Table Of Contents
Resolved Caveats—Cisco IOS Release 12.0(23)S6
Resolved Caveats—Cisco IOS Release 12.0(23)S5
Resolved Caveats—Cisco IOS Release 12.0(23)S4
Resolved Caveats—Cisco IOS Release 12.0(23)S3
Resolved Caveats—Cisco IOS Release 12.0(23)S2
Resolved Caveats—Cisco IOS Release 12.0(23)S1
Resolved Caveats—Cisco IOS Release 12.0(23)S
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.0(22)S6
Resolved Caveats—Cisco IOS Release 12.0(22)S5
Resolved Caveats—Cisco IOS Release 12.0(22)S4
Resolved Caveats—Cisco IOS Release 12.0(22)S3
Resolved Caveats—Cisco IOS Release 12.0(22)S2
Resolved Caveats—Cisco IOS Release 12.0(22)S1
Resolved Caveats—Cisco IOS Release 12.0(22)S
Resolved Caveats—Cisco IOS Release 12.0(21)S8
Resolved Caveats—Cisco IOS Release 12.0(21)S7
Resolved Caveats—Cisco IOS Release 12.0(21)S6
Resolved Caveats—Cisco IOS Release 12.0(21)S5
Resolved Caveats—Cisco IOS Release 12.0(21)S4
Resolved Caveats—Cisco IOS Release 12.0(21)S3
Resolved Caveats—Cisco IOS Release 12.0(21)S2
Resolved Caveats—Cisco IOS Release 12.0(21)S1
Resolved Caveats—Cisco IOS Release 12.0(21)S
Resolved Caveats—Cisco IOS Release 12.0(19)S4
Resolved Caveats—Cisco IOS Release 12.0(19)S3
Resolved Caveats—Cisco IOS Release 12.0(19)S2
Resolved Caveats—Cisco IOS Release 12.0(19)S1
Resolved Caveats—Cisco IOS Release 12.0(19)S
Resolved Caveats—Cisco IOS Release 12.0(18)S7
Resolved Caveats—Cisco IOS Release 12.0(18)S6
Resolved Caveats—Cisco IOS Release 12.0(18)S5
Resolved Caveats—Cisco IOS Release 12.0(18)S3
Resolved Caveats—Cisco IOS Release 12.0(18)S2
Resolved Caveats—Cisco IOS Release 12.0(18)S1
Resolved Caveats—Cisco IOS Release 12.0(18)S
Resolved Caveats—Cisco IOS Release 12.0(17)S7
Resolved Caveats—Cisco IOS Release 12.0(17)S6
Resolved Caveats—Cisco IOS Release 12.0(17)S5
Resolved Caveats—Cisco IOS Release 12.0(17)S4
Resolved Caveats—Cisco IOS Release 12.0(17)S3
Resolved Caveats—Cisco IOS Release 12.0(17)S2
Resolved Caveats—Cisco IOS Release 12.0(17)S1
Resolved Caveats—Cisco IOS Release 12.0(17)S
Resolved Caveats—Cisco IOS Release 12.0(16)S10
Resolved Caveats—Cisco IOS Release 12.0(16)S9
Resolved Caveats—Cisco IOS Release 12.0(16)S8
Resolved Caveats—Cisco IOS Release 12.0(16)S3
Resolved Caveats—Cisco IOS Release 12.0(16)S2
Resolved Caveats—Cisco IOS Release 12.0(16)S1
Resolved Caveats—Cisco IOS Release 12.0(16)S
Resolved Caveats—Cisco IOS Release 12.0(15)S7
Resolved Caveats—Cisco IOS Release 12.0(15)S6
Resolved Caveats—Cisco IOS Release 12.0(15)S3
Resolved Caveats—Cisco IOS Release 12.0(15)S1
Resolved Caveats—Cisco IOS Release 12.0(15)S
Resolved Caveats—Cisco IOS Release 12.0(14)S8
Resolved Caveats—Cisco IOS Release 12.0(14)S7
Resolved Caveats—Cisco IOS Release 12.0(14)S3
Resolved Caveats—Cisco IOS Release 12.0(14)S1
Resolved Caveats—Cisco IOS Release 12.0(14)S
Resolved Caveats—Cisco IOS Release 12.0(13)S8
Resolved Caveats—Cisco IOS Release 12.0(13)S6
Resolved Caveats—Cisco IOS Release 12.0(13)S
Resolved Caveats—Cisco IOS Release 12.0(12)S4
Resolved Caveats—Cisco IOS Release 12.0(12)S3
Resolved Caveats—Cisco IOS Release 12.0(12)S
Resolved Caveats—Cisco IOS Release 12.0(11)S6
Resolved Caveats—Cisco IOS Release 12.0(11)S
Resolved Caveats—Cisco IOS Release 12.0(10)S8
Resolved Caveats—Cisco IOS Release 12.0(10)S7
Resolved Caveats—Cisco IOS Release 12.0(10)S
Resolved Caveats—Cisco IOS Release 12.0(9)S8
Resolved Caveats—Cisco IOS Release 12.0(9)S
Resolved Caveats—Cisco IOS Release 12.0(8)S1
Resolved Caveats—Cisco IOS Release 12.0(8)S
Resolved Caveats—Cisco IOS Release 12.0(7)S
Resolved Caveats—Cisco IOS Release 12.0(6)S
Resolved Caveats—Cisco IOS Release 12.0(23)S6
Cisco IOS Release 12.0(23)S6 is a rebuild release for Cisco IOS Release 12.0(23)S. The caveats in this section are resolved in Cisco IOS Release 12.0(23)S6 but may be open in previous Cisco IOS releases.
Basic System Services
•
CSCeb66973
Symptoms: A Cisco router or switch may reload when it attempts to read the ifIndex information from an NVRAM file during the bootup process.
Conditions: This symptom is observed when the NVRAM file is corrupt.
Workaround: Disable the ifIndex persistence.
•
Symptoms: Executing the tftp-server slaveslot0: global configuration command, or any configuration commands related to tftp-server being set to access flash devices on the slave, will cause the slave to reload.
Conditions: This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.0(23)S5 but is not platform dependent.
Workaround: Configure the tftp-server to access flash devices on the master route switch processor (RSP) only.
Interfaces and Bridging
•
Symptoms: Interfaces may not be created when a channel group is configured on a Cisco 7500 series or a Cisco 7600 series.
Conditions: This symptom is observed only if channel groups are created on an 8-port multichannel T1 port adapter (PA-MC-8T1) and the PA-MC-8T1 is replaced with an enhanced 8-port multichannel T1/E1 PRI port adapter (PA-MC-8TE1+) by performing an online insertion and removal (OIR). After the port adapters are switched, the channel-group configuration on the PA-MC-8TE1+ does not work as expected.
Workaround: Remove the channel-group configuration on a port adapter before performing an OIR and replacing the port adapter with another port adapter.
IP Routing Protocols
•
Symptoms: A Cisco router that is configured with IP multicast may reload because of a bus error.
Conditions: This symptom is observed when a router sends (S,G) R join overrides to a neighbor, and the neighbor times out because of link flaps or because of another reason. The symptom is caused by a timing difficulty and is most likely to occur when you enter the ip pim spt-threshold infinity global configuration command on all routers in the network.
For a list of the affected releases, go to the following location: http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCds31596. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: Delete the ip pim spt-threshold infinity global configuration command from all routers in the network to minimize the occurrence of the symptom.
•
Symptoms: A retransmission counter may not be reset when a neighbor is terminated.
Conditions: This symptom is observed on a Cisco platform that is running Open Shortest Path First (OSPF) when the retransmission limit default (12 or 24) is added to the retransmission mechanism.
Workaround: Clear the OSPF process by entering the clear ip ospf process pid privileged EXEC command. Then, enter the limit retransmissions non-dc disable router configuration command.
•
Symptoms: A memory allocation failure (MALLOCFAIL) from the I/O memory pool may occur.
Condition: This symptom is observed on a Cisco router that receives excessive multicast control traffic.
Workaround: Apply a quality of service (QoS) policy map to limit the rate of the multicast control traffic that can be received by the router.
•
Symptoms: A Cisco router may reload unexpectedly when you manually reload the router.
Conditions: This symptom is observed when Open Shortest Path First (OSPF) LSAs are being "maxaged" while you manually reload the router. This situation may occur because of a fluctuating network and is an extreme corner case that cannot be reproduced on demand. The symptom is very unlikely to occur.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: The router may not resolve all dependent routes for a path again.
Conditions: This symptom is observed if the shutdown interface command followed by the no shutdown interface configuration command is issued on the next hop router on a Cisco router that has Multiprotocol Label Switching (MPLS) enabled.
Workaround: A clear ip route for the affected prefix would take down all the paths and ensure that they are rebuilt and hence reresolved. Also the problem does not arise if a shutdown is not performed.
•
Symptoms: A software-forced reload may occur due to an I/O memory corruption and redzone overrun.
Conditions: This symptom is observed on a Cisco 7200VXR or VIPs with the following Port Adaptors installed: PA-MC-2T1, PA-MC-4T1, PA-MC-8T1, PA-MC-8DSX1, PA-MC-2E1,PA-MC-8E1, PA-MCX-4TE1,PA-MCX-8TE1, PA-MCX-8TE1+, PA-MC-8TE1+.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload if the show ip access- list access-list-name command is performed on an existing reflexive access-list.
Conditions: This symptom is observed on a Cisco 3620 router that is running Cisco IOS Release 12.3(13).
Workaround: There is no workaround.
•
Symptoms: After applying the maximum of 32 Committed Access Rate (CAR) rules and removing them, subsequent attempts to add any new input CAR (iCAR) rules may not be applied, and the router may generate an error message.
Conditions: This symptom is observed on a Cisco 12000 series Engine (E4) Packet-over-SONET (POS) line card.
Workaround: Reload the router.
•
Symptoms: A Performance Route Processor (PRP) may reload after the following error message is displayed:
PRP-3-ASM_CORRUPT_PTRConditions: This symptom is observed on a Cisco 12000 series on which a defective 1-port OC-192 Packet-over-SONET (POS) Enhanced Services (ES) Engine line card is installed. The symptom occurs because error recovery does not function properly.
Workaround: There is no workaround.
•
Symptoms: Distributed Cisco Express Forwarding (DCEF) may become disabled on a Versatile Interface Processor (VIP) or Cisco 12000 series line card (LC), and the following error message may appear on the console:
%FIB-3-FIBDISABLE: Fatal error, slot 12: Window did not open, LC to RP IPC is non-operationaConditions: This symptom is observed on a Cisco 7500 series VIP2-50 and VIP4- 80 in which ATM OC-3 port adapters such as the PA-A1-OC3 or PA-A3-OC3 are installed when the Cisco 7500 series is upgraded to Cisco IOS Release 12.0(24) S or Release 12.0(24)S1. This symptom is also observed on a Cisco 12000 series LC during significant, prolonged routing table churn.
Workaround: Reload CEF on the VIP or LC by entering the clear cef linecard slot-number EXEC command.
Alternate Workaround: Restart the VIP by performing an online insertion and removal (OIR). Restart the LC by executing the hw-module slot slot # reload command.
•
Symptoms: Some Simple Network Management Protocol (SNMP) packets may linger in the input queue while they are processed. However, the packets do exit the queue on their own without any intervention from the user. This fix allows these packets to be removed from the queue more quickly.
Conditions: This symptom is observed on a device that runs Cisco IOS software and that supports SNMP operations. In addition, the SNMP request must contain a valid community string.
Workaround: Protect the SNMP community strings with good password management. Permit SNMP traffic only from trusted devices.
•
Symptoms: A Cisco router that functions in a Multiprotocol Label Switching (MPLS) environment may reload unexpectedly with a bus error.
Conditions: This symptom is observed under rare circumstances when the router attempts to send an Internet Control Message Protocol (ICMP) packet that was triggered by an MPLS packet.
Workaround: There is no workaround.
•
Cisco Routers running Internetwork Operating System (IOS) that supports Multi Protocol Label Switching (MPLS) are vulnerable to a Denial of Service (DoS) attack on MPLS disabled interfaces.
The vulnerability is only present in Cisco IOS release trains based on 12.1T, 12.2, 12.2T, 12.3 and 12.3T. Releases based on 12.1 mainline, 12.1E and all releases prior to 12.1 are not vulnerable.
More details can be found in the security advisory which is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050126-les.shtml.
•
Symptoms: Cisco Express Forwarding (CEF) interface tables may become corrupted on a Cisco 12000 series line card, causing traffic to be dropped and the following error message to be logged by the affected line card:
%ADJ-3-ADJFIBIDB: Adjacency update with invalid fibidb(1)This situation may cause some or all of the CEF interface information to be removed from the affected line card, which you can verify in the output of the show cef interface EXEC command for the affected line card.
Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(26)S when a series of clear cef linecard EXEC commands are executed in quick succession.
Workaround: Enter the clear cef linecard EXEC command just once for the affected line card.
•
Symptoms: An outgoing label may not be installed in the Label Forwarding Information Base (LFIB) for an IP version 4 (IPv4) prefix.
Conditions: This symptom is observed when the prefix is learned via a Border Gateway Protocol (BGP) session. This situation may occur when the prefix is deleted in the Label Information Base (LIB) and not allocated to any local label binding.
Workaround: There is no workaround.
•
Symptoms: An interface may not transmit traffic because the output may be stuck. When this symptom occurs, the console of the Route Switch Processor 4 (RSP4) may display the following error messages:
%ISDN-6-LAYER2DOWN: Layer 2 for Interface Se1/0/2:15, TEI0 changed to down %ISDN-6-LAYER2DOWN: Layer 2 for Interface Se1/0/1:15, TEI0 changed to down %ISDN-6-LAYER2DOWN: Layer 2 for Interface Se1/0/3:15, TEI0 changed to down %RSP-3-RESTART: interface Serial1/0/0:15, not transmitting
Output Stuck on Serial1/0/0:15
%RSP-3-RESTART: interface Serial1/0/1:15, output frozen
%RSP-3-RESTART: interface Serial1/0/2:15, not transmitting
%RSP-3-RESTART: cbus complexConditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.1(19)E1 when the compress stac caim interface configuration command is configured on the interface. The symptom may also occur in other releases.
Workaround: Remove the compress stac caim interface configuration command from the interface.
•
Symptom: A Cbus Complex may occur and the packet memory may be recarved, causing a temporary disruption in service.
Conditions: This symptom is observed on a Cisco 7500 series when you install an 8-port multichannel T1/E1 PRI port adapter (PA-MC-8TE1+) or an enhanced 2-port T1/E1 high-capacity port adapter (PA-VXC-2TE1+) and when you configure the port adapter via the command-line interface (CLI) for E1 or T1.
Workaround: There is no workaround. Try to install the port adapter during a maintenance window.
•
Symptoms: A Frame Relay interface line protocol and/or routing protocol states continually go down.
Conditions: The problem occurs on Frame Relay interfaces of 512 Kbps or lower bandwidth with a service-policy output command referring to a policy map that contains the priority command, whenever the interface is congested for more than 30 seconds with packets larger than 512 bytes.
Workaround: There is no workaround.
•
Symptoms: A 1-port E3 serial port adapter (PA-E3) may fail to recover to the "up/up" state even when the original cause of the failure is corrected.
Conditions: This symptom is observed on a Cisco 7500 series.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface of the PA-E3.
•
Symptoms: An Engine 4+ (E4+) Gigabit Ethernet (GE) line card in a Cisco 12000 series that is running Cisco IOS Release 12.0(26)S may reload and display one of the following sets of error messages:
1. %MCC192-3-CPUIF_ERR: Underrun Error: Read Pointer crosses Write Pointer.
2. %FIB-3-FIBDISABLE: Fatal error, slot #: IPC Failure: timeout %CPUIF-3-NO_MEM: sendreq_freeq is NULL.Conditions: This symptom occurs when the line card receives a bad IP packet whose actual length does not match what the IP header indicates.
Workaround: There is no workaround.
•
Symptoms: Fabric handling may fail because of unknown events.
%FABRIC-0-OPERATIONAL: Fabric handling failed: Unknown eventreceived by the fab process %SCHED-3-THRASHING: Process thrashing on watched boolean íFIA queyrí.
-Process= "Fabric", ipl= 6, pid= 11
-Traceback= 50235770 50235864 50407968 5021E644 5021E630Conditions: This symptom is observed on a Cisco 12410 series Internet router that has an 8xOC3 ATM Engine 3 line card and a 4xOC12 POS Engine 3 line card that is configured with 150 VPN routing/forwarding (VRF) interfaces. The router is running Cisco IOS Release 12.0(23)S4.
Workaround: There is no workaround.
•
Symptoms: An interface may have an ifIndex value of 4294967295 (-1) and some interfaces may not be in the ifTable.
Conditions: This symptom is observed when a system is in Stateful Switchover (SSO) mode and then is configured to change the redundancy mode to Route Processor Redundancy Plus (RPR+). The standby Performance Routing Engine (PRE) then restarts. If new interfaces are added to the system (the ifTable) at this point and the primary PRE is not reloaded, the symptom occurs.
Workaround: Perform a reload of both Route Processors (RPs).
Alternate workaround: Perform a forced switchover from SSO mode to RPR+ mode.
•
Symptoms: The following message is observed after executing shutdown subinterface of ATM:
%GENERAL-3-EREVENT: c10k_atm_vc_state_change: No current_if_infoConditions: This symptom is observed on a Cisco 10008 Internet router that is running the Cisco IOS image c10k-p10-mz.120-23.S3b under the following conditions:
1. ATM interface: down/down with pvc configuration on subinterface.
2. ATM interface: initializing/down with no LC and pvc configuration on subinterface.
This error message can be observed when executing no shut/shut subinterface in the above conditions.
Workaround: There is no workaround.
Further Problem Description: When main ATM interface is down (could be either admindown or down), create a point-to-point atm subinterface with vbr-nrt vc in shutdown state. Then deleting pvc underneath the atm subinterface, or deleting the atm subinterface itself, can cause the losing of bandwidth on ATM interface.
For more details, look at the Release-note for CSCed62971.
•
Symptoms: Two interfaces may have the same Cisco Express Forwarding (CEF) interface description block (IDB) when the following configuration sequence occurs:
1) You create a subinterface.
2) You delete this subinterface.
3) You create another subinterface.
4) You recreate the first subinterface.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.0 S or Release 12.2 S.
Workaround: There is no workaround. Reload the router to clear the condition.
•
Symptoms: When a Cisco IOS software image runs on a standby Performance Routing Engine (PRE) together with an older version of Cisco IOS software that runs on the primary PRE, the following error message may appear on the standby router:
%IDBINDEX_SYNC-3-IDBINDEX_ENTRY_LOOKUP: Cannot find IDB index table entry: "", 79
After a switchover from the primary PRE to the standby PRE occurs, the interfaces for which the above error messages appear may not be able to send or receive packets.
Conditions: This symptom is observed on a Cisco 10000 series during a Fast Software Upgrade (FSU) operation.
Workaround: There is no workaround.
•
Symptoms: A line card may experience high CPU usage, and report alignment and spurious memory access error messages.
Conditions: This symptom is observed on the line card of a Cisco 12000 series Internet router.
Workaround: There is no workaround.
•
Symptoms: A service policy may not attach to an interface. When you enter the show policy-map interface EXEC command, the output displays all counters at 0.
Conditions: This symptom is observed on a Cisco router when a policy map is configured on an IP Services Engine (ISE) line card for the Cisco 12000 series router with policing set to less than 64 kbps, and the Cisco IOS software is being upgraded from a release prior to 12.0(26)S up to Cisco IOS Release 12.0(26)S.
Workaround: Make sure that the policing rate is larger than 64 kbps. The service policy may then be attached to the interface.
•
Symptoms: A software-forced reload may occur on a Cisco 12000 series router.
Conditions: This symptom is observed on a Cisco 12000 series router after a service policy is enabled.
Workaround: There is no workaround.
•
Symptoms: An Engine 4 Plus (E4+) Gigabit Ethernet (GE) or Fast Ethernet (FE) line card that is configured with Any Transport over MPLS (AToM) may fail.
Conditions: This symptom is observed on an E4+ GE or FE line card on a Cisco 12000 series router that is running Cisco IOS Release 12.0(26)S as soon as a soft online insertion and removal (OIR) is performed on the primary clock scheduler card (CSC).
Workaround: There is no workaround.
•
Symptoms: The link LED light of a Gigabit Ethernet (GE) line card on a Cisco 12000 series does not light if the port is shut down and brought back up (i.e., shutdown).
Conditions: This symptom is observed on a Cisco 12000 series when the no negotiation auto interface configuration command is entered on the router.
Workaround: Remove the optical RX cable, and then reconnect the cable.
•
Symptoms: During installation of a router on an OC-48 DPT/RPR ring, the ring became unstable, and 5 Cisco 12000 series routers reloaded, one reloading twice.
Conditions: This symptom is observed on a mix of Cisco 12016 routers and Cisco 12416 routers that are running Cisco IOS Release 12.0(23)S3 3DES software.
Workaround: There is no workaround.
•
Symptoms: The deletion of an ATM subinterface may occasionally cause a secondary Performance Routing Engine (PRE) to reload.
Conditions: This symptom is observed on a Cisco 10000 series that has two PREs that are configured for high availability.
Workaround: There is no workaround. However, the symptom does not affect performance. The primary PRE continues to forward traffic. The secondary PRE will reload if it is configured to do so.
•
Symptoms: A failure of an active Route Processor (RP) may cause the standby RP to fail also.
Conditions: This symptom is observed in Cisco 12000 series Internet routers.
Workaround: There is no workaround.
•
Symptoms: On a Cisco router that is configured with LLQ, there is queueing on the real time queue.
Conditions: This symptom is observed on a Cisco 10000 ESR that is configured with LLQ.
Workaround: There is no workaround.
•
Symptoms: On Engine 2 (E2) n-port OC3 line cards for the Cisco 12000 series router, the pos delay triggers path router configuration command does not implement the specified delay. This results in the link being brought down for Path Alarm Indication Signal (PAIS) or Path Remote Defect Indication (PRDI) defects whose duration is smaller than the specified delay time.
Conditions: This symptom is observed in all releases of Cisco IOS Release 12.0 ST and in all releases of 12.0 S beginning with Release 12.0(22)S.
Workaround: There is no workaround.
•
Symptoms: A 6-port CT3 line card crashed due to a Cache Parity Exception. The router will not reload.
Conditions: This symptom occurs on a Cisco 12000 series router that is running Cisco IOS Release 12.0(23)S3 image c12kprp-p-mz.
Workaround: There is no workaround.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Symptoms: On a Cisco 12000 series router that is performing the Label Edge Router (LER) functionality, packets may leave the outbound interface unlabeled if the ingress line card is an ISE even though the destination network appears as tagged in the CEF and TFIB table.
Conditions: This problem has been observed to IP destination addresses using a recursive route. If the problem occurs, the corresponding outputs of show ip cef prefix display an outbound label for the appropriate next-hop. But the output of show ip hardware-cef for this IP address does not display any label.
Further Problem Description: IP packets entering an MPLS network should be labeled if an LDP neighbor is established and the appropriate entries are in the RT, FIB and TFIB. The label imposition takes place in hardware of ISE on the ingress line card. Thereby the hardware information has to follow the control plane information. If the problem is present the control plane information looks consistent but it is not coincident with the hardware information of the ingress line card.
Workaround: There is no workaround.
•
Symptoms: A 3-port Gigabit Ethernet (GE) line card may show BMA error, then run error recovery.
Conditions: This symptom is observed on a Cisco 12008/40 router that is running Cisco IOS 12.0(23)S5. It is configured as an MPLS inter-AS ASBR. It is also configured as a PE router. When entering the shut command followed by the no shut command on a POS interface on a 8POS LC, the 3GE LC will show BMA error.
Workaround: There is no workaround.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Symptoms: The tag forwarding table for a line card on Cisco platforms that have distributed (i.e. linecard based) forwarding, such as the Cisco 7500 Series and the Cisco 12000 Series, may not have complete entries even though the Route Processor (RP) does. This results in ingress tagged traffic being dropped for the missing tag forwarding entries.
Conditions: This symptom is observed on Cisco platforms that have distributed (i.e. linecard based) forwarding in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment with a provider edge (PE) router to customer edge (CE) router link.
The problem is more likely to happen if the PE to CE link experiences quick flaps of an interface (i.e. goes down and come back up in a very small amount of time (e.g. 2 sec)). Although this can happen on any linecard, this situation is more likely to happen on the Engine 3(E3) channelized OC48 line cards due to its quick flapping behavior.
Note: There are additional prerequisites for this bug to happen. These are:
- The defect affects routers that are: (a) MPLS VPN PE routers or (b) routers that exchange labels for ipv4 BGP routes.
- For (a) there should be recursive routes on the PE that go over the PE-CE link (this could be either BGP learnt recursive routes or static recursive routes). Also, these recursive routes have the link's CE side ip address as their nexthop.
- There should be a less specific route to get to the nexthop (this can be a default route). This applies for (a) and (b).
Workaround: There is no workaround.
•
Symptoms: A file that is copied to an ATA disk may become corrupted.
Conditions: This symptom is observed on any Cisco IOS image that contains the fix for CSCdz27200. The problem does not occur on a disk that is formatted with 16 or less sectors/cluster
Workaround: Use an ATA disk that is formatted with 16 or less sectors/cluster.
•
This caveat consists of two separate systems, conditions, and workarounds.
Symptoms 1: A router may reload after a switchover to the standby processor.
Conditions 1: This symptom is observed on a Cisco Route Switch Processor (RSP).
Workaround1: There is no workaround.
Symptoms 2: After a switchover to a standby processor, the indices of the interfaces in the system may be changed by mistake. This may cause problems with forwarding packets and may cause other inconsistencies.
Conditions 2: This symptom is observed on a Cisco 12000 series router.
Workaround 2: There is no workaround.
•
Symptoms: In Cisco IOS software that is running Multiprotocol Label Switching (MPLS), a router may reload after accessing a freed Label Information Base (LIB) entry. When the symptom occurs, an error message similar to the following is likely to precede the reload:
%TIB-3-LCLTAG: 10.10.10.10/10.10.10.10, tag advert; unexpected tag state=13Conditions: This symptom is observed when a very uncommon timing of a Label Distribution Protocol (LDP) events occurs. The symptom may occur with LDP or Tag Switching Distribution Protocol (TDP).
Workaround: There is no workaround.
•
Cisco Internetwork Operating System (IOS) Software releases trains 12.0S, 12.1E, 12.2, 12.2S, 12.3, 12.3B and 12.3T may contain a vulnerability in processing SNMP requests which, if exploited, could cause the device to reload.
The vulnerability is only present in certain IOS releases on Cisco routers and switches. This behavior was introduced via a code change and is resolved with CSCed68575.
This vulnerability can be remotely triggered. A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS).
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml
•
Symptoms: Engine 2 line cards may fail upon clearing BGP peers.
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(27)S.
Workaround: There is no workaround.
•
Symptoms: Some MQC commands on 4xOC3 and 8xOC3 ISE line cards on Cisco 12000 series routers may result in a message similar to the following:
% Service policy on FR sub-interface POS1/1.2 must be hierarchical.Due to the error, no policy is applied to the interface. Even though the running configuration has the policy on the interface, the policy will not take effect.
Conditions: This symptom is observed on Cisco 12000 series routers.
Workaround: There is no workaround.
•
Symptoms: The outgoing label for a prefix that is received through Border Gateway Protocol (BGP) IP version 4+ (IPv4+) labels may not be installed in the Tag Forwarding Information Base (TFIB).
Conditions: This symptom is observed if the router that performs a BGP IPv4+ label exchange receives a label withdraw request for an MPLS label from a BGP peer that is followed by a readvertisement of the label. This symptom occurs if the no mpls ip global configuration command followed by the mpls ip global configuration command is executed on the peer router; however, the label withdraw request may be triggered in other ways also.
Workaround: Enter the clear ip route prefix EXEC command to correct the symptom.
