Table Of Contents
Resolved Caveats—Cisco IOS Release 12.0(29)S1
Resolved Caveats—Cisco IOS Release 12.0(29)S
Resolved Caveats—Cisco IOS Release 12.0(28)S6
Resolved Caveats—Cisco IOS Release 12.0(28)S5
Resolved Caveats—Cisco IOS Release 12.0(28)S4
Resolved Caveats—Cisco IOS Release 12.0(28)S3
Resolved Caveats—Cisco IOS Release 12.0(28)S2
Resolved Caveats—Cisco IOS Release 12.0(28)S1
Resolved Caveats—Cisco IOS Release 12.0(28)S
Resolved Caveats—Cisco IOS Release 12.0(27)S5
Resolved Caveats—Cisco IOS Release 12.0(27)S4
Resolved Caveats—Cisco IOS Release 12.0(27)S3
Resolved Caveats—Cisco IOS Release 12.0(27)S2
Resolved Caveats—Cisco IOS Release 12.0(27)S1
Resolved Caveats—Cisco IOS Release 12.0(27)S
Resolved Caveats—Cisco IOS Release 12.0(29)S1
Cisco IOS Release 12.0(29)S1 is a rebuild of Cisco IOS Release 12.0(29)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(29)S1 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
Basic System Services
•
CSCef46191
Symptoms: A specifically crafted Transmission Control Protocol (TCP) connection to a telnet or reverse telnet port of a Cisco device running Internetwork Operating System (IOS) may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases Hypertext Transport Protocol (HTTP) access to the Cisco device. Telnet, reverse telnet, RSH and SSH sessions established prior to exploitation are not affected.
All other device services will operate normally.
Conditions: User initiated specially crafted TCP connection to a telnet or reverse telnet port results in blocking further telnet sessions. Whereas, services such as packet forwarding, routing protocols and all other communication to and through the device remains unaffected.
Workaround: The detail advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml
Miscellaneous
•
Symptoms: An SRP interface is stuck and there is no response at all. In the output of the show srp topology command, the last topology packet that is received takes more than five seconds to arrive. In addition, the "zero encap length" counter in the output of the show hardware pxf cpu stat interface srp 1/1 detail command increases.
Conditions: This symptom is observed on a Cisco 10720 when the value of the overall packet size divided by 32 is 1 or 2.
Workaround: There is no workaround.
•
Symptoms: When an MPLS packet that enters through an SRP or Ethernet interface contains an L2TP or UTI packet and this MPLS packet is processed by the RP instead of the PXF engine (for example, when the IP header in the MPLS packet contain options and the MPLS TTL equals 0 or 1), the SRP or Ethernet interface stops receiving packets.
Conditions: This symptom is observed on a Cisco 10720 that runs Cisco IOS Release 12.0S.
Workaround: There is no workaround.
•
Symptoms: In Cisco IOS software releases earlier than Cisco IOS Release 12.0(27)S3, Release 12.0(28)S1, and Release 12.0(30)S, the CPU utilization of a Cisco 10720 is high (x%/y%, where y is greater than 60 percent), and continuous BGP and LDP flapping is reported. The counters in the output of the show interface command show a large number of drops and the output of the show buffers command shows a large number of cache misses for the private IBC buffer pools.
Conditions: This symptom is observed when the Cisco 10720 functions in a broadcast ARP storm environment and when the length argument of the hold queue length in interface configuration command is not the default of 75 packets for any interface of the router (for example, the length argument is 2048).
Workaround: Revert the hold queue length in interface configuration command and the hold queue length out interface configuration command to the default setting on all interfaces with non-default hold queues.
•
Symptoms: A PXF buffer leak occurs on an L2TPv3 decapsulation router, which van be observed in the output of the show hardware pxf cpu buffer command:
router#show hardware pxf cpu buffer
FP buffers
pool size # buffer available allocate failures low buffer drops
----------------------------------------------------------------------------
0 9344 1293 1293 0 0
1 1664 12930 12930 0 0
2 640 26746 127 0 77165
3 256 34072 34072 0 0
4 128 59934 59934 0 0Depending on the packet size, the buffer leak can occur in different pools.
Conditions: The symptom is observed on a Cisco 10720 in the following two scenarios:
–
–
Workaround: There is no workaround.
•
Symptoms: When six queues are configured on an interface and some of the queues do not have traffic, the bandwidth of those inactive queues should be given to other active queues (queues with traffic) in proportion to their EIR (configured via bandwidth remaining). However, this is not the case. The bandwidth is not proportionally given to all the queues.
Conditions: Configure a policy map that creates six queues in an interface.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10720 crashes when you delete an IPv6 ACL.
Conditions: This symptom is observed when you delete the IPv6 ACL during the TurboACL compilation.
Workaround: Wait for the ACL to be fully compiled before you delete it.
TCP/IP Host-Mode Services
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1.
2.
3.
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
Resolved Caveats—Cisco IOS Release 12.0(29)S
All the caveats listed in this section are resolved in Cisco IOS Release 12.0(29)S. This section describes only severity 1, severity 2, and select severity 3 caveats.
Basic System Services
•
Symptoms: Difficulties may occur when you attempt to remotely log in to a Cisco router that supports ATM. After you have established a virtual terminal connection to the system, the following user access verification sequence may be displayed, and the connection terminated:
Password:
Password:
Password:
% Bad passwordsConditions: This symptom is observed on a Cisco router that support ATM when an interactive ATM ping is terminated abnormally.
Workaround: Instead of using an interactive ATM ping, enter the ping atm interface atm interface vpi vci [seg-loopback | end-loopback] [repeat [timeout]] privileged EXEC command.
•
Symptoms: After a Versatile Interface Processor (VIP) has reloaded, there does not seem to be a crashinfo file because the crashinfo file is not closed; therefore, it is not visible or accessible. If the same VIP reloads again, both the first and second crashinfo files are accessible.
Conditions: This symptom is observed on a Cisco 7500 series that is running Cisco IOS Release 12.2(6f). The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: When you reload a Cisco 7500 series router with a new Cisco IOS software image, the router may reload unexpectedly during the bootup process and generate an "Imprecise cache parity error" message.
Conditions: This symptom is observed on a Cisco 7500 series that is configured with a Route Switch Processor 8 (RSP8) and that runs Cisco IOS Release 12.0 S or Release 12.2(18)S when you reload the router with an image of Cisco IOS Release 12.3 T.
Workaround: Do not reload the router. Rather, power-cycle the router to properly load the image of Cisco IOS Release 12.3 T.
•
Symptoms: A VIP crash can lead to a memory exhaustion situation on the RSP in turn leading to an RSP crash.
Conditions: This will happen more frequently on routers with a high idb count.
Workaround: There is no workaround.
•
Certain release trains of Cisco Internetwork Operating System (IOS), when configured to use the Cisco IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access Control System Plus (TACACS+) as a means to perform remote management tasks on Cisco IOS devices, may contain two vulnerabilities that can potentially cause Cisco IOS devices to exhaust resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial of Service (DoS) condition. Use of SSH with Remote Authentication Dial-In User Service (RADIUS) is not affected by these vulnerabilities.
Cisco has made free software available to address these vulnerabilities for all affected customers. There are workarounds available to mitigate the effects of the vulnerability (see the "Workarounds" section of the full advisory for details.)
This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml.
•
Symptoms: A serial interface on a Cisco 7500 series may stop transmitting traffic and may report the following VIP crashes:
%MDS-2-LC_FAILED_IPC_ACK: RP failed in getting Ack for IPC message of size 84 to LC in slot 2 with sequence 1007, error = timeout
%RSP-3-RESTART: interface Serial3/0/0:0, not transmitting
%VIP2-3-MSG: slotX VIP-3-SVIP_CYBUSERROR_INTERRUPT: A Cybus Error occurred.
%VIP2-1-MSG: slotX CYASIC Error Interrupt register 0x4000000
%VIP2-1-MSG: slotX DMA Transmit Error
%VIP2-1-MSG: slotX CYASIC Other Interrupt register 0x100
%VIP2-1-MSG: slotX QE HIGH Priority Interrupt
%VIP2-1-MSG: slotX QE RX HIGH Priority Interrupt
%VIP2-1-MSG: slotX CYBUS Error Cmd/Addr 0xD00FF3AConditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3(5a) but may also occur in other releases. This symptom is not observed in Release 12.1(8c).
Workaround: There is no workaround.
•
Symptoms: A router may reload due to a software-forced crash.
Conditions: This symptom is observed on a Cisco 3745 that runs Cisco IOS Release 12.2(13)T5 and that has SSH configured. However, the symptom may occur on other platforms that run other releases and that do not have SSH configured.
Workaround: There is no workaround.
•
Symptoms: An "RTT_FORMAT_FAIL" error may occur when the source and the target of a jitter probe do not use the same Cisco IOS release.
Conditions: This symptom is observed when the target (or responder) runs a different Cisco IOS release than the source, and when this different Cisco IOS release on the target changes the size of the control message of the jitter, UDP, or TCP probe, causing an incompatibility between the source and the target.
Workaround: Run the same Cisco IOS release on both the source and the target.
•
Symptoms: After a VIP crashes, a FIB-3-FIBDISABLE error message due to an IPC timeout may occur for all the slots of the VIP.
Conditions: This symptom is observed on a Cisco 7500 series after the VIP crashes and before the VIP recovers. The FIB-3-FIBDISABLE error message is generated for all the slots of the VIP, causing dCEF switching to become disabled.
Workaround: There is no workaround. You can reenable dCEF by entering the clear cef linecard command.
•
Symptoms: A Cisco router may experience a memory leak in the IPC buffers:
Interface buffer pools:
IPC buffers, 4096 bytes (total 41664, permanent 624):
0 in free list (208 min, 2080 max allowed)
3339198 hits, 75195 fallbacks, 0 trims, 41040 created
4254 failures (65497 no memory)You can also see that the Pool Manager process is holding onto more and more memory:
PID TTY Allocated Freed Holding Getbufs Retbufs Process
5 0 246913476 44522964 202605044 176561380 2654280 Pool ManagerConditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(26)S or 12.0(26)S1. The memory leak is triggered by the SNMP polling of specific OIDs within the ciscoEnhancedMemPoolMIB MIB.
Workaround: Prevent the MIB from being polled by explicitly configuring an SNMP view in the Cisco IOS configuration. To prevent this MIB from being accessed via any community strings, create a view and apply the view to all communities configured, such as:
snmp-server view NOMEMPOOL iso included
snmp-server view NOMEMPOOL ciscoEnhancedMemPoolMIB excluded
snmp-server community public1 view NOMEMPOOL ro 6
snmp-server community public2 view NOMEMPOOL ro 7
snmp-server community public3 view NOMEMPOOL ro 8The specific MIB that is being blocked is the ciscoEnhancedMemPoolMIB MIB (1.3.6.1.4.1.9.9.221).
Once the configuration is in place, the router must be reloaded to clear the IPC cache and free the memory.
•
Symptoms: A software-forced crash may occur on a Cisco 7500 series.
Conditions: This symptom is observed on a Cisco 7500 series with a PA-T3 or PA-2T3 configured for class-based weighted fair queueing (CBWFQ).
Workaround: Remove CBWFQ from the interface or policy map.
•
Symptoms: A router reloads when you enter the show monitor event-trace merged-list component command and you use a long string for the component argument.
Conditions: This symptom is observed on a Cisco 7200 and Cisco 7500 series that run Cisco IOS Release 12.2 S.
Workarounds: Enter a short string for the component argument.
•
This caveat consists of two symptoms, two conditions, and two workarounds:
1.
Condition 1: This symptom is observed when PPP encapsulation and loopback are configured.
Workaround 1: There is no workaround.
2.
Condition 2: This symptom is observed when HDLC encapsulation and the down-when-looped command are configured.
Workaround 2: There is no workaround.
EXEC and Configuration Parser
•
Symptoms: A Cisco router may crash when you perform and online insertion removal (OIR) of a line card.
Conditions: This symptom is observed when an interface on the line card is being configured through the CLI while the OIR of the line card removes the interface.
Workaround: There is no workaround.
•
Symptoms: A CPUHOG may occur for about 4.5 seconds when you enter the show running-config command.
Conditions: This symptom is observed on a Cisco uBR10000 series but may also occur on other platforms.
Workaround: Do not enter the show running-config command. Rather, enter the show config command.
Further Problem Description: The show tech-support command also has a problem when it reaches the show running-config command part. Changing the term length does not work as workaround.
Interfaces and Bridging
•
Symptoms: A router may not forward VLAN traffic.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0(28)S when there are no features configured under VLAN.
Workaround: There is no workaround. The symptom does not occur in Release 12.0(25)S1.
•
Symptoms: Entering the shutdown command on a controller of a Packet over T1/E1 Network Transceiver puts the controller permanently down. Entering the no shutdown command on the controller does not bring the controller up.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0 S and is specific to the controller that is installed in a PA-MC-8T1/E1, PA-MC-4T1/E1, or PA-MC-2T1/E1 port adapter.
Workaround: There is no workaround.
•
Symptoms: The show controllers t1 slot/port command may show only the current interval.
Conditions: This symptom is observed on a Cisco 7200 series when FDL is configured.
Workaround: There is no workaround.
Further Problem Description: When FDL is configured, the router updates the MIB data after checking for a valid local and remote MIB data interval that it receives from the T1 port adapter. During the remote MIB update, and if the received data interval is invalid, the router clears both the remote and the local data instead of clearing only the remote data and starting again.
•
Symptoms: A Cisco 7500 series router may reload.
Conditions: This symptom occurs on an ATM interface that flaps when there is a service policy attached to an ATM permanent virtual circuit (PVC) that has Multilink PPP (MLP) and link fragmentation and interleaving (LFI) enabled.
Workaround: There is no workaround.
•
Symptoms: The output of an snmpwalk for the entPhysicalDescr MIB on a PA-MC-8E1/120 may shows the PA-MC-8E1/120 as unknown.
Conditions: This symptom is observed on a Cisco 7500 series in which a PA-MC-8E1/120 in installed.
Workaround: There is no workaround.
•
Symptoms: Channelized interfaces on a channelized T3 line card or port adapter that is configured for Frame Relay encapsulation may be in the up/down state, and DLCIs are inactive.
Conditions: This symptom is observed when you reload a Cisco platform and when the interfaces were in the up/up state before you reloaded the platform.
Workaround: Enter the shutdown command followed by the no shutdown command on the controller of either the T3 line card or port adapter on the Cisco platform or on the T3 line card or port adapter on the platform at the remote end.
Alternate Workaround: Enter the shutdown command followed by the no shutdown command on the main interface on the Cisco platform.
•
Symptoms: Performance degrades when the number of VCs through which traffic is sent is scaled for PCRoMPLS AToM VCs.
Conditions: This symptom is seen on a Cisco 7500 series with a PCRoMPLS configuration on VCs.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series may show a large number of tracebacks of the "64bit read" access type on a VIP.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.2 S or Release 12.3 when the VIP contains a PA-POS-OC3, PA-POS-2OC3, or PA-SRP-OC12.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: When you configure the distribute-list router configuration command under the address-family ipv4 vrf vrf name router configuration command, the distribute-list router configuration command may appear under the main routing process as may be displayed in the output of the show running-config EXEC command.
Conditions: This symptom is observed in either a Routing Information Protocol version 2 (RIPv2) or a Border Gateway Protocol (BGP) configuration when you specify the interface-type and interface-number arguments of the distribute-list {access-list-number | access-list-name} {in | out} [interface-type interface-number] router configuration command.
The symptom does not occur when you do not define the interface-type and interface-number arguments and only enter the distribute-list {access-list-number | access-list-name} {in | out} router configuration command.
Workaround: There is no workaround.
•
Symptoms: ARP may not function properly on the remote side of point-to-point Fast Ethernet link with a default static route until the remote side is pinged.
Conditions: This symptom is observed on a Cisco router when ARP and /31 mask are configured on a point-to-point link Fast Ethernet link with a default static route. The symptom is platform-independent.
Workaround: There are four different workarounds:
–
–
–
–
•
Symptoms: When a Cisco router is a midpoint of a TE tunnel and the tunnel headend is a third- party vendor router, the Cisco router may crash.
Conditions: This symptom is observed during a period of network instability and may occur when a TE tunnel does not contain an EXPLICIT ROUTE object and when the tunnel is dynamically routed by using OSPF cost only.
Workaround: Use an EXPLICIT ROUTE object or ensure that there are no alternate paths in the network.
•
Symptoms: A router may crash and reload due to a bus error, and the following error message may appear:
Unexpected exception, CPU signal 10Conditions: This symptom is observed on a Cisco router that is running OSPF and that is configured for incremental SPF.
Workaround: Remove incremental SPF from the router by entering the router ospf process-id command followed by the no ospf command.
•
Symptoms: The withdraw message of a multipath (not bestpath) from a BGP neighbor deletes the path from the BGP table but it does not uninstall the route from the IP routing table.
Conditions: This symptom is observed when the maximum-paths eibgp command or maximum-paths ibgp command is configured.
Workaround: Enter the clear ip bgp * or disable the maximum-paths eibgp command or maximum-paths ibgp command.
Alternate Workaround: if the number of possible BGP paths is less or equal to 2 then the problem is transient and not obviously noticeable.
•
Symptoms: The neighbor next-hop-unchanged command may not keep the next hop unchanged for internal paths.
Conditions: This symptom is observed when an internal route is learnt via a confederation eBGP peer.
Workaround: There is no workaround.
•
Symptoms: A Cisco router running Cisco IOS Release 12.0 S, 12.2 S, or 12.3 T can reload unexpectedly.
Conditions: The problem can occur only if a bgp debug command is enabled.
Workaround: There is no workaround.
•
Symptoms: A BGP prefix may receive or advertise incorrect label information.
Conditions: This symptom is observed on an MPeBGP session between ASBRs when there is more than one MPeBGP session configured.
Workaround: There is no workaround.
•
Symptoms: BGP may fail to reestablish a session when you remove a line card, PA, VIP, or module and replace it with a card of a different type. For example, the problem occurs when you remove a 1-port GE line card and replace it with a 3-port GE line card. However, if you replace the 1-port GE line card with another 1-port GE line card (or you just plug the same 1-port GE line card back in the chassis), the problem does not occur.
Conditions: This symptom is observed when the router one side of the BGP session is configured with the neighbor ip-address transport connection-mode active command and when a line card, PA, VIP, or module is changed on the router at the other side of the BGP session. Furthermore, the router at the other side of the BGP session is configured with the neighbor ip-address update-source interface command, and the interface argument refers to the interface on the line card, PA, VIP, or module that is changed.
Workaround: Disable and reenter the neighbor ip-address update-source command.
•
Symptoms: A router that is configured for multicast routing may reload due to a bus error.
Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS software release that contains the fix for CSCec80252. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCec80252. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•
Symptoms: After a switchover on a router, one or more obsolete LSAs from a neighboring router may still be present in the topology. This is improper behavior: the LSAs should no longer be present in the topology.
Conditions: This symptom is observed when a switchover occur on a Cisco router that runs OSPF NSF and when a neighboring router flushes one or more of its self-originated LSAs.
Note that the LSAs automatically age out within an hour, unless the link that connects the router and the neighboring router is a demand circuit or has OSPF "flood-reduction" configured.
Workaround: If the LSA is an external LSA (type5/type7), enter the clear ip ospf redistribution command on the neighboring router. In all other cases, enter the clear ip ospf process command on the neighboring router.
•
Symptoms: A Cisco router may crash when you enter the clear ip route * command.
Conditions: This symptom is observed when the routing table has a default route.
Workaround: There is no workaround.
•
Symptoms: ABRs may continue to generate summary LSA(s) for obsolete non-backbone intra-area route(s).
Conditions: This symptom occurs under the following conditions:
1.
2.
3.
For example, 10.10.10.128/25 and 10.10.10.0/24 yield identical LSA IDs when the network address is logically ORed with the host bits; i.e.,
10.10.10.128 | 0.0.0.127 = 10.10.10.255
10.10.10.0 | 0.0.0.255 = 10.10.10.255Workaround: Perform the clear ip ospf proc command on all ABRs containing the obsolete LSAs.
•
Symptoms: An OSPF Designated Router (DR) may fail to regenerate the network LSA when you reload the router.
Conditions: This symptom is observed on a Cisco router that functions as a DR for an OSPF interface when another interface with the same interface address is present in the area but is in a shut down state.
Workaround: Remove the duplicate interface address and enter the clear ip ospf process command.
•
Symptoms: The BGP Open processes may hold more and more memory, may cause a memory leak, may finally run out of memory, and may cause a Malloc Failure error.
Conditions: This symptom is observed when there are BGP neighbors stuck in the active state (that is, a BGP neighbor is configured but the peer address is not reachable) and when some NSF/SSO RP switchovers occur and the standby becomes active.
Workaround: Shut down the neighbors that are not used.
Further Problem Description: When the memory leak occurs, it will be a consistent 1k leak for each neighbor that is not up every 2 minutes.
•
Symptoms: Non-EIGRP originated routes are not supported. Furthermore, when a route is injected into mp-BGP from a connected, static, or any other IGP on the remote PE router where the same prefix is also learned via EIGRP (when a backdoor exists for that site), the route may constantly flap between EIGRP and BGP.
Conditions: These symptoms are observed when the EIGRP MPLS VPN PE-CE SoO feature is configured.
Workaround: Only inject EIGRP routes into mp-BGP for sites with a backdoor.
•
Symptoms: The BGP inbound update processing becomes slow and a high CPU utilization occurs for a long time.
Conditions: This symptom is observed when a large number of VRFs (more than 200) and prefixes (more than 220,000) are configured.
Workaround: There is no workaround.
•
Symptoms: The redistribute maximum-prefix command may not take effect.
Conditions: This symptom is observed when you enter this command while OSPF is processing an SSO switchover.
Workaround: Enter the clear ip ospf redistribution command.
•
Symptoms: A BGP VPNv4 table may contain paths that may be imported from deleted BGP table entries or from table entries that have a different prefix from the importing prefix.
An example of a path from a deleted BGP table entry is as follows:
Router# sh ip bgp v v vpn2 192.168.0.0
BGP routing table entry for 200:2:192.168.0.0/32, version 52
Paths: (1 available, best #1, table vpn2)
Advertised to non peer-group peers:
10.4.1.2
2 100, imported path from 2829:2829:185404173:11.13.11.13/-53
10.1.1.2 from 10.1.1.2 (10.1.1.2)
Origin IGP, localpref 100, valid, external, best
Extended Community: RT:1:3The entry that this path is imported from has been removed from the table and its memory contents contain an incorrect pattern. When the incorrect pattern is displayed as a prefix, it appear as "2829:2829:185404173:11.13.11.13/-53".
A mismatched prefix appears as follows:
Router# sh ip bgp v v vpn2 192.168.0.0
BGP routing table entry for 200:2:192.168.0.0/32, version 54
Paths: (2 available, best #1, table vpn2)
Flag: 0x820
Advertised to non peer-group peers:
10.10.10.10 10.20.20.20
2
10.4.1.2 from 10.4.1.2 (10.4.1.2)
Origin IGP, localpref 100, valid, external, best
Extended Community: RT:1:2
2 100, imported path from 200:2:172.16.0.0/24
10.1.1.2 from 10.1.1.2 (10.1.1.2)
Origin IGP, localpref 100, valid, external
Extended Community: RT:1:3This BGP VPNv4 table entry is for prefix 192.168.0.0/32 but it shows that a path is imported from 172.16.0.0/24. This situation occurs when a path has a link to a deleted BGP table entry, and then the memory for the deleted entry is reused for a new table entry of which the prefix may not match with the importing entry.
Conditions: These symptoms are observed when you enter the maximum-paths import number command in router BGP address-family IPv4 VRF mode. The number argument indicates the number of paths to import from one VRF to another.
Workaround: Remove the maximum-paths import number command from the router BGP address-family IPv4 VRF mode.
•
Symptoms: When BGP receives an update with only a VPN label change, BGP may not update the TFIB with the new label information.
Conditions: This symptom is observed when BGP receives an update with only a VPN label change but without any nexthop changes.
When the symptom occurs, enter the clear ip route vrf vrf-name command to return to proper operation.
Workaround: There is no workaround.
•
Symptoms: The CISCO-PIM-MIB trap ciscoPimInvalidJoinPrune is supposed to contain the following varbinds:
1.3.6.1.4.1.9.9.184.1.1.4 - cpimLastErrorOriginType
1.3.6.1.4.1.9.9.184.1.1.5 - cpimLastErrorOrigin
1.3.6.1.4.1.9.9.184.1.1.6 - cpimLastErrorGroupType
1.3.6.1.4.1.9.9.184.1.1.7 - cpimLastErrorGroup
1.3.6.1.4.1.9.9.184.1.1.8 - cpimLastErrorRPType
1.3.6.1.4.1.9.9.184.1.1.9 - cpimLastErrorRP
1.3.6.1.4.1.9.9.184.1.1.2 - cpimInvalidJoinPruneMsgsRcvdHowever, when the trap is sent, a wrong OID is used for the cpimInvalidJoinPruneMsgsRcvd.
From a sniffer trace, the following varbind is seen: 1.3.6.1.4.1.9.9.184.2.0.5.0. The actual value sent is correct, though.
