•
A Cisco router configured for Director Response Protocol (DRP) might reload with the following error message:
spurious memory accessThere is no known workaround.
•
Voice ports on Cisco 3600 and Cisco 2600 series routers might become disabled after you reload the router. This condition occurs when either input gain or output attenuation is configured under the voice port. The symptom of this problem is that when the port is "off-hook," the dial tone is not detected. Also, the operational state shows "DOWN," as seen with the show voice port command.
Workaround: Remove the gain or attenuation from the voice port, save this change to NVRAM with the copy running-config startup-config command, and reload the router. After the router reloads, enter the voice port gain or attenuation configuration back in.
•
Crypto (CET and IPSec) might fail when keys expire or are cleared over a tunnel interface.
There is no known workaround.
Wide-Area Networking
•
A Cisco router might reload when the no dialer remote-name [name] command is issued and the router is actively trying to dial the named remote site.
Workaround: Issue the shutdown command from the configure interface mode before issuing the no dialer remote-name [name] command.
•
Cisco access servers configured for Always on Dynamic ISDN (AODI)/X.25/BAP/MPPP with the ppp multilink idle-link command might cause a problem for non-AODI clients using MPPP.
The MPPP client, when connected with more than one B channel, has the first channel in receive mode and the other channels belonging to the same bundle in normal mode.
There is no known workaround.
•
The dial-on-demand routing test fails over a BRI on Cisco 3640 and Cisco 7200 series routers. Pings fail over the BRI with a "no free dialer" message.
There is no known workaround.
•
Stac compression LZS Digital Control Protocol (DCP) gets into an "R-Req" loop. This problem occurs when you run Cisco IOS Release 11.1 or Release 11.2 hardware compression and an RSP on one end of a connection, and Release 11.3 or Release 12.0 software compression on the other.
Workaround: Disable compression if you are using a Cisco 7500 series router. If you are using a non-RSP router, use software instead of hardware compression on both sides, or disable compression.
•
Outgoing calls fail on routers with PRI interfaces when the switch is NI2.
There is no known workaround.
Resolved Caveats—Release 11.3(9)T
All the caveats listed in this section are resolved in Release 11.3(9)T. This section describes only severity 1 and 2 caveats.
Access Server
•
On a Cisco AS5300 series access server with a quad computer telephony integration (CTI) card, with a channel associated signaling (CAS) T1 configured for Extended Superframe/binary 8-zero substitution (ESF/B8ZS) e&m-fgb signaling, the telco might force our CSU to go into loopback mode, killing NEAT.
Workaround: Reload the access server.
Basic System Services
•
When using RADIUS authentication for dial-in PPP users, the router might reload after one or more calls.
Workaround: Remove the AAA accounting configuration.
•
A Cisco 1600 router with IP configured might experience leaks in the I/O memory area. This condition might cause the router to reload.
There is no workaround.
•
On the IOS firewall of a Cisco 1600 series router, "ASSERTION FAILED" and "%QUICC-3-OWNERR" error messages are received at boot time.
There is no workaround.
•
A Cisco AS5200 series access server running AAA accounting in Cisco IOS Release 11.3(7)T might reload by a bus error.
There is no known workaround.
IBM Connectivity
•
On a Cisco 7200 series router running Cisco IOS Release 11.3(7)T, invalid Transmission Control Protocol (TCP) encapsulation errors might occur.
There is no known workaround.
•
A Cisco 2600 series router configured with a DLSw priority backup peer configured for Basic Rate Interface (BRI) might reload with a SegV exception.
Workaround: Avoid configuring the priority keyword on DLSw.
•
When Qualified Logical Link Control (QLLC) is used as a transport mechanism for SNA traffic, X.25 might get stuck in "Receiver not Ready" (RNR) when the input queue is full.
Workaround: Increase the capacity of the input queue to 1000 packets.
Interfaces and Bridging
•
A Route Switch Module (RSM) running Cisco IOS Releases 11.3(5)T through 11.3(7)T will not route an IP frame through a Token Ring VLAN with transparent bridging enabled.
Workaround: Configure Integrated Routing and Bridging (IRB) on the Token Ring VLAN and router IP frames to the Bridge Group Virtual Interface (BVI).
•
The user might see collisions accumulating on a Cisco 3600 Fast Ethernet interface configured for full-duplex (fdx).
Workaround: Configure the interface for half-duplex (hdx).
Miscellaneous
•
A Cisco 7200 series router configured to route IP packets over ISDN with encryption works only in process-switch mode.
Workaround: Disable fast switching.
•
RADIUS attribute 61 is missing in Release 11.3(4.4)T.
There is no known workaround.
•
A channelized E1 interface on a Cisco 3600 series router might not be able to transmit data when multiple timeslots are associated with a channel group. The problem manifests itself in keepalive failures and line protocol down indications.
