Table Of Contents
Resolved Caveats—Cisco IOS Release 12.0(26)S6
Resolved Caveats—Cisco IOS Release 12.0(26)S5
Resolved Caveats—Cisco IOS Release 12.0(26)S4
Resolved Caveats—Cisco IOS Release 12.0(26)S3
Resolved Caveats—Cisco IOS Release 12.0(26)S2
Resolved Caveats—Cisco IOS Release 12.0(26)S1
Resolved Caveats—Cisco IOS Release 12.0(26)S
Resolved Caveats—Cisco IOS Release 12.0(25)S4
Resolved Caveats—Cisco IOS Release 12.0(25)S3
Resolved Caveats—Cisco IOS Release 12.0(25)S2
Resolved Caveats—Cisco IOS Release 12.0(25)S1
Resolved Caveats—Cisco IOS Release 12.0(25)S
Resolved Caveats—Cisco IOS Release 12.0(24)S6
Resolved Caveats—Cisco IOS Release 12.0(24)S5
Resolved Caveats—Cisco IOS Release 12.0(24)S4
Resolved Caveats—Cisco IOS Release 12.0(24)S3
Resolved Caveats—Cisco IOS Release 12.0(24)S2
Resolved Caveats—Cisco IOS Release 12.0(24)S1
Resolved Caveats—Cisco IOS Release 12.0(24)S
Resolved Caveats—Cisco IOS Release 12.0(26)S6
Cisco IOS Release 12.0(26)S6 is a rebuild of Cisco IOS Release 12.0(26)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(26)S6 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
Interfaces and Bridging
•
CSCef01220
Symptoms: A Versatile Interface Processors (VIP) with a PA-MC-8TE1 port adapter may report its memory size as unknown even though the VIP appears to function normally, and Distributed Multicast Fast Switching (DMFS) may fail to function properly.
Conditions: This symptom is observed on a Cisco 7500 series when any of the following conditions are present:
–
–
Workaround: Enter the card type {t1 | e1} slot [bay] command on the PA-MC-8TE1+ port adapter and ensure that none of the controllers on this port adapter are shut down.
•
Symptoms: A few permanent virtual circuits (PVCs) go into a stuck state causing OutPktDrops on a Cisco 7200 router.
Conditions: This symptom occurs on a Cisco 7200 router running Cisco IOS Release 12.2(26) with a PA-A3-T3 ATM interface. The symptom may also occur in other releases.
Workaround: Remove and re-apply the PVC statement.
IP Routing Protocols
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1.
2.
3.
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
Symptoms: A router that is configured for OSPF may reload unexpectedly and reference the "ospf_build_one_paced_update" process.
Conditions: This symptom is observed on a Cisco router that has a mixture of LSAs (of type 5 and 11) that travel throughout an autonomous system and LSAs (of any type other than type 5 and 11) that travel within a particular OSPF area. The symptom may occur at any time without any specific changes or configuration and is not specifically related to any type of LSA.
Workaround: There is no workaround.
Further Problem Description: The symptom is very unlikely to occur. The symptom does not occur on a router that has exclusively stub areas and NSSA areas. The symptom may occur when a router does not have exclusively stub areas and NSSA areas.
•
Symptoms: BGP fails to send an update or withdraw message to some peers when these peers have failed to converge properly after an earlier attempt.
Conditions: This symptom is observed on a Cisco router when you enter the clear ip bgp neighbor-address soft out command while BGP is in the middle of converging. The symptom does not occur when network traffic load is low and BGP has converged.
Workaround: To clear the error condition, enter the clear ip bgp neighbor-address soft out command again. Alternately, enter the clear ip bgp neighbor-address command (that is, without the soft out keyword).
•
Symptoms: The Multiprotocol BGP (MP-BGP) network entries counter increases above the real number of reachable networks.
Conditions: This symptom is observed when network activity occurs in a non-converged environment. The correct number of network entries is restored when there is a period of BGP stability that last for about 1 minute or more because BGP is able to converge and the scanner has time to run and collect the old network entries. However, if there is a sustained period of churn and BGP is only able to converge for a few seconds before new updates arrive, old BGP network entries are not cleaned up, causing the MP-BGP network entries counter to increase above the real number of reachable networks.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: A POS Engine 2 line card originates a high traffic volume to a downstream router over a POS link because the same packet is sent over and over.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(22)S5.
Workaround: There is no workaround.
•
Symptoms: When a large number of VRFs are configured, input OAM F5 loopback cells on the ATM interface are dropped continuously, even without traffic. You can see drops at "OAM cell drops" in the output of the show atm traffic EXEC command and at "Input queue drops" in the output of the show interface ATM EXEC command.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.2(19), Release 12.3(5), or Release 12.3(4)T2 when the oam-pvc manage and ip vrf global configuration commands are configured. The symptom may also occur in other releases.
Workaround: Remove the ip vrf command. There is no workaround for a router such as a provider edge (PE) router that cannot remove VRFs.
•
Symptoms: When you use snmpget to retrieve information directly from the ifIndex table, the following error message is generated:
No Such Instance currently exists at this OID.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S.
Workaround: Do not snmpget. Rather, use snmpwalk or snmpgetnext.
•
Symptoms: If link bundling is configured on any line card in the router and the link bundle is loaded onto an Engine 2 line card that has VPN on FR subinterfaces and that is processing traffic, the Engine 2 line card may reload.
Conditions: This symptom is observed on a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0(28)S.
Workaround: There is no workaround.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1.
2.
3.
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1.
2.
3.
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
Cisco Internetwork Operating System (IOS) software is vulnerable to a Denial of Service (DoS) and potentially an arbitrary code execution attack from a specifically crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to process IPv6 traffic are affected. Upon successful exploitation, the device may reload or be open to further exploitation.
Cisco has made free software available to address this vulnerability for all affected customers.
More details can be found in the security advisory that is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml.
•
Symptoms: A VPN traceroute is broken. Packets drop at the CE1 where a port channel is configured as default route.
Conditions: This symptom occurs when a port channel is configured as a default route. The adjacency is always a drop/punt, which causes packets to drop.
Workaround: Do not configure a port channel as a default route.
•
Symptoms: On a Cisco router that functions as an egress PE router in an MPLS VPN network, after the customer-facing line card is reloaded, the ingress line card that receives an incoming VPN label with a destination with a glean adjacency (which requires an ARP request) without a BGP session may not properly complete the adjacency, causing traffic to be dropped.
Conditions: This symptom is mostly observed with static recursive route configurations. You can recover from the symptom by manually pinging the interface of the CE router from the adjacent PE router.
Workaround: Configure static ARP entries for the next hop router in the static recursive routes.
•
Symptoms: Several VIPs may crash at about the same time because of a bus error.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(26)S4 and that is configured with an RSP4 when the VIPs are configured for QoS but have insufficient memory.
Workaround: Increase the amount of memory on the VIPs.
•
Symptoms: Priority packets are dropped when a VIP is reset because of an OIR, microcode reload, or CBUS complex reset.
Conditions: The symptom is observed only on a multilink interface that has both input and output service policies enabled when the input policy is configured for policing or when the input policy is removed from the multilink interface.
Workaround: Enter the shutdown command followed by the no shutdown command on the multilink interface, or remove and re-attach the output policy.
•
Symptoms: An Engine 6 line card may reset because of an IPC timeout.
Conditions: This symptom is observed on a Cisco 12816 that runs Cisco IOS Release 12.0(27)S4 when you enter the shutdown command on the primary Clock Scheduler Card (CSC) or you enter the no shutdown command on the secondary CSC that is in the shut down state.
Workaround: There is no workaround.
•
Symptoms: One of the following two symptoms may occur on a POS ISE egress line card:
–
–
%EE48-4-GULF_TX_SRAM_ERROR: ASIC GULF: TX bad packet header detected. Details=0x4000
Conditions: These symptoms are observed on a Cisco 12000 series when an invalid packet is forwarded to an egress interface on an ISE line card.
Workaround: If the transmission on the interface is stuck, reload the line card by entering the hw-module slot x reload command.
•
Symptoms: In a tag switching-to-IP switching scenario with an ISE ingress line card and an Engine 4 plus (E4+) egress line card, the following bad packets may be forwarded to the E4+ line card:
–
–
–
–
–
–
–
These bad packets cause packet corruption and an "TX192-3-PAM_PIM" error message on the E4+ line card and may even cause the E4+ line card to reset.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
Further Problem Description: The fix for this caveat enables the ISE line card to drop the above-mentioned bad packets.
•
Symptoms: An Engine 3 line card sends unlabeled traffic after it has been toggled from explicit routing to default routing. The symptom is related to the handling of a default-route on an Engine 3 ingress line card that functions in an IP-to-MPLS path.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(30)S1 or any other image that includes the fix for caveat CSCsa64782, which is a preliminary requisite for default-route handling on an Engine 3 line card. The symptom occurs in the following scenario:
1.
2.
3.
After the transition from non-default routing to default routing, entering the clear ip route network command, with the address of the next hop for the network argument, causes an inconsistency, and traffic is forwarded as unlabeled.
Workaround: To restore proper operation, enter the clear ip route 0.0.0.0 command.
•
Symptoms: In a tag switching-to-IP switching scenario with an ISE ingress line card and an Engine 4 plus (E4+) egress line card, the following bad packets may be forwarded to the E4+ line card:
–
–
–
–
–
–
–
These bad packets cause packet corruption and an "TX192-3-PAM_PIM" error message on the E4+ line card and may even cause the E4+ line card to reset.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
Further Problem Description: The fix for this caveat enables the ISE line card to drop the above-mentioned bad packets.
•
Symptoms: An Engine 4 plus (E4+) line card that functions in an IP-to-tag switching scenario may generate "TX192-3-PAM_MODULE" and "%TX192-3-PAM_PIM" error messages and tracebacks or may crash.
Conditions: This symptom is observed on a Cisco 12000 series when the ingress interface is an Engine 2 line card that has an input ACL and when an external LDP flap occurs that affects the Engine 4+ line card.
Workaround: There is no workaround.
•
Symptoms: A Engine 3 ISE line card may not properly handle incoming bad IP packets but may generate a traceback and a transient error message:
%GSR-3-INTPROC: Process Traceback= 400E10B4 400FBA2C
-Traceback= 4047917C 405E5274 400F4B58
%EE48-3-BM_ERRS: FrFab BM SOP error 40000
%EE48-3-BM_ERR_DECODE: FrFab SOP macsopi_bhdr_pkt_len_zero_err%GSR-3-INTPROC: Process Traceback= 400E1090 400FBA2C
-Traceback= 4047917C 405E5274 400F4B58
%LC-4-ERRRECOVER: Corrected a transient error on line card.The line card may also crash.
Conditions: These symptoms are observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S1 or Release 12.0(26)S5a.
Workaround: There is no workaround.
•
Symptoms: When an ingress ISE line card is used with a default route that iBGP learns over a MPLS core, the following two symptoms may occur:
–
–
Conditions: These symptoms are observed on a Cisco 12000 series when the traffic path follows a recursive default route and when recursive load sharing occurs.
Workaround: Prevent outbound load sharing to the default route by changing the IGP metrics.
•
Symptoms: When you boot a Cisco 12000 series, some Layer 1 and CoS command are rejected with the following error messages:
Command "pos threshold sd-ber 9" not allowed on link-bundle member interface POS1/0 Command "tx-cos TEST" not allowed on link-bundle member interface POS1/0
Conditions: This symptom is observed on a Cisco 12000 series when a POS interface of an Engine 0 or Engine 2 line card has the tx-cos command enabled and is a member of a port channel or POS channel.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(26)S5
Cisco IOS Release 12.0(26)S5 is a rebuild of Cisco IOS Release 12.0(26)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(26)S5 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
Basic System Services
•
Symptoms: A Cisco router may reload when it performs Simple Network Management Protocol (SNMP) Notification Log MIB queries.
Conditions: This symptom is observed on all versions of Cisco IOS software.
Workaround: There is no workaround; however, the symptoms are not observed on a Cisco ONS 15530 or a Cisco ONS 15540 switch module because the symptoms have been resolved on these platforms.
•
Certain release trains of Cisco Internetwork Operating System (IOS), when configured to use the Cisco IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access Control System Plus (TACACS+) as a means to perform remote management tasks on Cisco IOS devices, may contain two vulnerabilities that can potentially cause Cisco IOS devices to exhaust resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial of Service (DoS) condition. Use of SSH with Remote Authentication Dial-In User Service (RADIUS) is not affected by these vulnerabilities.
Cisco has made free software available to address these vulnerabilities for all affected customers. There are workarounds available to mitigate the effects of the vulnerability (see the "Workarounds" section of the full advisory for details.)
This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml.
•
Symptoms: A router may generate a very large remote processing time report that may take between 10 and 25 seconds to be generated.
Conditions: This symptom is observed when you enter the rtr responder command for the first time and you do not reload the router.
Workaround: Reload the router after you have entered the rtr responder command.
•
Symptoms: A specifically crafted Transmission Control Protocol (TCP) connection to a telnet or reverse telnet port of a Cisco device running Internetwork Operating System (IOS) may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases Hypertext Transport Protocol (HTTP) access to the Cisco device. Telnet, reverse telnet, RSH and SSH sessions established prior to exploitation are not affected.
All other device services will operate normally.
Conditions: User initiated specially crafted TCP connection to a telnet or reverse telnet port results in blocking further telnet sessions. Whereas, services such as packet forwarding, routing protocols and all other communication to and through the device remains unaffected.
Workaround: The detail advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml.
•
Symptoms: A memory leak may occur in the IPC buffers of a Cisco router, and the output of the show processes memory command shows that the Pool Manager process holds increasingly more memory.
Router#show proc mem
Total: 231201504, Used: 202492916, Free: 28708588
PID TTY Allocated Freed Holding Getbufs Retbufs Process
...
5 0 149227592 69514888 79894996 135335724 66834832 Pool Manager
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(26)S2 or 12.0(26)S3. The memory leak is triggered by the SNMP polling of specific OIDs within the ciscoEnhancedMemPoolMIB MIB.
Workaround: Prevent the ciscoEnhancedMemPoolMIB MIB from being polled by explicitly configuring an SNMP view. To prevent this MIB from being accessed via any community strings, create a view and apply the view to all communities configured, as in the following example:
snmp-server view NOMEMPOOL iso included
snmp-server view NOMEMPOOL ciscoEnhancedMemPoolMIB excluded
snmp-server community public1 view NOMEMPOOL ro 6
snmp-server community public2 view NOMEMPOOL ro 7
snmp-server community public3 view NOMEMPOOL ro 8
The specific MIB that is being blocked is ciscoEnhancedMemPoolMIB (1.3.6.1.4.1.9.9.221).
Once the configuration is in place, the router must be reloaded to clear the IPC cache and free the memory.
Interfaces and Bridging
•
Symptoms: A Cisco router may report spurious accesses when configured for Multilink PPP (MLPPP). This appears to be caused by fragmentation.
%ALIGN-3-SPURIOUS: Spurious memory access made at [hex] reading [hex] %ALIGN-3-TRACE: -Traceback=[hex]
Conditions: MLPPP must be configured for this symptom to occur.
Workaround: There is no workaround.
•
Symptoms: When you enter the show ip interface brief, the output indicates that a serial subinterface has a down status and that the protocol is down too:
router# show ip interface brief
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 10.7.0.68 YES NVRAM up up
Ethernet0/1 unassigned YES NVRAM administratively down down
Ethernet0/2 unassigned YES NVRAM administratively down down
Ethernet0/3 unassigned YES NVRAM administratively down down
Ethernet0/4 unassigned YES NVRAM administratively down down
Ethernet0/5 unassigned YES NVRAM administratively down down
Serial4/0 unassigned YES NVRAM administratively down down
Serial4/1 unassigned YES NVRAM administratively down down
Serial4/2 unassigned YES NVRAM administratively down down
Serial4/3 unassigned YES NVRAM administratively down down
Serial4/4 unassigned YES NVRAM administratively down down
Serial4/5 unassigned YES NVRAM administratively down down
Serial4/6 unassigned YES NVRAM administratively down down
Serial4/7 unassigned YES NVRAM administratively down down
Serial5/0:23 10.0.0.1 YES NVRAM down down
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(26)S1 when you attempt to configure the interface and bring it up.
Workaround: There is no workaround.
•
Symptoms: When an snmpget is executed for an interface index below .1.3.6.1.2.1.31.1.1.1.6, the router responds with the following information:
ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifHCInOctets.12 : VARBIND EXCEPTION: No Such Instance
However, an snmpwalk executes successfully for an interface index below .1.3.6.1.2.1.31.1.1.1.6.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S3 when an snmpget is executed for 4GE-SFP-LC subinterfaces or for an 4GE-SFP-LC interface when there is another interface index for the same interface. The symptom may be platform-independent.
Workaround: Reload the router.
IP Routing Protocols
•
Symptoms: A router may unexpectedly reload because of a watchdog timeout or bus error in OSPF.
Conditions: This symptom is observed when iSPF is configured under OSPF.
Workaround: Remove the iSPF configuration from OSPF by entering the no ispf command.
•
Symptoms: An Open Shortest Path First version 3 (OSPFv3) adjacency may flap when a standby Route Processor (RP) comes up after a switchover has occurred or after a router has reloaded. The router database may contain duplicate entries of the network link-state advertisement (LSA), or link LSA, or both.
Conditions: This symptom is observed after a switchover has occurred when the interface number of the interface that is configured for OSPFv3 changes.
This symptom is also observed after the router has reloaded when the interface number of the interface that is configured for OSPFv3 changes and when the neighbor still has the LSA (that was generated by the router on which the symptom occurs) with the old Link State ID (LSID) in its database. This situation may occur when the router does not clean up its LSA (for example, when the router reloads unexpectedly) or when the interface that connects to the neighbor is shut down before the router reloads and then brought back up after the router has reloaded.
Workaround: There is no workaround.
•
Symptoms: When a Cisco router is a midpoint of a TE tunnel and the tunnel headend is a third- party vendor router, the Cisco router may crash.
Conditions: This symptom is observed during a period of network instability and may occur when a TE tunnel does not contain an EXPLICIT ROUTE object and when the tunnel is dynamically routed by using OSPF cost only.
Workaround: Use an EXPLICIT ROUTE object or ensure that there are no alternate paths in the network.
•
Symptoms: The IP background process is sluggish.
Conditions: This symptom occurs when many interfaces go down at the same time.
Workaround: There is no workaround.
•
A Cisco device running Cisco IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DoS) attack from a malformed BGP packet. Only devices with the bgp log-neighbor-changes command configured are vulnerable. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet.
If a misformed packet is received and queued up on the interface, this bug may also be triggered by other means which are not considered remotely exploitable such as the use of the show ip bgp neighbors command or running the debug ip bgp neighbor updates command for a configured BGP neighbor.
Cisco has made free software available to address this problem.
For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20050126-bgp.shtml
•
Symptoms: When VPNv4 route advertisement are received after BGP has converged, the existing path is updated but imported paths from the original path are not updated accordingly.
Conditions: This symptom is observed on a Cisco router that functions as a PE router when the maximum-paths number-of-paths import number-of-paths command is enabled. The symptom occurs when the path attributes are changed dynamically instead of the path being completely withdrawn and readvertised.
Workaround: Withdraw the prefix from the remote PE router and then readvertise the prefix.
•
Symptoms: An MPLS TE tunnel stays stuck in the "Path Half Admitting" state, as is shown by the output of the show mpls traffic-eng tunnel command, thereby preventing the tunnel from coming up.
Conditions: This symptom may be observed when a particular third-party router that functions as the headend for the MPLS TE tunnel sends a Path message to a Cisco router that functions as the midpoint for the router MPLS TE tunnel and that does not have the mpls traffic-eng tunnels interface configuration command enabled on the outbound interface that would be used to forward the Path message.
Workaround: Enter the mpls traffic-eng tunnels interface configuration command on the outbound interface of the Cisco router. Then, enter the shutdown interface configuration command followed by the no shutdown interface configuration command on this interface, and save the configuration.
Miscellaneous
•
Symptoms: An output wedge and drops may occur on the multilink interface of a Cisco 7200 series. The output of the show interfaces privileged EXEC command may display the following information:
.
.
.
Multilink3 is up, line protocol is up
.
.
.
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 5526
Queueing strategy: fifo
Output queue: 31/40 (size/max)
.
.
.
Conditions: This symptom is observed on a multilink interface that has two E1 interfaces in a multilink bundle when there is a low traffic rate.
Workaround: Use the physical interface without a multilink bundle.
•
Symptoms: When changing the MTU on an Engine 2 3-port 1GE line card, the line card may reload.
Conditions: This symptom is observed on a Cisco 12416 router that is running the gsr-p-mz image of Cisco IOS Release 12.0(26)S.
Workaround: Ensure there is no traffic going through the Engine 2 3-port 1GE line card when attempting to change the MTU.
•
Symptoms: When a single bundle link associated with a Multilink Frame Relay (MFR) interface is brought up, LMI exchanges over the MFR interfaces may not happen.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for MFR.
Workaround: There is no workaround.
•
Symptoms: A VIP crashes with the following error message:
VIP-3-SYSTEM_EXCEPTION: VIP System Exception occurred sig=10, code=0x10
Conditions: This symptom is observed on a Cisco 7500 series when you re-use a channel group (or subinterface) that was previously configured with a Frame Relay DLCI "set" service policy.
Workaround: Remove the "set" service-policy before you remove the channel group (or subinterface).
•
Symptoms: The SNMP counters and CLI for Frame Relay subinterfaces may be incorrect.
Conditions: This symptom is observed a Cisco 12000 series with ISE POS line cards.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series multichannel T3 port adapter (PA-MC-2T3+) may not provide a two-second delay before bringing down the T3 controller.
Conditions: This symptom is observed when an alarm as defined in the ANSI T1.231 specification occurs.
Workaround: There is no workaround.
•
Symptoms: An E4+ POS line card reports %TX192-3-PAM_MODULE and %TX192-3-PAM_PIM errors. On rare occasions the line card may crash when it receives a malformed packet.
Conditions: These symptoms are observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(25)S3 or Release 12.0(26)S4.
Workaround: There is no workaround.
•
Symptoms: A dual SRP ring fails to become active completely due to an is-type mismatch. The output of the show clns neighbors command indicates that a certain system interface remains in the "Init" state indefinitely, although the output of the show ip interface brief command shows that this interface is up.
Conditions: This symptom is observed when a dual SRP ring is configured on three routers that run Cisco IOS Release 12.2S. The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series T3 port adapter (PA-2T3+) may not provide a two-second delay before bringing down the T3 controller.
Conditions: This symptom is observed when an alarm as defined in the ANSI T1.231 specification occurs.
Workaround: There is no workaround.
•
Symptoms: High CPU utilization may cause interfaces to flap, and the following spurious memory access messages may be generated:
%ALIGN-3-SPURIOUS: Spurious memory access made at 0x603C2724 reading 0x194 %ALIGN-3-TRACE: -Traceback= 603C2724 601D2888 601D40B4 00000000 00000000 00000000 00000000 00000000
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(23)S when you the clear cef linecard command.
Workaround: There is no workaround.
•
Symptom: A line card with an ATM QoS configuration may crash.
Condition: This symptom is observed on a Cisco 12406 that runs a Cisco IOS interim release of Release 12.0(29)S.
Workaround: There is no workaround.
•
Symptoms: IPv6 unicast and multicast traffic may not recover on an Engine 4 plus (E4+) 1x10 GE line card after you have performed two software OIRs of the primary CSC.
Conditions: This symptom is observed on a Cisco 12000 series that runs the gsr-p-mz image of Cisco IOS Release 12.0S.
Workaround: Reload the E4+ 1x10 GE line card.
•
Symptoms: An Engine 2 3-port Gigabit Ethernet line card may stop transmitting packets.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(24)S6.
Workaround: Enter the hw-module reload command to enable the line card to resume transmitting packets.
•
Symptoms: Line cards in a Cisco 12000 series may fail when an RP switchover occurs.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with two PRPs and that runs a Cisco IOS interim release for Release 12.0(30)S when you enter the redundancy force-switchover command. Note, however, that this caveat is resolved in Release 12.0(30)S.
Workaround: There is no workaround.
•
Symptoms: On a Cisco 12000 series that functions as an egress PE router in an MPLS VPN network, after the customer-facing Gigabit Ethernet line card is reloaded, the ingress line card that receives an incoming VPN label with a destination with a glean adjacency (which requires an ARP) without a BGP session may not properly complete the adjacency, causing traffic to be dropped.
Conditions: This symptom is mostly observed with static recursive route configurations. To recover from the symptom, manually ping the interface of the CE router from the adjacent PE router.
Workaround: Configure the static ARP entries for the nexthop router that is configured in the static recursive routes.
•
Symptoms: A 4GE-SFP-LC line card may reload unexpectedly when it processes QoS traffic in a configuration with a VLAN on a VCG that is configured with an ingress CoS.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S or a later release when the resolved ARPs are deleted, for example, when routers flap, when BGP peers do not respond, or when you enter the clear arp command. Note that the symptom may also occur on releases earlier than Release 12.0(26)S.
