Table Of Contents
Important Notes and Caveats for Release 11.3
Cisco IOS Release 11.3 DB Product Bulletin
Upgrading to a New Software Release
Channel Interface Processor (CIP) Microcode
Cisco 7500 Series High System Availability (HSA)
Source-Route Bridging (SRB) over FDDI
Forwarding of Locally Sourced AppleTalk Packets
Missing Source-Route Bridging Commands
New TACACS+ Attribute-Value (AV) Pair
40-bit Encryption Images are Unavailable in Release 11.3(1)
Release 11.3(2a) Fixes Caveat CSCdj52309
AppleTalk Support Added for Token Ring Emulated LANs
Release 11.3(3a) Fixes Caveats CSCdk01707 and CSCdk08772
Cisco IOS Release 11.3, 11.3 NA and 11.3 T End of Sales and End of Engineering
Caveats for Release 11.3(1) through 11.3(11f)
Caveats for Release 11.3(1) through 11.3(11e)
Caveats for Release 11.3(1) through 11.3(11d)
Caveats for Release 11.3(1) through 11.3(11c)
Caveats for Release 11.3(1) through 11.3(11b)
Caveats for Release 11.3(1) through 11.3(11).
Caveats for Release 11.3(1) through 11.3(10).
Novell IPX, XNS, and Apollo Domain
Caveats for Release 11.3(1) through 11.3(9)
Novell IPX, XNS, and Apollo Domain
Caveats for Release 11.3(1) through 11.3(8)
Novell IPX, XNS, and Apollo Domain
Caveats for Release 11.3(1) through 11.3(7)
Novell IPX, XNS, and Apollo Domain
Caveats for Release 11.3(1) through 11.3(6)
Novell IPX, XNS, and Apollo Domain
Caveats for Release 11.3(1) through 11.3(5)
Caveats for Release 11.3(1) through 11.3(4)
Novell IPX, XNS, and Apollo Domain
Caveats for Release 11.3(1) through 11.3(3)
Caveats for Release 11.3(1) through 11.3(2)
Novell IPX, XNS, and Apollo Domain
Novell IPX, XNS, and Apollo Domain
Important Notes and Caveats for Release 11.3
This section describes important notes and caveats related to Cisco IOS Release 11.3.
Important Notes
This section describes warnings and cautions about using the Cisco IOS Release 11.3 software. It discusses the following topics:
•
Cisco IOS Release 11.3 DB Product Bulletin
•
•
•
•
•
•
•
•
•
•
•
•
Cisco IOS Release 11.3 DB Product Bulletin
Describes the process used to deliver Cisco IOS Software for the Cisco 6400 Universal Access Concentrator (UAC) for Node Route Processor (NRP).
Refer to http://www.cisco.com/warp/public/cc/cisco/mkt/ios/rel/113/prodlit/870_pp.htm for more information.
Upgrading to a New Software Release
If you are upgrading to Cisco IOS Release 11.3 from an earlier Cisco IOS software release, you should save your current configuration file before installing Release 11.3 software on your router.
Refer to Product Bulletin 703, Cisco IOS Software Release Upgrade Paths and Packaging Simplification for more information regarding software upgrades.
Channel Interface Processor (CIP) Microcode
CIP microcode is now available as a separate image, unbundled from the Cisco IOS image. CIP microcode (for the CIP or Second-Generation CIP [CIP2] card) resides only in router Flash memory as multiple files. The router loads a "kernel" to the CIP (based upon hardware revision), and the CIP selectively loads and relocates the software it requires from the router's Flash memory. The CIP image is available on preloaded Flash memory cards, on diskette, or via FTP from Cisco. Every version of Cisco IOS Release 11.3 has a corresponding version of CIP microcode. Refer to the Channel Interface Processor (CIP) Microcode Release Note and Microcode Upgrade Requirements publication (Document Number 78-4715-xx) for information about the recommended pairs of Cisco IOS Release 11.3 and CIP microcode.
Consider the following before using Cisco IOS Release 11.3 and CIP microcode:
•
•
•
•
When the CIP image is copied to an existing Flash memory card, the existing flash copy commands are used, just as before. If a CIP image other than the default for the release is being used, then the microcode cip flash configuration command must be issued.
The show microcode command has been expanded to display the default CIP image name for the Cisco IOS release.
Note
There are a number of ways to determine what is loaded on each CIP:
•
•
Multiple CIP cards of different hardware revisions can run in the same router.
Cisco 7500 Series High System Availability (HSA)
To successfully use the HSA feature, you should take note of the following:
•
•
•
Netbooting from VIP
To netboot from Ethernet or Fast Ethernet ports on a VIP card, the system must contain version 11.1 boot ROMs. If the system contains version 11.0 boot ROMs, you can work around this requirement by using the boot bootldr device:filename global configuration command to load a bootstrap image from Flash memory.
Source-Route Bridging (SRB) over FDDI
This feature supports forwarding of source-route bridged traffic between Token Ring and FDDI interfaces on the Cisco 7000, Cisco 7010, and Cisco 7500 series routers. Previously, the only way to transport SNA and NetBIOS over FDDI was with remote source-route bridging (RSRB), which is either fast switched (direct or Fast-Sequence Transport [FST] encapsulation) or process switched (TCP encapsulation). With SRB over FDDI, traffic can be autonomously switched, greatly improving performance for SRB traffic that uses FDDI as a backbone. This feature eliminates the need for RSRB peer definitions to connect Token Ring networks over the FDDI backbone.
Note
Enabling IPX Routing
The Token Ring interface is reset whenever IPX routing is enabled on that interface.
Using AIP Cards
Cisco 7000 series ATM Interface Processor (AIP) cards that support E3, DS3, or Transport Asynchronous Transmitter/Receiver Interface (TAXI) connections and that were shipped after February 22, 1995, require Cisco IOS Release 10.0(9), 10.2(5), 10.3(1), or later.
