Table Of Contents
Caveats for Cisco IOS Release 12.1
Resolved Caveats—Cisco IOS Release 12.1(27b)
Resolved Caveats—Cisco IOS Release 12.1(27a)
Open Caveats—Cisco IOS Release 12.1(27)
Resolved Caveats—Cisco IOS Release 12.1(27)
Resolved Caveats—Cisco IOS Release 12.1(26)
Resolved Caveats—Cisco IOS Release 12.1(25)
Resolved Caveats—Cisco IOS Release 12.1(24)
Resolved Caveats—Cisco IOS Release 12.1(22c)
Resolved Caveats—Cisco IOS Release 12.1(22b)
Resolved Caveats—Cisco IOS Release 12.1(22a)
Resolved Caveats—Cisco IOS Release 12.1(22)
Resolved Caveats—Cisco IOS Release 12.1(21)
Resolved Caveats—Cisco IOS Release 12.1(20a)
Resolved Caveats—Cisco IOS Release 12.1(20)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.1(19)
Resolved Caveats—Cisco IOS Release 12.1(18)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.1(17)
Resolved Caveats—Cisco IOS Release 12.1(16)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.1(15)
Resolved Caveats—Cisco IOS Release 12.1(14)
Resolved Caveats—Cisco IOS Release 12.1(13a)
Resolved Caveats—Cisco IOS Release 12.1(13)
Resolved Caveats—Cisco IOS Release 12.1(12c)
Resolved Caveats—Cisco IOS Release 12.1(12b)
Resolved Caveats—Cisco IOS Release 12.1(12a)
Resolved Caveats—Cisco IOS Release 12.1(12)
Resolved Caveats—Cisco IOS Release 12.1(11b)
Resolved Caveats—Cisco IOS Release 12.1(11a)
Resolved Caveats—Cisco IOS Release 12.1(11)
Resolved Caveats—Cisco IOS Release 12.1(10a)
Resolved Caveats—Cisco IOS Release 12.1(10)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.1(9a)
Resolved Caveats—Cisco IOS Release 12.1(9)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.1(8a)
Resolved Caveats—Cisco IOS Release 12.1(8c)
Resolved Caveats—Cisco IOS Release 12.1(8)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.1(7c)
Resolved Caveats—Cisco IOS Release 12.1(7b)
Resolved Caveats—Cisco IOS Release 12.1(7a)
Resolved Caveats—Cisco IOS Release 12.1(7)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.1(6a)
Resolved Caveats—Cisco IOS Release 12.1(6)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.1(5e)
Resolved Caveats—Cisco IOS Release 12.1(5d)
Resolved Caveats—Cisco IOS Release 12.1(5c)
Resolved Caveats—Cisco IOS Release 12.1(5)
Resolved Caveats—Cisco IOS Release 12.1(4c)
Resolved Caveats—Cisco IOS Release 12.1(4a)
Resolved Caveats—Cisco IOS Release 12.1(4)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.1(3b)
Resolved Caveats—Cisco IOS Release 12.1(3)
Resolved Caveats—Cisco IOS Release 12.1(2b)
Resolved Caveats—Cisco IOS Release 12.1(2)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.1(1c)
Resolved Caveats—Cisco IOS Release 12.1(1)
Novell IPX, XNS, and Apollo Domain
Cisco Product Security Overview
Reporting Security Problems in Cisco Products
Obtaining Technical Assistance
Cisco Technical Support & Documentation Website
Definitions of Service Request Severity
Obtaining Additional Publications and Information
Caveats for Cisco IOS Release 12.1
November 2, 2005
Online Part Number OL-2897-11 Rev. D0
This document lists severity 1 and 2 caveats and select severity 3 caveats for Cisco IOS Release 12.1, up to and including Release 12.1(27b). Caveats describe unexpected behavior or defects in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious.
To help us improve this document, please send us your comments. If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically at http://www.cisco.com/feedback/ or contact relnote-feedback@cisco.com. For more information, see the "Documentation Feedback" section.
How to Use This Document
This document describes open and resolved severity 1 and 2 caveats and select severity 3 caveats:
•
The "Open Caveats" section lists open caveats that apply to the current release and may apply to previous releases.
•
Within the sections the caveats are sorted by technology in alphabetical order. For example, AppleTalk caveats are listed separately from, and before, IP caveats. The caveats are also sorted alphanumerically by caveat number.
If You Need More Information
Cisco IOS software documentation can be found on the web through Cisco.com.
For more information on caveats and features in Cisco IOS Release 12.1, refer to the following sources:
•
•
•
•
•
•
Note
The most recent release notes document when this caveats document was published were Release Notes for Cisco IOS Release 12.1 for Cisco IOS Release 12.1(26) on November 11, 2004.
Contents
•
•
•
Resolved Caveats—Cisco IOS Release 12.1(27b)
Cisco IOS Release 12.1(27b) is a rebuild release for Cisco IOS Release 12.1(27). The caveats in this section are resolved in Cisco IOS Release 12.1(27b) but may be open in previous Cisco IOS Releases. This section describes severity 1 and 2 caveats and select severity 3 caveats.
IP Routing Protocols
•
Symptoms: A router may reset its Border Gateway Protocol (BGP) session.
Conditions: This symptom is observed when a Cisco router that peers with other routers receives an Autonomous System (AS) path with a length that is equal to or greater than 255.
Workaround: Configure the bgp maxas limit command in such as way that the maximum length of the AS path is a value below 255. When the router receives an update with an excessive AS path value, the prefix is rejected and recorded the event in the log.
Miscellaneous
•
Symptoms: The Multiprotocol Label Switching (MPLS) forwarding table, label forwarding information base (LFIB), is not properly populated.
Conditions: This symptom is observed when reloading a Cisco router that is running Cisco IOS Release 12.1, Release 12.2, or Release 12.1 E.
Workaround: For every router (prefix/mask) with routes for which the LFIB entries are incorrect, execute the clear ip route prefix mask command.
Alternate Workaround: Execute the clear ip route * command.
•
Symptoms: A router may stop sending traffic.
Conditions: This symptom is observed after a Stateful Switchover (SSO) cutover is performed on a Cisco 7500 series that has label-controlled ATM (LC-ATM) incoming and outgoing interfaces and that is configured with distributed Cisco Express Forwarding (dCEF).
Workaround: There is no workaround.
•
Symptoms: A label may not be assigned for a peer provider edge (PE) router.
Conditions: This symptom is observed on a Cisco 7500 series and a Cisco 12000 series in a Virtual Private Network (VPN) configuration with multiple route reflectors (RRs) and label controlled ATM (LC-ATM) links between PE routers. The symptom may also occur on other platforms.
Workaround: There is no workaround.
•
Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.
Cisco has made free software available that includes the additional integrity checks for affected customers.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml.
Resolved Caveats—Cisco IOS Release 12.1(27a)
Cisco IOS Release 12.1(27a) is a rebuild release for Cisco IOS Release 12.1(27). The caveats in this section are resolved in Cisco IOS Release 12.1(27a) but may be open in previous Cisco IOS Releases. This section describes severity 1 and 2 caveats and select severity 3 caveats.
Miscellaneous
•
NetFlow Feature Acceleration has been deprecated and removed from Cisco IOS. The global command ip flow-cache feature-accelerate will no longer be recognized in any IOS configuration.
If your router configuration does not currently contain the command ip flow-cache feature-accelerate, this change does not affect you.
The removal of NetFlow Feature Acceleration does not affect any other aspects of Netflow operation, for example Access-list processing. The features are separate and distinct.
Cisco Express Forwarding (CEF) supercedes the deprecated NetFlow Feature Acceleration.
Additionally, the following MIB objects and OIDs have been deprecated and removed from the netflow mib (CISCO-NETFLOW-MIB):
cnfFeatureAcceleration 1.3.6.1.4.1.9.9.99999.1.3
cnfFeatureAccelerationEnable 1.3.6.1.4.1.9.9.99999.1.3.1
cnfFeatureAvailableSlot 1.3.6.1.4.1.9.9.99999.1.3.2
cnfFeatureActiveSlot 1.3.6.1.4.1.9.9.99999.1.3.3
cnfFeatureTable 1.3.6.1.4.1.9.9.99999.1.3.4
cnfFeatureEntry 1.3.6.1.4.1.9.9.99999.1.3.4.1
cnfFeatureType 1.3.6.1.4.1.9.9.99999.1.3.4.1.1
cnfFeatureSlot 1.3.6.1.4.1.9.9.99999.1.3.4.1.2
cnfFeatureActive 1.3.6.1.4.1.9.9.99999.1.3.4.1.3
cnfFeatureAttaches 1.3.6.1.4.1.9.9.99999.1.3.4.1.4
cnfFeatureDetaches 1.3.6.1.4.1.9.9.99999.1.3.4.1.5
cnfFeatureConfigChanges 1.3.6.1.4.1.9.9.99999.1.3.4.1.6Open Caveats—Cisco IOS Release 12.1(27)
This section describes possibly unexpected behavior by Cisco IOS Release 12.1(27). All the caveats listed in this section are open in Cisco IOS Release 12.1(27). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: When a Secure Shell (SSH) connection to a router that uses TACACS+ for authentication fails because of an unknown user name or incorrect password, a memory leak occurs and a TCP connection may hang in the CLOSEWAIT or ESTAB state. For an SSH2 connection, a memory leak occurs even if the authentication succeeds.
Conditions: This symptom is observed on an SSH connection to a Cisco router.
Workaround: There is no workaround. However, under normal circumstances, the memory leak is relatively small and should not interfere with normal operation.
Resolved Caveats—Cisco IOS Release 12.1(27)
This section describes possibly unexpected behavior by Cisco IOS Release 12.1(27). All the caveats listed in this section are resolved in Cisco IOS Release 12.1(27). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: A system used for reverse connections, such as a console server or other "milking machine" applications, may unexpectedly restart due to a bus error.
Conditions: The conditions under which this occurs are not well understood, but it is likely that frequent, short-lived connections are more likely to cause the problem than environments where connections are either long-lived or rarely opened and closed.
Workaround: There is no workaround.
•
Symptoms: Although there are free tty lines, you cannot make a Telnet connection and a "No Free TTYs error" message is generated.
Conditions: This symptom is observed when there are simultaneous Telnet requests.
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: A Versatile Interface Processor 2-50 (VIP2-50) crashes because of a Cybus error with DMA receive errors.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.1 and that is configured with a PA-2FE that is installed in a VIP2-50. The symptom may also occur in other releases.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: A router may reload when a static Enhanced Interior Gateway Routing Protocol (EIGRP) neighbor statement is being removed.
Conditions: If a static neighbor statement is removed from the EIGRP configuration at the same time the neighbor is going down, the router may reload.
Workaround: Do not use static neighbors in EIGRP.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
Symptoms: A router that is configured for OSPF may reload unexpectedly and reference the "ospf_build_one_paced_update" process.
Conditions: This is observed on a Cisco router that has a mixture of LSAs (of type 5 and 11) that travel throughout an autonomous system and LSAs (of any type other than type 5 and 11) that travel within a particular OSPF area. The symptom may occur at any time without any specific changes or configuration and is not specifically related to any type of LSA.
Workaround: There is no workaround.
Further Problem Description: The symptom is very unlikely to occur. The symptom does not occur on a router that has exclusively stub areas and NSSA areas. The symptom may occur when a router does not have exclusively stub areas and NSSA areas.
•
Symptoms: A router may reload with a bus error exception, the crashinfo file shows an address error (a load or instruction fetch), and there is a spurious access in the crashinfo file.
Condition: These symptoms are observed on a Cisco router that performs NAT on H.323 voice traffic.
Workaround: There is no workaround.
•
Symptoms: A router may reload when a subinterface with a certain configuration is deleted.
Conditions: This symptom is observed on a Cisco router that has multicast and the Hot Standby Routing Protocol (HSRP) configured.
Workaround: Remove the multicast configuration before deleting the subinterface.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
Miscellaneous
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
Symptoms: A Cisco router that is configured for SNASw may reload because of a bus error.
Conditions: This symptom is observed when the downstream port is configured for VDLC (DLSw). The problem is more likely to happen in a large, busy SNASw environment.
Workaround: There is no workaround.
Further Problem Description: This issue is platform independent.
Wide-Area Networking
•
Symptoms: A memory leak may occur in the "Multilink Events" process, which can be seen in the output of the show memory summary command:
0x60BC47D0 0000000024 0000000157 0000003768 MLP bundle name
0x60BC47D0 0000000028 0000000003 0000000084 MLP bundle name
0x60BC47D0 0000000044 0000000001 0000000044 MLP bundle name
0x60BC47D0 0000000048 0000000001 0000000048 MLP bundle name
0x60BC47D0 0000000060 0000000001 0000000060 MLP bundle name
0x60BC47D0 0000000064 0000000013 0000000832 MLP bundle name
0x60BC47D0 0000000068 0000000008 0000000544 MLP bundle name
0x60BC47D0 0000000072 0000000001 0000000072 MLP bundle name
0x60BC47D0 0000000076 0000000001 0000000076 MLP bundle name
0x60BC47D0 0000000088 0000000018 0000001584 MLP bundle nameConditions: This symptom is observed when two interfaces are configured in the same multilink group or are bound to the same dialer profile.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.1(26)
This section describes possibly unexpected behavior by Cisco IOS Release 12.1(26). All the caveats listed in this section are resolved in Cisco IOS Release 12.1(26). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: A specifically crafted Transmission Control Protocol (TCP) connection to a telnet or reverse telnet port of a Cisco device running Internetwork Operating System (IOS) may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases Hypertext Transport Protocol (HTTP) access to the Cisco device. Telnet, reverse telnet, RSH and SSH sessions established prior to exploitation are not affected.
All other device services will operate normally.
Conditions: User initiated specially crafted TCP connection to a telnet or reverse telnet port results in blocking further telnet sessions. Whereas, services such as packet forwarding, routing protocols and all other communication to and through the device remains unaffected.
Workaround: The detail advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml
Miscellaneous
•
Symptoms: When the second REQDACTPU is sent to VTAM by SNA Switching Services (SNASW), the FQPCID supplied is a new, unused FQPCID rather than that sent on the initial REQACTPU. This usually has no ill side-effects. However, under certain conditions, the fact that the REQDACTPU RSP cannot be correlated can allow the PU to become perpetually hung.
Conditions: This symptom occurs when the second REQDACTPU is sent to VTAM by SNA Switching Services (SNASW).
Workaround: There is no workaround.
•
A Cisco device running Cisco IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DoS) attack from a malformed BGP packet. Only devices with the command `bgp log-neighbor-changes' configured are vulnerable. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet.
If a misformed packet is received and queued up on the interface, this bug may also be triggered by other means which are not considered remotely exploitable such as the use of the command `show ip bgp neighbors' or running the command `debug ip bgp <neighbor> updates' for a configured bgp neighbor.
Cisco has made free software available to address this problem.
For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20050126-bgp.shtml
TCP/IP Host-Mode Services
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
Resolved Caveats—Cisco IOS Release 12.1(25)
This section describes possibly unexpected behavior by Cisco IOS Release 12.1(25). All the caveats listed in this section are resolved in Cisco IOS Release 12.1(25). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Miscellaneous
•
Symptoms: A Cisco 3600 series with an NM-CT1/E1 network module that contains an NM-xDM network module may not allow incoming modem calls and generate the "no modem available" error message even though the output of the show modem command indicates that there is a free modem available.
Conditions: This symptom is observed when frequent retrains occur on the modems.
Workaround: There is no workaround.
•
Symptoms: On an RTR probe, an RSP does not report input or output packets for serial interfaces of PA-MC-8T1, PA-MC-8E1, and PA-MC-8TE1+ port adapters.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.2(23a) or Release 12.3 and is more likely to occur when the number of channelized port adapters (such as the PA-MC-8T1, PA-MC-8E1, and PA-MC-8TE1+ port adapters) that are installed in the router is high.
Workaround: Reload the router.
Alternate Workaround: Enter the reload microcode router configuration command.
•
Symptoms: A Cisco 7500 series router may reload when multilink interface configured on the router comes up.
Conditions: This symptom would happen if service-policy is configured on the multilink interface and distributed switching is enabled.
Workaround: Not configuring service-policy on the router would prevent the router from reloading.
Wide-Area Networking
•
Symptoms: The IP Control Protocol (IPCP) times out in a Link Control Protocol (LCP) negotiation.
Conditions: The problem happens when "virtual-profile virtual-template" is configured without "virtual-profile if-needed" and an ASYNC call creates a Virtual-Access interface.
Workaround: Configure "virtual-profile if-needed" and use the ASYNC interface without a Vaccess.
Resolved Caveats—Cisco IOS Release 12.1(24)
This section describes possibly unexpected behavior by Cisco IOS Release 12.1(24). All the caveats listed in this section are resolved in Cisco IOS Release 12.1(24). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: Many memory allocation failure (MALLOCFAIL) messages may occur for a Cisco Discovery Protocol (CDP) process:
%SYS-2-MALLOCFAIL: Memory allocation of -1732547824 bytes failed from x605111F0, pool Processor, alignment 0
-Process= "CDP Protocol", ipl= 0, pid= 42
-Traceback= 602D5DF4 602D78A0 605111F8 60511078 6050EC88 6050E684 602D0E2C 602D0E18Conditions: The symptom is observed on a Cisco 7513 that runs Cisco IOS Release 12.0(17)ST. The symptom may also occur on other Cisco 7500 series routers that run Release 12.0 S, 12.2 S, 12.3, or 12.3 T.
Workaround: To prevent the symptom from occurring again, disable CDP by entering the no cdp run global configuration command.
•
Symptoms: A router may reload unexpectedly due to memory corruption.
Conditions: Connection accounting is enabled and the router is handling a high volume of connections.
Workaround: Disable connection accounting.
Further Problem Description: The high volume scenario can occur when there are a lot of users (typically scripts) logging into the router through VTYs, and some of them cause a race condition where the system is trying to do accounting after the connection structures have been freed.
•
Symptoms: A Cisco device experiences a memory leak in the CDP process.
Conditions: The device sending CDP packets sends a hostname that is 256 or more characters. There are no problems with a hostname of 255 or fewer characters.
Workaround: Configure the neighbor device to use less than a 256 character hostname, or disable the CDP process with the global command no cdp run.
IBM Connectivity
•
Symptoms: A Cisco 2620 may reload because of a segmentation violation (SegV).
Conditions: This symptom is observed when you attempt to run X.25 (at packet level) over a Logical Link Control, type 2 (LLC2) (at frame level) from a third-party vendor workstation to the Cisco 2620. This problem was also seen when running DLSW (Data Link Switching).
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: A port adapter may stop receiving packets. When this symptom occurs, the output of the show interface EXEC command does not report any input or output drops. When the show controller EXEC command is issued on the Versatile Interface Processor (VIP) console of a router, the command output may display incrementing rx_no_buffer and virtual circuit connection (VCC) counts.
Conditions: This symptom is observed on an enhanced ATM Port Adapter (PA-A3) on a Cisco 7500 router.
Workaround: Bounce the port adapter interface by issuing the shutdown interface configuration command followed by the no shutdown interface configuration command.
IP Routing Protocols
•
Symptoms: A router flushes link-state advertisements (LSAs) that have not been refreshed for more than 50 minutes.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0(19)ST1.
Workaround: There is no workaround.
•
Symptoms: If Network Address Translation (NAT) overload is configured, translation may not function properly. A packet may be translated twice, and the inside global address may be considered as the inside local address.
Conditions: This symptom is observed on a Multilayer Switch Feature Card (MSFC2) that is running Cisco IOS Release 12.1(2)E or Release 12.1(8b)E9.
Workaround: Configure an access list for the NAT dynamic mappings, that would permit inside hosts only.
•
Symptoms: NAT calculates an invalid UDP checksum for some checksum values.
Conditions: This symptom is observed in a very particular situation which depends on the NAT configuration and the UDP checksum value. After the translation, the new UDP checksum value of the translated packet is equal to zero. NAT ignores the new checksum value of zero and it uses the original checksum value, which causes a checksum error at the end device.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: When an available bit rate (ABR) permanent virtual circuit (PVC) is used with a Cisco 3600 or Cisco 2600 router on an ATM T1 Inverse Multiplexing over ATM (IMA) module, the maximum output possible on the interface is:
Approximately 50 kbps if the user configures ABR PCR = 1500
Approximately 1220 kbps if the user configures ABR PCR = 3000
Approximately 2500 kbps if the user configures ABR PCR = 4500
Output queue drops are shown on the ATM interface when the show interfaces interface x/y EXEC command is entered.
Conditions: This symptom is observed on a Cisco 3600 or Cisco 2600 series router on an ATM T1 Inverse Multiplexing over ATM (IMA) module.
Workaround: Use either a variable bit rate (VBR) or an unspecified bit rate (UBR).
•
Symptoms: Free memory in router, as shown by the show processor memory command, drops until ultimately the router may issue SYS-2- MALLOCFAIL messages and hang.
Conditions: Memory will be permanently leaked when a Cisco device receives duplicate per-user Authentication, Authorization, and Accounting (AAA) requests for TCP Header Compression for the same user.
Workaround: Disable per-user AAA TCP Header Compression.
•
Symptoms: SNMP does not return the ifAlias for the T1 controllers, even after the description command is configured on the controller.
Conditions: This symptom is observed on a Cisco AS5300 but is not platform dependent.
Workaround: There is no workaround.
•
Symptoms: A PRI time slot that receives an analog call may be stuck in a link-control-protocol (LCP) timeout for all consecutive ISDN PPP calls.
Conditions: This symptom is observed on a Cisco AS5200.
Workaround: Reload the router.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Symptoms: The show flash-filesystem EXEC command and the dir filesystem EXEC command may not work properly on a Cisco 2600XM, preventing you from seeing the flash images.
In addition, the copy destination url flash: EXEC command may fail when the erase option is not selected (that is, you type in no when you are asked if you want to erase the device). The copy destination url flash: EXEC command functions fine when you do select the erase option.
Conditions: These symptoms are observed on a Cisco 2600XM that is configured with a particular third-party vendor 16-MB SIMM. Note that the router is still functional with this SIMM; you can boot or reload the router, perform a TFTP download operation, and similar actions without any difficulty.
Workaround: There is no workaround.
•
Symptoms: The box may crash when configuring the SSH key.
Conditions: The crash happens when the key generation is done right after reload.
Workaround: Wait 30 seconds after reload before generating key pair.
•
Symptoms: The ringback tone is not heard on the originating phone in the call alerting phase of an H.323 slow start VoIP call using a Cisco IOS VoIP gateway as the terminating gateway (TGW).
Conditions: The TGW sends an H.225 Alerting message with a Progress Indicator value of 1 or 8, which means that the ringback tone is transported in-band from the TGW.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload when a member is removed and then added back to a multilink interface.
Conditions: This symptom is observed on a Cisco 7500 series when distributed Multilink PPP (MLP) is enabled.
Workaround: Shut down the multilink and then add or remove the member links. This action can prevent this symptom, but is not a very acceptable workaround.
•
Symptoms: An enhanced ATM port adapter (PA-A3) may display an increasing "rx_no_buffer" counter in the output of the show controllers atm privileged EXEC command, and some PVCs configured on the PA-A3 port adapter may stop receiving traffic.
Conditions: This symptom is observed when there is a high-traffic load on the PA-A3. Certain types of PA-A3s are impacted by this problem (PA-A3-OC3/T3/E3 are impacted, but PA-A3-OC12 and PA-A3-8T1/8E1 IMA are not). Also, any platform supporting these types of PA-A3s may be impacted.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the PA-A3.
Further Problem Description: The condition that triggers this problem is ignores on the ATM interface. The high-traffic load must be high enough to cause ignores on ATM interface in order for the problem to occur. However, it is important to note that ignores on the ATM interface does not always leads to this problem.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
TCP/IP Host-Mode Services
•
Symptoms: When prompts for Tool Command Language (TCL) and Voice Extensible Markup Language (VXML) applications are loaded using FTP, FTP does not return the proper size of the prompts.
Conditions: This symptom is observed on a Cisco AS5300 but is not platform dependent.
Workaround: Load the prompts using RAM, TFTP, or HTTP.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOSÆ software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
Wide-Area Networking
•
Symptoms: When a router running Cisco IOS Release 12.0S, 12.1, 12.2, or 12.2T receives a multilink packet with Protocol Field Compression (PFC) applied, the packet is not interpreted correctly, and is subsequently rejected. The following debug messages appear in the debug trace when the debug ppp negotiation command is enabled:
MLP: I UNKNOWN(192) [Not negotiated] id 0 len 0
LCP: O PROTREJ [Open] id 2 len 95 protocol MLPConditions: This symptom is observed when the router requests PFC during Link Control Protocol (LCP) negotiations and the peer applies PFC to its outbound packets. PFC is enabled by default on asynchronous serial interfaces, it is disabled by default on other interfaces.
Workaround: In Cisco IOS Release 12.2 and 12.2 T, PFC can be disabled using the ppp pfc local forbid interface configuration command. In Release 12.0 S and 12.1, there is no workaround.
Resolved Caveats—Cisco IOS Release 12.1(22c)
Cisco IOS Release 12.1(22c) is a rebuild release for Cisco IOS Release 12.1(22). The caveats in this section are resolved in Cisco IOS Release 12.1(22c) but may be open in previous Cisco IOS Releases. This section describes severity 1 and 2 caveats and select severity 3 caveats.
Basic System Services
•
Symptoms: Many memory allocation failure (MALLOCFAIL) messages may occur for a Cisco Discovery Protocol (CDP) process:
%SYS-2-MALLOCFAIL: Memory allocation of
-1732547824 bytes failed from x605111F0, pool Processor, alignment 0
-Process= "CDP Protocol", ipl= 0, pid= 42
-Traceback= 602D5DF4 602D78A0 605111F8 60511078 6050EC88 6050E684 602D0E2C 602D0E18Conditions: The symptom is observed on a Cisco 7513 that runs Cisco IOS Release 12.0(17)ST. The symptom may also occur on other Cisco 7500 series routers that run Release 12.0 S, 12.2 S, 12.3, or 12.3 T.
Workaround: To prevent the symptom from occurring again, disable CDP by entering the no cdp run global configuration command.
•
Symptoms: A router may reload unexpectedly due to memory corruption.
Conditions: Connection accounting is enabled and the router is handling a high volume of connections.
Workaround: Disable connection accounting.
Further Problem Description: The high volume scenario can occur when there are a lot of users (typically scripts) logging into the router through vty's and some of them cause a race condition where the system is trying to do accounting after the connection structures have been freed.
•
Symptoms: A Cisco Catalyst 2950 experiences a memory leak in the CDP process.
Conditions: The device sending CDP packets sends a hostname that is 256 or more characters. There are no problems with a hostname of 255 or fewer characters.
Workaround: Configure the neighbor device to use less than a 256 character hostname, or disable the CDP process with the global command no cdp run.
Miscellaneous
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Symptoms: A router may reload unexpectedly after it attempts to access a low memory address.
Conditions: This symptom is observed after ACLs have been updated dynamically or after the router has responded dynamically to an IDS signature.
Workaround: Disable IP Inspect and IDS.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Symptoms: The ringback tone is not heard on the originating phone in the call alerting phase of an H.323 slow start VoIP call using a Cisco IOS VoIP gateway as the terminating gateway (TGW).
Conditions: The TGW sends an H.225 Alerting message with a Progress Indicator value of 1 or 8, which means that the ringback tone is transported in-band from the TGW.
Workaround: There is no workaround.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
Resolved Caveats—Cisco IOS Release 12.1(22b)
Cisco IOS Release 12.1(22b) is a rebuild release for Cisco IOS Release 12.1(22). The caveats in this section are resolved in Cisco IOS Release 12.1(22b) but may be open in previous Cisco IOS Releases. This section describes severity 1 and 2 caveats and select severity 3 caveats.
IP Routing Protocols
•
Symptoms: A router flushes link-state advertisements (LSAs) that have not been refreshed for more than 50 minutes.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0(19)ST1.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: The show flash-filesystem EXEC command and the dir filesystem EXEC command may not work properly on a Cisco 2600XM, preventing you from seeing the flash images.
In addition, the copy destination url flash: EXEC command may fail when the erase option is not selected (that is, you type in no when you are asked if you want to erase the device). The copy destination url flash: EXEC command functions fine when you do select the erase option.
Conditions: These symptoms are observed on a Cisco 2600XM that is configured with a particular third-party vendor 16-MB SIMM. Note that the router is still functional with this SIMM; you can boot or reload the router, perform a TFTP download operation, and similar actions without any difficulty.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.1(22a)
Cisco IOS Release 12.1(22a) is a rebuild release for Cisco IOS Release 12.1(22). The caveats in this section are resolved in Cisco IOS Release 12.1(22a) but may be open in previous Cisco IOS Releases. This section describes severity 1 and 2 caveats and select severity 3 caveats.
IP Routing Protocols
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
Miscellaneous
•
Symptoms: The H.323 protocol stack on Cisco IOS software uses a third-party Abstract Syntax Notation One (ASN.1) library, and Cisco does not have control over the source code. Under some situations, when there are encoding errors and no free memory is available, a Cisco router reloads inside the third-party library code. In the third-party library code, a function is called by the ASN encoder to free all allocated memory whenever an error is detected. However, the encoder does not free the memory correctly, and the router reloads.
Conditions: This symptom is observed on a Cisco AS5300 but may be observed on other Cisco platforms.
Workaround: Upgrade to Cisco IOS Release 12.1 T or a later release that uses Cisco-developed ASN.1 library code.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Symptoms: Cisco IOS software may cause a Cisco router to reload unexpectedly when the router receives a malformed H.225 setup message.
Conditions: This symptom is observed on a Cisco 1700 series that runs Cisco IOS Release 12.2(13c). The symptom occurs when the following debug privileged EXEC commands are enabled:
–
–
–
Workaround: There is no workaround.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
Resolved Caveats—Cisco IOS Release 12.1(22)
This section describes possibly unexpected behavior by Cisco IOS Release 12.1(22). All the caveats listed in this section are resolved in Cisco IOS Release 12.1(22). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: After a Versatile Interface Processor (VIP) has reloaded, there does not seem to be a crashinfo file because the crashinfo file is not closed; therefore, it is not visible or accessible. If the same VIP reloads again, both the first and second crashinfo files are accessible.
Conditions: This symptom is observed on a Cisco 7500 series that is running Cisco IOS Release 12.2(6f).
Workaround: There is no workaround.
•
Symptoms: A Cisco router may fail to process Cisco Discovery Protocol (CDP) packets and update the IP process for On Demand Routing (ODR) routes.
Conditions: This symptom is mainly observed on WAN interfaces with traffic that is passing through the link when a Cisco router fails to update the hold-down timer and the IP process when it receives a CDP packet from a neighbor.
Workaround: There is no workaround.
•
Symptoms: A Cisco MC3810 router may reload when it makes Voice over Frame Relay (VoFR) calls.
Conditions: This symptom is most likely to be observed on a Cisco MC3810 router under stress conditions (24 calls). However, it may also occur (rarely) when a single call is made.
Workaround: There is no workaround.
IBM Connectivity
•
Symptoms: Ethernet redundancy may not function with Inter-Switch Link (ISL) trunking.
Conditions: This symptom is observed on a Cisco router or switch that is configured for data-link switching (DLSw) and Ethernet Redundancy (ER).
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is configured for data-link switching (DLSw) may generate the following error messages and tracebacks:
%TCP-2-INVALIDTCPENCAPS: Invalid TCB encaps pointer: 0x0 -Process= "DLSw Peer Process", ipl= 0, pid= 81
-Traceback= 603BDCDC 603BEFC4 60AC5A24 60AC6E00 60AC4F54 60AB51D0 60AB4D04 60AB4 958 60223B44 60223B30
%TCP-2-INVALIDTCPENCAPS: Invalid TCB encaps pointer: 0x0 -Process= "IP Input", ipl= 0, pid= 29
-Traceback= 603BDCDC 603BEFC4 60AC5A24 60AC6E00 60AC4F54 60AB51D0 60ABCF44 603BD C28 60325EC0 60327C44 6035E49C 60346DCC 603452C8 603453C4 60345538 60223B44Conditions: This symptom is observed in a DLSw border peer network that uses DLSw priority peers. Note that the symptom does not affect the DLSw functionality.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: When next-hop-self is configured on a peer group, the next-hop calculation is only performed on the first member of the peer group, and the same next-hop value is replicated to the rest of the peers instead of calculating the next hop based on the next-hop-self configuration. The problem of wrong next-hop value on the peer group members occurs if the router is multihomed and if Border Gateway Protocol (BGP) uses those multiple interfaces to peer with the neighbors which are in the same peer group (or update group), then the same next-hop value of the leader of the peer group is used for all the members.
Conditions: This symptom is observed on a Cisco 7200 router that is running Cisco IOS Release 12.2, Release 12.3, or Release 12.3T.
Workaround: Remove the peer groups to allow the calculation to be run for each neighbor.
Alternate Workaround: Make sure that all the peers which are in the same peer group can be reached through a single interface and use that interface IP address, using the BGP update-source command, as the local peering address.
•
Symptoms: When a Border Gateway Protocol (BGP) process propagates routes that are learned from an internal BGP (iBGP) peer to an external BGP (eBGP) peer, the eBGP peer should see these routes with the next-hop address of the originator's address. However, the eBGP peer sees the routes with the next-hop address of the router that propagates the routes not the router that originates the routes.
Conditions: This symptom is observed in Cisco IOS Release 12.1(22).
Workaround: There is no workaround.
Miscellaneous
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.•
Symptoms: A Cisco gatekeeper may reload if the show gatekeeper gw-type-prefix privileged EXEC command is entered on the gatekeeper.
Conditions: This symptom may be observed on all Cisco platforms when there is a large routing table on the gatekeeper.
Workaround: There is no workaround.
•
Symptoms: A router may reload.
Conditions: This symptom is observed when the show ip vrf EXEC command is entered for virtual private network (VPN) routing/forwarding (VRF) instances that are being unconfigured by entering the no ip vrf command script. This symptom affects releases that contain the Multiprotocol Label Switching (MPLS) VPN feature.
Workaround: Do not enter the show ip vrf EXEC command for VRF instances that are being processed by the no ip vrf command script.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.•
Symptoms: A Cisco AS5300 may reload because of a software condition, and the following error message may be displayed when you enter the show version EXEC command:
System returned to ROM by error - a Software forced crash, PC 0xXXXXXXXX"0xXXXXXXXX" represents the program counter on which the reload occurred.
Conditions: This symptom is observed on a Cisco AS5300 that is running Cisco IOS Release 12.1(16) but may also occur in Release 12.2 T.
Workaround: There is no workaround.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.•
Symptoms: A router may reload because of a bus error.
Conditions: This symptom is observed on a Cisco router if a VPN routing/forwarding (VRF) instance is deleted while the show ip vrf vrf-name EXEC command executes.
Workaround: Do not enter the show ip vrf vrf-name EXEC command while any VRF is being deleted.
•
Symptoms: A Cisco router may generate a "SYS-2-GETBUF" message during the "Tag Input" process and may reload unexpectedly.
Conditions: This symptom is observed when the router fragments a Multiprotocol Label Switching (MPLS) packet.
Workaround: There is no workaround.
•
Symptoms: Cisco IOS software may cause a Cisco router to reload unexpectedly when the router receives a malformed H.225 setup message.
Conditions: This symptom is observed on a Cisco 1700 series that runs Cisco IOS Release 12.2(13c). The symptom occurs when the following debug privileged EXEC commands are enabled:
–
–
–
Workaround: There is no workaround.
•
Symptoms: CPUHOG messages and tracebacks may occur on a Cisco router when you attempt to register more than 10,000 gateways.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with a Network Processing Engine G1 (NPE-G1).
Workaround: There is no workaround.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.Wide-Area Networking
•
Symptoms: A router may reload because of a watchdog timeout if the no dialer pool-member interface configuration command is entered on the D channel of the router.
Conditions: This symptom is observed on a Cisco router when the command is entered on the D channel and there is more than one link that is bound to the dialer profile with Multilink PPP (MLP).
Workaround: Shut down the dialer interfaces and physical interfaces that are relevant to the dialer pool. After the interfaces are completely down, enter the no dialer pool-member interface configuration command.
Resolved Caveats—Cisco IOS Release 12.1(21)
This section describes possibly unexpected behavior by Cisco IOS Release 12.1(21). All the caveats listed in this section are resolved in Cisco IOS Release 12.1(21). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: A Cisco 7500 series router may reload because of a software condition after an online insertion and removal (OIR) of a Versatile Interface Processor (VIP) that is configured with an ATM OC-3c/STM-1 port adapter (PA-A3- OC3) and after the following error message has been generated:
%SYS-6-STACKLOW: Stack for process OIR Handler running low, 12/3000Conditions: This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.2(7) and occurs with a VIP2-50, VIP4, and VIP6. The symptom is related to the PA-A3-OC3 and occurs only during an OIR.
Workaround: Do not perform an OIR on any VIP that is configured with a PA-A3- OC3.
IP Routing Protocols
•
Symptoms: A router may experience frequent Multicast Source Discovery Protocol (MSDP) session resets with the MSDP peers of the router.
Conditions: This symptom is observed on Cisco router that is configured for MSDP. This situation is often caused by excessive source, group (S, G) information that should be contained in a domain being passed to the outside, resulting in additional entries in the Source-Active (SA) cache.
Workarounds:
–
–
–
•
Symptoms: A Cisco router that is using a static Network Address Translation (NAT) outside configuration is forced to reload.
Conditions: The static NAT ip nat inside source static network command or ip nat outside source static network command must be present to reload the router.
Workaround: There is no workaround.
•
Symptoms: Using the show ip sdr command may result in the printing of garbage characters.
Conditions: This symptom occurs if the multicast Session Description Protocol (SDR) session expires while the output is being printed.
Workaround: There is no workaround.
•
Symptoms: A router may reload because of a bus error after the show ip sdr EXEC command is entered.
Conditions: This symptom is observed on a Cisco 7513 router that is running either Cisco IOS Release 12.0(22)S1 or Release 12.0(22)S2. This symptom occurs because an invalid SDR Session announcement message is received without the name of the session.
Workaround: Avoid the use of the show ip sdr command.
•
Symptoms: A summarized entry may remain in the Enhanced Interior Gateway Routing Protocol (EIGRP) topology table after manual summarization is disabled.
Conditions: This symptom is observed when manual summarization is enabled and subsequently disabled on a network that is also being redistributed into EIGRP.
Workaround: Restart the EIGRP process.
•
Symptoms: A Cisco router may reload by bus error when ip accounting is configured on the router.
Conditions: This symptom is observed on a Cisco 7206VXR router that is running Cisco IOS Release 12.2(11)T2 after entering the clear ip accounting EXEC command.
Workaround: Do not use the clear ip accounting EXEC command or the show ip accounting EXEC command.
•
Symptoms: A Cisco router may reload with a bus error.
Conditions: This symptom is observed on a Cisco 7200 series router when the ip accounting EXEC command has been used.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: While running IP security (IPSec), a Cisco 2600 series router reloads with the following error message:
ALIGN-3-SPURIOUS: Spurious memory access made at 0x810FF844 reading 0x0Conditions: This symptom is observed on a Cisco 2600 series router that is running Cisco IOS Release 12.1(5)T5.
Workaround: There is no workaround.
•
Symptoms: After a few weeks of normal operation, the interface on a Cisco PA- MC-8E1 begins flapping and finally pauses with the output queue stuck as follows:
Serial1/1:1 is up, line protocol is up
Encapsulation HDLC, crc 16, Data non-inverted
Keepalive set (120 sec)
Last input 00:00:03, output 04:14:23, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 21952
Queueing strategy: weighted fair
Output queue: 30/4000/64/21855 (size/max total/threshold/drops)
30 second input rate 0 bits/sec, 0 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
43903807 packets input, 3646461183 bytes, 0 no buffer
Received 0 broadcasts, 321 runts, 0 giants, 0 throttles
5160 input errors, 4 CRC, 0 frame, 0 overrun, 0 ignored, 2945 abort
42026998 packets output, 2185017012 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
31 carrier transitions
no alarm present
Timeslot(s) Used:1-31, subrate: 64Kb/s, transmit delay is 0 flagsThe following traceback is observed in the log:
%LINK-4-TOOBIG: Interface Serial60:1, Output packet size of
1526 bytes too big
Traceback= 0x604007F8 0x604A927C 0x6084E4D4 0x6057425C 0x60CE921C
0x60CE55EC
%LINK-4-TOOBIG: Interface Serial20:1, Output packet size of
1526 bytes too big
Traceback= 0x604007F8 0x604A927C 0x6084E4D4 0x6057425C 0x60CE921C
0x60CE55ECConditions: This symptom is observed on a Cisco router that is configured with a PA-MC-8E1 interface.
Workaround: There is no workaround.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.•
Symptoms: REQACTPU is rejected with an 08060000 sense code. SNA Switching Services (SNASw) may not stop the link station so that the end device can try another data-link switching (DLSw) peer. The SNASw link and the DLSw TCP/IP circuit stay intact so the physical unit (PU) continues to retry on an invalid host, which affects sites that peer to multiple hosts.
Conditions: This symptom is observed in Cisco IOS Release 12.1(15) or Release 12.2(12) and later releases. A design change was introduced via CSCdw93088 to cause the circuit not to break.
Workaround: Manually break the circuit so that DLSw can use the other DLSw peer.
•
Symptoms: It may be difficult to make an Inverse Multiplexing over ATM (IMA) link between a Cisco router and other vendor equipment.
Conditions: This symptom is observed on Cisco 2600 series and Cisco 3600 series routers. When an IMA link is configured between the Cisco 2600 series and the Cisco 3600 series and other vendor equipment, the Cisco routers keep sending the test link command (set to 1) in the IMA Control Protocol (ICP) cell regardless of the ima test interface configuration command. Both the Cisco 2600 series and Cisco 3600 series platforms need the fix for the caveat CSCds55768 to eliminate this symptom.
Workaround: There is no workaround.
•
Symptoms: An ATM output subinterface may pause indefinitely. When this defect is observed, the pxmt counter in the show controllers command also pauses with nonzeroentries as shown in the following log:
Router#show controllers atm | in pxmt
pxmt: 196 queued: 59Conditions: This symptom is observed on a Cisco 7206 router with a PA-A2 ATM CES port adapter that is running Cisco IOS Release 12.1(17).
Workaround: Use the shutdown interface configuration command followed by the no shutdown interface configuration command to disable and restart the ATM subinterface.
•
Symptoms: IP Security (IPSec) connections from Cisco Virtual Private Network (VPN) 1.1 clients may fail when connecting to a Cisco router. The crypto debugs will indicate a problem negotiating DH phase I values as shown in the following display:
*Aug 6 06:44:49.639: ISAKMP (0:1): Unable to generate DH phase I values!Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.1(20).
Workaround: There is no workaround.
•
Symptoms: Leaks may be observed for some Virtual Private Network routing and forwarding (VRF) routes in the global Forwarding Information Base (FIB) table when a VRF is deleted and recreated.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0 S or Release 12.2 T.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: A Cisco Catalyst 2900 series XL switch sends Bridge Protocol Data Units (BPDUs) over a permanent virtual circuit (PVC), which is in the DOWN state because of an Operation, Administration, and Maintenance (OAM) failure.
Conditions: This symptom is observed on a Cisco Catalyst 2900 series XL switch.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.1(20a)
Cisco IOS Release 12.1(20a) is a rebuild release for Cisco IOS Release 12.1(22). The caveats in this section are resolved in Cisco IOS Release 12.1(20a) but may be open in previous Cisco IOS Releases. This section describes severity 1 and 2 caveats and select severity 3 caveats.
Miscellaneous
•
Symptoms: The H.323 protocol stack on Cisco IOS software uses a third-party Abstract Syntax Notation One (ASN.1) library, and Cisco does not have control over the source code. Under some situations, when there are encoding errors and no free memory is available, a Cisco router reloads inside the third-party library code. In the third-party library code, a function is called by the ASN encoder to free all allocated memory whenever an error is detected. However, the encoder does not free the memory correctly, and the router reloads.
Conditions: This symptom is observed on a Cisco AS5300 but may be observed on other Cisco platforms.
Workaround: Upgrade to Cisco IOS Release 12.1 T or a later release that uses Cisco-developed ASN.1 library code.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Symptoms: Cisco IOS software may cause a Cisco router to reload unexpectedly when the router receives a malformed H.225 setup message.
Conditions: This symptom is observed on a Cisco 1700 series that runs Cisco IOS Release 12.2(13c). The symptom occurs when the following debug privileged EXEC commands are enabled:
- debug h225 asn1
- debug h225 events
- debug h225 q931
Workaround: There is no workaround.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
Resolved Caveats—Cisco IOS Release 12.1(20)
This section describes possibly unexpected behavior by Cisco IOS Release 12.1(20). All the caveats listed in this section are resolved in Cisco IOS Release 12.1(20). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: A serial interface may show an interface as down/down even when all signals (request to send [RTS], clear to send [CTS], data terminal ready [DTR], data carrier detect [DCD]) are present.
Conditions: This symptom is observed on the serial interface of a Cisco router that is running Cisco IOS Release 12.0(15).
Workaround: Reload the microcode.
•
Symptoms: A router may reload because of a segmentation violation exception error or a bus error and display either of the following two error messages:
System was restarted by error - a SegV exception, PC 0x8042B0ACSystem returned to ROM by bus error at PC 0x605A9970, address 0x64
Conditions: This symptom is observed on a Cisco router that has generic traffic shaping configured when the router reloads because of a segmentation violation exception error or a bus error.
Workaround: Remove the traffic shaping configuration from the interfaces that have traffic shaping configured.
IBM Connectivity
•
Symptoms: Data-link switching (DLSw) may cause a buffer leak in the small buffer pool of a router.
Conditions: This symptom is observed when DLSw Ethernet redundancy is used. This behavior does not occur when DLSw is used with source bridging, transparent bridge groups, Synchronous Data Link Control (SDLC), or Qualified Logical Link Control (QLLC).
This symptom occurs when the end system begins to communicate by sending an Exchange Identification (XID) frame to a destination service access point (DSAP) other than DSAP 0. This symptom does not occur if the end system begins communicating by sending a TEST frame or an XID frame to DSAP 0.
If the dlsw timer explorer-wait-time time global configuration command is configured, the rate of the buffer leak is proportional to the value of the time argument. An increase in the configured value of the time argument leads to an increase in the rate of the buffer leak.
Workaround: To minimize the impact of the buffer leak, the user may consider configuring the time argument of the dlsw timer explorer-wait-time time global configuration command to a value of "1" or removing the dlsw timer explorer-wait-time time global configuration command from the configuration.
Note
Interfaces and Bridging
•
Symptoms: A router may not recognize an ATM WAN OC-3 port adapter.
Conditions: This symptom is observed when an ATM WAN OC-3 port adapter is installed in slot 1 of a Cisco 7200 series router that has a Network Processing Engine 150 (NPE-150).
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: A router that is directly connected to a source may not start registering when the source becomes active, and the (S,G) state may time out on the rendezvous point (RP).
Conditions: This symptom is observed on a router that is configured for Protocol Independent Multicast (PIM) and that has an (S,G) entry with the F flag reset.
Workaround: There is no workaround.
•
Symptoms: A directly-connected interface on a router that is covered by an Enhanced Interior Gateway Routing Protocol (EIGRP) network statement may not be displayed on the EIGRP topology table.
Conditions: This symptom is observed after a router that has the directly-connected interface is reloaded.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface.
•
Symptoms: When an area border router receives type-4 link-state advertisements (LSAs) via the nonbackbone, the router may incorrectly generate type-4 LSAs into the backbone. This situation may cause a routing loop to occur.
Conditions: This symptom is observed in Cisco IOS Release 12.0(22)S or a later release or in Release 12.2(10) or a later release when the following conditions occur:
–
–
–
In this situation, Router 1 generates type-4 LSAs into the backbone area for the ASBR. This situation should not occur and may lead to a routing loop.
Workaround: Reset the Open Shortest Path First (OSPF) process by entering the clear ip ospf process privileged EXEC command.
•
Symptoms: The Multilayer Switch Feature Card (MSFC) of a Cisco Catalyst 6000 may reload with the following error message:
System was restarted by bus error at PC 0x40DFEE54, address 0xB0D0B7DConditions: This symptom is observed on a Cisco Catalyst 6000 that is configured for Network Address Translation (NAT).
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: The boot Flash file system of a router may become corrupted.
Conditions: This symptom is observed when Cisco IOS software writes a crashinfo file after a router reloads.
Workaround: Configure the no exception crashinfo global configuration command to prevent the router from writing a crashinfo file after the router reloads.
•
A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.
Cisco has made free software available to address this problem. For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.
•
Symptoms: A Cisco Versatile Interface Processor 2-50 (VIP 2-50) may reload after a software upgrade.
Conditions: This symptom is observed on the Cisco VIP 2-50 of a Cisco 7500 series that has two single-port Fast Ethernet port adapters after the Cisco 7500 series is upgraded from Cisco IOS Release 12.1(2) to Release 12.1(16).
Workaround: This behavior can be avoided by setting a single interface or both interfaces to be administratively shut down while the router boots up with the new Cisco IOS release. The interfaces can be brought back up individually after the software is loaded and the router is stable.
•
Symptoms: The amount of memory that is held up by the Simple Network Management (SNMP) process increases constantly. This behavior may cause the router to eventually run out of memory and start displaying memory allocation (MALLOC) failure messages.
Conditions: This symptom is observed when the cieEngineStatusTable table is requested by SNMP.
Workaround: Stop collecting information about the cieEngineStatusTable table using SNMP.
•
Symptoms: A Cisco 7200 series router that is configured with Systems Network Architecture Switching Services (SNASw) and enterprise extender uplinks to a mainframe permanently pauses during the mainframe initial program load (IPL). The show process cpu user EXEC command indicates that the router is at 99 percent CPU utilization during the IPL.
Conditions: This symptom is observed on a Cisco 7200 series router.
Workaround: There is no workaround.
•
A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.
Cisco has made free software available to address this problem. For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.
•
Symptoms: The "giaddr" field is not updated for flooded Dynamic Host Configuration Protocol (DHCP) broadcasts.
Conditions: When the ip forward-protocol spanning-tree any-local-broadcast global configuration command is configured, DHCP broadcasts are forwarded to all interfaces in a bridge group, but the "giaddr" field is not set. This behavior causes issues in a network because the DHCP server uses the "giaddr" field in order to properly allocate addresses when the client is not in the local network.
Workaround: Configure the following commands on each interface that is connected to the DHCP or BOOTstrap Protocol (BOOTP) clients to forward the DHCP or BOOTP packets to the DHCP or BOOTP server and to properly set the "giaddr" field for locally-attached clients:
–
–
–
•
Symptoms: Systems Network Architecture Switching Services (SNASw) physical units may pause indefinitely in the "PendActPu" state.
Conditions: This symptom is observed after a host initial program load (IPL) occurs.
Workaround: Stop and restart SNASw.
•
Symptoms: A Systems Network Architecture Switching Services (SNASw) router that is configured with the snasw ipstrace global configuration command may reload.
Conditions: This symptom is observed when the show snasw ips user EXEC command is entered immediately after the show snasw link user EXEC command is entered.
Workaround: Do not configure the snasw ipstrace global configuration command. Always use the snasw start ipstrace user EXEC command and the snasw stop ipstrace user EXEC command in conjunction with the snasw ipstrace global configuration command.
•
Symptoms: A downstream physical unit (PU) may pause indefinitely in the "Pend ACTPU" state.
Conditions: This symptom is observed on a Systems Network Architecture (SNA) switch after a host initial program load (IPL) occurs when the SNA switch is busy activating PUs. The SNA switch does not send a REQACTPU response to the dependent logical unit server (DLUS).
Workaround: Redirect the PU to a redundant SNA switch.
Alternate Workaround: Stop and restart the SNA switch.
Novell IPX, XNS, and Apollo Domain
•
Symptoms: A router may reload unexpectedly.
Conditions: This symptom is observed when Internetwork Packet Exchange (IPX) routing is configured on a Cisco 3640.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.1(19)
This section describes possibly unexpected behavior by Cisco IOS Release 12.1(19). All the caveats listed in this section are resolved in Cisco IOS Release 12.1(19). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms The show bootflash: chips EXEC command may cause subsequent commands such as the show bootflash all EXEC command to fail.
Conditions This symptom is observed on a Cisco router that has a Route Switch Processor (RSP8). This symptom occurs because the bootflash module is flawed.
Workaround Enter the show version EXEC command to restore the router to normal operating condition. Alternatively, you may reseat or replace the Flash single in-line memory module (SIMM).
•
Symptoms: A software-forced reload may occur on a router.
Conditions: This symptom is observed on a Cisco router when the hunting process takes over the local plain old telephone service (POTS) dial peers. Hunting is a process that occurs on the router when it searches for a dial peer that it can use to send a voice call.
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: A Cisco router may pause indefinitely in rare traffic conditions.
Conditions: This symptom is observed on a Cisco 7200 series router that is using an MPA-CE1 port adapter. This condition occurs if weighted fair queueing (WFQ) or Multilink PPP (MLP) is mixed with pure FIFO queueing on the configured channels.
Workaround: There is no workaround.
•
Symptoms: A software-forced reload may occur on a 1-port Fast Ethernet 100BASE-TX (PA-1FE-TX) port adapter because of a block overrun.
Conditions: This symptom is observed on the PA-1FE-TX port adapter when it is running on a Cisco router. The likelihood of the port adapter reloading increases when the number of interface resets increases. The interface reset counter can be displayed by entering the show interface EXEC command on the PA-1FE-TX port adapter.
Workaround: There is no workaround.
•
Symptoms: A Versatile Interface Processor (VIP) may reload and restart after a Fast Ethernet port adapter (PA-FE) is installed.
Conditions: This symptom is observed on a VIP that is installed in a Cisco 7500 series router.
Workaround: There is no workaround.
•
Symptoms: X.25 encapsulation may not come up on interfaces that are installed on a port adapter.
Conditions: This symptom is observed on the 2-port channelized T1 ISDN port adapter (PA-2CT1) or 2-port channelized E1 port adapter (PA-2CE1) of a Cisco 7500 series. The cbus complex process may be executed if messages such as "output frozen" and "not transmitting" are displayed on interfaces that are installed on the port adapter.
Workaround: There is no workaround.
•
Symptoms: An enhanced ATM port adapter (PA-A3) may display an incrementing rx_no_buffer counter in the output of the show controllers atm EXEC command, and the PA-A3 port adapter may subsequently pause indefinitely and stop receiving traffic.
Conditions: This symptom is observed when there is traffic on the PA-A3 port adapter.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the PA-A3 port adapter.
IP Routing Protocols
•
Symptoms: A universal access server may reload because of a bus error.
Conditions: This symptom is observed on a Cisco AS5300 series universal access server that is running Cisco IOS Release 12.1(15).
Workaround: There is no workaround.
•
Symptoms: Enhanced Interior Gateway Routing Protocol (EIGRP) neighbors may be reset unnecessarily on an interface that is configured with summarization. The following output is displayed when this symptom occurs:
%DUAL-5-NBRCHANGE: IP-EIGRP 111: Neighbor 10.108.255.244 (FastEthernet4/0) is down: Summary up, remove external
%DUAL-5-NBRCHANGE: IP-EIGRP 111: Neighbor 10.108.255.245 (FastEthernet4/0) is down: Summary up, remove externalConditions: The EIGRP neighbors are reset unnecessarily, and the summary is regenerated on an interface if all components of the summary are lost and at least one component is relearned.
Workaround: Remove the EIGRP summary statements from the interface.
•
Symptoms: A router may reload because of a bus error at the ipnat_unlock_parent_entry process.
Conditions: This symptom is observed on a Cisco router.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: A router may reload if a T1 or E1 channel-associated signaling (CAS) controller goes down before it receives more than a certain number of CAS or ISDN analog calls.
Conditions: This symptom is observed if CAS is configured on the T1 or E1 controllers of a Cisco router.
Workaround: There is no workaround.
•
Symptoms: A router may transmit bit errors.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.1 and that has a serial 1DS3 or 2DS3 port adapter (PA-T3 or PA- 2T3) when the signal is below 0.5 decibels (dB).
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface.
•
Symptoms: A router may reload and display the following error message:
%SYS-6-STACKLOW: Stack for process Crypto Support running low, 0/1000Conditions: This symptom is observed on a Cisco 2500 series or Cisco 7500 series that has IP Security (IPSec) enabled.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series router experiences spurious memory accesses and reloads with a bus error.
Conditions: This symptom is observed on a Cisco 7500 series router that is running the Cisco rsp-pv-mz image and that has Multiprotocol Label Switching (MPLS) enabled. This situation is related to the use of the aggregate-address Border Gateway Protocol (BGP) command.
Workaround: There is no workaround.
•
Symptoms: A window condition may occur if an initial program load (IPL) is performed on a mainframe while it is processing a primary logical unit secondary logical unit (PLU-SLU) session over a dependent logical unit requester (DLUR). A logical unit (LU) may hang and may cause a downstream physical unit (DSPU) to pause indefinitely. The DSPU state is shown as "reset" even though the finite state machine (FSM) history shows the DSPU state as "reset link inactive." The state of the LU is also reset, and the DSPU cannot be used. An IPL has to be performed on the Systems Network Architecture (SNA) switch to recover the DSPU.
Conditions: These symptoms are observed only in a small window condition when an IPL is performed on a host while DLUR is used.
Workaround: Stop and then restart the SNA switch.
•
Symptoms: A software-forced reload may occur on a router, and the following messages may be displayed:
System was restarted by error - a Software forced crash, PC 0x60396E7C at 4500 Software (C4500-A3JS-M), Version 12.2(8.1), MAINTENANCE INTERIM SOFTWARE Compiled (current version) Image text-base: 0x60008948, data-base: 0x61116000 Stack trace from system failure: FP: 0x618A8458, RA: 0x60396E7C FP: 0x618A8458, RA: 0x603952F4 FP: 0x618A8480, RA: 0x6039D584 FP: 0x618A84A0, RA: 0x603A0CC8 FP: 0x618A84C0, RA: 0x60398BDC FP: 0x618A8558, RA: 0x6037E1F0 FP: 0x618A85A0, RA: 0x6174B1F0Conditions: This symptom is observed on a Cisco 4500 router.
Workaround: There is no workaround.
•
Symptoms: The data terminal ready (DTR) signal in a serial connection does not pulse for the configured length of time when the pulse-time interface configuration command is configured and the interface is reset.
Conditions: This symptom is observed on a Cisco router that has a serial interface and that supports the pulse-time interface configuration command. When the pulse-time interface configuration command is not working properly, the Cisco router may lose the capability to resynchronize external encryption equipment, or to cause dial-on-demand equipment to hangup current calls.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 series may reload because of a bus error.
Conditions: This symptom is observed on a Cisco 7200 series that is running Cisco IOS Release 12.1(16) and that is configured for IP Security (IPSec) crypto.
Workaround: There is no workaround.
•
Symptoms: The ifIndex index is given as an index to the subinterface of the failing permanent virtual circuit (PVC) when the atmIntfPvcFailuresTrap notification is received.
Conditions: This symptom is observed on a Cisco 7200 series that is running Cisco IOS Release 12.1(5).
Workaround: Issue a Simple Network Management Protocol (SNMP) query on the atmCurrentlyFailingPVclTable table to identify the failing PVC.
•
Symptoms: Upstream control point-to-control point (CP-CP) sessions may flap and very high CPU utilization may occur on a Systems Network Architecture switching services (SNASw) router.
Conditions: This symptom is observed when two servers of a specific third- party vendor have the same logical unit (LU) name for a specific software application of the same third-party vendor. The symptom does not occur when other servers or other applications are used.
The SNASw router registers the LU under the first server. When the second server comes up, it sends a registry message to the SNASw router, specifying resource type end node control point (ENCP). The SNASw router replies with sense code 0x08890000 (LU-to-LU session sense code 0x1014023C). The second server then sends a second registry message to the SNASw router without including the duplicate LU name, but specifying in the resource type in control vector 3C that it is the network node control point (NNCP). Because the SNASw router does not expect a network node (NN) downstream, this second registry message causes the SNASw router to send an incorrect registry message to a virtual telecommunications access method (VTAM). The VTAM replies with sense code 0x08890100 and unbinds the CP-CP session.
The SNASw router then sends the incorrect registry message again, causing the CP-CP session to unbind again. This situation will repeat itself over and over again, causing very high CPU utilization in the SNASw router.
Reloading the SNASw router alleviates the situation, but only until the second server comes up again.
Workaround: There is no workaround. The duplicate LU name needs to be corrected in the servers of the third-party vendor.
•
Symptoms: As a dependent logical unit requester (DLUR), a Systems Network Architecture Switching Services (SNASw) switch must report all links to upstream nodes (end nodes or network nodes) in the initial topology database update (TDU) that it sends to the dependent logical unit sender (DLUS). Currently, the SNASw switch reports only uplinks to network nodes (NNs) and links to virtual routing nodes (VRNs). Links to upstream end nodes (ENs) must be included.
Conditions: This symptom is observed on an SNASw switch that is running Cisco IOS Release 12.2 T.
Workaround: Topology updates other than the initial TDU include ENs. Therefore, the link can be bounced to the EN to cause the DLUS to learn about the link after the initial topology has been reported.
•
Symptoms: Websites that require authentication may not be reachable.
Conditions: This symptom is observed when the content engine (CE) has the Authentication Bypass feature enabled and the CE is sending traffic (that the router has redirected to the CE) back to the router. When this behavior occurs, the router does not handle the authentication bypass return traffic correctly.
Workaround: Ensure that Cisco Express Forwarding (CEF) is enabled. If it is not possible to enable CEF, disable the bypass auth-traffic enable global configuration command on the CE.
•
Symptoms: The following error conditions may occur when an adjacent node connects to a Systems Network Architecture (SNA) switch:
–
–
–
If any of these errors occur, the SNA switch may not recover and all subsequent CP-CP session activations from that adjacent node may be rejected with a "08120010" sense code.
Conditions: This symptom occurs when an adjacent node generates one of the three errors that are specified in the symptoms statement above.
Workaround: Perform an initial program load (IPL) of the SNA switch.
•
Symptoms: The following error message may be displayed when a multilink interface is shut down:
CPUHOG. %SYS-3-CPUHOG: Task ran for 2480 msec (3/2), process = MultilinkConditions: This symptom is observed when the state of a multilink interface changes, such as when the multilink interface comes up or goes down.
Workaround: There is no workaround for the CPU hog condition. However, if any application or routing protocol is affected by this CPU hog condition in the form of timeouts, the timers for the application or routing protocol can be incremented to workaround the CPU hog condition.
•
Symptoms: A Systems Network Architecture Switching Services (SNASw) router may stop forwarding BIND and UNBIND requests.
Conditions: This symptom is observed after the SNASw router receives an activate logical unit (ACTLU) request that is forwarded to a downstream physical unit (DSPU). This symptom will occur if the DSPU sends the ACTLU response back to the SNASw router without setting the response bit in the SNA request and resources header (RH).
Workaround: Restart the SNASw router.
•
Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.
Cisco has made software available, free of charge, to correct the problem.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
•
Symptoms: A router may run out of crypto_epa_blk memory blocks. The router may prevent the further establishment of crypto connections and the reestablishment of existing connections that have timed out.
Conditions: These symptoms are observed on a Cisco router that is operating under stress conditions with Cisco Encryption Technology (CET) tunnels. These symptoms are specific to hardware Encryption Service Adapters (ESAs) and do not affect software crypto engines.
Workaround: Reboot the router.
•
Symptoms: An Encryption Service Adapter (ESA) card (hardware crypto accelerator) may run out of high memory area (HMA) memory blocks.
Conditions: This symptom is observed when there are repeated failed attempts to establish a Cisco Encryption Technology (CET) connection.
Workaround: Use software encryption.
Protocol Translation
•
Symptoms: A router may reload with a bus error at a null point.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.1(6) or Release 12.1(9) and that is configured for protocol translation.
Workaround: There is no workaround.
For further information about bus errors, refer to the Troubleshooting Bus Error Crashes document at the following location:
http://www.cisco.com/warp/public/122/crashes_buserror_troubleshooting.shtml
Wide-Area Networking
•
Symptoms: A Cisco 7200 series that is acting as a Layer 2 Tunneling Protocol (L2TP) network server (LNS) may reload with an error interrupt.
Conditions: This symptom is observed when the Cisco 7200 series is receiving malformed packets that have invalid payload data (such as User Datagram Protocol [UDP] packets).
Workaround: There is no workaround.
•
Symptoms: A router that is used as a Layer 2 Tunneling Protocol (L2TP) network server (LNS) may reload because of redzone I/O memory corruption.
Conditions: This symptom is observed on a Cisco router when the LNS receives PPP packets that have invalid lengths.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.1(18)
This section describes possibly unexpected behavior by Cisco IOS Release 12.1(18). All the caveats listed in this section are resolved in Cisco IOS Release 12.1(18). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms A router that is configured for TACACS+ may run out of memory because of a buffer leak in the middle buffer pool that is caused by TACACS+ packets. The occurrence of this symptom can be verified by entering the show buffers EXEC command or the show tcp brief all EXEC command on the router.
Conditions This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0(15).
Workaround Reload or power-cycle the router to free the buffers and memory.
•
Symptoms The cache error recover function (CERF) is disabled after a Cisco 7200 series router is reloaded. This symptom is observed after CERF is enabled, written into the startup configuration, and the router is reloaded.
The output of the show memory cache error-recovery EXEC command may indicate that the commands are disabled after the router is reloaded:
no memory cache error-recovery L3 data
no memory cache error-recovery options nvram-report
no memory cache error-recovery options parity-check
memory cache error-recovery options window 0
memory cache error-recovery options max-recoveries 0Conditions This symptom is observed on a Cisco 7200 series router that is using a Network Processing Engine (NPE-300) that has 32 MB of memory in the dual in-line memory module (DIMM2).
Workaround Install 64 MB of memory in the DIMM2.
•
Symptoms TACACS+ Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) authentication may reload.
Conditions This symptom is observed when an incorrect key is configured while the debug tacacs EXEC command is enabled.
Workaround Ensure that the correct key is configured or avoid enabling the debug tacacs EXEC command.
•
Symptoms If a short and nonspecific dnis-number is specified in the aaa dnis map dnis-number authorization network group server-group-name global configuration command to map a dialed number identification service (DNIS) number to a particular authentication, authorization, and accounting (AAA) server group after a longer dnis-number (that shares the same first digits with the short nonspecific dnis-number) has been previously configured by entering the same command, the aaa dnis map dnis-number authorization network group server-group-name global configuration command that has the short and nonspecific dnis-number may not work as expected.
Conditions This symptom is observed on a Cisco router that is running Cisco IOS Release 12.1, Release 12.2, or Release 12.2 T.
Workaround Enter the aaa dnis map dnis-number authorization network group server-group-name global configuration command that has the short and nonspecific dnis-number before entering the same command for the configuration that has the longer dnis-number.
IBM Connectivity
•
Symptoms Logical link control (LLC) circuits that are owned by an "active" data-link switching (DLSw) services Ethernet Redundancy (ER) router may be disconnected when service is restored on a failed DLSw ER router.
Conditions This symptom is observed in a failover scenario when DLSw ER is used on a router that is running Cisco IOS Release 12.2(10b). This symptom is observed only when the same MAC address is mapped to different Ethernet interfaces that are in different DLSw ER segments on two separate routers.
Workaround Map both of the MAC addresses on the same router to different Ethernet interfaces.
Interfaces and Bridging
•
Symptoms A single-port Fast Ethernet 100BASETX port adapter (PA-FE-TX) on a Cisco 7206VXR router that has a Network Processing Engine (NPE-300) may stop receiving burst traffic packets.
Conditions This symptom is observed on a PA-FE-TX of a Cisco 7206VXR that has an NPE-300.
Workaround This symptom can be cleared by entering the shutdown interface configuration command followed by the no shutdown interface configuration command on the PA-FE-TX interface.
•
Symptoms Packet drops may be observed.
Conditions This symptom is observed on a channelized T1 (CT1) interface between a provider edge router (PE) and a customer edge (CE) router.
Workaround There is no workaround.
•
Symptoms An Ethernet driver on an Ethernet interface may receive and forward packets that are not destined for itself.
Conditions This symptom is observed on an Ethernet interface that has the promiscuous mode enabled in a network that has multiple Hot Standby Router Protocol (HSRP) groups. This symptom is also observed when no transparent bridging is occurring.
Workaround There is no workaround.
•
Symptoms A router may reload after a channelized T3 (CT3) port adapter that is configured as part of a Multilink PPP (MLP) bundle is removed, and the MLP bundle interface is shut down.
Conditions This symptom is observed in a network in which two Cisco 7200 series routers are connected back-to-back via channelized T3 (CT3) port adapters. Channel groups are created and configured for MLP, and a bundle interface multilink is created on both of the routers in this setup.
Workaround There is no workaround.
•
Symptoms Open Shortest Path First (OSPF) multicast packets are not received on a 1-port Fast Ethernet 100BASE-TX port adapter (PA-FE-TX).
Conditions This symptom is observed on a PA-FE-TX port adapter on a Cisco 7500 router that is configured with OSPF. The PA-FE-TX does not receive OSPF multicast traffic because MAC multicast entries are not added to the MAC table.
Workaround There is no workaround.
IP Routing Protocols
•
Symptoms Enhanced Interior Gateway Routing Protocol (EIGRP) neighbors may be reset unnecessarily on an interface that is configured with summarization. The following output is displayed when this symptom occurs:
%DUAL-5-NBRCHANGE: IP-EIGRP 111: Neighbor 10.108.255.244 (FastEthernet4/0) is down: Summary up, remove external
%DUAL-5-NBRCHANGE: IP-EIGRP 111: Neighbor 10.108.255.245 (FastEthernet4/0) is down: Summary up, remove externalConditions The EIGRP neighbors are reset unnecessarily, and the summary is regenerated on an interface if all components of the summary are lost and at least one component is relearned.
Workaround Remove EIGRP summary statements from the interface.
Miscellaneous
•
Symptoms Committed Access Rate (CAR) limits do not function properly.
Conditions This symptom is observed when Cisco Express Forwarding (CEF) is enabled on a router. When CEF is disabled on a router, CAR limits function properly. (This configuration is not supported.) This behavior has been observed on routers that use the same interface for input and output traffic.
Workaround There is no workaround.
•
Symptoms If the write memory EXEC command is issued simultaneously with the show config privileged EXEC command or the show running-config EXEC command via two individual Telnet sessions by two different users, output similar to the following may be displayed:
bGc nx ^@^@^@^A^A^A^@^@^A^@^@^E^@^@^@^@^@^@^@^@^@^@^^@^@^@^@^@^@^@^A^@^@^@^@^@^@^@^@^ @^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^Conditions This symptom is observed on a Cisco 7500 router that is running Cisco IOS Release 12.1(10)E.
Workaround There is no workaround.
•
Symptoms Several "RX FIFO was stuck - forced to reset MAC" messages may be logged on the console of a router. This message is specific to port adapters and I/O cards that use a vendor-specific chipset.
Conditions This symptom is observed on a Cisco 7200 router that is operating in the normal mode. The following is a list of the affected port adapters and I/O cards:
–
–
–
–
Workaround There is no workaround.
•
Symptoms The Web Cache Communication Protocol (WCCP) stops on some VLANs.
Conditions This symptom is observed when Cisco Express Forwarding (CEF) is enabled on a Cisco 5000 series Route Switch Feature Card (RSFC). WCCP redirection does not occur on interfaces that have CEF enabled even if a WCCP redirect statement is present.
Workaround Disable CEF on interfaces that have a redirect statement. This workaround may impact the performance of the Cisco 5000 series and should be considered carefully before it is applied.
•
Symptoms If two active lines that are connected to ISDN BRI interfaces on a 4-port ISDN BRI network module (NM-4B-S/T) are unplugged simultaneously, one of the ISDN BRI interfaces may display the Layer 1 status as "DEACTIVATED" when the show isdn status EXEC command is entered.
Conditions This symptom is observed on a Cisco 2600 series router that has a NM-4B-S/T network module and that is running Cisco IOS Release 12.1(16).
Workaround Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the ISDN BRI interface that exhibits this symptom.
•
Symptoms A Systems Network Architecture Switching Services (SNASw) boundary function does not unbind a primary logical unit-secondary logical unit (PLU-SLU) session when a cold activate logical unit (ACTLU) response (RSP) is received. The PLU-SLU session on the downstream physical unit (DSPU) cannot be restarted because the virtual telecommunications access method (VTAM) and SNASw are not in agreement about the state of the PLU-SLU session with the DSPU.
Conditions This symptom is observed on a SNASw switch. When a DSPU sends a cold ACTLU RSP to a dependent logical unit requester (DLUR), it indicates that a PLU-SLU session is over and the cold ACTLU response should not be used.
Workaround Restart SNASw or the DSPU.
•
Symptoms Physical units remain in the Pend Activate Physical Unit (ACTPU) state, and the show snasw pu EXEC command shows several downstream physical units (DSPUs) that have the same IDBLK/IDNUM physical unit identifier. The virtual telecommunications access method (VTAM) may be slow to send a response to the Request Activate Physical Unit (REQACTPU), and the DSPU disconnects and reconnects before the response arrives from VTAM. When the DSPU reconnects, Systems Network Architecture (SNA) Switching Services (SNASw) may treat the DSPU as a new DSPU. When VTAM sends the REQACTPU, SNASw may assume that there are two DSPUs with the same name and rejects the request with a 082C 002 sense code.
Conditions This symptom is observed when the user is waiting for the REQACTPU from the VTAM.
Workaround There is no workaround.
•
Symptoms A Cisco 3662-AC versatile multiservice access platform returns a MIB value of "c3660(92)" for the chassis type in the OLD-CISCO-CHASSIS-MIB. The "3660(92)" chassis type is not recognized in the Cisco Element Management Framework (CEMF), and the chassis is not recognized and cannot be deployed using CEMF.
Conditions This symptom is observed on a Cisco 3662-AC that is running Cisco IOS Release 12.1(16).
Workaround There is no workaround.
•
Symptoms An interface on a 2-port Fast Ethernet port adapter (PA-2FE) may stop transmitting if this interface or the other interface on the same port adapter goes down or flaps under a heavy traffic load. The interface that stops transmitting may display the following messages:
%RSP-3-RESTART: interface FastEthernet3/0/0, not transmitting %RSP-3-RESTART: interface FastEthernet3/0/0, output frozen %RSP-3-RESTART: cbus complexConditions This symptom is observed on the 2-port Fast Ethernet port adapter (PA-2FE) on a Cisco 7500 series Versatile Interface Processor 4 (VIP4) that is configured with Fast Ether Channel (FEC). This symptom is observed when the port adapter is carrying a heavy traffic load and when part of the traffic is originating from a port adapter (PA-A3) that is located on the same VIP.
Workaround There is no workaround.
•
Symptoms Packets that are switched from an incoming X.21 interface to an E1 channelized interface may not be sent. Packets that are switched the other way around from an E1 channelized interface to an X.21 interface are sent.
Conditions This symptom is observed on a Cisco 7200 series router.
Workaround There is no workaround.
•
Symptoms A loss of connectivity may be observed on an RSETUP High-Performance Routing (HPR) pipe to a vendor-specific open systems adapter.
Conditions This symptom is observed in a network in which Systems Network Architecture (SNA) switch routers are connected to Catalyst 6500 series switches via Fast Ethernet ports. The SNA switch routers are connected to the vendor-specific open systems adapter via an enterprise extender.
The virtual telecommunications access method (VTAM) on the vendor-specific open systems adapter terminates the pipe, but the SNA switch does not terminate the pipe. This behavior causes the pipe to enter into an invalid state and prevents anything that is sent over it from making it to the VTAM. Consequently, session setup requests will hang.
Workaround There is no workaround.
Novell IPX, XNS, and Apollo Domain
•
Symptoms On a router, the following message is displayed:
%IPX-3-TOOMANYNETS: Too many networksConditions This symptom is observed if the number of interfaces that are running the Internetwork Packet Exchange (IPX) protocol exceeds 200. This combination may include a variety of interfaces that are running the Routing Information Protocol (RIP), the Enhanced Interior Gateway Routing Protocol (EIGRP), or the NetWare Link Services Protocol (NLSP). However, if an interface is running both RIP and EIGRP simultaneously, it is considered to be running two protocols instead of one. This means that the 200 limit would be reached if there are 100 interfaces running both RIP and EIGRP.
Workaround On an interface that is running both EIGRP and RIP, remove either one of the two protocols. Enter the no network network-number DHCP pool configuration command immediately after the ipx router rip global configuration command in the startup-config file of the router where the interface is installed.
TCP/IP Host-Mode Services
•
Symptoms When two Cisco routers are running data-link switching (DLSw) and are peered to the same 190 remote sites over a Frame Relay network through a High-Speed Serial Interface (HSSI), about 80 of the 190 DLSw peers disconnect and reconnect at irregular intervals.
Some peers stay up for several hours, while others disconnect and reconnect frequently. The DLSw peers are disconnecting because the TCP stack has reached its retransmit threshold. When this condition occurs, extended pings (pings that are sourced by the IP address of the DLSw peer) to the IP address of the remote DLSw peer that is experiencing connectivity issues are consistently successful.
During successive retransmission timeout, the timer receives a negative timeout value. This situation causes the packets to be on the retransmit queue for as long as the new round-trip timeout (KRTT [using the Karn algorithm]) value even though the packets have been acknowledged.
If TCP transaction debugging is enabled, the following error message is displayed when this symptom occurs:
Received a negative sleep value:<value>Conditions This symptom is observed in a configuration in which two Cisco 7507 routers are running Cisco IOS Release 12.1(13). Each Cisco 7507 router has a Channel Interface Processor 2 (CIP 2) that is connected to a mainframe. This symptom may also be observed on Cisco 3600 series, Cisco 4700 series, or Cisco 7200 series routers. This symptom is observed only on Cisco IOS releases that contain the fix for CSCdu18397 but not the fix for CSCdw58350.
Workaround Use a Cisco IOS release such as Cisco IOS Release 12.2(10b).
Wide-Area Networking
•
Symptoms A universal access server may reload because of a memory corruption.
Conditions This symptom is observed on a Cisco AS5300 universal access server that is running Cisco IOS Release 12.1, Release 12.2, or Release 12.2(2)XB. The memory corruption occurs only on a virtual private dial-up network (VPDN) network access server (NAS) when Layer 2 Forwarding (L2F)-encapsulated IP packets are reencapsulated in another L2F tunnel (VPDN packets that are switched using the Stack Group Bidding Protocol (SGBP) in a multichassis-Multilink PPP [MLP] environment).
Workaround Use the sgbp protocol l2tp global configuration command to configure the router to use the Layer 2 Tunneling Protocol (L2TP) as the encapsulation protocol for packets that are forwarded by SGBP.
Resolved Caveats—Cisco IOS Release 12.1(17)
This section describes possibly unexpected behavior by Cisco IOS Release 12.1(17). All the caveats listed in this section are resolved in Cisco IOS Release 12.1(17). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms A Cisco 7200 series router reloads because of a bus error, a watchdog timeout, or an unspecified error (that is, no reload error message is provided).
Conditions This symptom is observed on a Cisco 7200 series router that is configured with a Network Processing Engine 200 (NPE-200), a PA-A1 port adapter, and a PA-FE port adapter when a medium to high traffic load occurs and the traffic load consists of large packet sizes.
Workaround options
–
–
–
•
Symptoms A CPU hog condition may be observed on a router, and the router may reload.
Conditions These symptoms are observed on a Cisco router that is running Cisco IOS Release 12.1 and that has several thousands of logical entities configured, when the snmp-server community global configuration command is executed.
Workaround There is no workaround.
•
Symptoms Simple Network Management Protocol (SNMP) version 2c security-to-group mappings may remain after an SNMP community is deleted.
Conditions This symptom is observed on a Catalyst 6000 series switch that is running Cisco IOS Release 12.1(3).
Workaround Delete the stale mapping using SNMP.
IBM Connectivity
•
Symptoms A router may reload when the dlsw transparent redundancy-enable interface configuration command is removed from and reapplied to the Ethernet interface.
Conditions This symptom is observed when the dlsw transparent redundancy-enable interface configuration command is removed from and reapplied to the Ethernet interface on a Cisco router that is using data-link switching (DLSw) Ethernet redundancy while there may be multiple circuits between the same pair of MAC addresses that are on different service access points (SAPs).
Workaround Use DLSw with transparent bridging instead of using the DLSw Ethernet redundancy feature.
•
Symptoms Cisco Express Forwarding (CEF) does not route packets to a Channel Interface Processor (CIP) Common Link Access for Workstations (CLAW) backup host.
Conditions This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.1(15). The CIP in the setup is configured using CLAW backup.
This symptom does not occur when there is an active CLAW connection to the primary host; rather, occurs when there is an active CLAW connection to the backup host. IP connectivity to the host IP address fails when an attempt is made to traverse an ingress interface that has CEF enabled. Full IP connectivity is restored if CEF is disabled on the ingress interface. The host IP address can be pinged from the CIP router but not from another device that is attached to an interface on the CIP router that has CEF enabled.
Workaround Disable CEF by entering the no ip route-cache cef global configuration command on the ingress interface.
•
Symptoms A Synchronous Data Link Control (SDLC) session enters the down state (no response and no polling) after an I-Frame is sent. SDLC sessions pause indefinitely if the simultaneous keyword is used in the interface configuration for the serial SDLC interface. No polling is observed when this symptom occurs.
Conditions This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(10).
Workaround Do not use the simultaneous keyword in the configuration of the SDLC serial interface.
•
Symptoms A router may unexpectedly remove unrelated data-link switching (DLSw) circuits on other serial interfaces.
Conditions This symptom is observed on a router that is using DLSw with Synchronous Data Link Control (SDLC) on attached serial interface controllers.
Workaround There is no workaround.
Interfaces and Bridging
•
Symptoms A Versatile Interface Processor (VIP) may reload because of an error at the ct3sw_check_tx process.
Conditions This symptom is observed on a Cisco 7000 series VIP that is running Cisco IOS Release 12.0(16)S4.
Workaround There is no workaround.
•
Symptoms An autoinstall feature may not function properly.
Conditions This symptom is observed when a Cisco 7204VXR router is autoinstalled with a T3 connection.
Workaround There is no workaround.
•
Symptoms A single-port Fast Ethernet 100BASE-TX port adapter (PA-FE-TX) on a Cisco 7206VXR router that has a Network Processing Engine (NPE-300) may stop receiving burst traffic packets.
Conditions This symptom is observed on a PA-FE-TX on a Cisco 7206VXR that has a Network Processing Engine (NPE-300).
Workaround This symptom can be cleared by entering the shutdown interface configuration command followed by the no shutdown interface configuration command on the PA-FE-TX interface.
•
Symptoms The following error message may be displayed on a router when a Cisco IOS software upgrade is performed:
%SYS-6-STACKLOW: Stack for process ATM PA Helper running low, 0/3000Conditions This symptom is observed on a Cisco 7500 series router when the Cisco IOS software is upgraded from Cisco IOS Release 12.0(7)T to Release 12.1(14).
Workaround There is no workaround.
•
Symptoms A router that is configured with a multichannel port adapter reloads because of a bus error exception.
Conditions This symptom is observed when link flaps occur or interfaces are reset on a router that is configured with PA-MC-T1, PA-MC-E1, PA-MC-E3, or PA- MCX port adapters.
Workaround There is no workaround.
•
Symptoms An Ethernet driver on an Ethernet interface may receive and forward packets that are not destined for itself.
Conditions This symptom is observed on an Ethernet interface that has the promiscuous mode enabled in a network that has multiple Hot Standby Router Protocol (HSRP) groups. This symptom is also observed when no transparent bridging is occurring.
Workaround There is no workaround.
•
Symptoms A router may reload after a channelized T3 (CT3) port adapter that is configured as part of a Multilink PPP (MLP) bundle is removed, and the MLP bundle interface is shut down.
Conditions This symptom is observed in a network in which two Cisco 7200 series routers are connected back-to-back via channelized T3 (CT3) port adapters. Channel groups are created and configured for MLP, and a bundle interface multilink is created on both of the routers in this setup.
Workaround There is no workaround.
•
Symptoms Open Shortest Path First (OSPF) multicast packets are not received on a 1-port Fast Ethernet 100BASETx port adapter (PA-FE-TX).
Conditions This symptom is observed on a PA-FE-TX port adapter on a Cisco 7500 series router that has OSPF configured. The PA-FE-TX does not receive OSPF multicast traffic because MAC multicast entries are not added to the MAC table.
Workaround There is no workaround.
IP Routing Protocols
•
Symptoms An Address Resolution Protocol (ARP) entry is not removed if the no arp ip-address mac-address global configuration command is issued. The MAC address of the Ethernet interface that has the IP address may be changed.
Conditions This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(7a).
Workaround Enter the clear arp EXEC command after removing a static ARP entry.
•
Symptoms A high CPU utilization condition may be observed on a router.
Conditions This symptom is observed on a Cisco router that is running the Enhanced Interior Gateway Routing Protocol (EIGRP) and that is running Cisco IOS Release 12.1(13). The high CPU utilization condition may trigger other symptoms such as the loss of EIGRP neighbor relations on the router. This symptom may rectify itself without any user intervention.
Workaround There is no workaround.
Miscellaneous
•
Symptoms On a router that has static Address Resolution Protocol (ARP) entries configured, the router may fail to use the static ARP entries immediately.
Conditions This symptom is observed on a Cisco router if CEF is enabled manually or if the router is reloaded with Cisco Express Forwarding (CEF) enabled.
Workaround Disable CEF on the router by entering the no ip cef global configuration command.
•
Symptoms A router may stop sending traffic if the microcode is reloaded while the router is forwarding traffic.
Conditions This symptom is observed on a Cisco 7500 series Versatile Interface Processor (VIP4) that has a 2-port Fast Ethernet port adapter (PA-2FE). This symptom can be resolved temporarily by entering the shutdown interface configuration command followed by the no shutdown interface configuration command on the PA-2FE interface.
Workaround Reload the microcode while there is no egress traffic on the router.
•
Symptoms The E1 controller displays inaccurate statistics after the show controllers [e1 | t1] EXEC command is issued. The following command output shows that the elapsed seconds and the unavailable counters are do not advance:
Timestamp - 00:00 E1 3/4 is up. Applique type is Channelized E1 - balanced Framing is UNFRAMED, Line Code is HDB3, Clock Source is Line. 0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 270 Unavail Secs 0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 86400 Unavail Secs
Timestamp - 01:50 E1 3/4 is up. Applique type is Channelized E1 - balanced Framing is UNFRAMED, Line Code is HDB3, Clock Source is Line. 0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 270 Unavail Secs 0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 86400 Unavail SecsConditions This symptom is observed when an E1 controller is configured for unframed operations using the controller {t1 | e1} slot/port channel-group 0 unframed command. The counters are correct when the controller is configured for a Frame Relay operation (CRC-4 or No-CRC4).
Workaround There is no workaround.
•
Symptoms A router may reload with the following error message: System was restarted by bus error at:
PC 0x60A9DBF8, address 0xD0D0D2D at Image text-base: 0x60008950, data-base: 0x61542000 0x60A9DBF8 x60A9DF38 0x60A8AC18 0x60A8B1D8 0x60A8B374 0x603FC5B4 0x603FC5A0Conditions This symptom is observed on a Cisco 7140 router that is running the c7100-io3s-mz.121-12 image of Cisco IOS Release 12.1(12).
Workaround There is no workaround.
•
Symptoms Modem ISDN channel aggregation (MICA) technologies modules may become bad and later recover without either the use of modem recovery or any user intervention.
Conditions This symptom occurs under normal conditions in which calls are received and disconnected at a regular 30-minute intervals.
Workaround There is no workaround.
•
Symptoms A Versatile Interface Processor (VIP4-80) may reload with a bus error when distributed Multilink PPP (dMLP) is configured.
Conditions This symptom occurs when traffic is passed through the dMLP bundle and occurs just after the interface comes up. This symptom is specific to the dMLP feature and will occur only if dMLP is configured on a platform. The dMLP feature is independent of other features and does not affect other features.
Workaround There is workaround.
•
Symptoms The first information frame of the user logical unit-logical unit (LU-LU) session is sent with both the source MAC address and the destination MAC address in the non-canonical (Token Ring) format.
Conditions This symptom is observed if Systems Network Architecture Switching Services (SNASw) is configured with High Performance Routing (HPR) Logical Link Control (LLC1) frame over data-link switching (DLSw) for the uplinks and Ethernet is used for the downstream connection. This symptom will occur regardless of whether the downstream port uses the address of the Ethernet interface or the address of the Hot Standby Router Protocol (HSRP) interface. This symptom does not occur if the downstream port is a Token Ring, virtual Token Ring, or a virtual data-link control (VDLC) port. This symptom does not occur if the uplink uses LLC2 port definition.
Workaround There is no workaround.
•
Symptoms A physical unit (PU) that is connected downstream to a Systems Network Architecture Switching Services (SNASw) router may enter the reset state when another PU connects to it using the same cpname and same IDBLK/IDNUM physical unit identifier. The reset state of the PU is indicated in the output of the show snasw pu EXEC command. The problem determination log (PDLOG) will display an "invalid internal state detected" message when this symptom occurs.
Conditions This symptom is observed on a Cisco router. The SNASw router has to be restarted to clear this symptom.
Workaround Use the dyncplen connection type.
•
Symptoms Sessions that have a destination logical unit that is a low entry networking (LEN) control point (CP) downstream from a Systems Network Architecture Switching Services (SNASw) branch network node (BrNN) may fail with a sense code of 087D0001. The LEN CP does not show up in the directory database on the host network node server or on the BrNN.
Conditions This symptom is observed on a SNASw switch.
Workaround Add a location statement for the LEN CP to the SNASw configuration.