The ingress CoS includes a set command for the matched class: either a police command with a set command or a simple set command and either a set-mpls command or a set-dscp command.
Possible Workaround: Configure static ARPs.
•
Symptoms: In a scaled configuration with hundreds of eBGP peers with very low BGP timers, issuing clear ip bgp * may increase HW forwarding memory utilization.
Conditions: This problem is seen with 500 eBGP sessions with BGP keepalive timer of 3 seconds and hold timer of 9 seconds. The router has 200K MPLS VPN routes. This problem is not seen if the BGP timers are set to the default value.
Workaround: There is no workaround.
•
Symptoms: The Simple Network Management Protocol (SNMP) agent may use 99 percent of the CPU bandwidth of a Route Processor (RP) for an arbitrarily long time, possibly generating CPUHOG errors and causing a watchdog crash. Other processes on the router may fail because these processes do not receive the CPU bandwidth that they require. Consequently, the following difficulties may occur:
–
–
–
–
The output of the show snmp summary EXEC command may indicate that the number of requests is "N" while the number of replies that were sent is "N-1." The output of the show processes cpu | include SN EXEC command may indicate that the SNMP process uses 99 percent of the CPU bandwidth of the RP.
Conditions: These symptoms are observed on a Cisco 7300 series when the MPLS-LSR-MIB MIB is enabled, when you query the object mplsXCIndexNext, and when there are more than 1,000 Multiprotocol Label Switching (MPLS) labels active. However, the symptoms are platform-independent.
Workaround: Perform the following steps:
1.
2.
snmp-server view nolsrmib mplsLsrMIB exclude
snmp-server view nolsrmib iso include
3.
snmp-server community public view nolsrmib ro
4.
•
Symptoms: A router may crash when you enter the crypto key generate dss key-name command.
Conditions: This symptom is observed on a Cisco 12012 that is configured for SSH but may occur on any Cisco platform that is configured for SSH.
Workaround: There is no workaround.
•
Symptoms: A generic routing encapsulation (GRE) tunnel may not work on a provider edge (PE) router if VPN is configured.
Conditions: This symptom is observed on a Cisco 12000 series that runs the gsr-p-mz image of Cisco IOS Release 12.0(25)S or a later release.
Workaround: There is no workaround.
•
Symptoms: The per-WRED-class drop counters do not increment in the output of the show queueing command even though there are aggregate WRED drops.
Condition: This symptom is observed when the random-detect legacy command is enabled on the main interface.
Workaround: Attach a policy map that has the random-detect legacy command enabled to the interface.
•
Symptoms: WRED counters do not function on distributed platforms such as a Cisco 7500 series and a Cisco 7600 series.
Conditions: This symptom is observed on a distributed Cisco platform that runs Cisco IOS Release 12.0(26)S3, 12.0(29)S, 12.2(25)S, 12.3(10), or 12.3(11)T and that has dWRED configured.
Workaround: There is no workaround.
•
Symptoms: In Cisco IOS software releases earlier than Cisco IOS Release 12.0(27)S3, Release 12.0(28)S1, and Release 12.0(30)S, the CPU utilization of a Cisco 10720 is high (x%/y%, where y is greater than 60 percent), and continuous BGP and LDP flapping is reported. The counters in the output of the show interface command show a large number of drops and the output of the show buffers command shows a large number of cache misses for the private IBC buffer pools.
Conditions: This symptom is observed when the Cisco 10720 functions in a broadcast ARP storm environment and when the length argument of the hold queue length in interface configuration command is not the default of 75 packets for any interface of the router (for example, the length argument is 2048).
Workaround: Revert the hold queue length in interface configuration command and the hold queue length out interface configuration command to the default setting on all interfaces with non-default hold queues.
•
Symptoms: An outbound ACL with a log/log-input keyword changes the IP destination address in the packets. As the result, packets that should be permitted are incorrectly denied.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.0(29)S when the incoming interface for the packets is a tag-switching interface. The symptom is observed irrespective of whether the interface with this outbound ACL is a tag-switching interface or not.
Workaround: Do not use the log/log-input keyword in the ACL.
•
Symptoms: Under a rare condition, when a main interface switches over to a backup interface on 4-port GE line card, a ping to another neighboring interface that is not at all related to the backup interface fails. A sniffer trace shows that the Src/Dst MAC address in the ICMP reply is that of the backup interface.
Conditions: This symptom is observed on a Cisco 12000 series when you repeatedly disable the main interface that is associated with a backup interface.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
•
Symptoms: A Cisco 7200 series may crash when you modify a policy map on the router.
Conditions: This symptom is observed when the Cisco 7200 series functions under a traffic load.
Workaround: There is no workaround.
•
Symptoms: A PXF buffer leak occurs on an L2TPv3 decapsulation router, which van be observed in the output of the show hardware pxf cpu buffer command:
router#show hardware pxf cpu buffer
FP buffers
pool size # buffer available allocate failures low buffer drops
----------------------------------------------------------------------------
0 9344 1293 1293 0 0
1 1664 12930 12930 0 0
2 640 26746 127 0 77165
3 256 34072 34072 0 0
4 128 59934 59934 0 0
Depending on the packet size, the buffer leak can occur in different pools.
Conditions: The symptom is observed on a Cisco 10720 in the following two scenarios:
–
–
Workaround: There is no workaround.
•
Symptoms: A VIP on a PE router may crash after a service policy is applied to the physical interface.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(26)S3 and that is configured with a VIP4-80.
Workaround: First, shut the physical interface on the connected CE router. Then, shut the physical interface on the PE router before you apply the service policy on the PE router.
•
Symptoms: An Engine 1 or Engine 2 Gigabit Ethernet (GE) line card may stop switching traffic even though the line protocol is up. Pings and routing do not work, and traffic does not go through.
Conditions: This symptom is observed a Cisco 12000 series after error recovery and when the negotiation auto command is not configured for the interface of the GE line card.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface of the line card.
•
Symptoms: An MPLS traffic engineering (TE) tunnel may not come back up after a link flaps.
Conditions: This symptom is observed when the headend of the TE tunnel is a third-party router that has the no cspf command configured for the label switched path (LSP) and when the tunnel midpoint is a Cisco router that runs Cisco IOS Release 12.0(25)S1. The symptom occurs when the link downstream (that is, towards the tailend of the tunnel) on the Cisco router fails because the interface on either side of the link is shut down.
In addition, note that the third-party router does not increment the LSP ID when it receives a message, nor does it send a PathTear message in response to a PathErr message.
Possible Workaround: Use an explicit path on the third-party router but without the no cspf command enabled.
•
Symptoms: An Engine 4+ EPA-GE/FE-BBRD line card reports "%TX192-3-PAM_MODULE" and "%TX192-3-PAM_PIM" errors, and the interfaces continue to flap with the following error message:
%GRPGE-6-INVALID_WORD: Interface GigabitEthernet15/1/0: Detected RX Invalid Word
When there is heavy traffic, the line card may crash without generating any crashinfo.
Conditions: These symptoms are observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S3 or Release 12.0(27)S3.
Workaround: There is no workaround.
•
Symptoms: A CPUHOG situation may occur intermittently on a Cisco 12000 series, causing fabric pings to be lost and all OSPF and BGP adjacencies to be dropped.
Conditions: This symptom is observed in PRP on a Cisco 12000 series router.
Workaround: There is no workaround. However, the symptom resolves itself.
•
Symptoms: A VIP may crash while forwarding packets or a watchdog timeout crash may occur on the VIP during statistics collection.
Conditions: This symptom is observed on a Cisco 7500 series that is configured with an RSP4 and that runs Cisco IOS Release 12.0(26)S4.
Workaround: There is no workaround.
•
Symptoms: The offered rate counter in the output of the show policy-map interface command is inaccurate.
Conditions: This symptom is observed on a Cisco 12000 series when very high traffic rates are used.
Workaround: There is no workaround.
•
Symptoms: When Multiprotocol Label Switching (MPLS) label distribution protocol (LDP) is configured and you enter the clear ip route EXEC command, the MPLS forwarding entries for some of the cleared routing prefixes may become unlabeled.
Conditions: This symptom is observed for prefixes that are connected (with an unspecified nexthop IP address) and that are not locally recognized. This situation may occur in a configuration in which two LDP peers are connected by a point-to-point link that uses PPP encapsulation, and in which both interfaces are configured to use IP addresses with /32 masks.
A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCee12379. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Possible Workaround: Prevent the symptom from occurring by using a shorter network mask when you configure the interfaces or by using another encapsulation such as HDLC.
When the symptom occurs, restore proper operation by forcing the LDP session that is associated with the link to re-establish itself, or by forcing the LDP session to re-advertise labels for the affected prefixes. The LDP session can be reset by entering the clear mpls ldp neighbor command, by administratively disabling and then re-enabling one of the interfaces, or by deconfiguring and then reconfiguring LDP on one of the interfaces. The LDP session can be forced to re-advertise labels by modifying the outbound label filtering configuration. However, this method is complicated and should only be attempted if you are already very familiar with the required procedures, and if the routers do not already have a complicated label filtering configuration in place.
•
Symptoms: A Cisco 7500 series VIP may crash when its serial interfaces are part of a Multipoint Frame Relay (MFR) bundle.
Conditions: This symptom is observed when a Frame Relay end-to-end fragment is received on an MFR interface.
Workaround: Administratively shut down the MFR interface or shut down the MFR interface on the other side of the link.
•
Symptoms: Sampled NetFlow may stop functioning in 12.0(23)S3 or later releases.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with an Engine 4+ 4-port OC-48 line card. It occurs when the LC hardware is reset as a result of error recovery process.
Workaround: Disable and re-enable Sampled NetFlow.
•
Symptoms: The following warning message is reported on the console and can be observed in the logging buffer. The Route Processor (RP) cannot send packets, and as a result, all routing protocols go down.
camr_ibc_output: Exhausted TX descriptors
Conditions: This symptom is observed when the PXF runs close to its capacity or cannot process packets coming from the RP and when the RP forwards a large amount of packets.
Workaround: There is no workaround.
•
Symptoms: Sampled NetFlow stops functioning.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with a 4-port OC-48 line card.
Workaround: Disable and then re-enable Sampled NetFlow.
•
Symptoms: A Cisco 10720 crashes when you delete an IPv6 ACL.
Conditions: This symptom is observed when you delete the IPv6 ACL during the TurboACL compilation.
Workaround: Wait for the ACL to be fully compiled before you delete it.
•
Symptoms: When a policy map is applied to an output interface, corrupted fragmented packets may be sent.
Conditions: This symptom is observed on a Cisco 10720 that runs Cisco IOS Release 12.0(26)S and that functions as an MPLS-to-IP disposition PE router when all of the following conditions are present:
–
–
–
–
When all of the above conditions exist, the outgoing IPv4 packets is not successfully fragmented.
Workaround: Ensure that the maximum MTU size that is defined for the output interface covers the size of the maximum IPv4 packet that is sent from this interface.
•
Symptoms: Spurious memory accesses may occur on a Cisco 7500 series and may cause high CPU usage on the RSP.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for distributed Multilink PPP (dMLP) and that functions in an MPLS network.
Note that packet switching for MPLS packets over MLP bundles is not supported at the RSP level in Cisco IOS Release 12.0S.
Workaround: There is no workaround.
Further Problem Description: The fix for this caveat causes packets that are sent to the RSP for switching to be dropped. Distributed forwarded packets are forwarded correctly.
•
Symptoms: Removing a policy that has shape and bandwidth in the same class (in that same order) may cause a router to crash.
Conditions: This symptom is observed when the router functions under a traffic load.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series does not fragment IP traffic while switching the traffic into the MPLS core even when the size of the incoming IP packets exceeds the IP MTU of the egress interface. This situation causes the traffic to be dropped on the next hop router.
Conditions: This symptom is observed in Cisco IOS Release 12.0(26)S or a later release when all of the following conditions are present:
–
–
–
Workaround: Ensure that the IP MTU of the egress interface exceeds the maximum size of the incoming IP packets.
•
Symptoms: When error recovery is performed on a 3-port Gigabit Ethernet (GE) line card that has port 0 in the shutdown state, the 3-port GE line card stop passing traffic on all ports.
Conditions: This symptom is observed on a Cisco 12410 that runs Cisco IOS Release 12.0(23)S or a later release and that is configured with an Engine 2 3-port line card.
Workaround: Reload the 3-port GE line card and leave port 0 in the up/down state.
•
Symptoms: Multicast traffic is not switched from a multilink interface on a Cisco 7500 series that is configured for distributed multilink PPP (MLP).
Conditions: This symptom is observed when the router is reloaded or when the multilink interface flaps.
Workaround: Enter the clear ip mds linecard * command on the Route/Switch Processor (RSP).
•
Symptoms: Incoming multicast traffic on a distributed MLP link is process-switched.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for distributed MLP after the router has been reloaded.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected multilink interface.
•
Symptoms: Following an OIR, the show ip cef inconsistency now command may report an inconsistency between an RP and a VIP. There are no inconsistencies reported on the VIP itself.
Conditions: This symptom is observed on Cisco 7500 series that runs Cisco IOS Release 12.0 S.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: A Cisco 7500 series may crash when you configure a T1 channel group.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(26)S or 12.0(27)S when the same channel group was previously configured for Frame Relay encapsulation, when one or more PVCs on the channel group were configured on the main interface with a map class that contained a service policy, when the channel group was deleted, and when the map class definition that it referenced was also deleted.
Workaround: Remove the Frame Relay encapsulation before you delete the channel group.
•
Symptoms: When a multilink bundle interface is created by entering the interface multilink group-name global configuration command, the Cisco Discovery Protocol (CDP) becomes incorrectly disabled. If the cdp enable interface configuration command is used to enable CDP on the multilink bundle interface, the command is not saved in the startup configuration and CDP remains disabled after the router is reloaded.
Conditions: This symptom is observed on a Cisco platform that is configured with a multilink bundle interface.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(26)S4
Cisco IOS Release 12.0(26)S4 is a rebuild of Cisco IOS Release 12.0(26)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(26)S4 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
Basic System Services
•
Symptoms: A serial interface on a Cisco 7500 series may stop transmitting traffic and may report the following VIP crashes:
%MDS-2-LC_FAILED_IPC_ACK: RP failed in getting Ack for IPC message of size 84
to LC in slot 2 with sequence 1007, error = timeout
%RSP-3-RESTART: interface Serial3/0/0:0, not transmitting%VIP2-3-MSG: slotX VIP-3-SVIP_CYBUSERROR_INTERRUPT: A Cybus Error occurred.
%VIP2-1-MSG: slotX CYASIC Error Interrupt register 0x4000000
%VIP2-1-MSG: slotX DMA Transmit Error
%VIP2-1-MSG: slotX CYASIC Other Interrupt register 0x100
%VIP2-1-MSG: slotX QE HIGH Priority Interrupt
%VIP2-1-MSG: slotX QE RX HIGH Priority Interrupt
%VIP2-1-MSG: slotX CYBUS Error Cmd/Addr 0xD00FF3AConditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3(5a) but may also occur in other releases. This symptom is not observed in Release 12.1(8c).
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series may reload in an indefinite loop when you unintentionally enter the show list number hidden command.
Conditions: This symptom is observed when you, for example, abbreviate the show line 2000 command as the show li 2000 command and actually execute the show list 2000 hidden command.
Workaround: Do not abbreviate the show line command as the show li command but enter the full command.
IP Routing Protocols
•
Symptoms: A BGP VPNv4 table may contain paths that may be imported from deleted BGP table entries or from table entries that have a different prefix from the importing prefix.
An example of a path from a deleted BGP table entry is as follows:
Router# sh ip bgp v v vpn2 192.168.0.0
BGP routing table entry for 200:2:192.168.0.0/32, version 52
Paths: (1 available, best #1, table vpn2)
Advertised to non peer-group peers:
10.4.1.2
2 100, imported path from 2829:2829:185404173:11.13.11.13/-53
10.1.1.2 from 10.1.1.2 (10.1.1.2)
Origin IGP, localpref 100, valid, external, best
Extended Community: RT:1:3
The entry that this path is imported from has been removed from the table and its memory contents contain an incorrect pattern. When the incorrect pattern is displayed as a prefix, it appear as "2829:2829:185404173:11.13.11.13/-53".
A mismatched prefix appears as follows:
Router# sh ip bgp v v vpn2 192.168.0.0
BGP routing table entry for 200:2:192.168.0.0/32, version 54
Paths: (2 available, best #1, table vpn2)
Flag: 0x820
Advertised to non peer-group peers:
10.10.10.10 10.20.20.20
2
10.4.1.2 from 10.4.1.2 (10.4.1.2)
Origin IGP, localpref 100, valid, external, best
Extended Community: RT:1:2
2 100, imported path from 200:2:172.16.0.0/24
10.1.1.2 from 10.1.1.2 (10.1.1.2)
Origin IGP, localpref 100, valid, external
Extended Community: RT:1:3
This BGP VPNv4 table entry is for prefix 192.168.0.0/32 but it shows that a path is imported from 172.16.0.0/24. This situation occurs when a path has a link to a deleted BGP table entry, and then the memory for the deleted entry is reused for a new table entry of which the prefix may not match with the importing entry.
Conditions: These symptoms are observed when you enter the maximum-paths import number command in router BGP address-family IPv4 VRF mode. The number argument indicates the number of paths to import from one VRF to another.
Workaround: Remove the maximum-paths import number command from the router BGP address-family IPv4 VRF mode.
•
Symptoms: When multipath is configured, one of the paths may have an inconsistent (old) label, causing only one path to be operational.
Conditions: This symptom is observed when BGP does not update the outlabel information in the TFIB and for CEF.
Workaround: Clear or readvertise the route that is nonoperational.
•
Symptoms: An %ALIGN-3-SPURIOUS error message and a traceback may be generated when you configure BGP and MPLS VPN.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(9.10)T but may also occur in other releases such as Release 12.0 S and Release 12.2 S.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: An interface may retain its Virtual Private Network (VPN) routing/forwarding (VRF) configuration when it should not.
Conditions: This symptom is observed when you configure VRF forwarding on a loopback interface on a provider edge (PE) router, you delete the loopback, and then you add the loopback again.
Workaround: Remove VRF forwarding from the loopback before you delete the loopback.
•
Symptoms: IPv6 adjacencies may appear as incomplete, and connectivity may be broken. This situation occurs at random times and is not associated with any event in particular. IPv4 adjacencies may appear as incomplete but recover within a minute.
Conditions: This symptom is observed on a Cisco IOS-based router when you enter the clear adjacency command.
Workaround: To restore the correct state of the adjacency, enter the shutdown command followed by the no shutdown command on the affected interface.
•
Symptoms: On a Cisco 10000 series, the PXF information may not be correctly updated from the RP after a route change, causing packets to be sent untagged even though the RP shows that the packets should be sent as tagged.
Conditions: This symptom is observed on a Cisco 10000 series that runs Cisco IOS Release 12.0(26)S.
Workaround: Enter the clear isis * command or enter the shutdown command followed by the no shutdown command on the interface towards the MPLS cloud.
•
Symptoms: An Engine 4+ line card may reset and generate errors.
Conditions: This symptom is observed after a manual RP switchover in RPR mode.
Workaround: There is no workaround.
•
Symptoms: Multilink MLP in PE may fail / rejected eventually after 3 or more times reloading the CE sides with different IOS images.
Conditions: The symptom is observed after 3 or more times reloading the CE router.
Workaround: Create new multilink interface or reload the vip for the bundled physical interface.
•
Symptoms: Buffer leakage could occur when a high load of traffic is sent to an interface that has a service policy enabled. This could result in ping failures or very long packet delay.
Conditions: The problem is observed with an MC-T3+ interface that is configured in unchannelized mode, and the traffic consists only of small packets such a 64-byte packets.
Workaround: Manually configure the tx-ring-limit command to lower the number of packets that can be placed on the transmission ring.
•
Symptoms: After performing a manual switchover on a dual-RP router that functions in RPR+ or SSO mode, the following error message may be seen on an 8xOC3ATM line card, and the line card may stop forwarding traffic:
%QM-4-STUCK: Port 0 Queue mask 0x80
Conditions: This symptom is observed on a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0(28)S.
Workaround: Perform a microcode reload on the line card.
•
Symptoms: Toward the Fabric (ToFab) Buffer Management ASIC (BMA) error is observed on an Edge 16xOC3c/STM1c Packet Over SONET (POS) line card.
Condition: This symptom is observed when changing Multiprotocol Label Switching (MPLS) label protocol from Tag Distribution Protocol (TDP) to Label Distribution Protocol (LDP) under global and interface configuration.
Workaround: There is no workaround.
•
Symptoms: An E1 port of a PA-MC-8T1 may stay down after a vip crash.
Conditions: This symptom was observed on a Cisco 7513 router with a channelized E1/T1 (slot0).
Workaround: Enter a shut command and then a not shut command to the interface to bring it back to an up/up state.
•
Symptoms: The device may print a "May 17 14:01:11.411 edt: %TUN-5-RECURDOWN: Tunnel2 temporarily disabled due to recursive routing" message under some conditions.
Conditions: This symptom was observed when MPLS TE tunnels are configured on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(26)S2, and when static routes are added.
Workaround: There is no workaround.
•
Symptoms: A line card or port adapter may crash on an MPLS VPN PE router when the customer-facing interfaces are flapped.
Conditions: This symptom is observed when any of the following conditions are present:
–
–
The symptom affects routers that perform MPLS forwarding using ASICs such as some Cisco 7200 series routers, the Cisco 7304, the Cisco 10000 series, the Cisco 12000 series, and the Cisco RPM-XF. (This list may not be exhaustive.)
Workaround: Avoid the above-mentioned conditions. For example, avoid the redistribute connected command in the BGP configuration of the CE router.
•
Symptoms: Sending SNMP query to poll CBQOS MIB may cause high CPU utilizations. Depending on number of service policies attached, the CPU utilization may reach the limit causing many different negative effects including taking down Telnet, LDP, etc., which are processed by CPU. In some cases, a crash may occur.
Conditions: The CPU high utilization most likely occurs when polling the unsupported cbQosREDClassStats objects with close to 1000 instances of QoS policy attachment.
Workaround: The potential workaround include:
1. Reduce the number of QoS policy attached.
2. Avoid polling the unsupported stats table(s).
3. Reduce the polling frequency.
•
Symptoms: Under certain unknown circumstances, a traceroute may trigger a process watchdog.
Conditions: This has been observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(26)S2.
Workaround: There is no workaround.
•
Symptoms: A ping between two GRE interfaces may not work.
Conditions: This symptom is observed when a GRE tunnel between two routers is up and you ping from the GRE interface of one router to the GRE interface of the other router.
Workaround: There is no workaround.
•
Symptoms: On a Cisco 12000 series Internet router, the traffic for certain prefixes behind port-channel link are being blocked on router for traffic going through the router. Traffic originated from the router itself (process-switched) works correctly.
Conditions: This symptom was observed on a Cisco 12410 with dual PRP2 when running Cisco IOS Release 12.0(27)S1.
Workaround: There is no workaround.
•
Symptoms: Packet latency in a priority class is high when shaping is enabled in the parent class. For example, when you send 400 kbps of traffic through the priority class, the measured latency is about 80 ms.
Condition: This symptom is observed when the service policy has a shape average of 768000 on the class default and a child policy with a priority feature.
Workaround: There is no workaround.
•
Symptoms: The PXF engine on a Cisco 10720 may crash, and the following error messages are generated in the logging buffer (the PXF crashinfo files can be found in the flash memory of the router):
MSD: %TOASTER-2-FAULT: T0 IHB Exception: watchdog
MSD: %TOASTER-2-FAULT: T1 IHB Exception: watchdog
MSD: %TOASTER-2-FAULT: T0 IHB Exception: watchdog
MSD: %TOASTER-2-FAULT: T1 IHB Exception: watchdog
In addition, there are four ways to verify that the symptom is occurring:
–
MSD: %Camr_SRP_OC48-3-INTERR: SRP uplink internal error SRP_TX_VA_SC_GIANT_PKT (code 4)
MSD: %Camr_SRP_OC48-3-INTERR: SRP uplink internal error SRP_TX_VA_SC_FIFO_GIANT_PKT(code 100)
MSD: %Camr_VA-3-STATUS1: Van Allen Data integrity error VA_SC_IPM_RD_ACC_TIMER_EXP(code 1)
MSD: %Camr_VA-3-STATUS1: Van Allen Data integrity error VA_RP_IPM_RD_ACC_TIMER_EXP(code 4)
MSD: %Camr_VA-3-SISTATUS: Van Allen SRIC Data integrity error VA_SI_FL_CTRL_DRVN(code 80)
MSD: %Camr_VA-3-SOSTATUS: Van Allen SROC Data integrity error VA_SO_PKT_LEN_ERR (code 1)
MSD: %Camr_VA-3-STATISTICS: VA statistics register: 0x0098 reports VA_SO_PKT_LEN_ERR_COUNT = 3
–
–
–
Conditions: This symptom is observed when all of the following conditions are present:
–
–
* The packet is denied by an output security ACL.
