Guest

Cisco IOS Software Releases 12.1 T

Cross-Platform Caveats for Cisco IOS Release 12.1 T

 Feedback

Table Of Contents

Caveats for Cisco IOS Release 12.1 T

How to Use This Document

If You Need More Information

Resolved Caveats—Cisco IOS Release 12.1(5)T19

Resolved Caveats—Cisco IOS Release 12.1(5)T18

Miscellaneous

Resolved Caveats—Cisco IOS Release 12.1(5)T17

IP Routing Protocols

Miscellaneous

TCP/IP Host-Mode Services

Resolved Caveats—Cisco IOS Release 12.1(5)T15

Resolved Caveats—Cisco IOS Release 12.1(5)T14

Resolved Caveats—Cisco IOS Release 12.1(5)T12

Resolved Caveats—Cisco IOS Release 12.1(5)T10

Resolved Caveats—Cisco IOS Release 12.1(5)T9

Resolved Caveats—Cisco IOS Release 12.1(5)T8

Resolved Caveats—Cisco IOS Release 12.1(5)T7

Resolved Caveats—Cisco IOS Release 12.1(5)T6

Resolved Caveats—Cisco IOS Release 12.1(5)T5

Resolved Caveats—Cisco IOS Release 12.1(5)T4

Resolved Caveats—Cisco IOS Release 12.1(5)T3

Resolved Caveats—Cisco IOS Release 12.1(5)T2

Open Caveats—Cisco IOS Release 12.1(5)T

Access Server

Basic System Services

EXEC and Configuration Parser

Interfaces and Bridging

IP Routing Protocols

LAT

Miscellaneous

Novell IPX, XNS, and Apollo Domain

TCP/IP Host-Mode Services

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.1(5)T

Access Server

Basic System Services

EXEC and Configuration Parser

Interfaces and Bridging

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.1(4)T

Resolved Caveats—Cisco IOS Release 12.1(3a)T8

Resolved Caveats—Cisco IOS Release 12.1(3a)T7

Resolved Caveats—Cisco IOS Release 12.1(3a)T6

Resolved Caveats—Cisco IOS Release 12.1(3)T

Access Server

Basic System Services

EXEC and Configuration Parser

Interfaces and Bridging

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.1(2)T

Basic System Services

EXEC and Configuration Parser

Interfaces and Bridging

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.1(1)T

Miscellaneous

Obtaining Documentation

Cisco.com

Product Documentation DVD

Ordering Documentation

Documentation Feedback

Notices

OpenSSL/Open SSL Project

License Issues

Cisco Product Security Overview

Reporting Security Problems in Cisco Products

Product Alerts and Field Notices

Obtaining Technical Assistance

Cisco Technical Support & Documentation Website

Submitting a Service Request

Definitions of Service Request Severity

Obtaining Additional Publications and Information


Caveats for Cisco IOS Release 12.1 T


September 25, 2006

Text Part Number 78-10764-04 Rev. V0

This document lists severity 1 and 2 caveats and select severity 3 caveats for Cisco IOS Release 12.1 T, up to and including Release 12.1(5)T19. Caveats describe unexpected behavior or defects in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious.

To improve this document, we would appreciate your comments. If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically at http://www.cisco.com/feedback.

For more information, see the "Documentation Feedback" section on page 109.

How to Use This Document

This document describes open and resolved severity 1 and 2 caveats and select severity 3 caveats:

The "Open Caveats" section lists open caveats that apply to the current release and might apply to previous releases.

The "Resolved Caveats" sections list caveats resolved in a particular release, but open in previous releases.

Within the sections the caveats are sorted by technology in alphabetical order. For example, AppleTalk caveats are listed separately from, and before, IP caveats. The caveats are also sorted alphanumerically by caveat number.

If You Need More Information

Cisco IOS software documentation can be found on the web through Cisco.com. For information on Cisco.com, see the "Obtaining Documentation" section.

For more information on caveats and features in Cisco IOS Release 12.1 T, see the following sources:

Dictionary of Internetworking Terms and Acronyms—The Dictionary of Internetworking Terms and Acronyms contains definitions of acronyms that are not defined in this caveats document.

Bug Toolkit—If you have an account on Cisco.com, you can also use the Bug Toolkit to find select caveats of any severity. To reach the Bug Toolkit, log in to Cisco.com and click Service & Support: Software Center: Cisco IOS Software: BUG TOOLKIT. Another option is to go to http://www.cisco.com/pcgi-bin/Support/Bugtool/launch_bugtool.pl.

Cisco IOS Release 12.1 T platform-specific release notes—These release notes describe new features and significant software components for Cisco IOS Release 12.1 T.

What's New for IOS—What's New for IOS lists recently posted Cisco IOS software releases and software releases that have been removed from Cisco.com. If you have an account on Cisco.com, you can access What's New for IOS at http://www.cisco.com/public/sw-center/sw-ios.shtml or by logging in and selecting Software Center: Cisco IOS Software: What's New for IOS.


Note Release notes are modified only on an as-needed basis. The maintenance release number and the revision date represent the last time the release notes were modified to include new or updated information. For example, release notes are modified whenever any of the following items change: software or hardware features, feature sets, memory requirements, software deferrals for the platform, microcode or modem code, or related documents.


The following table lists the most recent release notes when this caveats document was published:

Release Notes
Cisco IOS Release
Revision Date

Release Notes for Cisco IOS Release 12.1

Release 12.1(5)T

October 30, 2000

Release Notes for Cisco 800 Series Routers for Cisco IOS Release 12.1 T

Release 12.1(5)T

November 27, 2000

Release Notes for Cisco 1000 Series Routers for Cisco IOS Release 12.1 T

Release 12.1(2)T

May 22, 2000

Release Notes for Cisco 1400 Series Routers for Cisco IOS Release 12.1 T

Release 12.1(5)T

November 27, 2000

Release Notes for Cisco 1600 Series Routers for Cisco IOS Release 12.1 T

Release 12.1(5)T

November 27, 2000

Release Notes for Cisco 1700 Series Routers for Cisco IOS Release 12.1 T

Release 12.1(5)T

November 27, 2000

Release Notes for Cisco 2500 Series Routers for Cisco IOS Release 12.1 T

Release 12.1(5)T

November 27, 2000

Release Notes for Cisco 2600 Series for Cisco IOS Release 12.1 T

Release 12.1(5)T

November 27, 2000

Release Notes for Cisco 3600 Series for Cisco IOS Release 12.1 T

Release 12.1(5)T

November 27, 2000

Release Notes for Cisco 4000 Series for Cisco IOS Release 12.1 T

Release 12.1(5)T

November 27, 2000

Release Notes for Cisco 4500 Series for Cisco IOS Release 12.1 T

Release 12.1(5)T

November 27, 2000

Release Notes for Cisco 7000 Family for Cisco IOS Release 12.1 T

Release 12.1(5)T

November 27, 2000

Release Notes for Cisco AS5200 Universal Access Servers for Cisco IOS Release 12.1 T

Release 12.1(5)T

November 27, 2000

Release Notes for Cisco AS5300 Universal Access Servers for Cisco IOS Release 12.1 T

Release 12.1(5)T

November 27, 2000

Release Notes for Cisco AS5400 Universal Access Servers for Cisco IOS Release 12.1 T

Release 12.1(5)T

November 27, 2000

Release Notes for Cisco AS5800 Universal Access Servers for Cisco IOS Release 12.1 T

Release 12.1(5)T

November 27, 2000

Release Notes for Cisco MC3810 for Cisco IOS Release 12.1 T

Release 12.1(5)T

November 27, 2000

Release Notes for Cisco uBR910 Series for Cisco IOS Release 12.1 T

Release 12.1(5)T

November 27, 2000

Release Notes for Cisco uBR924 Series for Cisco IOS Release 12.1 T

Release 12.1(5)T

November 27, 2000

Release Notes for Cisco uBR7200 Series for Cisco IOS Release 12.1 T

Release 12.1(5)T

November 27, 2000

Release Notes for the Cisco ICS 7750 for Cisco IOS Release 12.1 T

Release 12.1(5)T

November 27, 2000

Release Notes for Catalyst 4000 Access Gateway Module

Release 12.1(5)T

November 27, 2000


Resolved Caveats—Cisco IOS Release 12.1(5)T19

Cisco IOS Release 12.1(5)T19 is a rebuild release for Cisco IOS Release 12.1(5)T. The caveats in this section are resolved in Cisco IOS Release 12.1(5)T19 but may be open in previous Cisco IOS Releases.

CSCdu53656

A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.

Cisco has made free software available to address this problem. For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.

CSCea28131

A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.

Cisco has made free software available to address this problem. For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.

Resolved Caveats—Cisco IOS Release 12.1(5)T18

Cisco IOS Release 12.1(5)T18 is a rebuild release for Cisco IOS Release 12.1(5)T. The caveats in this section are resolved in Cisco IOS Release 12.1(5)T18 but may be open in previous Cisco IOS Releases.

Miscellaneous

CSCed27956

A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.

All Cisco products which contain TCP stack are susceptible to this vulnerability.

This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.

A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.

CSCed38527

A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.

All Cisco products which contain TCP stack are susceptible to this vulnerability.

This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.

A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.

CSCed93836

A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.

All Cisco products which contain TCP stack are susceptible to this vulnerability.

This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.

A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.

CSCdz84583

A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.

All Cisco products which contain TCP stack are susceptible to this vulnerability.

This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.

A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.

Resolved Caveats—Cisco IOS Release 12.1(5)T17

Cisco IOS Release 12.1(5)T17 is a rebuild release for Cisco IOS Release 12.1(5)T. The caveats in this section are resolved in Cisco IOS Release 12.1(5)T17 but may be open in previous Cisco IOS Releases.

IP Routing Protocols

CSCdx40184

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCed28873

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

Miscellaneous

CSCdt09262

An AS5300 router configured as a Terminating Gateway (TGW) could experience high CPU utilization caused by process CCH323_CT after hours of processing calls. The CCH323_CT process will run high even after removing all the calls that are going through the TGW. No calls are able to be established at this time.

There are no known workarounds. A reload of the router is needed for the TGW to accept calls again.

CSCdt35689

Symptom: A Cisco router reloads.

Conditions: This problem occurs when the proxy receives a call and is not registered with a Gatekeeper, including situations where the registration is lost for any reason.

Workaround: There is no workaround.

CSCdw14262

Cisco Voice over IP (VoIP) gateways that are running a Cisco IOS Release 12.2(1a) IP plus image may experience a high CPU memory utilization condition at the CCH323_CT process. There is no workaround.

CSCdx76632

Symptoms: A Cisco AS5300 that is functioning as a voice gateway may reload because of an incoming bus error exception.

Conditions: This symptom is observed on a Cisco AS5300 that is running Cisco IOS Release 12.2(6d).

Workaround: There is no workaround.

CSCea19885

Symptoms: A Cisco router that has a voice feature such as H.323 enabled may reload because of a bus error at address 0xD0D0D0B.

Conditions: This symptom is observed on a Cisco 3700 series but may also occur on other routers.

Workaround: There is no workaround.

CSCea32240

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCea33065

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCea36231

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCea51030

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCea51076

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCea54851

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCeb78836

Symptoms: Cisco IOS software may cause a Cisco router to reload unexpectedly when the router receives a malformed H.225 setup message.

Conditions: This symptom is observed on a Cisco 1700 series that runs Cisco IOS Release 12.2(13c). The symptom occurs when the following debug privileged EXEC commands are enabled:

debug h225 asn1

debug h225 events

debug h225 q931

Workaround: There is no workaround.

CSCec79541

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCec87533

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCed27956

A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.

All Cisco products which contain TCP stack are susceptible to this vulnerability.

This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.

A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.

CSCed38527

A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.

All Cisco products which contain TCP stack are susceptible to this vulnerability.

This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.

A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.

CSCin56408

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

TCP/IP Host-Mode Services

CSCdt50932

When a Cisco router runs out of socket resources because of thousands of calls or connections, the system CPU utilization stays at 90 percent or more and all subsequent calls or connections are rejected. There is no workaround.

Resolved Caveats—Cisco IOS Release 12.1(5)T15

Cisco IOS Release 12.1(5)T15 is a rebuild release for Cisco IOS Release 12.1(5)T. The caveats in this section are resolved in Cisco IOS Release 12.1(5)T15 but may be open in previous Cisco IOS Releases.

CSCdz71127

Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.

Cisco has made software available, free of charge, to correct the problem.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml

CSCea02355

Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.

Cisco has made software available, free of charge, to correct the problem.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml

Resolved Caveats—Cisco IOS Release 12.1(5)T14

Cisco IOS Release 12.1(5)T14 is a rebuild release for Cisco IOS Release 12.1(5)T. The caveats in this section are resolved in Cisco IOS Release 12.1(5)T14 but may be open in previous Cisco IOS Releases.

CSCdz60229

Cisco devices which run IOS and contain support for the Secure Shell (SSH) server are vulnerable to a Denial of Service (DoS) if the SSH server is enabled on the device. A malformed SSH packet directed at the affected device can cause a reload of the device. No authentication is necessary for the packet to be received by the affected device. The SSH server in Cisco IOS is disabled by default.

Cisco will be making free software available to correct the problem as soon as possible.

The malformed packets can be generated using the SSHredder test suite from Rapid7, Inc. Workarounds are available. The Cisco PSIRT is not aware of any malicious exploitation of this vulnerability.

This advisory is available at

http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml

Resolved Caveats—Cisco IOS Release 12.1(5)T12

Cisco IOS Release 12.1(5)T12 is a rebuild release for Cisco IOS Release 12.1(5)T. The caveats in this section are resolved in Cisco IOS Release 12.1(5)T12 but may be open in previous Cisco IOS Releases.

CSCdw65903

An error can occur with management protocol processing. Please use the following URL for further information:

http://www.cisco.com/pcgi-bin/bugtool/onebug.pl?bugid=CSCdw65903

Resolved Caveats—Cisco IOS Release 12.1(5)T10

Cisco IOS Release 12.1(5)T10 is a rebuild release for Cisco IOS Release 12.1(5)T. The caveats in this section are resolved in Cisco IOS Release 12.1(5)T10 but may be open in previous Cisco IOS releases.

CSCdr93493

Some channels of a digital voice port lock up in the EM_PARK state after a period of normal operation. The output of the show voice call [summary] privileged EXEC command shows that the channel is in the EM_PARK state. The output of the show voice port [summary] privileged EXEC command shows that the channel operation status is up while in_status and out_status are in idle.

Workaround: Reload the system.

CSCds43851

When a Cisco router is configured as an autonomous system boundary router (ASBR) in an interprovider virtual private network (VPN) configuration, it does not reinstall external Border gateway Protocol (EBGP) VPN-IPv4 (vpnv4) neighbor routes after the routes are cleaned using the clear ip route EXEC command.

Workaround: Restart the session to the affected neighbor with a clear ip bgp command.

CSCds55017

A DISCONNECT message may not be forwarded across a plain old telephone service (POTS) call leg. When an E1 Q Signaling (QSIG) controller is out of service, and a Cisco router receives an incoming call from a PBX, the controller does not send a DISCONNECT message to the PBX. Instead, the PBX initiates a DISCONECT message after 20 seconds with a "recovery on timer expiry" cause message. If the signaling connection is not successfully set up, H.323 does not initiate disconnect procedures. If the H.323 terminating gateway is unreachable, then a DISCONNECT message is returned with a "service or option unavailable" cause message after the H.225 connection timer expires. The cause message may prevent a PBX from rerouting the call. There is no workaround.

CSCdt41262

On a Cisco router that is running Cisco IOS Release 12.1(5)T1, when you try to add a route-map or a filter-list to the address-family Virtual Private Network (VPN) version 4 neighbor, the configuration ends up under a global Border Gateway Protocol (BGP) configuration instead.

Workaround: Disable the parser cache by entering the no parser cache global configuration command.

CSCdt56171

The terminating end of a Cisco AS5300 universal access server that is running Voice over IP (VoIP) may run out of digital signal processors (DSPs) after a prolonged period of operation. When the show vfc slot-number [technology] privileged EXEC command is entered, all DSPs are shown as connected even though there are no calls. When the show call history voice brief privileged EXEC command is entered, all calls are shown as rejected by a 0x3F cause. There is no workaround.

CSCdt90813

A Cisco router that is running Voice over IP (VoIP) may reload under stressed fax traffic conditions. There is no workaround.

CSCdu30194

A Cisco 7500 series router that is running Cisco IOS Release 12.2(0.19)T1 and has two Multiprotocol Label Switching (MPLS) ATM physical subinterfaces and an output policy enabled (on different Versatile Interface Processors [VIPs]) is able to send transit traffic to the destination via either of the ATM subinterfaces (the ATM interfaces offer alternate routes to the destination), but may experience a reload on the VIP that is brought up when the ATM subinterfaces are flapped 4 to 5 times. There is no workaround.

CSCdu49594

If a Cisco router has the same IP address configured on two interfaces where one of the interface is in shutdown state and it is configured to run a Tag Distribution Protocol (TDP)/Label Distribution Protocol (LDP) session, the peer may have TFIB entries which are untagged.

Workaround: Remove the duplicate IP address from the shutdown interface to correct the behavior.

CSCdu54507

A Cisco router may reload when the no ip cef global configuration command is entered after all bindings (Headend, Tailend, and Transit virtual circuit [VC]) are established on a Label Switch Controller (LSC). There is no workaround.

CSCdu64325

In a Multiprotocol Label Switching (MPLS)/virtual private network (VPN) inter-autonomous system (InterAS) environment, if a Cisco router is configured as a VPN-IPv4 (vpnv4) Autonomous System Boundary Router (ASBR) and a provider edge (PE) router at the same time and if the VPN routing/forwarding instance (VRF) is removed from the ASBR configuration, tag-switching may fail for all prefixes in the VRF that have the same route distinguisher (RD) as the VRF that was removed. This condition occurs when all the PE routers use the same route distinguished (RD) for a VRF.

Workaround: Use different RDs.

Alternate workaround: Clear the Border Gateway Protocol (BGP) sessions after disabling the VRF.

CSCdu66815

A call may be stuck in the S_CONNECT state and fail to complete the release sequence if a voice port is hung up after a call is answered but before the fax handshake is completed and before the fax has begun to be transmitted. This problem is observed in Cisco IOS Release 12.1(5)T. There is no workaround.

CSCdu76789

Tagged packets that are coming in on an Inter-Switch Link (ISL) encapsulated on a Cisco 7200 series router and going out tagged on a subinterface running ISL are dropped at the next hop due to cyclic redundancy check (CRC) errors. There is no workaround.

Resolved Caveats—Cisco IOS Release 12.1(5)T9

Cisco IOS Release 12.1(5)T9 is a rebuild release for Cisco IOS Release 12.1(5)T. The caveats in this section are resolved in Cisco IOS Release 12.1(5)T9 but may be open in previous Cisco IOS releases.

CSCdt67544

All routes in the table are cleared when the clear ip route 0.0.0.0 0.0.0.0 EXEC command is entered. The routes are cleared as if the clear ip route * command is entered. There is no workaround.

CSCdt93862

When a Hyper Text Transfer Protocol (HTTP) server is enabled and local authorization is used, it is possible, under some circumstances, to bypass the authentication and execute any command on the device. It that case, the user will be able to exercise complete control over the device. All commands will be executed with the highest privilege (level 15).

All releases of Cisco IOS® software, starting with the release 11.3 and later, are vulnerable. Virtually, all mainstream Cisco routers and switches running Cisco IOS are affected by this vulnerability.

Products that are not running Cisco IOS software are not vulnerable.

The workaround for this vulnerability is to disable HTTP server on the router or to use Terminal Access Controller Access Control System (TACACS+) or Radius for authentication.

This advisory will be posted at:

http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html

CSCdt96253

Three different Cisco product lines are susceptible to multiple vulnerabilities in the Secure Shell (SSH) protocol. These issues are inherent to the SSH protocol version 1.5, which is implemented in several Cisco product lines.

By exploiting the weakness in the SSH protocol, it is possible to insert an arbitrary commands into an established SSH session, collect information that may help in brute force key recovery, or brute force a session key.

The affected product lines are:

All devices running Cisco IOS software supporting SSH. That includes routers and switches running Cisco IOS.

Catalyst 6000 switches running CatOS.

Cisco PIX Firewall.

No other Cisco products are vulnerable.

It is possible to mitigate this vulnerability by preventing, or having a control over, interception of SSH traffic.

This advisory will be available at:

http://www.cisco.com/warp/public/707/SSH-multiple-pub.html

CSCdu10213

A Label Edge Router (LER) that is running the c7200-p-mz.122-0.18 or the rsp-pv-mz.122-0.18 image of Cisco IOS Release 12.2(18) may experience tagged virtual circuits (TVCs) that are held in the "bindwait" state if router flapping occurs on the paths from the LER to some destinations that have TVCs configured. This problem occurs even when alternate paths exist.

Workaround: Enter the shut command followed by the no shut command on the interfaces on the LER.

CSCdu15053

The tailend of a tagged virtual circuit (TVC) may remain active while the headend of a TVC becomes missing. This problem is triggered when TVCs are reestablished when better routes become available due to change of topology. The new TVCs are set up normally, but the old TVCs are not cleaned up properly. There is no workaround.

CSCdu37543

A Cisco router that is running Cisco IOS Release 12.1, 12.1 T, or 12.1 E and that is configured as a Multiprotocol Label Switching (MPLS) virtual private network (VPN) Provider Edge (PE) router using an IP loopback address of (a.b.c.d) as the Tag Distribution Protocol (TDP) router ID in a network that has additional loopbacks that share the same (a.b.c.d) IP address (which are bound to a VPN routing/forwarding [VRF] instance) may experience an uncommanded change in the TDP router ID on the router when an additional loopback interface is shut down or deleted. This problem may interrupt MPLS traffic in a given network.

Workaround: Avoid configuring any interfaces on an MPLS PE router that is bound to a VRF instance to share an IP address that is also used as a TDP router ID on a router in a network.

CSCdu37946

Tagged virtual circuits (TVCs) and label virtual circuits (LVCs) are created, but there is no connectivity. The problem occurs in a network that is connected to two label switch routers (LSRs). The network has a limit on the virtual channel identifier (VCI) space, but there is currently no way of limiting the VCI space used by the Tag Distribution Protocol (TDP) or the Label Distribution Protocol (LDP) in ATM or Tag-Controlled ATM (TC-ATM) interfaces. There is no workaround.

CSCdu48926

Cisco Express Forwarding (CEF) becomes disabled on a Generic Routing Encapsulation (GRE) tunnel interface when a key is configured with the tunnel key key-number interface configuration command. The tunnel interface switches to the next available switching mechanism, which is process switching (fast switching has no support for GRE tunnel options).

Workaround: To reenable CEF or fast switching on the tunnel interface, remove the tunnel key. This workaround cannot be used if a tunnel key is required with CEF switching on the GRE tunnel.

Resolved Caveats—Cisco IOS Release 12.1(5)T8

Cisco IOS Release 12.1(5)T8 is a rebuild release for Cisco IOS Release 12.1(5)T. The caveats in this section are resolved in Cisco IOS Release 12.1(5)T8 but may be open in previous Cisco IOS releases.

CSCdk53609

When Open Shortest Path First (OSPF) attempts to install more than the maximum number of parallel paths using the maximum-paths maximum router configuration command (4 by default, 6 is system maximum), OSPF and the routing table may become unsynchronized. This can cause fewer routes than are normally expected to appear in the routing table.

Workaround: Enter the clear ip route * privileged EXEC command.

CSCdr00116

A Cisco multichannel T1/E1 port adapter does not support the switching of Multiprotocol Label Switching (MPLS) packets. There is no workaround.