•
Symptoms A Systems Network Architecture Switching Services (SNASw) boundary function does not unbind a primary logical unit-secondary logical unit (PLU-SLU) session when a cold activate logical unit (ACTLU) response (RSP) is received. The PLU-SLU session on the downstream physical unit (DSPU) cannot be restarted because the virtual telecommunications access method (VTAM) and SNASw are not in agreement about the state of the PLU-SLU session with the DSPU.
Conditions This symptom is observed on a SNASw switch. When an old Downstream Physical Unit (DSPU) sends a cold ACTLU RSP to a dependent logical unit requester (DLUR), it indicates that a PLU-SLU session is over and the cold ACTLU response should not be used.
Workaround Restart SNASw or the DSPU.
•
Symptoms A Cisco 3662-AC versatile multiservice access platform returns a MIB value of "c3660(92)" for the chassis type in the OLD-CISCO-CHASSIS-MIB. The "3660(92)" chassis type is not recognized in the Cisco Element Management Framework (CEMF), and the chassis is not recognized and cannot be deployed using CEMF.
Conditions This symptom is observed on a Cisco 3662-AC that is running Cisco IOS Release 12.1(16).
Workaround There is no workaround.
•
Symptoms A back-to-back ping for multilink fails.
Conditions This symptom is observed when you have the multilink min- links links command configured on the multilink interface.
Workaround Enter the shutdown interface configuration command on the multilink interface, wait for the multilink and the member links to go down, and enter the no shutdown interface configuration command on the multilink interface. After the multilink comes up, the back-to-back ping for multilink will work.
•
Symptoms Pings cannot be sent between routers.
Conditions This symptom is observed when a ping is sent from a customer edge (CE) router to another CE router via a provider edge (PE) router. This symptom occurs if the routers are configured using scripts.
Workaround There is no workaround.
•
Symptoms When member links are removed from a multilink bundle (M2) and configured as members of another multilink bundle (M5), the M5 multilink bundle does not come up.
Conditions This symptom is observed only with the distributed Multilink PPP (MLP) feature when a member link is reconfigured to be a member link of another multilink bundle. This symptom is observed only on Cisco 7500 series and Cisco 7600 series routers.
Workaround There is no workaround.
•
Symptoms A FlexWAN module may reload if the member link of a multilink bundle is removed by entering the no channel-group interface configuration command.
Conditions This symptom is observed on a Cisco 7600 series router that has a FlexWAN module when distributed Multilink PPP (MLP) is configured.
Workaround Do not remove the member link using the no channel-group interface configuration command when the member link is in the UP state. Instead shutdown the member link first, remove the multilink configuration for the member link, and remove the member link by entering the no channel-group interface configuration command.
TCP/IP Host-Mode Services
•
Symptoms TCP processing fails in the data repacketized process and creates inaccurate packets. A data-link switching (DLSw) circuit disconnects suddenly, and the following error message is displayed if you enter the debug dlsw core command on one for the DLSw routers:
DLSW: Invalid dlsw version 78The number 78 is an example and may be any other number.
Conditions These symptoms are observed during an attempted TCP retransmission of a message and TCP data packet reconstruction on a DLSw router.
Workaround There is no workaround.
•
Symptoms A memory leak may occur on a router after TCP-to-X.25 translation is configured.
Conditions This symptom is observed if a user attempts to use TCP-to-X.25 translation while a router is already performing translation for the maximum number of configured users. The additional user will not be able to use translation, and the router will leak memory.
Workaround There is no workaround.
Wide-Area Networking
•
Symptoms Inbound data packets that are reassembled from multilink fragments may not be processed properly on Multilink PPP (MLP) interfaces that are receiving encrypted IP Security (IPSec) traffic that is terminated locally when a hardware accelerator is used for decryption.
Conditions This symptom affects all inbound reassembled data frames that are received by the bundle and not just those data frames that are carrying encrypted IP datagrams. Most significantly, inbound Internet Security Association and Key Management Protocol (ISAKMP) keepalives are not processed, leading to the eventual failures of the associated IPSec sessions.
The IPSec sessions are reestablished after each failure, but traffic drops will occur until the session is renegotiated via the Internet Key Exchange (IKE). Thus, the observable symptoms are an intermittent failure of IPSec sessions combined with high loss rates in the encrypted data traffic.
Workaround Disable hardware crypto acceleration, and use software crypto acceleration instead.
•
Symptoms The Layer 2 Tunneling Protocol (L2TP) network server (LNS) reloads after the L2TP access concentrator (LAC) sends a Call Disconnect Notification (CDN).
Conditions This symptom is observed on an LNS that is configured to call back the dial-in user when the string that is sent by the LNS during a callback is the correct string, but the LAC uses a different string to dial out.
Workaround There is no workaround.
•
Symptoms Calls that have unsupported traffic parameters are released when a Cisco router is running User-to-Network Interface (UNI) version 4.0 software with a vendor-specific switch.
Conditions This symptom is observed when a Cisco router is connected to a vendor-specific switch and if the router is configured to operate UNI version 4.0 software across the unnegotiated router-switch link. The calls are released by the Cisco router if any traffic parameter is modified on the unnegotiated link.
Workaround Use UNI version 3.1.
Resolved Caveats—Cisco IOS Release 12.1(16)
This section describes possibly unexpected behavior by Cisco IOS Release 12.1(16). All the caveats listed in this section are resolved in Cisco IOS Release 12.1(16). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms A router may reload with a bus error.
Conditions This symptom is observed on a Cisco router that is running Cisco IOS Release 11.2(18)P, 12.0(10), 12.0(5)XK1, 12.1(3)T, or 12.1(4).
Workaround There is no workaround.
•
Symptoms A router may reload after the frame-relay payload-compress frf9 stac interface configuration command is configured on a port adapter interface.
Conditions This symptom is observed on a Cisco 7500 router that has a 4-port serial port adapter (PA-4T+) and that is running the Route Switch Processor (RSP) software RSP-ISV-M of Cisco IOS Release 12.1(10)E. This symptom does not occur if a Fast Serial Interface Processor (FSIP) is used.
Workaround Use a FSIP or enter the frame-relay payload-compression frf9 stac software interface configuration command on the serial port adapter interface.
•
Symptoms A router may reload when the Simple Network Management Protocol (SNMP) is used to set the smonVlanIdStatsTable element.
Conditions This symptom is observed on a Cisco router only when the 64-bit counter is set to certain values.
Workaround Disable SNMP.
•
Symptoms An ISDN interface may remain in the "ESTABLISH_AWAITING_TEI" state.
Conditions This symptom is observed on a Cisco 1604 router that has a BRI (U) interface. The BRI U interface will not come up nor will it pass any traffic.
Workaround There is no workaround.
•
Symptoms Service Assurance Agent (SAA) latency measurements may show unrealistic spikes.
Conditions This symptom is observed on a Cisco router when the Border Gateway Protocol (BGP) is operating at moderate to full capacity.
Workaround Enable the rtr responder global configuration command on the remote Cisco router and use the jitter probe.
•
Symptoms Packets may be dropped on a Fast Ethernet port.
Conditions This symptom is observed on a Fast Ethernet port that is installed on a Catalyst 6000 switch that is running Cisco IOS Release 12.1 and that is connected to the Internet. This symptom does not occur when NetFlow is enabled on a Gigabit Ethernet interface. In the affected setup, a Content Switching Module (CSM) that is on the Catalyst 6000 is used to perform Network Address Translation (NAT). This symptom may affect only traffic that is sent through the CSM for NAT when NetFlow is enabled.
Workaround Disable Cisco Express Forwarding (CEF) on the interface that has the ip route-cache flow interface configuration command and the ip nat outside interface configuration command configured. Packets are not dropped when fast switching is used; therefore, fast switching may be used in place of CEF.
IBM Connectivity
•
Symptoms A small buffer leak may occur on a router.
Conditions This symptom is observed on a Cisco router that is running data-link switching (DLSw) local conversion from Synchronous Data Link Control (SDLC) to Logical Link Control, type 2 (LLC2). This condition was seen on a router only when several multidropped SDLC controllers were configured.
Workaround Ensure that there are no Physical Unit 2.1 type (PU 2.1) devices that have an exchange identification (XID) configured but that are not installed. If a specific controller is not installed, remove the configuration for the controller from the router.
•
Symptoms A router may reload and display the following error message:
%SYS-2-MALLOCFAIL: Memory allocation of 140 bytes failed from 0x602EAAA4, alignment 0 Pool: Processor Free: 0 Cause: Not enough free memoryConditions These symptoms are observed on a Cisco router that is running Cisco IOS Release 11.2(18)P but has recently been upgraded to Cisco IOS Release 12.1 (12b).
Workaround Reload the router.
•
Symptoms A software-forced reload may occur on a router.
Conditions This symptom is observed on a Cisco 7200 router and is specific to a configuration in which a central router that is running data-link switching plus (DLSw+) is receiving a unnumbered information frame (UI-frame) such as destination service access point (DSAP) AA or source service access point (SSAP) AA from a DLSw+ remote peer. The reload occurs under certain conditions such as when the central router is computing an internal variable incorrectly. The occurrence of this symptom is specific to a DLSw+ configuration.
Workaround Configure the dlsw icannotreach saps aa global configuration command on the central DLSw+ router. This command will eliminate UI-frames on service access points (SAPs) AA from the DLSW network.
Interfaces and Bridging
•
Symptoms An IP ping does not go through on the bridging and the bridging-to-routing path.
Conditions This symptom is observed in an integrated routing and bridging (IRB) environment. Pings can be sent through the routing and the routing-to-bridging path, but pings cannot be sent through on the bridging and the bridging-to-routing path.
Workaround There is no workaround.
•
Symptoms A router may reload immediately after the card type is configured for a port adapter.
Conditions This symptom is observed on a Cisco 7500 series router that has an 8-port channelized T1/E1 PRI, 256-channel port adapter.
The Cisco 7500 reloads if an online insertion and removal (OIR) is performed on the Versatile Interface Processor (VIP) on which the port adapter is installed after the card type is configured on the port adapter.
Workaround There is no workaround.
IP Routing Protocols
•
Symptoms CPU utilization on a router may reach 100 percent.
Conditions This symptom is observed on a Cisco router that is running Cisco IOS Release 12.1 when Network Address Translation (NAT) is configured and there are 7000 NAT entries at 3 packets per second (pps).
Workaround Use Cisco IOS Release 12.2.
•
Symptoms A switch feature card may reload with a bus error.
Conditions This symptom is observed when a link-state advertisement (LSA) that has an incontiguous mask is sent to a Catalyst 6000 switch that has a Multi-layer Switch Feature Card 2 (MSFC2). The MSFC2 reloads with a bus error in the Not-So-Stubby Area (NSSA) of the Open Shortest Path First (OSPF) code.
Workaround Avoid sending LSAs that have an illegal mask to the Catalyst 6000.
Miscellaneous
•
Symptoms Opening the port configuration (port > Configure > Interface) shows all fields as "N/A" or as having incorrect values. Also, port > Monitor > Interface charts do not get updated and show errors in the status bar.
Conditions These symptoms are observed in CiscoView on a MultiChannel DS3 port adapter in the WS-X6182-PA module.
Workaround There is no workaround.
•
Symptoms A bus error may cause a router to be returned to the ROM mode.
Conditions This symptom is observed on a Cisco 7204VXR router that is running Cisco IOS Release 12.1(7). The Cisco 7204VXR returns to the ROM mode if the snasw dump all privileged EXEC command (or the snasw dump summary-ipstrace privileged EXEC command) and the snasw stop privileged EXEC command are entered simultaneously on the router.
Workaround There is no workaround.
•
Symptoms The error message "%TRUNK-3-HBEAT: No longer receiving heartbeats from framer CPU" may be displayed.
Conditions This symptom is observed on a Cisco AS5800.
Workaround Use the firmware that is compiled using the version 96q1 compiler.
•
Symptoms A memory leak may occur on a router.
Conditions This symptom is observed on a Cisco router that is running Cisco IOS Release 12.1(8). The symptom occurs at the "logger" process. There is also increased utilization in the "tty background" process. This is seen when the show process cpu EXEC command is issued.
Workaround Disable "logging synchronous" on the vty, aux, and console ports by entering the no logging synchronous line configuration command.
•
Symptoms A router may reload with a RedZone violation error.
Conditions This symptom is observed on a Cisco 2500 router that is running Cisco IOS Release 12.2(6.8)T when a large packet is received on the BRI interface. This symptom typically occurs when an ISDN call is terminated.
Workaround There is no workaround.
•
Symptoms A router configured with GRE tunnels may pause indefinitely and continuously scroll the following messages on the console:
%SYS-2-NOTQ: unqueue didnÃŒt find 0 in queue 62360144 -Process= "<interrupt level>", ipl= 1 -Traceback= 60538810 60536468 60536468 6015DB10 60431D64 60433D04 60433DC8 %SYS-2-BADSHARE: Bad refcount in retparticle, ptr=0, count=0 -Traceback= 60672220 60538818 60536468 60536468 6015DB10 60431D64 60433D04 60433 DC8Conditions The conditions under which these symptoms occur are not known at this time.
Workaround There is no workaround.
•
Symptoms Packets on a Versatile Interface Processor (VIP) are dropped.
Conditions This symptom is observed on a Cisco 7500 series router that is configured as a provider edge router in a Multiprotocol Label Switching (MPLS) virtual private network (VPN) switching environment when there are no distributed Cisco Express Forwarding (dCEF) entries for the remote virtual private network routing and forwarding (VRF) route.
This symptom occurs if a VRF is deleted after dCEF and the Border Gateway Protocol (BGP) are disabled from any previous MPLS VPN configuration.
Workaround Disable and reenable distributed dCEF by issuing the no ip cef distributed global configuration command followed by the ip cef distributed global configuration command on the Cisco 7500 series router. End-to-end connectivity is restored after this workaround is performed.
•
Symptoms A High-Speed Serial Interface (HSSI) logical DTE may not recover automatically from a HSSI cable fault. The transmission data light on the HSSI DTE may be unlit when this symptom occurs. The HSSI DTE may appear to be transmitting Local Management Interface (LMI) enquiries, but no LMI updates are received from the Frame Relay switch. Command output from the debug frame-relay lmi EXEC command may indicate that LMI inquiries are sent out from the router but the interface is not receiving any LMI updates from the Frame Relay switch.
Conditions This symptom is observed on a HSSI on a router if the HSSI cable between the CSU and the HSSI interface is unplugged and then plugged back in after the HSSI interface is declared to be in the down state.
Workaround Issue the clear interface hssi EXEC command on the logical HSSI DTE.
Alternate Workaround Issue the shutdown interface configuration command followed by the no shutdown interface configuration command on the logical HSSI DTE.
•
Symptoms A router may log the following error message:
%CALL_MGMT-1-CPM_Q_POOL: Cannot get memory for process watched queue entryCPU utilization is consumed by the call management process and may increase to 99 percent.
Conditions This symptom is observed on a Cisco 3620 router that is configured for analog modem calls.
Workaround There is no workaround.
•
Symptoms A universal access server may reload.
Conditions This symptom is observed on a Cisco AS5800 universal access server after trunk card configuration commands are issued.
Workaround There is no workaround.
•
Symptoms On a router the Versatile Interface Processor (VIP) cards may run out of processor memory very quickly.
Conditions This symptom is observed on a Cisco router that is running Cisco IOS Release 12.1(12) and that has the ip inspect interface configuration command and distributed Cisco Express Forwarding (dCEF) configured. This symptom occurs because of a memory leak at the CEF interprocess communication (IPC) background process.
Workaround Disable the ip inspect interface configuration command.
•
Symptoms Active reverse Telnet sessions on a preconfigured port on a network module may stop transmitting data if the physical-layer async interface configuration command is configured on another port.
Conditions This symptom is observed on an 8-port asynchronous/synchronous network module (NM-8A/S) that has the physical-layer async interface configuration command configured on one port.
Workaround Do not configure the physical-layer async interface configuration command on a port if any of the ports on the network module has an active session. Clear the active lines before configuring the physical-layer async interface configuration command. Alternatively, the router can be reloaded after the command is configured.
•
Symptoms A Systems Network Architecture Switching (SNASw) router may reload in the routine ntl_avl_rotate_right. Traceback contains the following message:
0x6104B57C:nba_mmcpu_compare_proc_type(0x6104b578)+0x4 0x61143930:ntl_avl_find (0x611438f8)+0x38 0x6104B00C:nba_update_mm_stats(0x6104af6c)+0xa0 0x611472B8:nba_mm_free(0x61147294)+0x24 0x61144F98:nba_free_buffer(0x61144f00) +0x98 0x61147C2C:nba_send_ips(0x61147a78)+0x1b4 0x61140888:nbm_free_buffer (0x61140818)+0x70 0x61147C3C:nba_send_ips(0x61147a78)+0x1c4Conditions This symptom is observed when two downstream Low Entry Nodes (LEN) send Berkeley Internet Name Domains (BINDs) with the same Procedure Correlation Identifier (PCID) correlator at the same time. This situation should be a very rare occurrence, but some devices may use a random number when generating PCID correlators.
Workaround There is no workaround.
•
Symptoms Large packets cannot be passed on a router that has a High-Speed Serial Interface (HSSI) module.
Conditions This symptom is observed on an HSSI network module that is installed on a Cisco 3600 router that is running Cisco IOS Release 12.2(10) or Release 12.2(10.3)T. This symptom is observed only when large packets are sent.
Workaround Issue the mtu 1019 interface configuration command to set the maximum transmission unit (MTU) size of the HSSI interface to 1019 bytes. This workaround may not work in all cases.
•
Symptoms A Systems Network Architecture Switching Services (SNASw) router that is configured with a downstream port of conntype=len incorrectly advertises itself as nodetype=NN in the exchange identification (XID) exchange.
Conditions This symptom is observed on SNASW routers that are running Cisco IOS Release 12.0 T, 12.1 and 12.2.
Workaround There is no workaround.
•
Symptoms A Systems Network Architecture Switching Services (SNASw) dependent logical unit requester (DLUR) router cannot activate the pipe between the DLUR and the dependent logical unit server (DLUS). The following message may be displayed on the router:
**** 00001202 - EXCEPTION 512:492 (0) **** Locate search failed: search error Sense code = 0x08900060 Origin CP name = XXXXXXXX.XXXXXX Origin LU name = XXXXXXXX.XXXXXX Destination LU name = YYYYYYYY.YYYYYYConditions This symptom is observed on an SNASw router that is running Cisco IOS Release 12.2(6).
Workaround Restart the SNASw protocol by issuing the snasw stop privileged EXEC command followed by the snasw start privileged EXEC command on the router.
•
Symptoms A router may have to be reloaded because of memory allocation (MALLOC) failures.
Conditions This symptom is observed on a Cisco 7200 series router that has an 8-port fully channelized T1/E1 PRI, 256-channel port adapter.
The Cisco 7200 has to be reloaded because of a memory leak. This symptom occurs when heavy traffic is flowing through the interfaces and when the interfaces are forced to flap because a connected router reloads.
Workaround There is no workaround.
Novell IPX, XNS, and Apollo Domain
•
Symptoms Internetwork Packet Exchange (IPX) Service Advertisement Protocol (SAP) updates are not populated properly.
Conditions This symptom is observed when IPX Enhanced Interior Gateway Routing Protocol (EIGRP) is used.
Workaround Use Routing Information Protocol (RIP) SAP.
Wide-Area Networking
•
Symptoms A switch may not recover after an end-to-end ATM permanent virtual circuit (PVC) failure.
Conditions This symptom is observed on a Catalyst 2924XL switch that a Catalyst 2900 XL series ATM 155 single-mode (SM) medium-reach (MR) fiber module (WS-X2971-XL) when Operation, Administration, and Maintenance (OAM) management is used.
Workaround Avoid using OAM management. This precaution will ensure that the link remains up and that traffic will pass.
•
Symptoms UP and DOWN status messages may be displayed on the console.
Conditions This symptom is observed when a leased-line configuration is in the UP state, but the peer is not responding. This symptom occurs because PPP calls the interface reset vector regularly if the peer is not responding to the PPP attempts to communicate.
Workaround There is no workaround.
Resolved Caveats—Cisco IOS Release 12.1(15)
This section describes possibly unexpected behavior by Cisco IOS Release 12.1(15). All the caveats listed in this section are resolved in Cisco IOS Release 12.1(15). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms Some calls get rejected.
Conditions This symptom is observed on all voice platforms on which the call fallback mechanism is enabled.
Workaround There is no workaround.
•
Symptoms A router may fail to boot and display the following error message:
4B4 604DC4A0 %SYS-2-INTSCHED: 'idle' at level 4 -Process= "EnvMon", ipl= 4, pid= 8 -Traceback= 6050B024 604F5F98 604F8154 6092BBA8 607124FC 60542FD8 60543228 604DCConditions This symptom is observed on a Cisco router that is running Cisco IOS Release 12.1(11) and Simple Network Management Protocol (SNMP). The router has to be power-cycled to complete the boot process.
Workaround Remove SNMP traps from the configuration.
EXEC and Configuration Parser
•
Symptoms A router may reload unexpectedly.
Conditions This symptom is observed if a configuration change is made by a user whose username has a percent sign (%) sign in it on a Cisco router that is running Cisco IOS Release 12.1.(12) and that has Network Time Protocol (NTP) configured.
Workaround There is no work around.
IBM Connectivity
•
Symptoms The following error messages appears on the router log:
May 22 15:14:04: %SYS-2-LINKED: Bad enqueue of 61EC814C in queue 6202479C -Process== "<interrupt level>", ipl== 4 -Traceback== 6041F50C 6041CC08 6123BAEC 60CA22D4 6023D1B4 6023C964 60232324 May 22 15:19:24: %BSC-3-BADLINESTATE: Line state Tx when receiving EOT on line Serial1/0When the router logs the messages, the router may or may not respond to the attached bisync/bsc devices.
Conditions This symptom is observed on different platforms and serial interface modules.
Workaround Try the Block Serial Tunneling (BSTUN) interface as half duplex or try a different serial module other than WIC-2T, such as NM-4A/S.
Interfaces and Bridging
•
Symptoms A router may reload because of an SegV exception.
Conditions This symptom is observed when FRF.9 hardware compression is used on a platform that supports hardware compression.
Workaround Disable hardware compression.
•
Symptoms A memory allocation failure (MALLOCFAIL) message is displayed when a cable is unplugged from a serial interface.
Conditions This symptom is observed on a Cisco 7206VXR router that is running Cisco IOS
Release 12.2(7a) and that has a Network Processing Engine (NPE-400) when a cable is unplugged from a serial interface and when the l3 bypass global configuration command is enabled.Workaround There is no workaround.
•
Symptoms An IP ping may not go through.
Conditions This symptom is observed in an integrated routing and bridging (IRB) environment on a bridging and bridging-to-routing path. The IP ping does go through on a routing and routing-to-bridging path.
Workaround There is no workaround.
•
Symptoms A router may reload if a circuit that has compression configured is removed while there is subsequent activity on a compression retry timer.
Conditions This symptom is observed on a Cisco router that is using software or hardware compression and that has FRF.9 Frame Relay compression configured. The activity on the compression retry timer occurs because of a transmission error and subsequent signaling of a compression restart sequence.
Workaround There is no workaround.
IP Routing Protocols
•
Symptoms The ip host-routing global configuration command is enabled and if routing is disabled, the networking device will stop all forms of routing and remove static routes that are defined in a configuration.
.Conditions This symptom is observed when the no ip host-routing global configuration command is issued in configuration terminal mode on a networking device.
Workaround To issue the no ip host-routing global configuration command, first enable the command using the ip host-routing global configuration command and then disable the command immediately using the no ip host-routing global configuration command. Do not exit the global configuration mode before issuing the no ip host-routing global configuration command.
•
Symptoms An external Autonomous System Boundary Router (ASBR) may choose a suboptimal path for an external type 2 route.
Conditions This symptom is observed on an ASBR router that is situated external to a network that has several Area Border Routers (ABRs).
Workaround There is no workaround.
•
Symptoms A router may reload.
Conditions This symptom is observed on a Cisco router when a large Network Address Translation (NAT) address pool is unconfigured.
Workaround There is no workaround.
•
Symptoms A router may reload when it is searching the Resource Reservation Protocol (RSVP) database.
Conditions This symptom is observed on a Cisco router that is running in the Route Processor Redundancy Plus (RPR+) or the Stateful SwitchOver (SSO) mode. The router reloads when a tunnel is up and when Multiprotocol Label Switching-traffic engineering (MPLS-TE),
Cisco Express Forwarding (CEF), and IP routing are unconfigured using the following sequence of commands:
no tag advertise-tags
no mpls ip
no mpls label protocol ldp
no ip routing
no ip cef
no mpls traffic-eng tunnelsWorkaround Issue the no mpls traffic-eng tunnels router configuration command to shut down all tunnels before issuing the no ip routing global configuration command.
•
Symptoms A router may reload with a bus error while the shortest path first (SPF) algorithm is computed.
Conditions This symptom is observed if multiple routers are advertising the same prefix in Type-5 or Type-7 link-state advertisements (LSAs).
Workaround There is no workaround.
•
Symptoms A software-forced reload may occur on a router.
Conditions This symptom is observed on a Cisco 12008 router that has a Multiprotocol Label Switching (MPLS) traffic engineering (TE) tunnel that is configured with an absolute metric when the tunnel is used with the Open Shortest Path First (OSPF) protocol. A watchdog timer event may be triggered, and the router may reload after the shutdown interface configuration command followed by the no shutdown interface configuration command is issued on the tunnel interface.
Workaround There is no workaround.
•
Symptoms A software-forced reload may occur on a router.
Conditions This symptom is observed on a Cisco router if an interface is shut down from another terminal while output from the show ip pim neighbor EXEC command is displayed.
Workaround There is no workaround.
•
Symptoms A router may reload.
Conditions This symptom is observed during withdrawal of two paths to the same destination at the same time.
Workaround There is no workaround.
•
Symptoms A router flushes link-state advertisements (LSAs) that have not been refreshed for more than 50 minutes.
Conditions This symptom is observed on a Cisco router that is running Cisco IOS
Release 12.0(19)ST1.Workaround There is no workaround.
Miscellaneous
•
Symptoms The following continuous stream of "%POT1E1-3-FWFATAL" error messages may occur on a router:
%POT1E1-3-FWFATAL: Bay 5: firmware needsresetdue to fw watchdog timeout % POT1E1-3-FWFATAL: Bay 4: firmware needsresetdue to fatal softwareerrorsConditions This symptom is observed on a Cisco 7206VXR router that is running Cisco IOS
Release 12.1(8.04) and using an eight-port multichannel T1 port adapter (PA-MC-8T1).Workaround There is no workaround.
•
Symptoms High memory utilization that results in malloc failures may occur on a router.
Conditions This symptom is observed if you use the ip route network-number network-mask ethernet [bay] slot/port EXEC command to configure static routes to a prefix on a Cisco router that is capable of distributed Multiprotocol Label Switching (MPLS) forwarding (such as a
Cisco 7500 series router or a Cisco 12000 series Internet router). If you enter the show cef linecard internal command, many interprocess communication (IPC) messages appear to be queued up under the category "rtc."Workaround When a route is configured using the ip route network-number network-mask ethernet [bay] slot/port EXEC command, make sure that you also provide a next hop IP address. Use the following command to configure a next hop IP address: ip route network-number network-mask ip-address ethernet [bay] slot/port (where IP address is the next hop IP.)
•
Symptoms The clear to send (CTS) signal on port 0 is inverted for a short period of time when binary synchronous communication (BISYNC) polling is started after the router is reloaded. This behavior causes an ATM machine to enter the error recovery mode and may prevent the ATM machine from recovering and reestablishing proper communication with the router.
Conditions These symptoms are observed on a Cisco 2600 router that has a 2-port serial low-speed asynchronous and synchronous WAN interface card (WIC 2 A/S) that is configured for BISYNC on port 0 and has the physical-layer async interface configuration command configured on port 1.
Workaround After the ports have been initialized through a reload or after the physical-layer async interface configuration command is removed from the configuration of a port, issue the shutdown interface configuration command followed by the no shutdown interface configuration command on the serial interface to reinitialize the hardware settings.
•
Symptoms On a router, the amount of available dynamic memory may decrease.
Conditions This symptom is observed as the Internet Key Exchange (IKE) negotiates IP Security (IPSec) tunnels if Rivest, Shamir, and Adleman (RSA) signature authentication is used. The loss of available memory may continue until the router is no longer able to operate because of a lack of dynamic memory.
Workaround Reload the router.
•
Symptoms Operation, Administration, and Maintenance (OAM) cells may be delayed in transmission, and OAM cells may be sent out of sequence.
Conditions This symptom is observed on an overloaded permanent virtual circuit (PVC). The PVC may go down when this symptom occurs.
Workaround There is no workaround.
•
Symptoms Systems Network Architecture Switching Services (SNASw) may not release memory as expected.
Conditions This symptom is observed on a Cisco 2600 router that is running SNASw and that is running Cisco IOS Release 12.2(6). The router may consume memory in a two-network node servers scenario in which one of the servers has failed and recovered. The SNASw directory services process is the process that consumes memory.
Workaround There is no workaround.
•
Symptoms IP connectivity may be disrupted after distributed Cisco Express Forwarding (dCEF) is configured on a router.
Conditions This symptom is observed on a Cisco 7500 series router that is functioning as a provider edge (PE) router and that is running tag switching or Multiprotocol Label Switching (MPLS). This symptom occurs if the router is running both cell-based and frame-based tag switching simultaneously.
Workaround There is no workaround.
•
Symptoms The input queue fills and the Systems Network Architecture Switching Services (SNASw) upstream link fails.
Conditions This symptom occurs if SNASw receives a protocol violation generating sense 8007 on an incoming bind frame from the virtual telecommunications access method (VTAM). This situation causes subsequent frames to be kept on the input hold queue. This behavior causes failures with sense 0805 on the VTAM, causing sessions to be stuck in the "pending session start" (PSEST) state. When this condition occurs, the input queue eventually fills and the SNASw upstream link fails.
Workaround Identify and terminate the affected Real-Time Transport Protocol (RTP) pipe from the VTAM.
•
Symptoms A Route Processor (RP) may experience a bus error or pause indefinitely when a crash test is performed.
Conditions This symptom occurs after the test crash command is issued on an active RP.
Workaround Reload or power-cycle the router.
•
Symptoms A router may reload.
Conditions This symptom is observed during the execution of the no e1 1 channel-group 0 command on the controller of a Multi-Channel E3 port adapter on a Cisco 7200 series router that is configured for IP routing.
Workaround Shut down the interface and then remove the channel group.
•
Symptoms In Y-Cable APS, with the manual-switch condition on the Protection channel, the Signal Degrade (SD) condition is applied and then removed from the Working channel. After the SD condition is removed, the Working channel may become the active channel again.
Conditions This symptom is observed when the SD condition on Working channel did not clear the lower-priority manual-switch condition on the Protection channel, which causes the switchback to Working channel when the SD condition is cleared.
Workaround There is no workaround.
•
Symptoms Active reverse Telnet sessions on a preconfigured port on a network module may stop transmitting data if the physical-layer async interface configuration command is configured on another port.
Conditions This symptom is observed on an 8-port asynchronous/synchronous network module (NM-8A/S) that has the physical-layer async interface configuration command configured on one port.
Workaround Do not configure the physical-layer async interface configuration command on a port if any of the ports on the network module has an active session. Clear the active lines before configuring the physical-layer async interface configuration command. Alternatively, the router can be reloaded after the command is configured.
•
Symptoms An Enterprise Extender (EE) link to a host may toggle between the up and the down states.
Conditions This symptom occurs when the physical unit (PU) link is not predefined on the host or when the PU is predefined as "DISNCT=xxx" rather than "DISNCT=NO." When this symptom occurs, the incorrect value for the ALIVE timer is passed between the two Real-Time Transport Protocol (RTP) endpoints in a connection setup.
Workaround Predefine the PU link on the host as "DISCNT=NO."
•
Symptoms A Systems Network Architecture Switching (SNASw) router may reload in the routine ntl_avl_rotate_right. Traceback contains the following message:
0x6104B57C:nba_mmcpu_compare_proc_type(0x6104b578)+0x4 0x61143930:ntl_avl_find(0x611438f8)+0x38 0x6104B00C:nba_update_mm_stats(0x6104af6c)+0xa0 0x611472B8:nba_mm_free(0x61147294)+0x24 0x61144F98:nba_free_buffer(0x61144f00)+0x98 0x61147C2C:nba_send_ips(0x61147a78)+0x1b4 0x61140888:nbm_free_buffer(0x61140818)+0x70 0x61147C3C:nba_send_ips(0x61147a78)+0x1c4Conditions This symptom is observed when two downstream Low Entry Nodes (LEN) send Berkeley Internet Name Domains (BINDs) with the same Procedure Correlation Identifier (PCID) correlator at the same time. This situation should be a very rare occurrence, but some devices may use a random number when generating PCID correlators.
Workaround There is no workaround.
•
Symptoms A router may reload.
Conditions This symptom is observed under rare circumstances when online insertion and removal (OIR) of an S card is executed.
Workaround Do not execute S card OIR. Wait for a maintenance window during which the router can be powered down and up.
•
Symptoms A router may reload.
Conditions This symptom is observed on a Cisco router with the tunnel configured and when both the tunnel source is removed and the tunnel has no "raw-packet-interface".
Workaround There is no workaround.
•
Symptoms A Systems Network Architecture Switching Services (SNASw) dependent logical unit requester (DLUR) router cannot activate the pipe between the DLUR and the dependent logical unit server (DLUS). The following message may be displayed on the router:
**** 00001202 - EXCEPTION 512:492 (0) ****
Locate search failed: search error
Sense code = 0x08900060
Origin CP name = XXXXXXXX.XXXXXX
Origin LU name = XXXXXXXX.XXXXXX
Destination LU name = YYYYYYYY.YYYYYYConditions This symptom is observed on an SNASw router that is running Cisco IOS
Release 12.2(6).Workaround Restart the SNASw protocol by issuing the snasw stop privileged EXEC command followed by the snasw start privileged EXEC command on the router.
•
Symptoms A router may experience a line protocol flap or go down in high traffic conditions.
Conditions This symptom is observed on a Cisco 7200 router that has a port adapter (PA-T3, PA-E3, or PA-H), a Network Processing Engine (NPE-400), or a Network Service Engine-1 (NSE-1).
Workaround Use dual interface versions of the port adapters mentioned above.
•
Symptoms There may be difficulty enabling Cisco Express Forwarding (CEF) using CEF commands, and packets may be process-switched.
Conditions This symptom is observed on a Cisco 7100 router.
Workaround There is no workaround.
TCP/IP Host-Mode Services
•
Symptoms On a router, the Karn's Round-Trip Time (KRTT) may not be bounded to RTTO*2**5.
Conditions This symptom is observed on a Cisco router that is running a Cisco IOS release that contains the workaround for DDTS CSCdu18397. When there are retransmissions that occur between the TCP endpoints, the KRTT value can get excessively large and the TCP connection drops. This situation frequently affects Data-Link Switching (DLSw). The DLSw peers sporadically drop.
Workaround There is no workaround.
Wide-Area Networking
•
Symptoms The Layer 2 Tunnel Protocol (L2TP) may get stuck.
Conditions This symptom is observed when the L2TP parses an invalid control message with a zero-length attribute-value (AV) pair.
Workaround There is no workaround.
•
Symptoms A Frame Relay over ISDN call may fail.
Conditions This symptom is observed if the data-link connection identifier (DLCI) on the subinterface is in an inactive state.
Workaround Configure the permanent virtual circuit (PVC) at the main interface rather than at the subinterface.
•
Symptoms A Cisco router may set up a tunnel.
Conditions This symptom is observed even if bidirectional Challenge Handshake Authentication Protocol (CHAP) authentication is not successful.
Workaround There is no workaround.
•
Symptoms A router may experience a memory leak.
Conditions This symptom is observed on a Cisco router that is configured for X.25 over the Link Access Procedure, Balanced (LAPB) links in a high error environment.
Workaround Correct the cause of the high error rate on the LAPB links.
•
Symptoms A Versatile Interface Processor (VIP), Gigabit Ethernet Interface Processor (GEIP), Gigabit Ethernet Interface Processor plus (GEIP+), or Packet OC-3 Interface Processor (POSIP) that is installed in a router may reload. The VIP may display the following error message when it reloads:
%DMA-1-DRQ_STALLED: DRQ stalled. Dumping DRQ.Conditions This symptom is observed on a Cisco 7500 router under heavy traffic conditions.
Workaround There is no workaround.
•
Symptoms A router may reload with a bus error displaying the following error message:
%ALIGN-1-FATAL: Illegal access to a low address addr=0x50, pc=0x6135D584, ra=0x60636AD0, sp=0x62338E68Conditions This symptom is observed on a Cisco 7200 router.
Workaround There is no workaround.
•
Symptoms On a router, IP connectivity may get lost and then be reestablished. The packets coming from the router will have TCP checksum failures, and the packets will be dropped.
Conditions This symptom is observed when a serial tunnel (STUN) connected from a Cisco 7200 series router that is running Cisco IOS Release 12.2(7.5) to another router over a Voice over Frame Relay (VoFR) link.
Workaround Reset the STUN connection.
•
Symptoms The values of the MIB objects ifHCInOctets and ifHCOutOctets may show an abnormally high rate of increase. These values may be much higher than the maximum possible rate or than the ifHighSpeed of that interface.
Conditions This symptom is observed on interfaces that represent a LAN emulation (LANE) client. This bandwidth utilization, as calculated from these objects, could be abnormally high and incorrect.
Workaround There is no workaround.
•
Symptoms A router may reload.
Conditions This symptom is observed on a Cisco router when dialer profiles are used to get links up to the destination with a Multilink PPP (MLP) configuration and if there is an idle timeout or the dialer profile interface is disconnected.
Workaround Use a rotary configuration instead of a dialer profile configuration.
•
Symptoms A packet is incorrectly dropped by the router.
Conditions This symptom is observed when the Frame Relay encapsulated packet is a Multiprotocol Label Switching (MPLS) packet on locally switched Frame Relay permanent virtual circuits (PVCs) that are configured with the connect or Frame Relay route interface configuration commands,. This condition affects only the Cisco 7500 series routers and only the Cisco IOS images that support MPLS switching, such as the rsp-pv-mz or rsp-jsv-mz image.
Workaround There is no workaround.
•
Symptoms A Frame Relay over ISDN call is not retried after it is dropped.
Conditions This symptom occurs when Frame Relay over ISDN is used. If a data-link connection identifier (DLCI) that is configured on a subinterface goes down (becomes inactive or is deleted), the corresponding subinterface is marked down. When the ISDN circuit is released, the subinterface remains in the down state. Subsequent attempts to bring up the ISDN circuit using the network address that is bound to that subinterface do not work.
Workaround Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the subinterface.
Resolved Caveats—Cisco IOS Release 12.1(14)
This section describes possibly unexpected behavior by Cisco IOS Release 12.1(14). All the caveats listed in this section are resolved in Cisco IOS Release 12.1(14). This section describes severity 1 and 2 caveats and select severity 3 caveats.
Basic System Services
•
A Cisco router may reload when a probe is configured to operate at a frequency of 0 seconds and then is scheduled to run.
Workaround: The probe frequency of 0 seconds is illegal and must not be used.
•
A Cisco router that is running Cisco IOS Release 12.0(20.3)S1 may not be accessible through the Ethernet 0 interface.
Workaround: Load the software onto the router, copy the running configuration file to the startup configuration, and reload the router.
•
A Cisco router that is running Cisco IOS Release 12.1(12) may display the following traceback messages and reload after the clear cdp table privileged EXEC command is issued:
%ALIGN-3-TRACE: -Traceback= 604E42A0 604E39EC 604E37B0 604E32B0 6026BDE4 60277FCC 602C90F4 602C90E0
%ALIGN-3-TRACE: -Traceback= 604E42CC 604E39EC 604E37B0 604E32B0 6026BDE4 60277FCC 602C90F4 602C90E0
%ALIGN-3-TRACE: -Traceback= 604E42D0 604E39EC 604E37B0 604E32B0 6026BDE4 60277FCC 602C90F4 602C90E0There is no workaround.
IBM Connectivity
•
A Cisco 7200 router that is configured with data-link switching plus (DLSw+) Routing Information Field (RIF) passthrough peers may reload if:
–
–
–
Workaround: Perform the following steps:
a.
source-bridge max-hops3
source-bridge max-in-hops 3These commands limit the maximum number of hops from each end of the physical Token Ring interface to three hops. An additional fourth hop is used for the virtual ring. This configuration keeps the combined RIF length to within seven hops.
b.
dlsw timer sna-verify-interval 1200
dlsw timer netbios-verify-interval 1200These commands set the verify interval to 20 minutes (the default cache timeout is 16 minutes, or 960 seconds). This configuration prevents the router from entering the VERIFY state. The cache entry is deleted before the router can perform a VERIFY operation.
Interfaces and Bridging
•
ATM virtual circuit (VC) counters are not correctly incremented on a 1-port ATM OC3 multimode port adapter (PA-A1-OC3MM) that is installed on a Cisco 7500 router that is running Cisco IOS Release 12.1(7a)E2. There is no workaround.
•
A Versatile Interface Processor (VIP) may reload or record spurious access after class maps are configured for Frame Relay. There is no workaround.
•
On a Cisco 7200 router that is running Cisco IOS Release 12.1(12.4) and that has an ATM Lite port adapter, packet pings that are 500 bytes or larger in size may not go through the ATM Lite port adapter. Packet pings that are smaller than 500 bytes in size can be sent through the ATM Lite port adapter. There is no workaround.
IP Routing Protocols
•
A Cisco 7206VXR router that is running the Open Shortest Path First (OSPF) Protocol and acting as a designated router (DR) will generate router link states but may fail to generate network link states for a connected network. The OSPF neighbors will come up correctly on all routers in the network.
Workaround: Set the priority on the interface to 0 so that the router is not the DR for that link.
Miscellaneous
•
The byte counters on a serial interface on a Cisco 7500 series router that is running Cisco IOS Release 12.1(8) may not work properly. There is a difference between the number of bytes on one side of a serial link and the number of bytes on the other side of the link. The counter may also decrease. There is no workaround.
•
A Cisco AS5800 universal access server may experience a memory leak in the pool manager process. There is no workaround.
•
On a Cisco Route Switch Processor (RSP) that is running Cisco IOS Release 12.2 or 12.2 T with an Ethernet to Fast Ethernet channel combination topology, a fast cache entry is built when inbound NetFlow is configured on top of Cisco Express Forwarding (CEF) on an Ethernet interface. There is no workaround.
•
When an X.75 call is made on a E1 or PRI interface, a "SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level" message may be displayed. This condition has no user impact. There is no workaround.
•
Significant throughput degradation may occur on a PPP multilink if the fragment delay on a 2-port multichannel E1 port adapter (PA-MC-2E1) that is configured for channel groups is set to a value that is lower than the default value. There is no workaround.
•
When a channelized port adapter (CT3) is used and if framing is reconfigured with the t1 1 framing esf privileged EXEC command, certain interfaces that are configured on that T1 line may stop passing traffic. This condition occurs only if the t1 1 framing esf privileged EXEC command is issued after channel groups are already configured on the T1 line and while the channel groups are passing traffic. The framing needs to be set only for the T1 line when the first channel group is configured and does not need to be reentered when a new channel group is added.
Workaround: Issue the t1 1 framing esf privileged EXEC command only when the first interface on a T1 line is configured.
•
When a channelized T3 port adapter (CT3) that is configured with multiple channel groups is used, all interfaces may stop passing traffic if T1 frames are received on one of the groups that has voice signaling enabled.
Workaround: To clear this condition, shut down the interface that corresponds to the channel group that is receiving the invalid frame. If any of the other interfaces continues to flap after the interface that is receiving the invalid frame is shut down, the interface has to be reconfigured.
•
A Cisco 7204VXR router that is running the c7200-a3js-mz image of Cisco IOS Release 12.2(5a) may experience a software-forced reload. There is no workaround.
•
A Route Switch Module (RSM) that is running Cisco IOS Release 12.0(20) may experience alignment error corrections at the rsp_ipfib_feature_switch process.
Workaround: To clear this condition, disable IP Cisco Express Forwarding (CEF) and use fast switching instead.
•
If a Cisco router receives a gratuitous Address Resolution Protocol (ARP) for a static ARP entry with an alias keyword, the router may reload because of a bus error.
Workaround: Do not use an alias keyword on a static ARP entry. An alias keyword allows the router to answer ARP requests for the static ARP entry, but in many cases an alias keyword is not required because the router needs the static ARP entry only for its own use.
•
A Cisco Router Route Processor (GRP, RSP or NPE) may reload when a traffic engineering (TE) tunnel interface is disabled and reenabled immediately using the shutdown interface configuration command followed by the no shutdown interface configuration command. The router may also exhibit this behavior either when tag switching is enabled and disabled using the no tag-switching ip interface configuration command followed in quick succession by the tag-switching ip interface configuration command or when a loopback interface is disabled and reenabled using the shutdown interface configuration command followed immediately by the no shutdown interface configuration command. This behavior may also occur when a file is copied to the running configuration to change the state of a tunnel.
Workaround: Wait for at least a minute after the shutdown interface configuration command is issued before entering the no shutdown interface configuration command on a tunnel interface or its associated loopback interface. Wait for at least a minute after the no tag-switching ip interface configuration command is issued before entering the tag-switching ip interface configuration command. Shut down all tunnel interfaces before copying a file to the running configuration.
•
When an online insertion and removal (OIR) is performed on a Versatile Interface Processor (VIP) that is installed on a Cisco 7500 router, or if the single line card reload (SLCR) feature is used, traffic forwarding issues may occur after the VIP reloads. If the router uses either a static or a connected route to send traffic out of an interface that is on the failed VIP, forwarding may stop after an OIR or an SLCR procedure is performed.
Workaround: Issue the clear cef linecard adjacency EXEC command to recover from this condition.
•
A Cisco 7500 series router that is configured with the main interface in backup and subinterfaces with the same IP address has different behavior at boot-up between Cisco IOS Release 11.3(11)WA4(14) and Cisco IOS Release 12.0. During operation of the router, the duplicate IP addresses can be configured in both versions of Cisco IOS software. However, at boot-up the duplicate IP addresses are removed from the configuration in Cisco IOS Release 12.0.
Workaround: Manually configure the affected interfaces again after the reboot.
•
A Versatile Interface Processor (VIP) may reload if distributed Multilink PPP (dMLP) is configured on a channelized T3 or E3 interface after the router is reloaded and booting up. There is no workaround.
•
A Cisco router may experience a bus error and reload when the clear ip bgp * command is entered at the console and a large number of routes have been imported. There is no workaround.
•
The performance of the encryption path degrades when Cisco IOS Release 12.2(6.8) is used with a hardware encryption card. The loss in performance occurs because encrypted packets are process-switched instead of being fast-switched. This condition occurs when IP Security (IPSec) is applied to the interfaces while the hardware encryption card is used. There is no workaround.
•
On a Cisco AS5800 universal access server that is running Cisco IOS Release 12.1(11) and that has Resource Pool Management (RPM) or Resource Pool Manager Server (RPMS) enabled, the access server will show that modems are in use even when there are no active users connected. There is no workaround.
•
Systems Network Architecture Switching Services (SNASw) intermediate session routing (ISR) sessions that have an enterprise extender (EE) upstream may have messages that are unnecessarily segmented. Messages may be segmented because the CAPACITY on the physical unit (PU) definition on the host is too low or because the wrong primary send or receive basic transmission unit (BTU) size is being used by the SNASw router.
After the segmenting of messages starts to occur (for either reason), the End Of Message (EOM) segment may be corrupted, causing the other end of the Rapid Transport Protocol (RTP) connection to identify a gap and request that the message to be rebroadcasted. For a customer, this behavior caused significant delays as it is taking nearly two minutes before the gap detected status was returned to the SNASw router.
Workaround: To prevent the segmenting from occurring, add CAPACITY=4M to the PU definition on the host.
•
A Cisco 7206VXR router that has a Network Processing Engine (NPE-300) and that is running Cisco IOS Release 12.1(8.4) may reload because of a memory corruption if a service policy output with a policy map is configured using the policy-map policy-map-name global configuration command and if a 24-character long class-map-name is configured using the class-map class-map-name global configuration command.
Workaround: Use a map name that is less than or equal to 23 characters or a map name in which the character length is not a multiple of four.
•
A Cisco router that is running Cisco IOS Release 12.1(12.6) may reload when the debug crypto ipsec command is enabled. An invalid IP Security (IPSec) message may be displayed when this condition occurs. The following error message may be displayed before the router reloads:
CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=201.201.30.1, prot=51, spi=0x1C0D0620(470615584) SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt levelWorkaround: Do not enable the debug crypto ipsec command.
•
After a Cisco AS5800 universal access server has been running for more than 10 hours under stress conditions, modem ISDN Channel Aggregation (MICA) technologies modems may be marked as bad. There is no workaround.
•
Spurious memory accesses are observed at the dsx3_controller_t1_framing process when extended super frame (ESF) framing is configured on a Channelized T3 Interface Processor (CT3IP) controller. Spurious memory accesses may also occur if the router is rebooted while framing is set to ESF. There is no workaround.
•
An invalid cache adjacency exists on a line card but not on the Route Processor (RP).
Workaround: Issue the clear cef linecard slot-number adjacency EXEC command on the line card.
•
A line card may be stuck in an off-for-download state on a Cisco 7500 router or a Cisco 12000 router. This condition is indicated by the output of the show cef linecard EXEC command. This condition is caused by an interprocess communication (IPC) error with another line card during the Forwarding Information Base (FIB) table download process. There is no workaround.
Wide-Area Networking
•
A Cisco router that has a Route Switch Processor (RSP) may pause indefinitely at the rsp_fs_free_memd_pak process and display the following message on the console:
%RSP-3-BADBUFHDR: freeing MEMD pak, address 0 -Traceback= 60367710 60373AA4 602D30B8 600DA700 602413E0 602416D8 60FCE4D8 60FCC CD0 602223C8 602224F4 6036A260 60378E70 60331290There is no workaround.
•
An ISDN trap is not generated after a call is connected. The following ISDN objects are affected:
–
–
–
–
–
–
–
There is no workaround.
•
When an IP digital subscriber line (DSL) switch is used as a Layer 2 Tunneling Protocol (L2TP) network server (LNS), the IP DSL switch may pause indefinitely or reboot if the ping sweep (from 64 to 1500) is generated from the customer premises equipment (CPE). There is no workaround.
•
A Cisco 3600 router that is running Cisco IOS Release 12.1(5)T5 may experience a memory leak at the ISDN process. There is no workaround.
•
A versatile interface processor (VIP) may reload because of memory corruption when Inter-Switch Link (ISL) encapsulation is disabled and reenabled on an interconnected Gigabit Ethernet interface on a provider edge (PE) router. This problem occurs as traffic is flowing between two customer edge (CE) routers that are connected through a virtual private network (VPN). There is no workaround.
•
The virtual-access counters and the RADIUS accounting data exceed the real value. This condition was observed on a Cisco 7200 PA-A3 port adapter and a Cisco 6400 NRP2-SV when a Layer 2 Tunneling Protocol (L2TP) Network Server (LNS) used an ATM permanent virtual connection (PVC) as an ingress interface for L2TP tunnels.
Workaround: Use xEthernet as the ingress interface.
•
A Cisco 7500 router that has the Route Switch Processor (RSP 4) may reload when it is running an experimental image that is based on Cisco IOS Release 12.2(6.6)T. The router reloads with a bus error because of the following corrupted program counter (PC) in the dialer code:
%ALIGN-1-FATAL: Corrupted program counter pc=0x10009, ra=0x10009, sp=0x62DB13D8There is no workaround.
•
A Cisco router may display a traceback message at the propagate_hunt_rprofile_changes() function when a configuration is changed on the dialer interface. There is no workaround.
•
Downstream Systems Network Architecture switching services (SNASw) users may experience session disconnects if the users are connecting to the SNA switch port that is an ATM LAN Emulation (LANE) subinterface. This behavior occurs when a router is running Portable SNA (PSNA) Advanced Peer-to-Peer Networking (APPN) software. This behavior may also occur when a router is running just PSNA. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.1(13a)
Cisco IOS Release 12.1(13a) is a rebuild of Cisco IOS Release 12.1(13). Caveats listed in this section are resolved in Cisco IOS Release 12.1(13a) but may be open in previous Cisco IOS releases.
•
Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.
Cisco has made software available, free of charge, to correct the problem.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
Resolved Caveats—Cisco IOS Release 12.1(13)
This section describes possibly unexpected behavior by Cisco IOS Release 12.1(13). All the caveats listed in this section are resolved in Cisco IOS Release 12.1(13). This section describes severity 1 and 2 caveats and select severity 3 caveats.
Interfaces and Bridging
•
On a Cisco 7200 router that is running Cisco IOS Release 12.1(12.4) and that has an ATM Lite port adapter, packet pings that are 500 bytes or larger in size may not go through the ATM Lite port adapter. Packet pings that are smaller than 500 bytes in size can be sent through the ATM Lite port adapter. There is no workaround.
Miscellaneous
•
The rtr reaction-configuration command can be used to trigger another probe when a timeout, a threshold violation, or a verify error occurs. However, the probe to be triggered gets activated only once during the first occurrence of the reaction condition. If the reaction condition occurs again (for example, when the timeout condition clears) and the triggered probe is in the pending state the probe should get activated again.
Workaround: This condition is resolved in Cisco IOS Release 12.0(21)S.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.1(12c)
Cisco IOS Release 12.1(12c) is a rebuild release for Cisco IOS Release 12.1(12). The caveats in this section are resolved in Cisco IOS Release 12.1(12c) but may be open in previous Cisco IOS releases.
•
When an online insertion and removal (OIR) is performed on a Versatile Interface Processor (VIP) that is installed on a Cisco 7500 router, or if the single line card reload (SLCR) feature is used after the VIP reloads, traffic that is using static routes that are defined to point out interfaces on the failed VIP may fail. The static routes that are affected are routes that are defined within a Multiprotocol Label Switching (MPLS) Virtual Private Network routing and forwarding (VRF) instance.
Workaround: Issue the clear cef linecard adjacency EXEC command to recover from this condition.
Resolved Caveats—Cisco IOS Release 12.1(12b)
Cisco IOS Release 12.1(12b) is a rebuild of Cisco IOS Release 12.1(12). The caveats in this section are resolved in Cisco IOS Release 12.1(12b) but may be open in previous Cisco IOS Releases.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.1(12a)
Cisco IOS Release 12.1(12a) is a rebuild release for Cisco IOS Release 12.1(12). The caveats in this section are resolved in Cisco IOS Release 12.1(12a) but may be open in previous Cisco IOS releases.
•
A Cisco 7200VXR router that is using any unchannelized serial port adapter (PA) and any processor other than the Network Processing Engine (NPE-300) may experience line flaps at high traffic rates and display the following message:
MUESLIX-1-HALT: Mx serial: Serial6/0 TPU halted: cause 0x3 status 0x00371A00Carrier transitions and wedged output queues may also occur. This condition affects the following port adapters:
–
–
–
–
Multichannel port adapters such as the PA-MC-T3 or the PA-MC-2T3+ are not affected. This condition affects only the Cisco 7200VXR router. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.1(12)
This section describes possibly unexpected behavior by Cisco IOS Release 12.1(12). All the caveats listed in this section are resolved in Cisco IOS Release 12.1(12). This section describes severity 1 and 2 caveats and select severity 3 caveats.
Access Server
•
A Cisco AS5800 series universal access server that is running Cisco IOS Release 12.1(7.2) may experience the following error and traceback messages:
%TTY-3-AUTOCONFIG: TTY1/9/29: Modem auto-configuration failed
%TTY-3-AUTOCONFIG: TTY1/9/33: Modem auto-configuration failed
%TTY-3-AUTOCONFIG: TTY1/9/34: Modem auto-configuration failed
%TTY-3-AUTOCONFIG: TTY1/9/57: Modem auto-configuration failed
%TTY-3-AUTOCONFIG: TTY1/9/62: Modem auto-configuration failed
%TTY-3-AUTOCONFIG: TTY1/9/56: Modem auto-configuration failed
%TTY-3-AUTOCONFIG: TTY1/9/75: Modem auto-configuration failed
%TTY-3-AUTOCONFIG: TTY1/9/64: Modem auto-configuration failed Queued messages:
%SYS-3-LOGGER_FLUSHING: System pausing to ensure console debugging output. %SYS-3-LOGGER_FLUSHED: System was paused for 00:00:02 to ensure console debugg ing output.
%SYS-2-MALLOCFAIL: Memory allocation of 1048 bytes failed from 0x6053A7F0, poo l Processor, alignment 0 -Process= "Crash writer", ipl= 0, pid= 120 -Traceback= 604412B0 60442F08 6053A7F8 6046BD4C 604743BC 604006DC 604008AC 60437D2C 60437D18
%SYS-2-CFORKMEM: Process creation of Async tty Reset failed (no memory). -Process= "Serial Background", ipl= 0, pid= 7 -Traceback= 60463CD0 6045605C 6065EB10 6065ED80 609C4F30 6000FF3C 60437D2C 60437D18
%MODEM-1-DL_FAIL: Firmware download failed for slot 3341 module_mask 609A8D88 %SYS-3-LOGGER_FLUSHED: System was paused for 00:00:00 to ensure console debugg ing output.The access server then reloads with the following bus error:
System returned to ROM by bus error at PC 0x6097DD50, address 0xDEADBEFB at 10:43:38Workaround: Use a Cisco IOS release that contains the fix for this caveat.
•
After a Cisco AS5800 access server is reloaded, the modem modules on the Cisco AS5800 universal access server double-density modem card (DS58-144DM-CC) may not be downloaded with the firmware as specified by the Service Processing Element (SPE) commands in the configuration. Modem modules are loaded with the default Cisco IOS software bundled firmware and are indicated by the "!-Upgrade request is pending message." This condition occurs regardless of the slot, Modem ISDN Channel Aggregation (MICA) technologies card, or modem module that is used.
Workaround: Manually reconfigure a SPE with the specified firmware location for the modem module range that is affected. This configuration will cause the router to download the firmware into each of the MICA technologies cards separately.
If you are running four MICA cards in slots 4 through 7, the following global configuration commands need to be configured:
spe 1/4/0 1/4/11 firmware location flash0:mica-modem-pw_2_7_2_1.bin !
spe 1/5/0 1/5/5 firmware location slot0:mica-modem-pw_2_7_2_1.bin !
spe 1/5/6 1/5/11 firmware location flash0:mica-modem-pw_2_7_2_1.bin !
spe 1/6/0 1/6/11 firmware location slot0:mica-modem-pw_2_7_2_1.bin !
spe 1/7/0 1/7/11 firmware location flash0:mica-modem-pw_2_7_2_1.binThese configuration commands will cause the router to download the firmware into the MICA separately and confine the affected modem modules to the last modules on one slot (for example 5 to 11 or 10 to 11).
To workaround this problem, alter the modem recovery time to 15 minutes later than the reload time using the following global configuration commands (assuming that the reload time is set at 4 am):
modem recovery maintenance time 4:15
modem recovery maintenance stop-time xx:yy
modem recovery maintenance window xx:yyNote: The maintenance time must be configured to start after the reload time.
Basic System Services
•
If you perform a write erase that erases the configuration in NVRAM, the boot variables are not changed.
Workaround: Change the boot configuration and configuration register, then save the configuration before erasing NVRAM.
•
The Flash MIB implementation for a High End System (HES) in Cisco IOS software does not provide correct information for the following objects:
–
–
–
There is no workaround.
•
A Cisco router that is using a compression service adapter (SA-Comp/4) may appear to be using software compression instead of hardware compression when the show compress EXEC command is entered. There is no workaround.
•
When a very large number of managed chunks is allocated, the chunk manager may cause a router to unexpectedly reload when those chunks are freed. There is no workaround.
•
A router stops responding to the command-line interface (CLI), pauses indefinitely, and subsequently reloads if the power-on self test (POST) data has the following attributes:
–
–
–
There is no workaround.
•
A router may reload if the show running-config privileged EXEC command is issued while the community string in the snmp-server community string global configuration command is set to a string that has more than 128 characters.
Workaround: Avoid using community names that have more than 128 characters.
•
A Cisco router that is configured with Data Compression over Frame Relay Implementation Agreement (FRF.9) compression may experience a loss of synchronization between the compression peers and may not complete FRF.9 negotiation.
Workaround: Enter the shutdown followed by the no shutdown interface configuration commands simultaneously on both sides of the serial interface. When the Cisco IOS software is upgraded to correct this condition, both compression peers have to be upgraded. If only one compression peer is upgraded, negotiation may continue to fail.
•
A Cisco Versatile Interface Processor (VIP) may reload at the vip_fib_fs process when the VIP is sending traffic. There is no workaround.
•
If the target address is longer than 92 bytes for Response Time Reporter (RTR) Domain Name System (DNS) probes, the Cisco IOS software will reload.
Workaround: Avoid looking up host names that are longer than 92 bytes.
IBM Connectivity
•
A router that is running Cisco IOS Release 12.1(10.1) or a later release with data-link switching (DLSw) and Ethernet Redundancy (ER) may reload. There is no workaround.
•
Cisco IOS Release 12.1(10) software will fail to correctly determine the Fiber Distributed Data Interface (FDDI) port adapter revision level. FDDI port adapters with revision levels 1.03 to 1.10 and 1.14 and later revisions can process the routing information field (RIF) of source-route bridging (SRB) frames in hardware. Cisco IOS Release 12.1(10) software may incorrectly read the revision level as 1.1 and begin processing SRB frames in software. This condition impacts performance and incorrectly reports drops when a frame is dropped after the frame has transversed the source-bridge ring-group number. There is no workaround.
•
A Cisco 1720 router that is running Cisco IOS Release 12.2(2)T1 or Release 12.2(5) with the data-link switching plus (DLSw+) Ethernet Redundancy feature enabled may reload because of a segmentation violation (SegV) exception.
Workaround: Remove the DLSw+ Ethernet Redundancy feature and configure data-link switching (DLSW) with transparent bridging on the Ethernet segment of the router.
•
In a network of Cisco 7200 routers that use the network processing engine (NPE-225), source-route bridging (SRB) frames are dropped under a light load when data-link switching (DLSw) or TCP is used to connect SRB to the Fiber Distributed Data Interface (FDDI) on the mainframe. DLSw circuits are disconnected if there is a high load.
Workaround: Use the NPE-200 instead of the NPE-225 network processing engine.
Interfaces and Bridging
•
A Versatile Interface Processor (VIP) may reload if the following command sequence is applied to the controller on a Channelized T3 Interface Processor (CT3IP):
–
–
–
All commands that are entered after the no t1 3 timeslots 1-24 command may cause the VIP to reload.
Workaround: To prevent the controller from reloading, enter the commands in the following order:
–
–
–
or
–
–
–
Be certain to enter the no t1 3 timeslots 1-24 command after the no t1 3 clock source line command.
•
A Cisco 7100 router that is running the c7100-jk2o3s-mz.121-5a.E image of Cisco IOS Release 12.1(5a)E may experience spurious memory access when an Ethernet interface is enabled. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.1(8a)E1 with a channelized E1 ISDN PRI port adapter (PA-2CE1) or a channelized T1 ISDN PRI port adapter (PA-2CT1) and that has class-based fair weighted queueing (CBWFQ) configured may experience a reload. There is no workaround.
•
There is a continuous leak of memory when transparent bridging is configured and when an access control list (ACL) is applied to an interface. There is no workaround.
•
A Cisco Catalyst 6000 switch or a Cisco 7500 series router with a T1/E1 or T3/E3 port adapter may fail to perform TFTP after a certain number of online insertion and removals (OIRs) are performed on the Versatile Interface Processor (VIP) or Flex WAN cards that have the T1/R1 or T3/E3 port adapters installed. There is no workaround.
•
A high CPU utilization condition may occur when a Cisco 7206VXR router that is running Cisco IOS Release 12.1(9) is installed with a PA-A2-4T1C-OC3SM or PA-A2-4T1C-T3ATM port adapter. In the command output from the show process cpu EXEC command, the "uSecs" of "Net Background" and "ATM periodic" indicate increasing values.
Workaround: Enter the no shutdown command on the ATM interface.
•
A Cisco 7500 series router that is running Cisco IOS Release 12.0(16)S01 with a channelized T3 (CT3) single wide port adapter on a Versatile Interface Processor (VIP) may experience flapping interfaces that are created on the CT3 controller.
Workaround: Reload the VIP as a temporary workaround.
•
The ip mtu bytes interface configuration command may be missing from a Token Ring interface after the interface is reloaded. There is no workaround.
•
When a dedicated Token Ring port adapter (PA-4R-DTR) is used with a Versatile Interface Processor (VIP-2) on a Cisco 7500 router, the Token Ring interface that is configured for full duplex and 16 MB does not recover if the Cisco Catalyst 3920 switch that is configured with a full duplex port (FDX-port) (that the PA-4R-DTR interface is connected to) is power cycled.
Workaround: If the Cisco Catalyst 3920 switch port is configured for AUTO and not FDX-port, the PA-4R-DTR interface will recover in the half-duplex more, The PA-4R-DTR interface will recover in the full-duplex mode after the shutdown interface configuration command followed by the no shutdown interface configuration command is entered on the interface.
IP Routing Protocols
•
A Cisco 7500 router that is running a Cisco IOS release later than Release 12.10(5) with distributed Cisco Express Forwarding (dCEF), Network Address Translation (NAT), and access lists configured may fail to transmit pings that are sent between two routers through the Cisco 7500 router. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.2(3) may reload unexpectedly with a software-forced reload when running Enhanced Interior Gateway Routing Protocol (EIGRP). This condition affects routers that are running EIGRP-IP, EIGRP-IPX, and EIGRP-APPLETALK.There is no workaround.
•
When a static route is configured through an interface and the interface is subsequently shut down, the static route is still shown as invalid. This situation will occur only if all of the following conditions are met:
–
–
–
–
Workaround: Clear the static route using the clear ip route destination gateway privileged EXEC command.
•
A router may reload if NetFlow-data is exported to a multicast address.
Workaround: Do not configure a multicast address; use a unicast address instead.
•
After several hours of operation, a Cisco 1750 router that has Network Address Translation (NAT) and Port Address Translation (PAT) enabled may fail to establish new PAT sessions. New PAT sessions cannot be established from a single add-pool with overload. This condition does not occur when a nonoverload configuration is used. There is no workaround.
•
Some type 3 link-state advertisements (LSAs) may be generated with MAX-AGE for a virtual private network (VPN) Open Shortest Path First (OSPF) network after the corresponding Border Gateway Protocol (BGP) updates are received for a site that has a backdoor link. The clear ip route destination gateway privileged EXEC command can be used to force LSA generation. There is no workaround.
•
On a Cisco router that is running Cisco IOS Release 12.0(19)ST, the Border Gateway Protocol (BGP) does not mark the autonomous system (AS) paths that exceed the limit configured by the bgp maxas-limit configuration command as invalid. There is no workaround.
•
Multicast traffic stops after the shutdown interface configuration command is entered followed by the no shutdown command interface configuration command on a Packet-over-SONET (PoS) interface. This condition may occur when any link-up or link-down event takes place.
Workaround: To clear this condition, enter the clear ip mroute * EXEC command on the PoS interface.
ISO CLNS
•
After a DECnet neighbor is removed from a network, the neighbor may still be advertised in Intermediate System-to-Intermediate System (IS-IS), link-state packet (LSP), until the LSP times out. The new LSP that is generated contains the correct information. This condition is observed in Cisco IOS Release 12.0(5)T.
Workaround: Enter the clear isis * EXEC command.
•
DECnet Phase IV and Phase V translation may not work after an upgrade from Cisco IOS Release 12.0(18) to Release 12.1(9) or 12.2(1b). Packets that arrive at the router are not translated or sent to the end node but are instead looped into the network until the lifetime expires. There is no workaround.
Miscellaneous
•
A Cisco 6400 series router that is running Cisco IOS Release 12.1(1)DC1 or 12.1(3)DC1 may experience a memory leak in the PPP authentication process. The memory leak is most noticeable when the router is terminating a large number of PPP sessions and there is a high level of PPP authentication processing. There is no workaround.
•
When a member link is shut down in a distributed Multilink PPP (dMLP) bundle, the Multilink interface may flap. The following is a sample syslog output is displayed when this condition occurs:
%SYS-5-CONFIG_I: Configured from console by console
%LINK-5-CHANGED: Interface Serial0/0/0:0, changed state to administratively down
%LINK-3-UPDOWN: Interface Multilink1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:0, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:0, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Multilink1, changed state to down
%LINK-3-UPDOWN: Interface Multilink1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Multilink1, changed state to upThere is no workaround.
•
When you perform an online insertion and removal (OIR) on a trunk card, a corresponding D channel configuration is lost.
Workaround: Manually reconfigure the interface after performing the OIR.
•
On a Cisco 7200 series I/O controller card with a Fast Ethernet (FE) interface (RJ-45) that is configured with Protocol Independent Multicast (PIM) and full duplex, the line protocol flaps when the cable is removed or fails instead of just going to line protocol down.
Workaround: Remove either PIM or full duplex from the interface.
•
A Cisco AS5800 universal access server router shelf may reload intermittently when the show modem EXEC command is issued. There is no workaround.
•
On a Cisco 7200 series router that is running Cisco IOS Release 12.1(5a), a PA-8T synchronous serial port adapter that is configured with High-Level Data Link Control (HDLC) over leased lines may have ports 4 to 7 or ports 0 to 4 going in the up or down state without any visible cause.
Workaround: Reload the router.
•
The E1 feature board (FB) does not boot with Cisco IOS Release 12.2(0.11) or Release 12.2(0.12). There is no workaround.
•
A Cisco AS5300 series access server may reload under heavy load and display the following stack:
Router#show stack
Minimum process stacks
Free/Size Name 5704/6000 Reset ipc queue 2572/3000 fstp init 2388/3000 allegro libretto init 7388/12000 Init 7436/9000 DHCP Client 5288/6000 RADIUS INITCONFIGInterrupt level stacks:
Level Called Unused/Size Name 2 5484628 7988/9000 Low IRQ Int Handler 3 19 8448/9000 High IRQ Int Handler 4 36100877 8600/9000 Console Uart 6 0 9000/9000 Parity interrupt 7 61183144 8604/9000 NMI Interrupt Handler
System was restarted by bus error at PC 0x60C10D9C, address 0x20 Stack trace from system failure:
FP: 0x6205E0D0, RA: 0x60C10D9C FP: 0x6205E128, RA: 0x60ADB01C FP: 0x6205E150, RA: 0x60C17D08 FP: 0x6205E170, RA: 0x60C17E2C FP: 0x6205E288, RA: 0x60C2ACC8 FP: 0x6205E2A8, RA: 0x60C2B430 FP: 0x6205E2F0, RA: 0x60C2576C FP: 0x6205E320, RA: 0x60C25AF0There is no workaround.
•
One side of a circuit emulation service (CES) E1 Port of a Cisco LightStream LS1010 switch connection may remain consistently in the YELLOW alarm or ALARM INTEGRATION state. There is no workaround.
•
In a Cisco AS5800 universal access server that is running Cisco IOS Release 12.2(1), PPP may fail to start for modem calls. This occurs when a UPC324 card is reconfigured from Router-shelf1 to another Router-shelf2 in a split shelf mode. There is no workaround.
•
When a Hot Standby Router Protocol (HSRP) router with a higher priority is added to a network, the HSRP state changes continuously from "Active" to "Speaking," from "Speaking" to "Standby," and from "Standby" to "Active." When the HSRP state changes from "Active" to "Speaking," the router resets the interface in order to remove the HSRP MAC address from the interface MAC address filter. The switch detects this link state change on the interface, and a Spanning Tree Protocol transition takes place. The spanning tree takes 30 seconds (twice the default Forward Delay time of 15 seconds) to transition the port into the Forwarding state.
Workaround:
–
–
–
–
–
•
The Tag Distribution Protocol (TDP) uses TCP port 711 for communication between TDP peers. This is enabled on a router by default in Cisco IOS Release 12.1. The port becomes active once tag-switching is enabled on a single interface. The TCP port will remain open even after tag-switching is disabled on the router, both at the interface level and the global level.
Workaround: Reload the router to close the TCP port.
•
Creating new channel-groups or subinterfaces on a PA-A3 port adapter may cause the corruption of an existing subinterface on the same controller. When this situation occurs, the corrupted subinterface changes its status to down/down and triggers an "output frozen" condition that results in "cbus complex" restarts on all Versatile Interface Processors (VIPs). Sometimes it is possible to bring the corrupted interface back into service by undoing the channel-group change and clearing the E3 controller. There is no workaround.
•
A router shelf may reload at WATCHDOG TIMER RESET when the pri-group timeslots 1-24 command is removed from the controller configuration. There is no workaround.
•
The logging synchronous line configuration command may cause logging to stop.
Workaround: Remove this command.
•
A Cisco AS5400 universal access server that is running Cisco IOS Release 12.2 for incoming E1/R2 calls sends an abnormal clear-forward (AB=10) signal in the seize-acknowledge state. Instead, the Cisco AS5400 should send a congestion signal followed by a clear-backward (AB=11) signal and wait for the remote site to send a clear-forward signal. Switches of certain types take exception to the abnormal signal and block the circuit. There is no workaround.
•
A Cisco router may experience a memory leak when both Generic Routing Encapsulation (GRE) and IP Security (IPSec) are configured on a network. There is no workaround.
•
The Permanent Virtual Connection (PVC) to Virtual LAN(VLAN) bindings are not intact after reloading the ATM Module (WS-X516X) with a large number of PVC to VLAN bindings.
Workaround: Copy the startup configuration to running configuration using the following command on ATM Line card. copy startup-config running-config
•
A Cisco 7200 series router that uses Cisco Encryption Technology (CET) may lose Digital Signature Standard (DSS) keys when the router is upgrading to newer versions or reverting to older versions of Cisco IOS Release 12.1 software.
Workaround: Generate a new pair of DSS keys and exchange the new DSS keys with the peer routers.
•
IP Multicast does not work over a GRE tunnel when IPSec is configured. Routing protocols may work.
Workaround: Remove IPSec or send IP Multicast over a different unencrypted tunnel
•
A phantom entry may appear for a dial shelf controller on a Cisco AS5800 universal access server in the ENTITY-MIB.physicalTable.
Workaround: Reload the chassis.
•
When the no shutdown command is entered after the shutdown command is entered on a circuit emulation service (CES) card, a burst of bit errors is noticed on the circuit on some other ports on the same peripheral adapter module (PAM). This condition is observed on the Cisco 8540 multiservice switch router (MSR), the Catalyst LS1010 switch, and the Cisco 7200 series router and can affect both E1 or T1 interfaces. There is no workaround.
•
A Protocol Independent Multicast-sparse mode (PIM-SM) shared tree is not pruned in full at the Protocol Independent Multicast-Rendezvous Point (PIM-RP) during a shortest path tree (SPT) switchover. There is no workaround.
•
Phantom objects may be created in the ENTITY-MIB.physicalTable with the type DS1 and the name DS-T1 on a Cisco AS5800 universal access server.
Workaround: This condition will clear after the access server is reset.
•
A Cisco 7500 router with an Enhanced ATM port adapter (PA-A3) may issue "invalid memory allocation (MALLOC) at interrupt level" error messages when the show atm vc [vcd | interface interface-number] privileged EXEC command is entered. There is no workaround.
•
A Cisco router running Cisco IOS Release 12.2 as an Asynchronous Transfer Mode (ATM) Label Edge Router (LER) that is configured as a generic routing encapsulation (GRE) Tunnel source may find that it is transmitting GRE packets over the tag control VC (0/32) of an ATM tag sub-interface instead of the Tag Virtual Circuit (TVC) bound to the tunnel destination. If the ATM Label-Switching Routers (LSRs) do not have a route to the tunnel destination, the GRE packets will be dropped. There is no workaround.
•
The tx-ring-limit ring-limit ATM VC configuration command does not work when it is used to configure a multichannel E3 port adapter (PA-MC-E3) for a Cisco 7200 router. There is no workaround.
•
A Cisco router may lose memory resources when lines are flapping and tag-switching ip is enabled. This condition is most severe when there are multiple adjacencies to the same peer. There is no workaround.
•
If a Traffic Engineering (TE) tunnel is configured between two Provider Edge (PE) routers and Label Distribution Protocol (LDP)/Tag Distribution Protocol (TDP) is configured in the tunnel, Virtual Private Network (VPN) connectivity through the two PE routers will not function. There is no workaround.
•
A Cisco AS5800 universal access gateway router shelf may reload if a DuoDensity Modem Module (DMM) feature board is rebooted using the hw-module {slot number | subslot subslot/subcard} reset EXEC command. There is no workaround.
•
When the Hot Standby Router Protocol (HSRP) is running on an interface, a router that is actively responding to the shared HSRP address does not put the address into the Simple Network Management Protocol (SNMP) ipAddrTable. There is no workaround.
•
Modem ISDN Channel Aggregation (MICA) technologies firmware that is bundled with Cisco IOS software on a Cisco 3600 router has to be upgraded from version 2.7.2.0 to version 2.7.3.0.
Refer to the release notes for MICA firmware 2.7.3.0 at the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_serv/5300/sw_conf/sw _ports/fwpwrn/mica/mca2730.htm
Workaround: Download the mica-modem-pw.2.7.3.0.bin portware from the MICA modem portware homepage at the following URL: http://www.cisco.com/pcgi-bin/tablebuild.pl/mica
Transfer the bin file into one of the Flash cards on the router. The Cisco IOS software will check the version of the bin file against the bundled portware and automatically choose the latest version of the portware.
•
If a Traffic Engineering (TE) tunnel is configured between two Provider Edge (PE) routers, Virtual Private Network (VPN) connectivity through the two PE routers will not function. All PE to PE traffic should be normally routed through the tunnel.
Workaround: Run Cisco IOS 12.0(17)ST3 or earlier on the PE router or remove the auto route announce statement of the tunnel interface and configure a static route through the tunnel.
•
A dial connection from a Cisco 800 router to a Cisco 3640 router may fail after a few days. A reload of the Cisco 3640 router may allow the connection to be restored temporarily, but the connection may fail again. There is no workaround.
•
When a Simple Network Management Protocol (SNMP) set shutdown command or no shutdown command is sent to the T1 or T3 controller on a Cisco AS5400 universal access server, a blank description command is added to the configuration for the controller that received the set command. The configuration for the controller does not change if the controller already has a description defined. There is no workaround.
•
When using a PA-FE-FX port adaptor on a VIP for a 7500 platform, an OIR will change the configuration of the Fast Ethernet interface(s) to "duplex auto" and "spped auto". There is no workaround
•
The current implementation of Cisco IOS software is not fully compliant with RFC 2547bis. RFC 2547bis describes the procedures that must be implemented to specific extended communities when route attributes are passed from a customer edge (CE) router to a provider edge (PE) router. This DDTS enforces those procedures. The CE router may suggest a particular route target for each route from the route targets that the PE router is authorized to attach to the route. The PE router would then attach only the suggested route target rather than the full set. This situation gives the CE administrator some dynamic control of the distribution of routes from the CE.
With the current Cisco IOS software, the PE router allows the CE router to attach route targets in an update without verifying that they are a subset of route targets to which the virtual routing and forwarding instance (VRF) attaches. This condition causes the routes to end up in a VRF instance when they are not supposed to.
Workaround: Configure the VRF route map on the PE router to overwrite the extended community attribute to avoid the leakage of routes to other VRFs.
•
A Gigabit Ethernet interface on a Cisco 7500 router may experience Inter-Processor Communication (IPC) memd buffer problems after the output becomes stuck and may display the following message:
%RSP-3-RESTART: interface GigabitEthernet0/0/0, not transmitting Output Stuck on GigabitEthernet0/0/0Workaround: Avoid using auto-negotiation.
•
Distributed Multilink PPP (DMLPPP) and Versatile Interface Processor (VIP) local switching may not work properly on a 2-port channelized T3 port adapter. There is no workaround.
•
The Multilink Point-to-Point Protocol (ML-PPP) may fail when the fragments are less than 100 bytes in size. There is no workaround.
•
A Cisco Catalyst 6000 SP (Supervisor) switch that is running Cisco IOS Release 12.1(7)E may reload with a bus error. After the SP reloads with a bus error, the Route Processor (RP) is automatically reloaded by the SP. There is no workaround.
•
A Cisco router may reload when the no tag-switching ip interface configuration command is configured on an interface that has the tag-switching ip interface configuration command enabled on its subinterfaces. There is no workaround.
•
A Cisco Catalyst 6500 switch that is running Cisco IOS Release 6.3(1) with two Supervisor Engine 2 (WS-X6K-SUP2-2GE) with a Multilayer Switch Feature Card 2 (WS-F6K-MSFC2) and that has a FlexWAN module (WS-X6182-2PA) with an enhanced ATM OC3 multimode port adapter that is running Cisco IOS Release 12.1(7a)E1 may experience a buffer leak on the MSFC2 and display the following message:
Small buffers, 104 bytes (total 36773, permanent 50, peak 88803 @ 1w5d):
25 in free list (20 min, 150 max allowed)
95159588 hits, 286991 misses, 316049 trims, 352772 created
17027 failures (0 no memory)The sscop_sendSdPdu process is not releasing the memory buffers and causes memory allocation (malloc) errors, which cause interprocess communication (IPC) issues that may subsequently cause the FlexWAN module to be disabled and the following error message to be displayed:
%SYS-2-MALLOCFAIL: Memory allocation of 276 bytes failed from 0x40210A74, pool I/O, alignment 32This condition occurs only if the Cisco Catalyst 6509 is booted up without any configuration or if the Cisco Catalyst 6509 has just been configured with a new configuration. Memory leaks do not occur if the Cisco Catalyst 6509 is booted up after the configuration is saved to NVRAM and if any subsequent configuration changes are made.
•
Systems Network Architecture (SNA) Switching Services (SNASw) physical units (PU) may be stuck in the pending Activate Physical Unit (ACTPU) state. There is no workaround.
•
A Cisco 2600 router that is running Cisco IOS Release 12.1(10) may experience problems with the Address Resolution Protocol (ARP) when Cisco Express Forwarding (CEF) is enabled.
Workaround: Disable CEF.
•
A Cisco 7200 router that is configured with a voice port adapter and with T3 or High-Speed Serial Interface (HSSI) backhaul may experience packet drops when a low latency queueing (LLQ) service policy is attached to the T3 or HSSI interface. There is no workaround.
•
When a Cisco AS5800 universal access server is configured to download non-default firmware onto Cisco Modem ISDN channel aggregation (MICA) modems after a reload, the configured firmware is not downloaded. The firmware for the MICA modem is not downloaded even though debug messages from the debug modem firmware EXEC command indicate that the firmware has been downloaded. The status of firmware download can be further verified using the show spe version EXEC command.
Workaround: To clear this condition, configure the Cisco AS5800 after it is reloaded to download the default version of the MICA modem firmware and reconfigure the access server to download the nondefault version of the MICA modem firmware.
•
A Cisco AS5800 universal access server router shelf may reload unexpectedly when system processing engines (SPEs) that are already marked as BAD are cleared using the clear spe [slot | slot/spe] EXEC command. This condition may impact the service of the router shelf. There is no workaround.
•
The Multiprotocol Label Switching (MPLS) tags that are associated with a virtual private network (VPN) (vrf x.y.z.w) and a default route (0.0.0.0) are inconsistent between the main Cisco Express Forwarding (CEF) table and the distributed CEF (dCEF) table on the outbound Versatile Interface Processor (VIP) card.
Workaround: To recover from this condition, enter the clear ip route vrf vrf-name EXEC command.
•
The command-line interface (CLI) does not prompt for the erase keyword when the copy [/erase] source-url destination-url EXEC command is entered. This behavior does not allow a file system to be erased using the copy [/erase] source-url destination-url EXEC command.
Workaround: Enter the erase filesystem: command before entering the copy EXEC command.
•
On a Cisco Catalyst 8540 MSR ATM switch router that has one CPU running Cisco IOS Release 12.1(10.5) and another CPU that is running either an earlier Cisco IOS Release 12.1 release or Cisco IOS Release 12.0, the contents of the flashcard are not listed when the dir sec-slot0: EXEC command is issued and the contents of the bootflash are not listed when the dir sec-bootflash: command is issued.
Workaround: Load the same image on both processors. Use the following upgrade procedure when you are upgrading from an earlier to Cisco IOS Release 12.1(10.5):
a.
b.
c.
d.
e.
This compatibility condition will be corrected in releases following Cisco IOS Release 12.1(10.5).
•
In rare circumstances, entering the show ip cef EXEC command may cause a Cisco router to reload if load-shared paths change while the command executes. There is no workaround.
•
A Versatile Interface Processor (VIP) may reload after a memory allocation (mALLOC) failure. A message similar to the following may be displayed:
0:04:46: %SYS-2-MALLOCFAIL: Memory allocation of 65556 bytes failed from 0x600A7F14, pool Processor, alignment 16 -Process= "CEF IPC Background", ipl= 2, pid= 8
-Traceback= 600AB18C 600AC958 600A7F1C 600A8868 602BEABC 602BF444 602BF6E4 60296B5C 6029C498 6029F674 602A7C90 602B2A74 602B0AAC
602B0D1C 602B0E94 602B15BC 00:04:46: %FIB-4-RADIXINSERT: Error trying to insert prefix entry for 162.2.2.24/32 %ALIGN-1-FATAL: Illegal access to a low address
addr=0x66, pc=0x60299DC0, ra=0x60299DB4, sp=0x60F514D8Workaround: Ensure that the VIP has sufficient memory.
TCP/IP Host-Mode Services
•
When a file transfer is initiated from a front-end processor (FEP) that is attached to a Cisco 7204 router and destined to an FEP that is attached to a Cisco 2612 router, the show tcp EXEC command does not show retransmitted packets or that the retransmission timeout timer is waking up. Several acknowledgements (ACKs) are seen when the show tcp brief [all] EXEC command is entered. In Cisco IOS Release 12.2(4.2), a large number of "fast transmitted" packets are shown on the Cisco 7204 when the show tcp EXEC command is entered. This condition occurred while Cisco IOS Release 12.0(7)T is running on both the Cisco 7204 FEP and the Cisco 2612 FEP that are connected through a Fast Ethernet (FE) connection with equal cost and the Enhanced Interior Gateway Routing Protocol (EIGRP) enabled.
Workaround: Eliminate equal cost network paths.
VINES
•
The first hop Sequenced Routing Update Protocol (SRTP) router will pass only part of a withdrawn route to its neighbor. Not all routes are withdrawn because not all the updates are received by the neighbor. There is no workaround.
Wide-Area Networking
•
On a Cisco 7200 and 3600 series router, bridging over Frame Relay on a BRI interface will fail when static mapping is configured for the permanent virtual circuit (PVC).
Workaround: Use routing instead of bridging, or use a point-to-point subinterface.
•
In Cisco IOS Release 12.1 and Release 12.1 T, when a Multilink PPP (MLP)/Multiprotocol Label Switching (MPLS) virtual routing/forwarding (VRF) instance and Cisco Express Forwarding (CEF) or a dialer interface is used with MLP, packets may be lost when a single link is contained in a MLP or dialer interface. Interleaving does not work, and most or all voice packets will be lost.
Workaround: Use a fragmentation delay of 10 ms or 20 ms on dialer interfaces that use MLP encapsulation with MPLS or with CEF or add a dialer load threshold of 1 to the dialer interface.
•
A Cisco 3640 router may run out of I/O memory when running compression over X.25. There is no workaround.
•
For undetermined reasons, a Cisco 7200 series router that is running Cisco IOS Release 12.1 and that has a PA-A3 port adapter that is running Hot Standby Router Protocol (HSRP) and LAN Emulation (LANE) resolves a remote MAC address to a network service access point (NSAP) address with the wrong selector byte through the LAN Emulation Address Resolution Protocol (LE_ARP) process. Pings fail to reach the IP address of the MAC address and DATA DIRECT virtual connections (VCs) for both the correct and the incorrect NSAP address of the same remote LAN Emulation Client (LEC) under a single LANE client on the Cisco 7200 series router.
Workaround: Enter the clear lane le-arp name elan-name command.
•
A memory corruption may occur on a Versatile Interface Processor 2 model 50 (VIP2-50) and a PA-A1-OC3 port adapter when cell mode Multiprotocol Label Switching (MPLS) is performed. This condition occurs when resources are low for the Tag Virtual Circuits (TVCs) on the interface on the VIP. There is no workaround.
•
On a Cisco AS5800 universal access server that is running Cisco IOS Release 12.1(5)XM4, all channels except the 24th channel of the primary Non-Facility Associated Signaling (NFAS) may become stuck in the "out of service" channel service state after the Cisco AS5800 access server is provisioned to use Signaling System 7 (SS7) interconnect for voice gateways services for the first time.
Workaround: Reload the Cisco AS5800 access server or enter the shutdown followed by the no shutdown interface configuration commands on the T3 controller or the individual T1 controllers.
•
On a Cisco 7500 series router that is running Cisco IOS Release 12.2, there are some problems with using distributed Cisco Express Forwarding (dCEF) when configuring an access group on a dialer interface bound to a PRI.
Workaround: Reload the router with the access group and dCEF in the configuration. The access group cannot be removed and reconfigured on the dialer interface.
•
A Cisco 3660 router that is running Cisco IOS Release 12.2(1a) may experience a memory leak with the Integrated Local Management Interface (ILMI) response. There is no workaround.
•
A Cisco 3640 router may display the following message on the console:
%SCHED-2-WATCH: Attempt to enqueue uninitialized watched queue (address 0). -Process= "IP Input", ipl= 0, pid= 14 -Traceback= 6025A7F0 6022B564 606B97C0 6022B4AC 60474608 604768E8 602CC4B4 602CA9B0 602CAAAC 602CAC20 60246F64 60246F50There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.2(3) may experience a bus error and display the following error message:
%ALIGN-1-FATAL: Illegal access to a low address, addr=0x1A8, pc=xxxxxxxx, ra=xxxxxxxx, sp=xxxxxxxxThere is no workaround.