Similarly, another CISCO-PIM-MIB trap, ciscoPimInvalidRegister, has the wrong varbind for cpimInvalidRegisterMsgsRcvd. However the value sent is correct in this case too.
Conditions: This symptom is platform-independent and software-independent. Note that the actual value that is sent in the wrong OID for cpimInvalidJoinPruneMsgsRcvd or cpimInvalidRegisterMsgsRcvd is correct. However, this situation causes confusion on the traps receiver side because the receiver cannot decode the traps correctly.
Workaround: There is no workaround.
•
Symptoms: A router LSA is not generated for a loopback address.
Conditions: This symptom is observed when you assign an IP address to an unnumbered interface.
Workaround: Enter the shutdown command followed by the no shutdown command on the loopback interface.
•
A Cisco device running Cisco IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DoS) attack from a malformed BGP packet. Only devices with the bgp log-neighbor-changes command configured are vulnerable. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet.
If a misformed packet is received and queued up on the interface, this bug may also be triggered by other means which are not considered remotely exploitable such as the use of the show ip bgp neighbors command or running the debug ip bgp neighbor updates command for a configured BGP neighbor.
Cisco has made free software available to address this problem.
For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20050126-bgp.shtml
•
Symptoms: An RP may crash during the BGP router process after BGP flaps several times.
Conditions: This symptom is observed on a Cisco 12000 series that runs the gsr-p-mz image of a Cisco IOS interim Release of Release 12.0(29)S. However, this caveat is resolved in Release 12.0(29)S. This caveat is platform-independent and may occur on another platform that has an RP and that is configured for BGP.
Workaround: There is no workaround.
•
Symptoms: When multipath is configured, one of the paths may have an inconsistent (old) label, causing only one path to be operational.
Conditions: This symptom is observed when BGP does not update the outlabel information in the TFIB and for CEF.
Workaround: Clear or readvertise the route that is inoperational.
•
Symptoms: An MSDP enabled RP does not build an (S,G) state from its SA cache when it should do so. Depending on the topology and if an SPT threshold is configured as infinite, this situation may result in a multicast forwarding interruption of up to 2 minutes.
Conditions: This symptom is observed when the RP for a group fails and an incoming (*,G) join message is received.
MSDP should create an (S,G) state from its SA cache. However, this is done before the (*,G) olist is populated; because of the (*,G) NULL olist, MSDP does not install an (S,G) state.
Workaround: Enter the clear ip mroute * command on all first-hop routers to the source to enable the FHR to register immediately when the next packet creates an (S,G) state.
•
Symptoms: BGP does not efficiently pack updates for VPNv4 prefixes; the prefixes are slowly advertised because there is only one prefix in each update.
Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS interim release of Release 12.0(29)S. However, this caveat is resolved in Release 12.0(29)S.
Workaround: There is no workaround.
•
Symptoms: A router crashes when you remove the peer-group members.
Conditions: This symptom is observed on a Cisco router that is configured for BGP.
Workaround: There is no workaround.
•
Symptoms: An %ALIGN-3-SPURIOUS error message and a traceback may be generated when you configure BGP and MPLS VPN.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(9.10)T but may also occur in other releases such as Release 12.0 S and Release 12.2 S.
Workaround: There is no workaround
•
Symptoms: ISIS redistribute commands are not synced to the standby RP. The routes dependent on these commands will fail after switchover.
Conditions: This symptom is observed on a Cisco 7500 series router.
Workaround: There is no workaround.
ISO CLNS
•
Symptoms: The redistribution of routes from L1 into L2 or/and from L2 into L1 may not occur properly, and a learned IS-IS prefix may be missing.
Conditions: This symptom is observed under the following conditions:
–
–
Workaround: Enter the clear isis * or the clear ip route * command to restore the prefix. However, doing so clears all the routes and recalculates them again, which is a disruptive action.
Miscellaneous
•
Symptoms: An active Route Processor (RP) sets the link correctly to the "down" state, but the standby RP fails to set the link correctly.
Conditions: This symptom is observed on a Cisco 10000 series when the far end causes the link state to flap from "up" to "down." However, the symptom is not platform-specific and may also occur on other platforms that have dual RPs.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command.
•
Symptoms: The adjacency table does not display information that is related to the virtual access interface of a network access server (NAS) when the show adjacency detail EXEC command is entered.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(13)T or Release 12.2(14)S but may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: A router that is configured for Cisco Express Forwarding version 6 (CEFv6) may reload when the supported state of an interface changes and when the associated prefix is deleted.
For example, a router may reload when a tunnel interface changes from a CEFv6 unsupported mode (for example, generic route encapsulation [GRE] IP version 6 [IPv6]) to a supported mode (for example, IPv6 IP) and you remove the associated IPv6 address by entering the no ipv6 address ipv6-address interface configuration command or by shutting down the tunnel interface.
Conditions: This symptom is observed on all platforms that run Cisco IOS Release 12.2 S or Release 12.2(13)T but may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: IP commands that are sent in the Cisco Networking Services (CNS) config-changed event output may contain an extra ip prefix.
Conditions: This symptom is observed on a Cisco router when you enter both ip global configuration commands and the cns config notify diff global configuration command to capture commands that change configuration for the config-changed event output.
Workaround: Enter the all keyword in the cns config notify global configuration command. This workaround is not valid when the only changes in the configuration occur in the config-changed event output.
•
Symptoms: A 1-port High-Speed Serial Interface network module (NM-1HSSI) that is running Frame Relay traffic shaping (FRTS) and Frame Relay fragmentation 12 (FRF.12) may randomly stop functioning and does not recover on its own. This problem is not limited to FRF.12 and could also occur with other configurations.
Conditions: This symptom is observed on a Cisco 3600 router that is running Cisco IOS Release 12.2(11)T1 or Release 12.2(13a) but may also occur in other releases. In addition, the symptom may also occur on a Cisco 7200 series.
Workaround: Disabling FRF.12 fragmentation might help.
First Alternate Workaround: Enter the clear interface EXEC command on the affected interface.
Second Alternate Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
•
Symptoms: A Cisco router may log the following traceback error:
%ATMPA-3-BADPARTICLE: Switch1: bad rx particle 0x61CA8040 flags 0x00000001 index 9937
Traceback= 6007968C 6008F404 60E844F0 60E815F4 60D80BF4 60D8E8A4 6009CF94 600B56ECConditions: This symptom occurs in the following configuration:
–
–
–
–
–
Workaround: There is no workaround.
•
This caveat consists of two symptoms, two conditions, and two workarounds.
1.
Condition 1: This symptom is observed when you configure the CNS cns config notify diff global configuration command and you configure interface global configuration commands on the Cisco IOS device.
Workaround 1: There is no workaround if only the changes in the configuration are expected in the CNS configuration notify changed message.
Alternate Workaround 1: Specify the all option for the cns config notify global configuration command.
2.
Condition 2: This symptom is observed when the diff option in the cns config notify global configuration command is selected and a new dynamic interface is created.
Workaround 2: There is no workaround.
•
Symptoms: The IP multicast throughput in Cisco IOS Release 12.3(6)T is not as good as in Release 12.3(4)T.
Conditions: This symptom is observed when more than 130 kpps of traffic is sent. The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: Interoperating problems may occur with a particular third-party vendor 48 MB flash card, and a router may not be able to read the flash card with "bad majic" and "-13 open file" error messages.
Conditions: This symptom is observed in the following two scenarios:
–
–
Workaround: There is no workaround.
•
Symptoms: From a local customer edge (CE) router, you may not be able to reach or ping some prefixes (subnets) on a remote CE router over an Multiprotocol Label Switching (MPLS) network.
Conditions: This symptom is observed in a cell-based MPLS network.
Workaround: Enter the shutdown command followed by the no shutdown command on the affected subinterface that is connected to the local CE router. Doing so enables the Border Gateway Protocol (BGP) to run a scan again and repopulates the subnets in the Tag Forwarding Information Base (TFIB).
•
Symptoms: The cisco.mgmt.cns.config-changed event message is not generated when atm pvc CLIs are configured.
Conditions: This may occur when the CNS configuration notify agent is configured by the cns config notify command and atm pvc CLIs are configured.
Workaround: There is no workaround.
•
This caveat consists, of six separate symptoms, conditions, and workaround, of which the first three apply to all Cisco IOS releases and the last three apply only to Cisco IOS Release 12.3 T:
1) Symptoms: There are three symptoms:
–
–
–
Conditions: This symptom is observed when an application creates or opens a file without the "O_TRUNC:" mode, as in the following example:
show version | append disk#:
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#vtp file new
Setting device to store VLAN database at filename new.
Router(config)#^ZWorkaround: There is no workaround.
2) Symptoms: The show diskslot-number and dir diskslot-number commands may show inconsistent information (such as inconsistent file sizes) when multiple images are copied.
Conditions: This symptom is observed when you make two copies of the image file to the disk by using two vtys and by entering the dir diskslot-number command at the same time.
Workaround: Do not enter the show diskslot-number and dir diskslot-number commands when multiple images are being copied.
3) Symptoms: There are two symptoms:
–
–
Conditions: This symptom is observed when you rename a directory that consists of many subdirectories or files.
Workaround: Reload the router.
4) Symptoms: There are two symptoms:
–
–
Conditions: This symptom is observed on a router that runs Cisco IOS Release 12.3 T after the router boots up.
Workaround: There is no workaround.
5) Symptoms: There are two symptoms:
–
–
Conditions: This symptom is observed on a router that runs Cisco IOS Release 12.3 T when an application or a CLI command overwrites a file on the disk.
Workaround: Reload the router.
6) Symptoms: A router that runs Cisco IOS Release 12.3 T crashes.
Conditions: This symptom is observed when an application creates or opens a file without the "O_TRUNC" mode and attempts to delete the file, as in the following example:
show version | append disk0:redirect.out" and issuing
delete disk0:disk0:redirect.outWorkaround: Reload the router and delete the file.
•
Symptoms: Packet processing at the remote end of a link may fail.
Conditions: This symptom is observed when a service policy that includes the set atm-clp command is enabled on an output interface via the service-policy output command; the platform that links to this output interface at the remote end drops the packets.
Workaround: Remove the set atm-clp command from the service policy on the output interface.
•
Symptoms: The line protocol may go down.
Conditions: This symptom is observed when Frame Relay fragmentation is enabled on the main interface.
Workaround: There is no workaround.
•
Symptoms: When an IP VRF is configured on an SDCC interface of a Cisco 10720 router, all MPLS packets which are to be forwarded through the SDCC interface are instead dropped by the PXF forwarding engine.
Conditions: This problem is observed when setting up an MPLS-VPN in which the PE-CE interface is an SDCC interface on the Cisco 10720 router.
Workaround: Disable the PXF forwarding path via the no service pxf command.
Further Problem Description: The forwarding path must deal with MPLS packets that are destined for the SDCC interface by punting them rather than dropping them.
•
Symptoms: On a Cisco 7500 series that is equipped with Versatile Interface Processors (VIPs) with ATM port adapters, the ATM PVCs may not come back up after the ATM interface flaps. This occurs because the interfaces in the VIP do not transmit any packets but still process incoming traffic.
Conditions: This symptom is observed in a dLFIoATM environment in which distributed Class Based Weighted Fair Queueing (dCBWFQ) is configured on PPPoATM virtual templates.
Workaround: Apply any kind of distributed queueing on any interface or subinterface of the affected VIP. Doing so triggers all interfaces to start transmitting again, enabling the ATM PVCs to come back up.
•
Symptoms: SCR continues to filter CLP(0) cells and tag CLP(1) cells when the CLP(0) filter is removed from the class-map command.
Conditions: This symptom is observed when there are multiple PVCs and when the class map filters are globally removed.
Workaround: There is no workaround.
•
Symptoms: The percent-to-bps conversion for the police cir percent command that is configured in a second- and third-level policy may not function properly.
Conditions: This symptom is observed when the police cir percent command is used in a two- or three-level hierarchical policy with a 1-rate 2-color policer at the higher levels (the exceed action is "not drop"); the police percent-to-bps conversions at the second and third level should be based on the interface bandwidth and not on the parent police rates, but this behavior does not occur.
Workaround: Use a police command with an actual-rate configuration instead of a percent configuration.
•
Symptoms: MPLS forwarding may stop.
Conditions: This symptom is observed under the following conditions:
–
–
Workaround: There is no workaround.
•
Symptoms: Stale MPLS COS per-route entries may be left behind.
Conditions: This symptom is observed after the route disappears from the routing table in cell mode multi-VC network.
Workaround: There is no workaround.
•
Symptoms: CEF may become disabled on a VIP, port adapter, module, or line card because of a fatal error, and the following error message may be generated:
%FIB-3-FIBDISABLE: Fatal error, slot 2: Window did not open, LC to RP IPC is non-operationalConditions: This symptom is observed after an RPR+ switchover.
Workaround: There is no workaround.
•
Symptoms: Layer 3 connectivity may be lost after toggling CEF on a provider Edge router.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.2 S in an ATM/Ethernet VLAN L2 interworking configuration.
Workaround: There is no workaround.
•
Symptoms: An ATM PVC may go down when an oam-pvc manage command is configured.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(27)S or a later release and that functions as a customer edge (CE) router when AIS cells are received from the provider edge (PE) router. However, the symptom is platform-independent and may also occur on other platforms.
Workaround: Rebind the session on the PE router to enable the ATM PVC on the CE router to come up again.
•
Symptoms: After a Stateful Switchover (SSO) occurs on a Cisco 7500 series, the standby Route Switch Processor (RSP) my hang just before downloading the image. This situation may prevent the router from entering the STANDBY-HOT state and from being capable to perform a switchover until the standby RSP is reset.
Conditions: This symptom is observed on Cisco 7500 series that runs Cisco IOS Release 12.0 S or 12.2 S and that is configured for SSO/Nonstop Forwarding (NSF).
Workaround: There is no workaround. After the problem occurs, you can recover the router by either waiting for an IPC timer to expire (the default time is 30 minutes) or by entering the hw-module sec-cpu reset command.
•
Symptoms: The cisco.mgmt.cns.config-changed event message contains invalid changeItem information.
Example: for: (config)#policy-map TEST2
(config-pmap)#class m_new
(config-pmap-c)#shape peak 8010
(config-pmap-c)#priority
(config-pmap-c)#exit
(config-pmap)#desc TESTTEST
(config-pmap)#exit
The 4th changeItem is: Context: <empty>
EnteredCmd: exit
NewConfig#: <empty>
OldConfig#:
!
MyPolicy
test
TEST2
description TESTTEST
class m_new
shape peak 8010
priorityThe above-mentioned changeItem information is incorrect.
Conditions: This may occur when the CNS configuration notify agent is configured by the cns config notify command and a policy-map CLI is configured on the Cisco IOS device.
Workaround: There is no workaround.
•
Symptoms: Changing any IP access control list (ACL) may cause a walk of all LC-ATM prefixes.
Conditions: This symptom is observed on a router configured with an LC-ATM Multi-VC when the changed ACL is not related to the Multi-VC.
Workaround: There is no workaround.
•
Symptoms: A router may crash when you enter the fair-queue command on the interface of a PA-MC-STM-1 port adapter.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0 S when the interface has the rate-limit output command enabled.
Workaround: There is no workaround.
•
Symptoms: The SRP protocol on a Cisco uBR7246VXR may not fully initialize during the boot sequence.
Conditions: This symptom is observed on a Cisco uBR7246VXR running Cisco IOS Release 12.2(15)BC1b when one SRP side is wrapped. The symptom may also occur on a Cisco 7200 series and is not release-specific.
Workaround: Force a wrap by entering the srp ips request forced-switch command and remove this forced wrap. Note that you have to do this manually after a reload/reboot.
•
Symptoms: DTS may not work properly on dot1q Fast Ethernet subinterfaces. Traffic is not shaped at the expected rate
Conditions: This problem is observed on a Cisco 7500 series that is configured as a PE router and that runs Cisco IOS Release 12.2(12i). The symptom may also occur in other releases.
Workaround: If this is an option, use ISL subinterfaces.
•
Symptoms: LC-ATM-enabled subinterface on a PE router stays in "not ready" state when viewing the LDP session to the LSC using the show mpls ldp discovery command. The shutdown interface command followed by the no shutdown interface command will not clear the problem when performed on either the LC-ATM subinterface on the PE or the Xtag interface on the connected LSC.
Conditions: The interface stays in "interface not LDP ready" state when there exists a stray LVC on the switch interface. The PE reaches this state after multiple LDP flaps.
Workaround: The condition may be cleared by entering the clear ip route prefix command where prefix is the local loopback address for the LC- ATM subinterface. This will cause all tailend LVCs on all LC-ATM subinterfaces to be torn down and re-established, causing a brief customer outage. This workaround should only be used if no alternate path exists for MPLS traffic towards this device (i.e., a redundant LC-ATM subinterface). After using this workaround, user should confirm that the expected number of LVCs has been re- established with the output of the show mpls atm summary command. If bindings are not successfully re-established, repeat the clear ip route prefix command, or reload the router.
Reload of the router will remove the stray LVC and bring the LDP session on the PE's LC-ATM subinterface back to normal state.
•
Symptoms: Flapping an interface may cause a router that is configured for L2TPv3 to crash.
Conditions: This symptom is observed on a Cisco router that has many L2TPv3 sessions and tunnels configured. For example, the symptom occurs with 2000 sessions over 2000 tunnels but also with 4000 sessions over one tunnel.
Workaround: There is no workaround.
•
Symptoms: A Cisco platform reloads because of a watchdog timer expiration.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.2(20)S2 or Release 12.3 under the following conditions:
–
–
–
Workaround: First detach the service policy from the PVC, then rename it and attach it again.
•
Symptoms: On certain platforms (in particular but not limited to a Cisco 800 series), the CNS agents code that captures output for later transmission can crash.
Conditions: This symptom is observed on a router that has configuration and EXEC agents and CNS agents that execute CLI commands when you send an XML file to direct these agents to execute a CLI command and return the output (if there is any output).
Workaround: Telnet into the router (not through the console) and exit. This may need to be done multiple times.
•
Symptoms: Cisco target FEC stack TLVs may not interoperate with those of third-party vendors.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.0(27)S or Release 12.0(28)S.
Workaround: There is no workaround.
•
Symptoms: A router that is configured for L2VPN may crash.
Conditions: This symptom is observed when L2VPN connections are dynamically deconfigured and then reconfigured.
Workaround: There is no workaround.
•
Symptoms: When the pseudo wire goes down and then comes back up, an AAL5 AToM VC with OAM emulation stays down.
Conditions: This symptom is observed when the PVC is managed with zero as the loopback frequency. Also, when the pseudo wire goes down it moves to the AIS state, and when the pseudo wire comes back up, the VC stays in the down state. Since the loopback frequency is zero, no loopback cells are sent.
Workaround: Delete the AAL5 VC and readd it with the same configuration.
•
Symptoms: Traffic is sent using the "net ctrl" queue on the egress interface.
Conditions: This problem occurs on a Cisco 10720 router when IPv6 high-priority traffic (110 or 111 in the first 3 bits of the IPv6 traffic class) is forwarded.
Workaround: There is no workaround.
•
Symptoms: An MLP bundle configured between a Cisco 7500 series and any other router may not be able to switch traffic when dCEF is enabled on the Cisco 7500 series.
Conditions: This symptom is observed when LFI is enabled with one member link in the MLP bundle.
Workaround: Either remove dCEF or remove LFI. (A combination of CEF and MLP is not supported.) Note that if there are two member links in the interleaving-enabled MLP bundle, the problem does not occur.
•
Symptoms: A "MSC200_MP-4-PAUSE" traceback may occur in large Frame Relay FRF.12 configurations.
Conditions: This symptom is observed on a Cisco Catalyst 6000 series, Cisco 7500 series, and Cisco 7600 series.
Workaround: There is no workaround. However, this message does not affect the proper operation of the router.
•
Symptoms: An L2tpv3 tunnel does not come up.
Conditions: This problem can be seen in an ATM-FR interworking scenario.
Workaround: There is no workaround.
•
Symptoms: When you enter the format flash: command on a router to format a LEFS flash card, the router fails to give the DOS format and displays this error:
%Error formatting flash (Invalid DOS media or no media in slot)The flash card is no longer accessible until the router is reloaded.
Conditions: This symptom is observed on any Cisco router that supports a disk file system and that runs Cisco IOS Release 12.3(6) or a later release. The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series cannot boot when there are more than 256 different policy maps attached as service policies on the router.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(26)S1.
Workaround: Do not use more than 256 service policies.
•
Symptoms: A router shows a constant increase in the holding memory for the L2TP Daemon process.
Conditions: This symptom is observed when invalid L2PTv3 control packets are sent from a peer router. Invalid packets means packets without all the mandatory attribute value pairs.
Workaround: There is no workaround.
•
Symptoms: CNS config notify events may stop coming.
Conditions: This symptom is observed when the cns config notify diff command is enabled and when other CNS configuration agents are configured.
Workaround: Enter the no cns config notify command followed by the cns config notify diff command.
•
Symptoms: A VIP in a Cisco 7500 series may crash intermittently.
Conditions: This symptom is observed during AToM HDLC/PPP regression tests.
Workaround: There is no workaround.
•
Symptoms: Buffer leakage could occur when a high load of traffic is sent to an interface that has a service policy enabled. This could result in ping failures or very long packet delay.
Conditions: The problem is observed with an MC-T3+ interface that is configured in unchannelized mode, and the traffic consists only of small packets such a 64-byte packets.
Workaround: Manually configure the tx-ring-limit command to lower the number of packets that can be placed on the transmission ring.
•
Symptoms: Routes that are removed soon after an SSO switchover occurs may remain in the CEF table.
Conditions: This symptom is observed when VRFs are configured.
Workaround: There is no workaround.
•
Symptoms: A standby RP keeps crashing.
Conditions: This symptom is observed when both the snmp-server community string rw command and the snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart command are configured.
Workaround: Remove the snmp-server community string rw command from the startup configuration before rebooting the router. When the router has booted, reenter the snmp-server community string rw command.
•
Symptoms: After reloading a Cisco platform, one of the RPs may reload, or the following error message may be displayed:
%PARSER-4-BADCFG: Unexpected end of configuration file.Conditions: This symptom may be observed on any Cisco platform that is configured with dual RPs and that supports RPR+.
Workaround: There is no workaround.
•
Symptoms: A router may reload if removing the L2TP class is followed by removing the pseudowire class.
Conditions: This symptom is observed on a router that runs Cisco IOS Release 12.0(28)S when both removals are done in a very short time via an auto test script and when the L2TP sessions are already established. This is a timing related issue.
Workaround: Wait at least 1 second before you remove the pseudowire class.
•
Symptoms: When you set up an L2TPv3 tunnel configured in the PW class, a ping cannot go through from CE router 1 to CE router 2 until the ping is initiated by CE router 2.
Conditions: This failure occurs in Cisco IOS Release 12.0(28)S with a Fast Ethernet interface (not with a serial or POS interface).
Workaround: First, ping from CE router 2 to CE router 1. Then, ping from CE router 1 to CE router 2.
•
Symptoms: A VIP crashes with the following error message:
VIP-3-SYSTEM_EXCEPTION: VIP System Exception occurred sig=10, code=0x10Conditions: This symptom is observed on a Cisco 7500 series when you re-use a channel group (or subinterface) that was previously configured with a Frame Relay DLCI "set" service policy.
Workaround: Remove the "set" service-policy before you remove the channel group (or subinterface).
•
Symptoms: The PVC bundles VC selection does not work correctly.
Conditions: This symptom is observed on a Cisco 7200 series and Cisco 7500 series.
Workaround: There is no workaround.
•
Symptoms: A VIP may crash.
Conditions: This symptom is observed on a Cisco 7500 series when QoS is configured on the interface of the VIP and traffic is flowing.
Workaround: There is no workaround.
•
Symptoms: EoMPLS tunnels do not have labels assigned to them, preventing a virtual circuit from coming up.
Conditions: This symptom is observed when multiple (for example, 1200) EoMPLS tunnels are configured. Only on a few tunnels the symptom may not occur.
Workaround: There is no workaround.
•
Symptoms: When you flap an interface that is attached to an L2TPv3 tunnel, the tunnel may enter the shut mode.
Conditions: This symptom is observed on a Cisco 10720 when the xconnect command is enabled on the interface and when you enter the shutdown command followed by the no shutdown command on the interface or when you cause the interface line protocol to go down and up again.
Workaround: Disable and reenter the xconnect command on the interface.
•
Symptoms: A Cisco router that is running Cisco IOS Release 12.0(25)SX1 may experience CEF disabling on standby PRE.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0(25)SX1. The symptom may also occur in Release 12.0 S.
Workaround: Reset standby PRE.
•
Symptoms: If there is sequence number enabled on a PVC and you add a service policy to this PVC, the sequence number configuration is lost.
Conditions: This symptom is observed when you enable the sequence number configuration and then add a service policy to the same PVC.
Workaround: After the symptom has occurred, readd the sequence number configuration to the PVC.
•
Symptoms: The TE DB on a tunnel headend may become corrupted.
Conditions: This symptom is observed on a Cisco router that has MPLS configured.
Workaround: There is no workaround.