•
Symptoms: A router may become unresponsive and may reload when you append a file whose size is not a multiple of 512 bytes to an Advanced Technology Attachment (ATA) flash card (for example, boot disk, disk0, disk1).
For example, this situation may occur when you enter the show command | tee /append url privileged EXEC command.
Conditions: This symptom is observed on a Cisco platform that runs a Cisco IOS image that contains the fix for caveat CSCdz27200 and that utilizes an ATA flash card. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdz27200. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: Write the output of the show command to a new file instead of appending it to an existing file by entering the show command | tee url privileged EXEC command.
•
Symptoms: A router may reload.
Conditions: This symptom is observed when Web Cache Communication Protocol (WCCP) and Cisco Express Forwarding (CEF) are both enabled on the router.
Workaround: Disabling CEF is a possible workaround, but this workaround may impact the performance of the router.
•
Symptoms: During an SSO switchover, the newly active Route Processor (RP) may output the following error message:
%SCHED-7-WATCH: Attempt to monitor uninitialized watched queue (address 0).
-Process= "CEF LC IPC Background"This error is harmless, and no functional problem will occur when this error is received.
Conditions: This symptom occurs during an SSO switchover.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: A parity error on a Versatile Interface Processor (VIP) card may cause other VIPs to go to a wedged state.
Conditions: This symptom is observed on a Cisco 7500 series router.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(23)S5
Cisco IOS Release 12.0(23)S5 is a rebuild release for Cisco IOS Release 12.0(23)S. The caveats in this section are resolved in Cisco IOS Release 12.0(23)S5 but may be open in previous Cisco IOS releases.
Interfaces and Bridging
•
Symptoms: A Cisco 7500 series may generate the following message on its console:
%VIP-3-BADMALUCMD: Unsupported MALU command 81/82Conditions: This symptom is observed on a Cisco 7500 series that is running Cisco IOS Release 12.0(23)S1.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: A Cisco router may reload when Border Gateway Protocol (BGP) is configured to carry Virtual Private Network version 4 (VPNv4) routes.
Conditions: This symptom is observed when VPNv4 import processing occurs simultaneously with a BGP neighbor reset, for example, when a VPN routing and forwarding (VRF) instance is configured and you enter the clear ip bgp * privileged EXEC command.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series may reload when you enter the show bgp ipv6 unicast or show bgp ipv6 multicast user EXEC or privileged EXEC mode command.
Conditions: This symptom is observed when IP version 6 (IPv6) multicast is configured.
Workaround: There is no workaround.
•
Symptoms: After a Performance Routing Engine 1 (PRE1) cutover in Route Processing Redundancy Plus (RPR+) mode in a Stateful Switchover (SSO) image, no virtual circuit (VC) is recovered.
Conditions: This symptom is observed when the high availability (HA) configuration mode is changed to the RPR+ mode from the default SSO mode on an SSO image when the HA cutover is completed.
Workaround: There is no workaround.
•
Symptom: A Cisco router running Multicast Source Discovery Protocol (MSDP) may reload when the show ip mdsp peer peer-address advertised-SAs user EXEC/privileged EXEC command is entered.
Condition: These symptoms are only observed on a router that is running MDSP.
Workaround: 1)Enter the no ip domain-lookup command in global configuration mode. 2)If the ip host {name} {address1} global configuration command is configured, the host name should not be more than 36 characters.
IP Routing Protocols
•
A Cisco device running Internetwork Operating System (IOS) and enabled for the Open Shortest Path First (OSPF) Protocol is vulnerable to a Denial of Service (DoS) attack from a malformed OSPF packet. The OSPF protocol is not enabled by default.
The vulnerability is only present in IOS release trains based on 12.0S, 12.2, and 12.3. Releases based on 12.0, 12.1 mainlines and all IOS images prior to 12.0 are not affected. Refer to the Security Advisory for a complete list of affected release trains.
Further details and the workarounds to mitigate the effects are explained in the Security Advisory which is available at the following URL:
http://www.cisco.com/warp/public/707/cisco-sa-20040818-ospf.shtml.
ISO CLNS
•
Symptoms: On a Cisco router, Intermediate System-to-Intermediate System Version 6 (IS-ISv6) routes may not be inserted in the IPv6 routing table after a reload or after a neighbor's interface state changes. This symptom affects only configurations with level-2-only links.
Conditions: This symptom may be observed on Cisco routers that are running Cisco IOS Release 12.0(22)S.
Workaround: Use the clear isis * privileged EXEC command after a reload or after a topology change. Use level 1-2 links.
Miscellaneous
•
Symptoms: A Cisco 7500 series router that acts as the penultimate hop of the backup Label Switched Path (LSP) and that is configured with the mpls traffic-eng signalling interpret explicit-null verbatim router configuration command may have the primary LSP go down when Fast ReRoute (FRR) is enabled on the router.
Conditions: This symptom is observed on a Cisco 7500 series that has Multiprotocol Label Switching (MPLS) traffic engineering (TE) configured.
Work around: Do not configure the mpls traffic-eng signalling interpret explicit-null verbatim router configuration command.
•
Symptoms: A router may not load balance traffic properly between two OC-48 Packet over SONET (POS) Engine 2 (E2) line cards.
Conditions: This symptom is observed on a Cisco 12416 series Internet router that is running Cisco IOS Release 12.0(21)ST2 and that has two OC-48 POS E2 line cards.
This symptom is observed while the Cisco 12416 has incoming traffic from an Engine 4 (E4) line card and outgoing traffic is sent through the E2 line card via parallel links. This symptom does not occur if the incoming card is replaced with an E2 line card.
Workaround: There is no workaround.
•
Symptoms: When an hw-module slot <x> reload is issued on the server card, some error messages plus tracebacks appear. Sessions are also nonoperational.
Conditions: This symptom occurs on Cisco 12000 series routers that are running Cisco IOS Release 12.0(22)S.
Workaround: There is no workaround.
•
Symptoms: Per Interface Rate Control (PIRC) does not act on IP traffic that would have otherwise been tagged (MPLS) if the current hop was not the pin- ultimate hop for a given destination. PIRC does not act on IP traffic with destination addresses that have an implicit-null label as their label binding.
Conditions: This symptom is observed on a Cisco 12000 series router.
Workaround: There is no workaround.
•
Symptoms: A 4-port OC-3 Packet-over-SONET (POS) Engine 0 line card that is installed in slot 14 of a Cisco 12416 may reload because of a bus error. In the output of the show context all EXEC command, the value of the badVaddr field is 0x14.
Conditions: This symptom is observed on a Cisco 12416 that runs Cisco IOS Release 12.0(21)S1, Release 12.0(23)S2, or Release 12.0(23)S3. More 12.0 S releases may be affected.
Workaround: There is no workaround.
•
Symptoms: When creating IP version 6 (IPv6) Access Control Lists (ACLs), the following message is displayed several times:
%Access list already exists with these parametersIn some cases, looking at the ACL indicates unwanted commands that are added, such as the following:
permit ipv6 any any sequence 20
deny 0 any any sequence 30
These statements cannot be removed from the ACL. In other cases, lines of the ACL are modified. If a remark is added to the ACL once, then it will be repeated in ACL several times.
Conditions: These symptoms are observed in Cisco IOS releases from Cisco IOS Release 12.0(23)S to Cisco IOS Release 12.0(26)S. The symptoms are seen only when the router has dual gigabit route processors (GRPs) installed and with different redundancy modes configured.
Workaround: There is no workaround.
•
Symptoms: A router permanently pauses when removing certain types of policies from the interface.
Conditions: This symptom is observed on a Cisco router if the policy has bandwidth configured on class-default. When this policy is removed, the router permanently pauses.
Workaround: There is no workaround.
•
Symptoms: A primary Route Processor (RP) and a standby RP may not load the correct image when a Cisco 12000 series router is reloaded.
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(22)S2 or an earlier release when all of the following conditions are present:
- An Advanced Technology Attachment (ATA) disk or a Flash card such as a Personal Computer Memory Card International Association (PCMCIA) card is installed in both the primary RP and the standby RP.
- The Route Processor Redundancy (RPR) mode is enabled.
- The boot system tftp ip-address global configuration command is enabled in the configuration.
The symptom does not occur when the Route Processor Redundancy plus (RPR+) mode or the Stateful Switchover (SSO) feature is enabled.
Workaround: Use the RPR+ mode or the SSO feature.
Alternate Workaround for Cisco IOS Release 12.0(22)S2 only: After the RPs have booted up, remove the boot system tftp ip- address global configuration command from the configuration and execute the upgrade rom-monitor EXEC command to enable the ROM monitor to be upgraded.
•
Symptoms: The ip access-group interface configuration command does not function on a PortChannel interface.
Conditions: This symptom is observed in Cisco IOS Release 12.0(23)S1.
Workaround: There is no workaround.
•
This caveat consists of two symptoms, two conditions, and two workarounds:
Symptom 1: The interface index of a tunnel interface may be corrupt, and the output of the show running-config privileged EXEC command may display the following information:
%FIB-2-IFINDEXILLEGAL: An internal software error occurred. Argument ifindex is out of bounds at -1.Condition 1: This symptom is observed on a Cisco 7500 series after a switchover has occurred and you first add a tunnel interface, then remove the tunnel interface, and then add the tunnel interface again.
Workaround 1: There is no workaround.
Symptom 2: Cisco Express Forwarding (CEF) may not form adjacencies across a 2-port multichannel T3 port adapter (PA-MC-2T3+) as is indicated in the output of the show cef interface type number EXEC command (in this example, serial interface 12/0/0/8:0 is used):
% CEF IDB corresponding to Serial12/0/0/8:0 is not foundCondition 2: This symptom is observed on a Cisco 7500 series after a switchover has occurred and you first add a serial interface, then remove the serial interface, and then add the serial interface again.
Workaround 2: There is no workaround.
•
Symptoms: When Stateful Switchover (SSO) is configured and you enter the hw-module reload privileged EXEC command on a 4-port OC3 ATM line card before the standby Route Processor (RP) has come up completely, the standby RP may reload.
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: After a Performance Routing Engine 1 (PRE1) cutover in Route Processing Redundancy Plus (RPR+) mode in a Stateful Switchover (SSO) image, no virtual circuit (VC) is recovered.
Conditions: This symptom is observed when the high availability (HA) configuration mode is changed to the RPR+ mode from the default SSO mode on an SSO image when the HA cutover is completed.
Workaround: There is no workaround.
•
Symptoms: Tag Distribution Protocol (TDP) may not convey the label change information for a prefix that is learned via an exterior Border Gateway Protocol plus (EBGP+) label to its TDP peers.
Conditions: This symptom is observed on a Cisco 7500 series when TDP is used. The symptom does not occur when Label Distribution Protocol (LDP) is used.
Workaround: There is no workaround.
•
Symptoms: An outgoing adjacency for a Virtual Private Network (VPN) routing/forwarding (VRF) prefix always points to a virtual interface in distributed Cisco Express Forwarding (dCEF).
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(22)S5.
Workaround: There is no workaround.
•
Symptoms: An Engine 3 (E3) Gigabit Ethernet line card may reload or cause the router that it is installed on to reload.
Conditions: This symptom is observed when an E3 Gigabit Ethernet line card that has 1000 VLANs and that is sending line rate IP version 6 (IPv6) traffic on the VLANs is reloaded.
Workaround: There is no workaround.
•
Symptoms: An Engine 3 (E3) line card may exhibit "ALPHA" errors and reload.
Conditions: This symptom is observed on a Cisco 12000 series that has per- prefix accounting configured when the clear ip route * privileged EXEC command is entered to delete IP routing table entries.
Workaround: Disable per-prefix accounting.
•
Symptoms: A Cisco router that is running Multiprotocol Label Switching (MPLS) may reload after a message similar to the following is generated:
%SYS-3-OVERRUN: Block overrun at 5414B2C8 (red zone 00000000)Conditions: This symptom is observed when more than 672 Label Distribution Protocol (LDP) sessions are established simultaneously and when LDP cannot perform some background tasks for an advertised Label Information Base (LIB) entry before the local label is changed or withdrawn.
Workaround: There is no workaround.
•
Symptoms: A memory allocation (malloc) failure may occur during a Cisco Express Forwarding (CEF) process on a redundant Route Processor (RP) and may cause the redundant RP to stop processing queued CEF update messages that are sent by the active RP. This malloc failure may be observed in the output of the show cef linecard EXEC command.
Because the redundant RP no longer processes CEF update messages that are sent by the active RP, the message queue on the active RP continues to grow, causing the free memory of the active RP to decrease. The rate of this decrease depends on the rate of prefix changes in the network. The continued growth of the message queue eventually results in a malloc failure on the active RP, or results in CEF being disabled.
Conditions: This symptom is observed on a Cisco router that is configured with redundant RPs.
Workaround: Reload the redundant RP by entering the hw-module secondary-cpu reset EXEC command.
•
Symptoms: A Cisco router that is configured for IP over Multiprotocol Label Switching (MPLS) may reload. CPUHOG messages may be displayed on the console before the router reloads.
Conditions: This symptom is observed in configurations with many interfaces or IP addresses, or with a very large number of labelled prefixes.
Workaround: There is no workaround.
•
Symptoms: At least 30 percent of the CPU of a Performance Routing Engine 1 (PRE-1) may be utilized to process flows, causing the number of packets that are processed per second to be much lower than you would expect.
Conditions: This symptom is observed on a Cisco 10000 series when NetFlow and NetFlow export are enabled and when there is a large number of flows (more than 10,000).
Workaround: Disable NetFlow.
Alternate Workaround: Reduce the number of entries in the NetFlow cache of the Route Processor (RP) by entering the ip flow-cache entries 1024 global configuration command. Doing so reduces the load of the CPU of the PRE-1. Note that the primary cache is located on the Parallel Express Forwarding (PXF) processor and supports a fixed number of 512 entries.
•
Symptoms: The traceroute privileged EXEC command may not work for the IP address of a generic routing encapsulation (GRE) tunnel in a Multiprotocol Label Switching (MPLS) network, and the router at the receiving end may generate traceback error messages.
Conditions: This symptom is observed in an MPLS network when you configure a generic routing encapsulation (GRE) tunnel between a Cisco 10000 series that is configured as a provider edge (PE) router and another PE router.
Workaround: To determine a path in the MPLS network, shut down the GRE tunnel and enter the traceroute privileged EXEC command for the IP address of the physical link.
Alternate Workaround: Reload the microcode onto the Parallel Express Forwarding (PXF) by entering the microcode reload pxf privileged EXEC command.
•
Symptoms: A Cisco router that is configured for IP over Multiprotocol Label Switching (MPLS) may reload.
Conditions: This symptom is observed when Label Distribution Protocol (LDP) peers of the Cisco router advertise a large number of IP addresses because interfaces flap or are configured.
Workaround: There is no workaround.
•
Symptoms: In a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) network, when primary traffic engineering (TE) tunnels are configured between provider edge (PE) routers, and these primary TE tunnels are configured for Fast Reroute (FRR) link protection, a 50-ms convergence time may not be achieved in the core of the network, even when very small VPN routing and forwarding (VRF) prefix tables are configured.
Conditions: This symptom is observed when the PE headend router is the point of local repair (PLR). The PE headend router is the router that performs VPN label imposition, that functions as the primary TE tunnel headend, and that functions as the uplink to a provider (P) router.
Workaround: There is no workaround. Note that FRR link protection functions correctly for IP version 4 (IPv4) traffic and for Any Transport over MPLS (AToM) traffic. Also, note that FRR link protection functions correctly for VPN traffic on PLRs other than the PE headend that is mentioned in the conditions, such as a P router that functions as a link to another P router, and a P router that functions as a downlink to a PE router.
•
Symptoms: An IP packet with multiple fragments sent through a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(23)S, 12.0(24)S, 12.0(25)S, or 12.0(26)S may drop small fragments of the packet when MPLS Label disposition takes place, which exposes the underlying IP packet.
Conditions: The egress line card must be an Engine 4+ variant for this to occur, and the fragment must have the MF bit set with an IP payload of 8, 16 or 24 bytes.
Workaround: Configure an explicit null label for the prefix, which creates a TAG to TAG switching path instead of a TAG to IP path.
•
Symptoms: A 1-port OC-12 ATM line card may reset after the Forwarding Information Base (FIB) is disabled because of interprocess communications (IPC) failures, as is shown by the following error messages:
%GRP-3-BAD_STATE: Slot:6 State:Launching Fabric Downloader -Traceback= 18BA90 3BC3E4 2C7E34 2C891C 2C8BEC
%GRP-3-BAD_STATE: Slot:6 State:Launching Fabric Downloader -Traceback= 18BA90 3BC3E4 2C7E34 2C891C 2C8BEC
%FIB-3-FIBDISABLE: Fatal error, slot 6: IPC Failure: timeout %GRP-4-RSTSLOT: Resetting the card in the slot: 6,Event: EV_AUTO_LC_RELOAD_ON_FIBDISABLE
%GRP-3-BAD_STATE: Slot:6 State:In Reset -Traceback= 18BA90 3BC3E4 305DA4 3067C4 306850 306FA8 3070C0Conditions: This symptom is observed on a Cisco 12416 that runs the c12kprp-p-mz image of Cisco IOS Release 12.0(23)S3 and that is configured with the following line cards:
- One 1-port OC-12 ATM line card
- Two 4-port OC-3 Packet-over-SONET (POS) line cards
- Two 4-port OC-12 POS line cards
- Two 4-port OC-48 POS line cards
- Two 3-port Gigabit Ethernet line cards
Workaround: There is no workaround.
•
Symptoms: An Engine 4 line card may reload when an Engine 2 line card sends a corrupt Multiprotocol Label Switching (MPLS) packet.
Conditions: This symptom is observed on a Cisco 12000 series that is configured for MPLS.
Workaround: There is no workaround.
•
Symptoms: Simple Network Management Protocol (SNMP) values that are retrieved by the snmpget command may be inconsistent compared to the SNMP values that are shown on an interface.
Conditions: This symptom is observed on a Cisco 12000 series that runs in a Multiprotocol Label Switching (MPLS) environment when you use SNMP to retrieve various counter values from a Packet-over-SONET (POS) interface.
Workaround: There is no workaround.
•
Symptoms: In Cisco IOS software that is running Multiprotocol Label Switching (MPLS), the Label Distribution Protocol (LDP) peer address table may become corrupted and cause the router to reload.
Conditions: This symptom may be observed in situations where three or more routers have advertised the same IP address in LDP address messages. This normally happens when routers have been misconfigured but in very rare circumstances may be done deliberately.
The circumstance can be recognized by the presence of the following error message:
%TAGCON-3-DUP_ADDR_RCVD: Duplicate Address 10.0.0.1 advertised by peer 10.2.2.2:0 is already bound to 10.1.1.1:0If only one such message is seen for a given IP address—10.0.0.1 in the above example—then only two routers have advertised the IP address, and only the second is being treated as a duplicate. At least one more such message should be seen if at least three routers have advertised the IP address in question.
Workaround: The problem does not happen in typical configurations because duplicate addresses are not configured. If such a configuration is accidentally done, the failure may be avoided if the configuration is corrected before the LDP session to any of the involved peers goes down. If the configuration is deliberate, there is no workaround.
•
Symptoms: Under certain conditions, for example Stateful Switchover (SSO) or entering the clear cef linecard EXEC command, the Engine 3 line cards in a router reload with error messages related to ALPHA errors in the table look-up (TLU) stage. The following strings in the error message will be seen:
"%EE48-3-ALPHAPAIR: RX ALPHA: TLU PAIR registers"Conditions: This symptom occurs only when there are loadbalance paths for Multiprotocol Label Switching (MPLS) traffic, and some route changes occur.
Workaround: Ensure that there are no loadbalance paths.
•
Symptoms: When a subinterface is configured with a subinterface number value larger than 65535, the protocol enabled on this subinterface may not be in the proper state for correct operation after the switchover.
Conditions: These symptoms have been observed on Cisco platforms with redundant Route Processors operating in stateful switchover (SSO) redundancy mode.
Workaround: Limit the subinterface number value to an integer less than 65535 while configuring subinterfaces.
•
Symptoms: The Sampled NetFlow (SNF) cache is empty on a 3-port Gigabit Ethernet (GE) interface card.
Conditions: This symptom is observed on a GE interface card when Multiprotocol Label Switching (MPLS) is configured on one port and SNF is on another port of the GE card.
Workaround: If MPLS is not configured, SNF functions correctly.
•
Symptoms: On Packet-over-SONET (POS) Engine 2 line cards for a Cisco 12000 series router, IP2TAG traffic does not get rate limited by Per Interface Rate Control (PIRC).
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(22)S5.
Workaround: There is no workaround.
•
Symptoms: Quality of service (QoS) multicast packets are not correctly marked on input.
Conditions: This symptom is observed on a Cisco router when ingress QoS multicast packets are classified. The precedence or Differentiated Services Code Point (DSCP) bit is ignored and misclassified.
Workaround: There is no workaround.
•
Symptoms: Ethernet over Multiprotocol Label Switching (EoMPLS) disposition fails for egress Packet-over-SONET (POS) Engine 4 plus (E4+) line card. Tag bytes increment as traffic comes in, but nothing is sent out the egress 3-port Gigabit Ethernet (GE) interface.
Conditions: This symptom is observed on a Cisco 12416 router that is running Cisco IOS Release 12.0(22)S5.
Workaround: Use a different card or router for the EoMPLS disposition but do not use the E4+ line card.
•
Symptoms: In a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) network, if a Cisco 10720 router receives an MPLS packet with an IP version 4 (IPv4) option underneath it, the MPLS packet has two or more labels, and the router attempts to untag all labels, the Parallel Express Forwarding (PXF) processor may reload.
When this symptom occurs in the MPLS VPN network, egress provider edge (PE) routers may reload. The packets that cause the routers to reload are Internet Control Message Protocol (ICMP) echo and echo reply packets with record route options. Other types of IPv4 options may also cause the routers to reload.
Conditions: The symptom is observed on a Cisco 10720 that functions as an MPLS VPN PE router. The symptom does not occur in a basic MPLS network without VPN, where there is only one label.
Workaround: There is no workaround.
•
Symptoms: When the ROM of an active Performance Route Processor (PRP) is upgraded, the PRP may pause indefinitely. When the ROM of the standby PRP is upgraded, the upgrade may cause an exception and the standby PRP may reload.
Conditions: These symptoms have been observed when ROM upgrades are performed, and the up all all or up rom slot-number commands are configured on the active and standby PRPs.
Workaround: There is no workaround.
•
Symptoms: A 3-port Gigabit Ethernet (GE) line card may stop transmitting traffic.
Conditions: This symptom is observed on a Cisco 12000 series that is configured as a Multiprotocol Label Switching (MPLS) provider edge (PE) router that is running Cisco IOS Release 12.0(25)S1.
Workaround: Use the hw-module slot x reload privileged EXEC command.
•
Symptoms: If traffic passes on multiple ports of an 8-port Fast Ethernet (FE) card and the shutdown interface configuration command is entered on one of the traffic-flowing ports, all the other ports stop passing traffic.
Conditions: This symptom is observed on a Cisco 10000 series with an 8-port Fast Ethernet (FE) card that is running a Performance Routing Engine 1 (PRE1) image of Cisco IOS Release 12.0(23)S4. There is no special configuration required to experience this symptom. Ports that pass traffic with a basic default configuration will experience the symptom.
Workaround: Enter the no shutdown interface configuration command to free the other ports. Do not shut down any port on an 8-port Half Height (HH) FE line card until a fix is available.
•
Symptoms: The following error may cause a Cisco 10000 series to reload:
%ERR-1-GT64120 (PCI-0): Fatal error, Memory parity error (external)Conditions: This symptom is observed on a Cisco 10000 series when a single bit Error-Correcting Code (ECC) error is detected in the Synchronous Dynamic RAM (SDRAM).
Workaround: There is no workaround.
•
Symptoms: The following symptoms occur with a traceroute from a remote Customer Edge (CE) router to a local CE router with TTL set to expire at the Provider Edge (PE) router attached to the local CE.
-If the IP packet length of the traceroute is equal to or less than 72 bytes, the Provider Edge (PE) router replies with an ICMP TTL expired message with the VPN interface address.
-If the IP packet length of the traceroute is equal to or more than 73 bytes, the PE replies with an ICMP TTL expired message with the MPLS core interface address.
Condition: These symptoms have been observed in an MPLS VPN environment, with a Cisco 12000 series Internet router running Cisco IOS Release 12.0(23)S4 used as the PE and a 3-Port Gigabit line card used as the MPLS and VPN interface.
Workaround: There is no workaround.
•
Symptoms: An IP Services Engine (ISE) line card on a Cisco 12000 series Internet router running Cisco IOS Release 12.0(25)S1 or 12.0(24)S2 shows the following log messages that can lead to the line card being reset:
SLOT 4:Sep 20 22:59:46: %EE48-3-ALPHAERRSS: RX ALPHA: ALPHA_CPU_IF100_INT error 1400 control FFFF03FF
SLOT 4:Sep 20 22:59:46: %EE48-3-ALPHAERR: RX ALPHA: error: cpu int 1 mask 277FFFFF ...
SLOT 4:Sep 21 07:16:20: %LC-3-ERRRECOVER: Corrected a transient error on line card. ...
SLOT 4:Sep 21 07:16:40:: %EE48-3-ALPHAFLOW: rx alpha netflow: Out of order add-delete reportsConditions: These symptoms are observed only under a load when full (non-sampled) aggregated Netflow (ip route-cache flow) is configured on an ISE line card interface.
This problem is not seen with Cisco IOS Release 12.0(25)S, 12.0(25)S2, 12.0(24)S1,and 12.0(26)S. It has been observed with Cisco IOS Release 12.0(25)S1 and 12.0(24)S2.
Workaround: There is no workaround, except to remove full aggregated Netflow.
•
Symptoms: The OC192E/POS-VSR line card is reloaded with watchdog timeout (sig=23) by process = IPC Seat Manager on a Cisco 12416 router that is running Cisco IOS Release 12.0(23)S3. The log message displays the following:
SLOT 10:Sep 22 20:08:21.291: %MBUS_SYS-3-ENQUEUE: Failed to queue message from slot 6 stream 3
SLOT 10:Sep 22 20:09:22.287: %MBUS_SYS-3-ENQUEUE: Failed to queue message from slot 6 stream 3
SLOT 10:Sep 22 20:09:44.727: %SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = IPC Seat Manager.
-Traceback= 400EBCB4 400EF7F0 400E7534 405B620C 405B6438 40597C64 40558AD0 40559248 4011C728 405676F8 400C2874 400C286Conditions: This symptom occurs because the watchdog timeout (sig=23) by process = IPC Seat Manager in OC192E/POS-VSR line card.
SLOT 10:Sep 22 20:09:44.727: %SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = IPC Seat Manager.Workaround: There is no workaround. When this symptom occurs, the line card is automatically reloaded.
•
Symptoms: A Cisco 12008 router displays the following error message:
"%FABRIC-0-INIT"at boot up. Switch fabric card (SFC) incorrectly recognizes a "Primary Clock" as *CSC_0*.
Conditions: This symptom is observed on Cisco 12008 routers that are running Cisco IOS Release 12.0(21)ST5 or later releases.
Workaround: There is no workaround.
•
Symptoms: While running Cisco IOS Release 12.0(22)S3, a Cisco 10720 router may reload with the following logs displayed:
%TOASTER-2-FAULT: T0 HW Exception: CPU[t0r3c3] NULLRD at 0x0C94 LR 0x0818 %TOASTER-2-FAULT: T0 Exception summary: CPU[t0r3c3] Stat=0x00000006 HW=0x00000800 LB=0x00000000 SW=0x00000000Conditions: This symptom occurs only after adding a new subinterface to the router, and traffic starts passing on it.
Workaround: There is no workaround.
•
Symptoms: When running in non-redundant PRE mode, after a crash, the line cards do not get reset. In rare cases, after Cisco IOS software reloads, there may be a mismatch between the Cisco IOS software and the line card so that the line card does not pass traffic.