•
The Integrated Local Management Interface (ILMI) does not come up if a virtual connection (VC) is configured while the interface is in the shutdown state. The ILMI VC fails to respond when the shutdown interface configuration command followed by the no shutdown interface configuration command is entered on the interface. An "ILMI VC not properly configured" message is displayed on the console after the debug atm ilmi interface command is entered. This condition is observed in Cisco IOS Release 12.1(11).
Workaround: Configure the ILMI VC with old mode commands when the interface is not in the shutdown state.
•
After a call is placed through a BRI interface on a Cisco 3600 router that is running Cisco IOS Release 12.1(10), 12.2(5), 12.2(5.3)T, or 12.2(4)T, no more calls can be placed until the clear interface type card/subcard/port privileged EXEC command is entered on the interface. This defect affects basic-net3 on all platforms. There is no workaround.
•
A Cisco 800 router may reload because of spurious memory access. There is no workaround.
•
When a router is configured to switch X.25 over TCP (XOT) traffic, it may not be able to include necessary flow control facility in the call confirm packet that is going to the source X.25 host. This condition occurs when the flow control facility that is specified by the source X.25 host differs from the facility required by the destination host.
Workaround: Enforce facility negotiation using the x25 routing acknowledge local global configuration command and the x25 subscribe flow-control always global configuration command.
•
A Cisco router may reload if a virtual access interface goes down while the output of the show dialer interface EXEC command is viewed. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.1(11b)
Cisco IOS Release 12.1(11b) is a rebuild of Cisco IOS Release 12.1(11). The caveats in this section are resolved in Cisco IOS Release 12.1(11b) but may be open in previous Cisco IOS Releases.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.1(11a)
Cisco IOS Release 12.1(11a) is a rebuild release for Cisco IOS Release 12.1(11). The caveats in this section are resolved in Cisco IOS Release 12.1(11a) but may be open in previous Cisco IOS releases.
•
A Cisco Versatile Interface Processor (VIP) may reload at the vip_fib_fs process when the VIP is sending traffic. There is no workaround.
•
The Integrated Local Management Interface (ILMI) does not come up if a virtual connection (VC) is configured while the interface is in the shutdown state. The ILMI VC fails to respond when the shutdown interface configuration command followed by the no shutdown interface configuration command is entered on the interface. An "ILMI VC not properly configured" message is displayed on the console after the debug atm ilmi interface command is entered. This condition is observed in Cisco IOS Release 12.1(11).
Workaround: Configure the ILMI VC with old mode commands when the interface is not in the shutdown state.
Resolved Caveats—Cisco IOS Release 12.1(11)
All the caveats listed in this section are resolved in Cisco IOS Release 12.1(11). This section describes severity 1 and 2 caveats and select severity 3 caveats.
Access Server
•
A Cisco AS5300 universal access server that is running Cisco IOS Release 12.1(9) or an earlier release may return the following error message when the show modem operational-status [slot/port] privileged EXEC command is entered:
Modem slot/port already had OOBP command under execution, please try laterThis problem affects all modems on a carrier card. There is no workaround.
Basic System Services
•
A Cisco router may reload with the following error message:
System restarted by bus error at PC 0x6095B070, address 0xEF4321CDThere is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.1(7.3)E or 12.2(1.3) may experience a reload when a vendor-specific challenge handshake authentication protocol authentication is performed through a RADIUS server when the wrong username or password is entered and when the RADIUS server returns an access-reject with at least one attribute other than the vendor-specific attribute (VSA). There is no workaround.
•
The command output of the show process cpu EXEC command indicates that the CPU on a Cisco universal broadband router is permanently set at 100 percent. This condition is observed on a Cisco uBR904 universal broadband router that is running Cisco IOS Releases 12.1(3) through 12.1(8) but does not appear to impact the performance of the router. There is no workaround.
•
A Cisco 6400 series router that is running Cisco IOS Release 12.1(4)DC2 or 12.1(5)DC1 may experience a memory leak in the PPP authentication process. The memory leak is most noticeable when the router is terminating a large number of PPP sessions and there is a high level of PPP authentication processing. There is no workaround.
•
When recEive and transMit (e&m) wink start signaling is used, Cisco IOS software implements a digit ignore timer that starts after the wink is sent. During this time, the router does not process or collect digits that are sent to it. In Cisco IOS releases before 12.1(3.1), the digit ignore timer is 20 ms in duration. This timer was increased to 220 seconds as a result of a bug fix for ignoring stray digits (CSCdr51507). This newer value proves to be too long for certain PBXs that send digits immediately upon receiving of the wink from the router. There is no workaround.
•
A Cisco 7200 router with FastEthernet ports that are implemented using a vendor-specific ethernet controller (seen through show controller) and configured for Ethernet trunking may fail to forward received frames that have a destination MAC address from the router. In most network topologies, this condition will have little effect other than a slightly increased traffic load. However, in some specific topologies with multiple routers suffering this problem, a feedback loop can be created that will cause high traffic loads and extreme levels of router CPU utilization. The problem has only been seen in Cisco IOS Release 12.2.
Workaround: Use Ethernet interfaces that are based on a different ethernet controller, or disable trunking.
DECnet
•
A Cisco 7200 series router that is running Cisco IOS Release 12.2(1a) may reload with a bus error exception when sending DECnet pings.
Workaround: Disable the clns send-rdpdu interface command on the interface that is reloading when a ping is sent using the no clns send-rdpdu command.
IBM Connectivity
•
A Cisco router that has the data-link switching plus (DLSw+) Ethernet redundancy feature configured may reload if the Ethernet redundancy commands are removed from an Ethernet interface during normal operation using the no dlsw local-peer global configuration command. This situation occurs only when there are multiple circuits that are between the same pair of MAC addresses but that are up and running on different service access points (SAPs).
Workaround: Enter the dlsw disable global configuration command before making any DLSw configuration changes on the Ethernet interface, such as removing the DLSw local peer. Bring down the DLSw circuits before changing the configuration. Shut down the local interface over which your DLSw circuits are running and wait for the circuits to go down before changing the configuration.
•
A data-link switching-Ethernet Redundancy (DLSw-ER) circuit may remain in the COLLECTING state when the circuit is displayed using the show dlsw transparent cache EXEC command. The DLSw circuit may also fail to be established. The DLSw reachability may be correct, but the exchange identification is not forwarded.
Workaround: Reload both of the DLSw-ER routers.
•
Beginning with Cisco IOS Release 12.1(10.1), data-link switching plus (DLSw+) Ethernet Redundancy functionality is unstable, causing possible router reloads, spurious memory accesses, and incorrect cache information.
Workaround: Use transparent bridging, rather than Ethernet Redundancy, to connect Ethernet LANs to DLSw+ without redundancy.
Interfaces and Bridging
•
ATM subinterfaces may appear as INACTIVE when you use the show atm vc privileged EXEC command. This symptom occurs when you add new subinterfaces to the router. Using the shut and the no shut commands on the subinterface do not correct the problem.
Workaround: Use the shut command followed by the no shut command on the main interface in order to bring the state to ACTIVE.
•
When distributed switching to or from a Token Ring interface, distributed Cisco Express Forwarding (dCEF) may drop packets instead of punting them.
Workaround: Disable dCEF switching on Token Ring interfaces.
•
On a Cisco 2600 series router, bridge protocol data units (BPDUs) of the spanning tree are not passed over an ISDN line. There is no workaround.
•
A Cisco 7200 router that is running Cisco IOS Release 12.1(6)E may experience memory allocation errors. The output of the show buffers EXEC command shows a value for Normal buffers that is higher than normal.
Normal buffers, 512 bytes (total 51788, permanent 2048): 2 in free list (1024 min, 4096 max allowed) 486895337 hits, 6751474 misses, 220923 trims, 270663 created 48760 failures (0 no memory)There is no workaround.
IP Routing Protocols
•
Static outside Network Address Translation (NAT) may not work with Cisco Express Forwarding (CEF) if CEF was active before NAT. There is no workaround.
•
Network Address Translation (NAT) may fail to forward "ICMP Unreachable-fragmentation required" packets (ICMP type 3 code 4) when the packets are sent from the inside to the outside and when NAT is configured with overload Port Address Translation (PAT). There is no workaround.
•
A Cisco 7500 router that is running Cisco IOS Release 12.1(8) may experience some packet loss between hosts after Cisco Express Forwarding (CEF) is enabled. There is no workaround.
•
A Cisco Router may experience a Border Gateway Protocol (BGP) filter list that may fail to deny all the prefixes that are received from a peer that has a matching as-path attribute on the regular expression. This condition only occurs only when as-path filter lists and route-maps are used for inbound filtering for the same BGP peer.
Workaround: Do not configure an as-path access list to be applied to the BGP neighbor using the neighbor {ip-address | peer-group-name} filter-list access-list-number {in | out} command.
•
Multicast Border Gateway Protocol (MBGP) prefixes may show up on the IP routing table. There is no workaround.
•
When a Cisco router receives AS-PATH attributes with confederation information from an external Border Gateway Protocol (eBGP) neighbor that is not a Cisco router, the BGP update is processed and propagated without resetting the BGP peer.
Workaround: Configure an AS-PATH filter "(*)" with the eBGP neighbor.
•
Enhanced Interior Gateway Routing Protocol (EIGRP) routes cannot be seen even when message digest algorithm 5 (MD5) is authenticated on all routers. This problem is intermittent and may occur when authentication is turned off and subsequently turned back on again. Sometimes, this problem occurs just after authentication is enabled.
Workaround: This problem is intermittent and may be resolved by disabling and reenabling authentication a second time. This problem may automatically be resolved after a few minutes.
•
Under rare conditions, routers running the Enhanced Interior Gateway Routing Protocol (EIGRP) may point to each other for certain IP prefixes, causing a routing loop. This behavior was caused by the fix for CSCdr91621. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.2 may reload when it attempts to generate an Open Shortest Path First (OSPF) summary or external link-state advertisements (LSAs) under depleted memory conditions. There is no workaround.
Miscellaneous
•
When the maximum transmission unit (MTU) size on an asynchronous interface is changed, large packets do not get forwarded even though they are correctly negotiated by PPP.
Workaround: Enter the shut command followed by the no shut command on the interface or enter the clear interface EXEC command to force the interface to recognize the new MTU setting.
•
When an operation, administration, and maintenance (OAM) F5 end to end cell is received over permanent virtual circuit (PVC) configured for data (normal operation), the Segmentation and Reassembly (SAR) component returns the same buffer descriptor twice; one on OAM status queue, the other on the data status queue of the corresponding PVC. Early packet discard (EPD) and UNDF are reported for such descriptors. There is no workaround.
•
The call active,history, and h323 commands stop the accounting record of a terminating gateway, showing the remote IP address as 255.255.255.255. Because the H323 accounting records have an erroneous remote IP address, if the accounting is done on the basis of remote address, you may face problems in RADIUS accounting. There is no workaround.
•
If two routers are linked by multiple links and if you use the no tag-switching ip interface configuration command on some of the interfaces, while the tag-switching ip interface configuration command is still configured on the other links, then tagged packets continue to be forwarded through the untagged interfaces.
Workaround: Enter the no tag-switching ip interface configuration command followed by the tag-switching ip interface configuration command on all the interfaces.
•
A Translational Lookaside Buffer (TLB) store exception may be triggered if the dir disk number EXEC command, where number is the number of the PCMCIA slot, is entered at the ROMMON prompt while there is an ATA disk in that PCMCIA slot of a High End System (HES). There is no workaround.
•
A Cisco 7500 series router that is equipped with Versatile Interface Processor (VIP) modules capable of distributed switching and configured with label-controlled ATM interfaces in multi-virtual circuit mode stops forwarding traffic to the multi-VC destinations after toggling distributed Cisco Express Forwarding (dCEF) off and on with the no ip cef global configuration command followed by the ip cef distributed global configuration command.
Workaround: Use CEF instead of dCEF.
Alternate workaround: Clear the IP routing table using the clear ip route EXEC command.
•
During large topology changes, an ATM interface that has tag switching enabled may enter and remain in the "not TDP ready" state. This condition can be verified by issuing the show tag tdp discovery EXEC command. Tag switching is consequently inactive on the interface that has tag switching enabled. Wait for at least a minute for the Tag Distribution Protocol (TDP) to clean up active tag virtual circuits (TVCs) on the ATM switch. If the output from the show atm interface EXEC command indicates that there are existing TVCs, TDP will not become active. There is no workaround.
•
On a Cisco 7513 router that has a Route Switch Processor 4 (RSP4) that is configured with 128 MB DRAM and that is carrying 110,000 routes, entering the clear cef linecard EXEC command may cause all available memory to be consumed.
Workaround: Enter the clear ip bgp {*} EXEC command before entering the clear ip cef linecard EXEC command.
•
A Cisco 7200 series router that is using any DS3 port adapter (PA) may experience line flaps at high rates of traffic and display the following message:
MUESLIX-1-HALT: Mx serial: Serial6/0 TPU halted: cause 0x3 status 0x00371A00There is no workaround.
•
A Cisco 7200 Internet Router that is running Cisco IOS Release 12.1 with a multichannel DS1/PRI port adapter (PA-MC-4T1) may experience calls that pause indefinitely. The calls that are dropped will not get reestablished. There is no workaround.
•
A Cisco 1700 router that has a Virtual Private Networks (VPN) module, a Fast Ethernet interface, or a 10BaseT Ethernet interface may reload or pause indefinitely if outbound traffic flow is greater than 524 packets per second (pps) and the packet size is larger than 1460 bytes.
Workaround: If the rate of encrypted outbound traffic is expected to reach 6 Mbps on the Fast Ethernet or 10BaseT Ethernet interface, disable the VPN module (switch to software encryption). That will reduce the encryption throughput and avoid reloading of the router.
•
A Cisco 3600 series router that is running Cisco IOS Release 12.1 T and 12.2 T may experience an Internetwork Packet Exchange (IPX) ping failure for both Generator and Reflector with the Routing Information Field (RIF) not updated in the IPX network.
Workaround: Send the IPX packet to the unit under test (UUT) to update RIF and ping.
•
When an FTP client PC receives a file from an FTP Server, a Cisco 3640 router with a compression network module (NM-COMPR) (HW revision 2.0) and an 4-port ISDN BRI network module (NM-4B-S/T) pauses indefinitely. Other modules (for example, a 1-Port ISDN-BRI WAN interface card [WIC 1B S/T]) work correctly. Software Compress also works correctly.
Workaround: Use a Cisco IOS release prior to Cisco IOS Release 12.1(4).
•
A Cisco 7500 series router may stop receiving packets on certain interfaces when you reload a Cisco 6500 series switch that is connected through a port channel. This situation does not occur if you remove the port channel.
Workaround: Run normal IP between the Cisco 7500 series router and the Cisco 6500 series switch without the port channel configuration.
•
A Cisco AS5800 universal access server that is running Cisco IOS Release 12.1(7) may experience an I/O memory leak and error trace on the trunk card of ISDN E1 trunks. The memory leak and error trace appears after approximately a week of use. This problem affects only the ISDN trunk card. The E1 R2 trunk card is not affected. There is no workaround.
•
A Cisco 7500 series router that is running Cisco IOS Release 12.0(16)S with distributed Multilink PPP (MLPPP) enabled may experience bounced traffic if the amount of traffic that is sent through the multilink interface is double the capacity of the interface. There is no workaround.
•
A 7500 router with PA-MC-T1/E1 port adapter with 128 channel-groups configured may experience repeated cbus-complex restarts when an online insertion and removal (OIR) is performed. There is no workaround.
•
During production, a ring number and a VLAN mismatch may occur. A ring that does not exist in a network or has been previously configured under a different VLAN may appear under a given VLAN.
In the following command output from the show source EXEC command, ring number 525 appears to be configured under VLAN 207 even when ring 525 has been previously configured to be under another VLAN:
bn: 15 rn: 525 local ma: 0000.0000.0000 Vlan207 fwd: 0In the following command output, ring number 4095 appears to be associated with VLAN 109 even when ring number 4095 has not been previously configured.
bn: 15 rn: 4095 local ma: 0000.0000.0000 Vlan109 fwd: 0Workaround: Remove and reconfigure the VLAN configuration.
•
When source-route bridging (SRB) is configured for Systems Network Architecture (SNA) traffic while integrated routing and bridging (IRB) is enabled on a Token Ring interface on a Cisco 2600 router, the router may experience problems sending IP traffic to the Token Ring interface.
Workaround: Use a Cisco IOS release that precedes release 12.0(15).
•
A Cisco AS5800 universal access server that is functioning as a Voice over IP (VoIP) gateway may reload with the following error message:
show log found some error msg of vfc 4 6d00h: %KINEPAK-3-NOMAILELEMENTS: Cannot create message bufferThere is no workaround.
•
When the compress-config service is enabled on a router while there is a configuration file that is greater than the size of the NVRAM, the following error message is displayed when the copy rcp://username@servername/config.name startup-config command is entered:
Accessing rcp://username@servername/config.name...! %Error copying rcp://username@servername/config.name (Not enough space on device)There is no workaround.
•
Hyper Text Transfer Protocol (HTTP) over Secure Socket Layer (HTTPS) on port 443 is not timing out of the command output of the show ip inspect sessions detail EXEC command after the FINs are exchanged. There is no workaround.
•
When the Operation, Administration, and Maintenance (OAM) functionality is used on ATM PVCs, a router may experience spurious memory access. There is no workaround.
•
A Cisco 3660 router that is running Cisco IOS Release 12.2(0.5g) or 12.2(1) with a NM-1HSSI module may experience very intermittent bursts of carrier transitions that may bring down the line protocol.
Workaround: Reload the router.
•
A Systems Network Architecture (SNA) switch may fail to release the buffers when memory is low. There is no workaround.
•
The insertion of a large number of Border Gateway Protocol (BGP) routes may cause memory to become fragmented and result in distributed Cisco Express Forwarding (dCEF) becoming disabled because of a low memory condition. There is no workaround.
•
The ATM Permanent Virtual Circuit (PVC) Inverse Address Resolution Protocol (Inverse ARP) may not work as expected. Inverse ARP requests are not replied when the interface is a point-to-point connection.
Workaround: Use a point-to-multipoint connection if ATM Inverse ARP is used, or use the protocol statement under the PVC configuration mode.
•
The switching path changes from distributed Cisco Express Forwarding (dCEF) to Cisco Express Forwarding (CEF) after 40 online insertion and removal (OIR) events. This condition affects quality of services (QoS) functionality and the performance of the router, which requires a dCEF path. There is no workaround.
•
On a Cisco 7500 series router that is running Cisco IOS Release 12.0(13)S2 with no service single-slot-reload-enable configured and distributed Cisco Express Forwarding (dCEF) enabled, the online insertion and removal (OIR) of a Versatile Interface Processor (VIP) can cause the Multilink interfaces in other slots to go down, and the following error appears on the console:
%OIR-6-REMCARD: Card removed from slot 4, interfaces disabled
%RSP-3-NOIDB: bad vc 3 on E1 9/1/0
%RSP-3-NOIDB: bad vc 3 on E1 9/1/1
%RSP-3-NOIDB: bad vc 3 on E1 9/1/2
%RSP-3-NOIDB: bad vc 3 on E1 9/1/3After the message, the Multilink interface will go down together with the physical interfaces it is using, and the following messages are displayed:
%LINK-3-UPDOWN: Interface Multilink4, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial9/1/0:0, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial9/1/1:0, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial9/1/2:0, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial9/1/3:0, changed state to downAfter these messages, the router usually recovers, and all interfaces go up again. This situation does not occur when CEF is running instead of dCEF.
Workaround: Disable the keepalives on the member interfaces of the Multilink interface.
•
When large frames are sent to a Ethernet, Fast Ethernet, or Gigabit Ethernet interface that uses the i82543 MAC chip, the chip may continue to write descriptors back past the end of the descriptor ring, possibly causing a memory corruption. There is no workaround.
•
A Cisco 7100 router that is running Cisco IOS Release 12.2(2.3) may fail after a tunnel that is configured as a crypto interface is removed from a serial interface. There is no workaround.
•
A Cisco 7400 series router with Inter-Switch Link (ISL) packets may not have those packets recognized by Cisco Express Forwarding (CEF) switching. This only occurs on PA-2FE, PA-GE, and Cisco 7400 GE and FE ports.
Workaround: Use any port adaptor other than PA-2FE, PA-GE, or Cisco 7400 GE and FE port adaptors.
•
After a router is upgraded to Cisco IOS Release 12.1(9), the router log may begin to fill with the following message when production traffic is started:
%SYS-2-GETBUF: Bad getbuffer, bytes= 61554 -Process= "SNA Switch", ipl= 0, pid=84 -Traceback= 6049E0F8 61055964 610527D8 61051384 60F485E8 60F47A64 60F48250 60F4DE98 61059020 61058DAC 61058E28 60F34E38 604D3E74 604D3E60There is no workaround.
•
The Layer 2 (L2) status may suddenly change to TEL_ASSIGNED on a multichannel DS1/PRI port adapter (PA-MC-4T1). This condition cannot be corrected by entering the shut command followed by the no shut command.
Workaround: Reload the router.
•
A Gigabit Ethernet Port Adaptor (PA-GE) inserted into a Cisco 7206VXR chassis that is running Cisco IOS Release 12.0(17)ST may stop forwarding traffic after logging the receipt of giant frames/packets. The interface may lock up and keep incrementing the overrun counter in the output of the show interface gigabit command.
Workaround: Enter the shut command followed by the no shut command on the interface.
•
%SYS-3-CPUHOG error messages may be displayed when the Director Response Protocol (DRP) client process is used. There is no workaround.
•
A Cisco 2600 router that is running Cisco IOS Release 12.1(5)T9 may reload with a stack trace that points to the authorization proxy.
Workaround: Disable the authorization proxy feature if possible.
•
A Cisco 7206VXR router with a Network Process Engine (NPE-400) and a Gigabit Ethernet port adapter that is running Cisco IOS Release 12.0(17)S may reload with a bus error at an invalid address after receiving ALIGN-3-TRACE and FX1000-3-TOOBIG messages. There is no workaround.
•
Packets that should be permitted by an access list are dropped when IP reverse path forwarding (RPF) is used with an access list. This condition occurs when the ip verify unicast reverse-path access-list interface configuration command is used with an access list that has the "log" or "log-input" option configured. There is no workaround.
•
If flow control is set during a V.120 PPP session, data transfer fails to continue even when flow control is released. This condition persists until timer t203 expires and causes a low throughput rate to a user session, and affects all Cisco IOS software products that support ISDN or V.120. There is no workaround.
•
A Cisco router may not be able to ping between directly connected Cisco Resource Pool Manager Servers (Cisco RPMS) and there are no entries in the ATM mapping table. One Route Processor Module (RPM) uses the main interface of the second subinterface.
Workaround: Use the subinterface or configure static map manually.
•
A Cisco 7513 router with a Versatile Interface Processor 2 (VIP2) may reload after cryptography is applied between the Cisco 7513 router and the Cisco 2500 router. The following messages are displayed:
–
–
–
–
There is no workaround.
•
On a Cisco router that is running Cisco IOS Release 12.2(3.02)T for which a running configuration is saved, unnecessary exclamation point (!!!) characters may appear in the configuration output. There is no workaround.
•
Cisco Express Forwarding (CEF) table may not update properly when the IP address of an interface changes. The new IP address is added to the CEF table, but the old one is not removed. When subinterfaces are used, the old IP addresses will remain in the CEF table even after the subinterfaces are removed.
Workaround: Enter the shut command on the subinterface before changing the address to delete the address correctly from the CEF tables.
•
A Cisco 7200VXR router with either a Network Services Engine (NSE-1) or a Network Process Engine (NPE-400) may experience processor memory parity errors (PMPEs) when the show tech-support EXEC command or the show pci controller EXEC command is entered.
Workaround: Avoid using the show tech-support EXEC command or the show pci controller EXEC command.
•
A router that is configured with TAG-ATM and TAG-non-ATM interfaces may experience an inconsistent local tag in the tailend virtual connection (VC) and the forwarding table and packets that are forwarded to the wrong place when flapping is performed on a global level using the tag-switching ip global configuration command.
Workaround: Enter the no tag-switching ip global configuration command, wait for about 3 minutes to allow the tailend VC to be torn down, and then enter the tag-switching ip global configuration command.
•
A Cisco IOS Mobile IP Home Agent that is running Cisco IOS Release 12.1(9.2) may reload when buffered packets are freed in the Mobile IP standby code path. This code path is used when the primary Home Agent (HA) does not receive binding update acknowledgements from the standby HA.
If a binding update is sent to the standby router, and if an acknowledgement is not received, the binding update is queued for retransmission. If the primary HA has not received an acknowledgement after three retransmissions, there will be one last attempt before the buffer is cleared. A reload may occur if this sequence of events occurs repeatedly over a short period of time.
The loss of communication with the standby HA or sustained high CPU utilization on the standby HA can cause this condition to occur. A high CPU utilization condition can trigger this situation by affecting the Binding Update Acknowledgements. The acknowledgements are delayed because the CPU is too busy to dedicate time to send them. Many factors can affect a router CPU and result in a sustained high CPU condition. While this condition may not be favorable under certain circumstances, high CPU utilization can be a normal and acceptable condition.
Workaround: A patch can be applied to prevent the buffer from being released twice. The patch will be available first in the Cisco IOS Release 12.1(10.1) interim release. This fix will be integrated into the Cisco IOS Release 12.1(11) maintenance release.
•
A Cisco 7500 series router that is hosting an ATM-PA-A1 port adapter in a Versatile Interface Processor (VIP) may begin losing its rx-side buffers when a high volume of traffic is sent through the router. The high volume of traffic may also result in an increasing "rx-freeze" counter in the command log of the show controller vip slot tech-support EXEC command. There is no workaround.
•
Incoming tagged packets that are Inter-Switch Link (ISL) encapsulated on a Cisco 7200 router that go out tagged on a subinterface that is running ISL are dropped at the next hop because of cyclic redundancy check (CRC) errors. There is no workaround.
•
A Cisco 7200 running Cisco IOS Release 12.1(9) may experience a flapping line protocol on a full-duplex Fast Ethernet interface when HSRP is configured with non-default and the ethernet cable is removed.
Workaround: Add the keepalive 3 command on the affected interface, use the burnt-in address, or ensure the hello and hold times are at least 3 and 10 seconds respectively.
•
The buffers of the Encryption Service Adapters (ESAs) may run out and no new connections can be established after Cisco Encryption Technology (CET) is used for an extended period of time. An indication that this condition is occurring is the appearance of the "epa_get_blk_buffer FAILED" message. The following output from the show crypto engine connection active privileged EXEC command is an additional indication that this condition is occurring:
ID Interface IP-Address State ALG Encrypt Decrypt 150 <none> <none> alloc 0 0Workaround: Disable the ESAs and use the software crypto engine.
•
Only the old method of permanent virtual connection (PVC) configuration is available with half-bridging. The router may fail to detect the loss of a PVC with Operation, Administration, and Maintenance (OAM) loopback cells, resulting in the ATM subinterface remaining up after the PVC is down. The PVC and the ATM subinterface must also be brought down when OAM is interrupted. This condition occurs when half-bridging is used with a Cisco 7500 or a Cisco 12000 Internet router. There is no workaround.
•
A Systems Network Architecture switch (SNASwitch) may issue getbuffers for a buffer size that is larger than the one that exists on the router. This condition causes a traceback and a negative sense code to be sent to the remote station. There is no workaround.
•
A foreign agent router may reload after the show ip mobile visitor [ address] EXEC command is entered if the address argument is not a designated visiting node on the router.
Workaround: Enter the show ip mobile visitor EXEC command without the address argument on the foreign agent router. This command entry may cause a substantially long list of mobile node visitors to be displayed.
•
The BackPlane Ethernet input queue may become partially or completely filled with interprocess communications (IPC) system messages that are not in the queue in a redundant configuration that is running Cisco IOS Release 12.1(5)DC. All incoming packet traffic and IPC messages are dropped if the Remote File System (RFS) encounters an error.
Workaround: Disable the disk-mirror or enhanced high system availability (EHSA) keepalives in the redundancy or main CPU configuration submode.
•
A Cisco router that is running Cisco IOS Release 12.2(3.5) may experience a software-forced reload at ip_arp_refresh_adj after the no shut command is entered on a multipoint subinterface in LAN Emulation (LANE) testing. There is no workaround.
•
In a two router shelf redundancy environment, the OLD-CISCO-CHASSIS-MIB.cardSerial MIB object is reporting an incorrect value of 0. There is no workaround.
•
A Cisco 7500 series router that has two different types of port adapters on the same Versatile Interface Processor (VIP) (such as Channelized Tunnel 3 or potent-based interface port adapters) may reload when both of the port adapters are using the Direct Multilink Point-to-Point Protocol (DMLP).
Workaround: Disable distributed Cisco Express Forwarding (dCEF) on either of the two bundles.
•
A Cisco Catalyst 5500 switch that is using an OC-3 ATM LAN Emulation (LANE) module (WS-X5158) and that is running Cisco IOS Release 12.0(16)W5(21) does not allow the default rate queue to be configured if both of the special rate queues have already been configured.
The following error message is displayed when an attempt is made to add additional permanent virtual connections (PVCs):
Not creating vc:xx interface: ATM0 is out of rate queues.There is no workaround.
•
A router that is running Cisco IOS Release 12.1(10.2) and that has a Local Area Network Controller Ethernet (LANCE) installed in slot 1 or slot 2 may reload when the router is booted up.
Workaround: Place the Ethernet controller in slot 0 instead.
•
This caveat entry is related to CSCdu00328, which is a fix that has caused linker errors in some low- end system (LES) platforms. This caveat backs out some of the changes that were added as part of the fix implemented by CSCdu00328 for platform compatibility. The same change was implemented using a registry call in CSCdv17494.
•
This caveat entry is related to CSCdu00328, which implemented a fix, part of which has caused linker errors in some low end system (LES) platforms. This caveat imposes similar changes that are implemented by CSCdu00328 and backed out by CSCdv16112 via a registry call for platform compatibility.
•
A Cisco AS5800 universal access server that is running Cisco IOS Release 12.1(9) with live traffic may experience a buffer (processor memory) leak. The following messages are displayed when this condition occurs:
MET-DST: %SYS-2-MALLOCFAIL: Memory allocation of 6000 bytes failed from 0x6046C234, pool Processor, alignment 0
MET-DST: %SYS-2-MALLOCFAIL: Memory allocation of 568 bytes failed from 0x60404F00, pool Processor, alignment 0
MET-DST: %SYS-2-MALLOCFAIL: Memory allocation of 568 bytes failed from 0x60404F00, pool Processor, alignment 0There is no workaround.
•
When the Intermediate System-to-Intermediate System (IS-IS) routing protocol is used on Cisco 7500 series routers with Ethernet, Fast Ethernet or Gigabit Ethernet, IS-IS adjacency will time out on routers that are running Cisco IOS Releases 12.0(18.3)S, 12.1(9.2), 12.2(2.5), or 12.2(3.3)S.
Workaround: Upgrade to Cisco IOS Release 12.0(19.1)S, 12.0(19.1)ST, 12.1(10.4), 12.2(5.2)T, 12.2(5.3)S, or 12.2(5.2)PI to solve the problem.
•
A partitioned device on a Cisco router that is running Cisco IOS Release 12.2(5) may not be recognized after a partition operation. There is no workaround.
•
A small memory leak of 144 to 288 bytes may occur each time a Hot Standby Router Protocol (HSRP) group becomes active.
Workaround: Configure the standby use-bia interface configuration command.
•
The Hot Standby Router Protocol (HSRP) virtual IP address on a Token Ring interface on a Cisco Catalyst 5000 Route Switch Module (RSM) cannot be pinged. The RSM also fails to respond to Address Resolution Protocol (ARP) requests for the active virtual IP address. This condition is observed on Cisco IOS Release 12.1(5.1) and later releases.
Workaround: Configure the standby use-bia interface configuration command.
TCP/IP Host-Mode Services
•
A Cisco AS5300 access server that is running Cisco IOS Release 11.3T or 11.3(10.06)AA may experience a software-forced reload with an error at PC 0x60201340. There is no workaround.
•
TCP applications such as Data Link Switching Plus (DLSw+) may experience performance problems due to continuous TCP retransmission caused by round-trip timeout. The round-trip timeout value is not adjusted effectively when the retransmissions happens. There is no workaround.
Wide-Area Networking
•
This caveat has been filed to provide ATM signaling control plane failure detection through signaling diagnostic MIB objects which the Network Management Station can monitor and correct in erroneous situations. This is a rare condition that occurs intermittently with the Cisco LS1010 ATM switch after calls that have been connected for an extended period of time are torn down.
Workaround: Reload the switch.
•
On a Cisco LS1010 or 8500 series ATM switch, when you use the show atm interface [traffic] EXEC command on an ATM subinterface, the total number of cells that has passed is shown as zero (transmit as well as receive). The traffic rate on the subinterface is shown incorrectly.
Workaround: Use the Cisco IOS release that contains the fix for this caveat.
•
A router may reload when it tries to bring up the dialer to make a X.25 pad call on the dialer interface. There is no workaround.
•
Backup delay may fail to work when the functionality is configured on a subinterface. There is no workaround.
•
After the introduction of CSCds32293 (integrated into Cisco IOS Release 12.1(5.3)T and 12.1(5.1)), virtual profiles identify interesting traffic using the dialer group inherited from the physical interface or legacy dialer interface. If no dialer group is defined on the physical or legacy dialer interface, no traffic is deemed interesting and the connection is dropped after the idle timeout (also inherited from the physical or dialer interface).
Workaround: Add the dialer group to the parent interface so that interesting traffic is defined. This workaround will not work if dialer and virtual profiles are used on the same physical interface because the dialer-group interface configuration command and the dialer pool-member interface configuration command are mutually exclusive. If your setup involves the same dialer and virtual profiles on the same interface, use the alternate workaround instead.
Alternate Workaround: Add a ppp-timeout retry seconds interface configuration command to the cloned virtual template for the virtual profile because the PPP timeout supersedes the default idle timeout.
•
The PPP callback client may make redundant outgoing calls. This is an incorrect callback client behavior when PPP multilink is not configured. There is no workaround.
•
Callback is done for only the first link in the Multilink bundle when PPP callback is performed and when authentication, authorization, and accounting (AAA) provides the callback dial string in a PPP multilink setup. Additional links may fail to trigger callbacks. There is no workaround.
•
After a Cisco 7513 router has been upgraded from Cisco IOS Release 11.1(30)CC to Cisco IOS Release 12.0(16)S1, dialup may stop functioning. This situation has been observed with two Cisco 7513 routers that have dialup accomplished through the pri-group controller configuration command on a PA-MC-E3 port adapter. In this situation, there were no changes to the configuration, and all dial-in and dial-out attempts fail with error messages during the call setup. This situation has not been observed on other software or hardware combinations. There is no workaround.
•
A Cisco AS5300 universal access server that is running Cisco IOS Release 12.1(5)T8 may reload when the Layer 2 Tunneling Protocol (L2TP) is enabled. The occurrence of this condition can be minimized by reducing the response time of the Authentication, Authorization, and Accounting (AAA) server. There is no workaround.
•
When using virtual profiles with customer profile templates in which the template is configured to use a non-default method for PPP authorization, that method of authorization will not be used for initial Internet Protocol Control Protocol (IPCP) negotiation. This condition may cause problems with negotiation for certain PPP clients.
Workaround: Define a default authorization method that uses the same method as the one defined in the method list.
•
A Cisco 7500 router with a route switch processor (RSP) that is running Cisco IOS Release 12.1(8) may experience a reload. This condition occurs if all line cards are reset when an ISDN backup call is received from a remote device.The ISDN packets originating from the remote device are corrupted. The router cannot compensate for the corrupt incoming packets on the B-channel serial interface of the router, and a reload occurs with the following messages:
%LINEPROTO-5-UPDOWN: Line protocol on Interface = > Serial6/0/0:24, changed state to up %ISDN-6-CONNECT: Interface Serial6/0/0:24 is now = > connected to 4036090885 CIHAM_CN4 %CBUS-4-FIXBADTXVC: Detected and fixed bad tx vc = > encap on Serial6/0/0:24, bad vc 65283, fixed vc 24 > -Traceback=3D 60394380 6065A8C8 6065B334 601F2558 601F60DC 6037F864 = > 60382E04 60343968 %RSP-3-BADBUFHDR: freeing MEMD pak, address 0 > -Traceback=3D 60376948 603807AC 602E7700 60375140 60394808 6065A8C8then
%RSP-2-QAERROR: reused or zero link error, write = > at addr 0180 (QA) > log 22018040, data EE100000 00000000 %QA-3-DIAG: Failed to enqueue buffer header = > 0xEE10 %QA-3-DIAG: Approximate stack backtrace prior to = > interrupt: %QA-3-DIAG:=20 > -Traceback=3D 60381C38 60343968 %QA-3-DIAG: Buffer 0xEE10 is element 1 on queue = > 0x21There is no workaround.
•
A Cisco router that is handling a high always-on dynamic ISDN (AODI) load may reload. There is no workaround.
•
A Cisco 7200 series router that is running Cisco IOS Release 12.1(7) may reload with a bus error with the following message:
System was restarted by bus error at PC 0x61361040, address 0x1EThe following stack trace is also observed:
Stack trace from system failure: FP: 0x6242B888, RA: 0x61361040 FP: 0x6242B8B0, RA: 0x6057B4EC FP: 0x6242B8D0, RA: 0x6057B9F0 FP: 0x6242B908, RA: 0x6057BB04 FP: 0x6242B930, RA: 0x604CE7B4 FP: 0x6242B948, RA: 0x604CE7A0
fr_frag_fair_dequeue traffic_shape_restart traffic_shape_process r4k_process_dispatch r4k_process_dispatchThis condition occurs only when Compressed Real-Time Transport Protocol (CRTP) is used in conjunction with process-switching. There is no workaround.
•
If a PPP Multilink bundle interface goes down while data is flowing through it, the router may reload. There is no workaround.
•
The router may reload when the PPP Multilink protocol is used with Cisco Express Forwarding (CEF).
Workaround: Disable CEF.
•
A router may reload after an ISDN connection is established. There is no workaround.
•
When running Protocol Translation from X.25 to PPP, TCP, or LAT the wrong hostname will appear in the output of show x25 vc EXEC command and the output of debug aaa accounting privileged EXEC command. Problem was introduced in Cisco IOS Release 12.1(5.6) and 12.2(0.1). There is no workaround.
•
A router may reload when it is performing heavy IP Control Protocol (IPCP) address negotiations such as those that occur when an ATM or Frame Relay interface with several links is brought up. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.1(10a)
Cisco IOS Release 12.1(10a) is a rebuild of Cisco IOS Release 12.1(10). The caveats in this section are resolved in Cisco IOS Release 12.1(10a) but may be open in previous Cisco IOS Releases.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.1(10)
All the caveats listed in this section are resolved in Cisco IOS Release 12.1(10). This section describes severity 1 and 2 caveats and select severity 3 caveats.
Basic System Services
•
A Cisco 1401 router that is running Cisco IOS Release 12.2(0.14)T may experience a memory leak that is associated with the Simple Network Management Protocol (SNMP) ConfCopyPro process. There is no workaround.
•
Certain router platforms may reload after the show tcp status EXEC command is issued. There is no workaround.
EXEC and Configuration Parser
•
A Cisco 3640 router that is running Cisco IOS Release 12.1 that is configured with the autoselect {ppp} line configuration command may experience a TTY line lock-up and excessive CPU usage when an EXEC-based PPP session pauses indefinitely after a modem connection is dropped on a random tty line.
Workaround: Clear the line manually using the clear line line-number privileged EXEC command.
IBM Connectivity
•
An information frame (Iframe) is seen on the Wide-area networking (WAN) trace but not the Channel Interface Processor (CIP) trace. This occurs when there is a single Logical unit (LU) on a physical unit (PU). The frame will pause indefinitely at llc txQ. There is no workaround.
•
A Cisco 7206 router that is running Cisco IOS Release 12.0(15) may reload because of a bus error exception at PC 0xD0D0D7D because of a data-link switching Plus (DLSw+) installation that is using Qualified Logical Link Control (QLLC) as a Data Link Control (DLC). There is no workaround.
•
On a Cisco 7200 series router, if incoming packets over a FDDI interface include a Routing Information Field (RIF), fast switching causes switched packets to be corrupted.
Workaround: Disable fast switching by entering the no ip route-cache interface configuration command.
•
A Cisco 2600 series router that is running Cisco IOS Release 12.1(5)T may experience a buffer leak if a LAN Network Manager is configured.
Workaround: Disable the LAN Network Manager.
•
A Cisco router that is running Data-Link Switching (DLSw) Ethernet Redundancy may reload when two redundant domains are merged. There is no workaround.
•
A Cisco router that is configured for Data-Link Switching (DLSw) Ethernet Redundancy support may reload if connection to an upstream device is lost. Examples of an upstream device would include a router implementing SNA Switching Services (SNASw), or a router with a connection to a mainframe via a Channel Interface Processor (CIP) or a Channel Port Adaptor (CPA).
Workaround: Use transparent bridging instead of Ethernet Redundancy to allow Ethernet-attached end stations to access DLSw+.
•
A vendor-specific controller may not be connected to a Systems Network Architecture (SNA) switch. This condition occurs because the vendor-specific controller sends an IEEE exchange information ID (XID) to sap 0x00 as explorer frames (in place of test polls). When SNA Switching Services (SNASw) is configured on a physical Token Ring interface or a virtual Token Ring interface, there is no response to the IEEE XID. There is no workaround.
Interfaces and Bridging
•
A Cisco router that is running Cisco IOS Release 12.1(5.6)E with a 10Base Ethernet Port Adapter (PA-8E) may experience some ethernet interfaces that will remain down after the no shut command is entered on the interface. There is no workaround.
•
When a permanent virtual circuit (PVC) on a PA-A2 port adapter ATM interface is overloaded, the Operation, Administration, and Maintenance (OAM) cell drops and causes the PVC to go down. This situation does not affect a PA-A3 port adapter interface. There is no workaround.
•
A Cisco 7200 provider edge (PE) series router may zero out all the contents of the packet beyond the ATM adaptation layer 5 (AAL5) header when Cisco Express Forwarding (CEF) is switching an IP packet from a customer edge router (CE) to a remote virtual private network (VPN) destination. This problem occurs only when the input port adapter is the i82543-based 2 port FastEthernet port adapter (PA-2FE) I/O controller. There is no workaround.
•
In a configuration in with multiple T1 through T3 interfaces, it may not be possible to query for Simple Network Management Protocol (SNMP) statistics because the snmpwalk and snmpget functions do not display data for some interfaces. There is no workaround.
IP Routing Protocols
•
A Cisco router that is using Multiprotocol Label Switching (MPLS) traffic engineering might reload in or near rsvp_rrr_path_query. Sometimes this reload is accompanied by a SYS-6-STACKLOW message. There is no workaround.
•
A Cisco router that is running Enhanced Interior Gateway Routing Protocol (EIGRP) with the stub feature on might have a route that is active and not waiting for replies. This situation only occurs in networks where all of the EIGRP neighbors are declared as stub.
Workaround: Remove the EIGRP stub feature or clear the IP EIGRP neighbors.
•
The Open Shortest Path First (OSPF) router process may cause CPU utilization to increase to 99 percent utilization and cause low memory problems after a router is upgraded to Cisco IOS Release 12.0(12.5)S.
Workaround: Remove and reconfigure the router OSPF.
•
A Cisco 7200 series router may reload with a bus error in ipigrp2_ager while running the Enhanced Interior Gateway Routing Protocol (EIGRP). There is no workaround.
•
A Cisco router that is running Resource Reservation Protocol (RSVP) over ATM may reload with a bus error in the Forwarding Information Base (FIB) switching code. There is no workaround.
•
Under rare circumstances, an updated Border Gateway Protocol (BGP) bestpath may not be propagated to the BGP peers of a router.
Workaround: Enter the clear ip bgp * out EXEC command to updates the peers with the current bestpath attributes.
•
Cisco Express Forwarding (CEF) may behave inconsistently with routing protocols that use holddown as a means of protection against suboptimal routing. A route in holddown should be used to forward traffic until routing protocol timer expiration and/or convergence. CEF however, removes the forwarding information from the Forwarding Information Base (FIB) immediately upon the route entering holddown. Process and fast switching will continue to forward traffic as expected. There is no workaround.
•
The Open Shortest Path First (OSPF) database may not create the necessary entries to resubmit an OSPF interarea route.
Workaround: Clear the OSPF process.
•
A Cisco router that is running Cisco IOS Release 12.0(13)S2 may reload because of a bus error when receiving a Border Gateway Protocol (BGP) update with an extended as_path length. There is no workaround.
•
Under certain conditions in a redundant topology, traffic loss can occur for up to 60 seconds after a designated router (DR) is rebooted. There is no workaround.
•
Under unusual timing circumstances, the Enhanced Interior Gateway Routing Protocol (EIGRP) may issue an error message stating "Spurious Memory Access" if the next hop to a route disappears while an update is queued to be sent to a neighbor. There is no workaround.
•
A router with a configuration containing IP static routes with an administrative distance of 115 may reload when the Intermediate System-to-Intermediate System (IS-IS) Protocol Partial SPF is run. This problem occurs regardless of whether the static route is redistributed into IS-IS. This behavior has been observed on Cisco 2500 series and 3600 series routers that are running Cisco IOS Release 12.0(10)S, 12.0(7)T, 12.1(5), or 12.1(8). An error message similar to the following may be observed in the log as a result of the reload:
%CLNS-1-LINKERR: ISIS: LSP prev doesn.t point at head in 0x1C524E, lsp_next 0x0, lsp_prev 0x0, index 0, ver 0, head 0x155AAC -Traceback= 37C5006 37C52E4 37C55FC 37A1A00 37A1C5A 37A2750 37C2428 37C2FF2 37B7B6A 37B82C8An IP static route with an administrative distance of 114 or 116 does not cause a reload.
Workaround: Use an administrative distance other than that of 115 since 115 conflicts with IS-IS.
•
A Cisco 7200 Network Services Engine (NSE-1) that is running Cisco IOS Release 12.1(7)E may experience a software forced reload after a static entry is configured on top of a dynamic network address translation (NAT). There is no workaround.
•
In a Multiprotocol Label Switching (MPLS) virtual private network (VPN) environment, a provider edge (PE) router that is running Open Shortest Path First (OSPF) should only consider Type-3 link state advertisements (LSAs) that are coming from the backbone area (area 0). In some situations a PE router may mistakenly consider Type-3 LSA that are coming from a non-backbone area and install the prefix advertised by the Type-3 LSA in the VRF routing table.
Workaround: Force the full shortest path first (SPF) by entering the clear ip ospf {process} EXEC command.
•
When a static auto-rendezvous point (RP) configuration (all interface sparse-mode) is used and the RP-announce is sourced from a physical interface, the router may not register to the mapping agent. This may result in the RP not being advertised.
Workaround: Use a Loopback interface as the rp-announce source.
Miscellaneous
•
When a crashinfo buffer is created, all commands that are entered before a reload are saved and stored in the buffer. Rivest, Shamir, and Adleman (RSA) or Digital Signature Standard (DSS) keys that are meant to be stored in NVRAM may be displayed in the crashinfo buffer. There is no workaround.
•
When a single T1 or E1 link in an Inverse Multiplexing over ATM (IMA) environment has surpassed the differential delay limit on a Cisco 3600 series router, the other "good" T1 or E1 links may become deactivated and the IMA group will run on the single T1 or E1 link with the excess delay. The expected behavior is that the "bad" T1 or E1 link with the added delay would be deactivated and the three "good" T1 or E1 links would remain operational. The problem affects only the T1 and E1 links. There is no workaround.
•
A Cisco Lightstream 1010, Catalyst 8540, or Catalyst 8510 switch that is operating Multiprotocol Label Switching (MPLS) on ATM interfaces may exhibit label virtual circuit (LVC) resource exhaustion on all interfaces when LVC allocation is performed with label-controlled ATM (LC-ATM). LVC allocation will fail when the end of the Virtual Connection Identifier (VCI) range is reached and if the start or end VCI value is not divisible by 32. This occurs because of an error in how the resource management routines handle label allocation.
Workaround: Define a VCI range using the start and end values that are divisible by 32.
•
IP precedence is not set on multicast packets using input Committed Access Rate (CAR) with an access list. This situation does not exist if Cisco Express Forwarding (CEF) is turned off on an interface that is configured with the rate-limit interface configuration command. Unicast packets work correctly with CEF and precedence set. There is no workaround.
•
A Cisco voice gateway may reload when a call with invalid parameters is placed to the Tool Command Language (TCL) interactive voice response (IVR) 1.0 placeCall verb application which disconnects the call without stopping the call-disconnect timer. This sequence of operations may cause a reload. This behavior has no impact on environments that use a properly written TCL1.0 application script. There is no workaround.
•
A Cisco router may reload when the router queries the dialCtlPeerStatsRefuseCalls object from a Simple Network Management Protocol (SNMP) server. There is no workaround.
•
A Cisco router may reload if you use the ip inspect name global configuration command to configure Simple Mail Transfer Protocol (SMTP). There is no workaround.
•
A Cisco 7200 router that is configured with a large number of PPP sessions may report a %SYS-3-CPUHOG error message when the clear counters EXEC command is entered. There is no workaround.
•
A PA-E3 controller that is installed on a Cisco 7206VRX router that is running Cisco IOS Release 12.0(13)S, 12.0(14)S, or 12.1(5) may reset itself frequently. One carrier transition is registered for each interface reset. The output of the show controllers privileged EXEC command shows that the tx_fullring value increases in proportion to the interface resets. Under this condition, a memory leak in the I/O-2 pool reloads the router. There is no workaround.
•
TCP traffic may get dropped if Cisco Express Forwarding (CEF) and Network Address Translation (NAT) are both enabled.
Workaround: Disable CEF.
•
Under stress scenarios in which a high number (>1000) of Tag Virtual Circuits (TVCs) is set up on an interface, some TVCs might not be set up successfully and the following message is printed:
%TCATM-4-RESOURCE_LIMIT: VC resource exhausted (for the interface that is used)There is no workaround.
•
With certain ATM subinterfaces, the ip verify unicast reverse-path interface configuration command may incorrectly drop a fraction of incoming traffic. There is no workaround.
•
The Cisco Express Forwarding (CEF) table for a Cisco 12000 Internet router line card might not synchronize with the Gigabit Route Processor (GRP) on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(13)S2.
This situation has been observed when a Packet over SONET (POS) line card did not have a /32 receive adjacency for a Gigabit Ethernet module on the same Cisco 12000 series Internet router. The output of the show cef interface gigabit 9/0 command revealed that IP processing was disabled on gigabit interface 9/0 and that there were no /32 receive entries for the addresses assigned to that interface (primary or secondary). No problems were detected on the GRP, and there have been no records of interfaces being reset.
Workaround: Clear the IP CEF table.
•
On a Cisco router that has GRE or IP-in-IP tunnels configured, an input access list on a physical interface will fail to deny GRE or IP-in-IP encapsulated packets.
Workaround: Configure a key on the GRE tunnel interfaces. Traffic going in and out of the tunnel interfaces will then be process switched. There is no workaround for IP-in-IP tunnel interfaces.
•
There may be a delay in the teardown of the switched virtual circuit (SVC) on a Cisco Route Switch Processor (RSP) after an idle timeout. This problem does not affect network operation. There is no workaround.
•
If a Cisco AS5400 universal access server that is running Cisco IOS Release 12.2 experiences a reload, the stack trace will be lost if another reload related to exception handling occurs. There is no workaround.
•
Under some circumstances, inserting routes into a routing table may cause the memory to become fragmented.
Workaround: Configure the memory free-list 65488 command.
•
A Cisco router that is running voice over IP (VoIP) may reload under stressed fax traffic conditions. There is no workaround.
•
A Cisco uBR7200 series router that is running Cisco IOS Release 12.0(10)SC1 or a subsequent release might reload unexpectedly with a bus error at "cmts_snmp_get_cmcpe."
Workaround: Use Cisco IOS Release 12.0(16)SC.
•
A Cisco Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) provider edge (PE) router that is running Cisco IOS Release 12.1(5)T5 and that is configured with virtual private dialup network (VPDN) may reload. The router typically displays a traceback message similar to the following:
0x6060A8A0:idb_get_swsb(0x6060a86c)+0x34 0x60FCF53C:tagsw_get_tag_dist_method(0x60fcf4a0)+0x9c 0x60FF055C:tfib_request_outgoing_tag(0x60ff0480)+0xdc 0x60FF06A8:tfib_request_outgoing_recursive_tags(0x60ff061c)+0x8c 0x60FF3214:tfib_resolve_recursive(0x60ff30e8)+0x12c 0x60FF5710:tfib_resolve_tag_rewrite(0x60ff5590)+0x180 0x60F4AF58:path_resolved(0x60f4aa90)+0x4c8 0x60F4B84C:ip_fib_resolve_path(0x60f4b244)+0x608 0x60F4BA20:ip_fib_force_resolve_path(0x60f4b94c)+0xd4 0x60FF4940:tfib_route_tag_change(0x60ff44ec)+0x454 0x60FF07C8:tfib_setup_route_tag_change(0x60ff06d4)+0xf4 0x60FCBE34:tib_find_route_tags(0x60fcbc4c)+0x1e8 0x60FF05EC:tfib_request_outgoing_tag(0x60ff0480)+0x16c 0x60FF06A8:tfib_request_outgoing_recursive_tags(0x60ff061c)+0x8c 0x60FF3214:tfib_resolve_recursive(0x60ff30e8)+0x12c 0x60FF5710:tfib_resolve_tag_rewrite(0x60ff5590)+0x180The router reloads if all of the following conditions exist:
–
–
–
–
Images that have the fix for CSCds91198 are susceptible to this issue. The impacted Cisco IOS releases include (but are not limited to) the following:
–
–
–
–
–
–
–
–
–
Workaround: Avoid any of the conditions listed. We recommend that the workaround be implemented in the startup configuration before the router is booted up.
•
A Cisco router that is running Cisco IOS Release 12.1(6) with the c5rsm-dsv-mz image experiences a reload in ip_flow_switch when IP Cisco Express Forwarding (CEF) is enabled. This situation occurs when you use the no ip route-cache cef interface configuration command on all interfaces, and when you use the ip route-cache flow interface configuration command on most but not all interfaces. The router displays the following messages:
RA: 0x601C4064[ip_flow_switch(0x601c3d3c)+0x328] RA: 0x601BC2C4[ip_fastswitch_wrapper(0x601bc26c)+0x58] RA: 0x602F8768[rsp_eip_fs_body(0x602f8058)+0x710] RA: 0x60303AE0[rsp_process_rawq(0x60301000)+0x2ae0] RA: 0x602BB8F8[rsp_qa_intr(0x602bb818)+0xe0] RA: 0x601C4048[ip_flow_switch(0x601c3d3c)+0x30c]The router displays the following access list logging messages before the reload at the approximate rate of one message per second:
%SEC-6-IPACCESSLOGDP: list 169 denied icmp x.x.x.x (Vt %SEC-6-IPACCESSLOGDP: list 169 denied icmp x.x.x.x (Vt %SEC-6-IPACCESSLOGDP: list 169 denied icmp 144.13.9.54 (Vlt %SEC-6-IPACCESSLOGDP: list 169 denied icmp 144.13.9.54 (Vlt %SEC-6-IPACCESSLOGDP: list 169 denied icmp 144.13.9.54 (Vlt %C5IP-0-MSG: slot0 %DB-0-RESTART: Waiting for restart %DBUS-3-DBUSINTERR: Slot 0, Internal Error %RSP-3-RESTART: cbus complexThere is no workaround.
•
Cisco routers that are running Cisco IOS Release 12.1, 12.2, or 12.0 S with an Advanced Technology Attachment (ATA) SanDisk card (of any capacity) may pause indefinitely or be slow to respond to command-line interface (CLI) command input when the Simple Network Management Protocol (SNMP) FlashMIB is queried. The FlashMIB queries may also time out. This condition occurs when the inode numbers of the files in the ATA SanDisk card are not sequential and when there is a large difference in the inode numbers.
The following is an example of a directory list with inode numbers that are likely to cause an SNMP timeout when the Flash MIB is queried:
Router#dir disk1:
Directory of disk1:/
3 -rw- 1690 Apr 09 2001 04:22:16 shankar
4 -rw- 1690 Apr 09 2001 04:26:24 sara
5 -rw- 1690 Apr 09 2001 04:26:30 sara1
6 -rw- 1690 Apr 09 2001 04:26:34 sara12
7 -rw- 1690 Apr 09 2001 04:26:36 sara123
8 -rw- 1690 Apr 09 2001 04:26:38 sara1234
10 -rw- 1690 Apr 09 2001 04:26:54 sara12345
11 -rw- 1690 Apr 09 2001 04:26:58 sara123456
12 -rw- 1690 Apr 09 2001 04:27:00 7
9 drw- 0 Apr 11 2001 21:46:30 directory-one
15 -rw- 8623108 Apr 10 2001 01:14:20 c7200-is-mz.121-7.4
14 -rw- 3578452 Apr 12 2001 05:23:56 c7200-boot-mz.del96042
2994 -rw- 4307448 Apr 12 2001 07:03:06 c7200-boot-mz.flo96042
4046 -rw- 3578544 Apr 12 2001 06:16:52 c7200-boot-mz.del96042firstWorkaround: Exclude the ciscoFlashFileEntry MIB from FlashMIB queries.
•
A Cisco 2611 router that is running Cisco IOS Release 12.1(7) may fail to forward generic routing encapsulation (GRE) and Cisco Express Forwarding (CEF) Address Resolution Protocol (ARP) requests.
Workaround: Disable CEF on the tunnel interface.
•
A Cisco 7500 series router may use invalid Cisco Express Forwarding (CEF) entries on Versatile Interface Processors (VIPs) to switch traffic when distributed Cisco Express Forwarding (dCEF) is disabled. The CEF entry on the RSP is valid while the entry on the VIP is invalid.
Workaround: Reboot the VIP and use the clear cef line slot command to clear the lines for each VIP until all the VIPs become visible and synchronized in the output when the show cef linecard command is entered.
•
A Label Edge Router (LER) that is running the c7200-p-mz.122-0.18 or the rsp-pv-mz.122-0.18 image of Cisco IOS Release 12.2(18) may experience Tagged Virtual Circuits (TVCs) that are held in the "bindwait" state if router flapping occurs on the paths from the LER to some destinations that have TVCs configured. This problem occurs even when alternate paths exist.
Workaround: Enter the shut followed by the no shut command on the interfaces on the LER.
•
A Cisco 7500 series router or Cisco 12000 series Internet router may experience a memory leak under any of the following Conditions:
–
–
–
–
–
At some point, the prefix is resolved to go over two paths. One path is over a physical interface, and the other path is to Null0. For example, ip route x/y next hop1 ip route x/y next hop2. The route to nexthop1 points to a physical interface, and the route to next hop 2 points (at any time) to Null0.
This condition can be detected by entering the entering the following show commands:
–
–
Workaround: If any of the following actions are performed, the messages will eventually drain off (releasing memory):
–
–
–
Workaround: Perform these actions at startup.
•
When the atm ilmi-pvc-discovery [subinterface] global configuration command is used, an available bit rate (ABR) permanent virtual circuit (PVC) created on a switch is programmed as an unspecified Bit Rate (uBR) on the connected router.
Workaround: Manually configure the respective ABR PVC on the router.
•
If an ATM traffic shaping is configured under a vc-class that exceeds the peak cell rate of normal ATM T1 and the ATM virtual circuit (VC) is attached to an Inverse Multiplexing over ATM (IMA) group, the traffic shaping may be lost after a router is reloaded. For example, the vbr-rt peak-rate average-rate burst ATM Virtual Circuit configuration command will be lost when the router is reloaded after a Variable Bit Rate Real-Time (VBR-rt) is configured under a vc-class with a peak cell rate that is greater than 1500 and then attached to the IMA group.
Workaround: Configure the traffic shaping configuration directly under the IMA interface instead of configuring it under the vc-class.
•
The tailend of a Tagged Virtual Circuits (TVCs) may remain active while the headend of a TVC becomes missing. This problem is triggered when TVCs are re-established when better routes become available due to change of topology. The new TVCs are set up normally but the old TVs are not cleaned up properly. There is no workaround.
•
When cell-mode Multiprotocol Label Switching (MPLS) is used in a network of Cisco Catalyst 8500 switches with redundant paths, the conversion for MPLS after a routing change may take up to 4.5 minutes. Open Shortest Path First (OSPF) converges normally. There is no workaround.
•
A Cisco 7204 router with a Network Processing Engine (NPE-200) and a PA-A2-4E1XC-E3ATM ATM-Circuit Emulation Services (ATM-CES) port adapter that is running Cisco IOS Release 12.1(5) may display the following error message:
No space for tbdP1: mp->data_blockThere is no workaround.
•
A Cisco 7200 series router that is running Cisco IOS Release 12.1, 12.0S or 12.2(1) with a Dual-port Fast Ethernet 100BaseTX (PA-2FE-TX) or a Cisco 7200 Input/Output Controller with 2 10/100 Auto-sensing Fast Ethernet Ports (C7200-I/O-2FE/E) may experience link flaps (link line status goes up and down) when certain protocols are running on an interface. The known triggers for the link flaps are: IP address configurations/modifications, the addition of subinterfaces, the modification of line speeds and line states (duplex/half-duplex), and other protocol-dependent configurations. There is no workaround.
•
A Cisco 7200 series or 7500 series router with a Dual-Port Token Ring ISL Port Adapter (PA-2FEISL) that is running Cisco IOS Release 12.1(5) may experience intermittent ATM link failures with packets that are sent to the ATM interface driver that have a packet size of 0. There is no workaround.
•
Layer 2 Tunneling Protocol (L2TP) and Generic Routing Encapsulation (GRE) tunnels fail to operate correctly on a Cisco 7500 series router that is running centralized Cisco Express Forwarding (CEF). L2TP tunnels fail completely, whereas packets switched through a GRE tunnel will be fast or process switched.
Workaround: Enable distributed CEF switching.
•
When adaptive pacing is used on a System Network Architecture (SNA) session, a branch network node (BrNN) may send an isolated pacing message (IPM) with a next-window size that is too large for the available memory on the router. This condition may result in SYS-2-MALLOCFAIL messages and the loss of logical unit-logical unit (LU-LU) sessions. There is no workaround.
•
A Cisco 12000 Internet router that is running Cisco IOS Release 12.0(14)S3 with Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) configured as a midpoint may detect that not enough bandwidth is available for Resource Reservation Protocol (RSVP) interfaces. The system has incorrectly detected the lack of bandwidth. However, the bandwidth is still unusable by the system. There is no workaround.
•
Outgoing V.110 calls may cause a router to reload. There is no workaround.
•
A Cisco 7200 series router that is running Cisco IOS Release 12.1(7) or 12.1(8) and acting as an active home agent (HA) with mobile IP home agent redundancy may reload or experience a memory leak if the clocks on the home agents (HAs) in the redundancy group or the clocks on the mobile nodes (MNs) and standby HA are out of synchronization.
Workaround: Keep the clocks on the HAs in the redundancy group and MNs in synchronized.
•
A different output is given each time a query is performed with the snmp walk command on the cdxCmCpeIpAddress variable of a Cisco uBR 7200 broadband router. A sorted list of cable modem (CM)/customer premises equipment (CPE) is generated based on the CM/CPE that are connected to the Cable Modem Termination System (CMTS) at the moment an SNMP query is sent to any column of cdxCmCpeTable. A CM or CPE that is not connected the CMTS may still be listed in the "reused cmcpe" list.
Workaround: Wait for the "old cmcpe" list to expire. A new list based on current CM/CPE connections will be generated.
•
Traceback and spurious memory access may occur when an excessive number of data-over-cable service interface specifications (DOCSIS) ping requests are issued and have to be queued by MAC. The error messages do not have any impact on normal operations. There is no workaround.
•
The no ip cef table inconsistency-check global configuration command is used to disable Cisco Express Forwarding (CEF) inconsistency checkers. When the incomplete form of the command, no ip cef table is entered on the command-line interface (CLI), the no ip cef global configuration command is executed instead and CEF is disabled. To reenable CEF, globally configure the ip cef global configuration command or the ip cef distributed global configuration command.
Workaround: Do not enter the incomplete, no ip cef table command.
•
After a Cisco AS5800 access server is booted, some of the E1 ports may initialize incorrectly, resulting in excessive linecode violations and bit errors on the received signal, even when the incoming signal is clean. T1 and T3 ports are not affected by this problem.
Workaround: This problem cannot be cleared by shutting down the E1 port. Reload the access server to clear the condition.
•
When a router interface is administratively shut down the switch or other connecting device will still show the router as connected when it is not. This problem exists only on certain port adapters (PA-2FE-TX, PA-2FE-FX, and PA-4E).
Workaround: Physically disconnect and reconnect the cable between the devices to force both sides of the link down.
•
A Cisco router that is running Cisco IOS Release 12.1, 12.1T, or 12.1E and configured as a Multiprotocol Label Switching (MPLS) virtual private network (VPN) Provider Edge (PE) router using an IP loopback address of (a.b.c.d) as the Tag Distribution Protocol (TDP) router ID in a network that has additional loopbacks that share the same (a.b.c.d) IP address (which are bound to VPN routing/forwarding [VRF] instance) may experience an uncommanded change in the TDP router ID on the router when an additional loopback interface is shut down or deleted. This problem may interrupt MPLS traffic in a given network.
Workaround: Avoid configuring any interfaces on an MPLS PE router that is bound to a VRF instance to share an IP address that is also used as TDP router ID on a router in a network.
•
A Cisco router that is running Cisco IOS Release 12.0(17.1)S, 12.1(3.1), or 12.2(3.1) or later that is configured for HSRP (Hot Standby Router Protocol) on only certain Inter-Switch Link (ISL) subinterfaces may experience spurious memory access. This may occur when the HSRP is not configured on all ISL subinterfaces.
Workaround: Configure HSRP on all ISL subinterfaces.
•
Spurious access is observed on a Cisco 7500 series router when a serial link is added to the multilink bundle while distributed Multilink PPP (dMLP) is enabled. There is no workaround.
•
The input and output rate statistics on an ATM subinterface on a Cisco 7500 router are not correctly reported. There is no workaround.
•
In Cisco IOS Release 12.1T, the ip audit po protected ip-addr global configuration command will only list the first subnet that is identified. Every subsequent subnet that is entered will be the same as the first. The configuration appears as:
ip audit po protected 216.123.185.128 to 216.123.185.191
ip audit po protected 216.123.185.128 to 216.123.185.191There is no workaround.
•
When a file with a size that is between N and N-1 clusters is copied to a ATA disk that has a free space of N clusters, a truncated file is created with a message "Bad DFS cluster data passed". Each cluster is of 4k size. There is no workaround.
•
Voice calls may pause indefinitely when flash MIBs for a vendor-specific flash device located in slot 0 or slot 1 of A Cisco 7200 series router are queried. Depending on the protocols that are running, the calls may hang indefinitely or clear after a short period of time.
Workaround: Avoid querying the flash device or remove the cards located in slot 0 or slot 1.
•
Cisco Express Forwarding (CEF) becomes disabled on a Generic Routing Encapsulation (GRE) tunnel interface when a key is configured with the tunnel key key-number interface configuration command. The tunnel interface switches to the next available switching mechanism, which is process switching (fast switching has no support for GRE tunnel options).
Workaround: To reenable CEF or fast switching on the tunnel interface, remove the tunnel key. This workaround cannot be used if a tunnel key is required with CEF switching on the GRE tunnel.
•
If a Cisco router has the same IP address configured on two interfaces in which one of the interfaces is in shutdown state and is configured to run a Tag Distribution Protocol (TDP)/Label Distribution Protocol (LDP) session, the peer may have Tag Forwarding Information Base (TFIB) entries which are untagged.
Workaround: Remove the duplicate IP address from the shut down interface to correct the behavior.
•
A Cisco 2600 series router may reload when the mpls label protocol ldp interface configuration command is configured on a subinterface that has the tag-switching ip global configuration command and the mpls label protocol tdp interface configuration command enabled.
Workaround: Enter the no tag-switching ip global configuration command on the router before changing the tag switching from label distribution protocol (LDP) to tag distribution protocol (TDP) or from TDP to LDP.
•
If the write erase command is entered on a Cisco 7200 router that is running Cisco IOS Release 12.2(2.3) and the config-register field is set to 0x0, the router may pause at the ROMMON mode the next time the router is reloaded.
Workaround: Change config-register to the desired setting to avoid this issue. Enter the confreg 0x2102 command in ROMMON mode or enter the config-register 0x2102 command in the global configuration mode.
•
Logical Unit (LU) 6.2 sessions with Customer Information Control System (CICS) (over an Enterprise Extender (EE)/connection network) come up initially, but they are subsequently dropped.
Workaround: Do not use connection network and predefine the EE links.
•
Automatic Number Identification (ANI) digits are not sent for the outgoing Voice calls over E1 trunks that are confirmed to use R2 signaling. There is no workaround.
•
If a spoke router is reloaded in a hub-and-spoke topology with IP Security (IPSec), the spoke router may reload with a SegV exception for a certain configuration. This condition has been observed with the Cisco 827 router.
Workaround: Remove the configuration for the remote users from the hub router, specifically, the portion that relates to assigning IP addresses from the local address pool.
•
After debug sanity is enabled on Cisco routers that support particles, the routers may experience a memory leak and reload. The amount of time that it takes for the memory leak to surface and the reload to occur varies. There is no workaround.
•
A Cisco router or access server that is running Cisco IOS Release 12.1 or 12.2 with virtual private dial-up network (VPDN) configured may reload if the router or access server is running low on memory.
Workaround: Ensure that there is sufficient memory available on the router or access server.
•
A Cisco 12000 Internet Router may experience some missing prefixes in the Cisco Express Forwarding (CEF) tables on some line cards after the router is reloaded or when an online insertion and removal (OIR) is performed on a line card.
Workaround: Enter the clear cef linecard command on each slot after a reload or OIR to ensure that the CEF table is correctly downloaded.
Novell IPX, XNS, and Apollo Domain
•
Internetwork Packet Exchange (IPX) Enhanced Interior Gateway Routing Protocol (EIGRP) may experience a memory leak related to IPX routing instability. There is no workaround.
TCP/IP Host-Mode Services
•
A Cisco 7200 series router that is running Cisco IOS Release 12.0(15) and that has data-link switching (DLSw) may experience a software-forced reload. This problem occurs when DLSw with TCP encapsulation is sent over a X.25 network and when an X.25 transmission attempt fails due to dropped packets. There is no workaround.
Wide-Area Networking
•
A Cisco router may reload when the traffic-shape EXEC command is configured with X.25 or Link Access Procedure, Balanced (LAPB) encapsulation. Generic traffic shaping is not supported with X.25 or LAPB encapsulation. X.25 or LAPB can be used without generic traffic shaping.
Workaround: Do not configure the traffic shape command with these protocols.
•
A queue on a BRI may become stuck after a few hundred ping tests between routers across the interface. As a result of this error, the BRI is unable to detect the interfaces and routers on either side of the BRI. This error has been observed during normal operation. There is no workaround.
•
On a Cisco router that supports PPP over ATM (PPPoA) and that has PPP payload compression on the virtual access interface, the PPP pay load compression is not negotiated.
Workaround: Configure compression on the dialer interface first and then configure an ATM permanent virtual circuit (PVC) for PPPoA dialer.
•
A Cisco 2500 series router that is running Cisco IOS Release 12.1(7) may restart by bus error in outputq_dequeue_eval. There is no workaround.
•
A Cisco router that is acting as an Always On/Direct ISDN (AODI) server may send out a bad frame. Cyclic redundancy check (CRC) is computed correctly, but the inside of the frame is corrupted, causing the remote switch to send a Frame Reject (FRMR) message. There is no workaround.
•
A dialer profile that has the dialer watch configured may continue to dial out after the idle timer expires. Multiple B-channels remain up even when there is no traffic and will remain up until the primary route is restored. There is no workaround.
•
A Cisco 3620 router that is running Cisco IOS 12.1(7) may reload with a bus error that points to a "poisoned" address of 0xD0D0D29. There is no workaround.
•
A Cisco AS5800 universal access server that is configured for Non-Facility Associated Signaling (NFAS) and signaling system 7 (SS7) ThunderDial under a load condition may reload with the following error message:
UAE: %ISDN-6-NO_TIMER: No Free Timer Entry, caller 0x6005033 8, timers used 30911
UAE: %ISDN-6-INVALID_TIMER: LIF_RemoveTimer: Invalid Timer H andle, caller 0x6004CE88 handle -1
UAE: %ISDN-6-NO_TIMER: No Free Timer Entry, caller 0x6005033 8, timers used 30911
UAE: %ISDN-6-INVALID_TIMER: LIF_RemoveTimer: Invalid Timer HThere is no workaround.
•
In a Cisco signaling system 7 (SS7) interconnect for Voice Gateways solution, if a Cisco AS5300 universal access server is required to disconnect a large volume of calls at one instance (over 72), some of the calls may be disconnected with no cause code. This condition can cause the access server to release those calls back to SS7 because of an unspecified protocol error. There is no workaround.
•
When an interface that is a PPP Multilink bundle member goes down while it is transmitting data, the router may lock up, requiring a reload to recover. There is no workaround.
•
On particle-based platforms, such as the Cisco 2600, 3600, and 7200 series of routers, spurious memory accesses may occur when locally generated voice packets are fast switched to Multilink bundles. There is no workaround.
•
When dialer maps are used, entering the show caller full, the show dialer interface, and the show source ip EXEC commands will show the IP address that brought the line up. However, when dialer aaa is used, these commands will show only a generic hexadecimal number representing the dialer session rather than the source IP address that brought up the session. This condition makes it impossible to identify the source station that brought up the dialer session. There is no workaround.
•
A Resource Availability Indicator (RAI) message is not sent when the signaling controller is disabled on a Cisco SC2200 Signaling Controller. The channel cannot be freed from the free queue when the call is running.
Workaround: Tune the T309 timer, which is set to a default of 90 seconds to a smaller value for the ThunderDial application.
•
Incoming calls may fail to connect and may be released. The system does not put B-channels on the first E1/T1 in service. Incoming calls are failing with channel unavailable. If the channels are "busyout" and "unbusy," the service is disabled and reenabled and calls can be properly accepted. There is no workaround.
•
Incoming calls may fail to connect and may be released. The system does not put B channels on the first E1/T1 in service. Incoming calls are failing with channel unavailable. If the channels are "busyout" and "unbusy" the service is restored and calls can be properly accepted. This is observed on Cisco 5300 and 5800 universal access servers. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.1(9a)
Cisco IOS Release 12.1(9a) is a rebuild of Cisco IOS Release 12.1(9). The caveats in this section are resolved in Cisco IOS Release 12.1(9a) but may be open in previous Cisco IOS Releases.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.1(9)
All the caveats listed in this section are resolved in Cisco IOS Release 12.1(9). This section describes severity 1 and 2 caveats and select severity 3 caveats.
Access Server
•
When a defective modem is placed in the shutdown state, a firmware download attempt may cause a continuous stream of error messages that indicated that the software is not able to download the firmware to be displayed.
Workaround: Disable the shutdown state on the modem. The firmware download will fail, the modem will be marked as "bad," and the continuous stream of error messages will stop.
Basic System Services
•
A Cisco AS5300 series universal access server may reload with a bus error while running Cisco IOS Release 12.1(3.1). There is no workaround.
•
On a network that includes a Frame Relay access device (FRAD) that is connected through a serial bisynchronous line to a Cisco 3640 router that is running Cisco IOS Release 12.1(5)T3, the Cisco 3640 router has a WAN connection to a Cisco 1601 router that is running Cisco IOS Release 12.1(5). This setup is connected through a bisynchronous serial line to an ATM. The encapsulation type is Block Serial Tunnel (BSTUN). The ATM works correctly for several days before the connection drops. The bisynchronous Block Check Character (BCC) is dropped on the line between the Cisco 1601 router and the ATM when the last BCC character is an x7F.
For example, if the ATM transmits:
02d440f2f21cf0f0f01c1cf91cf1f9f1f0f2f6f0f0f0f0f0f003 347f <- BCC charactersThe router receives:
02d440f2f21cf0f0f01c1cf91cf1f9f1f0f2f6f0f0f0f0f0f00334 <- last BCC character is missingIf the data ends in other than a x7F, there appears to be no problem.
Workaround: Use Cisco IOS Release 12.1(2) on the Cisco 1601 router.
•
Simple Network Management Protocol (SNMP) MIBs which use Read-Create in their rows (such as SNMP ping MIB or Config Copy MIB) may cause the router to reload unexpectedly.
Workaround: Disable SNMP.
•
When a vendor-specific browser is used to configure a router, the request pauses indefinitely and times out. The command is not performed, and no output is returned.
Workaround: Use an earlier version of the browser.
•
A Cisco router that is running Cisco IOS Release 12.1(7) may reload with a Seg V exception when a random-detect-group global command that has been configured on a permanent virtual connection (PVC) is edited.
Workaround: Remove the random-detect-group global configuration command from the permanent virtual connection (PVC), edit, and then reattach the command to the PVC.
•
A Cisco 1000 series router that is running Cisco IOS Release 12.1(7.6) with the Cisco c1000-y-mz image does not boot up. There is no workaround.
•
The Cisco Discovery Protocol (CDP) may fail to correctly match identical neighbor entries and build a list of duplicated neighbor entries on the CDP neighbor table. The duplicate neighbor entries can be seen in the output when the show cdp neighbor EXEC command is entered. This problem may cause the CDP to consume a higher than normal amount of memory on the router.
Workaround: Set the CDP timer to a value that is comparable to the value of the CDP hold-down timer. For example, with the CDP hold-down timer set at the default of 180 seconds, the CDP timer can be set to 150 seconds. This setting will help to decrease the number of duplicate entries on the CDP neighbor table.
Alternate Workaround: Disable CDP.
•
A Cisco 2600 series router that is configured with the Service Assurance Agent (SA Agent) may display the following error message when the Simple Network Management Protocol (SNMP) is repeatedly polled for rttMonJitterStats:
%SYS-2-MALLOCFAIL: Memory allocation of -2132490248 bytes failed from 0x8064BDBC, pool Processor, alignmentThere is no workaround.
EXEC and Configuration Parser
•
When large amounts of character mode traffic are downloaded from a Telnet client, the CPU utilization for the corresponding EXEC session on a Cisco AS5300 series access server increases to over 90 percent. There is no workaround.
•
A bus error may occur when the following privileged EXEC commands are entered:
–
–
–
–
–
–
There is no workaround.
IBM Connectivity
•
A Cisco router that is configured for data-link switching (DLSw) Ethernet Redundancy may reload with a bus error if circuits are established while peer connections are torn down.
Workaround: Use DLSw with transparent bridging.
•
A router that is running the data-link switching plus (DLSw+) Ethernet Redundancy feature may reload when two redundant domains are merged. There is no workaround.
Interfaces and Bridging
•
Subinterfaces that are created on a Cisco 7000 series router may not be able to route AppleTalk. Sniffer tests will show that the cable range is being reached even though the router does not respond to the appletalk getzonelist-filter interface configuration command. The router is unable to ping any of the connected Apple machines even though Routing Table Maintenance Protocol (RTMP) appears to be working. There is no workaround.
•
A Cisco ATM-PA-A3 port adapter on a Cisco 7200 series router may experience command failures that are followed by "ATMPA-3-SARCRASH" messages, causing the port adaptor to power down. The powering down message "PA-3-DEACTIVATED" leads to the disappearance of the configuration of this ATM port adapter. In rare cases, the router may reload. There is no workaround.
•
A Cisco 7206VXR router with an NPE-300 Network Processing Engine, an enhanced ATM PA-OC-3 port adapter, and some ATM subinterfaces may intermittently experience a situation in which the ATM permanent virtual circuit (PVC) at one subinterface starts dropping the packets from the output queue. Cisco Express Forwarding (CEF) and fast switching are not being used in this situation. The PVC stays up and transmits the traffic originated by the Cisco 7206VXR that is not experiencing this situation.
Workaround: Reenter the atm pvc interface configuration command on the ATM subinterfaces.
•
A Cisco 7200 or Cisco 7500 series router that is running Cisco IOS Release 12.0(10)S3 and that has PA-A3-OC3 port adapter may stop forwarding packets on one or more virtual connections (VCs).
Workaround: Restore the original working condition by entering the clear interface privileged EXEC command.
•
A Cisco 7507 router may reload with a bus error when it is running Cisco IP Security (IPSec) 56-bit encryption and Token Ring interfaces. There is no workaround.
•
IP datagram pings that are larger than 586 bytes may fail on an ISDN BRI D channel that is configured for bridging with X.25. Process-level transparent bridging behaves erratically. There is no workaround.
•
After a router is reloaded, there may not be any connectivity between the serial interfaces that have channel groups configured.
Workaround: Enter the shutdown interface command followed by the no shutdown interface configuration command to restore connectivity between the serial interfaces.
•
A Cisco 7500 series Route Switch Processor (RSP) that is running Cisco IOS Release 12.0(15)S1 with a Cisco Versatile Interface Processor 2-50 (VIP2-50) and an ATM PA-A3 port adapter may display the following error message on the RSP console if the VIP is running at 99 percent capacity:
%ATM-3-FAILCREATEVC: ATM failed to create VC(VCD=23, VPI=0, VCI=96) on Interface ATM4/1/0, (Cause of the failure: Failed to have the driver to accept the VC)Workaround: Disable distributed Cisco Express Forwarding (dCEF).
Alternate workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the ATM interface.
IP Routing Protocols
•
Multiprotocol Label Switching (MPLS) traffic engineering (TE) tunnels may fail to come up on slow interfaces (less than 2 Mbps). This situation occurs because fair queueing is automatically enabled on such interfaces, which can artificially reduce the bandwidth reservable by TE tunnels.
Workaround: Disable fair queueing on the interface by entering the no fair-queue command.
•
When the internal Border Gateway Protocol (iBGP) is redistributed into the Interior Gateway Protocol (IGP), the routes are not advertised by IGP. This problem occurs with Routing Information Protocol (RIP), Enhanced Interior Gateway Routing Protocol (EIGRP), Interior Gateway Routing Protocol (IGRP), and Open Shortest Path First (OSPF).
Workaround: Enter the clear ip bgp {* | address | peer-group name} [soft [in | out]] and clear ip route {network [mask] | *} EXEC commands to clear this problem.
Alternate workaround: Remove and reenter the neighbor statements in BGP or reload the router.
•
Static Network Address Translation (NAT) configuration lines cannot be removed through a HTTP (Hypertext Transfer Protocol) user interface.
Workaround: Perform the deletion by connecting through one of the classic tty lines.
•
A filter list may deny a path incorrectly.
Workaround: Restart the Border Gateway Protocol (BGP) process.
•
A Cisco router that is running 600kbps multicast video traffic into a Frame Relay interface and out an ATM LAN Emulation (LANE) interface with IP Protocol Independent Multicast (PIM) configurations under it reloads after approximately 18 hours because of a continuous memory leak. The PIM process in the ATM signaling switched virtual circuits (SVCs) holds increasing amounts of memory and does not release it. This situation occurs because no ATM address is configured on the interface. The incomplete configuration causes the memory leak.
Workaround: Configure the IP address on the ATM LANE interface.
•
When a router is booted with Cisco IOS Release 12.1 using a configuration from Cisco IOS Release 12.0S that contains a peer group with network layer reachability information (NLRI), unicast, and multicast configured, the peer group members are not activated for address-family IPv4 multicast. There is no workaround.
•
OSPF summary redistribution may not function properly. After the clear ip ospf redistribution and the show ip ospf database external EXEC commands have been entered, the link-state age reaches "MAXAGE" and does not come up again. This condition has been observed only when the router is configured with the summary-address number command under OSPF and is also configured to have a static route that matches the same summary address. There is no workaround.
•
On a Cisco10000 series Edge Service Router (ESR) that is running Cisco IOS Release 12.0(15.6)ST in a production network, running PIM sparse mode on 448 interfaces where there are 31 (*, G) entries in the mroute table may cause the router to reload if traffic was sent to even 15 of those groups. There is no workaround.
•
The exterior flag gets unset on the route that is marked as default in Enhanced Interior Gateway Routing Protocol (EIGRP).
Workaround: Use a floating static default route.
•
Relearned information is not always consistent with other routers in the network when redundant Rendezvous Points (RPs) for the same group and when the RP mapping information generated through a Bootstrap Router (BSR) is manually cleared. There is no workaround.
•
A Cisco 7000 series router with Open Shortest Path First (OSPF) may fail to install the default route in some rare cases. The default route will automatically be installed during the next shortest path first (SPF).
Workaround: Add a static default route with higher administrative distance than OSPF and redistribute it through OSPF.
Alternative workaround: Use one of the following commands:
–
–
–
–
Alternative workaround: Add a fake loopback to OSPF net statements and flap it.
•
A Cisco router may reload after the show ip igmp groups command is entered if the command is paused for a prolonged period of time at the "more" prompt and restarted later. There is no workaround.
•
A router that is running a Cisco IOS release that contains the fix for CSCdr33635 does not allow the user to configure secondary IP addresses on an interface that does not already have a primary IP address. The following are two possible scenarios and their respective workarounds.
Case 1: A user saves the running configuration that has an interface with both primary and secondary addresses with the copy running-config file EXEC command and subsequently removes all the addresses on that interface, thus changing the running configuration. If the user attempts to restore the original configuration with the copy saved-file running-configuration EXEC command, the secondary addresses will not be allowed to be configured. Any attempts to "cut and paste" the display of the output of the show running-configuration command will also cause the same problem.
Workaround for Case 1: Issue the copy saved-file running-configuration or perform the cut-and-paste twice.
Alternate workaround for Case 1: Configure the primary address manually before entering the copy saved-file running-configuration EXEC command to copy the saved configuration file into the running configuration file.
Case 2: This case applies to any virtual LAN (VLAN)-capable interface or subinterface that has a primary address and a secondary address. If the router is rebooted with an image that has the version with the earlier fix of CSCdr33635, the previous secondary addresses will not be allowed to be configured and will subsequently be lost on the interface or subinterface immediately after the router is reloaded.
Workaround for Case 2: Copy the startup configuration to running configuration after the reboot without entering the write memory command between the two operations. This action will restore the secondary address to the running configuration. This operation must be repeated on every reload.
•
When Null0 interface is specified as the default output in local policy routing, the Route Switch Module (RSM) may fail to boot or reboots repeatedly. There is no workaround.
•
A router that has the ip multicast boundary access-list-number interface configuration command configured on an interface may reload when the access list is defined. There is no workaround.
•
A Cisco router that is running Open Shortest Path First (OSPF) as the routing protocol may experience a software forced reload and display the following error messages under normal operation:
%SYS-3-BADBLOCK: Bad block pointer %SYS-6-BLKINFO: Freespace does not end at end of the pool blkThis problem occurs only when the router receives a corrupted link-state advertisement (LSA). There is no workaround.
ISO CLNS
•
When two routers have two peer-to-peer parallel adjacencies between them, and the link with the lowest metric goes down, a new link-state packet (LSP) is not created. This situation may create a loss of connectivity between the two routers.
Workaround: Force an LSP generation by using the clear clns * command or the clear isis * command.
•
If a Layer 2-only interface goes down on a Cisco router that is running the Intermediate System-to-Intermediate System (IS-IS) protocol, and if that router is using route leaking to redistribute the network on that interface into Layer 1, the network might not be removed from the Layer 1 link-state packet (LSP) on that router.Workaround: Enter the clear ip route {*} EXEC command. The LSP should be properly regenerated.
•
A Cisco router may reload when Intermediate System-to-Intermediate System (IS-IS) is enabled. There is no workaround.
•
A Cisco router that resides on a network with Intermediate System-to-Intermediate System (IS-IS) and Open Shortest Path First (OSPF) running concurrently with default admin distances configured may reload when the clear ip route * EXEC command or the router ospf process-id global configuration command is entered and when a subnet prefix is shared by both IS-IS and OSPF.
Workaround: Change the admin distance under the router isis [tag] global configuration command.
Miscellaneous
•
A PA-A3 port adapter may report a higher than expected number of cyclic redundancy check (CRC) errors on an ATM interface for one or more virtual circuits (VCs). The root cause of the problem is that the affected versions of Cisco IOS are counting packet bytes which were received with CRC errors, rather than counting packets with errors. This condition makes the CRC error counter many more times higher than the actual value. The same behavior also occurs with the aborts and giants. Note that the firmware and not IOS detects the giants.
Workaround: Troubleshoot the cause of the CRC errors.
•
A Cisco router may experience cable modem reloads when configuring access list number 100 or 101.
Workaround: Use other access list numbers.
•
When Multiprotocol Label Switching (MPLS) is enabled on an ATM interface, a spurious access may occur if a bind response is received from a Tag Distribution Protocol (TDP)/Label Distribution Protocol (LDP) neighbor for which a matching request could not be found. This problem occurs after a large routing topology change has occurred and the router may fail to process Bind response messages immediately. There problem may cause the router to reload unexpectedly. The likelihood of a reload increases if a default route of 0.0.0.0/0 exists in the network. There is no workaround.
•
A Cisco 3600 series router may experience sustained CPU usage of 30 percent when reverse Telnet is made to the 32-port Asynchronous Network Module (NM-32A). There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.1 or 12.1 T may experience a memory leak with IP Security (IPSec) and multilink enabled.
Workaround: Disable fast switching.
•
On a Cisco 12000 series Internet router, distributed Cisco Express Forwarding (dCEF) may be disabled because of a low-memory condition during a large routing update (for example, while booting up).
Workaround: Reduce the maximum path in Border Gateway Protocol (BGP) to reduce amount of information CEF propagates to the line cards, or reduce TCP window size to reduce the speed of incoming BGP updates.
Alternate workaround: Enter the ip cef linecard ipc memory ? 0-128000 interface configuration command. The amount of line card memory is limited to 50 percent of the total memory. This command allows you to allocate a larger amount of line card memory to the queueing for CEF routing to update messages; it allows the Route Processor to free memory by releasing CEF updates more quickly; and it prevents the low-memory condition from occurring on the Route Processor.