•
Symptoms: Starting with Cisco IOS Release 12.0(26)S, the Cisco 10720 router supports the IPv6 ACL feature. The IPv6 packets are corrupted (including the IPv6 header) for the following scenario: For a packet in 6PE decapsulation case (MPLS to IPv6), if output ACLs are applied at the output interface and these ACLs are long enough to require a second PXF pass (known as output ACL split case), then the outgoing IPv6 packet is corrupted.
Conditions: This symptom is observed on Cisco 10720 routers that are running Cisco IOS Release 12.0(26)S or later releases.
Workaround: There is no workaround.
•
Symptoms: The ATM HA process may crash.
Conditions: This symptom is observed on a Cisco router that has VCS configured with local switching.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may crash when interfaces are brought up or when interfaces are deleted.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0 S. However, this caveat is platform-independent.
Workaround: There is no workaround.
•
Symptoms: On a Cisco router that has L2 PVCs in the AIS alarm state, in addition to sending AIS cells, the router also sends loopback cells to the customer edge router.
Condition This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0 S when the oam-pvc manage command is configured and when the L2 PVC gets enters the AIS alarm state. However, this caveat is platform-independent.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may experience alignment errors involving MPLS and BGP, and the output of the show alignment command may show the following information:
Total Spurious Accesses 1, Recorded 1
Address Count Traceback
C 1 0x612EE93C 0x60BD2894 0x60BD2F0C 0x60B8C2DCConditions: This symptom is observed on a Cisco router that is configured for MPLS and BGP.
Workaround: There is no workaround. However, note that the symptoms are of a transient nature and do not affect the functionality of the router.
•
Symptoms: A Cisco router that runs a Cisco IOS interim release for Cisco 12.0(29)S or interim Release 12.3(9.3) or 12.3(9.2)T may log the following error message and traceback, and IPC services using large RPC messages/replies may fail:
%IPC-SP-5-INVALID: Invalid dest port=0x2220000
-Traceback= 402F3784 403027CC 403025AC 4030A10C 4030A4F8 4030A7B8 402F7E78 402F8244 40309478 402F8890 4033A0E8 40344284Conditions: This symptom is observed without any external trigger occurring.
Workaround: There is no workaround.
•
Symptoms: On a Cisco router, the output of the execute-on slot number show ip cef prefix command may display the same imposed label twice for a recursive public route.
Conditions: This symptom is observed on a Cisco platform that supports distributed forwarding such as a Cisco 7500 series or a Cisco 12000 series when the neighbor name send-label command is configured under an IPv4 BGP address family on a VIP or line card and when one of the following actions occurs:
–
–
–
The symptom disappears after the affected prefix flaps.
Workaround: There is no non-impacting workaround, but you can enter the clear ip route prefix command or reset the BGP peer to solve the problem.
•
Symptoms: When you boot a Cisco 7200 series that is configured with an NPE-300 or NPE-400 and that runs a c7200-js-mz image, the router may crash with a traceback.
Conditions: This symptom is observed when the c7200-kboot-mz image is the bootloader and when the router runs Cisco IOS interim Release 12.1(22.3)E1. The symptom may also occur in other releases such as 12.0 S, 12.2 S, and 12.3.
Workaround: There is no workaround.
•
Symptoms: When a host sends a path MTU discovery packet into a L2TPv3 tunnel, a Cisco 10720 returns an ICMP unreachable packet, indicating that the path MTU is "MTU-32byte (L2TPv3 header)-(layer2 header of customer packets)," which is incorrect. This situation causes TCP communications such as FTP or HTTP downloads over the L2TPv3 tunnel to fail. For example, 26 bytes (outer IP + L2TPv3 header sizes) may be missing.
Conditions: This symptom is observed on a Cisco 10720 that functions as a PE router.
Workaround: If this is an option, set an MTU with a small size at the server side. If this is not an option, there is no workaround.
•
Symptoms: A dual SRP ring fails to become active completely due to an is-type mismatch. The output of the show clns neighbors command indicates that a certain system interface remains in the "Init" state indefinitely, although the output of the show ip interface brief command shows that this interface is up.
Conditions: This symptom is observed when a dual SRP ring is configured on three routers that run Cisco IOS Release 12.2S. The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: LSP-Ping packets may include a Vendor Enterprise Code TLV Type 5 with a length that is greater than 4 and with Vendor Private Extensions. According to the draft-ietf-mpls-lsp-ping-05.txt IETF draft, the Vendor Enterprise Code TLV Length should always be 4, and the vendor extensions should use a TLV Type that is in the range 64512-65535.
Conditions: This symptom is observed on a Cisco platform that functions in an MPLS OAM environment.
Workaround: There is no workaround.
•
Symptoms: Malformed MPLS echo request packets may cause excessive Route Processor (RP) CPU cycles to be consumed during parsing of malformed TLVs.
Conditions: This symptom is observed when MPLS echo request packet are decoded and incorrectly parse beyond the packet boundary due to improper bounds checking.
Workaround: There is no workaround.
•
Symptoms: An LDP session over a tunnel interface may drop and not come back up.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0 S when auto-tunnel traffic engineering is configured and when RSVP label distribution and LDP are configured in the MPLS core.
If the no mpls ip command is configured on the physical interface to disable LDP, and RSVP label distribution remains enabled, auto-tunnel traffic engineering fails and you cannot bring the tunnel back up.
Workaround: Run LDP in the MPLS core for all interfaces that have auto-tunnel traffic engineering configured.
•
Symptoms: After you enter the microcode reload pxf command or after a PXF crash occurs, EoMPLS packets that should be encapsulated with EoMPLS encapsulation are treated as if they are normal IP packets, and are likely to be dropped by the router.
Conditions: This symptom is observed on a Cisco 10720 router when an SRP (sub)interface is used as the EoMPLS backbone interface to transport EoMPLS packets to other EoMPLS PE routers and when the (sub)interface has the xconnect destination-address vc-id encapsulation mpls command enabled.
Workaround: Remove the xconnect destination-address vc-id encapsulation mpls command from the (sub)interface that connects to a customer device, and reconfigure it on the (sub)interface.
•
Symptoms: An RP crashes after you remove the event manager applet.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.0(26)S or a later 12.0 S release when an EEM policy is removed from the configuration by entering the no event manager applet applet-name command while actions within the EEM policy are being executed.
Workaround: There is no workaround.
•
Symptoms: Several spurious memory accesses occur with ATM PVCs, and an error message and traceback similar to the following one may be generated:
%ALIGN-3-SPURIOUS: Spurious memory access made at 0x601B5190 reading 0x74
%ALIGN-3-TRACE: -Traceback= 601B5190 601B7B20 601B69D4 60176F64 6017776C 6017755C 6055508C 60555EA0Conditions: This symptom is observed when you create ATM PVCs or when you enter the clear interface atm or show atm vc command.
Workaround: There is no workaround.
•
Symptoms: A Cisco router crashes during a period of high routing protocol activity.
Conditions: This symptom is observed on a Cisco 10720 that runs Cisco IOS Release 12.0(21)SP or a later release or Release 12.0(22)S or a later release.
The crash is most likely to occur when the router holds a large number of IPv4 prefixes in its routing table and when there is a lot of turnover in the routing table, that is, prefixes are added and deleted on a rapid basis.
Workaround: There is no workaround.
•
Symptoms: The PXF forwarding engine on a Cisco 10720 may crash after the microcode is reloaded either through a manual reload by entering the microcode reload pxf command or after a previous PXF crash. This situation causes multiple PXF crashes.
Conditions: This symptom is observed on a Cisco 10720 that runs Cisco IOS Release 12.0(26)S or a later 12.0 S release, all of which contain IPv6 PXF packet forwarding functionality, and is most likely to occur while IPv6 packets are passing through the router.
Workaround: Disable IPv6 functionality or disable PXF by entering the no service pxf command.
•
Symptoms: A Cisco 7200 series with an NPE-G1 may crash when you ping 50 5200-byte packets from one router that functions as a generator via the Cisco 7200 series with the NPE-G1 to another router that functions as a reflector. The three routers are connected back-to-back via static routers.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(9a) but may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: A Channel Interface Processor (CIP2) and an xCPA port adapter fail to load their microcode. The microcode bundle is expanding such that the files do not have the prefix. For example, the file cip28-17_kernel_hw4 is _kernel_hw4.
Conditions: This symptom is observed on a Cisco 7200 series and a Cisco 7500 series. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCee13801. Cisco IOS software releases not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•
Symptoms: An SNMP query on cbQosREDClassCfg objects may take up a very large part of the CPU utilization of a router. Depending on the overall CPU utilization and query frequency, some side effects such as CPU hogs may occur.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0 S.
Workaround: There is no workaround.
•
Symptoms: An MPLS static label that is configured as an outgoing label is not installed in the MPLS forwarding table.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0(29)S when a static label is assigned as an outgoing label for a FEC by entering the mpls static binding ipv4 prefix mask output nexthop label command. The statically configured outgoing label is not installed in the MPLS forwarding table.
Note that a static label that is assigned as a local label is properly installed in the MPLS forwarding table.
Workaround: Configure an LDP session to the next hop router over the next hop interface, and configure the next hop router to prevent it from advertising the label for the impacted prefix by entering the mpls ldp advertise-labels command.
•
Symptoms: The PXF engine on a Cisco 10720 may crash, and the following error messages are generated in the logging buffer (the PXF crashinfo files can be found in the flash memory of the router):
MSD: %TOASTER-2-FAULT: T0 IHB Exception: watchdog
MSD: %TOASTER-2-FAULT: T1 IHB Exception: watchdog
MSD: %TOASTER-2-FAULT: T0 IHB Exception: watchdog
MSD: %TOASTER-2-FAULT: T1 IHB Exception: watchdogIn addition, there are four ways to verify that the symptom is occurring:
–
MSD: %Camr_SRP_OC48-3-INTERR: SRP uplink internal error SRP_TX_VA_SC_GIANT_PKT (code 4)
MSD: %Camr_SRP_OC48-3-INTERR: SRP uplink internal error SRP_TX_VA_SC_FIFO_GIANT_PKT(code 100)
MSD: %Camr_VA-3-STATUS1: Van Allen Data integrity error VA_SC_IPM_RD_ACC_TIMER_EXP(code 1)
MSD: %Camr_VA-3-STATUS1: Van Allen Data integrity error VA_RP_IPM_RD_ACC_TIMER_EXP(code 4)
MSD: %Camr_VA-3-SISTATUS: Van Allen SRIC Data integrity error VA_SI_FL_CTRL_DRVN(code 80)
MSD: %Camr_VA-3-SOSTATUS: Van Allen SROC Data integrity error VA_SO_PKT_LEN_ERR (code 1)
MSD: %Camr_VA-3-STATISTICS: VA statistics register: 0x0098 reports VA_SO_PKT_LEN_ERR_COUNT = 3–
–
–
Conditions: This symptom is observed when all of the following conditions are present:
–
–
* The packet is denied by an output security ACL.
* There is no route in the router to forward the packet.
* The time to live (TTL) of the packet expires.
* The packet is an ICMP echo request packet, and the router tries to send an ICMP echo reply packet to the source.–
Workaround: Enter the no ip unreachable command on all interfaces of the router, which works in the following two cases:
–
–
For other cases, there is no workaround.
•
Symptoms: A permanent virtual connection (PVC) configuration is removed if a PVC fails when it is recreated.
Conditions: This symptom is observed on a Cisco 7500 series that has a Versatile Interface Processor (VIP). The PVC configuration may be removed if the VIP is carrying data traffic and the parameters of the virtual circuit (VC) class that is attached to the configured PVCs on the associated interface are modified.
Workaround: There is no workaround.
•
Symptoms: Traffic and pings fail when FRF.12 is configured on a POS link.
Conditions: This symptom is observed on a Cisco router that is configured with a PA-POS-2OC3 port adapter.
Workaround: There is no workaround.
•
Symptoms: If you enter the shutdown command followed by the no shutdown command on an interface, traffic that congests the interface may cause the router to crash.
Conditions: This symptom is observed when a policy is attached to the interface.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series fails to handle IP packets with a size of 1499 or 1500 bytes if these packets are received over a PPP Multilink interface.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(28)S when distributed multilink is configured.
Workaround: There is no workaround.
•
Symptoms: A router may crash when you enter the set fr-fecn-becn command.
Conditions: This symptom is observed when you enter the set fr-fecn-becn command for an unsupported interface (that is, a non-Frame Relay interface).
Workaround: There is no workaround.
•
Symptoms: A spurious memory access may occur when a VC class with OAM parameters is created.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0S.
Workaround: There is no workaround.
•
Symptoms: A PA-A3-8T1IMA or PA-A3-8E1IMA port adapter that is installed in a Cisco 7xxx series may display an increasing "rx_no_buffer" counter in the output of the show controllers atm privileged EXEC command, and some PVCs that are configured on the port adapter may stop receiving traffic.
Conditions: This symptom is observed when there is a high-traffic load on the PA-A3-8T1IMA or PA-A3-8E1IMA port adapter.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the PA-A3-8T1IMA or PA-A3-8E1IMA port adapter, or as an alternate workaround, reset the VIP or FlexWAN.
•
Symptoms: You can configure color-aware policing classes by entering the match-fr-dlci command but the command does not have any effect. The match-fr-de command works fine.
Conditions: This symptom is observed when you configure color-aware policing on an edge interface of a PE router.
Workaround: There is no workaround.
•
Symptoms: You may not be able to make a Telnet connection to a Cisco IOS platform.
Conditions: This symptom is observed when the CNS Exec Agent is used to remotely issue an interactive CLI command.
Workaround: There is no workaround.
•
Symptoms: Multicast packets such as HSRP and OSPF are not received on a port-channel interface.
Conditions: This symptom is observed when a port-channel interface is configured on a Cisco router, when you reload the router, and when the first member is added to the port-channel interface by entering the no shutdown interface configuration command on physical interface.
Workaround: Enter the do shutdown interface configuration command followed by the no shutdown interface configuration command on the port-channel interface.
Wide-Area Networking
•
Symptoms: A router may not recognize some inbound Multiprotocol Label Switching (MPLS)-tagged packets that are sent via Frame Relay. Because the router cannot recognize the inbound MPLS-tagged packets, MPLS cannot switch those packets to the outgoing interface. The MPLS-tagged packets are dropped by the router, and the router does not increment the input-packet counter in the output of the show frame pvc output EXEC command.
Conditions: This symptom is observed on a Cisco router that has Cisco Express Forwarding (CEF) enabled and that is running Cisco IOS Release 12.2(7b). The symptom may also occur in other releases.
Workaround: Enable the debug mpls packets EXEC command.
•
Symptoms: Packets may not be resequenced within a Multilink Frame Relay (MFR) bundle. This situation may have a negative impact on some protocols and applications such as VoIP.
Conditions: This symptom is observed on nondistributed Cisco platforms such as the Cisco 2600 series. The symptom does not affect distributed Cisco platforms such as the Cisco 7500 series and the Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: A router may reload unexpectedly because of a bus error after the following error message is displayed:
%ATMPA-3-BADVCD:ATM[int] bad vcd [number] packet -Conditions: This symptom is observed on a Cisco router that is configured with an ATM interface.
Conditions: This symptom is observed on a Cisco router that is configured with an ATM interface when a packet that contains a virtual circuit descriptor (VCD) that is out range is passed on to the ATM driver of the interface in order to be transmitted.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7204VXR in which an enhanced 1-port ATM OC-3c/STM-1 port adapter (PA-A3-OC3) is installed may reload unexpectedly because of a bus error. However, the cause of the symptom may be a segmentation and reassembly (SAR) chip failure that occurs because of an "Address Error (store) exception".
Conditions: This symptom is observed on a Cisco 7204VXR that is configured for Dynamic Bandwidth Selection (DBS) support when you attempt to modify the VC QoS parameters under high traffic conditions.
Workaround: Shut down the ATM interface before attempting to modify the VC QoS parameters.
•
Symptoms: A Cisco 7500 series may crash when you configure a T1 channel group.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(26)S or 12.0(27)S when the same channel group was previously configured for Frame Relay encapsulation, when one or more PVCs on the channel group were configured on the main interface with a map class that contained a service policy, when the channel group was deleted, and when the map class definition that it referenced was also deleted.
Workaround: Remove the Frame Relay encapsulation before you delete the channel group.
•
Symptoms: When you enter the show frame-relay lmi command on a router, the router may crash, or alignment errors may occur.
Conditions: This symptom is observed after you first have deleted an MFR interface on the router.
Workaround: There is no workaround.
•
Symptoms: The frame-relay interface-dlci command is removed unexpectedly from a point-to-point subinterface.
Conditions: This symptom is observed when you enter the clear frame-relay-inarp command.
Workaround: Do not use the clear frame-relay-inarp command.
•
Symptoms: A spurious memory access may occur and the following error message is generated:
%ALIGN-3-SPURIOUS: Spurious memory access made at 0x60C19208 reading 0x1CUnder high-traffic conditions, the console freezes because of an alignment error.
Conditions: These symptoms are observed on a Cisco 7200 series when a FR-FR local switched connection is configured by entering the connect command, when a queuing service policy is enabled on the main interface, and when the DLCI on the outgoing interface does not exist on the incoming interface.
Workaround: Enter the frame-relay route command instead of the connect command. If the connect command is needed for access to features like policing, the errors do stop if the DLCI on the outgoing interface also exists on the incoming interface that has the service policy. The DLCI can be created under a subinterface that is shut down and that has no IP address configured if it is not used to handle traffic.
•
Symptoms: A VIP crashes with the following error message:
VIP-3-SYSTEM_EXCEPTION: VIP System Exception occurred sig=10, code=0x8Conditions: This symptom is observed when you remove a Frame Relay local switching connection from an MFR interface while traffic is running.
Workaround: Shut down the connection or interface and ensure incoming traffic has stopped before you remove the connection.
Resolved Caveats—Cisco IOS Release 12.0(28)S6
Cisco IOS Release 12.0(28)S6 is a rebuild of Cisco IOS Release 12.0(28)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(28)S6 but may be open in previous Cisco IOS releases. This section describes only severity 1, severity 2, and select severity 3 caveats.
Basic System Services
•
Symptoms: When you attempt to apply an access list for SNMP by entering the snmp-server tftp-server-list command, the access list is not applied. This situation makes it possible to copy the configuration to and from any server, regardless of the contents of the access list.
Conditions: This symptom is observed on a Cisco platform that is configured for SNMP.
The following sample configuration causes the platform to reject configuration file transfers via SNMP from all hosts except the TFTP server that is specified in access list 5:
snmp-server tftp-server-list 5
access-list 5 permit 10.1.1.1
snmp-server community private RW 5
snmp-server tftp-server-list 5Workaround: Apply a more general access list to restrict traffic to and from the affected platform.
Alternate Workaround: Disable the SNMP.
•
Symptoms: A router crashes when you enter the show ip bgp regexp command.
Conditions: This symptom is observed on a Cisco router when BGP is being updated.
Workaround: Enable the new deterministic regular expression engine by entering the bgp regexp deterministic command and then enter the show ip regexp command. Note that enabling the new deterministic regular expression engine may impact the performance speed of the router.
•
Symptoms: A memory leak may occur in the "BGP Router" process.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0(26)S6, that is configured for BGP, and that has the bgp regexp deterministic command enabled.
Workaround: Disable the bgp regexp deterministic command.
IP Routing Protocols
•
Symptoms: A router may stop redistributing static routes into BGP.
Conditions: This symptom is observed when the static routes are inserted into the BGP table with a network statement that uses a route map that is configured with the match as-path route-map configuration command.
The symptom occurs because the match as-path route-map configuration command causes a non-BGP route to be denied.
Workaround: Do not use BGP-specific match statements when you source non-BGP routes.
•
Symptoms: Commands on a router may be unexpectedly removed from the running configuration.
Conditions: This symptom is observed on a router that is assigned as a neighbor to a BGP peer group. For example, when the shutdown command was previously configured on the router, the command is removed from the running configuration after the router is assigned as a neighbor to a BGP peer group.
Workaround: Re-enter the commands on the router.
•
Symptoms: A neighbor reloads when you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on an interface of an LSP router that functions as a tunnel headend.
Conditions: This symptom is observed when the following events occur:
–
–
–
Workaround: There is no workaround.
•
Symptoms: When BGP receives an update that has a worse metric route than the previously received route for equal-cost multipath, the BGP table is updated correctly but the routing table is not, preventing the old path from being deleted from the routing table.
Conditions: This symptom is observed on a Cisco router that is configured for BGP multipath.
Workaround: Enter the clear ip route network command.
•
Symptoms: One router (R2) may begin sending updates to another router (R1) before R2 has received the BGP prefix list from R1.
R1 does apply its inbound BGP prefix list so routes are denied if they need to be. However, R2 sends routes to R1 which are denied by R1.
Conditions: This symptom is observed when both routers have negotiated a BGP outbound route filter (ORF) and when R1 sends its BGP prefix list to R2.
Workaround: There is no workaround.
•
Symptoms: An OSPF sham link may not form an adjacency.
Conditions: This symptom is observed when there is an interface in the global route table that has an IP address that matches the IP address of the OSPF sham link neighbor.
Workaround: Reconfigure the routers so that the IP address of the OSPF sham link neighbor does not match any IP addresses of interfaces in the global route table.
Alternate Workaround: Shut down the interface or change the IP address of the interface in the global route table.
•
Symptoms: The output of the show memory summary command may contain garbled characters in the "What" column.
Conditions: This symptom is observed when you configure OSPF with at least one network, and then unconfigure it.
Workaround: There is no workaround.
ISO CLNS
•
Symptoms: A route that fails remains in the routing table with its old metric, preventing an alternate route from being used and causing a routing loop.
Conditions: This symptom is observed in a network that is configured for IS-IS and iSPF when the IP routes that are advertised in an LSP (irrespective of whether or not the LSP is fragmented) do not age-out during a rerouting failure.
Workaround: Remove iSPF from the IS-IS process by entering the router isis command followed by the no ispf command.
Miscellaneous
•
Symptoms: High CPU use may occur at the interrupt level on an ingress port adapter or line card that is configured for hardware multicast when there is a high multicast traffic rate.
Conditions: This symptom is observed when policy-based routing (PBR) matches the multicast traffic and when a switchover to another interface occurs.
Workaround: Change the deny statement in the PBR configuration so traffic for multicast destination addresses is denied earlier.
Alternate Workaround: For a short while, remove the PBR configuration from the ingress interface to enable multicast traffic hardware forwarding to be established.
Further Problem Description: PBR should not influence multicast traffic and it does not when traffic is switched in the hardware. When a switchover to a new interface occurs, multicast packets are initially forwarded in the software until hardware forwarding can take over. PBR interferes with the initial software-switched packets and prevents hardware entries from being created.
•
Symptoms: When multicast IP version 6 (IPv6) Cisco Express Forwarding (CEF) is enabled, packets (greater than or equal to 232 bytes) that are forwarded may be corrupted.
Conditions: This symptom is observed on all Cisco platforms during normal multicast CEF software forwarding.
Workaround: Use process switching.
•
Symptoms: When all the physical links of a multilink bundle go down, the bundle bandwidth is set to zero. This situation has two known consequences:
1.
2.
Conditions: These symptoms are observed on a Cisco 7500 series and Cisco 7600 series that are configured for distributed multilink PPP or distributed multilink Frame Relay.
Workaround: There is no workaround.
•
Symptoms: If a packet comes in through an interface on which RPF is enabled and the RPF check lookup results in a default prefix which has the Leaf NULL bit set, the packet is dropped even though the Leaf pointers are valid.
You can see the RPF drops by entering the show hardware pxf interface interface-number detail | inc RPF command.
Conditions: This symptom is observed when a Cisco 10000 series has two paths in the routing table installed for the default prefix 0.0.0.0/0 and when the default prefix is a recursive route. This will cause the Leaf NULL bit to be set. The Leaf NULL bit is only used by the RPF check, hence if a packet arrives on an RPF-enabled interface and the RPF check lookup results in the default prefix, the packet is dropped since the Leaf NULL bit is set.
Workaround: Avoid loadsharing, that is, ensure that there is only one path.
•
Symptoms: A port adapter that is installed in a VIP or FlexWAN and that is configured with more than 38 multilink bundles may crash.
Conditions: This symptom is observed on a Cisco 7500 series and Cisco 7600 series when distributed CEF switching is disabled either through entering the no ip cef distributed command or through a FIB-DISABLE event.
Workaround: There is no workaround.
•
Symptoms: Incoming multicast traffic that is forwarded via the main interface of a Cisco 10000 series is dropped.
Conditions: This symptom is observed on a Cisco 10000 series that has a Gigabit Ethernet main interface that is configured with a number of VRF-enabled VLAN subinterfaces.
Workaround: Remove the VRFs from the VLAN subinterfaces.
•
Symptoms: When you send multicast traffic over an IPSec tunnel, a memory leak may occur on a router.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3T when both IP CEF and hardware encryption are configured. The symptom may also occur in other releases.
Workaround: Switch to software encryption for a while and then switch back to hardware encryption.
Alternate Workaround: Disable IP CEF.
•
Symptoms: When a 4-port OC-12 ATM ISE line card is deployed in the core between a P router and a PE router that performs decapsulation in a multicast VPN topology, packets with a size that is larger than 4447 bytes and that need fragmentation are not received by a CE router.
Conditions: This symptom is observed on a Cisco 12000 series that runs the gsr-p-mz image of Cisco IOS Release 12.0(28)S2 or a later 12.0S release.