Conditions: These symptoms have been observed after Cisco IOS is restarted after a crash when running in non-redundant PRE mode. Anything that goes through the formal reload path (with a single PRE1 in the system) will properly reset the line cards on the way down. This fix resets the cards on the way up as well in case they weren't reset on the way down.
Workaround: There is no workaround. However, after a Cisco IOS software crash, if a line card is not passing traffic, resetting the line card might fix the issue. A reload of the chassis will definitely fix the issue.
•
Symptom: An Engine 2 line card crashes.
Condition: This symptom is observed when Traffic Engineering (TE) tunnels are configured.
Workaround: There is no workaround
•
Symptoms: A Reverse Path Forwarding (RPF) check should be disabled for bootp packets with the source IP address 0.0.0.0 and the destination IP address 255.255.255.255. However, PXF currently disables RPF checks for all packets with the source IP address 0.0.0.0.
Conditions: These symptoms have been observed on Cisco IOS Release 12.0(22)S and later.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: Link Control Protocol (LCP) negotiations may fail, and a "failed to negotiate with peer" message may be displayed.
Conditions: This symptom is observed on a Cisco universal access server if the peer sends more than five Configure-Negative acknowledgments (CONFNAKs) or Configure-Rejects (CONFREJs) on the link for the current or previous LCP negotiation.
Workaround: Configure the ppp max-failure 10 command on the link to allow the remote peer to exhaust the Negative acknowledgment (NAK) or Reject acknowledgment (REJ) count and resume negotiations before the Cisco universal access server drops the link.
•
Symptoms: A router may reload when doing a show running-config command after creating a channelized group interface.
Conditions: This symptom may be observed if channelized interfaces had previously been created, configured with Frame Relay encapsulation and subsequently deleted without removing the encapsulation first.
Workaround: Remove the Frame Relay encapsulation before deleting the channel group interface.
Resolved Caveats—Cisco IOS Release 12.0(23)S4
Cisco IOS Release 12.0(23)S4 is a rebuild release for Cisco IOS Release 12.0(23)S. The caveats in this section are resolved in Cisco IOS Release 12.0(23)S4 but may be open in previous Cisco IOS releases.
Basic System Services
•
Symptoms: A router may send linkUp traps with the loclfReason attribute set as "Down" and linkDown traps with the loclfReason attribute set as "Up."
Conditions: This symptom is observed on a Cisco router.
Workaround: Query the link status using the command-line interface (CLI) or Simple Network Management Protocol (SNMP).
•
Symptoms: The ifIndex may not synchronize when you use third-party vendor software with Cisco IOS software and a standby router comes up after a Stateful Switchover (SSO) has occurred.
Conditions: This symptom is observed on a Cisco 12416 that is running Cisco IOS Release 12.0(24)S and that has line cards that are configured with about 2000 Gigabit Ethernet (GE) subinterfaces.
Workaround: Reduce the number of GE subinterfaces. (For example, with only 10 GE subinterfaces, the symptom does not occur.)
•
Symptoms: Information about a port adapter (PA) may be missing from the output of a show diag command.
Conditions: This symptom is observed on a controller with a memory size of 128 MB DRAM and 8192 KB SRAM. The controller displays the following information:
PA Bay 0 Information: Fast-Ethernet PA, 1 ports, 100BaseTX-ISL EEPROM format version 0 HW rev 0.00, Board revision UNKNOWN Serial number: 00000000 Part number: 00-0000-00
PA Bay 1 Information: Fast-Ethernet PA, 1 ports, 100BaseTX-ISL EEPROM format version 1 HW rev 1.00, Board revision A0 Serial number: 08534388 Part number: 73-1688-04Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload because of a watchdog timeout condition when you poll the ciscoEnvMonTemperatureStatusValue MIB variable.
Conditions: This symptom is observed when the MIB variable has an index that is larger than 6. Indexes 0 to 6 are valid indexes; indexes that are larger than 6 are not valid indexes.
Workaround: There is no workaround.
•
Symptoms: The cardIfTable table is not correctly populated for channelized interfaces. All of the entries return a value of "-1".
Conditions: This symptom is observed on a Cisco 7500 series that is running Cisco IOS Release 12.0(22)S.
Workaround: There is no workaround.
EXEC and Configuration Parser
•
Symptoms: When any command that triggers the nonvolatile generation (NVGEN) process is executed through a new vty session, certain interface configuration commands that support the Best Effort Method, such as the ip vrf interface configuration command, the ntp disable interface configuration command, and the service-policy output interface configuration command, may not properly synchronize with a standby Route Processor (RP) or Performance Routing Engine (PRE) because of a failure in the post NVGEN process.
For example, when you enter the ip vrf interface configuration command while the show running-config privileged EXEC command is being executed in a Telnet session, the configuration of the ip vrf interface configuration command may not properly synchronize with the standby RP or PRE, and a "Post NVGEN failure" message may be generated.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0(23)S2 or a later release.
Workaround: Do not enter commands that trigger the NVGEN process while you configure commands that support the Best Effort Method.
IP Routing Protocols
•
Symptoms: A Cisco 12416 router may reload because of a watchdog timeout in the Border Gateway Protocol (BGP) I/O process.
Conditions: This symptom is observed when a Cisco 12416 router that is configured with 575 BGP peers and three 1-port OC-12 ATM line cards, each of which is configured with 500 ATM permanent virtual connection (PVC) subinterfaces, is booted with Cisco IOS Release 12.0(22)S.
Workaround: There is no workaround.
•
Symptoms: When the customer edge (CE) peer of a provider edge (PE) router has the neighbor default-originate router configuration command enabled, which enables the PE router to send the default route to the CE, the default route may be sent with the wrong mask (255). When this situation occurs, the CE router sends a notification that states that an illegal network entry has occurred and flaps the session.
Conditions: This symptom is observed on a Cisco 7200 series router that functions as a PE router but may also occur on another platform that functions as a PE router.
Workaround: There is no workaround.
•
Symptoms: A router may reload when a Virtual Private Network (VPN) neighbor is deleted.
Conditions: This symptom is observed on a Cisco router that has a VPN neighbor.
Workaround: There is no workaround.
•
Symptoms: A customer edge (CE) router may reject next-hop routes to a provider edge (PE) router.
Conditions: This symptom is observed when the PE router does not advertise itself as the next hop to the CE router that is configured for external Border Gateway Protocol (eBGP).
Workaround: Configure the PE router as the BGP next hop for the CE router by entering the neighbor ip-address next-hop-self router configuration command on the PE router.
•
Symptoms: A router may inadvertently remove link-state advertisements (LSAs) from the retransmission list and prevent the Open Shortest Path First (OSPF) neighbor from receiving the latest version of the LSA. This behavior may cause some prefixes to be unreachable.
Conditions: This behavior may occur when the LSA is not received by the neighboring router and the LSA must be retransmitted. While the LSA is waiting in the neighbor retransmission queue, certain events may cause a regeneration of the same LSA. If there is no change in the LSA, the router may mistakenly remove the LSA from the retransmission queues of all neighbors.
Workaround: This symptom normally stops occurring after the LSA is refreshed. If this symptom continues to occur, unconfigure and reconfigure the network global configuration command.
•
Symptoms: A Border Gateway Protocol (BGP) next-hop router may not redistribute Virtual Private Network (VPN) routes.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.0 S or Release 12.2 S.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10000 series that is configured with two Performance Routing Engine 1 (PRE-1) processors may stop functioning as a redundant system.
Conditions: This symptom is observed when you enter the bgp upgrade-cli router configuration command.
Workaround: Reload the standby PRE-1.
•
Symptoms: You may not be able to configure the ip vrf receive interface configuration command.
Conditions: This symptom is observed when the interface on which you attempt to configure the ip vrf receive interface configuration command does not have an IP address configured.
Workaround: First configure an IP address on the interface, then enter the ip vrf receive interface configuration command on the interface.
Miscellaneous
•
Symptoms: Engine 4 plus (E4+) line cards may not fragment outgoing pings properly, causing pings of packets with a size that is larger than the maximum transmission unit (MTU) to fail.
Conditions: This symptom is observed on E4+ line cards (4-port OC-48 and 1- port OC-192 line cards) that are installed in a Cisco 12000 series.
Workaround: For pings, use packets with a size that is smaller than the MTU.
•
Symptoms: On a Cisco 10000 series edge services router (ESR) that has a Channelized OC-12 line card and is configured for Synchronous Digital Hierarchy (SDH) framing, the controllers and interfaces will not come up if you configure an "AU-4-TUG-3" other than number 1.
Conditions: These symptoms have been observed only when "AU-4-TUG-3" number 1 has not been configured. Once the number 1 controller has been configured, all other controllers function properly.
Workaround: Configure the number 1 "AU-4-TUG-3" controller before configuring any others. The controller needs to remain configured for the other controllers to work, even if it is not used.
•
Symptoms: A secondary Route Processor (RP) may reload.
Conditions: This symptom is observed on a Cisco router that is configured for Stateful Switchover (SSO) when a static route in the format "ip route 10.10.10.10 255.255.255.255 ethernet4/0/1" is configured on the primary RP.
Workaround: There is no workaround.
•
Symptoms: When you configure a Virtual Private Network (VPN) on a router that is configured with dual Route Processors (RPs), a VPN routing/forwarding (VRF) table ID that is associated with a particular VRF instance may have different values in the active RP and the standby RP. This situation causes failures in the processing of Cisco Express Forwarding (CEF) interprocess communication (IPC) messages on the standby RP for CEF IPC messages that contain an inconsistent VRF table ID, and CEF may be disabled.
Inconsistent VRF table IDs may also cause a memory loss on the standby RP, and when a switchover occurs from the active RP to the standby RP, more difficulties may occur.
Conditions: These symptoms are observed on router that is configured for Stateful Switchover (SSO) when VRF instances are deleted.
Workaround: There is no workaround; however, these actions minimize the occurrence of the symptoms:
–
–
–
•
Symptoms: The configuration of commands may cause additional memory to be held by an execute process.
Conditions: This symptom is observed when commands are configured on a Cisco router.
Workaround: If the execute process belongs to a terminal session or a console session, terminate the execute session by entering the exit command.
•
Symptoms: A spurious memory access may occur on the Versatile Interface Processor (VIP) of a Cisco 7500 series, even though the VIP does not reload.
Conditions: This symptom is observed when Multiprotocol Label Switching (MPLS) forwarding is enabled.
Workaround: There is no workaround.
•
Symptoms: If the no shutdown interface configuration command is entered on interfaces that are already in the "up" state, the interfaces enter the "down" state.
Conditions: This symptom is observed on the interfaces of a 16-port OC-3 Packet over SONET (POS) line card that is installed on a Cisco 12000 series.
Workaround: Reload the router to bring up the interfaces.
•
This caveat consists of two symptoms, two conditions, and two workarounds:
1.
Conditions: This symptom is observed when Virtual Private Network (VPN) routing/forwarding (VRF) forwarding is configured on the interfaces that flap.
Workaround: There is no workaround.
2.
Conditions: This symptom is observed when you perform an OIR of an interface that has a VRF configuration in which the connected route is learned via a network statement. The connected route is removed when you perform the OIR.
Workaround: Do not simultaneously enter the clear ip bgp * privileged EXEC command and perform an OIR.
•
Symptoms: A 4-port OC-48 Packet-over-SONET (POS) Engine 4 plus (E4+) line card may stop forwarding traffic after you reload microcode onto the line card.
Conditions: This symptom is observed on a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0(22)S, Release 12.0(23)S, Release 12.0(24)S, or Release 12.0(25)S and that is functioning as a provider edge (PE) router in a Carrier Supporting Carrier configuration when the 4-port OC- 48 POS E4+ line card interconnects the Cisco 12000 series and a customer edge (CE) router.
Workaround: Enter the clear ip bgp privileged EXEC command on the Cisco 12000 series.
•
Symptoms: The E3 controller of a 1-port multichannel E3 port adapter (PA-MC-E3) card is missing from the IF-MIB and DS3-MIB MIBs.
Conditions: This symptom is observed when you run the IF-MIB MIB or DS3-MIB MIB for a PA-MC-E3. The symptom occurs in all Cisco IOS releases.
Workaround: There is no workaround.
•
Symptoms: A Tag Forwarding Information Base (TFIB) Virtual Private Network version 4 (VPNv4) entry on an Autonomous System Boundary Router (ASBR) for a prefix may not be reinstalled, causing traffic for this prefix to continue to flow to a provider edge (PE) router via the previous best path.
Conditions: This symptom is observed in a Multiprotocol Label Switching (MPLS) VPN interautonomous system environment in which ASBRs are performing VPNv4 exchanges and in which a Border Gateway Protocol (BGP) session is active.
The ASBR on which the TFIB VPNv4 entry is not installed should receive a prefix from a Route Reflector (RR) that selects the best of two available paths between the RR and two PE routers. Both PE routers should allocate the same label for the prefix. The PE router to which the best path leads should withdraw the prefix.
Workaround: Clear the BGP session on the ASBR that is connected to the RR.
Alternate Workaround: Withdraw the prefix from the ASBR and readvertise the prefix by clearing the prefix on the PE router that advertises the prefix.
•
Symptoms: After a single transmit buffer management (TBM) error occurs on an 8- port OC-3 ATM line card, the line card may stop forwarding inbound and outbound traffic.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10000 series may reload because of a bus error exception.
Conditions: This symptom is observed if a label value of 500 or greater is entered in the label-value argument of the show hardware pxf cpu mpls labels label-value privileged EXEC command such as in the following examples:
Router#show hardware pxf cpu mpls labels 500or
Router#show hardware pxf cpu mpls labels 2-500The Cisco 10000 series does not reload if a label value of less than 500 is entered in the label-value argument of the show hardware pxf cpu mpls labels label-value privileged EXEC command such as in the following examples:
Router#show hardware pxf cpu mpls labels 499or
Router#show hardware pxf cpu mpls labels 2-499Workaround: There is no workaround.
•
Symptoms: The Simple Network Management Protocol (SNMP) agent may use 99 percent of the CPU bandwidth of a Route Processor (RP) for an arbitrarily long time (hours or days), without necessarily generating CPUHOG errors. This situation causes other processes on the router to fail because these processes do not receive the CPU bandwidth that they require:
–
–
–
–
The output of the show snmp summary EXEC command may indicate that the number of requests is "N" while the number of replies that were sent is "N-1." The output of the show processes cpu | include SN EXEC command may indicate that the SNMP process uses 99 percent of the CPU bandwidth of the RP.
Conditions: These symptoms are observed when the MPLS-LSR-MIB MIB is enabled, you query the mplsXCTable or a MIB walk occurs, and there are more than 10,000 Multiprotocol Label Switching (MPLS) labels active. The symptoms are platform independent.
Workaround: Perform the following steps:
1.
2.
snmp-server view nolsrmib mplsLsrMIB exclude
snmp-server community public view nolsrmib ro
snmp-server view nolsrmib iso include3.
•
Symptoms: On a Cisco router that runs IP over Multiprotocol Label Switching (MPLS), the Route Processor (RP) on which Label Distribution Protocol (LDP) is configured may attempt to access freed memory, causing the router to reload.
Conditions: This symptom is observed in rare situations on a Cisco router when an interface with hundreds of associated IP addresses is administratively disabled.
Workaround: There is no workaround.
•
Symptoms: When NetFlow data is processed at interrupt-level, the CPU utilization of a route processor (RP) may become high.
Conditions: This symptom is observed on a Cisco 10000 series when NetFlow is configured and many small data flows are processed on the router.
Workaround: There is no workaround.
•
Symptoms: Any Transport over MPLS (AToM) traffic may be dropped at the disposition line card.
Conditions: This symptom is observed on a Cisco 12000 series when the Any Transport over MPLS (AToM): ATM Cell Relay over MPLS feature is enabled on an 8-port OC-3 ATM line card and the disposition line card is an Engine 3 line card, such as a 4-port OC-12 Packet-over-SONET (POS) line card or a 1-port OC-48 POS line card.
Workaround: There is no workaround.
•
Symptoms: On a Cisco platform, free memory may decrease gradually during normal system operation. When network instability occurs, free memory may decrease in the order of tens of MBs over a short period of time.
The output of the show processes memory EXEC command indicates that the Border Gateway Protocol (BGP) router process holds an amount of memory that is increasing as the free memory is decreasing.
Conditions: This symptom is observed on a Cisco platform that is running Cisco IOS Release 12.0(23)S1 or a later release and that has the ip default-network network-number global configuration command enabled.
Workaround: Disable the ip default-network network-number global configuration command to stop the free memory from decreasing. However, to free up the held memory, reload the platform.
•
Symptoms: Interfaces on one Engine 4 (E4) 3-port Gigabit Ethernet (GE) port adapter (EPA-3GE-SX/LH-LC) may use the same interface description blocks (IDBs) as interfaces of an adjacent E4 3-port GE port adapter that is installed on the same GE modular baseboard (EPA-GE/FE-BBRD). This situation may cause forwarding difficulties and Cisco Express Forwarding (CEF) inconsistencies on other line cards that are installed in the same router. You can verify the symptoms in the output of the show cef interface EXEC command.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with more than one GE modular baseboard when several E4 3-port GE port adapters are installed on a single GE modular baseboard.
Workaround: Reload the router.
•
Symptoms: A 3-port Gigabit Ethernet line card may stop processing traffic after the Gigabit Route Processor (GRP) has reloaded.
Conditions: This symptom is observed on a Cisco 12000 series when autonegotiation is enabled.
Workaround: Reload the microcode onto the line card.
•
Symptoms: When an ATM link flaps or a remote ATM platform reloads, a Fast Etherchannel may fail and Enhanced Interior Gateway Routing Protocol (EIGRP) neighbors that are connected via the Fast Etherchannel may be lost.
Conditions: This symptom is observed on a Cisco 7500 series that runs the rsp-pv-mz image of Cisco IOS Release 12.0(21)S5.
Workaround: There is no workaround.
•
Symptoms: The convergence time after a forced Stateful Switchover (SSO) may be longer than 10 seconds.
Conditions: This symptom is observed on a Cisco 10000 series that is configured for SSO.
Workaround: There is no workaround.
•
Symptoms: A value of 4,294,967,295 (hexadecimal 0xffffffff) may appear in the ifIndex field of the ifTable for the first channelized T3 controller (CT3) of a 6-port CT3 line card that is installed in a slot of a Cisco 10000 series. This situation causes the ifTable to lose its entries for all other CT3 (or T3 and DSX3) controllers, making them unavailable for Simple Network Management Protocol (SNMP) access.
In a situation in which some SNMP access tools treat the ifIndex values as signed integers, these SNMP access tools may interpret the ifIndex value of 4,294,967,295 as its signed value of -1. When a router walks tables that are indexed by an abnormal ifIndex value such as -1, loops may occur.
Conditions: This symptom is observed on a Cisco 10000 series that is configured for Route Processor Redundancy Plus (RPR+) when a switchover occurs. The symptom may also occur when a Stateful Switchover (SSO) occurs and the Cisco 10000 series software image that is loaded onto the secondary Route Processor (RP) is a newer version than the software image that is running on the primary RP, causing the router to default to RPR+ because of the mismatch between the two software images on the RPs.
At least one channelized interface must be defined on any CT3 controller in order for the symptom to occur.
You can reproduce the symptom in a simple configuration with two 6-port CT3 line cards in slots 6/0 and 7/0, when the only interface that is defined is a single T1 channel group, 6/0/3/1:0. Before an RPR+ switchover, the output of the snmpwalk command indicates the following controller indices:
interfaces.ifTable.ifEntry.ifIndex.3 = 3
interfaces.ifTable.ifEntry.ifIndex.4 = 4
interfaces.ifTable.ifEntry.ifIndex.5 = 5
interfaces.ifTable.ifEntry.ifIndex.6 = 6
interfaces.ifTable.ifEntry.ifIndex.7 = 7
interfaces.ifTable.ifEntry.ifIndex.8 = 8
interfaces.ifTable.ifEntry.ifIndex.9 = 9
interfaces.ifTable.ifEntry.ifIndex.10 = 10
interfaces.ifTable.ifEntry.ifIndex.11 = 11
interfaces.ifTable.ifEntry.ifIndex.12 = 12
interfaces.ifTable.ifEntry.ifIndex.13 = 13
interfaces.ifTable.ifEntry.ifIndex.14 = 14The associated data objects are also shown:
interfaces.ifTable.ifEntry.ifDescr.3 = T3 6/0/0
interfaces.ifTable.ifEntry.ifDescr.4 = T3 6/0/1
interfaces.ifTable.ifEntry.ifDescr.5 = T3 6/0/2
interfaces.ifTable.ifEntry.ifDescr.6 = T3 6/0/3
interfaces.ifTable.ifEntry.ifDescr.7 = T3 6/0/4
interfaces.ifTable.ifEntry.ifDescr.8 = T3 6/0/5
interfaces.ifTable.ifEntry.ifDescr.9 = T3 7/0/0
interfaces.ifTable.ifEntry.ifDescr.10 = T3 7/0/1
interfaces.ifTable.ifEntry.ifDescr.11 = T3 7/0/2
interfaces.ifTable.ifEntry.ifDescr.12 = T3 7/0/3
interfaces.ifTable.ifEntry.ifDescr.13 = T3 7/0/4
interfaces.ifTable.ifEntry.ifDescr.14 = T3 7/0/5After the RPR+ switchover, the index list for the CT3 controllers contains only the following entry:
interfaces.ifTable.ifEntry.ifIndex.4294967295 = -1The associated data object is shown only for the controller that is assigned to this index (that is, the first controller on the line card on which an interface is assigned):
interfaces.ifTable.ifEntry.ifDescr.4294967295 = T3 6/0/0Workaround: There is no workaround.
•
Symptoms: "IPC-3-APP_IPC_FAIL" error message may be printed when Active and Standby Route Processors (RPs) are running different Cisco IOS software versions.
Conditions: This symptom occurs when at least one of the Cisco IOS releases is Cisco IOS Release 12.0(23)S2 or an earlier release.
Workaround: Ensure that both images on Active and Standby RPs are running Cisco IOS Release 12.0(23)S3 or later releases.
•
Symptoms: A Cisco router may generate a "SYS-2-GETBUF" message during the "Tag Input" process and may subsequently reload unexpectedly.
Conditions: This symptom is observed when the router fragments a Multiprotocol Label Switching (MPLS) packet.
Workaround: There is no workaround.
•
Symptoms: Packets may drop from an Engine 2 (E2) line card on which an outbound access control list (ACL) is configured.
Conditions: This symptom is observed on a Cisco 12000 series when the access-list access-list-number deny protocol any any global configuration command is configured on the E2 line card and you have entered 0 for the protocol argument.
The symptom does not occur on an E2 line card on which an inbound ACL and the access-list access-list-number deny protocol any any global configuration command are configured and you have entered 0 for the protocol argument.
Workaround: There is no workaround.
•
Symptoms: Multiprotocol Label Switching (MPLS) labels may be imposed erroneously on multicast packets.
Conditions: This symptom is observed on a Cisco 10720 when multicast packets are transmitted via Packet-over-SONET interfaces that are configured for MPLS.
Workaround: There is no workaround.
•
Symptoms: When you enter the copy running-config startup-config EXEC command or any other command that affects the configuration, the copy process may not be successful or the configuration may not be saved, and a "File table overflow" error message may be generated. After this situation has occurred, any other file-operation attempts will fail too with a "File table overflow" error message.
Conditions: This symptom is observed on a Cisco router that is configured with dual Route Processors (RPs) and that runs Cisco IOS Release 12.0(23)S2 when you enter any command that affects the configuration while the show running-config EXEC command is being executed, which takes a relatively long time when the running configuration is large.
To clear the symptom, reload the router.
Workaround: Do not enter any command that affects the configuration while the show running-config EXEC command is being executed.
•
Symptoms: When a small packet (a layer-2 packet that is equal to or smaller than 52 bytes, including the layer-2 packet size, the layer-2 header, and the cyclic redundancy check [CRC]) enters a Cisco 10720 and is fed back, one buffer element of the 128-byte Parallel Express Forwarding (PXF) buffer pool is used but not released. This situation eventually causes the 128-byte buffer pool to be depleted entirely. Because most of the control packets such as the IP routing protocol packets are small packets and use the 128-byte buffer pool, most control plane functions stop working and routing-protocol adjacencies go down when the 128-byte buffer pool is depleted, and finally, the router stops forwarding traffic on all the interfaces.
Conditions: These symptoms are observed when a PXF feedback occurs, for example, when multicast traffic is configured, or when a policy map is configured to feed back packets.
Workaround: Avoid PXF feedback. For example, properly configure the policy map. If PXF feedback is inevitable, proactively monitor the 128-byte buffer pool via the output of the show hardware pxf cpu buffers privileged EXEC command:
Router#show hardware pxf cpu buffers
FP buffers
pool size # buffer available allocate failures low buffer drops
----------------------------------------------------------------------------
0 9344 1293 1293 0 0 1 1664 12930 12930 0 0 2 640 26746 26746 0 0 3 256 34072 34072 0 0 4 128 59934 49987 0 0 ^^^^^ Before the 128-byte buffer pool is depleted entirely, reset the 128-byte buffer pool. Reload the microcode onto the PXF by entering themicrocode reload pxf privileged EXEC command. However, be careful, because by reloading microcode onto the PXF, you may cause routing- protocol adjacencies to be dropped and the PXF to stop forwarding traffic.•
Symptoms: Packets may be dropped by a Cisco 12000 IP Services Engine (ISE) line card if they are locally generated or forwarded in the slow pass by the line card, and if they exit the router through an ATM Engine 0 line card (1-port OC-12 ATM or 4-port OC-3 ATM). For example, these packets may be locally generated by ISE line card NetFlow export packets, Internet Control Message Protocol (ICMP) echo replies, or ICMP unreachable messages that exit the router through an Engine 0 ATM line card.
Packets that match the conditions listed below may be dropped. If they are NetFlow export packets, they can be seen in the output of the show ip flow export command in the line "export packets were dropped due to output drops." If they are ICMP echo reply packets, pings will fail.
Conditions: The following three conditions exist simultaneously for the dropped packets:
–
–
–
This caveat affects Cisco IOS Release12.0(21)S, Release 12.0(22)S, Release 12.0(23)S, and Release 12.0(24)S. It does not apply to Release 12.0(25)S and later releases.
Workaround: There is no workaround.
•
Symptoms: Line Remote Defect Indicators (LRDIs) may be transmitted on both the working line and the protect line after an automatic protection switching (APS) switchover has occurred.
Conditions: This symptom is observed when a 4-port OC-3 ATM line card is configured for APS and a Loss of Signal (LOS) occurs.
Workaround: There is no workaround.
•
Symptoms: Ports on an 8-port OC-3 ATM line card may fail to come up and may generate the following continuous SONET alarms:
%SONET-4-ALARM: ATM10/6: ~SLOF ~SLOS ~LAIS ~LRDI ~PAIS ~PRDI PLOPConditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(23)S1.
Workaround: Reload the line card.
•
Symptoms: Layer 2 may forward an incorrect MAC address when a policed packet is rerouted to a next-hop address.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with an Engine 4 plus line card when policy-based routing (PBR) is configured.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload unexpectedly after you have modified an access control list (ACL) and have entered the clear pxf interface privileged EXEC command.
Conditions: This symptom is observed on a Cisco 10000 series.
Workaround: Do not enter the clear pxf interface privileged EXEC command.
•
Symptoms: A Performance Route Processor (PRP) on a Cisco 12000 series can reload with a SIGTRAP exception after receiving a 1612 bytes or longer frame on an Ethernet0 or Ethernet1 interface.
Conditions: This symptom is observed only on the PRP. The Gigabit Route Processor (GRP) is not affected.
Workaround: Isolate the PRP Ethernet ports to an isolated Ethernet segment.