CSCdr17186

After the no ip router isis area-tag interface configuration command is issued on an interface, Intermediate System-to-Intermediate System (IS-IS) packets with Inter-Switch Link (ISL) encapsulation might be dropped. This is a regression of CSCdm10283.

Workaround: Disable and reenable the IS-IS routing process configuration for the interface. Enter the no ip router isis command followed by the ip router isis area-tag interface configuration command.

CSCdr17865

When headend bindings are being set up on an ATM interface that is configured for tag switching, the bindings may remain in the RetryWait state. Generally this condition occurs when there are more than 200 routes that require bindings and when the downstream Tag Distribution Protocol (TDP) neighbor is running Cisco IOS Release 12.0(10)ST, 12.0(10)ST1, or 12.0(10)ST2.

Workaround: Enter the clear ip route privileged EXEC command to force the label switch router (LSR) to try to reestablish the binding.

CSCds38712

Class-Based Weighted Fair Queueing (CBWFQ) may not correctly classify Multiprotocol Label Switching (MPLS) packets that are transmitted into an MPLS Traffic Engineering tunnel interface. There is no workaround.

CSCds42723

Cell-payload scrambling may be automatically turned off on an ATM interface when a router is reloaded even when cell-payload scrambling is enabled in the configuration. There is no workaround.

CSCds57345

A router may reload when a "match ip" criterion is added to a class-map configuration that contains the match protocol vofr class map configuration command. The router may also reload when a "match ip" criterion is added to a policy map configuration that contains the match protocol vofr class map configuration command.

Workaround: Enter the class vofr before the class ip_critical line in the policy map configuration.

policy-map foo

class vofr

priority

class ip_critical

bandwidth 50

CSCds69392

A Label Switch Router (LSR) that pushes or pops label entries onto or off of the label stack of a received Multiprotocol Label Switching (MPLS) packet that is the size of the label stack in the transmitted MPLS packet is different than the size of the label stack in the received MPLS packet. Therefore, the size of the label stack in the received MPLS packet will not perform output features based on the top-most label entry of the transmitted MPLS packet as it should. There is no workaround.

CSCds70862

Calls to a Lucent PBX may not be completed. There is no workaround.

CSCds71546

When you use the label switch controller (LSC) functionality, it is possible for transit bindings to remain in the RetryWait state if the downstream neighboring router is running Cisco IOS Release 12.0(10)ST, 12.0(10)ST1, or 12.0(10)ST2. This condition may occur when there are more than 200 routes present that require transit bindings to be established.

Workaround: Use the shut command followed by the no shut command.

CSCds75021

A Cisco 8230 router that has the Cisco WAN Manager (CWM) enabled may not be able to add interfaces or subinterfaces to the route processor module (RPM) card. The CWM is affected by this condition because the interface interface-type configuration command requires a reference to the slot number being used.

Workaround: Use a command or script that does not use the slot number in referencing an interface or subinterface. The slot number is assumed to be the slot/card that you are issuing the command to.

CSCds81756

A Cisco router that is configured for X.25 may return to ROM monitor mode because of a bus error. The following error message is logged:

SYS-2-BADSHARE

There is no workaround.

CSCdt03855

The Personal Handyphone System (PHS) Internet Access Forum Standard (PIAFS) and tag-switched path (TSP) applications may not always be informed of the RELEASE message sent by the ISDN stack. There is no workaround.

CSCdt05084

A router that is running Border Gateway Protocol (BGP) with dampening and Multiprotocol Label Switching (MPLS) and Virtual Private Network (VPN) configured may reload with a bus error in bgp_decay_penalty if there is a lot of flapping.

Workaround: Avoid using BGP dampening.

CSCdt06261

If a recursive route, for example from Border Gateway Protocol (BGP), is resolved using the default route and if a route that is more specific to the recursive prefix should subsequently be inserted into the database, Cisco Express Forwarding (CEF) may fail to reresolve the recursive route to use this new route rather than the default route. This situation may occur during route flaps in which the original route that a recursive route resolves to temporarily disappears. The recursive route is then left permanently resolved through the default route even after the original route reappears.

Workaround: Clear the recursive route using the clear ip route {network [mask]} EXEC command. This will force the rediscovery and reresolution of the recursive route.

CSCdt19792

TCP sessions cannot be initiated with an IP Security (IPSec) peer. This occurs when the server or client is a Cisco 2600 or 3600 series router that is using the following encryption hardware devices:

AIM-VPN/BP-DES/3DES VPN Encryption AIM for a Cisco 2600 router

NM-VPN/MP-DES/3DES VPN Encryption NM for a Cisco 3620 or 3640 router

AIM-VPN/HP-DES/3DES VPN Encryption AIM for a Cisco 3660 router

This condition does not occur when software encryption is used.

Workaround: TCP sessions must be run across the local (unencrypted) link.

CSCdt21758

A Cisco 7500 series router that is configured for Cisco Express Forwarding (CEF) (not distributed CEF [dCEF]) and Multiprotocol Label Switching (MPLS) may stop receiving MPLS packets on Versatile Interface Processor 2 (VIP2) modules after an online insertion and removal (OIR) event. All MPLS packets are dropped silently, and no counters are incremented. The connectivity is restored after dCEF is enabled.

Workaround: Use dCEF globally and disable it on per interface basis if needed.

CSCdt23908

Bearer-cap command-line interface (CLI) does not work for incoming calls on the telephony side. There is no workaround.

CSCdt32880

An incorrect metric may appear in the Enhanced Interior Gateway Routing Protocol (EIGRP) topology table for one or more routes after the metric value is changed on an interface. This condition may occur on routers that are running Cisco IOS Release 12.1(4.4), 12.1(4)DC, 12.1(4)DC1, 12.1(4)DB, or later releases.

Workaround: Clear all EIGRP neighbors that have provided the problematic routes using the clear ip eigrp neighbors [ip-address | interface] EXEC command. This command must be entered on the router that has the interface with the altered metric value.

CSCdt45665

Multiprotocol Label Switching (MPLS) traffic cannot be forwarded over a Generic Routing Encapsulation (GRE) tunnel. The traffic is dropped at the imposition router. There is no workaround.

CSCdt54532

A Cisco AS5000 series universal gateway that is running Cisco IOS Release 12.1(3.3)T or later may reload when Signaling System 7 (SS7)/ISDN interconnect applications are used. This problem is caused by the fix implemented for CSCdr05523. There is no workaround.

CSCdt61322

When multiple multilink PPP bundles are configured with Class-Based Weighted Fair Queueing (CBWFQ), all bundles except for the first one drop all packets under light to moderate loads. There is no workaround.

CSCdt73880

Pings may fail across Multiprotocol Label Switching (MPLS) traffic engineering (TE) tunnels when Inter-Switch Link (ISL) encapsulation is used. There is no workaround.

CSCdt92814

In Cisco IOS Release 12.1, Intermediate System-to-Intermediate System (IS-IS) routes are not redistributed into International Organization for Standardization-Interior Gateway Routing Protocol (ISO-IGRP) when redistribution is done using the route-map map-tag [[permit | deny] | [sequence-number]] global configuration command. The route map configuration in the redistribute router configuration command is lost after the router is reloaded.

Workaround: Disable the route maps.

CSCdu04555

Voice calls cannot be made from NetMeeting out of a voice BRI interface to a Cisco 2600 or 3600 series router. An incorrect bearer capability is constructed. There is no workaround.

CSCdu05811

A Cisco 2600 or 3600 series router may not properly release the second B channel of a voice BRI interface if the call is first terminated by the Voice over IP (VoIP) side of the connection. The second B channel pauses indefinitely until the device that is connected to the BRI releases the second B channel. There is no workaround.

CSCdt97911

When a Voice over IP (VoIP) call is made from the BRI interface on a Cisco 2600 or a Cisco 3600 series router that is running Cisco IOS Release 12.1(5)T6, the router sends a "disconnect cause 0x29 Temporary failure" to the remote VoIP peer even if the router receives a normal clearing (0x10) from the BRI. There is no workaround.

Resolved Caveats—Cisco IOS Release 12.1(5)T7

Cisco IOS Release 12.1(5)T7 is a rebuild release for Cisco IOS Release 12.1(5)T. The caveats in this section are resolved in Cisco IOS Release 12.1(5)T7 but may be open in previous Cisco IOS releases.

CSCds30806

In a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment, a provider edge (PE) router can log the following message:

%OSPF-4-NOTREDIST4: Database scanner: external LSA 1.0.0.1/ 32 is lost, reinstalls

every minute when it runs Open Shortest Path First (OSPF) in one of the routing/forwarding instances (VRFs) and redistributes from Border Gateway Protocol (BGP) some OSPF-originated routes received from remote PEs. Redistribution happens normally and does not affect connectivity in VRF. There is no workarournd.

CSCds37541

The slot 1 analog voice interface card (VIC) ports, for example Foreign Exchange Office (FXO), E&M, etc., of a Cisco ICS7750 Multiserve Route Processor (MRP) become unusable after issuing the show diag command. This condition happens when the VIC uses the packet voice data module (PVDM) in PVDM slot1 (the second PVDM slot). This condition also happens to the upper 8 ports of a 16-port FXS card.

Workaround: For a 2-port analog VIC, make it use the PVDM in slot 0. For example, if two 2-port FXO cards are on the MRP, plug in a PVDM-8 or higher (PVDM with 2 or more DSPs) in slot 0. There is no known problem caused by entering the show diag command for this configuration. For a 16-port FXS card, reboot the MRP.

CSCds47179

Cisco 2600/3600 series routers that are running Cisco IOS Releases 12.1(3.1)T and 12.1(3.1) PI hardware with PM-IMA network modules reload during initialization when the router is configured with IMA groups.

Workaround: Shut down all interface ATM and ATM/IMA, save the configuration and load a new image. For example:

router# show run ! interface ATM1/0 no ip address atm vc-per-vp 256 no atm ilmi-keepalive ima-group 1 clock source internal scrambling-payload impedance 120-ohm ! interface ATM1/1 no ip address atm vc-per-vp 256 no atm ilmi-keepalive ima-group 1 scrambling-payload impedance 120-ohm ! ... ! interface ATM1/IMA1 ip address 1.1.1.3 255.255.255.0 atm vc-per-vp 256 no atm ilmi-keepalive pvc ima1 66/43 protocol ip 1.1.1.2 broadcast encapsulation aal5mux ip ! !
router#conf t router(config)#interface ATM1/0 router(config-if)#shut router (config-if)#interface ATM1/1 router(config-if)#shut router(config-if) #interface ATM1/IMA1 router(config-if)#shut router(config-if)#end router#

Alternate workaround: Remove all IMA groups using the same configuration as the above example.

CSCds72170

Cisco IOS Network Address Translation (NAT) Skinny support listens on the Transmission Control Protocol (TCP) port 2000, which is used by Cisco Call Manager, to translate the embedded IP address and port information. TCP port 2000 is not a registered port, and other applications might be using the port. NAT treats this as a special port and tries to parse the packet when an application uses port 2000, which might lead to a reload. This condition affects the customers who have NAT configured on their routers. There is no workaround.

CSCds73654

A Cisco router may reload when the router queries the dialCtlPeerStatsRefuseCalls object from a Simple Network Management Protocol (SNMP) server. There is no workaround.

CSCdt14805

A Cisco 3640 router that is running Cisco IOS Release 12.1(3.0.3)PI2 or later release may enter into a loop after a reload if the exception logging size is not configured.

Workaround: Configure the exception logging size by entering the logging exception size command.

CSCdt42380

When two different switch types are configured on a Cisco AS5300 Universal Access Server and isdn service dsl command is given on either of the D channels, the router may send the wrong protocol discriminator value to the telco. For example, if 5ESS and NI switch types are configured, the protocol discriminator value for NI is 67 and for 5ESS protocol discriminator value is 3. The router may confuse the two values. The result is that router changes the state for that particular B channel, but telco does not. Telco sends calls on that channel, and a busy signal is observed by the dialin client. There is no workaround.

CSCdt44029

Rapid Transport Protocol (RTP) traffic that is running on a Cisco router may pause indefinitely when running header compression using the ip rtp header-compression command.

Workaround: Turn off header compression issuing the no ip rtp header-compression command.

CSCdt76214

A Multiprotocol Label Switching (MPLS) router might reload if it is sending traffic out on an interface configured with Inter-Switch Link (ISL) encapsulation, and the ISL is deconfigured on that interface.

Workaround: Do not deconfigure ISL. To avoid the reload while changing the encapsulation, enter the shutdown interface configuration command, change the encapsulation, and bring the interface back up by entering the no shutdown interface configuration command.

CSCdt78578

When enabling the no ip cef & no tag switching command, a Provider Edge (PE) route reflector redistributes the default route to their clients causing the receiver ready (RR) router to reload while pings are going through. There is no workaround.

CSCdt78831

The Internet Control Message Protocol (ICMP) Type 3 Code 4 "Fragmentation required but DF bit set" message is generated by a router when it realizes that a packet received on one interface is too large to be transmitted on a subsequent interface. The normal course of action would be for the router to fragment that packet into two or more pieces and send each one. However, with the DF bit set, the router cannot do this. Instead, the router sends back a "Fragmentation required but DF bit set" message to the transmitter. Ideally, the transmitter will use this message, which contains the maximum packet size that can be transmitted without fragmentation, to reduce its packet size so that unfragmented end-end communications take place. In the case of traffic sent across an Multiprotocol Label Switching (MPLS)/Virtual Private Network (VPN), an additional overhead of 8 bytes (2 labels) is imposed by the provider edge (PE) router. Hence for traffic generated from Ethernet (or default on T1 link) that is normally a maximum MTU of 1500 bytes, this is reduced to a maximum of 1492 bytes without fragmentation. So the ICMP message generated by the PE router should show 1492 bytes as the largest supportable frame size within the ICMP message. This issue was found in Cisco IOS Release 12.1(3a)T3. There is no workaround.

CSCdt95498

The Cisco IOS feature ISDN Link Access Procedure, Balanced-Terminal Adapter (LAPB-TA) is not supported on a Cisco 3620 series router. There is no workaround.

Resolved Caveats—Cisco IOS Release 12.1(5)T6

Cisco IOS Release 12.1(5)T6 is a rebuild release for Cisco IOS Release 12.1(5)T. The caveats in this section are resolved in Cisco IOS Release 12.1(5)T6 but may be open in previous Cisco IOS releases.

CSCdr89687

Revision 73-1684-01, 73-1684-02, and 73-1684-03 for the Versatile Interface Processor2-10 (VIP2-10), VIP2-15, VIP2-20, and VIP2-40 all have ROMMONs which will not boot some large Cisco IOS images. These VIPs that are revision 73-1684-04 or newer will have the newer ROMMON that can boot the larger Cisco IOS images. VIP4s are not affected.

In order to find out if the VIP2-10/15/20/40 cards are susceptible to this problem, you must be running a version of Cisco IOS that successfully loads and runs.

The show controllers cbus command can be used to show which version of ROMMON is on the card. The 17-2674-0X parts all contain SVIP ROMMON version 17.0 which fails. The 17-4327-01 parts contain SVIP ROMMON version 115.0 which functions properly. This situation does not occur with smaller images. There is no workaround.

CSCds04704

Multiprotocol Label Switching (MPLS) traffic engineering (TE) tunnels may fail to come up on slow interfaces (less than 2 megabits per second). This situation occurs because fair queueing is automatically enabled on such interfaces, which can artificially reduce the bandwidth reservable by TE tunnels.

Workaround: Disable fair-queueing on the interface by entering the no fair-queue command.

CSCds16810

On a Cisco AS5300 access server that has an 8-port T1/PRL and that is running Cisco IOS Release 12.1(2a), CPU utilization goes up to 35 percent, even when no users are dialing into the system. There is no workaround.

CSCds48844

Enabling Multilink PPP on some interfaces on a PA-MC-2T3 port adapter together with distributed Cisco Express Forwarding (dCEF) may cause tracebacks. There is no workaround.

CSCds57862

When you configure a Committed Access Rate (CAR) on a channelized interface and then remove the interface by using the E1 or T1 channel-group controller configuration command, the CAR should be unconfigured since the interface is now gone. But when you configure a different channelized interface by using the E1 or T1channel-group controller configuration command, the CAR, which is configured on the removed interface, appears in the newly created interface.

Workaround: Remove the CAR before removing the channelized interface.

CSCds57882

In a full mesh of route reflectors, one or two of the route reflectors may have a Border Gateway Protocol (BGP) table with multiple entries for the same route with multiple tags when there should only be one entry. Clients of the route reflector still receive the correct BGP information. Virtual Private Network (VPN) routing/forwarding instance (VRF) interfaces on the route reflector may get an incorrect tag. This situation has also been observed with Provider Edge (PE) routers.

Workaround: Clear the BGP session. Clearing the route fixes the tag situation but not the BGP table.

CSCds72467

The H.323 gateway may leak memory when receiving the fastStart element in more than one H.225 message. For example, if the gateway interoperates with an end-point that sends the fastStart element in call-proceeding and in alert, the memory allocated for subsequent fastStart elements from the first one will not be deallocated properly. There is no workaround.

CSCds70361

On an interface running Routing Information Protocol Version 2 (RIPv2), after you configure and unconfigure Open Shortest Path First (OSPF), the interface stops advertising any RIP update.

Workaround: A reboot without the OSPF configured restores RIP updates.

CSCds72634

When Mulitprotocol Label Switching (MPLS) is enabled on an ATM interface, a spurious access may occur if a bind response is received from a TDP/LDP neighbor for which a matching request could not be found. No catastrophic failure should occur due to this spurious access, and MPLS functionality should not be impaired. There is no workaround.

CSCds88594

On Cisco 2600 or Cisco 3600 series routers with voice BRI that are running Cisco IOS Release 12.1(2a)XH or 12.1(5)T, an inbound or outbound call may not be placed over ISDN BRI even though the B channel is available. When entering the debug isdn q931 command, the following error message is displayed:

cannot get an idle chan from chan mgt

Reloading the router will fix the problem temporarily.

Workaround: Use Cisco IOS Release 12.1(4).

CSCdt03449

When initiating a data callout on ISDN BRI and receiving the ISDN layer 3 alerting message, the ISDN call will connect, but data encapsulation (for example, PPP) will fail.

When entering the debug isdn q931 command, the following error message is displayed:

ISDN BR3/1: HOST_ALERTING: DEV_CALL_PROGRESSING: VOICE ERROR: Bearer capability not available(0x3A): bchan 0, call id 8006

Workaround: Disable the sending of alerting messages on the called peer by entering the no isdn send-alerting command on the ISDN interface.

CSCdt06780

A Cisco Catalyst 6000 series switch that is running Cisco IOS Release 12.1(4)E1 may experience network instability because of excessive Border Gateway Patrol (BGP) flapping. There is no workaround.

CSCdt18436

When Fast Ethernet gets throttled on a Cisco AS5400 Universal Access Server that is running Cisco IOS Release 12.1 T and terminating digital Multilink Point-to-Point protocol (MLPPP) calls with Layer 2 Tunnel Protocol (L2TP) Virtual Private Dialup Network (VPDN), it may remain throttled even after all the packets in the input hold queue are processed.

Workaround: Clear the Fast Ethernet interface.

CSCdt29490

On a Cisco AS5400 Universal Access Server, an ISDN PRI line that is configured and connected to a live PRI line may not come up after the router is reloaded. This occurs when the ISDN layer 2 stays down.

Workaround: Loopback on the other PRI line can sometimes allow the live line to come up.

CSCdt32774

Line cards on a Cisco 12000 series Gigabit Switch Router (GSR) that is running Cisco IOS Release 12.0(14.6)S1 with MPLS configured may reload in a stress environment. For example, when one line card with an interface on which MPLS is configured is reloaded manually, other line cards may experience a bus error.

The following message is displayed on the console or in the log:

%LCINFO-3-CRASH: Line card in slot 0 crashed

The following information is displayed by entering the show context all command:

VERSION:

GS Software (GLC1-LC-M), Version 12.0(14.6)S1, EARLY DEPLOYMENT MAINTENANCE INTE

RIM SOFTWARE

Compiled Mon 08-Jan-01 18:30 by pwade

Card Type: 4 Port Packet Over SONET OC-3c/STM-1, S/N CAB01450171

System exception: sig=10, code=0x10, context=0x40D0DEB4

System restarted by a Bus Error exception

STACK TRACE:

-Traceback= 40414900 40412A28 40414AB4 4009E4B4 4009E4A0

CONTEXT:

$0 : 00000000, AT : 00000000, v0 : 00000438, v1 : 0B0D0B0D

a0 : 42BB5544, a1 : 414E3BA8, a2 : 414E3BB0, a3 : 00000000

t0 : 00000010, t1 : 3400BF01, t2 : 34008D00, t3 : FFFF00FF

t4 : 400BF018, t5 : 00000005, t6 : 00000000, t7 : 410C79B8

s0 : 00000000, s1 : 42BB5544, s2 : 414E3BA8, s3 : 415126A0

s4 : 00000FD8, s5 : 00000152, s6 : 40414870, s7 : 414E3BA8

t8 : 00009AB0, t9 : 00000000, k0 : 41121060, k1 : 400C0FA0

gp : 40C445A0, sp : 414E3B38, s8 : 414E3BB0, ra : 40412A28

EPC : 0x40414900, SREG : 0x3400BF03, Cause : 0x00002010

ErrorEPC : 0x4023D298

-Process Traceback= No Extra Traceback

Workaround: The reload happens only where there is double recursion (for example, BGP recursive route over a static recursive route). The reload can be avoided as long as there is no static recursive route to a BGP peer.

CSCdt41623

When using a label switch controller (LSC) as an Edge Label Switch Router (LSR) in a particular configuration, some XTagATM interfaces are not operational. There are no tag distribution protocol (TDP) neighbor relationships over the XTagATM interfaces. This situation seems to only occur when there is a PA-A3 ATM port adapter being used as the Virtual Switch Interface (VSI).

Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on both sides of the XTagATM connection, and at that point all the tag relationships come back and function properly.

CSCdt42813

A Cisco AS5300 Universal Access Server that is running Cisco IOS Release 12.1(6.3) with heavy traffic and Resource Pool Manager Server (RPMS) enabled may randomly pause indefinitely. There is no workaround.

CSCdt51478

A deleted subinterface may remember its settings. These settings may reappear when the same subinterface is created again.

Workaround: Clean up all settings on a subinterface before deleting it. Delete all subinterface settings (following the above description) before deleting the main interface.

CSCdt52868

If a VPN routing/forwarding instance (VRF) routes points to a next hop that is also resolved by a recursive lookup, such as in the case of an External Border Gateway Patrol (EBGP) multihop session, a tag is incorrectly imposed over the provider edge-customer edge (PE-CE) link. Consequently, traffic does not pass.

Workaround: Change the EBGP session to use IP addresses directly rather than multihop.

CSCdt60803

A Cisco router that is configured for Tag Distribution Protocol (TDP) and operating with very little free memory may reload. There is no workaround.

Resolved Caveats—Cisco IOS Release 12.1(5)T5

Cisco IOS Release 12.1(5)T5 is a rebuild release for Cisco IOS Release 12.1(5)T. The caveats in this section are resolved in Cisco IOS Release 12.1(5)T5 but may be open in previous Cisco IOS releases.

CSCdr32579

Weighted Fair Queuing (WFQ) may block a large packet of over 1000 bytes. There is no workaround.

CSCds32217

Multiple Cisco IOS software and CatOS software releases contain several independent but related vulnerabilities involving the unexpected creation and exposure of SNMP community strings. These vulnerabilities can be exploited to permit the unauthorized viewing or modification of affected devices.

To remove the vulnerabilities, Cisco is offering free software upgrades for all affected platforms. The defects are documented in DDTS records CSCds32217, CSCds16384, CSCds19674, CSCdr59314, CSCdr61016, and CSCds49183.