Workaround: There is no workaround.
•
Symptoms: A router crashes after you have manually configured 237 IPv6 tunnels.
Conditions: This symptom is observed on a Cisco platform that is configured for IPv6 when there are more than eight paths for one IPv6 prefix. The symptom is platform-independent and not release-specific.
Workaround: There is no workaround.
•
Symptoms: A 4-port Gigabit Ethernet ISE line card may crash.
Conditions: This symptom is observed on a Cisco 12000 series that is configured for multicast traffic.
Workaround: There is no workaround.
•
Symptoms: A 3-port Gigabit Ethernet (3GE-GBIC-SC) line card that is configured for Fast-Path Multicast Forwarding may reset when receiving specific packets. However, it is not necessary that the line card will crash all times. The resulting action on these packets could result in a simple drop as well.
Conditions: This symptom is observed on a Cisco 12000 series when a packet with an IP destination address from the reserved multicast range (224.0.0.xxx) and a TTL larger than 1 is received on the 3GE-GBIC-SC line card and when multicast hardware acceleration is enabled.
Normally, the TTL should be 1 if the destination address is part of the reserved multicast range.
Workaround: Enter the no hw-module slot slot-number ip multicast hw-accelerate source-table size 16 offset 0 command.
•
Symptoms: When a router has a large VRF configuration and a lot of routing information, the following error messages may be generated during an SSO switchover:
%FIB-3-FIBDISABLE: Fatal error, slot/cpu 5/0: keepalive failureThe following CPUHOG error message and traceback may also be generated:
%SYS-3-CPUHOG: Task is running for (2000)msecs, more than (2000) msecs (272/145),process = IPC LC Message Handler.
-Traceback= 40EAF5D8 411DBE94 411DBFB8 411DC5D0 411DEFEC 411DEE90 411E0200 41093100 410932B8After the FIBDISABLE error messages has been generated, the router may no longer function properly.
Conditions: This symptom is observed on a Cisco 7600 series but is platform-independent.
Workaround: There is no workaround.
•
Symptoms: A faulty PRE may unexpectedly switch from standby mode to active mode, causing the active PRE to crash.
Conditions: This symptom is observed on a Cisco 10000 series that has dual PREs and that runs Cisco IOS Release 12.0(25)SX6 but may also occur in Release 12.0S.
Workaround: Remove the faulty PRE.
•
Symptoms: A PE router that is configured with many (100 or more) Multicast VRFs (mVRFs) may create multiple MDT tunnels for one mVRF.
Conditions: This symptom is observed when you reload a Cisco router that functions as a PE router and that is configured for MVPN.
Workaround: There is no workaround.
•
Symptoms: When a link failure occurs between two provider (P) routers, the LSP that is protected via Fast Reroute (FRR) for a primary tunnel and the directed LDP session within the tunnel are fast-rerouted onto an assigned backup tunnel. However, when the backup tunnel goes down, VPN prefixes that are protected by backup TE LSP entries in the LFIB become "Untagged." This situation causes packet loss for AToM and L3VPN traffic that uses the link between the P routers as its primary path.
Conditions: These symptoms are observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(31)S, that functions as a P router, and that is connected to another P router via a 4-port OC-3 ISE line card.
The topology is as follows:
PE ------ P --- OC-3 --- P ------ PEThere are one-hop primary tunnels between every pair of routers that is listed above, and each link is protected by an NHOP backup tunnel LSP.
The symptom occurs when you pull the TX fiber cable from the 4-port OC-3 ISE line card that forms the protected link between the two P routers, when the protected LSP is fast-rerouted onto the backup tunnel, and when the backup tunnel is torn down. One P router may show "Untagged" entries in its LFIB, especially for a loopback interface to a provider edge (PE) router. This situation breaks the forwarding for all of the L2 and L3 VPNs that depend on that PE router.
The symptom is timing-dependent. The symptom does not occur all the time and does not seem to be Cisco 12000 series line card-dependent, nor is it specific to a link between the two P router because the symptom may also occur when you pull the TX fiber cable of a line card that forms the link between a PE router and a P router.
Workaround: There is no workaround.
•
Symptoms: ISE line cards crash when a Cisco 12000 series receives 640,000 multicast streams.
Conditions: This symptom is observed when the memory of the ISE line cards becomes exhausted when the thousands of multicast streams are received.
Workaround: There is no workaround.
•
Symptoms: The standby PRP crashes when you apply an IPv6 ACL on an interface of an ISE line card.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with redundant PRPs.
Workaround: There is no workaround.
•
Symptoms: After a manual switchover occurs in RPR+ mode, a VPN that is configured on a Frame Relay subinterface fails to recover and CEF may be disabled on line cards.
Conditions: This symptom is observed on a Cisco 12000 series that runs the gsr-p-mz image of a Cisco IOS interim release for Release 12.0(30)S2.
Workaround: Enter the hw-module slot slot-number reload command.
•
Symptoms: The entry for a tunnel is missing from the mplsOutSegmentTopLabel column of the MPLS-LSR-MIB.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.4 when a mibwalk is performed on the mplsOutSegmentTopLabel object. The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: An MPLS LER does not impose labels for traffic that follows the default route, causing traffic to be forwarded via IP.
Conditions: This symptom is observed on a Cisco 12000 series when the default route has two equal paths, when the ingress line card is an ISE line card, and when the default router is learned via OSPF. The symptom may also occur for other protocols.
Workaround: Use a single path for the default route. If this is not an option, there is no workaround.
•
Symptoms: Router may generate and/or forward crafted IP packets with the source IP address being the routers tunnel interface for GRE or mGRE tunnels. Incorrect packet decoding may be seen with "debug tunnel."
Conditions: The router needs to receive a specially crafted GRE packet sent to the tunnel end-point. The outer IP packet must come from the configured tunnel source and be sent to the configured tunnel destination IP address Present Routed bit must be set to 1.
Workaround: Upgrade Cisco IOS to a version containing fixes for: CSCuk27655 or CSCea22552 or CSCei62762.
Further information: On the 6th September 2006, Phenoelit Group posted an advisory:
* Cisco Systems IOS GRE decapsulation fault
Cisco's statement and further information are available on the Cisco public website at:
http://www.cisco.com/warp/public/707/cisco-sr-20060906-gre.shtml
•
Symptoms: SNMP polling returns a "no such instance" response. This is improper behavior: instead of the "no such instance" response, a counter should indicate zero.
Conditions: This symptom is observed on a Cisco 7500 series when a class is defined in an input policy map but no traffic has been sent to that class. The symptom may be platform-independent.
Workaround: There is no workaround.
•
Symptoms: A nondefault configuration becomes lost for a serial interface on a channelized OC-48 ISE line card or on a 4-port OC-12 ISE line card.
Conditions: This symptom is observed on a Cisco 12000 series after you have reloaded the router.
Workaround: There is no workaround.
•
Symptoms: IP packets that are forwarded from an Engine 6 interface on a Cisco 12000 series to an iBGP route may not reach the destination node.
Conditions: This symptom is observed when the Engine 6 interface forwards these packets as IP packets even though there is a labeled path to the BGP next hop. The output of the show cef command shows that the router uses the MPLS labeled path but the Engine 6 hardware is programmed to forward the packets as IP packets instead of MPLS packets. The next router that receives these IP packets may drop them because the next router may be unaware of the iBGP route.
Workaround: There is no workaround.
•
Symptoms: Traffic is not forwarded when you enter the hw-module slot slot-number np mode feature command on an ISE line card that is configured for MVPN.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(28)S4 and that functions as a PE router that performs encapsulation.
Workaround: There is no workaround.
•
Symptoms: mVPN packets have corrupted encapsulation headers.
Conditions: This symptom is observed on a Cisco 12000 series that has a channelized ISE ingress line card when packets are replicates to a VRF interface on the ingress line card, to a VRF interface on another line card, and to a core interface on a third line card. This symptom occurs only after some redundancy switchovers.
Workaround: Reload the line card.
•
Symptoms: A bad checksum error, bad LLS TV length error, or both are reported on a router that is configured for OSPF and BGP. These protocols or other configured protocols may flap during the errors, and data packets that are sent to the PRP may be lost.
Conditions: These symptoms are observed on a Cisco 12000 series that is configured with a PRP-1 when the following conditions are present:
–
–
Workaround: There is no workaround.
•
Symptoms: Interfaces on a Cisco 10000 series 1-port channelized OC-12 line card may take too much time to recover after an PRE switchover has occurred.
Conditions: This symptom is observed when the line card is configured with E1 interfaces that function in SDH mode and is most likely to occur when the line card was previously configured with T1 interfaces that functioned in SONET mode. When a PRE switchover occurs, it may take as long as 60 seconds for all of the interfaces to come back up.
Workaround: There is no workaround.
•
Symptoms: Traffic drops may occur when traffic is sent over MFR or Frame Relay links.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(28)S1 or a later release and that is configured for software forwarding.
Workaround: There is no workaround.
•
Symptoms: After you have reloaded the router, an input service policy on an interface of a 1-port channelized OC-12 ISE line card that is configured for MLP may become stuck in the suspended mode.
Conditions: This symptom is observed on a Cisco 12416 that runs Cisco IOS Release 12.0(28)S4 and that is configured with two Performance Route Processors (PRP-1s), one 1-port channelized OC-12 ISE line card, one 4-port OC-3 POS ISE line card, two 1-port OC-48 POS ISE line cards, three OC-192 POS E4+ line cards, and one 4-port GE ISE line card.
Workaround: Delete and reconfigure the service policy.
•
Symptoms: Multicast traffic does not resume fully after you have removed the active PRP from the router.
Conditions: This symptom is observed on a Cisco 12000 series that runs the c12kprp-p-mz image of Cisco IOS Release 12.0(28)S4 and that is configured with redundant PRPs that function in RPR+ mode. The router has two channelized OC-12 line cards that are configured with mVPNs.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10000 series drops a packet for a prefix with an incomplete CEF adjacency.
Conditions: This symptom is observed when the PXF engine does not punt the packet with the incomplete CEF adjacency to the RP (as it is supposed to do) but drops the packet.
Workaround: Send a ping for the prefix with the incomplete CEF adjacency in order to complete the CEF adjacency.
•
Symptoms: Auto-RP messages from a CE router are lost.
Conditions: This symptom is observed when you enter the clear ip mroute * on a connected PE router. The messages do not recover by themselves.
Workaround: To restart Auto-RP messages, enter the clear ip mds linecard command.
Alternate Workaround: To restart Auto-RP messages, debug the VRF Auto-RP by entering the debug ip pim vrf vrf-name auto-rp.
•
Symptoms: When multicast traffic is being sourced from different sources, and one of the sources is removed, the show ip mroute vrf command for the VRFs still shows that source as active.
Conditions: This symptom is observed when a source is no longer active when using the show ip mroute vrf command.
Workaround: There is no workaround.
•
Symptoms: An Engine 4 ingress line card may enter an incorrect carving state in which it sends all packets that are larger than 608 bytes to the buffer size pool (freeq) of the wrong egress line card, causing all packets that are larger than 608 bytes to be dropped. The symptom is especially noticeable when the egress line card is an Engine 2 line card.
Conditions: This symptom is observed rarely on a Cisco 12000 series.
Workaround: Reload the Engine 4 ingress line card.
•
Symptoms: Multicast traffic does not reach a CE router that is connected via static IGMP joins to a PE router.
Conditions: This symptom is observed when the following conditions are present:
–
–
–
Workaround: There is no workaround.
•
Symptoms: An interface of an Engine 6 line card is no longer shut down after an RP switchover occurs.
Conditions: This symptom is observed on a Cisco 12000 series when the following events occur:
1.
2.
3.
4.
5.
After the new RP comes up, the interface appears no longer shut down and the interface comes up again.
Workaround: After you have entered the shutdown interface configuration command on the interface followed by the write memory command, reload the router.
•
Symptoms: A service policy on an Engine 4 + or Engine 6 line card is incorrectly rejected with the following error message:
%E4P and E6 LC requires to configure POLICE and SET %command in every class if either of these two commands %is configured in class-default classThis situation occurs when a set command is used in all classes.
Conditions: This symptom is observed on a Cisco 12410 that runs Cisco IOS Release 12.0(28)S3, that is configured with dual Performance Route Processors (PRP-1s) that operate in SSO mode, and that has multiple E4+ and/or Engine 6 line cards.
Workaround: There is no workaround.
•
Symptoms: A ROM monitor upgrade may not take effect.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(28)S4 and that is configured with a single PRP or two PRPs.
Workaround: There is no workaround.
•
Symptoms: After you reload a PE router that functions in an MVPN topology and that is configured for sparse mode and Auto-RP, the router may not learn the Auto-RP that is advertised by both a local and remote CE router, preventing traffic from resuming to flow.
Conditions: This symptom is observed on a Cisco 12000 series that runs an interim release for Cisco IOS Release 12.0(32)S and that functions as a PE router. The symptom may also occur in other releases of Release 12.0S.
Workaround: Enter the clear ip mds line command.
•
Symptoms: An MPLS TDP peer is down.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(31)S3 and that has the mpls ldp protocol tdp command configured on the interface on which TDP peering cannot be established. The peer router has the mpls ldp protocol both command configured.
Workaround: Enter the mpls ldp protocol tdp command on the peer router. Note that this workaround may not be plausible for routers that run a legacy Cisco IOS software that only supports TDP.
•
Symptoms: In a multicast VPN (MVPN) environment, when a Stateful Switchover (SSO) occurs on a PE router, the multicast traffic in the MVRF does not recover because the neighboring PE router fails to re-establish its PIM neighbor relationship. Note that the symptom does not occur for unicast traffic.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(31)S2 or an interim release for Release 12.0(32)S and that functions as a PE router (PE1) in the following topology:
multicast origination --> PE2 --> PE1 --> CE1 --> multicast terminationWhen an SSO occurs on PE1, PE2 does not re-establish its PIM neighbor relationship with PE1 in the MVRF. PE1 and PE2 are global PIM neighbors.
Workaround: Reload PE1.
Further Problem Description: When the symptom occurs, PE1 still shows PE2 as its PIM neighbor in the MVRF. Clearing the multicast route in the MVRF does not help to resolve this issue.
•
Symptoms: QoS information disappears from a FlexWAN module or VIP that is configured with a distributed MFR interface.
Conditions: This symptom is observed after the FlexWAN module or VIP resets or after the interface flaps.
Workaround: Remove the service policy from the interface and reapply it to the interface.
•
Symptoms: After an OIR of a VIP on a Cisco 7500 series, MLP traffic causes a very heavy CPU load on the RP, in turn causing failures in the IPC configuration and memory allocation (malloc) failures.
Conditions: This symptom is observed on a Cisco 7500 series that is configured with a large number of distributed MLP bundles.
Workaround: There is no workaround.
•
Symptoms: A VIP crashes at the "free_wred_stats" function during an RPR+ switchover.
Conditions: This symptom is observed on a Cisco router that is configured with a VIP that has a configuration with about 12 MLP bundles with two T1 members when QoS is applied while traffic is flowing.
Workaround: There is no workaround.
•
Symptoms: On a Cisco 7500 series that is configured for dMLP, the txacc values of member interfaces may be wrongly credited to other member interfaces, causing RSP-3-RESTART messages, and finally causing traffic to stop.
Conditions: This symptom is observed when the member links flap continuously for some time while traffic is being processed.
Workaround: There is no workaround.
•
Symptoms: A router may crash during the boot process when the startup configuration includes the hw-module shutdown command.
Conditions: This symptom is observed on a Cisco 10000 series but is platform-independent. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCsa51602. Cisco IOS software releases not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•
Symptoms: When the Any Transport over MPLS (AToM) feature is enabled on a router, AToM virtual circuits to a peer may not be re-established after an interface flap or after being reconfigured, because the required targeted Label Distribution Protocol (LDP) session is not re-established.
Conditions: This symptom is observed when LDP is not configured on any interfaces via the mpls ip interface configuration command, which is typically the case when MPLS Traffic Engineering (TE) tunnels are used to transport AToM traffic between endpoints and when the mpls ip interface configuration command is not enabled on any TE tunnels.
The symptom occurs in Cisco IOS software releases that include the fix for caveat CSCec69982 when any form of one of the following commands is configured on the router and appears in the running configuration:
mpls ldp explicit-null
mpls ldp advertise-labels
mpls ldp session protection
mpls ldp password fallback
mpls ldp password option
mpls ldp password required
A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCec69982.
Workaround: Enter the mpls ip command on a TE tunnel interface or temporarily on a physical interface to force LDP to be re-established.
•
Symptoms: A Cisco 10000 series unexpectedly drops some traffic after you have entered the no service-policy policy-name policy class-configuration command.
Conditions The symptom observed when the policy that is removed is referenced in other policies, such as in policy map "c" in the following configuration example:
policy-map p1
class class-default
shape 10000
service-policy c
policy-map p2
class-default
shape 20000
service-policy cWorkaround: There is no workaround.
•
The Cisco IOS Stack Group Bidding Protocol (SGBP) feature in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable denial of service condition. Devices that do not support or have not enabled the SGBP protocol are not affected by this vulnerability.
Cisco has made free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.
Cisco has published a Security Advisory on this issue; it is available at http://www.cisco.com/warp/public/707/cisco-sa-20060118-sgbp.shtml
•
Symptoms: All VIPs or FlexWAN modules reload unexpectedly on a platform that is configured for Modular QoS CLI (MQC).
Conditions: This symptom is observed on a Cisco 7500 series (with VIPs) and a Cisco 7600 series and Cisco Catalyst 6500 series (both with FlexWANs) when the following steps occur while the physical interface is in the UP state:
1.
2.
3.
At this point, all VIPS or FlexWAN modules reload, even though no traffic is being processed during the above-mentioned steps.
Workaround: There is no workaround.
•
Symptoms: An LDP/BGP adjacency is not formed, and a ping does not go through.
Conditions: This symptom is observed on a Cisco 12000 series that functions in a scaled VPN environment when an Engine 6 line card faces the core of the MPLS network.
Workaround: Enter the clear ip route * command.
•
Symptoms: A standby route processor (RP) may crash in the "CEF LC IPC Background" process.
Conditions: This symptom is observed on a Cisco platform when an SSO switchover occurs.
Workaround: There is no workaround.
•
Symptoms: Cell loss occurs when bursty VBR ATM traffic is sent through a Cisco 12000 series 4-port ATM OC-12 ISE line card via an L2TPv3 IP tunnel to another 4-port ATM OC-12 ISE line card on another Cisco 12000 series and when the VBR traffic is sent at rates lower than what is configured on the routers (that is, at about 50 percent of the OC-12 line rate).
Conditions: These symptoms are observed on a Cisco 12000 series that is connected back-to-back via an OC-192 or OC-48 POS link to another Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: An Engine 3 or Engine 4+ line card may be stuck in the "request reload" state and CEF may be disabled on the line card, although the CEF table is up, as is shown in the output of the show cef linecard command:
Slot MsgSent XDRSent Window LowQ MedQ HighQ Flags
1 8558 719895 4966 0 0 0 up
2 8560 718293 4966 0 0 0 up
3 8609 722867 4965 0 0 0 up
4 8584 721311 4965 0 0 0 up
5 8597 724307 4965 0 0 0 up
9 8586 722060 4966 0 0 0 up
10 8579 720566 4966 0 0 0 up
11 8566 719086 4966 0 0 0 up
12 8606 725072 4966 0 0 0 up
13 8597 723572 4966 0 0 0 up
*7 1 3 24 0 0 0 disabled, rrp hold
0 4058 359354 4966 0 0 0 up
VRF Default, version 5032, 5024 routes
Slot Version CEF-XDR I/Fs State Flags
1 5032 5016 67 Active sync, table-up
2 5032 5016 5 Active sync, table-up
3 5032 5016 20 Active sync, table-up
4 5032 5016 5 Active sync, table-up
5 5032 5016 5 Active sync, table-up
9 5032 5016 4 Active sync, table-up
10 5032 5016 4 Active sync, table-up
11 5032 5016 20 Active sync, table-up
12 5032 5016 4 Active sync, table-up
13 5032 5016 8 Active sync, table-up
*7 0 0 4 Active table-disabled
0 0 0 5 Active request reload, table-upConditions: This symptom is observed on a Cisco 12000 series after an RPR+ switchover has occurred. However, the symptom is platform-independent and may also occur on another platform that is configured for CEF when an RPR+ switchover has occurred.
Workaround: Enter the clear cef linecard command for the affected line card.
•
Symptoms: A newly created channelized interface may show packet and byte counts before any traffic passes through the interface.
Conditions: This symptom is observed on a Cisco 12000 series. When a channelized interface is deleted, the interface index is released. This interface index may be re-allocated when a new channelized interface is created. The counters that are associated with the index need to be cleared when an interface is deleted so that they are properly initialized if the index is subsequently re-allocated to a new interface.
Workaround: There is no workaround. Although you can clear the interface counters via the CLI, doing so does not prevent the symptom from occurring because but there is an internal counter that is used in the Tx byte and packet counts and that may cause errors in the calculations.
•
Symptoms: Distributed Multilink PPP (dMLP) packets are not switched via dCEF.
Conditions: This symptom is observed on a Cisco router that is configured with multilink bundles.
Workaround: There is no workaround.
•
Symptoms: SNMP polling via the CBQoSMIB on the cbQosPoliceStatsTable returns no results.
Conditions: This symptom is observed on a Cisco 7500 series that has policing defined in a class map.
Workaround: There is no workaround.
•
Symptoms: A router may fail when you reload a Gigabit Ethernet (GE) line card or port adapter that has link-bundling enabled.
Conditions: This symptom is observed on a Cisco router when dot1q is configured on a GE interface of the line card or port adapter and when MPLS is enabled on an uplink.
Workaround: There is no workaround.
•
Symptoms: The PXF engine reloads when you enter the service-policy output command.
Conditions: This symptom is observed on a Cisco 10000 series router when the following conditions are present:
–
–
Workaround: Do not combine interface-based Frame Relay fragmentation with a PVC-based service policy. Rather, either apply both Frame Relay fragmentation and a service policy to the physical interface or apply both Frame Relay fragmentation and a service policy to the Frame Relay PVC.
•
Symptoms: An Engine 6 line card may reset with the following error messages:
%IPC-5-INVALID: NACK Source Port=0x403F0000
%MCC192-3-CPU_PIF: Error=0x4
%MCC192-3-CPUIF_ERR: Packet Exceeds Programmed Length.
%GSR-3-INTPROC: Process Traceback= 40D32E5C 406D8CE0
...Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(28)S2.
Workaround: There is no workaround.
•
Symptoms: A reload occurs during high-load IPv6 multicast forwarding. This is due to a corrupted redzone in the packet memory.
Conditions: This symptom is observed only on the i82543-based Ethernet family of controllers during high-load IP version 6 (IPv6) multicast forwarding.
Workaround: Disable IPv6 multicast.
Wide-Area Networking
•
Symptoms: After an RP switchover, a multilink PPP interface cannot forward any traffic.
Conditions: This symptom is observed on a Cisco 7500 series, Cisco 10000 series, and Cisco 12000 series.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected multilink PPP interface.
Resolved Caveats—Cisco IOS Release 12.0(28)S5
Cisco IOS Release 12.0(28)S5 is a rebuild of Cisco IOS Release 12.0(28)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(28)S5 but may be open in previous Cisco IOS releases. This section describes only severity 1, severity 2, and select severity 3 caveats.
Miscellaneous
•
Symptoms: The output of the show policy-map interface command for an interface that is configured for Weighted Random Early Detection (WRED) is not correct. The traffic details in the command output should be displayed with respect to the class maps but are not.
Conditions: This symptom is observed on a Cisco 10000 series that runs Cisco IOS Release 12.0(28)S3.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10000 series may generate a "c10k_card_send_cmd_common" error message and subsequent tracebacks.
Conditions: This symptom is observed when the configuration of a 4-port channelized OC-3 line card is removed.
Workaround: Configure the correct clock source on each SONET controller.
•
Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.
Cisco has made free software available that includes the additional integrity checks for affected customers.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml.
•
Symptoms: A Cisco 10000 series may leak packet buffers at a low rate.
Conditions: This symptom is observed on a Cisco 10000 series that processes multicast packets when WRED is configured on any interface.
Workaround: Disable WRED.
•
Symptoms: Locally-originated and transit packets that are greater than 1599 bytes in length do not leave a router. BGP and other TCP-based protocols that negotiate large MSS values may go down.
Conditions: This symptom is observed on a Cisco 10000 series that is configured with a PRE or PRE1 and that performs IP fragmentation.
Workaround: First, enter the show hardware pxf cpu buffer or show pxf cpu buffers command to verify buffer depletion. Then, perform a microcode-reload of the PXF engine.
•
Symptoms: A Cisco 10000 series that is configured with an inbound service policy may generate the following error message:
TOASTER-2-FAULT: T0 HW Exception: CPU[t0r1c3] NULLRD at 0x0CD6 LR 0x096EConditions: This symptom is observed on a Cisco 10000 series that runs Cisco IOS Release 12.0(27)S4 and that is configured with a PRE1 when an MPLS-encapsulated IPv4 packet that contains IP options is processed. The symptom may also occur in other releases.
Workaround: Remove the inbound service policy.