* There is no route in the router to forward the packet.
* The time to live (TTL) of the packet expires.
* The packet is an ICMP echo request packet, and the router tries to send an ICMP echo reply packet to the source.–
Workaround: Enter the no ip unreachable command on all interfaces of the router, which works in the following two cases:
–
–
For other cases, there is no workaround.
•
Symptoms: Connectivity for destinations that are reachable via an MPLS TE tunnel may fail when the tunnel is fast-rerouted. The loss of connectivity may result in loss of TCP sessions (BGP, LDP, etc.) for those destinations.
When the problem happens, the output of the show ip cef network command shows "invalid cached adjacency" for the tunnel but does not show "fast tag rewrite."
Conditions: This symptom is observed when all of the following conditions are present:
–
–
–
–
Workaround:
–
–
Further Problem Description: The symptom affects traffic that originates on the tunnel headend. Transit traffic going through the tunnel is not affected. The symptom does not occur if there are multiple paths to the destination (one of which is the tunnel).
•
Symptoms: An SRP interface is stuck and there is no response at all. In the output of the show srp topology command, the last topology packet that is received takes more than five seconds to arrive. In addition, the "zero encap length" counter in the output of the show hardware pxf cpu stat interface srp 1/1 detail command increases.
Conditions: This symptom is observed on a Cisco 10720 when the value of the overall packet size divided by 32 is 1 or 2.
Workaround: There is no workaround.
•
Symptoms: CPU hog, BGP sessions, and APS channels flaps are observed on routers.
Conditions: When SNMP polling a Cisco 12000 series router with about 500 interfaces/subinterfaces, 900+ attached service policies, the router may produce CPUHOG log messages when polling the Class-Based-QoS-Mib stats.
Workaround: There is no workaround.
•
Symptoms: A flap of the bgp session between the primary PE and the CE providing the default route may cause the remote CE to lose internet connectivity when the bgp session is restored.
Conditions: These symptoms were observed when running a topology of CE routers dual homed connected to 2 PE gsr routers running Cisco IOS Release 12.0.26.S2 (primary and secondary) and a default route is being generated by a CE in a different vrf.
Workaround: There are two steps to the workaround.
1. Add a default vrf static route to cover the bgp derived default route.
2. Clear the default route entry in the route table.
•
Symptoms: If a MPLS packet contains a L2TP or UTI packet and the mpls packet needs to be processed by the RP instead of the PXF (due to MPLS TTL equal to 0 or 1, IP header in the MPLS packet contain options), the SRP or Ethernet will stop receive packets on those ports.
Conditions: The problem is in all software releases.
Workaround: There is no work around.
TCP/IP Host-Mode Services
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1.
2.
3.
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
Resolved Caveats—Cisco IOS Release 12.0(26)S3
Cisco IOS Release 12.0(26)S3 is a rebuild of Cisco IOS Release 12.0(26)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(26)S3 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
Basic System Services
•
Symptoms: After a Versatile Interface Processor (VIP) has reloaded, there does not seem to be a crashinfo file because the crashinfo file is not closed; therefore, it is not visible or accessible. If the same VIP reloads again, both the first and second crashinfo files are accessible.
Conditions: This symptom is observed on a Cisco 7500 series that is running Cisco IOS Release 12.2(6f). The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: A Route Switch Processor (RSP) may reload unexpectedly when a bus error with an invalid memory address occurs while packets are placed into a hold queue.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0 S, 12.1(14)E4, or 12.2 S when the following sequence of events occurs:
1.
2.
3.
Workaround: There is no workaround.
•
Symptoms: A Flash memory card may become corrupted. The output of the show flash-filesystem EXEC command may display the following information:
Open device slot0 failed (Bad device info block)
Conditions: This symptom is observed on a Cisco platform when you perform an online insertion and removal (OIR) of the Flash memory card.
Workaround: Do not perform an OIR of the Flash memory card. Rather, switch off the router and perform an offline insertion and removal.
If the Flash memory card does become corrupted after an OIR, reformat the Flash memory card.
•
Symptoms: When you reload a Cisco 7500 series router with a new Cisco IOS software image, the router may reload unexpectedly during the bootup process and generate an "Imprecise cache parity error" message.
Conditions: This symptom is observed on a Cisco 7500 series that is configured with a Route Switch Processor 8 (RSP8) and that runs Cisco IOS Release 12.0 S or Release 12.2(18)S when you reload the router with an image of Cisco IOS Release 12.3 T.
Workaround: Do not reload the router. Rather, power-cycle the router to properly load the image of Cisco IOS Release 12.3 T.
•
Symptoms: A VIP crash can lead to a memory exhaustion situation on the RSP in turn leading to an RSP crash.
Conditions: This will happen more frequently on routers with a high idb count.
Workaround: There is no workaround.
•
Symptoms: A router may reload due to a software-forced crash.
Conditions: This symptom is observed on a Cisco 3745 that runs Cisco IOS Release 12.2(13)T5 and that has SSH configured. However, the symptom may occur on other platforms that run other releases and that do not have SSH configured.
Workaround: There is no workaround.
•
Symptoms: After a VIP crashes, a FIB-3-FIBDISABLE error message due to an IPC timeout may occur for all the slots of the VIP.
Conditions: This symptom is observed on a Cisco 7500 series after the VIP crashes and before the VIP recovers. The FIB-3-FIBDISABLE error message is generated for all the slots of the VIP, causing dCEF switching to become disabled.
Workaround: There is no workaround. You can reenable dCEF by entering the clear cef linecard command.
•
Symptoms: A Cisco router may experience a memory leak in the IPC buffers:
Interface buffer pools:
IPC buffers, 4096 bytes (total 41664, permanent 624):
0 in free list (208 min, 2080 max allowed)
3339198 hits, 75195 fallbacks, 0 trims, 41040 created
4254 failures (65497 no memory)
You can also see that the Pool Manager process is holding onto more and more memory:
PID TTY Allocated Freed Holding Getbufs Retbufs Process
5 0 246913476 44522964 202605044 176561380 2654280 Pool Manager
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(26)S or 12.0(26)S1. The memory leak is triggered by the SNMP polling of specific OIDs within the ciscoEnhancedMemPoolMIB MIB.
Workaround: Prevent the MIB from being polled by explicitly configuring an SNMP view in the Cisco IOS configuration. To prevent this MIB from being accessed via any community strings, create a view and apply the view to all communities configured, such as:
snmp-server view NOMEMPOOL iso included
snmp-server view NOMEMPOOL ciscoEnhancedMemPoolMIB excluded
snmp-server community public1 view NOMEMPOOL ro 6
snmp-server community public2 view NOMEMPOOL ro 7
snmp-server community public3 view NOMEMPOOL ro 8
The specific MIB that is being blocked is the ciscoEnhancedMemPoolMIB MIB (1.3.6.1.4.1.9.9.221).
Once the configuration is in place, the router must be reloaded to clear the IPC cache and free the memory.
•
Symptoms: A slave RSP running in HSA mode may crash with a cache parity exception.
Conditions: This symptom is observed on a Cisco 7500 series and occurs only when the slave RSP is an RSP8 or RSP16 that runs in HSA mode.
Workaround: There is no workaround.
The fix for this caveat turns off the L3 cache by default on an RSP8 or RSP16 that functions as a slave and that runs in HSA mode; you do not need to do anything specific to turn off L3 cache by default on an RSP8 or RSP16 that functions as a slave and that runs in HSA mode.
For an RSP8 or RSP16 that functions as a slave and that runs in a non-HSA mode such as RPR, you can turn off the L3 cache by entering the l3 cache bypass command on the master RSP while the slave RSP8 or RSP16 still runs in a non-HSA mode.
Because the slave RSP performs non-CPU intensive operations, regardless of the mode of operation, turning off the L3 cache does not have any undesirable impact.
Interfaces and Bridging
•
Symptoms: Entering the shutdown command on a controller of a Packet over T1/E1 Network Transceiver puts the controller permanently down. Entering the no shutdown command on the controller does not bring the controller up.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0 S and is specific to the controller that is installed in a PA-MC-8T1/E1, PA-MC-4T1/E1, or PA-MC-2T1/E1 port adapter.
Workaround: There is no workaround.
•
Symptoms: The output of an snmpwalk for the entPhysicalDescr MIB on a PA-MC-8E1/120 may shows the PA-MC-8E1/120 as unknown.
Conditions: This symptom is observed on a Cisco 7500 series in which a PA-MC-8E1/120 in installed.
Workaround: There is no workaround.
•
Symptoms: Channelized interfaces on a channelized T3 line card or port adapter that is configured for Frame Relay encapsulation may be in the up/down state, and DLCIs are inactive.
Conditions: This symptom is observed when you reload a Cisco platform and when the interfaces were in the up/up state before you reloaded the platform.
Workaround: Enter the shutdown command followed by the no shutdown command on the controller of either the T3 line card or port adapter on the Cisco platform or on the T3 line card or port adapter on the platform at the remote end.
Alternate Workaround: Enter the shutdown command followed by the no shutdown command on the main interface on the Cisco platform.
IP Routing Protocols
•
Symptoms: There is inoperability between Cisco IOS Release 12.2 and earlier releases when you configure an invalid encrypted password for Message Digest 5 (MD5) authentication for Open Shortest Path First (OSPF). An error message similar to the following is displayed to warn the user of this invalid password.
router(config-if)# ip ospf message-digest-key 111 md5 7 xxxxxx
OSPF: Invalid encrypted password: xxxxxx
An already encrypted password should have been entered.
Conditions: This symptom is observed on all Cisco platforms.
Workaround: There is no workaround.
•
Symptoms: An inconsistency between the Cisco Express Forwarding (CEF) table and the Address Resolution Protocol (ARP) table may cause CEF entries to be removed and then recreated at random times. This situation, in turn, may cause unicast packet loss for the affected entry or entries.
Condition: This symptom is observed only when ARP requests are not answered. ARP and adjacency tables are periodically refreshed independently; this may cause tables to be out of synch until this situation ages out.
Possible Workaround: Configure the ARP timeout to be 60 seconds or a multiple of 60 seconds. For example, when you enter the arp timeout 270 interface configuration command, the symptom occurs, but when you enter the arp timeout 300 interface configuration command, the symptom does not occur.
•
Symptoms: Pings fail on an Ethernet-to-VLAN interworking over L2TPv3 due to an IRDP failure.
Conditions: This symptom is observed when you ping between two CE routers. Both of the CE routers do not learn each other's MAC address automatically.
Workaround: Ping from the first CE router to the second CE router, then ping from the second CE router to the first CE router.
•
Symptoms: The withdraw message of a multipath (not bestpath) from a BGP neighbor deletes the path from the BGP table but it does not uninstall the route from the IP routing table.
Conditions: This symptom is observed when the maximum-paths eibgp command or maximum-paths ibgp command is configured.
Workaround: Enter the clear ip bgp * or disable the maximum-paths eibgp command or maximum-paths ibgp command.
•
Symptoms: ABRs may continue to generate summary LSA(s) for obsolete non-backbone intra-area route(s).
Conditions: This symptom occurs under the following conditions:
1.
2.
3.
For example, 10.10.10.128/25 and 10.10.10.0/24 yield identical LSA IDs when the network address is logically ORed with the host bits; i.e.,
10.10.10.128 | 0.0.0.127 = 10.10.10.255
10.10.10.0 | 0.0.0.255 = 10.10.10.255
Workaround: Perform the clear ip ospf proc command on all ABRs containing the obsolete LSAs.
•
Symptoms: An OSPF Designated Router (DR) may fail to regenerate the network LSA when you reload the router.
Conditions: This symptom is observed on a Cisco router that functions as a DR for an OSPF interface when another interface with the same interface address is present in the area but is in a shut down state.
Workaround: Remove the duplicate interface address and enter the clear ip ospf process command.
•
Symptoms: The BGP Open processes may hold more and more memory, may cause a memory leak, may finally run out of memory, and may cause a Malloc Failure error.
Conditions: This symptom is observed when there are BGP neighbors stuck in the active state (that is, a BGP neighbor is configured but the peer address is not reachable) and when some NSF/SSO RP switchovers occur and the standby becomes active.
Workaround: Shut down the neighbors that are not used.
Further Problem Description: When the memory leak occurs, it will be a consistent 1k leak for each neighbor that is not up every 2 minutes.
•
Symptoms: The maximum-paths import number-of-paths command enables a VRF to import additional paths in addition to the bestpath. If the original path of the import path is withdrawn, wrong import paths may be purged. This situation may cause traffic disruption up to 15 seconds.
Conditions: This symptom is observed when the original path of the best import path is withdrawn and the import path is at the end of the path list (that is, the one learned the very first). In this situation, all import paths that are derived from other paths may be purged as well. If the imported net has only import paths, the net may not be reachable until other paths are reimported.
Workaround: Ensure that the import path is at the top of the path list or use the same route descriptor (RD) for all import paths.
•
Symptoms: A Cisco 10000 series router that is running Cisco IOS Release 12.0(25)SX6 notices a large increase of at least 15% in the CPU usage in the "BGP Router" process when upgraded from Cisco IOS Release 12.0(23)SX5. This occurs under certain conditions where there are a very large number of BGP neighbors in a PE-CE scenario. During the steady state after BGP router convergence, there needs to be a constant churn in the updates with addition/withdrawal of the routes from the neighbor BGP peers.
Conditions: This symptom is observed on a Cisco 10000 series router that is running Cisco IOS Release 12.0(25)SX6. All versions starting from Cisco IOS Release 12.0(25)SX to Release 12.0(25)SX6 are affected by this problem.
Workaround: Configure the neighbors by grouping into sets or peer-groups, in which a few of the neighbors in each set share similar outbound policy. Each set will fall into a separate update group or peer group.
•
Symptoms: An MSDP enabled RP does not build an (S,G) state from its SA cache when it should do so. Depending on the topology and if an SPT threshold is configured as infinite, this situation may result in a multicast forwarding interruption of up to 2 minutes.
Conditions: This symptom is observed when the RP for a group fails and an incoming (*,G) join message is received.
MSDP should create an (S,G) state from its SA cache. However, this is done before the (*,G) olist is populated; because of the (*,G) NULL olist, MSDP does not install an (S,G) state.
Workaround: Enter the clear ip mroute * command on all first-hop routers to the source to enable the FHR to register immediately when the next packet creates an (S,G) state.
•
Symptoms: An OSPF router may reload unexpectedly.
Conditions: This symptom is observed after a neighbor has performed a switchover.
Workaround: Disable LLS under the OSPF process on the router by entering the no capability LLS command or disable OSPF NSF under the OSPF process on the neighbor by entering the no nsf command.
•
Symptoms: ISIS redistribute commands are not synced to the standby RP. The routes dependent on these commands will fail after switchover.
Conditions: This symptom is observed on a Cisco 7500 series router.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: A Cisco router performing MPLS label imposition on IPv4 traffic may reload.
Conditions: This symptom is observed when the router attempts to forward traffic to a destination via a route that is newly learned, when the router forwards traffic via Cisco IOS software (that is, not via hardware acceleration), and when one of the following conditions is present:
–
–
–
The symptom affects the following Cisco IOS releases:
–
–
–
–
–
The symptom does NOT affect the following Cisco IOS releases:
–
Possible Workaround: Avoid conditions that prevent a "valid cached adjacency" from being installed.
•
Symptoms: IPC errors occur during a bulk configuration synchronization of information to a standby RSP. This situation causes messages to be dropped, and the standby RSP may reset.
Conditions: This symptom is observed on a Cisco 7500 series that is configured with a large number (more than 100) VRFs.
Workaround: There is no workaround.
•
Symptoms: A serial interface of a 1-port multichannel E3 port adapter (PA-MC-E3) may fail to enter the "up/up" state when you initially configure the interface or after a number of reconfigurations.
Conditions: This symptom is observed on a PA-MC-E3 that is installed in a Cisco 7500 series or Cisco 7600 series when the following sequence of events occurs:
1.
2.
3.
Although the symptom may occur when you initially configure the interface, it is more likely to occur when you configure, delete, and reconfigure the interface several times.
The problem impacts the following channelized cards:
PA-MC-T3, PA-MC-2T3, PA-MC-xT1 (x = 2,4,8), PA-MC-xE1 (x = 2,4,8), PA-MCX-xTE1 (x = 2,4,8)
Workaround: When the interface does not enter the "up/up" state, configure the interface again.
Further Problem Description: The problem may also occur after a link flap of an interface of one of the channelized cards.
•
Symptoms: Incorrect tags may be imposed after a route has flapped.
Conditions: This symptom is observed on a Cisco router that functions in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment.
Workaround: There is no workaround.
•
Symptoms: A VIP may reload when an SSO occurs on an RP.
Conditions: This problem occurs intermittently when distributed MLP is configured on the router.
Workaround: There is no workaround.
•
Symptoms: The adjacency table is not retained after an RP switchover.
Conditions: This symptom occurs with a 4-port Ethernet PA inside a VIP4-80 on an RSP 16.
Workaround: Clear the adjacency table with the clear adjacency command after the Stateful Switchover (SSO).
•
Symptoms: After entering a no hw-module slot command on the primary CSC, an Engine 0 OC-12 (channelized to DS3) line card may be come inoperable.
Conditions: This symptom is observed on a Cisco 12416 router that is running the gsr-p-mz image of Cisco IOS Release 12.0(24)S.
Workaround: Use the microcode reload global configuration command to reload the line card.
•
Symptoms: No SNMP linkup or linkdown trap is generated for a 1CHOC12/4CHSTM1 SONET layer when a controller goes up and down.
Conditions: This symptom is observed when monitoring a SNMP linkup or linkdown trap for a 1CHOC12/4CHSTM1 SONET layer.
Workaround: Monitor the controller status using the show controller sonet command.
•
Symptoms: All line cards may crash due to an IPC timeout or fabric ping timeout.
Conditions: This symptom is observed on a Cisco 12000 series with a PRP under heavy traffic conditions. The output of the show controllers psar command shows excessive error events (e.g. free queue empty events).
Workaround: There is no workaround. The fix for this DDTS adds the new show monitor event-trace psar command to show any bursty error events that are traced but not visible in the output of the show logging command.
•
Symptoms: A Cisco 12000 series may forward packets to an incorrect interface. This behavior can been seen by looking at the hardware CEF entry on this input line card:
execute-on slot x show ip hardware-cef a.b.c.d
(a.b.c.d is the destination IP address)
The output looks similar to the following, in which the CEF lookup is null:
LC-Slot0#show ip hardware-cef a.b.c.d
Leaf FCR 2 0x784C6FC0 found 2 deep
alpha ip loadbalance: 0x78198D00 - lbl not equal. cef lookup NULL
After clearing the route, the output looks as follows:
LC-Slot0#show ip hardware-cef a.b.c.d
Leaf FCR 4 0x784C6FC0 found 2 deep
Fast Adjacency:
alpha adjacency: 0x701E8280
[0-7] oi 0x4019100 oq 4000 in 15 ab 0 hl 20 gp 11 tl 0 loq BC01 15/0 mtu 4470
packets 1750013440 bytes 776867999767
Output Queue / Local Output Queue Bundle:
[0-7] output queue 0x4000 local output queue 0xBC01
This problem may cause packets to be dropped because a loop is created and the TTL expires for the packets.
Conditions: This symptom is observed under very specific conditions on a Cisco 12000 series that runs Cisco IOS Release 12.0(24)S or a later release when traffic that enters an Engine 3 line card toggles between a static-to-null route and a more specific route as the destination.
Workaround: Avoid the specific conditions mentioned above. Clearing the route resolves the problem only temporarily.
•
Symptoms: %IPCLC-3-INTRLVL error messages and tracebacks may be seen on an Engine 2 8xOC3 ATM line card. This situation may cause an 85-percent CPU utilization on the line card.
Conditions: This symptom is observed on a Cisco 12000 series that runs the gsr-p-mz image of Cisco IOS Release 12.0(27)S.
Workaround: There is no workaround.
•
Symptoms: On a Cisco 12000 series router with 2 GRPs which support SSO mode (Cisco IOS Release 12.0(24)S and later), when any Engine3 (E3 aka ISE) card is inserted after bringing up both GRPs in SSO mode, the applied service policy which has WRED configured on this interface, does not sync with standby GRP.
Conditions: The problem only happens for any E3 card that was not in the chassis when the secondary RP booted. This will be the case when adding a new E3 LC to an already running system and configuring it for the first time. E3 cards that were in the chassis by the time the secondary RP finished booting will not exhibit this behavior.
Workaround: Reload the secondary RP.
•
This caveat consists, of six separate symptoms, conditions, and workaround, of which the first three apply to all Cisco IOS releases and the last three apply only to Cisco IOS Release 12.3 T:
1) Symptoms: There are three symptoms:
–
–
–
Conditions: This symptom is observed when an application creates or opens a file without the "O_TRUNC:" mode, as in the following example:
show version | append disk#:
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#vtp file new
Setting device to store VLAN database at filename new.
Router(config)#^Z
Workaround: There is no workaround.
2) Symptoms: The show diskslot-number and dir diskslot-number commands may show inconsistent information (such as inconsistent file sizes) when multiple images are copied.
Conditions: This symptom is observed when you make two copies of the image file to the disk by using two vtys and by entering the dir diskslot-number command at the same time.
Workaround: Do not enter the show diskslot-number and dir diskslot-number commands when multiple images are being copied.
3) Symptoms: There are two symptoms:
–
–
Conditions: This symptom is observed when you rename a directory that consists of many subdirectories or files.
Workaround: Reload the router.
4) Symptoms: There are two symptoms:
–
–
Conditions: This symptom is observed on a router that runs Cisco IOS Release 12.3 T after the router boots up.
Workaround: There is no workaround.
5) Symptoms: There are two symptoms:
–
–
Conditions: This symptom is observed on a router that runs Cisco IOS Release 12.3 T when an application or a CLI command overwrites a file on the disk.
Workaround: Reload the router.
6) Symptoms: A router that runs Cisco IOS Release 12.3 T crashes.
Conditions: This symptom is observed when an application creates or opens a file without the "O_TRUNC" mode and attempts to delete the file, as in the following example:
show version | append disk0:redirect.out" and issuing
delete disk0:disk0:redirect.out
Workaround: Reload the router and delete the file.
•
Symptoms: 10 percent of packets that are larger than 1496 bytes get dropped when passing through an Engine 3 4-Port GE line card (4GE-SFP-LC),
Conditions: This problem is seen on a Cisco 12000 series when the line card is used for both the ingress and egress traffic flow.
Workaround: Reduce the MTU on the ingress network so that packets that are larger than 1496 bytes are not received by the router.
Alternate Workaround: Replace the ingress interface with an interface of a 1-port GE line card.
•
Symptoms: A %LINK-4-TOOBIG error message may appear on the console log of a Cisco 10000 series.
Conditions: This symptom is observed when you send a ping or an L2TP packet across an MPLS interface that is configured for label imposition.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10000 series router may crash when access control lists (ACLs) are displayed.
Conditions: The symptom is observed when ACLS are displayed by entering the show access-list command just after an ACL has been added, deleted or modified. The probability of the crash increases with the size of the ACL and with the number of times it is used (for example, in route maps).
Workaround: Wait for a few minutes after modifying the ACL. For large size ACLs (with hundreds of entries) that is used many times you may have to wait between 5 and 10 minutes.
•
Symptoms: Multiple SYS-3-CPUHOG error messages may be generated in the LDP process, eventually followed by a watchdog timeout crash:
%SYS-3-CPUHOG: Task is running for (2000)msecs, more than (2000)msecs (422/8),process = LDP. -Traceback= 6101DFC0 6102546C 61016FE4 6101CE24 6101728C 61017A30
...
%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = LDP. -Traceback= 6085658C 6101DE48 6102546C 61016FE4 6101CE24 6101728C 61017A30
After the router has reloaded, the output of the show version command indicates "Last reset from watchdog reset."
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(18)S3 or Release 12.2(22)S and that is configured for MPLS LDP. The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: An ACL applied to an ATM subinterface (RFC1483) may not work after a PRE switchover.
Conditions: This problem is observed on a Cisco 10008 router with PRE2.
Workaround: Deconfigure and configure again the access list that is not working.
•
Symptoms: An ACL applied to a subinterface may becomes active on the main interface, without showing this in the configuration.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(25)S2.
Workaround: Do not apply the ACL to the subinterface.
•
Symptoms: A Cisco 12000 series may exhibit high CPU utilization in the "Per-Second Job" process.
Conditions: This symptom is observed on a Cisco 12012 router that has a GRP and that is running Cisco IOS Release 12.0(26)S1 with 255 class maps applied to a 4-port ISE Gigabit Ethernet line card. However, the symptom is release- and platform-independent.
Workaround: Reduce the number of applied class maps.