Workaround: Reload the router or break the channel group into smaller groups.
Novell IPX, XNS, and Apollo Domain
•
Using Internetwork Packet Exchange (IPX) in conjunction with virtual templates on a Cisco 3640 router does not work.
Workaround: Change the IPX network number on the virtual template on the sending and receiving sides of the routers and restart Point-to-Point Protocol (PPP).
Protocol Translation
•
When you run Cisco IOS Release 11.3 and use TCP to X.25 permanent virtual circuit (PVC) protocol translation, the PVC might close too quickly. This could potentially cause the PVC to be taken down prematurely, causing data to be lost. When you print over TCP-to-X.25 PVC protocol, the translation might experience a loss of the last data blocks.
There is no workaround.
•
The user is unable to get Resource Reservation Protocol (RSVP) to set the appropriate weight in weighted fair queuing (WFQ) to achieve the proper quality of service for video file transfers.
Workaround: Avoid configuring RSVP on subinterfaces.
Wide-Area Networking
•
The line protocol might flap under these conditions:
•
•
There is no known workaround.
•
When you run Cisco IOS Release 11.3 while performing a TCP-to-X.25 SVC translation, the M bit might not be set on outgoing packets apart from the same datagram. When the TCP data stream and datagrams are above the limits of the packet size on the X.25 portion, a payload is incorrectly interpreted as a separate packet although they are part of the same datagram.
There is no workaround.
•
A Cisco AS5200 series access server running AO/DI in Cisco IOS Release 11.3(6)T1 might reload with an unexpected interrupt message.
There is no workaround.
•
This problem was found in a Cisco AS5300 running Release 11.3(5.1)T with four T1/PRI lines configured for NFAS Digital MICA modems running portware version 2.3.1.0 and the Enterprise feature set. All inbound calls for ISDN and analog work correctly. The problem occurs when you reverse-Telnet into a rotary (which the MICA modems are in for dial-out use). The first reverse-Telnet and outbound call works correctly; however, each of the following outbound calls (as long as the first call is still up) fail until the first call is dropped. It appears that a B channel is not being allocated. After a few minutes, the call times out and the modem is de-allocated.
There is no known workaround.
•
ISDN might not operate properly and give an "isdn_check_dialer failed" message.
There is no known workaround.
•
Microsoft callback over ISDN might cause the router to reload.
There is no known workaround.
Resolved Caveats—Release 11.3(8)T
All the caveats listed in this section are resolved in Release 11.3(8)T. This section describes only severity 1 and 2 caveats.
Access Server
•
A Cisco router might periodically reload (approximately every 2 hours) with a bus error. The resulting error message is:
System restarted by bus error at PC 0x2252987E, address 0x4AFC5A80Workaround: Replace the controller E1 card.
Basic System Services
•
When you use a Cisco router to dial in to a Cisco AS5300 access server, the Cisco AS5300 might not force the router to receive an address from the Dynamic Host Configuration Protocol (DHCP) server. This condition might occur if the access server is using both authentication, authorization, and accounting (AAA) and the peer default IP address.
There is no known workaround.
•
A Cisco 2600 series router might reload by SegV exception at "rlogin_open_connection."
There is no known workaround.
•
When a Cisco 1600 router is connected in Synch mode using the Easy IP feature, the WIC-1T sync/async might drop the PPP link. This condition is caused by having ip address negotiated configured on the serial interface. When a static IP address is configured, the problem does not occur.
There is no known workaround.
•
AAA connection accounting works for a single connection on the router, but with multiple connections start records are generated for all connections, but only the first disconnected call has a stop record generated; subsequent closed connections do not. All records have the same Acct-session-id. This problem exists in Cisco IOS Release 11.3(2.4)T or later.
There is no known workaround.
Interfaces and Bridging
•
You cannot successfully ping packets or copy files between Microsoft NT servers.
There is no known workaround.
Miscellaneous
•
When an Foreign Exchange Office (FXO) port is configured for private line auto ringdown (PLAR) to make it ring a Foreign Exchange Station (FXS) station across IP or on the same router, the FXS station (Tel2) sometimes continues to ring even when the call is disconnected by the caller (Tel1). This problem occurs 50 percent of the time even with "no supervisory" at the FXO.
There is no known workaround.
•
Bell103 does not work on analog Microcom modems in answer mode. This problem is related to the analog modem firmware that is bundled with the Cisco IOS. When this problem is resolved, you need to upgrade your analog modem firmware.
There is no known workaround.
•
A Cisco 3640 router using ISDN BRI interfaces might reload.
There is no known workaround.
•
A Cisco 2610 router configured with SDLC DLSw+ might not send SNRM frames to a terminal even though the status is "SNRMSENT" in the output from the show interface serial command. The interface shows "Link is UP, Line protocol is UP" despite the DTR being down.