Resolved Caveats—Cisco IOS Release 12.0(28)S4
Cisco IOS Release 12.0(28)S4 is a rebuild of Cisco IOS Release 12.0(28)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(28)S4 but may be open in previous Cisco IOS releases. This section describes only severity 1, severity 2, and select severity 3 caveats.
Basic System Services
•
Symptoms: When the slave RSP crashes, a QAERROR is observed in the master console, resulting in a cbus complex. The cbus complex will reload all the VIPs in the router.
Conditions: This symptom happens when the slave crashes in a period when there is a large number of packets going towards the RSP. A large number of packets go to the RSP when CEF switching is configured or when routing protocol updates are numerous.
Workaround: There is no workaround.
•
Symptoms: The RP of a Cisco router may crash when entering the write memory legacy command.
Conditions: This symptom is observed on a Cisco router that has the snmp mib community-map command enabled with a very long community string and an engineID. The symptom may also occur when the long community string is removed from the configuration. The symptom does not occur when entering the copy running-config startup-config EXEC command.
Workaround: A community string that is shorter than 40 characters will not cause the symptom to occur.
EXEC and Configuration Parser
•
Symptoms: A Cisco router may crash when you perform and online insertion removal (OIR) of a line card.
Conditions: This symptom is observed when an interface on the line card is being configured through the CLI while the OIR of the line card removes the interface.
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: A Versatile Interface Processors (VIP) with a PA-MC-8TE1 port adapter may report its memory size as unknown even though the VIP appears to function normally, and Distributed Multicast Fast Switching (DMFS) may fail to function properly.
Conditions: This symptom is observed on a Cisco 7500 series when any of the following conditions are present:
–
–
Workaround: Enter the card type {t1 | e1} slot [bay] command on the PA-MC-8TE1+ port adapter and ensure that none of the controllers on this port adapter are shut down.
•
Symptoms: A few permanent virtual circuits (PVCs) go into a stuck state causing OutPktDrops on a Cisco 7200 router.
Conditions: This symptom occurs on a Cisco 7200 router running Cisco IOS Release 12.2(26) with a PA-A3-T3 ATM interface. The symptom may also occur in other releases.
Workaround: Remove and re-apply the PVC statement.
•
Symptoms: Auto-provisioning may be disabled on a Cisco 7200 series that is configured with a PA-A3 port adapter.
Conditions: This symptom is observed when a VC class that is configured for create on-demand is attached to the main ATM interface and then the create on-demand configuration is removed and re-applied to the VC class.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the ATM interface of the PA-A3 port adapter.
•
Symptoms: A router may intermittently transmit corrupt PPP packets. When you enter the debug ppp nego and debug ppp errors commands, it appears that "protocol reject" packets are received from the remote end.
Conditions: This symptom is observed on a Cisco 7500 series that has only one OC3 POS port adaptor per VIP and that is configured for PPP encapsulation.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: A router may crash because of a bus error when you configure IP accounting.
Conditions: This symptom is observed when you enter the clear ip accounting EXEC command.
Workaround: Do not enter the clear ip accounting or show ip accounting EXEC command.
•
Symptoms: A Cisco router may reload unexpectedly because of a bus error.
Conditions: This symptom is observed on a Cisco router that has the ip accounting interface configuration command enabled.
Workaround: There is no workaround. The problem is rare and typically not reproducible.
•
Symptoms: Routing inconsistencies may occur in the RIB: routes may be missing from the RIB but may be present in the BGP table.
Conditions: This symptom is observed on a Cisco RPM-XF when the toaster processor crashes. However, the symptom may occur on any platform that has a toaster processor.
Workaround: Enter the clear ip route vrf vrf-name * command.
•
Symptoms: A Cisco router does not recognize an end-of-RIB message from a third-party vendor router and continues to show the "Neighbor is currently in NSF mode" message although the restart procedure of the third-party vendor router is complete.
Conditions: This symptom is observed on a Cisco router that is configured for IPv6 BGP peering and NSF. Note that the symptom does not occur when IPv4 BGP peering is configured.
Workaround: There is no workaround.
•
Symptoms: The Multiprotocol BGP (MP-BGP) network entries counter increases above the real number of reachable networks.
Conditions: This symptom is observed when network activity occurs in a non-converged environment. The correct number of network entries is restored when there is a period of BGP stability that last for about 1 minute or more because BGP is able to converge and the scanner has time to run and collect the old network entries. However, if there is a sustained period of churn and BGP is only able to converge for a few seconds before new updates arrive, old BGP network entries are not cleaned up, causing the MP-BGP network entries counter to increase above the real number of reachable networks.
Workaround: There is no workaround.
•
Symptoms: When the ip bgp fast-external-fallover permit interface configuration command is enabled on the main interface of a 4-port Gigabit Ethernet ISE line card and on a subinterface of a connected BGP neighbor, and when you enter the shutdown interface configuration command on the main interface, the BGP session that is established on the subinterface remains up for about 150 to 180 seconds before the BGP hold timer causes the session to go down.
Conditions: This symptom is observed on a Cisco 12000 series only in an per-interface fast external fallover configuration on a 4-port Gigabit Ethernet ISE line card.
Workaround: There is no workaround. Note that the ip bgp fast-external-fallover permit command is currently not supported on subinterfaces.
•
Symptoms: A stale non-bestpath multipath remains in the RIB after the path information changes, and BGP does not consider the stale path part of the multipath.
Conditions: This symptom is observed on a Cisco router that has the soft-reconfiguration inbound command enabled and occurs only when the BGP Multipath Loadsharing feature is enabled for three or more paths, that is, the number-of-paths argument of the maximum-paths number-of-paths command has a value of three or more.
Workaround: Disable the soft-reconfiguration inbound command for the neighbor sessions for which the BGP Multipath Loadsharing feature is enabled or reduce the maximum number of paths for the BGP Multipath Loadsharing feature to two.
•
Symptoms: Conditional advertisement of the default route via a route map does not work when you enter the neighbor default-originate command.
Conditions: This symptom is observed on a Cisco router that is configured for BGP.
Workaround: Disable the route map entirely. If this is not an option, there is no workaround.
ISO CLNS
•
Symptoms: When an IPv4 prefix list is used in a redistribution command for the IS-IS router process, a change in the prefix list is not immediately reflected in the routing tables of a router and its neighbor. The change may take up to 15 minutes to take effect.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0(28)S.
Workaround: To have a change take effect immediately, enter the no redistribute route-map command followed by the redistribute route-map command for the IS-IS router process.
Miscellaneous
•
Symptoms: Some features may not be applied automatically to MLP or MFR interfaces. Also, in complex scaled configurations, CPU hogs may occur on a line card during activation or provisioning of the interfaces.
Conditions: These symptoms are observed on a Cisco 12000 series that runs Cisco IOS Release 12.0S and this is configured with a with a 1-port channelized OC-12 (DS1) ISE line card.
Workaround: There is no workaround.
•
Symptoms: A POS Engine 2 line card originates a high traffic volume to a downstream router over a POS link because the same packet is sent over and over.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(22)S5.
Workaround: There is no workaround.
•
Symptoms: In the show process memory command output, the display of total and free memory may show more memory than is actually present in the main processor memory of the router. This is due to an undocumented change in the command output that also includes both processors and I/O memory pools in the amounts allocated by each process and the totals at the top of the output.
Conditions: This symptom is observed on all Cisco IOS platforms.
Workaround: Use the output of the show memory summary command to determine the individual amounts of total and free memory in each of the processor memory pools and the I/O memory pool.
•
Symptoms: A Cisco router is not able to forward traffic to a TE tunnel.
Conditions: This symptom is observed on a Cisco 10000 series that runs Cisco IOS Release 12.0(26)S1 or a later release and that is configured for MLP and MPLS, and that has a TE tunnel.
Workaround: There is no workaround.
•
Symptoms: On a Cisco router that has L2 PVCs in the AIS alarm state, in addition to sending AIS cells, the router also sends loopback cells to the customer edge router.
Condition This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0 S when the oam-pvc manage command is configured and when the L2 PVC gets enters the AIS alarm state. However, this caveat is platform-independent.
Workaround: There is no workaround.
•
Symptoms: When you suspend and resume the event manager scheduler and an applet tries to register, the registration fails with an error from the operating system.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0S or Release 12.2S. However, the symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: An Engine 3 or Engine 5 line card may pause indefinitely when an IPv6 ACL that is configured for security and classification on the line card is modified while being used.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(28)S when the ACL is configured on two or more interfaces of the line card and when IPv6 QoS is configured on these interfaces.
Workaround: Remove the ACL from the interfaces of the line card before you modify the ACL.
•
Symptoms: An LSP ping reports that an LSP is fine although the LSP is unable to carry MPLS payloads such as VPN traffic.
Conditions: This symptom is observed on a Cisco router when MPLS echo request packets are forwarded from untagged interfaces that are directly connected to the destination of the LSP ping and when the IP time-to-live (TTL) value for the MPLS echo request packets is set to 1.
Workaround: There is no workaround.
•
Symptoms: A router processes incoming LSP ping packets as unlabeled IP packets on a VRF interface or a non-MPLS interface.
Conditions: This symptom is observed on a Cisco router that has the MPLS LSP Ping feature enabled.
Workaround: Use an ACL to block port 3503 that is used for LSP ping packets. However, note that this may prevent some MPLS LSP Ping applications from functioning properly, as noted below:
LSP ping packets that enter on a VRF interface are dropped because the router uses the global routing table in its attempt to reply to MPLS echo requests, which could cause the reply to be forwarded to the wrong destination.
LSP ping packets that enter on an interface that is not configured for MPLS are processed, but depending on the type of MPLS echo packet, the following occurs:
–
–
•
Symptoms: An Engine 3 ingress line card crashes continuously with alpha errors and IPC errors when it processes ingress multicast traffic.
Conditions: This symptom is observed on a Cisco 12000 series when you reload an Engine 3 ingress line card that has 5000 (S,G) entries.
Workaround: There is no workaround.
•
Symptoms: Multicast MAC rewrites are not updated, preventing multicast traffic from being switched.
Conditions: This symptom is observed when the VLAN encapsulation is changed, for example from dot1q to dot1q, from dot1q to QinQ, or from QinQ to dot1q.
Workaround: Enter the clear ip mroute command.
•
Symptoms: A PRE requires a long time to enter the STANDBY HOT state after a switchover.
Conditions: This symptom is observed on a Cisco 10000 series when two PREs are forced to switchover back and forth.
Workaround: Enter the snmp-server ifindex persist command.
•
Symptoms: A VPN traceroute is broken, and packets are dropped from a router on which a port channel is configured as the default route.
Conditions: This symptom is observed on a Cisco router that functions as a CE router on which a port channel is configured as the default route. The adjacency that causes the packets to be dropped is a drop or punt adjacency.
Workaround: Do not configure a port channel as a default route.
•
Symptoms: When you enter the shutdown interface configuration command on the outgoing interface of a Traffic Engineering (TE) Label Switched Path (LSP), the Resv state should be removed immediately. However, the Resv state remains until a PathTear arrives or a timeout causes the TE LSP to be torn down.
When the TE headend is a Cisco router, the PathTear is sent very quickly and the state is removed.
This symptom is short-lived and it is very unlikely to be noticed.
Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS software image that contains the fix for caveat CSCec26563 when the router has MPLS TE tunnels enabled.
A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCec26563. Cisco IOS software releases not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•
Symptoms: The "giants" counter increments continuously for a serial T1 interface when MR-APS is configured on a 4-port channelized STM-1 line card. The symptom occurs even when the fiber is pulled from the OC-3 port.
Conditions: This symptom is observed on a Cisco 10000 series that runs Cisco IOS Release 12.3(7)XI1 when the serial T1 interface is in the inactive state, irrespective of whether it is the working interface or the protect interface. The symptom does not occur when the serial T1 interface is in the active state, again irrespective of whether it is the working interface or the protect interface. The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: The performance of a router may be severely degraded (at approximately 90 percent of the line rate) when large packets are processed, when the MLP bundle link flaps, and when the router does not recover the MLP sequence numbers of the packets.
Conditions: This symptom is observed on a Cisco 7500 series and Cisco 7600 series that are configured for dMLP only when large packets are processed.
Workaround: There is no workaround.
•
Symptoms: Shortly after a Cisco IOS software boot loader image has been downloaded, a PRP-2 may crash and does not reload.
Conditions: This symptom is observed on a Cisco 12000 series that runs the boot loader image of Cisco IOS Release 12.0(30)S.
Workaround: There is no workaround.
•
Symptoms: Platform independent multicast protocol software running in a line card will exit without logging any errors when detecting an illegal value for an input "hardware" interface if_index or an input "software" interface if_number.
A line card may crash or experience other errors whose cause will be difficult to identify.
Conditions: These symptoms only occur when a preceding error has occurred during route processor assignment of interface indices. These errors are frequently accompanied by error messages.
Workaround: Utilize RP error messages if available to diagnose the cause of the problem.
•
Symptoms: When ATM packets are sent over an 8-port OC-3 ATM Engine 2 line card, the packets are punted to the CPU of the line card, causing traffic drops.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(31)S and that is configured for AToM when an 8-port OC-3 ATM Engine 2 line card is the disposition card.
Workaround: There is no workaround.
•
Symptoms: On a Cisco XR 12000 series hardware-based forwarding line card, the receive counters in the output of the show mpls l2transport vc command do not work in any images for AToM.
Conditions: This symptom is observed on all hardware-based engine line cards on a Cisco XR 12000 series that is configured for AToM and Sampled NetFlow on the core-facing line cards.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series line card may generate the following error message and traceback when you delete MLP bundles:
%LC_DMLP-4-BUNDLENULL: Unexpected null bundle in bflc_cx3_dmlp_frag_on_off, searching for group13
-Traceback= 402FFF44 40300228 40E1880C 40E18BE0 40E19900Conditions: This symptom is observed on a Cisco 12000 series when you delete MLP bundles by entering the copy tftp run command to copy the configuration script that is supposed to delete the MLP bundles.
Workaround: There is no workaround. However, the message does not impact any functionality of the router and the router recovers by itself.
•
Symptoms: A 1-port channelized OC-12/STM-4 (DS1/E1) ISE line card on a CE router may crash when many (168) MLP interfaces are deleted and reconfigured via TFTP on a directly-connected PE router.
Conditions: This symptom is observed on a Cisco 1200 series that functions as a CE router.
Workaround: There is no workaround.
•
Symptoms: When the working link flaps with two to three second intervals on CHOC12 Internet Services Engine (ISE) line cards that are configured for automatic protection switching (APS), some T1 links may remain down.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: Reload he line card(s).
•
Symptoms: After a manual SSO switchover, traffic in the tag switching-to-IP switching direction between an egress 1-port 10-Gigabit Ethernet Engine 4+ line card and an ingress 4-port Gigabit Ethernet ISE line card does not recover.
Conditions: This symptom is observed on a Cisco 12000 series that runs the gsr-p-mz image of Cisco IOS Release 12.0(31)S. However, the symptom is platform-independent and may also occur on other platforms that function in a similar configuration and that run other releases.
Workaround: Reload microcode onto the 4-port Gigabit Ethernet ISE line card.
•
Symptoms: High jitter occurs on a 1-port channelized OC-12/STM-4 (DS1/E1) ISE line card when when many (168) MLP interfaces are congested with real-time and normal data traffic.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: A PRP switchover causes "%SYS-2-NOTQ" and "%SYS-2-LINKED" error messages and some tracebacks to be generated on a 1-port channelized OC-12c/STM-4 (DS1/E1) ISE line card, the serial interfaces of the line card flap, and eventually the line card resets.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(28)S or Release 12.0(30)S, that is configured with two PRPs, and that has the redundancy mode set to SSO.
Workaround: There is no workaround.
•
Symptoms: After removing a large number of Frame Relay subinterfaces, the following log is displayed:
SYS-3-CPUHOG: Task ran for 38160 msec (3/2), process = MDFS LC Process, PC = 41129150Conditions: This symptom is observed on a Cisco 12000 series that is configured for Multicast VPN.
Workaround: There is no workaround.
•
Symptoms: When the following sequence if performed on a Cisco router, multiple subinterfaces receive the same ifIndex number, causing incorrect CEF entries:
1.
2.
3.
4.
Conditions: This symptom is observed on a Cisco 12000 series when the above-mentioned or a similar sequence of adding and deleting subinterfaces is performed.
Workaround: Do not delete and re-add the same subinterface. Rather, enter the shutdown command followed by the no shutdown command to achieve the same effect.
•
Symptoms: On a Cisco 10000 series that is configured with 6-port channelized T3 line cards, when the primary and standby PREs are each loaded with a different Cisco IOS software release (for example, Release 12.0(28)S and Release 12.0(28)S3) and when the standby PRE boots, the standby PRE may crash or other errors may occur while the standby PRE configures the channelized T3 channels.
Conditions: This symptom is observed on a Cisco 10000 series for Cisco IOS Release 12.0(27)S, Release 12.0(28)S, Release 12.0(30)S, Release 12.0(31)S or a rebuild of these releases when the standby PRE runs a Cisco IOS software release that is either older or newer than the software release on the primary PRE and when one PRE runs a software release that includes the fix for caveat CSCsa41907 and the other PRE runs a software release that does not contain the fix for caveat CSCsa41907.
Workaround: Do not perform live software upgrades. Rather, bring the primary PRE down and boot the standby PRE with the same Cisco IOS software release that runs on the primary PRE, so that when both PREs come up, their software releases match.
Further Problem Description: When both the primary and standby PRE run a Cisco IOS software release that contains the fix for caveat CSCsa41907, the symptom does not occur.
•
Symptoms: After a route processor or line card has reloaded, the queue limit that is set for the class default is not properly programmed.
Conditions: This symptom is observed on a Cisco 12000 series 1-port channelized OC-12/STM-4 (DS1/E1) ISE line card that has an egress policy applied to a serial interface.
Workaround: There is no workaround.
•
Symptoms: A Engine 3 ISE line card may not properly handle incoming bad IP packets but may generate a traceback and a transient error message:
%GSR-3-INTPROC: Process Traceback= 400E10B4 400FBA2C
-Traceback= 4047917C 405E5274 400F4B58
%EE48-3-BM_ERRS: FrFab BM SOP error 40000
%EE48-3-BM_ERR_DECODE: FrFab SOP macsopi_bhdr_pkt_len_zero_err
%GSR-3-INTPROC: Process Traceback= 400E1090 400FBA2C
-Traceback= 4047917C 405E5274 400F4B58
%LC-4-ERRRECOVER: Corrected a transient error on line card.The line card may also crash.
Conditions: These symptoms are observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S1 or Release 12.0(26)S5a.
Workaround: There is no workaround.
•
Symptoms: On a Cisco 12000 series with an unidirectional MR-APS configuration, traffic los occurs when the line card that contains the APS protect interface is reloaded.
Conditions: This symptom is observed mostly in highly-scaled APS configurations on a channelized OC-48 ISE line card that is configured for unidirectional APS.
Workaround: There is no workaround.
•
Symptoms: When a line card has reloaded because you reloaded the router, the line card crashed, or you entered a command to reload the line card, the following message may appear on the console:
%MDS-2-RP: MDFS is disabled on some line card(s). Use "show ip mds stats linecard" to view status and "clear ip mds linecard" to reset.This message may be generated because MDFS is erroneously disabled on the reloaded line card. Erroneous disabling of MDFS may unnecessarily extend network convergence time.
Conditions: This symptom is observed on a distributed router or switch such as a (Cisco Catalyst 6000 series, Cisco 7500 series, Cisco 7600 series, Cisco 10000 series, and Cisco 12000 series. The symptom occurs when the router has the ip multicast-routing distributed command enabled for any VRF and when a line card is reloaded more than 50 seconds into the 60-second MDFS flow-control period.
Workaround: The symptom corrects itself after 60 seconds. Alternatively, you can enter the clear ip mds linecard slot number command.
•
Symptoms: After a manual switchover on a Cisco 12000 series that has two RPs that runs in RPR+ mode, some MLP bundles on a 1-port channelized OC-12 (DS1/E1) ISE line card may not forward traffic.
Conditions: This symptom is observed on a Cisco 12000 series that runs the gsr-p-mz image of Cisco IOS Release 12.0(28)S3.
Workaround: Enter the shutdown command followed by the no shutdown command on the MLP interface.
•
Symptoms: An RPR+ switchover may cause a VIP or line card to pause indefinitely.
Conditions: This symptom is observed when a high load of traffic passes through interfaces of a VIP or line card when these interfaces are configured for QoS.
Workaround: There is no workaround.
•
Symptoms: The line protocol of interfaces goes down, the router is unable to allocate further resources, and the router generates the following error messages:
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial5/0.8/23:0, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial5/0.8/24:0, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Multilink11 0, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial5/0.8/25:0, changed state to down
%EERP-2-UIDB_ERR: Unable to allocate resources. Invalid index for free 935
%EERP-2-UIDB_ERR: Unable to allocate resources. Invalid index for free 926
%EERP-2-UIDB_ERR: Unable to allocate resources. Invalid index for free 937 ...Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(28)S3 when you use a script that adds and deletes a multilink configuration.
Workaround: There is no workaround.
•
Symptoms: When Multiprotocol Label Switching (MPLS) is enabled on a router, one or more LDP sessions may be disrupted during periods of extremely high CPU use.
Conditions: This symptom is observed when the CPU use of the router temporarily increases to more than 90 percent for several tens of seconds and when one or more high-priority processes are frequently active but do not necessarily use many CPU cycles.
For example, high CPU use may occur when a peer router is reloaded or when an interface with several hundreds of numbered IP subinterfaces comes up, which causes many processing changes on the router because of the "Tagcon Addr" process.
On a Cisco 12000 series, high CPU use may occur because of the "Fabric ping" high-priority process, which is frequently active.
Other high-priority processes may also cause the symptom to occur.
Workaround: To increase the length of the hello adjacency holdtimes, enter the mpls ldp discovery hello holdtime command on the affected router. You may need to enter this command on all platforms in the network in order to provide full protection.
•
Symptoms: In the outputs of the show ip psa-cef and show ip cef commands for an Engine 2 ingress line card, the "Local OutputQ (Unicast)" information may point to another and incorrect slot than the slot that the global CEF table points to.
When this symptom occurs, packets that are destined for these specific IP address are dropped.
Conditions: This symptom is observed on a Cisco 12000 series when an Engine 2 line card is used as an ingress line card for traffic that is directed to a default route.
Workaround: Enter the clear ip route 0.0.0.0 or clear ip route * command.
•
Symptoms: An RP may crash continuously when you reload all the line cards in a dual-RP router that has the redundancy mode is set to SSO.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with two GRPs or two PRPs that are configured for SSO and occurs only when a 1-port channelized OC-48 ISE line card, a 4-port channelized OC-12 ISE line card, or 16-port channelized OC-3 ISE line card is present in the router.
Workaround: Set the redundancy mode to RPR or RPR+.
•
Symptoms: On a channelized OC-48 ISE line card with APS configured, a "Signal Failure" condition remains after the line card has been reloaded or after you enter the shutdown command followed by the no shutdown command.
Conditions: This symptom is observed on a Cisco 12000 series and affects only a channelized OC-48 ISE line card with an APS configuration.
Workaround: There is no workaround.
•
Symptoms: MVPN PIM neighbors that are associated with both a 1-port channelized OC-48 ISE line card and a 1-port channelized OC-12 (DS1) ISE line card bounce when you perform a microcode-reload of a 1-port channelized OC-12 (DS1) ISE line card.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: The PPP protocols flap on a 64K-port of an interface of a 1-port channelized OC-12/STM-4 (DS1/E1) ISE line card that is configured for CoS and that is congested.
Conditions: This symptom is observed when two Cisco 12000 series are connected back-to-back, when the routers are connected via 1-port channelized OC-12/STM-4 (DS1/E1) ISE line cards, and when you send real-time traffic.
Workaround: Change the QoS output policy to prevent traffic from being for longer than 10 seconds and enable keepalive packets to time out.
Further Problem Description: The symptom does not occur when you do not send real-time traffic.
•
Symptoms: When the active rate for a destination PE router is evenly distributed at 4 pps for 20 flows and the active rate for a destination CE router is evenly distributed at 4 pps for 19 flows, one flow is reported at twice that rate (that is, 8 pps).
Conditions: This symptom is observed on a Cisco 12000 series that functions in a MVPN VRF-Lite environment with 20 multicast streams that have a single sustained cell rate (SCR) and that have the pps rate evenly distributed across all streams.
Workaround: There is no workaround.
•
Symptoms: All traffic with a 0 label plus another label is dropped by a 3-port Gigabit Ethernet egress ISE line card.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(31)S.
Workaround: There is no workaround.
•
Symptoms: The active PRP pauses indefinitely after it changes from standby to active.
Conditions: This symptom is observed when the redundant PRPs are configured for RPR+ mode, the router has two APS-protected CHOC12 line cards, the router has mVPNs configured, and the router runs Cisco IOS Release 12.0(28)S3.
Workaround: There is no workaround.
•
Symptoms: Some MVPN tunnels are mapped to an incorrect VRF forwarding table.
Conditions: This symptom is observed on a Cisco router that is configured for data MDT groups.
Workaround: There is no workaround.
•
Symptoms: A router may crash while displaying the output of the show ip pim mdt bgp command.