•
Symptom: The interface index (ifIndex) values of the interfaces of a 4-port OC-48 Packet-over-SONET (POS) Engine 4 plus (E4+) line card may fail to be deregistered after an online insertion and removal (OIR) has been performed, and the following error messages may be generated:
%COPTMONMIB-3-ENTRYPRESENT: An entry is already present for the registering in terface with ifIndex 2
%COPTMONMIB-3-ENTRYPRESENT: An entry is already present for the registering in terface with ifIndex 3
%COPTMONMIB-3-ENTRYPRESENT: An entry is already present for the registering in terface with ifIndex 4
%COPTMONMIB-3-ENTRYPRESENT: An entry is already present for the registering in terface with ifIndex 5Conditions: This symptom is observed on a Cisco 12410 that runs Cisco IOS Release 12.0(23)S3 and that is configured with the following line cards, neighbors, and peers:
–
–
–
–
Workaround: There is no workaround.
•
Symptoms: A standby card may not be able to switch to the active state.
Conditions: This symptom is observed in a Redundancy Framework (RF) environment when ATM, High-Level Data Link Control (HDLC), or Frame Relay clients synchronize data during the "standby-bulk" state.
Workaround: There is no workaround.
•
Symptoms: A primary Performance Routing Engine 1 (PRE-1) may reload because of memory corruption.
Conditions: This symptom is observed on a Cisco 10000 series that is configured with redundant PREs when you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on an interface of a 1-port Gigabit Ethernet line card.
Workaround: There is no workaround. Note that the symptom does not occur with a 1-port Gigabit Ethernet half-height line card.
•
Symptoms: A Cisco 10720 may reload.
Conditions: This symptom is observed under rare circumstances when a SONET bit error rate (BER) is reported.
Workaround: There is no workaround.
•
Symptoms: When a Weighted Random Early Detection (WRED) configuration is present and a policy map with WRED configuration is applied to any interface of a Cisco 10720 router, the Parallel Express Forwarding (PXF) Intelligent Protection Switching (IPS) buffer may leak. The "toaster IPC buffer" counter can be observed with the show buffer command.
When the buffer pool is empty, the following error message can be observed, attempts to Telnet into the router may fail, and the Cisco IOS software may reload:
%CAMR_QUEUE_CFG_GENERAL-3-EREVENT: Error @
../toaster/camr_rp/camr_tt_queue_cfg.c:463
-Traceback= 500DB204 500DB2BC 503954D8 503986EC 50330A58
%SYS-2-MALLOCFAIL: Memory allocation of 18196 bytes failed from
0x502C5BD0, alignment 32
Pool: I/O Free: 552 Cause: Not enough free memory
Alternate Pool: None Free: 0 Cause: No Alternate pool
-Process= "Pool Manager", ipl= 0, pid= 5
-Traceback= 50308EEC 5030A8E8 502C5BD8 5031DD3C 5031DE7CConditions: These symptoms occur only when a WRED configuration is present and a policy map with WRED configuration is applied to any interface of a Cisco 10720 router. The higher the rate at which the Route Processor (RP) sends packets to PXF, the faster the PXF IPC buffer leaks. The leaking is usually very slow, and it takes weeks to drain the buffer pool.
Workaround: Remove all policy maps that include the random-detect interface configuration command from all interfaces.
•
Symptoms: An Engine 2 line card that is configured with Virtual Private Network (VPN) routing/forwarding (VRF) instances and Sampled NetFlow (SNF) may reload.
Conditions: This symptom is observed on a Cisco 12000 series when you enter the no mpls ip global configuration command to remove Multiprotocol Label Switching (MPLS) from the configuration.
Workaround: Remove SNF from the configuration before you enter the no mpls ip global configuration command.
•
Symptoms: An Engine 4 line card may reload unexpectedly.
Conditions: This symptom is observed on a Cisco 12000 series when you enter the clear cef linecard EXEC command to clear Cisco Express Forwarding (CEF) from the line card.
Workaround: There is no workaround.
•
Symptoms: In a tag switching-to-IP switching scenario, the value of the precedence field of an IP header may change. This behavior is incorrect in Pipe mode.
Conditions: This symptom is observed on a Cisco 12000 series when the following conditions are present:
–
–
–
Workaround: Deconfigure and reconfigure the tag switching-to-IP switching configuration and the MPLS traffic engineering (TE) tunnels on the interface of the ES line card.
•
Symptoms: Some policy-based routing (PBR) rules may cause a Route Processor (RP) to reload unexpectedly with a bus error. When a route map that causes the RP to reload is saved to the startup configuration, the router may not boot up.
Conditions: This symptom is observed on a Cisco 12000 series when the PBR rules are applied to the interfaces of an IP Services Engine (ISE) line card and occurs usually when the route map is modified after it has already been applied to the interfaces.
Workaround: Remove PBR from the interfaces of the ISE line card.
If you are unable to boot the router, enter a break signal on the console during the bootup procedure and configure the configuration register to ignore the startup configuration. To do so, follow the steps that are described in the Password Recovery Procedure for the Cisco 12000 Series Routers at the following location:
http://www.cisco.com/warp/public/474/pswdrec_12000.shtml
•
Symptoms: The command-line interface (CLI) may pause indefinitely after you perform a manual online insertion and removal (OIR) of the standby Performance Route Processor (PRP).
Conditions: This symptom is observed on a Cisco 12410 that runs the c12kprp-p-mz image of Cisco IOS Release 12.0(23)S3.
Workaround: Reload the active PRP.
•
Symptoms: When you configure a Cisco 10000 series, messages similar to the following ones may appear, and a VLAN may not be enabled:
%GENERAL-3-EREVENT: c10k_dot1q_vlan_enable: No tt_info
-Traceback= 60142770 60142A50 603AEC40 603AE06C 603ADCE0 6036EAD8 60193BA8 60380DD4 60B85BEC 60B861D4 603D6FAC 603D6F98
%GENERAL-3-EREVENT: get_injection_vcci: no info for VLAN ID 972
-Traceback= 600DF180 6009AF2C 6009B178 603A831C 604BB804 605013F0 605018A8 605014E0 602B8D84 602B94A4 604F2DC0 604F33F4 60504DB4 60504BA4 60504984 6052351C
%GENERAL-3-EREVENT: get_injection_vcci: no info for VLAN ID 972
-Traceback= 600DF180 6009AF2C 6009B178 603A831C 604BB804 605013F0 605018A8 60504E0 602B8D84 602B94A4 604F2DC0 604F33F4 60504DB4 60504BA4 60504984 6052351CConditions: This symptom is observed on a Cisco 10000 series when you change the encapsulation of a LAN subinterface to dot1q encapsulation while the subinterface is shut down.
When the symptom occurs, the output of the show hardware pxf cpu subblocks privileged EXEC command lists "noSB" for the affected subinterface, as is indicated in the following example:
Router# show hard pxf cpu sub | i GigabitEthernet4
GigabitEthernet4/0/0 up 12000 4 PXF 1 81C4A800 4
GigabitEthernet4/0/0.500 administ 12000 4 PXF 1 81C4A800 noSBWorkaround: Change the encapsulation of the subinterface to dot1q when the subinterface is not shut down. The state of the main interface is irrelevant. After you change the encapsulation, you can shut down the subinterface again.
When the subinterface is created while the main interface is shut down, the subinterface and the VLAN do not function properly. Perform the following steps to recover the VLAN:
1.
2.
3.
4.
5.
•
Symptoms: After a Route Processor Redundancy Plus (RPR+) switchover occurs, the deletion of an existing permanent virtual circuit (PVC)/permanent virtual path (PVP) fails. This situation prevents you from recreating the same PVC/PVP. You can create a new PVC/PVP, but once you delete it, you cannot recreate it because the PVC remains in the active state.
Conditions: This symptom is observed on a Cisco 10000 series that runs Cisco IOS Release 12.0 S or Release 12.0 SX.
Workaround: There is no workaround. To enable the router to return to normal operation, reload the router.
•
Symptoms: The interface protocol may not come up for a 1-port OC-12 Packet-over-SONET (POS) line card when the encapsulation frame-relay interface configuration command is configured.
Conditions: This symptom is observed on a Cisco 10000 series when the 1-port OC-12 POS line card is connected back-to-back to another line card in another Cisco 10000 series.
Workaround: There is no workaround.
•
Symptoms: When you shut down the last port of an 8-port Fast Ethernet half-height line card (port 7), all the other ports on the line card may stop transmitting traffic.
Conditions: This symptom is observed on a Cisco 10000 series.
Workaround: Do not shut down port 7. If port 7 is shut down, enter the no shutdown interface configuration command on the interface to enable traffic to resume on the other interfaces.
•
Symptoms: The following error message may appear for a 3-port Gigabit Ethernet Engine 2 line card, and the line card may reset:
%LCGE-3-SOP_BAD_PACKET: Found corrupt pkts in tx-sop-sram.Conditions: This symptom is observed on a Cisco 12000 series that runs Cisco IOS Release 12.0(23)S3.
Workaround: There is no workaround.
•
Symptoms: Traffic forwarding may not be fully restored when you remove a deny input access control list (ACL) from an interface of a 16-port OC-3 Packet-over-SONET (POS) IP Services Engine (ISE) line card.
Condition: This symptom is observed on a Cisco 12410 that is configured with a 16-port OC-3 POS ISE line card when unicast Reverse Path Forwarding (uRPF) is configured on the interface from which you remove the deny input ACL.
Workaround: There is no workaround. To restore traffic forwarding to its proper performance, reload the line card.
•
Symptoms: When you configure unicast Reverse Path Forwarding (uRPF) on a 1-port OC-48 Packet-over-SONET (POS) Engine 2 line card while traffic is passing through the interface, traffic forwarding may stop.
Conditions: This symptom is observed on a Cisco 12416 that runs the gsr-p-mz image of Cisco IOS Release 12.0(23)S3, that is configured with three 1-port OC-48 POS Engine 2 line cards, and that is configured with three Border Gateway Protocol (BGP) peers.
Workaround: To restore traffic forwarding, reload the line card. To prevent the symptom from occurring, enter the shutdown interface configuration command on the interface before you configure uRPF. Then, enter the no shutdown interface configuration command on the interface.
Alternate Workaround: Ensure that uRPF is configured in the startup configuration file before you boot up the router.
•
Symptoms: After a switchover occurs, an active Route Processor (RP) that is operating in the Route Processor Redundancy plus (RPR+) mode may not be able to switch Layer 2 Tunneling Protocol (L2TP) version 3 packets using distributed Cisco Express Forwarding (dCEF) (in the dCEF mode and may punt them to the RP CEF mode).
Conditions: This symptom is observed on the RP of a Cisco 7500 series that is running Cisco IOS Release 12.0(24)S.
Workaround: Disable and reenable dCEF.
•
Symptoms: A Cisco router that is configured for Any Transport over Multiprotocol Label Switching (AToM) may send AToM packets that are missing control words, even though control-word imposition is enabled. When another Cisco router receives such malformed packets, the router does not handle these packets properly during disposition.
Conditions: This symptom may occur on all Cisco routers that employ software switching with AToM enabled. This symptom has specifically been observed on a Cisco 7200 series, Cisco 7400 series, and Cisco 7500 series that are configured for AToM.
On a Cisco 7200 series router that is processing a heavy traffic load, the reception of malformed packets may cause the router to pause indefinitely.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(23)S3
Cisco IOS Release 12.0(23)S3 is a rebuild release for Cisco IOS Release 12.0(23)S. The caveats in this section are resolved in Cisco IOS Release 12.0(23)S3 but may be open in previous Cisco IOS releases.
Basic System Services
•
Symptoms: A memory corruption may occur on a Network Processing Engine 200 (NPE-200).
Conditions: This symptom is observed on the NPE-200 of a Cisco 7200 series router. This symptom is observed when a high amount of traffic is present on the router and when there are packet sizes that are greater than 1524 bytes in size. The occurrence of this symptom may be related to port adapter arrangements.
Workaround: Rearrange the port adapters or upgrade to Cisco IOS Release 12.0(24)S or a later release.
•
Symptoms: When an entry in the ciscoPingTable MIB variable is set to be valid, high memory utilization may occur gradually because memory is not released by the "dead*" process of a Simple Network Management Protocol (SNMP) ping.
Conditions: This symptom is observed on a Cisco 12000 series after the router has been upgraded from an earlier Cisco IOS release to Cisco IOS Release 12.2(23)S.
Workaround: Exclude the ciscoPingTable MIB variable from the configuration by entering the snmp-server view view name ciscoPingTable excluded global configuration command.
•
Symptoms: When a Telnet session is made to a router after a VTY session pauses indefinitely, the user in the Telnet session may not be able to enter the configuration mode. When these symptoms occur, interfaces may enter the wedged state with Simple Network Management Protocol (SNMP) traffic.
Conditions: This behavior is observed on ATM and Packet over SONET (POS) interfaces. This behavior is not platform-specific.
Workaround: Disable Simple Network Management Protocol (SNMP) configuration traps by entering the no snmp-server enable traps config global configuration command.
•
Symptoms: The snmp mib target list global configuration command is not displayed when the show running-config EXEC command is entered on the secondary Performance Routing Engine (PRE). However, the snmp mib target list global configuration command is displayed when the show startup-config EXEC command is entered on the PRE.
Conditions: This symptom is observed on the PRE of a Cisco 10000 series.
Workaround: There is no workaround.
IP Routing Protocols
•
A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.
Cisco has made free software available to address this problem. For more details, see the advisory at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.
•
Symptoms: When the default-information originate router configuration command is entered on a Cisco 12000 series via the Border Gateway Protocol (BGP), the default route is learned correctly but is entered incorrectly into the BGP routing table. This behavior may cause the Cisco 12000 series to have operating issues with other routers because the Cisco 12000 series does not have a correct default route.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: Perform either of the following steps:
–
–
•
Symptoms: Transit traffic that uses Open Shortest Path First (OSPF) routes may be briefly interrupted after consecutive switch-over. This affects only OSPF configurations with message-digest authentication.
Conditions: This symptom is observed on Cisco routers that are running Cisco IOS Release 12.0(22)S when the following conditions are present:
The message-digest authentication is configured for OSPF.
More than one Route Processor (RP) switchover occurs within minutes of each other.
Workaround: There is no workaround. Traffic resumes without user intervention. To prevent future traffic interruptions on subsequent switchovers, disable the message-digest authentication for OSPF.
•
Symptoms: When a neighbor under virtual route forwarding (VRF) is configured using the bgp graceful-restart router configuration command, the session does not begin. A notification regarding wrong OPEN message is generated.
Conditions: This symptom is observed only when the router is configured using the bgp graceful-restart router configuration command.
Workaround: There is no workaround.
•
Symptoms: A Border Gateway Protocol (BGP) session reset occurs because of a notification that indicates a defective OPEN message.
Conditions: This symptom is observed when using the both option in the following command in router configuration mode:
neighbor ip-address [capability] orf prefix-filter [receive | send | both]
Workaround: Configure only the receive or send options of the neighbor-orf prefix-filter router configuration command.
•
Symptoms: The Multi Exit Discriminator (MED) that is received from a confederation external peer may be ignored in best path selection. The output of the show ip bgp longer-prefixes EXEC command does not indicate that any MED values were received.
Conditions: This symptom is observed when Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) configurations are present.
Workaround: There is no workaround.
•
A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.
Cisco has made free software available to address this problem. For more details, see the advisory at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.
•
Symptoms: A router may reload when the show ip bgp neighbors EXEC command is entered.
Conditions: This symptom is observed if the show ip bgp neighbors EXEC command is entered while the neighbor soft-reconfiguration router configuration command is enabled, or when Border Gateway Protocol (BGP) paths are dampened.
Workaround: Disable the neighbor soft-reconfiguration router configuration command or avoid dampening the BGP paths.
•
Symptoms: If the default-information originate router configuration command is entered on the Virtual Private Network (VPN) routing/forwarding (VRF) instance of a Cisco 12000 series that has the address-family ipv4 vrf vrf-name router configuration command configured using the Border Gateway Protocol (BGP), the default route is learned correctly but the default route is entered incorrectly in the BGP routing table. This behavior may result in unexpected behavior on the other router if the other router does not have a correct default route.
The default static route of the VRF is not advertised by BGP after the default static route is configured under the VRF, and BGP may advertise the incorrect default route that is in the BGP routing table.
Conditions: This symptom is observed on a Cisco 12000 series that is running BGP.
Workaround: Perform either of the following steps:
–
–
•
Symptoms: If a peer group is slow to establish and comes up while other members of the peer group are converging, the recently established member may not advertise the routes that were sent to the other members.
Conditions: This symptom occurs only if the new peer group member comes up while the other members of a peer group are converging. This symptom does not occur if the new peer group member comes up after the other members of the peer group have finished converging.
Workaround: The routes can be readvertised by entering the clear ip bgp peer-group-name soft out privileged EXEC command for any peer that has missing routes.
•
Symptoms: When the neighbor {ip-address | peer-group-name} default-originate router configuration command is used with a peer group, peers that belong to that peer group come up at a different time from when the Border Gateway Protocol (BGP) is formatting updates. Because of this behavior, the router may not advertise all routes to members of the peer group.
Conditions: This symptom is observed with IP version 4 (IPv4) unicast and Virtual Private Network (VPN) routing/forwarding (VRF) address family (AF) packets.
Workaround: There is no workaround.
•
Symptoms: Border Gateway Protocol (BGP) update generation may pause indefinitely when BGP is converging.
Conditions: This symptom may occur under any of the following six conditions when BGP is converging:
1.
2.
3.
4.
5.
6.
Workaround: There is no workaround for conditions 1 through 5.
To recover from condition 6, enter the clear ip bgp neighbor-address soft out privileged EXEC command. For the neighbor-address argument, use the IP address of the peer that did not receive all of the updates.
ISO CLNS
•
Symptoms: After a switchover, the Intermediate System-to-Intermediate System (IS-IS) takes about 10 minutes to fully recover and to install routes in the IP routing table.
Conditions: This symptom is observed on a Cisco 12000 series configured with IS-IS. The amount of time required for the Gigabit Ethernet (GE) interface to load after a switchover is very close to the amount of time of the IS-IS adjacency timeout. The device under test (DUT) is the designated router.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: A Cisco 12000 series router may report incorrect environmental values, as the following environmental logs display:
%ENV_MON-2-VOLTAGE: MBUS 5V supply (slot 1) volts has reached SHUTDOWN level at 5 m(V) %ENV_MON-2-TEMP: Hotpoint temp sensor (slot 17) temperature has reached SHUTDOWN level at 756(C)
%ENV_MON-2-VOLTAGE: Card 3.3v supply (slot 17) volts has reached CRITICAL level at 2560 m(V)Although the environmental logs indicate that the shutdown level has been reached, the router does not shut down the line cards for which the incorrect environmental values are reported.
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(21)S3, Release 12.0(21)S5, Release 12.0(21)ST2, or Release 12.0(22)S.
Workaround: There is no workaround.
•
Symptoms: The traffic on a Cisco 12000 series 3-port Gigabit Ethernet line card (3GE-GBIC-SC) is stopped after the shutdown interface configuration command followed by the no shutdown interface configuration command is entered on the interface while there is a traffic load on the interface.
Conditions: This symptom is observed on a 3GE-GBIC-SC line card.
Workaround: Configure autorenegotiation, or reload the 3GE-GBIC-SC line card.
•
Symptoms: A router that is running cell-mode tag switching or Multiprotocol Label Switching (MPLS) on a label controlled ATM (LC-ATM) interface may reload when it receives a more specific prefix for a label mapping or binding than the one that is already allocated. For example, the router may reload when it receives the prefix 10.1.1.0/24 if a binding was already allocated for 10.1.1.1/32 on the basis of the routing entry 10.1.0.0/16.
Conditions: This symptom is observed on an Edge Label Switch Router (ELSR) or Label Switch Controller (LSC).
Workaround: There is no workaround for an ELSR. To prevent an LSC from reloading, disable the headend label virtual circuits (LVCs) by entering the tag-switching atm disable-headend-vcs global configuration command.
•
Symptoms: Spurious access errors may occur on a Cisco 7500 series router configured with distributed Cisco Express Forwarding (dCEF) and Web Cache Communication Protocol (WCCP).
Conditions: This symptom is observed on Cisco 7500 series router configured with dCEF and WCCP.
Workaround: Disable dCEF on the interfaces that are facing the web cache engines where the spurious access errors occur so that incoming WCCP generic routing encapsulation (GRE) packets are punted to the Route Processor (RP) and CEF switched.
For more information about spurious access errors, see the Cisco document at the following location:
/en/US/products/sw/iosswrel/ps1828/products_tech_note09186a00800a65d1.shtml
•
Symptoms: A switchover from the working interface to the protect interface may take a long time.
Conditions: This symptom is observed on a Cisco 10000 series router when the SONET Single Router APS (SR-APS) feature is enabled.
Workaround: A temporary solution is to configure the protect interface as the working interface.
•
Symptoms: A Gigabit Ethernet Interface Processor plus (GEIP+) may report many alignment errors and the CPU utilization may stay at 100 percent.
Conditions: This symptom is observed on a Cisco 7500 series router.
Workaround: There is no workaround.
•
Symptoms: A router may pause indefinitely instead of restarting.
Conditions: This symptom is observed when the router is handling invalid addresses in the cached address space.
Workaround: There is no workaround.
•
Symptoms: Resource Reservation Protocol (RSVP) hello may incorrectly declare lost communications with a neighbor, and fast reroute may be triggered.
Conditions: This symptom is observed when RSVP is configured on a Packet over SONET (POS) interface with a hello interval of 60 milliseconds or less on a Cisco router that is running Cisco IOS Release 12.0(24)S. This symptom does not exist when hello is configured on an Ethernet interface.
Workaround: Configure hello intervals longer than 60 milliseconds.
•
Symptoms: Traceback messages may be detected when a user checks the log file of a standby Performance Routing Engine (PRE).
Conditions: This symptom is observed on a router that has a 6-port OC-3 Packet over SONET (POS) line card.
Workaround: There is no workaround.
•
Symptoms: An ingress line card may reload after the no shutdown interface configuration command is entered on the line card while traffic is present.
Conditions: This symptom is observed in a Multiprotocol Label Switching (MPLS) tunnel head that has a 1-port edge service (ES) Packet-over-SONET (POS) OC- 192c/STM-64 line card configured on both the ingress and egress line cards. This symptom is observed when the ip cef accounting per-prefix non-recursive global configuration command is configured.
Workaround: There is no workaround.
•
Symptoms: After the ALPHA application-specific integrated circuit (ASIC) is reset because of error recovery (that may be caused by parity errors in ALPHA memory), the port or fetch descriptors that select correct threads in ALPHA microcode are not programmed correctly. This behavior may prevent certain configured features, such as IP version 6 (IPv6) or IP Virtual Private Network (VPN) routing/forwarding (VRF), from working correctly.
Conditions: This symptom is observed on the line card of a Cisco 12000 series.
Workaround: Reset the line card.
•
Symptoms: Link utilization may be lower than expected.
Conditions: This symptom is observed on a Cisco 10000 series router that is running Cisco IOS Release 12.0(23)S1 when class-based weighted fair queueing (CBWFQ) is configured on multiple VLANs.
Workaround: Try one or more of the following options to improve the link utilization:
1.
2.
3.
•
Symptoms: An ATM interface does not come up after a Cisco 10000 series router has reloaded.
Conditions: This symptom is observed on a Cisco 10000 series router that is running Cisco IOS Release 12.0(23)S1.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
•
Symptoms: An Engine 4 Plus (E4+) Packet-over-SONET (POS) line card may reload when the access control list (ACL) of a port is changed.
Conditions: This symptom is observed when the ACL of a port is changed when there already is an ACL configured on the port of an E4+ POS line card.
Workaround: There is no workaround.
•
Symptoms: An Engine 4 plus (E4+) line card may reload and display the following error messages in the log or crash info:
%TX192-3-CPUIF: Error=0x100
%TX192-3-CPUIF_ERR: Underrun Error: Read Pointer crosses Write Pointer.Conditions: This symptom is observed on the E4+ line card of a Cisco 12400 series that is performing multicast packet fragmentation.
Workaround: There is no workaround.
•
Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.
Cisco has made software available, free of charge, to correct the problem.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
•
Symptoms: A Cisco router that is functioning as a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) provider edge (PE) router may reload with an "address error" message.
Conditions: This symptom is observed at bootup time when the PE and customer edge (CE) interfaces are coming up. The symptom occurs when a locally learned VPN routing/forwarding (VRF) route temporarily loses its local label. This condition leads to some data structures being cleaned up but still retaining references to the local label. It may also occur after bootup in the case of interface flaps. The reload is not a common occurrence, however, and may need additional triggers.
A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdv49909. Cisco IOS releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•
Symptoms: Packet throttling is activated because of congestion even when it is not configured. This behavior is indicated by the following error message:
%LC_CX3-4-THROTTLE: Packet throttling activated due to congestionConditions: This symptom is observed on a Cisco 12416 router that is configured with 200 Border Gateway Protocol (BGP) peers and that has three 6- port channelized T3 (6xCT3) line cards. Each of the line cards is configured with an even distribution of about 1500 Frame Relay subinterfaces.
Workaround: There is no workaround.
•
Symptoms: IP multicast hardware counter memory is not freed on an Engine 4 (E4) or Engine 4 Plus (E4+) line card after multicast routes are cleared from the routing table.
Conditions: This symptom occurs only when the E4 or E4+ line card runs out of mtrie node memory. The line card will run out of mtrie memory when there are more routes on the router than the line card can handle.
Workaround: There is no workaround.
•
Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.
Cisco has made software available, free of charge, to correct the problem.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
•
Symptoms: An OC-48 Packet-over-SONET (POS) interface may flap immediately after a high availability (HA) Fast Software Upgrade (FSU).
Conditions: This symptom is observed on a Cisco 10000 series when an HA FSU is performed from an image of Cisco IOS Release 12.0(23)S1 to an image of Release 12.0(23)S2.
Workaround: There is no workaround.
•
Symptoms: Some export packets sent from an Engine 4+ (E4+) line card are not received by the NetFlow collector.
Conditions: This condition is observed on the E4+ line card when the export packets are exported out of a traffic engineering (TE) or tag interface and the router is running Cisco IOS Release 12.0(22)S2.
Workaround: Export the packets out of the non-TE or non-tag interface. This means that export packets must be sent out as IP packets from the E4+ line card.
•
Symptoms: An Engine 4 plus (E4+) line card may reload unexpectedly.
Conditions: This symptom is observed when more than one adjacency is established across the interfaces of the E4+ line card while the ip cef accounting per-prefix non-recursive global configuration command is enabled. This symptom may occur when there is no traffic present on the line card.
Workaround: Disable the ip cef accounting per-prefix non-recursive global configuration command.
•
Symptoms: The output of the show ip interface EXEC command does not display the number of Reverse Path Forwarding (RPF) packet drops but indicates a value of "0" for the number of RPF packet drops. However, the global RPF count in the output of the show ip traffic | inc drop EXEC command is correct.
Conditions: This symptom is observed on a Cisco 10000 series that has Parallel Express Forwarding (PXF) switching enabled.
Workaround: There is no workaround. This is caveat has been closed.
•
Symptoms: The following error message may be observed on a line card:
%SLOT n: .... : %LC-3-ERRRECOVER: Corrected a transient error on line card.This error may be observed even though an actual hardware error has not occurred on the line card. If a hardware error does occur, it will generate additional error messages to identify the source of the hardware error in addition to the error message listed above.
Conditions: This symptom may be observed on a Cisco Engine 0 line card when a feature that requires a micro code change is configured.
Workaround: There is no workaround. Ignore the error message.
•
Symptoms: Pings from a customer edge (CE) router may fail in an Any Transport over Multiprotocol Label Switching (AToM) network.
Conditions: This symptom is observed when Ethernet over Multiprotocol Label Switching (EoMPLS) AToM is configured.
Workaround: There is no workaround.
•
Symptoms: The integrity of the payload may not be retained on a Cisco 10700 series that is running Cisco IOS Release 12.0(24)S.