•
Symptoms: On a Cisco 7500 series that is equipped with Versatile Interface Processors (VIPs) with ATM port adapters, the ATM PVCs may not come back up after the ATM interface flaps. This occurs because the interfaces in the VIP do not transmit any packets but still process incoming traffic.
Conditions: This symptom is observed in a dLFIoATM environment in which distributed Class Based Weighted Fair Queueing (dCBWFQ) is configured on PPPoATM virtual templates.
Workaround: Apply any kind of distributed queueing on any interface or subinterface of the affected VIP. Doing so triggers all interfaces to start transmitting again, enabling the ATM PVCs to come back up.
•
Symptoms: Using Cisco IOS Release 12.0(28)S images on Cisco 12000 series routers and Engine 6 2xOC192 line cards, the show interface accounting command shows incorrect values for tag packets.
Conditions: This symptom is observed in a tag-to-tag scenario.
Workaround: Ignore the IP counters for the tag packets.
•
Symptoms: A PXF engine on a Cisco 10000 series may unexpectedly crash and then the router may crash.
Conditions: This symptom is observed on a Cisco 10000 series that runs Cisco IOS Release 12.0(23)S5.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series may experience a block overrun and redzone corruption with a subsequent system reload or switchover as a result of incorrectly processing a corrupted packet. Error messages similar to the following may be observed:
%GRP-4-CORRUPT: Corrupted packet, start_offset 96, length 65534, slot 9
%SYS-3-OVERRUN: Block overrun at 53E4389C (red zone 00000000)
Conditions: This symptom may be observed on a Cisco 12000 series that runs Cisco IOS Release 12.0 S and that has 1, 3, or 4 port Gigabit Ethernet line cards installed.
Workaround: There is no workaround.
•
Symptoms: After a Stateful Switchover (SSO) occurs on a Cisco 7500 series, the standby Route Switch Processor (RSP) my hang just before downloading the image. This situation may prevent the router from entering the STANDBY-HOT state and from being capable to perform a switchover until the standby RSP is reset.
Conditions: This symptom is observed on Cisco 7500 series that runs Cisco IOS Release 12.0 S or 12.2 S and that is configured for SSO/Nonstop Forwarding (NSF).
Workaround: There is no workaround. After the problem occurs, you can recover the router by either waiting for an IPC timer to expire (the default time is 30 minutes) or by entering the hw-module sec-cpu reset command.
•
Symptoms: Engine 1 GE and FE line cards on a Cisco 12000 series running Cisco IOS Release 12.0(26)S2 may reset or fail when an HA switchover occurs.
Conditions: This symptom is observed when switching the HA mode from SSO to RPR+ or from RPR+ to SSO and when a test crash or switchover is performed while auto negotiation is enabled on the Engine 1 GE or FE line cards.
Workaround: Do not change the HA mode.
•
Symptoms: A router may crash when you enter the fair-queue command on the interface of a PA-MC-STM-1 port adapter.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0 S when the interface has the rate-limit output command enabled.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10000 series router reloads unexpectedly as ATM VCs are coming up.
Conditions: This symptom is believed to occur only when ACLs are applied on ATM interfaces, and, only rarely then, on images that contain the CSCed72686 fix.
Workaround: There is no workaround.
•
Symptoms: DTS may not work properly on dot1q Fast Ethernet subinterfaces. Traffic is not shaped at the expected rate
Conditions: This problem is observed on a Cisco 7500 series that is configured as a PE router and that runs Cisco IOS Release 12.2(12i). The symptom may also occur in other releases.
Workaround: If this is an option, use ISL subinterfaces.
•
Symptoms: A Cisco platform reloads because of a watchdog timer expiration.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.2(20)S2 or Release 12.3 under the following conditions:
–
–
–
Workaround: First detach the service policy from the PVC, then rename it and attach it again.
•
Symptoms: HSRP over the VRF is not working after following these steps:
1.
2.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(25)S3, that has a PRP and 4-port GE ISE line cards, and that functions as a PE router.
Workaround: Enter the standby use-bia command or use RPR+ instead of SSO.
•
Symptoms: A Cisco 12000 series running Cisco IOS Release 12.0(26)S1 may advertise erroneous IPv6 networks when configured for both 6PE and Route Reflector operation.
Conditions: This symptom is observed on a network in which 6PE is implemented on an existing dual-stack (IPv4 and IPv6) configuration.
Workaround: There is no workaround.
•
Symptoms: An MLP bundle configured between a Cisco 7500 series and any other router may not be able to switch traffic when dCEF is enabled on the Cisco 7500 series.
Conditions: This symptom is observed when LFI is enabled with one member link in the MLP bundle.
Workaround: Either remove dCEF or remove LFI. (A combination of CEF and MLP is not supported.) Note that if there are two member links in the interleaving-enabled MLP bundle, the problem does not occur.
•
Symptoms: A subinterface on a Cisco 10000 series may drop packets because of unicast RPF check failures, even though the interface is not configured with uRPF.
Conditions: This symptom is observed on an ATM interface with several subinterfaces when there is at least one subinterface that has uRPF configured. Disabling uRPF on the subinterface still leaves uRPF enabled, even though the CLI indicates it is not enabled. This may also occur with Frame Relay subinterfaces.
Workaround: Select a subinterface that has uRPF configured, then deconfigure and reconfigure it. This updates all subinterfaces on the interface in such a way that uRPF is correctly enabled or disabled.
•
Symptoms: A Cisco 7500 series cannot boot when there are more than 256 different policy maps attached as service policies on the router.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(26)S1.
Workaround: Do not use more than 256 service policies.
•
Symptoms: MPLS packets that are larger than 1496 bytes and that have the DF bit set are dropped, even when the tag-switching mtu 1508 command is enabled on all interfaces.
Conditions: This symptom is observed on a Cisco 12000 series that is configured as an MPLS PE router, when all of the following conditions are met:
–
–
–
Workaround: There are two workarounds:
–
–
•
Symptoms: A 12000 series Engine 2 line card may not accept a "tx-cos" configuration.
Conditions: This symptom is observed if the router previously had an Engine 4+ line card in the same slot and this Engine 4+ line card was configured with an output service policy.
Workaround: Reload the router.
•
Symptoms: After working fine for sometime, a 4-port OC-12 ATM line card stops forwarding unicast packets to the RP, and none of the unicast traffic that is sourced from or destined to the RP via the 4-port OC-12 ATM line card goes through. Unicast traffic to the 4-port OC-12 ATM line card interfaces fails too.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(21)ST7 when MPLS is enabled on the line card. IP traffic and IS-IS traffic that pass through the router are not affected. To recover the line card, reset the line card.
Workaround: There is no workaround.
•
Symptoms: Traffic may be dropped if an Engine 3 4-port OC-3 POS ingress line card has more than two egress paths.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S2.
Workaround: There is no workaround.
•
Symptoms: GE interfaces on an EPA-GE/FE-BBRD line card may drop tag packets.
Conditions: The problem is reported on a Cisco 12000 series running Cisco IOS Release 12.0(23)S5 only when you perform an OIR of an EPA-GE/FE-BBRD to install or remove additional EPA-3GE-SX/LH line cards.
Workaround: Perform a second OIR of the line card.
•
Symptoms: If a Cisco 10000 ESR does not have a specific route for both end points of a conversation, the Cisco 10000 ESR will only duplicate one-way audio for only the specific route populating the Cisco 10000 routing table but not for the end point using the default route from the routing table.
Conditions: This symptom is observed on a Cisco 10000 ESR that is running Cisco IOS Release 12.0(25)S3 and PRE-1.
Workaround: There is no workaround.
•
Symptoms: If a multilink interface loses members of the bundle, or if you enter the shutdown command followed by the no shutdown command on a multilink interface, or if the router reloads, the bandwidth that is allocated for non-real time classes can be allocated incorrectly. The sum of the bandwidth that is allocated for non-real time classes and the bandwidth that is specified by the police bps command for real time traffic may exceed the actual bandwidth of a multilink interface.
Conditions: This symptom is observed on a Cisco 10000 series running Cisco IOS Release 12.0(27)S1 that has the service-policy out command enabled on a multilink interface. The service policy consists of a real-time class and several classes with reserved bandwidth The real-time class is configured with the priority command and the police bps command. Other classes are configured with the bandwidth bandwidth-kbps command.
The bandwidth that is allocated for non-priority traffic should take into account the bandwidth that is reserved by the police bps command for the real-time class.
Workaround: Remove and reapply the service-policy out command to the multilink interface.
•
Symptoms: After a circuit bounces, traffic stops being passed on a VC when using a VC bundle. Other VCs on the same subinterface still work. The switch on the other side of the VC does not show any received cells from the VC.
In addition, the show atm vc command does not work because even after the VC is recovered, the command output still does not show any traffic.
Conditions: These symptoms are observed on a Cisco 12000 series.
Workaround: Enter the shutdown command followed by the no shutdown command on the affected subinterface.
•
Symptoms: A standby RP keeps crashing.
Conditions: This symptom is observed when both the snmp-server community string rw command and the snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart command are configured.
Workaround: Remove the snmp-server community string rw command from the startup configuration before rebooting the router. When the router has booted, reenter the snmp-server community string rw command.
•
Symptoms: An RP may crash when you add or remove a channel group to or from a 4-port ISE Gigabit Ethernet line card or when you reload microcode onto the line card on which channel group members are configured.
Condition: This symptom observed on a Cisco 12000 series when there are link-bundle subinterfaces configured on the 4-port ISE Gigabit Ethernet line card. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCed63480. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•
Symptoms: A VIP may crash.
Condition: This symptom is observed on a Cisco 7500 series when QoS is configured on the interface of the VIP and traffic is flowing.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is running Cisco IOS Release 12.0(25)SX1 may experience CEF disabling on standby PRE.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0(25)SX1. The symptom may also occur in Release 12.0 S.
Workaround: Reset standby PRE.
•
Symptoms: The feature manager queue on the Route Processor may not drain for 20 minutes after a reload in a scaled environment with 1400 IP and L3VPN connections (subinterfaces). The feature manager pushes ACL and PBR configurations to the IP Services Engine (ISE) line cards for TCAM processing. You can monitor the state of the feature manager queue with the show fm queue command.
Conditions: This symptom is observed on a 12000 series that runs Cisco IOS Release 12.0(28)S and may occur on any ISE line card that uses an associate message in the QoS manager.
Workaround: There is no workaround.
•
Symptoms: The TE DB on a tunnel headend may become corrupted.
Conditions: This symptom is observed on a Cisco router that has MPLS configured.
Workaround: There is no workaround.
•
Symptoms: Starting with Cisco IOS Release 12.0(26)S, the Cisco 10720 router supports IPv6 ACL feature. The IPv6 packets are corrupted (including the IPv6 header) for the following scenario: For a packet in 6PE decapsulation case (MPLS to IPv6), if output ACLs are applied at the output interface and these ACLs are long enough to require a second PXF pass (known as output ACL split case), then the outgoing IPv6 packet is corrupted.
Conditions: This symptom is observed on Cisco 10720 routers that are running Cisco IOS Release 12.0(26)S or later releases.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series may drop 2 to 3 percent of the ping packets that are destined to the router when the input interface is an Engine 4+ line card.
Conditions: This symptom is observed for ICMP packets on a Cisco 12000 series that is Cisco IOS Release 12.0(26)S1. The symptom may also affect other types of packets.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series crashes because of a bus error.
Condition: This symptom is observed on a Cisco 12016 that runs Cisco IOS Software 12.0(25)S2 when you enter the hw-module slot 17 shutdown command to shut down the master scheduler card.
Workaround: Do not shut down the master scheduler card.
•
Symptoms: When a channel group (for example, channel +1) is removed from a controller, the class-default queue gets stuck on the next time slot/channel.
Conditions: This symptom is observed on a Cisco 10000 series that is configured with 24-port channelized E1/T1 line cards and that has a high traffic rate on the removed channel.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command.
•
Symptoms: The performance of an OC-48 to E3 concatenated or channelized line card may drop from 4 Mpps to 2.84 Mpps when oCAR is enabled in a configuration that includes both the conform-action and exceed-action keywords and when oCAR is transmitting packets and changing the precedence.
Conditions: This symptom is observed on a Cisco 12000 series that runs the c12kprp-p-mz image of Cisco IOS Release 12.0(28)S or an earlier release. However, note that performance drops do not occur in Release 12.0(27)S1.
Workaround: There is no workaround.
•
Symptoms: On a Cisco series 12000, the output of the execute-on slot number show ip cef prefix command may display the same imposed label twice for a recursive public route.
Conditions: This symptom is observed on a Cisco platform that supports distributed forwarding such as a Cisco 7500 series or a Cisco 12000 series when the neighbor name send-label command is configured under an IPv4 BGP address family on a VIP or line card and when one of the following actions occurs:
–
–
–
The symptom disappears after the affected prefix flaps.
Workaround: There is no non-impacting workaround, but you can enter the clear ip route prefix command or reset the BGP peer to solve the problem.
•
Symptoms: A public recursive route is not labeled.
Conditions: This symptom is observed on a Cisco router that functions as a BGP peer and that has the neighbor name send-label command enabled as part of an IPv4 address family, which is required for Inter-AS configurations. The symptom affects routers that perform MPLS forwarding using ASICs such as some Cisco 7200 series routers, the Cisco 7304, the Cisco 10000 series, the Cisco 12000 series, and the Cisco RPM-XF. (This list may not be exhaustive.)
Workaround: There is no workaround. Note that the symptom does not occur if the neighbor name send-label command is enabled as part of an IPv4 address family VRF.
•
Symptoms: When a host sends a path MTU discovery packet into a L2TPv3 tunnel, a Cisco 10720 returns an ICMP unreachable packet, indicating that the path MTU is "MTU-32byte (L2TPv3 header)-(layer2 header of customer packets)," which is incorrect. This situation causes TCP communications such as FTP or HTTP downloads over the L2TPv3 tunnel to fail. For example, 26 bytes (outer IP + L2TPv3 header sizes) may be missing.
Conditions: This symptom is observed on a Cisco 10720 that functions as a PE router.
Workaround: If this is an option, set an MTU with a small size at the server side. If this is not an option, there is no workaround.
•
Symptoms: WRED does not share WRED labels even when WRED parameters are identical. Because Engine 4 and Engine 4+ line cards have only seven WRED labels, when you configure WRED for all eight IP precedences, the line cards display the following error:
% Can not configured WRED, all WRED labels are in use.
This situation prevents part of the precedence (WRED group) command for the 8th IP precedence from being applied to the interface policy map.
Conditions: This symptom is observed when you apply a policy map that uses more than seven WRED labels and when WRED labels are not shared.
Workaround: There is no workaround.
•
Symptoms: After you enter the microcode reload pxf command or after a PXF crash occurs, EoMPLS packets that should be encapsulated with EoMPLS encapsulation are treated as if they are normal IP packets, and are likely to be dropped by the router.
Conditions: This symptom is observed on a Cisco 10720 router when an SRP (sub)interface is used as the EoMPLS backbone interface to transport EoMPLS packets to other EoMPLS PE routers and when the (sub)interface has the xconnect destination-address vc-id encapsulation mpls command enabled.
Workaround: Remove the xconnect destination-address vc-id encapsulation mpls command from the (sub)interface that connects to a customer device, and reconfigure it on the (sub)interface.
•
Symptoms: A Cisco router crashes during a period of high routing protocol activity.
Conditions: This symptom is observed on a Cisco 10720 that runs Cisco IOS Release 12.0(21)SP or a later release or Release 12.0(22)S or a later release.
The crash is most likely to occur when the router holds a large number of IPv4 prefixes in its routing table and when there is a lot of turnover in the routing table, that is, prefixes are added and deleted on a rapid basis.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series equipped with Engine 4 or Engine 6 line cards may crash because of an unexpected exception to CPU vector 300 when the CISCO-CLASS-BASED-QOS-MIB is queried via SNMP.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S or an earlier 12.0 S release.
Workaround: There is no workaround.
•
Symptoms: A packet becomes corrupted when you ping a POS line card.
Conditions: This symptom is observed on a Cisco 12000 series Engine 0 4-port OC-3 POS line card.
Workaround: There is no workaround.
•
Symptoms: The PXF forwarding engine on a Cisco 10720 may crash after the microcode is reloaded either through a manual reload by entering the microcode reload pxf command or after a previous PXF crash. This situation causes multiple PXF crashes.
Conditions: This symptom is observed on a Cisco 10720 that runs Cisco IOS Release 12.0(26)S or a later 12.0 S release, all of which contain IPv6 PXF packet forwarding functionality, and is most likely to occur while IPv6 packets are passing through the router.
Workaround: Disable IPv6 functionality or disable PXF by entering the no service pxf command.
•
Symptoms: A temporary counter condition in which you see very large MPLS TE tunnel counter spikes may occur on a Cisco 12000 series. This situation is observed via the SNMP variable IfHCOutOctets (the total number of octets transmitted), via the SNMP variable locIfOutBitsSec (the Cisco 5-minute decaying average), and in the output of the show interfaces tunnel number privileged EXEC command (observe the elevated output rate).
Conditions: This temporary counter condition is observed only for one or two sample periods and affects the MPLS-TE auto-bandwidth mechanism because the collection timer may be invoked at a time while the counter is at an extreme value. If the auto-bandwidth mechanism collection value is greater than the physical interface capability, the LSP tunnel build fails at the next LSP tunnel build.
Workaround: There is no workaround.
•
Symptoms: All interfaces in a multilink group go down when you enter the no shutdown command on the MLP interface.
Conditions: This symptom is observed when the MLP interface is in the up/up state.
Workaround: Do not enter the no shutdown command on an MLP interface that is already in the up/up state.
•
Symptoms: A router that is configured with MPLS TE tunnels may generate tracebacks and crash.
Conditions: This symptom is observed on a Cisco router that runs an internal Cisco pre-build of Cisco IOS Release 12.0(26)S3 when the RSVP bandwidth is reduced to a value below the minimum value that is required by the tunnel. This caveat is resolved in Release 12.0(26)S3.
Workaround: There is no workaround. However, the symptom does no occur in any publicly released Cisco IOS software image.
•
Symptoms: A 6-port OC-3 POS line card (ESR-6OC-3/P-SMI=) may go down unexpectedly, and the following error messages may be logged (assuming that the line card is installed in slot 6 of the router):
IPCOIR-4-REPEATMSG: IPC handle already exists for 6/0
IPCOIR-2-CARD_UP_DOWN: Card in slot 6/0 is down. Notifying 6oc3pos-1 driver.
C10K_ALARM-6-INFO: ASSERT CRITICAL slot 6 Card Stopped Responding OIR Alarm - subslot 0Conditions: This symptom is observed on a Cisco 10000 series that runs Cisco IOS Release 12.0(27)S2 in a dual-PRE configuration when the CPU utilization on the active PRE is high. The symptom may also occur in other 12.0 S releases.
Workaround: There is no workaround.
•
Symptoms: When a Cisco 12000 series is reloaded or a switchover occurs from the active RP to the standby RP, a subinterfaces on an ATM ISE line card may not return to up/up state.
Conditions: This symptom is observed on a Cisco 12000 series that runs a Cisco IOS release that is earlier than Release 12.0(27)S when the subinterface is part of a VRF. If the oam-pvc manage command is not configured on the PVC, the subinterface enters the up/up state but does not pass any traffic.
Workaround: Return the subinterface to the up/up state by entering the shutdown command followed by the no shutdown command in subinterface configuration mode.
•
Symptoms: The RP that is supposed to become the primary RP may crash when an RP switchover occurs.
Conditions: This symptom is observed on a Cisco 12000 series that runs a Cisco IOS interim release of Release 12.0(26)S3. This caveat is resolved in Release 12.0(26)S3.
Workaround: There is no workaround.
•
Symptoms: A permanent virtual connection (PVC) configuration is removed if a PVC fails when it is recreated.
Conditions: This symptom is observed on a Cisco 7500 series that has a Versatile Interface Processor (VIP). The PVC configuration may be removed if the VIP is carrying data traffic and the parameters of the virtual circuit (VC) class that is attached to the configured PVCs on the associated interface are modified.
Workaround: There is no workaround.
•
Symptoms: Outbound security ACLs are not applied properly on Cisco 10000 series routers.
Conditions: This symptom is observed on all Cisco IOS Release 12.0 S images that contain the fix for CSCed72686.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: A router may not recognize some inbound Multiprotocol Label Switching (MPLS)-tagged packets that are sent via Frame Relay. Because the router cannot recognize the inbound MPLS-tagged packets, MPLS cannot switch those packets to the outgoing interface. The MPLS-tagged packets are dropped by the router, and the router does not increment the input-packet counter in the output of the show frame pvc output EXEC command.
Conditions: This symptom is observed on a Cisco router that has Cisco Express Forwarding (CEF) enabled and that is running Cisco IOS Release 12.2(7b). The symptom may also occur in other releases.
Workaround: Enable the debug mpls packets EXEC command.
•
Symptoms: When you configure Open Shortest Path First (OSPF) on a new Multilink Frame Relay (MFR) interface, the following traceback may be displayed:
%OSPF-6-ZERO_BANDWIDTH: interface MFR100 has zero bandwidth
Conditions: This symptom is observed on a Cisco router when you configure a new MFR interface or after the router has rebooted.
Workaround: There is no workaround.
•
Symptoms: A router may reload unexpectedly because of a bus error after the following error message is displayed:
%ATMPA-3-BADVCD:ATM[int] bad vcd [number] packet -
Conditions: This symptom is observed on a Cisco router that is configured with an ATM interface.
Conditions: This symptom is observed on a Cisco router that is configured with an ATM interface when a packet that contains a virtual circuit descriptor (VCD) that is out range is passed on to the ATM driver of the interface in order to be transmitted.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(26)S2
Cisco IOS Release 12.0(26)S2 is a rebuild of Cisco IOS Release 12.0(26)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(26)S2 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
Basic System Services
•
Symptoms: A Cisco device reloads on receipt of a corrupt CDP packet. One possible scenario is - Reloading a faulty Cisco IP conference station 7935 or 7936 may cause connected Cisco switch/router to reload. A CDP message may appear on the terminal, such as "%CDP-4-DUPLEX_MISMATCH duplex mismatch discovered on FastEthernet5/1 (not half duplex), with SEP00e0752447b2 port 1 (half duplex)."
Conditions: An empty "version" field exists in the output of show cdp entry * for at least one entry.
Workaround: Disable CDP using the no cdp run command in the global configuration mode. OR Disable CDP on the specific (sub-)interface(s) whose corresponding neighbor(s) have an empty "version" field in the output of show cdp entry *. OR Disconnect the 7935/7936 phone, in the case of specific symptom described.
•
Symptoms: A Cisco 7204VXR with an NPE400 may reload because of a bus error.
Conditions: This symptom is observed on a Cisco 7204VXR that runs the c7200-p-mz image of Cisco IOS Release 12.0(26)S.
Workaround: There is no workaround.
•
Symptoms: Incorrect "output IFMIB" counters are observed on the main interface.
Conditions: This symptom has been observed on a Cisco 7500 series router running Cisco IOS Release 12.0(25)S1 when an 802.1q VLAN is configured with Committed Access Rate (CAR). The "output CLI" and "input SNMP/CLI" counters are correct.
Workaround: There is no workaround.
•
Symptoms: Executing the tftp-server slaveslot0: global configuration command, or any configuration commands related to tftp-server being set to access flash devices on the slave, will cause the slave to reload.
Conditions: This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.0(23)S5 but is not platform dependent.
Workaround: Configure the tftp-server to access flash devices on the master route switch processor (RSP) only.
•
Symptoms: The Remote Processing Time reported by an SAA probe to a VRF/VPN loopback on a MPLS VPN PE router is too short, about 1~30ms, while the Round Trip Time that is calculated is too large, about >100ms. When you have probes sent to both an IPv4 Loopback and a VPNv4/VRF Loopback, you will see that the results they provide are exactly reverse to each other. For example:
router time type remote process time roundtrip delay
saa_probe2ipv4 218 1
saa_probe2vpnv4 5 219
Conditions: This symptom is observed when an SAA probe is sent to VPN/VRF addresses on an MPLS VPN PE router through a MPLS VPN network.
Workaround: There is no workaround.
•
Symptoms: A Cisco Catalyst 2950 experiences a memory leak in the CDP process.
Conditions: The device sending CDP packets sends a hostname that is 256 or more characters. There are no problems with a hostname of 255 or fewer characters.
Workaround: Configure the neighbor device to use less than a 256 character hostname, or disable the CDP process with the global command no cdp run.
Interfaces and Bridging
•
Symptoms: Fragments produced on a Route Switch Processor (RSP) may be corrupted. The fragments may have extra bytes of garbage that may cause the remote end to drop the packets since the remote end cannot rebuild the packets.
Conditions: This symptom occurs on a Cisco 7500 router that is configured for Frame Relay fragmentation 12 (FRF.12) on a Packet-over-SONET (POS) subinterface.