Conditions: This symptom is observed when withdraws for a MDT source group are received by PIM from BGP while you enter the show ip pim mdt bgp command.
Workaround: There is no workaround. To reduce the chance of the router crashing, change the screen-length argument in the terminal length screen-length command to 0. Doing so prevents the router from pausing between multiple output screens. (The default of the screen-length argument is 24.)
•
Symptoms: On a 6-port channelized T3 line card that has a multilink bundle configured, the delay that occurs for traffic in a priority queue is about 12 to 14 milliseconds more than what you would expect.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0S that is configured with a multilink protocol such as MFR or MLP. These protocols and congestion may cause excess delay for priority traffic.
Workaround: There is no workaround.
•
Symptoms: mVPN packets have corrupted encapsulation headers.
Conditions: This symptom is observed on a Cisco 12000 series that has a channelized ISE ingress line card when packets are replicates to a VRF interface on the ingress line card, to a VRF interface on another line card, and to a core interface on a third line card. This symptom occurs only after some redundancy switchovers.
Workaround: Reload the line card.
•
Symptoms: Interface configuration parameters are not applied to the running configuration after an RPR+ switchover.
Conditions: This symptom is observed intermittently on a Cisco 12000 series that is configured with a 1-port CHOC-48 ISE line card but may also occur with other line cards.
Workaround: Apply the configuration manually to the affected interface.
•
Symptoms: Performance drops to 90 percent when the "N flag" is set incorrectly for the MDFS process.
Conditions: This symptom is observed on a Cisco 12000 series that is configured for mVPN, that uses an Engine 3 line card for imposition, and that uses an Engine 4+ line card for disposition.
Workaround: Reload the router.
•
Symptoms: On a 1-port channelized OC-12 ISE line card, the configuration of an interface that is configured for MFR, MLP, and QoS may become lost during the switchover of an RP.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(28)S and that is configured with two RPs that have the redundancy mode set to RPR+.
Workaround: There is no workaround.
•
Symptoms: When an attempt is made to remove a loopback from a T1 interface of a channelized T3 controller, the following warning message is generated and the loopback is not removed:
%Inband loopback is already running on T1 12. Only one code can be running per T3 at a timeConditions: The symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(27)S2 and that is configured with a 6-port channelized T3 line card.
Workaround: There is no workaround.
•
Symptoms: The physical layer interface module (PLIM) of a 6-port channelized T3 that is configured for MLP may not be updated with MLP link information.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(28)S4 after you have reloaded the router.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected MLP interfaces.
•
Symptoms: When you run an SNMP get or walk on the ifOperStatus object on a 1-port CHOC-12 OC-3 ISE line card, the status for the STS-1 path interface shows down although the channel is up.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(28)S3.
Workaround: There is no workaround.
•
Symptoms: Multilink PPP interfaces flap more than once.
Conditions: This symptom is observed following an RPR+ switchover for a 1-port ISE OC-12 channelized to DS1/E1 line card that is configured with 168 multilink VRF interfaces, all of which are configured for QoS.
Workaround: There is no workaround.
•
Symptoms: A port adapter in a router or FlexWan module in a switch may crash when an SSO switchover occurs on a Route Processor or Supervisor Engine.
Conditions: This symptom is observed when the port adapter or FlexWan module is configured with a QoS policy.
Workaround: There is no workaround.
•
Symptoms: A VIP that has a dMLFR configuration may crash when you enter the microcode reload global configuration command.
Conditions: This symptom is observed on a Cisco 7500 series when traffic flows through the VIP.
Workaround: There is no workaround.
•
Symptoms: At random, subinterfaces loose the ability to ping a directly-connected peer.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with two 3-port Gigabit Ethernet line cards.
Note that although regular and extended pings do not work, pings that use the record option do work.
Workaround: Reload microcode onto the affected line cards.
•
Symptoms: With traffic passing over a network only occasionally, a 4-port OC12 ATM ISE line card generates a "%PM622-3-CPK24_INTR: Egr SAR timeout" error message and resets.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: Reload the line card.
Further Problem Description: The symptom occurs when the "CPK24 FPGA" detects that the SAR does not respond in the "Utopia interface." The SAR then crashes because of a bad canonical header in the egress direction.
•
Symptoms: A Cisco 10000 series generates the following error message:
%GENERAL-3-EREVENT: ACLs could not add IDB to listThe message is followed by a traceback.
This may indicate that the standby PRE does not apply the ACL for security purposes.
Conditions: This symptom is observed on a Cisco 10000 series that is configured with redundant PREs. The symptom is a timing issue.
Workaround: There is no workaround.
•
Symptoms: When you remove a policy map from a subinterface, the subinterface may become stuck, preventing traffic from passing through the subinterface.
Conditions: This symptom is observed on a Cisco 10000 series that runs Cisco IOS Release 12.0(25)SX7 when a nested policy map is applied to the main or physical interface in addition to the one that is already applied to the subinterface. The symptom could also occur in Release 12.0S.
Workaround: Remove the policy map from the physical interface before you remove the policy map from the subinterface. When the subinterface configuration is updated, re-apply the policy map to the physical interface.
•
Symptoms: An RP crashes during large interface configuration changes when interfaces and QoS policies are added or deleted.
Conditions: This symptom is observed on a Cisco 12000 series when the configuration changes involve ATM and serial interfaces.
Workaround: There is no workaround.
•
Symptoms: An LSP ping (or traceroute packet) is incorrectly sent from an unlabeled interface, preventing the LSP ping to detect LSP breakages when a one-hop label switched path is pinged.
Conditions: This symptom is observed on a Cisco router that is configured for MPLS OAM.
Workaround: There is no workaround.
•
Symptoms: The data path on a 3-port Gigabit Ethernet Engine 2 (3GE-GBIC-SC) line card may be reset because of a corrupted packet that is found in the Tx SOP SRAM. This situation causes packet loss and the routing protocol sessions to flap.
Conditions: This symptom is observed on a Cisco 12000 series that runs a Cisco IOS software release that includes the fix for caveat CSCef06121. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCef06121. Cisco IOS software releases that are listed in the "First Fixed-in Version" field at this location are affected.
Workaround: There is no workaround. The symptom causes a disruption of service, but service is restored.
Further Problem Description: When the symptom occurs, the following messages are generated in the log:
%RP-3-FABRIC_UNI: Unicast send timed out (1)
CORRUPT PACKET DUMP:
000005C000000000 0200000000000000 0000000101000000 00062AD9B40A0003 A09D008208004500 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
%RPGE-6-AUTONEG_STATE: Interface GigabitEthernet1/0: Link OK - autonegotiation complete
%RPGE-6-AUTONEG_STATE: Interface GigabitEthernet1/2: Link OK - autonegotiation complete
%RPGE-6-AUTONEG_STATE: Interface GigabitEthernet1/1: Link OK - autonegotiation complete
%LCGE-3-SOP_BAD_PACKET: Found corrupt pkts in tx-sop-sram. Data path was reset.
%OSPF-5-ADJCHG: Process 1, Nbr 10.142.65.38 on GigabitEthernet1/0 from LOADING to FULL, Loading Done
%OSPF-5-ADJCHG: Process 1, Nbr 10.142.65.44 on GigabitEthernet1/2 from LOADING to FULL, Loading Done•
Symptoms: Locally-originated and transit packets that are greater than 1599 bytes in length do not leave a router. BGP and other TCP-based protocols that negotiate large MSS values may go down.
Conditions: This symptom is observed on a Cisco 10000 series that is configured with a PRE or PRE1 and that performs IP fragmentation.
Workaround: First, enter the show hardware pxf cpu buffer or show pxf cpu buffers command to verify buffer depletion. Then, perform a microcode-reload of the PXF engine.
•
Symptoms: Traffic to a network core is dropped from a link-bundle interface of an Engine 3 line card.
Conditions: This symptom is observed when the network core is a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S or a later release, that functions as a PE router, that is configured for MPLS VPN, and that has L3 loadbalancing enabled on an egress path through a link-bundle interface.
Workaround: There is no workaround.
Further Problem Description: The symptom occurs because there is incorrect FCR information in the Engine-3 hardware rewrites that point to the link-bundle interface.
•
Symptoms: When you boot a Cisco 12000 series, some Layer 1 and CoS command are rejected with the following error messages:
Command "pos threshold sd-ber 9" not allowed on link-bundle member interface POS1/0
Command "tx-cos TEST" not allowed on link-bundle member interface POS1/0Conditions: This symptom is observed on a Cisco 12000 series when a POS interface of an Engine 0 or Engine 2 line card has the tx-cos command enabled and is a member of a port channel or POS channel.
Workaround: There is no workaround.
•
Symptoms: When VBR ATM traffic is sent through a Cisco 12000 series 4-port ATM OC-3 ISE line card via an L2TPv3 IP tunnel to another 4-port ATM OC-3 ISE line card on another Cisco 12000 series, the VBR ATM traffic passes at lower rates than what is configured on the routers, and cell loss occurs.
Conditions: These symptoms are observed on a Cisco 12000 series that is connected back-to-back via an OC-192 POS link to another Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: Packets do not switch through a core interface of a line card that has hardware acceleration enabled.
Conditions: This symptom is observed on a Cisco 12000 series when the line card that contains the core interface has also a VRF interface that is shut down.
Workaround: Disable hardware acceleration on the line card.
•
Symptoms: A 4-port OC-12/STM-4 ATM ISE line card may forcefully reload. The following log message may also be reported after the forceful reload:
Linecard Reset with %PM622-3-CPK24_INTR: Egr Mismatch.Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(27)S5.
Workaround: There is no workaround.
•
Symptoms: When a class map that contains an access control list (ACL) that is too large and complex to fit in memory is applied to an MQC policy map on a Cisco 10720, the router pauses indefinitely while compiling the ACL and generates a MALLOCFAIL error. The router should report an out-of-memory situation.
Conditions: This symptom is observed when the ACL contains 2000 lines and is complex.
Workaround: There is no workaround.
•
Symptoms: On a 1-port OC-48 Engine 3 line card that has 350 Frame Relay subinterfaces on which VRF is enabled, traffic is forwarded on all subinterfaces with the exception of one subinterface.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(28)S and that functions as a CE router when the 1-port OC-48 Engine 3 line card provides a connection to a PE router.
Workaround: Remove and reconfigure VRF forwarding on the affected subinterface.
•
Symptoms: On a Cisco 12000 series that is configured for MR-APS, traffic duplication occurs in the ingress direction on a 1-port channelized OC-12 (DS1/E1) ISE line card.
Conditions: This symptom is observed after an RP switchover, after the router reloads, or after an APS switchover. The inactive APS interface should drop all ingress traffic, but this does not occur, causing traffic duplication.
Workaround: There is no workaround.
•
Symptoms: A router misses an entry in its label forwarding table, which is shown in the output of the show tag-switching forwarding-table EXEC command for the missing entry and in the output of the show ip cef detail EXEC command for the prefix.
Conditions: This symptom is observed on a Cisco router that is configured for Multiprotocol Label Switching (MPLS) and that learns its routes through iBGP from redundant route reflectors (RRs) when BGP labeling is not enabled.
Workaround: There is no workaround. However, when you enter the clear ip route EXEC command for the affected prefix, the prefix is reinstalled in the label forwarding table.
•
Symptoms: A 4-port channelized STM-1/OC-3 line card resets and generates an "IRONBUS-FAULT" error message.
Conditions: This symptom is observed on a Cisco 10000 series when you enter the tug-2 tug-2-number e1 e1-number loopback command on the line card.
Workaround: There is no workaround.
•
Symptoms: An snmpwalk fails for cmplsFrrFacObjects in the FRR-MIB.
Conditions: The symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S6, Release 12.0(28)S3, or Release 12.0(31)S.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series RP crashes during BGP convergence when MVPNs are configured.
Conditions: This symptom is observed on a Cisco 12000 series after a duplicate BGP MDT extended community message is received that specifies a different Route Descriptor (RD) for an MDT that already exists for the specified MDT source and group address.
Workaround: There is no workaround.
•
Symptoms: When you enter the redundancy force-switchover command, an Engine 4 line card may crash.
Conditions: This symptom is observed on a Cisco 12000 series that runs the c12kprp-p-mz Cisco IOS software image and that has two RPs that function in SSO mode.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: Some members of a multilink bundle remain inactive, while others are active.
Conditions: This symptom is observed when the interfaces are configured with the ppp chap hostname or ppp multilink endpoint command. Very high speed interfaces may come up and join the multilink bundle faster than the configuration can be processed, which causes them to use the host name of the router (instead of the configured user name or endpoint value) as the Endpoint Discriminator during Link Control Protocol (LCP) negotiations. This situation causes a mismatch between these links and those that come up after the configuration command is processed.
Workaround: Enter the shutdown interface configuration command followed by no shutdown interface configuration command on the active links to enable the links to renegotiate LCP with the correct Endpoint Discriminator value.
Resolved Caveats—Cisco IOS Release 12.0(28)S3
Cisco IOS Release 12.0(28)S3 is a rebuild of Cisco IOS Release 12.0(28)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(28)S3 but may be open in previous Cisco IOS releases. This section describes only severity 1, severity 2, and select severity 3 caveats.
Basic System Services
•
Symptoms: Although there are free tty lines, you cannot make a Telnet connection and a "No Free TTYs error" message is generated.
Conditions: This symptom is observed when there are simultaneous Telnet requests.
Workaround: There is no workaround.
•
Symptoms: You cannot create a VRF-aware ICMP, UDP, or jitter probe using SNMP.
Symptoms: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.0(27)S. Note that the symptom does not occur in Release 12.2(11)T.
Workaround: Use CLI commands to create a probe.
•
Symptoms: The console of a router may stop responding and the router may stop forwarding traffic.
Conditions: This symptom is observed on a Cisco 7206VXR that runs Cisco IOS Release 12.3(6b) and that is configured with an NPE-G1 when the native Gigabit Ethernet interfaces of the NPE-G1 are used.
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: All channels on a PA-MC-2T3+ port adaptor stop sending traffic although they continue to receive packets. All interfaces will remain in up/down state.
Conditions: Once we send greater than linerate over the port adaptor, for a little while the PA locks up and never returns to normal working state.
Workaround: Perform resurrect operation on the PA. Note: this will affect all interfaces on that PA.
IP Routing Protocols
•
Symptoms: A Cisco router that is runs Enhanced Interior Gateway Routing Protocol (EIGRP) with the stub feature enabled may have a route that is active and not waiting for replies.
Conditions: This symptom is observed only in networks where all of the EIGRP neighbors are declared as stub.
Workaround: Remove the EIGRP stub feature or clear the IP EIGRP neighbors.
•
Symptoms: A Cisco router crashes after configuring a sham link, and the sham link endpoints have different area IDs.
Conditions: This symptom is observed when the areas on the two sham link endpoints are different.
Workaround: When configuring sham links, be sure that the same area is configured on both endpoints.
•
Symptoms: A software-forced reload may occur on a router that is configured with a DVMRP tunnel.
Conditions: This symptom is observed on a Cisco router when the DVMRP tunnel is brought up and routing information is redistributed between DVMRP and MBGP.
Workaround: There is no workaround.
•
Symptoms: In a VPNv4 network in which a multi-homed CE router advertises multiple paths for a prefix, a PE router may fail to withdraw the prefix previously advertised to another PE router when its best path changes from a non-imported path to an imported path because of a change in the import route map of the VRF.
Conditions: This symptom is observed in a topology in which a CE router connects to a PE router via two different VRFs.
Workaround: Remove the imported path either by unconfiguring the import route map of the VRF or by changing the import route target, withdraw the non-imported prefix from the CE router, and restore the import route map or import route target.
•
Symptoms: A Cisco 10000 PRE-1 may reload when a VRF that is configured with eight maximum paths is modified.
Conditions: This symptom is observed when a VRF on the Cisco 10000 series is configured for eight maximum EIBGP paths by entering the maximum-paths eibgp 8 command and when the VRF is modified in such a way that there is a change in the number of paths that are available. The symptom may also occur on a Cisco 10720.
Workaround: A Cisco 10000 series can support only six maximum paths. Therefore, configure the number of maximum paths by entering the maximum-paths eibgp 6 command.
•
Symptoms: A router that is configured for OSPF may reload unexpectedly and reference the "ospf_build_one_paced_update" process.
Conditions: This is observed on a Cisco router that has a mixture of LSAs (of type 5 and 11) that travel throughout an autonomous system and LSAs (of any type other than type 5 and 11) that travel within a particular OSPF area. The symptom may occur at any time without any specific changes or configuration and is not specifically related to any type of LSA.
Workaround: There is no workaround.
Further Problem Description: The symptom is very unlikely to occur. The symptom does not occur on a router that has exclusively stub areas and NSSA areas. The symptom may occur when a router does not have exclusively stub areas and NSSA areas.
•
Symptoms: BGP may pass an incorrect loopback address to a multicast distribution tree (MDT) component for use as the source of an MDT tunnel.
Conditions: This symptom is observed when you reload a Cisco router that runs Cisco IOS Release 12.0(28)S1 and when there is more than one source address that is used in BGP, such as Lo0 for IPv4 and Lo10 for VPN. If the IPv4 peer is the last entry in the configuration, the MDT tunnel interface uses lo0 as the source address instead of lo10. The symptom may also occur in other releases.
Workaround: Remove and add the MDT statement in the VRF.
•
Symptoms: A router that is configured with the OSPF routing protocol may reload.
Conditions: This symptom is observed when the OSPF process is simultaneously deconfigured via one session and configured via another session.
Workaround: There is no workaround. Cisco strongly discourages you to configure a router via two different but simultaneous sessions.
•
Symptoms: A router may crash when you enable MVPN by entering the mdt default group-address command under a VRF.
Conditions: This symptom is observed on a Cisco router that is configured for BGP VPNv4.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload when the RSVP MIB object is polled via SNMP.
Conditions: The symptom is platform- and release-independent.
Workaround: Disable SNMP by entering the no snmp-server host command.
•
Symptoms: When a route map is configured, routes may not be filtered as you would expect them to be filtered.
Conditions: This symptom is observed on a Cisco router that is configured for BGP and that functions in an MPLS VPN environment.
Workaround: There is no workaround.
ISO CLNS
•
Symptoms: A router running Cisco IOS software may reload unexpectedly.
Conditions: This symptom has occurred when running those versions of software with the Integrated Intermediate System-to-Intermediate System (IS-IS) Incremental shortest path first (SPF) feature and when IS-IS Incremental SPF feature is enabled to run.
Workaround: Disabled IS-IS Incremental SPF.
•
Symptoms: The ISIS metrics assigned to passive-interfaces on a Cisco router will be removed from the configuration after each reload. The passive- interface ISIS metric is used for biasing peer traffic on certain routers.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0(28)S1.
Workaround: Reconfigure the ISIS metric after each reload.
Miscellaneous
•
Symptoms: A Cisco 10000 series may stop responding.
Conditions: This symptom is observed when you attach a child policy map with four policing statements to a parent policy map with a bandwidth queue and when the parent policy map is already attached to 100 T1 interfaces.
Workaround: Attach the child policy map to the parent policy map before you attach the parent policy map to the interfaces.
•
Symptoms: When a large number of VRFs are configured, input OAM F5 loopback cells on the ATM interface are dropped continuously, even without traffic. You can see drops at "OAM cell drops" in the output of the show atm traffic EXEC command and at "Input queue drops" in the output of the show interface ATM EXEC command.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.2(19), Release 12.3(5), or Release 12.3(4)T2 when the oam-pvc manage and ip vrf global configuration commands are configured. The symptom may also occur in other releases.
Workaround: Remove the ip vrf command. There is no workaround for a router such as a provider edge (PE) router that cannot remove VRFs.
•
Symptoms: An incorrect update-source interface is selected for a multicast tunnel interface in an MVPN configuration.
Conditions: This symptom is observed when the provider edge (PE) router is also an ASBR with eBGP peers or has non-VPNv4 peers with higher IP addresses than the peer that has VPNv4 enabled. MVPN requires that the BGP update source address of a VPNv4 peer is selected as the MTI source address.
Workaround: There is no workaround.
•
Symptoms: SNMP users that have MD5 configured may become lost after a switchover in an RPR+ environment.
Conditions: This symptom is observed on a Cisco 7500 series and Cisco 12000 series that run Cisco IOS Release 12.0(27)S1 in RPR+ mode.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload when you enter the show ipv6 mfib verbose command for a large MFIB.
Conditions: This symptom is observed on a Cisco 12000 series that is configured for multicast.
Workaround: There is no workaround.
•
Symptoms: A traceback is generated on the console and logged in the logging buffer, and the count in the output of the show alignment command increments.
Conditions: This symptom is observed on a Cisco 10000 series that is configured as a provider edge (PE) router when you enter the show mpls forwarding command to show the pop labels and the active LDP peers.
Workaround: There is no workaround.
•
Symptoms: A number of PVCs may become locked in an inactive state, and the following type of error message may appear in the log:
%ATM-3-FAILREMOVEVC: ATM failed to remove VC(VCD=X, VPI=X, VCI=X) on Interface ATM X/X/X, (Cause of the failure: PVC removal during recreation failed)Conditions: This symptom is observed when you change the parameters of a VC class while the PVC is active and while you view the PVC status in the output of the show atm vc interface interface-number command.
The symptom occurs when you change the PVC speed in a VC class via one Telnet (or console) session and you enter the show atm vc interface interface-number command via another Telnet (or console) session.
Workaround: To remotely resolve the symptoms, remotely initiate an HA failover or remotely reload the affected router.
•
Symptoms: DSCP-based DWRED statistics are not updated in output of the show policy-map interface command: random drop and tail drop statistics are always shown as zero.
Conditions: This symptom is observed on a Cisco 7500 that is configured with an RSP4. However, this caveat may be platform-independent.
Workaround: There is no workaround.
•
Symptoms: MPLS IAS traffic without labels is dropped at one ASBR when PPP encapsulation is configured between two ASBRs.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(28)S1 and that functions as an ASBR. However, the symptom may be platform-independent and may also occur in other releases.
Workaround: Change the encapsulation to HDLC.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages 2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks 3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en
•
Symptoms: A recursive static default route may not have an outgoing MPLS label, causing all packets to be dropped.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(9) but may also occur in other releases.
Workaround: Add a nonrecursive static route to the BGP next-hop.
•
Symptoms: Multicast traffic stops on a PE router that is configured for mVPN.
Conditions: This symptom is observed on a Cisco 12000 series that functions as a PE router when a default MDT switchover to the data MDT occurs.
Workaround: Clear the VRF mroutes on the affected line card by entering the clear ip mds vrf vrf-name forwarding command.
•
Symptoms: All line cards may reset and may not enter the "RUN" state after a software OIR or the primary CSC occurs on a Cisco 12000 series that has 40 GB of fabric.
Conditions: This symptom is observed on a Cisco 12000 series that runs the gsr-p-mz image of an interim release for Cisco IOS Release 12.0(30)S. However, this caveat is resolved in Release 12.0(30)S.
Workaround: Power cycle the router.
•
Symptoms: Low latency queueing (LLQ) and class-based weighted fair queueing (CBWFQ) may not function for MPLS packets. The MPLS packets that conform to the bandwidth that is allocated to these classes may be dropped.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.2S when MPLS packets leave an interface that has an output policy map with priority or bandwidth commands, or both, configured within its classes. The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: After you have configured an ACL on a router to deny a traffic stream, traffic is shaped unexpectedly.
Conditions: This symptom is observed when the no access-list command fails while a nonvolatile generation (NVGEN) occurs.
Workaround: There is no workaround.
•
Symptoms: After you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on an active GE interface or after you reload the router while an GE interface is active, the correct ARP entry is missing from the interface.
Conditions: This symptom is observed on a Cisco 10000 series that runs a Cisco IOS release later than Release 12.0(23)S.
Workaround: There is no workaround.
•
Symptoms: The output counter on the interface of a PE router that faces a P router generates almost twice the value that is should provide.
Conditions: This symptom is observed in the following MPLS topology in which Cisco 12000 series routers are connected via interfaces of Engine 3 line cards:
A CE router (CE1) connects to a PE router (PE1) that connects, in turn, to a P router. This P router connects to another PE router (PE2) that, in turn, connects to another CE (CE2) router.
The symptom occurs when a VRF ping is generated from PE1 to the VRF interface of PE2, that is, the interface that is connected to CE2. The output counter on PE2 generates incorrect values.
Workaround: There is no workaround.
•
Symptoms: Multicast VPN (MVPN) traffic does not resume.
Conditions: This symptom is observed on a Cisco 12000 series that runs a Cisco IOS interim release for Release 12.0(30)S and that functions as a PE router that is configured for MVPN.
Workaround: Enter the clear ip mroute command.
•
Symptoms: A CSC OIR may cause all line cards in a router to enter the disabled state and the standby RP to reload continuously.
Conditions: The symptom is observed on a Cisco 12000 series that has dual PRPs and that runs a Cisco IOS interim release for Release 12.0(30)S.
Workaround: There is no workaround.
•
Symptoms: On a Cisco router that functions as an egress PE router in an MPLS VPN network, after the customer-facing line card is reloaded, the ingress line card that receives an incoming VPN label with a destination with a glean adjacency (which requires an ARP request) without a BGP session may not properly complete the adjacency, causing traffic to be dropped.
Conditions: This symptom is mostly observed with static recursive route configurations. You can recover from the symptom by manually pinging the interface of the CE router from the adjacent PE router.