Conditions: This symptom is observed on Cisco 10700 series that is operating in the Ethernet over Multiprotocol Label Switching (EoMPLS) port mode with a Packet over SONET (POS) interface that is connected to a Multiprotocol Label Switching (MPLS) backbone.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload because of a software condition when running the LDP-MIB MIB. The router reloads because of a process watchdog timeout in the "SNMP ENGINE" process and logs an entry similar to the following one and logs a traceback:
%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = SNMP ENGINE. %Software-forced reload
Unexpected exception, CPU signal 23, PC = 0x606F1FC4 ... Cause 00000024 (Code 0x9): Breakpoint exceptionConditions: This symptom is observed after the router ID has been changed and when Label Distribution Protocol (LDP) sessions have been added or removed.
Workaround: Do not change the router ID. If the router ID has been changed, do not run the LDP-MIB MIB.
•
Symptoms: An Engine 4 (E4) line card may reload after it displays the following error messages:
%TX192-3-PAM_MODULE: status = 0x2, mask= 0x3F - MODULE: Error signal from PIM module. -Traceback=
%TX192-3-PAM_PIM: status = 0x3D6, mask= 0x1A1 - PIM: header start offset >= 16kB. -Traceback=Conditions: These symptoms are observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(24)S under the following conditions:
–
–
–
–
Workaround: There is no workaround.
•
Symptoms: A Versatile Interface Processor (VIP) may reload.
Conditions: This symptom is observed on a VIP if Multiprotocol Label Switching (MPLS), Egress Netflow, and distributed Cisco Express Forwarding (dCEF) are configured.
Workaround: Disable DCEF or the Egress Netflow.
•
Symptoms: A Fabric Interface ASIC (FIA) controller halt condition may be observed on the Engine 4 (E4) or Engine 4 plus (E4+) line card of a Cisco 12410.
Conditions: This symptom is observed when the hw-module slot 17 shut EXEC command is entered while a primary Clock Scheduler Card (CSC) is installed in slot 17 of the E4 or E4+ line card of a Cisco 12410. This symptom is observed when the Cisco 12410 is running Cisco IOS Release 12.0(21)S6.
Workaround: Avoid entering the hw-module slot 17 shut EXEC command.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Symptoms: It may take a long time for a Cisco 12000 series to remove 250,000 Virtual Private Network version 4 (VPNv4) entries from an Engine 3 (E3) line card. While the router removes the VPNv4 entries, new VPNv4 entries cannot be updated on the line card.
Conditions: This symptom is observed when the router handles a large number of VPNv4 entries on its line cards (more than 80,000) and when a Border Gateway Protocol (BGP) session flaps (the session remains down for a few minutes). This behavior causes the router to remove all VPNv4 entries and repopulate the VPNv4 entries a few minutes later.
Workaround: There is no workaround.
•
Symptoms: Parallel Express Forwarding (PXF) reloads with the "0x680" software exception type in column 5 (T1RxC1).
Conditions: This symptom is observed on a Cisco 10000 series edge services router that is running Cisco IOS Release 12.0(21)ST5 but may also occur in Release 12.0 S.
Workaround: There is no workaround.
•
Symptoms: When Multiprotocol Label Switching (MPLS) traffic or MPLS Virtual Private Network (VPN) traffic is being forwarded by a Cisco 10720 router, about 50 percent of multicast traffic will be punted to a Route Processor (RP) and forwarded by the RP. The expected behavior is that multicast traffic should be forwarded by Parallel Express Forwarding (PXF) as long as a multicast route (mroute) entry exists. If many packets are punted to the RP, and the RP queue is congested, some of the multicast traffic that is being punted to the RP will be dropped. For example, multicast traffic may be dropped from a multicast application such as video or TV broadcast.
Conditions: This symptom is observed on a Cisco 10720 router that is running Cisco IOS Release 12.0(22)S, Release 12.0(23)S1, or Release 12.0(24)S when the following conditions are met:
–
–
Workaround: Stop the MPLS or MPLS VPN traffic.
•
Symptoms: Traffic may not be forwarded to an egress line card if an uncorrected parity error is detected.
Conditions: This symptom is observed on an Engine 3 (E3) IP Services Engine (ISE) line card of a Cisco 12000 series.
Workaround: Reload the microcode of the line card after the error recovery process occurs.
•
Symptoms: A corrupted VLAN ID may be created when a VLAN ID rewrite operation is configured on the VLAN interface of a Cisco 10720. When this symptom occurs, the Canonical Format Identifier (CFI) bit of the incoming 802.1q header is not preserved.
Conditions: These symptoms are observed with input packets that have the CFI bit of the 802.1q header set to a value of "1" (CFI=1) and when the new VLAN ID value has a value of "0" for bit 4 (when the count is made from the least significant bit position). The new VLAN ID value (that is produced by the VLAN ID rewrite operation) for the output packet will have an incorrect value of "1" for bit 4.
The CFI bit of the incoming packet is not preserved when the value of the CFI bit is "1" and the outgoing packet has a incorrect CFI bit value of "0".
Workaround: There is no workaround.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Symptoms: Traffic and routing outage may be observed on a router for several minutes.
Conditions: This symptom is observed on a Cisco 12000 series when a line card reload event is triggered by an uncorrected soft memory error and by a simultaneously bounding policy-based routing (PBR) policy that is on an IP Services Engine (ISE) interface.
The uncorrected soft memory error trigger is observed to occur before the trigger that is caused by the simultaneously bounding policy-based routing policy.
Workaround: There is no workaround.
•
Symptoms: An active Performance Route Processor (PRP) may pause indefinitely and not enter the ROM monitor (ROMmon) mode after its firmware is upgraded. When this behavior occurs, the secondary PRP takes over as the primary PRP.
Conditions: This symptom is observed when the upgrade all EXEC command is entered on the active PRP of a router that is running Cisco IOS Release 12.0(23)S and that has a dual PRP configuration while both PRPs are enabled.
Workaround: Power-cycle the router to exit the indefinite pause state. To prevent the active PRP from pausing indefinitely, avoid booting up both of the PRPs simultaneously. Boot up only the first PRP to the enabled state and upgrade the PRP. Perform the same procedure with the second PRP.
•
Symptoms: A memory leak may be observed on a line card with the Multicast Distributed Switching (MDS) line card process when the ip multicast-routing global configuration command is enabled while there are tunnel interfaces configured.
Conditions: This symptom occurs when the affected line card runs out of memory because of a memory leak and the MDFS process on the line card attempts to allocate memory. This symptom occurs only when multicast routing is enabled by entering the ip multicast-routing distributed global configuration command and when a traffic engineering (TE) tunnel is configured.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series that is configured with a Performance Route Processor 1 (PRP-1) may pause indefinitely.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with a PRP-1 when the configuration is being saved after it has previously received a break signal on the console. This symptom does not affect the Gigabit Route Processor (GRP).
The break signal can be received by the router when it is sent intentionally by a terminal or when it is unintentionally received as noise on the console connection. Unintentional noise may occur if a terminal or terminal server that is connected to the router is powered off or when certain terminals or personal computer terminal emulators are first connected. When the router pauses indefinitely, it must be power-cycled to be restored to a normal working condition.
Workaround: There is no workaround.
•
Symptoms: A switch fabric card (SFC) switchover may occur, cyclic redundancy check (CRC) Fabric Interface ASIC (FIA) errors may occur, and the following error message may be displayed on a Cisco 12400 series:
FABRIC-3-ERR_HANDLE Due to CRC error from slot 8, shutdown the fabric card on slot 22Note that the slot numbers (that is, 8 and 22) are just examples.
Conditions: These symptoms are observed after a Cisco 12400 series router that is configured with one or more Engine 4 plus line cards is reloaded with a new Cisco IOS release that causes a maintenance bus (MBus) download condition and while traffic is being processed on the router.
Workaround: After the router is reloaded with the new Cisco IOS release, reload the router for a second time.
•
Symptoms: An Engine 4 10-port Gigabit Ethernet (GE) line card may reload or you may not be able to ping across the modular GE interfaces of the line card.
Conditions: This symptom is observed on a Cisco 12410 that has a redundant Clock Scheduler Card (CSC) after you have performed an online insertion and removal (OIR) of the master (CSC).
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series Engine 3 (E3) line card may log "EE48-2-GULF_TX_SRAM_ERROR" error messages if certain packet types are forwarded incorrectly.
Conditions: This symptom is observed on Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) provider edge (PE) routers when multicast traffic is destined for the customer edge (CE) router.
Workaround: There is no workaround.
•
Symptoms: The Automatic Protection Switching (APS) function may not failover after a line card is reset.
Conditions: This symptom is observed when a line card is reset (either by entering the hw-module reset EXEC command or by manually resetting the line card).
Workaround: There is no workaround.
•
Symptoms: Some interfaces of a Cisco 10000 series 6-port channelized T3 line card may not come up.
Conditions: This symptom is observed when you configure the T3 controller with any combination of time slots, but using more than 15 and fewer than 21 time slots.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10720 may reboot when you enter the no srp reject H.H.H interface configuration command on a Spatial Reuse Protocol (SRP) interface.
Conditions: This symptom is observed intermittently. If there is no valid entry to be removed for the srp reject H.H.H interface configuration command, the command negation has no impact.
Workaround: There is no workaround.
•
Symptoms: A router may not boot to the configured Cisco IOS software version when the full path of the Cisco IOS image is specified in the boot system flash global configuration command, such as in the following example:
boot system flash disk0:c12kprp-p-mz
Conditions: This symptom is observed on a Cisco 12000 series router that is configured with dual Performance Route Processors (PRPs).
Workaround: Configure the boot system flash global configuration command without specifying the device name, such as in the following example:
boot system flash c12kprp-p-mz
•
Symptoms: Packets may be dropped by a 3-port line card for a Cisco 12000 series Internet router.
Conditions: This symptom is observed on a Cisco 12000 series Internet router that is configured with a 3-port line card and that is running Cisco IOS Release 12.0(21)ST or Release 12.0(22)S when the following conditions are met:
–
–
–
–
Workaround: Remove the output ACL if possible or use Cisco IOS Release 12.0(23)S or a later release.
•
Symptoms: All ports of an Engine 0 (E0) digital service 3 (DS3) card may remain in an "up/down" condition indefinitely.
Conditions: This symptom is observed on Engine 0 (E0) DS3 cards when one of the ports receives a "yellow" alarm.
Workaround: Enter the microcode reload global configuration command to microcode reload the DS3 card.
•
Symptoms: Auto negotiation may not work as expected on a router.
Conditions: This symptom is observed when a Cisco 10720 router is used in a network that has a Cisco Catalyst 6500 switch and a vendor-specific optical repeater.
Workaround: There is no workaround.
•
Symptoms: A standby Performance Routing Engine (PRE) may reload continuously, and the router may enter the "standby cold-bulk" redundancy state.
Conditions: This symptom is observed with certain configurations. The standby PRE may reload continuously when a new image is loaded after the hw-module reset standby-cpu reset global configuration command is entered or after a switchover occurs.
Workaround: There is no workaround.
•
Symptoms: A standby Gigabit Route Processor (GRP) may reload with a bus error.
Conditions: This symptom is observed after the ATM interface of a Cisco 12000 series is shut down.
Workaround: There is no workaround.
•
Symptoms: Line cards that are installed on a Cisco 12000 series may reload.
Conditions: This symptom is observed when a Virtual Private Network (VPN) routing/forwarding (VRF) instance is added or deleted, and a loopback interface is configured with one of the VRF instances.
Workaround: There is no workaround.
•
Symptoms: On a Cisco 12000 series router that is configured with an Engine-2-based line card that carries both Multiprotocol Label Switching (MPLS) and IP traffic and that is forwarding packets to an output port (that has a committed access rate [CAR] rule configured on an Engine-0, Engine-1 or Engine-2-based output line card), the IP traffic may be dropped because of an incorrect packet switching application-specific integrated circuit (PSA) Cisco Express Forwarding (CEF) entry.
Conditions: This symptom is observed on a Cisco 12000 series that has been upgraded from Cisco IOS Release 12.0(21)S5 to Release 12.0(22)S or Release 12.0(23)S. This configuration requires that the traffic enter the router on an Engine 2 line card and leave the router on an Engine-0, Engine-1, or Engine 2-based line card that has an output CAR applied to its port.
Workaround: Remove the output CAR rule from the egress line card to restore traffic.
•
Symptoms: The following error message may be displayed on a router:
%ALIGN-3-SPURIOUS: Spurious memory access made at 0x50164CDC reading 0x0Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: Occasional ping failures may be observed over a VLAN interface.
Conditions: This symptom is observed on the VLAN interface of a Cisco 12000 series modular Gigabit Ethernet line card. The Cisco 12000 series modular Gigabit Ethernet line card is connected to Cisco Catalyst switches over VLAN interfaces.
Workaround: There is no workaround.
•
Symptoms: The core router Multiprotocol Label Switching (MPLS) forwarding entry has the correct outgoing interface but has an incorrect label to use for sending traffic to the edge router. The incorrect label is identical to the label that is sent by another core router for the same prefix through another interface.
Conditions: This symptom is observed in a service provider network when the route to the prefix that has the incorrect MPLS forwarding entry is configured using a static recursive route and the specific IP address that is specified in the ip route prefix mask ip-address global configuration command is changed by topology changes to go through a different adjacent router. The incorrect outgoing Label Distribution Protocol (LDP) or Tag Distribution Protocol (TDP) label corresponds to the router that was adjacent prior to the routing change.
Workaround: To clear this condition, enter the clear ip route {network [mask] | *} EXEC command to cause MPLS to create a new forwarding entry that has the correct interface and label for the prefix.
To prevent this condition from occurring, advertise the route to the prefix in question using an Interior Gateway Protocol (IGP).
Alternate Workaround: Configure a static nonrecursive route to the prefix and IP address of the next-hop router by entering the ip route prefix mask ip-address interface-type interface-number global configuration command.
•
Symptoms: Border Gateway Protocol (BGP) may send incomplete updates to the peer routers, and some routers may not send full routes to their peer routers. This behavior may cause some routes to be missing from the peer.
Conditions: This symptom is observed when a slow BGP peer in a peer group comes up while BGP is in the process of sending updates to the peer routers. This symptom is not platform specific.
Workaround: Enter the clear ip bgp peer-address soft out EXEC command to clear this condition. Avoid using a peer group if possible.
•
Symptoms: An Engine 2 line card that is configured with virtual routing and forwarding may reload.
Conditions: This symptom is observed under either one of the following conditions:
–
–
The line card does not come back up after it reloads and must be manually reloaded.
Workaround: There is no workaround.
•
Symptoms: Leaks may be observed for some Virtual Private Network routing and forwarding (VRF) routes in the global Forwarding Information Base (FIB) table when a VRF is deleted and recreated.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0 S or Release 12.2 T.
Workaround: There is no workaround.
•
Symptoms: When you enter the show cef idb EXEC command on a primary Route Processor (RP), the output of the command displays that for two subinterfaces of the same interface that should have the same interface number, one of the subinterfaces has a "-" sign in the "IIndex" column and both subinterfaces have the same number in the "FIndex" column.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(24)S and may also occur on a Cisco 7500 series and a Cisco 10000 series. The symptom occurs when there are multiple subinterfaces on one hardware interface, when a Stateful Switchover (SSO) occurs, and when the original active RP (that becomes the new standby RP) reloads.
Workaround: There is no workaround.
TCP/IP Host-Mode Services
•
Symptoms: A router may reload while you change the maximum transmission unit (MTU) size to 64 bytes on an OC-12 or OC-24 Packet-over-SONET (POS) interface.
Conditions: This symptom is observed on a Cisco 10000 series router or a Cisco 12000 series router when Multiprotocol Label Switching (MPLS) is enabled on the interface.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may leak memory at a rate of up to 100 KB per day, resulting in the gradual reduction of the available memory.
Conditions: This symptom is observed on a Cisco router that is running Label Distribution Protocol (LDP). The symptom may be caused by applications that use TCP as the transport protocol.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(23)S2
Cisco IOS Release 12.0(23)S2 is a rebuild of Cisco IOS Release 12.0(23)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(23)S2 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
•
Symptoms: A data-link switching (DLSw) peer may be stuck in the "AB_PEND" state and a TCP session may be stuck in the "SYNSENT" state after an IP outage occurs between two DLSw routers.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.1(3)T but may also occur in other releases such as Release 12.0 S or Release 12.2 S.
Workaround: Use the show tcp brief EXEC command to determine the Transmission Control Block (TCB) of the hung TCP session. Enter the clear tcp tcb address privileged EXEC command to clear the TCB of the hung TCP session. The DLSw peers will reconnect as long as there is IP connectivity between the DLSw peers.
•
Symptoms: A Simple Network Management Protocol version 3 (SNMPv3) user configuration is changed when a router is reloaded.
Conditions: This symptom is observed when an SNMPv3 user is created using message digest 5 (MD5) authentication by entering the following commands:
Router#snmp group groupy v3 auth
Router#snmp user abcdefghij groupy v3 auth md5 abcdefghijThe engine ID is then changed by entering the following command:
snmp-server engineID local 00000009020000024B0008FE
An SNMP walk is performed by entering the following command, the configuration is saved, and the router is reloaded:
Router#snmpwalk -v 3 -u abcdefghij -A abcdefghij -a MD5 -l AuthNoPriv device-nameThe SNMP walk is successful and the following debug header output is displayed when the debug snmp EXEC command is entered:
Incoming SNMP packet: v3 packet security model: v3 security level: auth username: abcdefghijThe router is reloaded and a second SNMP walk is performed by entering the following command:
Router#snmpwalk -v 3 -u abcdefghij -A abcdefghij -a MD5 -l AuthNoPriv device-nameAfter the second SNMP walk is performed, the command does not generate any output and the following debug header output is displayed when the debug snmp EXEC command is entered:
Incoming SNMP packet: v3 packet security model: v3 security level: noauth: username: abcdefghijWorkaround: Do not change the default engine identity (ID).
•
Symptoms: A single-port Fast Ethernet 100BASE-TX port adapter (PA-FE-TX) may stop receiving burst traffic packets.
Conditions: This symptom is observed on a PA-FE-TX that is installed in a Cisco 7206VXR router.
Workaround: Clear the symptom by entering the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface of the PA-FE-TX.
•
Symptoms: An incomplete adjacency is created between a provider edge (PE) router and a customer edge (CE) router. This situation causes a ping from one CE router to another CE router to fail.
Conditions: This symptom is observed in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment.
Workaround: First send a ping from the PE router to the CE router. After that, you can send a ping from one CE router to the other CE router.
•
Symptoms: Group G (*,G) multicast route (mroute) state joins may no longer be sent. This situation may cause traffic to stop flowing after the group G mroute state times out.
Conditions: This symptom is observed after Protocol Independent Multicast (PIM) is disabled and then reenabled on an interface that serves as the only PIM interface on a router.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series may generate the following message:
%LINK-3-TOOSMALL: Interface POS3/0, Output runt packet of 0 bytesConditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(21)S5, when an error occurs on an Engine 2 line card and when both sampled NetFlow and Multiprotocol Label Switching (MPLS) are enabled.
Workaround: Disable sampled NetFlow. Note that this workaround affects service because disabling sampled NetFlow causes Cisco Express Forwarding (CEF) to reload on the line card.
•
Symptoms: After a Border Gateway Protocol (BGP) neighbor resets, CPU utilization may run very high on a Cisco 12000 series.
Conditions: This symptom is observed when the default-metric BGP command is enabled in the BGP router configuration.
Workaround: There is no workaround.
•
Symptoms: For a short period of time, a forwarding engine can continue to send traffic to an interface that has just been shut down. Depending on traffic rates, this may consume all of the output buffer on the line card, causing the other interfaces on that line card to go down.
Conditions: This symptom is observed under rare circumstances.
Workaround: There is no workaround.
•
Symptoms: Traffic policing may not function.
Conditions: This symptom is observed on the Network Processing Engine (NPE) of a Cisco 7200 series router.
Workaround: There is no workaround.
•
Symptoms: A Versatile Interface Processor (VIP) may reload because of a direct memory access (DMA) receive error and may display a message that is similar to the following:
CYASIC Error Interrupt register 0x2000000
DMA Receive Error
CYASIC Other Interrupt register 0x180
QE HIGH Priority Interrupt
Unknown CYA oisr bit 0x00000080
QE RX HIGH Priority Interrupt
QE TX HIGH Priority Interrupt
CYBUS Error Cmd/Addr 0x8000068, CYBUS Error Data 0x0
MPUIntfc/PacketBus Error register 0x0Conditions: This symptom is observed while there is a large amount of Internet MIX (IMIX) traffic on a 2-port Fast Ethernet port adapter (PA-2FE) that is installed on the VIP of a Cisco 7500 series.
Workaround: There is no workaround.
•
Symptoms: A "%SNMP-3-CPUHOG: Processing GetNext of ciscoFlashDeviceEntry.5.8" error message is displayed during a Simple Network Management Protocol (SNMP) query on ciscoFlashDeviceEntry.
Conditions: These symptoms can occur on any Cisco router that is running Cisco IOS software.
Temporary Workaround: Exclude ciscoFlashMIB by entering the snmp-server global configuration command. If SNMP must be enabled on the Flash devices, then there is no workaround.
•
Symptoms: If you change the interface bandwidth or delay, a router may reload.
Conditions: This symptom is observed after Enhanced Interior Gateway Routing Protocol (EIGRP) is terminated via the no router eigrp as-number global configuration command or the no ip routing global configuration command, causing the EIGRP process list to be invalid.
Workaround: Reload the router after you have terminated EIGRP.
•
Symptoms: When an input access control list (ACL) is configured and multiple broadcast Address Resolution Protocol (ARP) requests are received, packet loss and performance degradation may occur because of a "format error" that is reported in the output of the show ip traffic EXEC command.
Conditions: This symptom is observed when you have enabled NetFlow on an interface of a 1-port Gigabit Ethernet line card that is installed in a Cisco 12000 series that is running Cisco IOS Release 12.0(16)S or Release 12.0 (22)S.
Workaround: Although the condition is triggered by multiple broadcast ARP requests, it only occurs if NetFlow, input ACLs, and ACL hardware checking are configured. Disabling any of these features will prevent the condition from occurring. For example, to remove the ACL hardware checking on the 1-port Gigabit Ethernet line card, enter the no access-list hardware salsa command.
•
Symptoms: Packets are not exported from a Cisco 12000 series 1-port Gigabit Ethernet line card.
Conditions: This symptom is observed when an input access control list (ACL) and Sampled NetFlow (SNF) are configured using the access-list hardware salsa command.
Workaround: There is no workaround.
•
Symptoms: A 4-port OC-48 Packet-over-SONET (POS) Engine 4 plus (E4+) line card may stop forwarding traffic after you have reloaded microcode onto the line card.
Conditions: This symptom is observed on a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0(24)S in a carrier supporting carrier configuration when the 4-port OC-48 POS E4+ line card interconnects a provider edge (PE) and a provider (P) router.
Workaround: Enter the clear ip bgp privileged EXEC command on the PE router.
•
Symptoms: A line card in a provider edge (PE) router that is running IP version 6 (IPv6) in a Multiprotocol Label Switching (MPLS) environment (also referred to as a 6PE router) or in any connected router may reload because of a fabric ping failure, and the following error message may be generated:
%FIB-3-FIBDISABLE: Fatal error, slot 1: IPC Failure: timeout
%GRP-3-COREDUMP: Core dump incident on slot 1, error: Fabric ping failure (seq:3279)
%GRP-4-RSTSLOT: Resetting the card in the slot: 1,Event: EV_LC_E4_CORE_DUMP_DECLINE_DUPConditions: This symptom is observed on a Cisco 12000 series that functions as a 6PE router or on any connected router when an IPv6 default route is removed from another 6PE router and traffic is flowing through the IPv6 default route while the route update following the route removal is being processed. When the IPv6 default route is removed, one or more line cards may reload on any router that receives the route update.
Workaround: There is no workaround.
•
Symptoms: An Engine 2 egress line card that is installed in a Cisco 12000 series that is functioning as a provider edge (PE) router reloads when a customer edge (CE) router starts sending traffic, and the following error messages are generated:
* %LCLOG-3-INVSTATE: LC logger in an invalid state (LC=3,state=WAITING FOR TEXT,msg=MSG START) -Traceback= 503583F8 502F6464 5021C54C 5021C538 SLOT 3: %LC-3-PSAERRS: PSA PSA_CPU_GS_INT error 4 SLOT 3:
%LC-3-PSAERR: PSA error: if_err 0 adr FC00002C cmd 5 data 0 pipe 0,fs 0,prep 0 (pc 1E5),pop 0 (pc 19C),plu 0,tlu 0,plu sdram 0 adr 0 synd 0 ch *
%GRP-3-FABRIC_UNI: Unicast send timed out (3). * %LCINFO-3-CRASH: Line card in slot 3 crashedConditions: This symptom is observed only when the ip cef accounting non-recursive per-prefix global configuration command is enabled.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series may reload because of a redzone corruption.
Conditions: This symptom is observed on a Cisco 12000 series that is running the gsr-k4p-mz image of Cisco IOS Release 12.0(21)S1.
Workaround: There is no workaround.
•
Symptoms: On a dual Route Processor (RP) router that has the Route Processor Redundancy Plus (RPR+) feature enabled, the configuration synchronization may fail when two break instances are sent on the standby RP.
Conditions: This symptom is observed on a Cisco 12000 series only if the user sends two break instances on the standby RP.
Workaround: There is no workaround.
•
Symptoms: An OC-12 Dynamic Packet Transport (DPT) line card may reload when IP version 6 (IPv6) is configured on the interface.
Conditions: This symptom is observed when IPv6 traffic enters the interface.
Workaround: Unconfigure IPv6 on the interface, and use tunnels instead.
•
Symptoms: A permanent virtual circuit (PVC) on a standby Route Processor (RP) may go down after the oam-pvc manage interface-ATM-VC configuration command is enabled. This behavior may cause the RP to take a longer time to be brought up after an RP switchover occurs. Traffic on a Cisco 12000 series or Cisco 10000 series Edge Services Router (ESR) may be interrupted for about 10 seconds when this behavior occurs.
Conditions: This symptom is observed on the standby RP of a Cisco 10000 series that is running Cisco IOS Release 12.0(23)S.
Workaround: Enter the no oam-pvc manage interface-ATM-VC configuration command to disable generation of Operation, Administration, and Maintenance (OAM) loopback cells and OAM management on the ATM PVC.
•
Symptoms: When you add a new Performance Routing Engine (PRE) to a Cisco 10000 series, the startup configuration may not be copied to the new PRE. Verify that the configuration exists by entering the dir sec- nvram: EXEC command or the dir standby-nvram: EXEC command, depending on the Cisco IOS software image that you are running.
Conditions: The conditions under which this symptom occurs are not known at this time.
Workaround: Cut over to the new PRE, and save the configuration.
•
Symptoms: A Tag Forwarding Information Base (TFIB) entry for a Virtual Private Network (VPN) routing/forwarding (VRF) static recursive route that is configured for multihop Border Gateway Protocol (BGP) may be lost.
Conditions: This symptom is observed after the egress interface flaps.
Workaround: There is no workaround.
•
Symptoms: When a Cisco 12000 series Engine 2 Packet-over-SONET (POS) line card collects statistics for locally assigned Multiple Protocol Label Switching (MPLS) label entries, it may lose the outgoing label entries for the associated prefixes. All the prefixes show up as untagged, and it may be difficult or impossible to reach the prefixes.
Conditions: This symptom is observed on a Cisco 12000 series Engine 2 POS line card.
Workaround: To recover from the situation, reset the line card.
•
Symptoms: The Path Remote Defect Indication (PRDI) may not be handled properly during an Automatic Protection Switching (APS) switchover. This situation does not affect service.
Conditions: This symptom is observed on a Cisco 10000 series OC-12 ATM line card when an APS switchover occurs because of poor line quality.
Workaround: There is no workaround.
•
Symptoms: Loadsharing may occur unevenly.