•
When a Cisco router that is running Cisco IOS Release 12.1(4) or a later release uses the copy ftp:// command to download an image from a File Transfer Protocol (FTP) server, the image is downloaded several times. In a network with slow links, this inefficient use of bandwidth causes the operation to take longer than it would if the image was downloaded only once. This situation does not affect Cisco IOS Release 12.0. There is no workaround.
•
On a Cisco router, few security associations (SAs) come down and recover immediately when you create multiple IP Security (IPSec) tunnels (500) with an Internet Key Exchange (IKE) lifetime of 86,400 seconds and an IPSec lifetime of 180 seconds. All 500 IKE SAs are established. Over a period of time, with continuous traffic, few IKE SAs (around 1 to 5) come down and recover immediately. This situation occurs prior to IKE rekeying, and the router does recover by itself, so there is no functional impact. The IKE SAs begin terminating any time there is a retransmission during quick mode (QM). The retransmissions continue after QM finishes successfully. After 4 attempts, QM deletes the IKE SAs. There is no workaround.
•
With engine 2-based Internet Router linecards, a line card to route processor queue can grow too large causing malloc failures on the line card. There is no workaround.
•
Engine 2 Packet over SONET (POS) line cards on a Cisco Internet Router may be severely affected and may reset if hundreds of Multi protocol Label Switching (MPLS) tunnel interfaces are unconfigured simultaneously under heavy stress conditions. Such conditions may include the presence of several Border Gateway Protocol (BGP) and Open Shortest Path First (OSPF) routes and heavy line rate traffic. This condition is most likely to occur if the Interior Gateway Protocol (IGP) is Intermediate System-to-Intermediate System (IS-IS). There is no workaround.
•
When a High Availability (HA) switchover is performed on a Cisco Catalyst 6000 switch that has redundant Multilayer Switch Feature Card (MSFC2) and HA enabled, the traffic recovers for a short period of time and then stops and never resumes on the WS-X6101 ATM module that is running Cisco IOS Release 12.1(5a)E3. The message "waiting for semaphore release" is displayed on the console of the ATM module until the module is reset.
Workaround: Upgrade to Cisco IOS Release 12.1(8)E.
•
Resource Pool Manager Server (RPMS) messages are not processed frequently enough and messages are dropped because of queue overflow. This condition results in call count synchronization issues on the RPMS. There is no workaround.
•
A Cisco router reloads because of a SIGTRAP exception. There is no workaround.
•
A Cisco 3640 router with an NM-4T network module that is connected back-to-back through a serial interface to another Cisco 3640 router with another NM-4T network module starts to drop packets in the input queue of the DCE side of the serial interface after approximately two weeks of normal operation. The number of packets dropped in the input queue coincides exactly with the number of packets marked as "no buffer" in the output of the show interfaces serial [interface]. Throttles and input errors are also reported on this interface. The number of input errors coincides with the number of overruns. This situation does not affect the DTE side of the connection.
Workaround: Reload the router. Momentarily shutting down the interface does not work.
•
The show atm pvc [vpi/vci | name | interface atm interface-number][ppp] privileged EXEC command may not indicate the correct number of actual virtual connections that are dropped on the SW1 interface.
The following command output of the show atm pvc privileged EXEC command shows the incorrect output of "0" InPktDrops and "0" OutPktDrops:
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 6653855
InPktDrops: 0, OutPktDrops: 0There is no workaround.
•
If the routing process modifies a prefix marked as "is subnetted", Cisco Express Forwarding (CEF) may incorrectly delete that prefix from its forwarding table. There is no workaround.
•
An Open Connect Client physical unit 2.0 (PU2.0) station rejects Systems Network Architecture Switching Services (SNASw) segment interleaving, returning a sense code of 80070000. There is no workaround.
•
A Cisco Transaction Connection (CTRC)/Systems Network Architecture (SNA) switch router reloads after failing to connect to the host. There is no workaround.
•
After establishment of IP Security (IPSec) security associations (SAs), the remaining lifetimes of IPSec SAs may differ significantly, which may cause loss of encrypted connectivity.
Workaround: Lower the lifetimes of the IPSec and Internet Security Association and Key Management Protocol (ISAKMP) SAs. This workaround may minimize the impact for some environments but does not fully solve the issue and may include undesirable consequences.
•
When Cisco IOS software has to choose between several phase two security associations (SAs) after having negotiated a new SA, it may choose an old SA instead of the newly negotiated SA. The other side sees invalid security parameter index (SPI) messages until the crypto map is removed and reapplied on the interface. Clearing the SAs manually may not always work. There is no workaround.
•
On a Cisco 4500 series router with ISDN PRI that is running Cisco IOS Release 12.1(7), ISDN Layer 2 does not come up after a reload. The router displays the following error messages during bootup:
%CONTROLLER-5-UPDOWN: Controller E1 0, changed state to up
%DSX1-3-M32_BAD_INTQ: Munich 32 bad interrupt queue: Ctrl
= 0x3C100040, Channel = 15
-Process= "Framer background", ipl= 0, pid= 23
-Traceback= 60030AC0 60030F2C 6003104C 60032838 6005AC8C 600592C4 60054554 600546C4 6005B858 6005DC64 60386A84 60386A70*:Workaround: Enter the shutdown command followed by the no shutdown command on the serial interface.
•
There is no connectivity above Layer 1 after an E1 device that is connected to a Circuit Emulation Services (CES) port on a Cisco Light Stream 1010 Layer-3 enhanced ATM switch is reset.
Workaround: Enter the shut command followed by the no shut command on the constant bit rate (CBR) interface on the Cisco Light Stream 1010 switch.
•
Failing keepalives may destroy valid security associations (SAs). There is no workaround.
•
A Cisco router reloads if you use the ip mtu interface configuration command on an interface that has a crypto map attached. There is no workaround.
•
When V.110 calls are terminated on a Cisco access server that is using a Cisco Resource Pool Manager Server (RPMS) with Signaling System 7 (SS7) solution, the access server rejects the calls because it is unable to allocate a resource.
Workaround: Disable resource pooling on the access server.
•
A Cisco router may experience an unexpected reload in an Multilink PPP virtual termination (MLPVT) module when a Stack Group Bidding Protocol (SGBP) member is deleted while the SGBP member is still being authenticated. The process that is doing this authentication (specifically the verification of the response from the other member to the challenge) takes some time because it issues a RADIUS request and then waits for the RADIUS response. Within the time frame that the member is still being authenticated, if the SGBP member is removed from the command-line interface (CLI), the authentication process tries to access the memory referenced by the now deleted SGBP member when it restarts again. The router then reloads. There is no workaround.
•
Under certain circumstances, Rivest, Shamir, and Adelman (RSA) keys generated in Cisco IOS software are not recognized when a Cisco router reloads. Error messages about Secure Shell (SSH) configuration commands, which rely on RSA keys to exist, may occur. When the RSA keys are not read, the SSH configuration cannot be read. Error messages about the SSH commands are displayed on the console after bootup. This situation is caused by a bad default value in the hardware clock of the router (the value appears as 1917).
Workaround: Set the value of the hardware clock to a reasonable value using the clock set EXEC command followed by the clock update-calendar EXEC command before regenerating the RSA keys.
•
Firmware needs to be reset because of a firmware directory (FW) watchdog timeout when Frame Relay is configured. There is no workaround.
•
If you use the no router ospf global configuration command to remove an Open Shortest Path First (OSPF) configuration from a Cisco router that is configured with Tag Distribution Protocol (TDP) or Label Distribution Protocol (LDP), Multiprotocol Label Switching (MPLS) connectivity may be lost.
The output of the show tag-switching atm-tdp bindings or the show mpls ip binding privileged EXEC command shows no route for prefixes that correspond to connected routes, including the TDP/LDP router ID. After approximately 5 minutes, the local labels for the connected routes are withdrawn from all TDP/LDP neighbors, are removed from the Tag Forwarding Information Base (TFIB), and are deallocated, resulting in the loss of MPLS connectivity.
Workaround: Enter the shutdown command followed by the no shutdown command on each interface that is up.
•
If access lists matched to a crypto map include public Port Addressed Translation (PAT)/Network Address Translation (NAT) IP addresses, the tunnel comes up but fails to pass any IP Security (IPSec) traffic. The following message is displayed in the router:
03:41:43: %IP-3-LOOPPAK: Looping packet detected and dropped - src=192.147.21.165, dst=157.154.194.85, hl=20, tl=44, prot=6, sport=80, dport=4624 in=FastEthernet0/0, nexthop=157.154.252.30, out=FastEthernet0/0Note: Internal devices cannot access each other via the public address even though you can "source ping" or "source telnet" from the same router to the peer. This is not a platform-specific issue.
Workaround: Do not use public addresses and bypass NAT. Refer to: http://www.cisco.com/warp/public/707/static.html.
Alternate workaround: Include a different network on your NAT pool. If the IP NAT POOL is not on the same network as one of your interfaces, IPSec traffic will be routed. You may also use a Integrated Services Module (ISM).
•
Reloading a Cisco router that has Cisco Express Forwarding (CEF) disabled with the no ip cef command in the configuration may result in the router displaying a "SYS-3-MGDTIMER: Uninitialized timer" error message. In this situation, packet forwarding is not affected. There is no workaround.
•
A Cisco 7200 series router that is running Cisco Encryption Technology (CET) with 50 peer routers may have problems with encrypted tunnels and log the following traceback message:
%SYS-2-CHUNKBOUNDSIB: Error noticed in the sibling of the chunk epa crypto blk, Chunk index : 100, Chunk real max : 100
-Process= "Key Proc", ipl= 0, pid= 72
-Traceback= 6050427C 60F81AF8 60F76E9C 604FD2F4 604FD2E0There is no workaround.
•
A Multiprotocol Label Switching (MPLS) router may reload if it is sending traffic out an interface that is configured with Inter-Switch Link (ISL) encapsulation and the ISL is unconfigured on that interface.
Workaround: Do not unconfigure ISL.
•
The "Rx-ring" and "Tx-ring" values are not always displayed when the show atm pvc [vpi/vci | name | interface atm interface-number] privileged EXEC command is entered. There is no workaround.
•
On a Cisco router that is running Cisco IOS Release 12.1(3a)T3, the Internet Control Message Protocol (ICMP) Type 3 Code 4 "Fragmentation required but do not fragment (DF) bit set" is generated by a router when it discovers that a packet received on one interface is too large to be sent on a subsequent interface. The normal course of action is for the router to fragment the packet into two or more pieces and send each one. However with the DF bit set, the router cannot do this; instead it sends back a "Fragmentation required but DF bit set" message to the transmitter. Ideally, the sender uses this message (which contains the maximum packet size that can be sent without fragmentation) to reduce the packet size so that unfragmented end-to-end communication occurs. In the case of traffic sent across a Multiprotocol Label Switching (MPLS)/Virtual Private Network (VPN), an additional overhead of 8 bytes (2 labels) is imposed by the provider edge (PE) router. For traffic generated from Ethernet (or defaulted on a T1 link) that normally consists of the maximum transmission unit (MTU) size of 1500 bytes, this situation reduces the size to a maximum of 1492 bytes without fragmentation. The ICMP message generated by the PE router should show 1492 bytes as the largest supportable frame size within the ICMP message. Instead, the message shows an MTU of 0. There is no workaround.
•
A Cisco 3600 series router with a 1-port T1/fractional T1 integrated data service unit/channel service unit (DSU/CSU) WAN interface card (WIC-1DSU-T1) may experience an uncommanded increase in time-slot speed from 56kb to 64kb. The command output of the show service-module EXEC command may continue to indicate that the speed is set to 56kb even though the speed has increased. In this situation, the serial line will be in an up or down state.
Workaround: Set the time-slot speed to 64 Kb and then back to 56 Kb.
•
In Cisco IOS Release 12.2(0.11)T, a dynamic crypto map may be created for a flow that is denied in the dynamic crypto map template Access Control List (ACL). There is no workaround.
•
The crypto interface on a Cisco 7200 series router that is running Cisco IOS Release12.1(5a)E2 with IP Security (IPSec) encryption enabled may become wedged after it has been running for a period of time.
Workaround: Reload the router.
•
Entering the show ip cef exact-route command at the headend of a Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) tunnel may cause the Route Processor (RP) in a Cisco 12000 series Internet router or a Cisco 7500/RSP series router to reload. This situation occurs when the destination prefix is recursive and the router is load sharing to the next hop. There is no workaround.
•
After the following SNMP commands are configured on a Cisco uBR7200 router that is running Cisco IOS Release 12.1(06)EC01 and the router is power cycled, the envmon trap associated with the environmental monitoring daemon fails to be activated. Traps that are related to envmon are not seen when the debug snmp packet EXEC command is entered.
–
–
–
There is no workaround.
After this problem is corrected in subsequent Cisco IOS releases, a ciscoEnvMonRedundantSupplyNotification will be sent out when the environmental monitoring daemon detects a change in the power supply status.
The environmental monitoring daemon checks the status of the power supply, the temperature, and the voltage of the router in a sequential order. After the environmental monitoring daemon finishes checking the status of the voltage on a router, it will cycle to the beginning of the sequence to check the status of the power supply, the status of the temperature, and the status of the voltage on a router.
On certain Cisco uBR7200 routers, it may take up to 2 minutes for a router to cycle through a complete status check. The show env all privileged EXEC command can be used to force the router to check and display the status of the power supply without having to wait for the router to cycle through a complete status check.
•
After a reload of downstream data-link switching (DLSw) routers, a number of Systems Network Architecture (SNA) switch-attached physical units (PUs) are stuck in the pend ACTPU state without the associated downstream links. This situation is created when the PUs connect and disconnect quickly and the REQACTPU message sent to the virtual telecommunications access method (VTAM) receives a response. There is no workaround.
•
A Cisco 1750 router that has a one-port 64K synchronous WAN interface card (WIC-1T) and that uses data terminal ready (DTR) dialing does not respond by raising its DTR lead after a CD signal has been received and detected. This configuration works with a Cisco 3620 or 3640 router that is running Cisco IOS Release 12.0(7)T, but does not work with a Cisco 1750 router that is running Cisco IOS Release 12.0(7)T. There is no workaround.
•
A Cisco router may reload continuously when it is booted up with Cisco IOS Release 12.1 or Release 12.2(0.11)T and has the logging source-interface command copied from Release 12.2(0.16)T or a later release. There is no workaround.
•
With Internet Security Association and Key Management Protocol (ISAKMP) keepalives, IP Security (IPSec) security associations (SAs) fail to be deleted when Internet Key Exchange (IKE) SAs are deleted. There is no workaround.
•
A Cisco router with a Systems Network Architecture (SNA) switch may not include the Network Services (NS) secondary logical unit (LU) name in a negotiable BIND. The station connection may fail. There is no workaround.
•
A tag problem occurs with a provider edge (PE) router that is running Cisco IOS Release 12.1(7).3 and a PE router that is running Cisco IOS Release 12.0(15)S1. The problem occurs when automatic protection switching (APS) is switching from Working to Protected. IP Intermediate System-to-Intermediate System (IS-IS) switches over to an active Packet-over-SONET (POS) interface, but the tag-switching Tag Distribution Protocol (TDP) neighbor is lost. The output from the show tag-switching interfaces privileged EXEC command shows that the interface is operational for both routers.
Workaround: Enter the no tag-switching ip command followed by the tag-switching ip command to restart the TDP neighbor for either router.
•
The Cisco IOS feature ISDN Link Access Procedure, Balanced-Terminal Adapter (LAPB-TA) is not supported on a Cisco 3620 series router. There is no workaround.
•
In a Multiprotocol Label Switching (MPLS)/Virtual Private Network (VPN) environment, a Cisco router that is configured as a provider edge (PE) device cannot provide Internet access to the local VPN routing and forwarding instance (VRF) using recursive static default route with the "global" modifier (which is pointing to an Internet gateway in the global routing table) if the core MPLS routers do not have a full Internet routing table installed (Border Gateway Protocol (BGP)-free core). The problem is that such a route does not inherit the label for reaching the Internet gateway.
Workaround: Configure a generic routing encapsulation (GRE) tunnel between the PE and the Internet gateway.
Alternate workaround: Configure a PE directly connected to the Internet gateway (as the PE-to-customer-edge (CE) link) and advertise the default route from that PE in the VPN.
•
When a Resource Pool Management Server (RPMS) is configured with a local Resource Pool Management (RPM) as a backup, and the RPMS is unreachable, fallback to the local RPM fails and the calls are rejected.
Workaround: Set the TACACS+ timeout to three seconds or fewer using the tacacs-server timeout seconds global configuration command.
•
A Cisco 12000 Internet Router that is running Cisco IOS Release 12.0(16.6)S with an Advanced Technology Attachment (ATA) SanDisk in the first PCMCIA slot (disk0:) may experience a software-forced reload when you load the conn_isp image. There is no workaround.
•
The virtual private dialup network (VPDN) tunnel on a Cisco access server may fail to become active on an async modem call when resource pooling is configured. There is no workaround.
•
A Cisco router that is configured for SNA Switching Services (SNASw) reloads at ndr_pufut_trigger_fsms. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.2(0.18)S, 12.1(6.05)EC01, 12.2(0.19)PI, 12.1(8.01) 12.0(16.05)ST, 12.2(0.18)T, 12.2(0.18), 12.1(6.05)E01, or 12.0(16.05)S will reload when a copy command is used with a non-existent Advanced Technology Attachment (ATA) SanDisk destination.
Workaround: Do not use a nonexistent ATA sandisk destination with the copy EXEC command.
•
The output of the show ip cef inconsistency record command may not include expected event log entries for the recorded inconsistency occurrences.
Workaround: Use the no ip cef table consistency-check type lc-detect or the no ip cef table consistency-check global configuration commands instead.
Novell IPX, XNS, and Apollo Domain
•
A Cisco 4500 series router may have its memory fragmented because of Internetwork Packet Exchange (IPX). There is no workaround.
•
On a Cisco router that is running Cisco IOS Release 12.2(0.12)T, old Internetwork Packet Exchange (IPX) per-user profiles are not removed when you use the access-profile [merge] EXEC command. This situation does not affect Cisco IOS Release 12.2(0.3)T. There is no workaround.
Protocol Translation
•
The Protocol Translator may authenticate a user using the privilege level of the previous session if you do the following:
a.
b.
c.
d.
If the connection established in step d uses the vty that was used in step c, it will inherit the privilege level established in step c. There is no workaround.
TCP/IP Host-Mode Services
•
When the ip finger [rfc-compliant] global configuration command is configured on a Cisco router that has more than 20 users logged to the router, a finger request from a host steals the vty and causes the router to pause indefinitely.
Workaround: Do not configure the ip finger [rfc-compliant] global configuration command on the router.Wide-Area Networking
•
The vpdn ip udp ignore checksum command is not processed in NVGEN correctly. There is no workaround.
•
A Cisco router reboots when you use virtual private dialup network (VPDN) tunnels and when a dialer map is unconfigured while the dialer carrier timer is running. There is no workaround.
•
If you use the frame-relay interface-dlci interface configuration command on a BRI interface, a Cisco router cannot ping the router. The frame-relay inverse-arp interface configuration command does not work on a BRI interface. Similarly, the frame-relay traffic-shaping interface configuration command is not supported on a BRI interface.
Workaround: Use the frame-relay map ip-address dlci [broadcast] interface configuration command to ping the remote router.
•
A Cisco 3600 series router may display the following error messages under unknown circumstances:
%SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=3D625093BC, count
-Traceback 602FBF0C 6096270C 60961BBC 60962BE4 6029F8F4 603C1984 603C1BD8 609F0880 609F05CC 6032F1AC 6032F198There is no workaround.
•
If the show queue interface-type interface-number Privileged EXEC command is entered on a Cisco 3660 router that has Frame-Relay fragmentation enabled, the router may reload or provide incorrect packet information from the command output.
Workaround: Disable Frame-Relay fragmentation or use a byte size that is large enough to prevent fragmentation from occurring.
•
A Cisco 7200 series router that is running Cisco IOS Release 12.1(5a) may reload under rare circumstances with a bus error at address 0xD0D0D11. There is no workaround.
•
Shutting down an ATM interface using the shutdown command while any of its subinterfaces are members of a Multilink PPP bundle may cause a Cisco router to reload if the interface is shut down while the bundle is sending data. There is no workaround.
•
A Cisco Systems Network Architecture (SNA) switch router pauses indefinitely approximately 2 minutes after a Cisco router reloads, showing periodic memory allocation failure messages. This situation is related to the number of uplinks defined.
Workaround: Reduce the number of uplinks to eight.
•
In Cisco IOS Releases 12.1 and 12.2, when Multilink PPP is used with fast-switching and fragmentation enabled, the multilink fragments are sent without the Layer 2 encapsulation (Frame-Relay or ATM AAL5SNAP).
Workaround: Disable fast-switching by configuring the no ip route-cache command on all interfaces or disable fragmentation by configuring the no ppp multilink fragmentation command on the virtual template interface.
•
A bus error may occur at bootup on a Cisco Route Switch Processor 1 (RSP1) with some interface processors (IPs) such as a Versatile Interface Processor 2-40 (VIP2-40) or a Fast Ethernet Interface Processor 2 (FEIP2).
Workaround: Perform an online insertion and removal (OIR) after booting up without them.
Alternate workaround: Use the Cisco IOS release that contains the fix for this caveat. Both the Cisco IOS image and the boot image must be upgraded.
•
In an X.28 asynchronous configuration, when an X.25 call is placed and while TCP is trying to get established, if the physical layer is reset, the line stays in the Program Specific Information (PSI)-enabled state and is carrier dropped. You can recover without a reload by using the physical-layer {sync} interface configuration command and the physical-layer {async} command on the interface with the problem.
Workaround: Prevent TCP from trying to open a connection when the remote end is down by providing the remote loopback in a dynamic routing environment, assuming that no other routes cause the router to attempt to access the network of loopbacks (the default route).
•
A slow memory leak may occur related to PPP over Ethernet (PPPoE) authentication. In a configuration of 128 MB RAM and an average of 200 to 300 concurrent users (virtual private dial-up network (VPDN) sessions), the memory of the Node Route Processor (NRP) is exhausted after three to four weeks.
Workaround: Reload the NRP approximately every two weeks.
•
Incorrect network access server (NAS) messages are sent to a Cisco SC2200 Signaling Controller when Non-Facility Associated Signaling (NFAS) members from different NFAS groups are added to the interleave order.
Workaround: Avoid adding NFAS members from different NFAS groups to the interleave order and add all NFAS members of the same NFAS group in ascending order.
•
This problem pertains to Cisco 7500 series routers that are running Cisco IOS Release 12.1(7) with the rsp-jsv-mz image that has Hot Standby Router Protocol (HSRP) enabled. If any of the interfaces on the active router is shut down, the main interface on the router may also be inadvertently shut down. If HSRP is disabled, only the subinterface that is shut down will be disabled.
Workaround: Use Cisco IOS Release 12.1(9).
•
X.25 circuit switching over dialer interfaces may fail if the connection is already established. There is no workaround.
•
A Cisco router may reload after you use the isdn leased-line bri 0 128 global configuration command in a 128k leased-line BRI interface in Cisco IOS Release 12.1(7.3), Release 12.2(0.14), or Release 12.2(0.15)T. This situation occurs if the ISDN interface is shut down and is configured without any dialer commands. The problem occurs only when these conditions apply but is not necessarily triggered by the actions of shutting down or configuring the interface. There is no workaround.
•
In a Signaling System 7 (SS7)/ISDN interconnection (NI2+ to SS7), if the SS7 circuits on the Cisco SC2200 series Signaling Controller that are associated with a Cisco AS5300 series universal access server are blocked, these ISDN channels on the access server change to the maint_pen state (5). If you then use the shutdown command followed by the no shutdown command on the Redundant Link Manager (RLM) group, ISDN reinitializes only the primary DSL of the NFAS group (changes it to the idle state). Other DSL remain in the maint_pen state. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.1(7) in a Signaling System 7 (SS7) configuration may reload when you place PPP modem and ISDN calls at approximately 4 cps with continuous pings and then use the write memory command. There is no workaround.
•
Multiple channels may stay in the proposed state on the egress gateway after overnight stress. There is no workaround.
•
A Cisco router that has Cisco Express Forwarding (CEF) enabled and that is configured as a Layer 2 Tunneling Protocol (L2TP) Access Concentrator (LAC)/Network Address Translation (NAT) that is running Cisco IOS Release 12.2(0.18) may reload when packets are CEF switched to a dialer interface from a Layer 2 Tunneling Protocol (L2TP) or Layer 2 Forwarding (L2F) tunnel. The access server displays the following message:
%ALIGN-1-FATAL:Corrupted program counter pc=0x0, ra=0x60BC120C,
sp=0x61C8ED60
%ALIGN-1-FATAL:Corrupted program counter pc=0x0, ra=0x60BC120C,
sp=0x61C8ED60
-Traceback= 0 60BC120C 6022333C 60010260 60013C4C 603728B8 6033FA80
signal= 0xA, code= 0x8, context= 0x61B5BAC0Workaround: Use Cisco IOS Release 12.1 or Release 12.2(0.5e).
Alternate workaround: Disable CEF on the dialer interface by using the no ip route-cache cef interface configuration command.
•
X.25 PAD calls that are routed over X.25 over TCP (XOT) may not work if the first IP address that is configured is not reachable. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.1(8a)
Cisco IOS Release 12.1(8a) is a rebuild release for Cisco IOS Release 12.1(8). The caveats in this section are resolved in Cisco IOS Release 12.1(8a) but may be open in previous Cisco IOS releases.
•
Cisco Express Forwarding (CEF) may incorrectly delete "is subnetted" prefixes, if deleted by the routing process and if a matching subnetted prefix is in the forwarding table. There is no workaround.
•
On a Cisco 7500 series router that is running Cisco IOS Release 12.1 or 12.2 with generic routing encapsulation (GRE) and Cisco Express Forwarding (CEF) enabled, input packet and byte counters may not increment for packets received over a tunnel.
Workaround: Disable CEF.
•
Open Shortest Path First (OSPF) may fail to install the default route in some rare cases. The default route will automatically be installed during next shortest path first (SPF) algorithm.
Primary Workaround: Add a static default route with a higher administrative distance than OSPF and redistribute it through OSPF by entering the following commands:
(config) # ip route 0.0.0.0 0.0.0.0 if-name 200
(config) # router ospf 1
(router config) # default-information-originate
(router config) # redistribute static subnet
Alternate Workaround: Add a fake loopback to OSPF net statements, and flap the loopback. Redistributing it through OSPF will fix the problem completely.
•
A Cisco 12000 series Internet Router that is running Cisco IOS Release 12.0(16.6)S with an Advanced Technology Attachment (ATA) sandisk in the first PCMCIA slot (disk0:) may experience a software-forced reload when you load the conn_isp image. There is no workaround.
•
If the traffic-share min across-interfaces command is enabled, some parallel paths may not be installed in a Cisco routing table if the number of parallel paths is initially higher than the maximum number of paths and some of the paths that are in the routing table become undesirable (higher cost) and are removed.
Workaround: Use the clear ip route* command.
Resolved Caveats—Cisco IOS Release 12.1(8c)
Cisco IOS Release 12.1(8c) is a rebuild of Cisco IOS Release 12.1(8). The caveats in this section are resolved in Cisco IOS Release 12.1(8c) but may be open in previous Cisco IOS Releases.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.1(8)
All the caveats listed in this section are resolved in Cisco IOS Release 12.1(8). This section describes severity 1 and 2 caveats and select severity 3 caveats.
Basic System Services
•
Dual-tone modulation frequency (DTMF) digits may be clipped on permanent voice trunks that use idle channel suppression to save bandwidth between calls. Clipped DTMF digits may not be recognizable by an attached PBX or voice switch.
Workaround: Ensure that DTMF digit duration is sufficiently long (such as 60 to 80 microseconds).
Alternate workaround: Delay the wait period for DTMF digits to be transmitted after seizing a channel.
•
On rare occasions, channel-associated signaling (CAS) bit changes to a specific time slot on the digital voice port may not be sent at the moment they were intended. The proper CAS bits are sent when the CAS bit changes occur on another time slot. No workaround is necessary because the situation is self-correcting.
•
PPP negotiation fails when you use asynchronous PPP with dialer profiles while running Cisco Discovery Protocol (CDP).
Workaround: Use the no cdp run interface configuration command.
•
You cannot run NetFlow and distributed Cisco Express Forwarding (dCEF) on a Versatile Interface Processor (or a Gigabit Ethernet Interface Processor Plus (GEIP+) card with 256 MB of DRAM. There is no workaround.
•
A Cisco 3810 router that is running Cisco IOS Release 12.1 may experience a situation in which an ATM subinterface and the main interface and all other subinterfaces are deleted from the running configuration.
Workaround: Enter the shut command in subinterface configuration mode.
•
A Cisco 7200 series router that is running Cisco IOS Release 12.1(5a)E may display the following alignment errors and may incur these errors at a rate of one error per second:
%ALIGN-3-SPURIOUSWorkaround: Use Cisco IOS Release 12.1(7)E or Release 12.2.
•
Flash memory is put in a "Device not programmable status" state. This situation is consistently seen with certain images on the Cisco 1600 series platform and with vendor-specific Flash memory. The router displays the following error message:
%Error: PCMCIA flash sizing mismatch Size reported = 16384KB, calculated = 16640KBThe image should run correctly except the information for a Flash memory card is incorrect. The Flash memory device is locked so you cannot use the Flash memory. There is no workaround.
•
A digital signal processor (DSP) on a Cisco MC3810 multiservice concentrator Version Control Manager (VCM) runs out of millions of instructions per second (mips) on the CPU when running g.729a with 24-ms echo cancellation tails, which results in poor voice quality.
Workaround: Reduce the echo cancellation tail to 16-ms or 8-ms.
DECnet
•
DECnet fast switching does not work on 802.1q trunks.
Workaround: Disable fast switching of DECnet packets using the no decnet route-cache interface configuration command on the primary interface that contains subinterfaces with encapsulation method dot1q.
IBM Connectivity
•
When you configure Frame Relay Access Support (FRAS) boundary access node (BAN) with dial-on-demand routing (DDR) backup, the backup is only driven if the primary interface goes to the down/down state. If the data-link connection identifier (DLCI) is lost, then the interface goes to the up/down state and the backup is not driven. There is no workaround.
•
Data-link switching (DLSw) Ethernet redundancy does not work on Inter-Switch Link (ISL) encapsulated subinterfaces of Versatile Interface Processor (VIP) cards with Ethernet port adaptors in a Cisco 7500 series router.
Workaround: Do not use DLSw Ethernet redundancy. Configure support for DLSw using the transparent bridge group commands.
•
When a data-link switching (DLSw) circuit gets established on a Cisco 3640 router that is running Cisco IOS Release 12.0, the router sends a receiver ready (RR) frame to the secondary station indicating that it is ready to accept Information frames (I-frames). The station now responds with the I-frame very rapidly, which arrives at the router about 0.5 microseconds after the router has sent the RR-frame. With priority peers, a race condition may develop between the first i/frame and the contacted SSP message if they are over different ports. If the i/frame is received first, it is dropped.
Workaround: Use Cisco IOS Release 12.1 or a later release.
•
A Cisco 2650 router that is running Cisco IOS Release 12.1(5)T may pause indefinitely because of the Bisync Serial Tunnel (BSTUN) feature. There is no workaround.
•
A Cisco router configured for Frame Relay Access Support (FRAS) boundary access node (BAN) does not turn on Routing Information Identifier (RII) when sending out explorer frames on the Frame Relay interface. There is no workaround.
•
You may receive the following information every day after upgrading from Cisco IOS Release 11.3 to Release 12.0(13):
%TCP-2-INVALIDTCPENCAPS: Invalid TCB encaps pointer:0x0
-Process= "IP Input", ipl= 0, pid= 12
-Traceback= 60382C2C 60383F14 60A56FF0 60A583F8 60A569E4 60A46840 60A4E58C
60382B78 602EAE00 602ECB84 603233D4 6030BD04 6030A200 6030A2FC 6030A470
6 02973ACThis situation is specific to a data-link switching (DLSw) border peer network. It does not happen in a standard DLSw environment with only configured or promiscuous DLSw peers. There is no workaround.
•
On a Cisco 7500 series router when a serial port adapter (PA) is configured with Serial tunnel (STUN) encapsulation, the Route Switch Processor (RSP) performs a Cisco bus (Cbus) complex. This situation happens when the encapsulation is changed from or to STUN. There is no workaround.
•
Channel Interface Processor (CIP) to Synchronous Data Link Control (SDLC) through Data-link switching (DLSw) local switching on a Cisco router may lose a path information unit (PIU) outbound over the serial interface. Network Control Program (NCP) reports degraded performance and a missing PIU. This situation is caused by carrier transitions occurring on the line. When the transition occurs, the Interface Descriptor Block (IDB) is marked down until the carrier comes back up. If the carrier is down when SDLC tries to encapsulate the packet, the encapsulation fails and the packet is silently discarded. There is no workaround.
Interfaces and Bridging
•
On a Cisco 7200 series router that is running Cisco IOS Release 11.1(22)CC or Release 12.0(9) with a PA-F HW port adapter revision 1.13 or revision 1.14, the interface may stop transmitting packets on the FDDI interface. You can diagnose this situation by the lack of output traffic on the interface and the increasing number of output drops on the interface. The output queue from the show interfaces EXEC command displays output similar to "40/40".
Workaround: Enter the shut command followed by the no shut command.
•
A Packet-over-SONET (POS) interface on a Cisco 7200 or 7500 series router may not come up when you configure the interface remotely using a script. This situation is unlikely to happen in a production network environment.
Workaround: Execute the commands in sequence, with some delay between them (as when a user is configuring the router).
•
A Cisco 7200 series router may restart if a Simple Network Management Protocol (SNMP) query is performed by running Cisco View. Also, the Cisco 7200 series router may reload when the online insertion and removal (OIR) of Fiber Distributed Data Interface card is done running Cisco View. There is no workaround.
•
When a Cisco 7507 router with a Gigabit Ethernet Interface Processor (GEIP) installed in slot 5 and slot 6 is upgraded to Cisco IOS Release 12.0(11)S, the GEIP may experience a reload when booted.
Workaround: Run Cisco IOS Release 11.1(33)CC to stabilize the router.
•
On a Cisco 7500 series router that is running Cisco IOS Release 12.0(7)T or 12.0(10) with a Port Adapter 4T+ (PA-4T+), Fast Serial Interface Processor (FSIP), or Port Adapter 8T (PA-8T), the data terminal ready (DTR) port adapter does not continuously drop and pulse according to the time intervals configured with the pulse-time x interface configuration command. Also, on the FSIP and PA-4T+, the RSP-3-RESTART message appears right before a Cisco router has to be restarted to recover a serial interface from a circuit outage that was configured for the pulse-time x interface configuration command. There is no workaround.
•
When a Cisco router collects input packet counters and input byte counters through Simple Network Management Protocol (SNMP), there is a discrepancy between the counters reported on the physical interface and the counters reported on the ATM adaptation layer 5 (AAL5) subinterface. There is no workaround.
•
A virtual circuit descriptor (VCD) from one bridge group appears in another bridge group. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.0(14)S2 or Release 12.0(15)S may experience problems if you configure a protect interface of automatic protection switching (APS) only when this interface is configured to use encapsulation PPP. The interface is still in the inactive APS protect state. After the link control protocol (LCP) requests time out, the interface sends short alarm indication signal (AIS) and returns to sending LCP requests.
Workaround: Configure the protect interface to use encapsulation High-Level Data Link Control (HDLC).
•
A Cisco router reloads with alignment errors and displays the following error message:
ALIGN-1-FATAL: Illegal access to a low address addr=0x13C, pc=0x6056C83C, ra=0x603E8D4C, sp=0x62177800There is no workaround.
•
Serial Line Address Resolution Protocol (SLARP) is not executed when you install a Clear channel T3 card in a Cisco 7120 router. There is no workaround.
IP Routing Protocols
•
In a full mesh of route reflectors, one or two of the route reflectors may have a Border Gateway Protocol (BGP) table with multiple entries for the same route (there should be only one) with multiple tags. Clients of the route reflector still receive the correct BGP information. Virtual Private Network (VPN) routing/forwarding instance (VRF) interfaces on the route reflector may get an incorrect tag. The same problem was also seen at PEs (not RRs).
Workaround: Clear the BGP session. Clearing the route fixes the tag situation but not the BGP table.
•
A Cisco universal access server that is using Enhanced Interior Gateway Routing Protocol (EIGRP) may reload if the server has insufficient memory, or if there is a memory leak.
Workaround: Add more memory, or use a Cisco IOS release that contains the fix for this caveat.
A Cisco universal access server that is using Enhanced Interior Gateway Routing Protocol (EIGRP) may unexpectedly reload. There is no workaround.
•
In Cisco IOS Release 12.0, a receiver may experience a delay when attempting to subscribe to a group. There is no workaround.
•
After you boot up a Cisco router with Cisco IOS Release 12.0(14.6)S3 or Release 12.0(15)S, Multicast Source Discovery Protocol (MSDP) peer routers belonging to a mesh group may get a source active (SA) limit of 0 associated with the peer routers. The SA messages cannot be received or cached from the MSDP peer routers, and source discovery between the peer routers does not occur. This situation can be diagnosed by a system log similar to the following system log:
%MSDP-4-SA_LIMIT: SA from peer peer-addr RP rp-addr for (src-addr, group-addr) exceeded sa-limit of 0Workaround: Set the MSDP SA limit.
Alternate workaround: Use the no msdp sa-limit command for each peer that belongs to a mesh group after each reload.
•
A Cisco 12000 series Internet router that is running Cisco IOS Release 12.0.(13.6)ST2 or Release 12.0.14S1 may reload and display a "FIB-2-FIBDOWN" message. In a system that has several routes in the routing table (about 100,000 routes), if you try to use the sh ip route [protocol] EXEC command, the router may reload because of a watchdog timeout.
Workaround: Enter the show ip route EXEC command instead of the sh ip route [protocol] EXEC command.
•
In some situations (after a reload or after you clear the Open Shortest Path First (OSPF) process), the Area Border Router (ABR) may fail to maxage for type-3 link-state advertisements (LSAs) generated based on an inter-area route if the inter-area route is lost.
Workaround: Enter the clear ip ospf {process} EXEC command.
•
A Cisco router that is configured with multicast routing reloads when deleting a dot1q or Inter-Switch Link (ISL) subinterface.
The following sequence of commands cause the router to reload:
router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#interface gigabitEthernet 5/0.1
router(config-subif)#encapsulation dot1Q 1
router(config-subif)#ip address 9.9.9.2 255.255.255.0
router(config-subif)#ip sdr listen
router(config-subif)#ip pim sparse-dense-mode
router(config-subif)#^Z
router#
router#configure
%SYS-5-CONFIG_I: Configured from console by consolet
Enter configuration commands, one per line. End with CNTL/Z.
router(config)# no int gigabitEthernet 5/0.1Workaround: Remove the multicast commands from the subinterface before deleting the subinterface. Enter the following sequence of commands:
router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#
%SYS-5-CONFIG_I: Configured from console by consoleint gi
router(config)#interface gigabitEthernet 5/0.1
router(config-subif)#no ip sdr listen
router(config-subif)#no ip pim sparse-dense-mode
router(config-subif)#exit
router(config)#no interface gigabitEthernet 5/0.1
% Not all config may be removed and may reappear after reactivating the sub-interface
router(config)#There is no workaround.
•
For the set ip next-hop route-map configuration command, the command line interface (CLI) prevents you from configuring one of the router interfaces as the next-hop in routing updates (BGP). There is no workaround.
•
When a Cisco router is redistributing Enhanced Interior Gateway Routing Protocol (EIGRP) into Open Shortest Path First (OSPF), and EIGRP has more than one successor, a change in the feasible successor (EIGRP) may not generate the OSPF external link-state advertisement (LSA).
Workaround: Enter the clear ip ospf {redistribution} EXEC command.
•
A provider edge (PE) router does not put a network prefix in its VPN routing/forwarding instance (VRF) routing table when this prefix is received from a Route Reflector (RR) client. There is no workaround.
•
An Open Shortest Path First (OSPF) router that is redistributing a large number of external routes into OSPF may experience high CPU utilization.
Workaround: Do not configure route redistribution into OSPF.
•
A Cisco router reloads when you add the 25th subnet mask to a variably subnetted network.
Workaround: Do not add the 25th subnet mask to a variably subnetted network.
ISO CLNS
•
A Cisco 12000 series Internet router, which is running Cisco IOS 12.0(14)S, may reload by bus error. There is no workaround.
Miscellaneous
•
A Gigabit Ethernet Interface Processor (GEIP) on a Cisco 7500 series router may experience receive problems causing it to pause indefinitely.
Workaround: Disable dCEF on the GE interface.
•
A Cisco AS5300 series universal access server that is used for terminating ISDN calls reloads with a bus error at acct_search_type once within 4 weeks of deployment if you use the aaa accounting resource start-stop group and aaa accounting resource stop-failure group global configuration commands on a network access server (NAS) when a communication problem also exists with the RADIUS accounting server. If the START record is not processed on call termination but still remains in the queue, the NAS reloads. There is no workaround.
•
A router reloads with a bus error at PC 0x60352FFC(pot1e1_safe_start), address 0x0. There is no workaround.
•
When a Cisco router acts as a tag switching edge router, it may stop running Tag Distribution Protocol (TDP) after a reboot.
Workaround: Enter the no tag ip command followed by the tag ip command on the interface.
•
A Cisco Express Forwarding (CEF) entry for a directly-connected route and host on a directly-connected interface points to the wrong next hop. The CEF entry points to an IP address that has been configured as a default gateway.
Workaround: Create the static route for that host.
•
A Cisco 1700 series router has very low throughput when you use IP Security (IPSec) over generic routing encapsulation (GRE) with a hardware encryption card compared to when you use IPSec directly. Packets get processor-switched instead of fast-switched. There is no workaround.
•
A Cisco Route Switch Module (RSM) that is running Cisco IOS Release 12.1(2) and that is configured for triggered Routing Information Protocol (RIP) may reload because of a bus error exception. There is no workaround.
•
An encapsulation change on a permanent virtual connection (PVC) is not reflected in the show atm vc EXEC command. There is no workaround.
•
On a Cisco 7500 series router with a Fast Ethernet Interface Processor 2 (FEIP2), if there is a mismatch between the peer end the duplex option, the router may stop forwarding traffic after displaying several errors, such as the following:
%DEC21140-5-LATECOLL: FastEthernet0/0 transmit errorHowever these errors are shown on the Versatile Interface Processor (VIP) console and are not visible on the Route Switch Processor (RSP) console. After a while, the Fast Ethernet interfaces may experience an output-stuck or output-frozen condition.
Workaround: Keep the similar duplex (full/half) settings on the interfaces connected back-to-back.
•
Fast-switching IP between two ATM lane subinterfaces causes packet corruption in frames larger than 1494 bytes. This situation occurs only in conjunction with Integrated Routing and Bridging (IRB) and at least one of the two subinterfaces in the Bridge Group Virtual Interface (BVI).
Workaround: Disable fast switching on the subinterfaces using the no ip route-cache interface configuration command.
Alternate workaround: Run fallback bridging without IRB.
•
A Cisco AS5800 series universal access server that is running Cisco IOS Release 12.1(05)T or a later release and that is configured with IP Cisco Express Forwarding (CEF) reloads because of alignment and bus errors when V.120 digital calls are present. The access server displays the following restart message:
%ALIGN-1-FATAL: Corrupted program counter pc=0x0, ra=0x6046097C, sp=0x628D9C38There is no workaround.
•
When a Cisco router has IP tunnels configured, it is possible for a series of them to form a loop:
–
–
–
–
This situation causes an infinite stack recursion when a packet gets switched because of the recursive route lookups. Eventually this situation causes the stack to overflow and the Cisco router to reload.
Workaround: Configure static routes for the tunnel destinations.
•
When Cisco Express Forwarding (CEF) is configured, the Forwarding Information Base (FIB) table may conflict with static host routes that are specified in terms of an output interface and Layer 2 address resolution protocols (ARP, map lists, etc.). The Layer 2 address resolution protocol adds adjacencies to CEF, which in turn creates a corresponding host route entry in the FIB table. This entry is called an adjacency prefix. If these adjacency prefix entries are also configured by a static host route, a conflict occurs.
In Cisco IOS Release 12.0 and 12.0 S, the static host route is overwritten by the adjacency prefix. When the adjacency is removed, the static host route is not readded to the FIB table.
Workaround: Clear the routing table using the clear ip route {*} EXEC command to restore the static host routes.
In Cisco IOS Release 12.1, the static host route is not overwritten by the adjacency prefix. This situation breaks the operation of Layer 2 address resolution protocols such as map lists. There is no workaround.
•
A DECnet route does not follow the bridging path in Cisco IOS Release 12.1(5.3). There is no workaround.
•
When the Broadcast and Unknown Server (BUS) is oversubscribed and the Receiver Segmentation and Reassembly (RSAR) version is 3.2.1.2, the RSAR continuously drops the packets. When the RSAR starts dropping the packets, it never recovers. LAN Emulation (LANE) clients or any permanent virtual connections (PVCs) present go down. All incoming traffic is dropped. This situation only occurs in a Cisco IOS Release 12.0(13)W5(19) image.
Workaround: Use Cisco IOS Release 12.0(14)W05(20), Release 12.1(05a)E3, or Release 12.1(3a)XI(5).
•
On a Cisco 3600 series router that is configured for transparent bridging from Ethernet to Token Ring with a Bridge Group Virtual Interface (BVI), you cannot ping from a Token Ring device (device B) to a BVI or to an Ethernet device (device A). There is no workaround.
•
On a Cisco MC3810 multiservice concentrator that is running Cisco IOS Release 12.0(17) with a multiflex trunk module (MFT), the maximum transmission unit (MTU) of a Bridge Group Virtual Interface (BVI) interface changes from 1500 bytes to 1514 bytes to match the MTU of the loopback interfaces. There is no workaround.
•
A Cisco 2621 router that is connected back-to-back with an Ethernet cross-over cable to another router can show an up/up state even though the other side is administratively down. There is no workaround.
•
In some configurations, static routes redistributed into Routing Information Protocol (RIP) may not appear in the RIP database (so they are not advertised to any neighbor) after the interface through which the static route points goes up.
Workaround: Clear the routing table entry by entering the clear ip route {network [mask]} EXEC command.
•
When a Modem ISDN channel aggregation (MICA) modem goes to a "bad" state during an active call, the corresponding line and asynchronous interface data structures may fail to clear. This situation may result in incorrect accounting records being generated.
Workaround: Enter the clear interface async EXEC command to reset the interface and line data structures.
Alternate workaround: Enable PPP link control protocol (LCP) keepalive on the interface (for example, using the keepalive 15 interface configuration command on the applicable asynchronous, group-asynchronous, dialer, or virtual-template). This workaround may cause the interface line to clear automatically when the modem goes bad.
•
A Cisco Versatile Interface Processor 2-50 (VIP2-50) card with two channelized T1 PRI port adapters (PA-2CT1/PRI) reloads when you load the rsp-a3jsv-mz image in Cisco IOS Release 12.2(0.2). There is no workaround.
•
A Cisco 7204 router that is running Cisco IOS Release 12.1(5a) with c7200-is56i-mz. images and that is configured for encryption may display the following error messages:
%SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 60510A90 6050B5F4 6050BDE8 60F83230 60FA29E4 60FA38EC 60FB2110 60FB2308 60FB23A4
%SYS-2-MALLOCFAIL: Memory allocation of 528 bytes failed from 0x6050B5EC, pool Processor, alignment 0
-Process= "<interrupt level>", ipl= 3
-Traceback= 6050E940 60510DA0 6050B5F4 6050BDE8 60F83230 60FA29E4 60FA38EC 60FB2110 60FB2308 60FB23A4
%SYS-3-INVMEMINT: Invalid memory action (free) at interrupt level
-Traceback= 60512E04 6050BAB8 6050C4B4 60F881E4 60F88328 60F88358 60FA340C 60FA3A24 60FB2110 60FB2308 60FB23A4Workaround: Remove the crypto configuration.
•
A Cisco 3640 router that is running Cisco IOS Release 12.1(4) may experience an input queue wedge during normal operation.
Workaround: Reload the router.
•
A Cisco router may reload with a bus error during a Simple Network Management Protocol (SNMP) walk and displays the following error message:
System returned to ROM by bus error at PC 0x2057A4C, address 0x0There is no workaround.
•
On a Cisco router with continuous traffic flowing through an IP Security (IPSec) tunnel, if you try to change the crypto ipsec transform-set transform-set-name transform1 global configuration command (with intranetset as the transform-set-name and ah-md5-hmac esp-des as transform1) to include comp-lzs, the router displays the following error message and reloads:
-Traceback= 61410F08 613F79A4 613F7BF4 613F9BFC 60452CA4 60452C90
*** System received a Bus Error exception *** signal= 0xa, code= 0x10, context= 0x6204c400 PC = 0x6047d87c, Cause = 0x420, Status Reg = 0x34008002 rommon 2 >Workaround: Do not modify the transform set. Stop the traffic, negate the existing transform set, and use a new transform set with the additional required options. Be sure that the transform set is not being used by any crypto map before removing the transform set.
•
In rare situations, an incoming call may be rejected with an indication that there are no resources available, even though there are available resources. There is no workaround.
•
When you configure distributed Multilink PPP on the serial links that belongs to a multichannel 8E1 port adapter (PA-MC-8E1), the link control protocol (LCP) negotiation fails, and the bundle never comes up with all its associated member links. There is no workaround.
•
A Cisco 7500 series router that is configured for Cisco Express Forwarding (CEF) (not distributed CEF) and Multiprotocol Label Switching (MPLS) may stop receiving MPLS packets on Versatile Interface Processor 2 (VIP2) modules after you perform an online insertion and removal (OIR). All MPLS packets are dropped silently, and no counters increase. Enabling dCEF restores the connectivity.
Workaround: Use dCEF globally, and disable it on a per-interface-basis if needed.
•
A Cisco Versatile Interface Processor 2-50 (VIP 2-50) that is running Cisco IOS Release 12.1(6) or Release 12.2(1) may experience dropped address filter commands and display the following error message:
%CBUS-3-CMDDROPPEDThere is no workaround.
•
Stack Group Bidding Protocol (SGBP) may not work if used in conjunction with TACACS or RADIUS server directed requests. Directed requests are configured using the tacacs-server directed-request or the radius-server directed-request global configuration commands and can be used to strip the domain name from the user name. There is no workaround.
•
When you use the ip route-cache flow interface configuration command on a Cisco 3600 series router that has an ATM25 module, the router may reload constantly. There is no workaround.
•
Through the Native Service Point (NSP), the show snasw commands do not work properly.
Workaround: Use a command that is not a show snasw command after using one of the show snasw commands. This workaround flushes both commands. The second command does not have to be a valid router command.
•
When you use a 2 10/100 Fast Ethernet 2 WAN Card Slot Network Module (NM-2FE2W) and the Fast Ethernet port that is not manually configured for 100 full duplex, the show interface fastethernet number EXEC command (with 0/0 as the number) and the show controllers fastethernet number EXEC command (with 0/0 as the number) shows two different outputs regarding the operation mode. The show interface fastethernet EXEC command shows the port as 100 full, while the show controllers fastethernet EXEC command shows the port as 100 half duplex. This situation occurs when you use auto sensing mode. This situation does not occur if you do not use auto sensing and if the port is configured manually. There is no workaround.
•
A Multiprotocol Label Switching (MPLS) router that has several virtual private network (VPN) or IP version 4 (IPv4) Border Gateway Protocol (BGP) routes may experience a memory leak if the route to the BGP neighbor flaps. The memory leak is about 100 bytes per BGP route for each route flap. High memory consumption in the output of the Tag Forwarding Information Base (TFIB) of the show memory summary tfib EXEC command is an indication of the presence of a memory leak. There is no workaround.
•
Line cards on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(14.6)S1, and that has Multiprotocol Label Switching (MPLS) configured, may reload in a stress environment. When one line card with an interface on which MPLS is configured is reloaded manually, other line cards may experience a bus error. The router displays the following message on the console or in the log:
%LCINFO-3-CRASH:Line card in slot <slot num> crashedWorkaround: Do not include a static recursive route to a BGP peer router.
•
In a Multiprotocol Label Switching (MPLS) environment, when a customer edge (CE) router sends a packet that requires fragmentation, the Provider Edge (PE) router sends an "ICMP fragmentation required, but do not fragment set" message. When there are multiple CE routers connected to a PE router, the PE router drops the ICMP message as unroutable to some CE routers, even though the CE routers are directly connected and a route appears in the routing table. This situation does not occur in Cisco IOS Release 12.1(5)T1. There is no workaround.
•
With generic routing encapsulation (GRE) over IP Security (IPSec) configured between two routers, GRE packets are sent in the clear instead of dropped when there is no IPSec security association (SA) established. This situation is a security concern. There is no workaround.
•
On a Cisco router that is running Cisco IOS Release 12.1(3)XS with a Packet Data Serving Node (PDSN), if you enable the mobile IP home agent access list feature on a virtual template using the ip mobile foreign-service [home-access acl] interface configuration command, the PDSN reloads if a session is opened and closed.
Workaround: Disable the home-access acl option in the virtual template.
•
Some member links of a multilink bundle may experience an output stuck state when the bundle is flapped under heavy traffic. There is no workaround.
•
A Cisco 3600 series router that is running Cisco IOS Release12.1(6) or Release 12.0 T may reload while running Inter-Switch Link (ISL) and IP Security (IPSec) with Authenticated Header (AH), Encapsulating Security Protocol (ESP) and IP compression on a Fast Ethernet port.
Workaround: Use 802.1q encapsulation on the port, or reduce the number of transforms on the IPSec tunnel.
•
Under very heavy load conditions, the Gigabit Ethernet Interface of a Cisco 7200 series router may stop transmitting packets. The output queue remains stuck at 40/40.
Workaround: Enter the clear interface gigabitethernet number privileged EXEC command or enter the shut command followed by the no shut command.
•
The Address Resolution Protocol (ARP) entry for an Active virtual IP address may get overwritten when a network transition occurs. This situation is only a problem when the use burned-in address (BIA) feature or configurable MAC addresses are used. Hosts send packets to a MAC address that is not listened for by the active router. This situation is especially noticeable on Bridge Group Virtual Interface (BVI) interfaces but may also occur on Ethernet and Token Ring. There is no workaround.
•
A Cisco Versatile Interface Processor 2-50 (VIP2-50) or VIP4-80 may reload when it has a Multi-Channel T3 port adapter (PA-MC-T3) in one slot of the VIP with any other PA in another slot of the VIP and when traffic is sent through the PA-MC-T3 close to the line rate. This situation has been observed with two PAs in a VIP4-80 with distributed Multilink Point-to-Point protocol (MLPPP).
Workaround: Do not send traffic close to the line rate.
•
Packets are not forwarded on the shortcut when they are destined to IP addresses on which a Multiprotocol over ATM (MPOA) client is bound. There is no workaround.
•
A Cisco LS1010 Lightstream ATM switch or a Cisco Catalyst 8540 router that is running Cisco IOS Release 12.0(13)W5(19) or an earlier release experiences a memory leak when used with a Network Management System (NMS) that is running Simple Network Management Protocol (SNMP) whenever access is made to some Private Network-Network Interface (PNNI) tables.
Workaround: Disable NMS polling of PNNI tables and use a command line interface (CLI) instead for determining any PNNI information.
•
In a Multiprotocol Label Switching (MPLS) or Virtual Private Network (VPN) environment, there is no support for forwarding data to cable interfaces. Packets forwarded from the MPLS or VPN core to the cable interfaces which are in a VPN routing or forwarding instance (VRF) are silently dropped.
Workaround: Configure a summary-only route in Border Gateway Protocol (BGP) and suppress advertisement of any more specific routes pointing to such an interface.
•
When Internet MIX (IMIX) traffic on distributed Multilink PPP (dMLP) is sent at the line rate, 13 percent of packets drop, which causes performance degradation on a Cisco router. There is no workaround.
•
Polling CmCpeTable causes a Cisco router CPU usage to go up to 80 to 96 percent for 3 to 5 minutes on a uBR7246 router that is running Cisco IOS Release 12.0(14)SC compared to 12 percent when the router is running Cisco IOS Release 12.0(11).
This situation occurs because in Cisco IOS Release 12.0(14)SC, for every Simple Network Management Protocol (SNMP) request for cdxCmCpeEntry, a new sorted cable modem (CM) or customer premises equipment (CPE) list is generated in order for the router to search for the right entry to return.
Workaround: Use another method to find out the CM or CPE information.
•
A Cisco AS5300 series universal access server that is running Cisco IOS Release 12.1(6.3) with heavy traffic and Resource Pool Manager Servers (RPMS) enabled may pause indefinitely. There is no workaround.
•
Fax functionality does not work on a Cisco 1700 series router that is running Cisco IOS Release 12.1(5) or Release 12.1(6) that uses digital signal processor (DSP) firmware 3.2.17. The router displays the following error messages:
3.2.17. Following error message will be shown out:
%C54x-1-NO_RING_DESCRIPTORS: No more ring descriptors available on 0 slot.
%C54x-1-NO_RING_DESCRIPTORS: No more ring descriptors available on 0 slot.
%C54x-1-NO_RING_DESCRIPTORS: No more ring descriptors available on 0 slot.
%IPM_C54X-1-DSP_TIMEOUT: dsp 0 NOT RESPONDING.There is no workaround.
•
A Cisco router adds CV 0x2A to the activate logical unit (ACTLU) positive response forwarded to the host indicating a session takeover. Consequently, the session cannot be established. There is no workaround.
•
A Cisco 4500 or 7500 series router immediately displays a traceback message in managed timer after you configure Cisco Express Forwarding (CEF) in global configuration mode.
In a Cisco 3640 router or a Cisco 4500, 7200, or 7500 series router that is configured with CEF, a spurious memory access may occur in the fib feature switch when lots of traffic passes through Cisco Appliance Services architecture (CASA). There is no workaround.
•
When shortcuts are terminated on a Cisco router that is acting as a Multiprotocol over ATM server (MPS) and a Multiprotocol over ATM client (MPC) on the terminating interface, extensions may be missing in the Next Hop Resolution Protocol (NHRP) resolution reply and in the Multiprotocol over ATM (MPOA) resolution reply. There is no workaround.
•
A physical unit (PU) gets stuck in the Pend ACTPU state.
Workaround: Reload the router, or stop and start the Systems Network Architecture Switching Services (SNASw) process in the router.
•
A High-Speed Serial Interface (HSSI) interface of a Versatile Interface Processor (VIP) does not update changes to the maximum transmission unit (MTU) size made on a Cisco Route Switch Processor (RSP) under the respective HSSI interface.
Workaround: Manually change the MTU size under the VIP console. This workaround is not permanent.
•
When two Cisco 7500 series routers are connected back-to-back with one router running distributed Multilink PPP (dMLP) and the other router running MLP (distributed switching off), if fragmentation is enabled on the router that is running MLP, the router that is running dMLP may reload.
Workaround: Disable fragmentation on the peer router of dMLP.
•
If a Virtual Private Network (VPN) routing/forwarding instance (VRF) route points to a next hop that is also resolved by a recursive lookup such as a Multihop external Border Gateway Protocol (eBGP) session, a tag is incorrectly imposed over the Provider Edge (PE)-to-customer edge (CE) link. Consequently, traffic does not pass.
Workaround: Change the eBGP session to use IP addresses rather than Multihop eBGP.
•
When you do Multiprotocol Label Switching (MPLS) label imposition and load balancing, if an IP packet is received on one subinterface and is forwarded to another subinterface of the same physical interface, then load balancing does not occur. All packets are forwarded on the same path. There is no workaround.
•
A Cisco router that is configured for Tag Distribution Protocol (TDP) and that is operating with very little free memory may reload. There is no workaround.
•
When you configure multiple Multilink PPP bundles with class-based weighted fair queuing (CBWFQ) or weighted fair queuing (WFQ), all bundles drop packets. This situation occurs on a Cisco 7200 series router with PA-MC-T3 or PA-MC-2T3+ port adapters. You can see the dropped packets in the output of the show interface multilink and the show queueing multilink commands. The show queueing privileged EXEC command may not provide accurate output. There is no workaround.
•
A Cisco 4500 series router may reload. There is no workaround.
•
For two Cisco routers (A and B) that have Hot Standby Router Protocol (HSRP) over ATM with LAN Emulation (LANE) and that are running Cisco IOS Release 12.1(5a), if you upgrade router B to Cisco IOS Release 12.1(7) and then upgrade router A, after a period of normal operation for router B, reloading router A causes router B to go down. When router B comes back up, then router A goes down. This process continues with one router causing the other router to go down. This situation does not occur if one router is running Cisco IOS Release 12.1(5a) and the other router is running Cisco IOS Release 12.1(7). There is no workaround.
•
When a Cisco Systems Network Architecture (SNA) switch sends an invalid register (that it probably received from a downstream end node), the virtual telecommunications access method (VTAM) unbinds the control-point-to-control-point session 0889 0100. The SNA switch responds with sense 0890 0060 (seen on pdlog). There is no workaround.
•
IP Payload Compression Protocol (IPPCP) performs poorly when using generic routing encapsulation (GRE)/IP Security (IPSec) in transport mode. Tunnel mode works correctly. There is no workaround.
Novell IPX, XNS, and Apollo Domain
•
If you change IPX encapsulation from Service Advertising Protocol (SAP) to Subnetwork Access Protocol (SNAP) on a dot1q subinterface over Fast Ethernet, you may receive "alignment correction" messages. There is no workaround.
•
On a Cisco Catalyst 8500 series switch, during Internetwork Packet Exchange (IPX) routing when there are multiple paths to a destination and one fails, the second route is installed in the Layer 3 routing table but the lower layer switching table does not have the new route. This situation does not affect Cisco 4500 or 4700 series routers. There is no workaround.
•
When a Service Advertising Protocol (SAP) general query is sent to a network that has Routing Information Protocol (RIP) disabled through the ipx router {rip} global configuration command and the no network router configuration command, a mid-sized buffer is lost.
Workaround: Do not disable RIP or use the no ipx linkup-request {sap} interface configuration command.
Protocol Translation
•
The final packets of data in a session that is using X.25 to TCP translation may be lost when you set the x29 inviteclear-time seconds command to none. This situation occurs in Cisco IOS Release 11.3 or a later release. There is no workaround.
•
Permanent virtual circuit (PVC) protocol translation configuration commands disappear when you reload the router.
Workaround: Re-enter the translate global configuration commands without the max-users option.
TCP/IP Host-Mode Services
•
A Cisco router with Path MTU Discovery (PMTUD) enabled may experience high CPU utilization, especially when Maximum Segment Size (MSS) packets are sent frequently, as with Border Gateway Protocol (BGP), and when there are changes in the maximum transmission unit (MTU) in the underlying topology.
Workaround: Disable PMTUD.
Alternate workaround: Use the ip tcp path [age-timer {infinite}] interface configuration command.
Wide-Area Networking
•
When a Cisco 7500 series router has hundreds of Frame Relay (FR) point-to-point subinterfaces (a large-scaled configuration) built on Cisco T1 lines and the logging event subif-link-status and logging event dlci-status-change commands is disabled but the snmp-server enable traps [frame-relay] global configuration command are enabled, then under the T1 line failure (or rather, line status change), the router may experience high CPU utilization. Consequently, FR links and circuits fail to come up.
Workaround: For Cisco IOS Release 12.0, complete either or both of the following steps as appropriate:
1. For a global-level configuration, redirect the console logging messages to system buffers or to a network host.
2. At the interface level where FR runs, disable subinterface and DLCI logging messages using the no logging event subif-link-status command and the no logging event dlci-status-change command. For Cisco IOS Release 11.1 CA and Release 11.1 CC, this second step is essential.
Alternate workaround: Disable the snmp-server enable traps [frame-relay] global configuration command.
•
A Cisco router that is configured for X.25 over TCP (XOT) may experience internal memory allocation failure traceback messages and eventually reload. The output of the show x25 services EXEC command shows that XOT is configured, but not in use. The output of the show x25 context EXEC command shows that the XOT context is in the R/Inactive state. There is no workaround.
•
On a Cisco router that has a Signaling System 7(SS7)-enabled Voice over IP configuration, the output of the show isdn {status} EXEC command may list call control blocks (CCBs) for calls that are no longer active. These CCBs may accumulate over time. There is no workaround.
•
Digital calls may fail to come up, after a few hours of activity where calls come in and drop off on a network access server (NAS).
Workaround: Enter the shutdown command followed by the no shutdown command.
•
A Cisco router that is configured for X.25 may return to ROM because of a bus error or display SYS-2-BADSHARE messages in the log. There is no workaround.
•
When you use V.25 bis and data terminal ready (DTR) dialing in Cisco IOS Release 12.1, the dialer redial command may not prevent a new call from being dialed even though a redial is pending. There is no workaround.
•
The no tx-ring-limit command does not work. There is no workaround.
•
ISDN Layer 2 fails to re-establish. The output of the show isdn serv command shows B channels in the proposed state. There is no workaround.
•
A Cisco 6101 router that is configured as a LAN Emulation (LANE) version 2 client in a multi-vendor LANE environment, may experience interoperability problems when the LAN Emulation Configuration Server (LECS) and LES or broadcast and unknown server (BUS) services reside on the third party vendor equipment. The router sends out a tag value in the LAN destination field of the flush request, which is not recognized as an appropriate value by the third party BUS.
Workaround: Disable the flush request sent by the client on the router.
•
A dynamic template is not bound to the virtual profile vaccess during the cloning of the virtual profile. There is no workaround.
•
When you unconfigure the map-class frame-relay global configuration command, a Cisco router may reload.
Workaround: Remove the configuration under the map-class command instead of unconfiguring the map-class frame-relay command in the global configuration mode.
•
If VPDN data packets need to be switched over a virtual private dial-up network (VPDN)-capable router that is not a network access server (NAS)/Layer 2 Tunneling Protocol (L2TP) Access Concentrator (LAC) or a home gateway/L2TP Network Server (LNS) for the corresponding VPDN tunnel, the packets are dropped if they are process switched (because of the configuration or if the address cannot be resolved in the fast cache). VPDN control packets are not affected.
Workaround: Use Cisco Express Forwarding (CEF) switching.
•
When you use Layer 2 Tunneling Protocol and IP Security (IPSec) together, packets larger than the maximum transmission unit (MTU) for the PPP access are not switched into the tunnel. This situation occurs when a PPP tunnel uses L2TP or Layer 2 Forwarding (L2F) and protects the L2TP or L2F tunnel with IPSec. Also, it only affects IP packets that must be fragmented before they are switched into the L2TP or L2F tunnel. There is no workaround.
•
A Cisco 7513 router that is running Cisco IOS Release 12.0(14)S1 may reload because of a bus error when you change the number of timeslots on a T1 line. There is no workaround.
•
When you use Large Scale Dialout with virtual profiles, packets that are stored in the dialer hold queue may not be sent out after the dialer connection is established. There is no workaround.
•
After a switched virtual circuit (SVC) idle timeout, the subinterface goes down and the corresponding IP routing entry is deleted. Consequently, subsequent pings fail.
Workaround: Manually change the state of the subinterface to up.
•
When overlap signaling on primary-net5 is used and an outgoing call setup takes more than 20 seconds, a Cisco router drops those calls after 20 seconds because the ISDN timer is not renewed each time a Cisco router sends an INFORMATION message. There is no workaround.
•
Layer 2 Tunneling Protocol (L2TP) dynamic and static dialer maps under the same dialer interface may reload a Cisco router during an L2TP dialout session.
Workaround: Disable L2TP dialout.
•
A Cisco AS5800 series universal access server that is experiencing high CPU utilization may reload when it receives an unsolicited acknowledgement from a Cisco signaling controller. There is no workaround.
•
On a Cisco router, fast idle timeout for values below 70 seconds intermittently fails. For values around 10 seconds, fast idle timeout always fails. The router displays the following messages in the output of the debug dialer EXEC command ("1 ticks" is always displayed):
As1 DDR: starting fast idle timer 1 ticks
As1 DDR: fast idle timeoutThe following debug output shows output with the fast idle timer set to 70 seconds:
As1 DDR: No free dialer - starting fast idle timer
As1 DDR: starting fast idle timer 70000 ticks
As1 DDR: No free dialer - starting fast idle timer
As1 DDR: No free dialer - starting fast idle timer
As1 DDR: No free dialer - starting fast idle timer
As1 DDR: No free dialer - starting fast idle timer
As1 DDR: fast idle timeout
As1 DDR: disconnecting callThere is no workaround.
•
A Cisco 7206 router that is running Cisco IOS Release 12.1(6) that is configured for callback stops calling back after a period of operation. The router displays the following error message:
Se1/0:22 DDR: callback to hostname already startedThis situation occurs only if the ISDN interface is configured with the isdn fast-rollover-delay interface configuration command and the callback server is configured to have multiple dialer strings for the callback call.
Workaround: Remove the isdn fast-rollover-delay interface configuration command.
•
ISDN Layer 2 does not re-establish after you use the shutdown command followed by the no shutdown command on a T1 controller. This situation affects 4ESS/5ESS switch types. There is no workaround.
•
When you configure an interface for X.25 switching, the x25 pvc interface configuration command accepts but ignores the xot-source option. Additionally, the option is not documented, although it is an acceptable option at the configuration command line interface. There is no workaround.
•
A Cisco router may experience a memory leak when a packet assembler/disassembler (PAD) or X.28 call request fails. Another assembler/disassembler (PAD) or X.28 call request fails. Another memory leak may occur when an X.25 call routed over X.25 over TCP (XOT) chooses an alternate destination IP address. There is no workaround.
•
On a Cisco 7500 series router that is running Cisco IOS Release 12.1(7) with the rsp-jsv-mz image and that has Hot Standby Router Protocol (HSRP) enabled on subinterfaces, if you shut down one of the subinterfaces in the active router, the main interface on the same router goes down. If you do not have HSRP configured and if you try to shut down the subinterface, just that subinterface goes down.
Workaround: Use Cisco IOS Release 12.1(8) which contains the fix for this caveat.
Resolved Caveats—Cisco IOS Release 12.1(7c)
Cisco IOS Release 12.1(7c) is a rebuild of Cisco IOS Release 12.1(7). The caveats in this section are resolved in Cisco IOS Release 12.1(7c) but may be open in previous Cisco IOS Releases.
•
Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inboundpacket. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.
Cisco has made software available, free of charge, to correct the problem.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
Resolved Caveats—Cisco IOS Release 12.1(7b)
Cisco IOS Release 12.1(7b) is a rebuild of Cisco IOS Release 12.1(7). The caveats in this section are resolved in Cisco IOS Release 12.1(7b) but may be open in previous Cisco IOS Releases.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.1(7a)
Cisco IOS Release 12.1(7a) is a rebuild release for Cisco IOS Release 12.1(7). The caveats in this section are resolved in Cisco IOS Release 12.1(7a) but may be open in previous Cisco IOS releases.
•
A Cisco AS5400 Universal Access Server that is running Cisco IOS Release 12.1(4)T may place files in the Flash in read-only mode by entering the squeeze command. While copying files into Flash, the user may be prevented from overwriting the read-only files. There is no workaround.
•
Systems Network Architecture Switching Services (SNASw) with High Performance Routing (HPR) may send Exchange Identification (XID) Fmt 3 Type 2 with maximum Basic Transmission Unit (BTU) set to 516 bytes (bytes 21-22). The receiving station may reject this by giving sense code 0x1016 0022 (XID3 BTU must be greater than 768 bytes since adjacent node is an HPR node). There is no workaround.
•
In some situations (after a reload or after you clear the Open Shortest Path First (OSPF) process), the Area Border Router (ABR) may fail to maxage for type-3 link-state advertisements (LSAs) generated based on an inter-area route if the inter-area route is lost.
Workaround: Enter the clear ip ospf {process} EXEC command.
•
A Cisco AS5800 series universal access server that is experiencing high CPU utilization may reload when it receives an unsolicited acknowledgement from a Cisco signalling controller. There is no workaround.
•
Open Shortest Path First (OSPF) may fail to install the default route in some rare cases. The default route will automatically be installed during next shortest path first algorithm (SPF).
Primary Workaround: Add a static default route with a higher administrative distance than OSPF and redistribute it through OSPF by entering the following commands:
(config) # ip route 0.0.0.0 0.0.0.0 if-name 200
(config) # router ospf 1
(router config) # default-information-originate
(router config) # redistribute static subnetSecondary Workaround: Add a fake loopback to OSPF net statements, and flap the loopback.
•
A Cisco router that is running Cisco IOS Release 12.1(7) in a Signaling System 7 (SS7) configuration may reload when you place Point-to-Point Protocol (PPP) modem and ISDN calls at approximately 4 cells per second (cps) with continuous pings and then use the write memory command. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.1(7)
All the caveats listed in this section are resolved in Cisco IOS Release 12.1(7). This section describes severity 1 and 2 caveats and select severity 3 caveats.
Access Server
•
During abnormal behavior of modem ISDN channel aggregation (MICA), the modems recovery does not start up, which results in bad modems allocated for the call. This situation results in a low call success rate (CSR) within the system. In this situation, the modem should be marked busy out. There is no workaround.
Basic System Services
•
On two Route Switch Processors (RSPs) on a Cisco 7500 series router that has High System Availability (HSA), when you use the write memory command followed by the service sync config or the slave sync config privileged EXEC commands on the same system, the master RSP runs at 100 percent CPU for a variable amount of time depending on the size of the configuration. There is no workaround.
•
A Cisco router that uses the protocol control information (PCI) Fast Ethernet controller of a certain vendor may reload because of a memory corruption caused by a rare condition in which a packet consisting of only cyclic redundancy check (CRC) bytes is received.
Workaround: Use to the driver software that contains the fix for this caveat.
•
Round Trip Time (RTT) measurement may be incorrect if the measurement cycle begins just before 00:00:00 Coordinated Universal Time (UTC). There is no workaround.
IBM Connectivity
•
Under rare circumstances, there may be an invalid Routing Information Field (RIF) when Data-Link Switching/Routing Information Field (DLSw/RIF) pass-through is used. As a result, the Logical Link Control, type 2 (LLC2) session between the Network Control Protocols (NCPs) or the virtual telecommunications access method (VTAM) does not get established.
Workaround: Use remote source-route bridging (RSRB) without local acknowledgement.
•
A Cisco 7200 series router displays duplicate ring violation messages when debug source event command is turned on, even though there is no duplicate ring at all. There is no workaround.
•
A Cisco router never sends exchange identification (XID) to both data-link connection identifiers (DLCIs) to initiate a session when service is interrupted on a Frame Relay access support (FRAS) border access node (BAN) that is configured to use more than one Frame Relay permanent virtual circuit (PVC) attached to one physical serial interface. There is no workaround.
•
Data-link switching (DLSw) Ethernet Redundancy (ER) may fail to send messages when you enter the dlsw timer explorer-wait-time command. As a result, the Systems Network Architecture (SNA) client cannot reestablish the circuit. There is no workaround.
Interfaces and Bridging
•
Cisco 7200 and 7500 series routers pulse low the request to send (RTS) signal when "pulse-time" is coded for the Data Terminal Ready (DTR) signal. In some instances, RTS follows the behavior of DTR. In other instances, RTS simply pulse low for a few milliseconds.
This situation may cause interoperability problems with particular data communications equipment (DCE) equipment or if particular interface wiring (for example, looping RTS back to DCD) is used.
Workaround: "Dummy up" RTS with a breakout box.
•
A Fast Ethernet Interface Processor 2 (FEIP2) board may suddenly fail with the following message:
%CBUS-3-CMDTIMEOUT: Cmd timed out, CCB 0x5800FF60, slot 4, cmd code 2
-Traceback= 60400D94 6040128C 603F9294 603F722C 6033D0C0 6033D2F0 60360734 60360 720There is no workaround.
•
The debug token ring EXEC command does not show data when applying the access-list 1100 filter. The following output is seen:
riflen 10, rd_offset 6, llc_offset 24 *Nov 14 11:48:35: riflen 10, rd_offset 6, llc_offset 24 riflen 12, rd_offset 2, llc_offset 26 riflen 8, rd_offset 3, llc_offset 22 riflen 8, rd_offset 260419, llc_offset 22 riflen 8, rd_offset -148349, llc_offset 22 riflen 8, rd_offset -1097469, llc_offset 22There is no workaround.
•
When a Cisco 7200 series router with a Packet-over-SONET (POS) port adapter (PA) is reloaded, it is possible that the POS subinterfaces may not come up in an enabled state.
Workaround: Manually re-enable the POS interface.
•
When querying dot5StatsTokenErrors in all Cisco images, platforms, and releases, the returned value is the dot5StatsBurstErrors instead. There is no workaround.
•
If fiber has been unattached and if you remove "keepalive" from the Packet-over-SONET (POS) interface, the link will be up infinitely after removing the patchcord. There is no workaround.
•
The decnet host global configuration command does not function with IP distributed Cisco Express Forwarding (dCEF) enabled.
Workaround: Disable IP dCEF distributed.
•
On a Cisco router, when fixes for CSCdr42559 and CSCdr75559 are integrated in the same release, you do not get any output, instead of the right amount of output. Omitting both fixes causes a loop in which the router supplies too much output, most of it redundant.
Workaround: Do not use the patch for CSCdr75559.
IP Routing Protocols
•
This fix implements various optimizations implemented for Open Shortest Path First (OSPF), default external link-state advertisement (LSA), and Cisco Express Forwarding (CEF) in Cisco IOS Release 12.0 and 12.1. The fixes incorporated here originated from CSCdm83004, CSCdp72309, CSCdr26999, and CSCdr88511.
•
A Cisco 7100 series router fails to copy the IP precedence of IP packets to a generic routing encapsulation (GRE) header when precedence is set using policy routing. There is no workaround.
•
When MD5 authentication is applied to Enhanced Interior Gateway Routing Protocol (EIGRP) neighbors that are neighboring with a stub EIGRP router, the neighbor relationship is not formed.
Workaround: Disable MD5 encryption.
•
Enhanced Interior Gateway Routing Protocol (EIGRP) may reload because of a bus error exception if you use the show ip eigrp events command, if the event log has the "xmitz" log type enabled, and if the log is stuck in active (SIA) reply messages to be displayed.
Workaround: Do not enable the "xmitz" log type for the event log.
•
If one of links in an area goes down, Open Shortest Path First (OSPF) summary routes related to the failed link are deleted from the routing table even though you can reach the network through another link. After 5 seconds, the routes are restored automatically. There is no workaround.
•
In a network with the following topology:
–
–
Workaround: Do not use the same cluster-id.
•
A Cisco Catalyst 6000 series switch that is running Cisco IOS Release 12.1(4) E1 may experience network instability due to excessive Border Gateway Protocol (BGP) flapping. There is no workaround.
•
When Open Shortest Path First (OSPF) is used as a protocol between provider edge (PE) and customer edge (CE) routers in the Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment, type-3 link-state advertisements (LSAs) may be generated at the PE as a result of the redistribution of the internal Border Gateway Protocol (iBGP) route. When the iBGP route goes down, PE should flush the previously generated type-3 LSA. There is no workaround.
•
Enhanced Interior Gateway Routing Protocol (EIGRP) may send unnecessary updates for external routes. There is no workaround.
•
An incorrect total delay value appears in the Enhanced Interior Gateway Routing Protocol (EIGRP) topology table for one or more routes after the delay interface configuration command value has been manually changed on an interface. This situation will occur on Cisco routers that are running Cisco IOS Release 12.1(4.4), or later releases on which the delay interface configuration command value has recently been manually changed on an interface. This situation may also occur in Cisco IOS Release 12.1(4)DC, 12.1(4)DC1, 12.1(4)DB, or later releases. If an interface is comprised of some bundling technology, such as Multilink PPP (MLPPP) or port channels, the metric for the interface may change dynamically, without manual intervention.
Workaround: Clear all EIGRP neighbors from which the problematic routes have been learned using the clear ip eigrp neighbors EXEC command.
•
In some situations (after a reload or if you clear the Open Shortest Path First (OSPF) process), the Available Bit Rate (ABR) may fail to set the maxage for type-3 link-state advertisements (LSAs) generated based on an inter-area route if the inter-area route is lost.
Workaround: Enter the clear ip ospf {process} EXEC command.
Miscellaneous
•
A Cisco 3640 router may reload with a bus error at PC 0x603DFF38, address 0xAC. There is no workaround.
•
If an interface card is replaced online through an online insertion and removal (OIR) with a card of a different type, the Hot Standby Router Protocol (HSRP) configuration may not be carried over to the new card.
Workaround: Remove HSRP from the configuration before removing the card.
•
When applying Context-based Access Control (CBAC) with Web Cache Communication Protocol (WCCP) and Network Address Translation (NAT), do not turn off inspection in the fast path using the no ip inspect fast interface configuration command because of an interoperability issue. There is no workaround.
•
A Cisco AS5300 series universal access server that is using new controller cards may reload at random. There is no workaround.
•
When you use the auto-sync [standard] redundancy configuration command on a Cisco network routing processor (NRP) that is running Cisco IOS Release 12.1(99) or Release 12.1(1.0.5)DC, the command does not synchronize the startup configuration between the primary and secondary NRPs.
Workaround: Enter the auto-sync [startup-config] redundancy configuration command.
•
A Cisco 7206VXR router that is running Cisco IOS Release 12.1(2) reloads approximately once a week at "abort." There is no workaround.
•
Digital Signature Standard (DSS) keys generated in Cisco IOS Release 12.0(11) cannot be used or exchanged in Cisco IOS Release 12.1(2). There is no workaround.
•
If the clear counters EXEC command is entered from a Secure Shell (SSH) connection on a router with E1/T1 controllers, a "SYS-3-CPUHOG" error message may be exhibited. This condition occurs when the clear counters command fails on more than one E1/T1 controller with a "POT1E1-3-MBOXSEND" error.
Workaround: Clear each E1/T1 controller individually.
•
The throughput on a Cisco 7200VXR series router that has one or more PA-2FEISL port adapters installed may be adversely affected when a "service policy" is configured by entering the service policy-map command on the Fast Ethernet interface of the PA-2FEISLport adapter.
Workaround: Do not use a "service policy" on the Fast Ethernet interface.
•
A Cisco router running Cisco IOS Release 12.1 fails to route all packages with the crypto map configuration command in the required amount of time. There is no workaround.
•
Cisco IOS software allocates calls to modems in the disconnecting state when the Cisco IOS software fails to find a free modem. Cisco IOS Software sends a terminate signal to a modem and after two seconds assumes that the modem is idle even if the Cisco IOS software does not receive an idle signal from the modem. This assumption is incorrect for modems taking longer to terminate and for modems that have failed. This situation results in RingNoAnswer (RNA) and a lower call success rate (CSR). There is no workaround.
•
A Cisco AS5300 series universal access server that is running Cisco IOS Release 12.1(2a) and that has an 8-port T1/PRI, CPU utilization goes up to 35 percent CPU usage although nobody is dialed in to the system. There is no workaround.
•
Certain vendor-specific products connect to a Token Ring module. However, the Fast Ethernet module on the Cisco 7500 series router is a PA-2FEISL-TX port adapter. When you attempt to log on to a preferred Internetwork Packet Exchange server, the server fails. The server seems to respond to the Get Nearest Server (GNS), but when you send out a Routing Information Protocol (RIP), the Cisco router does not respond to the GNS.
Workaround: Replace the Token Ring Inter-Switch Link (TRISL) interface by a real Token Ring port.
•
When you boot an image with a configuration that contains several subinterfaces, a Cisco router displays the following message:
%SYS-3-CPUHOG: Task ran for 49272 msec (0/0), process = Auto Config insertion process, PC = 602AFF20.This situation is unlikely to affect operation. There is no workaround.
•
A Cisco 3600 series router that is running Cisco IOS Release 12.1(4) or 12.1(3.5)PI, with a permanent virtual circuit (PVC) enabled may experience a total data rate higher than the sustainable cell rate (SCR) and become overloaded. The Operation, Administration, and Maintenance (OAM) cells are delayed before transmission which may cause the PVC fail. There is no workaround.
•
When IP Cisco Express Forwarding (CEF) is enabled on a route switch module (RSM) and you reload the RSM, the interfaces show that the no ip route-cache cef interface configuration command is enabled, which causes the CPU to run at 99 percent.
Workaround: Manually change the configuration.
•
The state of a file like writing, deleting, or renaming may be affected with tasks performed simultaneously when the file is open for a read operation but not when it is open for a write operation. There is no workaround.
•
A Cisco AS5300 series universal access server that is running Cisco IOS Release 12.0(7)T with the c5300-js-mz.120-7.T.bin image may experience a system returning to ROM by error with a write bus error interrupt at PC 0x6021B0D0. There is no workaround.
•
Inter-Switch Link (ISL) packet handling does not work correctly for packets larger than 1470 bytes.
Workaround: Use Cisco IOS Release 12.0 or Release 12.1.
•
If there is only one bundle present on an interface and that bundle is removed, the interface changes to the "down" state and then comes back to the "up" state. There is no workaround.
•
If you configure a static IP route on a Cisco 7500 series router to point to a multilink group interface, the IP traffic does not route through that interface, and the following type of configuration fails:
ip route x.x.x.x y.y.y.y Multilink1Workaround: Use a static route that points at the Next Hop address. For example:
ip route x.x.x.x y.y.y.y z.z.z.zwhere z.z.z.z is the IP address of the peer router.
•
When the Fast Ethernet interface on a Cisco 1700 series router is shut down (down/down), the link-down keepalive traps continue coming up every 10 seconds.
Workaround: Use the no keepalive or the no snmp trap link-status interface configuration command.
•
A Cisco 7200 series Response Time Reporter (RTR) with an Inter-Switch Link (ISL) trunk to a Token Ring (TR) software network that is configured with several subinterfaces for different IP subnets may fail to send a ping to stations on another subnet through the Cisco 7200 RTR when the packet size ranges from 4036 to 4043 bytes and the IP process switching is enabled on the TR-ISL interfaces.
Workaround: Disable IP process switching on the TR-ISL interfaces by entering the ip route-cache interface configuration command. Use IP fast switching instead.
•
A Cisco AS5300 series universal access server with modem recovery action configured may detect modems that are still downloaded and have no regard to recovery configuration. The recovery mechanism seems to consider the configuration only when call failure exceeds the threshold. There is no workaround.
•
Policy routing does not work when Cisco Express Forwarding (CEF) is enabled and when there is a route in the routing table for the packet destination IP address. Also, with a default route in the routing table, policy routing does not get applied. The policy route map needs to be applied on an ATM interface.
Workaround: Disable CEF.
•
A Cisco router that is acting as a Provider Edge (PE) router in a Multiprotocol Label Switching (MPLS)/Virtual Private Network (VPN) may show an incorrect tag value for some VPN routing or forwarding instance (VRF) routes. This situation breaks connectivity between the local and remote VPN networks. The problem may occasionally appear under specific timing conditions in networks with unstable (flapping) VRF links and redundant Route Reflectors (RR) that are at different geographical locations (different network connection speed).
The recovery method is to use the clear ip route vrf vrf-name {ip-address} EXEC command, where vrf-name is the VRF that includes the route and the corresponding IP address.
Workaround: Use a single RR.
•
When you use Simple Network Management Protocol (SNMP) there is no means of identifying the Master/Slave Dial Shelf Controller (DSC). There is no workaround.
•
When you use a Cisco router that is running Cisco IOS Release 12.1(2) or later release and you configure Home Agent (HA) redundancy using Hot Standby Router Protocol (HSRP), the router reloads while starting up.
Workaround: Shut down the interfaces in the HSRP group of the HA on the other HAs in the redundancy group, and restart the router. After following this procedure, open the interfaces that are shutdown.
•
Cisco MultiPath Channel (CMPC) configuration on an XCPA or an ECPA4 causes read failure on flash disk.
Workaround: Use a flash card, not a flash disk.
•
An interface that is connected to the CPU through a protocol control information (PCI) bus may not be recognized and a message is issued. The interface will be unusable. Some systems may fail to start because of the inability to detect a required interface. There is no workaround.
•
A Cisco 7500 series router that is running distributed Cisco Express Forwarding with the debug mpls packet command enabled may show the no debug output on Versatile Interface Processor (VIP) or Route Switch Processor (RSP) console. There is no workaround.
•
Cisco Express Forwarding (CEF) may be disabled on virtual template interfaces when the Cisco router reloads. There is no workaround.
•
When you use encryption authentication for IP Security (IPSec), the Cisco router exchanges certificates with the IPSec peer if the router has not previously negotiated with this peer. In this case, the router correctly verifies the peer certificate and checks the appropriate certificate revocation list (CRL) to make sure the peer certificate has not been revoked. In subsequent negotiations with the same peer, the router may fail to obtain and check the appropriate CRL. This may result in the router successfully negotiating an IPSec connection with a peer whose certificate has been revoked.
Workaround: Reload the Cisco router.
•
A Cisco router that is running Cisco IOS Release 12.1(5.3) with a dynamic permanent virtual circuit (PVC) cannot be discovered in a subinterface on an ATM-Deluxe interface and also cannot be discovered on a main interface after the subinterface is moved. There is no workaround.
•
If you remove crypto map from an interface that is running Cisco IOS Release 12.1, and then remove the IP address, the Cisco router may reload.
Workaround: Remove the IP address first and then remove the crypto map.
•
A Cisco 4500 or Cisco 4700 series router that is using a Systems Network Architecture (SNA) switch instead of a Network Control Program (NCP) for specific downstream dependent logical units (LUs) does not establish Logical Unit 2 (LU2) sessions because the SNA Switch/Dependent LU Requester (DLUR) forwards the secondary logical unit (SLU) name for the LU2. When the NCP is in use, the LU may be connected by the host application.
Workaround: Code the SLU name on the downstream physical unit (PU).