In addition to specific workarounds for each vulnerability, affected systems can be protected by preventing SNMP access.

This notice will be posted at:

http://www.cisco.com/warp/public/707/ios-snmp-community-vulns-pub.shtml.

CSCds41629

A Cisco router may reload if Frame Relay is configured under some channel groups. There is no workaround.

CSCds49640

The output queue may still fill, causing packet loss and delay, even though multiple traffic classes were generated with Committed Access Rate (CAR), Priority Queuing Class-Based Weighted Fair Queuing (PQCBWFQ), FRF.12, and Frame Relay Traffic Shaping (FRTS) configured. This problem is only observed in the presence of Priority Queueing (PQ) traffic. There is no workaround.

CSCds70303

When running a Cisco SS7 Interconnect for Voice Gateways Solution configuration, the output of the show isdn status command may list all call control blocks (CCBs) for calls that are no longer active. These CCBs may accumulate over time. There is no workaround.

CSCdt30424

When unconfiguring a Frame Relay map class, a Cisco router may reload.

Workaround: Remove the configuration under the map class instead of unconfiguring the Frame Relay map class.

CSCdt31521

A Multiprotocol Label Switching (MPLS) router that has a lot of Border Gateway Protocol (BGP) routes (VPNv4 or IPv4) may experience a memory leak if the route to the BGP neighbor flaps. The memory leak is about 100 bytes per BGP route for each route flap. The leak can be detected by an unusually large consumption of memory by TFIB tag rewrites (as seen in the output of the show mem sum | i TFIB command). There is no workaround.

CSCdt34986

ATM adaptation layer 2 (AAL2) common channel signalling (CCS) d-channels do not recover if the associated voice T1/E1 interface goes down and then recovers. There is no workaround.

Resolved Caveats—Cisco IOS Release 12.1(5)T4

Cisco IOS Release 12.1(5)T4 is a rebuild release for Cisco IOS Release 12.1(5)T. The caveats in this section are resolved in Cisco IOS Release 12.1(5)T4 but may be open in previous Cisco IOS releases.

CSCdk69541

A Cisco router that is running Cisco IOS Release 12.0 S may experience a TCP timer problem and reload. This situation occurs when the router is experiencing a heavy traffic load combined with a configuration that includes a large number of TCP sessions (for example, hundreds of Border Gateway Protocol (BGP) peers). There is no workaround.

CSCdk72879

A Cisco router may experience a loop if data is sent to a non-existent network that appears to be part of the summary and the ABR that originates the summary has a default route back to the sending router. There is no workaround.

CSCds19939

Under certain conditions, the following error message is incorrectly displayed multiple times:

%RSP-3-DEVERR: Read cis from dev 1 error -6

There is no workaround.

CSCds39861

Multiprotocol Label Switching (MPLS) ATM Tag Distribution Protocol (TDP) bindings may not reestablish when TDP adjacencies flap. This situation may occur under high CPU utilization or when TDP neighbor adjacencies flap. This situation has been observed only when the TDP neighbor is running Cisco IOS Release 12.0(10)S or an earlier release. You can diagnose this problem by using the show tag-switching atm-tdp bindings privileged EXEC command. The symptoms are that the LER will have a tag ATM binding for a destination prefix while the downstream router will not. There is no workaround.

CSCds46280

You cannot use TFTP to transfer a file that is greater than 16 MB to or from a Cisco router.

Workaround: Use remote copy protocol (RCP), or use FTP to transfer the file.

CSCds47050

A Cisco Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) provider edge (PE) router that is running a Cisco IOS Release 12.1(5)T image that contains the MPLS InterProvider feature may experience a display problem where MPLS forwarding table displays entries for all the VPN routing/forwarding instance (VRF) prefixes that are learned from remote PE routers even if the user is not running InterProvider. This situation does not break any forwarding path, but it increases the MPLS forwarding table display output and may result in unnecessary memory usage on PE routers, which impacts the scalability of the MPLS VPN network. There is no workaround.

CSCds50802

When a PA-2FE port adapter is configured for distributed Cisco Express Forwarding (dCEF) and rate-limit (QoS features), the following error message is produced:

CLNS-3-BADPACKET: ISIS: LAN L2 hello, packet (1497) or wire (581) length invalid from 0010.f6fb.0128 (FastEthernet9/1/0)

Workaround: Use a PA-FE port adapter.

CSCds56717

The tag forwarding table entry for a destination should have a "Pop tag" in the outgoing tag field or a valid outgoing tag. A Cisco router with tag-switching ip enabled may experience a condition in which the outgoing tag field contains an "Untagged" entry. When the "Untagged" entry is present, traffic for the destination may be dropped.

Workaround: Perform the following actions:

Determine the next hop and the outgoing interface(s) for the destination.

Enter the no tag-switching ip command for each outgoing interface.

Wait 15-20 seconds.

Enter the tag-switching ip command for each outgoing interface.

CSCds57107

A Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) Provider Edge (PE) router that is running Cisco IOS Release 12.0(10.6)ST, 12.1(2.6), 12.1(3.1), 12.1(3.3)T, 12.1(2.3)T1, or later releases exhibits faulty behavior when forwarding customer traffic. When there are multiple paths to get to the remote PE and one of the paths to the PE goes down or comes up, traffic to all customer prefixes going over any of those multiple paths is dropped until the Cisco Express Forwarding (CEF) entries for those prefixes is reresolved (about 15 seconds). There is no workaround.

CSCds62892

A Cisco router that is acting as a Provider Edge (PE) router in a Multiprotocol Label Switching (MPLS)/Virtual Private Network (VPN) may show an incorrect tag value for some VPN routing/forwarding instance (VRF) routes. This situation breaks connectivity between the local and remote VPN networks. The problem may occasionally appear under specific timing conditions in networks with unstable (flapping) VRF links and redundant Route Reflectors (RR) that are at different geographical locations (different network connection speed). The recovery method is to use the clear ip route vrf vrf-name {ip-address} EXEC command, where vrf-name is the VRF that includes the route and the corresponding IP address.

Workaround: Use a single RR.

CSCds66035

The class drop packet counters and the post policy bit rate values are wrong when the class-based (CB) Quality of Service (QoS) MIB is used. There is no workaround.

CSCds66705

A Cisco router may not be able to use named access lists as distribute lists in Border Gateway Protocol (BGP). There is no workaround.

CSCds67623

A Cisco router that is running Resource Reservation Protocol (RSVP) with BRI interfaces will reboot if all of the following conditions are true:

RSVP was previously enabled on any BRI interface with the ip rsvp bandwidth command.

There is only one interface of any type remaining with RSVP enabled.

RSVP is disabled on the last remaining interface with the no ip rsvp bandwidth command.

There is no workaround.

CSCds69086

This situation occurs under the following conditions:

a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) network on a provider core router is adjacent to a VPN provider edge (PE) router

the address (address A in this example) of an interface on the PE that is bound to a customer VRF is also an address for a core router adjacent to the provider core router

In this situation, the output of the show tag-switching forwarding on the provider core router shows incorrect outgoing labels for some prefixes. This situation occurs specifically for prefixes in which the next hop address is address A. The output shows the label advertised by the PE for the outgoing label instead of the label advertised by the next hop router.

Workaround: Configure provider core routers so that none of the routers have addresses that are used as addresses for interfaces bound to customer VRFs on PE routers.

CSCds76418

In an Multiprotocol Label Switching (MPLS) network that uses Label Distribution Protocol (LDP) or Tag Distribution Protocol (TDP), packets that match the default route are dropped or forwarded incorrectly. This situation may occur in MPLS networks that use LDP or TDP that have routes for both 0.0.0.0/0 (default) and 0.0.0.0/n. Routers that incorrectly drop or forward these packets, the output of the show tag-switching forwarding-table privileged EXEC command shows the label advertised for 0.0.0.0/n as the outgoing label for 0.0.0.0/0.

Workaround: Prevent the use of route 0.0.0.0/n in networks that use 0.0.0.0/0 (default).

CSCds77504

A Cisco router may experience a condition where the TDP session for the subinterface disappears for no apparent reason and cannot be reestablished. This situation may occur when running TDP on an ATM point-to-point subinterface between two routers. This condition has not been reproduced.

Workaround: Entering the following sequence of commands on both routers may correct the situation:

configure terminal
interface interface-name
shut

After entering these commands, wait 10-15 seconds, then enter the no shut command.

CSCds83014

A Cisco router may experience a condition in which the output of the show tag-switching tdp neighbor command on neighbor routers show that the IP address(es) of down subinterfaces are bound to the router. In addition, the output of show tag-switching forwarding command on neighbor routers may show incorrect outgoing labels for prefixes where the next hops are one of these incorrectly bound IP addresses. This condition may occur on a router that has IP addresses that are configured for subinterfaces when running LDP or TDP. The condition may occur when the configuration of the physical interface is changed from shutdown to no shutdown if any of the subinterfaces are administratively down or if any of the subinterface line protocols remain down after the physical interface comes up.

Workaround: If the subinterface is administratively down, enter the following sequence of commands:

interface sub-interface
no shutdown
shutdown

If the subinterface is administratively up but its line protocol is down, enter the following sequence of commands:

interface sub-interface
shutdown
no shutdown

CSCds91198

After a reload, a Cisco router may not forward packets to an interface that is not running IP tag switching. Pinging from the router works, but a ping that needs to cross the router fails.

This situation occurs in topologies that include the following attributes:

a hierarchy of static recursive routes with varying mask lengths

route aggregation using the null0 interface

Workaround: Ensure that the route flaps. If the route flaps, Multiprotocol Label Switching (MPLS)/Cisco Express Forwarding (CEF) is installed correctly.

CSCdt14250

A Cisco router may fail to accept the neighbor address distribute-list [list # | list name] Border Gateway Protocol (BGP) command. There is no workaround.

CSCdt31081

ATM adaptation layer 2 (AAL2) does not switch from voice mode to voice-band-data mode (upspeed) with fax traffic. If the codec is G726 or G711, AAL2 can sustain up to 9600 baud fax traffic without the upspeed. There is no workaround.

Resolved Caveats—Cisco IOS Release 12.1(5)T3

Cisco IOS Release 12.1(5)T3 is a rebuild release for Cisco IOS Release 12.1(5)T. The caveats in this section are resolved in Cisco IOS Release 12.1(5)T3 but may be open in previous Cisco IOS releases.

CSCds51278

Cisco IOS software fails to save the no logging synchronous line configuration command when in startup configuration mode. However, after startup, Cisco IOS software saves the logging synchronous line configuration command. There is no workaround.

CSCds59529

Upon startup, a Cisco IOS unit may show a certain amount of incorrect memory and should be ignored.

Workaround: Use the output of the show memory EXEC command.

CSCds63752

Channelized T3 (CT3) modules on Cisco AS5400 series universal access servers select the T1 controller for clocking, but when using the dial-tdm-clock global configuration command to configure the time-division multiplexing clock, if T1 controller one is selected to be the master, the software selects port two.

Workaround: Configure port one to be the primary port.

CSCds73445

The show controllers t1 privileged EXEC command displays port statistics inaccurately.

There is no workaround.

CSCds76981

The Bantam Jack test port on a Cisco AS5400 series universal access server with a CT3 adapter test port does not function properly. This problem causes the test port to be unable to monitor the ongoing DS1 traffic on the wire. There is no workaround.

Resolved Caveats—Cisco IOS Release 12.1(5)T2

Cisco IOS Release 12.1(5)T2 is a rebuild release for Cisco IOS Release 12.1(5)T. The caveats in this section are resolved in Cisco IOS Release 12.1(5)T2 but might be open in previous Cisco IOS releases.

CSCds51198

If you access C: (enter the copy c:filename and the bootflash:filename commands or the dir c: command) a Cisco Route Processor Module (RPM)-PR or an RPM-B may reload. The RPM-PR reloads only when it is in boot mode, and the RPM-B may also reload when it is in boot mode. This situation may occur when you boot up the boot image as a running image. There is no workaround.

CSCds52920

In Cisco IOS Release 12.1(4.4) through Cisco IOS Release 12.1(5.2), you must set the logging source interface for "syslogging" as a temporary workaround in order for the logging source interface to work correctly on all platforms except the Cisco Integrated Communications System (ICS) 7750. On the ICS 7750, this method breaks the copy run start and write memory commands and prohibits configurations from being saved to the system database.

Workaround: Upgrade to Cisco IOS Release 12.1(5.3) or a later release. For the ICS 7750, upgrade to Cisco IOS Release 12.1(5)T2.

CSCds64610

Distributed Director (DD) will reload if you use the no form of the ip direct dfp command while DD is processing data from the Dynamic Feedback Protocol (DFP) agent or while DD is setting up or closing a DFP connection with the DFP agent.

Workaround: Wait for the TCP connection to time out rather than reusing the no form of the ip direct dfp command.

CSCds76547

Voice degradation may occur when you use G.726 codec with ATM adaptation layer 2 (AAL2) profiles that have voice activity detection (VAD) and Service ID (SID) enabled. A popping noise is heard at the beginning of talk spurts.

Workaround: Disable VAD or configure an AAL2 profile that does not use SID packets.

Open Caveats—Cisco IOS Release 12.1(5)T

This section describes possibly unexpected behavior by Cisco IOS Release 12.1(5)T. All the caveats listed in this section are open in Cisco IOS Release 12.1(5)T. This section describes severity 1 and 2 caveats and select severity 3 caveats.

Access Server

CSCdr73696

If unbundled Modem ISDN channel aggregation (MICA) firmware has been configured on a Cisco AS5800 series universal access server, the firmware is downloaded serially to each service processing element (SPE) across the AS5800. Each SPE takes about 20 seconds, so a fully populated AS5800 using MICA may take up to 30 minutes before all SPEs are available for use. There is no workaround.

CSCds33599

During abnormal behavior of modem ISDN channel aggregation (MICA), the modems recovery does not start up, which results in bad modems allocated for the call. This situation results in a low call success rate (CSR) within the system. In this situation, the modem should be marked busy out. There is no workaround.

Basic System Services

CSCdr45897

While Voice over ATM (VoATM) is running on an E1 line, the CPU usage may be high. There is no workaround.

CSCdr65350

The online insertion and removal (OIR) of line cards on a Cisco 7500 series router with a slave Route Switch Processor (RSP) present may cause the slave to reload and the master to subsequently report command timeouts when trying to communicate with the reloaded image. The performance of the router should not be affected since only the image has reloaded. There is no workaround.

CSCdr73097

Hardware compression (SA-COMP/1) on the Cisco 7200 series or Cisco 3640 router does not work properly when used with Multilink Point-to-Point Protocol (MLP). The output of the show compress EXEC command may show software compression and all fields as zero. Not all data will be affected; however, there is no way of knowing if compression is happening. There is no workaround.

CSCdr75769

A suspected memory corruption may cause the Route Switch Processor (RSP) to reload at standin routine writebus_dummy. There is no workaround.

CSCdr93541

A Cisco 7200 series router with hardware compression SA-COMP/1 running custom queues may experience several reloads while compressing packets.

Workaround: Enable FIFO queueing, disable compression or use temporary software compression.

CSCds06280

Voice over ATM (VoATM) does not carry called_oct3 and calling_oct3 fields in the setup message. There is no workaround.

CSCds13085

Cisco IOS Release 12.0(10) may experience the following reload and spurious alignments:

System was restarted by bus error at PC 0x601B72E8, address 0x40000060

There is no workaround.

CSCds57300

When the offload function is invoked using the Stack Group Bidding Protocol (SGBP), the authentication, authorization, and accounting (AAA) attribute 43 (acct-output-octets) delivers incorrect data. There is no workaround.

CSCds59923

On a Cisco AS5300 series universal access server running Cisco IOS Release 12.1(4.4)T and pre authentication with the callid if-available command configured, calls may fail if calling line ID (CLID) is not available. There is no workaround.

CSCds66035

The class drop packet counters and the post policy bit rate values are wrong when the class-based (CB) Quality of Service (QoS) MIB is used. There is no workaround.

CSCds74149

Route Switch Processor 8 (RSP8) and Versatile Interface Processor (VIP) 4-80 do not appear to work together using Cisco IOS Release 12.1(3a)T1. There is no workaround.

EXEC and Configuration Parser

CSCds55510

In Cisco IOS Release 12.1(5)T, a memory leak exists with the Route Download process. When a new route download begins, only a fraction of the memory is released, so after each successive route download, less memory is available.

Workaround: Enter the no parser cache command.

Interfaces and Bridging

CSCdr57586

An extended ping from a remote site may cause a Cisco router to reload. There is no workaround.

CSCdr94341

A Virtual Private Network (VPN) with 802.1q on a PA-FE port adapter works with Cisco Express Forwarding (CEF) but not distributed Cisco Express Forwarding (dCEF). There is no workaround.

CSCds17950

When multicast traffic is sent through Fast Ethernet Inter-Switch Link (FE/ISL) on a Cisco 7500 series router, Enhanced Interior Gateway Routing Protocol (EIGRP) routes flap despite any available best route. There is no workaround.

CSCds19830

A Cisco 7500 series router running Cisco IOS Release 12.1(2)T may experience Versatile Interface Processor (VIP) reloads due to a Translation Bridging (TLB) exception. Also, the Cisco 7500 series router disables distributed Cisco Express Forwarding (dCEF) on a line card because of a failed interprocess communication (IPC) dCEF update. There is no workaround.

CSCds42715

The 802.1q native VLAN keyword does not function properly when fast switching is enabled.

Workaround: The native VLAN keyword functions properly when the packets are process switched.

CSCds55918

IP multicast packets are not processed on a Gigabit Ethernet trunk between a Cisco 7507 router and a Cisco Catalyst 4912 switch. There is no workaround.

CSCds61723

The Multi Channel Interface Processor (MIP) in a Cisco 7500 series router running Cisco IOS Release 12.1(3a)T1 may report the following errors:

%LINK-3-UPDOWN: Interface Serial5/0:24, changed state to > down >
%CBUS-3-BADVC: MIP 5/0 got bad VC packet > FF03002B FFFF01E0 00040011 0241FFFF FFFFFFFF 04520011 02410000 0C7FA960
%LINEPROTO-5-UPDOWN: Line protocol on Interface > Serial5/0:24,n
%RSP-3-RESTART: interface Serial5/0:24, output stuck
%SYS-4-SNMP_WRITENET: SNMP WriteNet request. Writing > current 8
%RSP-3-RESTART: interface Serial5/0:24, output frozen
%RSP-3-RESTART: cbus complex

The Cisco router does not reload, but as a consequence of the cbus complex, all of the interfaces are temporarily shut down. There is no workaround.

CSCds63407

The default tx-ring-limit values on a permanent virtual circuit (PVC) basis for a PA-A3 port adapter are too large when PVC Low Latency Queuing (LLQ) is configured on that virtual circuit (VC). This situation results in a large amount of delays for voice.

Workaround: Configure the tx-ring-limit value manually on a PVC basis.

CSCds64011

After configuring 1000 virtual circuits (VCs) on a PA-A3 port adapter in a Cisco 7206 router running Cisco IOS Release 12.1(2)T and establishing those VCs with peer-to-peer networking, a reload may occur. While enabling the atm sonet stm-1 interface configuration command, the Cisco 7206 router takes more than one hour to start again.

Workaround: Disable the atm sonet stm-1 interface configuration command.

IP Routing Protocols

CSCdr23656

In Cisco IOS software that is running Multiprotocol Label Switching (MPLS) traffic engineering, a tunnel with nonzero bandwidth may be up but have no bandwidth allocated. There is no workaround.

CSCds17305

A Cisco 3600 series router may reload under certain conditions by bus error at get_link_point. There is no workaround.

CSCds42916

When running Enhanced Interior Gateway Protocol (EIGRP) in a Multiprotocol Label Switching (MPLS) network using XTagATM interfaces, a Tag Switch Controller (TSC) failed when an XTagATM interface was executed using the shut/no shut command in DSP configuration mode and then the clear ip eigrp neighbor EXEC command producing the following error messages:

SYS-2-CHUNKBOUNDSIB and SYS-2-CHUNKFREE

There is no workaround.

CSCds53686

If named Access Control Lists (ACLs) are configured in the match address statement in a route-map global configuration command, they will not be sent to the Line-Cards (LCs). This situation forces the LCs and Rendezvous Point (RP) route-maps out of sync.

Workaround: Use numbered access lists.

CSCds54722

Route Switch Processors with a Border Gateway Protocol (BGP) route running Cisco IOS Releases 12.1(4.4)PI and 12.1(4.4)T2 do not readvertise to the peer router from a UUT router when one of the UUT routers interfaces has been shut down. There is no workaround.

CSCds59109

Enhanced Interior Gateway Routing Protocol (EIGRP) forces a software reload when you have EIGRP routes learned over multiple interfaces. There is no workaround.

CSCds65407

On some Cisco platforms running Network Address Translation (NAT), an unexpected software-forced reload may occur. There is no workaround.

CSCds67532

Static routes that are updated through a gateway list type using a sequence of ip route global configuration commands, may force a Cisco router to reload while in the static_adjust_gw_list.

Workaround: Do not enable the ip route global configuration command.

CSCds67728

Unconfiguring and removing a subinterface with an IP static routing point to that interface may cause a Cisco router to reload.

Workaround: Do not unconfigure the subinterface with an IP static routing point.

LAT

CSCdr77489

A Cisco router or access server may reload while removing a local-area transport (LAT) configuration when a LAT call is up.

Workaround: Change the configuration after clearing the call.

Miscellaneous

CSCdp03254

A Cisco 3640 router may reload with a bus error at PC 0x603DFF38, address 0xAC. There is no workaround.

CSCdp36286

Voice and baseline privacy interface (BPI) will not function properly when connected to the same interface.

Workaround: Disable BPI.

CSCdp55089

Cisco 2600/3600 series routers may get a spurious access error while deconfiguring the smds dxi interface configuration command. There is no workaround.

CSCdr04830

Images before running Cisco IOS Release 12.1(3)T may hold up to 25 MB of memory.

Workaround: Upgrade to an image build in Cisco IOS Release 12.1(3)T or a later release.

CSCdr18846

If you connect a half-duplex device to Fast Ethernet on a Cisco 2600 series router that has full-duplex set and auto negotiate capability disabled, the router must be set to match the speed and duplex setting of the other device. There is no workaround.

CSCdr22141

The console of a Cisco 2600 and 3600 series router may display memory allocation errors when the network module slot is populated with one of the following network modules (and when no I/O memory size is specified in the configuration):

NM-1CT1, NM-2CT1: 1 port/2 port channelized T1/ISDN PRI NM-1CT1-CSU, NM-2CT1-CSU: 1 port/2 port channelized T1/ISDN PRI with CSU NM-1CE1U, NM-1CE2U: 1-port/2-port channelized E1/ISDN PRI Unbalanced NM-1CE1B, NM-2CE2B: 1-port/2-port channelized E1/ISDN PRI Balanced

Workaround: Specify the I/O memory size with the memory-size iomem global configuration command set as follows:

memory-size iomem 20

After the I/O memory size has been set, reload the router.

CSCdr36099

When a Real Time Streaming Protocol (RTSP) server is used to play prompts on a Cisco IP phone, only the first prompt can be heard. Subsequent prompts result in silence. There is no workaround.

CSCdr37862

Enabling the debug fax relay t30 all command does not produce the expected output. This situation affects console output only and appears in VCWare Information Release Notes for Cisco versions before 7.09, and in Cisco IOS Release 12.1(3)T. There is no workaround.

CSCdr43183

When a Route Processor Module (RPM) card is stressed with high loads, the RPM may reset itself. There is no workaround.

CSCdr45462

An ATM Voice Processing Deck or Multicast Address Resolution Server (MARS) card (NM-1A-ATMOC3-MM-1V) with a single dual T1/E1 voice/WAN interface for MARS card (VWIC-1DSU-T1 or VWIC-1DSU-E1) shows inside a "N/A" in Cisco View for the sonet Medium Table. There is no workaround.