Booting Cisco 4000 Routers
You must use the Release 9.14 rxboot image for Cisco 4000 routers because the Release 11.0 rxboot image is too large to fit in the ROMs. (Note that rxboot image size is not a problem for Cisco 4500 routers.) However, because the Release 9.14 rxboot image does not recognize new network processor modules, such as the Multiport Basic Rate Interface (MBRI), its use causes two problems:
•
•
Bad interface specificationNo interface specified - IP addressBad interface specificationNo interface specified - IP addressUsing LAN Emulation (LANE)
Note the following information regarding the LAN Emulation (LANE) feature in Cisco IOS Release 11.3:
•
•
•
•
•
•
Forwarding of Locally Sourced AppleTalk Packets
Our implementation of AppleTalk does not forward packets with local-source and destination network addresses. This behavior does not conform to the definition of AppleTalk in Apple Computer's Inside AppleTalk publication. However, this behavior is designed to prevent any possible corruption of the AppleTalk Address Resolution Protocol (AARP) table in any AppleTalk node that is performing MAC-address gleaning.
Using Source-Route Transparent Bridging (SRT) and Source-Route Bridging (SRB) on Cisco 2500 and Cisco 4000 Routers
Certain products containing the Texas Instruments TMS380C26 Token Ring controller do not support SRT. SRT is the concurrent operation of SRB and transparent bridging on the same interface. The affected products, shipped between March 30, 1994, and January 16, 1995, are the Cisco 4000 NP-1R, Cisco 4000 NP-2R, Cisco 2502, Cisco 2504, Cisco 2510, Cisco 2512, Cisco 2513, and Cisco 2515.
Units shipped before March 30, 1994, or after January 16, 1995, are not affected. They use the Texas Instruments TMS380C16 Token Ring controller, which supports SRT.
SRT support is necessary in two situations. In one, Token Ring networks are configured to SRB protocols such as SNA and NetBIOS, and they transparently bridge other protocols, such as IPX. In the other situation, SNA or NetBIOS uses SRB, and Windows NT is configured to use NetBIOS over IP. Certain other configuration alternatives do not require SRT (contact the Technical Assistance Center for more information).
As of Release 10.3(1), SRB in the following Cisco IOS feature sets is no longer supported: IP, IP/IPX, and Desktop. To use SRB, you need one of the following feature sets: IP/IBM base, IP/IPX/IBM base, IP/IPX/IBM/APPN, Desktop/IBM base, Enterprise, or Enterprise/APPN. In most non-IBM Token Ring environments, the multiring feature in IP, IP/IPX, and Desktop eliminates the need for IP/IBM base, IP/IPX/IBM base, IP/IPX/IBM/APPN, Desktop/IBM base, Enterprise, or Enterprise/APPN.
Cisco 7000/7500/RSPx Series
The Cisco 7000 series previously included the Cisco 7000 and Cisco 7010. These products are not supported in Cisco IOS Release 11.3. The Cisco 7000 series now includes the Cisco 7000 equipped with RSP7000 processor and the Cisco 7010 equipped with RSP7000 processor, which are supported in Cisco IOS Release 11.3. In Release 11.3, all commands supported on the Cisco 7500 series are also supported on the Cisco 7000 series.
The Cisco RSPx series includes the Cisco 7000 equipped with RSP7000 processor, the Cisco 7010 equipped with RSP7000 processor, and the Cisco 7500 series routers.
ATM Multipoint Signaling
Prior to Cisco IOS Release 11.1(13) and 11.2(8), the atm multipoint-signaling command was used on the main interface and affected all subinterfaces. For Release 11.1(13), 11.2(8), and later releases (including Release 11.3), explicit configuration on each subinterface is required to obtain the same functionality. Refer to bug CSCdj20944, which is described as follows:
•
Clients on different subinterfaces can have different behavior. Specifically 1577 requires point-to-point, and PIM allows point-to-multipoint. The command should be on a per subinterface basis.
Users will have to enable the atm multipoint-signaling command on all subinterfaces that require it. Previously, they only needed to enable it on the main interface.
Missing Source-Route Bridging Commands
Due to a production problem, many source-route bridging commands were omitted from the printed version of the Cisco IOS Software Command Summary (78-4746-01). For complete documentation of all source-route bridging commands refer to the Bridging and IBM Networking Command Reference (78-4743-01). You may also obtain the most current documentation on the Documentation CD-ROM or Cisco Connection Online (CCO).
New TACACS+ Attribute-Value (AV) Pair
A new authorization feature was added in Release 11.3(1) that allows for separate configuration and authorization of Multilink PPP. This can cause MLP authorization to fail in TACACS+ servers that do not include the relevant authorization permissions in the configuration.
For TACACS+, the following attribute-value (AV) pair should be added for all users who are allowed to negotiate Multilink PPP:
service = ppp protocol = multilink {
40-bit Encryption Images are Unavailable in Release 11.3(1)
Cisco is conducting an internal review of the build and distribution processes associated with its Cisco IOS 40-bit cryptographic products. So that we may provide you with seamless access to Cisco IOS 40-bit encryption capability, Cisco will provide access to the most current 40-bit encryption images, beginning with Releases 11.2(12), 11.2(12)P, and 11.3(2). The following 40-bit encryption images will be indefinitely unavailable: Releases 11.2(1) to 11.2(11.2), 11.2(2)P to 11.2(11.1)P, 11.2(1)F to 11.2(4)F, and 11.3(1).
This review is not related to any new or previously unreported bugs. The information gathered in the review will be used to implement new automated development and order processing applications.
Release 11.3(2a) Fixes Caveat CSCdj52309
The Cisco 7500 products in Cisco IOS Release 11.3(2) were deferred due to a severe defect. It was determined that this caveat was significant enough to merit a software rebuild. The rebuild includes the caveat fix and is renumbered to 11.3(2a).