•
An active permanent virtual circuit (PVC) goes to the "inactive" state and displays the error message:
%ATMCES-1-ERRCREATEVCWorkaround: Reconfigure the PVC or reload the Cisco router.
•
The Tag Distribution Protocol (TDP) session for an ATM point-to-point subinterface disappears for an unknown reason and cannot be reestablished. There is no workaround.
•
When two Cisco routers that are using Multilink PPP (MLP) connect to each other, you may see a mismatch in a sequence of numbers if you enter the show ppp multilink EXEC command on both routers. Packets cannot get through the multilink interfaces.
Workaround: Disable MLP.
•
A Cisco AS5300 series universal access server that is running Cisco IOS Release 12.1(5) or 12.1(6) may receive incoming calls on modems that are marked "bad" after the Cisco router reloads. If there are no calls coming in, the modems come up correctly.
Workaround: Open the trunks for calls after you reload the router and use the no modem bad line command.
•
On Cisco Catalyst 5000 and Catalyst 6000 series platforms, the system Cisco Access Manager (CAM) entries created by Multiprotocol over ATM (MPOA) are never removed when the ATM module is removed, reset, reloaded or when the ATM card pauses indefinitely.
Workaround: Reload the Catalyst platform.
•
Variable bit rate (VBR) non-real time (NRT) is not available under permanent virtual circuit (PVC) bundle configuration. There is no workaround.
•
There is possible memory corruption caused by invoking certain command-line interfaces (CLIs). There is no workaround.
•
Hot Standby Router Protocol (HSRP) is unstable and does not converge if millisecond timers are configured. There is no workaround.
•
The vbr-nrt command is not recognized when you define switched virtual circuits (SVCs). There is no workaround.
•
When source-route bridging (SRB) is configured on a Token Ring interface, the Cisco router will duplicate packets when it is in standby or listening mode on a Hot Standby Router Protocol (HSRP).
Workaround: Enter the standby use-bia interface configuration command.
•
A large amount of traffic may exhaust the receive buffers on the network processor module (NPM) (NP-1A-MM) and cause the interface on the receive side to pause indefinitely.
Workaround: Enter a shutdown command followed by the no shutdown command and the interface will recover.
Alternate workaround: Enter the atm ilmi-keepalive interface configuration command.
•
A Cisco PA-A3 port adapter may not be able to provide correct traffic shaping if a combination of peak cell rate (PCR), sustainable cell rate (SCR), maximum burst size (MBS) for variable bit rate (VBR), and virtual circuits (VCs) are used in such a way that the "limit" calculated according to Generic Cell-Rate Algorithm (GCRA) comes out greater than 0xFFFFFF (hex) or 16777215 (decimal) value. There is no workaround.
•
After a reload, a Cisco router does not forward packets to an interface that is not running IP tag switching. Pinging from the router works, but a ping that needs to cross the router fails.
Workaround: Ensure that the "route" flaps. If the route flaps, the Multiprotocol Label Switching (MPLS)/Cisco Express Forwarding (CEF) is installed correctly.
•
DistributedDirector reloads with traceback under heavy loads when a configuration change is made. There is no workaround.
•
When IP Security (IPSec) peers are configured with Access Control List (ACL) entries that do not match and one ACL includes the other ACL, one of the following two situations occurs:
Correct behavior occurs if the IPSec peer with the more restrictive ACL initiates the connection and then offers a more restrictive IPSec proxy. This proxy is accepted by the IPSec peer with the less restrictive ACL if the less restrictive ACL completely covers the more restrictive offered IPSec proxy.
Incorrect behavior occurs if the IPSec peer with the less restrictive ACL initiates the connection, and then offers a less restrictive IPSec proxy. This proxy is accepted by the IPSec peer with the more restrictive ACL. The IPSec peer with more restrictive ACL should reject the less restrictive offered IPSec proxy.
Workaround: Ensure that the IPSec ACL entries match correctly on both sides and are exact mirror images of each other.
•
When a Cisco router acts as both a high availability (HA) feature and a forwarding agent (FA), binding cannot be created. There is no workaround.
•
On a Cisco AS5400 series universal access server that is running Cisco IOS Release 12.1(6), when resource pooling is enabled, calls are incorrectly mapped to digital resources when there are no modems available. There is no workaround.
•
A Cisco 7200 series router with Cisco Express Forwarding (CEF) enabled may pause indefinitely when Cisco Appliance Server Architecture (CASA) is used.
Workaround: Do not use CEF.
•
Cisco access servers that are running resource pooling may reload with a bus error in rm_rpm_resource_allocate_success. There is no workaround.
•
When you enter the show users EXEC command the console reports the active time the call has been connected instead of the idle time for the call. There is no workaround.
•
A Cisco uBR904 router will not come online when a message digest algorithm 5 (MD5) file contains another operating system upgrade filename.
Workaround: Remove filename entries in the MD5 file.
•
If a more specific route is inserted into Cisco Express Forwarding (CEF) when a recursive route gets resolved to the default route, the dependents of the default route never get reevaluated. Therefore, CEF may forward the dependents toward an incorrect next hop. There is no workaround.
•
Distributed Multilink PPP (MLP) fails on link control protocol (LCP) negotiation. MLP also fails on other serial links that are not members of the multilink bundle. There is no workaround.
•
The Systems Network Architecture (SNA) switch may send a topology database update (TDU) to the network node server (NNS) with the LAST_FRSN_SENT field set to 0. There is no workaround.
•
A Cisco 7500 router configured with Tag-controlled ATM (TC-ATM) interfaces and multi-virtual circuit features may stop forwarding traffic to the prefixes that are reachable through multi-virtual circuits. This situation may happen where the Interior Gateway Protocol (IGP) routes frequently flap. There is no workaround.
•
When the ip inspect session command is configured for Trivial File Transfer Protocol (TFTP) the return acknowledgement packet is discarded if the size of the file transferred is less than 512 bytes. There is no workaround.
•
The Systems Network Architecture (SNA) switch router may reload due to memory corruption. There is no workaround.
•
Internet Key Exchange (IKE) phase 2 fails if the access lists used for several tunnels (with different crypto maps) contain one another. There is no workaround.
•
During a large routing table update, the CPU utilization may increase dramatically. This situation is due to a Cisco Express Forwarding (CEF) event logger feature.
Workaround: Turn off part of the feature using the ip cef table event-log traceback depth 0 configuration commands.
•
Web Cache Communication Protocol (WCCP) Cisco Express Forwarding (CEF) packet redirection is not supported on a Cisco 7100 series router. If CEF is enabled with WCCP, no packets are redirected.
Workaround: Disable CEF, or move WCCP redirection to a different router.
•
The Address Resolution Protocol (ARP) entry for an Active virtual IP address may get overwritten when a network transition occurs. This situation is only a problem when the use burned-in address (BIA) feature or configurable MAC addresses are used. Hosts send packets to a MAC address that is not being listened for by the active router. This situation is especially noticeable on Bridge Group Virtual Interface (BVI) interfaces but may also occur on Ethernet and Token Ring. There is no workaround.
•
Polling CmCpeTable causes a Cisco router CPU usage to go up to 80 to 96 percent for 3 to 5 minutes on a uBR7246 router that is running Cisco IOS Release 12.0(14)SC compared to 12 percent when the router is running Cisco IOS Release 12.0(11).
This situation occurs because in Cisco IOS Release 12.0(14)SC, for every Simple Network Management Protocol (SNMP) request for cdxCmCpeEntry, a new sorted cable modem (CM) or customer premises equipment (CPE) list is generated in order for the router to search for the right entry to return.
Workaround: Use another method to find out the CM or CPE information.
Novell IPX, XNS, and Apollo Domain
•
When you enter the no form of the ipx sap-uses-routing-info command, you may cause a loss of all Service Advertising Protocol (SAP) information in the SAP table. When SAP debugging is enabled, the following message will be displayed:
rejected, route xxxx is not in tableThere is no workaround.
•
You cannot configure an Internetwork Packet Exchange (IPX) network on ATM point-to-point interfaces, and you cannot use Service Advertising Protocol (SAP), the default encapsulation for ATM point-to-point interfaces. There is no workaround.
•
A Cisco router reloads when you query MIB. There is no workaround.
•
Alignment warnings may be seen on certain platforms when running Novell IPX routing. The warnings point at Routing Information Protocol (RIP) request handling, Internetwork Packet Exchange (IPX) handling, Simple Network Management Protocol (SNMP) handling, and Service Advertising Protocol (SAP) Get Nearest Server (GNS) handling. There is no workaround.
Protocol Translation
•
Permanent virtual circuit (PVC) protocol translation configuration commands disappear when you reload the router.
Workaround: Re-enter the translate global configuration commands without the max-users option.
TCP/IP Host-Mode Services
•
A Cisco 7500 series router with three Channel Interface Processor v2 (CIPv2) experiences a software-forced reload and the following error messages are displayed:
System was restarted by error - a software forced reload, PC 0x6023C070 Route/Switch Processor (RSP) Software (RSP-JSV-M), Cisco IOS Release12.0(10), RELEASE SOFTWARE (fc1) Compiled 0x60010930, data-base: 0x60EF6000 Stack trace from system failure: FP: 0x61C9C270, RA: 0x6023C070 FP: 0x61C9C270, RA: 0x6023A89C FP: 0x61C9C288, RA: 0x60243A00 FP: 0x61C9C2A0, RA: 0x60243D48 FP: 0x61C9C2D0, RA: 0x60238C68 FP: 0x61C9C2F8, RA: 0x603344C0 FP: 0x61C9C340, RA: 0x603350F8 FP: 0x61C9C378, RA: 0x60331544The log in the reload information file displays the following error messages:
Invalid TCB pointer: 0x61C176BC -Process= "Exec", ipl= 0, pid= 27 -Traceback= 6032FC8C 6032C5F8 60334080 601B0B3C 6033900C 603344D8 603350F8 60331544 60863C88 60870B90 6086427C 6033409C 601B0B3C 6033900C 603344D8 603350F8 %SYS-6-STACKLOW: Stack for process Exec running low, 0/12000 UTC-08d: %SYS-3-LOGGER_FLUSHED: System was paused for 00:00:00The stack trace decodes as follows:
0x6023C070:abort(0x6023c068)+0x8 Enter hex value: 0xRA::__start(0x60010000)+0x9fff0000 0x6023A89C:crashdump(0x6023a88c)+0x10 Enter hex value: 0xRA::__start(0x60010000)+0x9fff0000 0x60243A00:process_run_degraded_or_crash(0x602439ac)+0x54 Enter hex value: 0xRA::__start(0x60010000)+0x9fff0000 0x60243D48:process_ok_to_reschedule (0x60243a30)+0x318 Enter hex value: 0xRA::__start(0x60010000)+0x9fff0000 0x60238C68:edisms(0x60238c20)+0x48 Enter hex value: 0xRA::__start(0x60010000) +0x9fff0000 0x603344C0:send_byte_block(0x60334448)+0x78 Enter hex value: 0xRA::__start(0x60010000)+0x9fff0000 0x603350F8:tnof(0x60334c04)+0x4f4 The tracebacks after the TCP-2-INVALIDTCB messages decode as follows: 0x6032C5F8:tcp_close(0x6032c5e4)+0x14 0x60334080:close_connection(0x60333fb4) +0xcc 0x601B0B3C:conn_session(0x601b0a3c)+0x100 0x6033900C:tty_status_ok (0x60338fb0)+0x5c 0x603344D8:send_byte_block(0x60334448)+0x90 0x603350F8:tnof (0x60334c04)+0x4f4 0x60331544:tcp_putc(0x60331410)+0x134 0x60863C88:_putchar (0x60863c20)+0x68 0x60870B90:Ctputs(0x60870ac8)+0xc8 0x6086427C:tn3270_conn_terminate(0x6086421c)+0x60 0x6033409C:close_connection (0x60333fb4)+0xe8 0x601B0B3C:conn_session(0x601b0a3c)+0x100There is no workaround.
Wide-Area Networking
•
The Hot Standby Router Protocol (HSRP) over Bridge Group Virtual Interface (BVI) configuration is not supported if the BVI encompasses LAN emulation interfaces. The configuration is valid and functional only if the BVI encompasses ethernet interfaces. There is no workaround.
•
A Cisco 3640 router may run out of small buffers in seven days and display packets similar to the following packet:
Buffer information for Small buffer at 0x60CAEF24 data_area 0x19D0C04, refcount 1, next 0x0, flags 0x400200 linktype 55 (SRB), enctype 20 (FRAME-RELAY), encsize 34, rxtype 0 if_input 0x60C0DD9C (Serial1/0), if_output 0x0 (None) inputtime 0x131FA530, outputtime 0x0, oqnumber 65535 datagramstart 0x19D0C40, datagramsize 54, maximum size 260 mac_start 0x19D0C40, addr_start 0x19D0C42, info_start 0x19D0C58 network_start 0x19D0C58, transport_start 0x19CA266 =20 =20 019D0C00: AFACEFAD 00000000 00010001 00000000 /, o-............ 019D0C10: 00000000 60B6225C 00000000 00000000 .....6"........ 019D0C20: 00000000 00000000 00000000 00000000 ................ 019D0C30: 01000C00 10000411 03008000 80C20009 .............B.. 019D0C40: 00400040 5DC028E9 AA000400 C918AAAA .@.@]@(i*...I.** 019D0C50: 03000000 08060006 08000604 0001AA00 ..............*. 019D0C60: 0400C918 011E1001 00000000 0000011E ..I............. 019D0C70: 10054378 0000AA00 0400C918 011E1001 ..Cx.. *...I..... 019D0C80: 00000000 0000011E 10054378 0000300E ..........Cx..0. 019D0C90: 300C0608 2B060102 01010200 05000500 0...+........... 019D0CA0: 636B0101 CD417A20 00000000 00000000 ck..MAz ........ 019D0CB0: 00000005 04B90000 00000000 00000000 .....9.......... 019D0CC0: 00000000 00000000 00000000 00000000 ................ 019D0CD0: 00000000 00000000 00000000 00000000 ................ 019D0CE0: 00000000 00000000 00000000 00000000 ................ 019D0CF0: 00000000 00000000 00000000 00000000 ................ 019D0D00: 00000000 00There is no workaround.
•
The X.25 for dialer interface feature is unusable because although X.25 packet assembler/disassembler (PAD) calls are correctly routed to the dialer interface and bound to the BRI, and the dialer idle-timeout interface configuration command is not reset by the flow of X.25 data. Any traffic defined by a dialer list, however, does reset the dialer idle timer. X.25 PAD data is not definable by a dialer list. There is no workaround.
•
During a stress test, if you use the shutdown command followed by the no shutdown command in DSP configuration mode on an interface, the calls may not get through again. There is no workaround.
•
The dialer idle-timeout timer does not reset for incoming traffic on some asynchronous interfaces. When the dialer idle-timeout value is configured for inbound traffic on the group-asynchronous interface, the timer continues to decrement even though there is incoming traffic on the group-asynchronous interface. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.0(4)T and later releases and that is operating as an X.25 DTE includes the Address Length and Facilities Length fields in a Call Accepted packet even when no addresses, facilities, or call user data is present; the specified lengths are zero. Although this format is permitted by X.25, some X.25 switches clear the call, reporting a Local Procedure Error (cause code 19). There is no workaround.
•
A Cisco 4500 series router may reload when a PPP call is disconnected after a timeout and display the following output:
%ALIGN-1-FATAL: Corrupted program counter pc=0x0, ra=0x605A0FD8, sp=0x610A9490
%ALIGN-1-FATAL: Corrupted program counter pc=0x0, ra=0x605A0FD8, sp=0x610A9490There is no workaround.
•
The sequence in which you use multiple no shutdown commands changes the availability of B channels on a non-Non-Facility Associated Signaling (NFAS) digital subscriber line (DSL). After you shut down both the controller and the serial interface, using the no shutdown command on the controller followed by the no shutdown command on the serial interface, the B channels are left out of service. If you use the no shutdown command on the serial interface and then on the controller, all of the B channels are brought into service.
Workaround: Enter the no shutdown command on the controller after you enter the shutdown command on the serial interface.
•
A Cisco AS5200 series universal access server may reload while you unconfigure a T1 PRI group. There is no workaround.
•
A Versatile Interface Processor (VIP) on a Cisco 7500 series router that has distributed Cisco Express Forwarding (dCEF) and Cisco Express Forwarding (CEF) configured may reload. There is no workaround.
•
When you run Cisco IOS Release 12.0 T to 12.1(5) while you use Multilink PPP (MLP) and large scale dialout, the dialer profile may show a state of idle when one active MLP link is assigned to the interface. There is no workaround.
•
A large-scale dialout setup, with IP traffic that is to be forwarded to a destination that already has a dial-up connection established but does not yet have the routing protocol converged may get corrupted. There is no workaround.
•
A Cisco router that is configured for X.25 address insertion or removal does not make an X.25 call. There is no workaround.
•
While you run Cisco IOS Release 12.0 T with the dialer disable-multiencaps command enabled, a reload may occur. There is no workaround.
•
The answer side dialer is not operational when Frame Relay encapsulation is configured. There is no workaround.
•
A new Versatile Interface Processor 2-50 (VIP2-50) may take up to 0.5 seconds longer for the hardware to reset compared to an older VIP2-50 and other VIPs. Therefore, when the Route Switch Processor (RSP) resets the VIP2-50s, the RSP may not wait long enough for the VIP to reset and the the following error message is displayed:
%RSP-3-ERROR: dbus read at 3E841002.
0:00:02: %RSP-3-ERROR: dbus read at 3E841002 -Traceback= 60390210 603927D8 60392D68 6039611C 60331E4C 60331F10 6028BFB8 -Traceback= 6035F960 6036146C 60343D84 6033A268 00:00:02: %RSP-3-ERROR: dbus read at 3E841002 -Traceback= 60390210 603927D8 60392D68 6039611C 60331E4C 60331F10 6028BFB8 -Traceback= 6035F960 6036146C 60343D84 6033A268 00:00:03: %RSP-3-ERROR: dbus read at 3E841002 -Traceback= 60390210 603927D8 60392D68 6039611C 60331E4C 60331F10 6028BFB8 -Traceback= 6035F960 6036146C 60343D84 6033A268 00:00:03: %RSP-3-ERROR: dbus read at 3E841002 -Traceback= 60390210 603927D8 60392D68 6039611C 60331E4C 60331F10 6028BFB8 -Traceback= 6035F960 6036146C 60343D84 6033A268This situation may also occur if the VIP2-50 online insertion and removal (OIR) is inserted. There is no workaround.
•
Newer Versatile Interface Processor-50s (VIP2-50s) may take up to 0.5 seconds longer for the hardware to reset than older VIP2-50s and other VIPs. When the Route Switch Processor (RSP) resets these VIP2-50s, the RSP may not wait long enough for the VIP to reset and the following error messages are displayed:
%RSP-3-ERROR: dbus read at 3E841002
%RSP-3-ERROR: dbus read at 3E841002
-Traceback= 60390210 603927D8 60392D68 6039611C 60331E4C 60331F10 6028BFB8
-Traceback= 6035F960 6036146C 60343D84 6033A268
%RSP-3-ERROR: dbus read at 3E841002
-Traceback= 60390210 603927D8 60392D68 6039611C 60331E4C 60331F10 6028BFB8
-Traceback= 6035F960 6036146C 60343D84 6033A268 00:00:03:
%RSP-3-ERROR: dbus read at 3E841002
-Traceback= 60390210 603927D8 60392D68 6039611C 60331E4C 60331F10 6028BFB8
-Traceback= 6035F960 6036146C 60343D84 6033A268 00:00:03:
%RSP-3-ERROR: dbus read at 3E841002
-Traceback= 60390210 603927D8 60392D68 6039611C 60331E4C 60331F10 6028BFB8
-Traceback= 6035F960 6036146C 60343D84 6033A268This situation occurs because the RSP is trying to access the VIPs across the dbus before they are fully reset. The VIP completes the reset and operates properly, so this no a service-impacting situation unless the VIP fails to load normally.
This situation may also occur if you perform an online insertion and removal (OIR) on the VIP2-50. Gigabit Ethernet Interface Processors (Gaps) may also be affected by this problem. There is no workaround.
•
A Cisco 7000 series router that is running Cisco IOS Release 11.0(19) and that is not the root of the spanning tree will forward bridge protocol data units (BPDUs) from the LAN interface of a LAN Extender to all interfaces in the bridge group.
Workaround: Make the Cisco 7000 series router the root of the spanning tree.
•
A Cisco 2500 series router may reload during watchdog timeout on the TCP to packet assembler/disassembler (PAD) protocol translation process. There is no workaround.
•
A Cisco router that is configured with a dialer profile that is acting as a callback server and that has a dialer load-threshold rejects incoming ISDN calls and displays the following error message:
Incoming call id 0x3256 rejected, exceeded max callsWorkaround: Move the dialer load-threshold to the peer router.
•
A modem call assigned to a free timeslot is rejected by the call switching module (CSM). There is no workaround.
•
A Cisco router may stack after you enter the no int serial x/y.z command under an X.25 permanent virtual circuit (PVC) that is configured on the subinterface.
Workaround: Remove the X.25 PVC configuration under the subinterface before removing the subinterface.
•
An incorrect disconnect cause value sent back from terminating gateway that is using Cisco IOS Release 12.1(5)T may cause a billing problem with a vendor-specific billing application. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.1(6a)
Cisco IOS Release 12.1(6a) is a rebuild of Cisco IOS Release 12.1(6). The caveats in this section are resolved in Cisco IOS Release 12.1(6a) but may be open in previous Cisco IOS Releases.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.1(6)
All the caveats listed in this section are resolved in Cisco IOS Release 12.1(6). This section describes severity 1 and 2 caveats and select severity 3 caveats.
Basic System Services
•
When you configure Distributed Weighted Random Early Detection (DWRED) on a PA-MC-4T1 port adapter with Cisco IOS Release 12.1(3.3), the line protocol may change to a down state under heavy traffic. Once the traffic is removed, the line protocol on the interface will resume in an up state. This situation also occurs when DWRED is not turned on. There is no workaround.
•
A Cisco 2509 router that is running Cisco IOS Release 12.0(12) and that is configured as an access server may experience a buffer leak in big buffers:
Big buffers, 1524 bytes (total 1030, permanent 50): 0 in free list (5 min, 150 max allowed) 1056 hits, 376 misses, 0 trims, 980 created 42 failures (0 no memory)The router runs short on I/O memory and has to be reloaded. There is no workaround.
•
A Cisco Route Switch Processor 8 (RSP8) may reload at boot time because of an unexpected exception if a configuration command with the following form is present in the startup configuration:
boot host tftp://host/directory-path/config-fileWorkaround: Change the URL syntax in the configuration command to use the IP address rather than the host name. For example, use:
boot host tftp://a.b.c.d/directory-path/config-file•
A Cisco router that is configured for priority queueing with X.25 where the packets for the remote end are assigned the highest priority queue and the remote end is shutdown may not function properly.
Workaround: Use custom queueing.
•
A Cisco AS5800 series universal access server may experience a bus error exception at les_ipfib_flow_switch along with spurious interrupts at the same process.
Workaround: Disable flow switching using the no ip route-cache flow interface configuration command.
•
You cannot use TFTP to transfer a file that is greater than 16 MB to or from a Cisco router.
Workaround: Use remote copy protocol (RCP), or use FTP to transfer the file.
•
Simple Network Management Protocol (SNMP) version 3 cannot select the authPriv security level for Cisco k2 images. There is no workaround.
•
When you access web pages that are stored on the router, file access may be blocked by other file access methods, such as the squeeze Switch command. The process fails to return the web page or file content. There is no workaround.
•
When you create new Simple Network Management Protocol (SNMP) version 3 authorized users and save the configuration, the authorized users remain configured in the system through the first reload but disappear after a power-cycle or consecutive reloads.
Note that it is proper for SNMP version 3 authorized users to be displayed only through the show snmp user command line interface (CLI) command, because according to the SNMP version 3 standard, SNMP version 3 authorized users cannot be listed in the visible router configuration. There is no workaround.
•
If the snmp-server community global configuration command is not configured, a Cisco router does not respond to the snmpwalk command. When you add the snmp-server community command to the configuration, the router responds to the snmpwalk command. When you remove the snmp-server community command from the running configuration, the router still responds to the snmpwalk command. If you restart the router, the router no longer responds to the snmpwalk command. There is no workaround.
•
A Cisco AS5300 series universal access server that is running Cisco IOS Release 12.1(4) reloads if the aaa pod server global configuration command is configured with a server key that is longer than 8 characters and if the POD packets are sent or received by the universal access server. There is no workaround.
•
A GET request on mipSecAssocTable in the RFC-2006 MIB does not return any or some of the entries in the table for some configurations. There is no workaround.
•
A Cisco router may experience a software-forced reload when you use Simple Network Management Protocol (SNMP) to copy a configuration such as the following:
snmpset -t 180 -r 2 10.200.40.10 cisco.local.lsystem.netConfigSet.172.17.247.195 octetstring config2The router displays the following message, indicating that it is trying to free already freed memory:
%SYS-2-FREEFREE: Attempted to free unassigned memory at 62F46994, alloc 6030DF8C, dealloc 602423B8Workaround: Use the SNMP commands in the following example:
snmpset 10.200.40.10 ccCopySourceFileType.11 integer 1 snmpset 10.200.40.10 ccCopyDestFileType.11 integer 4 snmpset 10.200.40.10 ccCopyServerAddress.11 ipaddress 172.17.247.195 snmpset 10.200.40.10 ccCopyFileName.11 octetstring config snmpset 10.200.40.10 ccCopyEntryRowStatus.11 integer 1DECnet
•
In certain topologies with DECnet IV routers and cluster aliases, a node cannot be removed from the routing table of other routers when it is removed from the LAN. A loop condition may occur in which other routers see that node through each other.
Cisco IOS Release 12.1(3.6) introduced a new knob to disable cluster-alias updates. By default, cluster-alias updates are propagated, and you can disable the cluster-alias updates if they are not required.
In Cisco IOS Release 12.1(4.5), the default behavior is to disable the cluster-alias updates because these updates cause some loops in certain topologies. These cluster-alias updates are propagated if VAX cluster-aliases are present, if dn_conversion is enabled, and if the router is currently routing Connectionless Network Service (CLNS) as an intermediate system (IS); then routes reachable at hops=29 and cost=704 are advertised if you use the decnet cluster-alias update command to set the configuration.
Workaround: Use Cisco IOS Release 12.1(4.5) or a later release.
IBM Connectivity
•
In some circumstances, Frame Relay access support (FRAS) fails to get connected. The output of the show llc command shows that the Logical Link Control (LLC) session remains in Asynchronous Disconnect Mode (ADM).
Workaround: Remove the failing FRAS connection from the configuration and then add it back in to remove the LLC session.
•
The dlsw mac-addr global configuration command is not added to the configuration when it is entered in Cisco IOS Releases 11.3T, 12.0, and 12.1. There is no workaround.
•
Under a heavy load, a Cisco 3600 series router that is performing source-route bridging (SRB) Qualified Logical Link Control (QLLC) local conversion will pass format indicator 2 (FID2) frames out of sequence. The end station will terminate the logical-unit-to-logical-unit (LU-LU) session with sense 2001 0000.
Workaround: Configure data-link switching (DLSw). Note that this workaround is not always reliable.
•
Continuous polling may occur during a Synchronous Data Link Control (SDLC) operation when you use the sdlc simultaneous command. This situation causes retransmissions and lower performance on the network. The continuous polling is more prevalent when you operate in a multidrop environment. Data is queued before the poll frames are queued, causing the response timer T1 to expire before the frame makes it out on the wire.
Workaround: Use the sdlc line-speed interface configuration command, and also configure a higher SDLC T1 timer using the sdlc t1 interface configuration command. This workaround may have some adverse effects if the station loses data because no other station is allowed to transmit during this time period.
•
A Cisco 2600 series router that is running Cisco IOS Release 12.0(13.3) may reload when running data-link switching (DLSw). This situation happens only in a DLSw border peer network with peers on demand that frequently get established and shut down. There is no workaround.
Interfaces and Bridging
•
A Cisco router that is configured for Inter-Switch Link (ISL) and routing sends back a logical link control (LLC) packet on the same subinterface.
Workaround: Use Cisco IOS Release 12.1.
•
With fast switching (Optimum, Cisco Express Forwarding (CEF) or flow) enabled, a Cisco 7200 series router may fail to route packets larger than 1496 bytes from any Fast Ethernet (FE) interface and a Bridge Group Virtual Interface (BVI). It is also possible that the first packet may reach its destination (because it is process-switched), but all subsequent packets will fail.
Workaround: Disable fast switching on the FE interface.
•
With IP Cisco Express Forwarding (CEF) running, a Cisco router processes frames received on an Inter-Switch Link (ISL) trunk even when the frame is not destined to it. This situation may cause a Layer 3 storm, as packets destined for an IP address on the same subnet as the sender are processed by the router and routed back out the interface on which they arrived. The problem is most often seen when there is a Spanning Tree change in the Layer 2 switch core because the MAC table is flushed and frames are flooded out all ports and arrive at the router.
Workaround: Use 802.1Q encapsulation instead of ISL.
Alternate workaround: Disable CEF.
•
On a Cisco 7200 series router, reloading a Packet-over-SONET (POS) neighbor router causes all POS interfaces to go down. If a Cisco Gigabit Switch Router (GSR) or Cisco 7500 series router and a Cisco 7200 series router are connected back to back through a POS interface and the GSR or Cisco 7500 router is reloaded, the POS interface is throttled because of high cyclic redundancy check (CRC) errors and input errors. However, this interface is never removed from the throttle list through the specific enable function of the port adapter. Whenever any other interface is throttled, the background process enables all the throttled interfaces. Because the POS port adapter is not removed from the throttle list, it resets whenever any other interface is placed in the throttle list.
Workaround: Use Cisco IOS Release 12.0 S or 12.1.
•
After a development engineer (DE) special is applied on Cisco IOS Release 12.0 (12) that integrated CSCds07197, problems occur with Tip/Ring (T/R) network applications. End-to-End Systems Network Architecture (SNA) applications fail with link failures. Sniffer traces show a frame larger than 4472. There is no workaround.
IP Routing Protocols
•
A Cisco router suddenly loses some routing entries even though it has a correct Enhanced Interior Gateway Routing Protocol (EIGRP) topology and the neighboring routers contain all routing entries with successors. The root cause is a flapping FDDI interface. This situation does not occur under normal operating conditions.
Workaround: Use the clear ip eigrp neighbors [ip-address] EXEC command.
•
An (S,G) entry created by the receipt of data on an interface will have a NULL outgoing interface list (olist). Unless the X-flag is set for this entry, the entry expiration time will not be updated. The entry expiration time will time out and then be recreated by the next data packet. On routers that process multicast packets for a large number of sources, this situation may increase the CPU usage on the router. There is no workaround.
•
A Cisco router with multicast configured may reload because of a bus error exception if there are severe unicast route updates. There is no workaround.
•
A router may reload when you enter the show ip nat statistics EXEC command. The output of the show stack command is:
Slave in slot 2 was restarted by error - an arithmetic exception, PC 0x608FCD38 RSP Software (RSP-JSV-M), Version 12.0(10), RELEASE SOFTWARE (fc1) Image text-base: 0x60010930, data-base: 0x60EF6000Stack trace from system failure:
FP: 0x61CC4610, RA: 0x608FCD38
FP: 0x61CC4638, RA: 0x608F6478 F
P: 0x61CC4680, RA: 0x608F0A70
FP: 0x61CC4698, RA: 0x601D5A9C
FP: 0x61CC46D8, RA: 0x601E0994
FP: 0x61CC4730, RA: 0x60220F84
FP: 0x61CC4748, RA: 0x60220F70There is no workaround.
•
When you use the Resource Reservation Protocol (RSVP) to ATM switched virtual circuit (SVC) mapping feature, a small memory leak may occur every time an SVC is torn down. After the router performs this activity many times, the router runs out of memory and becomes inoperable. The router may also reload. The frequency of this situation depends on the volume of traffic that triggers the SVC setup and teardown. The memory leak is estimated to be 140 KB per 1000 setups and teardowns.
Workaround: Reload the router periodically, before all the memory is used up.
•
A Cisco router that is running a j-type Cisco IOS software image with IP Network Address Translation (NAT) enabled may experience a fast memory leak, if TCP port1720 is used by nonH.225 traffic (for example, HTTP). There is no workaround.
•
Internet Control Message Protocol (ICMP) Router Discovery Protocol (IRDP) does not work if you use the ip irdp interface configuration command to configure minimum and maximum intervals and then use the show ip irdp EXEC command.
Workaround: Use the ip irdp [maxadvertinterval 0], the ip irdp [minadvertinterval 0], and the ip irdp [holdtime 0] interface configuration commands, and then negate these commands using the no ip irdp [minadvertinterval 0] and the no ip irdp [holdtime 0] interface configuration commands. This workaround turns on IRDP for the interface.
•
A Border Gateway Protocol (BGP) UPDATE contains Network Layer Reachability Information (NLRI) and attributes that describe the path to the destination. Each path attribute is a type, length, value (TLV) object.
The type is a two-octet field that includes the attribute flags and the type code. The fourth high-order bit (bit 3) of the attribute flag is the extended length bit. It defines whether the attribute length is one octet (if set to 0) or two octets (if set to 1). BGP uses the extended length bit only if the length of the attribute value is greater than 255 octets.
An optional, transitive attribute that is unknown to a BGP speaker must be stored and forwarded when the path is sent in a BGP UPDATE. If the length of the attribute is such that the extended length bit is used, its contents are truncated when the UPDATE is sent. There is no workaround.
•
In Border Gateway Protocol (BGP) route maps, the match ip route-source {prefix-list} route map configuration command does not work.
Workaround: Use the match ip route-source {access-list-number} route map configuration command.
•
A Cisco router may reload when you configure a Frame Relay subinterface with a bandwidth of 64 bytes.
Workaround: Shut down the subinterface before changing the bandwidth.
•
A Cisco router may fail while trying to change an interface IP address or during startup when overlapping network statements exist in an Open Shortest Path First (OSPF) configuration.
Workaround: Remove the extra network statement from the OSPF configuration.
•
A Cisco router that is connected to a stubby area does not advertise the default route into that area. The database on the router shows that the link-state advertisement (LSA) for the default route is MAXAGE and that the LSA is not purged until the Open Shortest Path First (OSPF) process is reset. There is no workaround.
•
A Cisco router that is configured with Multicast Source Discovery Protocol (MSDP) and that has locally joined an Internet Group Management Protocol (IGMP) member may leak buffers. This situation occurs when an MSDP security access (SA) message with encapsulated data is received but a Reverse Path Forwarding (RPF) interface lookup for the packet does not result in a valid interface (ip_rpf_lookup() returns NULL).
Workaround: Eliminate the locally joined IGMP member by using the no ip igmp join-group group-address interface configuration command.
•
When you configure an extended IP access list, the keyword "protocol-unreachable" for Internet Control Message Protocol (ICMP) traffic changes to "port-unreachable" when you use the show run or show access-list access-list commands. There is no workaround.
ISO CLNS
•
When you change interface configurations on a Cisco router that is running Cisco IOS Release 12.1 or 12.1 T, the nonpseudonode link-state packet (LSP) is regenerated with the old information. The sequence number of the newly created LSP is incremented, but the content is unchanged. This situation is more critical when the interface state changes from up to down. In such cases, the interface address is still reported in the LSP.
Workaround: Change the circuit-type to l1 and back to l2.
Miscellaneous
•
Encryption over dialer profiles may cause a Cisco router to reload when fast switching is enabled. This situation results in a "get alignment fatal" error.
Workaround: Disable fast switching on the dialer profile interfaces.
•
A Cisco router that is using Cisco Encryption Technology (CET) may not be able to set up encrypted connections in networks with redundant links between encrypting peer routers. This situation may result in a router reload. There is no workaround.
•
On a Cisco router that is running PPP over ATM, accounting messages occasionally have a missing IP address for start or stop records. There is no workaround.
•
A Cisco router reports the following error message when you use the clear counters EXEC command:
%SYS-3-CPUHOGThere is no workaround.
•
Overlap signaling Reliability, Availability, and Serviceability (RAS) over H.323 with a third-party gatekeeper using slowstart causes a Cisco router to pause indefinitely. On two Cisco AS5300 series universal access servers that operate as gateways and a third-party gatekeeper that uses overlap receive, the universal access servers lose or drop digits when an admission request is made by the gateway to the gatekeeper. When you transmit setup messages with bearer capability, Channel ID, and calling number, the switch replies with a call proceeding. The universal access server then responds with a status message that a mandatory information element is missing. There is no workaround.
•
Resolution of recursive routes by Cisco Express Forwarding (CEF) may add 1 to 15 seconds to the end-to-end route convergence time. There is no workaround.
•
The following error message may appear on a Cisco router console:
%LC-3-PSALOADSHARE MPLS loadsharing inconsistency for 0.0.0.0/0No problems are related to this message. If you see any Multiprotocol Label Switching (MPLS) load-sharing forwarding problems at the time the error message is emitted, contact your technical support representative. There is no workaround.
•
Error messages similar to the following text appear when a Fast Ethernet port adapter (FE PA) is being used in Versatile Interface Processor 2 (VIP2):
%CBUS-3-CMDDROPPED:Cmd dropped, CCB 0x5800FF20, slot 0, cmd code 36The likelihood and frequency of these messages appears to increase as the number of subinterfaces on the FE interface is increased. The likelihood is also greater when a two-port FE PA (PA-2FEISL) than a one port FE-PA (PA-FE) is used. Traffic does appear to correctly traverse the FE port even when these messages are seen on the router console. There is no workaround.
•
A multiprotocol over ATM (MPOA) client configured on a WS-516X card on some specific Catalyst 5000 family module (for example, a WS-5509 or a WS-5550 card) may not forward packets on an MPOA shortcut or may drop the packets under the following conditions:
–
–
–
Workaround: Reboot the Catalyst 5000 family module after the MPOA configuration is done.
Alternate workaround: Use the Cisco IOS software on the WS-516X cards and NMP image on the Catalyst 5000 family module with releases later than 4-5-9, 5-5-3, or 6-1-1. Use WS-516X images later than 120-10.W5.18a, or 12.1(3a)E.
•
On a Cisco 6400 series router that is running Cisco IOS Release 12.0(1)T, the system will ignore all Dynamic Host Configuration Protocol (DHCP) responses. This situation applies to DHCP requests sent to configure an internal interface, as well as requests for IP addresses to be returned by PPP to a client by proxy DHCP. There is no workaround.
•
A Cisco router may reload when LAN Emulation (LANE) interfaces flap while the Cisco router is running Cisco Express Forwarding (CEF) switching.
Workaround: Disable CEF on those interfaces.
•
Packet drop has happened on all PRI interfaces which are PA-MC-4CT1s in the Cisco7513. The rate of drop is regularly one packet every two packets.
•
After you perform an online insertion and removal (OIR) on a trunk card, the line comes back up automatically. Reconfiguring the controller and all the subcommands causes the line to back up.
After you perform the OIR of the trunk card on an E1 R2 configuration, the trunk goes into a NULL trunk state. After you unconfigure and reconfigure the controller for E1 R2, the controller goes into an idle state, but calls do not get connected.
Workaround: Reload the router.
•
A server name associated to an IP address disappears after a period of operation.
After you reload DistributedDirector (DD) in the following sample server-name association, a Cisco router displays the following message:
... ip director ip-address 172.16.0.60 ip director default-weights ran 100 ip director server 172.16.0.4 server-name gd.ee.foo.net ip director server 192.168.1.44 server-name devfirewall.foo.com access-list 1 permit 172.16.0.1 access-list 1 permit 172.16.3.1 ...After the router services a few requests but makes no changes to the running configuration, the router displays the following message, indicating that the devfirewall server is missing:
... ip director ip-address 172.16.0.60 ip director default-weights ran 100 ip director server 172.16.0.4 server-name gd.ee.foo.net access-list 1 permit 172.16.0.1 access-list 1 permit 172.16.3.1 ...After a reload, the two server-name entries reappear.
Workaround: Create a Director Response Protocol (DRP) association.
•
On a Cisco 800 series router that is running Cisco IOS Release 12.1(3) through 12.1(5.2), you may receive an error message when trying to save the running configuration if it consumes more than 4 KB of NVRAM. This situation is most evident after the router generates a Rivest, Shamir, and Adelman (RSA) key pair because even a small configuration may require over 4 KB of NVRAM because of RSA key space requirements. The router displays the following error message:
router# write memory
Building configuration... [OK] ->
NVRAM Verification FailedAs a result of the above error, the entire contents of NVRAM are erased, including the startup configuration.
Workaround: Decrease the number of bits in the modules for the RSA keys by using the service compress-config global configuration command to reduce consumed NVRAM space, or use the boot config flash: command to save some of the configurations in a Flash file rather than in NVRAM.
Alternate workaround: Use Cisco IOS Release 12.1(5.3) or a later release.
•
After a microcode reload, packets that are traveling through a Cisco 7500/RSP series router may get process-switched instead of getting distributed Cisco Express Forwarding (CEF)-switched. This situation impacts the performance of the router. If the packets get process-switched while Distributed Multilink PPP is running, CPU utilization may reach close to 100 percent with 5 to 6 T1s. There is no workaround.
•
On a Cisco router, integrated routing and bridging (IRB) does not work correctly with PPP over ATM (PPPoA). If the virtual template is included in a bridge group, BootP packets that passed by router configured with IRB do not get forwarded to the configured helper address.
Workaround: Configure the helper address directly onto the virtual template, or use the Bridge Group Virtual Interface (BVI) without going through the virtual template.
Alternate workaround: Use Cisco IOS Release 12.1(5.1), 12.1(5.3)T, or a later release.
•
A Cisco 7200 series or UBR7200 series router that is running a Cisco IOS release prior to Cisco IOS Release 12.0(10)SC1 may unexpectedly reload if the following conditions are met:
–
–
–
Workaround: Disable Cisco Express Forwarding (CEF).
A Cisco router that is running Cisco IOS Release 12.0(10)SC1 may unexpectedly reload because of a memory corruption. There is no workaround.
•
Configuring the ip route-cache flow interface configuration command on a FlexWAN interface may cause a reload after you perform an online insertion and removal (OIR) of that interface board.
Workaround: Use the ip route-cache flow interface configuration command to configure the first interface of a port adapter.
•
On a Cisco Catalyst 5000 family supervisor engine that is connected to a Cisco 7500 series router through an Ethernet channel, after you upgrade from Cisco IOS Release 12.0(7)XE1 to Cisco IOS Release 12.1(3a), the Fast Ethernet channel interfaces go up and down. The router displays the following error messages:
%LINK-3-UPDOWN: Interface Port-channel2, changed state to down
%Interface MTU set to channel-group MTU 1500. FastEthernet1/1/0 added as member-1 to port-channel2
%Interface MTU set to channel-group MTU 1500. FastEthernet1/1/1 added as member-2 to port-channel2 FastEthernet1/1/1 taken out of port-channel2 FastEthernet1/1/0 taken out of port-channel2This situation only occurs between Dual-port Token Ring ISL 100BASETX (PA-2FEISL-TX) and ports on a WS-X5203 module.
This situation does not occur if you remove the channel-group controller configuration command on the Fast Ethernet interface or use Cisco IOS Release 12.0(7)XE1. The problem also does not occur on the Fast Ethernet ports on a supervisor engine. There is no workaround.
•
On the X5158 LANE blades of a Cisco Catalyst 5000 series router that is running Cisco IOS Release 12.0(W5),the LAN emulation (LANE) blade may respond to LAN Emulation-Address Resolution Protocol (LE-ARP) in VLANs that are in the Blocking state on the LANE blade. This situation may lead to intermittent connectivity problems.
Workaround: Use Cisco IOS Release 11.3WA4.
•
Under a heavy load of voice traffic, a Cisco router may display the following messages:
%SYS-2-LINKED: Bad enqueue of 62233C40 in queue 61FF2F6C -Process= "VTSP", ipl= 5, pid= 88
%SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt levelThe second message appears only rarely but may potentially cause some problems in media-cut-through. There is no workaround.
•
On a Cisco 7500 series router, Distributed Multilink PPP does not come up after switching from Multilink PPP after a reload. The packets are process switched and the router runs Multilink PPP which is inefficient and causes performance degradation. There is no workaround.
•
When you use Multiprotocol Label Switching (MPLS) on a shutdown Frame Relay subinterface that is running Cisco Express Forwarding (CEF), packets are forwarded.
Workaround: Use the ip verify unicast reverse-path interface configuration command on the subinterface.
•
When both dial and voice cards are installed on a Cisco AS5800 series universal access server that is running Cisco IOS Release 12.1(4)T, the number of successful ingress Continuity Testing (COT) sessions is limited by the number of dial digital signal processors (DSPs) available in the system.
Workaround: Disable COT from the network side, or use loopback rather than transponder mode.
•
A Cisco router that is running Cisco IOS Release 12.0(7)T may experience spurious accesses at atmVcIEntry_get. There is no workaround.
•
When Cisco Express Forwarding (CEF) is configured on a Cisco 7200 series router, it may cause a 50 percent packet loss.
Workaround: Clear Address Resolution Protocol (ARP) or clear the adjacencies.
•
Some of the modems connected to a Cisco uBR7200 series router may suddenly go offline with a polling timeout if you provision more than 2000 modems on a single line card on the router. There is no workaround.
•
After a system restart, a Systems Network Architecture (SNA) switch fails to complete the dynamic registration of SNA resources as defined by the snasw location global configuration command when Simple Network Management Protocol (SNMP) SNA switch link traps are enabled.
Workaround: Disable SNA switch SNMP link traps that are using the no snmp-server enable traps snasw link command. Stop and restart the SNA switch processes.
•
A PA-MC2E1/120 controller on a Cisco 7200 series router with High-Level Data Link Control (HDLC) interfaces configured may experience flapping serial interfaces for channel groups when no keepalive messages are received.
Workaround: Disable keepalive on each interface.
•
A FDDI interface on a Cisco 7200 series router randomly stops forwarding Routing Information Protocol (RIP) updates following a physical interface state change.
Workaround: Clear the IP routes or reload the router. Please note that clearing the IP routes may sometimes trigger this caveat.
•
A Cisco AS5800 series universal access server that is running Cisco IOS Release 12.1(2a)XH1 or 12.1(3a)T1, and that is operating under a heavy load may experience a system reload because the system temporarily runs out of memory for the interprocess communication (IPC) header cache. There is no workaround.
•
A Cisco 12008 router that is running Cisco IOS Release 11.2(19)GS4.1 reloads because of a bus error exception. There is no workaround.
•
In Cisco IOS software that is running Multiprotocol Label Switching (MPLS)/Tagswitching over ATM interfaces, virtual circuit (VC) resource exhaustion at the ATM driver level is not reported to the MPLS application during Label VC (LVC) creation. This situation causes MPLS to behave as though it successfully created an LVC when the ATM driver actually failed to complete the request. The output of the show atm vc privileged EXEC command shows the LVC in the INACTIVE state, so the destination cannot be pinged over the affected LVC.
This situation occurs only when you set the virtual path identifier (VPI) or virtual channel identifier (VCI) label range negotiated during Label Distribution Protocol (LDP)/Tag Distribution Protocol (TDP) session establishment larger than the VC range of the interface and when all the VC resources on the interface are exhausted.
This situation usually does not occur when the ATM interface is connected to a BPX, IGX, MGX or any ATM switch, because the VC resources are constrained by the ATM switch during label range negotiation.
Workaround: Set the label range to be smaller than the VC space to ensure that this condition never occurs.
•
A Cisco Versatile Interface Processor 4 (VIP4) with a Cisco PA-MC-2T3+ port adapter reloads after you use the shut command followed by the no shut command on a multilink interface. There is no workaround.
•
TinyROM 1.3(1) appends a spurious string of random length to the ROM variables in NVRAM when you use the save command. If this situation occurs often enough, it eventually results in permanent router failure.
The failure may manifest in the ROM as an indefinite pause, a "not enough memory" error, TFTP transfer failure, or boot failure. It may manifest in Cisco IOS software as an indefinite pause at any point, continual spurious output to the console, or memory protection violations.
Workaround: Use TinyROM Release 1.4(1).
•
A Cisco Systems Network Architecture Switching Services (SNASw) router that is located between a virtual telecommunications access method (VTAM) network node (NN) and a low-entry networking (LEN) end station receives a locate message originated from a Primary Logical Unit resident on a subarea VTAM. The locate message includes Cross-Domain Initiate with Route Selection Control Vector (RSCV). This locate message is incorrectly processed by the SNASw router. When the NN sends a subsequent locate message, the SNASw router rejects the locate message with sense 0890 0010. There is no workaround.
•
Under heavy traffic conditions, the WS-X6101 module may not respond to a third-party switch poll in a timely manner, and the Integrated Local Management Interface (ILMI) signaling is restarted. This situation also causes the Service-Specific Connection-Oriented Protocol (SSCOP) signaling to restart, and all virtual circuits (VC) are torn down. There is no workaround.
•
Some SanDisk 48 MB flash cards do not boot.
Workaround: Use a Cisco IOS release that contains the SanDisk fix.
•
Multiprotocol Label Switching (MPLS) ATM Tag Distribution Protocol (TDP) bindings may not reestablish when TDP adjacencies flap. This situation may occur under high CPU utilization or when TDP neighbor adjacencies flap. This situation has been observed only when the TDP neighbor is running Cisco IOS Release 12.0(10)S or an earlier release. You can diagnose this problem by using the show tag-switching atm-tdp bindings privileged EXEC command. The symptoms are that the LER will have a tag ATM binding for a destination prefix while the downstream router will not. There is no workaround.
•
When path maximum transmittable unit (pMTU) discovery is performed by end stations, a Cisco router advertises the incorrect next-hop maximum transmission unit (MTU) value in the needed Internet Control Message Protocol (ICMP) fragmentation and sends "do not fragment" (DF) bit set messages if the outbound interface uses generic routing encapsulation (GRE) over IP Security (IPSec). This situation causes connections to fail.
Workaround: Lower the IP MTU on the tunnel interface.
•
When NMHDV+WIC-2MFT-T1 is configured to support 48 calls that are using a connection trunk, and the voice activity detection (VAD) device is disabled, the trunked calls begin to flap. There is no workaround.
•
If one of the links in a two-link Distributed Multilink PPP bundle is shut down, the bundle stops passing traffic through the multilink interface. This situation occurs only on a two-link Distributed Multilink PPP bundle and not on a bundle with more than two links.
Workaround: Use the shut/no shut command on the multilink interface.
•
On a Cisco AS5300 series universal access server that is running Cisco IOS Release 12.1(3)T, the RADIUS server erroneously sends attribute 61 = 0 (asynchronous port type) for an ISDN connection. There is no workaround.
•
A small amount of memory is allocated and not freed when a Cisco router writes a configuration to nonvolatile memory. There is no workaround.
•
On a Cisco router, ATM may stop receiving traffic, the input-queue of the interface may get stuck, and input errors as well as cyclic redundancy check (CRC) errors may be reported in the output of the show atm interface CLI command.
Workaround: Disable Cisco Express Forwarding (CEF).
•
A Cisco router that is running Cisco IOS Release 12.1 and that is configured with a dynamic crypto map fails to negotiate crypto access lists from a peer router if the Access Control List (ACL) uses TCP/UDP port numbers. This situation does not affect Cisco IOS Release 12.0(7)T. There is no workaround.
•
A Cisco router that is functioning as a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) Provider Edge (PE) router may have problems forwarding VPN traffic because of missing or incorrect entries in the Tag Forwarding Information Base (TFIB) table for the peer PE Border Gateway Protocol (BGP) router ID. The output of the show tag bgp router id command does not show an entry. This situation occurs only if all of the following conditions are met:
–
–
Workaround: Clear the IP routing table entry for the peer PE BGP router ID prefix.
Alternate workaround: Avoid having the same IP address both be the BGP router ID and be advertised by that same router as part of a VRF.
•
While polling VLAN interfaces on a Route Switch Module (RSM), Header Compression (HC) counters return zeros.
Workaround: Poll the 32-bit Simple Network Management Protocol (SNMP) version 1 counters for I/O octet packets until the HC counters are implemented.
•
A Cable Modem Termination System (CMTS) reloads with memory corruption when corrupted IP packets are received on an odd memory address. There is no workaround.
•
An ATM permanent virtual circuit (PVC) Inverse Address Resolution Protocol (InARP) operation may not work under some configuration changes when both IP and IPX are configured on an ATM interface. There is no workaround.
•
A Cisco router frequently displays the following message when a dual-port Token Ring Inter-Switch Link port adapter (PA-2FEISL) is configured for distributed Cisco Express Forwarding (dCEF) and rate-limit:
CLNS-3-BADPACKET: ISIS: LAN L2 hello, packet (1497) or wire (581) length invalid from 0010.f6fb.0128 (FastEthernet9/1/0)Workaround: Use a PA-2FE port adapter or disable dCEF and do not use rate-limit on a PA-2FEISL.
•
A Distributed Weighted Random Early Detection (DWRED) configuration under a bundled permanent virtual connection (PVC) is not accepted during bootup. There is no workaround.
•
In Cisco IOS Release 12.1(4.4) through Cisco IOS Release 12.1(5.2), you must set the logging source interface for "syslogging" as a temporary workaround in order for the logging source interface to work correctly on all platforms except the Cisco Integrated Communications System (ICS) 7750. On the ICS 7750, this method breaks the copy run start and the write memory commands and prohibits configurations from being saved to the system database.
Workaround: Use Cisco IOS Release 12.1(5.3) or a later release. For the ICS 7750, use Cisco IOS Release 12.1(5)T2.
•
On a Cisco 7500 series router that is running Cisco IOS Release 12.0 or 12.2, if you use multiple tunnel interfaces and Cisco Encryption Technology (CET) over Frame Relay, only some of the CET tunnels reload the router. There is no workaround.
•
A Versatile Interface Processor (VIP) 2-50 that is running Cisco IOS Release 12.1(1a) may experience a memory leak when the "CEF LC Stats" process holds too much memory. The VIP exhibits the following error messages:
%FIB-4-FIBXDRINV: Invalid format. RDB length wrong
%IPC-5-SLAVELOG: VIP-SLOT1:
%SYS-2-MALLOCFAIL: Memory allocation of 65524 by alignment 32 -Process= "CEF LC Stats", ipl= 0, pid= 25There is no workaround.
•
On a Cisco 2600 or 3600 series router, pings through a Token Ring Inter-Switch Link (TR-ISL) router may fail if the router sends a packet size of 4026 bytes or larger. You can verify this situation by checking the TR-ISL interface and looking for giants or for input errors such as frame errors. There is no workaround.
•
On Cisco 7100 and 7200 series routers with fast switching enabled, generic routing encapsulation (GRE) over an IP Security (IPSec) tunnel does not work for packets large enough to require fragmentation.
Workaround: Use the service disable-ip-fast-frag global configuration command.
•
On a tag forwarding table entry for a destination in which the outgoing tag field should be "Pop tag" or a valid outgoing tag in which the outgoing tag field is "Untagged", traffic for the destination may be dropped. (The show tag-switching forwarding-table privileged EXEC command displays the tag forwarding table.) This situation occurs on a Cisco router that has the tag-switching ip global configuration command enabled.
Workaround: Implement the following steps:
1. Determine the next hop and the outgoing interface for the destination.
2. Enter the no tag-switching ip global configuration command for each outgoing interface.
3. Wait 15 to 20 seconds.
4. Enter the tag-switching ip global configuration command for each outgoing interface.
•
A Cisco router with ATM interfaces may reload. There is no workaround.
•
A Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) Provider Edge (PE) router that is running Cisco IOS Release 12.0(10.6)ST, 12.1(2.6), 12.1(3.1), 12.1(3.3)T, 12.1(2.3)T1, or later releases exhibits faulty behavior when forwarding customer traffic. When there are multiple paths to get to the remote PE and one of the paths to the PE goes down or comes up, traffic to all customer prefixes going over any of those multiple paths is dropped until the Cisco Express Forwarding (CEF) entries for those prefixes is reresolved (about 15 seconds). There is no workaround.
•
An interface that receives Mobile IP registration requests goes into throttle mode when authentication, authorization, and accounting (AAA) server response slows down. This situation occurs when there are more registrations coming in than the number of registration replies that Home Agent (HA) can send (exceeding the input buffer of the interface).
Workaround: Use traffic shaping to reduce the number of registrations coming into the HA. This workaround allows HA to process received registrations to free up the input buffers of the interface.
•
On a Cisco 7200 series router or a Route Switch Processor (RSP) that is running Cisco IOS Release 12.1(5), a Versatile Interface Processor (VIP) with a PA-E3 or PA-T3 port adapter may not boot and reloads because of a bus error exception. There is no workaround.
•
During Home Agent (HA) redundancy, standby HA does not download all bindings from an active HA. This situation occurs only for a large number of mobility bindings (such as 100,000 to 200,000 bindings). There is no workaround.
•
A memory leak may occur under various timing conditions when a backend name server is used with DistributedDirector. There is no workaround.
•
A Cisco 7100 series router may pause indefinitely while running Cisco IOS Release 12.1(4) with an Integrated Service Module (ISM) module installed. This situation occurs about three times a day. There is no workaround.
•
On a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) network on a Provider Core router that is adjacent to a VPN Provider Edge (PE) router, Tag Distribution Protocol (TDP) fails to check whether an interface is bound to a VPN routing/forwarding instance (VRF) before advertising the interface address to TDP neighbors. This situation occurs when the address (A) of an interface on a PE router that is bound to a customer VRF is also an address for a core router adjacent to a Provider Core router.
The output of the show tag-switching forwarding-table privileged EXEC command on the Provider Core router shows incorrect outgoing labels for some prefixes. Specifically, for prefixes whose next hop address is A, the output shows the label advertised by a PE router for the outgoing label instead of the label advertised by the next hop router.
Workaround: Configure Provider Core routers so that they do not have addresses that are used as addresses for interfaces bound to customer VRFs on PE routers.
•
When you use the label switch controller (LSC) functionality, it is possible for transit bindings to remain in the RetryWait state if the downstream neighboring router is running Cisco IOS Release 12.0(10)ST, 12.0(10)ST1, or 12.0(10)ST2. This condition may occur when there are more than 200 routes present that require transit bindings to be established.
Workaround: Use the shut/no shut command on the Xtag interface corresponding to the bindings.
•
A Cisco router experiences a software-forced reload after you use the ip audit ids-policy in command. There is no workaround.
•
In an Multiprotocol Label Switching (MPLS) network that uses Label Distribution Protocol (LDP) or Tag Distribution Protocol (TDP), packets that match the default route are dropped or forwarded incorrectly. This situation may occur in MPLS networks that use LDP or TDP that have routes for both 0.0.0.0/0 (default) and 0.0.0.0/n. Routers that incorrectly drop or forward these packets, the output of the show tag-switching forwarding-table privileged EXEC command shows the label advertised for 0.0.0.0/n as the outgoing label for 0.0.0.0/0.
Workaround: Prevent the use of route 0.0.0.0/n in networks that use 0.0.0.0/0 (default).
•
The per modem and per host access list works correctly from the command line but delays for a couple of minutes before you can apply an access list through Simple Network Management Protocol (SNMP).
Workaround: Use the Cisco IOS release that contains the fix for this caveat.
Novell IPX, XNS, and Apollo Domain
•
An ATM User-Network Interface (UNI) does not include a cumulative round-trip time parameter in the ABR (Available Bit Rate) call setup. This situation causes interoperatability issues with different vendor products. There is no workaround.
TCP/IP Host-Mode Services
•
If a Cisco router is running Cisco IOS Release 12.0 S and the "ip tcp path-mtu-discovery" feature is enabled, the router may experience a TCP timer problem and reload. This situation occurs when the router is experiencing a heavy load that includes a large number of Border Gateway Protocol (BGP) peer routers that are exchanging routing packets. There is no workaround.
Wide-Area Networking
•
A Cisco 4500 series router reloads because of a bus error exception in nov_fastswitch. There is no workaround.
•
The isdnBearerCallConnectTime variable is not properly updated for incoming calls through the BRI interface. However, it is updated properly for outgoing calls. This situation affects Simple Network Management Protocol (SNMP) users and does not compromise router functionality. There is no workaround.
•
A Cisco 3640 router that is configured with two E1/ISDN PRI interfaces may sporadically be unable to send and receive ISDN calls. The router exhibits the following error messages:
Se0/1:15 DDR: has 30 ongoing call(s), maximum allowed call(s) 30 on pool 1, exceeded max
Se0/0:15 DDR: has 30 ongoing call(s), maximum allowed call(s) 30 on pool 1, exceeded max
Di1 DDR: No free dialer - starting fast idle timerThese messages are exhibited even though the output of the show dialer EXEC command and the show isdn service privileged EXEC command indicate that there are free dialers and free B-channels. There is no workaround.
•
When a Cisco router is configured for an outbound X.25 permanent virtual connection (PVC) using protocol translation, the router ignores a received Reset, resulting in a PVC (once recreated) for which the two stations have a conflicting state. This situation is unrecoverable without a restart.
Workaround: Initiate an X.25 interface restart.
•
A Cisco AS5300 router may reload because of memory corruption. There is no workaround
•
When a Pipeline 50 terminal adapter dials in to a Cisco AS5400 series universal access server, PPP authentication fails during link control protocol (LCP) negotiation if you use the ppp authentication {pap [chap ms-chap]} interface configuration command on the universal access server. If you remove ms-chap, the dial session comes up correctly.
When the universal access server has ms-chap configured on the dialer interface and dials out to the terminal adapter when it is configured for callback, the call proceeds to LCP negotiation, but LCP times out. There is no workaround.
•
A Cisco LS1010 router or a Catalyst 8540MSR ATM module that is running Cisco IOS Release 12.0(7)W5(15c) with a Private Network-Network Interface (PNNI) rejects an ATM call SETUP if the setup includes the 5a information element coded with associated signaling, explicit virtual path and channel identifier (VPCI), and any virtual channel identifier (VCI).
If another ATM switch sends a SETUP that includes the 5a information element coded with associated signaling, explicit VPCI, and any VCI, the ATM module releases the call with a "requested VPCI/VCI not available" message.
Call setups that include the 5a information element coded with associated signaling, explicit VPCI, and explicit VCI, including those made by Cisco ATM switches, are not affected by this situation. The interoperability problem exists between Cisco ATM switches and other vendor switches that do not explicitly request the VCI value in the call SETUP. There is no workaround.
•
Shutting down a dialer interface causes the router to reload or to pause indefinitely. There is no workaround.
•
For LSDO, the default gateway wins the Stack Group Bidding Protocol (SGBP) bid even if the PRI or BRI controller is down. There is no workaround.
•
Misconfigured passwords on customer premises equipment (CPE) causes continuous PPP renegotiations on a Cisco 6500 series router, causing the AAA server to receive numerous authentication requests. There is no workaround.
•
On a Cisco AS5300 series universal access server that has been running Cisco IOS Release 12.0(7)T for 2 to 3 weeks, an ISDN user is not able to complete a callback successfully. Debug information reports the following error message:
MCB: Failed creation of dynamic dialer mapThere is no workaround.
•
PPP/Multilink PPP over Frame Relay (FR) produces the following known statistics errors:
–
–
–
The input Forward Explicit Congestion Notification (FECN) packets, input Backward Explicit Congestion Notification (BECN) packets, and input Discard Eligibility (DE) packets of an FR PVC are incorrect. There is no workaround.
•
Additional pings fail after a call is dropped when the idle timer times out or after the dialer interface is unconfigured then reconfigured.This situation only occurs when the encapsulation is not PPP. There is no workaround.
•
Retransmission of a frame through Token Ring Inter-Switch Link (TRISL) is truncated. There is no workaround.
•
In Cisco IOS Release 12.1(4) and previous releases, if you unconfigure the dialer profile from the system using the no interface dialer interface-number global configuration command while an outgoing call is pending, the number of B channels or links available for placing outbound calls may be decreased by one.
Workaround: Use the shut/no shut command on the dialer profile interface, and wait for any pending outbound call to either connect or fail before unconfiguring the dialer profile interface.
•
An Advanced Peer-to-Peer Networking (APPN) router with a Fast Ethernet Inter-Switch Link (ISL) interface may place an incorrect VLAN number in the ISL header of the APPN packets. There is no workaround.
•
A Cisco router reloads if you remove a dialer profile while the call is in progress and the call is made on a ISDN interface that has the isdn fast-rollover-delay command configured.
Workaround: Remove the isdn fast-rollover-delay interface configuration command from the configuration.
Alternate workaround: Do not remove the dialer profile on which the fast rollover delay is configured.
•
When you use Large Scale Dial Out (LSDO) with virtual profiles, the dialer session times out (typically after 60 seconds) and the dynamic dialer map is removed. This situation does not break IP connectivity because a virtual profile does not require a dialer map, but the removal of the dialer session may have undesired consequences, particularly in installations that involve more than one network access server (NAS). There is no workaround.
•
When a virtual profile interface is used for a call, the call inherits the idle time of the dialer interface on which the call came in. However, the virtual profile interface does not inherit the interesting traffic definition from the dialer. Instead, all network layer traffic on the virtual profile resets the idle timer. There is no workaround.
•
A Cisco 7500 series router that is running Cisco IOS Release 12.1 PI with a PA-A3-OC3 or a PA-IMA port adapter hosted in any of the Versatile Interface Processors (VIPs) may pause indefinitely if you enter the following sequence of commands:
–
–
–
This situation does not affect Cisco IOS Release 12.0 S, 12.1, or 12.1 E. There is no workaround.
•
A Cisco router that is running a LAN emulation client sends a no-src LE_NARP message when it switches over to the standby mode. A no-src LE_NARP message is a LAN emulation version 2 message that is sent to advertise to the other LAN emulation clients that the binding between the target-mac address and the target-atm address is no longer valid. This message may confuse the hosts running LAN emulation version 1 client depending on the sequence in which they receive no-src LE_NARP from the standby router and LE_NARP from the active router. This situation results in a temporary loss of connectivity, which is restored once the client retries the address resolution process. There is no workaround.
•
If a Layer 2 Tunneling Protocol (L2TP) Access Concentrator (LAC) negotiates a PPP authentication protocol such as Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP) with a dialup peer and that protocol is not the first protocol listed on the "ppp authentication" configuration command line, the LAC CONFREQ message is rejected unnecessarily. If you configure the lcp renegotiation on-mismatch command, an unnecessary link control protocol (LCP) renegotiation takes place. Some PPP clients are not able to handle an LCP renegotiation. There is no workaround.
•
The Endpoint Discriminator option is rejected if multilink is not configured. There is no workaround.
•
Calls fail if a B channel is negotiated. There is no workaround.
•
The following boot images cannot be built:
c1600-boot-r.sun, c1600-boot-r.sun, c2500-boot-r.sun, c4000-boot-r.sun, c4500-boot-m.czsun, c5rsm-boot-m.czsun, c7100-boot-m.czsun, c7200-boot-m.czsun, check-req-%, ls-wp.commonlego, lsm-wp.commonlego, rsp-boot-m.czsun, sr_atmsrvcregmib.o, ubr7200-boot-m.czsun
There is no workaround.
•
When you use a TNT access server as a Layer 2 Tunneling Protocol (L2TP) Access Concentrator (LAC) and a Cisco 7206VXR router that is running Cisco IOS Release 12.1(4.2) as a L2TP Network Server (LNS) on an L2TP network, input packet and byte count on the L2TP Tunnel ingress interface on the LNS appear to be double actual values. There is no workaround.
•
If a Catalyst 5000 Family ATM LAN Emulation (LANE) module is running Cisco IOS Release 12.0(10)W5(18a) and you use either the lane [config] config-atm-address 47 or the lane [config] fixed-config-atm-address interface configuration command, when you use the shut/no shut command on the ATM interface, the module gets stuck in a constant bootup process that cannot be stopped by any break sequence.
Workaround: Configure the LE Configuration Server (LECS) address in the ATM switch using the atm lecs-address-default lecs nsap address command.
•
A VIP2-50 Versatile Interface Processor (VIP) that is running Cisco IOS Release 12.1(1a) may experience a memory leak when the "CEF LC Stats" process holds too much memory. The VIP exhibits the following error messages:
%FIB-4-FIBXDRINV: Invalid format. RDB length wrong
%IPC-5-SLAVELOG: VIP-SLOT1:
%SYS-2-MALLOCFAIL: Memory allocation of 65524 by alignment 32 -Process= "CEF LC Stats", ipl= 0, pid= 25There is no workaround.
•
In a multilink configuration in which multilink bundles may contain member links that are virtual-access interfaces, under some circumstances the bundle master interfaces are not released because users disconnect, leaving behind "orphaned" bundles.
These orphaned bundles remain around forever, preventing a user from reconnecting, tying up system resources, and even potentially interfering with other connections (ones that reuse the virtual access interface that are member links in the orphaned bundles).
The types of system where you most commonly encounter this situation are large scale dialup environments; systems that have large numbers of connections that come and go, and that are projecting links through Virtual Private Network (VPN) (usually stack group systems using Stack Group Bidding Protocol (SGBP)/VPN). Any router that hosts a bundle that contains any sort of virtual-access interface as a member link is at risk, though. There is no workaround.
•
A Cisco router may reload when you enter the frame-relay broadcast-queue interface configuration command.
Workaround: Avoid using this command.
•
Available Bit Rate (ABR) switched virtual circuit (SVC) setup messages are rejected by non-Cisco ATM switches, causing the following message:
Invalid subfield identifier 0x0c in ATM Traffic Descriptor IEThere is no workaround.
•
FRF.9 hardware compression does not keep correct statistics on per virtual circuit byte counts causing the following Frame Relay MIB counters to not reflect correct values:
frCircuitSentOctets "1.3.6.1.2.1.10.32.2.1.7"
frCircuitReceivedOctets "1.3.6.1.2.1.10.32.2.1.9"There is no workaround.
•
ATM UNI interface does not include Cumulative Round Trip Time parameter in the ABR (Available Bit Rate) call setup. This situation causes interoperatability issues with different vendor products. There is no workaround.
•
Pings do not go through because the Call Initiator does not initiate a call. This situation occurs on all encapsulations. There is no workaround.
•
Multiple tunnel IDs may be generated in such a way that the IDs are all mapped to the same index value, and the new tunnel overrides the old tunnel in the lookup table. This situation causes a Cisco router to discard control messages for the old tunnel because of lookup failures. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.1(5e)
Cisco IOS Release 12.1(5e) is a rebuild of Cisco IOS Release 12.1(5). The caveats in this section are resolved in Cisco IOS Release 12.1(5e) but may be open in previous Cisco IOS Releases.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.1(5d)
Cisco IOS Release 12.1(5d) is a rebuild release for Cisco IOS Release 12.1(5). There are no additional resolved caveats in this release. All caveats that are open and resolved in Cisco IOS Release 12.1(5c) are also in Cisco IOS Release 12.1(5d).
Resolved Caveats—Cisco IOS Release 12.1(5c)
Cisco IOS Release 12.1(5c) is a rebuild release for Cisco IOS Release 12.1(5). The caveats in this section are resolved in Cisco IOS Release 12.1(5c) but may be open in previous Cisco IOS releases.
•
A Cisco router that is running Cisco IOS Release 12.0 S may experience a TCP timer problem and reload. This situation occurs when the router is experiencing a heavy traffic load combined with a configuration that includes a large number of TCP sessions (for example, hundreds of Border Gateway Protocol (BGP) peers). There is no workaround.
•
A Cisco router may experience a loop if data is sent to a non-existent network that appears to be part of the summary and the ABR that originates the summary has a default route back to the sending router. There is no workaround.
•
Under certain conditions, the following error message would be incorrectly displayed multiple times:
%RSP-3-DEVERR: Read cis from dev 1 error -6This fix prevents this message from displayed at inappropriate times.
•
Multiprotocol Label Switching (MPLS) ATM Tag Distribution Protocol (TDP) bindings may not reestablish when TDP adjacencies flap. This situation may occur under high CPU utilization or when TDP neighbor adjacencies flap. This situation has been observed only when the TDP neighbor is running Cisco IOS Release 12.0(10)S or an earlier release. You can diagnose this problem by using the show tag-switching atm-tdp bindings privileged EXEC command. The symptoms are that the LER will have a tag ATM binding for a destination prefix while the downstream router will not. There is no workaround.
•
When a PA-2FE port adapter is configured for distributed Cisco Express Forwarding (dCEF) and rate-limit (QoS features), the following error message is produced:
CLNS-3-BADPACKET: ISIS: LAN L2 hello, packet (1497) or wire (581) length invalid from 0010.f6fb.0128 (FastEthernet9/1/0)Workaround: Use a PA-FE port adapter.
•
A Versatile Interface Processor (VIP) 2-50 that is running Cisco IOS Release 12.1(1a) may experience a memory leak when the "CEF LC Stats" process holds too much memory. The VIP exhibits the following error messages:
%FIB-4-FIBXDRINV: Invalid format. RDB length wrong
%IPC-5-SLAVELOG: VIP-SLOT1:
%SYS-2-MALLOCFAIL: Memory allocation of 65524 by alignment 32 -Process= "CEF
LC Stats", ipl= 0, pid= 25There is no workaround.
•
A Cisco router that is acting as a Provider Edge (PE) router in a Multiprotocol Label Switching (MPLS)/Virtual Private Network (VPN) may show an incorrect tag value for some VPN routing/forwarding instance (VRF) routes. This situation breaks connectivity between the local and remote VPN networks. The problem may occasionally appear under specific timing conditions in networks with unstable (flapping) VRF links and redundant Route Reflectors (RR) that are at different geographical locations (different network connection speed). The recovery method is to use the clear ip route vrf vrf-name {ip-address} EXEC command, where vrf-name is the VRF that includes the route and the corresponding IP address.
Workaround: Use a single RR.
•
A Cisco router may not be able to use named access lists as distribute lists in Border Gateway Protocol (BGP). There is no workaround.
•
In an Multiprotocol Label Switching (MPLS) network that uses Label Distribution Protocol (LDP) or Tag Distribution Protocol (TDP), packets that match the default route are dropped or forwarded incorrectly. This situation may occur in MPLS networks that use LDP or TDP that have routes for both 0.0.0.0/0 (default) and 0.0.0.0/n. Routers that incorrectly drop or forward these packets, the output of the show tag-switching forwarding-table privileged EXEC command shows the label advertised for 0.0.0.0/n as the outgoing label for 0.0.0.0/0.
Workaround: Prevent the use of route 0.0.0.0/n in networks that use 0.0.0.0/0 (default).
•
A Cisco router may experience a condition where the TDP session for the subinterface disappears for no apparent reason and cannot be reestablished. This situation may occur when running TDP on an ATM point-to-point subinterface between two routers. This condition has not been reproduced.
Workaround: Entering the following sequence of commands on both routers may correct the situation:
configure terminal
interface interface-name
shutAfter entering these commands, wait 10 to 15 seconds, then enter the no shut command.
•
A Cisco router may experience a condition in which the output of the show tag-switching tdp neighbor command on neighbor routers show that the IP address(es) of down subinterfaces are bound to the router. In addition, the output of show tag-switching forwarding command on neighbor routers may show incorrect outgoing labels for prefixes where the next hops are one of those incorrectly bound IP addresses. This condition may occur on a router that has IP addresses that are configured for subinterfaces when running LDP or TDP. The condition may occur when the configuration of the physical interface is changed from shutdown to no shutdown if any of the subinterfaces are administratively down or if any of the subinterface line protocols remain down after the physical interface comes up.
Workaround: If the subinterface is administratively down, enter the following sequence of commands:
interface sub-interface
no shutdown
shutdownIf the subinterface is administratively up but its line protocol is down, enter the following sequence of commands:
interface sub-interface
shutdown
no shutdown•
After a reload, a Cisco router may not forward packets to an interface that is not running IP tag switching. Pinging from the router works, but a ping that needs to cross the router fails.
This situation occurs in topologies that include the following attributes:
–
–
Workaround: Ensure that the route flaps. If the route flaps, Multiprotocol Label Switching (MPLS)/Cisco Express Forwarding (CEF) is installed correctly.
•
With Engine 2-based line cards for the Cisco 12000 series Internet router, the line card to route processor (RP) queue may become too large, which causes malloc failures on the line card. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.1(5)
All the caveats listed in this section are resolved in Cisco IOS Release 12.1(5). This section describes severity 1 and 2 caveats and select severity 3 caveats.
Basic System Services
•
Enabling Multiprotocol Label Switching-Traffic Engineering (MPLS-TE) tunnels on a Cisco 7507 router may result in a memory leak by the interprocess communication (IPC) Seat Manager process and a reload of the router if NetFlow and NetFlow Export are enabled on the router, and the NetFlow Export packets are going out of the MPLS-TE tunnels.
Workaround: Disable NetFlow Export by entering the no ip flow-export ip-address udp-port global configuration command.
•
Authentication, Authorization, and Accounting (AAA) and ISDN session time measurements are not equal. There is no workaround.
•
The ifHCInOctets counter may report incorrect values during reloads for a Packet-over-SONET (POS) interface on a Cisco 12000 series Internet router. There is no workaround.
•
On a Cisco 7513 router, a check for the wrong backplane ID prevents a slave from initiating the slave sign-in process, so the slave never lets the master know that it is up. There is no workaround.
•
If a Cisco 7200 series router with many PA-MCxT1 cards has ISDN configured, some ISDN interfaces may fail to initialize correctly. An ISDN_UNEXPECTED_EVENT message is logged and the ISDN status stays at TEI-ASSIGNED.
Workaround: Use the shut/no shut command on the interface.
•
On a network access server (NAS) and a Cisco Resource Pool Manager Server (RPMS), if a NAS is configured on the RPMS server but the RPMS server is not configured on the NAS as a TACACS server, the NAS CPU utilization may rise by 80 percent.
Workaround: Configure the RPMS server NAS address to match the NAS TACACS server configuration.
•
A slave Route Switch Processor (RSP) on a Cisco 7513 router that is running Cisco IOS Release 12.1(4) may indicate that the RSP is not running. There is no workaround.
•
The following sequence of commands causes a Cisco router to reload:
–
–
–
There is no workaround.
IBM Connectivity
•
A Cisco router that is running Cisco IOS Release 12.0(10) and that has native client interface architecture (NCIA) configured may reload because of a bus error exception. There is no workaround.
•
A Cisco data-link switching (DLSw) border peer network that is running DLSw may reload with a Seg V exception because of a memory leak caused when a peer-on-demand peer is established and the peer fails. If this situation happens repeatedly, the router will run out of memory and reload. This situation does not happen with configured or promiscuous DLSw peers.
Workaround: Increase the peer-on-demand inactivity timeout to a large value using the dlsw peer-on-demand-defaults [inactivity minutes] global configuration command. The maximum timeout configurable is 1440 minutes. This timeout controls the time that the peer remains established after the last DLSw circuit goes away.
•
When a mainframe goes down and Cisco Multipath Channel (CMPC) transmission groups (TGs) are still active, a Channel Interface Processor (CIP) may experience an output-stuck condition that does not provide any information for problem diagnosis. This situation occurs most often during an initial program load (IPL) of the mainframe, but may also result from a network outage to a remote router or may occur when you configure a new CMPC TG. The mainframe displays the following error message:
%RSP-3-RESTART: interface Channel4/2, output stuckThere is no workaround.
•
NetBIOS frames with a payload of 47 to 59 bytes may be truncated when placed on an Ethernet segment after being transported with data-link switching (DLSw) Fast Sequenced Transport (FST) encapsulation. This situation only occurs on particle-based platforms such as Cisco 3600 or 7200 series routers.
Workaround: Use DLSw with TCP encapsulation instead of FST encapsulation, or use a different router platform.
Interfaces and Bridging
•
A TBRIDGE monitor holds memory and causes a malloc error in the processor's memory.
Workaround: Disable transparent bridging.
•
The Bridge Group-Virtual Interface (BVI) MAC address may appear in the wrong bridge group. There is no workaround.
•
The maximum transmission unit (MTU) that can be configured on the Token Ring interface of a Cisco 2600, 3600, 7200, or 7200VXR router is restricted to 4464 bytes in Cisco IOS Release 12.1 and 12.1 T. There is no workaround.
•
A Cisco 7200 series router.s High-Level Data Link Control (HDLC) encapsulated interface on Packet-Over-SONET (POS) PA-POS is never up after reloading unless you configure the cdp enable or clock source internal interface configuration commands.
Workaround: Use the clear interface EXEC command or a sequence of the shut and no shut interface commands.
•
High-Level Data Link Control (HDLC) reports that the line is up even though the mineseen values do not increment or are not received.
Workaround: Configure the line to run PPP.
•
A Cisco router with Multiprotocol Label Switching (MPLS) is enabled on a FDDI interface may corrupt some packets that are FDDI to FDDI MPLS switched out of the FDDI interface. This situation may also occur in FDDI to ATM MPLS switching.
Workaround: Keep a continuous stream of pings running from the router introducing the corruption targeted at the loopback address of the host or router that is reporting the cyclic redundancy check (CRC) errors.
IP Routing Protocols
•
IP Network Address Translation (NAT) fails to use addressed from the defined pool. Instead, it uses an address that was already used for static mapping. There is no workaround.
•
A point-to-point sub-interface can be up/up but from a routing protocol perspective, the interface is in a down state. The problem appears with the ip numbered sub-interfaces interface configuration command. Using the shut/no shut command on the interface does not fix the problem, but restarting the routing process (using the clear ip route * EXEC command for static routes) does correct it.
A related issue occurs if a sub-interface is marked down as the result of Operation, Administration, and Maintenance (OAM) cell missing, Frame Relay-permanent virtual circuit (FR-PVC) down, the routing process is not informed and it becomes necessary to wait for the routing protocol to detect the adjacency down (missing Hellos, Updates).
Workaround: Use the ip numbered sub-interfaces interface configuration command.
•
A Cisco router that is running Cisco IOS Release 12.1(1) or a later release and that is directly connected to a Dynamic Host Configuration Protocol (DHCP) server, may not forward directed broadcast IP packets to the DHCP server.
Workaround: Use the no service dhcp global configuration command.
•
A Cisco router that is running Cisco IOS Release 12.0(10)S and that receives a large packet that was fragmented before the receipt may display the following error message at the rendezvous point of a multicast network that is running Protocol Independent Multicast (PIM) sparse mode:
%PIM-5-REG_ENCAP_INVALID: Bad register from <IP-address> for (<IP-address>, <Class-D-IP-address>). Trace = ....Workaround: Send a mix of large and small packets from the source, so that the source tree is set up correctly by the small packets between the first hop and the Route Processor (RP). If the multicast data is forwarded correctly, then this situation may not cause any real harm.
Alternate workaround: Reduce the packet size from the source, so that fragmentation does not occur between the first hop and the RP.
•
Under rare circumstances, when a Cisco router does not receive any updates but has to send numerous updates to a peer router, Border Gateway Protocol (BGP) sends updates slowly because of a scheduling inefficiency in BGP. There is no workaround.
•
A Border Gateway Protocol (BGP) UPDATE contains Network Layer Reachability Information (NLRI) and attributes that describe the path to the destination. Each path attribute is a type, length, value (TLV) object.
The type is a two-octet field that includes the attribute flags and the type code. The fourth high-order bit (bit 3) of the attribute flags is the Extended Length bit. It defines whether the attribute length is one octet (if set to 0) or two octets (if set to 1). The extended length bit is used only if the length of the attribute value is greater than 255 octets.
The AS_PATH (type code 2) is represented by a series of TLVs (or path segments). The path segment type indicates whether the content is an AS_SET or AS_SEQUENCE. The path segment length indicates the number of autonomous systems in the segment. The path segment value contains the list of autonomous systems (each autonomous system is represented by two octets).
The total length of the attribute depends on the number of path segments and the number of autonomous systems in them. For example, if the AS_PATH contains only an AS_SEQUENCE, then the maximum number of autonomous systems (without having to use the extended length bit) is 126 [= (255-2)/2]. If the UPDATE is propagated across an autonomous system boundary, then the local Abstract Syntax Notation (ASN) must be appended and the extended length bit used.
The caveat was caused by the mishandling of the operation during which the length of the attribute was truncated to only one octet. Because of the internal operation of the code, the receiving border router would not be affected, but its internal BGP (iBGP) peers would detect the mismatch and issue a NOTIFICATION message (update malformed) to reset their session.
The average maximum AS_PATH length in the Internet is between 15 and 20 autonomous systems, so there is no need to use the extended length. The failure was discovered because of a malfunction in the BGP implementation of another vendor. For more information regarding this caveat, please contact Cisco Technical Assistance Center (TAC). There is no workaround.
•
When you remove the configuration for Multiprotocol Label Switching (MPLS) traffic engineering (TE) tunnels on a Cisco router that is running Cisco IOS Release 12.0 S, you see the shortest-path-first algorithm (SPF) under Open Shortest Path First (OSPF) start running every 10 seconds on all routers in the area where the configuration was removed.
Workaround: Stop the SPF recalculations by restarting OSPF on all routers in the area by using the following set of commands:
no router ospf X (where X is your process number for OSPF)
config memory
•
Open Shortest Path First (OSPF) allocates and deallocates memory for a variety of needs. If any of these occurrences happens too frequently, system memory may become badly fragmented which will require you to reboot the router.
Workaround: Reduce the number of link-state advertisements (LSAs) in the OSPF database.
Alternate workaround: Increase the system memory.
•
When Simple Network Management Protocol (SNMP) polling the BGP4-MIB on a Cisco 7206VXR router with Cisco IOS Release 12.1(1) or Release 12.1(2), the polling stops at bgpIdentifier:
snmpwalk ip_address read_comm_string .1.3.6.1.2.1.15 15.1.0 = OCTET STRING: Hex: 0E 15.2.0 = INTEGER: 16922 15.3.1.1.63.108.125.10 = IpAddress: 0.0.0.0
[snipped for brevity]
15.3.1.21.63.108.125.10 = INTEGER: 60 15.3.1.21.63.240.0.1 = INTEGER: 60 15.3.1.21.63.240.0.2 = INTEGER: 60 15.3.1.22.63.108.125.10 = INTEGER: 5 15.3.1.22.63.240.0.1 = INTEGER: 30 15.3.1.22.63.240.0.2 = INTEGER: 30 15.3.1.23.63.108.125.10 = INTEGER: 5 15.3.1.23.63.240.0.1 = INTEGER: 30 15.3.1.23.63.240.0.2 = INTEGER: 30 15.3.1.24.63.108.125.10 = Gauge: 0 15.3.1.24.63.240.0.1 = Gauge: 0 15.3.1.24.63.240.0.2 = Gauge: 4 15.4.0 = IpAddress: 63.108.125.16There is no workaround.
•
The show ip nat translation verbose EXEC command may cause a Cisco router to reload.
Workaround: Set the terminal length 0 command before executing the show ip nat translation verbose EXEC command.
•
When the summary-address router configuration command is used under Open Shortest Path First (OSPF) and the mask is not specified, the command will be interpreted as summary-address 0.0.0.0 0.0.0.0. As a result, all redistributed routes are summarized but no type-5/type-7 link-state advertisements (LSAs) are originated.
Workaround: Specify the mask in the command.
•
Open Shortest Path First (OSPF) does not work on unnumbered interfaces.
Workaround: Enter the ip address interface configuration command.
•
While removing a Border Gateway Protocol (BGP) process, a router may reload if you have BGP redistributed into Open Shortest Path First (OSPF). This situation occurs only if BGP and OSPF have network statements covering the same interface.
Workaround: Remove the redistribution of BGP from OSPF, wait a few minutes, and then remove the BGP process.
•
If you use the no neighbor activate command on a Border Gateway Protocol (BGP) peer router after that neighbor is configured, the neighbor configuration is lost.
Workaround: Do not use the no neighbor activate command.
•
When you configure NAT, the telnet ip-address [1720] command may not work in Cisco IOS Releases 12.0 and 12.1, since the port 1720 is used by H.323 protocol and requires special processing. This situation is not seen in Cisco IOS Release 11.3(11a)T1. There is no workaround.
•
When Network Address Translation (NAT) is configured, FTP data transfer may not work. This situation may often be seen as the ls command not working. There is no workaround.
•
The Network Address Translation (NAT) code that handles H.245 packet processing may leak memory under any of the following error conditions:
–
–
–
–
There is no workaround.
•
A Multiprotocol Label Switching (MPLS)/Virtual Private Network (VPN) Provider Edge-to-Provider Edge (PE-PE) configured with "address-family vpnv4" may experience bad next hop attributes. There is no workaround.
•
A router that is running Open Shortest Path First (OSPF) may reload during redistribution testing. This situation has only been seen in development-testing environments, where different routing protocols are configured and unconfigured quickly. Race conditions occur if these protocols are redistributed into OSPF which forces the router to reload. This situation will not occur in normal operating environments where routing protocols are never removed. There is no workaround.
•
For a multicast source directly connected to a router, the "R" flag may get set when receiving a (S, G, R) prune if the (S, G) O-list is NULL, and the prune is received on the nonincoming interface (nonIIF). This situation causes the IIF to change to the route processor (RP), and causes the IIF to no longer be Rendezvous Point (RP) directly connected to the source which resets the "F" flag. The RP then loses the (S, G) state and new receivers cannot join the multicast source.
Workaround: Use the ip pim rp-proxy-join command on the RP. This workaround causes the RP to keep sending (S,G) joins to the first-hop router and causes the O-list to be populated. Multicast traffic will continue to flow to the RP. If the RP's (S, G) O-list is NULL, the RP will fast-drop the traffic.
•
A Cisco router that is running Enhanced Interior Gateway Routing Protocol (EIGRP) in Cisco IOS Release 12.1(4.1) or a later release, or in Cisco IOS Release 12.1(4.1)T or a later release, may reload during stuck in active (SIA) routes that are processing in dual_unstick_dndb. There is no workaround.
•
A one-second delay occurs for each subinterface that comes up in a system regardless of whether Next Hop Resolution Protocol (NHRP) is enabled or disabled. There is no workaround.