Workaround: Execute the shutdown command followed by the no shutdown command in configuration mode for the serial interface.
•
A Cisco 2600 series router might experience physical (checksum) errors on the Ethernet network between a Cabletron ELS10 (store and forward) Ethernet switch and the 10BaseT port. This condition occurs when you try to ping from a PC on the other side of the Cabletron switch to the router.
There is no known workaround.
•
Fax over IP over Token Ring might experience failure with long fax jobs (for example, after about 5 to 10 pages).
There is no workaround.
•
A Cisco 1600 router or Cisco 3600 series router reloads when IPSec is configured over the ISDN link. This condition is caused by the IP route-cache that is enabled by default on all interfaces.
There is no workaround.
•
A Cisco 2600 series router might reload by SegV exception approximately once per hour.
There is no workaround.
Wide-Area Networking
•
When you perform an ISDN callback, you might receive the following message:
%SYS-3-HARIKARI: Process ISDN top-level routine exitedThere is no workaround.
•
On a Cisco AS5300 running Cisco IOS Release 11.3(6.1)T with an IP plus feature set, the global command modem busyout-threshold xx cannot place B channels in or out of service on a non-facility associated signalling (NFAS) line without a D channel (the line is neither a primary nor a backup NFAS line).
There is no known workaround.
•
A Cisco AS5200 series access server might reload at a high CPU range, causing all users to be disconnected. The resulting bus error message is:
System was restarted by bus error at PC 0x2252A6F0, address 0xD0D0D0D 5200 Software (C5200-I-L), Version 11.3(6)T1, RELEASE SOFTWARE (fc1) Compiled Fri 16-Oct-98 01:43 by ccai (current version) Image text-base: 0x2202DF90, data-base: 0x00005000There is no workaround.
•
Under heavy usage conditions on an X.25 serial link, a Cisco router running translated X.25 to virtual async connections (PPP/IPX) might reload. This appears to be an infrequent occurrence.
There is no known workaround.
•
An RSP2 on a Cisco 7500 series router might crash with a bus error. This condition is related to X.25 and Link Access Procedure, Balanced (LAPB).
There is no known workaround.
•
VPDN does not support MS-CHAP.
Workaround: Use CHAP or PAP.
•
A Cisco router might fail with a memory leak after about a week of running or 12,000 modem calls. The resulting error message is: ISDN NLCB allocation failed.
Workaround: Reloading the router clears the condition.
Resolved Caveats—Release 11.3(7)T
All the caveats listed in this section are resolved in Release 11.3(7)T. This section describes only severity 1 and 2 caveats.
Access Server
•
A Cisco 5300 series router or Cisco 5200 series router might reload as a result of "assertion failures."
There is no known workaround.
Basic System Services
•
The Network Time Protocol (NTP) on Cisco 2600 and Cisco 3800 series routers does not stay synchronized. After approximately five minutes the clock wanders and the NTP becomes unsynchronized. Removing the NTP configuration and adding the NTP configuration back causes the router to synchronize again, but later it becomes unsynchronized.
Workaround: Configure the NTP clock period as: ntp clock-period 17208078.
•
The Cisco 1600 series router is not able to receive multicast packets for different groups at wire speed. This causes the Cisco 1600 Ethernet driver to miss packets.
Workaround: Configure static multicast groups.
Miscellaneous
•
When the CT1-PA and the CE1-PA are configured for compress stac, with the CSA-PA (hardware compression PA) on a Cisco 7206 router, memory leakage in the pool manager might occur. When available memory runs below 1 megabyte, the router might reload.
There is no known workaround.
•
When you configure Binary Synchronous Communication Protocol (Bisync) using the encapsulation bstun command with the ASCII character set (bsc char-set ascii) on the first port of a serial WAN interface card (1T, 2T, or 2A/S) in WIC slot 0 of a Cisco 2600 series router, only the first character of each frame is received, and the Block Serial Tunneling (BSTUN) tunnel is not established. This only affects Bisync mode when it is configured with the ASCII character set. Other encapsulations are not affected, and using the EBCDIC character set with Bisync works correctly.
For the first serial port in WIC slot 0, the parity detection is not configured correctly for Bisync in ASCII mode. The first character of each frame generates a parity error that causes the receiver to discard the frame after the first character received.
Workaround: Use a different serial port: either the second serial port (port 1) on a 2T or 2A/S WIC in WIC slot 0 or any serial port in WIC slot 1. If you have only one serial WIC, moving it from WIC slot 0 to WIC slot 1 fixes this problem.
•
The length field in the MAC management message header for the "SYNC" message is computed incorrectly. This was found during testing with the Cadence CM at Cable Labs.
Workaround: Use a modem that has the Broadcom chipset. Because the "SYNC" message is a well-known size, the Broadcom chipset can read the Cab
Guest