Workaround: There is no workaround.
•
Symptoms: TX Simple Network Management Protocol (SNMP) counters do not update on Fast Ethernet subinterfaces for distributed Cisco Express Forwarding (dCEF) traffic.
Conditions: This symptom is observed on Cisco IOS Release 12.0(26)S and Release 12.3. The hardware is DEC21140A, and the interface receiving the traffic is not located on the same Versatile Interface Processor (VIP).
Workaround: There is no workaround.
•
Symptoms: An interface on a Cisco 7500 series that is configured for distributed Multilink PPP (dMLP) may stop transmitting data.
Conditions: This symptom is observed when the links in an MLP bundle flap. When the router detects that the interface does not transmit data, the router automatically resets all Versatile Interface Processors (VIPs) to restore proper functioning.
The following log information shows the sequence of events when the symptom occurs:
%LINK-3-UPDOWN: Interface Serial10/1/1/11:23, changed state to down
%LINK-3-UPDOWN: Interface Serial10/1/1/12:23, changed state to down
%LINK-3-UPDOWN: Interface Multilink9, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial10/1/1/11:23, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial10/1/1/12:23, changed state to down %LINK-3-UPDOWN: Line protocol on Interface Multilink9, changed
%LINK-3-UPDOWN: Interface Serial10/1/1/12:23, changed state to up
%LINK-3-UPDOWN: Interface Multilink9, changed state to up
%LINK-3-UPDOWN: Interface Serial10/1/1/11:23, changed state to up
%RSP-3-RESTART: interface Serial10/1/1/11:23, output frozen
%RSP-3-RESTART: cbux complex
Workaround: There is no workaround.
•
Symptoms: BGP Policy Accounting information is not available via SNMP for 802.1Q VLAN subinterfaces.
Conditions: This symptom is observed on Cisco 12000 and 7500 series routers.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: A Cisco router may pause indefinitely on reload with a traceback and bus error exception.
Conditions: This symptom may be observed with a Cisco Open Shortest Path First (OSPF) router that is doing redistribution.
Workaround: There is no workaround.
•
Symptoms: A Cisco router with a Border Gateway Protocol (BGP) system may lose the address family's use of aggregate routes after the router reloads. The aggregate routes are moved from the VPN routing/forwarding (VRF) address family and appear under the global IP version 4 (IPv4) address family. When the router reloads, the console displays the following error messages:
exit-address-family
^ % Invalid input detected at รญ^รญ marker.
exit-address-family
^ % Invalid input detected at รญ^รญ marker.
exit-address-family
^ % Invalid input detected at รญ^รญ marker.
The above symptom is only one of the possible symptoms. Support for the auto-summary router configuration command and the default-information originate router configuration command has been removed from some of the address families as a result of the caveat CSCdx14351 without providing support to accept these commands silently when being booted with a configuration from a prior Cisco IOS release. The presence of the unsupported commands in address families like Virtual Private Network version 4 (VPNv4) and IPv4 Multicast (MCAST) causes the command-line interface (CLI) to go out of the address family submode and apply these commands to the v4 address family, which results in unpredictable behavior.
Conditions: This symptom is observed on all Cisco platforms that are running Cisco IOS Release 12.2(16.4)T or Release 12.3 T. The symptom is not observed in Cisco IOS Release 12.3.
Workaround: Reenter the configuration that was present before the router reloaded.
•
Symptoms: A Cisco router may pause indefinitely because of a bus error, and the following error message may appear:
System returned to ROM by bus error at PC 0x60B5F1C0, address 0xEF4321E5
Conditions: This symptom is observed on a Multiprotocol Label Switching (MPLS) provider edge (PE) router.
Workaround: There is no workaround.
•
Symptoms: The best path is not chosen correctly on a Cisco router.
Conditions: This symptom is observed when the bgp deterministic med router configuration command is configured on a Cisco router. The symptom occurs when different values of Multi Exit Discriminator (MED) are set for peers. In this particular situation, the symptom occurs when different values of MED are set to different peers.
Workaround: There is no workaround.
•
Symptoms: When the following Open Shortest Path First (OSPF) MIB tables are queried via snmpwalk, some interfaces may not be displayed:
–
–
–
Conditions: This symptom is observed on any Cisco platform that runs OSPF.
Workaround: There is no workaround.
•
Symptoms: A network link-state advertisement (LSA) may not be originated for an interface.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0 S, Release 12.2 S, Release 12.3, or Release 12.3 T when an interface that is configured for Open Shortest Path First (OSPF) and that is up has the same address as another interface that is shut down.
Workaround: There is no workaround.
•
Symptoms: During BGP scalability testing, error messages and tracebacks similar to the following ones may be logged, indicating a difficulty with TCP and buffer usage:
%SYS-2-MALLOCFAIL: Memory allocation of 4692 bytes failed from 0x6076F714, align
Pool: I/O Free: 11143248 Cause: Memory fragmentation
Alternate Pool: None Free: 0 Cause: No Alternate pool
-Process= "Pool Manager", ipl= 0, pid= 6
-Traceback= 607FE10C 607FF1EC 6076F71C 6080C1D0 6080C400
%TCP-6-NOBUFF: TTY0, no buffer available
-Process= "BGP I/O", ipl= 0, pid= 139
-Traceback= 6098B4EC 609938C8 60993C1C 60D55CE4 60D0BEB0
%TCP-6-NOBUFF: TTY0, no buffer available
-Process= "BGP Router", ipl= 0, pid= 138
-Traceback= 6098B4EC 609938C8 60993C1C 60D55CE4 60D29858 60D2AF88 60D1B4BC
Conditions: This symptom is observed on a Cisco router that is in the processing of building BGP sessions for about 80,000 prefixes and about 1200 BGP peers.
Workaround: There is no workaround.
•
Symptoms: A multicast router may stop sending Protocol Independent Multicast (PIM) join messages.
Conditions: This symptom is observed on a Cisco router that is configured for multicast routing when buffer allocation failures occur and when the I/O memory is low.
Workaround: Disable and reenable multicast routing.
•
Symptoms: A router may no longer be able to reach IP destinations through Open Shortest Path First (OSPF).
Conditions: This symptom is observed when the mpls traffic-eng area number router configuration command is removed from the OSPF configuration.
Workaround: Clear the OSPF process by entering the clear ip ospf process privileged EXEC, and wait for the OSPF process to recover. This workaround is not recommended when there is a large routing table.
Alternate Workaround: Reconfigure the mpls traffic-eng area number router configuration.
•
Symptoms: A router may reload unexpectedly when you remove network commands. The crash will not always happen when network commands are removed. There is a small window where this can happen when a network command which covers an interface running OSPF is removed *and* there are outstanding packets from this interface in OSPF queue.
Conditions: This symptom is observed on a Cisco router that has the router ospf global configuration command enabled.
Workaround: There is no workaround.
•
Symptoms: Routes on a provider edge (PE) router may take almost 10 minutes to propagate through a network because Border Gateway Protocol (BGP) remains in read-only mode for a long period of time.
Conditions: This symptom is observed on a Cisco router that functions as a PE router and that is a BGP peer to other PE routers. A list of the affected releases can be found at http://www.cisco.com/cgi- bin/Support/Bugtool/onebug.pl?bugid=CSCeb54512. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•
Symptoms: SAA probes that are executing on the Cisco 12000 series routers incorrectly measure round trip time delay measurements.
Conditions: This symptom is only observed on a Cisco 12000 series router.
Workaround: Run the probe on a different Cisco platform.
•
Symptoms: On a router with the hidden command ip routing external overload signalling set, if a router-wide CEF FIB-DISABLE event takes place (rather than a FIB-DISABLE event on a line card), the loopback interface and its associated IP address are removed from the routing table.
On FIB recovery, the IP address associated with the loopback interface will not be present in the routing table and therefore cannot be advertised to any other routers in the network.
Conditions: This behavior is observed in IOS release 12.0(25)S and later releases on a router with the ip routing external overload signalling hidden command set. Earlier IOS releases are not affected.
Workaround: Enter the no ip routing external overload signalling hidden command.
•
Symptoms: A Cisco router with a label switched path (LSP) tunnel on which Fast ReRoute (FRR) is enabled and active may stop refreshing the Resource Reservation Protocol (RSVP) state when the refresh updates are received via RSVP summary refresh messages. This situation causes the RSVP to time out and the LSP tunnel to be torn down.
Conditions: This symptom is observed on a Cisco router that does not transmit RSVP messages for LSP tunnels on which FRR is enabled and active via message IDs. The symptom does not occur when FRR is enabled but not active.
A peer router that runs software other than Cisco IOS software may continue to send RSVP messages with messages IDs that request an acknowledgment. The Cisco router does acknowledge these message IDs, causing the peer router to start sending RSVP summary refresh messages to refresh the RSVP state. The Cisco router ignores the message IDs that are contained in these RSVP summary refresh messages and does not refresh the RSVP state.
Workaround: There is no workaround.
•
Symptoms: A router may crash after the IP address of the interface of a neighboring router is changed while an MPLS TE tunnel is using this interface.
Conditions: This symptom is observed on a Cisco router that functions as a midpoint of an MPLS traffic engineering (TE) tunnel and occurs shortly after the IP address of the ingress interface of the downstream neighboring router is changed while the MPLS TE tunnel is using this interface.
Workaround: There is no workaround.
•
Symptoms: This symptom occurs in an OSPF network topology in which a CE router (CE-1) connect to a PE router (PE-1) that connects to two other PE routers (PE- 2 and PE-3), each of which connect to another CE router (CE-2 and CE-3). In turn, both of these CE routers are connected to each other (that is, CE-2 and CE-3 connect to each other).
When the link between the PE-3 and the CE-3 flaps, the OSPF route in the VRF fails to switch back from BGP to OSPF on the PE-1.
Conditions: This symptom is observed in Cisco IOS Release 12.0 S, 12.2 S, and 12.3 T.
Workaround: Clear the ip route, clear the OSPF process, or enter the clear ip bgp * command on the PE-1 to bring the route back from BGP to OSPF.
•
Symptoms: A router may reload unexpectedly with a bus error and/or display spurious memory access messages
Conditions: The router must be configured for OSPF and must be actively learning OSPF routes dynamically.
Workaround: There is no workaround.
•
Symptoms: FRR LSPs may fail to provide protection with a Next-next-hop (NNHOP) backup tunnel.
Conditions: This symptom is observed only when a primary LSP reaches beyond a merge point.
Workaround: There is no workaround.
•
Symptoms: IPv6 BGP may not reach the established state.
Conditions: This symptom is observed on a Cisco 12000 series that runs the gsr-p-mz image of Cisco IOS Release 12.0(26)S2 or Release 12.0(28)S. However, the symptom is not platform-specific.
Workaround: There is no workaround.
•
Symptoms: A BGP prefix may receive or advertise incorrect label information.
Conditions: This symptom is observed on an MPeBGP session between ASBRs when there is more than one MPeBGP session configured.
Workaround: There is no workaround.
ISO CLNS
•
Symptoms: Intermediate System-to-Intermediate System (IS-IS) routes that are learned from an IS-IS interface may not be added back to a Routing Information Base (RIB).
Conditions: This symptom is observed on a Cisco router with an interface that is running IS-IS after you enter the shutdown interface configuration command followed quickly by the no shutdown interface configuration command.
Workaround: Enable "ip routing protocol purge interface" on the router.
Miscellaneous
•
Symptoms: Connectivity difficulties may occur when Virtual Private Network (VPN) routing/forwarding (VRF) packets follow the global routing table instead of the VRF table.
Conditions: This symptom is observed on a low-end Cisco router that runs Cisco IOS Release 12.2(7a) or another release when the global address space in the router overlaps with the VRF address that is configured on a VRF interface of a connected PE router. The VRF interface of this PE router may be unreachable but end-to-end connectivity may not be affected.
Workaround: There is no workaround.
•
Symptoms: A Performance Route Processor (PRP) may reload after the following error message is displayed:
PRP-3-ASM_CORRUPT_PTR
Conditions: This symptom is observed on a Cisco 12000 series on which a defective 1-port OC-192 Packet-over-SONET (POS) Enhanced Services (ES) Engine line card is installed. The symptom occurs because error recovery does not function properly.
Workaround: There is no workaround.
•
Symptoms: Some Simple Network Management Protocol (SNMP) packets may linger in the input queue while they are processed. However, the packets do exit the queue on their own without any intervention from the user. This fix allows these packets to be removed from the queue more quickly.
Conditions: This symptom is observed on a device that runs Cisco IOS software and that supports SNMP operations. In addition, the SNMP request must contain a valid community string.
Workaround: Protect the SNMP community strings with good password management. Permit SNMP traffic only from trusted devices.
•
Symptoms: On a Cisco router, output queue packet drops may occur on the priority queue of an E1 serial interface on a 1-port multichannel E3 port adapter (PA-MC-E3), after which the E1 serial interface becomes congested.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.1(18)E. However, the symptom is not specific to the platform or the Cisco IOS software release but specific to the port adapter.
Workaround: Enter the tx-ring-limit interface configuration command to increase the value of the drivers that are transmitted on the queue. For additional information, see the document at the following location:
http://www.cisco.com/warp/public/121/txringlimit_6142.html
•
Cisco Routers running Internetwork Operating System (IOS) that supports Multi Protocol Label Switching (MPLS) are vulnerable to a Denial of Service (DoS) attack on MPLS disabled interfaces.
The vulnerability is only present in Cisco IOS release trains based on 12.1T, 12.2, 12.2T, 12.3 and 12.3T. Releases based on 12.1 mainline, 12.1E and all releases prior to 12.1 are not vulnerable.
More details can be found in the security advisory which is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050126-les.shtml.
•
Symptoms: Sporadic error recovery may occur on an Engine 4 plus (E4+) line cards after a corrupt packet that comes from the fabric is detected. The error recovery is indicated by %TX192-3-PAM_MODULE and %TX192-3-PAM_PIM error messages on the E4+ line card. The packets are corrupted by Engine 3 line cards and are triggered by routing convergence.
Conditions: This symptom is observed on a Cisco 12416 router that runs Cisco IOS Release 12.0(25)S or Release 12.0(25)S1. Only packets in the IP-to-tag path are affected.
Workaround: There is no workaround.
•
Symptoms: You may not be able to load a Cisco IOS software image onto a Cisco 12000 series from an Advanced Technology Attachment (ATA) Flash disk, and one or more error messages similar to the following may appear:
open(): Open Error = -13 loadprog: error - on file open boot: cannot load "disk0:gsr-p-mz.120-24.S2"
open: read error...requested 0x4 bytes, got 0xffffffff trouble reading device magic number loadprog: error - on file open boot: cannot load "disk0:gsr-p- mz.120-22.S3c"
Conditions: This symptom is observed when the ATA disk is formatted with one Cisco IOS software image and also contains another Cisco IOS software image that you attempt to load onto the Cisco 12000 series.
Workaround: Enter the boot system tftp filename ip-address global configuration command, dummy for the filename argument, and 10.1.1.1 for the ip-address argument. Note that this command parses without errors, and then fails; the router may not appear to boot initially, but eventually does so.
Further Problem Description: The symptom only affects a Cisco 12000 series RP. It does not affect a Cisco 12000 series PRP.
•
Symptoms: Some virtual circuits (VCs) are not added by FPGA/SAR when modified from cell-packing ATM Adaptation Layer 5 (AAL5).
Conditions: This symptom is observed on a Cisco 12000 series router but is not platform dependent.
Workaround: Delete PVCs and reprovision them.
•
Symptoms: On dual Performance Route Processors (PRPs) in RPR+ mode, the secondary PRP may not boot up. When you log into the PRP, it appears to be in the ROMmon state.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(25)S1 when the ROM monitor of the primary RPR is upgraded.
Workaround: Attach to the secondary RPR and boot up this RPR manually by entering the boot command on the ROMmon prompt.
•
Symptoms: An interface may not transmit traffic because the output may be stuck. When this symptom occurs, the console of the Route Switch Processor 4 (RSP4) may display the following error messages:
%ISDN-6-LAYER2DOWN: Layer 2 for Interface Se1/0/2:15, TEI0 changed to down %ISDN-6-LAYER2DOWN: Layer 2 for Interface Se1/0/1:15, TEI0 changed to down %ISDN-6-LAYER2DOWN: Layer 2 for Interface Se1/0/3:15, TEI0 changed to down %RSP-3-RESTART: interface Serial1/0/0:15, not transmitting Output Stuck on Serial1/0/0:15 %RSP-3-RESTART: interface Serial1/0/1:15, output frozen
%RSP-3-RESTART: interface Serial1/0/2:15, not transmitting
%RSP-3-RESTART: cbus complex
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.1(19)E1 when the compress stac caim interface configuration command is configured on the interface. The symptom may also occur in other releases.
Workaround: Remove the compress stac caim interface configuration command from the interface.
•
Symptoms: A Cbus Complex may occur and the packet memory may be recarved, causing a temporary disruption in service.
Conditions: This symptom is observed on a Cisco 7500 series when you install an 8-port multichannel T1/E1 PRI port adapter (PA-MC-8TE1+) or an enhanced 2-port T1/E1 high-capacity port adapter (PA-VXC-2TE1+) and when you configure the port adapter via the command-line interface (CLI) for E1 or T1.
Workaround: There is no workaround. Try to install the port adapter during a maintenance window.
•
Symptoms: A Versatile Interface Processor 4 (VIP4) in which an 8-port multichannel E1, G.703 120 ohm interface port adapter (PA-MC-8E1/120) is installed may reload unexpectedly and display the following error message:
%ALIGN-1-FATAL: Illegal access to a low address.
Conditions: This symptom is observed on a Cisco 7500 series that has a distributed multilink interface on which IP Header Compression (IPHC) is configured when distributed Cisco Express Forwarding (dCEF) is disabled by entering the no ip cef distributed global configuration command and reconfigured by entering the ip cef distributed global configuration command while the interface is operational.
Workaround: Ensure that the multilink interface is shut down before you to disable dCEF.
•
Symptoms: The amount of free memory on a router decreases as the memory that is held by the Simple Network Management Protocol (SNMP) engine process increases. The decrease in the amount of free memory can be verified by examining the output of the show proc mem | i SNMP privileged EXEC command.
Conditions: This symptom is observed when SNMP is used to attempt to set values in the LDP-MIB, TE-MIB, or VPN-MIB.
Workaround: Avoid using SNMP to set values in the MIBs. Use the CLI on the router to set the values needed.
•
Symptoms: A 1-port E3 serial port adapter (PA-E3) may fail to recover to the "up/up" state even when the original cause of the failure is corrected.
Conditions: This symptom is observed on a Cisco 7500 series.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface of the PA-E3.
•
Symptoms: Modular QoS CLI (MQC) may allow invalid hierarchical policy maps to be attached to IP Services Engine (ISE) Packet-over-SONET (POS) interfaces.
Conditions: This symptom is observed on Engine 3 (E3) ISE line cards on a Cisco 12000 series router.
Workaround: Do not attach invalid hierarchical policy maps.
•
Symptoms: Fast Reroute (FRR) fails to detect a protected interface that has gone down. Initial failure detection varies from 100 to 800 milliseconds.
Conditions: This symptom is observed only on a Cisco 7500 series router.
Workaround: There is no workaround.
Further Problem Description: When the protected interface goes down, FRR switches from the primary tunnel to the backup tunnel.
•
Symptoms: A Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) provider edge (PE) router that is running distributed Cisco Express Forwarding (dCEF) may have high memory usage and memory allocation failures when dCEF is disabled and then reenabled.
Conditions: This symptom is observed on a PE router that has a large number of VPN routes (over 30,000) in a VPN routing/forwarding (VRF) table when CEF is disabled and then reenabled.
Further Problem Description: View the output of the show processes memory EXEC command to verify that the CEF process memory usage increases.
Workaround: Reload the router.
•
Symptoms: There may be no memory for the expanded TFIB PSA. The label allocation may fail with error messages that are shown below and may be followed by a memory traceback.
%TAGCON-3-LCLTAG_ALLOC: Cannot allocate local tag
%TFIB-2-MEMORY: No memory for expanded TFIB PSA
-Traceback=
Conditions: This symptom is only observed on an MPLS-capable Cisco platform and only when the label space has been exhausted to the maximum level supported by the platform or is about to be exhausted (only a few hundred labels are available) and when the TFIB table is expanded further.
Workaround: Enter the mpls label range 16 101900 command at the conf-t level to avoid the error messages.
•
Symptoms: When you securely copy a Cisco IOS image to a flash disk by entering the copy scp slot0: or copy scp slot1: EXEC command, the copy process may stop after about 60 to 70 percent has been transferred.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0(25)S1 or Release 12.3.
Workaround: Copy the Cisco IOS image via another transport protocols such as TFTP.
•
Symptoms: A Cisco 12000 series router with an Engine 2 3-port Gigabit Ethernet (GE) line card may display memory access error messages, and the line card may reload.
Conditions: This symptom is observed on a Cisco 12000 series with an Engine 2 3-port GE line card when Border Gateway Protocol Policy Accounting (BGPPA) is applied and then removed from its interface.
Workaround: There is no workaround.
•
Symptoms: When traffic matches a particular VLAN group and the "match vlan" argument is removed from that VLAN group, the traffic continues to match the class map (prior to removal) and is shaped accordingly. The expected behavior is for the traffic to take the default queue.
Conditions: This symptom is observed on an IP Services Engine (ISE) 4x Gigabit Ethernet (GE) line card that has a modular QoS CLI (MQC) quality of service (QoS) policy attached to the main interface only when the "match vlan 1-3" argument is removed from the VLAN group.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series that functions as a provider edge (PE) router may fail to receive an Internet Control Message Protocol (ICMP) echo message on a Multilink PPP (MLP) ingress interface.
Conditions: This symptom is observed on a Cisco 7500 series when Virtual Private Network (VPN) routing/forwarding (VRF) is configured on the MLP interface.
Workaround: There is no workaround.
•
Symptoms: Some channelized PA-MC-2T3+ interfaces on a Cisco 7500 series router may go into a down/down state. When this symptom occurs, one or more groups of four T1 interfaces may go down simultaneously because of an Rx Alarm Indication Signal (AIS) alarm, and all of the interfaces associated with the down/down T1 interfaces may also go into the down/down state.
Conditions: This symptom is observed only on a PA-MC-2T3+ port adapter. This symptom may be caused by a router or Versatile Interface Processor (VIP) reload or a circuit failure on the T3 port adapter. This symptom has not been observed on the PA-MC-T3 port adapter.
Workaround: Perform an online insertion and removal (OIR) of the VIP that seats the PA-MC-2T3+. Make sure that you follow the guidelines for performing an OIR procedure on a Cisco 7500 series router.
Alternate Workaround: Identify the router with four ports in the down/down state, and reload this router. You can identify the router with the interfaces in the down/down state by checking for the presence of AIS on all four ports. T1 interfaces will go down in the following combinations: 1-4, 5-8, 9-12, 13- 16, 17-20, and 21-24. If T1 interfaces go down in 3-6 or 10-13 combinations, this symptom is not the reason that the interfaces are in the down/down state.
•
Symptoms: An E3 4xOC12 channelized line card keeps resetting.
Conditions: This symptom is observed under load sharing between a POS channel interface and a regular POS interface.
Workaround: There is no workaround.
•
Symptoms: With a PRP running Cisco IOS Release 12.0(25)S1, the PRP hangs after the test crash command is entered. This is seen only on a PRP-1 and not a GRP-B.
Conditions: These symptoms are observed on a Cisco 12000 router with a PRP-1 and a full or nearly full chassis after the test crash command is entered. The router becomes inaccessible and inoperable. This only happens when the exception warmstart 60 5 global configuration command is configured.
Workaround: Disable the exception warmstart global configuration command. Note, however, that when you do so, caveat CSCeb70797 may occur.
•
Symptoms: An 8XOC3 ATM line card stops passing non-exp0 traffic (that is, tagged packets with the exp field in the MPLS shim not equal to zero) after an RP or line card reloads.
Conditions: This problem happens when ingress and egress subinterfaces are configured on the same ATM interface using an ATM switch. This symptom is observed on Cisco IOS Release 12.0(25)S3 or a later release.
Workaround: To recover the interface, enter the shutdown command followed by the no shutdown command on the affected interface.
•
Symptoms: When you reload a Multiprotocol Label Switching (MPLS) provider edge (PE) router that has 20 PA-MC-2T3+ controllers and 780 channelized interfaces, the first PA-MC-2T3+ controller may have many channelized interfaces in the down/down state.
Conditions: This symptom is observed on an MPLS PE router that has the channelized interfaces that are in the down/down state directly connected to a customer edge (CE) router. If the connection is a T1 interface, then the interfaces on the CE router are in an up/down state. If the connection is sub- T1 (fractional T1), then the interfaces on the CE router are in an up/up state.
Workaround: Reload only the CE router and all the interfaces will go to the up/up state on both the CE router and the PE router.
•
Symptoms: The set feature in a policy map does not function when the service policy is attached to a channelized interface.