CSCdr45850

A Cisco router may experience cable modem reloads when configuring access list number 100 or 101.

Workaround: Use other access list numbers.

CSCdr54736

A Cisco AS5400 series universal access server may experience PPP negotiation failures while running Cisco IOS Release 12.1XD images, under heavy loads. There is no workaround.

CSCdr55547

The Queue Engine-0 (QE-0) bandwidth (OC-6) is shared between slots 1 to 6, 9 to 14 and Processor Switching Module (PXM) ports. Back pressure from the QE to the Route Processor Modules (RPMs) results if the RPMs send at a higher rate than the QE can handle. The back pressure causes each card to send cells and idle-cells at a rate slower than the OC-3 rate. There is no workaround.

CSCdr75464

The test with tool command language (TCL) application session.tcl gathers Campus Switch Router (CSR) images in the high 99%, while the test clid_authen_collect yields a much lower CSR image percentile. Both scripts exercise the same Open Settlement Protocol (OSP) client code. There is no workaround.

CSCdr77777

A situation on a Cisco AS5300 series universal access server happens when codec switching (dynamically changing the audio codec after the call is established) is in use. Codec switching is used when interfacing to the uOne because announcements from the uOne are always sent using G.711. The uOne messaging server may fail because of loss of dual tone multifrequency (DTMF) input from the caller.

Workaround: Avoid the problem by provisioning the outbound dial peer on the access server as G.711 while also trying to avoid codec switching.

CSCdr80396

Once the upgrade to Cisco IOS Release 12.1(2.3)T1 has been accomplished, the connection with the RADIUS server fails after a reload.

Workaround: Change the RADIUS server in the configuration file each time the router is rebooted.

CSCdr85273

A Cisco 7200 series digital voice card running Cisco IOS Release 12.1(3.1)T, ISDN PRI enters a down state after a few minutes of use when port 0 is configured as a T-CCS trunk. There is no workaround.

CSCdr93724

Virtual Private Network (VPN) clients dial into a registration, admission, and status protocol (RAS) and receive an IP address. Then an IP Security (IPSec) Protocol session is established on a Cisco 7206 router. When the client hangs up the line, the Internet Security Association and Key Management Protocol (ISAKMP) Sale Announcement (SA) stays active until the router times out. If, however, a new client connects to the RAS and gets the same IP address from the RAS before the ISAKMP SA on the Cisco 7206 has timed out, then the ISAKMP negotiation will fail. But after that the ISAKMP SA will not time out and will stay in the router memory indefinitely, preventing all other clients that try to dial in with that IP address and fail ISAKMP negotiation. There is no workaround.

CSCdr93906

A Cisco AS5300 series universal access server accepts a token ring that should be rejected. This situation is seen with digital customer loop (DCL) Open Settlements Protocol (OSP) server only. There is no workaround.

CSCdr94685

On a Cisco router running Cisco IOS Release12.1(2)T, the agent-set control unit (ASCU) gateway may not come up because of T1 timeouts when running the Airline Line Control (ALC) protocol. This problem does not occur with Cisco IOS Release 12.0(5)T. There is no workaround.

CSCdr96047

Calls from T1 channel-associated signalling (CAS) to IP may fail with a reorder tone in certain scenarios. There is no workaround.

CSCdr96959

On a Cisco 7200VXR series router with one or more PA-2FEISL port adapters installed, throughput may be adversely affected when a Service Policy is configured by way of the service policy-map command on the Fast Ethernet ports of the PA-2FEISL.

Workaround: Do not use service policies on the Fast Ethernet interfaces.

CSCdr98240

A Cisco 3660 Router running Controller VWIC-MFT-T1 hardware is reporting the following error:

%CONTROLLER-2-FIRMWARE:

There is no workaround.

CSCdr99221

Cisco routers with a BRI U interface that run ISDN digital subscriber line (IDSL) do not have the integrated routing and bridging (IRB) feature available for Frame Relay encapsulation over IDSL.

Workaround: Bridge from the ATM interface to the Ethernet interface without IRB.

CSCds02864

The flapping of LANE interfaces with Cisco Express Forwarding (CEF) switching may cause the Cisco router to reload.

Workaround: Disable CEF on those interfaces.

CSCds03152

Configuration of certain fields under pots dial peer configuration normally results in the gateway sending a Reliability, Availability, and Serviceability (RAS) registration request with the updated information to the gatekeeper. This situation may result in a socket error with the registration requests (RRQ) not being transmitted successfully. Therefore, the gatekeeper may not be updated with e164 address changes.

Workaround: Force the gateway to send the RRQ following modifications of dial peer fields by issuing the gateway, no gateway global configuration command sequence.

CSCds05104

When you dial 1100 on a Global System for Mobile Communications (GSM) and vendor-specific phones the Voice Telephony Service Provider (VTSP) shows 11100 and the receiver dialed that is dialed up at 1100 shows 100 which are both causing the calls to fail. There is no workaround.

CSCds07100

After an online insertion and removal (OIR) of a trunk card, the trunk is sent into a null trunk state.

Workaround: Reconfigure the controller for E1-R2.

Alternate Workaround: Reload the router.

CSCds07584

A Cisco 7200 series router running Voice over Frame Relay (VoFR) in Cisco IOS Release 12.1.3aT1 experiences one-way audio between a Cisco MC3810 Multiservice Concentrator running Cisco IOS Release 12.05XK1.

Workaround: Run Cisco IOS Release 12.1.2T or earlier on the Cisco 7200 series router.

CSCds07957

A Cisco router running Cisco IOS Release 12.1 failed to route all packages with the crypto map command in interface configuration mode in the required amount of time. There is no workaround.

CSCds10015

A Cisco 7200 series router may reload with red-zone corruption when random (64-1518) byte traffic is passed. There is no workaround.

CSCds10883

A Cisco 7500 series router running Cisco IOS Release12.1(2)T with the ip rtp header-compression interface configuration command becomes linked with compression on incoming compressed packets. These packets are received correctly, but outgoing packets fail to be compressed. They are still sent and received successfully, but compression only saves half the bandwidth it should. Incoming compressed Routing Table Protocol (RTP) packets running the show ip rtp header-compression EXEC command are received correctly, but none sent. There is no workaround.

CSCds14169

An Information Resource Engineering (IRE) client has an IP Security (IPSec) tunnel established to a Cisco router. You cannot send any packets larger than 1448 bytes if the destination is on the other side of a generic routing encapsulation over IP Security (GREoIPSec) tunnel from the local router. There is no workaround.

CSCds14641

A Cisco 7206 router running Cisco IOS Release 12.1(3.4)T may reload after one day if tag switching is configured. There is no workaround.

CSCds15751

On a Cisco 3640 router running Cisco IOS Release 12.1(3a)T1, a problem with Address Resolution Protocol (ARP) table corruption occurs when routed bridge encapsulation (RBE) is configured. The Dynamic Host Configuration Protocol (DHCP) server is seen to fail by sending replies from the wrong interface and in some instances back to the loopback interface.

Workaround: Configure integrated routing and bridging (IRB) instead of RBE and allow the debug ip udp packet command to run with the no ip cef command in global configuration mode.

CSCds25209

The Multipoint Control Unit (MCU) does not reregister with the gatekeeper after powering down but remains in the gatekeeper endpoint list. There is no workaround.

CSCds25276

When you use a CT3 card and a voice feature card on a Cisco AS5800 series universal access server, egress continuity testing (COT) and ingress COT in transponder mode will result in a COT test failure, and the voice path of a different connection will be lost.

Workaround: Disable egress COT on the associated Cisco SC2200 Signalling Controller.

Alternate Workaround: Use loopback mode when performing ingress COT.

CSCds26145

The battery reversal current does not function properly on a Cisco 3660 router that is connected to the channel bank by FXO-LOOP-START. The following message is produced by the debug signaling command and the debug vpm show 3/1:1(6) command.

SEND/RESP_SIG_STATUS:state=0x4 going ON HOOK.

There is no workaround.

CSCds27577

The call switching module (CSM) takes eight seconds to ask a modem to complete a call in feature group B, configured for collecting Digital Number Identification Services (DNIS) via dual-tone modulation frequency (DTMF). There is no workaround.

CSCds29397

On a Cisco 3600 series router the ear and mouth (E&M) trunk goes off hook. Once the trunk goes off hook, it will use the first Plain Old Telephony System (POTS) dial peer pointing to this E&M port as a matched POTS before Digital Number Identification Service (DNIS) is received, even if the incoming called-number command is configured for multiple dial peers pointing to the same E&M port. There is no workaround.

CSCds30079

While upgrading from Cisco IOS Release 12.1(2)T to 12.1(3a)T1 using 3640-3640- is mz over ATM voice transmission does not work. There is no workaround.

CSCds31332

When a Route Processor Module (RPM) is being reset or reloaded all service-policy statements that are attached to subinterfaces are lost in running configuration.

Workaround: Perform a copy start command after a reset to ensure that the service-policy statements are restored.

CSCds31610

When using the Simple Network Management Protocol to poll call active record (CAR), there is a timing related problem. There is no workaround.

CSCds31647

When you use Cisco IOS Release 12.1(3a)XI2 using Cisco-proprietary codec with the fax relay feature, the fax will go through properly, but the disconnect cause will show 0x3F instead of 0x10 (normal call clearing). There is no workaround.

CSCds32432

On a Cisco 7200 series routers, calls can be established; however, Corenet is not passed transparently. There is no workaround.

CSCds32448

In Cisco IOS Release12.1(03.05)T and 12.1(03.05)PI, Cisco IOS software fails on Data Encryption Standard (DES) and 3DES. Extended Authentication (Xauth) to Cisco IOS software fails after the first rekey. There is no workaround.

CSCds33187

A Cisco AS5800 series universal access server doing channel-associated signalling (CAS) and ear and mouth (E&M) feature group-B (fgb) signalling will not report all automatic number identification (ANI) digits in the show commands. But, the debug commands show all ANI digits collected successfully. There is no workaround.

CSCds33298

On Cisco 2600 and 4700 series routers running Cisco IOS Release 12.1(04.00.02)T, when Frame Relay traffic shaping is configured in conjunction with IP header compression and fast switching, packets are not compressed. The number of compressed frames, as indicated by the show frame-relay ip rtp header-compression EXEC command, is zero.

Workaround: Use the no ip route-cache command to disable fasts witching.

CSCds33833

A Cisco router running Cisco IOS Release 12.1(3)T code configured for authentication using an external Cisco Secure ACS RADIUS server reloads.

Workaround: Take the Secure ACS offline or remove the RADIUS configuration from the router.

CSCds33883

A Cisco 7200VXR router running Cisco IOS Release 12.1(3a)E with an integrated services adapter (ISA) card with too many security associations (SAs) established may disable IP Security (IPSec) and issue the following error message:

00:10:09: ISAcard: an error coming back 104C 00:10:09: ISAcard: an error coming back 104C 00:10:09: ISAcard: an error coming back 104C 00:10:09: ISAcard: an error coming back 104C 00:10:10: ISAcard: an error coming back 104D 00:10:10: ISAKMP (0:307): Unable to generate DH phase I parameters! 00:10:11: ISAcard: an error coming back 104D 00:10:11: ISAKMP (0:307): Unable to generate DH phase I parameters!

Integrated Services Adapter (ISA) exhibits firmware problems resulting in an invalid Diffie-Hellman (DH) value or an invalid command response from the card. This happens under scalability testing. Cisco IOS Release 12.1(3a)E is the only image that has this problem.

Workaround: Use Cisco IOS Release 12.1(2)E1 or wait for Cisco IOS Release 12.1(4)E.

Alternate workaround: Reload the router.

CSCds33894

When terminating a generic routing encapsulation (GRE) tunnel on an Inter-Switch Link (ISL) -trunked 100M interface, with the tunnel endpoint on the same segment and running Cisco Express Forwarding (CEF) on that same interface, CEF breaks and the performance through the tunnel is severely degraded (less than 10 percent).

Workaround: Turn CEF off on that interface.

Alternate workaround: Configure a loopback interface to cause the tunnel source and destination to be on different networks.

CSCds34444

When traffic is distributed to 15 or more sub-Switch Interfaces running Cisco IOS Release 12.1(3)T images all with class-based weighted fair queueing (CBWFQ) enabled, packets get dropped into the wrong queue.

Workaround: Enable fewer interfaces with CBWFQ.

CSCds35001

The adaptive dejitter buffer calculates the depth too small to cope with the jitter actually seen through the network. The dejitter buffer is a buffer on the Digital Signal Processor (DSP) that copes with variable packet delivery so that voice samples can be played at a constant rate over the audio path.

The following problems are present with the dejitter buffer on the Voice Compression Module (VCM) hardware:

Performance problems in the presence of jitter

Incorrect late/early statistics field in a show voice call x/y command in privileged EXEC mode

set_playout_delay message corruption between a host and DSP

This situation was introduced in Cisco IOS Release 12.1(2.3)T1 and runs through Cisco IOS Release 12.1(3)XI.

Workaround (performance problem): Change the dejitter buffer from adaptive mode to fixed mode. This is done with the following commands under all voice-ports:

! voice-port 1/1 playout-delay maximum 220

playout-delay nominal 100 playout-delay mode fixed!

the values 220 ms and 100 ms were used for the maximum dejitter buffer depth and nominal depth. In this example these values can vary depending on the actual jitter in a network.

CSCds35103

If a Cisco 7200 or 7500 series router with an ATM-PA3 port adapter with a G125 version of microcode (as shown in the output of the show controllers atm privileged EXEC command) is connected directly to another ATM-PA3 port adapter that has an older microcode version, the older version PA may drop some valid packets. The older version PA shows the packets as input errors or giants.

If the same router is configured for Available Bit Rate (ABR) virtual circuits (VCs) with the G125 microcode version of the ATM-PA3 port adapter, some VCs may not pass traffic.

Workaround: Use the shut command followed by the no shut command on the subinterface or the main interface.

CSCds35293

When PRI configuration from a large number of controllers is removed together, the Cisco router may reload in p_dequeue() function.

Workaround: Avoid removing PRI together.

CSCds36605

On a Cisco 7500 series router, a port channel group that is mapped to a Fast Ethernet interface can cause the router to reload with an address error exception. There is no workaround.

CSCds36832

A Cisco server connects the following:

IP network--7507--isl--cat3900--end station --isl--cat3900--end station

while attempting to keep the Cisco Catalyst 3900 series attached to devices in same subnet.

Workaround: Ping from the end station to the Bridge Group Virtual Interface (BVI) IP address.

CSCds36937

A Cisco 3660 router running Cisco IOS Release 12.0T may drop fragment packets when IP Security (IPSec) over Basic Rate Interface (BRI) is configured.

Workaround: Configure the no ip route-cache command in configuration mode on the BRI.

CSCds37807

A Cisco 7200 series router is unable to make voice calls across the Frame Relay network. There is no workaround.

CSCds38055

When an operation, administration, and maintenance (OAM) F5 end to end cell is received over permanent virtual circuit (PVC) configured for data (normal operation), the Segmentation and Reassembly (SAR) component returns the same buffer descriptor twice; one on OAM status queue, the other on the data status queue of the corresponding PVC. Early packet discard (EPD) and UNDF are reported for such descriptors. There is no workaround.

CSCds38408

Routed bridge encapsulation (RBE) does not pad frames from less than 64 bytes Ethernet size to exactly 64 bytes Ethernet size if the router fast-switches the packet. But if the remote site does not pad the frame, the frame is dropped on the Ethernet as a runt.

Workaround: Turn off fast switching on the ATM interface.

CSCds39413

A Cisco 7200 series router with traffic on an outgoing ATM interface may stop forwarding traffic after a week of operation because of a memory leak. There is no workaround.

CSCds39666

When configuring CT1 channel as the serial interface on a Cisco 3662 router running Cisco IOS Releases 12.1(3a)T1, 12.1(4.0.1)T, 12.1.2T, 12.1.1aT1,with PPP encapsulation 1NM-1ATM-OC3,1 NM-2CT1-CSU and 4 NM-2W (with WIC2T*2 on each), the interface starts flapping. When the chassis and all modules are replaced, the same problem still exists.

Workaround: Unplug NM-1ATM-OC3.

CSCds40675

A Cisco AS5300 series universal access server running Cisco IOS Release12.1(3.4)T and using voice functionalities may reload because of a watchdog timeout. There is no workaround.

CSCds40865

When path maximum transmittable unit (pMTU) is enabled by end stations, the router advertises the incorrect next-hop maximum transmission unit (MTU) value in the Internet Control Message Protocol (ICMP) fragmentation needed. But the DF bit set messages if the outbound interface is using generic routing encapsulation (GRE) over IP Security (IPSec). This causes the connection to fail. There is no workaround.

CSCds42659

When there are active calls for E1-R2 signalling on the terminating gateway the gateway reloads and some controllers do not come back up.

Workaround: Enable a shut/no shut command in DSP configuration mode on the controllers OR plug and unplug the controller cables.

CSCds42660

A Cisco 2621 router running Cisco IOS Release 12.1(3)T with a large number of inspect statements in the configuration may experience a reload. There is no workaround.

CSCds42701

While a Cisco 5300 series router is connected to another Cisco 5300 series router through Voice over IP (VoIP), calls are rejected.

Workaround: Reload the router.

CSCds43349

A Cisco 2620 router will experience a software-forced reload when the following commands are cut and pasted into the configuration:

mgcp mgcp call-agent

mgcp sdp simple

mgcp ip-tos precedence 5

mgcp ip-tos high-throughput

mgcp package-capability

rtp-package

There is no workaround.

CSCds43374

On a Cisco 2600 series router running Cisco IOS Release12.1(3)aT1, the mgcp ip tos precedence 5 command is not marking the Media Gateway Control Protocol (MGCP) packets as IP precedence 5. They are still showing as precedence 0.

Workaround: Use Committed Access Rate (CAR).

CSCds44876

This condition occurs when a Cisco 7200 series router is connected to an route processor module (RPM) through Fast Ethernet. Enabling the shut DSP configuration command followed by the no form of the shut DSP configuration command on an FE controller may cause the Cisco 7200 series router to not recognize the RPM connection as seen by the command show ip interface brief.

Workaround: Reboot the RPM.

CSCds45043

On a Cisco AS5300 series universal access server running Cisco IOS Release 12.1(3)T and E1/PRI, incoming modem calls may be rejected with "Requested circuit/channel not available" messages. There is no workaround.

CSCds45545

A Cisco AS5300 series universal access server with the show controllers e1 call-counters privileged EXEC command enabled always shows zero calls and zero total duration when there are a lot of calls. There is no workaround.

CSCds47179

Cisco 2600/3600 series routers running Cisco IOS Releases 12.1(3.1)T and 12.1(3.1)PI hardware with PM-IMA network modules reloads during initialization when the router is configured with IMA-groups.

Workaround: Shut down all interface ATM and ATM/IMA and then save the configuration and load a new image.

Example: router# show run ! interface ATM1/0 no ip address atm vc-per-vp 256 no atm ilmi-keepalive ima-group 1 clock source internal scrambling-payload impedance 120-ohm ! interface ATM1/1 no ip address atm vc-per-vp 256 no atm ilmi-keepalive ima-group 1 scrambling-payload impedance 120-ohm ! ... ! interface ATM1/IMA1 ip address 1.1.1.3 255.255.255.0 atm vc-per-vp 256 no atm ilmi-keepalive pvc ima1 66/43 protocol ip 1.1.1.2 broadcast encapsulation aal5mux ip ! !

router#conf t router(config)#interface ATM1/0 router(config-if)#shut router(config-if)#interface ATM1/1 router(config-if)#shut router(config-if)#interface ATM1/IMA1 router(config-if)#shut router(config-if)#end router#

Alternate workaround: Remove all IMA-groups using the same configuration as the above example.

CSCds47392

When calling from phone A to phone B, B does not answer. But phone B continues to ring even after phone A has been disconnected. There is no workaround.

CSCds48814

Routing Table Protocol (RTP) header compression may cause the router to reload. There is no workaround.

CSCds48828

A Cisco 2500 series router configured with Fast Sequence Transport reloads when traffic is sent over remote source-route bridging (RSRB). There is no workaround.

CSCds49272

On the originating Cisco gateway, some digital signal processors (DSPs) are not released after stress testing. There is no workaround.

CSCds50507

The modem may get stuck in the "download" state after issuing the clear spe command.

Workaround: Recover the modems that are stuck in "download" state and use the hw-module privileged EXEC console command while reloading the corresponding modem cards.

CSCds50791

When using the 24th channel on a T1 and multilink with maximum calls set to 2 in the SS7 solution, calls will not complete with Password Authentication Protocol (PAP) authentication while running Cisco IOS Release 12.1(4)T. There is no workaround.

CSCds50811

There is a voice quality issue between Cisco 1750 routers running Cisco IOS Release 12.1(4.4)T through ISDN BRI in which the voice is choppy. Rapid Transport Protocol (RTP) error counters received are increased. There is no workaround.

CSCds51115

On a Cisco 7200 series router when the debug tag-switching packets command is issued the router does not forward the switching packets.

Workaround: Issue the no form of the debug tag-switching packets command.

CSCds51190

On a Cisco AS5300 series universal access server running Cisco IOS Release 12.1(5)T in a Cisco SS7 Interconnect for Voice Gateways Solution environment, when the Redundant Link Manager (RLM) is shut down, the show call resource voice stats privileged EXEC command incorrectly shows the B channels as available when there is no availability. This results in the Cisco gatekeeper forwarding calls to the Cisco gateway even though there are no free channels. There is no workaround.

CSCds51328

If a Cisco 804 router is running Cisco IOS Release 12.1(3)T, ISDN Layer 2 gets lost and the router will have to be reloaded to recover. There is no workaround.

CSCds51515

On a Cisco AS5300 series universal access server with network access server (NAS) running Cisco IOS Release 12.1(3a)XI2, call statistics may be incorrectly reflected in the Resource Monitor.

Workaround: Enable the show call resource voice statistics command in privileged EXEC mode from the router prompt.

CSCds52536

An incorrect notification of the released call for a given channel is given to the resource management (RM). RM was unable to authenticate the call again on the same channel resulting in no call being possible on that channel. There is no workaround.

CSCds52995

Secure Shell (SSH) fails to login using a local username and password combination if the Cisco router has already gone to a RADIUS server to try to verify the same user ID, and that server is unavailable for whatever reason. There is no workaround.

CSCds53022

Hairpinning for data calls will only work on the first T1 span of a Non-Facility Associated Signalling (NFAS) group. This situation does not occur when a voice card is added to the Cisco 5800 series router. There is no workaround.

CSCds54749

During X.25 over D-channel testing while running Cisco IOS Release 12.1(4.4)T2, ISDN BRI Layer 2 gets stuck ESTABLISH_AWAITIMG_TEI state even though Layer 2 is not activated.

Workaround: Clear the ISDN BRI interface.

CSCds55000

The Q signalling call is prematurely disconnected during hold. There is no workaround.

CSCds55561

When an ISDN modem call is disconnected on a Cisco 5400 series universal access server, the next port indication to Call tracker is delayed compared to running the call on a call switching module (CSM). There is no workaround.

CSCds57063

The network access server (NAS) receives the following error:

*Oct 25 07:34:10.203: %ISDN-4-ISDN_UNEXPECTED_EVENT: isdn_callback_from_rm: no e ntry: Occurred at ../isdn/isdnintrfc.c:14046

terminating the incoming call but still sends a message to the Resource Pool Manager Servers (RPMS) indicating that the resource was connected. This situation causes issues when correctly allocating resources on the RPMS side. There is no workaround.

