Table Of Contents
Caveats for Cisco IOS Release 12.0
Resolved Caveats—Cisco IOS Release 12.0(28d)
Resolved Caveats—Cisco IOS Release 12.0(28c)
Resolved Caveats—Cisco IOS Release 12.0(28b)
Resolved Caveats—Cisco IOS Release 12.0(28a)
Open Caveats—Cisco IOS Release 12.0(28)
Resolved Caveats—Cisco IOS Release 12.0(28)
Resolved Caveats—Cisco IOS Release 12.0(27)
Resolved Caveats—Cisco IOS Release 12.0(26)
Resolved Caveats—Cisco IOS Release 12.0(25)
Resolved Caveats—Cisco IOS Release 12.0(24)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.0(23)
Resolved Caveats—Cisco IOS Release 12.0(22)
Resolved Caveats—Cisco IOS Release 12.0(21a)
Resolved Caveats—Cisco IOS Release 12.0(21)
Resolved Caveats—Cisco IOS Release 12.0(20a)
Resolved Caveats—Cisco IOS Release 12.0(20)
Resolved Caveats—Cisco IOS Release 12.0(19a)
Resolved Caveats—Cisco IOS Release 12.0(19)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.0(18a)
Resolved Caveats—Cisco IOS Release 12.0(18b)
Resolved Caveats—Cisco IOS Release 12.0(18)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.0(17a)
Resolved Caveats—Cisco IOS Release 12.0(17)
Resolved Caveats—Cisco IOS Release 12.0(16b)
Resolved Caveats—Cisco IOS Release 12.0(16a)
Resolved Caveats—Cisco IOS Release 12.0(16)
Resolved Caveats—Cisco IOS Release 12.0(15b)
Resolved Caveats—Cisco IOS Release 12.0(15a)
Resolved Caveats—Cisco IOS Release 12.0(15)
Resolved Caveats—Cisco IOS Release 12.0(14a)
Resolved Caveats—Cisco IOS Release 12.0(14)
Resolved Caveats—Cisco IOS Release 12.0(13a)
Resolved Caveats—Cisco IOS Release 12.0(13)
Resolved Caveats—Cisco IOS Release 12.0(12a)
Resolved Caveats—Cisco IOS Release 12.0(12)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.0(11a)
Resolved Caveats—Cisco IOS Release 12.0(11)
Resolved Caveats—Cisco IOS Release 12.0(10a)
Resolved Caveats—Cisco IOS Release 12.0(10)
Resolved Caveats—Cisco IOS Release 12.0(9a)
Resolved Caveats—Cisco IOS Release 12.0(9)
Resolved Caveats—Cisco IOS Release 12.0(8b)
Resolved Caveats—Cisco IOS Release 12.0(8a)
Resolved Caveats—Cisco IOS Release 12.0(8)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.0(7a)
Resolved Caveats—Cisco IOS Release 12.0(7)
Resolved Caveats—Cisco IOS Release 12.0(6b)
Resolved Caveats—Cisco IOS Release 12.0(6)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.0(5a)
Resolved Caveats—Cisco IOS Release 12.0(5)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.0(4b)
Resolved Caveats—Cisco IOS Release 12.0(4)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.0(3d)
Resolved Caveats—Cisco IOS Release 12.0(3)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.0(2b)
Resolved Caveats—Cisco IOS Release 12.0(2)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.0(1b)
Cisco Product Security Overview
Reporting Security Problems in Cisco Products
Product Alerts and Field Notices
Obtaining Technical Assistance
Cisco Technical Support & Documentation Website
Definitions of Service Request Severity
Obtaining Additional Publications and Information
Caveats for Cisco IOS Release 12.0
August 18, 2006
Cisco IOS Release 12.0(28d)
Text Part Number OL-2060-07 Rev. H0
This document lists severity 1 and 2 caveats and select severity 3 caveats for Cisco IOS Release 12.0, up to and including Release 12.0(28d). Caveats describe unexpected behavior or defects in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious.
To improve this document, we would appreciate your comments. If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically at http://www.cisco.com/feedback/ or contact caveats-doc@cisco.com. For more information, see the "Documentation Feedback" section.
How to Use This Document
This document describes open and resolved severity 1 and 2 caveats and select severity 3 caveats:
•
The "Open Caveats" section lists open caveats that apply to the current release and may apply to previous releases.
•
Within the sections the caveats are sorted by technology in alphabetical order. For example, AppleTalk caveats are listed separately from, and before, IP caveats. The caveats are also sorted alphanumerically by caveat number.
For more information on caveats and features in Cisco IOS Release 12.0, see the following sources:
•
•
•
•
•
Note
The following table lists the most recent release notes when this caveats document was published:
Resolved Caveats—Cisco IOS Release 12.0(28d)
Cisco IOS Release 12.0(28d) is a rebuild of Cisco IOS Release 12.0(28). All caveats in this section have been resolved in Cisco IOS Release 12.0(28d) but may be open in previous Cisco IOS releases.
IP Routing Protocols
•
Symptoms: A router may reset its Border Gateway Protocol (BGP) session.
Conditions: This symptom is observed when a Cisco router that peers with other routers receives an Autonomous System (AS) path with a length that is equal to or greater than 255.
Workaround: Configure the bgp maxas limit command in such as way that the maximum length of the AS path is a value below 255. When the router receives an update with an excessive AS path value, the prefix is rejected and recorded the event in the log.
Miscellaneous
•
Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.
Cisco has made free software available that includes the additional integrity checks for affected customers.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml.
Resolved Caveats—Cisco IOS Release 12.0(28c)
Cisco IOS Release 12.0(28c) is a rebuild of Cisco IOS Release 12.0(28). All caveats in this section have been resolved in Cisco IOS Release 12.0(28c) but may be open in previous Cisco IOS releases.
IP Routing Protocols
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
Miscellaneous
•
NetFlow Feature Acceleration has been deprecated and removed from Cisco IOS. The global command ip flow-cache feature-accelerate will no longer be recognized in any IOS configuration.
If your router configuration does not currently contain the command ip flow-cache feature-accelerate, this change does not affect you.
The removal of NetFlow Feature Acceleration does not affect any other aspects of Netflow operation, for example Access-list processing. The features are separate and distinct.
Cisco Express Forwarding (CEF) supercedes the deprecated NetFlow Feature Acceleration.
Additionally, the following MIB objects and OIDs have been deprecated and removed from the netflow mib (CISCO-NETFLOW-MIB):
cnfFeatureAcceleration 1.3.6.1.4.1.9.9.99999.1.3
cnfFeatureAccelerationEnable 1.3.6.1.4.1.9.9.99999.1.3.1
cnfFeatureAvailableSlot 1.3.6.1.4.1.9.9.99999.1.3.2
cnfFeatureActiveSlot 1.3.6.1.4.1.9.9.99999.1.3.3
cnfFeatureTable 1.3.6.1.4.1.9.9.99999.1.3.4
cnfFeatureEntry 1.3.6.1.4.1.9.9.99999.1.3.4.1
cnfFeatureType 1.3.6.1.4.1.9.9.99999.1.3.4.1.1
cnfFeatureSlot 1.3.6.1.4.1.9.9.99999.1.3.4.1.2
cnfFeatureActive 1.3.6.1.4.1.9.9.99999.1.3.4.1.3
cnfFeatureAttaches 1.3.6.1.4.1.9.9.99999.1.3.4.1.4
cnfFeatureDetaches 1.3.6.1.4.1.9.9.99999.1.3.4.1.5
cnfFeatureConfigChanges 1.3.6.1.4.1.9.9.99999.1.3.4.1.6Resolved Caveats—Cisco IOS Release 12.0(28b)
Cisco IOS Release 12.0(28b) is a rebuild of Cisco IOS Release 12.0(28). All caveats in this section have been resolved in Cisco IOS Release 12.0(28b) but may be open in previous Cisco IOS releases.
Basic System Services
CSCef46191
Symptoms: A specifically crafted Transmission Control Protocol (TCP) connection to a telnet or reverse telnet port of a Cisco device running Internetwork Operating System (IOS) may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases Hypertext Transport Protocol (HTTP) access to the Cisco device. Telnet, reverse telnet, RSH and SSH sessions established prior to exploitation are not affected.
All other device services will operate normally.
Conditions: User initiated specially crafted TCP connection to a telnet or reverse telnet port results in blocking further telnet sessions. Whereas, services such as packet forwarding, routing protocols and all other communication to and through the device remains unaffected.
Workaround:The detail advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml
IP Routing Protocols
•
A Cisco device running Cisco IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DoS) attack from a malformed BGP packet. Only devices with the command `bgp log-neighbor-changes' configured are vulnerable. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet.
If a misformed packet is received and queued up on the interface, this bug may also be triggered by other means which are not considered remotely exploitable such as the use of the command `show ip bgp neighbors' or running the command `debug ip bgp <neighbor> updates' for a configured bgp neighbor.
Cisco has made free software available to address this problem.
For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20050126-bgp.shtml
Miscellaneous
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
TCP/IP Host-Mode Services
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
Resolved Caveats—Cisco IOS Release 12.0(28a)
Cisco IOS Release 12.0(28a) is a rebuild of Cisco IOS Release 12.0(28). All caveats in this section have been resolved in Cisco IOS Release 12.0(28a) but may be open in previous Cisco IOS releases.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
Open Caveats—Cisco IOS Release 12.0(28)
This section describes possibly unexpected behavior by Cisco IOS Release 12.0(28). All the caveats listed in this section are open in Cisco IOS Release 12.0(28). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: An SA-ENCRYPT service adapter does not function if it is configured with fast switching or Cisco Express Forwarding (CEF).
Conditions: This symptom is observed on a Cisco 7200 series router that uses hardware encryption (Cisco Encryption Technology).
Workaround: Configure the SA-ENCRYPT with process switching.
•
Symptoms: An SNMP query to the ipForward MIB returns an incomplete value with VPN aware SNMP.
Conditions: This symptom is observed when running Cisco IOS Release 12.0(26)S.
Workaround: Use the show ip route command.
•
Symptoms: PING MIB functionality is not working as expected with VPN aware SNMP.
Conditions: This symptom is observed when running Cisco IOS Release 12.0(26)S.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: A router may reload because of a bus error at the FCP transmit process.
Conditions: This symptom is observed under rare circumstances on a Cisco 3640.
Workaround: There is no workaround.
•
Symptoms: Some virtual circuits (VCs) are not added by FPGA/SAR when modified from cell-packing ATM Adaptation Layer 5 (AAL5).
Conditions: This symptom is observed on a Cisco 12000 series router but is not platform dependent.
Workaround: Delete PVCs and reprovision them.
•
Symptoms: A ping does not work when the service-policy interface configuration command is enabled on both ingress and egress interfaces.
Conditions: This symptom occurs only when the set atm-clp command is enabled in an output ATM permanent virtual circuit (PVC) policy of an ip-to-tag interface.
Workaround: Remove the "set atm-clp" configuration.
TCP/IP Host-Mode Services
•
Symptoms: A client browser may encounter a slow response from a virtual web server and a web page may take a long time to load.
Conditions: This symptom is observed when a session pauses indefinitely while a pair of load-balanced web servers are connected using the virtual IP address of the server farm. This symptom is observed only with Fast Ethernet clients.
Workaround: Direct client traffic through a Gigabit Ethernet port.
Wide-Area Networking
•
Symptoms: A Cisco device generates the following message:
%LANE-3-LEC_CONTROL_MSG: Received bad control message on interface ATM1/0.101
Conditions: This symptom is observed when a LAN Emulation (LANE) client on a Cisco device receives wrongly formatted LANE control frames.
Workaround: The LANE client does not have to be brought down because this message usually appears only a few times. However, if the message keeps reappearing, the LANE client can be restarted or the LANE server (LES) can be moved from the Cisco Catalyst 6000 ATM line card to another device.
•
Symptoms: A router may reload because of a bus error.
Conditions: This symptom is observed on a Cisco AS5200.
Workaround: There is no workaround.
•
Symptoms: The use of the X.25 interface may cause multiple resets to be driven across an X.25 over TCP (XOT) connection, thereby preventing transfer of data blocks across the XOT cloud.
Conditions: This symptom is observed on a Cisco 3600 series router that is running Cisco IOS Release 12.0 or Release 12.1.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series router that is utilizing a Route Switch Processor (RSP2) and a Fast Serial Interface Processor (FSIP) may experience a condition where the serial interface broadcast queue becomes wedged. All broadcast traffic is dropped.
Conditions: This symptom is observed on a Cisco 7500 series router that is running the Cisco IOS Release 12.0(26) rsp-jsv-mz image.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(28)
This section describes possibly unexpected behavior by Cisco IOS Release 12.0(28). All the caveats listed in this section are resolved in Cisco IOS Release 12.0(28). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: The echo-cancel coverage command may not be configured in voice-port mode.
Conditions: This symptom is observed on a Cisco MC3810 that is running Cisco IOS Release 12.0(6) or a later release.
Workaround: There is no workaround.
IBM Connectivity
•
Symptoms: A Cisco router may reload unexpectedly due to a software forced reload. This reload was caused by an improperly formatted APPN LOCATE flow, where a length field was too small. This is an error caused by another APPN node, but Cisco IOS does not protect itself against this by validating the length before processing the data. This DDTS adds the length checks.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0(20).
Workaround: There is no workaround except to apply the fix.
IP Routing Protocols
•
Symptoms: Auto-Rendezvous Point (Auto-RP) forwarding may stop working after the state of an interface changes.
Conditions: This symptom is observed on an interface after a route flap occurs.
Workaround: To delete the entries from the IP multicast routing table, enter the clear ip mroute group EXEC command.
Miscellaneous
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
Resolved Caveats—Cisco IOS Release 12.0(27)
This section describes possibly unexpected behavior by Cisco IOS Release 12.0(27). All the caveats listed in this section are resolved in Cisco IOS Release 12.0(27). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
IP Routing Protocols
•
Symptoms: A router that is directly connected to a source may not start registering when the source becomes active, and the (S,G) state may time out on the Route Processor (RP).
Conditions: This symptom is observed on a router that is configured for Protocol Independent Multicast (PIM) and that has an (S,G) entry with the F flag reset.
Workaround: There is no workaround.
Miscellaneous
•
A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.
Cisco has made free software available to address this problem. For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.
•
A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.
Cisco has made free software available to address this problem. For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
Resolved Caveats—Cisco IOS Release 12.0(26)
This section describes possibly unexpected behavior by Cisco IOS Release 12.0(26). All the caveats listed in this section are resolved in Cisco IOS Release 12.0(26). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
IP Routing Protocols
•
Symptoms: The redistribution of unicast routes into Distance Vector Multicast Routing Protocol (DVMRP) may not function properly.
Conditions: This symptom is observed when the ip dvmrp metric metric list access-list-number interface configuration command is executed. This command should allow all unicast routes that are allowed by the value of the access-list-number argument to be redistributed with the value of the metric argument, but only connected routes are advertised.
Workaround: Explicitly configure the unicast routing protocols that must be advertised, as in the following examples:
ip dvmrp metric metric list eigrp
ip dvmrp metric metric list ospf•
Symptoms: A router that is directly connected to a source may not start registering when the source becomes active, and the (S,G) state may time out on the route processor.
Conditions: This symptom is observed on a router that is configured for Protocol Independent Multicast (PIM) and that has an (S,G) entry with the F flag reset.
Workaround: There is no workaround.
Miscellaneous
•
Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.
Cisco has made software available, free of charge, to correct the problem.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
Resolved Caveats—Cisco IOS Release 12.0(25)
This section describes possibly unexpected behavior by Cisco IOS Release 12.0(25). All the caveats listed in this section are resolved in Cisco IOS Release 12.0(25). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms The show process memory EXEC command may display more than 4 GB of used memory. After the process memory counter reaches 4.2 GB, the process memory counter may reset to zero. This behavior causes the line card to think that it has run out of memory and to disable Cisco Express Forwarding (CEF).
Conditions These symptoms are observed on a Cisco 12000 series Internet router that is configured with an Engine 4 (E4) line card that has 256 MB of CPU memory.
Workaround The line card can be brought back up by entering the clear cef linecard slot-number EXEC command. There is no workaround for the memory exhaustion symptom, or to prevent the process memory counter from resetting to 0.
•
Symptoms A buffer leak that is caused by TACACS+ packets may occur in the middle buffer pool of a router and cause the router to run out of memory. The presence of this condition can be verified by entering the show buffers EXEC command or the show buffer pool middle header EXEC command. The show buffers EXEC command may display an output that is similar to the following:
Middle buffers, 600 bytes (total 3236, permanent 25):
11 in free list (10 min, 150 max allowed)
562868 hits, 1109 misses, 41 trims, 3252 created
0 failures (0 no memory)The show buffer pool middle header EXEC command may display an output that is similar to the following:
Buffer information for Middle buffer at 0x6096CF18
data_area 0x1AF0184, refcount 1, next 0x0, flags 0x80
linktype 7 (IP), enctype 1 (ARPA), encsize 14, rxtype 1
if_input 0x0 (None), if_output 0x0 (None)
inputtime 0x0, outputtime 0x0, oqnumber 65535
datagramstart 0x1AF01CA, datagramsize 133, maximum size 756
mac_start 0x1AF01CA, addr_start 0x1AF01CA, info_start 0x0
network_start 0x1AF01D8, transport_start 0x1AF01ECConditions This symptom is observed on a Cisco router that is configured for TACACS+ and that is running Cisco IOS Release 12.0(15).
Workaround There is no workaround.
IP Routing Protocols
•
Symptoms Certain process such as the Standby process may be terminated when a HTTP packet is received on a router.
Conditions This symptom is observed on a Cisco 2600 series.
Workaround Disable the HTTP server process by entering the no ip http server global configuration command.
Resolved Caveats—Cisco IOS Release 12.0(24)
This section describes possibly unexpected behavior by Cisco IOS Release 12.0(24). All the caveats listed in this section are resolved in Cisco IOS Release 12.0(24). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
IBM Connectivity
•
Symptoms If Advanced Peer-to-Peer Networking (APPN) is configured, a router may reload because of a bus error and display the following message that mentions an address:
System restarted by bus error at PC 0x60D32568, address 0xE2D5C5E3
Conditions This symptom is observed on a Cisco 4700 router that is running Cisco IOS Release 12.0(21).
Workaround There is no workaround.
IP Routing Protocols
•
Symptoms A software-forced reload may occur on a router.
Conditions This symptom is observed on a Cisco router when it receives and installs routes that have 25 different subnet masks within the same network into the routing table. The different masks within a network can be displayed by entering the show ip route EXEC command.
Workaround Filter routes that have subnet masks of 31 or 32 by using a prefix list to prevent those routes from being added to the routing table by limiting the number of possible distinct subnet masks to 24.
Miscellaneous
•
Symptoms A Cisco 7500 series router may stop receiving packets on certain interfaces when a Cisco 6500 series switch that is connected through a port channel is reloaded.
Conditions This symptom is observed on a Cisco 7500 router that is connected to a Cisco 6500 series switch through the port channel. This symptom does not occur if the port channel is removed.
Workaround Run normal IP between the Cisco 7500 series router and the Cisco 6500 series switch without the port channel configuration.
•
Symptoms Packet drops may be observed on the serial interface of a Cisco 7500 series router regardless of whether encapsulation (High-Level Data Link Control [HDLC], PPP, Frame Relay, or Switched Multimegabit Data Service [SMDS]) is configured.
Conditions This symptom is observed on the serial interface of a Cisco 7500 series router. This symptom is not observed when a Cisco 7200 series router is used.
Workaround Use a Cisco 7200 series router.
•
Symptoms The following traceback message may be displayed on a router:
%ENT_API-4-NOPARENT
Conditions This symptom is observed on a Cisco 2610 router that has a 1-port ISDN BRI (S/T) WAN interface card (WIC-1B-S/T) and that has the isdn leased-line bri global configuration command configured.
Workaround There is no workaround.
•
Symptom A The clock rate interface configuration command does not support the clock rates of 192 kbps, 250 kbps, 256 kbps, 384 kbps, 512 kbps, and 768 kbps.
Symptom B The clock rate interface configuration command does not support the clock rates of 14400 bps, 28800 bps, 32000 bps, 57600 bps, 115200 bps, 128 kbps, 192 kbps, 250kbps, 384 kbps, and 512 kbps
Condition A Symptom A is observed on a Cisco 2600 series router that has a 1-port serial WAN interface card (WIC-1T) or a 2-port serial WAN interface card (WIC-2T).
Condition B Symptom B is observed on a Cisco 3620 or Cisco 3640 router that has a one-Ethernet, two-WAN card slots network module (NM-1E2W), a two-Ethernet, two-WIC card slots combo port network module (NM-2E2W), a one-Ethernet, one-Token Ring, two-WAN card slots network module (NM-1E1R2W). This symptom is observed when a serial WAN interface such as the WIC-1T or the WIC-2T is installed on the WAN interface card (WIC) slots of the NM-2E2W combo port network module.
Workaround For both symptoms, use Cisco IOS Release 12.0(24).
Novell IPX, XNS, and Apollo Domain
•
Symptoms A router may reload sporadically.
Conditions This symptom is observed on a Cisco router when it forwards a Type20 NetBIOS broadcast packet.
Workaround There is no workaround.
TCP/IP Host-Mode Services
•
Symptoms TCP processing fails in the data repacketizing process and creates inaccurate packets. Symptoms may vary on the application using the TCP transport; a data-link switching (DLSw) circuit disconnects suddenly, and the following error message is displayed if you enter the debug dlsw core command on one for the DLSw routers:
DLSW: Invalid dlsw version 78 (The number 78 is an example and may be any other number.)
If the TCP session is a telnet session to the router, it may pause indefinitely, and the peer may indicate to receive packets with invalid TCP checksum.
Conditions These symptoms are observed when the sender side TCP peer is using Multilink PPP (MLP) for the outgoing link. These symptoms are observed during an attempted TCP retransmission of a message after multiple consecutive TCP packets have been lost (for example, due to a network outage or policing somewhere in the interconnecting network), and TCP data packet reconstruction. These symptoms are observed only with a TCP session directly terminated on this sender side TCP peer, not with any traffic passed through the router.
Workaround Disable MLP on the outbound interface.
Wide-Area Networking
•
Symptoms A router may pause indefinitely or reload if the clear ip tcp header-compression EXEC command is entered after the no frame-relay ip tcp header-compression interface configuration command is configured. This symptom will not occur if the clear ip tcp header-compression EXEC command is entered without the no frame-relay ip tcp header-compression interface configuration command configured on the router.
Conditions This symptom is observed on a Cisco router if the clear ip tcp header-compression EXEC command is entered after the no frame-relay ip tcp header-compression interface configuration command is configured.
Workaround There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(23)
This section describes possibly unexpected behavior by Cisco IOS Release 12.0(23). All the caveats listed in this section are resolved in Cisco IOS Release 12.0(23). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms An ISDN interface status remains in the ESTABLISH_AWAITING_TEI state. The interface does not come up and does not pass any traffic.
Conditions This symptom is observed on a Cisco 1604 router that is running Cisco IOS Release 12.2(10.1)T.
Workaround There is no workaround.
IBM Connectivity
•
Symptoms A Cisco 7200 series router reloads because of a memory corruption.
Conditions This symptom is observed in a configuration in which a central router that is running data-link switching plus (DLSw+) is receiving an unnumbered information (UI) frame together with a destination service access point (DSAP) that has a value of AA and a source service access point (SSAP) that has a value of AA from a DLSw+ remote peer. Under certain conditions, the central router computes an internal variable incorrectly and, as a result, may reload. This situation is specific to a configuration with DLSw+.
Workaround Configure the dlsw icannotreach saps aa global configuration command on the central DLSw+ router to eliminate UI frames from the service access points that have a value of AA on the DLSw+ network.
IP Routing Protocols
•
Symptoms A router that receives a gratuitous Address Resolution Protocol (ARP) for a static ARP entry with an alias keyword reloads because of a bus error.
Conditions Further conditions under which these symptoms occur are not known at this time.
Workaround Do not use an alias keyword on a static ARP entry. An alias keyword allows the router to answer ARP requests for the static ARP entry, but in many cases an alias keyword is not required because the router must have the static ARP entry only for its own use.
Interfaces and Bridging
•
Symptoms Tracebacks occur.
Conditions This symptom is observed when you enable Multilink PPP on some interfaces on a PA-MC-2T3 card together with distributed Cisco Express Forwarding (dCEF).