Conditions: This symptom is observed on a Cisco 12000 series line card that does not support 16 hash buckets for loadsharing when Cisco Express Forwarding still attempts to use 16 hash buckets instead of the maximum number of hash buckets that is supported by the hardware.
Workaround: There is no workaround.
•
Symptoms: A router may loop indefinitely when a Simple Network Management Protocol (SNMP) walk is performed against certain objects. The SNMP walk will not cycle if a specific interface is specified.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(21)S6.
Workaround: Reload the router.
•
Symptoms: A spurious memory error may occur when the microcode of an Engine 3 (E3) 16-port OC-3 (16xOC-3) Packet over SONET (POS) line card is reloaded.
Conditions: This symptom is observed on the E3 16xOC-3 POS line card of a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series Engine 4 plus line card may reload after a forced switchover.
Conditions: This symptom is observed when Stateful Switchover (SSO) and Intermediate System-to-Intermediate System (IS-IS) are configured.
Workaround: Disable IS-IS.
•
Symptoms: A memory leak may occur on a line card.
Conditions: This symptom is observed on the line card of a Cisco 12000 series after NetFlow is disabled on the last interface of a line card that has NetFlow enabled. This symptom is observed while there are more than 1900 flow records in the NetFlow cache of the line card.
Workaround: Keep NetFlow enabled on at least one interface on the line card.
•
Symptoms: An Engine 2 (E2) line card may reload after it reboots.
Conditions: This symptom is observed on the E2 line card of a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0(23)S. The E2 line card is configured with 128 line input access control list (ACLs), Virtual Private Network (VPN), and has Frame Relay configured on one of the interfaces.
Workaround: There is no workaround.
•
Symptoms: An unusually formatted Multicast Source Discovery Protocol (MSDP) packet may cause memory corruption and a router to reload.
Conditions: This symptom is observed on a Cisco router when it has a peer relationship with a specific third-party vendor router that is running a recent software release.
Workaround: Shut down the peer relationship by entering the ip msdp shutdown peer-address global configuration command.
•
Symptoms: Manual Layer 2 Tunneling Protocol (L2TP) version 3 tunnels fail when two or more tunnels are configured to different destination provider edge (PE) routers. All of the traffic that enters the tunnel is forwarded to the same PE regardless of the configured PE address. This symptom is also observed when the user starts off with one manual tunnel configuration that points to a particular PE router and later changes the configuration to point to a different PE router.
Assuming that PE router 1 (PE1) is the initial router that the manual configuration points to and PE router 2 (PE2) is the subsequent PE router that the configuration is subsequently configured to point to, traffic will be sent to PE1 even after the configuration has been altered to point to PE2.
Conditions: This symptom is observed when the user has more than one manual L2TP version 3 tunnel configured and when at least one of those tunnels is going to a different destination IP address than the other tunnels.
Workaround: Use negotiated L2TP sessions or enable keepalive processing on the manual L2TP version 3 tunnels.
•
Symptoms: An Engine 3 line card that connects a provider edge (PE) router and a customer edge router, both of which are running the Carrier Supporting Carrier feature, may reload.
Conditions: This symptom is observed on a Cisco 12000 series that is running the gsr-p-mz image of Cisco IOS Release 12.0(23)S, that is functioning as a PE router, and that is running the Carrier Supporting Carrier feature when you reload microcode on one of multiple line cards that connects the PE router to a provider (P) router.
Note that the symptom occurs on an Engine 3 line card that connects the PE router and the CE router, but the microcode is reloaded onto another line card that connects the PE router and the P router.
Workaround: There is no workaround.
•
Symptom: A Versatile Interface Processor (VIP) may reload unexpectedly if the following sequence is performed:
1) Enable distributed Cisco Express Forwarding (dCEF) by entering the ip cef distributed global configuration command.
2) Disable the NetFlow Flow-cache or NetFlow switching for IP routing (using the no ip route-cache flow global configuration command).
3) Configure Cisco Express Forwarding (CEF) using the ip cef global configuration command.
4) Re-enable dCEF by entering the ip cef distributed global configuration command.
5) Re-enable ip flow-cache commands, or enter the ip route-cache flow command.
6) Configure CEF using the ip cef global configuration command.
Conditions: This symptom was observed durning Cisco internal testing using VIP software, version 12.0(22.4)S.
Workaround: Re-enable ip flow-cache or ip route-cache flow commands before re-enabling dCEF, or upgrade to Release 12.0(23)S2 (recommended). This issue is resolved in 12.0(24)S.
•
Symptoms: The OC-48 Packet-over-SONET (POS) bandwidth on a Performance Routing Engine 1 (PRE1) may not exceed 1.2 Gbps. The bandwidth should be able to scale to 1.4 Gbps.
Conditions: This symptom is observed on a Cisco 10000 series.
Workaround: There is no workaround.
•
A line card that is facing the core of a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) may generate packet switch application-specific integrated circuit (ASIC) (PSA) error messages and may stop sending traffic to the core of the network. The following output may be observed when the show interface gigabit ethernet interface EXEC command is entered.
%LC-3-PSAERRS: PSA PSA_CPU_GS_INT error 4
%LC-3-PSAERR: PSA error: if_err 0 adr FC00002C c md 5 data 0 pipe 0,fs 0,prep 0 (pc 1EC),pop 0 (pc 19F),plu 0,tlu 0,plu sdram 0 a dr 0 synd 0 check 4D00,tlu sdram 0 adr 0 synd 0 check 0,ssdram 0 adr 0,gather 0, pl 1822D92,plmuxcnts 61, pludefpsr 22000, plupsr 22000, pludsr 0Conditions: These symptoms are observed on a Cisco 12000 series 3-port Gigabit Ethernet line card when the line card flaps.
Workaround: There is no workaround.
•
Symptoms: The CPU on a Cisco 7500 series Versatile Interface Processor (VIP) or on a Cisco 12000 series line card may persistently show very high utilization (99 percent) reported against the "TAG Stats Background" process, as is displayed in the output of the show processes cpu EXEC command:
CPU utilization for five seconds: 100%/1%; one minute: 99%; five minutes: 99%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
53 31226460 603427 51748 98.39% 98.60% 97.08% 0 TAG Stats Backgr
This situation does not directly impact the router operation because the "TAG Stats Background" process is a low priority process. However, the show mpls forwarding-table EXEC command does not provide accurate counters when this situation occurs.
Conditions: This symptom, which is a rare race condition, may occur when parallel paths are configured.
Workaround: Enter the no tag ip aggregate hidden command on the route processor. Note that doing so will prevent the counters of the show mpls forwarding-table EXEC command from being updated.
To restore normal VIP or line card operation, reload microcode onto the affected VIP or line card.
•
Symptoms: A Cisco router that is functioning as a dedicated Border Gateway Protocol (BGP) Route Reflector (RR) in a network that is configured for BGP may display a message very similar to the following one on its console:
%SYS-3-CPUHOG: Task ran for 30020 msec (6/6), process = BGP Router, PC = 6080D21C.When the message is displayed, the BGP router process causes the CPU utilization of the router to become high for one to several minutes, depending on the number of prefixes, neighbors, and updates.
Conditions: This symptom is observed when the router is running Cisco IOS Release 12.0(22)S or a later release, when it has a large number of neighbors that are configured in peer groups or update groups, when it has a large number of prefixes to send or receive, and when most of the neighbors start at the same time, or when the BGP sessions of the neighbors are reset at the same time using the clear ip bgp * EXEC command.
The symptom is also observed in the above-mentioned network topology when the client of a BGP RR is reset using the clear ip bgp * EXEC command.
Workaround: Do not reset all the BGP neighbor routers at the same time when RRs are used in a BGP configuration.
Alternate Workaround: Use Cisco IOS Release 12.0 ST.
•
Symptoms: A Route Processor (RP) may reload.
Conditions: This symptom is observed on a Cisco 12000 series that is configured with dual RPs in Stateful Switchover (SSO) mode and that has about 200 Intermediate System-to-Intermediate System (IS-IS) neighbors when Nonstop Forwarding (NSF) is configured under the IS-IS process.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10720 router that is functioning as a provider (P) router may stop correctly performing Multiprotocol Label Switching (MPLS) label disposition, which can be verified in the output of the show hardware pxf cpu mpls label privileged EXEC command.
Conditions: This symptom is observed in a fully meshed network of provider edge (PE) routers that are connected via 802.1q links and occurs when a link breaks.
Workaround: There is no workaround. To clear the situation, enable explicit null labels or enter the clear ip bgp privileged EXEC command.
•
Symptoms: When a SONET link is not stable, the following error messages may be generated on a 1-port OC-48 Port Packet-over-SONET (POS)/Synchronous Digital Hierarchy (SDH) IP Services Engine (ISE) line card:
SLOT 1: %EE48-3-GULF_RX_MOFIFO: Overflow detected. Corrective action taken.
SLOT 1: %EE48-3-GULF_RX_BYTE_TO_WORD: Out of synchronization, bitmap= 0xE. Corrective action taken.Conditions: This symptom is observed under rare circumstances on a Cisco 12000 series that is running Cisco IOS Release 12.0(22)S2.
Workaround: Reload the line card.
•
Symptoms: IP multicast routes (mroutes) may not be downloaded to some line cards when a router is reloaded. The show ip mroute EXEC command can be entered on the Route Processor (RP) and the show ip mds forwarding EXEC command on the line cards to verify if mroutes are missing from the line cards.
Conditions: This symptom is observed when hardware-assisted multicast forwarding is used on a line card and occurs only if two line cards are reloaded simultaneously.
Workaround: Enter the clear ip mroute EXEC command on the line card to clear this symptom.
•
Symptoms: Traffic does not resume after a Cisco 12000 series has reloaded.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(24)S in an IP version 6 (IPv6) environment and that is configured with Engine 3 line cards.
Workaround: There is no workaround.
•
Symptoms: Engine 4 (E4), Engine 4 Plus (E4+), Gigabit Ethernet, and Packet-over-SONET (POS) line cards on the transmit (TX) side may drop multicast packets. The multicast packets are meant to be fragmented by the Tx slow path.
Conditions: This symptom is observed on any incoming receive (RX) line card if the maximum transmission unit (MTU) of any outgoing interfaces is less than the size of the incoming packet. This symptom will not occur in the TX fast path or with non-fragmented packets.
Workaround: There is no workaround.
•
Symptoms: Virtual Router Redundancy Protocol (VRRP), Hot Standby Routing Protocol (HSRP), and other applications may not work as expected.
Conditions: This symptom is observed on an Ethernet line card after either an online insertion and removal (OIR) or a microcode reload procedure is performed.
Workaround: There is no workaround.
•
Symptoms: Open Shortest Path First (OSPF) or Intermediate System-to-Intermediate System (IS-IS) protocol adjacencies may be incomplete.
Conditions: This symptom is observed on a Cisco router after it is loaded with Cisco IOS Release 12.0(21)ST5 but may also occur in Cisco IOS Release 12.0 S. This symptom may affect connectivity across Engine 2 (E2) interfaces.
Workaround: There is no workaround.
•
Symptoms: The distance eigrp router configuration command may not be displayed in the configuration although the configured values are applied to the routes. After you reload the router, the distance for Enhanced Interior Gateway Routing Protocol (EIGRP) routes returns to its default value.
Conditions: This symptom is observed on a Cisco router when you use EIGRP between a provider edge (PE) and customer edge (CE) router in a Multiprotocol Label Switching (MPLS) environment.
Workaround: There is no workaround.
•
Symptoms: OPM (Optical Power Monitoring) may provide incorrect or nonrealistic values and may report that modules are down while they are functioning fine.
Conditions: This symptom is observed when you use small form-factor pluggable (SFP) optical modules that are externally calibrated.
Workaround: There is no workaround.
•
Symptoms: A useless partial Shortest Path First (SPF) calculation may occur.
Conditions: This symptom is observed when an Open Shortest Path First (OSPF) link-state advertisement (LSA) for a 0.0.0.0 destination is refreshed.
Workaround: Use a static default route.
•
Symptoms: Multilink adjacencies may show up as invalid.
Conditions: This symptom is observed on the Engine 3 (E3) Quad OC-12 line card of a Cisco 12000 series that is running Cisco IOS Release 12.0(21)S3. It may not be possible to clear this symptom by entering the clear cef line EXEC command or by reloading the microcode on the line card.
Workaround: There is no workaround.
•
Symptoms: An Engine 3 (E3) 4-port OC-12 (4xOC-12) or E3 OC-48 Packet over SONET (POS) line card may reload and generate traceback messages.
Conditions: This symptom is observed when the gsr-p-mz image of Cisco IOS Release 12.0(24)S is loaded on a Cisco 12406 router in an Inter Autonomous System Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) of an IP version 4 (IPv4) Border Gateway Protocol (BGP) label distribution environment. The E3 4xOC-12 line card may be operating either in the channelized mode or the POS mode.
Workaround: No workaround is necessary as the line cards will recover without user intervention.
•
Symptoms: A Cisco 12000 series may reload because of a bus error.
Conditions: This symptom is observed on a Cisco 12000 series that has dual Gigabit Route Processors (GRPs) and that is operating in the Route Processor Redundancy (RPR) mode. This symptom is observed after the Cisco 12000 series is upgraded to Cisco IOS Release 12.0(23)S.
Workaround: There is no workaround.
•
Symptoms: The VLAN ID may be rewritten to zero on an egress provider edge (PE) router.
Conditions: This symptom is observed in the Ethernet over Multiprotocol Label Switching (EoMPLS) Port Transport mode when the underlying packets are 802.1q packets with a nonzero class of service (CoS) value.
Workaround: There is no workaround.
•
Symptoms: The forwarding state change of a multicast route on a line card may affect the fast path forwarding state of another multicast route. This behavior may cause the latter stream to be punted to the CPU of the line card and lead to a high CPU utilization condition.
Conditions: This symptom is observed on the 2-port OC-48 (2xOC-48) Spatial Reuse Protocol (SRP) line card of a Cisco 12400 series.
Workaround: Enter the clear ip mroute * EXEC command on the router to refresh the forwarding states of all multicast routes.
•
Symptoms: A Cisco 12000 image may time out and fail to load via TFTP.
Conditions: This symptom is observed when a Cisco 12000 boot loader image is used to load the main Cisco IOS software image via TFTP. This symptom occurs because the boot loader image uses "00:00:00:00:00:00" as the MAC address for Ethernet 0. This symptom is observed in Cisco IOS Releases 12.0(20)S, 12.0(20)ST, and later releases.
Workaround: There is no workaround.
•
Symptoms: A standby Route Processor (RP) may reload.
Conditions: This symptom is observed on the standby RP of a dual RP Cisco 12000 series when a line card on the Cisco 12000 series or a neighboring router is reloaded. This symptom occurs when a line card has a large number of encapsulation entries (3000 entries).
Workaround: There is no workaround.
•
Symptoms: An Engine 4 plus line card that is installed in a Cisco 12400 series may be reset by the Route Processor (RP) because of interprocess communication (IPC) failures. The following errors may be displayed:
%CPUIF-3-NO_MEM: sendreq_freeq is NULL.
%MDS-2-LC_FAILED_IPC_ACK: RP failed in getting Ack for IPC message of size 148 to LC in slot 3 with sequence 58638, error = timeout
%FIB-3-FIBDISABLE: Fatal error, slot 3: IPC Failure: timeout
%GRP-4-RSTSLOT: Resetting the card in the slot: 3,Event: EV_AUTO_LC_RELOAD_ON_FIBDISABLE ]Conditions: These symptoms are observed when route flapping occurs; route flapping may generate a high volume of IPC traffic.
Workaround: There is no workaround.
•
Symptoms: Configuring OSPF (Open Shortest Path First) sham links in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment may cause a memory leak in the OSPF router process.
Conditions: This symptom is observed in a MPLS-VPN environment. The area area-id sham-link source-address destination-address cost number global configuration command is used and OSPF adjacency is formed over the sham-link. Each time an OSPF acknowledgment is sent over the sham-link, some memory is allocated that is never freed.
Workaround: There is no workaround.
•
Symptoms: Switch fabric cards (SFCs) may fail on a Cisco 12410 router.
Conditions: This symptom is observed when there is an upgrade to a Cisco IOS release.
Workaround: There is no workaround.
•
Symptoms: Packet or byte counters may not be accurate.
Conditions: This symptom is observed when a parity error occurs on a Cisco 12000 series Engine 4 or Engine 4 plus line card.
Workaround: There is no workaround.
•
Symptoms: A router may reload while it is booting up if a different line card is installed in place of a 4-port channelized OC-3 (4xOC-3) line card in the even slot.
Conditions: This symptom can be reproduced by performing the following steps:
a.
b.
c.
d.
e.
Workaround: The following steps may prevent the router from reloading:
a.
b.
c.
d.
•
Symptoms: A Quad OC-12 ATM line card that is configured for the Carrier Supporting Carrier feature may reset or report an error.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(22)S3 and that is functioning as a customer carrier customer edge (CE) router, after you enter the no mpls ip global configuration command followed by the mpls ip global configuration command.
Workaround: There is no workaround.
•
Symptoms: When an area border router receives type-4 link-state advertisements (LSAs) via the nonbackbone, the router may incorrectly generate type-4 LSAs into the backbone. This situation may cause a routing loop to occur.
Conditions: This symptom is observed in Cisco IOS Release 12.0(22)S or a later release or Release 12.2(10) or a later release.
Workaround: Reset the Open Shortest Path First (OSPF) process by entering the clear ip ospf process privileged EXEC command.
•
Symptoms: The append modifier does not append data to named files on Advanced Technology Attachment (ATA) devices and the original contents of the named file remains unchanged.
Conditions: This symptom affects Cisco IOS releases that have the fix for CSCdz27200.
Workaround: There is no workaround.
•
Symptoms: When you configure additional access control entry (ACE) entries with Layer 4 fields on a 128-line input access control list (ACL) that is configured on an Engine 4 plus (E4+) line card, the line card may reload.
Conditions: This symptom is observed on a Cisco 12000 series 1-port 10-Gigabit Ethernet E4+ line card.
Workaround: Do not add more than 128 ACEs with Layer 4 fields. If more than 128 ACEs with Layer 4 fields are required, remove the ACL form the E4+ line card, add the ACEs with Layer 4 fields, and then reapply the ACL to the line card.
•
Cisco devices which run Cisco IOS software and contain support for the Secure Shell (SSH) server are vulnerable to a Denial of Service (DoS) if the SSH server is enabled on the device. A malformed SSH packet directed at the affected device can cause a reload of the device. No authentication is necessary for the packet to be received by the affected device. The SSH server in Cisco IOS software is disabled by default.
Cisco will be making free software available to correct the problem as soon as possible.
The malformed packets can be generated using the SSHredder test suite from Rapid7, Inc. Workarounds are available. The Cisco PSIRT is not aware of any malicious exploitation of this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml
•
Symptoms: On a Cisco router that is configured for distributed Cisco Express Forwarding (dCEF) and Border Gateway Protocol (BGP) and that has a large number of BGP routes, the following messages may be displayed:
%SYS-2-MALLOCFAIL: Memory allocation of 32768 bytes failed from 0x5021F524, alignment 0
Pool: Processor Free: 23492 Cause: Not enough free memory
Alternate Pool: None Free: 0 Cause: No Alternate pool
-Process= "BGP Router", ipl= 0, pid= 153
-Traceback= 502243C8 50227438 5021F52C 5010E0A4 50124FF0 504F0F50 504C01B0 504C0868 50701408 50702614 50C5AF48 507026B0 506D1920 5021C80C 5021C7F8
%FIB-3-NORPXDRQELEMS: Exhausted XDR queuing elements while prepIn addition, CEF may be disabled and a message very similar to the following message may be displayed:
%FIB-2-FIBDOWN: CEF has been disabled due to a low memory condition.If new BGP neighbors are peering at the same time, the following message may also be displayed:
%SYS-3-CPUHOG: Task ran for 29984 msec (4/0), process = BGP Router, PC = 506D0DF4.
-Traceback= 506D0DFC 5021C80C 5021C7F8When this last message is displayed, the BGP router process may cause the CPU utilization of the router to become high for one to several minutes, depending on the number of prefixes and neighbors that are configured and the number of updates that are occurring.
Conditions: These symptoms are observed under rare conditions on a distributed platform router, such as the Cisco 12000 series, that is configured with line cards and that is running Cisco IOS Release 12.0 S when you run the router beyond its physical limitations, especially when you run the router for a long time under very low memory conditions and with, or along with, a large number of routes, peers, and line cards. All of these conditions may lead to abnormality in the steady state performance of the router.
If CEF is disabled because of low memory conditions, you can reenable it by entering the ip cef distributed global configuration command.
Workaround: Limit the number of BGP routes on the router in relation to the memory that is installed in the router. For example, on a Cisco 12000 series that is configured with 256 MB of memory and based on different parameter of the routes, limit the maximum number of routes that BGP installs to about 150,000 routes.
First Alternate Workaround: Increase the memory on the router and on the line cards to accommodate the large number of routes. For example, if a Cisco 12000 series is configured with 256 MB of memory, increase the memory to 512 MB to enable better performance with a large number of routes.
Second Alternate Workaround: Adjust the BGP parameters by applying aggregation features or enabling the auto-summary router configuration command for BGP, or by using the aggregate-address router configuration command to reduce the number of BGP routes. These actions can help to reduce the memory usage of BGP and CEF.
Closing Comments: This caveat is closed because it is related to the limitation that is posed by 256 MB of memory. Future releases may include changes to BGP to enable BGP to use less transient memory when it builds updates.
•
Symptoms: Interfaces that are configured on the 8xOC-3 Engine 2 line card or the 16xOC-3 Engine 2 line card may not be recovered from a down/down state.
Conditions: This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(24)S.
Workaround: There is no workaround.
•
Symptoms: A router may reload when a route that is learnt via Intermediate System-to-Intermediate System (IS-IS) IP version 6 (IPv6) has more than eight equal-cost paths.
Conditions: This symptom is observed when more than eight equal-cost links are configured between two IS-IS IPv6 routers. Depending on the network topology, the symptom may also occur when there are less then eight equal-cost links between an IS-IS IPv6 router and its neighbors.
Workaround: Ensure that there are less than eight equal-cost links configured between two IS-IS IPv6 routers.
•
Symptoms: Tag forwarding counter may no longer function when parity errors occur on an Engine 4 plus line card.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may fail because of a bus error while an online insertion and removal (OIR) is in progress.
Conditions: This symptom is observed on a Cisco 12000 series when the show environment command is being executed while an OIR is in progress.
Workaround: Do not perform an OIR when the show environment command is being executed.
•
Symptoms: Traffic on a load-sharing path may be switched to the wrong destination or dropped altogether.
Conditions: This symptom is observed when a Cisco 12000 series Engine 4 (E4) line card is on the ingress side, there is a load-sharing path or multiple paths on the egress side, and a hidden class of service (CoS) global configuration command is configured on the router.
Workaround: Remove the extra load-sharing paths, and make it one single outgoing path.
•
Symptoms: When you write a crashinfo file to an Advanced Technology Attachment (ATA) Flash disk, the file on the ATA Flash disk may be corrupt and unusable.
Conditions: This symptom is observed on any Cisco device that enables the crashinfo file to be written to an ATA Flash disk.
Workaround: There is no workaround.
•
Symptoms: A T1 or E1 link that is configured under AU-4-TUG-3 controllers 4 through 12 on a 1-port channelized OC-12 line card that is using Synchronous Digital Hierarchy (SDH) framing may not come up.
Conditions: This symptom is observed on a Cisco 10000 series when the 1-port channelized OC-12 line card is connected to a third-party vendor device. Note that the symptom does not occur when you use AU-4-TUG-3 controllers 1 through 3.
Workaround: There is no workaround.
•
Symptoms: T3 links on a 4-port channelized OC-3 line card may not come up under Synchronous Digital Hierarchy (SDH) framing.
Conditions: This symptom is observed on a Cisco 10000 series when the 4-port channelized OC-3 line card interoperates with a third-party vendor device.
Workaround: There is no workaround.
•
Symptoms: An interface of a 3-port Gigabit Ethernet line card may not come up.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(23)S1 after you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface.
Workaround: Reload microcode onto the line card.
First Alternate Workaround: Unplug the cable of the line card, and then plug it in again.
Second Alternate Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the back-to-back interface.
•
Symptoms: A Gigabit Ethernet Engine 2 or an Engine 4 plus line card may reload when you perform an online insertion and removal (OIR) of the Clock and Scheduler Card (CSC).
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0 S.
Workaround: There is no workaround.
•
Symptoms: A 24-port channelized E1/T1 line card may produce a traceback, and the serial interface may not come up.
Conditions: This symptom is observed on a Cisco 10000 series when you change the mode on the line card from E1 to T1.
Workaround: There is no workaround.
•
Symptoms: If a 3-port Gigabit Ethernet (GE) Engine 2 (E2) line card is configured for dot1q VLAN operation and an inbound access control list (ACL) is applied to the main interface, the line card will be paused by the Gigabit Route Processor (GRP), reporting Fabric Unicast timeout errors. Note that 3-port GE E2 line cards do not support per subinterface ACL processing.
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(24)S or a later release with both normal and extended ACLs. The line card will continue to pause until the ACL is either removed from the interface configuration or ACL is removed from the configuration using the no access- list access-list-number global configuration command.
Workaround: There is no workaround.
•
Symptoms: When you use the break key to reset the secondary Gigabit Route Processor (GRP) on a Cisco 12000 series that is configured with two GRPs, the primary GRP may first pause and then reload when the following watchdog timeout occurs:
%SYS-2-WATCHDOG: Process aborted on watchdog timeout process = Fabric pingThis situation may impact the process of replacing a defective secondary GRP.
Conditions: This symptom is observed regardless of the redundancy mode (Route Processor Redundancy [RPR], Route Processor Redundancy Plus [RPR+], or Stateful Switchover [SSO]).
Workaround: There is no workaround.
•
Symptoms: "IBC divert PAK" and "Camr-3-INTPROC" errors may occur.
Conditions: This symptom is observed on a Cisco 10720 router.
Workaround: There is no workaround.
•
This caveat is closed.
Symptoms: When you apply a 448-line access control list (ACL) on an Engine 2 (E2) line card to control outbound traffic, Cisco Express Forwarding (CEF) may be disabled on the E2 line card and on other E2 line cards in the chassis.
Conditions: This symptom is observed on a Cisco 12000 series when there are about 200,000 Border Gateway Protocol routes and is about 3,000 Interior Gateway Protocol (IGP) (or Intermediate System-to- Intermediate System [IS-IS]) routes. All E2 line cards have 256 MB of memory.
Workaround: To prevent CEF from being disabled, and to minimize usage of packet switch application-specific integrated circuit (ASIC) (PSA) memory, enter the access-list hardware psa limit 128 global configuration command. Doing so enables all ACL lines to be processed at the CPU of the line card.
•
Symptoms: The ifIndex Persistence feature does not function after a switchover.
Conditions: This symptom is observed in a high availability (HA) Stateful Switchover (SSO) environment.
Workaround: To reenable the ifIndex Persistence feature, enter the write memory EXEC command after the switchover.
•
Symptoms: Permanent virtual circuits (PVCs) that are managed by Operation, Administration, and Maintenance (OAM) cells may not come up.
Conditions: This symptom is observed on an 8-port ATM Inverse MUX T1 port adapter (PA-A3-8T1IMA) or an 8-port ATM Inverse MUX E1 port adapter (PA-A3-8E1IMA) that is installed in a Cisco 7200 series or Cisco 7500 series router that is running Cisco IOS Release 12.2(13)T or a later release, or Release 12.0 S.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(23)S1
Cisco IOS Release 12.0(23)S1 is a rebuild of Cisco IOS Release 12.0(23)S. The caveats listed in this section are resolved in Cisco IOS Release 12.0(23)S1 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
•
Symptoms A packet that is destined for a next hop may not be policy-routed.
Conditions These symptoms are observed when you enable policy routing on a Fast Ethernet Inter-Switch Link (ISL) subinterface.