CSCds57407

On Cisco 5300 series universal access servers running Cisco IOS Release 12.1(3)T with pre authentication and channel-associated signalling (CAS), callers may get dead air instead of a busy signal if pre authentication fails. There is no workaround.

CSCds57642

When configuring PPP over ATM on a PA-8T1IMA port adapter, high output drops onto the interface and negotiation of the link control protocol (LCP) are difficult. Debugs show incoming CONFREQs and outgoing CONFREQs and CONFACKs. There is no workaround.

CSCds57854

When Non-Facility Associated Signalling (NFAS) is configured on a Cisco AS5800 series universal access server, all of the B channels of the primary interface may present a busy signal. Calls coming to the B channels from the other interfaces of the same NFAS group may be disconnected as well. There is no workaround.

CSCds58049

While running a Cisco AS5300 series universal access server with a GRIC OSP server, with token signing and Secure Socket Layer (SSL) enabled, the server response to the call authorization request seems slow and causes some digital signal processor (DSP) backup on the router. There is no workaround.

CSCds58116

When using is-mz.capa3 images on a Cisco 5300 series universal access server with PRI, the show controllers e1 call-counters privileged EXEC command shows the wrong active calls.

Workaround: Enable the show isdn status command and the show call application voice command in privileged EXEC mode to show the correct active calls.

CSCds58762

Overlap signalling may fail on Cisco 3600 series routers running Cisco IOS Release 12.1(4.4)T and Cisco 2600 series routers running Cisco IOS Release 12.1(4.4)T2 when a terminating Cisco gateway has a fixed-length destination pattern shorter than the called number. There is no workaround.

CSCds58835

A Cisco 5300 series original gateway access server running Cisco IOS Release 12.1(4.4)T2 with is-mz.capa3 images and a Cisco 5300 series gateway access server running Cisco IOS Release 12.0 (7) T with is-mz. images reject phone calls between the two access servers.

Workaround: Reload both gateways.

CSCds59006

A Cisco 7200 series router running Multiprotocol Label Switching (MPLS) and Multilink PPP between the provider edge (PE) and the Content Engine (CE) and the Low Latency Queueing (PQ CBWFQ) may experience matched packets in a strict priority queue where items are double counted up. There is no workaround.

CSCds59117

Multiprotocol Label Switching (MPLS) and Multilink PPP between the provider edge (PE) routers and the Content Engine (CE) on a Cisco 7200 series router do not work if the no version of the ip route-cache cef command in interface configuration mode is enabled. Incoming packets into the Multilink interface are not forwarded and a condition occurs within the switching path. There is no workaround.

CSCds60793

A Cisco 5300 series universal access server running Multilink PPP between Multiprotocol Label Switching/Virtual Private Network (MPLS/VPN) provider edge (PE) and Content Engine (CE) devices does not work when only one link is up.

Workaround: Run Multilink PPP with both links up.

CSCds61826

Some Cisco AS5300 series gateway universal access servers running images in Cisco IOS Release 12.1(4.4)T2 reload with the following error message:

System returned to ROM by bus error at PC 0x6035A72C

There is no workaround.

CSCds61901

When Multiprotocol Label Switching (MPLS) packets are received by a PA-A3 port adapter interface, input features that attempt to match on the MPLS Experimental Field in the MPLS header will not match. The input features affected include:

Rate limiting on an MPLS rate-limit access list

Matching on the MPLS Experimental field within the Modular Quality of Service (QoS) command-line interface (CLI).

There is no workaround.

CSCds62602

On a Versatile Interface Processor (VIP), the following images fail to load:

rsp-a3jsv56i-mz.121-4.4.T2

rsp-isv56i-mz.121-4.4.T2

rsp-jo3sv56i-mz.121-4.4.T2

rsp-do3sv56i-mz.121-4.4.T2

rsp-dsv56i-mz.121-4.4.T2

rsp-jsv56i-mz.121-4.4.T2

rsp-io3sv56i-mz.121-4.4.T2

rsp-jo3sv-mz.121-4.4.T2

rsp-do3sv-mz.121-4.4.T2

rsp-io3sv-mz.121-4.4.T2

rsp-a3jsv-mz.121-4.4.T2

There is no workaround.

CSCds62732

A Cisco voice gateway running interactive voice response (IVR) and using the ivr autoload command in global configuration mode to preload prompts may cause the gateway to reload.

Workaround: Do not use the ivr autoload command in global configuration mode to preload prompts. This may have an impact on IVR prompt response time.

CSCds62832

When receiving a dial tone from the Public Switched Telephone Network (PSTN) switch type basic net3 in Denmark, the tone is extremely loud, and when attempting to dial digits using dual tone multifrequency (DTMF) tones, the tones are distorted and not sent out to the PSTN switch. There is no workaround.

CSCds62852

An H323 gateway may leak memory allocated for tokens received from Advanced Communications Function (ACF) under the condition that the gatekeeper provides tokens but the security in the gateway is disabled.

Workaround: Ensure that the proper security is configured in the gateway, or disable the tokens from the gatekeeper.

CSCds62893

A Cisco 7206VXR experiences random reloads with the following error:

bus error at vnm_dsprm_tdm_info_null

There is no workaround.

CSCds63993

A race condition may occur that may cause H323 call control block (CCB) to be left dangling when alternate endpoints are attempted. This situation can be detected in the output of the show call active voice command, which will show the IP leg call in the active state when there is no active call. The race condition may occur when attempting to establish a TCP connection to the primary end-point is not successful and the TCP connection is sent to an alternate endpoint. If the call is released from the Public Switched Telephone Network (PSTN) just before the TCP connection establishing a successful event from the alternate endpoint, the IP for this call is left dangling. The end result could be a leak in CCBs. There is no workaround.

CSCds64032

A Cisco AS5300 series universal access server with four originating gateways all running Cisco IOS Release 12.1(4.4)T2 with is-mz.capa3 images has a reload on one gateway with a bus error after running three days. There is no workaround.

CSCds64417

A Cisco AS5300 series universal access server running Cisco IOS Release 12.1(5)T may experience a memory leak while dialing out. There is no workaround.

CSCds64469

Large routing tables with Border Gateway Protocol (BGP) configured may cause 100 percent CPU utilization with NSE-1. There is no workaround.

CSCds64591

A Cisco AS5400 series universal access server running Cisco IOS Release 12.1(4.4)T with resource pooling enabled, may experience failed modem calls that are made from resource allocation. Calls are treated as digital and the system fails to recognize the profile for the calls. There is no workaround.

CSCds64610

Distributed Director (DD) will reload if you issue the no form of the ip direct dfp command while DD is processing data from the Dynamic Feedback Protocol (DFP) agent or DD is setting up or closing a DFP connection with the DFP agent.

Workaround: Wait for the TCP connection to timeout rather than reissuing the no form of the ip direct dfp command.

CSCds65523

A Cisco router will reload during start up when the spe firmware location global configuration command is configured on a span of NP108 cards.

Workaround: Save the configuration, remove any one of the middle NP108 cards in the span, and restart the router.

Alternate workaround: Do not remove any one of the middle NP108 cards, across the router if there is an spe firmware location configuration command on a span of three or more NP108 cards.

CSCds65867

A Cisco 5300 series universal access server running Cisco IOS Release 12.1(4.4)T2 with is-mz.capa3 images on four gateways stops with most calls in call leg one will display the following interactive voice response (IVR) error message:

cl_app:no ssInfo in SETUP

Workaround: Reload the access server.

CSCds65881

The remote_ip_authentice.1.1.1.tcl Tool Command Language (TCL) interactive voice response (IVR) 1.0 script is incorrectly classified as a TCL IVR 2.0 script on Cisco voice gateways that support the TCL IVR 2.0 functionality. This behavior causes the script to abort and the call to fail. There is no workaround.

CSCds66098

When configuring a T1 network module within a T3 network module on a Cisco AS5800 series universal access server, the T1 network will not come up on the far end equipment when Superframe framing is used. Also, if Extended Superframe (ESF) is used and an alternate mark (AMI) is selected on the M13 Mux side, the T1 peer will report a loss of signal because of excessive bipolar violation (BPV).

Workaround: Use ESF framing and B8ZS linecoding.

CSCds66593

A PPP over Ethernet PPP Termination Aggregation (PTA) case will not switch IP downstream traffic on an AC power system.

Workaround: Disable Cisco Express Forwarding (CEF).

CSCds66676

A Cisco AS5300 series universal access server with an originating gateway running Cisco IOS Release 12.1(4.4)T2 using c5300-is-mz.capa3 images may experience a software-forced reload. There is no workaround.

CSCds66789

A Cisco 5300 series universal access server using an originating gateway running Cisco IOS Release 12.1(4.4)T2 with is-mz.capa3 images may reload with a bus error. There is no workaround.

CSCds67108

When running Cisco IOS Release 12.0(7)XK1 and 12.1(3)T codes, a Cisco router intermittently gets a wedged input queue on a Fast Ethernet interface. There is no workaround.

CSCds67725

MIND CTI Billing/RealTime server does not process authentication, authorization, and accounting (AAA) RADIUS Accounting Records for Debitcard calls routed to the alternate dial peers when using the rotary dial peer feature on inbound gateways. As a result, calls are unaccounted for. The RealTime server does process RADIUS Accounting Records for calls to the first choice dial peer correctly.

Workaround: Turn off rotary dial peer feature on inbound gateways when running Debitcard applications.

CSCds68142

A Cisco 7500 series router running distributed Cisco Express Forwarding with the debug mpls packet enabled may show the no debug output on Versatile Interface Processor (VIP) or Route Switch Processor (RSP) console. There is no workaround.

CSCds68757

A Cisco AS5300 series universal access server using an originating gateway running Cisco IOS Release 12.1(4.4)T2 with c5300-is-mz.120-7.T.bin and c5300-is-mz.capA8 images may reload with a bus error. There is no workaround

CSCds69392

A Label Switch Router that pushes or pops label entries onto or off of the label stack of a received MPLS packet that is the size of the label stack in the transmitted MPLS packet is different than the size of the label stack in the received MPLS packet. Therefore, the size of the label stack in the received MPLS packet will not perform output features based on the top-most label entry of the transmitted MPLS packet as it should. There is no workaround.

CSCds69449

The RADIUS attribute 218/217 does not work to the ascend specification. The IP pool zero is not treated as default. There is no workaround.

CSCds69470

A Cisco AS5300 series universal access server dials a wrong number or a number without an area code. Once the Call Agent sees that an announcement has to be played, the Call Agent sends the call to the Announcement server. The Announcement server plays the audio file as told, but once the file has been played, the RTP port that was used is not released. The show ip socket still shows that the RTP port is being used.

Workaround: Reload the Cisco AS5300 series universal access server.

CSCds69666

Multiple traffic classes are generated with committed access rate (CAR), PQCBWFQ, Frame Relay Fragmentation (FRF.12), and Frame Relay Traffic Shaping (FRTS) configured. Traffic is correctly policed to the committed information rate (CIR). However, as the traffic exceeds the contracted rate, policing and PQCBWFQ restricts traffic to the CIR well below the line rate to allow for framing overhead but the output queue still fills, causing packet loss and delay, with throughput much less than the CIR. Therefore, an aggressive low priority data class may cause problems for a well-behaved higher priority traffic stream. There is no workaround.

CSCds69713

Enabling the fax-rate disable dial peer configuration command on Voice over IP (VoIP) continues to trigger fax codec and relay procedures irrespective of the commands intention. There is no workaround.

CSCds70637

The VWIC-1MFT-T1 Signalling Link Terminal will respond to a single yellow alarm code word by shutting down the controller. Large numbers of line and path code violations will result. The frequency of this problem may vary. The controller will report the following error message:

%CONTROLLER-5-UPDOWN: Controller T1 0/1, changed state to down (RAI detected)

Workaround: Use Super Frame (SF) mode instead of Extended Super Frame (ESF)

Alternate workaround: Do not use the Telco equipment that is incorrectly indicating yellow alarm.

CSCds70949

All packets on a main interface are classified as precedence 0 when the random-detect interface configuration command is enabled.

Workaround: Configure the main interface feature through the service-policy with class-default attachment with the random-detect interface configuration command enabled.

CSCds71222

A Cisco router running Open Settlement Protocol (OSP) may not clear the transaction indexes if the configured OSP server is unreachable. There are 2000 transaction indexes that are available and may not exceed 2000. When 1999 transaction indexes are reached the following error will be displayed in the debug voip settlement all command:

no empty slot for transaction

Workaround: Reload the router.

CSCds71418

A Cisco router running Open Settlement Protocol (OSP) with the c3640-js56i-mz.121-3a.bin image tries to open a Secure Socket Layer (SSL) session with another OSP server and the following error message is produced:

X509NameNotEqualErr

There is no workaround.

CSCds71469

RADIUS stop packet fields are not properly populated for failed calls. There is no workaround.

CSCds72270

The new feature ANI/DNIS Delimiter for CAS Calls on CT1 in Cisco IOS Release 12.1(1)T on a Cisco AS5800 series universal access server does not function properly. There is no workaround.

CSCds72416

A Cisco gateway running Cisco IOS Release 12.1(4.4)T2 with a c5300-is-mz.capA8 image may hang with error message output console. There is no workaround

CSCds72661

Layer 2 Tunneling Protocol (L2TP) over IP Security (IPSec) connections from a PC to a Cisco router running Cisco IOS Release 12.1(3)T do not complete. The PC and the router establish IPSec Source Addresses (SA)s, but no L2TP establishment takes place. There is no workaround.

CSCds72867

On a Cisco 7200 series router-I/O-2FE/E io-controller or PA-2FE-TX or PA-2FE-FX port adapter, the interface may stop receiving under extreme loads. There is no workaround.

CSCds73010

A Cisco router running Cisco IOS Release 12.1.3T configured for IP Security (IPSec) reloads while processing the hash payload. The following message is produced in the log immediately before the reload occurs:

2w2d: ISAKMP (0:33): processing HASH payload. message ID = 120266344

There is no workaround.

CSCds73167

A Cisco AS5300 series universal access server with an originating gateway running Cisco IOS Release 12.1(4.4)T2 with the c5300-is-mz.capA8 image may reload by error. There is no workaround.

CSCds73265

Under rare conditions a Cisco 7200 series router may reload with a bus error when the access control list (ACL) within the class-map statement is removed but the ACL is still defined.

Workaround: First delete the access list and then remove the ACL definition from the class-map statement.

CSCds73277

A Cisco 3640 router or a Cisco 7200 series router may reload when a class map (or the access control list (ACL) referred to in a class-map) is altered. This situation occurs in hierarchical class-map statements and also when match statements or access lists indirectly related to the class-map statements are modified. There is no workaround.

CSCds76547

Voice degradation may occur when G.726 codec is used with ATM adaptation layer 2 (AAL2) profiles that have voice activity detection (VAD) and Silence Insertion Discriptor (SID) enabled. A "pop" will be heard at the beginning of talk spurts.

Workaround: Disable VAD

Alternate workaround: Configure an AAL2 profile that does not use SID packets.

CSCds62461

The voice quality is corrupted when more than one call is actively configured using feature Link Fragmentation and Interleaving (LFI) over MLO over ATM. This situation is noticeable while available bit rate (ABR) is used.

Workaround: Properly set the discreet values for ABR parameters

Alternate workaround: Use another service category.

CSCds82672

As of Cisco IOS Release 12.1(5)T, Versatile Interface Processor (VIP)-based Modular Quality of Service (QoS) command-line interface (CLI) (MQC) features are now supported in the 12.1 T release train. However, Route Switch Processor (RSP)-based MQC features are no longer supported and cannot be enabled. When an RSP MQC configuration is upgraded to Cisco IOS Release 12.1(5)T or a later release, an error message is displayed when the configuration is parsed and when MQC is encountered on non-VIP interfaces. If a user who is using Cisco IOS Release 12.1(5)T and VIP-based MQC changes to an earlier release, the MQC features will revert back to the RSP-based MQC features (this is based on the assumption that the user is using MQC features that are common between Cisco IOS Release 12.1(5)T and the earlier release they are changing to).

Workaround: Users who are planning to run QoS on a Cisco 7500 router should use VIP-based QoS features. Because many MQC-based features do not run on the RSP including QoS on ATM virtual circuits (VCs), Low Latency Queuing (required for voice over IP (VoIP)), and FRF.12. Also, the performance of RSP-based MQC features is suboptimal. VIP-based features offer better performance and scalability.

Novell IPX, XNS, and Apollo Domain

CSCdr48984

Internetwork Packet Exchange Control Protocol (IPXCP) for virtual-template interfaces does not come up in "listen" mode if you use the no ipx ppp-client interface configuration command to dissociate the interface from the master. There is no workaround.

TCP/IP Host-Mode Services

CSCds59708

The CPU utilization runs very high on TCP over Multilink PPP connections. There is no workaround.

CSCds59937

Under certain conditions a voice gateway on Cisco 2600 series routers stops establishing new Voice over IP (VoIP) sessions because of failures in the TCP connection with the TCP error messages. There is no workaround.

Wide-Area Networking

CSCdr34517

Pings fail for Multilink PPP with point-to-point compression from certain vendors. Even though compression appears to be functioning correctly, the link is torn down before re synchronization can occur. Cisco does not recommend using PPP payload compression (MPPC only) with a virtual private dial-up network (VPDN). There is no workaround.

CSCdr43565

Bridging using High-Level Data Link Control (HDLC) encapsulation with dialer fails. There is no workaround.

CSCdr43646

On Cisco 2600 and 3600 series routers, the fr_isdn switch cannot handle packets terminating at the switch. There is no workaround.

CSCdr58534

After a series of pings on a BRI interface with Link Access Procedure, Balanced (LAPB) encapsulation, the frame sequence number may lose synchronicity. There is no workaround.

CSCdr60589

When upgrading to Cisco IOS Release 12.1(1a)T1, a PPP link with compression enabled no longer works between a Cisco 3600 series router and a Cisco 760 router.

Workaround: Disable the compression.

CSCdr72892

A Cisco 4000 series router that acts as a home gateway in a virtual private dial-up network (VPDN) application is not stable and may reload after several hours of operation. There is no workaround.

CSCdr85261

A Cisco AS5300 series universal access server has less free memory after running a stress test than before the stress test is run. This situation could be due to such things as initialization functions or the expansion of queues. Memory usage during the stress test stabilizes, so this situation does not lead to the eventual exhaustion of memory and a system failure. There is no workaround.

CSCds02464

Frame Relay Traffic Shaping (FRTS) does not perform correctly when Custom Queueing is also applied on the main interface/shaping mechanism. There is no workaround.

CSCds05105

A Cisco router running Cisco IOS Release12.1.1T code with RSP-PV-M software on serial interfaces with High-Level Data Link Control (HDLC) encapsulation sees the bits-per-second counter go to zero and stay there.

Workaround: Clear the counters

CSCds11520

The translation rule does not find a match to any available type of number (international, national, subscriber, abbreviated, and unknown). There is no workaround.

CSCds32256

Outgoing voice calls using a vic-2bri-s/t-te fail with a q931 debug unexpected alerting command in ISDN. There is no workaround.

CSCds37998

Incoming ISDN calls disconnect after 10 seconds. A Cisco router reports a disconnect cause 102 (recovery on timer expiry). An inbound call leg on the originating router and the outbound call leg on the terminating router are both ISDN, but the called party is not an ISDN end user therefore the terminating router will receive a progress q931 message.

Workaround: Change inbound ISDN switch T310 configuration to a higher value if possible.

CSCds44645

A Cisco 3660 router running Cisco IOS Release 12.1(4.2)T configured with X.25 and TCP translation may reload with bus errors during a high traffic load. There is no workaround.

CSCds45165

Data call bumping does not always work since there is no mechanism to reserve the B channel that has been bumped and reassigned to the incoming and outgoing voice call. There is a short period of time where sending another data call right away may allow the switch to assign the released B channel to the new data call and the voice call to never complete. There is no workaround.

CSCds50783

Cisco IOS software will allow you to configure traffic-shaping parameters above the limit of BC greater than 80,000. When you configure the bc value higher than 80,000 Cisco IOS software recalculates the byte limit and interval to a lower value. There is no workaround.

CSCds53024

Ping packets do not work on Frame Relay serial links configured with compression using the payload-compression frf9 stac configuration command.

Workaround: Use prior and subsequent versions of the Cisco IOS code.

CSCds54173

A slow memory leak was found on a Cisco AS5300 series universal access server running Cisco IOS c5300-js-mz.121-4.2.T. This situation did not cause major problems, and the Cisco router can still perform all internetworking functions it was designed for. There is no workaround.

CSCds55923

A Cisco AS5300 series universal access server running Cisco IOS Release 12.1(4.4)T stops taking ISDN calls after executing a shut DSP configuration command followed by the no form of the shut DSP configuration command on the controllers There is no workaround.

CSCds64429

A memory leak may exist in the ISDN process. There is no workaround.

Resolved Caveats—Cisco IOS Release 12.1(5)T

This section describes possibly unexpected behavior by Cisco IOS Release 12.1(5)T. All the caveats listed in this section are open in Cisco IOS Release 12.1(5)T. This section describes severity 1 and 2 caveats and select severity 3 caveats.

Access Server

CSCdr71878

The default bundled portware for a Cisco AS5300 series universal access server or a Cisco AS5800 series universal access server needs to be upgraded to 2.7.2.0 from firmware 2.7.1.1, which does not support inbound messaging.

Workaround: Manually download 2.7.2.0 from Cisco.com and configure the access server to download this firmware to the modems using the spe global configuration command.

Basic System Services

CSCdk75738

When Ascend compression is configured to Microsoft PPP compression, Cisco RADIUS code misinterprets the Ascend compression as STAC compression. There is no workaround.

CSCdr56579

An attempt to receive and transmit asynchronous traffic on an asynchronous console using User Datagram Protocol Telnet (UDPTN) may fail. There is no workaround.

CSCdr77832

Starting a Service Assurance (SA) Agent operation on a Cisco 1600 series router may produce a CPU exception error message. There is no workaround.

CSCdr81216

When more than one tagged tunnel sets are passed through RADIUS, only one gets used in the tunnel creation and a failover or no failover may occur.

Workaround: Use the "ip-addresses" attribute to overload the tunnel sets with the IP addresses of the home gateways which will be subject to load balancing and backup.

CSCdr96051

A Cisco MC3810 Multiservice Concentrator will reload when making Voice over Frame Relay (VoFR) calls. There is no workaround.

CSCds02988

The parse tree for the radius-server attribute nas-port extended global configuration command is disabled. There is no workaround.

CSCds09190

Operation, administration, and maintenance (OAM) loopback cells are not received properly if the encapsulation type of the ATM permanent virtual circuit (PVC) is set for any variant other than aal5snap or aal5mux ip. If OAM-PVC management is enabled in the configuration, then the ATM PVC will be perpetually down.

Workaround: Disable OAM-PVC management.

CSCds29221

On a Cisco AS5400 series universal access server, the getmany Simple Network Management Protocol (SNMP) query on cmLineStatusEntry, CISCO-MODEM-MGMT-MIB table reloads. This situation occurs only if the distributed forwarding card (DFC) is in slot 7 (last slot) and the getmany query is done on cmLineStatusEntry.

Workaround: Avoid using the last slot getmany for cmLineStatusEntry. Getone should be done for the last slot cmLineStatusEntry.

CSCds32691

On a Cisco AS5800 series universal access server or on Cisco 3660 routers running Cisco IOS Release 12.1(3a)T1, asynchronous interfaces may become unserviceable when the interfaces are shut down with the following error message:

AAA: NO CDB found!!! for hwidb = 61C4C390".

This situation occurs under all operating conditions when authentication, authorization, and accounting (AAA) is enabled, but is likely to occur only on platforms that have a large number of active interfaces (more than 100) and where the interfaces are being set up and shut down at a high rate.

Workaround: Disable AAA.