Workaround There is no workaround.
Miscellaneous
•
Symptoms A memory leak occurs on a router.
Conditions This symptom is observed on a Cisco router that is running Cisco IOS Release 12.1(8). The symptom occurs at the "logger" process. There is also increased utilization in the "tty background" process. This is seen when the show process cpu EXEC command is issued.
Workaround Disable "logging synchronous" under the vty, aux, and console ports. For example, to disable "logging synchronous" under the console port, enter the line con 0 no logging synchronous command.
•
Symptoms You cannot configure the burst-max argument of the police bps burst-normal burst-max command and the burst-max argument accepts only the default value, which is the same as the value of the burst-normal argument. When you reload the router with the police command enabled, the running configuration is cleared.
Conditions This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.0 or Release 12.0(21)S1.
Workaround There is no workaround.
•
Symptoms With ports that are enabled for automatic protection switching (APS), the working or the protect status—or both the working and the protect status of the ports—display incorrectly the message "Port stat (w,p): (Signal Fail, Signal Fail)" when you enter the show aps or show controllers atm command.
Conditions This symptom is observed when virtual circuits (VCs) are up and active, ports are able to perform a cutover upon failure, traffic is passing, and you associate slots in APS redundancy mode before you configure permanent virtual connections (PVCs) on the APS-enabled ports. This situation will typically happen only when you use TFTP to copy the configuration in.
Workaround Configure the VCs before you associate the slots for APS.
Alternate Workaround If you need to associate slots for APS before you create VCs, enter the commands manually or use cut-and-paste to copy the command in.
Wide-Area Networking
•
Symptoms Up/Down status messages are displayed on the console.
Conditions This symptom is observed when PPP calls the interface reset vector while the Link Control Protocol (LCP) is configured or closes. If a leased-line configuration is up but the peer is not responding, PPP may call the interface reset vector approximately once per minute. This situation may result in Up/Down status messages on the console.
This DDTS adds the new no ppp link reset command to disable calls to the interface reset vector. PPP will continue to attempt to negotiate with the peer, but the interface will not be reset between each attempt.
Workaround There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(22)
This section describes possibly unexpected behavior by Cisco IOS Release 12.0(22). All the caveats listed in this section are resolved in Cisco IOS Release 12.0(22). This section describes severity 1 and 2 caveats and select severity 3 caveats.
Basic System Services
•
A Cisco router may reload because of a timer corruption. There is no workaround.
IBM Connectivity
•
A Cisco router that is configured for data-link switching plus (DLSw+) promiscuous peering may reload if peers disconnect.
Workaround: Disable DLSw+ promiscuous peering and configure static DLSw+ peering instead.
IP Routing Protocols
•
When the no ip host-routing global configuration command is issued in configuration terminal mode on a networking device, the ip host-routing global configuration command is enabled. If routing is disabled, the networking device will stop all forms of routing and remove static routes that are defined in the configuration.
Workaround: To issue the no ip host-routing global configuration command, first enable the command using the ip host-routing global configuration command and then disable the command immediately using the no ip host-routing global configuration command. Do not exit the global configuration mode before issuing the no ip host-routing global configuration command.
Miscellaneous
•
The logging synchronous line configuration command may cause logging to stop.
Workaround: Remove this command.
•
A Route Switch Module (RSM) that is running Cisco IOS Release 12.0(20) may experience alignment error corrections at the rsp_ipfib_feature_switch process.
Workaround: To clear this condition, disable IP Cisco Express Forwarding (CEF) and use fast switching instead.
•
A Cisco 7500 series router that is configured with the main interface in backup and subinterfaces with the same IP address has different behavior at boot-up between Cisco IOS Release 11.3(11)WA4(14) and Cisco IOS Release 12.0. During operation of the router, the duplicate IP addresses can be configured in both versions of Cisco IOS software. However, at boot-up the duplicate IP addresses are removed from the configuration in Cisco IOS Release 12.0.
Workaround: Manually configure the affected interfaces again after the reboot.
•
On a Cisco 2600 router that has a 2-port serial low-speed asynchronous and synchronous WAN interface card (WIC 2 A/S) that is configured for binary synchronous communications (BISYNC) on port 0 and the physical-layer async interface configuration command is configured on port 1, the clear to send (CTS) signal on port 0 is inverted for a short period of time when BISYNC polling is started after the router is reloaded. This behavior causes an ATM machine to enter an error recovery mode and may prevent the ATM machine from recovering and reestablishing proper communication with the router.
The configuration of the physical-layer async interface configuration command on port 1 overwrites the hardware configuration on port 0 that controls the CTS signals for port 0 and may interfere with CTS hardware configuration on ports that have been previously configured. This behavior affects the 2-port serial WAN interface card (WIC-2T).
Workaround: After the ports have been initialized through a reload, or if the physical-layer async interface configuration command is entered or removed from the configuration of a port, entering the shutdown interface configuration command followed by the no shutdown interface configuration command on the serial interfaces will reinitialize the hardware settings.
Wide-Area Networking
•
A Cisco 1600 series router may reload unexpectedly if a previously configured Frame Relay map class is unconfigured using the no map-class frame-relay map-class-name global configuration command. This condition occurs even if the Frame Relay map class is not applied to an interface. Other router platforms that has this condition may experience an alignment error instead of reloading. There is no workaround.
•
A ping from one router causes the B-channel on the other to go up and down. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(21a)
Cisco IOS Release 12.0(21a) is a rebuild of Cisco IOS Release 12.0(21). All caveats in this section have been resolved in Cisco IOS Release 12.0(21a) but may be open in previous Cisco IOS releases.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.0(21)
All the caveats listed in this section are resolved in Cisco IOS Release 12.0(21). This section describes severity 1 and 2 caveats and select severity 3 caveats.
IBM Connectivity
•
A router that is running Cisco IOS Release 12.0(17) using Advanced Peer-to-Peer Networking (APPN) network node (NN) software that is configured for the Dependent LU Requester/Server (DLUR/DLUS) functionality may experience a bus error reload with the following message:
System was restarted by bus error at PC 0x60B4BD80, address 0xF0F1C4F8 RSP Software (RSP-AJSV-M), Version, RELEASE SOFTWARE (fc1) Compiled by nmasa Image text-base: 0x60010930, data-base: 0x6108A000
There is no workaround.
IP Routing Protocols
•
A Cisco router may reload when the show ip bgp neighbor EXEC command is executed. There is no workaround.
•
Multicast traffic stops after the shutdown interface configuration command is entered followed by the no shutdown command interface configuration command on a Packet over SONET (PoS) interface. This condition may occur when any link-up or link-down event takes place.
Workaround: To clear this condition, enter the clear ip mroute * EXEC command on the PoS interface.
•
A Route Switch Processor (RSP) that is running Cisco IOS Release 12.0(20.2)ST may reload when the show ip mroute command is executed. There is no workaround.
Miscellaneous
•
Layer 2 Tunneling Protocol (L2TP) and Generic Routing Encapsulation (GRE) tunnels fail to operate correctly on a Cisco 7500 series router that is running centralized Cisco Express Forwarding (CEF). L2TP tunnels fail completely, whereas packets switched through a GRE tunnel will be fast or process switched.
Workaround: Enable distributed CEF switching.
•
In a Cisco Catalyst 2820 series switch, if a packet is received over an RFC 1483 permanent virtual circuit (PVC) with less than 46 bytes, it will not be padded to the minimum Ethernet frame size of 64 bytes and will be discarded. There is no workaround.
•
The IOS Firewall feature set, also known as Cisco Secure Integrated Software, also known as Context Based Access Control (CBAC), and introduced in IOS version 11.2P, has a vulnerability that permits traffic normally expected to be denied by the dynamic access control lists.
This vulnerability is documented as Cisco Bug ID CSCdv48261.
No other Cisco product is vulnerable.
There is no workaround.
This advisory is available at http://www.cisco.com/warp/public/707/IOS-cbac-dynacl-pub.shtml
•
A Cisco Route Switch Module (RSM) that is running Cisco IOS Release 12.0(16) may experience memory allocation (MALLOC) failures that point to Cisco Express Forwarding (CEF) as the process even after CEF has been disabled. There is no workaround.
•
When multicast traffic is routed through a Cisco 12000 router via an E2 line card at the ingress interface, the output interface byte and packet counts are not incremented correctly if the ingress E2 card is configured for multicast hardware switching. This condition will occur only if fast switching is used with multicast hardware switching enabled and will not occur if only fast switching is used.
Workaround: Do not configure the ip multicast hw-accelerate feature on E2 line cards.
TCP/IP Host-Mode Services
•
When a file transfer is initiated from a front-end processor (FEP) that is attached to a Cisco 7204 router and destined to an FEP that is attached to a Cisco 2612 router, the show tcp EXEC command does not show retransmitted packets or that the retransmission timeout timer is waking up. Several acknowledgements (ACKs) are seen when the show tcp brief [all] EXEC command is entered. In Cisco IOS Release 12.2(4.2), a large number of "fast transmitted" packets are shown on the Cisco 7204 when the show tcp EXEC command is entered. This condition occurred while Cisco IOS Release 12.0(7)T is running on both the Cisco 7204 FEP and the Cisco 2612 FEP that are connected through a Fast Ethernet (FE) connection with equal cost and the Enhanced Interior Gateway Routing Protocol (EIGRP) enabled.
Workaround: Eliminate equal cost network paths.
Wide-Area Networking
•
A Frame Relay over ISDN call fails if the data-link connection identifier (DLCI) on the subinterface is in an inactive state. This situation does not occur at the interface level.
Workaround: Configure the permanent virtual circuit (PVC) at the main interface rather than at the subinterface.
•
Backup delay may fail to work when the functionality is configured on a subinterface. There is no workaround.
•
A Cisco 3640 router may reload after several hours in production. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(20a)
Cisco IOS Release 12.0(20a) is a rebuild of Cisco IOS Release 12.0(20). All caveats in this section have been resolved in Cisco IOS Release 12.0(20a) but may be open in previous Cisco IOS releases.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.0(20)
All the caveats listed in this section are resolved in Cisco IOS Release 12.0(20). This section describes severity 1 and 2 caveats and select severity 3 caveats.
Miscellaneous
•
When a crashinfo buffer is created, all commands that are entered before a reload are saved and stored in the buffer. Rivest, Shamir, and Adleman (RSA) or Digital Signature Standard (DSS) keys that are meant to be stored in NVRAM may be displayed in the crashinfo buffer. There is no workaround.
•
On a Cisco LightStream LS1010 switch that is equipped with circuit emulation service (CES) port adapters, the shutting down of the constant bit rate (CBR) interface does not affect the devices that are connected to it. There is no workaround.
•
There may be a loss of connectivity above Layer 1 after an E1 device that is connected to a circuit emulation service (CES) port is reset.
Workaround: Enter the shutdown command followed by the no shutdown command on the constant bit rate (CBR) interface.
•
When source-route bridging (SRB) is configured for Systems Network Architecture (SNA) traffic while integrated routing and bridging (IRB) is enabled on a Token Ring interface on a Cisco 2600 router, the router may experience problems sending IP traffic to the Token Ring interface.
Workaround: Use a Cisco IOS release that precedes release 12.0(15).
•
One side of a circuit emulation service (CES) E1 Port of a Cisco LightStream LS1010 switch connection may remain consistently in the YELLOW alarm or ALARM INTEGRATION state. There is no workaround.
TCP/IP Host-Mode Services
•
A Cisco AS5300 access server that is running Cisco IOS Release 11.3T or 11.3(10.06)AA may experience a software-forced reload with an error at PC 0x60201340. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(19a)
Cisco IOS Release 12.0(19a) is a rebuild of Cisco IOS Release 12.0(19). All caveats in this section have been resolved in Cisco IOS Release 12.0(19a) but may be open in previous Cisco IOS releases.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.0(19)
All the caveats listed in this section are resolved in Cisco IOS Release 12.0(19). This section describes severity 1 and 2 caveats and select severity 3 caveats.
Basic System Services
•
A Cisco router may reload with the following error message:
System restarted by bus error at PC 0x6095B070, address 0xEF4321CD
There is no workaround.
IBM Connectivity
•
A Cisco 7206 router that is running Cisco IOS Release 12.0(15) may reload because of a bus error exception at PC 0xD0D0D7D because of a data-link switching Plus (DLSw+) installation that is using Qualified Logical Link Control (QLLC) as a Data Link Control (DLC). There is no workaround.
Interfaces and Bridging
•
A Cisco router that is configured for Inter-Switch Link (ISL) may send Logical Link Control (LLC) packets back on the same subinterface. There is no workaround.
IP Routing Protocols
•
Multicast distributed switching (MDS) does not function properly with ATM subinterfaces.
Workaround: Use process switching.
•
A Cisco router may fail while trying to change an interface IP address or during startup when overlapping network statements exist in an Open Shortest Path First (OSPF) configuration.
Workaround: Remove the extra network statement from the OSPF configuration.
•
A Cisco 7200 series router may reload with a bus error in ipigrp2_ager while running Enhanced Interior Gateway Routing Protocol (EIGRP). There is no workaround.
•
The Open Shortest Path First (OSPF) database may not create the necessary entries to resubmit an OSPF interarea route.
Workaround: Clear the OSPF process.
•
A Cisco router that is running Cisco IOS Release 12.0(13)S2 may reload because of a bus error when receiving a Border Gateway Protocol (BGP) update with an extended as_path length. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.0(17.6) may reload with a bus error at function bgp_delete_path. There is no workaround.
Miscellaneous
•
A Cisco router may reload when bad packets, whose datagram size is smaller than the IP total length carried in the IP header, are received by the router and also classified for encryption. This situation affects Cisco Encryption Technology (CET) only and does not affect IP Security (IPSec).
Workaround: Upgrade to Cisco IOS Release 12.1(4).
•
If ATM permanent virtual connection (PVC) traps are enabled on a Cisco 7200 series router that is running Cisco IOS Release 12.0 or 12.0 S, the value for the atmIntfCurrentlyFailingPVcls MIB object may not be correct. There is no workaround.
Novell IPX, XNS, and Apollo Domain
•
Internetwork Packet Exchange (IPX) Enhanced Interior Gateway Routing Protocol (EIGRP) may experience a memory leak related to IPX routing instability. There is no workaround.
Wide-Area Networking
•
A bus error may occur at bootup on a Cisco Route Switch Processor 1 (RSP1) with some interface processors (IPs) such as a Versatile Interface Processor 2-40 (VIP2-40) or a Fast Ethernet Interface Processor 2 (FEIP2).
Workaround: Perform an online insertion and removal (OIR) after booting up without them.
Alternate workaround: Use the Cisco IOS release that contains the fix for this caveat. Both the Cisco IOS image and the boot image must be upgraded.
Resolved Caveats—Cisco IOS Release 12.0(18a)
Cisco IOS Release 12.0(18a) is a rebuild release for Cisco IOS Release 12.0(18). The caveats in this section are resolved in Cisco IOS Release 12.0(18a), but may be open in previous Cisco IOS releases.
•
Multicast Distributed Switching (MDS) may not function correctly with ATM subinterfaces.
Workaround: Configure process switching for ATM subinterfaces.
•
A Cisco router may reload and display the following error message:
System restarted by bus error at PC 0x6095B070, address 0xEF4321CD
There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(18b)
Cisco IOS Release 12.0(18b) is a rebuild of Cisco IOS Release 12.0(18). All caveats in this section have been resolved in Cisco IOS Release 12.0(18b) but may be open in previous Cisco IOS releases.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.0(18)
All the caveats listed in this section are resolved in Cisco IOS Release 12.0(18). This section describes severity 1 and 2 caveats and select severity 3 caveats.
Basic System Services
•
NetFlow and distributed Cisco Express Forwarding (dCEF) do not function properly on an Enhanced Gigabit Ethernet Interface Processor (GEIP+) with 256 MB DRAM. There is no workaround.
•
Timer-based Simple Network Management Protocol (SNMP) features, such as SNMP ping MIB or Config Copy MIB, may cause the router to experience an unexpected reload.
Workaround: Disable SNMP.
EXEC and Configuration Parser
•
When downloading large amounts of character mode traffic from a telnet client, the CPU utilization for the corresponding EXEC session on a Cisco AS5300 series access server increases to over 90 percent. There is no workaround.
IBM Connectivity
•
A Cisco router running data-link switching (DLSw) with TCP encapsulation might restart with the following error message when the TCP connection to the peer router is congested:
System restarted by bus error at PC 0x60735548, address 0xD0D0D21
Workaround: Avoid congested TCP connections to the DLSw peer router.
Interfaces and Bridging
•
A Cisco 7206VXR router with an NPE-300 Network Processing Engine, an enhanced ATM PA-OC-3 port adapter, and ATM subinterfaces may intermittently experience a situation in which the ATM permanent virtual circuit (PVC) at one subinterface starts dropping the packets from the output queue. Cisco Express Forwarding (CEF) and fast switching are not being used in this situation. The PVC stays up and sends the traffic originated by the Cisco 7206VXR that is not experiencing this situation.
Workaround: Reenter the atm pvc interface configuration command on the ATM subinterfaces.
IP Routing Protocols
•
When rendezvous point (RP) mapping information that is generated by a Bootstrap Router (BSR) is manually cleared for redundant RPs that are configured for the same group, the relearned information may be inconsistent with other routers in the network. There is no workaround.
•
A Cisco router running Open Shortest Path First (OSPF) as the routing protocol may experience a software forced reload under normal conditions. To determine if the reload was caused by this defect, look at the crashinfo file saved to boot flash memory.
Check for one of the following error messages:
%SYS-3-BADBLOCK: Bad block pointer
%SYS-6-BLKINFO: Freespace does not end at end of the pool blk
There is no workaround.
Miscellaneous
•
When you have two external or summary routes with the same network number but a different mask in the Open Shortest Path First (OSPF) database, and the most specific route is removed from the routing table, these two routes are still visible in the OSPF database. The route that was removed from the routing table should also be removed from the database.
Workaround: Remove the OSPF configuration, and then put it back in again.
•
Line cards on distributed platforms (Cisco 12000 series Internet router and Cisco 7500 series Internet router) may experience memory allocation failures if they cannot transfer status and statistics data quickly enough to the route processor (RP). A code fix will be applied to Cisco IOS Release 12.1 and 12.2 that limits the size of the queue to prevent this problem. There is no workaround.
•
A Cisco 3640 router with an NM-4T network module that is connected back-to-back through a serial interface to another Cisco 3640 router with another NM-4T network module starts to drop packets in the input queue of the data communications equipment (DCE) side of the serial interface after approximately two weeks of normal operation.
The number of packets dropped in the input queue coincides exactly with the number of packets marked as "no buffer" in the output of the show interfaces serial [interface]. Throttles are also reported in this interface as well as input errors. The number of input errors coincides with the number of overruns. This situation does not affect the data terminal equipment (DTE) side of the connection.
Workaround: Reload the router. Momentarily shutting down the interface does not work.
•
The Open Shortest Path First (OSPF) protocol may not flush redistributed external information when a route that is supplied by another protocol disappears from the routing table. This condition occurs only under rare circumstances.
Workaround: Manually force the OSPF protocol to check redistributed information by issuing the clear ip ospf redistribution command.
•
A Cisco 3600 series router with a 1-Port T1/Fractional T1 integrated data service unit/channel service unit (DSU/CSU) WAN interface card (WIC-1DSU-T1) may experience an uncommanded increase in time-slot speed from 56-kbps to 64-kbps. The command output of the show service-module command may continue to indicate that the speed is set to 56-kbps even though the speed has increased. In this situation, the serial line will be in an up/down state.
Workaround: Set the time-slot speed to 64-kbps and then back to 56-kbps.
Novell IPX, XNS, and Apollo Domain
•
A Cisco 4500 series router may have its memory fragmented because of Internetwork Packet Exchange (IPX). There is no workaround.
•
When a Service Advertising Protocol (SAP) general query is sent to a network that has Routing Information Protocol (RIP) disabled through the ipx router {rip} global configuration command and the no network router configuration command, a mid-sized buffer is lost.
Workaround: Do not disable RIP or use the no ipx linkup-request {sap} interface configuration command.
TCP/IP Host-Mode Services
•
A TCP timer problem may occur on a Cisco router that is running Cisco IOS Release 12.0 S, causing the router to reload. This situation occurs when the router is under a heavy traffic load combined with a configuration that includes a large number of TCP sessions: for example, hundreds of Border Gateway Protocol (BGP) peers or a Voice over IP (VoIP) proxy gatekeeper.
Workaround: Disable the ip tcp path-mtu discovery feature by entering the no ip tcp path-mtu-discovery command.
Wide-Area Networking
•
A Cisco router that is configured for X.25 over TCP (XOT) services may experience internal memory allocation failure traceback messages and may eventually reload. The show x25 services command will show that XOT is configured, but not in use. The show x25 context command will show the XOT context in R/Inactive state. There is no workaround.
•
A queue on a BRI may become stuck after a few hundred ping tests between routers across the interface. As a result of this error, the BRI is unable to detect the interfaces and routers on either side of the BRI. This error has been observed during normal operation. There is no workaround.
•
A Cisco 2600 series router that is running Cisco IOS 12.0(9) and implementing X.25 and X.25 over TCP (XOT) may experience a software-forced reload because of a segmentation violation (SegV) exception. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(17a)
Cisco IOS Release 12.0(17a) is a rebuild of Cisco IOS Release 12.0(17). All caveats in this section have been resolved in Cisco IOS Release 12.0(17a) but may be open in previous Cisco IOS releases.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.0(17)
All the caveats listed in this section are resolved in Cisco IOS Release 12.0(17). This section describes severity 1 and 2 caveats and select severity 3 caveats.
IBM Connectivity
•
When a data-link switching (DLSw) circuit gets established on a Cisco 3640 router that is running Cisco IOS Release 12.0, the router sends a receiver ready (RR) frame to the secondary station indicating that it is ready to accept Information frames (I-frames). The station now responds very rapidly with the I-frame, which arrives at the router about 0.5 microseconds after the router has sent the RR frame. With Priority peers, a race condition can develop between the first I-frame and the contacted Silicon Switch Processor (SSP) message if they are over different ports. If the I-frame is received first, it is dropped. There is no workaround.
•
A Cisco 2650 router that is running Cisco IOS Release 12.1(5)T may pause indefinitely under very high Binary Synchronous (Bisync) traffic conditions. There is no workaround.
•
After a Cisco router is upgraded from Cisco IOS Release 11.3 to Release 12.0(13), it may display the following information daily:
%TCP-2-INVALIDTCPENCAPS: Invalid TCB encaps pointer:
0x0
-Process= "IP Input", ipl= 0, pid= 12
-Traceback= 60382C2C 60383F14 60A56FF0 60A583F8 60A569E4 60A46840 60A4E58C
60382B78 602EAE00 602ECB84 603233D4 6030BD04 6030A200 6030A2FC 6030A470
602973AC
This situation is specific to a data-link switching (DLSw) border peer network. It does not occur in a standard DLSw environment with only configured or promiscuous DLSw peers. There is no workaround.
•
A Cisco router may fail to forward deactivate physical units (DACTPUs), activate logical units (ACTLUs), activate physical units (ACTPUs), and UNBIND response units (RUs) upstream in a virtual data-link control (VDLC) downstream and data-link switching (DLSw) upstream environment. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.0(16.2) or 12.0(16.3) may experience control vector (cv) length errors. There is no workaround.
•
A Cisco router that is operating as a Dependent Logical Unit Requester (DLUR) on an Advanced Peer-to-Peer Networking (APPN) network may not forward UNBIND requests and deactivate physical unit (DACTPU) responses.
The following messages may appear when the router is running with debug appn dlur command enabled:
DLUR: DeactPU Req sent to DSPU lu:N/A pu:PU90HA01 hostpu:PU90H001 sense: 0x0 xid:0 dlus:LSNET.LSCDRM03
APPN-3-logpcPC_LOG_DEBUG_DATA: PC - Invalid MU received, bad TH/RH/RU, sense code = 40050000, name = LSNET.PU90HA01
APPN-7-LogDebug: 2D000000472DEB80APPN-3-logpcPC_MU_ERROR_CHECKER: PC mu_error_checker failed, freeing LSA msg
APPN-7-MSALERT: Alert CPPL001 issued with sense code 0x40050000 by XXXPCPEC
APPN-7-LogDebug: 464649583334618DThe following messages may appear when UNBIND requests are not forwarded:
APPN-3-logpcASM_CV_LENGTH_ERR: ASM - CV length error, remaining length = 17
APPN-3-logscm_XXXIMPPS_LOGMSG_03: SCM - bad unbind_rq, sense code = 86F0000Workaround: Do not configure APPN to use virtual data-link control (VDLC) ports.