The defect is bug CSCdj52309 and is described as follows:
•
Tunneling is being used as an abbreviation in this context to refer to a specific fast-switch to process-level code path traversed by translational bridging (TLB), source-route bridging (SRB), remote source-route bridging (RSRB), and data link switching (DLSw).
When the packet tunneling logic on RSP or RSM-equipped systems causes datagrams to be copied from SRAM to DRAM, an arithmetic error results in more bytes being copied than is remembered for cleanup processing. Reuses of the tunneling logic, in certain rare combinations of timing, packet-sizes, and buffer-usages, may result in those unaccounted bytes causing several anomalous system behaviors including packet errors.
This software defect is exposed to all RSP and RSM images in Cisco IOS Releases 11.2, 11.2 P, 11.2 BC, 11.3, and 11.3 T.
Solution: To eliminate the problems mentioned in the preceding section, we strongly recommend that you download and install one of the following Cisco IOS software release updates: 11.2(12a), 11.2(12a)P, 11.3(2a), or 11.3(2a)T.
Workarounds: There are two possible workarounds. CSCdj33812 provides a configuration command to avoid the software defect. This workaround is available in Cisco IOS Releases 11.2(11.5), 11.2(11.5)P, 11.2(11.5)BC, 11.3(2.1), and 11.3(2.1)T. If you are using an earlier release, use the second workaround.
Note
•
CSCdj33812 incorporated a configurable command that will be stored in NVRAM.
Configure with the memory cache-policy io uncached command to workaround CSCdj52309. To determine what memory cache policies are currently configured on your router, use the show rsp command.
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#memory cache-policy io uncached
Router(config)#endRouter#show rsp
Throttle count 0, DCL timer count 0
active 0, configured 1
netint usec 4000, netint mask usec 200
DCL spurious 0Caching Strategies:
Processor private memory: write-back
Kernel memory view: uncached
IO (packet) memory: uncached
Buffer header memory: uncachedTo restore the MEMD caching policy to the original write-through policy, issue the memory cache-policy io write-through command.
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#memory cache-policy io write-through
Router(config)#end
Router#show rsp
Throttle count 0, DCL timer count 0
active 0, configured 1
netint usec 4000, netint mask usec 200
DCL spurious 0
Caching Strategies:
Processor private memory: write-back
Kernel memory view: write-back
IO (packet) memory: write-through
Buffer header memory: uncached•
If operating with images that do not have the CSCdj33812 support, use the test rsp cache memd-fastswitch uncache command.
The above command will need to be entered after every reload.
Other considerations: Cisco IOS Releases 10.3, 11.0, and 11.1 Major and ED releases are not exposed to CSCdj52309. Though these releases share the same arithmetic problem, the tunneling software is different, and there is no known or predicted combination of timing, packet-sizes, and buffer-usages that results in the same or different anomalous behaviors associated with Cisco IOS Releases 11.2, 11.2 P, 11.2 BC, 11.3 and 11.3 T. Cisco is using CSCdj52309 to repair the arithmetic problem in Releases 10.3, 11.0, and 11.1; however, no special images are being created because the anomalous behaviors are not present in those releases. [CSCdj52309]
Release 11.3(2a) and all subsequent releases of Cisco IOS Release 11.3 software include the fix for this caveat.
AppleTalk Support Added for Token Ring Emulated LANs
AppleTalk support was added for Token Ring emulated LANs in Cisco IOS Releases 11.3(2.1) and 11.3(2.1)T. Later 11.3 and 11.3 T releases (including 11.3(3) and 11.3(3)T) support AppleTalk TR-LANE. This support includes AppleTalk fastswitched routing, AppleTalk fastswitched source-route bridging, and AppleTalk with multiring. Releases prior to Releases 11.3(2.1) and 11.3(2.1)T (including 11.3(2) and 11.3(2)T) do not support AppleTalk TR-LANE.
Release 11.3(3a) Fixes Caveats CSCdk01707 and CSCdk08772
The Cisco 7500 RSP2 and RSP4 products in Cisco IOS Releases 11.3(1) through 11.3(3) were deferred due to a severe defect. It was determined that this caveat was significant enough to merit a software rebuild. The rebuild includes the caveat fix and is renumbered to 11.3(3a).
The defect is bug CSCdk01707 and is described as follows:
•
Software Releases affected: This caveat affects all systems configured with dual RSPs (HSA feature). All "v" images for the following Cisco IOS Releases have been deferred: 11.1(18.1)CA through 11.1(18.2)CA, 11.1(16.3)CC through 11.1(17.4)CC, 11.1(17)CT, 11.2(12.3)P through 11.2(13.4)P, 11.3(1) through 11.3(3), and 11.3(1)T through 11.3(3)T.
Solution: To eliminate the problems mentioned, we strongly recommend that you download and install one of the following Cisco IOS software release updates: 11.1(18)CA, 11.1(18)CC, 11.1(18)CT, 11.2(14)P, 11.3(3a), and 11.3(3a)T.
[CSCdk01707]
CSCdk08772 is a duplicate of CSCdk01707 and is described as follows:
•
CSCdk01707 was caused by CSCdj36366, which is described as follows:
•
Release 11.3(3a) and all subsequent releases of Cisco IOS Release 11.3 software include the fix for this caveat.
Cisco IOS Release 11.3, 11.3 NA and 11.3 T End of Sales and End of Engineering
End of Engineering (EOE) means there are no more regularly scheduled maintenance releases. The last maintenance release scheduled on the EOE date is only available through CCO and Field Service Operations—not through manufacturing.
•
•
EOS and EOE releases are subject to change. For the most up-to-date information on the status of EOS or EOE, refer to the End of Sales and End of Engineering for Cisco IOS Software Releases product bulletins located on CCO.
Ongoing support for functionality in Releases 11.3, 11.3 NA, and 11.3 T is available in Cisco IOS Release 12.0(3)T and later maintenance releases of Cisco IOS Release 12.0.