•
A Cisco router may reload in dual_rdblookup when handling a stuck in active (SIA) reply message during Enhanced Interior Gateway Routing Protocol (EIGRP) SIA handling. There is no workaround.
Miscellaneous
•
Serial tunnel (STUN) Synchronous Data Link Control (SDLC) running through PA-4TPlus port adapter may fail on a Cisco 7206 router with half-duplex (HDX) configured. There is no workaround.
•
On a Cisco 7200 series router, the second port on a PA-MC-2T3 port adapter may not be addressed properly. There is no workaround.
•
The privilege interface global configuration command may execute slowly and cause high CPU utilization although the command process will eventually complete itself. This command is normally executed during the configuration task and during the initial configuration process after a router reload. There is no workaround.
•
A Cisco router may not be able to place outgoing calls if you use the rotary group line configuration command and the interface dialer global configuration command after the router reloads. The router displays the following error message:
No free dialer - starting fast idle timerWorkaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command.
•
When a Cisco 3810 router is running Cisco IOS Release 12.0(7)T and is configured with a dial-peer destination-pattern that uses the T option at the end of the string, then Voice over Frame Relay (VoFR) fails to make outgoing calls.
Workaround: Do not use the T option. Define the full dial string.
•
A Cisco LS1010 router that is running Cisco IOS Release 12.0(1a)W5(5b) may experience a memory leak with the IP Simple Network Management Protocol (SNMP) process. There is no workaround.
•
When Cisco 4-port and 8-port Asynchronous/Synchronous Serial Network Modules (NM-4A/S, NM-8A/S) are configured with the physical-layer {async} interface configuration command, an asynchronous physical layer, the asynchronous interface does not set maximum transmission units (MTUs) correctly. You can observe this situation in the "buffer size" field in the output of the show controller command. The buffer size is always shown as 1500 B. There is no workaround.
•
If you attempt to make interzone H.323 calls using gatekeepers and proxies through Context-Based Access Control (CBAC) inspection, calls are rejected. Calls using gatekeeper but no proxies connect correctly. There is no workaround.
•
On a Cisco 3600 router functioning as a gateway, if a gateway-priority option has been set with the zone prefix command, the router may pause for a short while, followed by a "watchdog timer" interrupt, after which the router reloads.
This problem also depends on the order in which the gateway is defined and the order in which it registers with the gatekeeper. There is no workaround.
•
A Cisco 3600 series router with an ATM interface may unexpectedly reload because an error as follows:
%ALIGN-1-FATAL: Corrupted program counter pc=0x0, ra=0x6115D44C, sp=0x61BFF008There is no workaround.
•
On Cisco 3600 platforms with an ATM interface configured as a LAN Emulation Client (LEC), data packets less than 60 bytes are transmitted out the LEC interface without padding. In some cases, this situation results in rejection of these packets at the destination as runts.
Workaround: Use Cisco IOS Release 12.1(4), 12.1(4.3)T, or 12.1(4)AA.
•
A Cisco 1750 series router may experience echo problems while running Cisco IOS Release 12.1(1a)T1. There is no workaround.
•
A Cisco 3660 router running the firewall feature set may experience a reload because of a bus error exception if Real Time Streaming Protocol (RTSP) inspection is configured. There is no workaround.
•
Analog E&M (recEive and transMit or ear and mouth) trunk ports on a Cisco 2600 series or a 3600 series voice module may be in a nonoperational state during high call volume. This situation results in calls either not being routed to the port in question, or inbound telephony calls not receiving the proper call handling response from the port such as wink or dialtone.
Use of the show voice port privileged EXEC command typically will show the port in an "Operation State" of UP with possibly an "active" seizure on the port when it should be in an idle state.
To recover from this situation, reload the router. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.1(1a) may experience temporary performance degradation. The router displays the following error message:
%SYS-3-CPUHOG: Task ran for 2064 msec (348/253), process = Per-minute Jobs.There is no workaround.
•
Krb5_telnet fails with the following error message:
kerberos_server_auth: Couldn.t authenticate client from xxx
Failed to generate authentication data!After attempting a "telnet router2 /encryption kerberos" (which fails), entering the show kerberos creds EXEC command prompts a "No kerberos credentials" message. The credentials have been lost. There is no workaround.
•
When a Cisco 800 series router shares the S/T-bus with 4 or more other pieces of Terminal Equipment, it may fail to send certain Layer 2 messages because of D-channel collisions (that is, it may not send ID Check Reply in response to ID Check Request). As a result, the ISDN switch may drop Layer 3 calls connected to the 800 series router.
Workaround: Enable some debugging on the 800 series router console (for example, debug bri and debug isdn q921). Doing so seems to help the situation when there are D-channel collisions.
•
A Cisco uBR7200 series router that is running Cisco IOS Release 12.0(8)SC1, 12.0(10)SC, or 12.0(11)SC reloads because of a watchdog timeout. The watchdog timeout occurs because there are no process switching opportunities in the MAC scheduler. If a MAC message queue is not empty for a significantly long time and there are many modems or hosts going online or offline, a watchdog timeout may occur at ipcache_invalidate_nexthop() because ip route cache rn_walktree is time-consuming, especially when Cisco Express Forwarding (CEF) is turned off.
Workaround: Disable IP route cache, and enable IP CEF. This workaround will reduce the reload frequency but not entirely eliminate it.
Alternate workaround: Use Cisco IOS Release 12.0(12)SC.
•
Address Resolution Protocol (ARP) with IP Security (IPSec) Industry-Standard Architecture (ISA) fails in some cases in the Cisco Express Forwarding (CEF) path.
Workaround: Enable proxy ARP.
•
A Cisco AS5800 series universal access server occasionally reports a "FREEDM-3-HDLC_INUSE" error and fails to establish digital calls. There is no workaround.
•
Under rare circumstances, a Cisco 6400 series network routing processor (NRP) that is running Layer 2 Tunneling Protocol (L2TP) for PPP over ATM sessions with an ATM interface may stop passing traffic on the ATM interface because the segmentation and reassembly (SAR) stalls.
If the MSB of the txqueue is 1, then the SAR has not stalled. If the MSB is 0, then the SAR has stalled. For example, a txqueue of 0x800024E2 shows a healthy SAR (MSB is 0x8, bit 32), and a txqueue of 0x24E2 shows a stalled SAR (MSB is 0x0). There is no workaround.
•
On a Cisco router, if an IP Security (IPSec) tunnel expires because of a volume limit, another IPSec security access (SA) is not established unless there are more qualifying packets available. There is no workaround.
•
Weighted Random Early Detection (WRED) will classify all Multiprotocol Label Switching (MPLS) packets as precedence 0 in the MPLS-to-MPLS and MPLS-to-IP paths, regardless of their actual MPLS experimental field value. There is no workaround.
•
On a Cisco 7500 series router running Cisco IOS Release 12.0(3.1), the Versatile Interface Processor (VIP) may reload if encrypted connections are used for an extended period of time with feature acceleration enabled.
Workaround: Disable feature acceleration globally.
Alternate workaround: Disable the ip route-cache flow command on the interfaces that are running crypto.
•
If you have two Cisco AS5300 series universal access servers installed and running Voice over IP (VoIP), an incoming call is successful, but the call is not billed. The output of the debug radius EXEC command shows that the call is disconnected and RADIUS is sent a "disconnect cause 3" message, which means that the call is not successful and is not charged. However, the RADIUS log shows that the start and stop times are about 3 to 4 minutes. This situation happens intermittently and affects about 50 percent of the calls. There is no workaround.
•
A system may unexpectedly restart when the atm inarp command is disabled on an interface.
A router also reloads when you configure a permanent virtual circuit (PVC) for "inarp" on an interface with an IP address and a nonzero inarp timeout value, and then enter just "inarp" for that PVC. There is no workaround.
•
A Cisco 3640 router must have a static map to try to match its initiating IP Security (IPSec) peer. The router fails to make this match because the match address 103 does not match. Set1 must match. The router then searches for the second priority, or next sequence 20, in static map, which in turn searches for the match pattern in the dynamic map. The router reloads only if the "match address 113" succeeds and the transform set fails. There is no workaround.
•
Cisco Encryption Technology (CET) fails when you try to connect a third peer in a hub and spoke topology and two active connections are already up. When one active connection is dropped, the third peer is able to connect. There is no workaround.
•
Unconfiguring Cisco Express Forwarding (CEF) on a Cisco 3640 router running Cisco Applications and Services Architecture (CASA) may cause a traceback. There is no workaround.
•
If you attach a low-entry networking (LEN) node with logical unit (LU) 6.2 to a Systems Network Architecture (SNA) Switching Services (SNASw) router through a Dependent LU Requester (DLUR) using the virtual telecommunications access method (VTAM), the BIND from the LU is rejected by VTAM with sense 10010021. The SNASw router includes a CP Name Control Vector with a length of 12 that is all zeros. There is no workaround.
•
Traffic does not go through the multilink bundle after router bootup because of corruption of the distributed Cisco Express Forwarding (dCEF) vector. Traffic not going through the multilink interface also stops some higher layer protocols from working. There is no workaround.
•
You can configure multiple Hot Standby Router Protocol (HSRP) groups on a home agent (HA) redundancy, but they cannot be used together to provide HA redundancy.
Workaround: Configure HA redundancy using a single HSRP group.
•
A Cisco router running Cisco IOS Release 12.1(3) or 12.0(7)T may not calculate a User Datagram Protocol (UDP) checksum for a Dynamic Host Configuration Protocol (DHCP) offer frame that it is forwarding. This situation seems to only occur when the offer does not contain an IP address for the client, which forces the router to broadcast the response. This problem does not affect normal DHCP traffic, since a real DHCP frame from a DHCP server offers an IP address. It will affect portable execution environment (PXE) clients that are using LCCM servers to gather their configurations files. There is no workaround.
•
A Cisco AS5300 series universal access server may pause indefinitely under heavy traffic. There is no workaround.
•
A Cisco 7200 or 7500 series router with ATM-PA3 may stop forwarding packets on one or more VCs. The packets would show up as output drops on those VCs. These VCs appear stuck.
This problem occurs because of a newer version of ATM-PA3 microcode (G124). Refer to the output of the show controllers atm privileged EXEC command to see this version.
•
There is a mismatch in the interpretation of the LEASEQUERY reply between the Cisco Network Registrar (CNR) and the uBR Cable Modem Termination System (CMTS).
Workaround: Use Cisco CMTS IOS Release12.0(12)SC or a later release, and ensure that CNR is version 3.5(3) or a later version.
•
For Cisco IOS Release 12.1(3.1), 12.1(3.1)AA, 12.1(3.3)T, and later releases, if the cd command is executed more than seven times without the "path-name" as the argument, then a "%No memory available" message is displayed and none of the Cisco IOS File System (IFS) commands work.
Workaround: Use the cd {path-name} EXEC command.
•
Using Dynamic Host Configuration Protocol (DHCP) as the global default pool mechanism allocates duplicate addresses in Cisco IOS Release 12.0T and Release 12.1.
In cases where one interface name is a shortened version of a second interface name that already has a DHCP allocated address (for example, "Async10" and "Async1"), the new interface will acquire the same IP address as the previous one. There is no workaround.
•
When a Cisco router configured for Airline Product Set Universal Terminal System (ALPS UTS) receives an incoming terminal.s message that includes intermediate SYN characters (that is, SYN characters between SOH and ETX), the router increases its cyclic redundancy check (CRC) error counter and the terminal session may pause indefinitely.
Some terminals calculate the Block Check Character (BCC) without including those intermediate SYN characters. (Some terminals do include those characters). However, a Cisco router includes intermediate SYN characters in the BCC calculation. Consequently, the mismatch occurs and the router interprets the incoming frame as having the wrong BCC value.
Symptoms of this problem include CRC errors incrementing on the router's serial interface, unstable terminal sessions (pauses indefinitely), and the following output when you run debug on the router, at the time of the problem:
ALPS ASCU: Rx UTS INCORRECT_MSG (131 bytes + BCC) from asc u 22 on i/f Serial3Finding intermediate SYN characters is rare, but if they are sent and the terminal did not include them in the BCC calculation, then the incoming frame is seen as a CRC error. There is no workaround.
•
Traffic Engineering over ATM Multiprotocol Label Switching (MPLS) networks is not a supported feature in Cisco IOS Release 12.1(4)T. There is no workaround.
•
Configuration parsing error (loss) happens after a reload of a router that is running UniDirectional Link Routing (UDLR) tunnels. The error is related exclusively to the configuration lines that establish which is the send-only/receive-only interface of the UDL (UniDirectional Link) and happens only when the interface connected to the UDL is configured to be a subinterface (for example, when you use Frame Relay).
Workaround: Do not use subinterfaces to connect to the UDL. Use Frame Relay using the main serial interface as the UDL.
•
A Cisco 7200 series router with a NPE-200 Network Processing Engine and a PA-2FEISL port adapter may experience spurious memory access while Cisco Express Forwarding (CEF) is enabled.
Workaround: Disable CEF.
•
After bootup, the fair-queue aggregate-limit and the fair-queue individual-limit interface configuration commands may be lost from the configuration. The result is that the queue-limit values will be set to the default values, rather than to the values specified by the fair-queue commands.
Workaround: Enter the commands again after bootup.
•
If the CP-to-CP and Dependent logical unit (LU) Requester (DLUR) LU-to-LU sessions go through tok0 and the Systems Network Architecture (SNA) Switching Services (SNASw) router has links from tok0 and tok1 to the virtual telecommunications access method (VTAM) through the Channel Interface Processor (CIP), and if tok0 fails, then all sessions should be reestablished through tok1. The default idle timer for the CIP is 60, and the default idle timer for SNASw is 10, so the SNASw and attempts to restart CP-to-CP sessions before VTAM. VTAM UNBINDs with sense 0805 (session limit exceeded). Once VTAM has determined that the link has failed it sends a BIND that SNASw UNBINDs with sense 08B5 (network node server not required). There is no workaround.
•
When interface bandwidth is set to 0 on Cisco 7200 and 3600 series routers, various problems may occur. These problems include reloads when using Resource Reservation Protocol (RSVP) and Enhanced IGRP (EIGRP) not redistributing routes over the interface that believes it has a bandwidth of 0. There is no workaround.
•
When Cisco routers are connected to a switch by a Fast Ethernet interface with Hot Standby Router Protocol (HSRP) configured (multiple standby groups), the Fast Ethernet interface starts flapping and causes HSRP to flap as well.
Workaround: Enable PortFast on the switch.
•
On a Cisco 7500/RSP series router, if you deconfigure a link from a bundle while Distributed Multilink PPP (DMLPPP) is running and the link is assigned an IP address, pings through this link will fail. In this situation, the link that has been unconfigured can no longer carry traffic.
Workaround: Deconfigure the whole bundle and then reconfigure the bundle without this link. After you perform this action, the link should function properly.
•
File operations may be erratic if you have a corrupted file on either a Personal Computer Memory Card International Association (PCMCIA) Flash memory card or a SanDisk PCMCIA card, and you try to do something with the file such as copy it or delete it. There is no workaround.
•
When you export Routing Information Protocol (RIP) learned routes from one Virtual Private Network (VPN) to another VPN through Border Gateway Protocol (BGP) at the same Provider Edge (PE) router, these routes appear in the BGP table of the importing VPN but do not appear in the routing table. There is no workaround.
•
During heavy data transfer over Systems Network Architecture (SNA) Switch High Performance Routing (HPR), the Rapid Transit Protocol (RTP) connection and sessions running on it may occasionally pause indefinitely. Traces show SNA Switch reporting a gap in data received and the remote node not filling the gap. This situation is most likely caused by a combination of packet loss and packet reordering occurring at the same time.
Workaround: Use a Cisco IOS release that contains the fix for this caveat.
•
A Cisco router that is running Cisco IOS Release 12.0(11.6)ST reloads when you use a load balancing route discovery command with a Virtual Private Network (VPN) routing/forwarding (VRF) instance specified (for example, the show ip cef vrf [vrf] exact-route [src-addr] [dest-addr] EXEC command). There is no workaround.
•
The Cisco ubr7200-boot-mz image is too big to fit bootflash in Cisco IOS Release 12.0(11)SC and 12.0(12)SC.
Workaround: Use the ubr7200-boot-mz image in a release prior to Cisco IOS Release 12.0(11)SC.
•
Dirty cache lines at the Forwarding Information Base (FIB) level code cause Cisco Applications and Services Architecture (CASA)/MultiNode Load Balancing (MNLB) packet drops. There is no workaround.
•
A Cisco router that is running any of the following Cisco IOS releases and is used as a Multiprotocol Label Switching (MPLS) router may reload or experience a reload of its line cards:
–
–
–
–
–
–
Workaround: Use a Cisco IOS release that contains the fix for this caveat.
•
An incorrect label is assigned to one of the Virtual Private Network (VPN) routing/forwarding (VRF) instance routes from remote provider edge (PE) routers after a reload. There is no workaround.
•
On a Cisco AS5800 series universal access server that is running Cisco IOS Release 12.1(4.2), 12.1(4.3), or 12.1(4.2)T, ISDN will not come up when you use T1 or E1 lines. There is no workaround.
•
On a Cisco router that is running IP Security (IPSec) without hardware acceleration, all packets encrypted with the security access (SA) will have the same IV. There is no workaround.
•
A Cisco 800 series router that displays "MPC860" instead of "MPC850" for the CPU type in the output of the show version EXEC command misconfigures the CPU. This situation occurs on routers recently shipped with the rev-B MPC850 part and results in various problems such as intermittent WAN failure, DRAM corruption, and memory protection violations.
Workaround: Use a Cisco IOS release that includes a fix for this caveat.
TCP/IP Host-Mode Services
•
Border Gateway Protocol (BGP) sessions on Cisco 12000 series Internet router may fail to send updates when the router establishes passive BGP sessions because of problems with the flow control of BGP and TCP.
Workaround: Use an inbound Access Control List (ACL) to deny any traffic destined for the port, and always open the session actively.
Wide-Area Networking
•
When running Multilink PPP with Cisco IOS Release 11.3(7)AA1, a Cisco router may reload because of a bus error exception at PC 0x60AC49A8 address 0x0. There is no workaround.
•
ISDN Layer 2 may not come up if you have enabled Link Access Procedure, Balanced (LAPB) encapsulation.
Workaround: Enter the no fair-queue interface configuration command on the BRI interface.
•
Cisco Layer 2 Tunneling Protocol (L2TP) will not process packets that do not include a checksum in the User Datagram Protocol (UDP) header. This condition will not occur with other Cisco implementations, but may with the systems of other vendors. For more information regarding this caveat, please contact Cisco Technical Assistance Center (TAC).
Workaround: Enter the vpdn ip udp ignore checksum configuration command.
•
Under a load, a Cisco AS5300 series universal access server may reload with the following console debug:
ALIGN-1-FATAL: Corrupted Program Counter pc=0x0 ra=0x601d51b0 sp=0x6or
ALIGN-1-FATAL: Corrupted program counter pc=0x0, ra=0x6017E4A8, sp=0x61384B70There is no workaround.
•
When you add or delete PPP configurations in a test script on a Cisco 4500 series router, the following kernel level stack trace may occur:
Initial SP = 0x60f7bc90, Initial PC = 0x603c7544, RA = 0x603b3e9cWorkaround: Use the shut command on the interface before deleting the PPP encapsulation.
•
If you remove at least two T1 lines or clear all the active ports in a T1 channel-associated signaling (T1 CAS) environment that is configured with virtual templates and that has active calls, a Cisco router will reload with the following traceback message:
0x6033788C:process_handle_watchdog(0x60337858)+0x34 0x6033B340:signal_receive (0x6033b290)+0xb0 0x60331ACC:watchdog_forced_here(0x60331a08)+0xc4 0x604A9284 :ppp_manager(0x604a896c)+0x918 0x6030A4BC:r4k_process_dispatch(0x6030a4a8) +0x14 0x6030A4A8:r4k_process_dispatch(0x6030a4a8)+0x0Workaround: Use the shut command on the interface prior to pulling the card while traffic is active.
•
A router experiences a software-forced reload because of a bus error exception every 5 to 10 min after enabling the broadcast trigger command on a map list associated with an active Frame Relay switched virtual circuit (SVC).
Workaround: Do not enter the class subcommand under the map-list global configuration command.
•
PA-A1 port adapters do not function when installed in bay 1 of a Versatile Interface Processor 4 (VIP4).
Workaround: Install PA-A1 port adapters in bay 0 of VIP4s.
•
When RADIUS Dialed Number Identification Service (DNIS) preauthentication is used, calls may be rejected even when the screening works and there are enough resources. Debug resource will show RM_DNIS_RES_ALLOC_FAIL. There is no workaround.
•
If you disconnect the cable on a BRI interface, multiple link resets through Link Access Procedure on the D channel (LAPD) set asynchronous balanced mode, extended (SABME)/unnumbered acknowledgement (UA) exchanges may occur when you reconnect the interface. The "new call outstanding" flag, as reported by the show x25 map EXEC command, may not be cleared, preventing subsequent call attempts.
Workaround: Delete and then add the affected X.25 map.
•
After a reload, a Cisco router will wait for a random period of time before activating Layer 2 and exchanging service profile identifier (SPID) information. If during this time a call is received, it will trigger Layer 2 and SPID exchange activation, but the call and any subsequent call may be ignored until the interface is reset. This problem occurs when the router is connected to the network interface (NI) switch of some vendors. For more information regarding this caveat, please contact Cisco Technical Assistance Center (TAC).
Workaround: Enter the isdn wait-disable interface configuration command under the BRI0 interface to eliminate the vulnerable wait period.
•
In any release of Cisco IOS software, when the High-Speed Serial Interface (HSSI) is used with Multilink PPP and the interface maximum transmission unit (MTU) is not set to 1500 B, the links will fail to negotiate.
Workaround: Set the MTU to 1500 B.
•
When a client requests an address and Cisco IOS software cannot provide one either through local configuration or RADIUS, it will assign the client an address of 0.0.0.0. The user gets connected but cannot route. There is no workaround.
•
Authentication failure on the Cisco Layer 2 Tunneling Protocol (L2TP) Network Server (LNS) reboots the ECI Telecom/Telematics Nevada L2TP Access Concentrator (LAC). There is no workaround.
•
In Cisco IOS Releases 12.1(3.3), 12.1(3.6), and 12.1(3.4)T, Multilink PPP will not negotiate on Virtual Private Dialup Network (VPDN) interfaces. There is no workaround.
•
An incoming packet assembler/disassembler (PAD) call with a destination that matches the primary interface subaddress is cleared if the line has no rotary configured for the subaddress. In releases earlier than Cisco IOS Release 11.3, the call was switched instead of cleared. There is no workaround.
•
With a Logical Link Control, type 2 (LLC2) session between a Cisco router and a Tandem ICE, Frame rejects (FRMRs) may occur if there is a delay in a POLL/FINAL sequence. This situation results from a slight variance between the IEEE 802.2 1985 LLC2 state machine and the IBM Token Ring LLC2 state machine.
Workaround: Set the llc2 tpf-time {milliseconds} interface configuration command to a value larger than the round-trip delay of the POLL/FINAL sequence.
•
A Cisco AS5300 series universal access server may fail to complete outbound calls while running IOS 12.1(3.1), using bi-directional MSCHAP authentication. There is no workaround.
•
A Cisco router that is using multilink with configuration profiles such as dialer profiles and virtual templates may encounter a bus error exception with ppp_notify_cb_configured() in the call stack. Failure (delayed authorization response) occurs when a significant delay in multilink link up processing is encountered and when you have configured nondefault multilink configuration values in the profile such as using the no ppp multilink fragment-delay command. There is no workaround.
•
On a Cisco router that is running Cisco IOS Release 12.1(4), alignment errors (misaligned data accesses) may occur when you run PPP with compression such as STAC compression or PPP header compression. The router displays the following messages:
%ALIGN-3-CORRECT: Alignment correction made at 0x600231E0 reading 0x20 %ALIGN-3-TRACE: -Traceback= 600231E0 6087C244 6000FAF8 60155D68 60159A 58 6068E894 601598A8 61647620Workaround: Do not use compression. This workaround will align the PPP packet header in memory.
•
When you use Multilink PPP over Virtual Private Dialup Network (VPDN), the links fail to come up.
Workaround: Disable Multilink PPP over those links.
•
When a Cisco SC2200 signaling Controller switch connected to a router is configured as passive, it will not send set asynchronous balanced mode, extended (SABME) sequences to initiate link recovery after a link failure. The router does not send SABME sequences to initiate recovery, resulting in a deadlock in which both the signaling controller and the router are waiting for each other to initiate recovery.
Workaround: Change the configuration on the switch.
Alternate workaround: Reload the router.
•
When a large number of calls are cleared through a RESYNC message, ISDN can abort processing because of queue overflow checking. There is no workaround.
•
An unknown mandatory attribute during authorization with Multilink PPP causes authorization to fail when a client brings up two B channels in a multilink bundle. The router displays the following message:
2w6d: AAA/AUTHOR/MLP Vi1: Unknown mandatory attribute ip-addresses. DeniedWorkaround: Use a Cisco IOS release that contains the fix for this caveat.
•
On a Cisco 7500 series router that is running Multiprotocol Label Switching (MPLS), distributed CEF, and Packet-over-SONET (POS) under normal traffic load, the POS PA goes into the output-stuck, output-frozen, and Cisco bus (Cbus) complex restart states. All interfaces are then reset, resulting in a loss of established routing protocol neighborships, as well as other established traffic flows.
Workaround: Disable dCEF globally on the 7500 series router.
•
A Cisco router may exhibit a spurious access syslog when you use Virtual Private Dialup Network (VPDN) with Cisco Express Forwarding (CEF) enabled.
Workaround: Disable CEF.
•
Large scale dial-out (LSDO) configured on a network access server (NAS) and on a remote site dial in may not work correctly. Before IP Control Protocol (IPCP) is up, a new call destined to the same remote site arrives on the NAS. The NAS dials out and fails because the remote site can only accept one call at a time. Then the NAS destroys the dynamic map. Any further traffic to the remote site causes the NAS to dial out again because the dialer map disappears and the NAS does not learn that it has already connected to that destination.
Workaround: Split dial-in and dial-out traffic into two NASs.
•
For SS7 application the router failed to block B channels when an out of service (OOS) group message is received from the Signal Controller (SC). There is no workaround.
•
When E1 links flap multiple times, a Cisco AS5300 series universal access server that is running Cisco IOS Release 12.1(4.2) may reload because of a bus error exception. This situation occurs on all platforms. The universal access server reloads when the PRI is reconfigured, when the PRI line is reinitialized, or when there is Layer 2 flapping. This situation only occurs when there are active calls on the PRI.
Workaround: Use a Cisco IOS release prior to Cisco IOS Release 12.1(4.2).
•
A Cisco router that is running Virtual Private Dialup Network (VPDN) and Cisco Express Forwarding (CEF) may reload or endlessly report corrupted particle packets.
Workaround: Disable CEF globally.
Resolved Caveats—Cisco IOS Release 12.1(4c)
Cisco IOS Release 12.1(4c) is a rebuild of Cisco IOS Release 12.1(4). The caveats in this section are resolved in Cisco IOS Release 12.1(4c) but may be open in previous Cisco IOS Releases.
Basic System Services
•
Symptoms: A Cisco MC3810 router may reload when it makes Voice over Frame Relay (VoFR) calls.
Conditions: This symptom is most likely to be observed on a Cisco MC3810 router under stress conditions (24 calls). However, it may also occur (rarely) when a single call is made.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: The H.323 protocol stack on Cisco IOS software uses a third-party Abstract Syntax Notation One (ASN.1) library, and Cisco does not have control over the source code. Under some situations, when there are encoding errors and no free memory is available, a Cisco router reloads inside the third-party library code. In the third-party library code, a function is called by the ASN encoder to free all allocated memory whenever an error is detected. However, the encoder does not free the memory correctly, and the router reloads.
Conditions: This symptom is observed on a Cisco AS5300 but may be observed on other Cisco platforms.
Workaround: Upgrade to Cisco IOS Release 12.1 T or a later release that uses Cisco-developed ASN.1 library code.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Symptoms: Cisco IOS software may cause a Cisco router to reload unexpectedly when the router receives a malformed H.225 setup message.
Conditions: This symptom is observed on a Cisco 1700 series that runs Cisco IOS Release 12.2(13c). The symptom occurs when the following debug privileged EXEC commands are enabled:
- debug h225 asn1
- debug h225 events
- debug h225 q931
Workaround: There is no workaround.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
Resolved Caveats—Cisco IOS Release 12.1(4a)
Cisco IOS Release 12.1(4a) is a rebuild of Cisco IOS Release 12.1(4). The caveats in this section are resolved in Cisco IOS Release 12.1(4a) but may be open in previous Cisco IOS Releases.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.1(4)
All the caveats listed in this section are resolved in Cisco IOS Release 12.1(4). This section describes severity 1 and 2 caveats and select severity 3 caveats.
Basic System Services
•
A router may experience high CPU utilization at the interrupt level with flow switching because of spurious accesses by flow switching code.
Workaround: Turn flow switching off, using the no ip route-cache flow interface configuration command.
•
A Cisco Route Switch Processor (RSP) may periodically display the following traceback:
IPC-5-INVALID: Sequence Structure port index=0x0 appears on the console.When you enable the debug ipc errors EXEC command, the RSP may display the following traceback:
IPC: SEQ_ERR ACK ... source seat 0x1000000 port 0x0If you enter the show ipc stat command, the RSP produces "messages dropped on input" and "no local port" errors.
This situation may occur when distributed Cisco Express Forwarding (dCEF) is enabled on line cards. There is no workaround.
•
If you use hardware compression and fancy queueing with two simultaneous traffic streams (for example, FTP and Telnet), packets are not compressed. Entering the show compress EXEC command will not provide any useful information. There is no workaround.
•
After being operational for a week, calls can no longer be processed by a Cisco MC3810 multiservice access concentrator. "Fatal Error" messages appear on the console, and the router must be reloaded to function correctly. There is no workaround.
•
A Cisco AS5300 series universal access server reloads because of a bus error exception at PC 0x6022A3C8 when you try to use Telnet to go to a named-host. There is no workaround.
•
High capacity counters in the IF-MIB ifXTable display 0 for all interfaces not supporting them. There is no workaround.
•
A Cisco 5300 series router that is using modem ISDN channel aggregation (MICA) modems may experience high CPU utilization with Cisco IOS Release 12.1(1a)T1, because of alignment and spurious errors. This situation occurs primarily when Multilink PPP and fast-flow switching is enabled on an interface (but may also occur when fast switching is enabled).
Workaround: Disable flow switching or Multilink PPP.
•
A vty password configured through the CLI interface available via HTTP or HTML works correctly. If this same interface is used to save the configuration (as opposed to the console or Telnet), the vty password is not nvgened. A subsequent reload of the device will not have the vty password.
Workaround: Reapply the vty password through the http or HTML interface (or any other method) and then save the configuration through a Telnet session to the device. This will cause the vty password to be nvgened properly.
You can determine if your vty password will be nvgened properly by using a show run command through the same interface with which you will be saving the configuration. If the configured vty password does not appear in the output of the show run command, then use Telnet to go to the device to save the configuration.
•
A Cisco MC3810-V3 multiservice access concentrator that is running Cisco IOS Release 12.0(7)XK1 or a later release with a X.21 serial cable may have trouble bringing up a Frame Relay circuit because of timing problems. The serial interface is unstable, causing the Local Management Interface (LMI) protocol to flap.
Workaround: Use other types of serial cables, such as RS232, V.35, or RS449.
•
When multiple Cisco MC3810 multiservice access concentrators are connected through a T1 / Channel Associated signaling (CAS) to a different PBX, the MC3810 claims that an extra digit (a "1") is leading the digits coming from the PBX. This new destination number does not match any dial-peers in the configuration, so calls are not established. When you place a T1 analyzer in between the router and the PBX, the PBX claims there is no leading digit of "1" being sent. To clear this condition, reload the router. This problem affects Cisco IOS Release 12.1(2).
Workaround: Increase the time during which you ignore any digits received after you detect off-hook to 220 microseconds.
•
A Cisco MC3810 multiservice access concentrator running Cisco IOS Release 12.1(2.1) reloads while disconnecting a call. There is no workaround.
•
When a Cisco MC3810 multiservice access concentrator makes a call out to be tandem-switched through a Cisco 7206VXR router, the MC3810 does not roll over to the next 7206VXR if the first 7206VXR it hits has no resources available. Instead, it drops the call. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.0 may unexpectedly reload while it is performing Simple Network Management Protocol (SNMP) functions related to routing table information (specifically ipRouteNextHop). The reload occurs only in cases where an IP route configuration of the form "ip route <network address> <netmask> 0.0.0.0" exists. There is no workaround.
•
When Response Time Reporter (RTR) Dynamic Host Configuration Protocol (DHCP) operation is used with certain DHCP servers, all DHCP IP address leases may be used up on the server.
Workaround: Change the frequency of the operation from the default 60 seconds to every 5 minutes. Also, you should avoid configuring many DHCP operations on the same subnet. Both of these changes reduce your chance of the problem, because the situation depends on how the DHCP server is configured. If the DHCP server has long lease times, then the problem is more likely to happen.
•
RADIUS tunnel attribute Tunnel-Assignment-ID is misinterpreted for authentication purposes.
Workaround: Do not use Tunnel-Assignment-ID.
•
After a router reload in Cisco IOS Releases 12.0(7)T, 12.1(1)E, and 12.1(2), the router will automatically insert Simple Network Management Protocol (SNMP) Read-Only communities into the running configuration even though these communities were explicitly removed from the startup configuration.
In Cisco IOS Releases 12.0(7)T, 12.1(1)E, and 12.1(2), the router automatically creates Read-Only community entries based on the SNMP community string specified in the snmp-server host configuration when snmp-server host global configuration commands are issued. This feature supports SNMPv2 informs messages, which require an SNMP management station to acknowledge messages sent to it by the SNMP agent (router) using the same community string that was sent by the agent in the informs message.
When you use the "public" community string in snmp-server host configurations, the router will automatically create an snmp-server read-only "public" community. When you manually remove the snmp-server "public" community, the router will recreate it after the next reload. The effect is that you may not be aware that the router has "public" SNMP read-access. There is no workaround.
•
Environmental alarms are triggered spontaneously because of wrong hardware revisions. Only AC power supply alarms are affected. There is no workaround.
•
Any product that uses an RM7000 CPU—including the NPE-300 network processing engine, a Cisco 7140 router, a Cisco RSP8, and a VIP4—may cause the router to execute instructions incorrectly or not at all. This situation may result in memory corruption or reload. There is no workaround.
•
The Cisco MC3810 multiservice access concentrator does not play a progress tone when a call is routed over the ATM or Frame Relay network for a number that cannot be terminated. The user does not hear anything except dead air.
This is more prevalent when destination-patterns such as ".T" are used since they match any dial-string.
Workaround: Use only dial-peers and destination-patterns for valid numbers, as a reorder tone is played if a matching dial-peer cannot be found locally.
•
When an online insertion and removal (OIR) is performed, the IF-MIB ifTable, ifStackTable, and ifNumber retains the old entries even though the associated interface layers have been removed. There is no workaround.
•
CSCdr86700 breaks compilation in a Cisco 1700 series router.
Although "if_ipm_isr_pquicc.c" calls to "reg_invoke_hwcomp_compress," it does not support hardware compression so changes for CSCdm91180 do not apply there. There is no workaround.
•
Depending on the platform, if you use the operation ID of 2147483647 for Service Assurance Agent (SAA) operation and use the show running-config, show rtr operational-state, or show rtr collection-statistics EXEC commands, the platform could reload or pause indefinitely.
Workaround: Do not use 2147483647 for an SAA operation.
DECnet
•
DECnet ping packets may be dropped when using X.25 encapsulation over an ISDN BRI D channel. This situation only occurs when DECnet is sending large routing updates. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.0(8) may experience an unexpected system reload when you use the clear decnet accounting EXEC command or the no decnet accounting interface configuration command.
This situation will only occur if DECnet accounting has been enabled on at least one interface and DECnet traffic is being forwarded by the router at that point in time. This situation is more likely to occur if the following error message has been logged:
%SCHED-2-EDISMSCRIT:Critical/high priority process DECnet Input may not dismiss. -Process= "DECnet Input", ipl= 0, pid= 74Workaround: Do not enable DECnet accounting on any interface.
•
A Cisco router forwarding DECnet packets, that is configured with a DECnet interface static route, may occasionally reload unexpectedly.
An unexpected reload occurs when a DECnet packet is forwarded to the DECnet node number specified in the DECnet interface static route.
A DECnet interface static route is configured by the decnet route decnet-address interface-type interface-number global configuration command.
Workaround: Replace the interface static route with a specific static route that has a next-hop address rather than an interface.
IBM Connectivity
•
A Cisco router running data-link switching (DLSw) with TCP encapsulation may restart with the following error message when the TCP connection to the peer router is congested:
System restarted by bus error at PC 0x60735548, address 0xD0D0D21Workaround: Avoid congested TCP connections to the DLSw peer router.
•
Receiving Intermediate Transmission Block (ITB) characters in bisync on some Cisco routers will cause memory corruption and cause a software-forced reload. There is no workaround.
•
A Cisco router may reload if there are a large number of Native Client Interface Architecture (NCIA) clients with heavy NCIA traffic because of a watchdog timer. There is no workaround.
•
A router pauses indefinitely when performing the no encapsulation sdlc-primary interface configuration command. There is no workaround.
•
A Cisco 2500 router or a Cisco 4000 series router that is running LAN Network Manager (LNM) with data-link switching (DLSw) or Remote Source Route Bridging (RSRB) enabled may reload when the LNM tries to remove a port adapter.
Workaround: Disable LAN Manager in the interfaces and bridging configuration.
•
When remote source route bridging (RSRB) is configured on two Cisco 4500 series routers that are connected by an ATM network, and RSRB is configured with an encapsulation type of Fast Sequenced Transport (FST), some frames may not be forwarded. This situation may result in a data-link connection (DLC) session not being established through the RSRB peers.
Workaround: Either change the RSRB encapsulation from FST to TCP, or configure data-link switching (DLSw) as the transport.
•
Frame Relay Access Support (FRAS) boundary access node (BAN) works over the primary connection and switches to the backup connection. However, when it switches to the primary connection from the backup connection, it does not work. There is no workaround.
•
When the dlsw explorer-wait-time and lf 1500 commands are configured, it requires two X.25 call setups to bring up a data-link switching (DLSw) circuit.
The DLSw circuit connects with one X.25 call after one of these two commands is configured.
The debug shows that the message "CSM: Reach index error CSM_NO_REACH_ENTRY" is displayed with the first X.25 call. The second call completes circuit setup, using the debug dlsw reach verbose sna and debug x25 all commands.
There is no workaround if the two commands are required.
•
After making changes to the dlsw local-peer global configuration command (adding or removing init/max pacing values), a router reloads when a write memory command is issued. The router configuration includes data-link switching (DLSw) directly in Frame Relay with backup peers defined.
Workaround: Configure the dlsw disable global configuration command before issuing the write memory command.
•
When locally administered address (LAA) addresses are used on the Ethernet interfaces of the data-link switching (DLSw) routers running the DLSw Ethernet redundancy feature, some test frames may leak. There is no workaround.
•
A Cisco 7206VXR router that is running Cisco IOS Release 12.1(1a)T1 may display several MALLOCFAIL messages and reload with a bus error because of an ALIGN-1-FATAL error. The router will also not generate a core dump. There is no workaround.
•
A Cisco router running Cisco IOS Release 12.0 with data-link switching (DLSw) configured may reload if the DLSw peers are misconfigured in a way that one DLSw peer is configured for priority and the other end is not. Also, when the router tries to bring up the priority peer, the DLSw peer with no priority may reload.
Workaround: Fix the configuration so that the DLSw priority peers are properly configured.
Interfaces and Bridging
•
Enabling Weighted Fair Queuing (WFQ) on an interface that belongs to a (transparent bridging) bridge-group may cause packets that are egressing that interface to be sent out-of-order. This situation causes failure in terminated and bridged Logical Link Control 2 (LLC2) sessions.
Workaround: Disable WFQ with the no fair-queue interface configuration command.
•
A Cisco PA-POS-OC3 Packet-Over-SONET port adapter does not automatically switch to line clock after clearing Loss of Signal (LOS), Loss of Frame (LOF), or Line Alarm Indication Signal (LAIS) defects that cause the clock to automatically switch to internal.
A Cisco PA-POS-OC3 port adapter that detects the LOS, LOF, LAIS, and Path Alarm Indication Signal (PAIS) alarms may report additional nonexistent alarms. When LOS is present, the port adapter may also detect LOF, LAIS, path remote defect indication (PRDI), or B1-TCA threshold crossing alert alarms. When LOF is present, the port adapter may also detect LAIS, or PRDI alarms. When LAIS is present, the port adapter may also detect PAIS or PRDI alarms. When PAIS is present, the port adapter may also detect PRDI alarms. There is no workaround.
•
With Constrained Multicast Flooding (CMF) configured, a Cisco router may reload while displaying the output of the show bridge multicast EXEC command. This situation is more likely to happen as the number of multicast groups being displayed increases. There is no workaround.
•
A single Packet-over-SONET (POS) port adapter in a Cisco 7500/RSP series router with a Versatile Interface Processor 4 (VIP4) may stop transmitting and cause an "output stuck" condition. A POS port adapter that is a coresident with another port adapter in a Versatile Interface Processor 2 (VIP2) may also cause an "output stuck" condition for itself or the coresident port adapter. There is no workaround, but disabling distributed Cisco Express Forwarding (dCEF) globally, or in some conditions on the POS interface, will stop this condition from appearing.
•
Clients cannot ping the Bridge-Group Virtual Interface (BVI) of a remote router when using Multilink PPP to connect two serial interfaces. There is no workaround.
IP Routing Protocols
•
A Cisco 4700 series router that is running Cisco IOS Release 11.2(16)P may experience a situation where the E0 interface shows "INTERFACE UP, LINE PROTOCOL DOWN," but the data-link switching (DLSW) peers are still shown as connected.
Workaround: Shut down the interface.
•
A Cisco Catalyst 6000 family switch with a Multilayer Switch Feature Card (MSFC) may reload when the show ip pim neighbor EXEC command is issued. There is no workaround.
•
The BGP Site of Origin (SOO) attribute is not added to some prefixes.
Workaround: Perform a Border Gateway Protocol (BGP) soft reset, using the clear ip bgp soft EXEC command (if soft-reconfiguration is configured).
•
A Cisco nondesignated router on a multiaccess interface creates state for (S, G) with the Olist populated when receiving a multicast packet. This situation causes a periodic assert every 3 minutes. There is no workaround.
•
A Cisco 3640 router with Cisco IOS Release 12.1(2) reloads with the system returned to ROM by bus error at PC 0x601F9A28, address 0xFFFFFFF9.
Workaround: Disable default IP fast switching if it is on.
•
Cisco IOS Network Address Translation (NAT) may stop working if an overload mapping is configured and an extensive File Transfer Protocol (FTP) data session is generated across the NAT router.
Workaround: Reload the router.
•
The default originate command is deprecated for the Virtual Private Network version 4 (VPN) version 4 address family.
Workaround: Do not use this command under address-family vpnv4 mode.
•
If you remove the last redistribute router configuration command from Open Shortest Path First (OSPF) that used type-1 metric, other routers may not remove the routes from the routing table even though the OSPF database entries are successfully removed.
Workaround: Keep the router from which you removed the redistribute router configuration command as an autonomous system boundary router (ASBR) by removing one redistribution completely and keeping another dummy redistribution.
Alternate workaround: Do not use the no redistribute router configuration command. Flush all the link-state advertisements (LSAs) by using the redistribute [route-map foo] router configuration command. Under route-map foo, disallow all routes. Enter the clear ip ospf redist command. Now you can safely remove the redistribute router configuration command completely.
•
The hash value used for rendezvous point (RP) selection process in a bootstrap router (BSR) is calculated with a modulo of 2 to the power of 32. This modulo may cause inconsistency in the selected RP address between Cisco and other vendors implementing BSR.
Workaround: Follow these rules to avoid inconsistency between Cisco routers when upgrading Cisco IOS software:
If you plan to upgrade routers in your network that use BSR, avoid running Cisco IOS Release 12.0(10)S, Release 12.0(11)S, Release 12.0(11), or Release 12.1(2).
When upgrading your routers, always upgrade the candidate BSR routers first to a release later than Cisco IOS Release 12.0(10)S, Release 12.0(11)S, Release 12.0(11), or Release 12.1(2). You do not need to upgrade the rest of you network immediately unless you are running the images in CSCdp95116 that may cause the routers to choose the RP on the basis of an incorrect hash value.
•
When using distributed policy routing, the set interface route map configuration command on subinterfaces does not work. The set interface route map configuration command does not work on an interface that is on a different line card either.
Workaround: Use the set ip next-hop route map configuration command.
•
A Cisco router that is running Open Shortest Path First (OSPF) on Cisco IOS Release 12.0(11) does not populate the routing table properly. When redundant paths exist, half of the paths are missing from the routing table. However, the missing networks appear in the OSPF database.
Workaround: Run a full shortest path first (SPF) by doing clear ip route * EXEC command.
•
Network Address Translation (NAT) may be corrupting NetBIOS packets if they have the source port "TCP 139" and the payload starts with 0x84 (SESSION TARGET RESPONSE packet type, cf.RFC 1002) but they are not SESSION TARGET RESPONSE packets. There is no workaround.
•
An Address Resolution Protocol (ARP) alias configuration is lost after a Cisco router reloads or after you use the no shut command on an interface.
Workaround: Explicitly reconfigure the arp-alias entries for the IP addresses of the interface after using the no shut command.
•
Static routes that are within the range of a network statement where the gateway is an interface will not be distributed into OSPF by the redistribute static command.
Workaround: Do not cover static to the interface by the network statement under OSPF.
Miscellaneous
•
A router may reload when bad packets, whose datagram size is smaller than the IP total length carried in the ip header, are received by the router and also classified for encryption. This situation affects Cisco Encryption Technology (CET) only, and does not affect IP Security (IPSec).
Workaround: Use Cisco IOS Release 12.1(4).
•
If you run a hub-and-spoke Frame Relay configuration, and the hub router is set to be a multipoint interface, Dynamic Host Configuration Protocol (DHCP) requests will fail.
Workaround: Configure both the hub and the spoke to use point-to-point subinterfaces. Alternatively, configure the DHCP server address on the spoke router instead of specifying the network address on which the DHCP server resides. This DHCP server address turns into a unicast address instead of a directed broadcast.
•
The clock rate interface configuration command does not support 256 kbps or 768 kbps on a single port serial WAN Interface Card (WIC-1T/2T) for a Cisco 2600 series router or a 3600 series router.
Workaround: Use a Cisco image that contains the fix for this problem.
•
A router reloads after the show queue privileged EXEC command is issued multiple times when IP packets are fragmented in the fast switching path in a congested interface for a particle system and the ip cef global configuration command is disabled.
Workaround: Enable the ip cef global configuration command.
Alternate workaround: Disable fragmentation by not configuring an MTU size or by using a large enough value to avoid fragmentation at the queuing permanent virtual circuit (PVC).
•
In a network where there are multiple paths between two networks and the paths travel through different sets of routers between these networks, per-destination load balancing will not be effective in any router after the first router where the load balancing paths diverge.
Workaround: Use per-packet load balancing.
•
A Cisco 7200 series router that is configured with a T1 multichannel T1 card may not show any errors while a remote Cisco 7000 series router shows cyclic redundancy check (CRC) errors, input frame errors, or overrun errors. Errors occur but the counter remains at zero. There is no workaround.
•
In some circumstances, the adjacency associated with a static Address Resolution Protocol (ARP) entry may be deleted if the interface is shutdown. There is no workaround.
•
A Cisco 7500 series Route Switch Processor (RSP) that is running Cisco IOS image rsp-jsv-mz.112-18 may reload with a segV exception error while performing encryption processing. There is no workaround.
•
Voice calls may fail on dial-peers matching the Non-Facility Associated signaling (NFAS) trunks of a Cisco AS5300 series universal access server running with a mix of Regular PRI and an NFAS configuration. There is no workaround.
•
There is an unexpected disconnect of Layer 2 on a Cisco 800 series router that shares an S-bus with four or more devices only.
Q.921 debugging points to the ID being removed by the switch when other devices are sharing the S-bus.
When multiple devices on the S-bus try to reply to an IDCKRQ message from the switch by doing an IDCKRSP, there are D-channel collisions. There was a problem in the D-channel collision-handling mechanism in the driver software because it resides in software in the Cisco 800 series router using the mc145574 Motorola ISDN S/T transceiver. There is no workaround.
•
Macintosh computers cannot authenticate to AppleTalk servers across WAN links when compression is enabled on a Cisco 3660 router running Cisco IOS Release 12.0(5)XK1. There is no workaround.
•
A Cisco 1720 router experiences a software-forced reload when you load the c1700-bno3r2sy56i-mz, c1700-bno3r2sv3y56i-mz, c1700-bk2no3r2sv3y-mz, and c1700-bk2no3r2sy-mz images. There is no workaround.
•
Packets coming from a Cisco TN3270 Telnet server onto ATM are corrupted. If a number of packets arrive, the leading packet is overwritten by the contents of the following packets. There is no workaround.
•
A Cisco 7200 series router may reload because of memory corruption and exhibit the following error message:
%SYS-2-MALLOCFAIL: Memory allocation of 520 bytes failed fr om 0x60395028, pool Processor, alignment 0 -Process= "Pool Manager", ipl= 4, pid= 4 -Traceback= 603C84DC 603C9F88 60395030 603D4578 603C2C34 603C2C20There is no workaround.
•
CiscoView 4.2 may not work properly on a Cisco 7513 router that is running Cisco IOS Release 12.0(9). This situation occurs when slots 0, 2, 5, and 9 are populated with VIP2 Versatile Interface Processors and PA-8T-V35 port adapter cards. CiscoView 4.2 may not show the PA-8T-V35 port adapter on slot 9. Other slots may also report incorrect information. This situation is caused by Simple Network Management Protocol (SNMP) agent, not CiscoView 4.2. The output of the snmpwalk command shows the wrong card type with a note indicating that indices 19 and 24 are "unknown." There is no workaround.
•
When a PA-A3 port adapter is used on a Cisco 7200 series router, input drops may occur if slow output interfaces are not returning buffers quickly enough. This problem is more visible when the NPE-150 is used in a 7200 router that has a high number of slow output interfaces.
Workaround: Limit the number of buffers that can be held by the egress interfaces by using First In, First Out (FIFO) queueing with limited queue sizes. Refer to the following example, using the interface serial global configuration command:
interface Serial1/0 no fair-queue hold-queue {x} out
•
This problem has been seen with FastEthernet and FDDI interfaces when network connectivity is disrupted, or when an HSRP router with higher priority is added to a network.
When the HSRP state changes from Active to Speaking, a link-state change occurs. The switch detects this link state change on the interface and a Spanning Tree protocol transition takes place. The Spanning Tree takes 30 seconds (twice the default Forward Delay time of 15 seconds) to transition the port into the Forwarding state.
At the same time the Speaking router will transition to the Standby state after 10 seconds (HSRP Holdtime). The Spanning Tree is not Forwarding yet, so no HSRP Hello messages will be received from the Active router. This causes the Standby router to become Active after a further 10 seconds.
Both routers are now Active. When the Spanning Tree ports become Forwarding the lower priority router will change from Active to Speaking and the whole process will repeat.
It has also been seen on interfaces where a host on the network was causing an IPX broadcast storm. This causes HSRP to loose Hello packets, which then caused the HSRP state to flap. The symptom of this was a duplicate HSRP packets.
Workaround: Perform one of the following actions: 1. Ensure that there are no packet storms on the network. 2. Change the duplex setting of the switch; set it to "auto." 3. Configure "set spantree portfast enable" on the switchports. (See http://www.cisco.com/warp/public/784/packet/oct99/cat5000.html Troubleshooting the Catalyst 5000) 4. Configure "standby usebia."
•
Snmpwalk on a Cisco 7500/RSP series router with an ATM interface may cause a CPUHOG situation and affect router performance. There is no workaround.
•
You cannot create variable bit rate non-real time (VBR-NRT) switched virtual circuits (SVCs) if Resource Reservation Protocol (RSVP) is enabled. Requests for SVC creation will fail for VBR-NRT class of service. There is no workaround.
•
Under a large Virtual Private Network (VPN) configuration (and possibly other configurations), the Versatile Interface Processor (VIP) may spend an unusual amount of time processing interprocess communication (IPC) messages. If this amount of time becomes especially long, a FIB_DISABLE may occur on the Route Processor (RP). There is no workaround.
•
In a large Virtual Private Network (VPN) configuration, a Versatile Interface Processor (VIP) may spend several minutes processing interprocess communication (IPC) messages causing a FIB_DISABLE on the Route Processor (RP). There is no workaround.
•
Cisco Express Forwarding (CEF) may not process an interface up event, so that the show interface command may show the interface up while the show cef interface EXEC command has it down. This situation can also result in missing prefixes in the CEF table.
Workaround: Repeat the no shutdown interface configuration command on the interface. It is not necessary to shut down the interface first (with the shutdown command).
•
If input MAC accounting is configured on an interface, misaligned read accesses may be encountered on the Cisco 7500 series Route Switch Processor (RSP). The show alignment command should be entered to determine if misaligned accesses are occurring.
Workaround: Disable input MAC accounting on the interface.
•
A digit string may only be recognized if the user dials 0 followed by the string. Any digits before the 0 are not recognized.
Workaround: Enter the pots rx-loss -6dB configuration command.
•
Interface counters will give incorrect values for tunnels on a serial interface when Cisco Express Forwarding (CEF) and IP Security (IPSec) are in use. There is no workaround.
•
A memory leak may occur on a Route Switch Processor (RSP) when it is used with Versatile Interface Processors (VIPs) while running Open Shortest Path First (OSPF). The problem results because of repetitive reloading and downloading of VIP line cards that are disabling Cisco Express Forwarding (CEF) because of a lack of memory.
Use the show processes memory [inc OSPF R] EXEC command and the show memory summary [inc OSPF R] EXEC command on the RSP to determine if increasingly large amounts of memory are being held by the OSPF process. Use the show cef linecard EXEC command to determine the number of reloads that a VIP has encountered.
Workaround: Ensure that the VIPs have sufficient memory for their configuration and environment, such that CEF is not disabled on the VIP.
•
A router may reload with crypto enabled on a Fiber Distributed Data Interface (FDDI) interface processor (IP). There is no workaround.
•
When you configure an IP address on any interface or subinterface on a VIP2 Versatile Interface Processor using a Fast Ethernet PA-2FEISL-TX port adapter, the IP network configured on the subinterface does not show up as a directly connected interface in the IP routing table. As a result, there is no IP connectivity across the network.
Workaround: Configure a static interface route for the directly connected network.
•
When Cisco Express Forwarding (CEF) switching and Virtual Access interfaces are used, a Cisco 7200VXR router experiences serious problems with many alignment errors causing the CPU to reach 100 percent utilization. With an increasing number of users (virtual access interfaces), a production router will cease functioning instantly. There is no workaround.
•
With Cisco IOS image c5300-js-mz.dp77759_del_5, the R2-R2 hairpinning calls are fine except that some of them stay connected, even when the called party and the caller hang up the phone, because the gateway does not recognize that the calls have ended and the circuit remains connected.
Workaround: Reload the router.
•
If you run Cisco IOS Release 12.0.7 T, a router may get in the E_DSP_ALARM_IND in the SETUP_REQ_FAIL state. This error occurs only occasionally.
Workaround: Perform a digital signal processor (DSP) reset or reload.
•
Cisco routers configured to use Stack Group Bidding Protocol (SGBP) may experience a buffer leak in large buffers.
The memory leak may occur if a fairly large number of Multilink PPP (MLP) bundles are terminated on the SGBP member at the time the member enters or re-enters the stack group.
Evidence of the leak can be determined by monitoring the SGBP connection hello messages. These messages are enabled with the debug sgbp hellos command. If you see the following message and the size value is greater than 1360, a memory buffer will be leaked:
SGBP: Send Info, count 1 size 7
There is no workaround. Reload the router to recover I/O memory.
•
When multiple, load-shared paths exist between provider edge (PE) routers, a PE router may reload if all paths are lost simultaneously while Virtual Private Network (VPN) traffic is being forwarded. There is no workaround.
•
Any multiflex trunk module (MFT) T1/E1 card, when plugged in alongside a BRI WAN interface card (WIC) in either a Cisco 2600 WIC slot or a Multicast Address Resolution Server (MARS) series router combo card (1E1R2W,1E2W,2E2W), does not operate if the BRI is not connected to the network interface provided by the ISP.
This situation only occurs when BRIs and any type of MFT WIC card are installed together in either a Cisco 2600 router's built-in WIC slots or a MARS combo card.
Workaround: Connect the BRI to its WAN network interface at all times. If this cannot be done, you must remove the BRI from its WIC slot to get the MFT to work.
•
Open Shortest Path First (OSPF) updates may be corrupted on a Cisco 7500 series router using Multiprotocol Label Switching (MPLS) switching with Cisco Express Forwarding (CEF) output features enabled (including "service policy output"). IP routes are temporarily deleted from the IP routing table and a loss of connectivity may occur.
Workaround: Configure the ip cef global configuration command. Then, execute the copy running start command, and reload.
Alternate workaround: Enter the memory cache-policy io uncached command. However, entering this command may sacrifice packet switching performance.
•
Windows 2000 configured to encrypt Layer 2 Tunneling Protocol (L2TP) traffic with IP Security (IPSec) reloads Cisco IOS software.
This situation occurs only when the Windows 2000 user initiates IPSec with the default IPSec settings.
Workaround: Use IPSec settings with only the transforms you need. By default, Windows 2000 proposes a large number of proposals with all possible combinations of esp and ah transforms. This large number of transforms is causing a buffer overflow and thus memory corruption that causes a reload.
•
The Five minute output rate counters do not match the Five minute input rate of the directly connected serial interface. There is no workaround.
•
When the ip unnumbered interface configuration command is configured, an ATM subinterface does not respond correctly with Inverse Address Resolution Protocol (InARP) requests. There is no workaround.
•
A Cisco 1605-R router may experience a bus error restart when it is booted with the Ethernet interfaces connected and is running Cisco Express Forwarding (CEF) and Distance Vector Multicast Routing Protocol (DVMRP). Replacing the hardware does not solve the problem.
Enabling Protocol Independent Multicast (PIM) and the ip verify unicast reverse-path command on the same interface may cause the bus error at boot.
Workaround: Disable either PIM or the Reverse-Path Forwarding (RPF) check.
•
An NM-2E2W, NM-1E2W, NM-1E1R2W network module with a BRI WAN interface card (WIC) and a WIC-T1CSU on a Cisco 3600 series router may function incorrectly on rare occasions. When this problem happens, ISDN layer 1 on the BRI WIC is persistently deactivated and the WIC-T1CSU continues to work correctly (if no event requires the integrated CSU/DSU to signal the main IOS, in which case it ceases to pass date) except that the show service-module serial privileged EXEC command returns an error message.
Workaround: Power cycle the router.
Alternate workaround: Reload software.
•
The cookie value in the chassis of a Cisco AS5800 series universal access server with integrated modems is programmed wrong. This error causes instability in environmental monitoring. There is no workaround.
•
You cannot terminate a Cisco Virtual Private Network (VPN) client that requires Mode Configuration (Mode Config)/Extended Authentication (Xauth), and a Windows 2000 IP Security (IPSec) client on the same interface, which has a crypto map applied to it, to do Mode Config/Xauth.
Workaround: Use two separate interfaces with two separate crypto maps. The Windows 2000 client does not implement Mode Config/Xauth; rather it attempts to achieve the remote access through Layer 2 Tunneling Protocol (L2TP).
•
The PA-MC-8T1 port adapter reports that Firmware paused indefinitely and then reloads the router. There is no workaround.
•
When IP Security (IPSec) hardware encryption is used, packets are not forwarded if Frame Relay or a generic routing encapsulation (GRE) tunnel is used.
Workaround: Use the Cisco IOS software crypto engine.
•
A Gigabit Ethernet interface may remain in an up/up state with no cable attached when running Cisco IOS Release 12.1(2). This condition can cause problems when running Hot Standby Routing Protocol (HSRP). The result is that if the active router fails, the backup router will take over; however, any traffic destined for the local segment from the original active router will be dropped. There is no workaround.
•
The "long pound" feature does not work since the codec bytes were set to an incorrect value for a G.711 codec.
There is no workaround.
•
If a new recursive prefix is learnt by CEF, and a less specific prefix already exists, traffic that would have been forwarded using the less specific prefix will be dropped for up to 15 seconds, while the new recursive prefix is resolved.
There is no workaround.
•
Multiprotocol Label Switching (MPLS) labeled packets that are larger than 1500 B cannot be sent out FastEthernet even if "tag mtu" is configured to be larger than 1500 B on the FastEthernet interface. There is no workaround.
•
A Cisco router that is configured with Multiprotocol over ATM (MPOA) and Cisco Express Forwarding (CEF) may create an ingress cache and an egress cache with the same IP address, and the egress MPOA Client (MPC) address of the ingress cache points to itself. This situation may create a routing loop that causes the router to function improperly. This situation may occur during the route transitions in the network caused by topology changes.
Workaround: Clear the CEF adjacencies using the clear adjacency EXEC command. Clear the corresponding ingress and egress caches using the clear mpoa client cache [ip-address ip-address] EXEC command.
•
A Cisco 7507 router running Cisco IOS Release 12.0(7)T may reload by bus error at hdlc_address. The following message appears in the crashinfo file just before the reload:
%ALIGN-1-FATAL: Illegal access to a low address addr=0x198, pc=0x600D1138, ra=0x60297D18, sp=0x624FC7C8There is no workaround.
•
An SNA Switching Services (SNASw) router does not turn on the Command/Response (C/R) bit on the source service access point (SSAP) when replying to an exchange identification (XID) request.
The trace between the SNASw router and the Point of Sale (POS) device shows that the C/R bit on the SSAP is not set when the SNASw router replies to the XID request. Thus, the POS device fails to begin the XID process. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.1(2.1)T with authentication, authorization, and accounting (AAA) configured may reload with a bus error. There is no workaround.
•
A Cisco AS5300 series universal access server using Feature Group-D-Exchange Access North American (FGD-EANA) as the T1/channel-associated signaling (CAS) type does not strip off the two digits info-digits in front of the Digital Number Identification Service (DNIS) from the switch. This condition may result in reporting the wrong DNIS or failure of authentication.
Workaround: Use the Cisco IOS image "c5300-is-ms.CSCdr59154."
•
The tx-ring-limit command is deleted after reloading if it is configured with the service-policy command. If the service-policy command is not configured, this problem does not occur.
Workaround: Reissue the tx-ring-limit command after reloading the router.
•
When you use the async mode interactive interface configuration command and autoselect during-login line command on a Cisco AS5800 series universal access server, autoselect may not work. With approximately 300 users online, the probability of this problem is about 20 percent, or 2 out of 10 calls. There is no workaround.
•
When connecting an LU6.2 session to a low-entry networking (LEN) device with the Systems Network Architecture (SNA) Switch, snasw location statements do not take effect properly when that LEN device is connected over a link that is a defined link from the SNA Switch perspective (hence an uplink). There is no workaround.
•
TXCONN is causing SNA sessions to unbind when it terminates conversations.
Impact SNASw must rebind the sessions again before another conversation can be allocated. This condition is inefficient and may, in certain configurations, cause allocation failures. There is no workaround.
•
Removing the last Virtual Private Network (VPN) route advertised by a provider edge (PE) router may result in all VPN forwarding information to remote PEs being lost.
Workaround: After bringing the interface back up, enter the clear ip route vrf [name] * command for all configured VRFs.
Alternate Workaround: Have at least one loopback address on the PE that is advertised into a VPN.
•
On rare occasion, POTS ports may not ring when telephone devices are attached to a Cisco 800 series router. There is no workaround.
•
Address family information that is specific to Border Gateway Protocol (BGP) does not appear in the configuration, even though it is applied by the router when the only configuration present for the address family is a redistribute router configuration command.
Workaround: Add a network (router configuration command) statement in the BGP configuration for this address family so that the correct configuration is visible.
•
A Cisco AS5300 series universal access server may experience a bus error in csm_vtsp_dialing_done. This situation occurs on systems using channel-associated signaling (CAS) types. There is no workaround.
•
Upon system initialization, ATM permanent virtual circuits (PVCs) are left in the inactive state and do not change to the active state unless the user issues a shutdown/no shutdown of the associated ATM interface in configuration mode.
Workaround: Reinitialize the interfaces manually.
•
A router may reload when using a TCP server on a unique port, which may happen when an internal ping runs to test connectivity with the host.
Workaround: Configuring another DBConn TCP server on the same port. Two separate DBConn servers configured on the same port disables the internal ping mechanism.
•
The OFF_TIME between digits for Modify/Channel Associated Signaling (MF/CAS) is currently 30 microseconds when it should be 60 microseconds. This condition may cause problems in digit detection when using MF/CAS. There is no workaround.
•
Configuring a Cisco Route Switch Processor RSP with Multiprotocol over ATM (MPOA) and Cisco Express Forwarding (CEF) may lead to data loss when CEF uses the virtual channel connection (VCC) that was created by MPOA Client for data transfer in the following cases:
–
–
Workaround: Clear the CEF adjacencies using the clear adjacency EXEC command.
•
On Frame Relay permanent virtual circuits (PVC)s, Cisco Express Forwarding (CEF) may not restore the adjacency when a Frame Relay PVC goes down.
Workaround: Clear the adjacency using the clear adjacency EXEC command.
•
A Cisco 1750, 2600 series, or 3600 series router reloads when you use the no ip inspect command before the session information structure (SIS) is removed.
Workaround: Wait until all sessions are removed, and then use the no ip inspect command to clean up the inspect configuration.
•
A Versatile Interface Processor (VIP) or a Cisco 7200 series router may reload after fragmenting packets while CEF switching (distributed CEF switching in the case of the VIP) is enabled. There is no workaround.
•
A Cisco router may reload if a large Certificate Revocation List (CRL) is retrieved during certificate processing. If the CRL is larger than 8000 bytes, the router may reload. Testing the crl request command (manual CRL retrieval) may cause the router to reload if the CRL is larger than 8000 bytes.
Workaround: Decrease the size of the corresponding CRL on the CA server to smaller than 8000 bytes.
Alternate workaround: Add the crl optional configuration subcommand to the crypto ca identity {name} global configuration command in the router configuration and remove the query url {url} configuration subcommand from the same crypto ca identity {name} command.
•
When you have many Rumba clients configured for a low-entry networking (LEN) connection, exchange identification (XID) negotiation fails with sense 1016001A if you attempt to connect to a SNASwitch port that does not specify CONNTYPE "len." The adjacent node is inconsistent in its support of parallel trunk groups (TGs). A DLCTRACE shows that the first prenegotiation XID inbound from the Rhumba client contains the x'80' bit at displacement x'0F'. This trace indicates support for multi-link TGs (MLTGs). The next inbound XID has the x'80' bit off at displacement x'0F', indicating that it does not support MLTGs. SNASwitch properly fails the XID exchange and sends an XID with a CV22 appended with the sense code.
This situation previously worked on the Advanced Peer-to-Peer Networking (APPN) code, so checking in the SNASwitch code is more stringent, but correct. There is no workaround.
•
When e&m-immediate-start is used on a Cisco AS5300 series universal access server, dialout operation may be affected.
The AS5300 may be unable to make outgoing calls after a period of operation.
Workaround: Reboot the router.
•
When two user sessions are using the show cable flap command at the same time and the first user is stopped at the "-- More --" prompt, the Universal Broadband Router (UBR) will reload when the first user tries to continue passing the "-- More --" prompt while the second user goes through the show cable flap command output and enters the clear cable flap all command.
Workaround: Limit user sessions with the show cable flap command to one.
Alternate workaround: Disable the "-- More --"prompt by setting "terminal length 0."
If a user opens a session, console or Telnet, and quits from the session (for example, "Ctrl, quit", or unplugs the console cable) at the "-- More --" prompt, the user has to go back in to go through all the output of the show cable flap command or abort the CLI command.
Otherwise, the clear cable flap all and the cable flap list aging commands will not be able to change the cable flap list command.
•
In a configuration where dial-peers form a hunt group, the hunt-group feature may not work in all cases. For example, when a router fails to place a call through one dial-peer, it will not roll over to the next dial-peer in the hunt-group. There is no workaround.
•
When a SNASwitch router has two ports defined to use one or two connection networks, and a CN link is established to a virtual telecommunications access method (VTAM) host, the transmission group (TG) negotiation fails when SNASwitch attempts to use the same tg#1 as the other real link (which is rejected with cv22 from the host).
There is no workaround if multiple connection-network ports are required with parallel CN links to same real host.
•
A Cisco7200 or Cisco7500 series router having ATM-PA3 in them, may reload because of bus error at address 0x50000000 or at address 0x08000000 in atmdx_rx_interrupt. The bus error always points to one of these addresses.
Reloads occur after the atm-dlx driver has received a packet properly and tries to process it.
Workaround: Disable the ip cef (in Cisco7200 series) or ip cef distributed (in Cisco7500 series) global configuration command.
•
Cisco DistributedDirector will produce an incorrect URL when operating in HTTP redirect mode in Cisco IOS Release12.1. This problem does not occur in Cisco IOS Release11.1 IA. Domain Naming System (DNS)-based server selection is not affected by this problem. There is no workaround.
•
In Cisco IOS Release 12.1(1.3), the show controllers e1 call-counters privileged EXEC command gives out the wrong call duration value for some channels on which active calls are carried. The call duration value returns to the correct value after the active call ends. Voice over IP (VoIP) calls go through without a problem. There is no workaround.
•
When a gatekeeper configured with a static gateway entry has been reloaded, the gatekeeper can forward calls to the static gateway. However, approximately 30 minutes later, calls can no longer be forwarded, and a reload is required to resume functionality. There is no workaround.
•
A Cisco 7500 series router that is running encryption in Cisco IOS Release 11.2 may experience spurious access and a software-forced reload after displaying the following log messages:
Crypto engine 4: sign message using crypto engine: %SYS-2-NOBLOCK: idle with blocking disabled -Process= "Crypto SM"There is no workaround.
•
Tunnel End-Point Discovery (TED) fails when TED probe is sent out on a multiaccess interface (such as Frame Relay or X.25) if the packet destination is not the next hop. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.1(2.3) may reload because of a race condition between destruction of a physical unit (PU) control bank (CB) and a DSPU_ACTIVE message when the node is under stress. There is no workaround.
•
A Route Switch Processor (RSP) reloads with a bus error. A versatile Interface Processor (VIP) reloads when RSP reports a bus error exception. The slave RSP appears but does not pass traffic.
The problem is related to the Duplicate Ring Protocol (DRiP), which is enabled when the Token Ring Inter-Switch Link (TR-ISL) protocol is in use. Further, the problem occurs only when the I/O memory pool on the router runs dangerously low or is fragmented in such a way that buffers cannot be allocated for packet duplication. There is no workaround.
•
Entering the resetcd {active CC} R command on the BPX node causes permanent loss of Tag Distribution Protocol (TDP) neighborship. This symptom results in service disruption between label edge routers (LERs).
Other commands (such as switchcc) that force all the BPX slaves to resync with the label switch controller (LSC) may also cause this problem.
Another symptom is that the output for the show xtagatm cross-connect traffic interface xtagATM xxx command shows that both rx-cell-cnts and tx-cell-cnts are "n/a" for the affected cross-connects.
Workaround: Perform a shut/no shut sequence on the Virtual Switch Interface (VSI) control interface on the LSC.
Alternate workaround: Enter the resetcd command against the BXM connected to LSC.
Alternate workaround: Perform a full rebuild.
•
The CCH323 call control block (CCB) leaks when calls are terminated to the gateway (GW) and the GW receives an admission rejection (ARJ) from the gatekeeper.
The memory held by CCH323_CT process will grow over time. The show process mem {process ID of CCH323_CT} command should be used to determine where memory is located. There is no workaround.
•
Fragmented Encapsulating Security Payload (ESP) packets arriving on a router do not seem to be passed to the crypto engine because decryption counters are not increasing. No encrypted packets pass through the router. There is no workaround.
•
A Manufacturer Serial Number is appended with 0x when it should be displayed as alphanumeric string. There is no workaround.
•
When using class-based weighted fair queueing (CBWFQ) and low latency queueing (LLQ) on the physical interface of a Frame Relay connection (that is, the configuration in which the service-policy command is attached to the physical interface and the IP address given to the subinterface), the service-policy command is not activated after the router is reloaded. The following message appears during the boot process:
Service policy policyTST is already attachedAfter the reload completes, CBWFQ and LLQ are not active, even though the service-policy command is present on the interface in the configuration.
Workaround: Remove the service-policy command from the interface, and then reapply it.
•
When polling Cisco 2600 series routers in the network for Hot Standby Router Protocol (HSRP) statistics, the routers reloads.
Workaround: Disable Simple Network Management Protocol (SNMP).
•
In Cisco IOS Release 12.1(3), if an incoming dial call cannot get a dial modem to proceed under stress, this call will be processed as a voice call (that is, not as a modem or ISDN dialup call) if there is a voice modem card.
In this case, Cisco IOS software is not able to find an incoming voice dial peer associated with the incoming call (this is always the case; otherwise, this call would have been treated as voice call in the first place). The memory allocated for the voice active call record and the voice call history record of this call will leak.
This situation most likely occurs in a dial/voice combined configuration in which you have both the dial modem card and the voice modem card, a group of PRI lines for dial, and another group of PRI lines for Voice over IP (VoIP). In this case, if the incoming dial calls cannot find modem resources because of heavy call load, they are treated as voice calls. Usually, you do not have a dial peer for the call, so you will have memory leak.
To avoid this case, ensure that every incoming dial call always gets dial modem resources. For example, make sure that you have enough digital signal processor (DSP) cards. There is no workaround.
•
Weighted Random Early Detection (WRED) classifies all Multiprotocol Label Switching (MPLS) packets as precedence 0 in the MPLS->MPLS and MPLS->IP paths, regardless of their actual MPLS Experimental field values. There is no workaround.
•
As a Cisco router boots Cisco IOS, it attempts to read the CPU EEPROM into a data structure that is not big enough, causing the router to reload. The crash dump typically looks like this:
Nested r4k_return_to_monitor call (2 times) -Traceback= 0 6038EC00 6038EB14 6038D524 603768D4 6042C86C 6042BF88 6043866C 604379CC 6042EB18 Nested r4k_return_to_monitor call (3 times) *** System received a Bus Error exception *** signal= 0xa, code= 0x4008, context= 0x61869b70 PC = 0x60431200, Cause = 0x4020, Status Reg = 0x34008002 rommon 2 >There is no workaround.
•
When you configure Class of Service (CoS) on an extended Tag (XTag) interface, you can only configure it on operational XTag interfaces. If the XTag interface is down, the CoS changes are not written to NVRAM or they become part of the running configuration.
When you configure CoS on operational XTag interfaces, you may get false information when you display the running configuration.
The data structure needed to store the value for CoS is dynamically allocated and does not exist when the XTag interface is down. The values for CoS supplied from the command line have no place to be stored, and the values will not apply.
When the show run command is entered, the code loops through each XTag interface to obtain the CoS values from the appropriate data structure. The CoS percent bandwidth values are then stored in a global array that acts as a temporary placeholder and are written to NVRAM when the show run command output is displayed. If the next XTag interface is not operational, no structure exists that contains the CoS data, so the data cannot be stored in the global array. However, the values in the global array are still written to NVRAM. It is likely that the values are from the previous interface because the global array was never cleared.
Workaround: If you want to apply CoS to XTag interfaces, you should only issue the tag-switching atm cos global configuration command if the XTag interface is up.
You can verify the settings by using the show xtagatm cos-bandwidth-allocation xTagATM {0-2147483647} command.
If you issue a show run command, then you should not pay attention to the CoS values displayed on the XTag interfaces.
You should not perform a write memory command because it could cause the startup configuration to put corrupted CoS information on the XTag interfaces.
•
CSCdm94333, which was integrated in Cisco IOS Release 12.0(9.6)S, introduced a new version of the automatic protection switching (APS) protect group protocol that required both working and protect routers to be upgraded simultaneously. The fix for CSCdr75997 relaxes this restriction by supporting interoperability between systems that are running different versions of the APS protocol so that working and protect can be upgraded independently.
•
The VLAN0 of a Route Switch Module (RSM) participates in Open Shortest Path First (OSPF) election. There is no workaround.
•
Full-duplex is not found and is not a valid function when a Cisco 3660 router is running Cisco IOS Release 12.0(7)T. However, the NM-4E and NM-1E Ethernet network modules should support full-duplex in all releases later than Release 12.0(4)T. There is no workaround.
•
If a Virtual Private Network (VPN) routing/forwarding instance (VRF) static route points to a next-hop that is also resolved by a VRF static route, a tag is incorrectly imposed over the provider edge-customer edge (PE-CE) link. Consequently, traffic does not pass.
Workaround: Change your VRF static routes so that one is not dependant on the other.
•
Some versions of a Cisco uBR7200 series VXR/NPE300 with I/O control, Fast Ethernet, and the MC16C or MC16E cable modem cards will not boot. They will reboot to ROM by watchdog hard reset. There is no workaround.
•
When using a Cisco AS5300 series universal access server with Cisco IOS Release 12.1(2a)T1 to run two-stage Voice over IP (VoIP), the TFTP-based interactive voice response (IVR) loading will cause the input queue of Fast Ethernet to build up. There is no workaround.
•
When a named access list is configured in a class map, a router running Cisco IOS Release 12.1(3) restarts by a bus error exception after the show class-map command in entered.
Workaround: Avoid the show class-map command with named access lists, or use a numbered access list.
•
When Cisco Express Forwarding (CEF) switching and Virtual Access interfaces are being used, a Cisco 7200VXR router running Cisco IOS Release 12.1(3) may experience high CPU usage because many alignment errors are occurring. There is no workaround.
•
When the Cisco uBR924 cable access router in a Data Over Cable Service Interface Specification (DOCSIS) bridge mode is being operated, voice calls originating from the Cisco uBR924 do not work. There is no workaround.
•
When a protected client station opens a new connection using the same port numbers (source and destination) too quickly after the previous connection was closed, the old structure is used by Cisco IOS to let the beginning of the session go through. However, the structure will be freed after timewait has elapsed. This causes the connection to be discontinued. There is no workaround.
•
Windows Common Object Module Transaction Interface (COMTI) pauses indefinitely if your COMMAREA data size is less than the configurable COMMAREA size.
Client connections pause indefinitely. There is no workaround.
•
Encryption (IPSec) does not work on a Cisco 7200 series router with desktop and 3DES images when fast switching (using the ip route-cache interface configuration command) is turned on. There is no workaround.
•
After you try to configure a secondary standby Hot Standby Router Protocol (HSRP) group, a Multilayer Switch Feature Card (MSFC) running Cisco IOS Release 12.1(1)E1 (or E2) experiences a bus error exception if a user attempts to remove the VLAN interface. Queued messages may resemble the following text:
*** System received a Bus Error exception *** signal= 0xa, code= 0x10, context= 0x6160c240 PC = 0x602137a8, Cause = 0x2420, Status Reg = 0x34008002Workaround: Remove the secondary HSRP groups before removing the VLAN interface.
•
H.323 gateway may reload when it experiences a time-out on admissions requests (ARQs) for call admission at the terminating gateway. There is no workaround.
•
The ignore-dcd interface configuration command tells a router to look at Data Set Ready (DSR) to determine if a link is up. However, this command does not work unless the interface is shut down and then brought back up again. Then, the igonore-dcd command will take effect. This situation is undesirable for unattended sites.
Workaround: For attended setups, shut/no shut the affected serial interface after the router boots.
•
When a port-channel subinterface on a Cisco 7500/RSP series router that is running Cisco IOS Release 12.0 T is deleted, the entire interface (both the main and subinterfaces) is deleted instead of just the selected interface. There is no workaround.
•
Hot Standby Router Protocol (HSRP) does not work with distributed Cisco Express Forwarding (CEF). There is a 50 percent ping rate for the HSRP virtual IP address, and the following message occurs on the versatile interface processor (VIP) when you enter the ip cef distributed global configuration command:
VIP-Slot1# 20:45:17: %FIB-4-FIBXDRINV: Invalid format. virtual prefix with invalid if_numberWorkaround: Use Cisco IOS Release 12.1(4) or Release 12.1(4)T.
•
When a user advances the system clock (using the clock set EXEC command) on a Cisco uBR7200 series router to pass the Baseline Privacy Interface (BPI) key expiration period, the system expects the cable modem (CM) to renew BPI keys. Since the CM does not know about the system time change, it does not renew its BPI keys.
As a result, the CM stays in an online (pk) or reject (pk) state until it renews its BPI keys. The CM cannot pass traffic in these states.
The time stamp is used as an index to BPI key tables. The granularity of the time stamp is 4 microseconds. If two or more CMs obtain or renew their BPI keys within the same 4 microseconds interval, only the first BPI key information will be kept. The CM stays in the online (pk) or reject (pk) state until it renews its BPI key.
Workaround: Set the system clock before enabling the cable interface.
•
Making a V.110 call from a Cisco AS5300 series universal access server that is used as a network access server (NAS) connected to an SC2200 Signaling Controller in a special solution results in the call being rejected with the following message:
Invalid information element contentsThere is no workaround.
•
ISDN does not come up when using T1 or E1 on a Cisco AS5800 series universal access server. This situation occurs only in Cisco IOS Release 12.1(4.2), 12.1(4.3), and 12.1(4.2)T images. There is no workaround.
Novell IPX, XNS, and Apollo Domain
•
The ipx routing {mac-address} command does not work properly when a DECnet address is used as the {mac-address} option. If you use DECnet and WANs such as ATM you will not be able to use a mac-address of your choice in the map statement for the WAN. There is no workaround.
•
In Cisco IOS Release 12.0 and 12.1, but not in earlier releases, a Cisco router that is running Internetwork Packet Exchange-Enhanced Interior Gateway Routing Protocol (IPX-EIGRP) Service Advertising Protocol (SAP) on unstable WAN links may cause IPX EIGRP SAP packets to remain in memory, eventually exhausting processor memory.
Workaround: Run Routing Information Protocol (RIP)/SAP instead of EIGRP/SAP on the WAN links.
•
The host part of the ipx nhrp map ipx-address interface configuration command is not saved and, consequently, is incorrectly parsed when the show run command is issued. There is no workaround.
•
A router reloads when handling Internetwork Packet Exchange (IPX) access- logging messages. This situation may occur even if access-logging is not enabled.
You may exceed the 200 IPX network limit when hardware is activated after being removed. When the hardware is reactivated, interfaces that were not counted while the hardware was removed cause the limit to be exceeded. There is no workaround.
Protocol Translation
•
A Cisco 3640 router reloads into ROM Monitor mode when it is routing background traffic and running several X.25 translation sessions. There is no workaround.
TCP/IP Host-Mode Services
•
A Cisco router that is running Cisco IOS Release 12.1(1) or Cisco IOS Release 12.0(7)T may experience a stopped input queue on a serial interface while under normal operation. There is no workaround.
Wide-Area Networking
•
The National German BRI switch type 1TR6 is not supported for voice calls. There is no workaround.
•
On a Cisco router, the PPP WAN layer may call idb->reset whenever link control protocol (LCP) _close state is reached and whenever the router fails to get a confirmation acknowledgment after repeatedly sending configuration request messages to the peer. Since the idb->reset in the ISDN driver resets the physical layer, you see physical layer going up and down whenever the protocol layer with the peer is broken. There is no workaround.
•
A Cisco 3620 that is running Cisco IOS Release 12.0(7)T may reload on l2f_ip_udp_input process when a single Virtual Private Dialup Network (VPDN) group is used for L2F dial-in and Layer 2 Tunneling Protocol (L2TP) dial-out.
Workaround: Use separate VPDN groups for these two services.
•
A Cisco AS5300 series router may reload under normal traffic operation with Cisco IOS Release 12.0(7)T. There is no workaround.
•
On a Cisco router that is running Cisco IOS Release 12.0(7)T and that is configured to perform X.25 switching with local acknowledgement, some of the switched X.25 virtual circuits (VCs) may pause indefinitely. There is no workaround.
•
A Cisco 2610 router that is configured with dialer profiles and that is running Cisco IOS Release 12.0(7)T or Release 12.1(1) may experience a low and variable success rate in ping tests.
Workaround: Configure the hidden dialer disable multiencaps command.
•
On an access platform, when dialer profiles and virtual profiles are used together with a certain vendor's callback, the virtual profile is not applied to the callback call. There is no workaround.
Please contact the Technical Assistance Center (TAC) for more information.
•
A router running Cisco IOS Release 12.0(7.3) may experience the following error message when the show x25 EXEC command is used:
System returned to ROM by bus error at PC 0x6042D870, address 0xD0D0D0There is no workaround.
•
Two CAUSE information elements are sent in a STATUS message. There is no workaround.
•
The show x25 xot EXEC command may trigger a reload. The system returns to ROM by an Illegal Instruction error. There is no workaround.
•
Versatile Interface Processor (VIP) may reload with the following message:
DMA-1-DRQ_STALLED: DRQ stalled. Dumping DRQThere is no workaround.
•
Layer 2 Tunneling Protocol (L2TP) with Multilink Protocol (MLP) configured on a L2TP Network Server (LNS) and PPP client causes packets to be dropped in L2TP dialout, because pak fields are not initialized correctly after switching and there is a routing loop. There is no workaround.
•
If Dial-out is configured, the Virtual Private Network (VPN) tunnel is freed because the dialer in network access server (NAS) fails to dial the PPP client. This situation occurs when the dialer in the NAS is unconfigured and then reconfigured. There is no workaround.
•
A router reloads when downloading large (10MB) HTTP files using Multilink PPP (MLP) with a Layer 2 Forwarding (L2F) tunnel. There is no workaround.
•
Cisco IOS software installs bogus dynamic dialer maps for the Large-Scale Dial-Out feature when the primary RADIUS server fails, and the network access server (NAS) fails over to the secondary. Here is a sample output for the show dialer map privileged EXEC command:
Dynamic dialer map ip 13.13.13.13 name dun0751995 (3602218413) on Di0 Dynamic dialer map ip 0.0.0.1 name dun0755205 (3606946292) on Di0 Dynamic dialer map ip 0.0.0.9 name dun0807006 (3347353827) on Di0 Dynamic dialer map ip 171.18.52.205 name dun0807015 (8504214328) on Di0 Dynamic dialer map ip 220.86.120.187 name dun0807016 (8505470577) on Di0 Dynamic dialer map ip 0.15.11.72 name dun0807031 (8509841046) on Di0 Dynamic dialer map ip 172.26.178.253 name dun0807180 (9125576877) on Di0 Dynamic dialer map ip 171.18.52.205 name dun0807293 (8137198235) on Di0 Dynamic dialer map ip 172.25.24.253 name dun0807607 (8136648661) on Di0 Dynamic dialer map ip 172.25.90.245 name dun0807751 (9124364312) on Di0All the above entries except for 172.x.x.x are bogus, such as "13.13.13.13."
Workaround: Reload the router to clear these dialer maps once they are installed.
•
The convenience CLI command, show vpdn group, does not produce the desired output. Use show running-config as a workaround and look for the vpdn-group configuration.
•
A Cisco 7513 router with RSP4 may reload intermittently when running Annex G. There is no workaround.
•
A Cisco 802 router is not responding to Embedded Operations Channel (EOC) loop code on lease line ISDN. There is no workaround.
•
Any Cisco router running Cisco IOS Release 12.1(2.1) fails to register with ATM Address Resolution Protocol (ARP) server if the User-to-Network Interface (UNI) was configured to a UNI 3.0 version. Other ARP clients fail to resolve the logical IP subnet (LIS) of neighboring clients through the ATM ARP server. There is no workaround.
•
You may see the message "%ALIGN-3-SPURIOUS: Spurious memory access..." when a certain vendor's callback is being used and a callback fails to complete. The stack trace indicates the alignment error occurred in the dial_if() function, called from dialer_enable_timeout().
There is no workaround. Please contact the Technical Assistance Center (TAC) for more information.
•
When the primary D channel is shut in PRI Non-Facility Associated Signaling (NFAS) operation, the D-channel layer 1 may still be in the ACTIVATE state and layer 2 may still be in the AWAITING_ESTABLISHMENT state. There is no workaround.
•
On a Cisco router running Cisco IOS Release 12.1(3), the LAN Emulation Clients (LECs) fail to send LE_ARP responses if the LAN Emulation (LANE) interfaces form part of a bridge group with routing protocols enabled and are in the blocking state. Routed packets addressed to the router's own interfaces may be dropped. There is no workaround.
•
A Cisco router running Cisco IOS Release 12.0 or Release 12.1 may reload if it is running low in memory and a new Logical Link Control (LLC) session is added. There is no workaround.
•
A reload may occur during heavy usage at the Layer 2 Tunneling Protocol (L2TP) network server (LNS). There is no workaround.
•
The ISDN Switchtype is not set on BRI S/T and U interfaces on BRI WAN interface cards (WICs). There is no workaround.
•
On a Non-Facility Associated Signaling (NFAS) configuration, the ISDN subsystem may hold a large amount of processor memory which causes the system to run out of memory.
Workaround: Reload the system.
•
When a Non-Facility Associated signaling (NFAS) outgoing setup specifies a preferred B channel and interface and the "switch" negotiates for the same B channel on another interface, the B channel on the interface specified in the outgoing setup will remain in the proposed service state. B channels in the proposed service state are not usable for outgoing calls.
A change in the digital subscriber lines (DSLs) state through configuration (using the shutdown and no shutdown commands) will not restore the B channel(s) to IN_SERVICE.
Workaround: Reload.
•
The following messages are generated for every call disconnect with switchtype primary-ni configured:
ISDN ERROR: Module-l3_sdl_u Function-Ux_BadMsg Error-Source ID = 400 Event = ABThere is no workaround.