Interfaces and Bridging
•
A Cisco 7200 series router that is running Cisco IOS Release 11.1(22)CC or 12.0(9) with a port adapter (PA-F) HW rev 1.13 or 1.14 may stop transmitting packets on the FDDI interface. Packet traffic may decrease or be dropped on the interface.
Workaround: Disable and reenable the FDDI interface.
•
A Cisco 7507 router may reload with a bus error while running Cisco's IP Security (IPSec) 56-bit encryption and Token Ring interfaces. There is no workaround.
IP Routing Protocols
•
A Cisco 4700 series router that is running Cisco IOS Release 11.2(16)P may experience a situation in which the E0 interface shows "INTERFACE UP, LINE PROTOCOL DOWN" even when the data-link switching (DLSw) peers are still shown as connected.
Workaround: Shut down the interface.
•
Under rare circumstances, a link-state advertisement (LSA) on a neighboring router might pause indefinitely in MAXAGE state and not be deleted. In this situation, the LSA cannot be originated again on this router, which might cause the route to become unavailable or cause packets to take another route that is less than optimal. This situation has been seen to occur when an Open Shortest Path First (OSPF) neighbor runs out of memory and OSPF tables are corrupted.
Workaround: Restart the OSPF process by entering the clear ip ospf proc command.
Miscellaneous
•
A Cisco LS1010 router that is running Cisco IOS Release 12.0(1a)W5(5b) may experience a memory leak with the IP Simple Network Management Protocol (SNMP) process. There is no workaround.
•
A Cisco LS1010 Lightstream ATM switch or a Cisco Catalyst 8540 router that is running Cisco IOS Release 12.0(13)W5(19) or an earlier release experiences a memory leak when used with a Network Management System (NMS) that is running Simple Network Management Protocol (SNMP) whenever access is made to some Private Network-Network Interface (PNNI) tables.
Workaround: Use a command-line interface (CLI) for determining any PNNI information and disable the NMS polling of PNNI tables.
Wide-Area Networking
•
A Cisco 7513 router that is running Cisco IOS Release 12.0(14)S1 may reload because of a bus error while changing the number of time slots on a T1. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(16b)
Cisco IOS Release 12.0(16b) is a rebuild of Cisco IOS Release 12.0(16). All caveats in this section have been resolved in Cisco IOS Release 12.0(16b) but may be open in previous Cisco IOS releases.
•
Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.
Cisco has made software available, free of charge, to correct the problem.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
Resolved Caveats—Cisco IOS Release 12.0(16a)
Cisco IOS Release 12.0(16a) is a rebuild of Cisco IOS Release 12.0(16). All caveats in this section have been resolved in Cisco IOS Release 12.0(16a) but may be open in previous Cisco IOS releases.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.0(16)
All the caveats listed in this section are resolved in Cisco IOS Release 12.0(16). This section describes severity 1 and 2 caveats and select severity 3 caveats.
Basic System Services
•
A Cisco router that is configured for priority queueing with X.25 where the packets for the remote end are assigned the highest priority queue and the remote end is shutdown may not function properly.
Workaround: Use custom queueing.
Interfaces and Bridging
•
A Cisco 1601 router that is running Cisco IOS Release 12.0(7) with Frame Relay FRF.9 compression and weighted fair queueing (WFQ) may experience a failure of the fair_enqueue function that results in fatal reentrant error messages and a software forced reload.
Workaround: Remove WFQ from Frame Relay interfaces.
•
Debug Token Ring does not show data when applying the access-list 1100 filter. The following output is seen:
riflen 10, rd_offset 6, llc_offset 24
riflen 10, rd_offset 6, llc_offset 24
riflen 12, rd_offset 2, llc_offset 26
riflen 8, rd_offset 3, llc_offset 22
riflen 8, rd_offset 260419, llc_offset 22
riflen 8, rd_offset -148349, llc_offset 22 *
riflen 8, rd_offset -1097469, llc_offset 22
There is no workaround.
•
The decnet host global configuration command does not function with IP distributed Cisco Express Forwarding (dCEF) enabled. All other DECnet functions work properly.
Workaround: Use the Cisco IOS Release that contains the fix for this caveat.
IP Routing Protocols
•
IP Network Address Translation (NAT) uses an address from static map instead of from pool defined.
Workaround: Upgrade to the Cisco IOS release that contains the fix for this caveat.
•
A Cisco router that is connected to a stubby area does not advertise the default route into that area. The database on the router shows that the link-state advertisement (LSA) for the default route is MAXAGE and that the LSA is not purged until the Open Shortest Path First (OSPF) process is reset. There is no workaround.
Miscellaneous
•
When source-route bridging (SRB) is configured on a certain vendor Token Ring interface, the router duplicates packets when the router is in standby or listening mode in Hot Standby Router Protocol (HSRP).
Workaround: Enter the standby use-bia interface configuration command.
•
A large burst of traffic that could exhaust the receive buffers on a Cisco NP-1A controller may cause the interface to pause indefinitely on the receive side. Using the shutdown command followed by the no shutdown command on the interface does clear the condition.
Workaround: Enter the atm ilmi-keepalive interface configuration command. This workaround may not always be effective.
•
When IP Security (IPSec) peers are configured with Access Control List (ACL) entries that do not match, but one ACL includes the other ACL, one of the following two situations occurs:
Correct behavior occurs if the IPSec peer with the more restrictive ACL initiates the connection, and then offers a more restrictive IPSec proxy. This proxy is accepted by the IPSec peer with the less restrictive ACL, if the less restrictive ACL completely covers the more restrictive offered IPSec proxy.
Incorrect behavior occurs if the IPSec peer with the less restrictive ACL initiates the connection, and then offers a less restrictive IPSec proxy. This proxy is accepted by the IPSec peer with the more restrictive ACL. The IPSec peer with more restrictive ACL should reject the less restrictive offered IPSec proxy.
Workaround: Ensure that the IPSec ACL entries match correctly on both sides and are exact mirror images of each other.
•
A Cisco 7500 series router that is running Cisco IOS Release 12.0(15) may reload with Simple Network Management Protocol (SNMP) if you insert the ATM card online. There is no workaround.
Wide-Area Networking
•
A Cisco 7500 series router with a Versatile Interface Processor (VIP) and a PA-A1 port adapter may experience one or more statically mapped switched virtual circuits (SVCs) failing to establish. The following messages may appear with debugs:
ATMAPI: (c->s): LISTEN_NSAP user_handle: 6199CE70 owner: ATM_OWNER_SMAP result: 6199CE74 Nov 14 13:31:06.676: ATMAPI: listen_nsap: address registered - 47.009181000000000004790000.000006510009.76 ATMAPI: (c<-s): LISTEN_NSAP user_handle: 617AEA24 owner: ATM_OWNER_UNKNOWN result: 617AEA28
Workaround: Remove and then reconfigure the ATM subinterface and map-list statements.
•
A Cisco 7000 series router that is running Cisco IOS Release 11.0(19) and that is not the root of the spanning tree will forward bridge protocol data units (BPDUs) from the LAN interface of a LAN Extender to all interfaces in the bridge group.
Workaround: Make the Cisco 7000 series router the root of the spanning tree.
•
A Cisco router pauses indefinitely if you use the no interface serial global configuration command to remove a subinterface on which you have used the x25 pvc interface configuration command.
Workaround: Enter the no x25 pvc interface configuration command before removing the subinterface.
Resolved Caveats—Cisco IOS Release 12.0(15b)
Cisco IOS Release 12.0(15b) is a rebuild of Cisco IOS Release 12.0(15). All caveats in this section have been resolved in Cisco IOS Release 12.0(15b) but may be open in previous Cisco IOS releases.
•
Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.
Cisco has made software available, free of charge, to correct the problem.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
Resolved Caveats—Cisco IOS Release 12.0(15a)
Cisco IOS Release 12.0(15a) is a rebuild of Cisco IOS Release 12.0(15). All caveats in this section have been resolved in Cisco IOS Release 12.0(15a) but may be open in previous Cisco IOS releases.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.0(15)
All the caveats listed in this section are resolved in Cisco IOS Release 12.0(15). This section describes severity 1 and 2 caveats and select severity 3 caveats.
Basic System Services
•
The Simple Network Management Protocol (SNMP) walk for a subinterface is placed into an infinite loop in the getnext routine. This situation is identified with ATM subinterfaces, and the Cisco router will reload because of the loop.
Workaround: Avoid polling the ATM subinterfaces.
Alternate workaround: Get one object at a time.
IBM Connectivity
•
A Cisco router that is running Cisco IOS Release 11.2(15a) or Cisco IOS Release 11.2(15a)P might reload with a bus error. There is no workaround.
•
When Advanced Peer-to-Peer Networking (APPN) virtual data-link control (VDLC) is configured between Cisco 3640 routers and AS/400s, there is a problem if all the network nodes (NN) are using High Performance Routing (HPR) and there is a data-link switching (DLSw) Lite circuit established between the Cisco 3640 DLSw peers. The High-Performance Routing data-link switching (HPR/DLSw) circuit will time out according to the 10 minute timeout of Lite circuits (for example, when the circuits perform an initial program load (IPL) on the AS/400s).
Consequently, this link can never be brought back up again unless you stop/start the APPN/VDLC link or clear the DLSw circuit (the one for the control point to control point sessions using SAP.04) so that no data traffic is possible between the AS/400s. There is no workaround.
•
When a mainframe is shut down and subchannels are still active, a network outage occurs in that a Multipath Channel transmission group (MPC TG) becomes inactive. During the reactivation of the transmission group TG, the following error message is produced:
%RSP-3-RESTART: interface Channel4/2, output stuck
This error message could also be experienced during the configuration of a new Cisco MPC TG. There is no workaround.
•
A Cisco 2600 series router that is running Cisco IOS Release 12.0(13.3) may reload when running data-link switching (DLSw). This situation happens only in a DLSw border peer network with peers on demand that frequently get established and shut down. There is no workaround.
•
The BIND from the Primary Logical Unit (PLU) is rejected by the Cisco network node (NN) router. The BIND rejection points to offset 0x51 into the BIND. This situation occurs only when the Cisco NN router is configured as a Dependent Logical Unit Requester (DLUR) and when the DLUR indicates network qualified name support. There is no workaround.
Interfaces and Bridging
•
After a development engineer (DE) special is applied on Cisco IOS Release 12.0 (12), problems occur with Tip/Ring (T/R) network applications. End-to-End Systems Network Architecture (SNA) applications fail with link failures. Sniffer traces show a frame larger than 4472. There is no workaround.
Miscellaneous
•
If a Cisco 7200 or 7500 series router with an ATM-PA3 port adapter with a G125 version of microcode (as shown in the output of the show controllers atm privileged EXEC command) is connected directly to another ATM-PA3 port adapter that has an older microcode version, the older version port adapter may drop some valid packets. The older version port adapter shows the packets as input errors or giants.
If the same Cisco router is configured for Available Bit Rate (ABR) virtual circuits (VCs) with the G125 microcode version of the ATM-PA3 port adapter, some VCs may not pass traffic.
Workaround: Use the shut command followed by the no shut command on the subinterface or the main interface.
•
When Routing Information Protocol (RIP) is running on an interface and the IP address is 0, RIP stops running on the correct interface. After this situation occurs, if a new IP address is configured that falls under the RIP network statements, RIP will not start running on the interface again.
Workaround: Deconfigure RIP, and reconfigure it again.
•
When a PA-2FE port adapter is configured for distributed Cisco Express Forwarding (dCEF) and rate-limit (QoS features), the following error message is produced:
CLNS-3-BADPACKET: ISIS: LAN L2 hello, packet (1497) or wire (581) length invalid from 0010.f6fb.0128 (FastEthernet9/1/0)
Workaround: Use a PA-FE port adapter.
Alternate workaround: Disable dCEF, and do not use rate-limit on the PA-2FEISL port adapter.
•
After reloading a Cisco 7500 series router using multiple tunnel interfaces and Cisco Encryption Technology (CET) over Frame Relay, only part of the CET tunnels function properly (27 out of 46). There is no workaround.
•
On Cisco 7100 and 7200 series routers with fast switching enabled and without hardware encryption, generic routing encapsulation (GRE) over an IP Security (IPSec) tunnel does not work for packets large enough to require fragmentation. In addition, certain fragments are sent in the clear.
Workaround: Enable the service disable-ip-fast-frag command.
•
Under rare circumstances, a Cisco router with ATM interfaces may reload. There is no workaround.
Wide-Area Networking
•
An Advanced Peer-to-Peer Networking (APPN) router with the Fast Ethernet Inter-Switch Link (ISL) interface sometimes uses an incorrect virtual LAN number in the ISL header of the APPN packets. There is no workaround.
•
Under Frame Relay Forum 9 (FRF.9) hardware compression, the following Frame Relay MIB counters do not reflect correct byte counts:
frCircuitSentOctets "1.3.6.1.2.1.10.32.2.1.7"
frCircuitReceivedOctets "1.3.6.1.2.1.10.32.2.1.9"
There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(14a)
Cisco IOS Release 12.0(14a) is a rebuild of Cisco IOS Release 12.0(14). All caveats in this section have been resolved in Cisco IOS Release 12.0(14a) but may be open in previous Cisco IOS releases.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.0(14)
All the caveats listed in this section are resolved in Cisco IOS Release 12.0(14). This section describes severity 1 and 2 caveats and select severity 3 caveats.
IBM Connectivity
•
A Cisco router that is running data-link switching (DLSw) may reload with a SegV exception. This problem is specific to a DLSw border peer network. It does not happen with configured or promiscuous DLSw peers. The root cause is a memory leak when a peer on demand gets established and this peer establishing fails. If this happens repeatedly, the router will finally run out of memory and will be forced to reload.
Workaround: Change the DLSw peer on demand inactivity timer.
dlsw peer-on-demand-defaults inactivityThe maximum timeout configurable is 1440 minutes, which equals to 24 hours. This timeout controls how long the peer stays established after the last DLSw circuit goes away.
•
NetBIOS frames with a payload of 47 to 59 bytes may be truncated when put onto Ethernet segments after being transported with DLSw Fast Sequenced Transport (FST) encapsulation. This occurs only on particle-based platforms (Cisco 3600 and 7200 series routers).
Workaround: Use DLSw with TCP encapsulation instead of FST encapsulation, or use a different router platform.
Interfaces and Bridging
•
Enabling weighted fair queuing (WFQ) on an interface that belongs to a transparent bridging bridge group may cause packets that are egressing that interface to be sent out of order. This situation causes failure in terminated and bridged Logical Link Control 2 (LLC2) sessions.
Workaround: Disable WFQ using the no fair-queue interface configuration command.
•
On Cisco 2600, 3600, and 7200 series routers running Cisco IOS Release 12.1 and Release 12.1 T, the maximum configurable transmission unit size under the Token Ring interface is 4464 bytes. There is no workaround.
•
A Cisco router with a FDDI may corrupt some packets that are switched out of the FDDI. This problem has been confirmed only for the FDDI to FDDI case with Multiprotocol Label Switching (MPLS) enabled. This problem may also affect FDDI to ATM with MPLS, but is not confirmed for that case or any case other than FDDI to FDDI with MPLS.
Workaround: Keep a continuous stream of pings running from the router that is reporting the cyclic redundancy check (CRC) errors introducing the corruption targeted at the loopback address.
IP Routing Protocols
•
Open Shortest Path First (OSPF) allocates and deallocates memory for a variety of needs. If the problem persists, the system may end up with badly fragmented memory. The only solution at that time would be to reboot the router.
Workaround: Reduce the number of link-state advertisements (LSA) in the OSPF database.
Alternate workaround: Design a stable network, minimizing LSA withdrawals and reissue (that is, summarize routes into the core).
•
For a multicast source directly connected to a router, the "R" flag is set when a (S,G,R) prune message is received if the (S,G) O-list is NULL 2. The prune message was received on the nonincoming interface (NON-IIF). This situation causes the incoming interface (IIF) to change to the Rendezvous Point (RP) and disconnects the IIF from the source. The "F" flag is reset. As a result the RP loses the S and G states and new receivers can not join the multicast source.
Workaround: Configure the ip pim rp-proxy-join on the RP. This allows the RP's S and G states to join the first-hop router and have the O-list populated. Multicast traffic will continue to flow to the RP, but if the RP's (S,G) O-list is NULL, it will fast-drop this traffic.
Miscellaneous
•
A Cisco router that running Cisco IOS Release 12.0 and its branches reloads when a permanent virtual circuit (PVC) has more than one IP address associated with it. If one of the IP addresses is removed, an inarp command process is started. But if the PVC itself is removed, the router will reload. There is no workaround.
•
Encryption over dialer profiles may cause a Cisco router to reload when fast switching is enabled. This situation results in a "get alignment fatal" error.
Workaround: Disable fast switching on the dialer profile interfaces.
•
When removing a Hot Standby Router Protocol (HSRP) secondary address from an HSRP group, the primary HSRP address of that group will be removed from the Address Resolution Protocol (ARP) table, and the router will not respond to ARP requests for the HSRP primary address. This situation will lead to loss of connectivity for hosts that have not yet cached the HSRP MAC address.
Workaround: Issue the clear arp-cache EXEC command on the interface after the HSRP address has been removed.
•
A Cisco 7200 series router or a Cisco 7500/RSP series router with a PA-A3 ATM port adapter may reload because of a bus error that points to an 0x50000000 address or an 0x08000000 address. These reloads occur after the PA-A3 driver has received a packet and attempts to process it.
Workaround: Disable Cisco Express Forwarding (CEF) by entering the no ip cef global configuration command on the Cisco 7200 series router or by entering the no ip cef global configuration command on the Cisco 7500/RSP series router.
Protocol Translation
•
When you use the vty-async global configuration command on a Cisco router that is running Cisco IOS Release 12.0(11) with a virtual template, the second call is not established, but the third call works. There is no workaround.
Wide-Area Networking
•
A Cisco 4500 series router reloads with a bus error in nov_fastswitch. There is no workaround.
•
A router experiences a software-forced reload with a bus error every 5 to 10 minutes after the broadcast trigger command is enabled on a map list associated with an active Frame Relay switched virtual circuit (SVC).
Workaround: Do not enter the class command under the map-list global configuration command.
•
A Cisco router that is running a LAN emulation client sends a no-src LE_NARP message when it switches over to the standby mode. A no-src LE_NARP message is a LAN emulation version 2 message that is sent to advertise to the other LAN emulation clients that the binding between target-mac address and target-atm address is no longer valid. This message can confuse the hosts that are running LAN emulation version 1 client depending on the sequence in which they receive no-src LE_NARP from the standby router and LE_NARP from the active router. This situation results in a temporary loss of connectivity, which will be restored once the client retries the address resolution process. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(13a)
Cisco IOS Release 12.0(13a) is a rebuild of Cisco IOS Release 12.0(13). All caveats in this section have been resolved in Cisco IOS Release 12.0(13a) but may be open in previous Cisco IOS releases.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.0(13)
All the caveats listed in this section are resolved in Cisco IOS Release 12.0(13). This section describes severity 1 and 2 caveats and select severity 3 caveats.
Basic System Services
•
A Cisco router that is running Cisco IOS Release 12.0 might unexpectedly reload while it is performing Simple Network Management Protocol (SNMP) functions related to routing table information (specifically ipRouteNextHop). The reload occurs only in cases where an IP route configuration of the form "ip route <network address> <netmask> 0.0.0.0" exists. There is no workaround.
IBM Connectivity
•
Receiving Intermediate Transmission Block (ITB) characters in bisync on some Cisco routers will cause memory corruption and cause a software-forced reload. There is no workaround.
•
Frame Relay Access Support (FRAS) boundary access node (BAN) works over the primary connection and switches to the backup connection. However, when it switches to the primary connection from the backup connection, it does not work. There is no workaround.
•
A Cisco router might experience a software-forced reload with an error at PC 0x6026107. The decode of the stack is as follows:
System was restarted by error - a Software forced crash, PC 0x60261070[abort(0x60261068)+0x8] Image text-base: 0x60008918[_start(0x60008918)+0x0], data-base: 0x60DA0000[etext(0x60d9e4f0)+0x1b10] FP: 0x6191DF18[etext(0x60d9e4f0)+0xb7fa28], RA: 0x60261070[abort(0x60261068)+0x8] FP: 0x6191DF18[etext(0x60d9e4f0)+0xb7fa28], RA: 0x6025F890[crashdump(0x6025f7ac)+0xe4] FP: 0x6191DF30[etext(0x60d9e4f0)+0xb7fa40], RA: 0x60A42B78[appn_crashdump(0x60a42b60)+0x18] FP: 0x6191DF48[etext(0x60d9e4f0)+0xb7fa58], RA: 0x60A42004[Pexit(0x60a41f7c)+0x88] FP: 0x6191E0A0[etext(0x60d9e4f0)+0xb7fbb0], RA: 0x60A3B800[xM_Mget_x(0x60a3b4d0)+0x330] FP: 0x6191E1E0[etext(0x60d9e4f0)+0xb7fcf0], RA: 0x60A3AE98[Mget_x(0x60a3ae20)+0x78] FP: 0 x6191E300[etext(0x60d9e4f0)+0xb7fe10], RA: 0x60A3B898[_MPget_clr(0x60a3b85c)+0x3c] FP: 0x6191E328[etext(0x60d9e4f0)+0xb7fe38], RA: 0x609E2FC8[xxxtpd01(0x609e2d58)+0x270]
There is no workaround.
There may be other symptoms present elsewhere in the network leading up to this reload, such as locates timing out and no new sessions being established.
•
A Cisco router running Cisco IOS Release 12.0 with data-link switching (DLSw) configured might reload if the DLSw peers are misconfigured in a way that one DLSw peer is configured for priority and the other end is not. Also, when the router tries to bring up the priority peer, the DLSw peer with no priority might reload.
Workaround: Fix the configuration so that the DLSw priority peers are properly configured.
•
A router running Cisco IOS Release 12.0(9) with bridging and data-link switching (DLSw) processes experiences a software-forced reload at PC 0x60236F0. There is no workaround.
Interfaces and Bridging
•
If the input line to a PA-A3 port adapter in a Cisco 7200 or 7500 series router is not functioning properly and the port adapter is experiencing many alarms or errors on the line, link-up messages may appear without link-down messages on the console logs.
Confirm this occurrence by entering the show controllers atm privileged EXEC command. Check the cables and the interface on the other end of the link for problems. There is no workaround.
•
A Route Switch Processor (RSP) might reload while unprovisioning a channelized interface under heavy traffic. There is no workaround.
•
When a bad transmit packet is generated and sent to the Channelized T3 (CT3) interface, the packet might cause the address of the transmit queue accumulator (txacc) value to not increment correctly for the CT3 interface. In this situation, the output eventually becomes stuck when the txacc value reaches zero.
Workaround: Configure the CT3 interface with the tx-queue-limit 5 interface configuration command to restore the txacc value for the effected CT3 interface.
•
A Cisco 7500 series router with VIP2 Versatile Interface Processor boards containing a PA-ATM Enhanced port adapter and a PA-POS port adapter will experience an interface reload and will not be able to send or receive traffic.
Workaround: Configure these two high-speed PAs on different VIPs.
IP Routing Protocols
•
In Cisco IOS Release 12.1 and Release 12.1 T, the IP policy cache is not cleared when you use the no ip route-cache policy interface configuration command.
Workaround: Use the clear ip cache [address-prefix address-mask] privileged EXEC command for a specific cache.
•
A Cisco Catalyst 6000 family switch with a Multilayer Switch Feature Card (MSFC) might reload when the show ip pim neighbor EXEC command is issued. There is no workaround.
•
A Cisco 3640 router with Cisco IOS Release 12.1(2) reloads with the system returned to ROM by bus error at PC 0x601F9A28, address 0xFFFFFFF9.
Workaround: Turn off default IP fast-switching if it is on.
•
Cisco IOS Network Address Translation (NAT) might stop working if an overload mapping is configured and an extensive File Transfer Protocol (FTP) data session is generated across the NAT router.
Workaround: Reload the router.