On CCO, click on this path:
Service & Support: Product Bulletins: Software
Under Cisco IOS 11.3, click on End of Sales and End of Engineering for Cisco IOS Software Releases 11.3 and 11.3 T (#847: 12/98) or Cisco IOS Software 11.3 NA EOS and EOE (#849:12/98)
Caveats for Release 11.3(1) through 11.3(11f)
Cisco IOS Release 11.3(11f) is a rebuild release for Cisco IOS Release 11.3(11). The caveats in this section are resolved in Cisco IOS Release 11.3(11e) but may be open in previous Cisco IOS releases.
•
A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.
Cisco has made free software available to address this problem. For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.
•
A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.
Cisco has made free software available to address this problem. For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.
Caveats for Release 11.3(1) through 11.3(11e)
Cisco IOS Release 11.3(11e) is a rebuild release for Cisco IOS Release 11.3(11). The caveats in this section are resolved in Cisco IOS Release 11.3(11e) but may be open in previous Cisco IOS releases.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOSĀ® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOSĀ® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
Caveats for Release 11.3(1) through 11.3(11d)
Cisco IOS Release 11.3(11d) is a rebuild release for Cisco IOS Release 11.3(11). The caveats in this section are resolved in Cisco IOS Release 11.3(11b) but may be open in previous Cisco IOS releases.
•
Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.
Cisco has made software available, free of charge, to correct the problem.
This advisory is available at:
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
Caveats for Release 11.3(1) through 11.3(11c)
Cisco IOS Release 11.3(11c) is a rebuild release for Cisco IOS Release 11.3(11). The caveats in this section are resolved in Cisco IOS Release 11.3(11b) but may be open in previous Cisco IOS releases.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Caveats for Release 11.3(1) through 11.3(11b)
Cisco IOS Release 11.3(11b) is a rebuild release for Cisco IOS Release 11.3(11). The caveats in this section are resolved in Cisco IOS Release 11.3(11b) but may be open in previous Cisco IOS releases.
•
Cisco IOS software releases based on versions 11.x and 12.0 contain a defect that allows a limited number of SNMP objects to be viewed and modified without authorization using a undocumented ILMI community string. Some of the modifiable objects are confined to the MIB-II system group, such as "sysContact", "sysLocation", and "sysName", that do not affect the device's normal operation but that may cause confusion if modified unexpectedly. The remaining objects are contained in the LAN-EMULATION-CLIENT and PNNI MIBs, and modification of those objects may affect ATM configuration. An affected device might be vulnerable to a denial-of-service attack if it is not protected against unauthorized use of the ILMI community string.
The vulnerability is only present in certain combinations of IOS releases on Cisco routers and switches. ILMI is a necessary component for ATM, and the vulnerability is present in every IOS release that contains the supporting software for ATM and ILMI without regard to the actual presence of an ATM interface or the physical ability of the device to support an ATM connection.
To remove this vulnerability, Cisco is offering free software upgrades for all affected platforms. The defect is documented in DDTS record CSCdp11863.
In lieu of a software upgrade, a workaround can be applied to certain IOS releases by disabling the ILMI community or "*ilmi" view and applying an access list to prevent unauthorized access to SNMP.
Any affected system, regardless of software release, may be protected by filtering SNMP traffic at a network perimeter or on individual devices.
This notice will be posted at http://www.cisco.com/warp/public/707/ios-snmp-ilmi-vuln-pub.shtml.
•
A Border Gateway Protocol (BGP) UPDATE contains Network Layer Reachability Information (NLRI) and attributes that describe the path to the destination. Each path attribute is a type, length, value (TLV) object.
The type is a two-octet field that includes the attribute flags and the type code. The fourth high-order bit (bit 3) of the attribute flags is the Extended Length bit. It defines whether the attribute length is one octet (if set to 0) or two octets (if set to 1). The extended length bit is used only if the length of the attribute value is greater than 255 octets.
The AS_PATH (type code 2) is represented by a series of TLVs (or path segments). The path segment type indicates whether the content is an AS_SET or AS_SEQUENCE. The path segment length indicates the number of autonomous systems (ASes) in the segment. The path segment value contains the list of ASes (each AS is represented by two octets).
The total length of the attribute depends on the number of path segments and the number of ASes in them. For example, if the AS_PATH contains only an AS_SEQUENCE, then the maximum number of ASes (without having to use the extended length bit) is 126 [= (255-2)/2]. If the UPDATE is propagated across an AS boundary, then the local Abstract Syntax Notation (ASN) must be appended and the extended length bit used.
The caveat was caused by the mishandling of the operation during which the length of the attribute was truncated to only one octet. Because of the internal operation of the code, the receiving border router would not be affected, but its iBGP peers would detect the mismatch and issue a NOTIFICATION message (update malformed) to reset their session.
The average maximum AS_PATH length in the Internet is between 15 and 20 ASes, so there is no need to use the extended length. The failure was discovered because of a malfunction in the BGP implementation of another vendor. There is no workaround.
[Part of the text was taken from rfc 1771.]
•
Cisco IOS software contains a flaw that permits the successful prediction of TCP Initial Sequence Numbers.
This vulnerability is present in all released versions of Cisco IOS software running on Cisco routers and switches. It only affects the security of TCP connections that originate or terminate on the affected Cisco device itself; it does not apply to TCP traffic forwarded through the affected device in transit between two other hosts.
To remove the vulnerability, Cisco is offering free software upgrades for all affected platforms. The defect is described in DDTS record CSCds04747.
Workarounds are available that limit or deny successful exploitation of the vulnerability by filtering traffic containing forged IP source addresses at the perimeter of a network or directly on individual devices.
This notice will be posted at http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml.
Caveats for Release 11.3(1) through 11.3(11).
This section describes possibly unexpected behavior by Release 11.3(11). Unless otherwise noted, these caveats apply to all 11.3 releases up to and including 11.3(11).