CSCds49989

UUNet was testing pre authentication with V120 calls and discovered that the network access server (NAS) was ignoring any pre authentication RADIUS profiles. It was found that the login code that checks for pre authentication profiles for the authentication list asynchronous (TTY) lines (modem and V120 calls) was looking for the interface information only where modem information is stored (V120 works differently). There is no workaround.

EXEC and Configuration Parser

CSCdr46291

With Asynchronous Call Queuing configured some attempts from telnet to the Cisco router may fail even though lines are available. There is no workaround.

Interfaces and Bridging

CSCdr61934

802.1Q bridging does not work on the Route Switch Processor (RSP) from Cisco IOS Release 12.1(2.2)PI and earlier releases. There is no workaround.

CSCdr75744

A Cisco 7206VXR router that is running Cisco IOS Release 12.1(2.3)T2 may reload with the following messages:

%OSPF-5-ADJCHG: Process 1, Nbr 212.152.191.106 on FastEthernet1/0 from LOADING to FULL, Loading Done Queued messages: -Traceback= 60EF3E54 600E7A4C 600EB154 *** System received a Bus Error exception *** signal= 0xa, code= 0x40c, context= 0x61f25ad0 PC = 0x6055b87c, Cause = 0x420, Status Reg = 0x34008002

There is no workaround.

CSCdr89479

A Cisco router with IP Cisco Express Forwarding (CEF) and VLANs configured may reload when Inter-Switch Link (ISL) encapsulation is removed on a subinterface. There is no workaround.f

CSCdr93594

On a Cisco 7200 series router running Cisco IOS Release 12.1(3)T when bridging is enabled on the native VLAN subinterface of a dot1q trunk, the router stops processing Address Resolution Protocol (ARP) packets in all non-native VLAN subinterfaces. There is no workaround.

IP Routing Protocols

CSCdr10934

A Cisco router that is running Cisco IOS Release 12.1 T and that is using Resource Reservation Protocol (RSVP) may reload when handling static path reservations. This situation occurs when the router runs Routing with Resource Reservation (RRR) tunnels or Common Open Policy Service (COPS) applications. There is no workaround.

CSCdr57408

URL Rendezvous Directory (URD) does not work with certain features. Certain features are opening a TCP connection with extra TCP options which URD interprets as the URD string. There is no workaround.

CSCdr64338

When a Cisco router that is running Cisco IOS Release 12.1(3)T and Resource Reservation Protocol (RSVP) receives an RSVP Reserve (RESV) message that increases an existing reservation and the corresponding weighted fair queuing (WFQ) or ATM resources are not available, the router reloads.

Workaround: Configure endpoints to terminate the RSVP reservation and then ask for a new, larger reservation if an increase is necessary.

CSCds21102

The Cisco router does not correctly dequeue Internet Group Management Protocol (IGMP) v3lite packets. After some time this situation will stop IGMP v3lite from operating correctly. There is no workaround.

CSCds27860

When URL Rendezvous Directory (URD) is enabled on an interface, the input queue counter increases with every intercept until the queue is full.

Workaround: Disable URD on the interface.

CSCds38819

Cisco routers currently treat the address 232.0.0.[0-255] as unroutable.

Workaround: Use an address in a different range for data.

Miscellaneous

CSCdp86357

The Cisco 3600 series router acting as a voice gateway may reload when the busyout-monitor interface voice-port configuration command is configured and the interface that the command refers to is shut down. There is no workaround.

CSCdr12520

With foreign exchange station ground start (FXS GS) running on a Cisco 5300 series universal access server, incoming calls are not answered when the access server communicates with a Net meeting client. There is no impact to ISDN, channel associated signalling (CAS), or R2 customers. There is no workaround.

CSCdr13589

Maximum length Message Signalling Units (MSUs) are discarded when the Cisco Signalling System 7 (SS7) Signalling Link Terminal (SLT) is used. There is no workaround.

CSCdr15620

A Cisco AS5300 series universal access server that is using the Cisco AS5300 voice gateway Real Time Streaming Protocol (RTSP) client for dynamic interactive voice response (IVR) prompting may reload.

Workaround: Do not use RTSP for dynamic prompting.

CSCdr15741

Weighted Random Early Detection (WRED) is not supported on a Cisco Route Processor Module (RPM) MGX8850 series wide-area edge switch. There is no workaround.

CSCdr41172

If both ATM Route Bridge Encapsulation (RBE) and PPP over Ethernet (PPPoE) are configured on a single permanent virtual circuit (PVC) Route Switch Processor (RSP) platform, then ATM RBE does not work on that PVC. However, ATM RBE on other PVCs on which no PPPoE is configured should work fine.

Workaround: Do not configure PPPoE and ATM RBE on the same PVC.

CSCdr43777

The NM-ATM-1A-OC3-MM-1V card does not have a card entry in the card table for VWIC-1MFT-DSU-E1 when the VWIC-1MFT-DSU-E1 is plugged into the NM-ATM-1A-OC3-MM-1V. The VWIC-1MFT-DSU-E1 card does not show up in CiscoView because there is no entry for the VWIC-1MFT-DSU-E1 card in the card table. The VWIC-1MFT-DSU-T1 has the same problems. There is no workaround.

CSCdr44580

A Cisco AS5300 series voice gateway that is running an interactive voice response (IVR) script might reload when both of the following conditions are met:

The RADIUS server used for authentication becomes unreachable.

You reuse the call application voice global configuration command to change the prompt file location, uid-len, or reload the application.

Workaround: Use only the call application voice global configuration command when there are no active calls in the gateway.

CSCdr44682

In the Route Processor Module (RPM), only the switch interface is included in the ifTable. Subinterfaces are not represented in the ifTable. There is no workaround.

CSCdr46240

If the crypto key generate rsa global configuration command has been included in the startup configuration file, the router may reload during key generation when the startup configuration is processed.

Workaround: Exclude the crypto key generate rsa global configuration command from the startup configuration file, and manually configure the Rivest, Shamir, and Adelman (RSA) key pair from the console session.

CSCdr47971

Extended Authentication (Xauth) to Cisco IOS software fails after the first rekey. There is no workaround.

CSCdr48026

On a Cisco 7200 series router, traffic is not classified correctly in the mpls->ip path for traffic from provider-edge (PE) routers to customer-edge (CE) routers for "untagged destinations." This situation results in packets getting incorrect weight and, therefore, incorrect service. There is no workaround.

CSCdr48143

The H.323 protocol stack on Cisco IOS software uses a third-party Abstract Syntax Notation One (ASN.1) library, and Cisco does not have control over the source code. Under some situations, when there are encoding errors and no free memory is available, a Cisco router reloads inside the third-party library code. In the third-party library code, the _oss_freeGlobals() function is called by the ASN encoder to free all allocated memory whenever an error is detected. However, the encoder does not free the memory gracefully and causes the router to reload.

Workaround: Upgrade to Cisco IOS Release 12.1 T, which uses a Cisco-developed ASN.1 library code.

CSCdr48618

Cot Loopback fails in a Cisco router that is running Cisco IOS Release 12.1 PI or 12.1 T. There is no workaround.

CSCdr51060

On a Cisco 4500 series router with ATM Route Bridge Encapsulation (ATM RBE) used on a permanent virtual circuit (PVC), the router uses process switching instead of fast switching on incoming 1483 bridge-encapsulated IP packets. There is no workaround.

CSCdr51651

When you reload a Cisco router that is running Cisco IOS Release 12.1(2)T, any configured secondary IP addresses on Ethernet and Bridge Group Virtual Interface (BVI) interfaces are removed from the configuration.

During startup, the router displays the following error message:

Secondary addresses not allowed with negotiated addresses

Workaround: Reconfigure the secondary IP addresses.

CSCdr52432

Code introduced into del_t may cause upstream power adjustments to always flow in a positive direction regardless of the sign in the command. This situation may result in negative power adjustments with a large positive change that will force the cable interface to reset itself or in some cases not to be brought online at all. There is no workaround.

CSCdr52850

When two Cisco AS5300/Voice Gateways and a third-party gatekeeper receive overlap signalling over H.323, one Cisco AS5300/Voice Gateway drops digits while an admission request is made by the other Cisco AS5300/Voice Gateway to the gatekeeper. There is no workaround.

CSCdr52861

There is a missing incoming_guid copy in Cisco IOS Release 12.1 PI that gets synchronized into Cisco IOS Release 12.1(2.3)T.

Workaround: Insert the copy line.

CSCdr53686

A buffer leak may occur on a Catalyst 6000 family switch with a Multilayer Switch Feature Card (MSFC) or on a Cisco 7200 series router if the Server Load Balancing (SLB) feature is running. The buffer leak occurs when fragmented Internet Control Message Protocol (ICMP) packets are processed.

Workaround: Configure an access control list (ACL) to deny all fragmented ICMP packets.

CSCdr54535

The service-policy output global configuration command on a PA-A3 port adapter is deleted after a link status change, disabling class-based weighted fair queueing (CBWFQ). There is no workaround.

CSCdr54858

There are four production images that do not fit in Flash memory.

Workaround: Remove L2TP and RADIUS.

CSCdr55351

When Channel-Associated Signalling (CAS) pre authentication is enabled after Dialed Number Identification Service automatic number identification (ANI) collection for E1 R2 signalling, Cisco IOS software will not send an answer signal until it gets a response from the RADIUS server. If the call is accepted, Cisco IOS software will send a register answer signal and a connect-through-the-line answer. If the call is rejected, Cisco IOS software will send a busy signal and send idle to disconnect the call. There is no workaround.

CSCdr55864

The boot flash file system may be corrupted after a system reload. This situation occurs only after a reload file is written to boot flash. There is no workaround.

CSCdr56112

Voice traffic is dropped when you use compression and a call cannot be resumed. If an error appears at the decompressor when you use Voice over IP over Frame Relay (VoIPoFR) and fast switching or Cisco Express Forwarding (CEF) switching, all subsequent packets in the flow are dropped and voice connection is never regained.

Workaround: Use process switching, or do not use compression.

CSCdr56344

References to freed structure cause the router to reload, producing the following error messages:

UUT7500-WEST#conf t Enter configuration commands, one per line. End with CNTL/Z.

UUT7500-WEST(config)#pol

UUT7500-WEST(config)#policy-map parent UUT7500-WEST(config-pmap)#clas

UUT7500-WEST(config-pmap)#exit

UUT7500-WEST(config)#pol

UUT7500-WEST(config)#policy-map child

UUT7500-WEST(config-pmap)#clas

UUT7500-WEST(config-pmap)#class class-2 UUT7500-WEST(config-pmap-c)#band UUT7500-WEST(config-pmap-c)#bandwidth 15000 UUT7500-WEST(config-pmap-c)#exit

UUT7500-WEST(config-pmap)#exit

UUT7500-WEST(config)#pol

UUT7500-WEST(config)#policy-map parent UUT7500-WEST(config-pmap)#clas

UUT7500-WEST(config-pmap)#class class-defualt classmap class-defualt not configured

UUT7500-WEST(config-pmap)#clas

UUT7500-WEST(config-pmap)#class class-default UUT7500-WEST(config-pmap-c)#serv

UUT7500-WEST(config-pmap-c)#sha UUT7500-WEST(config-pmap-c)#shape aver

UUT7500-WEST(config-pmap-c)#shape average 24000000 UUT7500-WEST(config-pmap-c)#serv UUT7500-WEST(config-pmap-c)#service-policy child UUT7500-WEST(config-pmap-c)#exit

UUT7500-WEST(config-pmap)#no clas

UUT7500-WEST(config-pmap)#no class class-default UUT7500-WEST(config-pmap)#clas

UUT7500-WEST(config-pmap)#class class-024 UUT7500-WEST(config-pmap-c)#sha

UUT7500-WEST(config-pmap-c)#shape aver UUT7500-WEST(config-pmap-c)#shape average 24000000 UUT7500-WEST(config-pmap-c)#serv UUT7500-WEST(config-pmap-c)#service-policy child UUT7500-WEST(config-pmap-c)#exit

UUT7500-WEST(config-pmap)#clas

UUT7500-WEST(config-pmap)#class class-6 UUT7500-WEST(config-pmap-c)#set ip dscp 63 UUT7500-WEST(config-pmap-c)#exit

UUT7500-WEST(config-pmap)#exit

UUT7500-WEST(config)#no pol

UUT7500-WEST(config)#no policy-map parent

UUT7500-WEST(config)#no pol

UUT7500-WEST(config)#no policy-map child

Workaround: Add a new parameter "forced" to policymap_delete_actiongroup() command to distinguish the following two cases: The action group removal is a result of the no version of the policy-map x global configuration command. In this case, the action group is unconditionally removed. The action group removal is a result of the no version of the class class-default command. In this case, the action group is not removed and it is turned into a dummy class-default action group.

CSCdr56776

On a Cisco AS5300 series universal access server that is running Cisco IOS Release 12.1(2)T and Release 12.1(3)T, the debug cas command does not work correctly. There is no workaround.

CSCdr57325

The new tool command line (TCL) interface is missing roaming capability infrastructure. There is no workaround.

CSCdr57742

During testing of the fast reroute feature, line cards may occasionally be restarted. This condition may be associated with cases in which a protected link experiences multiple link up and down transitions in quick succession. There is no workaround.

CSCdr58530

After a fax call is completed on vendor-specific gatekeeper software while switching back to voice mode, the T1 port on a Cisco 3640 router hangs for about 30 seconds, so the next call coming in will fail on that port.

Workaround: Release the voice port and put it in an idle state.

CSCdr60236

ATM bridged frames that include Ethernet frame check sequence (FCS) cannot be processed by routed bridge encapsulation (RBE). There is no workaround.

CSCdr61629

If you call a telephone that has been redirected to a different number, the destination phone rings and when the phone is answered, there is no voice path. There is no workaround.

CSCdr64038

A Cisco gatekeeper using the tech-prefix configuration in an H323 gateway may send the tech-prefix field in automatic repeat request (ARQ) to the gatekeeper during a call origination, may sometimes be invalid or the wrong tech-prefix from a different dial peer for the current outgoing call to an IP leg. There is no workaround.

CSCdr64130

FAX Non Standard Facility (NSF) cannot be configured for Voice over Frame Relay (VoFR) or Voice over ATM (VoATM) on a dial peer router that is running Cisco IOS Release 12.1(2)T. There is no workaround.

CSCdr64408

Tool command line (TCL) interface script authorization fails while sending Mind Server with correct account or password information. This situation affects all debit card TCL scripts. There is no workaround.

CSCdr64591

Calls from private branch exchange (PBX) 2 to PBX 1 are connected, but no ring tone is heard. Debugging shows that a "T" digit is matched although there is no "T" digit configured in the dial peer destination pattern. This situation causes the Cisco router to miss the ring tone from the called party.

Workaround: Turn off H.323 fast-start functionality on all Voice over IP (VoIP) dial peer routers by issuing a req-qos controlled-load command.

CSCdr64742

This situation exists in the environment where alternate gatekeeper fields are supplied by a gatekeeper in the admission rejection (ARJ) message. Under this condition the Cisco gateway may reload or operate improperly. There is no workaround.

CSCdr64913

On a Cisco AS5800 series universal access server running Cisco IOS Release 12.1(2a)XH or 12.1(3)T, with the show modem operational-status EXEC command and the show modem configuration EXEC command display nothing for Modem ISDN channel aggregation (MICA) modem ports (HMM/DMM).

Workaround: Use the show modem slot/port or the show modem log slot/port command to look at some of the modem history statistics.

CSCdr65385

The number of flows reported by the show ip cache verbose flow command is incorrect if a large number of flows age out. Not all of the flows are reported in the flow export packets. There is no workaround.

CSCdr65984

While loading Cisco IOS Release 12.0(7)XK or Release 12.1(2)T, Fax over Voice over Frame Relay (VoFR) stops working; however, voice traffic is not affected. There is no workaround.

CSCdr67716

An interactive voice response (IVR) script may fail to collect digits when the script connects the call and begins to collect digits without first playing a prompt to the user.

Workaround: Play a prompt to the user before collecting digits.

CSCdr67726

The use of the phone keypad digits "*" and "#" as the first character in a dial peer destination pattern is not officially supported for the Cisco 3600 series platform in Cisco IOS Release 12.0. However, there are some dial peer destination patterns that require the "*" and "#" for use in centralized voice-mail applications. The MC3810 Multiservice Concentrator and other VoX platforms apparently permit these characters, and this feature should also be available on the Cisco 3600 platform for cross-platform compatibility and for ease of migration from one series of router to another.

It has been noted that some Cisco IOS releases will actually permit "#" to be the first digit in a destination-pattern, but "*" is permitted depending on which Cisco IOS Release is being used. For example, both characters can be used in Cisco IOS Release 12.0(7)T, but only "#" is accepted in Cisco IOS Release 12.0(7)XK1, 12.1(2)T, and 12.1(1a)T1. Trying to configure "*" as a first character on Cisco IOS releases that do not accept it gives the following error message:

ms-3640-3b(config)# dial peer voice 500 pots ms-3640-3b(config-dial peer)# destination-pattern *99 % ?+* follows nothingIncorrect format for ^(*99)$

ms-3640-3b(config-dial peer)#

There is no workaround.

CSCdr68372

When Multilink PPP and fast switching or Cisco Express Forwarding (CEF) switching are configured, Real Time Protocol (RTP) packets are not compressed. When you use Multilink PPP for link fragmentation and interleaving (LFI) in a voice and data environment, the ip rtp header-compression command has no effect on most platforms and may cause a Cisco 7200 series router to reload.

Workaround: Turn off fast switching or CEF switching by using the no ip cef and the no ip route-cache global configuration commands.

CSCdr68821

Digit collection on the IP leg of a Media Gateway Control Protocol (MGCP) call may fail. There is no workaround.

CSCdr69194

A reload occurs when Clear Channel Codec is configured on the dial peer on Cisco 7200 platforms. This situation happens because the memory allocated for Terminal Capability Set elements is one less than the total number of available codecs.

Workaround: Do not use Clear Channel Codec.

CSCdr69220

On a Cisco router that is running Cisco IOS Release 12.1(2)T with the Airline Product Set (ALPS) and encapsulated Airline Control (ALC), ALPS circuit processing queues always queue data regardless of the state of the peer or the circuit. Reliance on failure processing to discard the packets is a solicited error because the Cisco router sends a service message after the loss of a packet. The circuit failure notification takes 15 to 30 seconds. If the packet lifetime timer has been exceeded, the Cisco router generates a service message. The time to generate a service message is random because it depends on when the message is queued. Because the timers are hardcoded, the CRT is locked until a 30-second timer expires at the agent-set control unit (ASCU) or the service message is received. There is no workaround.

CSCdr69362

Outgoing calls originated on modem ISDN channel aggregation (MICA) feature boards for a Cisco AS5800 series universal access server running Cisco IOS Release 12.1(2a)XH or 12.1(3)T may fail to train up. There is no workaround.

CSCdr70409

Cisco gateways that are registered to some vendor gatekeepers and that send an Admissions Confirm (ACF) message with ClearTokens consisting of unknown object identifiers in the nonstandard field of the ClearToken structure may experience a memory leak in the CCH323_CT process.

Workaround: Set the gatekeeper to not send ClearTokens, and disable the gateway security.

CSCdr70698

The tool command line (TCL) interface 1.0 interactive voice response (IVR) infrastructure does not properly handle ISDN progress indication messages. This situation may result in incomplete calls, inaudible ringback, and busy tones when you use certain ISDN switch types.

The TCL session application ignores the CC_EV_CALL_PROGRESS event from the call control applications programming interface (CCAPI), so this event is not passed to the Voice over IP (VoIP) Service Provider Interfaces (SPIs). This condition breaks the alerting function for calls terminating on channel-associated signalling (CAS) trunks. There is no workaround.

CSCdr71105

When you configure Circuit Emulation Service (CES) over switched virtual circuits (SVCs) with the CES network module (NM), the connection may pause indefinitely in the "coming up" state.

Workaround: Use the shut command followed by the no shut command on the T1 controller that is marked as down.

CSCdr71125

When Cisco voice gateways operate with alternate endpoints as directed by the gatekeeper, the free event queue buffers may get depleted.

Workaround: Disable the alternate endpoints.

CSCdr72189

A distributed committed access rate (DCAR) will not match on any Multiprotocol Label Switching (MPLS) packets when you use an MPLS experimental bit rate limit access list configured within the CAR on an output interface.

Workaround: Use DCAR in the non distributed case.

CSCdr73473

Removing and attaching a service policy under a traffic load may cause spurious memory access errors and high CPU utilization on the Versatile Interface Processor (VIP). This spurious access occurs at hqf_get_policymap().

Workaround: Stop background traffic before making configuration changes.

CSCdr74032

Service-policy with class-map matching on an Access Control List (ACL) does not work after reload. There is no workaround.

CSCdr74189

The call history entry record buffers leak when a gateway is rejected with an admission rejection (ARJ) message from a gatekeeper for terminating call admission. There is no workaround.

CSCdr74302

When you send a number of fax messages simultaneously to different fax numbers session target is not selected correctly. All faxes are sent to the same session target fax number. There is no workaround.

CSCdr75209

When Frame Relay fragmentation is configured after attaching a traffic-shaping service policy to a large number of permanent virtual connections (PVCs), the service policy might not function properly. Since Frame Relay fragmentation appears after "service-policy" in the configuration order, there is a chance that this situation will occur after a system reload. The specific policy that fails is:

policy-map fr-pvc class class-default shape average <cir> service-policy llq-policy

Workaround: Configure "service-policy" after Frame Relay fragmentation, or add "queue-limit" to the traffic shaping policy as follows:

policy-map fr-pvc class class-default shape average <cir> queue-limit <n> service-policy llq-policy

CSCdr75648

Outgoing fax calls do not work on a Cisco AS5800 series universal access server with an E1 controller. There is no workaround.

CSCdr75812

In Cisco IOS Release 12.1(2)T, if you use a translation rule beginning with ".%" or "." while enabling the test translation-rule global configuration command, a Cisco router reloads with the following error message:

translation-rule 40 Rule 1 .%527.% 7

cpe_gw#test translation-rule 40 8888527999

=== Flushing messages (13:10:17 MET Fri Jun 30 2000) === Keyword "CRASH {ROUTER} Queued messages *** System received a SegV exception *** signal= 0xb, code= 0x1200, context= 0x819f80f8 PC = 0x80dc4e40, Vector = 0x1200, SP = 0x81e9a240

There is no workaround.

CSCdr76091

A Cisco gateway may reload during an attempt to resolve the mismatching of codec when the Cisco gateway interoperates with an endpoint that creates asymmetrical codec. The reload is caused by an attempt to use the NULL pointer.

Workaround: Ensure that there is no condition that could create asymmetrical codec during open logical channel opening with normal H245 procedure.

CSCdr76163

ClearChannel Codec must be entered in the dial peer router and not in the codec preference list of a voice class. There is no workaround.

CSCdr76524

A Cisco AS5300 series universal access server may exhibit the following error on a T1 port:

Restore frozen DS0

Rx ABCD mismatch first seen on DS0

Rx ABCD mismatch first seen on DS0

Restore frozen DS0

Restore frozen DS0

Rx ABCD mismatch first seen on DS0

There is no workaround.

CSCdr76693

A Cisco AS5800 series universal access server running Cisco IOS Release 12.1(3a) T1 may experience a system reload after producing a series of the following messages:

05:41:31:%MICA-3-TOOMANYPARTICLES: Not enough particles - m 4; CTS off 05:41:31:%MICA-3-TOOMANYPARTICLES: Not enough particles - m 5; CTS off Jul 4 02:06:06.559:%DIAL3-3-MSG: 05:41:31:%MICA-3-TOOMANYPARTICLES: Not enough particles - m 6; CTS off 05:41:31:%MICA-3-TOOMANYPARTICLES: Not enough particles - m

There is no workaround.