•
If you remove the last redistribute router configuration command from Open Shortest Path First (OSPF) that used type-1 metric, other routers might not remove the routes from the routing table even though the OSPF database entries are successfully removed.
Workaround: Keep the router from which you removed the redistribute router configuration command as an autonomous system boundary router (ASBR) by removing one redistribution completely and keeping another dummy redistribution.
Alternate workaround: Do not use the no redistribute router configuration command. Flush all the link-state advertisements (LSAs) by using the redistribute [route-map foo] router configuration command. Under route-map foo, disallow all routes. Enter the clear ip ospf redist command. Now you can safely remove the redistribute router configuration command completely.
•
The hash value used for rendezvous point (RP) selection process in a bootstrap router (BSR) is calculated with a modulo of 2 to the power of 32. This modulo might cause inconsistency in the selected RP address between Cisco and other vendors implementing BSR.
Workaround: Follow these rules to avoid inconsistency between Cisco routers when upgrading Cisco IOS software:
If you plan to upgrade routers in your network that use BSR, avoid running Cisco IOS Release 12.0(10)S, Release 12.0(11)S, Release 12.0(11), or Release 12.1(2).
When upgrading your routers, always upgrade the candidate BSR routers first to a release later than Cisco IOS Release 12.0(10)S, Release 12.0(11)S, Release 12.0(11), or Release 12.1(2). You do not need to upgrade the rest of you network immediately unless you are running the images in CSCdp95116 that might cause the routers to choose the RP on the basis of an incorrect hash value.
•
A Cisco router that is running Open Shortest Path First (OSPF) on Cisco IOS Release 12.0(11) does not populate the routing table properly. When redundant paths exist, half of the paths are missing from the routing table. However, the missing networks appear in the OSPF database.
Workaround: Run a full shortest path first (SPF) by doing clear ip route * EXEC command.
•
An Address Resolution Protocol (ARP) alias configuration is lost after a Cisco router reloads or after you use the no shut command on an interface.
Workaround: Explicitly reconfigure the arp-alias entries for the IP addresses of the interface after using the no shut command.
•
Open Shortest Path First (OSPF) does not work on unnumbered interfaces.
Workaround: Enter the ip address interface configuration command.
ISO CLNS
•
A Cisco router that is running Connectionless Network Service (CLNS) and is redistributing ISO-IGRP (Interior Gateway Routing Protocol) into ISIS might reload if a neighboring ISO-IGRP router sends it a routing update that contains a default prefix router if the prefix route whose next-hop is through "default" is then used for routing packets. There is no workaround.
Miscellaneous
•
A system reloads when a crypto map is deleted for a subinterface. There is no workaround.
•
A Cisco 7500 series Route Switch Processor (RSP) that is running Cisco IOS image rsp-jsv-mz.112-18 might reload with a segV exception error while performing encryption processing. There is no workaround.
•
Voice calls on a Cisco AS5300 series universal access server running a combination of Regular PRI and Non-Facility Associated Signaling (NFAS) Configuration may fail on dial-peers matching the NFAS Trunks. There is no workaround.
•
Routers using Cisco Encryption Technology (CET) may not be able to set up encrypted connections in networks with redundant links between encrypting peers. This may result in crashing the router.
There is no workaround.
•
A Cisco 7200 series router might reload because of memory corruption and exhibit the following error message:
%SYS-2-MALLOCFAIL: Memory allocation of 520 bytes failed Fr. om 0x60395028, pool Processor, alignment 0 -Process= "Pool Manager", ipl= 4, pid= 4 -Traceback= 603C84DC 603C9F88 60395030 603D4578 603C2C34 603C2C20
There is no workaround.
•
CiscoView 4.2 may not work properly on a Cisco 7513 router that is running Cisco IOS Release 12.0(9). This situation occurs when slots 0, 2, 5, and 9 are populated with VIP2 Versatile Interface Processors and PA-8T-V35 port adapter cards. CiscoView 4.2 might not show the PA-8T-V35 port adapter on slot 9. Other slots might also report incorrect information. This situation is caused by Simple Network Management Protocol (SNMP) agent, not CiscoView 4.2. The output of the snmpwalk command shows the wrong card Type with a note indicating that indices 19 and 24 are "unknown." There is no workaround.
•
An NM-2E2W, NM-1E2W, NM-1E1R2W network module with a BRI WAN interface card (WIC) and a WIC-T1CSU on a Cisco 3600 series router might function incorrectly on rare occasions. When this problem happens, ISDN layer 1 on the BRI WIC is persistently deactivated and the WIC-T1CSU continues to work correctly (if no event requires the integrated CSU/DSU to signal the main IOS, in which case it ceases to pass date) except that the show service-module serial privileged EXEC command returns an error message.
Workaround: Power cycle the router.
Alternate workaround: Reload software.
•
A Cisco 7500 series router that is running encryption in Cisco IOS Release 11.2 might experience spurious access and a software-forced reload after displaying the following log messages:
Crypto engine 4: sign message using crypto engine: %SYS-2-NOBLOCK: idle with blocking disabled -Process= "Crypto SM"
There is no workaround.
•
The VLAN0 of a Route Switch Module (RSM) participates in Open Shortest Path First (OSPF) election. There is no workaround.
•
Cisco Encryption Technology (CET) fails when you try to connect a third peer in a hub and spoke topology and two active connections are already up. When one active connection is dropped, the third peer is able to connect. There is no workaround.
•
A new Hot Standby Router Protocol (HSRP) message type introduced in Cisco IOS Release 12.1(3)T causes the STANDBY-3-BADAUTH error message to be displayed periodically. This does not affect the operation of HSRP, and the message can be ignored.
Workaround: Upgrade to Cisco IOS Release 12.0(13).
Wide-Area Networking
•
On a Cisco router, routes on multipoint subinterfaces are not learned within 360 seconds when static map is not configured.
Workaround: Configure static map using the frame-relay map interface configuration command.
•
This defect provides ATM Signalling Control Plane Failure Detection through signalling diagnostic MIB objects so the Network Management Station can monitor and take appropriate corrective steps in erroneous situations. There is no workaround.
•
You may see the message "%ALIGN-3-SPURIOUS: Spurious memory access." when Microsoft callback is being used and a callback fails to complete. The stack trace indicates the alignment error occurred in the dial_if() function, called from dialer_enable_timeout().
There is no workaround.
•
A Cisco 2600 series router running Cisco IOS Release 12.0(11.6) reloads when a call connects with Multilink PPP configured on Dialer Interface. There is no workaround.
•
When you load system software to upgrade from any version of the following Cisco IOS Releases: 11.1 CC, 11.1 CA, 11.2 P, or 12.0 to any Cisco IOS Release 12.1 or later, the system logging messages for Frame Relay DLCI and subinterface status change are suppressed, regardless of the logging destination (console, buffer, or host).
Workaround: To resume generating Frame Relay DLCI logging messages, issue the logging event dlci command. To resume generating subinterface status messages, issue the logging event subif command.
Resolved Caveats—Cisco IOS Release 12.0(12a)
Cisco IOS Release 12.0(12a) is a rebuild of Cisco IOS Release 12.0(12). All caveats in this section have been resolved in Cisco IOS Release 12.0(12a) but may be open in previous Cisco IOS releases.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.0(12)
All the caveats listed in this section are resolved in Cisco IOS Release 12.0(12). This section describes severity 1 and 2 caveats and select severity 3 caveats.
Basic System Services
•
If you use hardware compression and fancy queueing with two simultaneous traffic streams (for example, FTP and Telnet), packets are not compressed. Entering the show compress EXEC command will not provide any useful information. There is no workaround.
•
IP Security (IPSec) configured with fast switching works only on serial interfaces and fails on other types of interfaces. There is no workaround.
•
A Cisco AS5300 series universal access server reloads with a bus error at PC 0x6022A3C8. This situation occurs during an attempt to telnet to a named-host. There is no workaround.
DECnet
•
A Cisco router that is running Cisco IOS Release 12.0(8) might experience an unexpected system reload when you use the clear decnet accounting EXEC command or the no decnet accounting interface configuration command.
This situation will only occur if DECnet accounting has been enabled on at least one interface and DECnet traffic is being forwarded by the router at that point in time. This situation is more likely to occur if the following error message has been logged:
%SCHED-2-EDISMSCRIT:Critical/high priority process DECnet Input may not dismiss. -Process= "DECnet Input", ipl= 0, pid= 74
Workaround: Do not enable DECnet accounting on any interface.
IBM Connectivity
•
A Cisco router might reload if there are a large number of Native Client Interface Architecture (NCIA) clients with heavy NCIA traffic because of a watchdog timer. There is no workaround.
•
When remote source route bridging (RSRB) is configured on two Cisco 4500 series routers that are connected by an ATM network, and RSRB is configured with an encapsulation type of Fast Sequenced Transport (FST), some frames might not be forwarded. This situation might result in a data-link connection (DLC) session not being established through the RSRB peers.
Workaround: Either change the RSRB encapsulation from FST to TCP, or configure data-link switching (DLSw) as the transport.
•
A Dependent Logical Unit Requester (DLUR) router with High-Performance Routing (HPR) might log the following error messages:
%SYS-2-MALLOCFAIL: Memory allocation of 276 bytes failed from 0x60336D28, pool I/O, alignment 32
The Systems Network Architecture (SNA) client will not be able to connect to HOST. According to the output of the show memory EXEC command, both the processor memory and I/O memory are reduced. There is no workaround.
IP Routing Protocols
•
If you configure Protocol Independent Multicast (PIM) or Hot Standby Router Protocol (HSRP) on an ATM-LANE interface, the CPU of the Route Switch Processor (RSP) might reach 99 percent. This situation only occurs when Open Shortest Path First (OSPF) is enabled on more than 12 interfaces in combination with ATM-LANE. This situation does not occur on an RSP that is running Cisco IOS Release 12.0 S or Release 11.2 GS. There is no workaround.
•
A Cisco non designated router on a multiaccess interface creates state for (S, G) with the Olist populated when receiving a multicast packet. This situation causes a periodic assert every three minutes. There is no workaround.
ISO CLNS
•
On Cisco routers, if a DECnet packet is received on an ethernet interface and is converted to a CLNS packet, in the unlikely event that it cannot be routed to its destination, an unexpected reload might occur in ether_extract_addr. There is no workaround.
Miscellaneous
•
When fast switching an IP frame that is fewer than 46 bytes in length to an ATM interface, the router always sets the length in the ATM adaptation Layer 5 (AAL5) header to 54 bytes even though the length should be equal to the IP frame length plus the length of the AAL5 header, which is 8 bytes. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.0(9)S or later releases might experience problems if you attempt to format, delete, or squeeze slot0: immediately after the show version command is entered or immediately after the router reloads. This is a flash timing-related issue, and subsequent commands that you enter will not be effected. There is no workaround.
•
A Cisco router (800 series through 4700 series) might silently drop large packets. This situation occurs when both Cisco Express Forwarding (CEF) and output rate-limiting are enabled on an interface, and a packet to be switched out of an interface is larger than the maximum transmission unit (MTU).
Workaround: Disable CEF or disable the Committed Access Rate (CAR) on interfaces that will need to fragment packets.
•
A Cisco router that is configured with Multiprotocol over ATM (MPOA) and Cisco Express Forwarding (CEF) might create an ingress cache and an egress cache with the same IP address, and the egress MPOA Client (MPC) address of the ingress cache points to itself. This situation might create a routing loop that causes the router to function improperly. This situation might occur during the route transitions in the network caused by topology changes.
Workaround: Clear the CEF adjacencies using the clear adjacency EXEC command. Clear the corresponding ingress and egress caches using the clear mpoa client cache [ip-address ip-address] EXEC command.
•
Configuring a Cisco Route Switch Processor RSP with Multiprotocol over ATM (MPOA) and Cisco Express Forwarding (CEF) might lead to data loss when CEF uses the virtual channel connection (VCC) that was created by MPOA Client for data transfer in the following cases:
–
–
Workaround: Clear the CEF adjacencies using the clear adjacency EXEC command.
Novell IPX, XNS, and Apollo Domain
•
In Cisco IOS Release 12.0 and 12.1, but not in earlier releases, a Cisco router that is running Internetwork Packet Exchange-Enhanced Interior Gateway Routing Protocol (IPX-EIGRP) Service Advertising Protocol (SAP) on unstable WAN links might cause IPX EIGRP SAP packets to remain in memory, eventually exhausting processor memory.
Workaround: Run Routing Information Protocol (RIP)/SAP instead of EIGRP/SAP on the WAN links.
TCP/IP Host-Mode Services
•
Remote source-route bridging (RSRB) data is corrupted when you use the ip tcp path-mtu-discovery interface configuration command, the IP path changes because of a change in the IP routing metric values, and the largest workable maximum transmission unit (MTU) changes from a larger MTU to a smaller MTU given the path change.
Workaround: Disable the PATH MTU discovery algorithm by using the no ip tcp path-mtu-discovery interface configuration command.
Wide-Area Networking
•
The input queue on a Cisco 7500 series router might show 76/75, which can result on the line going down on a High-Speed Serial Interface (HSSI) port adapter even though the VIP console shows that the queue is empty and the line protocol is up. This condition only occurs when PPP encapsulation is enabled.
Workaround: Move the card to a new slot, change to High-Level Data Link Control (HDLC), or reload the router.
•
A Cisco router might reload with the following error when the frame-relay qos-autosense and frame-relay traffic-shaping interface configuration commands are configured:
System was restarted by error - an arithmetic exception.
Workaround: Disable frame-relay qos-autosense and configure the shaping parameters manually instead.
•
On an access platform, when dialer profiles and virtual profiles are used together with the callback of some vendors, the virtual profile is not applied to the callback call. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(11a)
Cisco IOS Release 12.0(11a) is a rebuild of Cisco IOS Release 12.0(11). All caveats in this section have been resolved in Cisco IOS Release 12.0(11a) but may be open in previous Cisco IOS releases.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.0(11)
All the caveats listed in this section are resolved in Cisco IOS Release 12.0(11). This section describes severity 1 and 2 caveats and select severity 3 caveats.
Basic System Services
•
A Cisco 7200 series router with a compression service adapter (CSA) that is configured with Frame Relay Traffic Shaping (FRTS), and using either Cisco Express Forwarding (CEF) or fast switching will not compress data when the amount of data on the interface is greater than the shaping value. (For example, CSA will stop compression when traffic shaping becomes active.)
Workaround: Use process switching.
•
A Cisco 7500 series router that is configured with a High-Speed Serial Interface (HSSI) port adapter will experience a Virtual Interface Processor (VIP) reload when distributed software compression or hardware compression is configured. When you update the image, the bootloader also needs to be updated, or router will experience the same reload at boot time.
Workaround: Disable compression or use software compression.
•
The Block Serial Tunneling (BSTUN) character set ASCII mode on a Cisco 1600 serial interface does not interoperate with some Binary Synchronous Communication Protocol (Bisync) implementations. Bisync will reject frames that have trailing packet assembler/disassembler (PAD) (0x7F) characters. There is no workaround.
•
Number expansion does not work properly. There is no workaround.
IBM Connectivity
•
A Cisco router might reload in Tfind_next call because of corrupted memory. There is no workaround.
•
If you reload the head router on a Block Serial Tunneling (BSTUN) network, the BSTUN state might stay open on the head router but close on the remote router.
Workaround: Enter the no bstun route command followed by the bstun route command to open the tunnel on both sides.
•
A Cisco 7500 series router might reload with a bus error at PEfree_ips. There is no workaround.
•
A Cisco router might reload when it runs out of processor memory.
Workaround: Turn off High Performance Routing (HPR).
•
The dependent logical unit requester (DLUR) session status remains after you implement INACT on a local Systems Network Architecture (SNA) major node from virtual telecommunications access method (VTAM). There is no workaround.
Interfaces and Bridging
•
Distributed switching is not supported for LAN Emulation (LANE) on a Cisco ATM Lite port adapter (PA). There is no workaround.
•
A Cisco 2600 router that is configured with a token ring interface or a Cisco 7200 or 7500 series router that is configured with a PA-4R-DTR port adapter token ring interface that is running Advanced Peer-to-Peer Networking (APPN) with Cisco Link Services (CLS)-managed LLC2 logical link control connections might fail host link activation with sense codes 10160007 or 10160022. A router with PA-4R or PA-4R-FDX port adapters is not affected.
Workaround: Enable source route bridging on the affected token ring interface.
•
Under rare conditions, a Cisco router that is running the rsp-jsv56i-mz (56-bit encryption) software image on Cisco IOS Release 12.0(8) might experience a bus error if the box is configured for Data Link Switch over a Token Ring adapter.
A stack trace decode reveals the following:
--> 0x600A5D90:tr_bcast(0x600a5d80)+0x10 --> 0x6026B590:rsp_tx_start(0x6026b148)+0x448 --> 0x601F9EBC:datagram_out(0x601f9664)+0x858 --> 0x607ABDF0:llc_wput(0x607aae2c)+0xfc4 --> 0x60A8FF14:CLSSapUDataStnReq(0x60a8fdcc)+0x148 --> 0x60A8C5F0:CLSSapHandleMsg(0x60a8c4a8)+0x148 --> 0x60A89798:CLSDluSendToSap(0x60a896d0)+0xc8 --> 0x60A90908:CLSWritePut(0x60a90844)+0xc4 --> 0x60ABCF64:fsm_to_disp(0x60abcce0)+0x284 --> 0x60AD09A0:csm_send_to_disp(0x60ad06ac)+0x2f4 --> 0x60AD0658:csm_lan_put(0x60ad010c)+0x54c --> 0x60AD542C:ssp_nonnb_frame_proc(0x60ad4e5c)+0x5d0 --> 0x60AD2244:csm_ssp_handler(0x60ad1928)+0x91c --> 0x60AB8FCC:dlsw_pre_proc_ssp(0x60ab8de4)+0x1e8 --> 0x60AB9460:peer_to_core(0x60ab93f0)+0x70 --> 0x60AA2C58:peer_input(0x60aa283c)+0x41c --> 0x60AAA694:dlsw_tcpd_readf(0x60aaa274)+0x420
There is no workaround.
IP Routing Protocols
•
IP access lists always permit IP fragments. There is no workaround.
•
If no interface is specified as part of the offset-list router configuration command, a traceback might be generated. There is no workaround.
•
A Cisco router that is acting as an area border router (ABR) connected to a stub area might place an Open Shortest Path First (OSPF) external route into its routing table whose outgoing interface is in the stub area. This situation can cause a routing loop because the stub area routers do not know about the external route and will forward packets along their default route, which might be the ABR.
This problem has been found to occur only when there are 2 paths between the stub area ABR and the autonomous system border router (ASBR) that is originating the external route, where one path is through the stub area and the second is through a nonstub area(s).
Workaround: Set the link costs within the stub area high enough so that the stub area ABR routers do not see the path to the ASBR as being as good as the path(s) through the nonstub areas.
•
In a Protocol Independent Multicast (PIM) Version 2 router configuration, if a hash mask is not configured on a Cisco bootstrap router (BSR), the router takes the first rendezvous point (RP) address from the local RP-mapping cache. The RP-mapping cache is not sorted, so when RPs are added and deleted from the cache, there might be inconsistency through the BSR domain that causes routers to choose different RPs for the same group.
Workaround: Create a hash mask length of 1 on the BSR router by entering the ip pim bsr-candidate Ethernet1/2 1 global configuration command.
•
When you change the Reverse Path Forwarding (RPF) interface for (*,G) and (S,G), the interface that was in the outgoing interface list (O-list) becomes the new RPF interface. At this point, the new RPF interface will be deleted from the O-list which becomes NULL. When the router switches back to the original RPF interface, the O-list remains NULL until the next Internet Group Management Protocol (IGMP) report. While the O-list is NULL, and the original RPF interface has directly connected members, the CONNECTED flags are deleted and the router switches back to the shared tree by sending (S,G,RPT) Join. This situation causes a delay in the convergence time. There is no workaround.
•
If there is a link flap somewhere in the network between the area border router (ABR) and an autonomous system boundary router (ASBR), the ABR might not generate a type 4 summary ASBR link-state advertisement (LSA) to other areas after the link is restored. The net effect is that routes being redistributed by the ASBR into Open Shortest Path First (OSPF) will not be installed in the routing tables in the affected areas.
Workaround: Restart OSPF on the ABR by using the clear ip ospf proc command.
Alternate Workaround: On the ABR, restart OSPF for the affected areas only by removing and restoring the network statements under the router ospf global configuration command for the impacted areas.
Alternate Workaround: For this workaround, perform the action only after the subject ASBR LSA has been removed from the affected areas' database (no longer seen in show ip ospf database EXEC command).
On the affected OSPF routers (that are not seeing the routes and the ASBR LSA) adjacent to the ABR, reestablish adjacencies with the ABR. One way to do this is to temporarily change the hello-interval to some other value. After the adjacency is taken down, change the hello-interval back to the original value to reestablish the adjacency. This action causes the ABR to regenerate and resend the LSAs. On the ABR, create and remove a wrong router ospf global configuration command (for example, router ospf 1234 and no router ospf 1234).
•
Due to new RFC 2328, the calculation of summary route costs have changed. This situation might create suboptimal routing, if all of the area border routers (ABRs) are not upgraded to the new code at the same time.
Workaround: Upgrade all of the ABRs to the new code.
Miscellaneous
•
After highly stressing packets through a PA-A3 on a Cisco 7200 series router, if you remove the card and reinsert it to a different slot with a new configuration on the same interface at the new slot, the router might reload with the following error patterns occurring on the console:
%SYS-2-LINKED: Bad enqueue of 60DFD980 in queue 60CCFB30 -Process= "<interrupt level>", ipl= 1 -Traceback= 602398F0 601C1370 602000C8 60203958 601C4408 601C81B0 %SYS-2-BADSHARE: Bad refcount in retparticle, ptr=14AF, count=0 -Traceback= 601C14FC 602000C8 60203958 601C4408 601C81B0
There is no workaround.
•
A reverse telnet to the modem on a Cisco 2600 series router that is running Cisco IOS Release 12.0(5.2)T and that is configured with an NM-8A/S network module interface, does not work. This situation does not occur in earlier Cisco IOS releases. There is no workaround.
•
Pings fail with IP Security (IPSec) when you configure fast switching or flow switching. The router exhibits the follow message:
%IPFAST-2-PAKSTICK: Corrupted pak header for xxx, flags 0x80
Workaround: Use Cisco Express Forwarding (CEF) switching.
•
On Cisco routers that are running Cisco IOS Release 12.0(8), IP Security (IPSec) will send in the clear packets that need to be encrypted and fragmented. There is no workaround.
•
A Cisco Route Switch Processor (RSP) that is configured with a Multiprotocol over ATM (MPOA) Client might occasionally reload. There is no workaround.
•
A Cisco Route Switch Processor (RSP) that is configured with a Multiprotocol over ATM (MPOA) client might have spurious memory access. This situation might degrade MPOA shortcut performance. There is no workaround.
•
On a Cisco 2600 series router that is running Cisco IOS Release 12.0(8.1) or later releases, or a Cisco 3640 router that is running Cisco IOS Release 12.0(8.1) or later releases, a serial interface on a Cisco Network Management-8 access server card that is running Block Serial Tunneling (BSTUN) might not come up after a router reload.
Workaround: Use the shut command followed by the no shut command, or use the clear interface EXEC command to clear the serial interface.
•
When Cisco Express Forwarding (CEF) is configured as part of a large configuration (typically with access lists), following boot traffic that is directly addressed to the interfaces of a router might not be received. This condition can be observed on enabled interfaces where IP interfaces appear to be up, but the CEF interfaces are down.
Workaround: Perform one of the following steps. Boot without CEF enabled. Disable and then re-enable CEF. Enter the no shutdown command on each of the interfaces that are affected.
•
A Cisco 3600 or 2600 series router with a NM-8A/S or NM-4A/S interface that has a physical-layer async command configured on the serial interface might see junk characters on the serial line during bootup time. No other functionality is affected. There is no workaround.
•
A Cisco Versatile Interface Processor (VIP) that is configured with Cisco Encryption Technology (CET) might not initiate a new crypto connection. The VIP will respond to a connection request from the remote end. However, if the remote end is also a VIP, the crypto connection might never be initiated, because both VIP routers will wait on a connection request. There is no workaround.