Workaround There is no workaround.
•
Symptoms A Cisco 7200 series router that has data-link switching (DLSw) configured may reload because of a software condition.
Conditions This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.0(15) when DLSw with TCP encapsulation is sent over an X.25 network and when an X.25 transmission attempt fails because packets are dropped.
Workaround There is no workaround.
•
Symptoms Parallel links may not be used efficiently on a Cisco router when Multiprotocol Label Switching (MPLS) traffic is load balanced over parallel links to a customer premises equipment (CPE) device.
Conditions This symptom is observed when a Virtual Private Network (VPN) routing and forwarding (VRF) static route to a remote loopback interface is configured and both parallel links to the same CPE device are configured to the same loopback interface without an IP address using the ip unnumbered interface configuration command.
Possible Workaround Define the following configurations on the provider edge (PE) and customer edge (CE) routers to achieve load balancing with static VRF routes.
PE Configuration
interface multilink250
ip vrf forwarding YELLOWVPN
ip address 10.0.0.1 255.255.255.0
interface multilink251
ip vrf forwarding YELLOWVPN
ip address 10.1.0.1 255.255.255.0The links in the CE configuration must be configured with 10.0.0.2 and 10.1.0.2.
10.10.0.1/32 is the CE loopback and must be advertised to the PE via Routing Information Protocol (RIP) or with another router protocol. A static route may be used.CE Configuration:
ip route vrf YELLOWVPN 10.10.0.1 255.255.255.255 10.0.0.2
ip route vrf YELLOWVPN 10.10.0.1 255.255.255.255 10.1.0.2The following output defines static routes for the CE prefix:
ip route vrf YELLOWVPN 192.168.200.0 255.255.255 0 10.10.0.1•
Symptoms The ATM traffic in a Cisco 12000 series ATM Quad OC-3 line card with Segmentation and Reassembly (SAR) 3.1.3 may not work properly. Cell drops may occur in the background traffic because of the usage parameter control (UPC) configuration in the ATM switch. The ping timeout may be 15 out of 1000 pings, with a packet size of 18,000 bytes.
Conditions These symptoms are observed on a Cisco 12000 series router with the UPC on the ATM switch set to "DROP." (The symptoms are not observed on a Cisco 7200 series routers or a Cisco 7500 series routers under the same scenario.)
The symptoms occur when the ATM variable bit rate-non-real time (VBR-NRT) permanent virtual circuit (PVC) has a peak cell rate (PCR) of 46, the sustainable cell rate (SCR) is set to 23, and the maximum burst size (MBS) is set to 100.
Workaround Reduce the MBS by about 10 percent, for example, to 90.
•
Symptoms Source/destination pairs may not be switched in hardware and may receive degraded service.
Conditions This symptom is observed when IP version 6 (IPv6) load balancing is performed with 3 paths on a Cisco 12000 series Engine 3 line card and occurs on source/destination pairs that hash to 15. The symptom does not occur when load balancing is performed with 1, 2, 5, or 8 paths.
Workaround There is no workaround.
•
Symptoms Memory allocation failures occur on a Cisco router that has authentication, authorization, and accounting (AAA) configured, and "%SYS-2- MALLOCFAIL" messages are displayed. When you enter the show memory summary command, the command output shows that many small blocks are used by the AAA processes.
Conditions This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0(15)S3.
Workaround There is no workaround.
•
Symptoms The convergence time after four Stateful Switchovers (SSOs) on a Cisco 10000 series edge services router is 11 seconds but should never be longer than 10 seconds.
Conditions The conditions under which this symptom occurs are not known at this time.
Workaround There is no workaround.
•
Symptoms Configuring 6000 Access Control Entry (ACE) entries or more in an access control list (ACL) causes Cisco IOS software to reload.
Conditions This symptom is observed on a Cisco 10000 series router that is configured with a Performance Routing Engine 1 or 2 (PRE1 or PRE2).
Workaround There is no workaround.
•
Symptoms An interface of a Cisco 10000 series channelized T3 (CT3) line card may not dequeue packets. When the link on a CT3 card flaps, one or more interfaces may not recover. The output queue of the interface may become full with PPP/High-Level Data Link Control (HDLC) packets and may stay in the "Up/Down" state.
Conditions These symptoms are observed when a chip of a third-party vendor on a Cisco 10000 series CT3 line card is defective.
Workaround There is no workaround; return the CT3 line card for repair.
The fix for this caveat adds a software procedure that periodically checks if the pointers that link the partial packet buffer RAM blocks are becoming corrupted. When a corrupted pointer is detected, the associated interface is removed and then replaced, which may cause the interface to be incapable of transmitting traffic for up to 10 seconds. When this condition is detected and repaired, a message is logged to the Route Processor and the line card log to notify the user.
•
Symptoms A Cisco 12000 series Engine 0 (E0) Packet-over-SONET (POS) line card reloads and causes the router to lose all its routes. A back-to-back ping on other line cards fails and causes Open Shortest Path First (OSPF) Border Gateway Protocol (BGP) to go down.
Conditions These symptoms are observed when you change the maximum transmission unit (MTU) of a port channel while traffic is flowing.
Workaround Reload the E0 POS line card.
•
Symptoms A Cisco 7500 series router may reload at a packet enqueue utility.
Conditions This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.0(22)S when all of the following conditions are met:
–
–
–
–
Workaround Avoid the situation in which all of the above-mentioned conditions take place concurrently. For example, when an FR link is configured on a VIP interface and you require traffic shaping, use distributed FRTS, or unconfigure FRTS while user traffic is low so as not to activate the shaping function.
•
Symptoms Operation, Administration, and Maintenance (OAM)-managed permanent virtual circuits (PVCs) on an 8-port T1 ATM port adapter with Inverse Multiplexing over ATM (IMA). (PA-A3-8T1IMA) or an 8-port E1 ATM port adapter with IMA (PA-A3-8E1IMA) may not come up as expected.
Conditions This symptom is observed on a PA-A3-8T1IMA or a PA-A3-8E1IMA of a Cisco 7200 series or Cisco 7500 series router that is running Cisco IOS Release 12.2(11.5)T or a later release.
Workaround There is no workaround.
•
Symptoms Reassembly table entries may indicate incorrectly that they are still active following the removal of an associated Multilink PPP (MLP) configuration.
Conditions This symptom is observed when you remove a large MLP configuration in a single step, that is, when you use a single configuration file to shut down the bundle and remove the bundle from the running configuration.
Workaround Use one configuration file to shut down the bundle and another (separate and unique) configuration file to remove the bundle from the running configuration.
•
Symptoms Virtual Private Network routing/forwarding (VRF) does not function properly on a Frame Relay link between a provider edge (PE) router and a customer edge (CE) router, and the CE router cannot ping the PE router.
Conditions These symptoms are observed on a Frame Relay link between a Cisco 10000 series router that is functioning as a PE router and another Cisco 10000 series router that is functioning as a CE router.
Workaround Reload the PE router to make the link between the PE router and the CE router function.
•
Symptoms When a Cisco 12000 series Engine 3 line card receives a tag packet with an IP version 4 (IPv4) packet that has options underneath it or with a non-IPv4 packet such as an IP version 6 (IPv6) packet, the packet may be send to the line card CPU for processing.
Conditions This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(21)ST2.
Workaround There is no workaround.
•
Symptoms An interface on a 2-port Fast Ethernet port adapter (PA-2FE) may stop transmitting if this interface or the other interface on the same port adapter goes down or flaps under a heavy traffic load. The interface that stops transmitting may display the following messages:
%RSP-3-RESTART: interface FastEthernet3/0/0, not transmitting
%RSP-3-RESTART: interface FastEthernet3/0/0, output frozen
%RSP-3-RESTART: cbus complexConditions This symptom is observed on the PA-2FE on a Cisco 7500 series Versatile Interface Processor 4 (VIP4) that is configured with Fast Ether Channel (FEC). This symptom is observed when the port adapter is carrying a heavy traffic load and when part of the traffic is originating from a port adapter (PA-A3) that is located on the same VIP.
Workaround There is no workaround.
•
Symptoms A Telnet session from a terminal over a vty connection to a Cisco 7206VXR router may pause indefinitely.
Conditions This symptom is observed on a Cisco 7206VXR router that is running Cisco IOS Release 12.2(4)XZ5, that is configured with a Network Processing Engine 300 (NPE-300), and that is functioning as a Multiprotocol Label Switching Virtual Private Network (MPLS VPN) provider edge (PE) router when large text displays are dumped on the screen of the terminal.
The symptom is caused by a corrupt TCP Telnet packet that is generated by the router.
Workaround There is no workaround.
•
Symptoms Pins across a link bundle fail when the attached line cards are either 1-port or 3-port Gigabit Ethernet line cards.
Conditions This symptom is observed on a connection between two Cisco 12000 series routers with at least one of the routers configured with a Next Generation Release Process (NGRP). The symptom occurs on the c12kprp-p-mz image of Cisco IOS Release 12.0(22.3)S and later releases.
Workaround There is no workaround.
•
Symptoms Many interprocess communications (IPC) messages are sent to a Cisco 12000 series Gigabit Ethernet (GE) line card, and the nonblocking IPC command queue becomes full.
Conditions These symptoms are observed on a Cisco 12000 series router that is configured with a GE line card when you use TFTP to copy a configuration with many VLANS (that is, 800 or more VLANs) to the running configuration.
Workaround Copy the configuration with many VLANS to the startup configuration, and reload the router.
•
Symptoms Virtual Private Network (VPN) routing/forwarding (VRF) may not function on a High-Speed Serial Interface (HSSI) port adapter.
Conditions This symptom is observed on a Cisco 7500 series router.
Workaround Remove and reconfigure the affected subinterface on the HSSI port adapter.
•
Symptoms A Cisco 12000 series Engine 2 line card may reload.
Conditions This symptom is observed when traffic engineering (TE) metric is used.
Workaround There is no workaround.
•
Symptoms A policy map with multiple class maps does not synchronize correctly with a standby Route Processor (RP).
Conditions This symptom is observed on a Cisco 12000 series router.
Workaround Reload the standby RP.
•
Symptoms When you enter a loopback remote line interface configuration command on a 6-port channelized T3 line card, the command may fail and may cause a T1 connection to flap.
Conditions This symptom is observed on both American National Standards Institute (ANSI) and Bell Communications Research (Bellcore) loopbacks on networks that are sensitive to T1 framing errors.
When you enter the loopback remote line interface configuration command, the line card causes a brief change of frame alignment (COFA) error. Normally, this error goes unnoticed. However, some devices react to these errors with an alarm indication signal (AIS). Each time the loopback request is initiated (that is, if the T1 connection is configured for remote loopbacks each time the T1 connection comes up), the AIS brings the T1 connection down.
Workaround There is no workaround.
•
Symptoms The following error messages may be generated on a Cisco 12000 series Engine 4 plus (E4+) OC-192 line card:
SLOT 6: %RX192-3-HINTR: status = 0x4000000, mask = 0x7EFFFF FF - Parity error on rx_pbc_mem.
-Traceback= 4039CEF0 4044ECEC 400C85B0
SLOT 6: %SYS-2-INTSCHED: 'sleep for' at level 7
-Process= "CEF IPC Background", ipl= 7, pid= 52
-Traceback= 400CABB8 400B9D24 403F5EB0 4044E040 400CEAE4 400C7108
SLOT 6: %SYS-2-INTSCHED: 'sleep for' at level 7
-Process= "CEF IPC Background", ipl= 7, pid= 52
-Traceback= 400CABB8 400B9D24 403F5EB0 4044E040 400CEAE4 400C7108Cisco Express Forwarding (CEF) on the E4+ OC-192 line card may become disabled, and the associated port stays in an "Up/Up" state.
Conditions This symptom is observed on a Cisco 12000 series router that is running the gsr-k4p-mz image of Cisco IOS Release 12.0(21)S3 or the gsr-p-mz image of Cisco IOS Release 12.0(21)ST2.
Workaround Enter the microcode reload slot-number global configuration command on the E4+ OC-192 line card.
•
Symptoms When a primary Multiprotocol Label Switching traffic engineering (MPLS TE) tunnel reoptimizes over another link, a traffic drop may occur.
Conditions This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(22)S1 following a Fast Reroute (FRR) operation.
Workaround Configure the primary label switched path tunnel (LSP tunnel) as an explicit tunnel.
•
Symptoms Guarantees may not be achieved for some classes for a certain combination of bandwidth assignments within a service policy.
Conditions This symptom is observed when you use the following bandwidth allocation: class 1, 8 kbps; class 2 64 kbps; class 3 16 kbps; class 4 14 kbps; parent class, 120 kbps.
Workaround Sightly adjust the bandwidth of one of the classes. In the above example, changing class 3 to 14 kbps or class 4 to 16 kbps would solve the situation.
•
Symptoms Distributed switching may not function for packets.
Conditions This symptom is observed on a distributed multilink interface on a Cisco 7500 series router that is running Cisco IOS Release 12.0(22.4)S1.
Workaround There is no workaround.
•
Symptoms On a Cisco 7500 router that is configured for High Availability, when you enter the shutdown interface configuration command on a serial interface, the following error message is displayed on the standby Route Processor (RP) and the standby RP reloads:
%HA-2-CCB_PLAYBACK_ERROR: CCB playback failed.Conditions This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.0 S.
Workaround There is no workaround.
•
Symptoms An Engine 2 Quad OC-12 line card that has interfaces configured for Virtual Private Network (VPN) and that has a Frame Relay subinterface may reload.
Conditions This symptom is observed on a Cisco 12000 series router that is running the gsr-p-mz image of Cisco IOS Release 12.0(22.4)S1 when a microcode bundle is configured and loaded onto the Engine 2 Quad OC-12 line card.
Workaround There is no workaround.
•
Symptoms A Cisco 12000 series Engine 2 line card may generate the following error messages:
SLOT 14: %LCPOS-3-SOP: TX:BadLenCtr. Source=0x1 (Plim), halt_minor0=0x8001 (1000 0000 0000 00sl, s/l=TooShort/long)
SLOT 14: %GSR-3-INTPROC: Process Traceback= 400CCE60 400C90F0 40010A24
-Traceback= 4033F424 4044ED54 400C88B0Conditions This symptom is observed when you remove and reinsert switch fabric on a Cisco 12000 series router while traffic is flowing.
Workaround There is no workaround.
•
Symptoms When you configure more than 64 Inter-Switch Link (ISL) VLANs, a Versatile Interface Processor (VIP) may reload.
Conditions This symptom is observed on a Cisco 7500 series router.
Workaround Use only dot1q encapsulation.
•
Symptoms NetFLow stops functioning after an online insertion and removal (OIR) of a switch fabric card (SFC).
Conditions This symptom is observed on a Cisco 12000 series router.
Workaround Disable and reenable the ip route-cache flow sampled interface configuration command.
•
Symptoms An Engine 4 Packet-over-SONET (POS) line card reloads.
Conditions This symptom is observed on an Engine 4 Packet-over-SONET (POS) line card in a Cisco 12000 series Internet router during several online insertion and removal (OIR) procedures on a Clock Scheduler Card (CSC).
Workaround There is no workaround.
•
Symptoms A memory leak of about 0.5 MB occurs in the "Pre Command NV Buffer" process.
Conditions This symptom is observed when you connect to a Cisco 12000 series Route Processor (RP) through a vty.
Workaround There is no workaround.
•
Symptoms A Cisco 12000 series router may reload when an interface flaps.
Conditions This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(21)S during multicast traffic.
Workaround There is no workaround.
•
Symptoms A Cisco router that is functioning as a provider edge (PE) router may install an outgoing point of presence (POP) label instead of an outgoing aggregate label for a connected Virtual Private Network (VPN) routing/forwarding (VRF) route.
Conditions This symptom is observed in a carrier supporting carriers topology with a Cisco router that is running Cisco IOS Release 12.2(12.10)T1 and that is functioning as a PE router.
Temporary Workaround Enter the shutdown interface configuration command followed by the no shutdown interface configuration on the VRF interface until the symptom occurs again.
Alternate Temporary Workaround Reload the router. However, after having done so, when you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the VRF interface the symptom will occur again.
•
Symptoms The Binary Synchronous Communications (Bisync) IP (BIP) counter displays a value of 46623 instead of 5.
Conditions This symptom is observed on a Cisco 10000 series 4-port channelized OC-3 line card.
Workaround There is no workaround.
•
Symptoms Enhanced Interior Gateway Routing Protocol (EIGRP) resets the routing table when you enter the write memory EXEC command, write terminal EXEC command, or show running-config privileged EXEC command.
Conditions This symptom is observed on a Cisco 7505, Cisco 7507, and Cisco 7513 router.
Workaround There is no workaround.
•
Symptoms When you apply a combination of IP version 6 (IPv6), an access control list (ACL), and Sampled NetFlow to an interface on an Engine 4 plus line card, the line card may reload.
Conditions This symptom is observed while IPv6 traffic is flowing.
Workaround There is no workaround.
•
Symptoms Resource Reservation Protocol (RSVP) Hello detection may not trigger a Fast Reroute (FRR) switchover.
Conditions This symptom is observed when you use RSVP Hello detection to enable Multiprotocol Label Switching traffic engineering (MPLS TE) FRR protection on shared interfaces.
Workaround There is no workaround.
•
Symptoms An IP version 6 (IPv6) automatic tunnel cannot be created.
Conditions This symptom is observed on a Cisco 12000 series router when you reload the router after you have enabled the tunnel mode ipv6ip auto-tunnel command and have saved the command in the startup configuration. The tunnel interface is not enabled for IPv6, and the routing table does not show the correct route nor a static route to the tunnel.
Workaround Enter the no tunnel source type number interface configuration command followed by the tunnel source type number interface configuration command on the tunnel interface.
•
Symptoms Counters for policy-based routing (PBR) update at an incorrect route map.
Conditions This symptom is observed when matching conditions are not defined for a route map.
Workaround When matching conditions are not defined for a route map, the situation is treated as a "permit ip any any" condition; assign the access-list access-list-number permit ip any any global configuration command as the matching condition for the route map.
•
Symptoms The entPhysicalParentRelPos MIB object does not return the correct value for the physical slots in a Cisco 10000 series router chassis.
Conditions This symptom is observed on a Cisco 10000 series router that is running the c10k-p10-mz image of Cisco IOS Release 12.0(23)S.
Workaround There is no workaround.
•
Symptoms A Cisco 12000 series Route Processor (RP) may reload.
Conditions This symptom is observed on a Cisco 12000 series router that is running the gsr-p-mz image of Cisco IOS Release 12.0(23)S during Fast Reroute (FRR) testing.
Workaround There is no workaround.
•
Symptoms When you change a class queue from low latency queueing (LLQ) to non-LLQ, or the other way around, or when you simply remove and recreate a class queue, the queue of the next class disappears, as is displayed in the output of the show hardware pxf cpu queue interface privileged EXEC command.
Conditions This symptom is observed on a Cisco 10000 series router when you change or create a class queue using the no priority policy-map class configuration command followed by the priority policy-map class configuration command or using the no bandwidth policy-map class configuration command followed by the bandwidth policy-map class configuration command.
Workaround There is no workaround.
•
Symptoms A static crossconnect setup may fail.
Conditions This symptom is observed when you configure a static crossconnect that is using an interface that is down. When the interface comes up, the static crossconnect is not set up in the Label Forwarding Information Base table.
Workaround Remove the static crossconnect using the no mpls static crossconnect global configuration command and reapply the static crossconnect using the mpls static crossconnect global configuration command.
•
Symptoms An input access control list (ACL) may not take effect.
Conditions This symptom is observed on a Cisco 12000 series Engine 4 plus interface on which the VRF Selection feature is enabled.
Workaround There is no workaround.
•
Symptoms Configuring the hw-module slot shutdown global configuration command in the startup configuration may cause a router to reload.
Conditions This symptom is observed on a Cisco 10000 series router when you attempt to boot from an eboot image.
Workaround Do not configure the hw-module slot shutdown global configuration command in the startup configuration.
Alternate Workaround Change the configuration register to "0x40" to ignore the configuration during the bootup process.
•
Symptoms A destination interface may not have a value in the NetFlow cache (that is, the destination interface may be null), but it should have a value.
Conditions This symptom is observed when the egress interface is on a Cisco 12000 series Engine 0 line card and a rate limit access list is applied to the egress interface. The rate limit access list may not cause packets to be dropped, but the destination interface is null in the NetFlow cache.
Workaround Disable the rate limit on the output interface.
•
Symptoms A Cisco 12000 series router may reload during the bootup process.
Conditions This symptom is observed when you attempt to boot up the Cisco 12000 series router with an image of Cisco IOS Release 12.0(23)S and occurs before the image is loaded onto the router.
Workaround There is no workaround.
•
Symptoms Executing an snmpwalk command on loopback interfaces does not yield any results.
Conditions This symptom is observed on a Cisco 12000 series router.
Workaround Execute the snmpwalk command on the physical interfaces instead.
•
Symptoms Slow path forwarding on an Engine 3 line card of a provider edge (PE) router that is running IP version 6 (IPv6) in a Multiprotocol Label Switching (MPLS) environment (also referred to as a 6PE router) may not function.
Conditions This symptom is observed on a Cisco 12000 series router that is functioning as a 6PE router and occurs because the 6PE disposition does not function for aggregate 6PE labels on the Engine 3 line card.
Workaround There is no workaround.
•
Symptoms "Alpha" error messages may be observed on the ingress or egress interface of a Cisco 12000 series 4-port OC-12c/STM-4c Packet over SONET (POS) synchronous digital hierarchy IP services engine line card. The following messages may be displayed on the egress interface of the Cisco 12000 series 4-port OC-12c/STM-4c POS synchronous digital hierarchy IP services engine line card:
%EE48-3-ALPHAERRS: TX ALPHA: ALPHA_CPU_PIPELINE_CTRL_INT error 1 SLOT 2: %EE48-3-ALPHAPAIR: TX ALPHA: POP PAIRConditions This symptom is observed if the shape, bandwidth, random detect, or priority value is configured and if both the set ip-dscp-value quality of service (QoS) policy map configuration command and the set mpls experimental policy map configuration command are disabled. This symptom is observed on a Cisco 12016 router that is running the gsr-p-mz image of Cisco IOS Release 12.0(21)S or Release 12.0(21)ST2a.
Workaround Remove the transmit (TX) service policy and use Per Interface Rate Control (PIRC) instead.
Additional Notes The same symptom may occur when an error recovery is performed for hardware failures such as data path parity errors. The symptom under those circumstances would be a failed recovery. There is no workaround for the occurrence of this symptom when an error recovery is performed.
•
Symptoms There may not be any label bindings on a Label Switch Router (LSR), but a Label Distribution Protocol (LDP) session may not be impaired.
Conditions This symptom is observed when an LDP session flaps quickly.
Workaround After you have brought down the LDP session, remove all label bindings, and bring the session up again.
•
Symptoms Multiprotocol Label Switching (MPLS) Fast Reroute (FRR) may not function properly on an Engine 2 ingress line card.
Conditions This symptom is observed on a Cisco 12000 series router when a tunnel that is protected by FRR is a one-hop tunnel to a second router. A third router that is connected to the first and second router provides the backup path. When the primary path between the first and second router goes down, traffic is not redirected over the backup path.
Workaround There is no workaround.
•
Symptoms A Cisco 7200 series or Cisco 7500 series router may reload because a packet is not cleaned up properly.
Conditions This symptom is observed under rare circumstances when the Cisco 7200 series or Cisco 7500 series router is configured for Multiprotocol Label Switching (MPLS) through a 1-port Gigabit Ethernet port adapter (PA-GE) or an Enhanced Gigabit Ethernet Interface Processor (GEIP+).
Workaround There is no workaround.
•
Symptoms The ENTITY MIB fails to recognize redundant power supplies and recognizes only one power supply. In addition, the power supply, fans, and chassis interface are displayed as non field-replaceable units (non-FRUs).
Conditions This symptom is observed on a Cisco 7507 and a Cisco 7513 router.
Workaround There is no workaround.
•
Symptoms When you configure an IP version 6 (IPv6) access list to match Encapsulated Security Payload (esp) or Authentication Header Protocol (ahp) protocol literal values, the access list appears to be configured to match IPv6 only.
Conditions The conditions under which this symptom occurs are not known at this time.
Workaround There is no workaround.
•
Symptoms A router may reload while applying an Access Control List (ACL) to forwarded traffic via the ipv6 traffic-filter interface configuration command.
Conditions This symptom is observed when you enter illegal syntax in the submode of the ipv6 access-list global configuration command.
Workaround Do not enter illegal syntax in the submode of the ipv6 access-list global configuration command.
•
Symptoms Virtual Private Network routing/forwarding (VRF) does not function properly on a Frame Relay link between a provider edge (PE) router and a customer edge (CE) router, and the CE router cannot ping the PE router.
Conditions These symptoms are observed on a Frame Relay link between a Cisco 10000 series router that is functioning as a PE router and another Cisco 10000 series router that is functioning as a CE router.
Workaround Reload the PE router to make the link between the PE router and the CE router function.
Resolved Caveats—Cisco IOS Release 12.0(23)S
All the caveats listed in this section are resolved in Cisco IOS Release 12.0(23)S. This section describes only severity 1, severity 2, and select severity 3 caveats.
Basic System Services
•
Symptoms A Cisco 7200 series router reloads because of a bus error, a watchdog timeout, or an unspecified error (that is, no reload error message is provided).
Conditions This symptom is observed on a Cisco 7200 series router that is configured with a Network Processing Engine 200 (NPE-200), a PA-A1 port adapter, and a PA-FE port adapter when a medium to high traffic load occurs and the traffic load consists of large packet sizes.
Workaround Reduce traffic.
Alternate Workaround Use another model Network Processing Engine.
•
Symptoms The ifOutOctets counter may decrease over a five-minute interval, but the counter is still accurate on a long term basis.
Conditions This symptom is observed on a Cisco 7500 series router when quality of service (QoS) is configured on the egress Versatile Interface Processor (VIP)
Workaround Disable QoS.
•
Symptoms Simple Network Management Protocol (SNMP) ifIndexes may change after a switchover. This situation may occur when the bulk-synchronization of SNMP ifIndexes does not function.
Conditions This symptom is observed on a Cisco 7500 series router, Cisco 10000 series router, and Cisco 12000 series router.
Workaround There is no workaround.
•
Symptoms A CPU hog condition may be observed on a router, and the router may reload.
Conditions These symptoms are observed when the snmp-server community global configuration command is executed on a Cisco router that is running Cisco IOS Release 12.1 and that has several thousand logical entities configured.
Workaround There is no workaround.
•
Symptoms A router that is configured with a Route Switch Processor (RSP) drops multicast packets, which situation leads to a loss of connectivity.
Conditions This symptom is observed in a bridging environment, when the router that is configured with the RSP is running the rsp-jsv-mz image of Cisco IOS Release 12.2(10.7)T1 or Release 12.2(11.2) and the subscriber trunk is configured with a multicast policy that is set to "permit."
Workaround There is no workaround.
•
Symptoms When you configure a Cisco 12000 series Internet router with ATM interfaces, the secondary Route Processor (RP) reloads.
Conditions The conditions under which these symptoms occur are not known at this time.
Workaround There is no workaround.
•
Symptoms A router may reload if the no ip routing interface configuration command is configured on a router that has NetFlow configured.
Conditions This symptom is observed on a router while traffic is flowing through the router on the interface that has NetFlow configured.
Workaround Remove NetFlow before entering the no ip routing interface configuration command, or stop traffic from going through the interface that has NetFlow configured before entering the no ip routing interface configuration command.
•
Symptoms A Multilayer Switch Feature Card 2 (MSFC2) may reload when the no ip routing global configuration command is entered.
Conditions This symptom is observed on a Catalyst 6000 MSFC2 that is running Cisco IOS Release 12.1(12)E.
Workaround Do not disable IP routing on the MSFC2.
•
Symptoms The snmp-server host host-addr version 2c community-string global configuration command cannot be configured if the community-string argument is already configured via the snmp-server community string global configuration command.