Workaround: Configure static ARP entries for the next hop router in the static recursive routes.
•
Symptoms: The PXF engine on a Cisco 10000 series may crash, causing traffic through the router to be interrupted temporarily.
Conditions: This symptom is observed on a Cisco 10000 series when a security ACL is changed and immediately applied to an interface while traffic is traversing the interface. The symptom may occur on a Cisco 10000 series that is configured with either a PRE1 or a PRE2.
Workaround: Wait several seconds between updating the ACL and applying it to the interface.
•
Symptoms: During intense interaction between the RP and line cards, the RP may crash because of a corruption. This symptom occurs when large numbers of VRFs are continuously created and deleted. However, the trigger for the symptom to occur could be caused by something else.
Conditions: This symptom is observed on a Cisco 12410 that is configured with about 100 VRFs and that runs Cisco IOS Release 12.0(27)S2, 12.0(28)S1, or an interim release for Release 12.0(29)S. The symptom is not observed in Release 12.0(30)S.
Workaround: Do not add or delete more than VRFs at one time.
•
Symptoms: Several VIPs may crash at about the same time because of a bus error.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(26)S4 and that is configured with an RSP4 when the VIPs are configured for QoS but have insufficient memory.
Workaround: Increase the amount of memory on the VIPs.
•
Symptoms: An Engine 3 1-port OC-12 channelized DS1 line card that is configured for MLP may reset or may cause the RP to reset.
Conditions: This symptom is observed on a Cisco 12000 series that runs the gsr-p-mz image of Cisco IOS Release 12.0(31)S.
Workaround: There is no workaround.
•
Symptoms: The show redundancy command incorrectly indicates Peer RP is disabled during the upgrade procedure when it is not.
Conditions: This symptom is observed on a Cisco 12000 series router that runs the gsr-p-mz image of Cisco IOS Release 12.0(30)S.
Workaround: Continue with the upgrade procedure.
•
Symptoms: A 4-port OC-12 ATM single mode (4OC12/ATM-IR-SC) line card may generate unicast send timeout errors, %LC-3-PSAERRS errors, and %LC-3-BMAERRS errors, which cause TDP neighbor flapping and may cause the line card to crash.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(27)S3.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series may hang while reloading.
Conditions: This symptom is observed on a Cisco 12000 series that runs the gsr-p-mz or c12kprp-p-mz image of an interim release for Cisco IOS Release 12.0(31)S.
Workaround: There is no workaround.
•
Symptoms: The controller of a 1-port multichannel STM-1 port adapter (PA-MC-STM1) does not come up after the router has reloaded.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(28)S2.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10000 series reloads when a large QoS policy is defined.
Conditions: The symptom is observed when you define a policy map that exceeds the number of classes that can be defined in a policy (32).
Workaround: Avoid policies with an unsupported number of classes.
•
Symptoms: An Engine 6 line card may reset because of an IPC timeout.
Conditions: This symptom is observed on a Cisco 12816 that runs Cisco IOS Release 12.0(27)S4 when you enter the shutdown command on the primary Clock Scheduler Card (CSC) or you enter the no shutdown command on the secondary CSC that is in the shut down state.
Workaround: There is no workaround.
•
Symptoms: When an ATM PVC is configured with an egress service policy, exiting from the PVC configuration mode by entering the exit command, can cause traffic that is forwarded from other PVCs on the line card to be dropped
Conditions: This symptom is observed on a Cisco 12000 series router with an E3 ATM or E2 8xOC3 ATM line card installed.
Any action to cause the affected ATM PVC to be reinitialized will restore traffic forwarding.
Workaround: Do not enter the exit command to exit from the PVC configuration mode. Rather, enter end command.
•
Symptoms: A RP switchover causes %SYS-2-NOTQ and %SYS-2-LINKED errors and some tracebacks on a Cisco 12000 series 1-port channelized OC-12c/STM-4 (DS1/E1) ISE line card.
Conditions: This symptom is observed on a Cisco 12000 series dual-PRP router that runs a Cisco IOS interim release for Release 12.0(31)S.
Workaround: There is no workaround.
•
Symptoms: When you attach a policy with a priority class to a subinterface of a channelized OC-48/STM-16 (DS3/E3, OC-3c/STM-1c, OC-12c/STM-4c) POS/SDH ISE line card that is configured with Frame Relay subinterfaces, the default queue limit for the priority queue of the port changes to a value that is calculated by the policy map that was attached. This situation causes QoS to be impacted.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: Ensure that the policy map that you attach last calculates the desired queue limit, which is then applied to all subinterfaces of the port.
•
Symptoms: After you have reloaded a router, for each of the service policies that are attached to the interfaces of a 4-port OC-12 POS ISE line card, the policing of L2 VCs may fail when errors with the following associated error messages occur:
"Must remove existing service policy first .."or
"Configured exceed actions are not supported when policing L2 VCs on interface.."When the policing of L2 VCs fails, the following error message is generated:
"L2 policing config failed."Conditions: This symptom is observed on a Cisco 12416 that runs the c12kprp-p-mz image of a Cisco IOS interim release for Release 12.0(31)S and that is configured with dual PRPs and 4-port OC-12 POS ISE line card that has a service policy attached to each of its interfaces.
Following are examples of configurations that may trigger the symptoms:
policy-map testing-input
class class-default
police cir percent 2 pir percent 4
conform-action set-mpls-exp-imposition-transmit 4
exceed-action set-mpls-exp-imposition-transmit 1
violate-action drop
!
map-class frame-relay testing
service-policy input testing-input
interface POS6/0
frame-relay interface-dlci 17 switched
class testingWorkaround: There is no workaround.
•
Symptoms: A multilink bundle on a Cisco 10000 series may lock up. The multilink bundle may transmit packets but does not process any incoming packets, indicating that all links of the bundle are in an out-of-order state and draining.
Conditions: This symptom is observed on a Cisco 10000 series that runs Cisco IOS Release 12.0(25)SX, Release 12.0(26)S4, or a later 12.0S release and that is configured for mVPN and MLP. The symptom may be platform-independent.
Workaround: If this is an option, disable mVPN.
•
Symptoms: Hardware multicast may be disabled on an Engine 3 line card and the line card may reset.
Conditions: This symptom is observed when you scale BGP routes and load-balancing on a PE router that is configured for MVPN.
Workaround: There is no workaround.
•
Symptoms: There are several symptoms:
- Multicast traffic may be punted to the RP with the "no group" reason, even if (*,G) and (S,G) exist on the PXF. You can observe the punted traffic in the output of the show hardware pxf cpu statistics diversion command.
- PIM neighbors across an MDT in an MVPN network may flap.
Conditions: This symptom is rarely observed when either PXF or the router is rebooted or reloaded while traffic runs in the network. When the router has a large configuration or when many multicast streams pass through the router, the probability of the symptom occurring increases.
Workaround: Make a note of the traffic streams that are punted to the RP by entering the show hardware pxf cpu statistics spd command. Then, clear these traffic streams by entering the clear ip mroute group command.
When the multicast routing table is small, just enter the clear ip mroute * command.
Further Problem Description: The packets that are punted to the RP are rate-limited by a multicast data traffic SPD process. These packets are counted as "no group".
In an MVPN network, control plane traffic is encapsulated in an MDT. If this MDT traffic is punted and rate-limited, the control plane traffic is lost, causing PIM neighbors to flap.
•
Symptoms: The PIM neighbor ship on a VRF goes down, preventing traffic from flowing.
Conditions: This symptom is observed on a Cisco 12000 series that is configured for MVPN when you perform one of the following actions:
- You shut down a line card that is used by MVPN to punt control packets to the RP.
- You change the VRF name on the line card that is used by MVPN to punt control packets to the RP.
Workaround: If the symptom occurs because you shut down the line card, re-insert the line card to restore the PIM neighborship. If the symptom occurs because you changed the VRF name on the line card, disable and re-enable the mdt default group-address command that is defined under the ip vrf command.
•
Symptoms: On a router that is configured for multi-router APS, the APS interfaces remain in the Active/Inactive states. One of the interfaces is Active, while the other is Inactive. However, when the line card holding the APS protect interface is reloaded and the line card comes back up, both the Working and Protect interfaces end up in Active state.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(28)S2. Not every protect line card reload causes the symptom occur. The symptom is readily observed when the reload of a Protect line card is accompanied by a simultaneously occurring Signal Fail/Signal Degrade (set/clear) event on the Working line card.
Workaround: There is no workaround to prevent the symptom from occurring. However, when both interfaces are in the Active state, a manual or forced APS switch may restore sanity to the APS states.
•
Symptoms: The PIM assert mechanism may not function properly, causing PE routers to remove VRF subinterfaces from output interface lists, and, in turn, causing multicast traffic to be dropped.
Conditions: This symptom is observed when redundant PE routers and CE routers are located on one LAN segment and when the CE routers select different PE routers as their next hop.
Workaround: Change the configuration in such a way that all CE routers on one LAN segment select the same PE router as their next hop.
•
Symptoms: Traffic entering a 1-port channelized OC-12/STM-4 (DS1/E1) ISE line card is dropped.
Conditions: This symptom is observed on a Cisco 12000 series when an MLP interface is moved from the 1-port channelized OC-12/STM-4 (DS1/E1) ISE line card to another line card.
Workaround: There is no workaround.
•
Symptoms: The policer does not function for nxDs0 interfaces.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with a 1-port channelized OC-12c/STM-4 (DS1/E1) ISE line card.
Workaround: There is no workaround.
•
Symptoms: For recursive routes with implicit null as the local label, the FIB may point to the rewrite of the parent prefix. However, this situation may not affect any functionality.
Conditions: This symptom is observed on a router that is configured for MPLS forwarding.
Workaround: Change the affected prefix to be non-recursive.
•
Symptoms: When a 1-port channelized OC-12/STM-4 (DS1/E1) ISE line card is configured for MVPN on MLP interfaces and you reload the router, the PIM VRF neighbor may not be established via a tunnel for some MLP interfaces.
Conditions: This symptom is observed on a Cisco 12000 series that runs the gsr-p-mz image of a Cisco IOS interim release for Release 12.0(31)S.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected MLP interfaces.
•
Symptoms: An Engine 4 plus or Engine 5 line card does not come up.
Conditions: This symptom is observed on a Cisco 12000 series that runs a Cisco IOS interim release for Release 12.0(31)S when IPC timeout errors occur.
Workaround: There is no workaround.
•
Symptoms: One of the following two symptoms may occur on a POS ISE egress line card:
–
–
%EE48-4-GULF_TX_SRAM_ERROR: ASIC GULF: TX bad packet header detected. Details=0x4000Conditions: These symptoms are observed on a Cisco 12000 series when an invalid packet is forwarded to an egress interface on an ISE line card.
Workaround: If the transmission on the interface is stuck, reload the line card by entering the hw-module slot x reload command.
•
Symptoms: When the HA mode is RPR+ and a standby PRE comes up after a crash, the HA mode may change from RPR+ to SSO and the standby PRE displays error messages that indicate that the running configuration of the active PRE is "mode rpr-plus" but the running configuration of the standby PRE is "mode sso."
When the HA mode is SSO and a standby PRE comes up after a crash, the standby PRE may become stuck in its initialization and does not enter the "STANDBY_HOT" state.
Conditions: These symptoms are observed on a Cisco 10000 series when the standby PRE crashes but does not report a switchover (that is, a "standby down" event occurs but not a switchover event), causing the standby PRE to come up in an inconsistent state. When the standby PRE crashes, the active PRE shows an error message that includes the text "PEER_CRASH_INTERRUPT."
Workaround: Reset the standby PRE by entering the hw-modulestandby-cpu reset command to enable it to reload and come back up properly.
•
Symptoms: In a tag switching-to-IP switching scenario with an ISE ingress line card and an Engine 4 plus (E4+) egress line card, the following bad packets may be forwarded to the E4+ line card:
–
–
–
–
–
–
–
These bad packets cause packet corruption and an "TX192-3-PAM_PIM" error message on the E4+ line card and may even cause the E4+ line card to reset.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
Further Problem Description: The fix for this caveat enables the ISE line card to drop the above-mentioned bad packets.
•
Symptoms: On a Cisco 12000 series router with a 1xChOC12/DS1 ISE line card configured with multilink MFR protocol and a MQC policy, after a reload the QoS does not get applied to the bundle. The QoS goes to the suspend mode.
Conditions: The bundle loses its QoS policy when the router is reloaded. This problem is observed when running Cisco IOS Releases 12.0(28)S1, 12.0(30)S, and an interim release for Release 12.0(31)S.
Workaround: Remove the service-policy from the bundle and re-apply it.
•
Symptoms: An Engine 3 line card sends unlabeled traffic after it has been toggled from explicit routing to default routing. The symptom is related to the handling of a default-route on an Engine 3 ingress line card that functions in an IP-to-MPLS path.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(30)S1 or any other image that includes the fix for caveat CSCsa64782, which is a preliminary requisite for default-route handling on an Engine 3 line card. The symptom occurs in the following scenario:
1) You configure BGP to advertise the target address, so the target address is directly known in the routing table.
2) You remove the advertisement from BGP and return to default routing, with the same source for the next hop as the platform that was the BGP next hop.
3) You enter the clear ip route network command, with the address of the BGP next hop for the network argument.
After the transition from non-default routing to default routing, entering the clear ip route network command, with the address of the next hop for the network argument, causes an inconsistency, and traffic is forwarded as unlabeled.
Workaround: To restore proper operation, enter the clear ip route 0.0.0.0 command.
•
Symptoms: When you perform an OIR of a PA-MC-8TE1 port adapter or you reload microcode onto the line card, the line card may generate the following error message and may stop forwarding traffic:
AC Switching: VIP Xmit failed: DLCI 426 context missing
Conditions: This symptom is observed on a Cisco 7500 series.
Workaround: There is no workaround. To re-enable the line card, enter the tx-queue-limit command on the affected interface of the line card.
•
Symptoms: Multilink bundles on a Cisco 7500 series may process-switch traffic instead of using dCEF, causing the CPU usage of the RSP to increase sharply and a CPU hog condition to occur.
Conditions: This symptom is observed when an RPR+ switchover occurs on a Cisco 7500 series that is configured for HA.(The switchover causes an MLP to flap.) However, the symptom may also occur on a Cisco 7500 series that has a single RP (so, without a switchover) when an MLP link flaps.
Workaround: There is no workaround. Note that the symptom does not occur when SSO is configured because the MLP state is maintained.
•
Symptoms: A VIP that is configured for Link Fragmentation and Interleaving may crash during the "vip_mlp_process_reassemble" process.
Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS interim release for Release 12.0(31)S when links flaps occur on the port adapter that is installed in the VIP while traffic is being processed.
Workaround: There is no workaround.
•
Symptoms: After an RPR+ or SSO switchover occurs, an MLP sequence number mismatch may occur, a ping between back-to-back interfaces may not go through, and the routing protocol through this link may go down.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for dMLP and RPR+ or SSO.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the multilink interface of the Cisco 7500 series.
•
Symptoms: The line protocol of unchannelized interfaces on a PA-MC-2T3+ port adaptor remains down although the link is up.
Conditions: This is observed when you change from the channelized mode to the unchannelized mode by entering the no channelized command on the T3 controller of the PA-MC-2T3+ port adaptor.
Workaround: There is no workaround.
•
Symptoms: The output of the show interfaces serial number command does not show the total output packet drops.
Conditions: This symptom is observed when you apply a service policy on an interface that is configured for CEF.
Workaround: Enter the show policy map interface interface-name command to see the total output packet drops.
•
Symptoms: Transmit accumulator loss may occur for MLP interfaces after you have performed an OIR of a VIP. When the transmit accumulator value goes to zero, MLP may stop forwarding or packets may be switched by dCEF.
Conditions: This symptom is observed after you have performed an OIR of a VIP while traffic is running on MLP bundles.
Workaround: Reload the VIP again and ensure that no traffic leaves from the MLP bundles immediately after the VIP comes up.
•
Symptoms: Distributed MFR does not function, that is, a ping on a distributed MFR interface fails.
Conditions: This symptom is observed on a Cisco 7500 series that has a distributed MFR interface.
Workaround: There is no workaround.
•
Symptoms: When a channel group is removed from and added to a controller and when a PRE switchover occurs, the line protocol on another channel goes down after a while and input packets are not counted.
Conditions: This symptom is observed on a Cisco 10000 series that is configured with 6-port channelized T3 line card.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
Alternate Workaround: Ensure that the you enter the hw-module standby-cpu reset command before a PRE switchover occurs.
•
Symptoms: A duplex configuration (half/full) is not saved to NVRAM. This situation causes the default configuration (half duplex) to be used after the router reloads.
Conditions: This symptom is observed on a PA-2FE port adapter that is installed in a Cisco 7200 series that runs Cisco IOS Release 12.0(28)S1.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 series may crash because of a bus error when you remove a subinterface or when you remove a service policy from an interface.
Conditions: This symptom is observed when a hierarchical policy map is configured, when the policy map has a police action in the child only, and when the policy map is attached to two interfaces. When the service policy is removed from one of the interfaces, the router may crash.
Workaround: Configure the same policy map with a different name on each interface.
•
Symptoms: Cisco 10000 series routers using ATM VC bundles and QoS may have packets dropped when an external ATM VC bundle using DSCP type of service traverses the Cisco 10000.
Conditions: When using ATM VC bundles and Cisco IOS Release 12.0 S on a Cisco 10000 series router, ATM VC bundle traffic may be dropped. The problem arises when ATM bundles using DSCP enter the Cisco 10000 router which only supports MPLS EXP type of service bits. Those code points not matching an MPLS EXP TOS value exactly are dropped.
Workaround: Either use MPLS EXP for ATM bundles leading into the Cisco 10000 router or only use DSCP values that map to the MPLS EXP values.
•
Symptoms: A router builds an Echo Reply that is invalid and may be misunderstood.
Conditions: This symptom is observed on a router that is configured for LSPV when the router receives an Echo Request with a Pad TLV that has a value of "Copy Pad TLV to reply." The Echo Reply that the router builds includes residual data from previously received packets instead of the pad pattern that was received.
Workaround: There is no workaround.
•
Symptoms: When Multilink Frame Relay (FRF.16) is configured on two bundled serial links and when the traffic rate is above 2 Mbps, packet loss occurs.
Conditions: This symptom is observed on a Cisco Catalyst 6500 series and a Cisco 7500 series when you send a 64-byte Ethernet frame. The symptom does not occur when the frame size is 512 bytes or more.
Workaround: There is no workaround.
•
Symptoms: Packets are punted to the GRP at a rate of 5000 pps, causing the CPU utilization of the CPU to reach more than 50 percent.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S3 when a 4-port Packet-over-SONET OC-48c Engine 4 plus line card (4OC48E/POS-SR-SC=) receives TCP packets with destination 0.0.0.0.
Workaround: There is no workaround.
•
Symptoms: A VIP6-80 in which a PA-MC-STM-1SMI is installed crashes.
Conditions: This symptom is observed on a Cisco 7500 series that runs a Cisco IOS interim release for Release 12.0(31)S after link flaps occur on the PA-MC-STM-1SMI that has QoS configured its serial interfaces.
Workaround: There is no workaround.
•
Symptoms: Incorrect VC12 defect information may be generated on a Cisco 7500 series that is configured with a PA-MC-STM-1.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(28)S1.
Workaround: There is no workaround.
•
Symptoms: Under normal operation, an Engine 6 line card may reset with the following error messages and tracebacks:
%TX192-3-CPUIF: Error=0x10
rd 0x73 base 0x73 hdr 0x75 last 0x75 wr 0x75
insert 0x0 back 0x0 len 0x2474 cnt 0x0
-Traceback= 40D89758 405A9008 405EC67C 406D5E7C 406D64F8 400FC020 %TX192-3-CPUIF_ERR: FIFO RAM3 Parity Error.
-Traceback= 40D89808 405A9008 405EC67C 406D5E7C 406D64F8 400FC020 %GSR-3-INTPROC: Process Traceback= 400FFD20 400FCAA0 40010F6C
-Traceback= 404EFBCC 406D6760 400FC020
%FABRIC-3-ERR_HANDLE: Due to FIA HALT error, reconfigure FIA on slot 9Conditions: This symptom is observed on a Cisco 12000 series when false RAM parity errors occur.
Workaround: There is no workaround.
Further Problem Description: The fix for this caveat determines whether the RAM parity errors are real or false.
•
Symptoms: A router may pause indefinitely or reload unexpectedly.
Conditions: This symptom is observed while deleting or recreating policing access control lists (ACLs) or shaping ACLs via a script.
Workaround: Update the access control list (ACL) rather than delete it.
•
Symptoms: Upon entering the police command, the router reloads unexpectedly.
Conditions: The reload occurs if the policy map being edited already contains the maximum number of classes that the Cisco 10000 supports and the user attempts to add one more class with police.
Workaround: Avoid using policy maps that contain more classes than what the Cisco 10000 supports.
•
Symptoms: IP fragments with a User Datagram Protocol (UDP) protocol identifier may be improperly denied on an Engine 3 line card that has an outbound access control list (ACL) that denies specific UDP ports.
Conditions: This symptom is observed only for outbound ACLs on an Engine 3 line card on a Cisco 12000 series. The following is an example of an ACL statement for which the symptom may occur:
access-list 100 deny udp any any eq 0 <<< this line may accidently deny IP fragments for UDP access-list 100 permit ip any anyWorkaround: Use the following ACL instead of the above-mentioned example:
access-list 101 permit udp any any fragments
access-list 101 deny udp any any eq 0
access-list 101 permit ip any any•
Symptoms: When an ingress ISE line card is used with a default route that iBGP learns over a MPLS core, the following two symptoms may occur:
–
–
Conditions: These symptoms are observed on a Cisco 12000 series when the traffic path follows a recursive default route and when recursive load sharing occurs.
Workaround: Prevent outbound load sharing to the default route by changing the IGP metrics.
•
Symptoms: Inter-MVPN traffic does not function on an Engine 4+ line card.
Conditions: This symptom is observed on a Cisco 12000 series and may occur with any Engine 4+ line card.
Workaround: There is no workaround.
•
Symptoms: An IPC failure occurs and an OC-12 line card that is configured for Frame Relay over MPLS resets.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(27)S1.
Workaround: There is no workaround.
Further Problem Description: The IPC failure and the line card reset occur after a depletion of the elements in the FrFab 608 byte queue for the line card. Consecutive outputs of the show controllers slot-number frfab queue command show a consistent and rapid leak of these buffers.
•
Symptoms: A Cisco router may crash during an LSP traceroute when a transit router responds with a downstream map TLV that contains a multipath length field that is set to 0, 1, 2, or 3.
Conditions: This symptom is observed during testing of the Cisco LSP ping draft version 3 in a network that uses a later version of the LSP ping draft.
The implementation of draft version 3 does not handle the multipath length field settings correctly. In draft version 3 and earlier drafts, there is an ambiguity on whether or not the multipath length field includes the four bytes comprising of the hash-key type, depth limit, and multipath length fields. As such, all implementations of the draft version 3 encode the length as four bytes and reply with a multipath length of four bytes.
When an LSP traceroute is invoked and a transit router replies with a downstream map TLV that contains a multipath length field that is set to a length shorter than four bytes, existing implementations handle this situation incorrectly and cause memory packet memory to become corrupted during the subsequent attempt to build an MPLS echo request packet. This situation eventually causes the router to crash.
Workaround: If LSP traceroute implementations exist on a transit router that cause the transit router to reply with a multipath length that is set to a value other than four, avoid using an LSP traceroute.
Note, however, that the implementations of Cisco LSP ping draft version 3 do not reply with multipath lengths that can cause this crash.
•
Symptoms: If CEF is disabled before a switchover is performed, configuring DCEF after the switchover will not enable DCEF on the VIPs.
Conditions: This symptom is observed on a Cisco 7500 series that is running Cisco IOS Release 12.0S and that is configured for High Availability.
Workaround: Make sure that DCEF is running before the switchover.
TCP/IP Host-Mode Services
•
Symptoms: An RR is unable to negotiate the optimal MSS with their MP-BGP neighbors.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.0(28)S1, that functions as an RR, and that has Path MTU Discovery (PMTUD) enabled. The symptom may also occur in other releases.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: FR links on 6-port channelized T3 and 2-port OC-3-channelized-to-DS1/E1 line cards may not recover when all of the links are removed and reconfigured for an MFR bundle. The same symptom may occur on serial interfaces.
Conditions: This symptom is observed when all links are removed from and re-added to the bundle while the bundle is briefly in a shut down state.
Workaround: To re-establish the bundles, enter the hw-module slot shelf-id/slot-number reload command. You can also delete and reconfigure the MFR interface or the serial interfaces. To prevent the symptom from occurring, wait a couple of seconds between entering the shutdown command and the no shutdown command when you remove and reconfigure the MFR bundle or serial interfaces.
•
Symptoms: On a POS interface on a VIP4-80 that is running PPP, the interface goes down and remains down. A manual shut and no shut of the interface is required to bring it up.
Conditions: This symptom is observed on a Cisco 7513 RSP that is running Cisco IOS Release 12.0S.
Workaround: Enter the shut command and followed by the no shut command on the interface.