•
On a Cisco 7500 series router, if Cisco Express Forwarding (CEF) is enabled, Web Cache Control Protocol (WCCP) or one or more tunnel interface is configured, and packets that are redirected by WCCP or transmitted over a tunnel arrive over an Inter-Switch Link (ISL) interface, then packets terminating at the router that arrive over the same ISL interface might be dropped. For example, pinging to or from the router might show a 10 to 30 percent packet loss. There is no workaround.
•
On a Cisco router with port channel interfaces with Inter-Switch Link/Token Ring Inter-Switch Link (ISL/TRISL) encapsulation, any changes on the encapsulation might cause a Cisco bus (cbus) restart. The system returns to normal operation after the cbus restart. There is no workaround.
•
When a remote Cisco 2600 series router or a Cisco 3600 series router goes down, the BRI line protocol that is configured as "leased line 128K" might not go down properly. The router repeatedly displays the following message while the remote site is down:
%LINK-3-UPDOWN: Interface BRI1/0, changed state to up" while the remote site has been down.
This situation occurs when you use a NM-4BRI network module or a NM-8BRI network module and the router is configured with High-Level Data Link Control (HDLC) encapsulation. There is no workaround.
•
On a Cisco router, 50 percent of pings might fail to receive replies when you use the ip cef global configuration command so the router probably drops packets frequently. There is no workaround.
•
Hot Standby Router Protocol (HSRP) tracking does not work properly. When an interface is tracked, it goes into standby state. When it comes out of standby state, the information is not updated so the tracking interface gets stuck in standby state. There is no workaround.
•
Under heavy traffic, a PA-A3 port adapter might experience a SAR0 reload. If this condition occurs on a Cisco 7200 series router, you must reload the router to recover normal operation. On a Cisco 7500 series RSP, this situation might result in commands from the RSP to the port adapter failing, but the port adapter should be able to recover without a router reload. There is no workaround.
•
A Cisco Route Switch Processor (RSP) that is configured with multiprotocol over ATM (MPOA) clients might take more packets than usual (approximately 500) to transfer the data through MPOA shortcut. There is no workaround.
•
A Cisco Route Switch Processor (RSP) might reload when Generic Traffic Shaping (GTS) is enabled on an interface. This situation only affects RSPs. The RSP will reload when you configure the GTS with the traffic-shape group interface configuration command with an access list that has a deny statement in it. There is no workaround.
Wide-Area Networking
•
In Cisco IOS Release12.0, if you use the ppp pap sent-username username password password interface configuration command on a dialer profile, this command must also be added to the physical interface. There is no workaround.
•
With X.25 over TCP (XOT), when there are many IP addresses in the X.25 route command and the first IP address is unreachable, a Cisco router will take the next IP address. The default X.25 parameters are then used instead of the ones configured on the X.25 interface which causes the X.25 public switch to clear the call. There is no workaround.
•
When Frame Relay traffic shaping is configured and either custom queueing or priority queueing is enabled at the virtual circuit (VC) level, an alignment error might occur. The error occurs when the priority/custom queue list checks User Datagram Protocol (UDP) packets and the current packet is a UDP packet that is queued because of traffic shaping. There is no workaround.
•
A Cisco router might reload with the following error when the frame-relay qos-autosense and frame-relay traffic-shaping interface configuration commands are configured:
System was restarted by error - an arithmetic exception.
Workaround: Disable frame-relay qos-autosense and configure the shaping parameters manually instead.
Resolved Caveats—Cisco IOS Release 12.0(10a)
Cisco IOS Release 12.0(10a) is a rebuild of Cisco IOS Release 12.0(10). All caveats in this section have been resolved in Cisco IOS Release 12.0(10a) but may be open in previous Cisco IOS releases.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.0(10)
All the caveats listed in this section are resolved in Cisco IOS Release 12.0(10). This section describes severity 1 and 2 caveats and select severity 3 caveats.
Basic System Services
•
If a serial interface is frequently flapping, the router might pause indefinitely with a stack trace indicating that it is in usecdelay() as a result of cbus_mci_serial_reset() being called while at interrupt level. This situation rarely occurs.
Workaround: Enter the shutdown interface configuration command on the serial interface that is flapping.
•
A Cisco router or access server might reload when a reference is made to a teletype (TTY)/Telnet session that has been externally ended. There is no workaround.
•
A Cisco 7200 series router that is running PPP stack hardware compression with a compression service adapter (CSA) might reload because of a memory leak. This situation occurs when a PA-MC-T1 port adapter is used. It can also occur when a multichannel E3 PA port adapter is used.
Workaround: If the CPU can handle the load, enter the compress {predictor | stac [csa slot | software]} interface configuration command.
•
You might not be able to change the size of priority queues in priority queueing with virtual template interfaces on a Cisco 3640 router that is running Cisco IOS Release 12.0(8) or Cisco IOS Release 12.0(7). There is no workaround.
•
A Cisco 7200 series router that is running Cisco IOS Release 12.0(7) might reload because of a bus error or pause indefinitely when FRF.9 payload compression is enabled with a hardware compression adapter and Frame Relay Traffic Shaping has already been configured on the serial interface.
Workaround: Use FRF.9 software compression.
•
A Cisco router might reload when hardware compression is configured in conjunction with Generic Traffic Shaping and Fancy Queueing on a compression service adapter (CSA) at the main interface. This situation only occurs when all 3 features are configured.
Workaround: Use software compression.
•
A Cisco 2610 router that is running Cisco IOS Release 11.3(6)T might experience leaking memory because of IP Simple Network Management Protocol (SNMP). There is no workaround.
DECnet
•
A Cisco router might reload if it pings a DECnet address across an ISDN BRI connection. Pinging IP continues to work, as does DECnet routing. There is no workaround.
IBM Connectivity
•
A Cisco 2500 series router might suddenly stop receiving or not forward packet frames while transferring files over data-link switching plus (DLSw+) link using Fast Sequenced Transport (FST) encapsulation. This situation causes the NetBios session to disconnect. There is no workaround.
•
A Cisco router might experience a bus error as a result of a timing error. There is no workaround.
•
A Cisco 7500 series router that is running a Cisco IOS release higher than the Cisco IOS Release 12.0(3c) might experience a situation where attached Network Basic Input/Output System (NetBIOS) PCs are not reaching the Ethernet-attached NetBIOS server. When this situation occurs, the router sends an incorrect LAN Emulation Address Resolution Protocol (LE_ARP) request, and is unable to resolve the route descriptor for the local LANE cloud and the Token Ring behind the Token Ring switch. A Logical Link Control, type 2 (llc2) frame out of the data-link switching (DLSw) cloud directed to the PC will trigger a LANE LE_ARP lookup on the router for the wrong route descriptor. As a result, the LANE data direct virtual channel connection (VCC) is only used in one direction from the Token Ring switch to NetBIOS PCs, and the NetBIOS connection pauses indefinitely. There is no workaround.
•
A Cisco router that is running Advanced Peer-to-Peer Networking (APPN) with High-Performance Routing (HPR) enabled might leak some processor memory when establishing Routing Table Protocol (RTP) connections. These leaks may be seen in cell pools 0, 1, and 2 of APPN Memory Partition 0. There is no workaround.
•
A Cisco router that is running Advanced Peer-to-Peer Networking (APPN) might reload after the operator enters the show appn dlur-pu host-pu command. There is no workaround.
•
A Cisco router that is running Advanced Peer-to-Peer Networking (APPN) High-Performance Routing (HPR) might reload when it receives a Bind Route Request Unit. There is no workaround.
•
A Cisco Advanced Peer-to-Peer Networking (APPN) router might reload because of a bus error while attempting to allocate an input/output (I/O) memory buffer. The router exhibits the following error message:
Memory allocation of 788 bytes failed from 0x602BE4C0, pool I/O, alignment 32 -Process= "cswebtsk", ipl= 4, pid= 67
There is no workaround.
Interfaces and Bridging
•
A Cisco PA-A1 port adapter does not automatically switch to the internal clock during LOS (Loss of Signal) condition. There is no workaround.
•
A Cisco PA-A1 port adapter does not detect the Loss of Cell Alignment (LOCA) error. There is no workaround.
•
In Cisco 7100 and 7200 series routers, transparent bridging using the PA-DTR Token Ring Port Adapter does not operate properly. The show bridge command fails to indicate any of the end-stations in the bridge table.
Workaround: On the Cisco 7200 series routers, use alternative token ring port adapters. There are no known workarounds for the Cisco 7100 series routers.
IP Routing Protocols
•
A Cisco router may experience a bus error and reload when you enter the ip accounting output-packets command. There is no workaround.
•
The dataless header register does not work properly in Cisco IOS Release 12.0(7)S. There is no workaround.
•
A Cisco 827 router might reload or experience spurious access in iprouting_destination_valid. The spurious access is caused by reading an invalid location, so memory is not corrupted. There is no workaround.
•
Sources of multicast packets that send at a low frequency might have their (S,G) expire in the first-hop designated router (DR). The corresponding (S,G) might also expire in the rendezvous point (RP).
If the (S,G) state is later created from a Protocol Independent Multicast (PIM) Join packet from downstream, then the register flag is not set for this (S,G) in this router. If a packet is then received from the source, the register packet will not be sent to the RP so the A-flag for the (S,G) will not be set in the RP, which would prevent the subject source from being advertised to the Multicast Source Discovery Protocol (MSDP) peers. There is no workaround.
•
When the Protocol Independent Multicast (PIM) designated router (DR) changes, the F flag is not changed. This situation might then cause header registers either not to be sent to the Route Processor (RP) or to be duplicated.
Workaround: If the router is configured for multicast and the group is sparse mode, use the clear ip mroute {s, g} EXEC command to fix the F flag.
•
When the Incoming Interface List (IIL) changes for a (S,G) state, the F flag is not updated. This situation might cause registers to be sent for sources that are not directly connected anymore. There is no workaround.
•
A Cisco RSP4 Route Switch Processor might reload if the managed timer does not work properly. This situation rarely occurs. There is no workaround.
ISO CLNS
•
The redistribute static command can apply in either the router Intermediate System-to-Intermediate System (IS-IS) context or the router International Organization for Standardization (ISO) Interior Gateway Routing Protocol (IGRP) context. It is possible to differentiate between IP and Connectionless Network Service (CLNS) static routes in router IS-IS, but impossible to differentiate between IP and CLNS static routes in router ISO-IGRP that also automatically append CLNS to the redistribute static command.
Workaround: Upgrade to Cisco IOS Release 12.0(10).
•
If a Connectionless Network Service (CLNS) neighbor has multiple associated area addresses, then a Terminal Identifier Address Resolution Protocol addresses, then a Target Identifier Address Resolution Protocol resolve request will automatically choose the first entry. If the first entry is in the process of being replaced by the second area, then the Target Identifier Address Resolution Protocol request will fail.
Workaround: Clear the CLNS cache.
Miscellaneous
•
A Dynamic Host Configuration Protocol (DHCP) proxy agent on a Cisco router assigns the same IP address to users that are on different ports but have the same username.
Workaround: Assign unique usernames.
•
A Cisco router might reload because of a memory corruption. There is no workaround.
•
A Cisco router might reload if traffic shaping is configured with committed information rate (CIR) within a range of 1 to 999 bps.
Workaround: Configure CIR above 1000 bps.
•
A Cisco 4500 series router might slow down or pause indefinitely if you configure a mac-forward filter over transparent bridging on a Token Ring interface. There is no workaround.
•
A Cisco 7200VXR router might experience a situation where switched virtual circuits (SVCs) are disconnected intermittently and then recovered after 7 to 20 hours. There is no workaround.
•
If you configure a subinterface on a Cisco 2600 series router for Operation, Administration, and Maintenance (OAM), and the permanent virtual circuit (PVC) bounces, the PVC and the interface will not come back up unless you enter the shutdown command followed by the no shutdown command on the interface. This situation does not occur if the PVC is configured without OAM. There is no workaround.
•
The show interface display EXEC command might show that a Cisco 2-port High-Speed Serial Interface (HSSI) or a Cisco PA-2T3 port adapter is experiencing abnormal transmit underruns on some Versatile Interface Processors (VIPs) with fast protocol control information (PCI) transactions. There is no workaround.
•
Multiprotocol over ATM (MPOA) shortcuts might not check for the frame sizes being sent on them. If the frame size exceeds the maximum transmission unit (MTU) size of the egress Multiprotocol over ATM Client (MPC), egress MPC drops the packet, resulting in the loss of connectivity.
Workaround: Configure matching MTUs on either side of shortcuts (for example, all LAN Emulation Clients (LECs) that are served by ingress and egress MPCs should have the same MTU). If MTUs cannot be altered, then do not configure MPOA on both sides.
•
A Cisco Catalyst 5000 might treat the link between the physical interface and the port channel interface as a multidrop link when the mac address of members of a port channel is different from the mac address of the port channel itself. This situation has been fixed in Cisco IOS Release 2.2a.
Workaround: Delete the members of the port channel and then add then add them back in.
•
A Route Switch Processor (RSP) with an interface configured with IP Security (IPSec) crypto map and the switching mode is Cisco Express Forwarding (CEF), the RSP might reload trying to decrypt an IPSec packet. This situation is only seen when CEF switching is on. There is no workaround.
•
If the service compress configuration is enabled, entering the show startup-config configuration command or the show config configuration command will result in a memory leak. There is no workaround.
•
When performing tag imposition on a packet that must be fragmented, datagram_done will exhibit a bad reference count error and a traceback message. There is no workaround.
•
A Cisco 7200 series router that is running ATM LAN Emulation (LANE) with a PA-A3 port adapter might reload if a packet with invalid encapsulation is sent to the port adapter. There is no workaround.
•
If you copy a file through SNMP using TFTP to a flash file system, when the space left on the flash is less than the size of the file you will receive a ciscoFlashCopyStatus of copyOperationSuccess message even though the file was not copied.
Workaround: Perform the same function through the command-line interface (CLI).
•
You cannot use SNMP to partition the flash.
Workaround: Partition the flash through the command-line interface (CLI).
•
On a Cisco router that is running Cisco IOS Release 12.0, a Cisco Encryption Technology (CET) encrypted packet coming in while the router is restarting might prevent encryption from working on that interface for 15 minutes.
When this situation occurs, the show crypto map privileged EXEC command will show the Connection ID as BAD, and the connection will not be listed by either the show crypto cisco connections privileged EXEC command or the show crypto engine connections active privileged EXEC command. There is no workaround.
•
A Cisco router might reload with a bus error if you choose "Clickstart" in the HTML management interface. There is no workaround.
•
When a Route Switch Module (RSM) with a large compressed configuration is booted, the RSM might not be considered online by the Supervisor engine.
Workaround: Boot the RSM without the configuration and use the copy tftp running-config command.
•
Traffic shaping might cause a Cisco 3640 router to reload under the following conditions:
–
–
–
There is no workaround.
•
A Cisco router that is running a Multiprotocol over ATM (MPOA) server might reload if you shut down a neighboring interface that is running a MPOA client (MPC). There is no workaround.
•
A Cisco PA-A3 port adapter occasionally exceeds configured peak cell rate (PCR) limits for available bit rate (ABR) and unspecified bit rate (UBR) traffic classes. There is no workaround.
•
The Local Management Interface (LMI) is not functioning properly on Cisco routers that are running Cisco IOS Release 12.0(7)T. This situation occurs only with Quad Integrated Communications Controller (QUICC) WAN interface cards (WICs) and not with network modules (NMs). There is no workaround.
•
Distributed Cisco Express Forwarding (dCEF) packets with Multiprotocol Label Switching (MPLS) labels that require fragmentation and labeled output and are received on an ATM Lite MPLS subinterface will be dropped.
Workaround: Disable dCEF on the ATM Lite MPLS interface.
TN3270
•
A TN3270 client on a Cisco access server might erroneously leave the keyboard in a locked state causing all keyboard input to be rejected until you press the master_reset keypress. This situation occurs when an application sends write-structured field commands with the keyboard-restore indicator on the associated write-control character. There is no workaround.
Wide-Area Networking
•
A Cisco 7200 VXR router might reload with a bus error because the packet-by-packet compression code is being passed packets that contain particles. There is no workaround.
•
A Cisco 7200 series router that is running Cisco IOS Release 12.0(7) might reload with a bus error at PC 0x60584578, address 0xD0D0D51. There is no workaround.
•
The frame-relay de-group 1 local-dlci interface configuration command might disappear from the running configuration and stop working for the referenced data-link connection identifier (DLCI) if you configure the frame-relay inverse-arp interface configuration command and the corresponding permanent virtual connection (PVC) status changes to Inactive or Deleted.
Workaround: Use the static frame-relay map interface configuration command and reference the same DLCI that is used for the frame-relay de-group 1 local-dlci interface configuration command.
•
A Cisco router that is running Cisco IOS Release 12.0 or later releases might reload because of a bus error at the symbol dialer_clear_map. There is no workaround.
•
When X.25 over TCP (XOT) connects X.25 links that are configured for module 128, the packet assembler/disassembler (PAD) session will pause indefinitely. In this situation, entering the show x25 vc EXEC command will return a "Window is closed" message. There is no workaround.
•
Timer data structures used by the dialer component might become corrupted. The corruption might occur because of operator-initiated actions that involve the removal of the dialer function on an interface. Examples of these actions would be configuring leased-line BRI, or entering the no dialer in-band interface configuration command. The symptom might not occur for days or weeks after the operator action that caused it. Due to this condition, these actions should be avoided. There is no workaround.
•
On a Cisco router with dialer profiles, dialer load-threshold, and no multilink, an overload call might not be done even though the load threshold is exceeded. This situation occurs when an incoming call is received with a particular caller ID but there is no dialer string configured with the same phone number.
Workaround: Initiate first and overload calls from the same router.
•
A Cisco router that is running Cisco IOS Release 12.0(8) and is configured with a LAN Extender (LEX) interface might display any of the following error messages:
%LINK-2-INTVULN: In critical region with interrupt level=0, intfc=Lex0
-Process= "RIP Send", ipl= 0, pid= 73
-Traceback= 1A2006 66872 1A697A 22F1E4 22E924 22EAC0 380A36
%LINK-2-INTVULN:In critical region with interrupt level=0, intfc=Lex0
-Process= "IP Input", ipl= 0, pid= 12
-Traceback= 1A2006 66872 1A697A 22F1E4 224EAA 2257E0 224902 224A5C 224B80
%LINK-2-INTVULN:In critical region with interrupt level=0, intfc=Lex0
-Process= "ARP Input", ipl= 0, pid= 7
-Traceback= 1A2006 66872 1A697A 1FE4AC 2398C4 239E80 1FE6D
There is no workaround.
•
A Cisco router will exhibit traceback messages when the router sends Inverse Address Resolution Protocol (ARP) messages for protocols like Novell, DECnet, and XNS. This situation will not affect router operation. There is no workaround.
•
When using dialer profiles, the dialer state could get stuck in the call pending state. In this situation, outgoing ISDN calls can no longer be initiated. There is no workaround.
•
Under certain conditions, the frame-relay inverse-arp command does not function properly for IPX, Novell, DECnet, and VINES for multipoint interfaces. This situation is more likely to occur when IP is running on the interface.
Workaround: Create a static map for IPX, DECnet, and other protocols by entering the frame-relay map interface configuration command, or change the interface from multipoint to point-to-point.
•
A Cisco 7500 series router that is running Cisco IOS Releases 11.1(31.1)CC, 12.0(9.1), 12.0(8.6)S1, 12.0(9)S, 12.1(0.8), and 12.1(0.8)T with a PA-A3 port adapter will not send Operation, Administration, and Maintenance (OAM) cells. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(9a)
Cisco IOS Release 12.0(9a) is a rebuild of Cisco IOS Release 12.0(9). All caveats in this section have been resolved in Cisco IOS Release 12.0(9a) but may be open in previous Cisco IOS releases.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.0(9)
All the caveats listed in this section are resolved in Cisco IOS Release 12.0(9). This section describes severity 1 and 2 caveats and select severity 3 caveats.
Access Server
•
If an NM-AM modem is set to mark, space, or even parity, the modem autoconfigure type line configuration command will not function properly.
Workaround: Use the script startup line configuration command and the script reset line configuration command.
Basic System Services
•
If you enter the show interfaces [type number] [first] [last] [accounting] EXEC command on a Cisco router that is running Cisco IOS Release 12.0(3)T, the accounting records are updated only when the first system interface is sampled, and all interfaces share the accounting record of the first interface. There is no workaround.
•
A Cisco router might stop responding to Simple Network Management Protocol (SNMP) queries. This situation occurs when the number of SNMP request packets to be processed at the same time is high. There is no workaround.
•
A Cisco router might reload when you enter the write memory EXEC command at the router prompt. This happens during nonvolatile generation (nvgen) of the line global configuration command. There is no workaround.
•
A Cisco 7200 series router with a compression service adapter (CSA) that is configured with Frame Relay Traffic Shaping (FRTS), and using either Cisco Express Forwarding (CEF) or fast switching will not compress data when the amount of data on the interface is greater than the shaping value (for example, CSA will stop compression when traffic shaping becomes active).
Workaround: Use process switching.
•
Configuring trigger authentication by entering the ip trigger-authentication interface configuration command might cause a memory leak. There is no workaround.
•
A Cisco router might reload when hardware compression is configured in conjunction with Generic Traffic Shaping and Fancy Queueing on a compression service adapter (CSA) at the main interface. This situation only occurs when all 3 features are configured.
Workaround: Use software compression.
DECnet
•
If you configure a Cisco router using the decnet routing-timer seconds interface configuration command, the router might create a DECnet in-routing filter access list number after you reload the router. The access list number will be the same as the time in seconds specified in the decnet routing-timer seconds interface configuration command, and might be invalid. There is no workaround.
•
If a Cisco router is running a release earlier than Cisco IOS Release 11.3 and is using the DECnet Phase IV routing protocol, the DECnet network might experience loops or the incorrect selection of routes for periods of time up the value entered with the decnet routing-timer interface configuration command. When a network link goes up or down, one of the routers attached to that link might start sending DECnet traffic down the wrong route. You can enter the show decnet traffic EXEC command to show the number of messages that have been discarded with the "too many visits" count. If you enter the show decnet route configuration command, you can check the routes selected by the router.
Workaround: Reduce the time in the decnet routing-timer seconds interface configuration command to reduce the time taken for the network to converge.
IBM Connectivity
•
During a rare timing window when the multiple downstream devices are simultaneously deactivated, the Advanced Peer-to-Peer Networking (APPN) router might cause the TP that processes the encapsulated messages received on the conloser DLUR/Dependent LU Server (DLUS) pipe session to pause indefinitely. Once the TP is paused, the DLUR may have some DLUR-PUs and DLUR-LUs that appear to be in a permanently stopped state. The corresponding virtual telecommunications access method (VTAM) resources remain in PDACP or PUSB1 states.
Workaround: Restart the APPN subsystem on the router.
•
A Cisco 4500 router might experience memory alignment errors in Advanced Peer-to-Peer Networking (APPN). There is no workaround.
•
A Cisco 4700 router that is configured for data-link switching (DLSw) with Dependent LU Requester (DLUR) and Advanced Peer-to-Peer Networking (APPN) might reload after you issue the show version command because of an SegV exception. There is no workaround.
•
Remote source-route bridging (RSRB) might change frame types. This situation occurs on Cisco routers that are running RSRB where one side of the RSRB is running any Cisco IOS release prior to Cisco IOS Release 12.0 and the other side is running Cisco IOS Release 12.0. The frame that is moving along the source-route translational bridge (SR/TLB) and the RSRB bridge might change from an Ethernet Type II frame to an IEEE802.3 Ethernet frame.
Workaround: Configure the 90-compatible option by entering the source-bridge transparent ring-group seudo-ring bridge-number tb-group [90-compatible] global configuration command.
•
A Cisco router might reload because of a bus error. There is no workaround.
•
A Cisco router that is running Block Serial Tunneling (BSTUN) might experience an input queue wedge. Reloading the router will temporarily fix the situation. There is no workaround.
•
A Cisco router that is configured for Advanced Peer-to-Peer Networking (APPN) might experience 80 percent to 90 percent CPU utilization by the lrp00 process. There is no workaround.
•
Hundreds of alignment corrections on bridging processes might cause a Cisco router (including console access) to pause indefinitely. There is no workaround.
•
A Cisco router might reload through the watchdog timer because Topology and Routing Services (TRS) is looping on a zero length cv46 subvector in unmap_cv46. There is no workaround.