Access Server
•
Cable length options are missing for T1 lines on Cisco AS5200 access servers. The options exist for Cisco AS5300 access servers in Cisco IOS Releases 11.2 and 11.3.
Cisco should remove conditional compile and provide similar functionality.
Basic System Services
•
When hardware compression is enabled, packets are normally fast switched. If the user turns fast switching off and then back on, fast switching remains disabled.
Workaround is to reconfigure compression by using the no compress and then the compress stac commands.
•
When configured for SDLC, serial ports on a Cisco MC3810 may report input abort errors when the clock rate is greater than 38,400 bps. These errors do not affect performance; they are not typically input aborts. This problem does not result in retransmitted frames, and there is no performance impact.
•
All router interfaces are reset, with their states changing from up to down and then back to up again. The cause for the restart is:
System restarted by error - an arithmetic exception, PC 0x6016B6E0•
When doing FRF.9 compression with the CSA, it may be impossible to compress packets with certain repetitive patterns. The CSA can decompress these same packets.
•
A router running Cisco IOS Release 11.3(8) may experience a software forced crash caused by memory corruption.
IBM Connectivity
•
A Cisco 3600 series router running Cisco IOS Release 11.3 T may restart with either the following bus error or a software forced crash when running BSTUN. There is no workaround is available.
System restarted by error - a Software forced crash, PC 0x601C4398System image file is "flash:c3640-is-mz.113-4", booted via flash•
Some Cisco 4500 and 4700 series routers with a 2-Port Token Ring Network Processor Module (NP-2R) hang once a week displaying a "%SYS-2-INPUTQ: INPUTQ set, but no IDB" message. All revision levels of the motherboard are affected.
•
An APPN Network Node (NN) router has consumed 40 MB for the APPN process.
•
A BSTUN router running Cisco IOS Release 11.3(10) hangs and crashes. No workaround is available.
•
When configuring for FRAS BAN with DDR backup, the backup is only driven if the primary interface goes to the down/down state. If the DLCI is lost, the interface goes to the up/down state and the backup is not driven.
•
This problem concerns a Cisco 4700 series router defined as APPN NN with an APPN link across Frame Relay RFC 1490 to an IBM NN950 configured as a NN. Occasionally, when the DLCI fails, the APPN link is not restarted, even though the router is configured to retry infinitely.
•
No SNA traffic passes between a server and a Cisco Network Node router because the Network Node was using DLSw flow control to disallow the sending of further SNA traffic by the server.
Interfaces and Bridging
•
A Cisco 7500 series router running Cisco IOS Release 11.3(7) does not crash but the Fast Ethernet interface goes down with the following message.
%SYS-2-QCOUNT: Bad dequeue 611E3EBC count -1 -Process= "<interruptlevel>", ipl= 66d18h: %ALIGN-3-SPURIOUS:Spurious memory access made at 0x601A35D8 reading 0x1C 6d18hInterface FastEthernet12/1, changed state to downLine protocol on Interface FastEthernet12/0,changed state to upThe only way to bring the router up is to reload it.
Possible workaround: Disable weighted fair-queue.
•
A Cisco router running BSC/BSTUN on a PowerQUICC serial interface at half-duplex causes bad queue error messages.
Workarounds:
•
•
•
When a router is configured for FRF.9 compression, input packets are counted twice: once in compressed format and again in uncompressed format.
For every received packet the "input pkts" and the "in bytes" fields (in output from the show frame pvc command) are invalid.
Workaround: Disable FRF.9 compression by using the no frame-relay ip ip-address command.
IP Routing Protocols
•
The new ip spd mode aggressive configuration command is available. When configured, all IP packets that fail sanity check (such as "bad checksum not version 4" and "bad TTL") are dropped aggressively to guard against bad IP packets spoofing. The show ip spd command displays whether aggressive mode is enabled or not. SPD random drop in RSP is supported.
When enabled, Selective Packet Discard (SPD) now works as follows:
•
•
•
•
To avoid an input interface that takes too many router resources, new packets (SPD or non-SPD) received from that interface are dropped when the interface has more than the input hold queue limit of input packets in the router.
•
EIGRP does not trigger the selection of a new route when one of the less favorable or equal paths is removed from the routing table. The route disappears but no new route is selected from the topology table.
•
IP access lists always permit IP fragments.
There is no workaround for this problem.
•
Using the show ip igmp group command may cause a bus error reload if an IGMP entry is deleted during the execution of the show ip igmp group command.
There is no workaround.
Miscellaneous
•
A BRI leased line interface on a Cisco 3600 series router that has been configured for XNS may not transfer data.
Workaround: Clear the interface or reload the router following the configuration change.
•
When you have two simultaneous accesses to NVRAM (for example, one access from the console and another access from a Telnet session), one session might attempt to issue the show configuration command and might pause at the More prompt while the other session issues the write memory command. This problem is unlikely during normal router usage. There is no workaround.
•
While waiting for a crypto key exchange session with a Telnet session into the router, the user cannot abort the crypto key exchange session.
Workaround: Use the show tcp bri and clear tcp tcb commands in the following manner:
router(config)#crypto key-ex passive Enter escape character to abort if connection does not complete. Wait for connection from peer[confirm] Waiting ....telnet> quit Connection closed. janedoe@janedoe-ultra:/users/janedoe> telnet router Trying 171.21.114.109... Connected to router.cisco.com. Escape character is '^]'.User Access VerificationPassword: router>enable Password:router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. router(config)#crypto key-ex passive TCP bind failed: Address already in userouter(config)#exit router#show tcp bri TCB Local Address Foreign Address (state) 60C3DF74 router.cisco.com.23 janedoe-ultra.ci.42272 ESTAB 60A23A24 router.cisco.com.23 janedoe-ultra.ci.42271 CLOSEWAIT router#clear tcp tcb60A23A24 [confirm] [OK] router#configure terminalEnter configuration commands, one per line. End with CNTL/Z.router(config)#crypto key-ex passive Enter escape character to abort if connection does not complete. Wait for connection from peer[confirm]n router(config)#•
When tunneling IPX over an IP tunnel, and when using an extended inbound access list for IP on the tunnel interface, the IPX traffic is blocked by the access list.