Conditions: This symptom is observed on a Cisco 7500 series router with a channelized port adapter when the policy is applied to the input direction of the interface.
Workaround: There is no workaround.
•
Symptoms: The output queue of an 8-port multichannel T1/E1 PRI port adapter (PA-MC-8TE1+) may be stuck, even though the controller is up.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0 S, 12.1 E, or 12.2 S after you have performed an online insertion and removal (OIR) of the PA-MC-8TE1+.
Workaround: Reload the router.
•
Symptoms: An E3 card crashes when more than 10k multicast groups are created, and traffic is sent to these groups. This is seen with sparse mode and Auto- RP.
Steps for crash:
1. Advertise 130k BGP routes. 1a. Send traffic to port advertising the BGP routes. 2. Advertise 10000 multicast groups. (When tried with 300 groups, card did not crash.) 3. Send traffic to multicast groups.
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: Do not create 10k multicast groups.
•
Symptoms: When a Cisco IOS software image runs on a standby Performance Routing Engine (PRE) together with an older version of Cisco IOS software that runs on the primary PRE, the following error message may appear on the standby router:
%IDBINDEX_SYNC-3-IDBINDEX_ENTRY_LOOKUP: Cannot find IDB index table entry: "", 79
After a switchover from the primary PRE to the standby PRE occurs, the interfaces for which the above error messages appear may not be able to send or receive packets.
Conditions: This symptom is observed on a Cisco 10000 series during a Fast Software Upgrade (FSU) operation.
Workaround: There is no workaround.
•
Symptoms: A Versatile Interface Processor (VIP) may reload when the clear cef line command is entered or when a new VRF is provisioned on an interface via the CLI.
Conditions: This symptom is observed on a VIP when Multiprotocol Label Switching (MPLS), Egress NetFlow, and distributed Cisco Express Forwarding (dCEF) are configured.
Workaround: Disable dCEF or Egress NetFlow before making configuration changes or before entering the clear cef line command.
•
Symptoms: A line card may experience high CPU usage, and report alignment and spurious memory access error messages.
Conditions: This symptom is observed on the line card of a Cisco 12000 series Internet router.
Workaround: There is no workaround.
•
Symptoms: An IP Services Engine (ISE) line card may display high CPU utilization.
Conditions: This symptom is observed on an ISE line card in a Cisco 12000 series when Multiprotocol Label Switching (MPLS) packets are sent to the nonlabel-switched interface of the ISE line card.
Workaround: There is no workaround.
•
Symptoms: A software-forced reload may occur on a Cisco 12000 series router.
Conditions: This symptom is observed on a Cisco 12000 series router after a service policy is enabled.
Workaround: There is no workaround.
•
Symptoms: Tag entries may be missing on a Versatile Interface Processor (VIP).
Conditions: This symptom is observed on a Cisco 7500 series that has distributed Cisco Express Forwarding (dCEF) enabled.
Workaround: Enter the clear cef linecard user EXEC or privileged EXEC command.
•
Symptoms: A Versatile Interface Processor (VIP) may reload and cause the Route Switch Processor (RSP) to reload after an input set policy is added to a Frame Relay (FR) map class.
Conditions: This symptom is observed on a Cisco 7500 series router.
Workaround: Use traffic policing to set the input policy.
•
Symptoms: An Engine 4 Plus (E4+) Gigabit Ethernet (GE) or Fast Ethernet (FE) line card that is configured with Any Transport over MPLS (AToM) may fail.
Conditions: This symptom is observed on an E4+ GE or FE line card on a Cisco 12000 series router that is running Cisco IOS Release 12.0(26)S as soon as a soft online insertion and removal (OIR) is performed on the primary clock scheduler card (CSC).
Workaround: There is no workaround.
•
Symptoms: When an ATM PVC bounces, it fails to come back up and remains in the DOWN/UNVERIFIED state.
Conditions: This symptom occurs when an ATM LC is connected to an ATM switch. Also, the ATM PVC is managed by OAM, and the frequency of the OAM F5 loopback cells is set to 0, via the oam-pvc manage 0 CLI command.
Workaround: Performing a shut command followed by a no shut command on the PVC will reactivate it.
Alternate Workaround: Disable OAM management.
•
Symptoms: A 1-port 10-Gigabit Ethernet line card may generate pause frames under an inbound heavy load if there is a bottle neck in the router, for example an egress line card. The pause frames may cause FCS errors at the remote end device.
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(25)S2.
Workaround: There is no workaround.
•
Symptoms: During installation of a router on an OC-48 DPT/RPR ring, the ring became unstable, and 5 Cisco 12000 series routers reloaded, one reloading twice.
Conditions: This symptom is observed on a mix of Cisco 12016 routers and Cisco 12416 routers that are running Cisco IOS Release 12.0(23)S3 3DES software.
Workaround: There is no workaround.
•
Symptoms: Under certain conditions, a Cisco router could display IGP (Interior Gateway Protocol) prefix entries in the MPLS FRR (Fast Reroute) database as VPN (Virtual Private Network) prefixes. This is a cosmetic error condition and does not impact any feature functionality.
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: There is no workaround.
•
Symptoms: The Gigabit Ethernet port on a 10-port Gigabit Ethernet base card may be in the up/up state even though there are no cables plugged in.
Conditions: This symptom is observed when the 10-port Gigabit Ethernet card has one EPA in the top slot and two ports on the EPA configured and enabled. Each time the router is booted, the Gigabit Ethernet port on the 10-port Gigabit Ethernet base card is in the up/up state.
Workaround: There is no workaround.
•
Symptoms: On a Cisco router, IPv6 traffic is counted under IPv4 counter on the Engine 4 POS line cards on the egress side when using the show interface number [accounting] command.
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: There is no workaround.
•
Symptoms: A line card may crash because of a timeout during the "get_stat" operation.
Conditions: This symptom is observed on a 4-port OC-12 ATM ISE line card that functions under extreme conditions such as cold temperatures and high voltages.
Workaround: There is no workaround.
•
Symptoms: Multicast traffic stops flowing via an ATM interface.
Conditions: This symptom is observed when detaching and attaching the PVC to an ATM interface while sending multicast traffic over the PVC.
Workaround: After removing and attaching the PVC, enter the shutdown command followed by the no shutdown command on the interface.
•
This umbrella caveat affects the behavior of path triggers, and of Automatic Protection Switching (APS) with PPP and Frame Relay (FR) encapsulation.
- CSCec70879
Symptoms: Cisco 12000 series POS APS interfaces do not permit the configuration of path trigger specifications on APS interfaces.
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: There is no workaround.
- CSCdu45201:
Symptoms: When the encapsulation ppp interface configuration command is configured on Cisco 12000 series Packet-over-SONET (POS) APS interfaces, some APS operations may result in an inappropriate protocol state. This situation may stop all traffic flow through the APS pair or duplicate all packets.
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: There is no workaround.
- CSCec72228:
Symptoms: When the encapsulation frame-relay interface configuration command is configured on Cisco 12000 series POS APS interfaces, some APS operations may cause interfaces (that have been selected by APS) to be set to "protocol down" by FR. This behavior can result in the loss of all traffic over the APS pair.
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: There is no workaround.
•
Symptoms: A failure of an active Route Processor (RP) may cause the standby RP to fail also.
Conditions: This symptom is observed in Cisco 12000 series Internet routers.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series Engine 3 (E3) line card does not forward traffic to networks that are not specifically present in the routing table.
Conditions: This symptom is observed if a default route is learned by way of the ip default network global configuration command. If routes are learned by way of a default route, this symptom is not present.
Workaround: There is no workaround.
•
Symptoms: On a Cisco router that is configured with LLQ, there is queueing on the real time queue.
Conditions: This symptom is observed on a Cisco 10000 ESR that is configured with LLQ.
Workaround: There is no workaround.
•
Symptoms: On Engine 2 (E2) n-port OC3 line cards for the Cisco 12000 series router, the pos delay triggers path router configuration command does not implement the specified delay. This results in the link being brought down for Path Alarm Indication Signal (PAIS) or Path Remote Defect Indication (PRDI) defects whose duration is smaller than the specified delay time.
Conditions: This symptom is observed in all releases of Cisco IOS Release 12.0 ST and in all releases of 12.0 S beginning with Release 12.0(22)S.
Workaround: There is no workaround.
•
Symptoms: A 6-port CT3 line card crashed due to a Cache Parity Exception. The router will not reload.
Conditions: This symptom occurs on a Cisco 12000 series router that is running Cisco IOS Release 12.0(23)S3 image c12kprp-p-mz.
Workaround: There is no workaround.
•
Symptom: An ingress Engine 4 plus POS line card may drop fragmented packets.
Conditions: These symptoms occur in an IP-to-IP scenario under the following conditions:
–
–
Workaround: There is no workaround.
•
Symptoms: On a Cisco 10000 series with a 4-Port Channelized STM-1/OC-3 or 1-Port Channelized OC-12/STM-4 line card, when you enter the shutdown command followed by the no shutdown command on the SONET controller, the serial interfaces that are configured under this controller stay down until you enter the no shutdown command on each individual serial interface.
Conditions: This symptom is observed when the line card has au-4-tug3 controllers configured. The au-3 mapping appears to work correctly.
Workaround: There is no workaround. Bring up the serial interfaces by entering the no shutdown command on each individual serial interface.
Further Problem Description: The symptom also occurs when you enter the shutdown command on the au-4-tug3 controller.
•
Symptoms: The cbQosPoliceStatsTable MIB objects of the QOS-MIB may be missing.
Conditions: This problem affects QoS statistics that are defined in the CISCO-CLASS-BASED-QOS-MIB.
Workaround: There is no workaround.
•
Symptoms: A router may reload unexpectedly when packets are tag switched.
Conditions: This symptom is observed when a Bridge-Group Virtual Interface (BVI) is created after the router has booted up, when IP packets are received through the BVI, and when these IP packets are forwarded as Multiprotocol Label Switching (MPLS) packets through another interface.
Workaround: Disable tag switching on the BVI interface by entering the tag-switching ip interface configuration command followed by the no tag-switching ip interface configuration command.
•
Symptoms: A Simple Network Management Protocol (SNMP) MIB displays the following message for a port adapter that is not present:
"unknown port Adapter"
The show diag privileged EXEC command displays the correct message:
"no PA present"
Conditions: This symptom is observed on a Cisco router with a modular Gigabit Ethernet (GE) or Fast Ethernet (FE) card with no port adapters that is running Cisco IOS Release 12.0(24)S1.
Workaround: There is no workaround.
•
Symptoms: Flow control information is not sent to the line card correctly, which causes errors in flow control issues.
Conditions: When a VC is created, if the VC goes down or is inactive during the first 60 secs, the flowbit information may not be updated correctly on the line card.
Workaround: Create another VC. This will cause IOS to go through all of the active VCs and update all their flowbit information.
•
Symptoms: Traffic loss and tracebacks may occur on an Engine 2 (E2) 4xOC12 line card when diagnostics are run on the backup clock scheduler card (CSC).
Conditions: This symptom is observed on a Cisco 12012 router when the backup CSC is in slot 17 of the router.
Workaround: There is no workaround.
•
Symptoms: An Engine 3 QOC12 LC configured with multicast VPNs may drop or punt traffic to the RP. This may happen when the mdt data group-address-range wildcard-bits threshold threshold-value command is configured in VRF configuration mode.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: Remove the mdt data group-address-range wildcard-bits threshold threshold-value command from the VRF configuration.
•
Symptoms: The output packet counters on an interface may be incorrect. Depending on the Cisco IOS release, they may show either a very large or unexpected value.
Conditions: The output packet counters get corrupted by clearing the interface counters followed by reloading the PXF microcode. The commands are the clear counters command followed by the microcode reload pxf command.
Workaround: Issue another clear counters command.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOSยฎ software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Symptoms: Enabling autonegotiation on an E1 Gigabit Ethernet interface causes the standby route processor (RP) to fail.
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(26)S.
Workaround: Stop the traffic, enter the shutdown command on the interface, configure autonegotiation on the interface, enter the no shutdown command on the interface, and resume the traffic.
•
Symptoms: The traffic-shape command may disappear from the running configuration after an HA switchover and it is not possible to reconfigure it on the newly active route processor.
Conditions: This symptom is observed when the traffic-shape command is configured on an interface of an Engine 4+ line card on a Cisco 12000 series that has multiple route processors installed and when an HA switchover occurs.
Workaround: Reload the router and reconfigure the traffic-shape command.
•
Symptoms: A reload or online insertion and removal (OIR) of any line card on a Cisco 12000 series Internet router chassis with a 1+1 Automatic Protection Switching (APS) configuration between two CHOC-48 line cards may cause a "deadman timer expired" error. This may result in an incorrect switch working once the line card comes up.
Conditions: This symptom is observed on a Cisco router with a channelized OC48 line card that is running the c12kprp-p-mz image of Cisco IOS Release 12.0(24)S4.
Workaround: There is no workaround.
•
Symptoms: A 3-port Gigabit Ethernet (GE) line card may show an BMA error, then run error recovery.
Conditions: This symptom is observed on a Cisco 12008/40 router that is running Cisco IOS 12.0(23)S5, that is configured as an MPLS inter-AS ASBR, and that is also configured as a PE router. When you enter the shutdown command followed by the no shutdown command on a POS interface of an 8-port POS line card, the 3-port GE line card shows an BMA error.
Workaround: There is no workaround.
•
Symptoms: An Engine 4+ line card may generate errors after a router reloads.
Conditions: This symptom occurs only when the line card is switching small packets (IP length ~28 bytes).
Workaround: There is no workaround.
•
Symptoms: A router may reload unexpectedly after renaming a policy-map the second time.
Conditions: This defect may be observed if there are at least two policies configured.
Workaround: Avoid renaming the policy-map.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOSยฎ software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Symptoms: The tag forwarding table for a line card on Cisco platforms that have distributed (i.e. line card based) forwarding, such as the Cisco 7500 Series and the Cisco 12000 Series, may not have complete entries even though the Route Processor (RP) does. This results in ingress tagged traffic being dropped for the missing tag forwarding entries.
Conditions: This symptom is observed on Cisco platforms that have distributed (i.e. line card based) forwarding in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment with a provider edge (PE) router to customer edge (CE) router link.
The problem is more likely to happen if the PE to CE link experiences quick flaps of an interface (i.e. goes down and come back up in a very small amount of time (e.g. 2 sec)). Although this can happen on any line card, this situation is more likely to happen on the Engine 3(E3) channelized OC48 line cards due to its quick flapping behavior.
Note: There are additional prerequisites for this bug to happen. These are:
- The defect affects routers that are: (a) MPLS VPN PE routers or (b) routers that exchange labels for ipv4 BGP routes.
- For (a) there should be recursive routes on the PE that go over the PE-CE link (this could be either BGP learnt recursive routes or static recursive routes). Also, these recursive routes have the link's CE side ip address as their nexthop.
- There should be a less specific route to get to the nexthop (this can be a default route). This applies for (a) and (b).
Workaround: There is no workaround.
•
Cisco Internetwork Operating System (IOS) Software is vulnerable to a Denial of Service (DoS) attack from crafted IPv6 packets when the device has been configured to process IPv6 traffic. This vulnerability requires multiple crafted packets to be sent to the device which may result in a reload upon successful exploitation.
More details can be found in the security advisory, which is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050126-ipv6.shtml.
•
Symptoms: When the cache is lost, a router correctly detects that the cache is no longer available, but HTTP requests are still forwarded to the cache.
Conditions: This symptom is observed on a Cisco 7500 series with dCEF enabled.
Workaround: Disable dCEF.
•
Symptoms: When sending 10 packets from AGT-SRC to AGT-Dest with TTL set to 3 on all packets, the first packet is dropped.
Conditions: This symptom occurs under the following conditions:
–
–
–
Workaround: Remove the "log" option from the ACL rule.
•
Symptoms: Under some unknown circumstances, Gigabit EtherChannel (GEC) subinterface counters do not function and stay at zero.
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: Reload the router.
•
Symptoms: Random Early Detection maintains an average length of the outbound queue of a class of traffic, and randomly discards newly arriving packets when the average falls within the configured range. A Cisco 10000 series router may contain an error in the average queue length computation which makes Random Early Detection too sensitive to the instantaneous queue length.
Conditions: This problem is seen on a Cisco 10000 series routers that runs Cisco IOS Release 12.0(27)S but may also occur in earlier releases.
Workaround: There is no workaround.
•
Symptoms: A file copied to an ATA disk may become corrupted.
Conditions: This symptom is observed on any Cisco IOS image that contains the fix for CSCdz27200. The problem does not occur on a disk that is formatted with 16 or less sectors/cluster.
Workaround: Use an ATA disk that is formatted with 16 or less sectors/cluster.
•
This caveat consists of two separate systems, conditions, and workarounds.
Symptoms 1: A router may reload after a switchover to the standby processor.
Conditions 1: This symptom is observed on a Cisco Route Switch Processor (RSP).
Workaround1: There is no workaround.
Symptoms 2: After a switchover to a standby processor, the indices of the interfaces in the system may be changed by mistake. This may cause problems with forwarding packets and may cause other inconsistencies.
Conditions 2: This symptom is observed on a Cisco 12000 series.
Workaround 2: There is no workaround.
•
Symptoms: Several prefixes for non-redistributed connected interfaces in different VRFs may be partially bound to the same MPLS-VPN label, thus disrupting traffic bound to one or more of these VRFs.
Conditions: This symptom can occur on a Cisco router that runs Cisco IOS Releases 12.2, 12.2T, 12.0S, 12.3 after the VRF interfaces have flapped. The symptom may occur in all code levels of these releases.
Workaround: Clear the routes in the VRFs in sequence.
•
Symptoms: Most multicast traffic is dropped if an ingress interface is an interface of an E4+ line card and NetFlow is configured.
Conditions: This symptom occurs when multicast traffic is forwarded down a shared tree, for example, forwarded by (*, g).
Workaround: Either unconfigure NetFlow or disable the SPT threshold to move to the shortest path tree.
•
Symptoms: If the service-policy {output} command is configured on a PA-MC-8E1/120 interface, the ping of a neighbor router fails. Other IP traffic also stops. When this command is removed, the ping and other IP traffic starts passing through this line.
Conditions: This symptom occurs when the service-policy {output} command is configured on a Cisco 7200 series router on a channelized interface, such as the PA-MC-8E1/120 interface.
Workaround: Remove the service-policy {output} command.
•
Symptoms: In Cisco IOS software that is running Multiprotocol Label Switching (MPLS), a router may reload after accessing a freed Label Information Base (LIB) entry. When the symptom occurs, an error message similar to the following is likely to precede the reload:
%TIB-3-LCLTAG: 10.10.10.10/10.10.10.10, tag advert; unexpected tag state=13
Conditions: This symptom is observed when a very uncommon timing of a Label Distribution Protocol (LDP) events occurs. The symptom may occur with LDP or Tagswitching Distribution Protocol (TDP).
Workaround: There is no workaround.
•
Symptoms: OAM cells generated on an ATOM VC that is configured for AAL0 cell relay will have CRC-10 errors. Note that the CRC-10 errors will be present only on the generated OAMs and not on the OAMs forwarded transparently as received from the remote PE. See below:
CE1 <--> PE1 <-- PW --> PE2 <--> CE2
OAM cells forwarded from PE2 to PE1 and vice versa will be fine. The problem will be seen when the PE1 starts sending OAM cells to CE1 when the PW goes down.
Conditions: When the ATOM VC goes down due to whatever reasons (e.g. remote PE-CE), the ATM interface going down will take the ATOM VC down. This condition will trigger the local PE to start sending OAMs to the CE. These OAM cells will have CRC-10 errors, as explained above. This problem will be seen on 8xOC3 ATM line cards.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series that runs 12.0(25)S2 may report the following log message:
SLOT 1: %SYS-3-CPUHOG: Task ran for 2052 msec (1/1), process = CEF LC IPC
Background, PC = 400DC728.
-Traceback= 400DC730 40DBFE60 40DBFFD4 40DC0B14 400C5A04 400C59F0
Conditions: This symptom is observed when the default route gets updated to Engine 3 line cards and is reported by these line cards as seen above. This situation may happen after an interface flap or a routing update elsewhere in the network.
To determine if your line card is an Engine 3 line card, enter the show diag slot-number EXEC command, in which the slot-number argument is the slot number that reports the message). In the command output, you will see "L3 Engine: 3" for Engine 3 line cards.
Workaround: There is no workaround.
•
Symptoms: The Cisco 10720 microcode will be reloaded upon reception of certain malformed MPLS packets.
Conditions: An MPLS packet where the topmost label is an MPLS Aggregate Label (for either IPv4 or IPv6) and this label does not have the EOS bit set (that is, it is not the only label) will cause the reload.
Workaround: There is no workaround.
Further Problem Description: This should be an extremely rare situation as such packets are not allowed in MPLS, that is, IPv4/IPv6 aggregate MPLS labels must always be the only label on the received label stack and therefore they must always have the EOS bit set. Reception of such a packet implies that some other network element has generated an invalid MPLS packet.
•
Symptoms: All multicast packets are dropped with a VRF-lite configuration.
Conditions: This symptom occurs when MVPN is set up in a VRF-lite configuration.
Workaround: There is no workaround.
•
Symptoms: A Cisco router reloads with an unexpected exception and tracebacks.
Conditions: This symptom occurs when a serial interface is configured and you try to remove the AUG controller. See the following example:
router# conf t
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#cont sonet 3/0/0
router(config-controller)#no aug cont
router(config-controller)#no aug controller
router(config-controller)#
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series router with an HA configuration (dual RP redundancy) and with GE line cards which are using channel groups, might not be pingable after a redundancy switchover. From the interface, the directly connected device can be pinged, but from the same device, the interface cannot be successfully pinged.
Conditions: The problem is specific to a Cisco 12000 series router that is running Cisco IOS 12.0 S. The router must have an HA configuration (dual RPs). Also, channel groups must be configured (note: even if the channel groups are not assigned to a particular Gige interface, the problem can still occur). Finally, a link flap needs to occur on the channel group interface before the redundancy switchover is done to bring on the problem.
Workaround: Enter the shut command followed by the no shut command on the interface.
Further Problem Description: The group channel feature is new and was released for the first time in Cisco IOS Release 12.0(26)S1 so that is where the exposure is.
•
Symptoms: Intermittent packet drops occur when you ping the VRF loopback/interfaces on a PE router from an attached PE router. The VPN transit traffic intermittent drops occur also on packets that exceed the MTU size.
Conditions: This symptom is observed on a Cisco 12000 series 3-port GE and 4-port GE line card that are installed in a Cisco router that functions as a PE router and that is connected to another PE router via an L2 switch. The problem occurs when a VRF is configured on a subinterface that faces the L2 switch.
Workaround: Remove the VRF from the subinterface that faces the L2 switch.
•
Symptoms: A Cisco 12000 series Engine 4+ line card is unable to originate ICMP echo reply packets. ICMP packets transiting the router are correctly transmitted.
Conditions: This symptom occurs when the rate-limit, MQC set, or MQC police command is configured on the interface in the output direction.
Workaround: There is no workaround.
•
Symptoms: When the HSRP MIB is polled and there are HSRP groups configured on subinterfaces, an error such as "OID not increasing" may occur on the device that is polling the router. In some cases, a CPUHOG traceback may occur on a router when the HSRP MIB is polled, especially when a lot of interfaces are configured.
Conditions: This symptom is observed under either one of the following two conditions:
–
–
Workaround: Do not initiate an SNMP query for HSRP.
Alternate Workaround: Enter the snmp-server global configuration command to specify which MIBs are available, as in the following example:
snmp-server view HSRP internet included
snmp-server view HSRP ciscoHsrpMIB excluded
snmp-server view HSRP ciscoHsrpExtMIB excluded
snmp-server community public view HSRP RW 20
snmp-server community private view HSRP RW 20•
Symptoms: The MPLS packets are forwarded with a bogus label when they are sent out on a loadshared non-VRF MPLS enabled "Internet" interface from a VRF.
Condition: A static route for the VRF should be configured to reach the Internet, which would in turn be configured to recurse over 2 static routes to reach the next hop for the global Internet.
Workaround: Shut down one of the interfaces to remove the load-sharing condition.
•
Symptoms: A Cisco router reloads due to memory allocation problem when per packet load balancing is changed to default CEF load balancing.
Conditions: This symptom is observed on a Cisco 7200 series router with a PA-4T serial adapter when the service-policy output name command is applied to this interface. The problem is observed in Cisco IOS Release 12.0(26)S1 and Release 12.0(27)S.
Workaround: Use per-packet loadbalancing, remove the service-policy output name command, or replace the adapter with a PA-4T+.
•
Symptoms: A reload occurs that sends a Cisco 10000 series router into ROMMON state.
Conditions: This symptom occurs after configuring CHOC3 interfaces and then performing the shut command followed by the no shut command. The reload sends the Cisco 10000 series router into ROMMON state.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series may reload unexpectedly.