Interfaces and Bridging
•
A Cisco PA-A1 is subject to rx packets with bad aal5_length field. If the erroneous length is too small, it might corrupt memory and cause the router to reload. There is no workaround.
•
A Cisco 7507 router that is running Cisco IOS Release 12.0(4)T might not return the correct results if there is a change in the hold-queue value in any of the serial interfaces of a PA-8T port adapter in a VIP2 motherboard. Although the size of the output queue seems to change after you enter the hold-queue out interface configuration command, there is no real change. There is no workaround.
•
A Cisco 7200 series router with a PA-4R port adapter might accept a packet with an invalid frame check sequence (FCS) and pass it on to remote source-route bridging (RSRB). This situation does not occur in the PA-4R-DTR port adapter. There is no workaround.
IP Routing Protocols
•
When network statements are removed from the Open Shortest Path First (OSPF) configuration in a router, there is no check executed for overlapping networks, which results in OSPF being disabled on the corresponding interfaces.
Workaround: Remove the overlapping network statement, and then reinsert it.
•
If there is a component route in the routing table that has exactly the same network and mask pair as the summary route, OSPF might delete and later reissue the external summary routes.
Workaround: Perform a redistribution by entering the route-map global configuration command with a deny statement in the access list.
•
Internal Border Gateway Protocol (IBGP) routes cannot be redistributed to other protocols. There is no workaround.
•
A Cisco 7200 series router that has not been configured might fail to receive Open Shortest Path First (OSPF) route updates from a neighbor router through an ATM LAN emulation (LANE) interface when a script tries to clean and configure the Cisco 7200 series router. This situation does not occur on a router that has already been configured.
Workaround: Reload the router, or enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
•
After a link flap, the summary route might not appear in the routing table even though it appears in the OSPF topology table.
Workaround: Restart the OSPF process, or reload the router.
•
If you have an Open Shortest Path First (OSPF) external route and a floating static route (as backup for the external route) with the nexthop interface OSPF enabled, and if there is a flap in external route, floating static will be installed in the routing table. The floating static route will not get replaced by the external route, even when the external route comes back up.
Workaround: Enter the clear ip route {network [mask]|*} EXEC command.
•
A Resource Reservation Protocol (RSVP) message will be dropped if the flags or reserved fields in the common header are not set to zero. In this situation, you will not be able to operate within implementations that use these fields for new features. There is no workaround.
•
When you are configuring policy routing on a rotary group leader, entering the no ip policy route-map map-tag interface configuration command on a group-async rotary group member or several physical interface rotary group members might cause the router to reload with a SYS-2-FREEFREE error message. There is no workaround.
•
A Cisco router might reload if certain IP packets addressed to a multicast destination with an invalid IP header are received.
On a Route Switch Processor (RSP), this situation often shows up as a bus error reload with RSP-specific code and ipmulticast_les_fastswitch on stack trace at address=0x58200000.
This situation might also show up as a generic memory corruption reload on an RSP or on other nonparticle-based platforms. This situation does not exist in Cisco IOS Release 11.1CC and Cisco IOS Release 11.2.
Workaround: Disable multicast fast switching on all interfaces by entering the no ip mroute-cache interface configuration command.
•
Protocol Independent Multicast (PIM)v2 Candidate Rendezvous Point (RP) advertisement packets are discarded by a router if the packets were sent by that route.This breaks the Candidate-RP and bootstrap router (BSR) mechanism in PIMv2.
Workaround: Only configure a Candidate-RP in routers that are not BSR.
Miscellaneous
•
A crypto Access Control List (ACL) with a DENY ACE that specifies a TCP or User Datagram Protocol (UDP) port might cause fragments to be dropped.
Workaround: Arrange the crypto ACLs to have permits only when specifying ports. For example, instead of having:
access-list 101 deny udp 200.200.20.0 0.0.0.255 200.200.30.0 0.0.0.255 eq 19 access-list 101 deny udp 200.200.20.0 0.0.0.255 eq 19 200.200.30.0 0.0.0.255 access-list 101 permit udp 200.200.20.0 0.0.0.255 200.200.30.0 0.0.0.255
have:
access-list 101 permit udp 200.200.20.0 0.0.0.255 ne 19 200.200.30.0 0.0.0.255 ne 19 access-list 101 deny udp 200.200.20.0 0.0.0.255 200.200.30.0 0.0.0.255 eq 19 access-list 101 deny udp 200.200.20.0 0.0.0.255 eq 19 200.200.30.0 0.0.0.255
•
Formatting boot flash memory on a Cisco 7100 series router might disable access to boot flash memory. This situation occurs with crypto images in Cisco IOS Release 12.0(5)XE, Cisco IOS Release 12.0(5)XE1, and Cisco IOS Release 12.0(5)XE2, and the situation might occur with some noncrypto images.
Workaround: Format Flash with a working image, or do not format Flash.
•
Context-based Access Control (CBAC) code might reject the alerting messages that arrive before the connect message that carries the port information for the return data stream. The connect message is processed, but the alerting message needs to be processed first for the data stream to be received properly. There is no workaround.
•
Cisco Encryption Technology (CET) might not function correctly when configured on a Cisco router with generic routing encapsulation (GRE) tunnel. There is no workaround.
•
Some internal registers might not correctly update when the link goes down.
Workaround: Upgrade to Cisco IOS Release 12.0(7)T.
•
If there is a large network delay and Asynchronous Serial Protocol (ASP) does not support local acknowledgements (ACKs), you need to increase the poll interval on the end device to accommodate the delay. There is no workaround.
•
Permanent virtual circuits (PVCs) might not transmit if the configuration for the PVC is changed while the outbound rate on that PVC exceeds sustainable cell rate (SCR).
Workaround: Enter the clear interface ATM slot/port EXEC command when this situation occurs.
•
A Cisco 7200 series router might reload and display the following error message:
%SCHED-2-WATCH: Attempt to enqueue uninitialized watched queue (address 0).
-Process= "<interrupt level>", ipl= 1, pid= 2
-Traceback= 6036BE38 6033C5B4 60258F94 6026F794 603A846C 60266368 6026B988
There is no workaround.
•
When you enable bridging on a Fast EtherChannel (FEC), the host functionality might not work properly, but bridging functionality is not affected. There is no workaround.
•
A Cisco router will reload if IP Security (IPSec) is enabled with fast switching on links that use PPP encapsulation with PPP compression. There is no workaround.
•
The second port on a Cisco router with a PA-2T3 port adapter and a PA-2E3 port adapter will not come up if the first port is in a shutdown state.
Workaround: Enter the no shutdown interface configuration command on the first port.
•
If devices that can share the same IP address at different times are connected behind an MPC, some Multiprotocol over ATM (MPOA) shortcuts might not be valid after they switch over the IP address. There is no workaround.
•
If you have two Cisco switches connected on Gigabit Ethernet Inter-Switch Link (ISL) trunk using SVM 1/1 and with Hot Standby Router Protocol (HSRP) configured on a Gigabit Ethernet port channel with ISL encapsulation in a Cisco switching module, then the module might reload when the HSRP group 255 becomes active. This situation can also occur with dot1q(802.1q) trunking. There is no workaround.
•
The Available Bit Rate (ABR) feature on the PA-A3 port adapter is not functioning properly. The PA-A3 driver can send and receive forward resource management (FRM) cells, but cannot transmit backward resource management (BRM). There is no workaround.
•
A Cisco router might experience a SIGTRAP exception error and reload. There is no workaround.
•
Cisco Lock and Key idle timers will not be reset when there are packets that match the dynamic Access Control Lists (ACLs) created by Lock and Key. There is no workaround.
•
A Cisco 7500 series router with Multiprotocol Label Switching (MPLS) configured might corrupt large packets that arrive on a channelized serial interface (CT1/CE1) and then switch to a tag MPLS-enabled interface. This situation occurs during the fragmentation process of the packet. Incoming tag MPLS packets are not affected.
This situation only occurs for Route Switch Processor (RSP) switched packets. Versatile Interface Processor (VIP) distributed switching is not affected. There is no workaround.
•
A PA-A2 port adapter will not receive packets that are larger than 473 bytes. There is no workaround.
•
A Route Switch Processor (RSP) that is configured with Multiprotocol over ATM (MPOA) clients might reload. There is no workaround.
•
Multiprotocol over ATM (MPOA) shortcuts might not check for the frame sizes being sent on them. If the frame size exceeds the maximum transmission unit (MTU) size of the egress Multiprotocol over ATM Client (MPC), egress MPC drops the packet, resulting in the loss of connectivity.
Workaround: Configure matching MTUs on either side of shortcuts (for example, all LAN Emulation Clients (LECs) that are served by ingress and egress MPCs should have the same MTU). If MTUs cannot be altered, then do not configure MPOA on both sides.
•
When configured to provide access control, the Kerberos client on Cisco products will fail all authentications when the expiration of the credential falls between January and February of a leap year.
Workaround: Choose an alternate form of authentication such as Terminal Access Controller Access Control System Plus (TACACS+) or Remote Dial-In User Service (RADIUS).
Wide-Area Networking
•
After you enter the show vpdn history failure EXEC command, the console might lock up, and the CPU utilization might rise to 100 percent. This condition is most likely to occur if the history log has wrapped. There is no workaround.
•
After startup, a PPP interface might have an incorrect High-Level Data Link Control (HDLC) encapsulation string of 8F000800 instead of the correct FF030021 string.
Workaround: Enter the clear adjacency EXEC command, or enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
•
If you are using a Cisco 3640 router running Cisco IOS Release 12.0(5.3) and poll CISCO-CALL-HISTORY-MIB objects to track calls, you might see incorrect information returned for the object ciscoCallHistoryDestinationAddress. The same IP address repeats multiple times even though the corresponding ciscoCallHistoryDestinationHostName is always unique for the same instance. This bug has been fixed in Cisco IOS Release 12.0(08.00.02)T.
•
Under rare conditions, a Multiprotocol over ATM client/Multiprotocol over ATM server (MPC/MPS) will receive a route change from the Next Hop Resolution Protocol (NHRP) side of the cloud but will not purge the affected cache entry. There is no workaround.
•
A Cisco router might experience a software-forced reload because of watchdog timeout if thousands of switched virtual circuits (SVCs) or LAN Emulation (LANE) clients are configured on a single ATM interface.
Workaround: Reduce the number of SVCs or LANE clients that are configured on the ATM interface.
•
A console buffer overrun might occur on a Cisco 1600 series router, a Cisco 3800 series router, a Cisco 800 series router, or a Motorola SMC (MPC860)-based platform if you initiate a PAD or X.28 outgoing connection from the console terminal. This problem does not occur if you make a PAD or X.28 connection from the vty lines.
Workaround: Exit the console session, and then restart the console session.
•
The dialer idle-timeout might not reset for the inbound interesting packets on all serial interfaces except the first interface, which is configured with the dialer idle-timeout either interface configuration command for situations where fast switching is allowed. As a result, all interfaces except for the first serial interface drop the call.
Workaround: Use process switching instead of fast switching so that all serial interfaces reset the idle timer as expected.
•
A Cisco 3640 router that is running Cisco IOS Release 12.0(7), might experience memory corruption and not be able to access core files. There is no workaround.
•
The Integrated Local Management Interface (ILMI) on a Cisco router might respond with the invalid value 0 instead of noSuchName when the interface is queried by the peer switch ILMI on ILMI MIB objects atmfAtmLayerIlmiVersion and atmfAtmLayerNniSigVersion. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 2.0(7)S and supports a large number of ISDN Primary Rate Interfaces (PRIs) might reload due to low memory. There is no workaround.
•
If the Layer 2 link is lost while using X.25 over D-channel, a Cisco router will attempt to reestablish the link by using the terminal endpoint identifier (TEI) value of B-channel. The router will need to be reloaded to reestablish the X.25 connection. There is no workaround.
•
Enhanced Local Management Interface (ELMI) does not work correctly on a Cisco 3810 router that is running Cisco IOS Release 12.0(7)T. The router receives ELMI Status Enquiries, but does not acknowledge them. This situation does not occur in previous Cisco IOS releases. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(8b)
Cisco IOS Release 12.0(8b) is a rebuild of Cisco IOS Release 12.0(8). All caveats in this section have been resolved in Cisco IOS Release 12.0(8b) but may be open in previous Cisco IOS releases.
•
Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.
Cisco has made software available, free of charge, to correct the problem.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
Resolved Caveats—Cisco IOS Release 12.0(8a)
Cisco IOS Release 12.0(8a) is a rebuild of Cisco IOS Release 12.0(8). All caveats in this section have been resolved in Cisco IOS Release 12.0(8a) but may be open in previous Cisco IOS releases.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.0(8)
All the caveats listed in this section are resolved in Cisco IOS Release 12.0(8). This section describes severity 1 and 2 caveats and select severity 3 caveats.
Basic System Services
•
A Cisco MC3810 series multiservice access concentrator that is connected by a serial interface to an AS400 Synchronous Data Link Control (SDLC) interface might experience problems keeping the line up. The line goes active on the AS400 side, and debugs in the router show one or two exchange identification (XID) frames from the host before the line goes down.
Workaround: Configure idle character-marks in the interface of the router, and upgrade to Cisco IOS Release 12.0(7.1) or a later release.
•
When an X.25 interface initially comes up, IP route entries for its subinterfaces (if any) are not added to the IP routing table.
Workaround: Restart X.25 to cause the subinterface routes to appear.
•
When "chassisType" is polled on a Cisco 7200 series router, the chassisType OID is returned as "Unknown." There is no workaround.
•
A Cisco router that is running Cisco IOS Release 11.1(28.1)CC and later releases with maximum transmission unit (MTU) configuration statements might see an unwanted cbus switching complex restart five minutes after booting. The switching complex restart only occurs if the MTU interface reconfiguration causes a MEMD recard because of a change in the MEMD buffer size used by the interface. There is no workaround.
•
If more than one channel or clock rate is larger than 64kbps, a Cisco MC3810 series multiservice access concentrator might not set the parity bit for the pointer field in the ATM adaptation layer 1 (AAL1) and generate bit errors. This situation occurs when the Cisco MC3810 series multiservice access concentrator is supporting T1 circuit emulation service (CES) and is connected to a device that is not a Cisco MC3810, but does not occur if both devices are Cisco MC3810 series multiservice access concentrators or if the circuit units are equal to or greater than six timeslots. There is no workaround.
•
A Cisco router might reload with a SegV error if you try to log in while the debug callback EXEC command is enabled.
Workaround: Disable the debug callback EXEC command.
DECnet
•
If a Cisco router is running a Cisco IOS release earlier than Cisco IOS Release 11.3 and is using the DECnet Phase IV routing protocol, the DECnet network might experience routing loops for periods of time up to the value of the argument given in the decnet routing-timer seconds interface configuration command. These routing loops might start when a network link goes up or down, and DECnet traffic will be discarded while these loops occur.
Workaround: Reduce the value given in the decnet routing-timer seconds interface configuration command.
•
If a Cisco router recognizes a Phase IV VAX cluster, the router will install a route to the cluster alias and advertise reachability to it across a Phase V attached network. It is possible for a routing loop to form if cluster aliases stop being advertised and if the two routers are connected in parallel between Phase IV and Phase V. If the router is the Phase IV designated router for the interface to which the VAX cluster is attached, there might be some connectivity issues between the VAX clients and the VAX cluster alias, but individual VAX machines can still be reached.
Workaround: Set another router to be the Phase IV designated router for the LAN.
EXEC and Configuration Parser
•
A Cisco AS5800 series universal access server may reload with a bus error after an ASCII login.
Workaround: Upgrade to one of the following Cisco IOS releases: Cisco IOS Release 12.0(7) and later releases, Cisco IOS Release 12.0(7)T, Cisco IOS Release 11.3(10.6)AA, or Cisco IOS Release 12.0(7)S and later releases.
•
Performing NVGEN (that is, entering the show running-config command or entering the write memory command) might result in reloads for Cisco 2500, 2600, and 4000 series routers and spurious memory access in Cisco 3600 and 7200 series routers. You will not be able to see the running configuration. There is no workaround.
IBM Connectivity
•
Removing serial tunneling (STUN) statements from a serial interface and global interface causes a Cisco 7513 router to reload with a bus error.
Workaround: Shut down the synchronous data link control (SDLC) interface before removing the STUN statement.
•
A Cisco 7000 series router with two CIP cards that are both running the tn3270-server interface configuration command may unexpectedly reload with a software-forced reload if you remove the client ip configuration command. There is no workaround.
•
If you are configuring a Cisco 2600 series router by entering the fras ban interface configuration command with the fras ddr-backup interface configuration command, the backup is driven if the primary interface goes down. When the backup interface goes down, the backup enabled by the fras ddr-backup interface configuration command switches to the main interface. But if the backup interface goes down and the main interface goes up, the sessions are not recovering, and fras ddr-backup tries the backup interface even though the backup interface is in a down state.
Workaround: Disable fras ddr-backup on the main interface by entering the no fras ddr-backup interface configuration command.
•
A Cisco 2500 router might exhibit the following error message on a Binary Synchronous Communications Protocol (bisync) interface:
LINK-2-INTVULN
There is no workaround.
•
A Cisco 4000 router or a Cisco 2500 router that is running Cisco IOS Release 12.0(6.5) and data-link switching (DLSw) will not be compatible with other platforms. This condition does not affect other platforms that are running DLSw. There is no workaround.
•
An Advanced Peer-to-Peer Networking/Dependent LU Requester (APPN/DLUR) router might reload with the following stacktrace:
RA: 0x60703538[h(0x6070345c)+0xdc]
RA: 0x607038E0[fsm_receive_router(0x607035b0)+0x330]
RA: 0x606E285C[upchuck(0x606e2654)+0x208]
RA: 0x606E2348[rcv_cls_msg(0x606e2080)+0x2c8]
RA: 0x606E1ED8[dlcdx_process_messages(0x606e1eb8)+0x20]
RA: 0x607027D0[xxxpcasm(0x60702440)+0x390]
There is no workaround.
•
An Advanced Peer-to-Peer Networking (APPN) router might reload in cs_process_lsa_ips during a link activation and deactivation timing window. There is no workaround.
•
If both a primary Dependent LU Server (DLUS) and a backup DLUS are configured on an Advanced Peer-to-Peer Networking/Dependent LU Requester (APPN/DLUR) router, the router might unnecessarily time out an allocate to one DLUS after having to time out an allocate to the other DLUS. When this situation occurs, you will receive an "allocate has an invalid rcb 0. Restart TP." message.
Workaround: Enter the prefer-active-dlus configuration command with the "no retries" operand. If you have prefer-active-dlus coded on the APPN control point with no retries, only the currently active DLUS will be retried. This is a temporary workaround.
•
An Advanced Peer-to-Peer Networking (APPN) router might experience a memory leak if you save the Routing Information Field during link activation. There is no workaround.
•
If you are running source-route bridging (SRB) over Frame Relay (RFC 1490), the following traceback appears on the console:
%LINK-3-BADMACREG: Interface Serial1.50, non-existent MACADDR registry for link 43
-Process= "LanNetMgr Supt", ipl= 0, pid= 76
-Traceback= 6080DA8C 6080D8FC 60DEBE1C 60DE04B8 60DFA820 60DFAA60 6031A984 6031A970
There is no apparent impact.
Workaround: Enter the lnm disabled global configuration command.
Interfaces and Bridging
•
When used with a channelized serial interface (CT1/CE1), compression service might be interrupted if there is any system-wide service interruption like online insertion and removal (OIR) or micro reload. There is no workaround.
•
FEBE line and path counters on a POS interface might not increment with the following images: rsp-jv-mz.111-18.CC.bin, rsp-jv-mz.111-24.CC.bin, and rsp-jsv-mz.120-3.0.2. There is no workaround.
•
A Cisco 7500 series router that is running the rsp-jsv40-mz (Enterprise 40) software image on Cisco IOS Release 11.3(9.2)T might experience a bus error. A stack trace decode reveals the following:
0x40262B9C:__start(0x60010000)+0xe0252b9c
0x60093B08:tr_bcast(0x60093af8)+0x10
0x60250630:rsp_tx_start(0x60250258)+0x3d8
0x601DA4D4:datagram_out(0x601d9d5c)+0x778
0x6070FC70:llc_wput(0x6070ec6c)+0x1004
0x60925134:CLSSapUDataStnReq(0x60924fec)+0x148
0x60921858:CLSSapHandleMsg(0x60921710)+0x148
0x6091EA10:CLSDluSendToSap(0x6091e948)+0xc8
0x60925B38:CLSWritePut(0x60925a74)+0xc4
There is no workaround.
•
A Bridge-Group Virtual Interface (BVI) might become wedged intermittently (approximately monthly).
Workaround: Create a new BVI.
•
Running Link Access Procedure, Balanced (LAPB) under a heavy traffic load might cause frames to get lost within the router, which results in REJECTS, backup of output queue, and output drops. There is no workaround.
•
A Cisco router might reload immediately after you enable STAC compression. This condition occurs with High-Level Data Link Control (HDLC) encapsulation when FastPath packets or particles are present in the output queues when compression is enabled.
Workaround: Enter the no ip route-cache interface configuration command before enabling compression, or perform a shutdown on the line before enabling compression.
•
A Cisco router that is running Cisco IOS Release 12.0 might not reply to an Address Resolution Protocol (ARP) request if the Ethernet port is set for bridging and is in blocking mode. There is no workaround.
•
Integrated Local Management Interface (ILMI) might not come up if you are using a PA-A3 port adapter and running Cisco IOS Release 12.0(6.5) or later. There is no workaround.
•
Uneven numbered interfaces (that is, SerX/1 and SerX/3) on a PA-4E1 (75/120) four-port serial card might not work properly on Cisco 7200 series and Route/Switch Processor (RSP) routers. The following Cisco IOS releases are affected, including later release versions: Cisco IOS Release 12.0(6.5); Cisco IOS Release 12.0(6.5)T; Cisco IOS Release 12.0(6.5)S; Cisco IOS Release 12.0(6.5)PI01; Cisco IOS Release 11.1(29)CC, and Cisco IOS Release 12.0(6.6)SC01.
Workaround: There is no workaround.
IP Routing Protocols
•
If you run an H323 application, such as NetMeeting, the deletion of Network Address Translation (NAT) entries created for H323 will not free the allocated buffer completely and will cause a memory leak. The NAT entry data structure that tracks H225 and H245 information is not being freed when the NAT entry is deleted. There is no workaround.
•
Enhanced Interior Gateway Routing Protocol (EIGRP) might derive the metric of a summary from a route outside the summary that has the same prefix and shorter masks. There is no workaround.
•
After a link flap, the summary route might not appear in the routing table even though it appears in the OSPF topology table.
Workaround: Restart the OSPF process, or reload the router.
•
The following entries might be added to the running configuration of a Cisco router even though Network Address Translation (NAT) is not configured:
ip nat translation timeout never
ip nat translation tcp-timeout never
ip nat translation udp-timeout never
ip nat translation finrst-timeout never
ip nat translation syn-timeout never
ip nat translation dns-timeout never
ip nat translation icmp-timeout never
There is no workaround.
•
When fast policy switching is enabled on dialer interface on a Cisco router that is running Cisco IOS Release 11.3(9)T or 12.0(7) a packet is not fast switched, and process switching is used instead. There is no workaround.
•
A Resource Reservation Protocol (RSVP) message will be dropped if the flags or reserved fields in the common header are not set to zero. In this situation, you will not be able to operate within implementations that use these fields for new features. There is no workaround.
ISO CLNS
•
While displaying the output of the show isis topology command, a Cisco router might reload. There is no workaround.
•
Cisco IOS Release 12.0(6.2)T might break Point-to-Point Protocol (PPP) over ATM on a Cisco 4500 router with AAL5SNAP encapsulation enabled. There is no workaround.
Miscellaneous
•
The individual timeslots in a fractional T1/E1 circuit emulation service (CES) circuit might get misaligned if an ATM uplink switchover or reroute occurs, and the content in each timeslot remains error free even though the whole fractional circuit cannot be synchronized. This situation occurs on Cisco 7200 series routers with PA-A2 port adapters with (CES) and Cisco LightStream 1010 5 Gbps modular switches with (CES) and pulse amplitude modulation (PAM).
•
The Ascend-Idle-Limit attribute is defined as being a value in seconds, and when this attribute is applied to a client using PPP mode, the value is retained in seconds. But if the Ascend-Idle-Limit attribute is applied to a client that is using PPP interactive mode, the attribute is converted into a value of minutes. For example, both 1 second and 59 seconds are treated as 1 minute. There is no workaround.