Workaround is to add the permit gre command to the extended access list.
•
The Ascend-Idle-Limit attribute is defined as a value in seconds. However, when it is applied to a client using PPP interactive mode, the attribute is interpreted as a value in minutes.
This attribute works properly in PPP dedicated mode.
•
When printing is performed over asynchronous lines using software flow control, large numbers of overruns occur.
•
When you perform an encrypted Kerberized Telnet to a Cisco 7500 series router, the initial setup works properly, but nonsense output results when the decryption of packets from the router occurs on the client side. There is no workaround.
•
Cisco encryption crashes the router when it is used over an ISDN backup line.
•
Using the clear vpdn tunnel command for a tunnel using L2F protocol sends individual close packets for all L2F sessions (Mids), rather than a single close packet for the tunnel itself. This results in congestion on the WAN interfaces on the requesting peer. Simultaneously, the receiving peer is not able to keep up with the flood of multiple L2F close packets—resulting in dropped packets, interface throttle, and the remaining Mids taking a long time to idle out and eventually close.
•
A Cisco 2600 series router with an E1 balanced network module may inadvertently reload. There is no workaround.
•
Under heavy uses of L2F VPDN configurations on Cisco access servers, some virtual-access interfaces do not have a corresponding MID (L2F session) entry.
Turning on the debug vpdn l2x-error command shows messages similar to the these:
*Dec 9 20:37:59.421: Vi291 L2X: Discarding packet because of no mid/session *Dec 9 20:37:59.421: Vi419 L2X: Discarding packet because of no mid/session *Dec 9 20:37:59.421: Vi169 L2X: Discarding packet because of no mid/session *Dec 9 20:37:59.421: Vi36 L2X: Discarding packet because of no mid/sessionOther problems also may cause these messages.
•
When a hub-and-spoke frame relay configuration is run and the hub router is set as a multipoint interface, DHCP requests fail.
Workaround: Configure both the hub and the spoke to use point-to-point subinterfaces.
•
A Cisco 3640 router with BRI interfaces locks up every two weeks. Approximately six hours prior to lockup, ISDN dial-in users notice a significant slowdown in transfer rates. When the router locks up, it continuously displays the message below.
%SYS-2-BADSHARE: Bad refcount in retparticle, ptr=0, count=0 -Traceback= 601AA500 600B55C8 600B9F64At this point, the router does not respond to console or Telnet input. Even though the indicator LEDs show steady traffic, the router also does not route any packets. The router must be reloaded to recover.
There is no workaround.
•
Spurious accesses and router hangs can occur when using fair queuing.
•
SNA packets are dropped and not forwarded over a 64 KB leased line with HDLC encapsulation. There is no workaround.
•
A Cisco 3640 router is unable to use E&M ports and displays the following message "error C542-1 to big rxx port 1/1/1 pkt (size 41318) to big."
•
A Bus error occurs during the scheduler process.
Protocol Translation
•
TCP to X.25 PVC translation does not work.
Wide-Area Networking
•
Two Cisco 4500 series routers connected using back-to-back E1 controllers are running PPP. When an FAS alarm is generated, PPP reliable does not reconnect. When an AIS alarm is generated, PPP reliable reconnects.
This problem only affects the PPP reliable protocol. No other protocols, such as HDLC, are affected.
•
No packets can be forwarded over synchronous DDR lines with X.25/X.25-IETF encapsulation. There is no workaround.
•
A router with over 180 DLCIs can not boot properly because of excessive console log messages related to the startup of Frame Relay PVCs.
•
Some protocol translation configurations produce "%ALIGN-3-SPURIOUS: ..." messages, usually when a PPP over LAT session is terminated ungracefully.
•
The input queue of an ATM interface on a Cisco 7200 series router slowly fills with Novell packets. These packets are visible in the output of the show buffer old packet command. It can take days for the input queue to completely fill up and prevent input of any packets on that interface.
Workaround: Monitor the router and reload it before the input queue gets wedged (as indicated by 76/75 in the output of the show interface command). Increasing the size of the input queue can delay the wedge.
•
When using X.25 encapsulation, the serial interface input queue shows a negative value.
•
When an X.25 host sends a "set parameters" packet assembler/disassembler (PAD) message followed by several octets for X.3 parameters (1 through 18) to a Cisco router acting as a PAD, the parameter setting "6=1" is improperly rejected by the router.
Parameter 6 is control of PAD service signals. Value 1 is PAD service signals are transmitted in the standard format.
Workaround: Locally preset parameter 6 to value 1 before making the call to the X.25 host. Then the Cisco router acting as a PAD will accept the X.3 parameters coming from the X.25 host.
•
A Cisco 2500 series router's async line may hang when a PAD call is not cleared correctly. Clearing the line does not solve the problem. This has been observed in Cisco IOS Release 11.3(6). Restarting the router is the only workaround.
•
A Cisco 3600 series router with a WIC-1T serial interface experiences instability when Adtran TSU 100 or TSU 600 devices are attached. Customers have seen slowness and retransmissions of packets or flapping of the leased line.
•
When configuring PPP multilink on a router running Cisco IOS Release 11.3(7)T, the different B channels on an E1 will hang. When running Release 11.3(8)T, the problem seems to be limited to one B channel. When PPP multilink is not used the problem does not appear.
•
A Cisco 7200 series router crashed due to memory corruption caused by large numbers of protocol translations.