Conditions: This symptom is observed when Multiprotocol Label Switching (MPLS) Fast Reroute (FRR) is configured.
Workaround: There is no workaround.
•
Symptoms: On a Cisco 12000 series with link-bundling (port-channel) configured and the snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart command configured, if you configure the port-channel with minimum links that are greater that the actual links, the port-channel is forced down, and an SNMP linkdown trap is generated. However, if you correct the configuration so that the port-channel comes up, no linkup trap is generated.
Conditions: This symptom is observed on a Cisco 12000 series router that runs Cisco IOS Release 12.0(26)S1.
Workaround: There is no workaround.
•
Symptoms: A router may log a CPUHOG message that is caused by the CEF reloader process.
Conditions: This symptom is observed on a Cisco router when a VRF with more than 9000 routes is added to the configuration.
Workaround: There is no workaround.
•
Symptoms: An access control list (ACL) that has logging enabled may not work on a Fast Etherchannel (FEC) interface.
Conditions: This symptom is observed on a Cisco 10720 router running Cisco IOS Release 12.0(26)S or a later release.
Workaround: There is no workaround.
•
Symptoms: When the error message "Info: Illegal normal burst size, increased to mtu size 4470" is generated on a channelized STM-1 MM PA, the VIP in which this PA is installed and the RSP may crash.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(26)S1 when MQC is configured on the channelized STM-1 MM PA.
Workaround: There is no workaround.
•
Symptoms: An Engine 1 single port Gigabit Ethernet line card for a Cisco 12000 series router may reload unexpectedly on receipt of large amounts of "pause input" frames sent via flow control from a downstream device.
Conditions: This symptom will occur only if the Gigabit Ethernet line card is forwarding large amounts of traffic to an overwhelmed downstream device that in turn sends "PAUSE" (XOFF) frames to the line card.
Workaround: Disable flow control on the downstream device.
•
Symptoms: On a Cisco 7500 series with distributed CEF, connectivity between CE routers that are locally connected to the same interface may be broken.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(26)S or a later release when an output service policy is configured on the subinterface of one CE router but not on the subinterface of the other CE router. Traffic that is process-switched flows correctly between the CEs routers.
Workaround: Configure a dummy output service policy on the subinterface that does not have an output service policy.
•
Symptoms: Traffic may be delayed across a Cisco 12000 Series Engine 3 line card. Traffic sent through the Cisco 12000 series Internet router may see latency. Other symptoms include:
1.
2.
3.
4.
Note: 3 and 4 are LC-specific commands.
Conditions: This problem occurs when tag-switching and MPLS are configured on the E3 line card.
Workaround: Upgrade Cisco IOS to get by CSCeb45907.
•
Symptoms: After executing a forced switchover, the secondary processor returns only to COLD standby and not HOT standby.
Conditions: This symptom is observed on a c10k-p10-mz image on a Cisco 10000 series router.
Workaround: There is no workaround.
•
Symptoms: The hw-module {slot X} command shutdown on a 4GE Eng3 that is using GEC may freeze a router during some time, bringing down line and protocols. Under certain circumstances, DCEF may also be disabled.
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: There is no workaround.
•
Symptoms: Frame relay local switching fails when RED is applied on a Cisco 12000 series router with 2 Ports OC3 Channelized to DS1/E1 or 6 Port Channelized T3.
Also, it is observed that the controller is reset when the following is removed/reapplied:
rx-cos-slot all ToFabTable
!
slot-table-cos ToFabTable
destination-slot 0 OC3
destination-slot 1 GIGE
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: Perform the following steps:
1.
2.
3.
•
Cisco Internetwork Operating System (IOS) Software releases trains 12.0S, 12.1E, 12.2, 12.2S, 12.3, 12.3B and 12.3T may contain a vulnerability in processing SNMP requests which, if exploited, could cause the device to reload.
The vulnerability is only present in certain IOS releases on Cisco routers and switches. This behavior was introduced via a code change and is resolved with CSCed68575.
This vulnerability can be remotely triggered. A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS).
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml
•
Symptoms: Engine 2 line cards may fail upon clearing BGP peers.
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(27)S.
Workaround: There is no workaround.
•
Symptoms: When a recursively resolved adjacency is "discard" (e.g., null0), a packet that is entering an Engine 3 4-port GE line card and that is destined to the "discard" adjacency is punted to the local line card CPU, causing high CPU utilization. Punting to the CPU is caused by a wrong adjacency that is populated for the corresponding route.
Conditions: This symptom is observed on Engine 3 line cards that are installed in a Cisco 12000 series that runs Cisco IOS Release 12.0(25)S1 or a later release.
Workaround: There is no workaround.
•
Symptoms: Some MQC commands on 4xOC3 and 8xOC3 ISE line cards on Cisco 12000 series routers may result in a message similar to the following:
% Service policy on FR sub-interface POS1/1.2 must be hierarchical.
Due to the error, no policy is applied to the interface. Even though the running configuration has the policy on the interface, the policy will not take effect.
Conditions: This symptom is observed on Cisco 12000 series routers.
Workaround: There is no workaround.
•
Symptoms: TE tunnel(s) fail to switch back to the explicit path option.
Conditions: This symptom is observed on a Cisco 12000 series router that runs the gsr-p-mz image of Cisco IOS Release 12.0 S.
Workaround: Continue to work either in the explicit path or in the dynamic path without shutting the link. Such a scenario is highly unlikely.
•
Symptoms: On an Engine 3 4GE line card, traffic from a Catalyst switch to a Cisco 12000 series is not rerouted over the GEC link when disabling the physical interface on which the traffic is passing.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S1.
Workaround: There is no workaround.
•
Symptoms: An EPA-GE/FE-BBRD line card may experience repetitive crashes during normal operation.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(25)S2 or 12.0(26)S1.
Workaround: There is no workaround.
•
Symptoms: HSRP configured on the subinterfaces of an Engine 4+ GE line card may not work.
Conditions: This symptom is observed when the subinterfaces are configured with VRFs.
Workaround: There is no workaround.
•
Symptoms: Cisco Express Forwarding (CEF) becomes disabled on a secondary Cisco 10000 series Performance Routing Engine (PRE) during a switchover.
Symptoms: This symptom is observed after configuring 380 traffic engineering (TE) tunnels and checking that CEF is enabled on both the primary and secondary PREs and that all TE tunnel interfaces are up. Then, a forced switchover from the primary PRE to the secondary PRE is performed. When the secondary PRE comes up and it now the new primary PRE, all tunnel interfaces are down. The line is up but the protocol is down. Because CEF is disabled and not running, the tunnels do not function and no routing can occur.
Workaround: Enable CEF on the primary PRE and enter the shutdown command followed by the no shutdown command on the affected interfaces. Doing so enabled the TE tunnels to come up.
•
Symptoms: MPLS TE tunnel counters are inaccurate; the MPLS TE tunnel output rate counters may exceed the physical interface capabilities that the tunnel uses.
Conditions: This symptom is seen on a Cisco 12000 series that runs Cisco IOS Release 12.0(23)S5 with an Engine 4 line card. This symptom may be observed by issuing the following commands in the following order:
1.
2.
3.
Workaround: There is no workaround.
•
Symptoms: For MVPN traffic, multicast traffic streams are punted from the PXF to the RP. Normally, PXF does this when a new stream needs to be created. However in this case, PXF behaves as if the streams are not present even if the required (S,G)/(*,G) states exist.
Conditions: This symptom is observed on a Cisco 10000 series when the VRF index of the VPN is higher than 255. This occurs when 255 or more VRFs are configured or when some VRFs are created and deleted many times. You can determine the VRF index by entering the show ip vrf detail command.
Workaround: There is no workaround.
•
Symptoms: IPv4 multicast traffic may stop being forwarded when NetFlow is configured on an Engine 4+ interface.
Conditions: This symptom is observed on a Cisco 12000 series that runs the Cisco IOS Release 12.0 S when a (*,G) entry is used to forward IPv4 multicast traffic instead of a (S,G) entry.
Workaround: There is no workaround.
•
Symptoms: CEF may become disabled on a VIP, port adapter, module, or line card because of a fatal error, and the following error message may be generated:
%FIB-3-FIBDISABLE: Fatal error, slot 2: Window did not open, LC to RP IPC is non-operational
Conditions: This symptom is observed after an RPR+ switchover.
Workaround: There is no workaround.
•
Symptoms: MPLS IAS traffic may be punted the CPU of an Engine 2 line card.
Condition: This symptom is observed when an egress interface is flapped and the ingress POS-channeling interface is shut down in a topology in which the ingress POS-channeling interface connects to an ASBR that connect to the egress POS interface.
Workaround: There is no workaround.
•
Symptoms: A VIP4-80 may crash when you enter the police command for a policy map that is applied to an ATM subinterface PVC in the input direction.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0(26)S or 12.0(27)S.
Workaround: Do not enter the police command for a policy map that is applied to an ATM subinterface PVC.
•
Symptoms: The packet queue size on an MLP bundle may be larger than necessary, which may manifest as two separate symptoms:
- The scalability during configuration of multiple MLPPP interfaces is reduced because the router may run out of resources to allocate the packet queues.
- The effect of congestion may be more severe as traffic that should have been dropped due to the queue overflow will not be dropped.
Conditions: This happens after the reload of a Cisco 10000 series with a policy map attached to an MLP interface or when more links are added to an MLP interface.
Workaround: After any MLP bundle change (either by configuration, bootup, or link failure) delete and reattach the service policy to the interface.
•
Symptoms: The priority traffic on an MLP interface may exceed the configured bandwidth limits.
Conditions: This symptom is observed on a Cisco 10000 series when new links are added to an MLP interface that already has a policy map with a priority class attached. The link addition may happen as result of a system bootup or a link flap, or a user may add more links to the bundle by configuration.
Workaround: Once the interfaces that are associated with the MLP bundle are up, remove and reattach the service policy to the MLP bundle. If links associated with the bundle flap, the policy may have to be removed and reattached again.
•
Symptoms: A transient error may occur on a Cisco 12000 series line card during a network routing change. here is a chance that other line cards in the system will stop transmitting or receiving routing protocol updates and traffic, causing traffic to be blackholed.
Conditions: This symptom is observed in an MPLS-VPN network. A list of the affected releases can be found at http://www.cisco.com/cgi- bin/Support/Bugtool/onebug.pl?bugid=CSCeb58214. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: Enter the microcode reload command on any line card that stops receiving traffic or routing protocol adjacencies from its neighbors.
•
Symptoms: High CPU utilization may occur on a Cisco 12000 series line cards due to the CEF scanner process.
Conditions: This problem is seen when a large number of VPN routes are present on the router.
Workaround: There is no workaround. However, the symptom does not seem to affect the convergence time or performance of the router.
•
Symptoms: Traffic is sent using the "net ctrl" queue on the egress interface.
Conditions: This problem occurs on a Cisco 10720 router when IPv6 high-priority traffic (110 or 111 in the first 3 bits of the IPv6 traffic class) is forwarded.
Workaround: There is no workaround.
•
Symptoms: Traffic forwarding problems may occur when sending MVPN traffic from multiple sources to the same group.
Conditions: This symptom is observed on a Cisco 12000 series that functions as an MVPN decapsulation PE router with an Engine 3 line card that forwards multicast packets on an VRF interface.
Workaround: To ensure that no collisions occur on the VRF interface, configure hardware multicast on the Engine 3 line card by entering the hw-module slot number ip multicast hw-accelerate source-table size x offset y command.
•
Symptoms: The outgoing label for a prefix that is received through Border Gateway Protocol (BGP) IP version 4+ (IPv4+) labels may not be installed in the Tag Forwarding Information Base (TFIB).
Conditions: This symptom is observed if the router that performs a BGP IPv4+ label exchange receives a label withdraw request for an MPLS label from a BGP peer that is followed by a readvertisement of the label. This symptom occurs if the no mpls ip global configuration command followed by the mpls ip global configuration command is executed on the peer router; however, the label withdraw request may be triggered in other ways also.
Workaround: Enter the clear ip route prefix EXEC command to correct the symptom.
•
Symptoms: A controller of an 8-port multichannel T1/E1 PRI port adapter (PA-MC-8TE1+) may fail to come up after the router has booted up.
Conditions: This symptom is observed on a Cisco router that is configured with a PA-MC-8TE1+. The symptom is platform independent and port adapter dependent.
Workaround: Enter the shutdown controller configuration command followed the no shutdown controller configuration command on the affected controller.
Alternate Workaround: Enter the clear counters user EXEC or privileged EXEC command on the affected interface of the PA-MC-8TE1+.
•
Symptoms: When flaps occur on an Inverse Multiplexing over ATM (IMA) group interface on which the Any Transport over MPLS (AToM): ATM Cell Relay over MPLS: VC Mode feature is configured, input packets may be switched via Cisco Express Forwarding (CEF).
Conditions: This symptom is observed on a Cisco 7500 series that has an IMA group interface that is configured on a Versatile Interface Processor (VIP).
Workaround: Perform an online insertion and removal (OIR) of the VIP.
•
Symptoms: A router may become unresponsive and may reload when you append a file whose size is not a multiple of 512 bytes to an Advanced Technology Attachment (ATA) flash card (for example, boot disk, disk0, disk1).
For example, this situation may occur when you enter the show command | tee /append url privileged EXEC command.
Conditions: This symptom is observed on a Cisco platform that runs a Cisco IOS image that contains the fix for caveat CSCdz27200 and that utilizes an ATA flash card. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdz27200. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: Write the output of the show command to a new file instead of appending it to an existing file by entering the show command | tee url privileged EXEC command.
•
Symptoms: A line card reloads continuously after an OIR.
Conditions: This symptom is observed when the line card has MFR and a service policy configured.
Workaround: Remove the service policy before performing an OIR.
•
Symptoms: A FlexWAN, enhanced FlexWAN, or Versatile Interface Processor that has a PA-MC-E3 or PA-MC-T3 installed may crash.
Conditions: This symptom is observed under rare conditions in a stress situation with dFLI and dCRTP configured.
Workaround: There is no workaround.
•
Symptoms: On a Cisco 7500 series router, after a RPR, RPR-plus or SSO switchover, the router may display the following message:
%RSP-3-RESTART: cbus complex
This will be followed by the reload of all VIPS in the router and the following message:
HA-2-NO_QUIESCE: Slot <slot#> did not quiesce, it will be disabled and then reloaded.
Conditions: This problem happens on a Cisco 7500 series router that is running Cisco IOS Release 12.0 S and occurs after an RPR, RPR-plus, or SSO switchover. Similar symptoms can be observed if the service single-slot-reload-enable command is not configured on the router, but in this case, the cbus complex message will follow the "HA-2-NO_QUIESCE" error message.
Workaround: There is no workaround.
•
Symptoms: The line protocol on a T1 of a T3 controller in a PA-MC-2T3+ port adapter may stay in the down state even when looped.
Conditions: This symptom is observed on a Cisco 7200 series and Cisco 7500 series.
Workaround: There is no workaround.
•
Symptoms: If you enter the shutdown command followed by the no shutdown command on an interface, traffic that congests the interface may cause the router to crash.
Conditions: This symptom is observed when a policy is attached to the interface.
Workaround: There is no workaround.
•
Symptoms: A router may reload unexpectedly while you disable label distribution protocol (LDP) on an interface.
Conditions: This symptom is observed on a router that has several interfaces that are configured for LDP when you disable LDP on all interfaces and when there is still one open TCP connection that is passively used by LDP while you disable LDP on the last interface.
Workaround: There is no workaround.
•
Symptoms: Packet redirection to a cache may not occur even though Web Cache Communication Protocol (WCCP) is enabled and the cache farm has formed successfully. The symptom may be invisible to end users because packets (usually packets that are part of HTTP sessions) still flow successfully to and from their original destinations.
Conditions: This symptom is observed on a Cisco platform when both WCCP and Cisco Express Forwarding (CEF) are enabled.
Workaround: Disable CEF on all interfaces on which a WCCP redirect statement is configured.
•
Symptoms: A Cisco 7500 series router that is running 12.0S may drop traffic to a static route after a microcode reload. The symptom may also occur in other releases.
Conditions: Traffic loss will occur for static routes to /32 prefixes that are attached to an interface, that is, the ip route prefix mask interface-type interface-number command is enabled.
Workaround: Disable Cisco Express Forwarding (CEF) by entering the no ip cef command. Then, reenable CEF by entering the ip cef distributed command.
•
Symptoms: Failover boot commands from a slot to a disk results in an endless loop. If the router does not find the image in slot0, it will not be able to properly switch to the next image in disk1.
Conditions: This symptom occurs when slot0 holds a linear flash card and disk1 holds an ATA disk.
Workaround: While being in a loop on the console connection, press control plus return, type, and send a break until the loop stops.
•
Symptoms: During an SSO switchover, the newly active Route Processor (RP) may output the following error message:
%SCHED-7-WATCH: Attempt to monitor uninitialized watched queue (address 0).
-Process= "CEF LC IPC Background"
This error is harmless, and no functional problem will occur when this error is received.
Conditions: This symptom occurs during an SSO switchover.
Workaround: There is no workaround.
•
Symptoms: A modified ATM VP tunnel is broken on SAR 1.3.2.10
Conditions: An ATM PVP tunnel must exist.
Workaround: This problem has two workarounds:
1. Before modifying the ATM VP tunnel, the main interface must be shut down.
2. Delete the existing ATM VP tunnel and all VCs for the VP, and create a new connection with new parameters.
•
Symptoms: On a Cisco 12000 ATM ISE line card, shaping resources may be used up after different policy-maps are attached and then removed from a VC many times.
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: Microcode reload the line card.
TCP/IP Host-Mode Services
•
Symptoms: The following error message may be displayed when a router receives a connection request on command-shell (TCP, 514) and Kerberos-shell (kshell) (TCP, 544) ports:
%RCMD-4-RSHPORTATTEMPT: Attempted to connect to RSHELL from 192.168.2.2
Conditions: This symptom is observed on a Cisco router that has the remote shell (rsh) disabled.
Workaround: Filter the traffic that is destined for command-shell (TCP, 514) and Kerberos-shell (kshell) (TCP, 544) ports.
First, enter the show ip interface brief EXEC command to display the usability status of interfaces that are configured for IP. The output may look like the following:
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 172.16.1.1 YES NVRAM up up
Ethernet1/0 unassigned YES NVRAM administratively down down
Serial2/0 192.168.2.1 YES NVRAM up up
Serial3/0 192.168.3.1 YES NVRAM up up
Loopback0 10.1.1.1 YES NVRAM up up
Then, create the following access control list (ACL) for the router and apply this ACL to all interfaces that are enabled with the ip access-group 177 in router configuration command:
access-list 177 deny tcp any host 172.16.1.1 eq 514
access-list 177 deny tcp any host 172.16.1.1 eq 544
access-list 177 deny tcp any host 192.168.2.1 eq 514
access-list 177 deny tcp any host 192.168.2.1 eq 544
access-list 177 deny tcp any host 192.168.3.1 eq 514
access-list 177 deny tcp any host 192.168.3.1 eq 544
access-list 177 deny tcp any host 10.1.1.1 eq 514
access-list 177 deny tcp any host 10.1.1.1 eq 544
access-list 177 permit ip any any
•
Symptoms: A router may reload unexpectedly when a TCP watchdog timer expires.
Conditions: This symptom is observed when the router has hundreds of Border Gateway Protocol (BGP) peers.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: A parity error on a Versatile Interface Processor (VIP) card may cause other VIPs to go to a wedged state.
Conditions: This symptom is observed on a Cisco 7500 series router.
Workaround: There is no workaround.
•
Symptoms: IP VRF interfaces that are configured Frame Relay may not work. That is, locally generated and forwarded packets that are received on these interfaces may not be processed correctly.
Conditions: This symptom is observed on a Cisco 7500 series.
Workaround: Enter the shutdown command followed by the no shutdown command on the Frame Relay subinterfaces that have a VRF configured.
Resolved Caveats—Cisco IOS Release 12.0(26)S1
Cisco IOS Release 12.0(26)S1 is a rebuild of Cisco IOS Release 12.0(26)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(26)S1 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
Basic System Services
•
Symptoms: A Route Switch Processor (RSP) that is acting as a slave may have complete packet switching activity interrupted for several minutes. This situation may cause the RSP to permanently pause.
Conditions: This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.2(12d).
Workaround: There is no workaround.
•
Symptoms: Some Simple Network Management Protocol (SNMP) packets may linger in the input queue while they are processed. However, the packets do drain on their own without any intervention from the user. This fix allows these packets to be removed from the queue more quickly.
Conditions: This symptom is observed on a device that runs Cisco IOS software and that supports SNMP operations. In addition, the SNMP request must contain a valid community string.
Workaround: Protect the SNMP community strings with good password management. Permit SNMP traffic only from trusted devices.
•
Symptoms: If a switch has the nvram:ifIndex-table file in the wrong format, there is a problem at bootup. The following message is printed when this problem exists:
SYSTEM INIT: INSUFFICIENT MEMORY TO BOOT THE IMAGE!
Conditions: This problem is observed in Cisco IOS Release 12.1(13)EW and Release 12.1(19)EW.
Workaround: Do not create a file called ifIndex-table in NVRAM.
Note
•
Symptoms: A Cisco router or switch may reload when it attempts to read the ifIndex information from an NVRAM file during the bootup process.
Conditions: This symptom is observed when the NVRAM file is corrupt.
Workaround: Disable the ifIndex persistence.
•
Symptoms: You may not be able to copy an image to an Advanced Technology Attachment (ATA) disk.
Conditions: This symptom is observed on a Performance Route PRocessor (PRP) of a Cisco 12000 series Internet router.
Workaround: Replace the ATA disk.
•
Symptoms: A Cisco 7500 series router may not generate Simple Network Management Protocol (SNMP) ENVMIB traps during the online insertion and removal (OIR) of a power supply or fan module.
Conditions: These symptoms have been observed on a Cisco 7500 series router that is running Cisco IOS Release 12.0(24)S or a later release.
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: A cbus complex may be observed on a Cisco router when the following message appears on the serial interface:
%RSP-3-RESTART: interface Serial8/1/0/23:23, not transmitting
Conditions: This symptom is observed on a Cisco 7500 series router when Multilink PPP (MLP) is configured on the serial interface and distributed Cisco Express Forwarding (dCEF) switching is enabled.
Workaround: There is no workaround.
•
Symptoms: The ifInOctets counter and the ifHCInOctets high capacity (HC) counter for VLAN subinterfaces may increase by very large random values.
Conditions: This symptom is observed on a Cisco 7200 series that is running Cisco IOS Release 12.0(25)S1 and is specific to the DEC21140 interface of the Cisco 7200 series.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: A Cisco router may reload when you add Border Gateway Protocol (BGP) neighbor statements to the configuration.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0 S or Release 12.2 S when BGP neighbors are added by using a script that adds the BGP neighbors at a much faster rate than manual addition, and when a large BGP table is already present on the router before the script adds the BGP neighbors.
Workaround: There is no workaround.
•
Symptoms: A memory allocation failure (MALLOCFAIL) from the I/O memory pool may occur.
Conditions: This symptom is observed on a Cisco router that receives excessive multicast control traffic.
Workaround: Apply a quality of service (QoS) policy map to limit the rate of the multicast control traffic that can be received by the router.
•
Symptoms: A redistributed static route may not be advertised to any Border Gateway Protocol (BGP) peer, even though the route is selected as the best path in the BGP table.
Conditions: This symptom is observed when the MPLS VPN Carrier Supporting Carrier IPv4 BGP Label Distribution feature is enabled and when the IP version 4 (IPv4) address family is missing from the running configuration.
Workaround: There is no workaround.
•
A Cisco device running Internetwork Operating System (IOS) and enabled for the Open Shortest Path First (OSPF) Protocol is vulnerable to a Denial of Service (DoS) attack from a malformed OSPF packet. The OSPF protocol is not enabled by default.
The vulnerability is only present in IOS release trains based on 12.0S, 12.2, and 12.3. Releases based on 12.0, 12.1 mainlines and all IOS images prior to 12.0 are not affected. Refer to the Security Advisory for a complete list of affected release trains.
Further details and the workarounds to mitigate the effects are explained in the Security Advisory which is available at the following URL:
http://www.cisco.com/warp/public/707/cisco-sa-20040818-ospf.shtml.
•
Symptoms: In rare situations, a User Datagram Protocol (UPD) Gigabit Route Processor (GRP) leader may bounce and cause problems when trying to converge other Border Gateway Protocol (BGP) peers.
Conditions: This symptom occurs rarely on a Cisco GRP.
Workaround: Enter the clear ip bgp * EXEC command to clear the symptom.
•
Symptoms: An IP packet that is sent with an invalid IP checksum may not be dropped.
Conditions: This symptom is observed if the IP checksum is calculated with a decreased time-to-live (TTL) value. For example, in the situation where the IP checksum must be 0x1134 with a TTL of 3, if the packet is sent with an IP checksum of 0x1234 that is calculated by using a TTL value of 2, the packet is not dropped. In all other cases, packets with incorrect checksums are dropped.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload unexpectedly when the Designated Forwarder (DF) interface is changed to an interface that is already in the Outgoing Interface list (O-list).