•
When you perform an encrypted Kerberized Telnet to a Cisco 7500 series router, the initial setup goes fine, but nonsense output results when the decryption of packets from the router occurs on the client side. There is no workaround.
•
A Cisco router might reload if you enable Hot Standby Router Protocol (HSRP) on a cable interface because HSRP does not function properly on cable interfaces. There is no workaround.
•
If you are using IP Security (IPsec) in transport mode over a dialer with Multilink PPP and PPP compression, a Cisco router might exhibit the following error message:
%SYS-2-GETBUF: Bad getbuffer, bytes= 58332 -Process= "Encrypt Proc", ipl= 0, pid= 43
and traceback:
IPSEC(encapsulate): locally-sourced pkt w/DF bit set is too big, ip->tl=62324, mtu=1432
Workaround: Configure tunnel mode IPSec, or disable PPP compression.
•
After a Cisco router is reloaded, the Encryption Service Adapter (ESA) cannot reestablish an active crypto connection.
Workaround: Remove the crypto map, reload the router, and reapply the crypto map.
•
In circumstances of increased stress and constant changes, a Cisco router that has a large number of adjacencies on a multiaccess network and is using distributed Cisco Express Forwarding (CEF) might display some prefixes in the LC that are not in the main Route Processor (RP) table. There is no workaround.
•
Spatial reuse protocol (SRP) hardware might receive and drop giant packets under OC-12 line rate traffic with the Versatile Interface Processor (VIP) stressing memory usage. This condition might occur in a tag switching configuration over paths that require the fragmentation of tag-encapsulated IP packets. There is no workaround.
•
A Cisco 7200 series router might not switch packets when crypto map is configured. This situation occurs when you enable Cisco Express Forwarding (CEF) switching. Symptoms might include a connection activity display of twice the normal number of encrypted and decrypted packets than for the peer router when you enter the show crypto cisco connections privileged EXEC command. There is no workaround.
•
Traffic to a Versatile Interface Processor (VIP) might not be routed properly on a Cisco 7500 or 7200 series router that is running Cisco IOS Release 10.3(6.3) if the destination link is encrypted using Cisco Encryption Technology (CET). There is no workaround.
•
IP Security (IPSec) might not function properly if you are running Cisco IOS Release 12.0(6.3)T. There is no workaround.
•
Priority queueing might not function properly with a protocol type-code access list on Cisco 2600 series routers. There is no workaround.
•
Attributes 197 and 255 in the RADIUS accounting stop record are recorded as "0" on a Cisco 2600 series routers and Cisco 3600 series routers that are running Cisco IOS Release 12.0(5)T1. There is no workaround.
•
Cisco 1700 series routers and Cisco 2600 series routers that are running Cisco IOS Release 12.05 T cannot start ISAKMPA SA using the rsa-encr authentication method. The debug output reports that "Hash payload is incorrect!" There is no workaround.
•
You might receive LINK-2-INVTULN traceback messages on Asynchronous Security Protocol (ASP) interfaces. This situation can occur on any Cisco router. There is no workaround.
•
When you enable bridging on a Fast EtherChannel (FEC), the host functionality might not work properly, but bridging functionality is not affected. There is no workaround.
•
Distributed Cisco Express Forwarding (dCEF) might not function properly on PA-T3 High-Speed Serial Interfaces (HSSI) port adapters, and traffic on the interface is not switched by distributed switching after a large number of interface reset events occur. There is no workaround.
•
A Cisco router will reload if IP Security (IPSec) is enabled with fast switching on links that use PPP encapsulation with PPP compression. There is no workaround.
•
If distributed Cisco Express Forwarding (dCEF) and Cisco Encryption Technology (CET) are enabled on a Versatile Interface Processor (VIP), encrypted traffic from the VIP to a non-VIP interface will be process switched. There is no workaround.
•
Changing the status of the interface on a PA-A3 port adapter might cause routes to be removed from the Enhanced Interior Gateway Routing Protocol (EIGRP) topology table.
Workaround: Issue the shutdown interface configuration command followed by the no shutdown interface configuration command.
•
Under rare conditions, a Cisco RSP7000 router that is running Cisco IOS Release 12.0(6.6) with a Versatile Interface Processor (VIP) interface might refuse to send or receive any encrypted traffic. Once the interface gets into this state, it will drop all encrypted traffic until either you reload the router, or disable encryption and reenter the crypto map.
To determine whether a VIP is in this condition, you can enter the show crypto map EXEC command and the show crypto cisco connections privileged EXEC command. If the crypto map is listed with a negative connection ID that does not appear in the crypto connection table, then this problem is occurring.
There is no workaround.
•
If devices that can share the same IP address at different times are connected behind an MPC, some Multiprotocol over ATM (MPOA) shortcuts might not be valid after they switch over the IP address. There is no workaround.
Novell IPX, XNS, and Apollo Domain
•
IPX allows the primary interface and multiple ISL subinterfaces to have the same IPX network number and encapsulation.
Workaround: Do not configure interfaces with the same IPX network number.
•
If you are using IPX Enhanced Interior Gateway Routing Protocol (EIGRP), you might experience an inconsistency in Service Advertising Protocol (SAP) updates on a remote router if the serial interface is brought down for a brief time and then brought up.
Workaround: Enter the clear ip eigrp neighbors EXEC command or enter the no ipx linkup-request sap interface configuration command for the serial interfaces.
•
If an IPX route goes down in a multiple path topology, the 85XX lower layer switch engine might get out of synchronization with the Layer Three IPX routing table. A lower layer forwarding and switching anomaly might occur if the router first receives a "down" notification for a network from the same host that originally notified the router about that network and then the router shortly afterwards receives a good route to the network from another host. There is no workaround.
Wide-Area Networking
•
Retransmitted frames by an Advanced Peer-to-Peer Networking (APPN) router using remote source-route bridging are truncated. There is no workaround.
•
After upgrading to Cisco IOS Release 11.3, you might occasionally experience the following error message:
%X25-3-X25INT: Interface ?, X.25 internal error Invalid lock operation on an X.25 route -Process= "X.25 Background", ipl= 2, pid= 69
Workaround: Remove the route entry associated with the destination from the X.25 routing table, and then add it back again.
•
Entering the x25 map cmns global configuration command causes a Cisco 2600 series router running Cisco IOS Release 11.3 to reload with a SegV exception.
Workaround: Use the equivalent x25 route global configuration command.
•
A Cisco 3640 router that is running Cisco IOS Release 12.0(7), might experience memory corruption and not be able to access core files. There is no workaround.
•
When standby time arrives on a BRI that is used for backup of a serial interface, a disconnect on q931 is never sent. The ISDN switch needs to declare remote terminal equipment out of order. There is no workaround.
•
An RSP4 and a Cisco 7500 series router that are running Cisco IOS Release 12.0(4a) might reload at "set_if_input."
Workaround: Disable Cisco Express Forwarding (CEF).
•
A Cisco router might display a "%TCP-2-INVALIDTCPENCAPS" message, but the system does not lock. There is no workaround.
•
The Link Access Procedure, Balanced (LAPB) module will retransmit any outstanding unacknowledged frames when the remote device reports "Receiver Ready" after previously reporting "Receiver Not Ready." If the T1 timer has not expired while the remote device was not ready, the outstanding unacknowledged frames should still be considered outstanding, and the LAPB should not retransmit them. There is no workaround.
•
A Cisco 7507 router with an ATM Interface Processor (AIP) installed might reload with the following error and not come back up unless the AIP is removed:
%DBUS-3-CXBUSERR: Slot 1, CBus Error
%RSP-3-ERROR: CyBus0 error 10
%RSP-3-ERROR: command/address mismatch
%RSP-3-ERROR: bus command write 4bytes (0xE)
%RSP-3-ERROR: address offset (bits 3:1) 4
%RSP-3-ERROR: virtual address (bits 23:17) 000000
There is no workaround.
•
A Protocol Translation that is configured with Virtual Async and is running over an X.25 connection might not transmit a full packet when the X.25 output maximum packet size is set to 512 bytes and above. There is no workaround.
•
A Cisco router might reload with a bus error in xot_cx_transition. The stack decodes might vary. There is no workaround.
•
A Cisco router that is performing X.25 permanent virtual connection (PVC) switching might experience the following error message if a resend is received on the incoming PVC while the outgoing PVC is not active:
%X25-3-X25INT: Interface ?, X.25 internal error unable to walk VC output queue
There is no workaround.
•
The backup interface function does not work if the backup interface is on a 2A/S WAN interface card network module and is configured with the physical-layer async interface configuration command. If the primary interface fails, the backup interface will attempt to dial, but it will be unsuccessful.
Workaround: Use a different network module for the backup interface if you are configuring it using the physical-layer async interface configuration command. If you are using the 2A/S network module, and the 2A/S network module is in a lower slot number than the primary interface, the backup functionality will work.
•
Excessive CPU utilization might be given to the dialer software component while making multiple digital calls to an ISDN PRI router. These CPU HOGS will cause a Route Switch Processor with 10 busy PRIs to become unusable. There is no workaround.
•
Multilink fragments that are sent over an X.25 link might not have an High-Level Data Link Control (HDLC) header around the PPP packet. This situation can cause the receiving side to be off by 2 bytes when it searches for the protocol of a packet. If the debug ppp {negotiation} EXEC command has been enabled, you might receive an error message similar to the following:
Vi1 UNKNOWN(0x4000): Non-NCP packet, discarding
There is no workaround.
•
If a Cisco router with a Versatile Interface Processor (VIP) is running Cisco IOS Release 12.0(6.3), the VIP might run at 99 percent CPU utilization. This situation occurs when packets are received on a VIP and should be routed to an interface where the tx-queue-limit is set to a low value like 3. The VIP will buffer the packets and fail to transfer them to the outbound interface.
Workaround: Configure the tx-queue-limit to a higher value on the outbound interface.
•
A Cisco 3640 router that is running Cisco IOS Release 12.06(6.3) might reload after running for a few minutes. There is no workaround.
•
A Cisco AS5300 universal access server that is running Cisco IOS Release 12.0(6.3)T may reload with a bus error. There is no workaround.
•
A console buffer overrun might occur on a Cisco 1600 series router, a Cisco 3800 series router, a Cisco 800 series router, or a Motorola SMC (MPC860)-based platform if you initiate a PAD or X.28 outgoing connection from the console terminal. This problem does not occur if you make a PAD or X.28 connection from the vty lines.
Workaround: Exit the console session, and then restart the console session.
Resolved Caveats—Cisco IOS Release 12.0(7a)
Cisco IOS Release 12.0(7a) is a rebuild of Cisco IOS Release 12.0(7). All caveats in this section have been resolved in Cisco IOS Release 12.0(7a) but may be open in previous Cisco IOS releases.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.0(7)
All the caveats listed in this section are resolved in Cisco IOS Release 12.0(7). This section describes severity 1 and 2 caveats and select severity 3 caveats.
Basic System Services
•
Traffic shaping with FRF9 compression might not work properly on a Cisco 3640 router with a compression service adapter (CSA). There is no workaround.
•
A Cisco router might reload under rare, timing-related circumstances if you attempt to delete rows in the ciscoPingTable of the CISCO-PING-MIB. There is no workaround.
•
A Cisco 7500 series router that is running Cisco IOS Release 12.0(5) might experience high CPU utilization when using a VIP-2 service adapter with hardware encryption. There is no workaround.
•
When an interface processor is experiencing a hardware or software problem, it is possible for the Route Switch Processor (RSP) CPU to experience nearly complete utilization while it performs switching-complex restarts in a attempt to recover the failed card. There is no workaround.
•
A Cisco router running Cisco IOS Release 12.0(6) Route Switch Processor (RSP) code with a Versatile Interface Processor (VIP)-based, channelized E1, T1, 4T, or 8T port adapter might exhibit the following error message:
%RSP-3-BADBUFHDR: Invalid buffer ptr, address 58000000
-Traceback= 6025DD38 60266EB8 60237798 00:33:29:
%RSP-3-INVRTN: Invalid return queue, next=0x61323238, hwidb=0x617A0A80, type=0x0 queue_ptr=0x130, bufhdr_offset=0x0, id=0, bcast_id=0 bufhdr 58007420: 00000000 00000128 01280000 00000000
-Traceback= 60266E74 6023779800
There is no workaround.
IBM Connectivity
•
A Cisco 4500 or 4700 series router with an NP-2R Token Ring might pause indefinitely approximately once a week and display the following error message:
%SYS-2-INPUTQ: INPUTQ set, but no IDB
This condition is not effected by the revision level of the motherboard. There is no workaround.
•
A Cisco router might reload with a Segv exception error with the following stack trace:
System was restarted by error - a SegV exception, PC 0x8084D788[k_convSdllcPortEntry_get(0x8084d67c)+0x10c] k_convSdllcPortEntry_get convSdllcPortEntry_get GetNextObjectInstance do_response do_snmpv1 do_mgmt snmp_engine ip_snmp
Workaround: Delete the entry in the ASN.1 private Cisco MIB that is causing the router to reload.
•
A Cisco router using Advanced Peer-to-Peer Networking (APPN) may consume excessive CPU resources while issuing messages during a locate storm. The "XXXTPD02_LOGMSG_01" message might appear repeatedly. There is no workaround.
•
A data-link connection might not recover when the Advanced Peer-to-Peer Networking (APPN) link is not restarted, although the router is configured to retry repeatedly. This situation occurs when a Cisco 4700 router is defined as an APPN network node with an APPN link across Frame Relay RFC 1490 to an IBN NN950 that is configured as a network node. There is no workaround.
•
No SNA traffic passes between a server and a Cisco Network Node router when the network node uses DLSw flow control to disallow the sending of further SNA traffic by the server. There is no workaround.
•
A Dependent logical unit Requester physical unit (DLUR-PU) might appear stuck in a "stopping" state while waiting for a deactivate physical unit (DACTPU) request from a Dependent logical unit server (DLUS). In this situation, the DLUS has already cleaned up this PU, and the PU is in a connectable state on virtual telecommunications access method (VTAM). The DLUR cannot clean up this PU until it receives the DACTPU request. This software change allows DLUR-PUs that have waited for this DACTPU for more than 2 minutes to issue another REQDACTPU request to the DLUS. If the DLUS has already cleaned this PU, it will respond negatively to the REQDACTPU. This negative response will initiate the cleanup of this PU by the DLUR. There is no workaround.
•
An Advanced Peer-to-Peer Networking (APPN) network node router might not allocate the conwinner session of its dual control point-to-control point session with an adjacent end node. The conloser session is set up correctly, but the conwinner session fails in sense 0x80140003 if you issue the debug appn ss command.
Workaround: This situation results if you change an adjacent network node to an end node. Cycle the link for the end node that you changed.
•
After continuously looping in nns_olu_cdinit_reply_processing, an Advanced Peer-to-Peer Networking (APPN) router running Cisco IOS Release 11.2 might reload and exhibit the following error message:
abort crashdump process_handle_watchdog signal_receive process_forced_here nns_olu_cdinit_reply_processing
There is no workaround.
•
A Cisco router running Advanced Peer-to-Peer Networking (APPN) might not respond to BINDs or fail BINDs in sense 0x08150004. There is no workaround.
Interfaces and Bridging
•
Serial interfaces and line protocols on Cisco 3600, 7200, and 7500 series routers might fail with all physical control signals up, including data carrier detect (DCD).
Workaround: Perform a microcode reload.
•
When you are configuring a new E1 PRI interface on a port adapter in a VIP2-based system, all active E1 interfaces will fail even if those E1 interfaces are not on the same VIP2. There is no workaround.
•
In certain Cisco IOS releases there is currently no NetFlow support for Bridge-Group Virtual Interfaces (BVIs) or any other interfaces in a bridge group. The resolution is to upgrade to a Cisco IOS release that support this feature. There is no workaround.
•
If the ATM interface on a Cisco 7000 series router receives an ATM adaption Layer 5 (ATM5) packet of 66532 bytes, it might result in an internal zero length packet and cause the Versatile Interface Processor (VIP) to reload. There is no workaround.
•
An ATM interface on a Cisco router might drop Operation, Administration, and Maintenance (OAM) packets and exhibit increasing ignores and drops with distributed Cisco Express Forwarding (dCEF) and an input feature (such as Access Control List) configured. There is no workaround.
•
If you enter the show frame-relay pvc command on a Cisco router with FRF9 compression enabled, the incoming packet count might be doubled, first in its compressed state and then in its uncompressed state.
Workaround: Disable FRF9 compression.
•
A Versatile Interface Processor (VIP) might reload with distributed Cisco Express Forwarding (dCEF) switching locally between subinterfaces with different maximum transmission unit (MTU) size on a PA-A1 port adapter.
Workaround: Do not use distributed switching.
IP Routing Protocols
•
An external SPF calculation might be triggered every 35 to 40 seconds if there is an OSPF external link-state advertisement (LSA) containing a forwarding address that OSPF has no route for and if there is a static route to this forwarding address pointing to an OSPF enabled interface.
Workaround: Remove the static route, or prevent the unreachable forwarding address from being included in the external LSA. To avoid the unreachable forwarding address, make sure that any autonomous system boundary routers (ASBRs) redistributing between different OSPF domains have the fix for CSCdi63983.
•
Entering the show ip igmp group command might cause a bus error reload if an IGMP entry is deleted during the command execution. This condition occurs intermittently. There is no workaround.
•
A Cisco 8540 Multiservice Switch Router might reload if you use a prefix list with range entries when entering the route-map command for default origination.
Workaround: Use an access-list rather than a prefix list when entering the route-map command for default origination, or avoid using range entries in a prefix list.
•
A router with IP Protocol Independent Multicast (PIM) enabled might reload when you enter the no ip sdr command. This condition occurs under the following conditions:
–
–
–
–
There is no workaround.
ISO CLNS
•
A Cisco router using Connectionless Network Service (CLNS) over X.25 encapsulation might reload and exhibit the following error message:
%SYS-3-INVMEMINT: Invalid memory action (free) at interrupt level
-Traceback= ........ ........ ........ ........ ........ ........ ........ %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= ........ ........ ........ ........ ........ ........ ........ %SYS-2-MALLOCFAIL: Memory allocation of 48 bytes failed from 0x........, pool Processor, alignment 0 -Process= "{interrupt level}", ipl=3
-Traceback= ........ ........ ........ ........ ........ ........ ........
Workaround: Turn off the generation of CLNS error protocol data units (PDUs) on all interfaces by entering the no clns send-erpdu command. In addition, you should investigate and resolve any X.25 encapsulation problems.
LAT
•
The following line commands are not supported in Cisco IOS Release 12.0(5.5) through 12.0(6): the session-limit command, the absolute-timeout command, and online help for the lat command. There is no workaround.
Miscellaneous
•
A Multiport Basic Rate Interface (MBRI) might pause indefinitely in "awaiting establishment" and "tei assigned" modes. Entering the clear interface bri interface number command establishes multiple frames on the port and allows another ISDN call to be made. There is no workaround.
•
Half duplex should only be configured on an interface that is configured with a half duplex protocol (such as SDLC) or bisynchronous encapsulations.
Workaround: Configure the interface for full duplex when not specifically running a half-duplex protocol. The interface command to do this is full-duplex.
•
A Cisco AS5800 series universal access server shelf may reload because of a bus error after configuring "ds0 busyout" when calls are up on the controller. There is no workaround.
•
If you change the media type for an Ethernet interface from auto select to 10BaseT, the default configuration might change to AUI. An explicit interface reset will bring up the interface correctly.
Workaround: Set media-type to auto-select.
•
A Cisco 3600 series router connecting via serial interface using WIC-1T to an AS/400 Synchronous Data Link Control (SDLC) interface might experience problems keeping the line up. After the line goes active on the AS/400 side, debugs in the router show one or two exchange identification (XID) frames from the host right before the line goes down. There is no workaround.
•
In Cisco IOS Release 12.0(7.1) and Cisco IOS Release 12.0(7.2), Address Resolution Protocol (ARP) replies are not sent for static Network Address Translation (NAT) entries. For example, the router does not respond to ARP requests for 2.2.2.3 from the ip nat inside source static 1.1.1.1 2.2.2.3 static NAT command.
Workaround: Upgrade to a later release.
•
Traffic shaping is not working on a Fast Ethernet Interface on a Cisco 4700 router with Fast Switching enabled. There is no workaround.
•
Smart Modular and Sharp Flash cards using the LH28F016SCT chip set might report unrecoverable write errors on several Cisco platforms, including 7200 series, 7500 series, and GSR routers. The original Smart Modular and Intel Flash Cards are not affected. There is no workaround.
•
When entering the crypto-map map-name command on a Versatile Interface Processor (VIP) interface, you must use a name that is not a subset of another crypto map's name. For example, the interface recognizes "testtag1," "testtag10," and "testtag100" as the same crypto map names. There is no workaround.
•
When software compression is configured on a Cisco 7200 series router on an interface configured for Cisco Express Forwarding (CEF) or NetFlow switching, the router might experience a bus error failure and reload. This situation occurs because CEF and NetFlow switching are not disabled when compression is configured even though compression is not supported in CEF, NetFlow, or any fast-switching mode on a Cisco 7200 series router.
Workaround: Explicitly disable CEF or Flow switching on the interface configured for compression by entering the no ip route-cache {cef | flow} command.
•
The Systems Network Architecture (SNA) packets might not be forwarded over a 64k leased line with High-Level Data Link Control (HDLC) encapsulation. There is no workaround.
•
A Cisco router might systematically reload with an error message if "num-exp 1* *" is configured on the router. There is no workaround.
•
A Cisco router might reload when the Cisco Service Manager (CSM) tries to allocate modems from a different pool. There is no workaround.
•
Hot Standby Router Protocol (HSRP) does not work if Inter-Switch Link (ISL) encapsulation is configured. The active router does not respond to an Internet Control Message Protocol (ICMP) ping of the virtual IP address.
Workaround: Load a new image that contains a fix for this problem.
•
Hot Standby Router Protocol (HSRP) does not work when IP Protocol Independent Multicast (PIM) is configured on a Fast Ethernet interface that uses the DEC211140 chipset. The active router does not reply to an Internet Control Message Protocol (ICMP) ping of the virtual IP address.
Workaround: Use the burned-in address by entering the standby use-bia command.
•
A Cisco 2600 series router that is running Cisco IOS Release 11.1(27)CC, 11.1(27.01)CC, 11.002(019.001), 11.2(19.01)P, 12.0(05.04)PI06, 12.0(05.05)S, 12.0(05.05)T, 11.2(19.01)BC, 11.1(27)CT, 12.0(05.05)SC, or 11.1(27.01)CT might exhibit the following rate-limited error message:
%LINK-2-INTVULN: In critical region with interrupt level=1, ...
The router should continue to function normally. There is no workaround.
•
A Cisco router running Cisco IOS Release 12.0(5.4) encryption image might reload if you enter the crypto cisco pregen-dh-pairs command. There is no workaround.
•
V.120 connections on a Cisco AS5800 series universal access server may fail if you enter the vty-async virtual-template command and 144 or more virtual-access interfaces are in use and a new one is needed. On a failing connection, a "debug vtemplate" might show the following error messages:
Vi202 VTEMPLATE: Messages from (un)cloning ... interface Virtual-Access1/0/58
Vi202 VTEMPLATE: Messages from (un)cloning ... default ip address
Vi202 VTEMPLATE: Messages from (un)cloning ... % Incomplete command
Workaround: Keep the number of virtual-access interfaces under 144.
•
On a Cisco 3600 series router running Cisco IOS Release 12.0, IP MAC accounting only works with process-switched packets. There is no workaround.
•
Cisco Express Forwarding (CEF) fails between Token Ring Inter-Switch Link (TRISL) and either Ether-ISL or Ethernet.
Workaround: Disable CEF switching and run standard fast switching.
•
You should not attempt to remove a PCMCIA card while accessing it. There is no workaround.
•
A Cisco 7200 or 7500 series router that is running Cisco IOS Release 12.0 and using encrypted connections like Cisco Encryption Technology (CET) or IP Security (IPSec) over High-Speed Serial Interface (HSSI) serial boards might fail. After the failure, no encrypted traffic can be sent over the connection until the router reloads, but unencrypted traffic is not affected. There is no workaround.