•
Adding the dialer isdn short-hold command to the map-class dialer to optimize ISDN costs based on AOC-D messages breaks the dialer idle-timeout. This means that:
1) The idle timer resets to 4294966 seconds when expiring and does not disconnect the ISDN call
2) The short-hold timer gets incremented on receipt of an AOC-D message and never disconnects an ISDN call either.Workaround: Remove the dialer isdn short-hold command from the map-class dialer configuration.
•
On a BRI that is used for backup of a serial interface, when standby time arrives, a disconnect on q931 is never sent. The ISDN switch needs to declare remote TE out of order.
•
A router intermittently displays the "%TCP-2-INVALIDTCPENCAPS" message.
•
Although BRI is used as backup and the dialer interface is in stanby, the router will make an ISDN call.
This call should never occur because the leased line is up and no backup is needed.
Both rotary groups and dialer profiles result in the same problem.
•
After reloading a router, the ATM interfaces will assume the default UNI value (3.0) instead of the actual configuration.
Workaround: Reset the interface using the shutdown and no shutdown commands.
•
When doing TCP to X.25 translation, the router does not negotiate X.3 parameters with the PAD, and the whole session drops after a couple of seconds.
•
ATCP (appletalk) negotiation over asynchronous PPP fails. There is no workaround. Cisco IOS Releases 11.2(19)P and 11.1(24) exibit the same problem.
Caveats for Release 11.3(1) through 11.3(10).
This section describes possibly unexpected behavior by Release 11.3(10). Unless otherwise noted, these caveats apply to all 11.3 releases up to and including 11.3(10). For additional caveats applicable to Release 11.3(10), see the caveats sections for newer 11.3 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 11.3(11).
Basic System Services
•
Certain Internetwork Status Monitor (ISM) NetView users can issue non-enable mode commands without router authentication. Users accessing the router through NetView must be authenticated through NetView's security methods, which may include RACF and SAF. Mainframe users can be restricted from issuing any router commands through the restriction of the RUNCMD within NetView. Users issuing enable mode commands must be authorized to issue this level of command through ISM, and must here possess the ENABLE mode password. If the router is controlled by TACACS+, the ISM user must have a TACACS+ user ID and password to issue enable level commands.
The show user command has been modified so that the user field is filled up by the host name.
The no-enable and high-security keywords have been added to the sna host and dspu host commands. These keywords must be configured with focalpoint and are defined as follows:
no-enable: Does not allow enable commands from the host.
high-security: Allows the following commands in user EXEC mode. (Privileged EXEC mode is not affected by this option.) All these commands have to be entered in full or they will not be allowed. (For example, sh ver is not allowed as an abbreviation for the show version command.)
•
•
•
•
•
A Cisco 7200 series router with an encryption card (ESA) reloads periodically. No workaround is available.
•
On a Cisco 7200 series routers running Cisco IOS Release 11.3(7)T, the EnvMonTemperature trap value sent for the temperature sensor at chassis outlet 3 is incorrect.
•
A Cisco 7500 series router can erroneously detect output stuck conditions, which causes interfaces to reset or perform cBus restarts and all IPs on the router to reset.
DECnet
•
When DECnet accounting is implemented, the router may crash, depending on the number of connections.
•
During configuration of DEC net on a router, it is possible to specify an address translation gateway (ATG) network number in the range 0 to 3. If the atg-network-number argument is specified incorrectly while configuring an interface, the router will reload.
Workaround: Ensure that the atg-network-number argument specified when enabling an interface matches that specified when DECnet routing is enabled globally, for example:
decnet 1 routing 2.3 interface ethernet 0/0 decnet 1 cost 5
EXEC and Configuration Parser
•
A router crashes when using the username command under the following conditions:
If you enter a long username, type a shortened form of the password keyword, and then press the Tab key to complete the password keyword, the router will crash.
IBM Connectivity
•
A Cisco 7206 router running Cisco IOS Release 11.3(9)T configured for DLSw priority peers may crash with a bus error. There is no workaround.
•
Console message flooding may occur when an XID3 loop occurs with APPN in the router. The following messages are repeated for each iteration of the loop:
%APPN-3-logcsCS_XXXXIP11_LOGMSG_01: CS - Sending Alert to MS, sense_code = 83E0001, proc_name = XXXXIP32, port_name = HMAC04, ls_name = @LS00289%APPN-3-logcsCS_XXXXIP11_LOGMSG_03: CS - Associated outbound XID data in alert (length >= 29):%APPN-3-Error: 327307700000000000F7C1000000008000010B510005000000000007000E11F4C4C5C2E5D4E4F0F04BD5D5C 3C9D7F0F110380037110C0804F1F2F0F0F0F00908F0F0F0F0F0F0F01406C3C9E2C3D640C1D7D7D540D5D561 C4D3E4D90F0FC3C9E2C3D640C1D7D7D540D5D52207000000083E0001 %APPN-3-logcsCS_XXXXIP11_LOGMSG_05: CS - Associated inbound XID data in alert (length >= 29):%APPN-3-Error: 326705D56F010000B00810000000000000010B410005B800000000070010370023110C0804F0F3F0F0F0F00 F06D4E240E2D5C140E2C5D9E5C5D90908F0F0F0F0F0F0F0131103100010F0F0F0F0F0F0F0F0F0F0F0F0F00E 0FF4C4C5C2E5D4E4F0F04BC3E3F5F6C6Workaround: Disable console logging.
•
The router crashes with a bus error when executing the show dlsw circuit command and there is a circuit with a local RIF of 18 bytes.
This is a regression introduced by CSCdk83294.
•
DLSw Lite (LLC2 encapsulation) peers leak CLS connect request buffers.
Workaround: Use a different peer type. This will free an outstanding connect request if additional requests are received while the first is still pending.
•
An APPN router may run out of memory because of unnecessary LFSID table expansion for some DLUR links to downstream PU2.0s. This problem can occur after DLUR takeover or if the DLUR-PU had previously received a "dactpu not final use" message from the DLUS.