•
Packets that cannot be switched using Cisco Express Forwarding (CEF) through a Virtual Private Dialup Network home gateway/Layer 2 Tunneling Protocol (L2TP) Network Server (VPDN HGW/LNS) may cause alignment errors.
Workaround: Ensure that all packets can be CEF-switched.
Alternate workaround: Disable CEF switching on the HGW/LNS virtual template.
•
On a Cisco 803 router running Cisco IOS Release 12.1(2), a Memory Protection Violation may appear.
Memory Protection Violation: epc =0x004F6C8C, location of fault eva =0x00000???, read fault address error=0x00000082, illegal address pti =0x00000000 pte =0x02102100
CPU Register Context: PC = 0x004F6C8C MSR = 0x00009032 CR = 0x33500053 LR = 0x00275374 CTR = 0x00125DCC XER = 0xE000AF7F R0 = 0x00000000 R1 = 0x0061BBEC R2 = 0x0A010901 R3 = 0x0061BBF4 R4 = 0x00000000 R5 = 0x00000000 R6 = 0x0061BD10 R7 = 0x0271934C R8 = 0x0282E624 R9 = 0x0061BBF4 R10 = 0x00000000 R11 = 0x02738FF4 R12 = 0x55000053 R13 = 0x00010001 R14 = 0x00000000 R15 = 0x00000001 R16 = 0x02737F38 R17 = 0x00000001 R18 = 0x00000001 R19 = 0x0282E624 R20 = 0x00000002 R21 = 0x0271934C R22 = 0x00000000 R23 = 0x00600000 R24 = 0x0061BD10 R25 = 0x00000000 R26 = 0x00000000 R27 = 0x0061BD54 R28 = 0x02730498 R29 = 0x02742984 R30 = 0x027448A4 R31 = 0x0273C398
Traceback: 0x004CC50C 0x004ABE00 0x004A0EF8 0x004c6E4E4 0x0046E4B4 0x00000000There is no workaround.
•
A router reloads if the following interface configuration command is entered on a Frame Relay multipoint subinterface:
frame-relay map ip-address dlci rtp header-compression
Workaround: Specify the number of compression connections:
frame-relay map ip-address dlci rtp header-compression connections 256
•
Calls may be disconnected on some switch types during "overlap sending" because of the processing of T304_EXPIRY (expiration of timer T304). The time (in a Q.931 debug trace) between the INFORMATION transmission and the DISCONNECT transmission is extremely short. There is no workaround (using Primary-NI switchtype may work for some users).
•
A Cisco 7206VXR router that is running Cisco IOS Release 12.1(1)E reboots with bus errors approximately once per day, with no obvious changes or reasons. There is no workaround.
•
A Cisco router running a Cisco IOS 12.1 release that is configured for X.25 may experience a memory leak in X.25 background. There is no workaround.
•
If you enter the show isdn memory EXEC command on a Cisco AS5300 series universal access server, you can see that the line interface (LIF) timer blocks reach the maximum number and no more calls can be accepted by the router. A reload is required in order to clear the blocks. There is no workaround.
•
According to an Italian Homologation test requirement, a router should not respond with a STATUS message when it receives a NOTIFY message in the U3 and U4 states (for example, following the receipt of a Call Proceeding and Alerting message, respectively).
NOTIFY should be ignored in U3 and U4 states for all switch types. There is no workaround.
•
A Cisco 7500 router reloads because of a bus error. The reload appears to be triggered when Open Shortest Path First (OSPF) link state advertisement (LSA) updates reach the router. Updates includes an LSA, a routing table update, or a Tag Forwarding Information Base (TFIB) update. There is no workaround.
•
When initializing a Cisco router, the PRI receives the following message:
Channel State (0=Idle 1=Propose 2=Busy 3=Reserved 4=Restart 5=Maint_Pend) 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Service State (0=Inservice 1=Maint 2=Outofservice) 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2E1 and primary-net5 will not work.
Workaround: Enter the isdn service dsl0 b_channel 0 state 0 interface configuration command. Though doing so clears the problem, the initial situation recurs after reloading. E1 is not accessible unless you perform this workaround or the alternate workaround (below). If you reload the router, E1 will be inaccessible again.
Alternate workaround: Perform a shut/no shut sequence of the controller. Though doing so clears the problem, the initial situation recurs after reloading.
•
A Cisco 7500 series router configured with LAN Extender may reload.
Workaround: Turn off fast switching.
•
On a Cisco 2600 or 3600 series router, no T1 B channel is available, even if the T1 ISDN layer is active.
Workaround: Use the shut command followed by the no shut command.
•
Challenge Handshake Authentication Protocol (CHAP) authentication does not work on a Layer 2 Tunneling Protocol (L2TP) network server running Cisco IOS Release 12.1(1.5) or later releases. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.0(7)T may reload when Domain Name System (DNS)-based X.25 routing is used. There is no workaround.
•
A router running Cisco IOS Release 12.(3.0.3) and image c800-nsy6-mz reloads when you reconfigure the isdn switch-type global and interface configuration command at the "Config Term" level (and isdn switch-type basic-5ess configured previously) and initialize interface bri0 (shut/no shut). The following sequence of commands illustrates this situation:
router(config)#isdn switch-type basic-5ess
router(config)# interface bri0
router(config-if)#shut
router(config-if)# no shutThere is no workaround.
•
A Cisco 2600 series router running Cisco IOS Release 12.0(11.6) reloads when a call connects with Multilink PPP configured on Dialer Interface. There is no workaround.
•
After several hours of operation, a router reports the following error message:
%ISDN-6-INVALID_TIMER: LIF_RemoveTimer: Invalid Timer Handle, caller 0x6004C59C handle -1The show isdn memory EXEC command shows that the line interface (LIF) timer blocks has reached the limit of 30911.
Workaround: Always use interface 0 as the primary Non-Facility Associated signaling (NFAS) D channel for signaling System 7 (SS7) interconnect and PRI ISDN line connection.
•
A link error occurs because of a function in Cisco IOS core file "linkdown_event.c" that calls a PPP function that may not be present in some builds. There is no workaround.
•
Generating a running-config after configuring resource pooling and Virtual Private Dialup Network (VPDN) may cause a reload. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.1(3b)
Cisco IOS Release 12.1(3b) is a rebuild of Cisco IOS Release 12.1(3). The caveats in this section are resolved in Cisco IOS Release 12.1(3b) but may be open in previous Cisco IOS Releases.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.1(3)
All the caveats listed in this section are resolved in Cisco IOS Release 12.1(3). This section describes severity 1 and 2 caveats and select severity 3 caveats.
Basic System Services
•
If you send a "stream" (reverse Telnet) print job through an asynchronous line, and the print job is very small, the job may fail to print. In releases earlier than Cisco IOS Release 12.0(7)T or Cisco IOS Release 12.0(8), this situation occurs if the flush-at-activation command is active on the line. In later releases, the situation occurs if either flush-at-activation command is active on the line, or if the aaa new-model global configuration command is configured on the system.
Workaround: Use line printer daemon (LPD) or use Cisco IOS Release 12.0(7)T, Cisco IOS Release 12.0(8) or a later Cisco 12.0 release, or Cisco IOS Release12.1 and either use the no flush-at-activation command on the asynchronous lines or unconfigure the aaa new-model global configuration command on the system.
•
IP Security (IPSec) configured with fast switching works on the serial interface but fails on other interfaces. There is no workaround.
•
A Cisco AS5300 reloads with a bus error at PC 0x6022A3C8 when you try to use Telnet to go to a named-host. There is no workaround.
•
Block Serial Tunneling (BSTUN) char-set ascii mode on Cisco 1600 serial interfaces does not interoperate with some Binary Synchronous Communications protocol (Bisync) implementations. The Bisync code will reject frames that have trailing Pad (0x7F) characters. You may see the following message while the debug bsc event command is enabled:
BSC: Serial0:POLLER-FSM event:E_RxInvalid old_state:TCU_Polled. new_state:TCU_Idle.There is no workaround.
•
A Cisco router may experience degraded performance when several duplicate accounting records are sent. There is no workaround.
•
A Cisco universal access server may unexpectedly reload when there is a high number of Cisco DialOut calls.
Workaround: Temporarily disable DialOut.
•
A Cisco 3660 router may experience a spurious memory access when booting up. There is no workaround.
•
For Large-Scale Dial-out, there are static routes in the following format:
ip route 50.0.0.1 255.255.255.255 Dialer0 200 name LSDOtestThis format gets inappropriately modified to:
ip route 50.0.0.1 255.255.255.255 Dialer0 200The wrong username is extracted (formats ip address-out instead of username-out). There is no workaround.
•
When the network access server (NAS) and PPP client attempt to negotiate both Internetwork Packet Exchange (IPX) and IP for a session, attribute 8 (IP address) is dropped from the network accounting records. This situation does not occur if IP is the only protocol negotiated. There is no workaround.
•
A defect in multiple versions of Cisco IOS software will cause a Cisco router or switch to stop and reload if the Cisco IOS http service is enabled and an attempt is made to browse to http://<router-ip>/%%. This defect can be exploited to produce a denial of service (DoS) attack. This defect has been discussed on public mailing lists and should be considered public information.
The vulnerability, identified as Cisco bug ID CSCdr36952, affects virtually all mainstream Cisco routers and switches running Cisco IOS Release 11.1 through Release 12.1. The vulnerability has been corrected and Cisco is making fixed versions available to replace all affected Cisco IOS releases. Customers are urged to upgrade to releases that are not vulnerable to this defect.
Workaround: Nullify the vulnerability by disabling the Cisco IOS HTTP server, by preventing access to the port in use by the HTTP server on the affected router or switch, or by applying an access-class option to the service itself. The IOS HTTP server is not enabled by default except on a small number of router models in specific circumstances.
Please see http://www.cisco.com/warp/public/707/ioshttpserver-pub.shtml for the latest complete version of this security advisory.
•
The system reloads during authentication, while accessing already freed memory.
This failure occurs in Password Authentication Protocol/Challenge Handshake Authentication Protocol (PAP/CHAP) authentication.
There is no workaround.
•
There is a severe performance degradation for the NPE300 processor, specifically with the Packet-over-SONET (POS) and serial port adapters (PAs).
Workaround: Use Cisco IOS Release 12.1, 12.1 E, or 12.1 T.
•
The Service Assurance agent (SAA) responder can cause a memory leak if it is responding to SAA packets with different target IP addresses but the same target User Datagram Protocol (UDP) port. There is no workaround.
•
The Cisco Service Assurance Agent (CSAA; formerly known as Response Time Reporter (RTR)) granularity for the icmpecho is 4 milliseconds, even in Cisco IOS Release 12.0 T. Granularity should be 1 millisecond. There is no workaround.
•
The chassis interface and various interface processors on a Cisco 7500 series router does not come up after a reload. There is no workaround.
•
If a router has access to more than one TFTP server when it attempts to netboot, the netboot can fail if one TFTP server has the file being netbooted, while other TFTP servers do not have the file.
Workaround: Use the boot filename ip-address ROM monitor command in conjunction with the IP address of the TFTP server that has the image.
Alternate workaround: Disable the TFTP server on the systems that do not have the file.
Alternate workaround: Put the file on all TFTP servers that are accessible from the router being netbooted.
•
A Cisco MC3810 multiservice access concentrator running Cisco IOS Release 12.1(2.1) reloads while disconnecting a call. There is no workaround.
•
Environmental alarms are triggered spontaneously because of wrong hardware revisions. Only AC power supply alarms are affected. There is no workaround.
IBM Connectivity
•
A Cisco router that is configured for Synchronous Data Link Control (SDLC) and Qualified Logical Link Control (QLLC) through data-link switching (DLSw) local switching may reload with a bus error at:
PC 0x60F03F1C, address 0x10D.There is no workaround.
•
In a Blocked Serial Tunnel (BSTUN) network, the BSTUN state may be open on the headend and closed on the remote router after the headend router is reloaded.
Workaround: Enter the no bstun route interface configuration command, followed by the bstun route command. The tunnel then opens up on both sides.
Interfaces and Bridging
•
A Cisco router that is running Cisco IOS Release 12.0(04a) may receive the following alignment error messages on dot1q over Internetwork Packet Exchange service access point (IPX SAP):
%ALIGN-3-CORRECT: Alignment correction made at 0x605B8E70 reading 0x63E5A6F1 %ALIGN-3-TRACE: -Traceback= 605B8E70 60095714 60095700 00000000 00000000 00000000 00000000 00000000IPX SAP is affected only when dot1q encapsulation is involved (such as when IPX SAP is configured on a dot1q interface).
These alignment error messages do not affect connectivity or cause packet loss. There is no workaround.
•
If the input line to a PA-A3 port adapter in a Cisco 7200 or 7500 series router is not functioning properly and the port adapter is experiencing many alarms or errors on the line, link-up messages may appear without link-down messages on the console logs.
Confirm this occurrence by entering the show controllers atm privileged EXEC command. Check the cables and the interface on the other end of the link for problems. There is no workaround.
•
In Constrained Multicast Flooding (CMF), when a bridge group member joins and leaves a multicast group, multicast traffic still goes out that bridge member.
Work around: Enter the clear bridge multicast EXEC command. Traffic stops going out of the bridge member.
•
A Cisco Packet OC-3 Interface Processor (POSIP) may reload with a bus error. There is no workaround.
•
A Cisco 7500 series router with VIP2 Versatile Interface Processor boards containing a PA-ATM Enhanced port adapter and a PA-POS port adapter will experience an interface reload and will not be able to send or receive traffic.
Workaround: Configure these two high-speed PAs on different VIPs.
•
With IP Cisco Express Forwarding (CEF) and VLANs configured, the router may reload with a bus error when you use the configure memory privileged EXEC command. There is no workaround.
•
A packet that is 1500 B or longer (ip/tcp/payload) that is bridged from a Bridge Group Virtual Interface (BVI) to a Token Ring and then moves out to the bridged environment receives 8 bytes of extraneous characters inserted between the Token Ring MAC header and the IP header.
Workaround: Disable fast switching on the BVI interface.
IP Routing Protocols
•
A Cisco 2500 or 4000 series router may reload when you unconfigure virtual subinterfaces on X.25 or Frame Relay networks from a partial mesh topology for Enhanced Interior Gateway Routing Protocol (EIGRP) after you use the no ip routing global configuration command for some images such as the js image.
Workaround: Remove the subinterfaces before you use the no ip routing global configuration command.
Alternate workaround: Remove the EIGRP process with the no router eigrp global configuration command before using the no ip routing global configuration command.
•
If you move interfaces from a normal area to a new Not-So-Stubby Area (NSSA), the internal NSSA autonomous system boundary router (ASBR) may generate type-7 link-state advertisements (LSAs) into the NSSA area without the propagate bit (P-bit) set, so NSSA Area Border Routers (ABRs) do not translate these LSAs into type-5s. The P-bit is not set because the router treats the P-bit as an NSSA ABR as well as an NSSA ASBR which, per Request For Comments (RFC) 1587, should not set the P-bit in type-7 LSAs.
Workaround: Once the interfaces have been moved to the new NSSA area, perform the following steps:
no area x (x is the old area)
no area y nssa (y is the new NSSA area)
area y nssa
The above sequence will remove the old area and reoriginate type-7 LSAs with the P-bit set.
Alternate workaround: Instead of moving the interfaces to a new NSSA area, change the existing normal area into an NSSA area by using the area area-id nssa router configuration command.
•
Under rare circumstances, a link-state advertisement (LSA) on a neighboring router may get stuck in MAXAGE state and not be deleted. In this situation, the LSA cannot be originated again on this router, which may cause the route to become unavailable or cause packets to take another route that is less than optimal. This situation has been seen to occur when an OSPF neighbor runs out of memory and OSPF tables are corrupted.
Workaround: Restart the OSPF process by entering the clear ip ospf proc command.
•
Interoperability between NetMeeting 2.1 and NetMeeting 3.0 may not work properly when used with Cisco IOS Release 12.1(1) Network Address Translation (NAT). Some static NAT configurations do not work for NetMeeting 2.X when used with Cisco IOS Release 12.1 Network Address Translation (NAT). There is no workaround.
•
If you configure Protocol Independent Multicast (PIM) or Hot Standby Router Protocol (HSRP) on an ATM-LANE interface, the CPU of the Route Switch Processor (RSP) may reach 99 percent. This situation only occurs when Open Shortest Path First (OSPF) is enabled on more than 12 interfaces in combination with ATM-LANE. This situation does not occur on an RSP that is running Cisco IOS Release 12.0 S or Release 11.2 GS. There is no workaround.
•
In Cisco IOS Release 12.1 and Release 12.1 T, the IP policy cache is not cleared when you use the no ip route-cache policy interface configuration command.
Workaround: Issue the clear ip cache {prefix | mask} command for a specific cache.
•
When a reservation for a label switched path (LSP) is torn down, Resource Reservation Protocol (RSVP) sends the upstream neighbor a ResvTear message containing a RESV_CONFIRM object. RSVP maintains the reservation and keeps sending this message periodically until the upstream neighbor responds with a ResvTearConf message or the reservation times out.
If the downstream neighbor continues to send RESV refreshes for the LSP, the reservation never times out. In this situation, if the upstream neighbor never sends a ResvTearConf, the reservation remains stuck in this state indefinitely. The ResvTearConf mechanism is no longer defined in the RSVP-TE IETF draft, and is not used by some non-Cisco IOS implementations.
Workaround: Shut down the LSP at the headend. Wait for the reservation to time out (2 minutes) and then reestablish the LSP.
•
If you enter the show ip mds summary EXEC command or the show ip mds forwarding EXEC command at the Versatile Inter face Processor/line card (VIP/LC) console, then a counter to track the number of multicast routes may be incorrectly decremented and underflow to a huge number. The VIP/LC console may display a syslog message similar to the following:
%MDS-4-ROUTELIMIT: 4294967237 routes exceeded multicast route-limit of 2147483647
If this situation occurs, no additional multicast routes can be created and the router must be restarted.
Workaround: Do not use the show ip mds summary EXEC command or the show ip mds forwarding EXEC command at the VIP/LC console.
•
This problem occurs on a Cisco AS5300 series universal access server with the Simple Gateway Control Protocol (SGCP) call model only. A Cisco AS5300 series universal access server reloads when you enable a (specifically requested) hidden feature that is only applicable to a SGCP call model. There is no workaround.
•
When Virtual Private Network (VPN) is configured and Border Gateway Protocol (BGP) is used to exchange prefixes between the provider edge (PE) router and the customer edge (CE) router in Cisco IOS Release 12.1(02)T, the following tracebacks may occur when the PE router needs to withdraw a route from the CE router:
%ALIGN-3-SPURIOUS: Spurious memory access made at 0x6062A6CC[bgp4_format_unreachable(0x6062a5bc)+0x110] reading 0x41 %ALIGN-3-TRACE: -Traceback= 6062A6CC[bgp4_format_unreachable+0x110] 6062C28C[bgp_send_update+0xa84] 6062CC40[bgp_update_walker+0x178] 610020E0[rn_walktree_version+0x158] 6062D080[bgp_updates+0x2e0] 6062D87C[bgp_update_af+0x698] 60621BA8[bgp_router+0xa68] 602C9074[r4k_process_dispatch+0x14]These occurrences may include neighbors going down and removal of interfaces. There is no workaround.
ISO CLNS
•
On Cisco routers, if a DECnet packet is received on an ethernet interface and is converted to a CLNS packet, in the unlikely event that it cannot be routed to its destination, an unexpected reload may occur in ether_extract_addr.
There is no workaround.
Miscellaneous
•
After sending packets at a very high rate through a PA-A3 port adapter on a Cisco 7200 series router, the router may reload if you remove the card and reinsert it to a different slot with a new configuration on the same interface at the new slot. The following error patterns occur on the console:
%SYS-2-LINKED: Bad enqueue of 60DFD980 in queue 60CCFB30
-Process= "<interrupt level>", ipl= 1
-Traceback= 602398F0 601C1370 602000C8 60203958 601C4408 601C81B0
%SYS-2-BADSHARE: Bad refcount in retparticle, ptr=14AF, count=0
-Traceback= 601C14FC 602000C8 60203958 601C4408 601C81B0There is no workaround.
•
Cisco Encryption Technology (CET) connection is established but encryption and decryption fails. There is no workaround.
•
There is an erratic disconnect of Layer 2. The debug isdn q921 command shows bad sequencing and a PRI seems to have a Layer 2 looped. There is no workaround.
•
If there is a large network delay and Asynchronous Serial Protocol (ASP) does not support local acknowledgements (ACKs), you need to increase the poll interval on the end device to accommodate the delay. There is no workaround.
•
When a crypto map is deleted for a subinterface, the system reloads. There is no workaround.
•
The no ip route-cache cef interface configuration command is missing from the configuration after system reload.
Workaround: Turn off the ip route-cache cef interface configuration command when you reload the system, if it is in the configuration file.
•
When some PC fax modem software in conjunction with fax relay is used, proper operation is not accomplished unless the software is operating in class 1 mode when sending and in class 2 mode when receiving. There is no workaround.
•
In a Cisco AS5800 series universal access server using channel-associated Signaling (CAS) loop start signaling, ds0s may stop in l_wait_connect0 state while the trunk state shows that the far end is onhook. The state machine is not handling a host disconnect properly in this state. There is no workaround.
•
When you configure several hundred PPP over ATM virtual circuits (VCs) on a single subinterface using VC classes, some of the VCs may end up with a virtual access interface number of 0.
Workaround: Delete and reconfigure the VC to obtain a valid VA number. To prevent this problem from occurring, do not use VC-class statements. Another method is to netboot the configuration and ensure that the physical interface is shut down before configuring the interface and then bringing it back up.
•
In some circumstances, the adjacency associated with a static Address Resolution Protocol (ARP) entry may be deleted if the interface is shutdown. There is no workaround.
•
A Cisco 3600 series router with a PRI T1 or E1 card may start dropping almost all traffic if weighted fair queueing (WFQ) is used on any interface. The show buffers EXEC command will show buffer element misses, but it will also show many free buffer elements. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.0(7)S or Cisco IOS Release 12.0(8)S will disable Cisco Express Forwarding (CEF) with a FIB-3-NOMEM failure even though there appears to be plenty of memory. There is no workaround.
•
When there is a high volume of traffic moving through IP Security Protocol (IPSec), you may see the following message:
Memory allocation of 18196 bytes failed.There is no workaround.
•
In countries where low powered mode is supported (ISDN physical layer is deactivated when there is no traffic), the user may notice that sometimes data traffic will not bring up the ISDN line out of low-powered mode. In this case, only an incoming call would correct the situation and bring up the line.
Workaround: Enter the clear int bri0 EXEC command.
•
When you initiate remote copy protocol (rcp) from a remote system, the system will not check the available space on Flash memory before initiating the copy. For files that are too large, all the memory is consumed and the connection is reset without sending an error message.
Workaround: Use the copy rcp flash command on the system or check the available Flash memory before copying from the remote system.
•
A Cisco 3640 router that is running Cisco IOS Release 12.0(7)T may experience problems when the T1 controller is shut down. When the T1 controller is shut down, a Simple Network Management Protocol (SNMP) trap is generated, but when the T1 connection is pulled from the router, SNMP trap is not generated. There is no workaround.
•
When Hot Standby Router Protocol (HSRP) is configured between two NM-1FE-TX network modules that are connected to any Cisco switch, both switches become active, and the interface on the switch with the lower HSRP priority will flap. There is no workaround.
•
The TI1575 ATM driver reloads with bus error, because of double freeing buffers. There is no workaround.
•
A Cisco MC3810 multiservice access concentrator configured for circuit emulation service (CES) requires Data Terminal Ready (DTR) to be set high in order to avoid initial video freezes.
When interacting with a non-MC3810 device, some of those devices toggle DTR and cause a traffic problem (for example, video freezes). There is no workaround.
•
On a Cisco AS5800 series universal access server that is running Cisco IOS Release 12.0(5)T or portware 2.7 or higher, once a modem is used for handling V110 calls, it cannot be reused to handle asynchronous calls. The asynchronous calls will fail and the user will be disconnected. There is no workaround.
•
PPP over Internetwork Packet Exchange (IPX) over ATM may not work properly on a Cisco 4500 series router that is running Cisco IOS Release 12.1(1.0.4)PI. This situation does not occur in a router that is running Cisco IOS Release 12.1(0.13) or Cisco IOS Release 12.1(0.9)T4. There is no workaround.
•
A low memory condition may provoke a reload in Integrated File System (IFS). There is no workaround.
•
In signaling System 7 (SS7) applications, a Cisco router may not clear calls properly when the T1/E1 cables are unplugged from the interfaces. The show isdn {active} EXEC command shows the calls are still active. There is no workaround.
•
If Resource Reservation Protocol (RSVP) receives path messages for the same label switched path (LSP) session on two different interfaces, it sends RSVP Reservation (Resv) messages alternately on those interfaces. Only the messages sent on one of the interfaces contain a valid label. As a result, some packets may be forwarded with no label. There is no workaround.
•
Multilink PPP calls may not work properly when you dial in to a Stack Group Bidding Protocol (SGBP) group formed by two routers connected through a split dial shelf. There is no workaround.
•
File Transfer Protocol (FTP) fails with a large packet. The maximum transmission unit (MTU) calculated by the router during the MTU discovery (MTUD) process is incorrect. There is no workaround.
•
When you use Cisco Express Forwarding (CEF), generic routing encapsulation (GRE) tunnels, and tunnel checksums, the packet loss rate is abnormally high.
Workaround: Disable tunnel checksums or disable CEF on the tunnel interface.
•
A Route Switch Processor (RSP) that is configured with Multiprotocol over ATM (MPOA) clients may take a large number of packets (approximately 500) to transfer the data through the MPOA shortcut. There is no workaround.
•
A Cisco Route Switch Processor (RSP) may reload when Generic Traffic Shaping (GTS) is enabled on an interface. This situation only affects RSPs. The RSP will reload when you configure the GTS with the traffic-shape group interface configuration command with an access list that has a deny statement in it. There is no workaround.
•
A Cisco router configured to redirect Multiprotocol Label Switching (MPLS) and Web Cache Communication Protocol (WCCP) on the same outgoing interface does not redirect HTTP packets to the cache engine, although the WCCP statistics are being updated. The HTTP traffic goes directly to the destination HTTP server, and cache is not being used. There is no workaround.
•
A Cisco router (800 series through 4700 series) may silently drop large packets. This situation occurs when both Cisco Express Forwarding (CEF) and output rate-limiting are enabled on an interface, and a packet to be switched out of an interface is larger than the maximum transmission unit (MTU).
Workaround: Disable CEF or disable the Committed Access Rate (CAR) on interfaces that will need to fragment packets.
•
Tag switching cannot be used on the 4/8 port T1/E1 IMA network modules for Cisco 2600, 3620, 3640, or 3660 series routers. Tag control packets are not sent out the interface, but instead are queued and dropped once the virtual circuit (VC) output queue is filled. There is no workaround.
•
When a router has only Intrusion Detection System (IDS) configured and Context-Based Access Control (CBAC) is disabled, the router sends a TCP Reset (RST) packet for some sessions, after about 11 hours.
Workaround: Configure the ip inspect name global configuration command as follows:
ip inspect name try tcp
Then, apply the rule to any interface. For example:
interface Ethernet0/0 ip inspect try in
This configuration will activate the session rate timer to temporarily fix the problem.
•
A missing H.323 ID configuration may cause the gateway to access (read) using a NULL pointer and may cause reloads on platforms where the service alignment global configuration command is a default, as it is on a Cisco 2600, 3600, 5300, and 7200 series router or 5800 series universal access server. A spurious read access to low memory will generate a syslog message instead of reloading the router. This situation can occur while the gateway is registering or unregistering from the gatekeeper while there is no H.323-ID configured.
Workaround: Configure H.323-ID and ensure that the no gateway configuration command is entered first. Disabling the gateway prevents H.323 software from using a NULL pointer while the configuration process is not complete.
•
CSCdr31528 A memory leak may occur when the interactive voice request (IVR) script calls for prompt/audio files that do not exist.
Workaround: Ensure that all prompt/audio files are valid (and spelled correctly).
•
A Cisco router may reload when interactive voice response (IVR) in a voice gateway requests authorization.
Workaround: Enter the aaa authorization exec h323 group radius global configuration command when authorization is needed for voice gateway.
Alternate workaround: Use Cisco IOS Release 12.1(2) or Release 12.1(2)T.
•
When you import routes to a Virtual Private Network (VPN) from another VPN at the same Provider Edge (PE), and the routes learned by Interior Gateway Protocol (IGP) at the originating VPN, and PE and Customer Edge (CE) are connected to each other by an unnumbered interface at the originating VPN, the router will fail to locate the next hop. As a result, routes do not appear in the VPN routing and forwarding tables (VRFs).
Workaround: Use IP address on the interface between the CE and the PE.
•
When you use a Cisco Encryption Service Adapter (ESA) to encrypt or decrypt, Cisco Express Forwarding (CEF) or fast switching may fail when configured on a subinterface. There is no workaround.
•
Distributed Multilink (DML) PPP does not come up on a VIP4-80. VIP4 reloads and the controller goes into the shutdown state. There is no workaround.
•
In some circumstances, Dual-tone Multifrequency (DTM) F relay may fail for the pound (#) and the star (*) symbols. There is no workaround.
•
Configuring a policy map whose length is a multiple of 4 will cause the router to reload because of redzone corruption.
Workaround: Do not configure policy maps with names that are 4, 8, 12, 16, 20,... characters long.
•
On a Cisco router that is running Cisco IOS Release 12.1, dynamic crypto maps will refuse to negotiate IP Security (IPSec) security access (SA). An "! Incomplete" message will appear in the output of the show running-config command after each dynamic crypto map in the configuration. There is no workaround.
•
A Cisco AS5300 series universal access server store and forward fax may fail during off-ramp at Phase D where no pages are sent. There is no workaround.
•
HTTP packets arriving over a Switched Multimegabit Data Service (SMDS) interface will not be correctly redirected by Web Cache Communication Protocol (WCCP), which will prevent web access by SMDS clients when WCCP is enabled.
Workaround: Disable WCCP.
•
When you configure an IP address on an Inter-Switch Link (ISL) encapsulated subinterface on a VIP2-50 Versatile Interface Processor using a Fast Ethernet PA-2FEISL-TX port adapter, the IP network configured on the subinterface does not show up as a directly connected interface in the IP routing table. As a result, there is no IP connectivity across the network.
Workaround: Configure a static interface route for the directly connected network.
•
Cisco Express Forwarding (CEF) is not building the subnet broadcast address receive adjacencies for locally attached broadcast networks. Hosts on the segment that use the "all the host bits set" (for example, if the network address is 1.2.3.0/24, then the "all the host bits set" is 1.2.3.255) or network address forms of IP broadcasts may fail to reach the router or to have broadcast packets forwarded (helpered) off the segment. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.1(1) may reload if you enter the show snasw session detail command. There is no workaround.
•
When a Hot Standby Router Protocol (HSRP) group on a Catalyst 5000 Route Switch Feature Card (RSFC) VLAN with the standby use-bia interface configuration command configured becomes active, the Address Resolution Protocol (ARP) entry for the HSRP virtual IP addresses is not updated with the local burned-in MAC address (BIA). It is overwritten by the BIA of the router which was previously in the "Listen" state. This situation does not occur if only two routers are participating in the HSRP group.
This also affects other platforms when HSRP is configured on an encapsulated (ISL, dot1q etc.) interface.
Workaround: Do not configure the standby use-bia interface configuration command.
•
An SNA Switching Services (SNASw) router may run into memory fragmentation issues:
R103PI02#sh mem Head Total(b) Used(b) Free(b) Lowest(b) Largest(b) Processor 61698980 43415168 38989864 4425304 2992172 9804 I/O 40000000 16777216 2894160 13883056 13758116 13802144The router may have access problems or may reload. There is no workaround.
•
Open Shortest Path First (OSPF) does not work on the port channel interface.
Workaround: Configure the ip ospf network broadcast interface configuration command under the port channel interface.
•
When Cisco Express Forwarding (CEF) switching and Virtual Access interfaces are used, a Cisco 7200VXR router experiences serious problems with many alignment errors causing the CPU to reach 100 percent utilization. With an increasing number of users (virtual access interfaces), a production router will cease functioning instantly. There is no workaround.
•
When dialing in with a modem on a Cisco AS5300 series universal access server with a PRI, the performance of the AS5300 slows greatly. Using the show processes cpu EXEC command shows that the 5-minute average reaches 100 percent. The call management process listed in the show processes cpu command output is utilizing over 60 to 70 percent of the CPU. Reloading does not drop the call, nor does it drop the CPU utilization. Clear the utilization by using the shut and no shut commands on the group-async1 interface.
Workaround: Configure the no async address dynamic command.
•
A Cisco AS5200 series universal access server that is running Cisco IOS Release 12.0(7)T and mica-modem-pw.2.7.1.0. is not able to dial out by using reverse Telnet to go to one of the modem ISDN channel aggregation (MICA) technologies modems. Dial-in works. There is no workaround.
•
Cisco routers configured to use Stack Group Bidding Protocol (SGBP) may experience a buffer leak in large buffers.
The memory leak may occur if a fairly large number of Multilink PPP (MLP) bundles are terminated on the SGBP member at the time the member enters or re-enters the stack group.
Evidence of the leak can be determined by monitoring the SGBP connection hello messages. These messages are enabled with the debug sgbp hellos command. If you see the following message and the size value is greater than 1360, a memory buffer will be leaked:
SGBP:Send Info, count 1 size 7There is no workaround. Reload the router to recover I/O memory.
•
Release-note Under sever stress the DBConn subsystem can cause the router to reload when the back-end host connection is reset unexpectedly. There is no workaround.
•
When multiple, load-shared paths exist between provider edge (PE) routers, a PE router may reload if all paths are lost simultaneously while Virtual Private Network (VPN) traffic is being forwarded. There is no workaround.
•
The clear cable flap-list command may cause the router to pause indefinitely.
When a previous show cable flap-list command shows the flap list to be empty, the router will pause indefinitely after subsequently issuing the clear cable flap-list all command.
When the output of the show cable flap-list command pauses because of automore processing (when "-- more --" is displayed) and another command line interface (CLI) EXEC session attempts to clear cable flap-list all, the router pauses indefinitely until the show cable flap-list command completes.
Multiple concurrent CLI sessions that may modify data in the router are not supported by the system. The router may reload, pause indefinitely, or operate incorrectly.
Workaround: Avoid using the clear cable flap-list all command.
•
After the gateway resource threshold command is added, the router reloads.
After entering the show version EXEC command, you may see the following error message:
PH3-01C53.420284001008 uptime is 0 minutes System returned to ROM by bus error at PC 0x60B44944, address 0xD0D0D11 at 05:14:58 UTC Tue Mar 14 2000 System restarted at 05:15:32 UTC Tue Mar 14 2000 System image file is "flash:c5300-is-mz_120-7_T.binWorkaround: Remove the gateway resource threshold.
•
The cookie value in the chassis of a Cisco AS5800 series universal access server with integrated modems is programmed wrong. This error causes instability in environmental monitoring. There is no workaround.
•
The upstream ports of a linecard may be poorly initialized and not receive upstream bursts from the cable modems. Modems are not able to complete initial ranging and power cycle infinitely.
This situation only occurs if the upstream had nondefault configuration parameters stored in the startup configuration.
Workaround: Configure the following sequence of cable interface configuration commands so that the upstream port can start receiving data if you wish to use nondefault upstream port physical layer configuration parameters:
cable upstream {port} shutdown
no cable upstream {port} shutdown
Alternate workaround: Use default upstream physical layer configuration parameters.
•
The PA-MC-8T1 port adapter reports that Firmware paused indefinitely and then reloads the router. There is no workaround.
•
A gigabit interface may remain up/up with no cable attached in Cisco IOS Release 12.1(2). There is no workaround.
•
Multiprotocol Label Switching (MPLS) labeled packets that are larger than 1500 B cannot be sent out FastEthernet even if "tag mtu" is configured to be larger than 1500 B on the FastEthernet interface. There is no workaround.
•
An SNA Switching Services (SNASw) router does not turn on the Command/Response (C/R) bit on the source service access point (SSAP) when replying to an exchange identification (XID) request.
The trace between the SNASw router and the Point of Sale (POS) device shows that the C/R bit on the SSAP is not set when the SNASw router replies to the XID request. Thus, the POS device fails to begin the XID process. There is no workaround.
•
Virtual Switch Interface (VSI)-controlled permanent virtual circuits (PVCs) supported by a PA-A3 port adapter on a Cisco 7200 series router do not come up after reload.
Workaround: Clear (reset) the ATM interface.
•
When connecting an LU6.2 session to a low-entry networking (LEN) device with the Systems Network Architecture (SNA) Switch, snasw location statements do not take effect properly when that LEN device is connected over a link that is a defined link from the SNA Switch perspective (hence an uplink). There is no workaround.
•
TXCONN is causing SNA sessions to unbind when it terminates conversations.
Impact SNA Switching Services (SNASw) must rebind the sessions again before another conversation can be allocated. This condition is inefficient and may, in certain configurations, cause allocation failures. There is no workaround.
•
Upon system initialization, ATM permanent virtual circuits (PVCs) are left in the inactive state and do not change to the active state unless the user issues a shutdown/no shutdown of the associated ATM interface in configuration mode.
Workaround: Reinitialize the interfaces manually.
•
A router may reload when using a TCP server on a unique port, which may happen when an internal ping runs to test connectivity with the host.
Workaround: Configuring another DBConn TCP server on the same port. Two separate DBConn servers configured on the same port disables the internal ping mechanism.
•
On a Cisco 2600 or 3600 series router or a Cisco MC3810 multiservice access concentrator, CAS-CAS (Channel-Associated Signaling) and CAS- ISDN calls using images prior to Cisco IOS Release 12.1(3)XI may have wrong PI values in the ch323_h225_send_setup function. Instead of PI being equal to 3, PI is equal to 0. There is no workaround.
•
When polling Cisco 2600 series routers in the network for Hot Standby Router Protocol (HSRP) statistics, the routers reloads.
Workaround: Disable Simple Network Management Protocol (SNMP).
•
Voice calls fail when going to multiple cable modem termination systems (CMTSs) on a Cisco uBR924 cable access router that is in DOCSIS-bridge mode instead of IOS-router mode.
Workaround: Configure the Cisco uBR924 cable access router as a simple router, using static routes.
TCP/IP Host-Mode Services
•
Remote source-route bridging (RSRB) data gets corrupted when the ip tcp path-mtu-discovery global configuration command is configured and the IP data path changes from a larger maximum transmission unit (MTU) interface to a smaller MTU interface because of IP routing changes.
Workaround: Disable the Path MTU discovery algorithm by using the no ip tcp path-mtu-discovery command.
•
Under rare circumstances, a Cisco router that is running Cisco IOS Release 12.1(1.4) may reload because of a bus error while processing a TCP timeout.
Workaround: Disable selective-ack by using the no ip tcp selective-ack global configuration command.
•
TCP header compression on a Cisco 7200 series router that is acting as an Layer 2 Tunneling Protocol (L2TP) Network Server (LNS) causes substantial performance degradation.
Workaround: Disable TCP header-compression.
Wide-Area Networking
•
A Cisco AS5300 series universal access server using Group-Async Interfaces and Virtual Templates may terminate dialup links when Link Quality Monitoring (LQM) Link Quality Reports (LQRs) are received. This situation occurs when the local router is configured for LQM, but the remote side is not. There is no workaround.
•
Frame Relay Local Management Interface (LMI) Status Enquiry (StEnq) packets are sent out on a D channel and are received by the data communications equipment (DCE) as unnumbered information (UI) packets. The DCE does not respond to the packets and records LMI timeouts. Eventually, the DCE indicates that it is down. The pings succeed until Frame Relay marks the line down because of the LMI timeouts. There is no workaround.
•
Dialer profiles do not enforce the use of the correct dialer remote name for outgoing calls and for incoming calls binding before PPP authentication. However, once dialing and authentication occurs, the router does not terminate the connection as it normally does if the authenticated name is different than that on the dialer profile.
Cisco IOS software does not enforce that the host name presented by a called peer must actually match the remote name configured on the selected dialer profile. Similarly, incoming calls that bound by a means other than the presented host name (such as dialer caller or dialer called) will not be checked for consistency of the presented name to the remote name configured on the selected dialer profile. This situation is not a security issue because the presented host name and password are authenticated in the normal manner. The presented username is not checked for consistency with the remote name configured on the bound dialer profile. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.0(7)T with a Dialer interface configured with PPP encapsulation may experience a memory leak in the output dialer interface. The output of the show buffers old command will have dialer in the output. A MALLOCFAIL error in I/O memory may appear.
Workaround: Use Multilink PPP.
Alternate Workaround: Ensure that fast switching is occurring.
•
In violation of Q931 of the International Telecommunication Union Telecommunication Standardization Sector (ITU-T), a Cisco router may not respond to RESTART messages from a basic-net3 routing switch. This situation may result in calls not being placed or accepted over the channel or interface by the originator of the RESTART message. There is no workaround.
•
On a Cisco 800 series router that is running Cisco IOS Release 12.0(7)T, plain old telephone service (POTS) flash functionality does not work for NI switchtype, although it does work for 5ESS switchtype. There is no workaround.
•
When you use the debug isdn event EXEC command, the ISDN debugging messages use all CPU resources, and the Double-Density Modem (DMM) card and the Hex Modem Module (HMM) card become inaccessible. This situation only occurs when you use the debug isdn event EXEC command, which can be easily disabled. There is no workaround.
•
A Cisco router may reload with the following error when the frame-relay qos-autosense and frame-relay traffic-shaping interface configuration commands are configured:
System was restarted by error - an arithmetic exception.
Workaround: Disable frame-relay qos-autosense and configure the shaping parameters manually instead.
•
The D channel to B channel conversion will not properly set the initial service state. There is no workaround.
•
A Cisco 3660 router running Cisco IOS Release 12.1 may experience "%ALIGN-3-SPURIOUS" messages while booting. There is no workaround.
•
A Cisco 5300 series router that is running Cisco IOS Release 12.1(1)T and that is configured with Octal PRI cards that are running multiple Non-Facility Associated signaling (NFAS) groups experiences an ISDN memory leak (the line interface (LIF) timers constantly increment before reloading). There is no workaround.
In-depth technical analysis:
The memory leak occurs when standby D channel is in AWAITING_ESTABLISH state and there is SETUP request on active D channel and the assigned B channel is one of B channels in standby D channel controller.
In normal operation, both active and standby D channels should be in MULTIPLE_FRAME_ESTABLISHMENT state.
•
The ppp callback [accept | permit] noverify interface configuration command breaks a per-user configuration when you perform callback. There is no workaround.
•
Two CAUSE information elements are sent in a STATUS message. There is no workaround.
•
The show x25 xot EXEC command may trigger a reload. The system returns to ROM by an Illegal Instruction error. There is no workaround.
•
The Catalyst 5000 2-port ATM module with OC-12 support or 4-port module with OC-3 or OC-12 support running Cisco IOS Release 12.1(1.1) will reload whenever the card is configured to have a LAN Emulation Configuration Server (LECS) and is placed in an environment that has another LECS of lower priority operational.
Workaround: If the LECS of lower priority is shut down or removed, the reload does not occur.
•
If a router is running Cisco IOS Release 12.1(2) and a Cisco IOS Release earlier than 12.1(2), the two versions of Layer 2 Tunneling Protocol (L2TP) may drop tunnels because of a control message parse error:
Tnl 5 L2TP: Parse AVP 1, len 8, flag 0x0x8000 (M) Tnl 5 L2TP: Result Code AVP too short, expect min 10, got 8 Tnl 5 L2TP: Error processing Mandatory AVP 1There is also an incompatibility with non-Cisco IOS L2TP implementations that may send an 8-byte Result Code.
This problem occurs when running Cisco IOS releases which have CSCdp68265 or CSCdr42451 with those that do not have either CSCdp68255 or CSCdr42451 present. The following table indicates when these two items were checked into IOS.
Thus, this problem occurs when running Cisco IOS release 12.1(2) with releases prior to 12.1(2). The problem will not occur with Cisco IOS releases 12.1(2) and itself or later releases. There is no workaround.
•
When an inactive ("not currently active") D channel of a Non-Facility Associated signaling (NFAS) group fails or is shutdown, attempts to restart the digital subscriber line (DSL) may cause high (98 percent or more) CPU utilization and "CPUHOG" messages. Reestablishment of the D channel corrects the problem. There is no workaround.
•
Using PPP or SLIP EXEC may cause the router to reload when SLIP or PPP are entered on a line that does not support it. Entering PPP at the router prompt also causes the router to reload. There is no workaround.
•
On a Cisco router running Cisco IOS Release 12.1(3), the LAN Emulation Clients (LECs) fail to send LE_ARP responses if the LAN Emulation (LANE) interfaces form part of a bridge group with routing protocols enabled and are in the blocking state. Routed packets addressed to the router's own interfaces may be dropped. There is no workaround.
•
The ISDN Switchtype is not set on BRI S/T and U interfaces on BRI WAN interface cards (WICs). There is no workaround.
•
The following messages are generated for every call disconnect with switchtype primary-ni configured:
ISDN ERROR: Module-l3_sdl_u Function-Ux_BadMsg Error-Source ID = 400 Event = ABThere is no workaround.
Resolved Caveats—Cisco IOS Release 12.1(2b)
Cisco IOS Release 12.1(2b) is a rebuild of Cisco IOS Release 12.1(2). The caveats in this section are resolved in Cisco IOS Release 12.1(2b) but may be open in previous Cisco IOS Releases.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.1(2)
All the caveats listed in this section are resolved in Cisco IOS Release 12.1(2). This section describes severity 1 and 2 caveats and select severity 3 caveats.
Access Server
•
A Cisco AS5300 series universal access server may report Call Fail on successful calls when modem allocation is VDEV_ALLOCATE_ALMOST_READY. There is no workaround.
AppleTalk
•
A Cisco AS5300 series universal access server that is running Cisco IOS Release 12.0(4.4)T with both IP and AppleTalk may experience difficulties with AppleShare. If you use a laptop that is configured for remote access through AppleTalk Remote Access Protocol (ARAP) using MAC-IP protocol, the universal access server will authenticate access, but will fail to find a file server in any zone when you select the "chooser" in AppleShare, even though you will be able to see all the zones. There is no workaround.
Basic System Services
•
Under a sustained heavy load of calls, authentication, authorization, and accounting (AAA) requests backup, using up memory until memory runs out and the network access server (NAS) reloads.
Workaround: Use a Cisco IOS release that contains the fix for this caveat.
•
A Cisco 7200 series router with a compression service adapter (CSA) that is configured with Frame Relay Traffic Shaping (FRTS), and using either Cisco Express Forwarding (CEF) or fast switching will not compress data when the amount of data on the interface is greater than the shaping value (for example, CSA will stop compression when traffic shaping becomes active).
Workaround: Use process switching.
•
If you enable IP route-caching (IP fast switching) on a PPP serial interface that is part of a multilink bundle, traffic that is destined for that bundle may stop.
Workaround: Shut down the serial interfaces before entering the ip route-cache command, and then enable the interfaces.
•
A Cisco 7200 series router with an NPE-300 network processing engine installed may not boot up when certain Cisco IOS Release 12.0(5)XE3 subset images are installed. The router will pause indefinitely in the early stage of booting up, and a power cycle is required to resume. For systems set for auto boot, you will need to enter the break command to abort the boot process and break out to the ROM monitor before the 12.0(5)XE3 image is launched for execution. You will then need to either modify the software configuration register to revert to a manual boot of some other known good image, or you will need to switch the PCMCIA flash card with a known good image in case the system is set for a default image boot from the slot0: PCMCIA card. There is no workaround.
•
While trying to get a core dump, if there is another reload, a Cisco router may only partially generate the core file. This situation occurs when there are double reloads. There is no workaround.
•
HC (64-bit) counters need more accuracy over short polling cycles.
Workaround: Shorten the polling interval for HC counters to achieve the required accuracy. Poll-on-demand can be used, but is resource-intensive.
•
Establishing an autocommand Telnet session to the second host in the autocommand Telnet generates a Carriage Return and LineFeed (CR/LF) after receiving a connection reset (RST) from the first host that is down on vty. This occurs if the global configuration command service hide-telnet-addresses is configured on the router, together with the command busy-message.
Workaround: To avoid getting the extra CR/LF, remove the global configuration command service hide-telnet-addresses.
•
A Cisco AS5800 series universal access server, a Cisco 7200 series router, a Cisco UBr7200 universal broadband router, or a Cisco 6400 series router may experience a memory leak. If an IP packet needs fragmentation in the fast switching path and the packet has additional data bytes tagged on beyond the length indicated in the IP header, there may be a leak in the I/O memory of the system. The memory leak will depend on the size of the original unfragmented packet and on the size of the extraneous data.
Workaround: Disable fragmentation in the fast switching path by using the service disable-ip-fast-frag global configuration command.
•
A Cisco router may reload because of memory corruption or stack overflow if you use the show ip bgp regexp pattern privileged EXEC command.
Workaround: Simplify the regexp pattern.
•
A voice gateway may reload when a voice call disconnects if you use the gw-accounting [h323 | syslog] global configuration command and you do not properly configure the authentication, authorization, and accounting (AAA) accounting method list for voice.
Workaround: Use the aaa accounting connection h323 {start-stop} [radius | tacacs+] global configuration command.
•
On a Cisco 3810 router that is running Cisco IOS Release 12.(07)Twith a PBX, if you place a call to a Cisco 3810 router with Voice over Frame Relay (VoFR), the called phone rings immediately but the ringback is heard about 10 seconds later on the calling phone. Phone calls placed in the other direction work properly. There is no workaround.
•
Configuring a large number of Virtual Private Networks (VPNs) on a Cisco 7500 series Route Switch Processor (RSP) with a large number of channelized interfaces may result in a FIBDISABLE message. This message indicates that the RSP has not received a FIB keepalive from the line card within the expected length of time. When this situation occurs, the RSP functions as if the interprocess communication (IPC) mechanism has failed and disables Cisco Express Forwarding (CEF) on that line card.
Workaround: Disable distributed switching.
•
A Cisco 7500 series router that is configured with a High-Speed Serial Interface (HSSI) port adapter will experience a Virtual Interface Processor (VIP) reload when distributed software compression or hardware compression is configured. When you update the image, the bootloader also needs to be updated, or router will experience the same reload at boot time.
Workaround: Disable compression or use software compression.
•
Snmpboots, a boot counter for SNMP Version 3, is incremented and saved during bootup, which may cause a noticeable bootup delay. This bootup delay will only occur when SNMP Version 3 is configured. There is no workaround.
•
A Cisco 3810 router that is running Cisco IOS Release 12.0(4) or a later release may generate the following error message while sending a call back in the direction that it came from or while making phone calls on the router:
%VOICE_FSM-3-ERROR: Fatal Error: st(10)/ev(2) out of range, ../voice/eecm_fsm.c, 2357Functionality is not affected. There is no workaround.
•
When a Cisco 5300 series network access server (NAS) is configured with Resource Pool Manager Server (RPMS), sustained call traffic may cause the NAS to deplete usable memory.
Workaround: Use Cisco IOS Release 12.1(2) or 12.1(2)T.
•
When you upgrade a Cisco AS5300 series router using Simple Network Management Protocol (SNMP), SNMP will use a program that erases Flash instead of boot flash memory and copies the file to boot flash memory. There is no workaround.
EXEC and Configuration Parser
•
On a Cisco router that is running Cisco IOS Release 12.1(0.8), priority queueing cannot be configured. If you try to enter the priority group list-number interface configuration command on an interface, the router will exhibit the following error message:
% Ambiguous commandThere is no workaround.
IBM Connectivity
•
A list element that should be displayed in the output of the show lnm station privileged EXEC command or the show lnm ring privileged EXEC command may have been deleted from the list because it no longer exists in the ring. If you leave the command waiting on a "-- More --" prompt for a long time, this list may change to such an extent that an attempt to print an element that existed previously but now has a NULL pointer may cause the router to reload. This situation rarely occurs and the following workarounds are recommended to reduce the possibility of the router reloading.
Workaround: Set the term len to 0 before using the show lnm station privileged EXEC command or the show lnm ring privileged EXEC command.
Alternate Workaround: Use the show lnm station privileged EXEC command or the show lnm ring privileged EXEC command after the ring has stabilized.
•
A Cisco 2500 series router may suddenly stop receiving or not forward packet frames while transferring files over data-link switching plus (DLSw+) link using Fast Sequenced Transport (FST) encapsulation. This situation causes the NetBios session to disconnect. There is no workaround.
•
A Cisco 3620 router may pause indefinitely if it is hit with an excessively large number of Layer 2 packets while transparent bridging is enabled. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 11.2(15a) or Cisco IOS Release 11.2(15a)P may reload with a bus error. There is no workaround.
•
A Cisco router may reload with a SegV error if you attempt to configure the SDLC interface with the sdlc address hexbyte [xid-passthru] interface configuration command.
Workaround: Enter the shutdown interface configuration command on the interface before making the change, and then enter the no shutdown interface configuration command after you have changed the configuration.
•
LAN Net Manager may cause memory leaks on a Cisco 2600 series router. In this situation, several buffers are held by LAN Net Manager in LLC-CIRCUIT-DYNAMIC buffer types. Telnet may not be able to reach the router after 24 hours, and the router may reload after three to four days.
Workaround: Disable LAN Net Manager in the configuration, and reload the router.
•
In a data-link switching (DLSw) environment with DLSw Version 2 configured between a Cisco router and an IBM router, the Cisco router may have difficulty reestablishing a DLSw peer on demand after the peer has timed out because the Cisco router flushes all reachability information for a peer when the peer disconnects. When a device reestablishes a connection over the same DLSw path, the IBM router sends a tcp sync message to bring up the DLSw peer on demand. The Cisco router rejects this connection because it has no information on how to reach the peer or the circuit. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.0(7)T may experience a memory leak with "IP Input" appearing as the process that continues to hold memory. This situation appears to be related to having data-link switching (DLSw) configured. There is no workaround.
•
Data-link switching (DLSw) circuits for NetBIOS traffic will not be established, which will break all NetBIOS connectivity using data-link switching plus (DLSw+). This situation only occurs in Cisco IOS Release 12.1(1.1) or a later release. There is no workaround.
Interfaces and Bridging
•
CT3/CE3 port adapters on a Cisco 7200 series router may drop TX packets under bursts of heavy traffic instead of putting them in a hold queue if the number of outstanding transmit packets temporarily exceeds the number specified by the TX limit. There is no workaround.
•
Distributed switching from a Packet-Over-SONET (POS) port adapter to a Channelized T3 port adapter may fail.
Workaround: Use Route Switch Processor (RSP) Cisco Express Forwarding (CEF) switching.
•
When integrated routing and bridging (IRB) is enabled and a Bridge-Group Virtual Interface (BVI) is configured on the IRB, Banyan VINES packets generated by a serial interface get dropped by the receiving routers because of the encapsulation for Banyan VINES packets that are sent by the router configured for IRB. There is no workaround.
•
A Cisco 2600 router that is configured with a token ring interface or a Cisco 7200 or 7500 series router that is configured with a PA-4R-DTR port adapter token ring interface that is running Advanced Peer-to-Peer Networking (APPN) with Cisco Link Services (CLS)-managed LLC2 logical link control connections may fail host link activation with sense codes 10160007 or 10160022. A router with PA-4R or PA-4R-FDX port adapters is not affected.
Workaround: Enable source route bridging on the affected token ring interface.
•
Currently when the color of an encapsulation is changed on a sub-interface the sub-interface does not transition through the spanning tree states. In some situations this could result in spanning tree loops. In order to prevent this in case the subinterface color needs to be changed, delete the subinterface and recreate it with the new encapsulation color.
•
A Cisco AS5800 series universal access server with E1 PR1 lines that is running Cisco IOS Release 12.0(4)XJ2 or Cisco IOS Release 12.0(5)T1 may drop Serial Line Internet Protocol (SLIP) connections after Cisco IOS installs a route for a remote user. PPP users (both asynchronous and ISDN) can connect, but the SLIP users cannot connect with modem ISDN channel aggregation (MICA) modems that are running 2620 portware. There is no workaround.
•
A Cisco PA-A1 port adapter does not automatically switch to the internal clock during LOS (Loss of Signal) condition. There is no workaround.
•
In Cisco 7100 and 7200 series routers, transparent bridging using the PA-DTR Token Ring Port Adapter does not operate properly. The show bridge command fails to indicate any of the end-stations in the bridge table.
Workaround: On the Cisco 7200 series routers, use alternative token ring port adapters. There are no known workarounds for the Cisco 7100 series routers.
•
A Cisco 1601 router that is running Cisco IOS Release 12.0(7) with Frame Relay FRF.9 compression and weighted fair queueing (WFQ) may experience a failure of the fair_enqueue function that results in fatal reentrant error messages and a software-forced reload.
Workaround: Remove WFQ from Frame Relay interfaces.
•
When a channel on a CT3/CE3 port adapter is continually overstressed by traffic, other unstressed channels may experience some transmit packet drops. There is no workaround.
•
On a Cisco router, access lists in the process path of the bridging code that handles output pattern lists may not work. There is no workaround.
•
When a bad transmit packet is generated and sent to the Channelized T3 (CT3) interface, the packet may cause the address of the transmit queue accumulator (txacc) value to not increment correctly for the CT3 interface. In this situation, the output eventually becomes stuck when the txacc value reaches zero.
Workaround: Configure the CT3 interface with the tx-queue-limit 5 interface configuration command to restore the txacc value for the effected CT3 interface.
•
Configuring an Async interface in any Cisco 7500 series Route Switch Processor (RSP) will prevent the proper parsing of interface name for CT3/CE3 port adapters.
Workaround: Deconfigure any Async interface, and then write the configuration to NVRAM and reload the router. Or, you can move the VIP from slot 0 to another slot.
•
With IP Cisco Express Forwarding (CEF) and VLANs configured, the router may reload with a bus error when you use the configure memory privileged EXEC command. There is no workaround.
IP Routing Protocols
•
IP access lists always permit IP fragments. There is no workaround.
•
A Cisco router may experience a bus error and reload when you enter the ip accounting output-packets command. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.0(5)T and later releases, Cisco IOS Release 12.1, or Cisco IOS Release 12.0 ST may reload if the clear ip bgp {*} EXEC command is entered on a peer provider edge (PE) router. The following stack trace is exhibited:
bgp_fwdentry_info
bgp_v4class_update_fwdtable_walker
rn_walktree_version
bgp_update_fwdtable bgp_routerThe reload occurs on the local PE when a PE Internal Border Gateway Protocol (IBGP) session is cleared on the remote box. If the PE is importing routes from other PE devices, clearing BGP session on the remote PE will cause the local PE to reload. There is no workaround.
•
Multiprotocol Label Switching (MPLS) traffic engineering (TE) tunnels may bounce under certain conditions if there is a very heavy traffic load on a Gigabit Switch Router (GSR) line card. This condition has been observed when a routing loop is present and the card is generating Internet Control Message Protocol (ICMP) "TTL expired" messages, and when the card is used as the data sink for ICMP ECHO requests from a traffic generator. There is no workaround.
•
When the Protocol Independent Multicast (PIM) designated router (DR) changes, the F flag is not changed. This situation may then cause header registers either not to be sent to the Route Processor (RP) or to be duplicated. There is no workaround.
•
When the Incoming Interface List (IIL) changes for a (S,G) state, the F flag is not updated. This situation may cause registers to be sent for sources that are not directly connected anymore. There is no workaround.
•
A Cisco router that is acting as an area border router (ABR) connected to a stub area may place an Open Shortest Path First (OSPF) external route into its routing table whose outgoing interface is in the stub area. This situation can cause a routing loop because the stub area routers do not know about the external route and will forward packets along their default route, which may be the ABR.
This problem has been found to occur only when there are 2 paths between the stub area ABR and the autonomous system border router (ASBR) that is originating the external route, where one path is through the stub area and the second is through a nonstub area(s).
Workaround: Set the link costs within the stub area high enough so that the stub area ABR routers do not see the path to the ASBR as being as good as the path(s) through the nonstub areas.
•
When Network Address Translation (NAT) is configured, a Cisco router may assign the same inside global address for multiple inside local addresses.
Workaround: Enter the clear ip nat translation {*} EXEC command.
•
When a Multicast Routing Monitor (MRM) Test Sender is instructed by an MRM Manager to send test packets out of all interfaces that are configured for multicast routing, which is the default option, the MRM may experience a leak in the small buffers.
Workaround: Configure the MRM Manager with the senders {access-list-number | access-list-name} [target-only] command.
•
You cannot specify a Bridge Group Virtual Interface (BVI) in a Network Address Translation (NAT) inside source list. There is no workaround.
•
In a Protocol Independent Multicast (PIM) Version 2 router configuration, if a hash mask is not configured on a Cisco bootstrap router (BSR), the router takes the first rendezvous point (RP) address from the local RP-mapping cache. The RP-mapping cache is not sorted, so when RPs are added and deleted from the cache, there may be inconsistency through the BSR domain that causes routers to choose different RPs for the same group.
Workaround: Create a hash mask length of 1 on the BSR router by entering the ip pim bsr-candidate Ethernet1/2 1 global configuration command.
•
Border Gateway Protocol (BGP) may cause a Cisco router to reload when using MED for best path selection. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 11.2(21)P or Cisco IOS Release 12.0(7)T may experience a memory leak in the dead process when you configure IP Network Address Translation (NAT) by Hypertext Transfer Protocol (HTTP) server using the static ip nat inside source global configuration command, if the global IP address does not belong to any directly attached network. You can verify this situation by using the show memory dead command.
Workaround: Configure an interface (such as a loopback interface) with a network IP address including the global IP address.
•
A Cisco RSP4 Route Switch Processor may reload if the managed timer does not work properly. This situation rarely occurs. There is no workaround.
•
When you change the Reverse Path Forwarding (RPF) interface for (*, G) and (S, G), the interface that was in the outgoing interface list (O-list) becomes the new RPF interface. At this point, the new RPF interface will be deleted from the O-list, which becomes NULL. When the router switches back to the original RPF interface, the O-list remains NULL until the next Internet Group Management Protocol (IGMP) report. While the O-list is NULL, and the original RPF interface has directly connected members, the CONNECTED flags are deleted and the router switches back to the shared tree by sending (S, G, RPT) Join messages. This situation causes a delay in the convergence time. There is no workaround.
•
A Cisco router may reload because of a bus error. There is no workaround.
•
If there is a link flap somewhere in the network between the area border router (ABR) and an autonomous system boundary router (ASBR), the ABR may not generate a type 4 summary ASBR link-state advertisement (LSA) to other areas after the link is restored. The net effect is that routes being redistributed by the ASBR into Open Shortest Path First (OSPF) will not be installed in the routing tables in the affected areas.
Workaround: Restart OSPF on the ABR by using the clear ip ospf proc command.
Alternate Workaround: On the ABR, restart OSPF for the affected areas only by removing and restoring the network statements under the router ospf global configuration command for the impacted areas.
Alternate Workaround: For this workaround, perform the action only after the subject ASBR LSA has been removed from the database of the affected areas (no longer seen in the show ip ospf database EXEC command).
On the affected OSPF routers (that are not seeing the routes and the ASBR LSA) adjacent to the ABR, reestablish adjacencies with the ABR. One way to temporarily change the hello-interval to some other value. After the adjacency is taken down, change the hello-interval back to the original value to reestablish the adjacency. This action causes the ABR to regenerate and resend the LSAs. On the ABR, create and temporarily remove a router ospf global configuration command (for example, router ospf 1234 and no router ospf 1234).
•
On a Cisco 7500 series router, many Virtual Private Networks (VPNs) configured in combination with a large number of channelized interfaces may result in a FIBDISABLE message.
The FIBDISABLE message indicates that the Route Processor (RP) has not received a Forwarding Information Base (FIB) "keepalive" in the expected amount of time from the line card. When this situation occurs, the RP acts as if the interprocess communication (IPC) mechanism has malfunctioned and disables Cisco Express Forwarding (CEF) on that line card.
Workaround: Disable distributed switching.
•
A Protocol Independent Multicast route processor (PIM RP) may discard the data-header register from the first-hop Cisco routers and display a LOG_NOTICE level (5) syslog message. It is rate-limited to no more than once every 5 seconds.
The syslog displays the following message:
%PIM-5-REG_ENCAP_INVALID: Bad register from 172.16.2.2 for (172.16.2.5, 224.1.1.1). Trace = 14 0 0 -Process= "PIM Process", ipl= 0, pid= 48In addition to this syslog message, the RP ignores the data-header registers so the first-hop routers send a full register with encapsulated user IP packet about once every 3 minutes if the source stays active. This situation may result in a transient packet falling out of sequence because the register packet with encapsulated data is handled at the process level. This situation may also cause the RP that is configured with Multicast Source Discovery Protocol (MSDP) to send encapsulated data to the service adapter (SA) with excess frequency.
Workaround: Use Cisco IOS Release 12.0(9.6)S2 or a later release.
•
Because of new RFC 2328, the calculation of summary route costs has changed. This situation may create suboptimal routing if all of the area border routers (ABRs) are not upgraded to the new code at the same time.
Workaround: Upgrade all of the ABRs to the new code.
•
When prefixes learned from Customer Edge (CE) devices (either through Border Gateway Protocol (BGP) or Interior Gateway Protocol (IGP) and redistributed into BGP) get into the Virtual Private Network (VPN) routing and forwarding tables (VRFs), "route-target export" will always be applied if configured.
If export-map is also configured and if it has the set extcommunity RT1 RT2 command, then all the previous RTs are replaced with RT1 RT2.
If however, the export-map has the set extcommunity RT1 RT2 additive command, then the previous RT list is retained and RT1 and RT2 are added to the set, resulting in a union. There is no workaround.
ISO CLNS
•
If a Connectionless Network Service (CLNS) neighbor has multiple associated area addresses, then a Terminal Identifier Address Resolution Protocol addresses, then a Target Identifier Address Resolution Protocol resolve request will automatically choose the first entry. If the first entry is in the process of being replaced by the second area, then the Target Identifier Address Resolution Protocol request will fail.
Workaround: Clear the CLNS cache.
•
A Cisco 3660 router may experience a bus error at PC 0x6089E720, address 0x20340008 and reload after the show run command is entered twice consecutively or a show tech command is entered from the enable mode. This situation occurs with routers that have the following lines in their configuration:
tarp run
tarp route-static 39.840E.8003.3141.0000.0000.0000.00e0.c15c.0000.00 message type 1 2 4There is no workaround.
Miscellaneous
•
A crypto Access Control List (ACL) that has a DENY ACE that specifies a TCP or User Datagram Protocol (UDP) port may cause fragments to be dropped or forwarded in the clear.
Workaround: Arrange the crypto ACLs to have permits only when specifying ports. For example, instead of configuring:
access-list 101 deny udp 200.200.20.0 0.0.0.255 200.200.30.0 0.0.0.255 eq 19
access-list 101 deny udp 200.200.20.0 0.0.0.255 eq 19 200.200.30.0 0.0.0.255
access-list 101 permit udp 200.200.20.0 0.0.0.255 200.200.30.0 0.0.0.255configure:
access-list 101 permit udp 200.200.20.0 0.0.0.255 ne 19 200.200.30.0 0.0.0.255 ne 19
access-list 101 deny udp 200.200.20.0 0.0.0.255 200.200.30.0 0.0.0.255 eq 19
access-list 101 deny udp 200.200.20.0 0.0.0.255 eq 19 200.200.30.0 0.0.0.255•
The Dynamic Host Configuration Protocol (DHCP) proxy allows the same IP address to belong to two users on different ports that have the same user name.
Workaround: Ensure that all users have unique user names.
•
On a Cisco AS5800 series universal access server, you may see the following messages:
%DIALn-3-MSG: %IPC-3-NOBUFF: The main IPC message header cache has emptiedThese messages are followed by a "-Traceback" line. The "%DIALn-3-MSG" is optional and the "n" indicates which dial shelf slot number the subsequent message originates from. Usually, the latter message is followed by:
%DSIP-3-IPC_PORT: IPC subsystem API error (nip invoke ipc send), failed to get ipc_messageThis situation usually occurs when you use the autoselect ppp line configuration command, or the autoselect slip line configuration command, or the autoselect arap line configuration command. Under a high call rate, this situation may cause calls to not be established successfully. There is no workaround.
•
A Catalyst 5000 series router may continually reboot and write crashdumps to boot flash memory that subsequently use up available space in boot flash memory when you netboot in the presence of traffic. When boot flash memory is out of space, you cannot boot from boot flash memory. In order to bring up the router, you need to use the download command from the Supervisor. Once the router is booted, you cannot display boot flash memory or delete files on boot flash memory.
Workaround: Boot from Flash with the configuration register set to 0x101.
Alternate Workaround: Disable the crashdump collection.
•
A Cisco 7200 series router with an 8-port channelized E1 card running Cisco IOS Release 12.0(4)T may experience a memory leak in the small buffer pool.
Workaround: Monitor the I/O memory and reload the router when it is too low.
•
The interface delay metric is set incorrectly for port channel interfaces where one or more Gigabit Ethernet interfaces are grouped into a channel. The delay for a single Gigabit Ethernet interface is 10 microseconds. The delay for a port channel made up of one or more Gigabit Ethernets is 100 microseconds. The incorrect setting may seriously impact routing protocols that use interface delay as part of the metric—for example, Enhanced Interior Gateway Routing Protocol (EIGRP), and may cause the routing protocol to take a route through a single interface over a route through a port channel.
Workaround: Manually configure an appropriate delay under the port channel interface by entering the delay tens of microseconds interface configuration command.
•
Writing to an AT Attachment (ATA) device may cause the device to become unusable and result in the following error message:
ATA_Status time out waiting for 1There is no workaround.
•
A Cisco 1720 router that is running Cisco IOS Release 12.0(5)T may reload with the following error message if you shut down a serial interface while packets are being routed to a dialer interface:
System returned to ROM by error - a SegV exception, PC 0x802Ac04CThere is no workaround.
•
In a Channel Associated Signaling (CAS) environment, a DS0 may become unavailable if the line is seized for an outgoing call and there is no response from the remote end. In this situation, the Cisco AS5300 series universal access server is configured to establish the maximum number of outgoing calls possible for the number of DS0s in the system. Each unavailable DS0 will result in the following message:
no ds0 available for modemThere is no workaround.
•
A Cisco 7200 series router configured with 250 ATM Address Resolution Protocol (ARP) clients may reload during a stress testing. There is no workaround.
•
A Cisco 1700 series router and a Cisco 2600 series router that are running Cisco IOS Release 12.0(5)T cannot start ISAKMPA SA using the rsa-encr authentication method. The debug output reports that "Hash payload is incorrect!" There is no workaround.
•
A Cisco router may reload in a Context-Based Access Control (CBAC) configuration. There is no workaround.
•
When two routers are connected back to back using PA-2FE cards, when you use the shut command on one interface of a 2FE, the line protocol on the other end does not go down. However, physically removing the cable at one end causes the line protocol on the other end to go down. There is no workaround.
•
If an output rate limit is configured on a non-Versatile Interface Processor (VIP) interface (for example, AIP or FIP) on a Cisco 7500 series Route Switch Processor (RSP) with Cisco Express Forwarding (CEF) enabled, packets cannot be switched out of that interface.
Workaround: Disable CEF.
•
Forwarding of bootp/dhcp address request UDP packets fail because of encapsulation failure.
Workaround: Use Cisco IOS Release 12.0(5)T.
•
A Versatile Interface Processor (VIP) may not forward packets to the Route Switch Processor (RSP). All receive (RX) buffers are in use but the output interfaces do not hold these buffers. As traffic stops reaching the Route Switch Processor (RSP), the routing protocol session goes down and the Tag Distribution Protocol (TDP) session is lost. There is no workaround.
•
A node route processor (NRP) ATM interface stops sending when there are multiple particles with data-length 0 at the last particle.
The only way to exit this situation is to use the shut command followed by the no shut command. There is no workaround.
•
Sensitive customer information (such as telephone numbers) may be available at privilege level 1, which is the default for a nonenabled user.
Workaround: Configure the default privilege level to be 0 by entering the privilege level 0 line configuration command.
•
If Internet Key Exchange (IKE) is overloaded with many tunnels and keepalives, IKE can no longer keep up with the traffic and tunnels time out.
Workaround: Either reduce the number of tunnels or increase the keepalive time. Adapt keepalive time to the overall number of tunnels so that the more tunnels you have the more you increase the keepalive time.
•
Pings on a Cisco 7500 series tag-switching router that is running Cisco IOS Release 12.0 S, Cisco IOS Release 12.1, or Cisco IOS Release 12.0 ST may fail if a packet comes in as an IP packet on an ATM interface, the packet gets route-cache switched, the packet gets fragmented, and the fragments go out as tag packets through a serial interface.
Workaround: Configure distributed Cisco Express Forwarding (dCEF) on a Cisco ATM port adapter.
•
Voice packets are dropped and consequently voice quality is degraded with Real Time Protocol (RTP) compression over Frame Relay.
If one end of the Frame Relay link is running Cisco IOS Release 12.0(7)T and the other end is running a previous release, a mismatch occurs in the number of compression context slots (256 for Cisco IOS Release 12.0(7)T and either 16 or 32 for the previous release). This situation results in invalid context numbers being received by the older release and causes data loss.
Workaround: Run Cisco IOS Release 12.07T on both ends.
Alternate workaround: Upgrade one end to Cisco IOS Release 12.1(2) and configure the number of slots to match the other end.
•
On Cisco routers that are running Cisco IOS Release 12.0(8), IP Security (IPSec) will send in the clear packets that need to be encrypted and fragmented. There is no workaround.
•
Multiprotocol over ATM (MPOA) shortcuts may not check for the frame sizes being sent on them. If the frame size exceeds the maximum transmission unit (MTU) size of the egress Multiprotocol over ATM Client (MPC), egress MPC drops the packet, resulting in the loss of connectivity.
Workaround: Configure matching MTUs on either side of shortcuts (for example, all LAN Emulation Clients (LECs) that are served by ingress and egress MPCs should have the same MTU). If MTUs cannot be altered, then do not configure MPOA on both sides.
•
The ip rtp priority interface configuration command does not work in Cisco IOS Release 12.1(09). There is no workaround.
•
When fast switching an IP frame that is fewer than 46 bytes in length to an ATM interface, the router always sets the length in the ATM adoption Layer 5 (AAL5) header to 54 bytes even though the length should be equal to the IP frame length plus the length of the AAL5 header, which is 8 bytes. There is no workaround.
•
If the E1/T1 controller on which primary nfas_d is configured does not comes up after bootup of a Cisco universal access server, the universal access server will not accept any analog calls on other E1/T1 controllers. This situation occurs when RLM (Redundant Link Manager) is configured on the universal access server and does not occur in a normal Non-Facility Associated signaling (NFAS) configuration. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.0(7)T will reload when H.323 proxy gateway is run under heavily stressed conditions because of some memory corruption problems. There is no workaround.
•
If you copy a file through Simple Network Management Protocol (SNMP) using Trivial File Transfer Protocol (TFTP) to a flash file system when the space left in the Flash memory is less than the size of the file, you will receive a "ciscoFlashCopyStatus of copyOperationSuccess" message even though the file was not copied.
Workaround: Perform the same function through the command-line interface (CLI).
•
A Cisco router may reload if the show ip cef EXEC command is entered while the routing table is changing. There is no workaround.
•
You cannot use SNMP to partition the flash.
Workaround: Partition the flash through the command-line interface (CLI).
•
A Cisco AS5800 series universal access server that is acting as a gateway may fail CODEC negotiation on G.723 calls that match VoIP dialpeer 0.
Workaround: Configure a matching VoIP dialpeer, and configure a CODEC class with the CODECs that are being used.
•
A Gigabit Ethernet Interface Processor (GEIP) that is configured for Cisco Encryption Technology (CET) decrypts packets correctly but fails to encrypt packets that match the crypto policy and should be encrypted. In this situation, the GEIP forwards the packets unencrypted instead.
Workaround: When network topology permits, use the VIP2-40 or VIP2-50 Versatile Interface Processor with one or two PA-FE port adapters.
•
If a Cisco 2600 series router that is configured with an inverse multiplexing over ATM (IMA) module may experience IPFAST-2-PAKSTICK tracebacks whenever the ATM interface pings. There is no workaround.
•
A Cisco 1600 series router may reload with a bus error if you choose Clickstart in the HTML management interface. Clickstart has subsequently been replaced by Windows Fast Step in Cisco IOS Release 12.0 and later releases.
Workaround: Use Cisco IOS Release 12.0 or a later release.
•
When a Route Switch Module (RSM) with a large compressed configuration is booted, the RSM may not be considered online by the Supervisor engine.
Workaround: Boot the RSM without the configuration and use the copy tftp running-config command.
•
In a configuration where a Customer Edge (CE) router is connected to multiple Provider Edge (PE) routers, the loss of one of the PE routers may completely remove routes to the CE router from the routing table on another PE router. This situation will only occur for routes exported to a Virtual Private Network (VPN) routing/forwarding instance that uses a different default Route Distinguisher (RD).
Workaround: Enter the clear ip bgp command to clear the erroneous PE connections.
•
A Cisco 7100 series router that is running IP Security (IPSec) Virtual Private Network (VPN) may fail to complete an Internet Key Exchange (IKE) exchange. The output of debugs indicate no packets are going out to the remote crypto peer for a Phase 1 exchange, causing the remote peer to continuously retransmit Phase 1. This situation persists even if you clear the Service Adapters (SAs) and reboot the router. There is no workaround.
•
A Cisco AS5800 series universal access server may generate a spontaneous call setup to a random number. After this call setup is rejected by the switch, Layer 2 of the PRI starts flapping. No dial-in is possible until the controller or ISDN interface is reset. There is no workaround.
•
Traffic shaping may cause a Cisco 3640 router to reload under the following conditions:
–
–
–
There is no workaround.
•
A Cisco 7200VXR series router may reload because of a memory corruption caused by an invalid size packets coming in from older cards (WS-C3900-2ISL with HW Rev 0.1.B) on a Cisco Catalyst 3900.
Workaround: Replace the older version of the cards with Hw Rev 1.1.B or a later version.
•
A Cisco Route Switch Processor (RSP) that is configured with a Multiprotocol over ATM (MPOA) Client may occasionally reload. There is no workaround.
•
After a few hours of normal operation, a serial interface that is configured with the dialer dtr interface configuration command goes down before the idle timer expires or goes down with traffic on that line. There is no workaround.
•
A Cisco Route Switch Processor (RSP) that is configured with a Multiprotocol over ATM (MPOA) client may have spurious memory access. This situation may degrade MPOA shortcut performance. There is no workaround.
•
A Cisco router that is running a Multiprotocol over ATM (MPOA) server may reload if you shut down a neighboring interface that is running a MPOA client (MPC). There is no workaround.
•
When a Customer Information Control System (CICS) term is forced to use ABEND on the host, the CICSB server will be disabled because the forced ABEND is interpreted as a host failure, and all connections to the server are brought down. Users that are connected to a TX Server may experience outage any time a transaction that is being run on the same server ABENDs. There is no workaround.
•
A Cisco 7200 series router that is running Cisco IOS Release 12.1 with an IPSec Service Adapter (ISA) board may reload if you enter the clear crypto sa EXEC command. There is no workaround.
•
DTMF-RELAY H245 X does not work properly in Cisco IOS software on a Cisco 1750 router. There is no workaround.
•
On a Multilink PPP connection between Cisco and some other vendor routers, IP Real Time Protocol (RTP) header compression (used for voice or video over IP) does not work. If RTP header compression is turned on, the PPP link does not negotiate at all. There is no workaround.
•
After the ip audit notify command is configured to send alarms to the NetRanger Director, the router will stop forwarding alarms after an undetermined period of time. There is no workaround.
•
A Cisco PA-A3 port adapter occasionally exceeds configured peak cell rate (PCR) limits for available bit rate (ABR) and unspecified bit rate (UBR) traffic classes. There is no workaround.
•
A Common Object Module Transaction Interface (COMTI) session object may not check in the license if an exception error occurs. In this situation, the license can become exhausted, and clients cannot connect. There is no workaround.
•
Security is not functioning properly with Common Object Module Transaction Interface (COMTI) servers. Transactions that require user IDs and passwords cannot be executed through the Cisco Transaction Connection TXConn subsystem. There is no workaround.
•
On a cable modem (CM) registration, if the cable modem termination system (CMTS) already has an entry for the CM, it does not update the IP address field to reflect the real CM IP address.
This situation only occurs if a Cisco IOS internal Dynamic Host Configuration Protocol (DHCP) server is used. There is no workaround.
•
A Route Switch Processor (RSP)-based router with one or more Versatile Interface Processors (VIPs) that is running Cisco IOS Release 12.0 S (or any image with tag support) may experience a memory leak with Cisco Express Forwarding (CEF) and tag switching enabled and the no ip route-cache distributed command configured. This memory leak can be detected by repeatedly entering the show process memory | include OSPF command on the RSP console or vty.
Workaround: Enable distributed CEF instead of CEF, or turn off tag switching.
•
On a Cisco 7200 series router, the serial drivers may cause a memory leak when a reparented packet is sent. There is no workaround.
•
If you enable distributed Cisco Express Forwarding (CEF) on a Cisco 7500 series router, and there are one or more prefixes in the IP routing table with the maximum six paths, the router may reload with the following error message:
%SYS-2-CHUNKBADMAGIC: Bad magic number in chunk header...There is no workaround.
•
When you remove modem cards on a Cisco AS5800 series universal access server without updating the startup configuration before the next reload, the universal access server may encounter a software exception when the universal access server receives the first modem call and will reload unexpectedly.
Workaround: Use the write memory command to update the startup configuration before the next router reload so that the pool-range configuration command reflects the existing hardware configuration.
•
The Local Management Interface (LMI) is not functioning properly on a Cisco router that is running Cisco IOS Release 12.0(7)T. This situation only occurs with Quad Integrated Communications Controller (QUICC) WAN interface cards (WICs) and not with Network Modules (NMs).
This situation occurs not only with Frame Relay and LMI. It also occurs with point-to-point High-Level Data Link Control (HDLC) and PPP connections.
This is a clocking-related issue and will affect certain channel service units (CSUs) or data service units (DSUs) and other devices attached to the following cards: WIC-2T, WIC-2A/S, and WIC-1T (on the Cisco 2600 series router, the Cisco 3620 series router, and the Cisco 3640 series router only). There is no workaround.
•
On a Cisco 2600 series router or 3640 router that is running Cisco IOS Release 12.0(8.1) or later releases, a serial interface on a Cisco Network Management-8 universal access server card that is running Block Serial Tunneling (BSTUN) may not come up after a router reload.
Workaround: Use the shut command followed by the no shut command, or use the clear interface EXEC command to clear the serial interface.
•
On a Cisco router that is running Cisco IOS Release 12.1, Cisco Encryption Technology (CET) will refuse to make to establish encrypted connections.
To diagnose this situation, enter the debug crypto sessmgmt command to see if you receive the following error message when you attempt to create a connection:
CRYPTO: Syndrome gen status for conn_id 2000 slot 0:INVALID_INPUTThere is no workaround.
•
A Cisco router that is applying cable access router (CAR) rate-limit Cisco IOS commands to a Channelized E1 serial subinterface on a Virtual Private Network (VPN) Provider Edge (PE), the serial line may drop.
Workaround: Reassign channels.
•
If a dynamic crypto map has multiple entries, internet key exchange (IKE) negotiation may fail with the Tunnel Endpoint Discovery (TED) peer. There is no workaround.
•
Spectrum Management task may use many CPU cycles and cause CPU utilization to increase. There is no workaround.
•
When Cisco Express Forwarding (CEF) is configured as part of a large configuration (typically with access lists), following boot traffic that is directly addressed to the interfaces of a router may not be received. This condition can be observed on enabled interfaces where IP interfaces appear to be up, but the CEF interfaces are down.
Workaround: Perform one of the following steps. Boot without CEF enabled. Disable and then re-enable CEF. Enter the no shutdown interface configuration command on each of the interfaces that are affected.
•
A Cisco router may reload when configured in a Stack Group Bidding Protocol (SGBP) stack group. This situation may also result in memory corruption. The following SGBP error message occurs in the output of the debug sgbp error command:
%SGBP-3-INVALID:MQ message with CancelThis rare situation may occur whenever PPP calls drop before the SGBP bidding process finishes. When calls drop, the likelihood that this problem occurs increases when either of the following commands is configured:
multilink bundle-name both or multilink bundle-name endpoint.
Workaround: To greatly reduce the likelihood of this situation, do not use the following commands:
multilink bundle-name both or multilink bundle-name endpoint.
•
DBConn TCP/IP passthru connections may cause a Cisco router to reload if the host disconnects prematurely. There is no workaround.
•
In a situation where a Customer Edge (CE) router is connected to two Provider Edge (PE) routers, if a third PE changes its selected route to the CE router, it may fail to update the Virtual Private Network (VPN) label for the route, resulting in loss of connectivity to that CE.
Workaround: Use the clear ip route command to clear the route.
•
When Cisco Express Forwarding (CEF) is disabled, either through configuration or because of an internal error, any interface where you use the ip verify unicast reverse-path command will no longer forward any frames. This situation occurs on all platforms that support CEF and unicast Reverse Path Forwarding (RPF).
Workaround: Re-enable CEF, or disable the unicast RPF feature from the interfaces using the no ip verify unicast reverse-path command.
•
Under rare circumstances, a permanent virtual circuit (PVC) on a Cisco 6400 series node route processor (NRP) may stop sending traffic.
Workaround: Use the shut and no shut commands on the subinterface that is carrying the PVC.
Alternate Workaround: Enable ATM traffic shaping.
•
A Cisco 3600 series router or a Cisco 2600 series router with an NM-8A/S or NM-4A/S network module interface that has the physical-layer async command configured on the serial interface may see extraneous characters on the serial line during bootup. No other functionality is affected. There is no workaround.
•
A Cisco AS5300 series universal access server that is running Cisco IOS Release 12.1(00.07)T may not be able to route incoming called party numbers using the called-number modem pool configuration command for Open Settlement Protocol (OSP) application.
Workaround: Use the wildcard on the incoming called-number modem pool configuration command for OSP application.
•
When a Cisco Virtual Private Network (VPN) client tries to secure multiple traffic flows to the same Cisco IOS router, and mode config is configured to give an IP address to the client, one of the traffic flows may not have security access (SA) set up, and may get the error CRYPTO-4-RECVD_PKT_INV_SPI on the router. There is no workaround.
•
Under rare circumstances, a tunnel may have a drop adjacency on the line card while simultaneously having a valid adjacency on the Route Processor (RP).
Workaround: Enter the clear cef linecard command to download the correct information to the line card.
•
A Cisco router may reload with a bus error when the no shut command is entered on a second ATM interface on inverse multiplexing over ATM (IMA) card that is only being used as an ATM interface and not as part of an IMA group. There is no workaround.
•
A Cisco 5000 series network access server (NAS) that is running Cisco IOS Release 12.0 or 12.1 may reload when it is running voice (SS7) traffic through the router. The following messages are displayed on the console:
%ALIGN-3-SPURIOUS: Spurious memory access made
%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = ISDNWorkaround: Use Cisco IOS Release 12.1(2) or 12.1(2)T.
•
When you enter the show sna privileged EXEC command, a Cisco router pauses for three to 4 minutes, and then displays all 0s in the terminating call IDs (TCIDs) for the intermediate Dependent Logical Unit Requester (DLUR) sessions. This situation may be accompanied by LU-LU sessions that also pause indefinitely. The following is the output of the show sna privileged EXEC command:
Number of intermediate DLUR sessions 0
SNA DLUR Assisted Intermediate Sessions PCID (hex) Primary LU Name Secondary LU Name Mode COS ---------------- ----------------- ----------------- -------- ------- 1> 0000000000000000 2> 0000000000000000 3> 0000000000000000 4> 0000000000000000 5> 0000000000000000 6> 0000000000000000 7> 0000000000000000 8> 0000000000000000 9> 0000000000000000 10> 0000000000000000There is no workaround.
•
If Cisco Express Forwarding (CEF) is not enabled and Resource Reservation Protocol (RSVP) over ATM is used, excessive switched virtual circuits (SVCs) are created. There is no workaround.
•
A Cisco Versatile Interface Processor (VIP) that is configured with Cisco Encryption Technology (CET) may not initiate a new crypto connection. The VIP will respond to a connection request from the remote end. However, if the remote end is also a VIP, the crypto connection may never be initiated, because both VIP routers will wait on a connection request. There is no workaround.
•
A Cisco AS5300 series universal access server that is configured with Cisco Voice Manager (CVM) may reload if you use the show call active brief privileged EXEC command. There is no workaround.
•
You cannot change the login password when connecting to DB2 through DBConn TCP passthru connections. There is no workaround.
•
On a Cisco 7500 series router, if Cisco Express Forwarding (CEF) is enabled, Web Cache Control Protocol (WCCP) or one or more tunnel interface is configured, and packets that are redirected by WCCP or sent over a tunnel arrive over an Inter-Switch Link (ISL) interface, then packets terminating at the router that arrive over the same ISL interface may be dropped. For example, pinging to or from the router may show a 10 to 30 percent packet loss. There is no workaround.
•
Cm_process_event_log. cm_process_event_log may cause a Cisco uBR900 universal broadband router to reload when an error message is called from the interrupt process level. This situation only occurs in firewall and IP Security (IPSec) ubr900 Cisco IOS software images.
The router displays the following traceback messages:
SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level -Traceback= 802D048C 804C8DC8 8024CB3C 802D048C 804C8DC8 8024CB3C 802CEAC4 802D0 7BC 804C8DC8 8024CB3C 802D048C 804C8DC8 8024CB3C 802CEAC4 802D07BC 804C8DC8Workaround: Disable event_logging mib object on uBR900 firewall and IPSec images as soon as the router comes back online by setting docsDevEvControl.0 to 1.