Conditions This symptom is observed in Cisco IOS Release 12.0 S and is related to the introduction of the SNMP Support for VPNs feature.
Workaround There is no workaround.
•
Symptoms The output counters that are associated with an interface may remain zero, even though traffic is passed through the interface.
Conditions The conditions under which this symptom occurs are not known at this time.
Workaround There is no workaround.
•
Symptoms Cisco IOS software fails to set up the Gigabit Ethernet Interface Processor (GEIP) MIBs correctly on a Cisco 7500 series router.
Conditions This symptom is observed when the hierarchy on the GEIP is incorrect; the port adapter and interface are shown at the same level as the GEIP. The GEIP should be at the top of the hierarchy, followed by the port adapter, followed by the interface.
Workaround There is no workaround.
EXEC and Configuration Parser
•
Symptoms The router isis global configuration command is not properly synchronized to a standby Route Processor (RP). This situation prevents the standby RP from loading the correct configuration.
Conditions This symptom is observed when a router is running in redundancy mode.
Workaround There is no workaround.
•
Symptoms The Open Shortest Path First (OSPF) network ip-address wildcard-mask area area-id router configuration command is accepted in an active Route Processor (RP) but not properly synchronized to the standby RP. The first command that you enter is synchronized correctly to the standby RP, but commands that are subsequently entered are not properly synchronized to the standby RP.
Conditions This symptom is observed on a Cisco 12000 series router when Stateful Switchover (SSO) is enabled.
Workaround There is no workaround.
Interfaces and Bridging
•
Symptoms Multiprotocol Label Switching (MPLS) packets that are greater than 1498 bytes may not be received on a router.
Conditions This symptom is observed on a Cisco 7500 router that is running Cisco IOS Release 12.2(10a) and that is using dot1q encapsulation.
Workaround There is no workaround.
•
Symptoms A Versatile Interface Processor (VIP) may reload and restart after a Fast Ethernet port adapter (PA-FE) is installed.
Conditions This symptom is observed on a VIP that is installed in a Cisco 7500 series router.
Workaround There is no workaround.
•
Symptoms The following error message may be displayed on a router when a Cisco IOS software upgrade is performed:
%SYS-6-STACKLOW: Stack for process ATM PA Helper running low, 0/3000Conditions This symptom is observed on a Cisco 7500 series router when you upgrade from Cisco IOS Release 12.0(7)T to Release 12.1(14).
Workaround There is no workaround.
•
Symptoms A router that is configured with a multichannel port adapter reloads because of a bus error exception.
Conditions This symptom is observed when link flaps occur or interfaces are reset on a router that is configured with PA-MC-T1, PA-MC-E1, PA-MC-E3, or PA- MCX port adapters.
Workaround There is no workaround.
•
Symptoms The mtu interface configuration command changes into the ip mtu interface configuration command when the VLAN ID changes on a subinterface of a Cisco 12000 series 3-port Gigabit Ethernet line card.
Conditions This symptom is observed on a Cisco 12000 series Internet router.
Workaround There is no workaround.
•
Symptoms An Ethernet driver on an Ethernet interface may receive and forward packets that are not destined for itself.
Conditions This symptom is observed on an Ethernet interface that has the promiscuous mode enabled in a network that has multiple Hot Standby Router Protocol (HSRP) groups. This symptom is also observed when no transparent bridging is occurring.
Workaround There is no workaround.
•
Symptoms A buffer leak may be observed in the small buffers on a router.
Conditions This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.2(10a) and that is using distributed Link Fragmentation and Interleaving (dLFI).
Workaround There is no workaround.
•
Symptoms A router that is configured with a 2-port Fast Ethernet 100BASE-FX port adapter (PA-2FE-TX) may reload when the packet cleanup is not performed properly in the interrupt path of the port adapter.
Conditions This symptom is observed on a Cisco 7200 series router and a Cisco 7500 series router.
Workaround There is no workaround.
•
Symptoms A router may be able to send but not be able to receive traffic via a Fast Ethernet subinterface that is configured for dot1q encapsulation.
Conditions This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.0(21)ST3.
Workaround Reload the router, or reload microcode onto the Versatile Interface Processor (VIP) by entering the microcode reload slot-number global configuration command. Both workarounds cause a traffic interruption.
•
Symptoms When you reload a Cisco 7500 series Versatile Interface Processor (VIP) or a Cisco 12000 series line card that is configured with VLAN subinterfaces that are in a shutdown state, the VLAN interfaces become active again.
Conditions This symptom is observed on distributed Cisco IOS platforms, such as the Cisco 7500 series router and the Cisco 12000 series router.
Workaround After the VIP or the line card has reloaded, enter the no shutdown interface configuration command followed by the shutdown interface configuration command for the affected subinterfaces.
•
Symptoms Label controlled ATM (LC-ATM) bindings may not come up after a Stateful Switchover (SSO) is performed.
Conditions This symptom is observed on a Cisco 7500 series router that is configured with an LC-ATM interface.
Workaround There is no workaround.
•
Symptoms A 1-port ATM Enhanced OC12/STM4 port adapter (PA-A3-OC12) that is configured with multiple Low Latency Queueing (LLQ) streams that are running near peak cell rate (PCR) may drop packets. The output of the show interfaces command displays that packets are sent out but that no packets are coming in. Input or output packet drops are not displayed.
Conditions This symptom is observed during a test on a Cisco 7500 series router that is running Cisco IOS Release 12.0(22)S.
Temporary Workaround Enter the clear interface type number EXEC command each time the symptom occurs.
•
Symptoms A router may reload after a channelized T3 (CT3) port adapter that is configured as part of a Multilink PPP (MLP) bundle is removed, and the MLP bundle interface is shut down.
Conditions This symptom is observed in a network in which two Cisco 7200 series routers are connected back-to-back via channelized T3 (CT3) port adapters. Channel groups are created and configured for MLP, and a bundle interface multilink is created on both of the routers in this setup.
Workaround There is no workaround.
•
Symptoms Open Shortest Path First (OSPF) multicast packets are not received on a 1-port Fast Ethernet 100BASE-TX port adapter (PA-FE-TX).
Conditions This symptom is observed on a PA-FE-TX port adapter on a Cisco 7500 router that is configured with OSPF. The PA-FE-TX does not receive OSPF multicast traffic because MAC multicast entries are not added to the MAC table.
Workaround There is no workaround.
IP Routing Protocols
•
Symptoms A memory leak may occur on a Cisco 7200 series router. The memory leak is caused by the Border Gateway Protocol (BGP) I/O process and occurs at the rate of 100 KB to 130 KB per hour (about 2.5 MB to 3 MB per day) after the show memory summary | incl BGP privileged EXEC command is entered. This situation occurs regardless of whether a BGP neighbor is flapping.
The output of the show processes memory | incl bgp privileged EXEC command shows the following:
Router#show processes memory | incl bgp
PID TTY Allocated Freed Holding Getbufs Retbufs Process ... 104 0 3522569548 2139398320 21965976 297916 5184 BGP I/O ...The show memory summary | incl bgp privileged EXEC command indicates that the "BGP (1) update" function allocates memory without deallocating it again after the process is completed:
Router#show memory summary| incl bgp
Alloc PC Size Blocks Bytes What ... 0x607C42E0 65496 333 21810168 BGP (1) update ....Conditions This symptom is observed on a Cisco 7206VXR router that is functioning as a Provider Edge (PE) router and that is running Cisco IOS Release 12.1(5a) in a Multiprotocol Label Switching Virtual Private Network (MPLS VPN) network.
Workaround Reload the router.
•
Symptoms After you detach an interface from a Virtual Private Network (VPN) routing/forwarding (VRF) instance using the no ip vrf forwarding vrf-name command, the adjacency information that is associated with the removed interface still shows up in the VRF table.
Conditions The conditions under which this symptom occurs are not known at this time.
Workaround There is no workaround.
•
Symptoms In a failover configuration of a designated router (DR) and a non-DR, the DR fails, does not clear its connected flag, and continues to send Protocol Independent Multicast (PIM) join messages upstream. This situation causes unnecessary traffic. Upon failback, the non-DR does not clear its connected flag and continues to sends join-packet messages upstream long after the outgoing interface list of the mroute entry becomes empty.
Conditions This symptom is observed in a failover configuration of a DR and a non-DR that have directly connected receivers.
Workaround Clear the mroute entry.
•
Symptoms If a peer advertises a replacement path (with the same multi-exit discriminator [MED] as the original path), the new path is inserted in the previous position of the original path.
Conditions This symptom may be observed on a Border Gateway Protocol (BGP) router that is using deterministic MED. When this symptom occurs, the replacement path may not be grouped with paths from the same autonomous system number (ASN). This ordering may result in incorrect routing and may cause routing loops.
Workaround Disable and reenable deterministic MED on the router after the router enters the incorrect state.
•
Symptoms A router may reload. Also, a Multilayer Switch Feature Card 2 (MSFC 2) may reload with a bus error in the not so stubby area (NSSA) part of the Open Shortest Path First (OSPF) code.
Conditions This symptom is observed on any Cisco router that is running a Cisco IOS software release when a link-state advertisement (LSA) with an incontiguous mask is sent to a router.
Workaround Do not send address LSAs with illegal masks, that is masks that are not contiguous, to a router.
•
Symptoms Memory allocation (MALLOC) failures may be observed when Border Gateway Protocol (BGP) updates are generated, and the following error message may be displayed:
%SYS-2-MALLOCFAIL: Memory allocation of 2093048 bytes failed from 0x602BDB08, alignment 0 Pool: Processor Free: 1546596 Cause: Not enough free memory
Alternate Pool: None Free: 0 Cause: No Alternate poolConditions This symptom is observed on a Cisco router.
Workaround There is no workaround.
•
Symptoms A Performance Route Processor (PRP) can cause exception when trying to reload the router.
Conditions This symptom is observed on a PRP that is running Cisco IOS Release 12.0(21)3S and that has BGP/Interior Gateway Protocol (IGP) with Multiprotocol Label Switching-traffic engineering (MPLS-TE).
Workaround There is no workaround.
•
Symptoms Tracebacks may occur.
Conditions This symptom is observed when you use the offset list router configuration command in Enhanced Interior Gateway Routing Protocol (EIGRP) and when you remove a summary address from an interface that has a Virtual Private Network (VPN) routing/forwarding (VRF) instance defined.
Workaround There is no workaround.
•
Symptoms A router may reload after the show ip mroute summary EXEC command is entered.
Conditions This symptom is observed on Cisco router that is running Cisco IOS Release 12.2.
Workaround There is no workaround.
•
Symptoms A router may reload when the Sham-Link Support feature is configured.
Conditions The conditions under which this symptom occurs are not known at this time.
Workaround There is no workaround.
•
Symptoms A router that has Fast Reroute (FRR) enabled may reload.
Conditions This symptom is observed when the input interface for a label switched path goes down and the label switched path has not been fast rerouted at the previous hop (PHOP) or at a hop before the PHOP.
Workaround There is no workaround.
•
Symptoms Enhanced Interior Gateway Routing Protocol (EIGRP) may log a spurious access.
Conditions This symptom is observed during a test on a Cisco 7500 series router that is running the rsp-pv-mz image of Cisco IOS Release 12.0(21.4)SY.
Workaround There is no workaround.
•
Symptoms In rare circumstances, a downstream multicast router may have a group in the mroute table, yet the upstream multicast router does not show the downstream multicast router in the outgoing interface list.
Conditions The conditions under which this symptom occurs are not known at this time.
Workaround Issue the clear ip mroute group interface configuration command.
•
Symptoms Subnets in the /31 range may not be accepted.
Conditions This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(21.4)S.
Workaround There is no workaround.
•
Symptoms A router that is configured with the neighbor address or the neighbor ibgp peer-group name nlri unicast multicast Border Gateway Protocol (BGP) commands does not automatically translate the no auto-summary command into the multicast address family.
Conditions The symptom is observed on a Cisco router when more than one address family is used under BGP.
Workaround Manually add the no auto-summary command into the multicast address family.
•
Symptoms A route reflector does not change the nexthop to itself, even when it is set to do so via a route map.
Conditions The conditions under which this symptom occurs are not known at this time.
Workaround There is no workaround.
•
Symptoms A watchdog timeout may cause a software-forced reload on a router.
Conditions This symptom is observed on a Cisco 7500 router that is using the Border Gateway Protocol (BGP).
Workaround There is no workaround.
•
Symptoms The Forwarding Information Base (FIB) table on a Cisco 12000 series Gigabit Route Processor (GRP) may be missing entries for directly connected subnets.
Conditions This symptom is observed on a Cisco 12000 series router after you have removed a large number of routes.
Workaround Enter the clear ip route network EXEC command for the affected prefixes. The following is an example:
Router#show ip cef 10.2.0.4 255.255.255.224
%Prefix not found
Router#clear ip route 10.2.0.4 255.255.255.224
Router#show ip cef 10.2.0.4 255.255.255.224
10.2.0.4/30, version 285154, epoch 0, attached, connected, cached adjacency to POS1/0 0 packets, 0 bytes via POS1/0, 0 dependencies valid cached adjacency•
Symptoms A router may reload unexpectedly if MD5 authentication is used with Open Shortest Path First (OSPF). The following message may be displayed when you enter the show version EXEC command:
System returned to ROM by error - a Software forced crash, PC 0x12345678Conditions This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0(22)S. The symptom occurs only when corrupted OSPF packets are present.
Workaround Remove MD5 authentication for OSPF.
ISO CLNS
•
Symptoms A Cisco router may install a suboptimal Intermediate System-to- Intermediate System (IS-IS) route into its routing table. Depending on the topology, this situation may create a routing loop.
Conditions This symptom is observed on an IS-IS Level 1 - Level 2 (L1L2) router that is running Cisco IOS Release 12.0 S or Release 12.0 ST and that has prefixes configured that are allowed to be leaked into Level 1, that is, prefixes that match the access list that is specified within the redistribute isis ip level-2 into level-1 distribute-list command. When route leaking is not configured, this condition is not observed.
Workaround There is no workaround. The condition resolves itself when the affected route is cleared by entering the clear ip route network EXEC command.
Miscellaneous
•
Symptoms A Cisco router may reload during the bootup process.
Conditions This symptom is observed when a syslog server and syslog source interface have been defined before the source interface has been parsed and the configuration of the router is directly written from TFTP to NVRAM memory or you upgrade from Cisco IOS Release 12.0 to Release 12.1 or Release 12.2.
Workaround Place the syslog server and syslog source interface configurations after the source interface itself. To do this, you must edit the configuration offline, copy it to NVRAM memory, and then reboot the router.
•
Symptoms Memory allocation failures (MALLOCFAIL) may be observed on a router after it is reloaded.
Conditions This symptom is observed on a Cisco 7500 series router.
Workaround There is no workaround.
•
Symptoms When you apply a crypto map to a tunnel interface that has the ip cef distributed global configuration command enabled, a message very similar to the following one will appear:
Router(config)#interface Tunnel0
Router(config-if)# crypto map testtag
ERROR: The VIP interface must be configured with cef distributed switching before enabling encryption.Conditions The conditions under which this symptom occurs are not known at this time.
Workaround There is no workaround.
•
Symptoms A queue may become stuck and display messages that are similar to the following:
%GRP-3-FABRIC_UNI: Unicast send timed out %QM-4-STUCK: Port 0 Queue mask 0x1Conditions This symptom is observed when an OC-48 Packet-over-SONET (POS) interface is flapping and when updates are received.
Workaround Perform a microcode reload of the line card.
•
Symptoms Pattern loss may occur on a T1 channel that is configured under a Virtual Tributary level 1.5 (VT1.5) stream on a router line card when you use the clock source internal controller configuration command.
Conditions This symptom is observed on a Cisco 10000 series 1-port channelized OC-12 line card.
Workaround Use the clock source line controller configuration command.
•
Symptoms On a router that is configured as a provider edge (PE) router with multiple Virtual Private Network (VPN) routing/forwarding (VRF) instances, the VRF routing table may not be imported to the same PE router when routes are imported between the VRFs even when the PE router is displayed on the Border Gateway Protocol (BGP) VPN4 table.
Conditions This symptom is observed on a PE router in a Multiprotocol Label Switching (MPLS) and VPN environment.
Workaround There is no workaround.
•
This caveat describes two symptoms, two conditions, and two workarounds:
Symptoms A The Egress NetFlow feature can be configured on a core Multiprotocol Label Switching (MPLS) interface by using the mpls netflow egress command-line interface (CLI) command. However, the Egress NetFlow feature is designed to work only on the outbound Virtual Private Network routing/forwarding (VRF) interfaces of an MPLS network. Enabling it in any other location should be considered a misconfiguration.
Conditions A Conditions do not apply to this situation.
Workaround A Do not configure the Egress NetFlow feature on any MPLS core interface. If the feature is enabled on any MPLS core interface, enter the no mpls netflow egress command to disable the feature.
Symptoms B IP packets that are looped back are wrongly accounted for. A new flow in the opposite direction should be created for those IP packets.
Conditions B This symptom is observed on an outgoing MPLS egress flow.
Workaround B There is no workaround.
•
Symptoms Serial interfaces on a Cisco 10000 series 1-port channelized OC-12 line cards remain in a Down/Down state after the router has reloaded and the interfaces are defined in the startup configuration.
Conditions This symptom is observed when the startup configuration contains a large number of serial interfaces that are defined on multiple 1-port channelized OC-12 line cards.
Workaround Delete and recreate the affected interfaces.
•
Symptoms A Gigabit Ethernet input queue may become wedged.
Conditions This symptom is observed on a Cisco 7400 router.
Workaround There is no workaround.
•
Symptoms Traceback messages may be displayed after the ip accounting mac-address input interface configuration command is configured on VLANs that have an input access control list (ACL) present. The counters that are based on the source and destination MAC address stop incrementing after the traceback messages are observed.
Conditions These symptoms are observed on a 3-port Gigabit Ethernet line card when VLAN traffic is coming in.
Workaround Remove the input ACL from the VLAN interface.
•
Symptoms A Buffer Management ASIC (BMA) error may occur, and the following messages are displayed:
SLOT 2:00:10:20: %LC-3-BMAERRS: FrFab BMA PLIM error 100000
SLOT 2:00:10:20: %LC-3-BMAERR: FrFab BMA error: msstat 440340B2 dma0 800 dma1 0 dma2 0 qm 1FFFF8 plim 100000 fia 0 l3 0 ms 0 sdram 0Conditions This symptom is observed on a Cisco 12000 series 6-port channelized T3 line card and 2-port channelized OC-3 line card and occurs when a packet with zero length is received by the BMA.
Workaround There is no workaround.
•
Symptoms Open Shortest Path First (OSPF) fails across a multilink bundle.
Conditions This symptom is observed when a Cisco 7500 series router is placed back-to-back with any other peer router in a distributed Multilink PPP (dMLP) configuration that has links in a multilink bundle. When any of the links are removed from the bundle on the side of the peer router, the OSPF connectivity is lost for few seconds on the Cisco 7500 series router side and then recovers immediately.
Workaround There is no workaround.
•
Symptoms When SONET level alarms occur, such as Loss of Signal (LOS), the SONET line active alarms field and the alarm indication signal (AIS) monitoring counter may indicate that no alarms are present when you are viewing the output from the show controllers sonet slot port line-number privileged EXEC command.
Conditions This symptom is observed when the line summary in the output of the show controllers sonet slot port line-number privileged EXEC command for a SONET controller on a Cisco 10000 series line card neither properly displays nor counts the AIS when a line alarm condition is present.
Workaround Use the section and path information in the output of the show controllers sonet slot port line-number privileged EXEC command to interpret whether a line alarm condition is present or not.
•
Symptoms If you configure modular quality of service (QoS) using the command-line interface (CLI) on a 4-port OC-48 Dynamic Packet Transport (DPT) line card, a Cisco 12000 series Internet router fails.
Conditions This symptom is observed on a Cisco 12000 series Internet router that is running the gsr-p-mz image of Cisco IOS Release 12.0(21)ST1.
Workaround Configure QoS using the traditional method.
•
Symptoms Label Distribution Protocol (LDP) and Border Gateway Protocol (BGP) with IPv4+labels could be applied to the same Virtual Private Network (VPN) routing/forwarding instance (VRF) on the same router, which is restricted in the current code. Hence, the feature cannot work properly.
Conditions This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(21)3S1.
Workaround There is no workaround.
•
Symptoms If there is a sequence mismatch between peer routers that have an interconnected multilink interface, the recovery sequence for the router that is out of synchronization may take an extended period of time and may affect the traffic that is on the router.
Conditions This symptom is observed on a Cisco 7500 series router that is running Multilink PPP (MLP).
Workaround Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected multilink interface.
•
Symptoms Traffic fails after a Performance Routing Engine (PRE) cutover on the provider edge (PE) router.
Conditions This symptom is observed on a Cisco 10000 series edge services router.
Workaround There is no workaround.
•
Symptoms Cisco Express Forwarding (CEF) may be disabled on an ATM OC-3 line card after a memory leak occurs.
Conditions This symptom is observed on an ATM OC-3 line card.
Workaround There is no workaround.
•
Symptoms A Cisco router that is running Cisco Express Forwarding (CEF) for IP version 6 (IPv6) may reload when you enter the show ipv6 cef internal EXEC command.
Conditions This symptom is observed when the IPv6 CEF forwarding table is changed while you enter the show ipv6 cef internal EXEC command.
Workaround There is no workaround.
•
Symptoms An indefinite output pause may occur on a serial interface that is a member of a multilink group, and the following logs may be seen:
%RSP-3-RESTART: interface Serial3/0/0, not transmitting Serial3/0/0: microcode reloadConditions This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.2(10) with a PA-4T-V35 port adapter inserted in the Versatile Interface Processor (VIP)2-50 or in the VIP2-40 and where one physical interface is a member of a multilink group and another interface is configured for High-Level Data Link Control (HDLC), and where Cisco Express Forwarding (CEF) is enabled globally and disabled on the multilink interface (bundle master), and, lastly, where distributed weighted fair queuing (WFQ) is enabled on the interface configured for HDLC.
Workaround There is no workaround.
•
Symptoms A loopback fails on an Engine 2 line card.
Conditions This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(21.3)S2.
Workaround There is no workaround.
•
Symptoms You may not be able to attach a service policy to an unspecified bit rate (UBR) ATM permanent virtual circuit (PVC). You can attach policies to variable bit rate (VBR) and available bit rate (ABR) PVCs if the bandwidth specified in the policy is lower than peak cell rate (PCR).
Conditions This symptom is observed on a Cisco 7500 series router.
Workaround There is no workaround.
•
Symptoms An Engine 4 plus line card may perform Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) label disposition incorrectly and punt all packets that have sizes that are close to the maximum transmission unit (MTU) of the egress VPN interface to the line card CPU.
Conditions This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(21.3)S2.
Workaround Increase the MTU of the egress interface.
•
Symptoms Some channelized devices may be left down. Via Cisco Discovery Protocol (CDP) you can see that these devices are connected to different E1 controllers and time slots than those that were initially configured.
Conditions This symptom is observed on a Cisco 10000 series router that is running Cisco IOS Release 12.0(21)ST when the redundancy force-failover main-cpu command is used.
Workaround A temporary workaround is to reconfigure the correct controller details.
•
Symptoms Traffic may be dropped on a Cisco 12000 series router that is configured with an Engine 2 (E2) line card.
Conditions This symptom is observed when the following conditions are present:
–
–
–
Workaround Remove the hardware-accelerated multicast configuration, and reload the line card.
•
Symptoms A router may fail to warn you that a policy map oversubscribes link bandwidth.
Conditions This symptom is observed when you use nested policies on Frame Relay or Gigabit Ethernet interfaces and the sum of the shape rate of all permanent virtual circuits (PVCs) or VLANs is greater than the interface bandwidth of the Frame Relay or Gigabit Ethernet interfaces.
Workaround Enter the show policy-map interface EXEC command to ensure that the policy map is successfully applied.
•
Symptoms The Multiprotocol Label Switching (MPLS) forwarding table does not display a label for an aggregate route.
Conditions This symptom is observed on a Cisco 10720 Internet router and affects only the aggregate routes that are explicitly configured under the Border Gateway Protocol (BGP) configuration using the aggregate- address address mask summary- only command.
Workaround There is no workaround.
•
Symptoms The Ring Access Controller (RAC) watchdog timer expires and forces the RAC to enter the pass-through mode.
Conditions This symptom typically occurs when CPU utilization remains at 100 percent for more than 90 seconds.
Workaround There is no workaround.
•
Symptoms A bus error may occur on a router and the router returns to the ROM monitor (ROMmon) prompt.
Conditions This symptom is observed on a Cisco 10000 series edge services router when running an ATM test, atm_mult_card_mult_port_vbr_aggr_segm_and_reas_change_pcr. This error seems to happen on the unconfiguration part of the test.
Workaround There is no workaround.
•
Symptoms Spurious accesses and alignment errors may occur on a Versatile Interface Processor (VIP), which may cause routes or interfaces to go down.
Conditions These symptoms are observed on a Cisco 7500 series router that has Multiprotocol Label Switching (MPLS) NetFlow enabled on the egress side through the mpls netflow egress interface configuration command.
Workaround Configure the ip cef global configuration command or the no ip route-cache distributed interface configuration command.
•
Symptoms A few out of 1000 interfaces are not up after a Trivial File Transfer Protocol (TFTP) loading configuration has occurred.
Conditions This symptom is observed on a Cisco 10000 series edge services router.
Workaround There is no workaround.
•
Symptoms A backup Clock Switch Card 0 (CSC 0) may enter the "going on" state.
Conditions This symptom is observed when an online insertion and removal (OIR) is performed on a Cisco 12406 router with the primary clock on CSC 1 (slot 17).
Workaround There is no workaround.
•
Symptoms A Versatile Interface Processor (VIP4-80) may reload with a bus error when distributed Multilink PPP (dMLP) is configured.
Conditions This symptom occurs when traffic is passed through the dMLP bundle and occurs just after the interface comes up. This symptom is specific to the dMLP feature and will occur only if dMLP is configured on a platform. The dMLP feature is independent of other features and does not affect other features.
Workaround There is no workaround.
•
Symptoms Line cards may reload while trying to send traffic in a basic Virtual Private Network (VPN) setup.
Conditions This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(21.4)S.
Workaround There is no workaround.
•
Symptoms NetFlow statistics may not be recorded for some packet flows.
Conditions This symptom is observed on a Cisco 10000 series edge services router that is running Cisco IOS Release 12.0(20)ST3. If there are many active flows and they stop all at once, the NetFlow statistics for many of the flows may not be recorded.
Workaround There is no workaround.
•
Symptoms Under rare situations Parallel Express Forwarding (PXF) may reload with the following message:
%PXF-2-FAULT: T0 Local Bus Exception: CPU[t0r1c1] TBACBConditions This symptom is observed on a Cisco 10000 series edge services router. The symptom persists while forwarding to a particular IP address. The address cannot readily be predetermined.
In Cisco IOS Release 12.0(20)ST, Release 12.0(21)ST, and Release 12.0(21)SX on Performance Routing Engine (PRE)-1, no reload occurs, but traffic for the affected IP address is not forwarded.
Workaround There is no workaround.
•
Symptoms A standby Route Processor (RP) may reload when a primary configuration is changed.
Conditions This symptom is observed on a Cisco 12000 series Internet router.
Workaround There is no workaround.
•
Symptoms If policing is enabled using the modular quality of service QoS command-line interface CLI (MQC), it may not work with Class-Based Weighted Fair Queueing (CBWFQ) on a Frame Relay subinterface, although it may work properly with Low Latency Queueing (LLQ).
Conditions This symptom is observed on a Cisco 7500 series router when packets are Cisco Express Forwarding (CEF) switched instead of distributed Cisco Express Forwarding (dCEF) switched. Also, if output policing is enabled on the router, output policing and output queueing may not work.
Workaround Disable output policing, or make sure that packets are dCEF switched instead of non-dCEF switched.
•
Guest