•
Symptoms: A memory leak may occur in the "Multilink Events" process, which can be seen in the output of the show memory summary command:
0x60BC47D0 0000000024 0000000157 0000003768 MLP bundle name
0x60BC47D0 0000000028 0000000003 0000000084 MLP bundle name
0x60BC47D0 0000000044 0000000001 0000000044 MLP bundle name
0x60BC47D0 0000000048 0000000001 0000000048 MLP bundle name
0x60BC47D0 0000000060 0000000001 0000000060 MLP bundle name
0x60BC47D0 0000000064 0000000013 0000000832 MLP bundle name
0x60BC47D0 0000000068 0000000008 0000000544 MLP bundle name
0x60BC47D0 0000000072 0000000001 0000000072 MLP bundle name
0x60BC47D0 0000000076 0000000001 0000000076 MLP bundle name
0x60BC47D0 0000000088 0000000018 0000001584 MLP bundle nameConditions: This symptom is observed when two interfaces are configured in the same multilink group or are bound to the same dialer profile.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(28)S2
Cisco IOS Release 12.0(28)S2 is a rebuild of Cisco IOS Release 12.0(28)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(28)S2 but may be open in previous Cisco IOS releases. This section describes only severity 1, severity 2, and select severity 3 caveats.
Basic System Services
•
Symptoms: A "%SYS-2-LINKED: Bad enqueue ....." error message may be seen in the syslog of an LNS right after traffic is sent through a PPP multilink bundle that is established via an L2TP session on the LNS. This message is also seen when multilink PPP fragments are switched or when multicast packets are replicated.
Certain packet buffers (particle clones) are eventually depleted, and multilink fragmentation stops working when all particle clones are exhausted. You can monitor the availability of particle clones by entering the show buffers | begin Particle Clones: EXEC command; the command does not produce any output if no more particle clones are available.
Conditions: This symptom is observed with all features that use particles. The symptom is not specific to VPDN, GRE, or other features that use particles.
Workaround: There is no workaround.
Further Problem Description: Different symptoms may occur with different features.
•
Certain release trains of Cisco Internetwork Operating System (IOS), when configured to use the Cisco IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access Control System Plus (TACACS+) as a means to perform remote management tasks on Cisco IOS devices, may contain two vulnerabilities that can potentially cause Cisco IOS devices to exhaust resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial of Service (DoS) condition. Use of SSH with Remote Authentication Dial-In User Service (RADIUS) is not affected by these vulnerabilities.
Cisco has made free software available to address these vulnerabilities for all affected customers. There are workarounds available to mitigate the effects of the vulnerability (see the "Workarounds" section of the full advisory for details.)
This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml.
•
Symptoms: An IPv6 PIM neighbor may be down after changing the PIM configuration.
Conditions: This symptom is observed when the no ipv6 pim command is entered on some subinterfaces of a physical Ethernet interface and when PIM is enabled on several subinterfaces of the same physical Ethernet interface. The symptom affects both IPv4 and IPv6, and configurations with multicast and OSPF Hello messages.
Workaround: There is no workaround.
•
Symptoms: A TN-2-BADCONN message may appear in the log and may be quickly followed by an FIB Disable message, indicating that distributed CEF is disabled on all VIPs. The IPC buffers usage may grows very large (up to 600 MB) and these buffers may not be reclaimed.
Conditions: This symptom is observed on a distributed Cisco platform that uses IPC communication with a central route processor and distributed cards when commands are executed on the card (for example, the execute-on command, the show controller vip command, or other commands) and when the Telnet connection is lost before the execution of the command has completed.
Workaround: Reload the router to restore normal operation. Review operational monitoring processes and avoid scripts that collect information from the cards.
•
Symptoms: SNMP entries may be deleted when you configure SNMP or when you reload the router on which SNMP is configured.
Conditions: This symptom is observed when an SNMP user is configured with the same name or host name as a community.
Workaround: There is no workaround.
•
Symptoms: A router may generate a very large remote processing time report that may take between 10 and 25 seconds to be generated.
Conditions: This symptom is observed when you enter the rtr responder command for the first time and you do not reload the router.
Workaround: Reload the router after you have entered the rtr responder command.
•
Symptoms: A specifically crafted Transmission Control Protocol (TCP) connection to a telnet or reverse telnet port of a Cisco device running Internetwork Operating System (IOS) may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases Hypertext Transport Protocol (HTTP) access to the Cisco device. Telnet, reverse telnet, RSH and SSH sessions established prior to exploitation are not affected.
All other device services will operate normally.
Conditions: User initiated specially crafted TCP connection to a telnet or reverse telnet port results in blocking further telnet sessions. Whereas, services such as packet forwarding, routing protocols and all other communication to and through the device remains unaffected.
Workaround: The detail advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml.
•
Symptoms: A memory leak may occur in the IPC buffers of a Cisco router, and the output of the show processes memory command shows that the Pool Manager process holds increasingly more memory.
Router#show proc mem
Total: 231201504, Used: 202492916, Free: 28708588
PID TTY Allocated Freed Holding Getbufs Retbufs Process
...
5 0 149227592 69514888 79894996 135335724 66834832 Pool ManagerConditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(26)S2 or 12.0(26)S3. The memory leak is triggered by the SNMP polling of specific OIDs within the ciscoEnhancedMemPoolMIB MIB.
Workaround: Prevent the ciscoEnhancedMemPoolMIB MIB from being polled by explicitly configuring an SNMP view. To prevent this MIB from being accessed via any community strings, create a view and apply the view to all communities configured, as in the following example:
snmp-server view NOMEMPOOL iso included
snmp-server view NOMEMPOOL ciscoEnhancedMemPoolMIB excluded
snmp-server community public1 view NOMEMPOOL ro 6
snmp-server community public2 view NOMEMPOOL ro 7
snmp-server community public3 view NOMEMPOOL ro 8The specific MIB that is being blocked is ciscoEnhancedMemPoolMIB (1.3.6.1.4.1.9.9.221).
Once the configuration is in place, the router must be reloaded to clear the IPC cache and free the memory.
•
Symptoms: A standby PRE may crash because of an SNMP set operation during an SSO switchover.
Conditions: This symptom is observed on a Cisco 10000 series that runs Cisco IOS Release 12.0(28)S1. The symptom may be platform-independent.
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: When an snmpget is executed for an interface index below .1.3.6.1.2.1.31.1.1.1.6, the router responds with the following information:
ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifHCInOctets.12 : VARBIND EXCEPTION: No Such InstanceHowever, an snmpwalk executes successfully for an interface index below .1.3.6.1.2.1.31.1.1.1.6.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S3 when an snmpget is executed for 4GE-SFP-LC subinterfaces or for a 4GE-SFP-LC interface when there is another interface index for the same interface. The symptom may be platform-independent.
Workaround: Reload the router.
IP Routing Protocols
•
Symptoms: When you configure the distribute-list router configuration command under the address-family ipv4 vrf vrf name router configuration command, the distribute-list router configuration command may appear under the main routing process as may be displayed in the output of the show running-config EXEC command.
Conditions: This symptom is observed in either a Routing Information Protocol version 2 (RIPv2) or a Border Gateway Protocol (BGP) configuration when you specify the interface-type and interface-number arguments of the distribute-list {access-list-number | access-list-name} {in | out} [interface-type interface-number] router configuration command.
The symptom does not occur when you do not define the interface-type and interface-number arguments and only enter the distribute-list {access-list-number | access-list-name} {in | out} router configuration command.
Workaround: There is no workaround.
•
Symptoms: A router may unexpectedly reload because of a watchdog timeout or bus error in OSPF.
Conditions: This symptom is observed when iSPF is configured under OSPF.
Workaround: Remove the iSPF configuration from OSPF by entering the no ispf command.
•
Symptoms: EIGRP may incorrectly remove a connected route from a topology.
Conditions: This symptom is observed when you change the router network commands and there are overlapping networks. For example, if the following is configured:
int loopback1
ip addr 10.1.2.2 255.255.255.0
router eigrp 1
net 10.0.0.0 0.3.255.255and you change the network command to:
router(config-router)# net 10.0.0.0
router(config-router)# no net 10.0.0.0 0.3.255.255the connected route will be removed when it should be retained.
Workaround: Remove the old network command first before adding the new one, for example:
router(config-router)# no net 10.0.0.0 0.3.255.255
router(config-router)# net 10.0.0.0•
Symptoms: After a switchover on a router, one or more obsolete LSAs from a neighboring router may still be present in the topology. This is improper behavior: the LSAs should no longer be present in the topology.
Conditions: This symptom is observed when a switchover occur on a Cisco router that runs OSPF NSF and when a neighboring router flushes one or more of its self-originated LSAs.
Note that the LSAs automatically age out within an hour, unless the link that connects the router and the neighboring router is a demand circuit or has OSPF "flood-reduction" configured.
Workaround: If the LSA is an external LSA (type5/type7), enter the clear ip ospf redistribution command on the neighboring router. In all other cases, enter the clear ip ospf process command on the neighboring router.
•
Symptoms: A router LSA is not generated for a loopback address.
Conditions: This symptom is observed when you assign an IP address to an unnumbered interface.
Workaround: Enter the shutdown command followed by the no shutdown command on the loopback interface.
•
Symptoms: When VPNv4 route advertisement are received after BGP has converged, the existing path is updated but imported paths from the original path are not updated accordingly.
Conditions: This symptom is observed on a Cisco router that functions as a PE router when the maximum-paths number-of-paths import number-of-paths command is enabled. The symptom occurs when the path attributes are changed dynamically instead of the path being completely withdrawn and readvertised.
Workaround: Withdraw the prefix from the remote PE router and then readvertise the prefix.
•
Symptoms: A BGP update that is sent to a connected P router fails to report the martian next-hop log message when the next-hop field in the attribute of the BGP update is set to 255.255.255.255 (that is, all 1's). The P router does deny the advertisement of the MP_REACH_NLRI attribute to the other PE routers, but there is no log message to indicate that it is denying the advertisement and why it does so.
Conditions: This symptom is observed during MP-BGP negative testing for the MP_REACH attribute.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload unexpectedly when you enter the show ip msdp peer command.
Conditions: This symptom is observed when the MSDP session flaps while you enter the show ip msdp peer command.
Workaround: There is no workaround.
•
Symptoms: An MPLS TE tunnel stays stuck in the "Path Half Admitting" state, as is shown by the output of the show mpls traffic-eng tunnel command, thereby preventing the tunnel from coming up.
Conditions: This symptom may be observed when a particular third-party router that functions as the headend for the MPLS TE tunnel sends a Path message to a Cisco router that functions as the midpoint for the router MPLS TE tunnel and that does not have the mpls traffic-eng tunnels interface configuration command enabled on the outbound interface that would be used to forward the Path message.
Workaround: Enter the mpls traffic-eng tunnels interface configuration command on the outbound interface of the Cisco router. Then, enter the shutdown interface configuration command followed by the no shutdown interface configuration command on this interface, and save the configuration.
Miscellaneous
•
Symptoms: A Cisco platform that accesses the "system:/vfiles/tmstats_ascii" virtual file (for example, via "more system:/vfiles/tmstats_ascii") may crash because of bus error.
Conditions: This symptom is observed under normal working conditions when no configuration changes are made on a Cisco platform that runs Cisco IOS Release 12.0 S, 12.1 E, 12.2 or 12.3. When the "system:/vfiles/tmstats_ascii" virtual file is not used, the symptom does not occur.
Workaround: There is no workaround.
•
Symptoms: After an interface flaps or when you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on an interface that is configured for Hot Standby Router Protocol (HSRP), a virtual HSRP address may not respond to pings.
Conditions: This symptom is observed on a Cisco router that is configured with a 2-port Fast Ethernet Inter-Switch Link (ISL) port adapter (PA-2FEISL) that has at least one Fast Ethernet interface configured for HSRP.
The symptom occurs because the Fast Ethernet interface that is configured for HSRP is not switched to promiscuous mode when the HSRP group becomes active, preventing packets that are addressed to the HSRP virtual MAC address from being received by the interface. The output of the show controllers fastethernet user EXEC or privileged EXEC command displays whether the promiscuous mode is enabled or disabled.
Reboot the router to restore the router to proper operation.
Workaround: To prevent the symptom from occurring, enter the standby use-bia interface configuration command on the Fast Ethernet interface that is configured for HSRP.
Further Problem Description: This caveat only effects Fast Ethernet port adapters and network modules that use the AMDP2 chipset (for example, the PA-2FEISL). When you use such a port adapter or network module with HSRP configured and the interface goes down, HSRP does no longer function when the interface comes back up.
•
Symptoms: The native Gigabit Ethernet ports of a Cisco 7200 series NPE-G1 or a Cisco 7301 may stop forwarding traffic.
Conditions: This symptom is observed in a stress situation when bursty traffic is received.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 series router with a PA-2CT3+ or PA-CT3 port adapter does not provide the configured minimum bandwidth guarantees.
Conditions: This behavior appears to be limited to the multichannel T3 family of port adapters and appears consistently upon the configuration of CBWFQ.
Workaround: There is no workaround.
•
Symptoms: When an import map is configured on a VPN Routing/Forwarding (VRF) instance, the CE-learned routes are filtered out, preventing them from appearing in the VRF routing table.
Conditions: This symptom is observed when the import map word command is configured as part of the VRF configuration. Note that eBGP routes are not filtered out.
Workaround: There is no workaround.
•
Symptoms: MPLS forwarding may stop.
Conditions: This symptom is observed under the following conditions:
–
–
Workaround: There is no workaround.
•
Symptoms: Stale MPLS COS per-route entries may be left behind.
Conditions: This symptom is observed after the route disappears from the routing table in cell mode multi-VC network.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may crash if a PA driver attempts to convert an uncached iomem address to a cached iomem address.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with an NPE-G1.
Workaround: There is no workaround.
•
Symptoms: An LC-ATM-enabled subinterface on a PE router remains in the "not ready" state when you view the LDP session to the LSC in the output of the show mpls ldp discovery command. Entering the shutdown interface configuration command followed by the no shutdown interface configuration command on either the LC-ATM subinterface on the PE router or on the Xtag interface on the connected LSC does not clear the problem.
Conditions: This symptom is observed when the interface stays in the "interface not LDP ready" state and when there exists a stray LVC on the switch interface. The PE router reaches this state after multiple LDP flaps.
Workaround: Clear the symptoms by entering the clear ip route prefix command, in which the prefix argument is the local loopback address for the LC-ATM subinterface. Doing so causes all tailend LVCs on all LC-ATM subinterfaces to be torn down and re-established, and causes a brief customer outage. Only use this workaround if no alternate path (such as a redundant LC-ATM subinterface) exists for MPLS traffic towards the device. After applying the workaround, check the output of the show mpls atm summary command to confirm that the expected number of LVCs has been re-established. If bindings are not successfully re-established, re-enter the clear ip route prefix command, or reload the router.
When you reload the router, the stray LVC is removed and the LDP session on the LC-ATM subinterface of the PE router is brought back to a normal state.
•
Symptoms: The committed information rate (CIR), normal burst, and maximum burst of the police (percent) command in a policy map are set incorrectly.
Conditions: This symptom is observed when the policy map is attached to an MLP interface that is configured for LFI and that is in the "DOWN" state.
Workaround: Attach the policy map when the MLP interface is in the "UP" state.
•
Symptoms: All VIPs in a Cisco 7500 series restart as a consequence of a Cbus complex that is triggered by a stuck output. Just before the output becomes stuck, IPC timeout errors occur.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3(5) in a dLFIoATM environment. The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: An LDP session over a tunnel interface may drop and not come back up.
Conditions: This symptom is observed on a Cisco router running Cisco IOS Release 12.0(27)S1 when auto-tunnel traffic engineering is configured and when RSVP label distribution is configured in the MPLS core.
Workaround: Run LDP in the MPLS core for all interfaces that have auto-tunnel traffic engineering configured.
•
Symptoms: When a single bundle link associated with a Multilink Frame Relay (MFR) interface is brought up, LMI exchanges over the MFR interfaces may not happen.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for MFR.
Workaround: There is no workaround.
•
Symptoms: Neighbor adjacencies for the IS-IS, OSPF, or other routing protocol may bounce during a Nonstop Forwarding (NSF) switchover.
Conditions: This symptom is observed when you enable a routing protocol for NSF and you enter the external overload signalling router configuration command. The following configuration illustrates this situation for IS-IS:
router isis area-tag nsf [cisco | ietf] external overload signalling
Workaround: Disable the external overload signalling router configuration command.
•
Symptoms: A Cisco 7500 series multichannel T3 port adapter (PA-MC-2T3+) may not provide a two-second delay before bringing down the T3 controller.
Conditions: This symptom is observed when an alarm as defined in the ANSI T1.231 specification occurs.
Workaround: There is no workaround.
•
Symptoms: When the controller of multichannel T3 port adaptor (PA-MC-2T3+) goes down for a short duration and an alarm occurs, the port adapter does not report the type of alarm.
Conditions: This symptom is observed on a Cisco 7200 series and Cisco 7500 series that are configured with a PA-MC-2T3+. The port adapter should provide a history table of recent alarm conditions along with a corresponding time stamp to allow for proper troubleshooting.
Workaround: There is no workaround.
•
Symptoms: BGP adjacencies may time out on an Engine 3 channelized OC-12 line card.
Conditions: This symptom is observed on a Cisco 12000 series when you use Multilink PPP (MLP) interfaces with service policies attached.
Workaround: There is no workaround.
•
Symptoms: A ping to an interface of an Engine 3 Gigabit Ethernet line card fails after an RP switchover occurs.
Conditions: This symptom is observed on a Cisco 12000 series that functions in SSO HA mode when an RP switchover occurs after the line card has been reloaded.
Workaround: There is no workaround.
•
Symptoms: A VIP may crash with a bus error and generate the following error message:
%ALIGN-1-FATAL: Illegal access to a low addressThis occurs after the following scheduler error in the "req_proc" process:
%SYS-2-INTSCHED: 'sleep for' at level 2 -
Process= "req_proc", ipl= 2, pid= 27Conditions: This symptom is observed on a Cisco 7500 series that runs a Cisco IOS image that contains the fix for CSCec07487 when a PA-MC-8TE1+ is installed in the VIP.
Workaround: There is no workaround.
•
Symptoms: An E4+ POS line card reports %TX192-3-PAM_MODULE and %TX192-3-PAM_PIM errors. On rare occasions the line card may crash when it receives a malformed packet.
Conditions: These symptoms are observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(25)S3 or Release 12.0(26)S4.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series T3 port adapter (PA-2T3+) may not provide a two-second delay before bringing down the T3 controller.
Conditions: This symptom is observed when an alarm as defined in the ANSI T1.231 specification occurs.
Workaround: There is no workaround.
•
Symptoms: Unexpected behavior may occur when the tx-ring-limit ring-limit command and HQF are configured: a memory leak may occur in the pool manager of the router.
Conditions: This symptom is observed when traffic is sent at high speed (higher than the line rate) and when the ring-limit argument is less than 255.
Workaround: There is no workaround.
•
Symptoms: A VIP may crash when you remove a service policy from a multilink interface or when a member link is removed from the multilink interface while heavy traffic is being processed.
Conditions: This symptom is observed on a Cisco 7500 series that has an RSP and that is configured for dLFI over a leased line, MLP, and QoS.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 series that operates in the process switching path may crash with a bus error exception.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.2(13b)M2 and that is configured with a serial or POS port adapter. The symptom may also occur in other releases.
Workaround: Enter the ip route cache command for all interfaces.
•
Symptoms: MALLOCFAIL messages may be generated during an attempt to allocate large negative and positive memory blocks in the "cpf_process_ipcQ" process:
%SYS-2-MALLOCFAIL: Memory allocation of -1622998781 bytes failed from 0x60B5BE48, alignment 0
Pool: Processor Free: 371055532 Cause: Not enough free memory
Alternate Pool: None Free: 0 Cause: No Alternate pool
-Process= "cpf_process_ipcQ", ipl= 0, pid= 141
-Traceback= 603DDCB0 603E005C 60B5BE50 60B5C140 60B5C62C 60B59A0C 603D5D1C 603D5D08
%SYS-2-MALLOCFAIL: Memory allocation of 344820739 bytes failed from 0x60B5BE48, alignment 0
Pool: Processor Free: 363937412 Cause: Memory fragmentation
Alternate Pool: None Free: 0 Cause: No Alternate pool
-Process= "cpf_process_ipcQ", ipl= 0, pid= 141
-Traceback= 603DDCB0 603E005C 60B5BE50 60B5C140 60B5C62C 60B59A0C 603D5D1C 603D5D08Conditions: This symptom is observed on a Cisco 10000 series that runs Cisco IOS Release 12.0(24)S5.
•
Symptoms: On an RTR probe, an RSP does not report input or output packets for serial interfaces of PA-MC-8T1, PA-MC-8E1, and PA-MC-8TE1+ port adapters.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.2(23a) or Release 12.3 and is more likely to occur when the number of channelized port adapters (such as the PA-MC-8T1, PA-MC-8E1, and PA-MC-8TE1+ port adapters) that are installed in the router is high. The symptom may also occur in other releases.
Workaround: Reload the router.
Alternate Workaround: Enter the reload microcode router configuration command.
•
Symptoms: The CPU utilization of a router that is configured for Multiprotocol Label Switching (MPLS) may temporarily increase to 80 or 90 percent when a peer router is reloaded or when an interface with a large number of numbered subinterfaces is administratively enabled.
Conditions: The symptom is observed in a rare situation when label distribution protocol (LDP) is used in configurations with a very large number of numbered interfaces. When this problem occurs, the output of the show process cpu sorted command shows that the "Tagcon Addr" process consumes the majority of the CPU cycles.
Workaround: There is no workaround.
•
Symptoms: The subinterface of a link bundle member is not deleted when you reload microcode onto (or perform an OIR of) the line card on which the channel group is configured.
Conditions: This symptom is observed on a Cisco 12000 series when a large number of subinterfaces are configured on a port channel, when you remove a member from the channel group, and when you immediately afterwards reload microcode onto the line card. After the line card has come up, you cannot add members to the channel group until all the subinterfaces of the removed member are deleted. This situation occurs because of a race condition.
Workaround: Wait for a few seconds after you remove a member from the channel group before you reload microcode onto the line card.
•
Symptoms: IPv6 unicast and multicast traffic may not recover on an Engine 4 plus (E4+) 1x10 GE line card after you have performed two software OIRs of the primary CSC.
Conditions: This symptom is observed on a Cisco 12000 series that runs the gsr-p-mz image of Cisco IOS Release 12.0S.
Workaround: Reload the E4+ 1x10 GE line card.
•
Symptoms: An Engine 2 3-port Gigabit Ethernet line card may stop transmitting packets.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(24)S6.
Workaround: Enter the hw-module reload command to enable the line card to resume transmitting packets.
•
Symptoms: Line cards in a Cisco 12000 series may fail when an RP switchover occurs.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with two PRPs and that runs a Cisco IOS interim release for Release 12.0(30)S when you enter the redundancy force-switchover command. Note, however, that this caveat is resolved in Release 12.0(30)S.
Workaround: There is no workaround.
•
Symptoms: An Engine 2 8-port ATM line card may not forward traffic from a VRF.
Conditions: This symptom is observed on a Cisco 12000 series when the prefix of the VRF is imported using an MPBGP tag.
Workaround: There is no workaround.
•
Symptoms: After you have entered the clear cef line command, when you enter the show ip cef command for the RP and for a line card, the output is inconsistent.
Conditions: This symptom is observed on a Cisco 12000 series that runs a Cisco IOS interim release for Release 12.0(30)S and that is configured for Fast ReRoute.
Workaround: There is no workaround.
•
Symptoms: On a Cisco 12000 series that functions as an egress PE router in an MPLS VPN network, after the customer-facing Gigabit Ethernet line card is reloaded, the ingress line card that receives an incoming VPN label with a destination with a glean adjacency (which requires an ARP) without a BGP session may not properly complete the adjacency, causing traffic to be dropped.
Conditions: This symptom is mostly observed with static recursive route configurations. To recover from the symptom, manually ping the interface of the CE router from the adjacent PE router.
Workaround: Configure the static ARP entries for the nexthop router that is configured in the static recursive routes.
•
Symptoms: A 4GE-SFP-LC line card may reload unexpectedly when it processes QoS traffic in a configuration with a VLAN on a VCG that is configured with an ingress CoS.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S or a later release when the resolved ARPs are deleted, for example, when routers flap, when BGP peers do not respond, or when you enter the clear arp command. Note that the symptom may also occur on releases earlier than Release 12.0(26)S.
The ingress CoS includes a set command for the matched class: either a police command with a set command or a simple set command and either a set-mpls command or a set-dscp command.
Possible Workaround: Configure static ARPs.
•
Symptoms: Load-balancing does not work over a BGP multipath. Some of the traffic may be forwarded correctly while other traffic may be forwarded unlabeled into the MPLS core.
Conditions: This symptom is observed on a Cisco router that functions as a PE router when the following conditions are present:
–
–
–
Workaround: Avoid a multihop eBGP session in which the CE router is reachable through the MPLS core. For example, instead of a configuration in which the CE router connects to the PE router across the MPLS core, configure the CE peer to connect to a local PE router that redistributes the routes it has learned from the CE peer to other PE routers. (The local PE router may need to be configured for eiBGP multipath.)
•
S
Guest