•
On a Cisco router with port channel interfaces with Inter-Switch Link/Token Ring Inter-Switch Link (ISL/TRISL) encapsulation, any changes on the encapsulation may cause a Cisco bus (Cbus) restart. The system returns to normal operation after the Cbus restart. There is no workaround.
•
Heavy switched virtual circuit (SVC) setup or teardown loads on an ATM interface may cause a Cisco router to reload. There is no workaround.
•
In a Voice over IP (VoIP) network with E1 R2 signaling combined with ISDN, the busy signal in R2 signaling may not be notified correctly to the far end of the ISDN side. There is no workaround.
•
A Cisco uBR7200 series universal broadband router that is configured with a Cisco cable modem termination system (CMTS) is not protected against rogue cable modems that exhibit non-Data-over-Cable Service Interface Specifications (DOCSIS)-compliant behavior at initial ranging. There may be some modems on an upstream port that range with a negative timing offset. Such rogue modems can deceive the CMTS Map building code into using a large Map Advance when the dynamic Map Advance algorithm (the default) is active on each upstream port.
The result of this situation is that all the other modems on that upstream port will be unable to send data upstream to the CMTS and will go offline. The router will generate a warning log message every time a modem with bad timing offset is detected. A sample warning message is follows:
%UBR7200-5-BADTXOFFSET:Bad timing offset -10 detected for cable modem 0010.9500.0a6aWorkaround: Configure static Map Advance on each cable interface of the router by using the cmts(config-if)# cable map-advance static command-line interface (CLI).
•
When you run the interactive voice response (IVR) application on a Cisco 5300 series router, the router may pause indefinitely or reload if no IVR prompts are played in the tool command line (TCL) script when the call is connected. There is no workaround.
When you run the interactive voice response (IVR) Debit Card application on a Cisco 5300 series router with rotary dial peer configured, the router may pause indefinitely with 20 to 30 simultaneous calls after 2 to 3 hours. There is no workaround.
•
A Cisco RM7000 processor that is used by an NPE-300 network processing engine and a Cisco 7140 router may cause the router to execute instructions incorrectly or not at all. This situation may result in memory corruption or reload. There is no workaround.
•
When more than three concurrent connections are open between a Cisco router and CheckPoint, subsequent connections take more than 90 seconds. The CheckPoint firewall repeats the last Quick Mode message whenever IP Security (IPSec) Service Adapter (SA) has successfully been negotiated. Retransmissions should only happen under error conditions, so after three retransmissions the router eliminates the SA. When Cisco IOS software interoperates with Checkpoint firewall, the SAs may take longer than usual to become established because of unnecessary retransmissions by the checkpoint firewall.There is no workaround.
•
When you use the rate-limit interface configuration command on a Catalyst 6000 FlexWAN interface, the FlexWAN interface never reboots. This situation occurs when you reboot the Multilayer Switch Feature Card (MSFC) after an MSFC reset when the FlexWAN cards have not been reset.
Workaround: Reset the FlexWAN cards and the MSFC after you use the rate-limit command.
•
When a remote Cisco 2600 series router or a Cisco 3600 series router goes down, the BRI line protocol that is configured as "leased line 128K" may not go down properly. The router repeatedly displays the following message while the remote site is down:
%LINK-3-UPDOWN: Interface BRI1/0, changed state to up" while the remote site has been down.This situation occurs when you use an NM-4BRI network module or an NM-8BRI network module and the router is configured with High-Level Data Link Control (HDLC) encapsulation. There is no workaround.
•
A Cisco router may reload when reassembling in Session Connector. There is no workaround.
•
If you run a TN3270 server on a channel port adapter or configure virtual telecommunications access method (VTAM) to perform connect-outs by Channel Interface Processor (CIP) Systems Network Architecture (SNA) on a channel port adapter, buffer leaks may occur that will affect service between Cisco IOS software and the channel port adapter. Both of these features use local explorers to establish SNA connections, and when these local explorers are received from the channel port adapter by Cisco IOS software, the receive buffer containing the local explorer is not freed properly, resulting in lost buffers. Eventually, Cisco IOS software will run out of channel port adapter receive buffers and stop receiving packets from the channel port adapter. Symptoms of this situation include ceased input packets on the channel interface. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.0(9)S or later releases may experience problems if you attempt to format, delete, or squeeze slot0: immediately after the show version command is entered or immediately after the router reloads. This is a flash timing-related issue, and subsequent commands that you enter will not be affected. There is no workaround.
•
A Cisco AS5800 series access router that is running a Cisco IOS release prior to Release 12.0(1) and that is configured with E1 ports may result in a "ring no answer" message, even though a free channel and modem are available. There is no workaround.
•
A spurious access may be logged on a Versatile Interface Processor (VIP) interface that has PPP encapsulation enabled and a VIP quality of service (QoS) feature that requires packet classification to be performed on the output VIP.
Workaround: Disable the QoS feature.
•
A Cisco router may reload with the following error messages:
System returned to ROM by bus error at PC 0x6023A554, address 0x694B
IOS (tm) 5300 Software (C5300-JS-M), Version 12.1(0.9), BETA TEST SOFTWARE Copyright (c) 1986-2000 by cisco Systems, Inc. Image text-base: 0x600088F8, data-base: 0x6101E000
Stack trace from system failure: FP: 0x61F755C8, RA: 0x6023A554 FP: 0x61F75660, RA: 0x602394EC FP: 0x61F75688, RA: 0x6022C080 FP: 0x61F756C0, RA: 0x6022C3F8 FP: 0x61F75798, RA: 0x6022C694 FP: 0x61F757C0, RA: 0x60BE076C FP: 0x61F757F0, RA: 0x60BE0B98 FP: 0x61F75840, RA: 0x60BDCD04Workaround: Do not use the debug sgbp errors command.
•
On Cisco 7500 series routers running Release 12.1, Encryption Service Adapter (ESA) specific commands, such as crypto card clear-latch 1 are not accepted. There is no workaround.
•
On a Cisco router, 50 percent of pings may fail to receive replies when you use the ip cef global configuration command, so the router drops the majority of traffic directly addressed to an interface.
Workaround: Enter the no shutdown command again on the affected interface.
•
If maximum connection is matched or exceeded on an inbound Voice over IP (VoIP) dial peer, an incorrect cause code is returned to the originating router and the call is cleared with normal call clearing. This situation occurs if you attempt to reroute failed calls through the Public Switched Telephone Network (PSTN). There is no workaround.
•
If the host abnormally disconnects a TCP DBConn connection during the connection setup phase, an orphaned connection may occur that must be manually reset.
Workaround: Manually clear the orphan connections using the dbconn clear connection command.
•
If a call is disengaged from a gatekeeper by disengage requests (DRQs) sent to the gateway, the router may reload when the gateway attempts to access a freed memory space. Accessing freed memory is indicated by referencing 0xd0d0d0d (plus some offset). If the freed memory is now allocated for other purposes, this situation may not be obvious and the router may reload. There is no workaround.
•
Two-phase commit over TCP passthru connections is not supported. There is no workaround.
•
Hot Standby Router Protocol (HSRP) tracking does not work properly. When an interface is tracked, it goes into standby state. When it comes out of standby state, the information is not updated so the tracking interface gets stuck in standby state. There is no workaround.
•
On Cisco IOS Release 12.1, dynamic encryption applications may not work correctly if two different remote routers attempt to establish encrypted connections to the same interface on behalf of the same end hosts. There is no workaround.
•
A Cisco 7200 series router that uses an PA-A2 port adapter will allocate memory and not release it when you use the show controller command while the ATM interface is administratively shut down. Eventually, the system may run out of memory and need to be reloaded. There is no workaround.
•
On a Cisco AS5800 series universal access server that is running Cisco IOS Release12.0(5)T or portware 2.7 or higher, once a modem is used for handling V110 calls, it cannot be reused to handle asynchronous calls. The asynchronous calls will fail and the user will be disconnected. There is no workaround.
•
Systems Network Architecture Switching Services (SNASw) should be able to differentiate physical units (PUs) by Control Point name if the received idblk/idnum is identical. The first PU connects properly, but the second connection generates the following error on the problem determination log (PDLOG):
**** 00000161 - EXCEPTION 256:2 (0) **** Invalid internal state detected FSM State: = 4 FSM Input: = 1 >From ../dcl/ndrpufsm.c 121The output of the show sna privileged EXEC command displays the following:
router#show snas pu
Number of DLUR PUs 1 SNA DLUR PUs PU Name PU ID State DLUS Name -------- -------- -------- ----------------- 1> M1PU 05D00000 Active NETA.CPDEREKAfter the second PU connects, the output of the show sna privileged EXEC command displays:
router#show snas pu
Number of DLUR PUs 1 SNA DLUR PUs PU Name PU ID State DLUS Name -------- -------- -------- ----------------- 1> M1PU 05D00000 ResetWorkaround: Change idblk/idnum to 00000000.
•
A Cisco 5300 series router that is running Voice over IP (VoIP) with T1 channel-associated signaling (CAS) may lose memory suddenly and severely (not a gradual memory leak). This situation occurs because variables on the memory stack are not properly initialized. The router may change the value based on what is left on the stack, which depends on the various code execution paths of the call state machine (CSM) manager for the T1 CAS handling.
The router may reload when it runs out of memory in attempting to allocate 1552 bytes or more by the ossUserMalloc function. The router may also reload before the memory leak is detected. The router will need to eventually be reloaded to recover the memory loss. There is no workaround.
•
On a Provider Edge (PE) router, ethicist Express Forwarding (CEF) table may lose the tags for a default route that belongs to certain Virtual Private Network (VPN) routing and forwarding tables (VRFs). This situation occurs every minute and the tag will come back after 2 to10 seconds. This situation occurs when the default is learned through IBGP from another PE router.
Workaround: Configure a static default for that vrf pointing to the PE where you should learn it from.
•
Under heavy traffic, a PA-A3 port adapter may experience a SAR0 reload. If this condition occurs on a Cisco 7200 series router, you must reload the router to recover normal operation. On a Cisco 7500 series RSP, this situation may result in commands from the RSP to the port adapter failing, but the port adapter should be able to recover without a router reload. There is no workaround.
•
A Cisco 5200 series router, a Cisco 5300 series router, or a Cisco 5800 series router may experience a fatal error that causes a system to reload. The error only occurs if Virtual Private Dialup Network (VPDN) groups or profiles are configured within resource-pooling profiles in the local Resource Pool Manager Server (RPMS) or the remote RPMS. There is no workaround.
•
A systems Network Architecture (SNA) switch is correctly looking at MAXDATA for the segmentation of logical unit-logical unit (LU-LU) SESSION DATA to downstream physical units (PUs). However, the SNA switch is failing to segment system services control point (SSCP)-LU data to such PUs, including USS10 screens. There is no workaround.
•
On a Cisco router that is running IP Security (IPSec), if an IPSec encrypted packet comes in through a process switched interface that does not have encryption enabled, you cannot decrypt the packet. In addition, the router may rise to 100 percent CPU utilization until the security access (SA) times out.
To determine if this situation is the cause of 100 percent CPU utilization, compare the decrypt counters in the show crypto engine connections active privileged EXEC command with the counters in the show crypto ipsec sa EXEC command to learn if the counters are quite different.
Workaround: Enable fast switching on the unencrypted interface.
•
If an interface that is configured with IP Security (IPSec) and that uses the ip address negotiated interface configuration command and the crypto map interface configuration command is recycled (made active then inactive) more than once within the IPSec Service Adapter (SA) lifetime and a new IP address is assigned to the interface, IPSec will retain the previous IP address.
Workaround: Delete the IPSec SA on the router that uses the ip address negotiated interface configuration command to clear the clear crypto sa EXEC command from the IPSec SA.
Alternate Workaround: Use a static IP address instead of a dynamic IP address. Use the crypto map local-address global configuration command to identify a static IP address in IPSec.
•
Multiprotocol Label Switching (MPLS) forwarding entries may not be built properly for routes learned through IP Border Gateway Protocol (BGP) so packets addressed to a BGP destination will not be forwarded along MPLS Label Switched Paths (LSPs) but will be forwarded as IP packets. There is no workaround.
•
On a Cisco 7206 router or a Cisco 7206VXR router that is running Cisco IOS Release 12.1(1.1) and is configured with a Token Ring (TR) Inter-Switch Link (ISL) to a Cisco Catalyst 3900, Logical Link Control, (LLC2) type 2 packets from the Catalyst 3900 may remain in the input queue of the Fast Ethernet interface on the 7206 router and the 7206 router will be unable to accept any more packets on the interface.
Workaround: Enter the hold-queue 4096 {in} interface configuration command to configure the queue in the largest size possible.
•
In Cisco IOS Release 12.0 and Cisco IOS Release 12.0 T, the copy start tftp command uses a default save name of "startup-config" rather than the usual "routername-config."
Workaround: Use the copy run tftp command.
•
On a Cisco router that is configured with a VXC-2TE1 PA port adapter, the fragment option will not be available in the access-list command. The fragment option may be turned on even if it is not specified in the command. There is no workaround.
•
A Cisco 7200 series router that is running Cisco IOS Release 12.1(1.1) and that is configured with a VXC-2T1/E1 card may have digital signal processors (DSPs) that seize the trunk and not release it after a router reload. This situation will prevent any calls from occurring.
Workaround: Enter the shut interface configuration command followed by the no shut interface configuration command on the affected DSP under the dspint DSPFarm. This is a temporary workaround that will restore the DSP until another reload of the router occurs.
•
A Systems Network Architecture Switching Services (SNASw) router may reload during normal operation with watchdog_forced_here. There is no workaround.
•
If you delete a Layer 3 port channel or subinterface when Hot Standby Router Protocol (HSRP) is configured with a secondary address, the system may restart. Layer 2 port channels are not affected.
Workaround: Unconfigure the HSRP secondary addresses before deleting the subinterface or port channel.
•
A missing H.323 ID configuration may cause the gateway to access (read) using a NULL pointer and may cause reloads on platforms where the service alignment global configuration command is a default, as it is on a Cisco 2600, 3600, 5300, and 7200 series router or 5800 series universal access server. A spurious read access to low memory will generate a syslog message instead of reloading the router. This situation can occur while the gateway is registering or unregistering from the gatekeeper while there is no H.323-ID configured.
Workaround: Configure H.323-ID and ensure that the no gateway configuration command is entered first. Disabling the gateway prevents H.323 software from using a NULL pointer while the configuration process is not complete.
•
A memory leak may occur when the interactive voice request (IVR) script calls for prompt/audio files that do not exist.
Workaround: Ensure that all prompt/audio files are valid (and spelled correctly).
•
A Cisco router may reload when interactive voice response (IVR) in a voice gateway requests authorization.
Workaround: Enter the aaa authorization exec h323 group radius global configuration command when authorization is needed for voice gateway.
Alternate workaround: Use Cisco IOS Release 12.1(2) or Release 12.1(2)T.
•
A Cisco router may reload on configuration. There is no workaround.
•
A Cisco router may reload when the interactive voice response (IVR) in voice gateway sends an authentication/authorization request to the billing (RADIUS) server and the billing server is down.
Workaround: Ensure that the billing server is running for the voice gateway.
Alternate workaround: Do not perform authentication/authorization in the IVR script.
Alternate workaround: Use Cisco IOS Release 12.1(2) or Release 12.1(2)T.
Novell IPX, XNS, and Apollo Domain
•
IPX routes are not received on a Cisco 3660 router that is running integrated routing and bridging (IRB) with bridging on an ATM interface. There is no workaround.
•
A cisco router may not make odd length process-switched packets even or odd length pings that originate from this router when the output interface is a Bridge Group Virtual Interface (BVI). There is no workaround.
TCP/IP Host-Mode Services
•
A Cisco router may lose memory or reload during periods of heavy traffic while using a voice application or the gateway application. There is no workaround.
•
When you enter the ip tcp selective-ack global configuration command on a Cisco router that is running Cisco IOS Release 12.1(1), a memory leak will occur. The leak is slow but will eventually reduce the available memory in the router and reload the router.
Workaround: Enter the no ip tcp selective-ack global configuration command.
TN3270
•
A TN3270 client on a Cisco universal access server may erroneously leave the keyboard in a locked state causing all keyboard input to be rejected until you press the master_reset keypress. This situation occurs when an application sends write-structured field commands with the keyboard-restore indicator on the associated write-control character. There is no workaround.
Wide-Area Networking
•
When a group-asynchronous interface is a member of a dialer rotary-group, the encapsulation ppp command may disappear from the configuration after a reboot.
Workaround: Configure encapsulation on the dialer interface instead of on the group-async interface.
•
On a Cisco router that is running Cisco IOS Release 11.3 or Cisco IOS Release 12.0, if you use both the substitute-source option and the substitute-destination option in the same X.25 route command, the Source Address (SA) in the forwarded call is corrupted. There is no workaround.
•
A member of a large-scale dialout stack group may continue to bid for outgoing calls even if it does not have the capability to actually make the outgoing call (T1/E1 cable is unplugged or PRI is not up, and so on).
Workaround: Manually remove the member from the stack group until the network access server (NAS) is restored to full working condition.
•
A Cisco router may reload because of illegal access to a low memory location when there are close to 4000 active X.25 calls. There is no workaround.
•
A Cisco router may reload because of a bus error when accessing a freed call control block (CCB). There is no workaround.
•
A Cisco 7200VXR router may reload with a bus error because the packet-by-packet compression code is being passed packets that contain particles. There is no workaround.
•
A Cisco router may experience a bus error and reload if you enable the ATM bundle on the PA-A3-OC3MM ATM port adapter. There is no workaround.
•
Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) traffic cannot be switched by LAN Emulation (LANE) interfaces. There is no workaround.
•
If you try to use idle timeout with class in dialer maps for different locations, the individual timeout will not override local idle timeout configured under dialer interface. There is no workaround.
•
A Cisco router may experience high CPU utilization when priority queueing is enabled because of X.25 background processes. There is no workaround.
•
Timer data structures used by the dialer component may become corrupted. The corruption may occur because of operator-initiated actions that involve the removal of the dialer function on an interface. Examples of these actions would be configuring leased-line BRI, or entering the no dialer in-band interface configuration command. The symptom may not occur for days or weeks after the operator action that caused it. Because of this condition, these actions should be avoided. There is no workaround.
•
A Cisco router will exhibit traceback messages when the router sends Inverse Address Resolution Protocol (ARP) messages for protocols like Novell, DECnet, and XNS. This situation will not affect router operation. There is no workaround.
•
If a dialer profile (with multiple BRIs in pool) is configured with a very low load threshold value using the dialer load-threshold command and if Multilink PPP is also configured, then all the channels except the B channels on one BRI are not disconnected. This situation may cause the B channels in the pool to flap and could also result in the failure of subsequent pings to the same link.
Workaround: Raise the load threshold to a higher value.
•
The input queue on a Cisco 7500 series router may show 76/75, which can result on the line going down on a High-Speed Serial Interface (HSSI) port adapter even though the VIP console shows that the queue is empty and the line protocol is up. This condition only occurs when PPP encapsulation is enabled.
Workaround: Move the card to a new slot, change to High-Level Data Link Control (HDLC), or reload the router.
•
A Cisco universal access server may reload with a bus error when the router is used as a PPP callback server. There is no workaround.
•
There is no way to specify that only one call per terminal endpoint identifier (TEI) should be allowed when a TEI for a second call is reused where there is a common local directory number (LDN) for all B channels and the telco does not send an EndPoint Identifier (EID) information element (IE). This situation rarely occurs. There is no workaround.
•
With X.25 over TCP (XOT), when there are many IP addresses in the X.25 route command and the first IP address is unreachable, a Cisco router will take the next IP address. The default X.25 parameters are then used instead of the ones configured on the X.25 interface, which causes the X.25 public switch to clear the call. There is no workaround.
•
If you use X.25 over TCP (XOT) protocol translation and use the session-timeout line configuration command on the vty interfaces, the router may reload with a bus error. There is no workaround.
•
When the IP connection for Redundant Link Manager/Signaling System 7 (SS7) fails, ISDN Layer 2 may not restart when the connection is restored. There is no workaround.
•
Non-Facility Associated Signaling (NFAS) and Redundant Link Manager (RLM) interfaces do not have T309-enable activated by default. Loss of Layer 2 traffic may cause the loss of all calls.
Workaround: Add T309-enable to the configuration on the NFAS and RLM interfaces.
•
A Cisco router may fail to bring up Layer 2 channels for National ISDN and 5ESS Custom switch profiles where dual terminal endpoint identifiers (TEIs) are used. There is no workaround.
•
A Cisco router will reload when you use the x25 routing global configuration command with the Domain Name System (DNS) feature. This situation occurs even if this command is not the first choice in the routing process. There is no workaround.
•
When you use Frame Relay traffic shaping with the first-in, first-out (FIFO) queueing default, the queue count for the traffic shaping structure may be inconsistent with the queue count for the per-virtual-circuit (VC) queues. This condition occurs when the VC queue fills up and the system drops a packet to make room for critical traffic in the VC queue.
Workaround: Remove and then configure Frame Relay traffic shaping to reinitialize the counter.
•
In large scale dial-out (LSDO), once a Cisco router in a stack group gets a Stack Group Bidding Protocol (SGBP) discover message, it needs to find out how many free B channels it has and offer that value to the client so that the client can gather all the offers and use the router with most free B channels to dial out. If you configure sdn_get_num_free_bchan() to get the number of free B channels, a BRI sdn_get_num_free_bchan() should be isdn_get_num_free_bchan(), which is a function that cannot be configured. The function may not return the correct number of free B channels. There is no workaround.
•
Dialer will not dial out if the Large Scale DialOut (LSDO) feature is configured and a Stack Group Bidding Protocol (SGBP) group is not configured.
Workaround: Configure a random SGBP group by entering the following:
router#configure terminal
Enter one configuration command per line and end with pressing Control Z
router(config)#sgbp gro
router(config)#sgbp group lsd
router(config)#sgbp dial-bids
router(config)#end•
A Cisco 7500 series router that is running Cisco IOS Releases 11.1(31.1)CC, 12.0(9.1), 12.0(8.6)S1, 12.0(9)S, 12.1(0.8), and 12.1(0.8)T with a PA-A3 port adapter will not send Operation, Administration, and Maintenance (OAM) cells. There is no workaround.
•
A Cisco router that is connected to ISDN BRI lines that deactivate Layer 1 (typically done by European Telcos to save power on BRI lines when no ISDN calls are active) and that use dialer interfaces (either legacy DDR or dialer profiles) will not be able to dial out.
Workaround: Remove the dialer interfaces and configure the BRI interfaces instead.
•
A gateway-to-gateway call that does not use the interactive voice response (IVR) application produces two authentication, authorization, and accounting (AAA) records. One record has cause 0x0 and the other has cause 0x10. The same two records appear on both the originating gateway and the terminating gateway.
A gateway-to-gateway call that does use IVR produces two sets of AAA records. One record on the originating gateway has cause 0x10 and the second record has cause 0x29. Both records on the terminating gateway have cause 0x29. There is no workaround.
•
A Cisco AS5800 series universal access server that is configured with Digital Number Identification Service (DNIS) screening and authentication, authorization, and accounting (AAA) pre authorization disconnects even though the "isdn guard-timer < > on-expiry" is configured to "accept." There is no workaround.
•
A memory leak in a Cisco router may occur if you use the show isdn active command on a tty other than the console port while calls are in process. There is no workaround.
•
A Cisco router may reload because of a bus error in fair_dequeue_inline. There is no workaround.
•
If isdn no_status_enq is not configured, calls will be dropped during link failure and recovery. There is no workaround.
•
Certain configurations may cause spurious memory accesses, failure at start up, or incomplete configuration data processing. There is no workaround.
•
A Cisco 4000 series router may reload while running as a Layer 2 Tunneling Protocol (L2TP) Network Server (LNS) for two Cisco 5300 series L2TP Access Concentrators (LACs). This situation is caused by IP cache entry and may occur when some Virtual Private Dialup Network (VPDN) clients are shut down to troubleshoot L2TP session problems on another router that is running a voice image when more VPDN clients are added.
When the L2TP subsystem attempts to fast-switch a packet, it calls ip_fastswitch() which in turn calls ipcache_lookup_fast(destination) to look up the cache entry. The return cache entry points to a virtual access interface that should have been an Ethernet interface. This situation causes the packet to enter the L2TP subsystem again, resulting in another L2TP+UDP+IP header encapsulation. This looping continues until the stack runs out when the L2TP subsystem encapsulates so many times that memory locations above the packet get overwritten. There is no workaround.
•
When Frame Relay traffic shaping is configured and either custom queueing or priority queueing is enabled at the virtual circuit (VC) level, an alignment error may occur. The error occurs when the priority/custom queue list checks User Datagram Protocol (UDP) packets and the current packet is a UDP packet that is queued because of traffic shaping. There is no workaround.
•
A Cisco network access server (NAS) may process a RLM SERVER_SWITCHED message like a LINK_UP message and drop calls even if the Redundant Link Manager (RLM) link never failed.
Workaround: Use Cisco IOS Release 12.1(2).
•
A Cisco router will reboot if you delete a dialer map by using the no dialer map command when a PPP callback server is configured and there is a callback pending expiration of the callback timer that uses that dialer map.
Workaround: Shut down the interface, wait for an interval corresponding to the callback timer, remove the dialer map, then enter the no shut command on the interface. The callback timer has the same value as the enable timer and is set by the dialer enable-timeout command.
•
On a Cisco router that is running Cisco IOS Release 12.1T, IP Control Protocol (IPCP) on multilink group interfaces may fail to negotiate.
Workaround: Move the configuration for the multilink group to a virtual template.
•
If you enable conditional debugging on a Cisco router or use the debug condition EXEC command, the router may reload. There is no workaround.
•
The B channels on the "primary-d" NFAS-RLM group will erroneously become active when the D channel becomes active. There is no workaround.
•
A Cisco 7500 series router that is running Cisco IOS Release 12.0(7)T with Gigabit Ethernet Interface Processor (GEIP) and ATM interfaces may reload with the following message:
System restarted by bus error at PC 0x600705F8, address 0x8There is no workaround.
•
With conditional debugging enabled on a Cisco router, in the output of a debug log you can see PPP negotiation occurring in an analog call but not in an ISDN call. There is no workaround.
•
Incoming calls on a NET3 ISDN line may fail because of a missing information element (IE) in the router response to the incoming SETUP message. There is no workaround.
•
After 48 hours of connecting and disconnecting data calls, a Cisco router will exhibit the following messages:
2d14h: %ISDN-6-NO_TIMER: No Free Timer Entry, caller 0x6004F210, timers used 30911 2d14h: %ISDN-6-INVALID_TIMER: LIF_RemoveTimer: Invalid Timer Handle, caller 0x6004BECC handle -1 2d14h: %ISDN-6-NO_TIMER: No Free Timer Entry, caller 0x6004F210, timers used 30911 2d14h: %ISDN-6-INVALID_TIMER: LIF_RemoveTimer: Invalid Timer Handle, caller 0x6004BECC handle -1 2d14h: %ISDN-6-NO_TIMER: No Free Timer Entry, caller 0x6004F210, timers used 30911 2d14h: %ISDN-6-INVALID_TIMER: LIF_RemoveTimer: Invalid Timer Handle, caller 0x6004BECC handle -1 2d14h: %ISDN-6-NO_TIMER: No Free Timer Entry, caller 0x6004F210, timers used 30911 2d14h: %ISDN-6-INVALID_TIMER: LIF_RemoveTimer: Invalid Timer Handle, caller 0x6004BECC handle -1 2d14h: %ISDN-6-NO_TIMER: No Free Timer Entry, caller 0x6004F210, timers used 30911 2d14h: %ISDN-6-INVALID_TIMER: LIF_RemoveTimer: Invalid Timer Handle, caller 0x6004BECC handle -1 2d14h: %ISDN-6-NO_TIMER: No Free Timer Entry, caller 0x6004F210, timers used 30911 2d14h: %ISDN-6-INVALID_TIMER: LIF_RemoveTimer: Invalid Timer Handle, caller 0x6004BECC handle -1 2d14h: %ISDN-6-NO_TIMER: No Free Timer Entry, caller 0x6004F210, timers used 30911There is no workaround.
•
If you use the dialer hold-queue interface configuration command, a system may unexpectedly restart if two dial-on-demand calls are initiated on an ISDN interface using an NTT switch type, when sending broadcast packets to two separate destinations where both calls fail to connect.
Workaround: Remove the dialer hold queue command.
•
A Cisco AS5300 series universal access server that is running Cisco IOS Release 12.1 T may exhibit a "spurious memory access" message in the output of the show command. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.0(7)T may reload when Domain Name System (DNS)-based X.25 routing is used. There is no workaround.
•
On a Cisco 800 series router that is running Cisco IOS Release 12.0(7)T, plain old telephone service (POTS) flash functionality does not work for NI switchtype, although it does work for 5ESS switchtype. There is no workaround.
•
After a failover, ISDN Layer 2 may not recover.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the serial interface to restore the digital subscriber lines (DSLs).
•
If you use the shutdown interface configuration command on a Non-Facility Associated signaling (NFAS) PRI group followed by the no shutdown interface configuration command, a Cisco router will leave the "nfas_d none" digital subscriber lines (DSLs) in the ADMINISTRATIVELY DOWN state. if the D channel is up (and the ISDN Layer 2 is up), calls come in and get connected but PPP fails.There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.1(1.1) or Cisco IOS Release 12.1(1)T may experience problems with X.25 address insertion and removal when the router forwards a call. The router may display "%SYS-4-REGEXP" error messages and tracebacks. There is no workaround.
Resolved Caveats—Cisco IOS Release 12.1(1c)
Cisco IOS Release 12.1(1c) is a rebuild of Cisco IOS Release 12.1(1). The caveats in this section are resolved in Cisco IOS Release 12.1(1c) but may be open in previous Cisco IOS Releases.
•
An error can occur with management protocol processing. Please use the following URL for further information:
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw65903
Resolved Caveats—Cisco IOS Release 12.1(1)
All the caveats listed in this section are resolved in Cisco IOS Release 12.1(1). This section describes severity 1 and 2 caveats and select severity 3 caveats.
Access Server
•
If an NM-AM modem is set to mark, space, or even parity, the modem autoconfigure type line configuration command will not function properly.
Workaround: Use the script startup line configuration command and the script reset line configuration command.
Basic System Services
•
A Cisco router may stop responding to Simple Network Management Protocol (SNMP) queries. This situation occurs when the number of SNMP request packets to be processed at the same time is high. There is no workaround.
•
Under rare circumstances, a Cisco router may reload with timer corruption. There is no workaround.
•
Under a sustained heavy load of calls, authentication, authorization, and accounting (AAA) requests backup, using up memory until memory runs out and the network access server (NAS) reloads. There is no workaround.
•
If a serial interface is frequently flapping, the router may pause indefinitely with a stack trace indicating that it is in usecdelay() as a result of cbus_mci_serial_reset() being called while at interrupt level. This situation rarely occurs.
Workaround: Enter the shutdown interface configuration command on the serial interface that is flapping.
•
When ISDN calls are brought up on a Cisco router that has ISDN traps configured, memory leaks will occur in the Simple Network Management Protocol (SNMP) trap process. In addition, some ISDN traps will be lost because of the invalid variable bindings (varBinds) that cause the leaks.
Workaround: Remove all snmp-server enable traps [isdn] global configuration commands from the router.
•
A Cisco router that is running Cisco IOS Release 12.0(7)T cannot execute boot configuration commands from Flash, and displays the following error message:
%Error opening nvram:/startup-config (File system is in an inconsistent state)When this message is displayed, no configuration is loaded. If you enter the copy startup-config running-config command and then enter the no shutdown interface configuration command, the router will come back on line. There is no workaround.
•
A call on a Cisco MC3810 multiservice access concentrator may be routed to a port that is busy and waste a digital signal processor (DSP) resource. This problem can be detected when you enter the show voice dsp privileged EXEC command and see DSPs that are in a BUSY state but not referencing a specific port, and when you enter the show voice call {summary} privileged EXEC command and see the ports stay continuously in a ST_DISCONN_PENDING state.
Workaround: Shut down or remove any POTS dial peers that reference ports that are busied out from the PBX so that calls will not be routed to those ports.
•
If you enable IP route-caching (IP fast switching) on a PPP serial interface that is part of a multilink bundle, traffic that is destined for that bundle may stop.
Workaround: Shut down the serial interfaces before entering the ip route-cache EXEC command, and then enable the interfaces.
•
A Cisco router or universal access server may reload when a reference is made to a teletype (TTY)/Telnet session that has been externally ended. There is no workaround.
•
A Cisco 7200 series router that is running PPP stack hardware compression with a compression service adapter (CSA) may reload because of a memory leak. This situation occurs when a PA-MC-T1 port adapter is used. It can also occur when a multichannel E3 PA port adapter is used.
Workaround: If the CPU can handle the load, enter the compress {predictor | stac [csa slot | software]} interface configuration command.
•
Outbound Challenge Handshake Authentication Protocol (CHAP) does not function properly on Cisco routers.
Workaround: Disable the AAA access control model by entering the no aaa new-model global configuration command.
•
Cisco 7200 series routers with an NPE-300 network processing engine installed will not boot up when certain Cisco IOS Release 12.0(5)XE3 subset images are installed. The router will pause indefinitely in a very early stage of booting up, and the only way to recover the router is to perform a power cycle. For systems that are set for auto boot, you will need to enter the break command to abort the boot process and return to the ROM monitor before the Cisco IOS Release 12.0(5)XE3 image is launched for execution. You will then need to either modify the software configuration register to revert to a manual boot of some other known good image, or switch the PCMCIA flash card with a known good image in case the system is set for default image boot from the slot0: PCMCIA card. There is no workaround.
•
You may not be able to change the size of priority queues in priority queueing with virtual template interfaces on a Cisco 3640 router that is running Cisco IOS Release 12.0(8) or Cisco IOS Release 12.0(7). There is no workaround.
•
Traceback messages may appear when a Cisco 3620 router or a Cisco 3640 router is reloaded. The tracebacks occur because the router is unable to lock an uninitialized semaphore. Other functions are affected. There is no workaround.
•
When a communication error occurs after TACACS+ TCP handshake, the router slips to the next method instead of taking the next server in the same authentication, authorization, and accounting (AAA) server group. There is no workaround.
•
A Cisco 7200 series router that is running Cisco IOS Release 12.0(7) may reload because of a bus error or pause indefinitely when FRF.9 payload compression is enabled with a hardware compression adapter and Frame Relay Traffic Shaping has already been configured on the serial interface.
Workaround: Use FRF.9 software compression.
•
This caveat adds support for a new revision of a hardware component that fixes a previous error. For the benefit of users that have not upgraded to the new hardware, it will also exhibit a warning error message that indicates the old hardware revision.
Cisco 7200 series routers with NPE-175 or NPE-225 network processing engines must upgrade to Cisco IOS releases that incorporate this change (for example, Cisco IOS Release 12.0(9) and later releases or Cisco IOS Release 12.0(9)S and later releases). Use of older Cisco IOS releases may result in unpredictable malfunctions. Please see the following document for further information:
http://www.cisco.com/warp/customer/770/fn8611.shtml
•
A Cisco router may reload when hardware compression is configured in conjunction with Generic Traffic Shaping and Fancy Queueing on a compression service adapter (CSA) at the main interface. This situation only occurs when all 3 features are configured.
Workaround: Use software compression.
•
A Cisco MC3810 multiservice access concentrator may reload after a power cycle.
Workaround: Remove the T1 cable while the router is booting.
•
A Cisco router may reload when Resource Reservation Protocol (RSVP) and class-based weighted fair queueing (CBWFQ) are enabled on the same interface. There is no workaround.
•
A Cisco router may reload because of memory corruption or stack overflow if you use the show ip bgp regexp pattern privileged EXEC command.
Workaround: Simplify the regexp pattern.
•
A voice gateway may reload when a voice call disconnects if you use the gw-accounting [h323 | syslog] global configuration command and you do not properly configure the authentication, authorization, and accounting (AAA) accounting method list for voice.
Workaround: Use the aaa accounting connection h323 {start-stop} [radius | tacacs+] global configuration command.
DECnet
•
If you configure a Cisco router using the decnet routing-timer seconds interface configuration command, the router may create a DECnet in-routing filter access list number after you reload the router. The access list number will be the same as the time in seconds specified in the decnet routing-timer seconds interface configuration command, and may be invalid. There is no workaround.
•
If a Cisco router is running a release earlier than Cisco IOS Release 11.3 and is using the DECnet Phase IV routing protocol, the DECnet network may experience loops or the incorrect selection of routes for periods of time up the value entered with the decnet routing-timer interface configuration command. When a network link goes up or down, one of the routers attached to that link may start sending DECnet traffic down the wrong route. You can enter the show decnet traffic EXEC command to show the number of messages that have been discarded with the "too many visits" count. If you enter the show decnet route configuration command, you can check the routes selected by the router.
Workaround: Reduce the time in the decnet routing-timer seconds interface configuration command to reduce the time taken for the network to converge.
•
A Cisco router may reload if it pings a DECnet address across an ISDN BRI connection. Pinging IP continues to work, as does DECnet routing. There is no workaround.
IBM Connectivity
•
A Cisco router that is running Cisco IOS Release 12.0(5)XN may experience alignment errors and exhibit the following error message:
%ALIGN-3-SPURIOUS at dlsw_work (0x60E9E53C) %ALIGN-3-SPURIOUS:Spurious memory access made at 0x60E9E53C reading 0x1There is no workaround.
•
A Cisco router that is running Block Serial Tunneling (BSTUN) may experience an input queue wedge. Reloading the router will temporarily fix the situation. There is no workaround.
•
A Cisco 7500 series router that is running a Cisco IOS release higher than the Cisco IOS Release 12.0(3c) may experience a situation where attached Network Basic Input/Output System (NetBIOS) PCs are not reaching the Ethernet-attached NetBIOS server. When this situation occurs, the router sends an incorrect LAN Emulation Address Resolution Protocol (LE_ARP) request, and is unable to resolve the route descriptor for the local LANE cloud and the Token Ring behind the Token Ring switch. A Logical Link Control, type 2 (llc2) frame out of the data-link switching (DLSw) cloud directed to the PC will trigger a LANE LE_ARP lookup on the router for the wrong route descriptor. As a result, the LANE data direct virtual channel connection (VCC) is only used in one direction from the Token Ring switch to NetBIOS PCs, and the NetBIOS connection pauses indefinitely. There is no workaround.
•
With new hardware, frames that were previously forwarded by configuring the source-bridge old-sna interface configuration command will no longer be forwarded. To reduce the overhead in processing frames not destined for a particular MAC address or frames not destined to be bridged over the bridge immediately connected to the MAC address, the hardware will not receive the packet for processing. As a result, the source-bridge old-sna interface configuration command no longer has any functional purpose. There is no workaround.
Interfaces and Bridging
•
A High-Speed Serial Interface (HSSI) port adapter is disabled with following error message if the load reaches approximately 40 Mbps:
%MUESLIX-1-STOPFAIL: Mx serial, Hssi2/0 Stop Failed at disable port
%MUESLIX-1-STOPFAIL: Mx serial, Hssi2/0 Stop Failed at disable portThere is no workaround.
•
A PA-4R-DTR port adapter or a Cisco 2600 series router sometimes inserts at the wrong ring speed. The interface will recognize the incorrect ring speed and remove itself from the ring. If the router is connected to a Smart controlled access unit (CAU), the Smart CAU may disable the port because of the incorrect ring speed. In this situation, the router will try to reinsert into the ring, but it will not be able to. This condition is rare, and will not cause any physical problems with the ring. Unless the router is connected to a Smart CAU, which will wrap the port automatically, this condition is difficult to detect. There is no workaround.
•
A Cisco 7206VXR router that is running Cisco IOS Release 12.0(6.5)T2 and has a network processing engine 300 (NPE-300) may reload with a bus error. There is no workaround.
•
The address that is assigned by Dynamic Host Configuration Protocol (DHCP) may not be accepted if the remote client that is terminating a PPP session into your virtual template has tried to use a different address. There is no workaround.
•
A Cisco 7200 series router with a PA-4R port adapter may accept a packet with an invalid frame check sequence (FCS) and pass it on to remote source-route bridging (RSRB). This situation does not occur in the PA-4R-DTR port adapter. There is no workaround.
•
A Cisco AS5800 series universal access server with E1 PR1 lines that is running Cisco IOS Release 12.0(4)XJ2 or Cisco IOS Release 12.0(5)T1 may drop Serial Line Internet Protocol (SLIP) connections after Cisco IOS installs a route for a remote user. PPP users (both asynchronous and ISDN) can connect, but the SLIP users cannot connect with modem ISDN channel aggregation (MICA) modems that are running 2620 portware. There is no workaround.
•
A Cisco PA-A1 port adapter does not detect the Loss of Cell Alignment (LOCA) error. There is no workaround.
•
When performing an online insertion and removal (OIR) on a working PA-A3 port adapter with an interface configured for operation, administration, and maintenance (OAM), the permanent virtual connection (PVC) and the interface may not come up. If a second OIR is performed, both the PVC and the interface come up and traffic is restored. This situation will only occur when per-VC queueing is enabled on the interface. There is no workaround.
•
A Cisco 7500 series router with a VIP2-based Fast Ethernet port adapter may exhibit the following message:
%CBUS-3-CCBPTIMEOUT: CCB handover timed out, CCB 0x5800FFB0, slot 9 -Traceback= 60338B60 603362B8 603368D8 60310404 60335C28 6023418C 602B6AFC 602B6 AE8Workaround: Enter the no cdp run global configuration command to disable Cisco Discovery Protocol (CDP).
IP Routing Protocols
•
A Cisco router that has tag switching enabled and is running Cisco IOS Release 12.0(5)T may reload if a tag advertisement appears in a certain time window when a related routing update takes place. An ATM interface transition may cause this condition. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.0 T with conditional advertisement does not advertise the prefixes specified in advertise-map. There is no workaround.
•
If you have an Open Shortest Path First (OSPF) external route and a floating static route (as backup for the external route) with the nexthop interface OSPF enabled, and if there is a flap in external route, floating static will be installed in the routing table. The floating static route will not get replaced by the external route, even when the external route comes back up.
Workaround: Enter the clear ip route {network [mask]|*} EXEC command.
•
Open Shortest Path First (OSPF) Router and Summary link-state advertisement (LSA) may not install the network into the routing table.
Workaround: Clear the routing table.
Alternate Workaround: Restart the OSPF process.
•
Network Address Translation (NAT) may stop creating new entries after running for an indeterminate amount of time.
Workaround: Clear the NAT translation table.
•
The dataless header register does not work properly in Cisco IOS Release 12.0(7)S. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.0(5)T and later releases, Cisco IOS Release 12.1, or Cisco IOS Release 12.0 ST may reload if the clear ip bgp {*} EXEC command is entered on a peer provider edge (PE) router. The following stack trace is exhibited:
bgp_fwdentry_info
bgp_v4class_update_fwdtable_walker
rn_walktree_version
bgp_update_fwdtable bgp_routerThe reload occurs on the local PE when a PE Internal Border Gateway Protocol (IBGP) session is cleared on the remote box. If the PE is importing routes from other PE devices, clearing BGP session on the remote PE will cause the local PE to reload. There is no workaround.
•
A Cisco router may reload if certain IP packets addressed to a multicast destination with an invalid IP header are received. On a Route Switch Processor (RSP), this situation may cause a bus error reload with RSP-specific code and ipmulticast_les_fastswitch on a stack trace at:
address=0x58200000.This situation may also cause a generic memory corruption reload on the RSP or other nonparticle-based platforms. This bug does not exist in Cisco IOS Release 11.1CC or Cisco IOS Release 11.2.
Workaround: Disable multicast fast switching on all interfaces by entering the no ip mroute-cache interface configuration command.
•
If a Cisco router receives a Resource Reservation Protocol (RSVP) RESV message to refresh link-state packet (LSP) for which it is the source, and if the RESV message contains Multiprotocol Label Switching (MPLS) label other than the one previously received, the router will attempt to perform a label change operation. If the label change operation fails, the router may reload while executing the appropriate error handling procedures. This situation rarely occurs. There is no workaround.
•
Protocol Independent Multicast (PIM)v2 Candidate Rendezvous Point (RP) advertisement packets are discarded by a router if the packets were sent by that router. This breaks the Candidate-RP and bootstrap router (BSR) mechanism in PIMv2.
Workaround: Configure Candidate-RP in routers that are not BSR.
•
A Cisco 827 router may reload or experience spurious access in iprouting_destination_valid. The spurious access is caused by reading an invalid location, so memory is not corrupted. There is no workaround.
•
Sources of multicast packets that send at a low frequency may have their (S,G) expire in the first-hop designated router (DR). The corresponding (S,G) may also expire in the rendezvous point (RP).
If the (S,G) state is later created from a Protocol Independent Multicast (PIM) Join packet from downstream, then the register flag is not set for this (S,G) in this router. If a packet is then received from the source, the register packet will not be sent to the RP so the A-flag for the (S,G) will not be set in the RP, which would prevent the subject source from being advertised to the Multicast Source Discovery Protocol (MSDP) peers. There is no workaround.
•
A Cisco 7200 series or Cisco 7500 series router may restart with a bus error when you are entering the clear ip bgp dampening EXEC command. This situation will occur only when some routes are in the dampened state when the command is issued. There is no workaround.
ISO CLNS
•
When two events occur within a short period of time that cause a Cisco router that is running Intermediate System-to-Intermediate System (IS-IS) to regenerate a new link-state packet (LSP), a race condition may occur that can cause the router to skip the second LSP generation. This situation results in the router not advertising its current state to the rest of the network. (For example, an adjacency may be missing from its LSP, or an old adjacency that does not exist anymore is still advertised.) All the routers in the network will then compute invalid IP routes.
This condition occurs only in Cisco IOS Release 12.0(5)T and later releases, and can only occur when IS-IS is configured for IP routing. If a router runs IS-IS in Connectionless Network Service (CLNS) only, this condition will not occur. If a router has only a few IP routes in the IP routing table, this situation is less likely to occur than if there are many IP routes in the IP routing table.
Workaround: Enter the shutdown command interface configuration command followed by the no shutdown interface configuration command on any interface that is configured for IS-IS.
Miscellaneous
•
When printing is performed over asynchronous lines by using software flow control, large numbers of overruns occur. There is no workaround.
•
On a Cisco 5200 series, 5300 series, or 5800 series router with NFAS configured, modems may not get released upon call completion or termination. There is no workaround.
•
On a Cisco AS5800 series universal access server, you may see the following messages:
%DIALn-3-MSG: %IPC-3-NOBUFF: The main IPC message header cache has emptiedThese messages are followed by a "-Traceback" line. The "%DIALn-3-MSG" is optional and the "n" indicates which dial shelf slot number the subsequent message originates from. Usually, the latter message is followed by:
%DSIP-3-IPC_PORT: IPC subsystem API error(nip invoke ipc send), failed to get ipc_messageThis situation usually occurs when you use the autoselect ppp line configuration command, or the autoselect slip line configuration command, or the autoselect arap line configuration command. Under a high call rate, this situation may cause calls to not be established successfully.
Workaround: Use a Cisco IOS release that contains the fix for this caveat.
•
Formatting boot flash memory on a Cisco 7100 series router may disable access to boot flash memory. This situation occurs with crypto images in Cisco IOS Release 12.0(5)XE, Cisco IOS Release 12.0(5)XE1, and Cisco IOS Release 12.0(5)XE2, and the situation may occur with some noncrypto images.
Workaround: Format Flash with a working image, or do not format Flash.
•
A Cisco 2600 series router running Cisco IOS Release 11.3T may reload because of a SegV exception when a LAN Extender (LEX) interface is enabled.
There is no known workaround.
•
A Cisco router may reload because of a memory corruption. There is no workaround.
•
Cisco Encryption Technology (CET) may not function correctly when configured on a Cisco router with generic routing encapsulation (GRE) tunnel. There is no workaround.
•
In Cisco IOS releases prior to Cisco IOS Release 12.0(7)T, IP Security (IPSec) images for the Cisco 805 router do not support the Virtual Private Dialup Network (VPDN) feature. There is no workaround.
•
When you enable bridging on a Fast EtherChannel (FEC), the host functionality may not work properly, but bridging functionality is not affected. There is no workaround.
•
A Cisco 4500 series router may slow down or pause indefinitely if you configure a mac-forward filter over transparent bridging on a Token Ring interface. There is no workaround.
•
When Network Address Translation (NAT) and Cisco Express Forwarding (CEF) switching is enabled on Cisco 7200 series routers and Cisco 7500 series routers, all incoming packets take the fast switching path instead of the CEF path. There is no workaround.
•
Authentication, authorization, and accounting (AAA) for H.323 calls may show incorrect time stamps in comparison to the time synchronized through Network Time Protocol (NTP) as shown on the router. There is no workaround.
•
The second port on a Cisco router with a PA-2T3 port adapter and a PA-2E3 port adapter will not come up if the first port is in a shutdown state.
Workaround: Enter the no shutdown interface configuration command on the first port.
•
A Cisco AS5300 series universal access server that is running Cisco IOS Release 12.0(07)T12.0(07)T or Cisco IOS Release 12.0(04)XH01 may send a LOOP_CLOSURE message for a busy call on a channel-associated signaling receive and transmit T1 trunk. This situation occurs with voice calls. There is no workaround.
•
If you are entering the virtual-profile if-needed global configuration command on a Cisco AS5200, Cisco AS5300, or Cisco AS5800 series universal access server that is running Cisco IOS Release 12.0(7.3)T, pings and IP packets fail because of reported encapsulation failures on the dialer or serial interface. This situation does not occur if virtual-profile if-needed is not configured, but the router performance is affected if virtual-profile if-needed is not configured. There is no workaround.
•
A Cisco router that has been configured for point-to-point or static generic routing encapsulation (GRE) tunnel copies the type of service (ToS) field from the payload IP packet header to the outgoing delivery IP packet header. But this feature will not work for multipoint or dynamic GRE tunnels. There is no workaround.
•
A Cisco router that is running with a high load and using IP Security (IPSec) may reload after an indeterminate amount of time (5 minutes to 5 hours or more). There is no workaround.
•
When calls are redirected multiple times in the telephone network before arriving at a Cisco AS5300 series universal access server by a 5ESS PRI, the redirecting number that is tunneled by H.323 will be the Original Called Number (OCN) (the first party to forward the call) rather than the Redirecting Number (RDN) (the last party that forwarded the call directly to the Cisco AS5300). But services that access the RDN will need the final RDN rather than the OCN. There is no workaround.
•
If an EXEC session is running label switching commands such as show tag forwarding, then the router may reload when the no tag ip command is configured by another EXEC session. There is no workaround.
•
When a gatekeeper does not receive responses to its Location Requests (LRQs) from a peer gatekeeper, the first gatekeeper may become unresponsive to requests from its own clients, and no new calls are admitted. If you enable debug ras on the gatekeeper, you will receive the following repeated messages:
00:16:59: RASLib::RASSendLRQ:LRQ (seq# 8) sent to 1.14.93.83
00:17:02: RASlib::ras_sendto:msg length 58 from 1.14.93.92:9679 to 1.14.93.83:1719
00:17:02: RASLib::RASSendLRQ:LRQ (seq# 8) sent to 1.14.93.83
00:17:05: RASlib::ras_sendto:msg length 58 from 1.14.93.92:9679 to 1.14.93.83:1719
00:17:05: RASLib::RASSendLRQ:LRQ (seq# 8) sent to 1.14.93.83
00:17:08: RASlib::ras_sendto:msg length 58 from 1.14.93.92:9679 to 1.14.93.83:1719No corresponding messages indicate that an LCF or LRJ response with the same sequence number (seq# 8 in the example) was received. Generally, when the communication path to the problem peer recovers, the situation should be resolved. However, under certain circumstances, you may need to enter the shutdown command followed by the no shutdown command on the gatekeeper. There is no workaround.
•
If you enter the show users command, you may see that the Virtual Exec process is running on the modem even when no users are connected. This situation does not affect the allocation of the modem for subsequent sessions. The next user that logs in to the modem will clear the condition. There is no workaround.
•
A Cisco router may not be able to properly decapsulate packets that are Authentication Header (AH)-encapsulated when flow switching is enabled. This situation is true for both flow switching and Cisco Express Forwarding (CEF) flow switching.
Encapsulation Security Protocol (ESP)-encapsulated packets work correctly. Because ESP already provides authentication services along with the encryption, it is not necessary to use AH.
Workaround: Do not specify AH in any transform proposals.
Alternate Workaround: If AH-encapsulation is necessary, do not specify flow switching on the crypto interface.
•
On a Cisco 7500 series router with Cisco Express Forwarding (CEF) enabled, if an output rate limit with qos-group is configured on a non-Versatile Interface Processor (VIP)-based interface, for example, ATM Interface Processor (AIP), and FDDI Interface Processor (FIP), then packets cannot be switched out of that interface.
Workaround: Disable CEF.
•
Lock and Key idle-timers won't get reset when there are packets match the dynamic ACLs created by Lock and Key. There is no workaround.
•
When IOS Firewall is running on a Cisco router with Fast Ethernet subinterfaces using 802.1Q encapsulation, Context-based Access Control (CBAC) appears to run in fast switching mode, but CBAC stops inspecting traffic after an indeterminate period of time. This situation does not occur in process switching mode.
Workaround: Configure CBAC for process switching.
•
Forwarding of bootp/dhcp address request UDP packets fail because of encapsulation failure.
Workaround: Use Cisco IOS Release 12.0(5)T.
•
A Cisco 7500 series router with Multiprotocol Label Switching (MPLS) configured may corrupt large packets that arrive on a channelized serial interface (CT1/CE1) and then switch to a tag MPLS-enabled interface. This situation occurs during the fragmentation process of the packet. Incoming tag MPLS packets are not affected.
This situation only occurs for Route Switch Processor (RSP) switched packets. Versatile Interface Processor (VIP) distributed switching is not affected. There is no workaround.
•
The txconn subsystem has functionality that disables TCP servers whenever a session to an associated host becomes unavailable. When this condition occurs, none of the active TCP client connections to the disabled server are reset, which leaves a client connected to a disabled server.
In configurations where txconn is front-ended with Cisco DistributedDirector, this situation can prevent Cisco DistributedDirector from detecting the disabled server in a timely manner. There is no workaround.
•
Txconn may not set the security type to NAP_SAME when it receives the already verified indicator in the FMH-5 security indicator field from TXSeries client connections. TXConn assumes the wrong security type program when the security subfields contains a user ID. This situation only affects TXSeries client connections.
When TXSeries is connected to txconn as a client, any attempt to connect specifying "already verified" may fail, depending on how security is configured on the Customer Information Control System (CICS) Server Telnet Application Segment (APPL).
Workaround: When using TXSeries as a client, configure multiple virtual storage (MVS) CICS connection definitions for the router specifying no security. This workaround will allow TXSeries clients to connect.
•
If you are using SNA Switching Services in an environment where sessions traverse High Performance Routing Broadband Network (HPR-BN) connections in the CS/390 hosts, HPR session activation may fail.
Workaround: Use Intermediate Session Routing (ISR) over the BN connection instead of HPR.
•
When compression packets are process-switched on a High-Speed Serial Interface (HSSI), and the ip rtp header-compression EXEC command, the ip route-cache interface configuration command, or the ip cef global configuration command is configured on the HSSI, packets will take the process path instead of the fast path. There is no workaround.
•
When a first label switch router (LSR) is transmitting Multiprotocol Label Switching (MPLS) encapsulated IP frames to a second LSR that is removing the last label and transmitting the resultant IP frame onto an Inter-Switch Link (ISL), then IP packets less than 44 bytes will be received as cyclic redundancy check (CRC) errors. There is no workaround.
•
On Cisco 7500 series routers that are running Cisco IOS Release 12.0 T, deleting a crypto map from an interface on a Versatile Interface Processor (VIP) will disable all crypto maps on all interfaces on that VIP. There is no workaround.
•
Compressed packets cannot be fast-switched on a PA-MC-8E1 port adapter. If fast switching is enabled on a PA-MC-8E1 port adapter, the packets will only be compressed in the process path. There is no workaround
•
When socket errors occur, the H.323 process that uses the socket event may cause the application programming interface (API) to spin with 98 percent to 100 percent CPU. There is no workaround.
•
If there is a cable modem connected to another modem card and MIB walk docsIfCmtsObjects containing docsIfCmtsCmStatusTable, the Cisco uBR7246 Universal Broadband Router may appear to pause indefinitely.
Workaround: Reload the router after performing an online insertion and removal (OIR).
•
A Route Switch Module (RSM) that is running Cisco IOS Release 12.0 T and is configured for IP routing on a Token Ring VLAN with the IP directed broadcast option enabled may send out subnet broadcasts that it receives on its own subnet back to this same subnet.
Example: The RSM receives the subnet broadcast 10.10.10.255, and the RSM IP address is 10.10.10.1/24. The RSM will send back out on its own subnet a broadcast to the destination IP address 255.255.255.255, which is incorrect. On Layer 2, this frame goes to the destination MAC address ffff.ffff.ffff and is sent as an explorer on the Token Ring. The RSM should not do anything with the IP subnet broadcast as long as it is received on the interface that is directly connected to the router.
Workaround: Create an access list and disallow subnet broadcasts of the router subnet to enter the RSM.
Example:
interface vlan xxx type trbrf
ip address 10.10.10.1 255.255.255.0
ip access-group 101 in
access-list 101 deny ip any host 10.10.10.255
access-list 101 permit ip any any•
If you enter the show cable flap-list EXEC command while baseline privacy is active, the router will reload. There is no workaround.
•
If a Dependent Logical Unit (LU) Requester/Dependent LU Server (DLUR/DLUS) connection fails, downstream LU-LU sessions may be terminated on downstream devices that are configured for ANS=CONTINUE, which should not normally be affected. There is no workaround.
•
The cable source-verify dhcp cable interface configuration command does not function properly when baseline privacy interface (BPI) is active. There is no workaround.
•
A Cisco 7200VXR router may experience a situation where switched virtual circuits (SVCs) are disconnected intermittently and then recovered after 7 to 20 hours. There is no workaround.
•
If you configure a subinterface on a Cisco 2600 series router for operation, administration, and maintenance (OAM), and the permanent virtual circuit (PVC) bounces, the PVC and the interface will not come back up unless you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface. This situation does not occur if the PVC is configured without OAM. There is no workaround.
•
After you reload a Cisco router, the PPP virtual template command protocol disappears under the virtual circuit (VC) class ATM. This condition causes the PPP sessions to lose their binding with the virtual template. This situation occurs only if you have configured 'encapsulation aal5snap' in the ATM VC class, and does not occur if the VC class is configured as aal5mux. There is no workaround.
•
A Route Switch Module (RSM) may corrupt the Routing Information Field (RIF) on a Logical Link Control (LLC1) frame when running data-link switching (DLSw). There is no workaround.
•
A Route Switch Processor (RSP) that is configured with Multiprotocol over ATM (MPOA) clients may reload. There is no workaround.
•
The show interface display EXEC command may show that a Cisco 2-port High-Speed Serial Interface (HSSI) or a Cisco PA-2T3 port adapter is experiencing abnormal transmit underruns on some Versatile Interface Processors (VIPs) with fast protocol control information (PCI) transactions. There is no workaround.
•
MC16E cards may experience difficulties when you configure downstream modulations. Symptoms of the problem include ranging bursts that do not arrive upstream.
Workaround: Use the shut command and the no shut command on the interface.
This workaround adds extra physical layer (PHY) reconfiguration when you perform a hardware reset of the MAC, but this situation only occurs when a downstream PHY parameter is modified.
•
A Cisco router that is configured for Systems Network Architecture Switching Services (SNASw) may reload repeatedly until SNASw functionality is stopped. There is no workaround.
•
A memory leak may occur when the interface that is trying to send traffic by an ATM interface supports only packets (not particles) and either the cable is pulled out of ATM interface or the virtual circuit (VC) set up to transfer is in a down state. This situation does not occur during normal operation. There is no workaround.
•
Pings on a Cisco 7500 series tag-switching router that is running Cisco IOS Release 12.0 S, Cisco IOS Release 12.1, or Cisco IOS Release 12.0 ST may fail if a packet comes in as an IP packet on an ATM interface, the packet gets route-cache switched, the packet gets fragmented, and the fragments go out as tag packets through a serial interface.
Workaround: Configure distributed Cisco Express Forwarding (dCEF) on a Cisco ATM port adapter.
•
Swapping a cable line card that is not supported in a Cisco uBR7200 chassis with a supported line card several times may cause the router to reload in the routine to add a subinterface entry in the ifTable. There is no workaround.
•
Configuring a downstream channel ID on a cable interface may cause cable modems to hang up while waiting for valid channel Manufacturing Automation Protocol (MAP) messages. In this state, the cable modem termination system (CMTS) sends the MAP messages, but a stale parameter in the MAP messages causes the cable access routers to ignore these MAP messages.
Workaround: Enter the clear interface EXEC command on the CMTS after configuring the downstream channel ID. This workaround will cause the MAP messages to refresh and pick up the latest UCD change count parameter.
•
On Cisco routers that are running Cisco IOS Release 12.0(8), IP Security (IPSec) will send in the clear packets that need to be encrypted and fragmented. There is no workaround.
•
A Cisco PA-2T3 port adapter may show increasing overruns in the show interfaces EXEC output when one of the two ports is in DOWN state.
Workaround: Put the DOWN port into ADMIN SHUT state.
•
If the signal level for the macro instruction (MF) digits is too low, it will disappear before reaching the PBX. Any gain or attenuation on the voice port only affects the audio stream. The cable length parameter only adds attenuation.
Workaround: Add a configuration parameter to change the level of the signal for the MF digits.
•
Multiprotocol over ATM (MPOA) shortcuts may not check for the frame sizes being sent on them. If the frame size exceeds the maximum transmission unit (MTU) size of the egress Multiprotocol over ATM Client (MPC), egress MPC drops the packet, resulting in the loss of connectivity.
Workaround: Configure matching MTUs on either side of shortcuts (for example, all LAN Emulation Clients (LECs) that are served by ingress and egress MPCs should have the same MTU). If MTUs cannot be altered, then do not configure MPOA on both sides.
•
A resign message is not sent when the standby IP address of a Hot Standby Router Protocol (HSRP) group is unconfigured. This situation will delay the standby router taking over as the active router until the active timer expires in the standby router. This time is determined by the standby hold down time, which is 10 seconds by default. During this time, packets that are forwarded to the standby virtual address will not reach their destination.
Workaround: Lower the priority of the group to below the priority of the standby router before deconfiguring the standby IP address.
•
After an initial program load of a Dependent Logical Unit Server (DLUS) system, SNA switch DLUR routers may exhibit a "Pending Inactive" state for the DLUS as seen in the output of the show snasw dlus EXEC command.
Workaround: Stop and start the SNA switch subsystem on the router.
•
The ip rtp priority interface configuration command does not work in Cisco IOS Release 12.1(09). There is no workaround.
•
A Cisco SC2200 series signaling controller may forward the call setup signaling to a Cisco AS5800 series universal access server. When a call comes into the AS5800, the AS5800 reloads. There is no workaround.
•
A Cisco router may reload because of memory corruption when it receives a large LOCATE message from an end station. The router may reload repeatedly until the end station is stopped.
Workaround: Reduce the number of transmission group (TG) vectors reported by the end station on the LOCATE message.
•
A Cisco Catalyst 5000 may treat the link between the physical interface and the port channel interface as a multidrop link when the MAC address of members of a port channel is different from the MAC address of the port channel itself.
Workaround: Delete the members of the port channel and then add then add them back in.
•
IKE Tunnel Endpoint Discovery (TED) may fail with the following error message:
%CRYPTO-4-IKMP_BAD_MESSAGEThere is no workaround.
•
A Route Switch Processor (RSP) with an interface configured with IP Security (IPSec) crypto map and the switching mode is Cisco Express Forwarding (CEF), the RSP may reload trying to decrypt an IPSec packet. This situation is only seen when CEF switching is on. There is no workaround.
•
After a Cisco router reloads, it may remove the "service-policy output" configuration line from the serial interface. In this situation, the max-reserved-bandwidth interface configuration command is entered on this interface after the service-policy global command. Because the service-policy global command is read by the router first, the router functions as if only 75 percent of the serial interface bandwidth is available, which is the default for the max-interface-bandwidth interface configuration command. When the router is functioning at this level, the router recognizes there is not enough bandwidth for class-based weighted fair queueing (CBWFQ), and the router removes the "service-policy output" line from the configuration. If the max-interface-bandwidth interface configuration command was read by the router first, this situation would not occur because the CBWFQ configuration would be valid.
Workaround: Create a dummy subinterface off the main interface. No configuration of this subinterface is necessary and a permanent virtual connection (PVC) does not need to be assigned. However, when the router reloads, the service-policy global command under the serial interface will not be removed.
•
Received packets that have been padded by the previous hop are corrupted by the Multiprotocol Label Switching (MPLS) distributed Cisco Express Forwarding (dCEF) label imposition code and will result in IP checksum errors at their final destination or at an intermediate hop, depending on the network configuration.
Workaround: Disable dCEF globally or on a per-VIP interface basis.
•
If the service compress config is enabled, entering the show startup-config configuration command or the show config configuration command will result in memory leak. There is no workaround.
•
A Cisco 3660 router may display a duplicate name for the second BRI WAN interface card (WIC) module if it is installed in a slot that already has one BRI module. There is no workaround.
•
A Cisco router may reload while running SNA Switching (SNASw). This situation is caused by a rare condition in Dependent Logical Unit Requester (DLUR) when the links to downstream physical unit (DSPUs) are going up and down very rapidly. Under these circumstances, it is possible for DLUR to receive a DSPU_INACTIVE signal from configuration services, fail to correlate it to the appropriate physical unit (PU) CB, and then release it. The next signal received from convergence sublayer (CS) for this PU is a DSPU_ACTIVE, which DLUR is not expecting. This situation causes an invalid state error in DLUR, which leads to a reload shortly afterward. There is no workaround.
•
When configured to provide access control, the Kerberos client on Cisco products will fail all authentications when the expiration of the credential falls between January and February of a leap year.
Workaround: Choose an alternate form of authentication such as TACACS+ or RADIUS.
•
A Cisco router may reload if you enter the show cable flap-list EXEC command. The probability of the router reloading can be reduced significantly if the flap list aging time is kept at its default or set to a very high value such as 86400. Also, the probability of the router reloading is greatly increased if you leave the command output paused because of automore processing (for example, where --More-- is displayed). There is no workaround.
•
The default file system is not recognized by the delete EXEC command if only the filename is specified. The entire path of the file to be deleted (for example, delete filesystem:filename) must be included in the command line. There is no workaround.
•
A Cisco 7200 series router that is running ATM LAN emulation (LANE) with a PA-A3 port adapter may reload if a packet with invalid encapsulation is sent to the port adapter. There is no workaround.
•
Shutting down a recEive and transMit (E&M) port on a Cisco 2600 series router or a Cisco 3600 series router may result in the following error message:
%VTSP-4-FSM_BAD_EVENT: Invalid FSM Input on channel UNKNOWN: state=-1 event=8There is no workaround.
•
A Cisco router that receives a recent upstream throughput enhancement may reload under certain specific upstream configurations or timing state conditions. This situation occurs when an upstream port is configured with nondefault upstream parameters that cause a single request opportunity to span more than one minislot. A sample nondefault upstream setting that can cause this situation are as follows:
–
–
If the upstream channel is using a nondefault setting like the one described, the following timing conditions can trigger a reload:
–
–
Even if there is no console activity, the router may reload, although this situation is rare.
Workaround: Maintain all upstream parameters at default values.
•
Pinging from a Customer Edge (CE) router to its own address or using Telnet to reach the router may cause the attached Provider Edge (PE) router to reload. There is no workaround.
•
A Cisco router may reload if the show ip cef EXEC command is entered while the routing table is changing. There is no workaround.
•
On a Cisco router that is running Cisco IOS Release 12.0, a Cisco Encryption Technology (CET) encrypted packet coming in while the router is restarting may prevent encryption from working on that interface for 15 minutes.
When this situation occurs, the show crypto map privileged EXEC command will show the Connection ID as BAD, and the connection will not be listed by either the show crypto cisco connections privileged EXEC command or the show crypto engine connections active privileged EXEC command. There is no workaround.
•
A Cisco AS5800 series universal access server that is acting as a gateway may fail CODEC negotiation on G.723 calls that match VoIP dialpeer 0.
Workaround: Configure a matching VoIP dialpeer, and configure a CODEC class with the CODECs that are being used.
•
Packets that have been padded by the previous hop and then received by a Versatile Interface Processor (VIP) Ethernet, Fast Ethernet, or Gigabit Ethernet may be dropped if they are supposed to be processed by the Route Processor (RP) instead of the VIP.
Workaround: Disable distributed Cisco Express Forwarding (dCEF) on the ingress interface.
•
SNA switch currently requires an UNBIND response from the secondary logical unit (SLU) after sending it a request. Some devices do not return this response if the request is immediately followed by a DACTLU. There is no workaround.
•
Under rare circumstances, cable universal access server entries may exist on multiple interfaces if the modem is moved from one interface to another, and certain timing conditions are met. When cable bundling is used, this situation may result in loss of connectivity for the modem.
Workaround: Disconnect the cable to the modem, and then enter the clear cable modem {mac-addr} reset privileged EXEC configuration command before moving the modem to another interface.
Alternate Workaround: Disconnect the cable to the modem first, then clear the modem status with the clear cable modem {mac-addr} reset privileged EXEC configuration command before moving it to another interface.
•
A Cisco AS5800 series network access server (NAS) may experience dial-out failures, (Layer 2 goes down). The D-channel interface needs to be cleared to recover.
Workaround: Use Cisco IOS Release 12.1(1), 12.1(2), 12.1(1)T, or 12.1(2)T.
•
Traffic shaping may cause a Cisco 3640 router to reload under the following conditions:
–
–
–
There is no workaround.
•
If there is a device connected to a noncable interface on a Cisco uBR7200 series universal broadband router (uBR), and if the uBR acts as the Dynamic Host Configuration Protocol (DHCP) relay agent or as the DHCP server for the device, the system may reload when a DHCP relay is sent to it.
Workaround: Do not use a Cisco uBR7200 as a DHCP relay agent or as DHCP server for devices on noncable interfaces.
•
When a Customer Information Control System (CICS) term is forced to use ABEND on the host, the CICSB server will be disabled because the forced ABEND is interpreted as a host failure, and all connections to the server are brought down. Users that are connected to a TX Server may experience outage any time a transaction that is being run on the same server ABENDs. There is no workaround.
•
A Cisco 7200 series router that is running Cisco IOS Release 12.1 with an IPSec Service Adapter (ISA) board may reload if you enter the clear crypto sa EXEC command. There is no workaround.
•
A Common Object Module Transaction Interface (COMTI) session object may not check in the license if an exception error occurs. In this situation, the license can become exhausted, and clients cannot connect. There is no workaround.
•
Security is not functioning properly with Common Object Module Transaction Interface (COMTI) servers. Transactions that require user IDs and passwords cannot be executed through the Cisco Transaction Connection TXConn subsystem. There is no workaround.
•
Serial drivers may cause a memory leak when a reparented packet is sent. There is no workaround.
•
If you enable distributed Cisco Express Forwarding (CEF) on a Cisco 7500 series router, and there are one or more prefixes in the IP routing table with the maximum six paths, the router may reload with the following error message:
%SYS-2-CHUNKBADMAGIC: Bad magic number in chunk header...There is no workaround.
•
When you remove modem cards on a Cisco AS5800 series universal access server without updating the startup configuration before the next reload, the universal access server may encounter a software exception when the universal access server receives the first modem call and will reload unexpectedly.
Workaround: Use the write memory command to update the startup configuration before the next router reload so that the pool-range configuration command reflects the existing hardware configuration.
•
If a dynamic crypto map has multiple entries, internet key exchange (IKE) negotiation may fail with the Tunnel Endpoint Discovery (TED) peer. There is no workaround.
•
Spectrum Management task may use many CPU cycles and cause CPU utilization to increase. There is no workaround.
•
In Cisco IOS Release 12.0(7)T, there have been rare occurrences of network access server (NAS) restarts when Stack Group Bidding Protocol (SGBP) is configured. The following SGBP error message occurs in the output of the debug sgbp error command:
%SGBP-3-INVALID:MQ message with CancelThis situation occurs if PPP calls drop before the SGBP bidding process finishes. With either the multilink bundle-name both or the multilink bundle-name endpoint commands configured, the chance of occurrence increases.
Workaround: Use Cisco IOS Release 12.1(2)T or a later release.
•
DBConn TCP/IP passthru connections may cause a Cisco router to reload if the host disconnects prematurely. There is no workaround.
•
In a situation where a Customer Edge (CE) router is connected to two Provider Edge (PE) routers, if a third PE changes its selected route to the CE router, it may fail to update the Virtual Private Network (VPN) label for the route, resulting in loss of connectivity to that CE.
Workaround: Use the clear ip route command to clear the route.
•
If Cisco Express Forwarding (CEF) is not enabled and Resource Reservation Protocol (RSVP) over ATM is used, excessive switched virtual circuits (SVCs) are created. There is no workaround.
•
A Cisco uBR7200 series universal broadband router that is configured with a Cisco cable modem termination system (CMTS) is not protected against rogue cable modems that exhibit non-Data-over-Cable Service Interface Specifications (DOCSIS)-compliant behavior at initial ranging. There may be some modems on an upstream port that range with a negative timing offset. Such rogue modems can deceive the CMTS Map building code into using a large Map Advance when the dynamic Map Advance algorithm (the default) is active on each upstream port.
The result of this situation is that all the other modems on that upstream port will be unable to send data upstream to the CMTS and will go offline. The router will generate a warning log message every time a modem with bad timing offset is detected. A sample warning message is follows:
%UBR7200-5-BADTXOFFSET:Bad timing offset -10 detected for cable modem 0010.9500.0a6aWorkaround: Configure static Map Advance on each cable interface of the router by using the CMTS cable map-advance static interface configuration command on the command-line interface (CLI).
•
An R7K revision 1.X processor may ignore instructions on return from an exception. This situation does not occur in the R7K revision 2.1 processor.
Workaround: Place a synchronization instruction immediately before any errata instructions.
Novell IPX, XNS, and Apollo Domain
•
Tracebacks can occur on a Cisco Catalyst 5500 switch if the following actions are performed in quick succession:
–
–
–
–
Workaround: Remove IPX from the interface before deleting the interface.
•
A Cisco router may exhibit ALIGN-3-CORRECT and ALIGN-3-TRACE errors if it is upgraded to Cisco IOS Release 12.0(7.3)T. There is no workaround.
TCP/IP Host-Mode Services
•
A Cisco router may lose memory or reload during periods of heavy traffic while using a voice application or the gateway application. There is no workaround.
Wide-Area Networking
•
A Cisco router may experience call failure if the dialer is set to a maximum of 255 calls and the number of calls exceeds that number. There is no workaround.
•
Deconfiguring a nonprimary span in an Non-Facility Associated signaling (NFAS) group may cause the number of links that the dialer recognizes as available to the remaining rotary group to drop by too much (possibly to zero).
Workaround: Deconfigure and reconfigure the whole NFAS group.
•
Ping packets for protocols other than IP may be dropped if you configure all BRI interfaces with the isdn fast-rollover-delay 1 interface configuration command, and you are running Cisco IOS Release 12.0(6.2)T. The first several hundred ping packets pass, but then the later packets are dropped. In this situation, pings will fail even if you remove the isdn fast-rollover-delay from all BRI interfaces. You will need to reload the router. This situation occurs with IPX, AppleTalk, CLNS, DECnet, VINES, and XNS in legacy DDR, but does not occur in IP and bridging. There is no workaround.
•
A Cisco 7200VXR router may reload with a bus error because the packet-by-packet compression code is being passed packets that contain particles. There is no workaround.
•
Under rare conditions, a Multiprotocol over ATM client/Multiprotocol over ATM server (MPC/MPS) will receive a route change from the Next Hop Resolution Protocol (NHRP) side of the cloud but will not purge the affected cache entry. There is no workaround.
•
A Cisco router may experience a software-forced reload because of watchdog timeout if thousands of switched virtual circuits (SVCs) or LAN Emulation (LANE) clients are configured on a single ATM interface.
Workaround: Reduce the number of SVCs or LANE clients that are configured on the ATM interface.
•
Permanent virtual circuit (PVC) bumping does not function properly if you configure a VC that is down to be protected and then make it not protected again.
Workaround: Enter the shutdown command followed by the no shutdown command on the subinterface.
•
The dialer idle-timeout does not reset for the inbound interesting packets, for all the serial interfaces except the first interface each of which is configured with dialer idle-timeout either interface configuration command for the case when fast switching is allowed. As a result all but the first serial interface drop the call.
Workaround: Use process switching instead of fast switching in which case all serial interfaces reset idle timer as expected.
•
A Cisco router that is running Cisco IOS Release 12.0(6.5)T and later releases may experience traceback errors on interfaces where Multilink PPP encapsulation was removed before weighted fair queueing (WFQ) was added.
Workaround: Shut down the interface before issuing the no ppp multilink interface configuration command or the fair-queue interface configuration command.
•
A Cisco 7200 series router that is running Cisco IOS Release 12.0(7) may reload with a bus error at PC 0x60584578, address 0xD0D0D51. There is no workaround.
•
The Integrated Local Management Interface (ILMI) on a Cisco router may respond with the invalid value 0 instead of noSuchName when the interface is queried by the peer switch ILMI on ILMI MIB objects atmfAtmLayerIlmiVersion and atmfAtmLayerNniSigVersion. There is no workaround.
•
Removal of the RLM GROUP from configuration will cause the serial interface to be removed. There is no workaround.
•
The frame-relay de-group 1 local-dlci interface configuration command may disappear from the running configuration and stop working for the referenced data-link connection identifier (DLCI) if you configure the frame-relay inverse-arp interface configuration command and the corresponding permanent virtual connection (PVC) status changes to Inactive or Deleted.
Workaround: Use the static frame-relay map interface configuration command and reference the same DLCI that is used for the frame-relay de-group 1 local-dlci interface configuration command.
•
A Cisco router that is running Cisco IOS Release 12.0(7)S and supports a large number of ISDN PRIs may reload because of low memory. There is no workaround.
•
Set asynchronous balanced mode extended (SABME) commands may be ignored by a Cisco AS5300 series universal access server for extended periods of time after a link failure. When the debug isdn event or debug isdn q931 commands are enabled, a "Syncing discards" message will be displayed for each SABME. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.0 or later releases may reload because of a bus error at the symbol dialer_clear_map. There is no workaround.
•
A Cisco 7206 router that is running Cisco IOS Release 12.0(8.0.1)T may experience a software-forced reload. There is no workaround.
•
A Cisco AS5300 series universal access server with no service align detect configured will reload if you enter the no pri-group command on a controller that has no pri-group configuration.
Workaround: Enable service align detect in configuration mode. This will prevent the reload, but may result in an error message for accessing invalid memory.
•
If you are running SNA switching with a Fast Ethernet connection to the host, the connection will function normally until an UNBIND is sent at the end of the user session. The UNBIND rsp is sent to the non-canonical (Token Ring format) MAC address; it is not recognized by the CIP, and the Logical Link Control (LLC) session pauses indefinitely.
Workaround: Use a MAC address that bit-swaps back to itself (such as 0000.6666.6666).
•
On a Cisco 804 router that is running Cisco IOS Release 12.0(5)T or Cisco IOS Release 12.0(6.4)T, the IP image may reload with a memory protection violation if you try to load a web page through ISDN. In this situation, the router displays the following trace message:
WARNING! Illegal read access
Memory Protection Violation: epc =0x001A4098, location of fault eva =0x00000???, read fault address error=0x00000082, illegal address pti =0x00000000 pte =0xFFFFF100
Memory Protection Violation: epc =0x001A417C, location of fault eva =0x00000???, write fault address error=0x00000080, illegal address pti =0x00000000 pte =0x02102100There is no workaround.
•
A Cisco router may reload when initiating a mnemonic connection that is defined by an X.25 hostname address and optional call user data (CUD).
Workaround: Precede the name with a pad EXEC command before initiating the outgoing mnemonic connection. For example, if an X.25 host name "amble" is defined by the x25 host amble 12345 cud go global command, use the pad amble EXEC command instead of the one-word mnemonic name "amble".
•
If the Layer 2 link is lost while using X.25 over D channel, a Cisco router will attempt to reestablish the link by using the terminal endpoint identifier (TEI) value of B channel. The router will need to be reloaded to reestablish the X.25 connection. There is no workaround.
•
When X.25 over TCP (XOT) connects X.25 links that are configured for modulo 128, the packet assembler/disassembler (PAD) session will pause indefinitely. In this situation, entering the show x25 vc EXEC command will return a "Window is closed" message. There is no workaround.
•
A Cisco 7500 series router with a VIP2-50 Versatile Interface Processor and a PA-A3 port adapter does not react to available bit rate (ABR) explicit rate (ER) congestion marking. The output rate of an ABR connection does not decrease after receiving a resource management (RM) cell with the ER field value lower than the commitment, concurrency, and recovery (CCR) value. There is no workaround.
•
In a large-scale dial-out environment, the convergence of the routing protocol may not redistribute the host routes quickly enough, which results in both an incoming and an outgoing connection on different platforms to the same destination. There is no workaround.
•
Timer data structures used by the dialer component may become corrupted. The corruption may occur because of operator-initiated actions that involve the removal of the dialer function on an interface. Examples of these actions would be configuring leased-line BRI, or entering the no dialer in-band interface configuration command. The symptom may not occur for days or weeks after the operator action that caused it. Because of this condition, these actions should be avoided. There is no workaround.
•
On a Cisco router with dialer profiles, dialer load-threshold, and no multilink, an overload call may not be done even though the load threshold is exceeded. This situation occurs when an incoming call is received with a particular caller ID but there is no dialer string configured with the same phone number.
Workaround: Initiate first and overload calls from the same router.
•
A Cisco router that is running Cisco IOS Release 12.0(8) and is configured with a LAN Extender (LEX) interface may display any of the following error messages:
%LINK-2-INTVULN: In critical region with interrupt level=0, intfc=Lex0
-Process= "RIP Send", ipl= 0, pid= 73
-Traceback= 1A2006 66872 1A697A 22F1E4 22E924 22EAC0 380A36
%LINK-2-INTVULN:In critical region with interrupt level=0, intfc=Lex0
-Process= "IP Input", ipl= 0, pid= 12
-Traceback= 1A2006 66872 1A697A 22F1E4 224EAA 2257E0 224902 224A5C 224B80
%LINK-2-INTVULN:In critical region with interrupt level=0, intfc=Lex0
-Process= "ARP Input", ipl= 0, pid= 7
-Traceback= 1A2006 66872 1A697A 1FE4AC 2398C4 239E80 1FE6DThere is no workaround.
•
A NAS may send incorrect RADIUS accounting packets to the RADIUS server when a Virtual Private Dialup Network (VPDN) is enabled. In this situation, the acct-input-octets value is always -1. There is no workaround.
•
If a dialer profile (with multiple BRIs in pool) is configured with a very low load threshold value using the dialer load-threshold command and if Multilink PPP is also configured, then all the channels except the B channels on one BRI are not disconnected. This situation may cause the B channels in the pool to flap and could also result in the failure of subsequent pings to the same link.
Workaround: Raise the load threshold to a higher value.
•
When using dialer profiles, the dialer state could get stuck in the call pending state. In this situation, outgoing ISDN calls can no longer be initiated.
Workaround: Reload the router.
•
Under certain conditions, the frame-relay inverse-arp command does not function properly for IPX, Novell, DECnet, and VINES for multipoint interfaces. This situation is more likely to occur when IP is running on the interface.
Workaround: Create a static map for IPX, DECnet, and other protocols by entering the frame-relay map interface configuration command, or change the interface from multipoint to point-to-point.
•
When you run Redundant Link Manager (RLM) and Non-Facility Associated signaling (NFAS) on a Cisco 5000 series network access server (NAS), you can see Customer Information Control System (CICS) in a state of LOCMAN because of the order that the NFAS group was configured on the controllers.
Workaround: Configure NFAS groups consecutively, starting with the first controller.
•
A Cisco 1750 router or 3660 router that is configured for voice may reload occasionally with a SegV exception or a bus error pointing to the function dequeue when the ISDN is up. There is no workaround.
•
Multilink PPP max links values may not be cleared on virtual access after disconnection. This condition will result in the value being applied to the next user of that virtual access. This situation also occurs with Multilink PPP min links and Multilink PPP load-threshold values. There is no workaround.
•
A Cisco router that is running Cisco IOS Release 12.0(5)T or later and is performing FRF.12 fragmentation on the permanent virtual connection (PVC) may alter the payload of resent frames that are originated by the router. This condition will not affect traffic that is being routed by the router, but it may affect features like data-link switching (DLSw), serial tunnel (STUN), Block Serial Tunneling (BSTUN), and Border Gateway Protocol (BGP), and traffic that consists of resent TCP packets sourced by the router.
Workaround: Disable fragmentation in the PVC.
•
When you change the maximum transmission unit (MTU) size while configuring a BRI as leased line, the IP MTU size does not automatically adapt to the new size as will normally happen on other interfaces. The IP MTU size can be configured manually, but after a read-write community string (wr) and a reload, the IP MTU values will get reset to 1500 B again. There is no workaround.
•
A Cisco router may become unresponsive if you use protocol translation to X.25. The console continuously displays the following error message:
SYS-2-INSCHED: event dismiss within schedulerThere is no workaround.
•
Termination of Multilink PPP sessions over Layer 2 Forwarding Protocol (L2FP) or Layer 2 Tunneling Protocol (L2TP) on a Cisco 7100 series router may cause the input queue to go to 76/75 on the virtual access interfaces. Traffic will then fail to pass and the output of debug vpdn {l2x-error} will display the following message:
L2X: Coalesce of packet failed.Workaround: Disable Multilink PPP.
•
A Cisco router may fail to bring up Layer 2 channels for National ISDN and 5ESS Custom switch profiles where dual terminal endpoint identifiers (TEIs) are used. There is no workaround.
•
A Cisco router that is connected to ISDN BRI lines that deactivate Layer 1 (typically done by European telcos to save power on BRI lines when no ISDN calls are active) and that use dialer interfaces (either legacy DDR or dialer profiles) will not be able to dial out.
Workaround: Remove the dialer interfaces and configure the BRI interfaces instead.
Obtaining Documentation
Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation at this URL:
http://www.cisco.com/techsupport
You can access the Cisco website at this URL:
You can access international Cisco websites at this URL:
http://www.cisco.com/public/countries_languages.shtml
Product Documentation DVD
Cisco documentation and additional literature are available in the Product Documentation DVD package, which may have shipped with your product. The Product Documentation DVD is updated regularly and may be more current than printed documentation.
The Product Documentation DVD is a comprehensive library of technical product documentation on portable media. The DVD enables you to access multiple versions of hardware and software installation, configuration, and command guides for Cisco products and to view technical documentation in HTML. With the DVD, you have access to the same documentation that is found on the Cisco website without being connected to the Internet. Certain products also have .pdf versions of the documentation available.
The Product Documentation DVD is available as a single unit or as a subscription. Registered Cisco.com users (Cisco direct customers) can order a Product Documentation DVD (product number DOC-DOCDVD=) from Cisco Marketplace at this URL:
http://www.cisco.com/go/marketplace/
Ordering Documentation
Beginning June 30, 2005, registered Cisco.com users may order Cisco documentation at the Product Documentation Store in the Cisco Marketplace at this URL:
http://www.cisco.com/go/marketplace/
Nonregistered Cisco.com users can order technical documentation from 8:00 a.m. to 5:00 p.m. (0800 to 1700) PDT by calling 1 866 463-3487 in the United States and Canada, or elsewhere by calling 011 408 519-5055. You can also order documentation by e-mail at tech-doc-store-mkpl@external.cisco.com or by fax at 1 408 519-5001 in the United States and Canada, or elsewhere at 011 408 519-5001.
Documentation Feedback
You can rate and provide feedback about Cisco technical documents by completing the online feedback form that appears with the technical documents on Cisco.com.
You can send comments about Cisco documentation to bug-doc@cisco.com.
You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883We appreciate your comments.
Cisco Product Security Overview
Cisco provides a free online Security Vulnerability Policy portal at this URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
From this site, you can perform these tasks:
•
•
•
A current list of security advisories and notices for Cisco products is available at this URL:
If you prefer to see advisories and notices as they are updated in real time, you can access a Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed from this URL:
http://www.cisco.com/en/US/products/products_psirt_rss_feed.html
Reporting Security Problems in Cisco Products
Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you might have identified a vulnerability in a Cisco product, contact PSIRT:
•
An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported. All other conditions are considered nonemergencies.
•
In an emergency, you can also reach PSIRT by telephone:
•
•
Tip
Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page at this URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
The link on this page has the current PGP key ID in use.
Obtaining Technical Assistance
Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. The Cisco Technical Support & Documentation website on Cisco.com features extensive online support resources. In addition, if you have a valid Cisco service contract, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not have a valid Cisco service contract, contact your reseller.
Cisco Technical Support & Documentation Website
The Cisco Technical Support & Documentation website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, at this URL:
http://www.cisco.com/techsupport
Access to all tools on the Cisco Technical Support & Documentation website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:
http://tools.cisco.com/RPF/register/register.do
Note
Submitting a Service Request
Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL:
http://www.cisco.com/techsupport/servicerequest
For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.
To open a service request by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447For a complete list of Cisco TAC contacts, go to this URL:
http://www.cisco.com/techsupport/contacts
Definitions of Service Request Severity
To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.
Severity 1 (S1)—Your network is "down," or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.
Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.
Severity 3 (S3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.
Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online and printed sources.
•
http://www.cisco.com/go/marketplace/
•
•
•
http://www.cisco.com/go/iqmagazine
or view the digital edition at this URL:
http://ciscoiq.texterity.com/ciscoiq/sample/
•
•
http://www.cisco.com/en/US/products/index.html
•
http://www.cisco.com/discuss/networking
•
http://www.cisco.com/en/US/learning/index.html