Conditions: This symptom is observed on a Cisco router that is configured for multicast Bidirectional PIM (Bidir-PIM).
Workaround: There is no workaround.
•
Symptoms: A Cisco router or switch may reload unexpectedly when you enter the show ip igmp tracking detail EXEC command.
Conditions: This symptom is observed when the ip igmp explicit-tracking interface configuration command is enabled and the entries in the cache have expired.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may generate continual tracebacks when you perform an online insertion and removal (OIR) of a line card.
Conditions: This symptom is observed when Internet Group Management Protocol (IGMP) and IP Protocol Independent Multicast (PIM) are enabled.
Workaround: Before you perform the OIR, disable IP PIM.
•
Symptoms: A Cisco router running Multicast Source Discovery Protocol (MSDP) may reload when the show ip mdsp peer peer-address advertised-SAs user EXEC/privileged EXEC command is entered.
Conditions: These symptoms are only observed on a router that is running MSDP.
Workaround: 1) Enter the no ip domain-lookup command in global configuration mode. 2)If the ip host {name} {address1} global configuration command is configured, the host name should not be more than 36 characters.
•
Symptoms: A Cisco router may reload when you enter the exec slot X show ip hardware-cef command on a line card that uses hardware-based Cisco Express Forwarding (CEF) tables.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(26) with Border Gateway Protocol (BGP) enabled.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that processes external link-state advertisements (LSAs) may generate spurious memory access tracebacks or reload unexpectedly.
Conditions: This symptom is observed on a Cisco router that runs Open Shortest Path First version 3 (OSPFv3).
Workaround: There is no workaround.
•
Symptoms: A retransmission counter may not be reset when a neighbor is terminated.
Conditions: This symptom is observed on a Cisco platform that is running Open Shortest Path First (OSPF) when the retransmission limit default (12 or 24) is added to the retransmission mechanism.
Workaround: Clear the OSPF process by entering the clear ip ospf process pid privileged EXEC command. Then, enter the limit retransmissions non-dc disable router configuration command.
•
Symptoms: When a path is added to or deleted from the transit area between two virtual link routers that function as endpoints, the routes that are learned from the network backbone may not be updated in the routing table.
Conditions: This symptom is observed when there are multiple equal-cost paths for virtual links in the transit area.
Workaround: After the path in transit area has changed, enter the clear ipv6 ospf force-spf privileged EXEC command on the virtual link router that functions as an endpoint and that is not part of the network backbone.
•
Symptoms: The Multiprotocol BGP (MBGP) feature does not function when a router is configured as a Border Gateway Protocol (BGP) route reflector.
Conditions: This symptom is observed when a BGP peer group has been enabled and then the MBGP feature is added.
Workaround: Reset the BGP peer group by removing the peer group configuration and adding it back.
•
Symptoms: A Cisco router may reload unexpectedly when you manually reload the router.
Conditions: This symptom is observed when the router is configured for Open Shortest Path First (OSPF).
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: When a router initiates the FTP control and data connections, the source address for each connection is different.
Conditions: This symptom does not exist if per-destination load balancing is used. Per-destination load balancing, however, causes some destinations to receive more traffic than others, which in turn causes some T1s to drop packets while others are hardly used. The ip ftp source-interface interface global configuration command affects only the control connection but not the data connection.
Workaround: Enter the no ip ftp passive global configuration command or avoid having FTP servers initiate connections to the routers.
•
Symptoms: A file that is copied from a remote server to the running configuration file using secure file transfer (SCP) may fail with an error 26 (internal error).
Conditions: This symptom is observed if the remote server is running the Linux operating system.
Workaround: Use another file transfer method (for example, FTP).
•
Symptoms: A 4-port OC-3 Packet-over-SONET (POS) Engine 0 line card that is installed in slot 14 of a Cisco 12416 may reload because of a bus error. In the output of the show context all EXEC command, the value of the badVaddr field is 0x14.
Conditions: This symptom is observed on a Cisco 12416 that runs Cisco IOS Release 12.0(21)S1, Release 12.0(23)S2, or Release 12.0(23)S3. More 12.0 S releases may be affected.
Workaround: There is no workaround.
•
Symptoms: Pings that have designated forwarder (DF) bits set and packet sizes greater than 1496 bytes are dropped.
Conditions: This symptom is observed only on single-hop Multiprotocol Label Switching (MPLS) traffic-engineered (TE) tunnels.
Workaround: There is no workaround.
•
Symptoms: When creating IP version 6 (IPv6) access control lists (ACLs), the following message is displayed several times:
%Access list already exists with these parameters
In some cases, looking at the ACL indicates unwanted commands that are added, such as the following:
permit ipv6 any any sequence 20
deny 0 any any sequence 30These statements cannot be removed from the ACL. In other cases, lines of the ACL are modified. If a remark is added to the ACL once, then it will be repeated in ACL several times.
Conditions: These symptoms are observed in Cisco IOS releases from Cisco IOS Release 12.0(23)S to Cisco IOS Release 12.0(26)S. The symptoms are seen only when the router has dual gigabit route processors (GRPs) installed and with different redundancy modes configured.
Workaround: There is no workaround.
•
Symptoms: After a few weeks of normal operation, the interface on a Cisco PA- MC-8E1 begins flapping and finally pauses with the output queue stuck as follows:
Serial/1:1 is up, line protocol is up
Encapsulation HDLC, crc 16, Data non-inverted
Keepalive set (120 sec)
Last input 00:00:03, output 04:14:23, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 21952
Queueing strategy: weighted fair
Output queue: 30/4000/64/21855 (size/max total/threshold/drops)
30 second input rate 0 bits/sec, 0 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
43903807 packets input, 3646461183 bytes, 0 no buffer
Received 0 broadcasts, 321 runts, 0 giants, 0 throttles
5160 input errors, 4 CRC, 0 frame, 0 overrun, 0 ignored, 2945 abort
42026998 packets output, 2185017012 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
31 carrier transitions
no alarm present
Timeslot(s) Used:1-31, subrate: 64Kb/s, transmit delay is 0 flags
The following traceback is observed in the log:
%LINK-4-TOOBIG: Interface Serial60:1, Output packet size of 1526 bytes too big Traceback= 0x604007F8 0x604A927C 0x6084E4D4 0x6057425C 0x60CE921C 0x60CE55EC %LINK-4-TOOBIG: Interface Serial20:1, Output packet size of 1526 bytes too big Traceback= 0x604007F8 0x604A927C 0x6084E4D4 0x6057425C 0x60CE921C 0x60CE55EC
Conditions: This symptom is observed on a Cisco router that is configured with a PA-MC-8E1 interface.
Workaround: There is no workaround.
•
Symptoms: A DPT-OC-12 port adapter (PA-SRP) may stop transmitting packets.
Conditions: This symptom is observed on a Cisco uBR7200 series when a packet that is smaller than 8 bytes is transmitted on the PA-SRP.
Workaround: Perform an online insertion and removal (OIR) of the PA-SRP.
•
Symptoms: A QOC-12 IP Services Engine (ISE) ATM line card may fail if it is used as a customer edge (CE) router in a Cisco 12000 series.
Conditions: This symptom is observed on a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0(24)S4.
Workaround: There is no workaround.
•
Symptoms: A standby Route Processor (RP) may pause indefinitely in the "cold" state.
Conditions: This symptom is observed when the redundancy mode is changed from the Stateful Switchover (SSO) mode to the Route Processor Redundancy Plus (RPR+) mode on a Cisco 12000 series.
Workaround: Reload the Cisco 12000 series.
•
Symptoms: A FlexWAN module that is configured with a 1-port multichannel STM-1 port adapter (PA-MC-STM1) may reload unexpectedly.
Conditions: This symptom is observed on a Cisco 7600 series when you apply Class-Based Weighted Fair Queueing (CBWFQ) on the PA-MC-STM-1 to a Multilink PPP (MLP) bundle that has E1 channels.
Workaround: There is no workaround.
•
Symptoms: When a Tributary Unit Alarm Indication Signal (TU-AIS) is inserted for an Engine 1 (E1) tributary on a channelized Synchronous Transport Module level 1 port adapter (PA-ChSTM1) on an SPE3, packet corruption occurs on the adjacent E1.
Conditions: This symptom is observed on a Cisco 7200 series and a Cisco 7500 series.
Workaround: There is no workaround.
•
Symptoms: A Flash Advanced Technology Attachment (ATA)-disk card may become corrupted because of simultaneous accesses to the card. The corruption may not be immediately obvious. Signs of corruption are:
–
–
Conditions: This symptom is observed when you enter the show file system EXEC command while a file is being written to the ATA-disk card or when you enter the dir filesystem: EXEC command while a file is being written to the same device as the target of the dir filesystem: EXEC command.
Workaround: Avoid using any commands that access the ATA-disk card while a file is being written to the ATA-disk card.
•
Symptoms: Traffic may be blocked when Distributed Multilink Frame Relay (DMFR) is configured.
Conditions: This symptom is observed when the traffic is switched from the input interface by using fast switching rather than Cisco Express Forwarding (CEF).
Workaround: Configure CEF or distributed CEF (dCEF) on the input interface.
•
Symptoms: A standby Gigabit Route Processor (GRP) that runs Cisco IOS Release 12.0(26)S may reload after a Stateful Switchover (SSO) to bring up the standby GRP has occurred.
Conditions: This symptom is observed on a Cisco 12000 series in which a 4-port Gigabit Ethernet IP Services Engine (ISE) line card is installed that is configured for IP version 6 (IPv6) multicast and that has 1000 subinterfaces, each configured to forward traffic to a different IPv6 multicast group.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series Packet-over-SONET (POS) IP Services Engine (ISE) line card may reload repeatedly and generate the following error messages:
%GRP-4-RSTSLOT: Resetting the card in the slot: 5,Event: linecard error report %FM-2-BAD_TLV: Error in internal messaging - bad tlv 0 %LCINFO-3-CRASH: Line card in slot 5 crashed
Conditions: This symptom may be observed on a Cisco 12000 series when all of the following conditions are present:
–
–
–
–
Workaround: There is no workaround.
•
Symptoms: After a router reloads, a ping to the Hot Standby Router Protocol (HSRP) IP interface does not go through.
Conditions: This symptom is observed on a Cisco 10000 series that has HSRP configured on the subinterface of the line card.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the active interface.
•
Symptoms: An Any Transport over Multiprotocol Label Switching (AToM) virtual circuit (VC) may become stuck and not respond to changes in the state of its attachment circuit.
Conditions: This symptom is observed on a Cisco Catalyst 6000 series or Cisco 7600 series that is configured for Ethernet over MPLS (EoMPLS) in VLAN mode.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series Frame Relay (FR) virtual circuit (VC) may not come up when it is configured as a cross-connect over a Multiprotocol Label Switching (MPLS) core.
Conditions: This symptom is observed on a Cisco 7500 series that functions as a provider edge (PE) router and that provides an FR connection by way of an Any Transport over Multiprotocol Label Switching (AToM) tunnel over a core interface which is configured to use Route Switch Processor (RSP)-based Weighted Fair Queuing (WFQ).
Workaround: Configure Versatile Interface Processor (VIP)-based queuing on the core facing interface.
•
Symptoms: Several Synchronous Digital Hierarchy (SDH) alarms and statistics do not function correctly for SDH channelizations when using 1-channel OC-12 or 4-channel STM-1 line cards on a Cisco 10000 series router. These alarms and statistics are as follows:
–
–
–
–
Conditions: These conditions are observed on a Cisco 10000 series that is running Cisco IOS Release 12.0 S or Release 12.2BX.
Workaround: There is no workaround.
•
Symptoms: A virtual circuit (VC) that controls tag switching may pause indefinitely.
Conditions: This symptom is observed on a Cisco 7500 series when you repeatedly perform a manual redundancy switchover.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface on which the affected VC is configured.
•
Symptoms: An IP packet with multiple fragments sent through a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(23)S, Release 12.0(24)S, Release 12.0(25)S, or Release 12.0(26)S may drop small fragments of the packet when Multiprotocol Label Switching (MPLS) label disposition takes place, which exposes the underlying IP packet.
Conditions: The egress line card must be an Engine 4+ variant for this symptom to occur, and the fragment must have the MF bit set with an IP payload of 8, 16 or 24 bytes.
Workaround: Configure an explicit null label for the prefix, which creates a TAG to TAG switching path instead of a TAG to IP switching path.
•
Symptoms: Ingress 6PE packets that arrive at the destinated provider edge (PE) router are handled in the slow path on the ingress line card. The only exception to this behavior is when the ingress line card is an Internet Services Engine (ISE) line card, and then 6PE packets are handled in the fast path.
Conditions: This symptom is observed on all Cisco 12000 series Engine 2, Engine 4 and Engine 4+ line cards and all gsr images of Cisco IOS software.
Workaround: Replace the ingress line card with an ISE-type line card when the interface speed is less than or equal to 2.5 Gbps on the interface.
•
Symptoms: After a Stateful Switchover (SSO) has occurred, line cards may pause indefinitely in the "waittry" state because the fabric does not recover from a reconfiguration attempt by the fabric error handler.
Conditions: This symptom is observed on a Cisco 12000 series when you configure a fault manager applet with a pattern that triggers a switchover after the primary Clock Scheduler Card (CSC) has been shut down.
Workaround: There is no workaround.
•
Symptoms: A Flash-disk timeout error such as the "ATA_Status time out waiting for 1" error may occur.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0 S and that is configured with an Advanced Technology Attachment (ATA) Flash disk.
Workaround: To restore proper disk function, remove and reinsert the disk.
•
Symptoms: An Engine 4 (E4) or Engine 4+ (E4+) line card may reset with an MCC192-3-CPUIF error message.
Conditions: This symptom is observed on E4 and E4+ line cards if there is a certain amount of traffic and the egress interface flaps.
Workaround: There is no workaround.
•
Symptoms: The line protocol on an Engine 4 line card may go down.
Conditions: This symptom is observed on a Cisco 12000 series that switches Multiprotocol Label Switching (MPLS) traffic when both of the following events occur multiple times:
–
–
Workaround: Reload the line card.
•
Symptoms: The neighbor ip-address send-label address family configuration command may not function properly for an IP version 6 (IPv6) Border Gateway Control (BGP) neighbor that is part of a BGP peer group in an IPv6 address family; the functionality of the send-label keyword may not be advertised to the peers.
Conditions: This symptom is observed when you use BGP peer groups with a provider edge (PE) router that is running IPv6 in a Multiprotocol Label Switching (MPLS) environment (referred to as a 6PE router).
Workaround: Enter the neighbor ip-address send-label address family configuration command for the IPv6 BGP neighbor before you make the IPv6 BGP neighbor part of the BGP peer group in the IPv6 address family.
•
Symptoms: Cisco Express Forwarding (CEF) interface tables may become corrupted on a Cisco 12000 series line card, causing traffic to be dropped and the following error message to be logged by the affected line card:
%ADJ-3-ADJFIBIDB: Adjacency update with invalid fibidb(1)
This situation may cause some or all of the CEF interface information to be removed from the affected line card, which you can verify in the output of the show cef interface EXEC command for the affected line card.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S when a series of clear cef linecard EXEC commands are executed in quick succession.
Workaround: Enter the clear cef linecard EXEC command just once for the affected line card.
•
Symptoms: A label may not be assigned for a peer provider edge (PE) router.
Conditions: This symptom is observed on a Cisco 7500 series and a Cisco 12000 series in a Virtual Private Network (VPN) configuration with multiple route reflectors (RRs) and label controlled ATM (LC-ATM) links between PE routers. The symptom may also occur on other platforms.
Workaround: There is no workaround.
•
Symptoms: A 1-port OC-12 ATM line card may reset after the Forwarding Information Base (FIB) is disabled because of interprocess communications (IPC) failures, as is shown by the following error messages:
%GRP-3-BAD_STATE: Slot:6 State:Launching Fabric Downloader -Traceback= 18BA90 3BC3E4 2C7E34 2C891C 2C8BEC
%GRP-3-BAD_STATE: Slot:6 State:Launching Fabric Downloader -Traceback= 18BA90 3BC3E4 2C7E34 2C891C 2C8BEC
%FIB-3-FIBDISABLE: Fatal error, slot 6: IPC Failure: timeout %GRP-4-RSTSLOT: Resetting the card in the slot: 6,Event: EV_AUTO_LC_RELOAD_ON_FIBDISABLE
%GRP-3-BAD_STATE: Slot:6 State:In Reset -Traceback= 18BA90 3BC3E4 305DA4 3067C4 306850 306FA8 3070C0
Conditions: This symptom is observed on a Cisco 12416 that runs the c12kprp-p-mz image of Cisco IOS Release 12.0(23)S3 and that is configured with the following line cards:
–
–
–
–
–
Workaround: There is no workaround.
•
Symptoms: A memory leak may occur in the "SNMP Engine" process, which can be verified in the output of the show processes memory | SNMP ENGINE privileged EXEC command.
Conditions: This symptom is observed in Cisco IOS Release 12.0(26)S and Release 12.2(18)S when you enter the snmpget command for the MPLS-LSR-MIB MIB.
Workaround: There is no workaround.
•
Symptoms: A Catalyst 6000 series Supervisor 2 may reload unexpectedly because of a bus error.
Conditions: This symptom is observed when access control list (ACL) counters are sent from a line card to the Route Processor (RP) and when the ACL number is in the expanded range (that is, from 1300 to 1999 or from 2000 to 2699).
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series Route Processor (RP) that is configured with a large number of subinterfaces (150 IP connections and 1800 Layer 2 connections) may reset shortly after bootup.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S. The cause of the symptom is not know at this time, but may be related to entering a series of system commands.
Workaround: There is no workaround.
•
Symptoms: A line card does not forward IP version 6 (IPv6) multicast traffic.
Conditions: This symptom is observed on an Engine 2 Dynamic Packet Transport (DPT) line card.
Workaround: There is no workaround.
•
Symptoms: Traffic does not pass through Multiprotocol Label Switching (MPLS) static crossconnects on an ATM line card after either the line card is reloaded or the router is reloaded.
Conditions: This symptom occurs with MPLS static crossconnects when the output interface is in any ATM line card in a Cisco 12000 series. When an MPLS crossconnect is configured to go out of the ATM interface on the Cisco 12000 series and traffic is sent across, the symptom is not observed. If the line card is reloaded, traffic never resumes. If the router is reloaded (after saving the configuration), traffic may or may not flow depending on the order in which the line cards come up.
Workaround: To resume the traffic, enter the clear cef line EXEC command.
•
Symptoms: When you enter the sdcc enable global configuration command, a traceback may be displayed.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with a 4-port OC-48 Dynamic Packet Transport (DPT) line card or with both a 1-port OC-48 DPT line card and a 4-port OC-48 DPT line card.
Workaround: There is no workaround.
•
Symptoms: In Cisco IOS software that is running Multiprotocol Label Switching (MPLS), the Label Distribution Protocol (LDP) peer address table may become corrupted and cause the router to reload.
Conditions: This symptom may be observed in situations where three or more routers have advertised the same IP address in LDP address messages. This normally happens when routers have been misconfigured but in very rare circumstances may be done deliberately.
The circumstance can be recognized by the presence of the following error message:
%TAGCON-3-DUP_ADDR_RCVD: Duplicate Address 10.0.0.1 advertised by peer 10.2.2.2:0 is already bound to 10.1.1.1:0
If only one such message is seen for a given IP address รณ10.0.0.1 in the above example, then only two routers have advertised the IP address, and only the second is being treated as a duplicate. At least one more such message should be seen if at least three routers have advertised the IP address in question.
Workaround: The symptom does not occur in typical configurations because duplicate addresses are not configured. If such a configuration is accidentally done, the failure may be avoided if the configuration is corrected before the LDP session to any of the involved peers goes down. If the configuration is deliberate, there is no workaround.
•
Symptoms: Inbound IP version 6 (IPv6) traffic may be dropped.
Conditions: This symptom is observed when you configure an IPv6 prefix on the main interface of a dot1q trunk.
Workaround: Enter the ipv6 enable interface configuration command on the subinterfaces of the dot1q trunk.
•
Symptoms: A multilink interface may stop processing received packets.
Conditions: This symptom is observed on a Cisco 7500 series when Multilink PPP (MLP) is configured and when a lot of traffic is forwarded to the process-switching path.
Workaround: To clear the symptom, move the physical interfaces to a new multilink interface with a new interface number.
•
Symptoms: A port mode Layer 2 Tunneling Protocol version 3 (L2TPv3) fails to decapsulate the inbound packets.
Conditions: This symptom is observed on a Cisco 12000 series that has a 3-port Gigabit Ethernet (GE) line card and has enabled the L2TPv3 feature.
Workaround: There is no workaround.
•
Symptoms: Under certain conditions, for example Stateful Switchover (SSO) or entering the clear cef linecard EXEC command, the Engine 3 line cards in a router reload with error messages related to ALPHA errors in the table look-up (TLU) stage. The following strings in the error message will be seen:
"%EE48-3-ALPHAPAIR: RX ALPHA: TLU PAIR registers"
Conditions: This symptom occurs only when there are load balance paths for Multiprotocol Label Switching (MPLS) traffic, and some route changes occur.
Workaround: Ensure that there are no loadbalance paths.
•
Symptoms: A Cisco router that has Parallel Express Forwarding (PXF) enabled does not function after it reloads.
Conditions: This symptom is observed on a Cisco 10720 that has PXF enabled and that applies the weighted random early detection (WRED) configuration to multiple interfaces.
Workaround: Remove the WRED configuration on the interfaces.
•
Symptoms: A memory allocation failure may occur on compiled access control list (ACL) tables. There may be continued attempts to recompile the ACLs that fail.
Conditions: This symptom is observed when compiled ACLs are enabled by entering the access-list compiled global configuration command, and the total number of ACL entries is relatively large (over 1500 lines). Random or constantly changing traffic patterns may cause the compiled ACL tables to grow to the point at which memory fragmentation causes the memory allocation failure.
Workaround: Disable and then reenable the compiled ACLs by entering the no access-list compiled global configuration command followed by the access-list compiled global configuration command.
Alternate Workaround: Completely disable the compiled ACLs.
Second Alternate Workaround: ACLs may sometimes be rearranged to make the list shorter or less complex. This will reduce the memory requirements. Large ACLs used for Border Gateway Protocol (BGP) route prefixes may be converted to use a prefix list configuration instead.
•
Symptoms: A Route Switch Processor 4 Plus (RSP4+) may reload.
Conditions: This symptom is observed on a Cisco 7500 series when you configure the interface loopback interface-number interface configuration command on an interface of the router and the value of the interface-number argument is a 9-digit number that starts with 10.
Workaround: If possible, use another range of numbers for the numbers that are assigned to the loopback interfaces, that is, a range of numbers that do not start with 10.
•
Symptoms: The following error message may be displayed on the console of a Route Switch Processor (RSP):
%CBUS-3-CMDDROPPED: Cmd dropped,CCB 0xF800FFB0,slot 9, cmd code 24
Conditions: This symptom is observed on a Cisco 7500 series when software compression is enabled on serial interfaces and dialer interfaces and when Cisco Express Forwarding (CEF) switching rather than distributed CEF (dCEF) switching is enabled. This situation causes software compression to occur on the RSP.
Because software compression is enabled on all the serial interfaces, the CPU utilization of the RSP becomes very high, causing commands to be dropped.
Workaround: Remove software compression from the serial interfaces.
•
Symptoms: Link bundling is not synchronized between primary and standby Route Processors (RPs).
Conditions: This symptom is observed on Cisco RPs with link bundling that is configured for High Availability (HA) and a switchover between the primary RP and standby RP occurs.
Workaround: Restore the link bundling configuration on the standby RP.
•
Symptoms: Pings that come from a standby Hot Standby Router Protocol (HSRP) or Virtual Router Redundancy Protocol (VRPP) router to an HSRP or VRRP virtual IP address fail when the port channel subinterface on a 10x1 Gigabit Ethernet (GE) line card is the active master interface in the HSRP or VRRP group.
Conditions: This symptom is observed on a Cisco 12000 series router with line card combinations of either a 10x1GE line card with a 4x1GE line card or a 10x1GE line card with a 10x1GE line card that is running Cisco IOS Release 12.0(26)S and that forms HSRP or VRRP groups that use port channel subinterfaces (VLANS).
Workaround: Configure the active or master HSRP or VRRP interface on a non-10x1 GE line card.
•
Symptoms: When a subinterface is configured with a subinterface number value larger than 65535, the protocol enabled on this subinterface may not be in the proper state for correct operation after the switchover.
Conditions: These symptoms have been observed on Cisco platforms with redundant Route Processors operating in stateful switchover (SSO) redundancy mode.
Workaround: Limit the subinterface number value to an integer less than 65535 while configuring subinterfaces.
•
Symptoms:
Guest