•
In a rare situation, a Cisco router may crash in the TCPD routines or managed timer. There is no workaround.
Interfaces and Bridging
•
When router traffic and thus memory usage is heavy, a router may crash in frf9_preComp().
Workaround: Disable compression, use a different type of compression, or tune the memory tuning.
•
In Cisco IOS Releases 11.3(8.5) to 11.3(10.4), and 11.3(8.5)T through 11.3(10.4)T, all RSM and RSP platforms that use a VIP2/PA-4R IBM2692 adapter will potentially ignore non-RIF Token Ring packets, because the VIP Token Ring driver incorrectly classifies these packets as runts and drops them.
This is a regression introduced by CSCdk64195.
•
An overwrite issue in the BSS area with FDDI modules equipped can cause a router to crash.
IP Routing Protocols
•
IP access lists fail to block pings on interfaces configured for policy routing with IP route-cache policy enabled.
•
ARP to a Cisco 2500 series router running Cisco IOS Release 11.2(17) or 12.0(3.7) fails on the serial interface when bridging is enabled, and the router is reloaded. This problem was seen on the following topology:
----Ethernet----Cisco 2500 series router---serial interface---Cisco 2500 series router---Ethernet---
The workaround is to remove and reenter the IP address on the serial interface.
•
Some IP fragments may be incorrectly filtered out by access lists.
•
If you are redistributing OSPF routes into any other routing protocol, the redistributed routes do not include NSSA external routes. There is no workaround.
•
DNS replies passing from inside to outside by way of NAT are not NAT-translated correctly in many cases. There is no workaround.
ISO CLNS
•
Under certain circumstances, Cisco routers running Cisco IOS Release 11.3(9)T may stop receiving packets on interfaces. This happens when CLNS packets with an N-selector of 0x20 (the DECnet NSP protocol selecter) are received by the router and the decnet conversion command has not been enabled or configured correctly.
If this happens, the show interface command displays a full input queue and a number of dropped packets (for example: input queue 76/75, 122 drops).
When the input queue is full and the interface stops receiving packets, the only workaround is to reload the router.
Miscellaneous
•
The NM-1FE-TX fails to autonegotiate properly when connected through an SMF connector.
Workaround: Manually set the speed to 100 using the following new speed command. By default, the command is configured as speed auto.
[no] speed {10 | 100 | auto}
•
A race condition can occur between the processes that tried to get connection status and dropped packet information from the VIP.
Workaround: Put in a semaphore to prevent multiple processes from accessing the globals used at the same time.
•
Configuring PPP encapsulation on an interface and then making that interface a member of a bridge group causes tracebacks and "fair-queue not initialized properly" messages.
Workaround: Remove bridging from the interface or turn off fair queueing.
00:06:39: -Traceback= 601C9C58 602015E0 60556558 60553958 6021D034 6021D02000:06:39: Fair Queue:packet not initialized properly: 0, 0 , 3800:06:39: -Traceback= 601C9C58 602015E0 60556558 60553958 6021D034 6021D02000:06:39: Fair Queue:packet not initialized properly: 0, 0 , 3800:06:39: -Traceback= 601C9C58 602015E0 60556558 60553958 6021D034 6021D02000:06:40: Fair Queue:packet not initialized properly: 0, 0 , 3800:06:40: -Traceback= 601C9C58 602015E0 60556558 60553958 6021D034 6021D02000:06:40: Fair Queue:packet not initialized properly: 0, 0 , 3800:06:40: -Traceback= 601C9C58 602015E0 60556558 60553958 6021D034 6021D02000:06:40: Fair Queue:packet not initialized properly: 0, 0 , 3800:06:40: -Traceback= 601C9C58 602015E0 60556558 60553958 6021D034 6021D02000:06:40: Fair Queue:packet not initialized properly: 0, 0 , 3800:06:40: -Traceback= 601C9C58 602015E0 60556558 60553958 6021D034 6021D02000:06:40: Fair Queue:packet not initialized properly: 0, 0 , 3800:06:40: -Traceback= 601C9C58 602015E0 60556558 60553958 6021D034 6021D020•
After a router is reloaded, ESA can not re-establish active crypto connections.
Workaround: Remove the crypto map, reload the router again, and then re-apply the crypto map.
•
A Cisco 3600 series router with a 4T card configured for DTR goes down because the DTR downtime is too short.
•
A Cisco 7500 series router running virtual profiles continually resets the ciscoBus (cBus).
The first message is "%RSP-3-RESTART: interface Serial4/0:1, output stuck." shortly before the cBus resets. To see more detailed information, use the debug cbus command.
This BUS resetting also causes all attached controllers to loose connectivity. Then, the only way to access the device is through the console port.
•
On a router running Cisco IOS Release 11.3(9.2), you cannot change the MTU size of a tunnel interface. CSCdk15279 permitted this ability to exceed the MTU size of the physical interface, which is 24.
Workarounds:
•
•
Once this workaround is issued, there should be no problems in the event of a router reboot because the ip mtu command is parsed before the tunnel destination.
•
If a router running CET encryption has many connection setup attempts happening at once, some may time out prematurely. Also, some connection setup attempts may not set up properly.
Novell IPX, XNS, and Apollo Domain
•
Routers running IPX and EIGRP on Cisco IOS Release 11.2 or greater can experience crashes when there is a high frequency of interface up/down transitions, especially with dial-up interfaces.
Workaround: Disable IPX EIGRP.
VINES
•
Cisco 2500 series and Cisco 4000 series routers (68000-based routers) might reload a few minutes after VINES Sequenced Routing Update Protocol (SRTP) is configured.
Workaround: Do not use VINES SRTP. If it is enabled, disable it by issuing the no vines srtp-enabled command.
Wide-Area Networking
•
DDR with the dialer dtr command does not reset DTR to a down state after an unsuccessful call attempt. (
Guest