CSCdr77151

Removing an ATM permanent virtual circuit (PVC) service policy and reattaching a subinterface policy causes the Versatile Interface Processor (VIP) to reload. The traceback is in remove_policymap_recursive().

Workaround: Enable the microcode reload global configuration command after removing an ATM PVC service policy before attaching the policy on the subinterface.

CSCdr77946

With IP Parallel eXpress Forwarding (PXF) configured, the line protocol may not come up for the Link Access Procedure, Balanced (LAPB), PPP, and X.25 encapsulations. There is no workaround.

CSCdr77951

Frame Relay Forum (FRF) fragmentation does not occur for packets that are originated from the Cisco router on channelized interface (MC-T/E1, MC-T/E3). There is no workaround.

CSCdr78432

With IP Parallel eXpress Forwarding (PXF) configured, the PXF subsystem may spontaneously restart. There is no workaround.

CSCdr78886

When an incorrectly encoded H.245 protocol data unit (PDU) with an extra byte of data is received, the Cisco gateway attempts to decode the extra byte causing the following error message:

unconditional printing of

Workaround: Reload the Cisco gateway.

CSCdr79053

A disruption occurs on the existing class-based weighted fair queueing functionality that runs on all Cisco routers. There is no workaround.

CSCdr79309

When a create Packet Data Protocol (PDP) request is sent to a Cisco Gateway GPRS Support Node (GGSN), the MSISDN field is incorrectly parsed. There is no workaround.

CSCdr79316

Unconfiguring PRI from the controller does not remove the voice port configuration. There is no workaround.

CSCdr80040

A Cisco AS5800 series universal access server running Cisco IOS Release12.1(1.6)AA or 12.1(3a)T1 may experience a system reload with minimal call traffic producing the following error message:

%TTYDRIVER-3-RTSLOW

The request to send (RTS) is deasserted though rx queue is empty.

There is no workaround.

CSCdr81432

A Cisco 5400 series router configured with the frame-relay lmi-type q933a interface configuration command or the frame-relay lmi-type ansi interface configuration command may cause the line protocol to briefly come up and then shut down.

Workaround: To avoid this problem, use the frame-relay lmi-type cisco command to avoid this problem.

CSCdr81657

When there is no feature enabled on a Route Switch Processor (RSP), a Cisco Express Forwarding (CEF) switched packet will cause spurious memory access in atm_set_clp_wrapper(). This situation occurs when a CEF packet is switched in the nonfeature RSP CEF path. The "pak" pointer is NULL. atm_set_clp_wrapper() references "pak" unconditionally, causing the spurious memory access.

Workaround: Check the "feature_enabled" boolean before calling atm_set_clp_wrapper(). When setting to TRUE, make sure a non-NULL "pak" pointer exists.

CSCdr81723

When calls in a Signalling System 7 (SS7) interconnect with an H.323 solution, the voice path is cut through in only one direction when a Continuity Test (COT) request is made by the SC2200 Signalling Controller on the egress side of the solution (egress being AS5300-to-NI2+-to-SC2200-to-SS7). This situation does not affect COT requests coming in from the remote switch to the solution.

Workaround: Do not set a COT percentage on any SC2200 that will be servicing calls of this type. Run COT tests manually on these trunks with the test-cot command. The command can also be scripted to run automatically as a UNIX chronologically started job.

CSCdr83064

On a Cisco AS5400 series universal access server with a T3 adapter, the T3 adapter is brought up before the modems, causing the calls to be routed to the box but not accepted because the modems are not yet ready. There is no workaround.

CSCdr83067

If the clear counters EXEC command is entered from a Secure Shell (SSH) connection on a Cisco router with E1/T1 controllers, a "SYS-3-CPUHOG" error message may be displayed. This condition occurs when the clear counters command fails on more than one E1/T1 controller with a "POT1E1-3-MBOXSEND" error.

Workaround: Clear each E1/T1 controller individually.

CSCdr83761

Once the Encryption Service Adapters (ESA) card is enabled, you cannot shut down the ESA card and switch to a software crypto engine using the crypto card shut slot command.

Workaround: Clear the hardware dss key, and reload the router.

CSCdr85282

On a Cisco AS5800 series universal access server, for next port cards a number of the port statistics in the CISCO-MODEM-MGMT-MIB may return misleading results because of the way that Service Processing Element (SPE) statistics are distributed across the ports of an SPE. There is no workaround.

CSCdr85676

In Cisco IOS Release 12.1(3)T, when a Cisco AS5300 series universal access server runs at maximum capacity with Open Settlement Protocol (OSP) calls, if the rate the call authorization by the OSP server does not keep up with the rate of call arrival on the gateway, the originating caller may hang up the phone before the call is successfully settled. There is no workaround.

CSCdr86052

A Cisco 3660 router with 256 MB of memory may reload because of low Translation Lookaside Buffer (TLB) entries present to map the available 256 MB of memory.

Workaround: Reduce the amount of memory to 128 MB.

CSCdr87083

After you run Simple Gateway Control Protocol (SGCP) calls for several minutes, a Cisco router experiences 100 percent CPU usage and cannot process any calls. The Cisco router will not reload automatically (which only takes about 1 minute). The CPU high utilization is at VOIP_RTCP process. There is no workaround.

CSCdr88376

When voice and data are both running in Frame Relay Low Latency Queuing (FR LLQ) configuration, some of the data packets are being classified as voice. This situation results in police and drops for the packets in the priority queue and may cause bad voice quality.

Workaround: Turn on process switching on the incoming interfaces for voice and data.

CSCdr88816

A Cisco 3600 series router with an ATM OC-3 Network Module running Circuit Emulation Service (CES) will not start up.

Workaround: Install a 1- or- 2 port T1/E1 Multiflex VWIC.

Alternate workaround: Upgrade to Cisco IOS Release 12.1(2)T until a software fix is available.

CSCdr89499

A Cisco 7200VXR series router with a Network Processor Engine (NPE) 300 may pause indefinitely if the configuration register is set to allow a break sequence (for example, 0x2002) at any time and that break sequence is sent to the router.

Normally the router should go into ROM monitor (ROMMON) mode, as signified by the common prompt:

rommon 1>

However, there is a potential that the router will simply pause indefinitely after the break sequence is entered. You should not have the router configured so that a break sequence can be sent to it.

Workaround: Use the config-register 0x2102 global configuration command to avoid this situation.

CSCdr91141

A Cisco 5300 series router running Open Settlement Protocol (OSP) under a full load with Cisco IOS Release 12.1(3)T may reload. There is no workaround.

CSCdr93392

A Cisco AS5300 series universal access server reloaded because of a TCL IVR bus error while executing tcl_setup_radius_buffer. There is no workaround.

CSCdr93796

When using tool command language interactive voice response (TCL IVR) 1.0 or TCL IVR 2.0 application scripts are used, a memory leak may occur that will cause the Cisco router to reload. This situation occurs when silence is used during prompt playout (the "%s<millisecond>" format character). There is no workaround.

CSCdr94729

A Cisco 2600 series router running Cisco IOS Release12.1(3)T with two port high-density voice (HDV) cards will reload while rebooting the router a second time or n times.

Workaround: Power-cycle the router.

CSCdr94866

Translation Rule pattern ^.% does not work as desired to add a prefix and the following error message is produced:

translation-rule 9 Rule 0 00 00 Rule 1 10 00 Rule 2 ^.% 007

Rule two inserts the prefix after the first digit in the dialed number producing the following error message:

Beernem#test translation-rule 9 The replace number 2007345

Beernem#test translation-rule 9 The replace number 1007111

There is no workaround.

CSCdr95662

The translation-rule does not match to any available type of number (international, national, subscriber, abbreviated, or unknown), including the keyword any. There is no workaround.

CSCdr95744

Hot Standby Router Protocol (HSRP) support for Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) does not work in Cisco IOS Release 12.1(3)T.

Workaround: Upgrade to Cisco IOS Release 12.1(5)T.

CSCdr96930

If Location Request (LRQ) triggers are set on the gatekeeper using the GKAPI/GKTMP interface, the Cisco router will reload. There is no workaround.

CSCdr97080

A Cisco 7200 series router running Cisco IOS Release 12.1(3)T images experiences a problem in forwarding IP packets received on a VPN routing/forwarding instance (VRF) interface to the Multiprotocol Label Switching (MPLS) core. The Cisco 7200 series router reloads because of a bad pointer when forwarding packets on the IP to MPLS path. There is no workaround.

CSCdr97076

A Cisco gateway running a TCL IVR 2.0 script may reload due to a memory leak. There is no workaround.

CSCdr97427

A Cisco 7500 series router that runs on the r7k processor (RSP8 and possibly others) may reload if all of the following conditions are true:

It is configured as a Multiprotocol Label Switching (MPLS) Router.

It is running Cisco IOS Release 12.1(3)T or later.

It has serial or High-Speed Serial Interface (HSSI) interfaces that are either VIP (Versatile Interface Processors) or non-VIP, but the router is running the ip cef command in non distributed mode.

The serial or HSSI links receive MPLS packets.

There is no workaround.

CSCdr97849

Distributed Committed Access Rate (DCAR) matching on Quality of Service (QoS) group does not work. There is no workaround.

CSCdr97871

When a Multiservice Route Processor (MRP) resets, if there is a DHCP/BOOTP server on the network, the MRP may get an IP address from this DHCP server and may not be able to start up. Therefore, the MRP will be in ROM monitor mode.

Workaround: Unplug the IP PBX from the reset of the network and then restart the MRP(s). After the MRP has been started, the IP PBX can be plugged in again. During this time, the IP phone system is completely down. The IP phone system will fail every time when the IP PBX system is initially brought up because the Multiservice Route Processor (MRP) is started long before the SPE is up and running, so manual intervention is always required.

Alternate workaround: Ensure that all DHCP/BOOTP servers do not reply to the MRP. This can be accomplished by disabling BOOTP or by selectively disabling responses to the MAC addresses of each MRP.

CSCdr98190

There is minimal configuration when you enable password set to "cisco". A "no login" password will be configured under vty to ensure access from Processor Switching Module (PXM) "cc". The boot system image variable will be made persistent.

Workaround: Use the auto-load feature.

CSCdr98207

The Cisco AS5300 series universal access server does not provide ringback when calling in from the Public Switched Telephone Network (PSTN) when connected to the Cisco Call Manager IP PBX. The call manager phone rings, but the calling party coming in from the PSTN over E1 R2 signalling does not hear ringback. There is no workaround.

CSCdr98276

A reload may occur when a subinterface configured with Hot Standby Router Protocol (HSRP) is deleted. There is no workaround.

CSCdr98340

The Multiplex Identifier (MID) on Cisco Serving GPRS Support Node (SGSN)-D is not removed when the path fails and the Packet Data Protocol (PDP) context is deleted. There is no workaround.

CSCdr98687

A Cisco 7200 series router running Cisco IOS Release 12.1 E with the ip pxf command enabled and the random-detect interface configuration command configured on a congested output interface experiences tail drops too soon. This situation may prevent any random drops from the higher precedence flows. There is no workaround.

CSCdr98695

A configuration in which Gigabit Ethernet interfaces are being switched through Parallel eXpress Forwarding (PXF) with the fair-queue interface configuration command enabled may stop receiving packets if PXF is disabled and reenabled with a no ip pxf, ip pxf command sequence. This situation is seen when large access control lists (ACL) are configured. There is no workaround.

CSCdr99280

A Cisco AS5300 series universal access server running Cisco IOS Release 12.1(3)T images with a copy flash modem enabled to upgrade the modems to a portware different from the bundled portware will cause a software-forced reload.

Workaround: Use the spe firmware upgrade option to load new firmware.

CSCds00265

If a call comes into a gateway and the called number matches a Voice over IP (VoIP) peer that has a translation rule associated with it, the called number is translated properly. However, if the endpoint is not available, the gateway will roll to the next VoIP peer because of the max-conn dial peer configuration command, but will not use the translation rule configured for this VoIP peer to retranslate the original called number. There is no workaround.

CSCds01216

A Point-to-Point Protocol over Ethernet (PPPoE) accounting session shows that input packets and bytes are double their real value. Accounting values are taken from the Virtual Access interface. There is no workaround.

CSCds01278

When two WIC-1B cards are inserted into one NM-2W card, both BRI interfaces will have the same interface name. There is no workaround.

CSCds01810

A Cisco AS5300 series universal access server running Cisco IOS Release 12.1(4)T may experience multiple call failure on the same DS0 time slot. The CallTracker MIB is not populated with the account session ID for failed calls. There is no workaround.

CSCds02872

Routed Bridge Encapsulation (RBE) does not pad frames of a less-then-minimum Ethernet size to minimum Ethernet size if the router fast-switches the packet. If the remote site does not pad the frame, the packet will be dropped from the Ethernet as a runt.

Workaround: Turn off fast switching on the ATM interface.

CSCds04301

The Cisco Call Manager sends a "notify" message if the "display" option is enabled immediately after the Voice over IP (VoIP) call is set up without the User to User information element (UUIE) present. By default the Cisco IOS voice gateway expects the UUIE to be present in the "notify" message; however, the H.225 standard does not mandate this parameter. Also, the decoding logic on the Cisco IOS gateway produces an error in which the correctly encoded message by the Call Manager is being reported as incorrectly encoded. Under these conditions, the "status" message is sent to the Call Manager, and, in some cases, the call is disconnected. There is no workaround.

CSCds04307

The H.245 control channel is opened with the keep alive mode option set for the TCP socket used. This option causes the H.245 control channel TCP connection to drop randomly under a heavy work load on the Call Manager because the keep alive messages have not responded within the allowed time. As a result of the H.245 control channel closure the active call is dropped.

Workaround: Disable the TCP keep alive option for the H245 control channel.

CSCds04324

Network access server (NAS) rejects a Cisco vendor-specific attribute (VSA) as unsupported. There is no workaround.

CSCds04821

Calling the TCL IVR 1.0 placeCall verb with invalid parameters may cause a Cisco voice gateway to reload. In this situation, the placeCall verb returns a failure, which causes the application to disconnect the call without stopping the call disconnect timer. This sequence of operations may cause a reload. This behavior has no impact in environments using a properly written TCL IVR 1.0 application script. There is no workaround.

CSCds04867

A Cisco 3640 router running Cisco IOS Release121.3a.T with E1 R2 signalling receives an A2 event from the central office (CO). The router waits for 22 seconds before starting to retransmit the number one digit before the last digit received. Assuming the last digit was n, the A2 signal requests the transmission of digit n - 1. The router is not comprehending the switch instruction to resend the last digit in the dial string. As a result, the call will not complete. There is no workaround.

CSCds05364

When distributed Frame Relay Fragmentation (FRF.12) and quality of service (QoS) policy are configured on a large number of Frame Relay permanent virtual circuits (FR PVCs), FRF.12 may not function after the Cisco router reloads. The show frame-relay fragment command shows no fragment count even though FRF.12 appears to be configured properly.

Workaround: Reconfigure FRF.12 after the Cisco router reloads.

CSCds05420

An incoming call is matched with the default dial peer when plain old telephone service (POTS) interface dial peers are configured. If more than one POTS interface dial peers are defined for the same voice port and the first dial peer of the list is in "shutdown" state, then an incoming call will be matched with the default dial peer with tag 0.

Workaround: Remove a shutdown POTS dial peer.

CSCds05493

The output committed access rate (CAR) policies do not match packets for the Multiprotocol Label Switching (MPLS) IP packets. There is no workaround.

CSCds06345

A Cisco gateway reloads when configured with dual tone multifrequency (DTMF) digit relay for tunneling or when using H.225 tunneling. This situation results in the improper access of internal data structure that leads to the reload.

CSCds06802

Outgoing voice calls fail when running Cisco IOS Release 12.1(2)XF in countries where the switch type is NET3. There is no workaround.

CSCds07145

On a Cisco AS5800 series universal access server that is running Cisco IOS Release 12.1(3a)T1, Simple Network Management Protocol (SNMP) queries for variables in the CISCO-MODEM-MGMT-MIB will fail for ports numbered 72 and above on Digital multi meter (DMM) feature boards. SNMP queries for variables in this MIB will also fail for all ports on all types of feature boards that are in a higher numbered slot than the first DMM card. There is no workaround.

CSCds07546

Playout-delay information is not available in the output of the show voice-port privileged EXEC command. For most gateways, this is an informational command only. For default settings, this information is available when the more system:running-config command is enabled. However, for Cisco Integrated Communication System MRP200 gateways, the show voice-port privileged EXEC command output is used by the Internet Commerce Source Specific Multicast (ICSSM) (System Manager GUI) to collect settings to display and adjust relative quality of service (QoS) features.

Workaround (for information other than default): Use the more system:running-config command, and look for corresponding voice-port output.

Workaround (for default information): Use the playout-delay mode as the default; the playout-delay nominal buffer as 60 ms; and the playout-delay maximum buffer as 200 ms.

CSCds08137

A Service Assurance (SA) Integrated Services Adapter (ISA) in a Cisco 7200 series router may reload by bus error. There is no workaround.

CSCds08216

When you place a voice call on one channel of a digital signal processor (DSP) and a fax call on another channel on the same DSP simultaneously, DSP will fail to carry either of them.

Workaround: Verify a new DSP code by the DSP test team.

CSCds09905

On a Cisco AS5400 series universal access server running Cisco IOS Release 12.1(4)T, unalignment read in the I/O Cache memory causes the system to reload because it does not handle alignment correction.

Workaround: Configure the Cisco AS5400 series universal access server with the no io-cache enable command.

CSCds10029

Removing a service policy from a large number of Frame Relay permanent virtual circuits (PVCs) might prevent packets from being forwarded out of the entire interface. The commands that lead to this situation are:

interface s1/00:0
no frame-relay class name

or

map-class frame-relay map-class name
no service-policy {output} policy-map

Workaround: Attach a dummy Class-Based Weighted Fair Queueing (CBWFQ) policy to the interface, and then remove the policy.

CSCds10031

The remote IP address in authentication, authorization, and accounting (AAA) when any of the Voice over IP (VoIP) dial peers is configured to have registration, admission, and status (RAS) protocol as a session target in Cisco IOS Release 12.1(3)XI images that support H.323 gateway functionality. There is no workaround.

CSCds10426

Occasional Distributed Director may reload while using verify url EXEC command. There is no workaround.

CSCds10633

The priority feature on a Cisco 7200 series router does not work with IP Security (IPSec) tunneling. There is no workaround.

CSCds11189

Low Latency Queueing (LLQ) and Class-Based Weighted Fair Queueing (CBWFQ) do not function properly on an ATM subinterface policy after that interface has been brought down and up or if the link flaps.

Workaround: Apply the service policy under the permanent virtual connection (PVC). In this situation, the policy functionality is not affected by link flaps.

Alternate Workaround: Reattach the subinterface service policy after the interface or link comes up.

CSCds11350

When the debit card interactive voice response (IVR) 2.0 application is used with the supplementary services application and when multiple calls are made using a long pound a Cisco router may reload. There is no workaround.

CSCds11547

The isdn global-disconnect command that is needed to pass information elements (IE)s and complete messages in Cisco IOS Release12.1.3XI does not function properly. There is no workaround.

CSCds11977

On certain Cisco routers receiving ISDN calls, the originating router hears a loud high pitched tone before the call is answered. This situation occurs with R2, Voice over IP (VoIP), and ISDN calls. There is no workaround.

CSCds11982

Calls are being disconnected after a "setup" message is sent on terminating ISDN calls. This situation occurs when the isdn calling-number interface configuration command is used with the ISDN group. There is no workaround.

CSCds12962

The Multi Channel Interface Processor (MIP) logic avoids issuing an interrupt to the digital signal processor (DSP) for each and every packet. Instead, the MIP only issues an interrupt when the DSP packet queue is nearly full or mostly empty.

Workaround: Ensure that the MIP monitors the DSP so that it is processing packets when there are packets to process. Part of this function is to "nudge" the DSP with an additional interrupt whenever there are packets present, but the DSP is not working on them.

CSCds13547

When Output Rate Limiting is configured on a Versatile Interface Processor (VIP) interface and the router is reloaded, the Rate Limiting functionality will not be properly enabled, and the Distributed Committed Access Rate (DCAR) functionality does not take effect.

Workaround: Disable and then reenable the rate-limit interface configuration command.

CSCds13779

When output policing is configured on a Cisco 7200 series router, there is spurious access at the af_policer_ipfib_apply_output_police function. This situation is seen with Packet-over-SONET/SDH (POS) and Fast Ethernet (FE).

CSCds16120

If the show ip pxf accounting summary command is enabled on a Cisco 7200 series router after one of the output interfaces has been shut down, the Cisco router may declare a bus error exception and reload.

Workaround: Avoid using the show ip pxf accounting summary command.

CSCds16642

When dual tone multifrequency (DTMF) is enabled and H245 tunneling is used, a Cisco gateway may reload when the H245 or H225 connection is lost and there are DTMF digits to be sent out from the gateway. There is no workaround.

CSCds16727

When using a debitcard tool command line interactive voice response (TCL IVR) script you may hear a "no prompt available" message instead of the remaining credit amount. There is no workaround.

CSCds18035

While making ISDN calls with the show call resource voice stat command enabled, the digital signal 0 (DS-0) in-use channel statistics are not increased. There is no workaround.

CSCds18311

The digital signal 0 (DS-0) state from the ISDN non-facility associated signalling (NFAS) group is not reflected in the resource monitor when the show call resource voice stats privileged EXEC command is enabled. When running NFAS spans in a Cisco SS7 Interconnect for Voice Gateways Solution environment NFAS statistics are not mapped to the resource monitor. The Redundant Link Manager (RLM) connection between the network access server (NAS) and the SC Software is deactivated. The show isdn nfas group privileged EXEC command shows zero available B channels. The resource monitor shows that all DS-0s are still available. This situation causes problems with Resource Availability Indicator (RAI) information that the NAS is passing to the gatekeeper. RAI is dependant on the resource monitor information. Even though there are zero available B channels on the NAS, the gatekeeper still forwards calls because RAI indicates that there are still available resources. There is no workaround.

CSCds18585

When using non-facility associated signalling (NFAS), calls originating on the second and subsequent T1 spans of an NFAS group do not complete the audio path connection correctly. This situation also applies to SS7-controlled configurations that use NFAS to receive call signalling from a Cisco SC2200 signalling controller. There is no workaround.

CSCds18654

The Dynamic Host Control Protocol (DHCP) relay over an unnumbered interface does not function properly. There is no workaround.

CSCds19364

Audio prompts may fail to play during the use of a TCL IVR application that specifies an entire URL for an audio file. (For example, flash:en_enter_account.au.) There is no workaround.

CSCds20545

If you use the hunstop dial-peer configuration command in the plain old telephone service (POTS) dial peer of an outbound call leg may cause a memory leak. If you use the hunstop dial-peer configuration command often enough, the Cisco router eventually runs out of memory.

Workaround: Disable the hunstop dial-peer configuration command.

CSCds21333

Some Quality of Service (QoS) features may not perform as expected when Cisco Express Forwarding (CEF) is enabled. There is no workaround.

CSCds21813

While features such as access lists are being used on the Gigabit Switch Router (GSR) platform, there may be some spurious accesses when IP packets are switched. There is no workaround.

CSCds22646

A Cisco voice gateway using a TCL IVR 1.0 application may fail to collect digits when a no audio prompt has previously been played. This situation prevents the session.tcl application from collecting digits and completing calls. There is no workaround.

CSCds23512

The Cisco router may reload when performing Continuity Tests (COT).

Workaround (both outgoing and incoming calls): Do not have COT enabled.

Workaround (outgoing calls): Configure the Cisco SC2200 Signalling Controller with 0 percent COT.

Workaround (for incoming calls): Configure the far end COT is disabled.