•
If you shut down a PA-A2 circuit emulation service (CES) circuit, you will bring down OAM-managed data PVCs that are defined on the same card. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.0(6.1) will fail to authenticate an Entrust CA server. Entrust CA cannot be used with Cisco IOS Release 12.0(6.1). There is no workaround.
•
A Cisco 7200 series router might not switch packets when crypto map is configured. This situation occurs when you enable Cisco Express Forwarding (CEF) switching. Symptoms might include a connection activity display of twice the normal number of encrypted and decrypted packets than for the peer router when you enter the show crypto cisco connections command. There is no workaround.
•
Traffic to a Versatile Interface Processor (VIP) might not be routed properly on a Cisco 7500 or 7200 series router that is running Cisco IOS Release 10.3(6.3) if the destination link is encrypted using Cisco Encryption Technology (CET). There is no workaround.
Protocol Translation
•
TCP to X.25 permanent virtual circuit (PVC) translation might fail and cause the connection to be lost. There is no workaround.
Wide-Area Networking
•
A Cisco router with over 180 data-link connection identifiers (DLCIs) cannot boot properly because of excessive console log messages related to the startup of Frame Relay PVCs. There is no workaround.
•
Adding the dialer isdn short-hold command to the map-class dialer command to optimize ISDN costs based on AOC-D messages might break the "dialer idle-timeout" configuration. The idle timer resets to 4294966 seconds when expiring, and does not disconnect the ISDN call. The short-hold timer gets incremented on receipt of an AOC-D message, and never disconnects the ISDN call.
Workaround: Remove the dialer isdn short-hold command from the map-class dialer command.
•
A Cisco 2600 series router that is running Cisco IOS Release 11.3(9)T might reload during an X.25-to-TCP translation.
Workaround: Disable the "pt-vty-logging" service by issuing the no service pt-vty-logging command.
•
Multilink PPP does not work if Context-Based Access Control (CBAC) and Network Address Translation (NAT) configured on a Cisco 3600 series router.
Workaround: Turn off Multilink PPP.
•
A Versatile Interface Processor (VIP) card might not respond to a RSP board's request for a DBUS transaction. The RSP will reset the VIP interface and perform a CBUS complex restart to reallocate MEMD.
Workaround: Get in and out of the if-console for all the VIPs in the box.
•
After you reload a Cisco router, the ATM interfaces might assume the default User-Network Interface (UNI) value (3.0) despite the actual configuration.
Workaround: Reset the interface by entering the shutdown command followed by the no shutdown command.
•
If you enable interleaving on a multilink interface, packets may be reordered when they are transmitted on the interface. The next packet to transmit might not be correctly selected from multiple conversational streams on the interface, and packets from the same stream could be rearranged. There is no workaround.
•
Virtual EXEC leaves unusable memory when you issue the show tech-support command. There is no workaround.
•
If you upgrade to Cisco IOS Release 12.0(3)T, AIP might not properly recognize the "Burst size in number of 32 cell bursts" option configured under the interface:
7513#conf t
7513(config)#int atm 1/0.1 point
7513(config-subif)#atm pvc 1 1 100 aal5snap 25000 10000 ? <b> <1-63> Burst size in number of 32 cell bursts</b> inarp Inverse ARP enable oam OAM loopback enable <cr>
7513(config-subif)#atm pvc 1 1 100 aal5snap 25000 10000 <b>1</b> Invalid burst size of 1 cells requested: (ATM1/0): Not creating vc:1:1:100
7513(config-subif)# </pre>
There is no workaround.
•
When using the virtual profile feature on a Cisco router that is also performing outbound calls, multiple calls might be placed even though the router is configured to make a single call to a destination.
Workaround: Issue the multilink max-links command under the virtual-template interface to limit the amount of calls that are placed to the amount desired.
•
The process "ISDNMIB Background" is not releasing memory. The result is a loss in the router's free memory. There is no workaround.
•
A Cisco router might enter "TEI_ASSIGNED" mode. In this case, a SABME poll is not answered by the router. There is no workaround.
•
A Cisco router will pause indefinitely if you enter the same map address in different permanent virtual circuits (PVCs) on the same subinterface. This action should not be attempted because it will cause the router to pause every time. There is no workaround.
•
A Cisco 3640 router might reload with a bus error when it is connected to a Frame Relay multicast-enabled network that reports the creation and then deletion of the multicast data-link connection identifier (DLCI). There is no workaround.
•
A Cisco AS5300 universal access server MICA module cannot call out in Japan if the isdn calling-number command is configured in the ISDN interface. There is no workaround.
XRemote
•
If you make a Telnet connection to a reverse XRemote port on an IOS device, and you do not provide a password when prompted, the IOS device will fall into an infinite loop and print repeated error messages to the Telnet client. The loop continues until the client disconnects the session. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(6b)
Cisco IOS Release 12.0(6b) is a rebuild of Cisco IOS Release 12.0(6). All caveats in this section have been resolved in Cisco IOS Release 12.0(6b) but may be open in previous Cisco IOS releases.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.0(6)
All the caveats listed in this section are resolved in Cisco IOS Release 12.0(6). This section describes severity 1 and 2 caveats and select severity 3 caveats.
Access Server
•
MICA Technologies portware parameters are extended to support V110, along with other newly planned activities. The current Cisco IOS modem management MICA event handler does not handle event sizes beyond what the current version of Cisco IOS supports. If a new version of portware is added to an older version of IOS that does not support the new functionality, these event are dropped. There is no workaround.
•
The result of the show modem command on a Cisco AS5200 access server is different from the snmpwalk command of the cmInitialLineConnections variable defined in CISCO-MODEM-MGMT-MIB. There is no workaround.
Basic System Services
•
Certain Internetwork Status Monitor (ISM) NetView users can issue non-enable mode commands without router authentication. Users accessing the router through NetView must be authenticated through the NetView security methods, that might include RACF and SAF. Mainframe users can be restricted from issuing any router commands through the restriction of the RUNCMD within NetView. Users issuing enable mode commands must be authorized to issue this level of command through ISM, and must possess the enable mode password. If the router is controlled by TACACS+, the ISM user must have a TACACS+ user ID and password
•
The entity-physical table on a Cisco 7200 series router does not contain an entry for the network processing engine (NPE) card. There is no workaround.
•
A Cisco MC3810 multiservice access concentrator Ethernet output interface might enter a wedged state during which no traffic is transmitted from the router. This condition only occurs if a series of multiple or late collisions are detected on the Ethernet connection.
Typically, it is not common to see a high number of late collisions on an ethernet environment. If you do, this might indicate extreme network utilization, ethernet network exceeding specifications, or possibly a bad port or cabling.
The condition can be detected by issuing the show interface ethernet 0 command on the Ethernet port. The symptom is that the output queue appears to be full (40/40), and output queue drops continue to increment. The following error message is displayed when the excessive collisions are detected:
3810-analog-4#show interface ethernet 0 Ethernet0 is up, line protocol is up Hardware is PQUICC Ethernet, address is 0010.7b09.c62a (bia 0010.7b09.c62a) Internet address is 172.16.173.5/26 MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:09, output 00:01:45, output hang never Last clearing of "show interface" counters 00:03:17 Queueing strategy: fifo Output queue 40/40, 42 drops; input queue 0/75, 0 drops
%PQUICC_ETHER-5-COLL: Unit 0, excessive collisions. Retry limit 15 exceeded
There is no workaround.
•
If the show running-config or write terminal commands are issued at the same time from two different virtual terminals (vtys), one session might finish before the other and damage a variable that the first session needs to use. This can cause the router to reload.
Workaround: Do not issue the show running-config or write terminal commands at the same time from two different vtys.
•
A Cisco 1600 R router reloads with a bus error after you issue the show line 1 command. There is no workaround.
•
If per-user configuration commands are downloaded from a AAA server, a Cisco AS5800 series universal access server may reload or record spurious access errors.
Workaround: Disable the per-user configuration commands or disable AAA authorization.
•
A Cisco 7500 series router can erroneously detect output stuck conditions. This condition causes interfaces to reset or perform CBus restarts for no apparent reason, causing all IPs in the router to reset. There is no workaround.
•
If you configure a Cisco MC3810 multiservice access concentrator Multiflex E1 interface for ATM, the interface might handle traffic-shaping parameters incorrectly. The generic cell rate algorithm (GCRA) schedules cells too aggressively, leading to usage parameter control (UPC) drops on the ATM switch even if double maximum burst size (MBS) values are provisioned. There is no workaround.
•
If more than one ipIcmpEcho probe is defined to begin at the same time, the responses can be mixed because the ID field in the ICMP header for both packets defaults to 1.
Workaround: Change the ID field to a random number.
DECnet
•
When DECnet accounting is implemented, a Cisco router might reload due to a large number of connections. There is no workaround.
•
When you configure DECnet on a router, it is possible to specify an Address Translation Gateway (ATG) network number in the range 0 to 3. If the ATG-network-number is specified incorrectly when you configure an interface, the router might reload. If ATG-network-number is not required, it does not need to be specified and the problem does not occur. If ATG-network-number is required, use the following workaround.
Workaround: Ensure that the ATG-network-number you specify when enabling an interface matches the one specified when DECnet routing is enabled globally (for example, decnet 1 routing 2.3 interface ethernet 0/0 decnet 1 cost 5).
EXEC and Configuration Parser
•
The padding command on a line configuration is lost after the first successful connection. The command is reported when you issue the sh configuration command, but not when you issue the sh running -config command.
Workaround: Reconfigure the padding command.
IBM Connectivity
•
If you use a data-link switching (DLSw) direct-encapsulation serial-link WAN with Ethernet LAN on one side and Token Ring LAN on the other, connections can only be established from the Token Ring side.
Workaround: Raise the maximum transmission unit (MTU) of the serial WAN to approximately 1800 bytes.
•
A Cisco 7206 router that is configured for DLSw priority peers might reload with a bus error when running Cisco IOS Release 11.3(9)T. There is no workaround.
•
Some Cisco 4500 series routers and Cisco 4700 series routers with a 2-Port Token Ring Network Processor Module (NP-2R) might hang once a week (no matter the revision level of the motherboard), and display the following message:
%SYS-2-INPUTQ: INPUTQ set, but no IDB
Workaround: Issue the lnm disable command to temporarily correct the problem.
•
If a Router Switch Module (RSM) is configured with IBM spanning tree, and IP routing is disabled, it does not respond to a single-route or all-route ARP frame destined to its MAC address.
Workaround: Disable IBM spanning tree on the RSM.
•
Console message flooding might occur when an XID3 loop occurs with an APPN in the router. The following messages are repeated for each iteration of the loop:
Workaround: Avoid console logging.
•
A physical unit (PU) can not be brought online after you configure a new SDLC/DLSw pair.
Workaround: Reload the router.
•
A Cisco router might reload with a bus error when you issue the show dlsw circuit command if there is a circuit with a local RIF of 18 bytes.There is no workaround.
•
DLSw peers might leak CLS connect request buffers.
Workaround: Use a different peer type. This will free an outstanding connect request if additional requests are received while the first is still pending.
•
An advanced peer-to-peer networking (APPN) router might run out of memory due to unnecessary "lfsid" table expansion for some Dependent LU Requester (DLUR) links to downstream PU2.0s. This problem can occur after a DLUR takeover, or if the DLUR-PU had previously received a "dactpu not final use" message from the Dependent LU Server (DLUS). There is no workaround.
•
Synchronous Data Link Control (SDLC) test does not send or receive packets when peers are closed. There is no workaround.
•
In certain conditions, a Cisco router might reload in the "tcpd" routines or managed timer. There is no workaround.
Interfaces and Bridging
•
A Cisco router might reload in frf9_preComp(). This occurs most frequently when router traffic is heavy and memory usage increases causing a low memory condition.
Workaround: Disable compression or use a different type.
•
Under certain conditions, source-route bridging (SRB) using a PA-4R-DTR Dedicated Token Ring port adapter might result in frames occasionally being bridged out of order. For protocols that are sensitive to the sequence of frames (such as Logical Line Control, type 2 [LLC2]), intermittent session loss might occur. There is no workaround.
•
You might lose connectivity on Inter-Switch Link (ISL) trunk subinterfaces if you configure a bridge group on one of the subinterfaces and then reboot the router. This is a Route Switch Processor (RSP)-specific issue and the problem is not seen on other platforms. Removing the bridge group does not resolve the problem.
Workaround: Reboot the router after removing all the bridging and Bridge-Group Virtual Interface (BVI) statements.
•
Under certain conditions, a Cisco 7200 series router corrupts IP packets when using certain types of switching (for example, fast switching or Cisco Express Forwarding [CEF]) from an Asynchronous Transfer Mode (ATM) permanent virtual circuit (PVC) using bridging encapsulation and a Bridge-Group Virtual Interface (BVI). This condition only occurs if the sending bridge preserves the original cyclic redundancy check (CRC) in the packet.
Workaround: Disable the appropriate type of switching.
•
A Cisco router running Cisco IOS Release 12.0 T might reload due to an overwrite issue in the BSS area when FDDI modules are used. There is no workaround.
•
A PA-4R-DTR port adapter might reset under the following circumstances:
–
–
–
When this problem occurs, the PA-4R-DTR port adapter resets, and the ring experiences a beacon.
Workaround: Make sure the DTR port is not the active monitor on the Token Ring. This can be done by ensuring that the MAC address of the DTR card is not the highest MAC address on the physical Token Ring.
•
With the following input-type-list, a Cisco router does not respond to an Address Resolution Protocol (ARP) request.
interface Ethernet0/0 ip address 10.10.13.1 255.255.255.0 standby 143 priority 110 preempt standby 143 ip 10.10.13.254 bridge-group 1 bridge-group 1 input-type-list 201 !
The router responds without it, and also responds if you add the line for ARP packets. You can ping the interface IP address but not the HSRP address.
Workaround: Delete the input access lists on the bridge interface, or permit type 0x0806 in the access list.
IP Routing Protocols
•
The lane client command resets the address resolution protocol (ARP) timeout to the default value (four hours). After the lane client command is entered, any desired configuration of ARP timeout needs to be reentered, including immediately after reboot. There is no workaround.
•
Some IP fragments might be incorrectly filtered out by access lists. There is no workaround.
•
If you are redistributing OSPF routes into any other routing protocol, it does not include NSSA external routes. There is no workaround.
•
Executing the show ip igmp group command might cause a bus error reload if an IGMP entry is deleted during the command execution. This condition occurs intermittently. There is no workaround.
•
DNS replies that pass from "inside" to "outside" by way of Network Address Translation (NAT) might not be correctly NAT translated. There is no workaround.
ISO CLNS
•
Under certain circumstances, Cisco routers running Cisco IOS Release 11.3(9)T can stop receiving packets on interfaces. This happens when CLNS packets with an N-selector of 0x20 (the DECnet NSP protocol selector) are received by the router, and DECnet conversion has not been enabled or configured correctly. If this happens, the show interface command displays a full input queue and a number of dropped packets (for example, input queue 76/75, 122 drops).
Workaround: Reload the router.
Miscellaneous
•
A 1-port Fast Ethernet network module (NM-1FE-TX) might fail to auto negotiate properly when connected through an SMF connector.
Workaround: Manually set the speed to 100.
•
Half duplex should only be configured on an interface that is configured with a half duplex protocol (such as SDLC) or bisynchronous encapsulations.
Workaround: Configure the interface for full duplex when not specifically running a half-duplex protocol. The interface command to do this is full-duplex.
•
Concurrent routing and bridging (CRB) of IP packets does not work when CEF and ISL are enabled. IP and ISL packets that are intended to be bridged are dropped as encapsulation drops by CEF.
Workaround: Turn off CEF.
•
A race condition can exist between the processes that try to get connection status information from a VIP (and dropped packet information in Cisco IOS Release 11). A semaphore was added to prevent multiple processes from accessing the globals used at the same time. There is no workaround.
•
A Cisco 7500 router with a VIP or ESA-PA port adapter suffers from buffer starvation because of incorrect MEMD reservation. This problem is observed in Cisco IOS Release 11.2(7)P crypto images.
RSPs with an ESA-PA allocate a MEMD buffer pool of size 32 bytes, which would never be used. This also leads to a reduced number of buffer headers available to other interfaces in the system. This leads to packet drops on other interfaces, even with moderate traffic load because of buffer starvation. For example, a router reserving an unused buffer pool would produce the following output:
Router#show cont cbus MEMD at 40000000, 2097152 bytes (unused 612096, recarves 1, lost 0) RawQ 48000100, ReturnQ 48000108, EventQ 48000110 BufhdrQ 48000130 (9 items), LovltrQ 48000150 (16 items, 2016 bytes) IpcbufQ 48000160 (24 items, 4096 bytes) IpcbufQ_classic 48000158 (8 items, 4096 bytes) 3570 buffer headers (48002000 - 4800FF10) pool0: 3206 buffers, 32 bytes, queue 48000138 <======= Unused buffers pool1: 8 buffers, 256 bytes, queue 48000140 pool2: 217 buffers, 1536 bytes, queue 48000148 pool3: 78 buffers, 4512 bytes, queue 48000168 pool4: 4 buffers, 4544 bytes, queue 48000170 slot1: VIP2, hw 2.4, sw 22.20, ccb 5800FF30, cmdq 48000088, vps 8192 software loaded from system
Workaround: Remove the ESA-PA port adapter, if not used. Or, Upgrade your Cisco IOS software to Release 11.2(19)P, Release 11.2(19.01)P, Release 12.0(5.2), Release 12.0(5.2)PI06, or Release 12.0(5.5)T.
•
If you configure PPP encapsulation on an interface and then make that interface a member of a bridge group, the following messages will result:
-Traceback= 601C9C58 602015E0 60556558 60553958 6021D034 6021D020
Fair Queue:packet not initialized properly: 0, 0 , 38
-Traceback= 601C9C58 602015E0 60556558 60553958 6021D034 6021D020 00:06:39: Fair Queue:packet not initialized properly: 0, 0 , 38
-Traceback= 601C9C58 602015E0 60556558 60553958 6021D034 6021D020
Fair Queue:packet not initialized properly: 0, 0 , 38
-Traceback= 601C9C58 602015E0 60556558 60553958 6021D034 6021D020
Fair Queue:packet not initialized properly: 0, 0 , 38
-Traceback= 601C9C58 602015E0 60556558 60553958 6021D034 6021D020
Fair Queue:packet not initialized properly: 0, 0 , 38
-Traceback= 601C9C58 602015E0 60556558 60553958 6021D034 6021D020
Fair Queue:packet not initialized properly: 0, 0 , 38
-Traceback= 601C9C58 602015E0 60556558 60553958 6021D034 6021D020
Fair Queue:packet not initialized properly: 0, 0 , 38
-Traceback= 601C9C58 602015E0 60556558 60553958 6021D034 6021D020
Workaround: Remove bridging from the interface or turn off fair queueing.
•
If an encryption service adapter (ESA) is bringing up a large number of crypto sessions simultaneously (under conditions of stress), it might enter a race condition, or get a crypto initiation message wedged in the input queue of the interface processing the encryption. There is no workaround.
•
A Cisco AS5300 series universal access server may experience a bus error under heavy loads that are caused by outgoing modem calls. There is no workaround.
•
An "ALIGN-1-FATAL" error is observed when the copy tftp start command is enabled while a configuration is loaded into NVRAM. There is no workaround.
•
A Cisco 3600 series router with 4T dial out might go down when you issue the dialer dtr command. There is no workaround.
•
Spurious accesses, router hangs, or router reloads can occur if you use fair queuing. There is no workaround.
•
A VIP configured for Distributed Cisco Express Forwarding (CEF) and Cisco Encryption Technology chassis (CET) might reload after you remove and reapply the crypto maps.
Workaround: Apply the crypto maps one at the time and to go back to privilege mode between issuing the commands.
•
The process switching of Multiprotocol Label Switching (MPLS) packets received on an AAL5SNAP PVC subinterface fails. There is no workaround.
•
When running virtual profile, a Cisco 7500 series router continually resets the CBus. The following message is displayed:
%RSP-3-RESTART: interface Serial4/0:1, output stuck
Some time later, a reset occurs on the CBus. When you debug the CBus, you see the bus resetting which causes all attached controllers to loose connectivity. The only way to access the router is through the console port. There is no workaround.
•
Cisco IOS Release 11.3AA images do not support online insertion and removal (OIR) for ATM port adapters. If you OIR an ATM port adapter more than once, the router will hang. There is no workaround.
•
IPSec reports an incorrect MTU size. Crypto does not recognize an initial ip mtu command on an interface to which a crypto map has been applied. There is no workaround.
•
You cannot change the MTU size of a tunnel interface using software after Cisco IOS Release 11.3(9.2).
Workarounds:
–
–
•
When an SDR session is defined with a PA-A3 port adapter, a Cisco router might reload. There is no workaround.
•
An ATM subinterface might drop packets when Distributed CEF (DCEF) is disabled. This problem only occurs on subinterfaces created after DCEF is on, and then is turned off.
Workaround: Enable, and then disable DCEF after creating a new subinterface.
•
Prior to Cisco IOS Release 12.0(6) tag forwarding fails. The show adjacency command shows that all of the tag adjacencies are marked incomplete. There is no workaround.
•
When there is traffic (ping) on the network, the IP cache entries (for one network reachable through two equal cost paths) are deleted (STALE RECURSIVE) and created every minute. There is no workaround.
•
A Cisco AS5800 series universal access server may send incorrect port numbers to a radius server in AAA accounting. Regardless of which modem slot users get connected, the highest port number a user can obtain is 144, and there are multiple users with the same port number. There is no workaround.
•
A PA-A2 port adapter might cause memory corruption if you use SVCs with an ARP-server when you shut down the interface. There is no workaround.
•
If a router running CET encryption has many connection setup attempts happening at once, some might time out prematurely. Also, some connection setup attempts might not setup properly. There is no workaround.
Novell IPX, XNS, and Apollo Domain
•
Routers running IPX and EIGRP with Cisco IOS Release 11.2 or greater can reload when there are frequent interface up and down transitions. This problem is most common with dial-up interfaces.
Workaround: Disable IPX and EIGRP.
•
In Cisco IOS Release 11.2, if SAP passive update is configured on an interface, the services learned on that interface never age out of the table. In Release 11.3 and later, this also occurs on networks learned on RIP passive interfaces. There is no workaround.
Wide-Area Networking
•
A Cisco router with over 180 data-link connection identifiers (DLCIs) can not boot properly due to excessive console log messages related to the startup of Frame Relay PVCs. There is no workaround.
•
When a Cisco router is functioning as an X.28 packet assembler/disassembler (PAD), it should send an X on to the DTE as soon as it enters the data transfer mode if parameter 5 is set to 1. The PAD does not. There is no workaround.
•
When a Cisco router is operating as an X.25 switch, and forwards an X.25 call containing certain facilities not interpreted by the router, the facility values might be corrupted. The problem occurs most often when the call cannot be forwarded immediately (for example, when using X.25-over-TCP) with heavy traffic. The affected facilities include any local facilities and the Charging Information facility. There is no workaround.
•
In an NFAS group with a primary and a backup D-channel, fast busies might occur depending on the failure. If the T1 with the primary D-channel is shut down or fails, and the backup D-channel comes into service, call routing to a modem in the access server is successful. If the T1 with the primary D-channel remains in an up condition, but the primary D-channel fails, the backup D-channel comes into service and call routing fails for B channels on the T1 that contained the primary D-channel. Users dialing in get fast busies in this scenario. However, calls on all the other NFAS members, including the T1 with the backup D-channel, are successful. There is no workaround.
•
A Cisco router might reload when the ip rtp header-compression command is deconfigured and encapsulation is changed from PPP to Frame Relay. There is no workaround
•
A Cisco router might reload with a SegV exception if dialer rotor best is configured, or if deb dialer is started once traffic triggers a call. There is no workaround.
•
Reliable PPP can cause intermittent reloads when used with WFQ.
Workaround: Disable Reliable PPP or WFQ.
•
Dialer watch backup does not dial after the backup interface times out. There is no workaround.
•
A Cisco 4500 series router might experience a memory leak. When a remote sites go down, or when an ISDN link drops, the router repeatedly attempts to dial the remote site. If the connection is not established, the router keeps dialing, eventually runs out of memory, and hangs.
Workaround: Reboot the router.
•
When dialer watch uses an ISDN connection for the backup link, and the ISDN connection fails to connect during the connection timeout, and ther
Guest