CSCds23676

Configuration changes such as packet switching lockup and Parallel eXpress Forwarding (PXF) exceptions may occur while traffic is flowing with PXF enabled on an NSE-1.

Workaround: Disable PXF.

Alternate workaround: Reduce or remove traffic during reconfiguration.

CSCds24269

When a gateway interoperates with a gatekeeper that provides alternate endpoints with tokens associated with each endpoint, the memory allocated for the tokens may be a loss for the calls that are successfully accepted. This causes memory leaks by CCH323_CT process over time. There is no workaround.

CSCds24499

Router Information Protocol Version 2 (RIP V2) updates the stop after the cable modem attempts a renewal of a Dynamic Host Configuration Protocol (DHCP) lease. This renewal attempt will happen at the half-life of the DHCP lease. Removing and restarting the router RIP process on the cable modem will restore updates until the DHCP lease half-life timer expires. But, the cable interface must be shut down and brought back up if this is attempted.

Workaround: By stopping the RIP process and restarting it. This is only a temporary workaround.

CSCds26766

Multiprotocol Label Switching (MPLS) packets that are classified with a random-detect class map do not get counted by the weighted fair queuing code as displayed in the show policy-map interface command. There is no workaround.

CSCds26856

When a Cisco MC3810 router functioning as an originating gateway experiences a time-out of an automatic repeat request (ARQ) and sends a disengage request (DRQ) to the gatekeeper to indicate that it gives up the IP call, the gatekeeper might respond to the gateway with a Disengage Reject (DRJ) message. This prevents the gateway from cleaning up the call control block properly and causes the IP call to hang. Issuing the show call active voice command will show that there are active call records for the IP call leg, even though there is no active call. There is no workaround.

CSCds26993

The Fast Ethernet controller of the Route Processor Module (RPM) MGX receives all packets seen on the cable. There is no workaround.

CSCds27692

The clear gprs charging cdr tid command may cause the Gateway GPRS support Node (GGSN) to reload if the Serving GPRS Service Node (SGSN) does not respond to the subsequent delete_PDP_Request message from the GGSN.

Workaround: Avoid using the clear gprs charging cdr tid command.

CSCds28026

On rare occasions a Cisco Node Route Processor (NRP) may reload during configuration with the following error:

%ALIGN-1-FATAL: Corrupted program counter

This behavior happens due to a race condition involving the no tag ip configuration command.

Workaround: Shut down any interface which is to be changed through the no tag ip configuration command.

CSCds28576

A Cisco voice gateway running a TCL IVR application script may unexpectedly reload during periods of high call volume. There is no workaround.

CSCds28677

A Cisco AS5300 series universal access server does not send an answer signal upon receiving loop closure when using channel associated signalling (CAS) type e&m-immediate. This problem happens intermittently. When using this type of signalling, the Cisco AS5300 series universal access server works only with two-stage dialing so that the answer signal should be sent immediately after receiving the loop closure. There is no workaround.

CSCds31048

In a network operating with a gatekeeper that provides alternate endpoints in the Advanced Communications Function (ACF) messages, if the originating gateway fails to connect to the primary endpoint, it connects to the alternate endpoint and should update the remote IP address to the address of the alternate endpoint. However, the remote IP address continues to be the address of the primary endpoint and the address update does not take place. There is no workaround.

CSCds32426

The Cisco 3640 router with NM-HDV module running Cisco IOS Release 12.1(3a)XI1 reloads every 14 to 18 hours after running voice calls. No particular configuration or event seems to cause the reload. Interactive voice response (IVR) is used on some incoming calls while stack decodes points to possible cause of the reload. The following message is produced:

Lucent Definity PBX----T1/0 cas---3640-----T1/1 PRI---PSTN

A Cisco IOS voice gateway may reload when using a TCL IVR application script to play voice prompts to a user. There is no workaround.

CSCds33253

A Cisco MC3810 multiservice concentrator cannot configure g729a and g729ab under dial peer codec selection. As a result, the Cisco MC3810 multiservice concentrator loses 12 of 24 channels. There is no workaround.

CSCds34783

When interactive voice response (IVR) applications are used, memory being allocated for the vartag table is not removed. The CC-API process is charged with the memory. There is no workaround.

CSCds34978

A Cisco AS5300 series universal access server may reload due to a bus error in address 0x95608E86. There is no workaround.

CSCds36003

When using the dial access number 41214 while testing the G729 prompts with the interactive voice response (IVR) script, you cannot hear the language selection prompt. There is no workaround.

CSCds37738

Each outgoing fax call forces a Cisco 5300 series universal access server to reload. There is no workaround.

CSCds37779

In a Cisco Gateway GPRS Support Node (GGSN), the Create_PDP_Request is rejected if the request has a GPRS support node (GSN) address Information Element (IE) conforming to the Global System for Mobile Communications (GSM) 9.60 specification.

Workaround: Make the GSN address IE conform to the GSM 3.03 specification.

CSCds37837

Rate-based distributed quality of service (QoS) features such as traffic-shaping, Low Latency Queuing (LLQ), and police do not report the actual traffic rate after Compressed Real-Time Transport Protocol (CRTP) has compressed the packets. This could lead to premature packet drops.

For example, if the compression efficiency is 2 to 1, and a given QoS feature has enough tokens for two compressed packets, instead of being able to send a burst of two voice packets, the feature may drop the second packet because it does not debit the tokens using the compressed size.

There is no workaround.

CSCds37868

When placing a call between two private branch exchanges (PBXs), the call fails with the following Q931 message:

*Mar 1 19:24:25.814: ISDN Se1:15: TX -> DISCONNECT pd = 8 callref = 0x810C

*Mar 1 19:24:25.818: Cause i = 0x82AC - Requested circuit/channel not a vailable

This situation may corrupt Voice over Frame Relay (VoFR). There is no workaround.

CSCds38711

The Cisco Gateway GPRS Support Node (GGSN) fails when the Charging Path Protocol is TCP and there are two Cisco gateways configured and at least one gateway is functioning with no version of the gprs default charging-gateway  Primary CG > < Secondary CG > command is executed.

There is no workaround.

CSCds39390

The vendor-specific attribute (VSA) "h323-incoming-conf-id" changes along with the "h323-conf-id" attribute during a long-pound call. However, the "h323-incoming-conf-id" attribute should stay the same through out a call, while only the "h323-conf-id" attribute should change for each connection session. There is no workaround.

CSCds39623

The call active, history, and h323 commands stop the accounting record of a terminating gateway, showing the remote IP address as 255.255.255.255. Because the H323 accounting records have an erroneous remote IP address, if the accounting is done on the basis of remote address, you may face problems in RADIUS accounting. There is no workaround.

CSCds40653

Cisco Gateway GPRS Support Node (GGSN) reloads when the Charging Gateways (CGs) are functioning on the TCP link after unconfiguring and reconfiguring the CGs and an echo request comes from the CGs while the GGSN is still trying to get the TCP link established.

Workaround: Stop the echo request from getting to the CG until the TCP link is established.

CSCds40966

In Cisco IOS Release 12.1(4.3)PI, input Committed Access Rate (CAR) or IP precedence accounting on a Versatile Interface Processor (VIP) interface double-counts packets that are destined for a particular router. There is no workaround.

CSCds41207

On a Cisco AS5300 series universal access server configured with T1/CAS, after 10 to 12 hours of voice calls, the digital signal processors (DSP)s are reported to be in use even when there are no active calls. Issuing the show call resource voice stats privileged EXEC command will indicate that the DSP are in use. However, issuing the test dsp /show pool command will indicate that the DPSs are available. This problem is not seen with an ISDN configuration. If the Cisco AS5300 series universal access server is used in combination with a gatekeeper, this problem will cause the gatekeeper to misrepresent the amount of available resources. There is no workaround.

CSCds41226

A Cisco AS5300 series universal access server may reload unexpectedly while running Cisco IOS Release 12.1(3a)XI1 when making a phone call with a rotary feature reporting a software-forced reload. The console logs report the following error:

%SYS-6-STACKLOW: Stack for process placecall running low, 0/6000

There is no workaround.

CSCds42858

When using the h323-gateway voip bind ip ip-addr command, the source-address hub configuration command specified is not being used for H245 and Routing Table Protocol (RTP) packets.

Workaround: Use Cisco IOS Release 12.1(3A)XI, 12.1(5)T, or any image built after those releases.

CSCds43031

The Cisco Gateway GPRS Support Node (GGSN) reloads when there are two Charging Gateways (CGs) configured while trying to overwrite and switch the CGs.

Workaround: Perform the no version of the gprs def char primary secondary and configure the new charging gateways.

CSCds43806

Debit card applications running on Cisco IOS Release 12.1(4.4)T disconnect the outgoing Voice over IP (VoIP) call only after a few seconds. There is no workaround.

CSCds44187

On a MARS platform application when the application session command in dial peer configuration mode is configured on the dial peer, a terminating receiver that is off the hook may not properly detect a busy signal.

Workaround: Configure the dial peer with the no version of the application session command in dial peer configuration mode.

Note: Some features will not be available if the no version of the application session command is configured. In particular, if Session Initiation Protocol (SIP) is the session protocol, call transfer will not be available.

CSCds44227

A debit card application running Cisco IOS Release 12.1(4.3)PI works properly only during the first Voice over IP (VoIP) call. Second and subsequent VoIP connections may be established, but both calling and called parties do not hear each other. There is no workaround.

CSCds44566

In the following topology:

router -- atm -- vc X -- vc Y

you may not be able to pass traffic from vc X to vc Y with certain vendors equipment if both virtual circuits (VCs) are doing routed bridge encapsulation (RBE). This situation does not affect traffic generated by the Cisco router, a non-RBE interface configured as an ingress interface.

Workaround: Disable fast switching, and configure the no version of the ip route-cache command on the ATM interface configured with RBE.

CSCds45228

A Cisco AS5300 series universal access server reloads when polled for cpmCallCount and when the cpmCallCount box is moderately loaded with PRI and Voice over IP (VoIP) calls. There was a spurious memory access when polling for this MIB that caused the access server to reload. There is no workaround.

CSCds47561

The drop action of input police or input Distributed Committed Access Rate (DCAR) on Versatile Interface Processor (VIP) does not work. Packets that are supposed to be placed into VIP are sent to Route Switch Processor (RSP) instead. There is no workaround.

CSCds47805

When GSMEfr (32 bytes of audio packet) and GSMFr (32 bytes of audio packet) are used as the first and second codecs in a list of codec preferences for a Voice over IP dial peer and a slow start H.323 call is made from/terminated on the gateway using the dial peer with these codes, one-way audio is experienced. This occurs because the H.245 procedures choose gsmfr codec for the call. The Open Logical Channel (OLC) uses gsmFr with 33 bytes, but the H.323 code indicates the DSP with 32 bytes (GSMEFr codec bytes). Hence the 33 byte audio packets from the peer endpoint are dropped resulting in one-way audio.

Workaround: Make the GSMFr codec as the only or first entry in the voice-class codec list.

CSCds49295

XTagATM interfaces may fail to function properly. There is no workaround.

CSCds53215

Modular Quality of Service (MQS) features are not supported on legacy x Interface Processor (IP) interfaces. Yet when you configure the service-policy global configuration command on an xIP, the command is accepted. An error indicating that command is not supported should be generated. There is no workaround.

CSCds53249

The random-detect interface configuration command in ATM permanent virtual circuit (PVC) mode and ATM PVC bundle mode is not available. If the ATM PVC can be configured using the old style syntax (e.g., atm pvc vcd vpi vci), the random-detect interface configuration command is available in ATM PVC mode. In addition, the random-detect attach wred-group-name interface configuration command is unavailable at the interface level. There is no workaround.

CSCds53256

When a Cisco 5300 series universal access server with an ingress interface is under heavy load and the egress gateway fails, the ingress gateway will eventually reload after some hours. There is no workaround.

CSCds53483

The Cisco Gateway GPRS Support Node (GGSN) will reject a Create_PDP_Request if the number of Mobile Subscriber ISDN (MSISDN) digits is greater than nine. There is no workaround.

CSCds53550

When rate limiting with Committed Access Rate (CAR) Cisco Express Forwarding (CEF) does not drop packets as intended. There is no workaround.

CSCds53722

When a gateway calling card uses a PRI signal, a reload may occur. There is no workaround.

CSCds53760

A Cisco AS5300 series universal access server running Cisco IOS Release 12.1(4.4)T may reload when handling ISDN calls. There is no workaround.

CSCds54057

A Cisco gateway running Cisco IOS Release 12.1(4.4)T2 on phone one using Voice over IP (VoIP) to call another Cisco gateway running Cisco IOS Release 12.0(7)xr2 on phone two can hear voice on phone one, but phone one can still hear ringback with no voice. There is no workaround.

CSCds55551

A Cisco router running calls through an AS5300 Network Access Server (NAS) with an IOS 12.1(3a) SS7 Interconnect for Voice Gateways solution may have the release cause code that was was given and propagated back to SS7 and the SC2200 cleared (0x10) if the TCP connection for a call on an ingress NAS fails. This may cause billing systems to incorrectly bill the call even though the call was never setup and completed. There is no workaround.

CSCds56049

A Cisco 5300 series universal access server using a Cisco gateway running Voice over IP (VoIP) will disconnect a call from phone one to phone two without sending a "stop-account message" for call leg one. There is no workaround.

CSCds57077

If the balance in a portal account is more than 300RMB the portal billing system will return the number 13 in a second authorization attempt which means a toll free call. Because interactive voice response (IVR) does not support the long pound function for a toll free call the call will be disconnected.

For portal accounts with a balance less than 300RMB the portal billing system will return the number 0 which is the normal setting, but the portal console still shows there is something wrong and IVR script will terminate. There is no workaround.

Wide-Area Networking

CSCdp87883

The VPDN group config commands terminate-from and local name do not get set in the configuration when the VPDN protocol is PPTP. There is no workaround.

CSCdr27246

Under rare circumstances, a Cisco router may experience a software-forced reload. The router displays the following queued messages:

%SYS-3-LOGGER_FLUSHING: System pausing to ensure console debugging output. validblock_diagnose, code = 11 current memory block, bp = 0x61BA5080, memory pool type is Processor data check, ptr = 0x61BA50A8 next memory block, bp = 0x61E02608, memory pool type is Processor data check, ptr = 0x61E02630 previous memory block, bp = 0x61E02660, memory pool type is Processor data check, ptr = 0x61E02688 %SYS-3-BADMAGIC: Corrupt block at 61BA5080 (magic 61E0058C)-Traceback= 6036EBD0 603705D0 602FAEDC 602E09A8 60302C54 6030EEA4 60361794 60361780 %SYS-6-MTRACE: mallocfree: addr, pc 61BA50A8,602FAED4 61BA4DCC,602F5274 61BA4DCC,40000020 61CE6A20,602F5164 61CE6A20,40000016 61CE5E64,60369FDC 61BA5484,60369FDC 61CD53CC,60369FDC

The following combination of actions causes this situation to occur:

The service password-encryption global configuration command is already enabled or is enabled before the third action. The username password global configuration command is entered with unencrypted passwords for more than one user. A command causes the running configuration to be displayed. (examples: the write terminal command, the copy running-config startup-config command, or answering "yes" at the "System configuration has been modified. or Save?" prompt after using the reload EXEC command.) During the conversion from unencrypted to encrypted passwords, all passwords except the final encrypted password become corrupted. For example, if username one password one, username two password two, username three password three, is entered, the encrypted passwords represented by "one" and "two" will become corrupted. The passwords will become one of two things:

Random characters that are invalid for a password. The same as the final password. In the example above, all three passwords would be the same as the password for "three". These passwords are not corrupted until after the running configuration has been displayed or saved, so the first commands, such as write terminal and copy running-config startup-config, will show a correct configuration, but the corresponding subsequent commands will show the corrupted passwords. If the password is corrupted, that username will not be able to log in. If the password is changed to the last entry, the earlier usernames might be able to log in using the password of the last user. If users are deleted, the router might reload. If the passwords are already encrypted, this problem does not occur so there will be no problem with existing configurations.

Workaround: Configure and display passwords one at a time. To add the passwords in the example above, the following command sequence could be used: conf t, service password-encryption, username one password one, end, show running, conf t, username two password two, end, show running, conf t, username three password three, end, show running, conf t.

Alternate Workaround: Reload immediately after configuration. For example, the following command sequence will work: conf t, service password-encryption, username one password one, username two password two, username three password three, end, copy running-config startup-config, reload.

CSCdr45104

The Cisco 2600 series router BRI voice port loopback is not functional. There is no workaround.

CSCdr45407

On a Cisco router that is running Cisco IOS Release 12.1(0.9)T or an earlier release, a ping cannot go through a BRI interface until all of the following conditions are met:

The legacy dialer command is configured on the BRI interface.

The ppp multilink command is configured on the BRI interface.

At least two links are up.

There is no workaround.

CSCdr48629

On a Cisco AS5800 series universal access server that is running Cisco IOS Release 12.1(2a)XH or 12.1(3)T, if the ppp callback {accept} command is enabled on an asynchronous or group-asynchronous interface and if a call is made from a client into the access server, then the call will fail (regardless of whether callback is enabled or disabled for that particular user). There is no workaround.

CSCdr49022

When no Voice over IP (VoIP) calls are made for the period of one minute the Cisco AS5300 series universal access server goes dormant. The result is that a call cannot be made again from the Private Automatic Branch eXchange (PABX) to the Cisco AS5300 series universal access server side. The call must be made from the Cisco 2600 series router side in order for the Cisco AS5300 series universal access server to resume normal operation. There is no workaround.

CSCdr49426

Where you try to use a Cisco Route Switch Processor (RSP) as a switch between an ISDN cloud and a Frame Relay (FR) cloud, the RSP does not send anything back when it receives the ping packets from the other side. Instead the log shows the following message:

1d02h: %CBUS-3-BADVC: MIP 1/0 got bad VC packet 30810800 45000064 01290000 FF01906B 14010101 14010102 000093D3 02781E6C dt219#

The same test with FR clouds on both ends of the switch does not experience the problem. There is no workaround.

CSCdr54594

A reload may occur when a pad connection is closed using the escape sequence. There is no workaround.

CSCdr56959

When network access server (NAS) is reloaded on a Cisco SC2200 Signalling Controller, it sends wrong Non-Facility Associated Signalling (NFAS) interface number to the Cisco SC2200 Signalling Controller in Group Service Message that causes Customer Information Control System (CICS) being in LOCMAN and REMMAN state. There is no workaround.

CSCdr58453

Certain ISDN message sequences for a PRI-NI switchtype may cause the system to reload. There is no workaround.

CSCdr58788

Non-Facility Associated Signalling (NFAS) voice calls and Signalling System 7 (SS7) voice calls using a Cisco SC2200 signalling controller fail. There is no workaround.

CSCdr58953

When a voice application on an ISDN Basic Rate Interface (BRI) port that is running Cisco IOS Release 12.1(2)T has both B-channels of the BRI port in use, and a third call is tried from the Voice over IP (VoIP) call leg to this BRI port, the new call fails as it should. However, the disconnect procedure will sometimes cause one of the established calls where the VoIP call leg cannot hear from the BRI side to fail.

Workaround: Limit the number of calls on the dial peer to two.

CSCdr59431

On Cisco AS5400 and AS5800 series universal access servers running Cisco IOS Release 12.1(3)T or 12.1(3a)T1, a system reload may occur after eight to ten hours of continuously heavy loaded operation when TCP Header Compression is enabled. The reload occurs due to a per call memory leak that only occurs if TCP or IP Header Compression is enabled.

Workaround: Disable TCP/IP Header Compression.

CSCdr60424

When a Non-Facility Associated Signalling (NFAS) primary D interface is shut down, all of the calls are dropped. There is no workaround.

CSCdr61735

A system that is configured with Signalling System 7 (SS7) and ISDN interconnect application with Voice over IP (VoIP) may reload after running for several hours. There is no workaround.

CSCdr66101

The Redirecting Number (RDN) octet3a, displayinfo fields are not being propagated from ISDN to Voice over IP (VoIP). There is no workaround.

CSCdr69181

The Signalling System 7 (SS7) Continuity Test (COT) operation is not supported.

Workaround: Disable COT in the local Cisco SC2200 Signalling Controller and ensure that COT is disabled at the far end of the SS7 bearer link.

CSCdr80792

There is a potential leak in a call tracker record build even though the call tracker is not enabled. The show memory summary should show a lot of memory allocated with the "ISDN call-trkr" as a block named even when there is no call active. There is no workaround.

CSCdr86311

ISDN PRI calling out is disconnected by invalid information element contents caused by a misformatted channel_id information element (IE). The Channel_ID IE is formatted for Non-Facility Associated Signalling (NFAS) for non NFAS switches. There is no workaround.

CSCdr86963

Simple Network Management Protocol (SNMP) walk or getmany on a cfrElmiTable will lead to an infinite loop on T1 interfaces. There is no workaround.

CSCdr97632

All virtual private dial-up network (VPDN) functionality is defective. There is no workaround.

CSCds06583

The Resource Accounting feature generates a stop-failure record for Virtual Private Network (VPN) calls that were successful. Therefore, there will be two Accounting stop records for a successful VPN call. This problem occurs only with the following configuration added to AAA:

aaa accounting resource default stop-failure group radius

There is no workaround.

CSCds06857

In Cisco IOS Release 12.1(3.4)T, the PPP idle timeout does not work properly on virtual access interfaces.

Workaround: Use the dialer idle timeout.

CSCds08297

In Cisco IOS Release 12.1(3.4)T, PPP sessions that are being tunneled by L2F will not come up. This situation occurs only when the network access server (NAS) is tunneling the PPP sessions using L2F. IP Cisco Express Forwarding (CEF) is enabled and the PPP interface is of type PPPoA or PPPoE.

Workaround: Disable IP CEF on the NAS.

Alternate Workaround: Tunnel the PPP traffic using L2TP.

CSCds13727

One of the B channels may pause indefinitely after executing simultaneous calls from both ends and the setup specifies any channel in the channel ID console.

Workaround: Shut down the interface that the B channel is operating on.

CSCds14028

On a Cisco MC3810 Multiservice Concentrator running Cisco IOS Release 12.1(3)XI the disconnect cause received on a voice Basic Rate Interface (BRI) port may be reported to the originating Voice over IP (VoIP) gateway incorrectly. When BRI voice port receives disconnects cause 0x11 (User busy), it is reported to the remote router as 0x29 (temporarily unavailable). If the rerouting to the PSTN is configured on the originating gateway, the call will be rerouted.

Workaround: Upgrade to one of the later software releases where the problem is fixed.

CSCds23886

On a Cisco 5400 series universal access server on which dynamic High-Level Data Link Control (HDLC) resource allocation is performed, the 24th B channel time slot in T1 PRI may not be available for modem calls. There is no workaround.

CSCds31110

During a stress test, if you configure the shut/no shut command in DSP configuration mode on an interface, the calls may not get through again. There is no workaround.

CSCds33993

The Cisco AS5300 series universal access server is rejecting calls where the incoming SETUP has a Called Party Number information element (IE) containing Type of Number = 3. There is no workaround.

CSCds42582

There are some inconsistencies with the European Telecommunication Standards Institute (ETSI) specification for the net5 network side implementation. This situation does not affect normal call setup or teardown. There is no workaround.

CSCds49913

When a Cisco 3600 router receives an unknown error message from an ISDN switch, the router may reload. There is no workaround.

CSCds50303

The Continuity Test (COT) in SS7 and ISDN interconnect setup may force a Cisco router to reload when Cisco SS7 Interconnect for Voice Gateways Solution configuration with the isdn bchan resend-setup interface configuration command is configured.

Workaround: Enter the no isdn bchan resend-setup command.

CSCds63752

Channelized T3 (CT3) modules on Cisco AS5400 series universal access servers select the T1 controller for clocking but when using the dial-tdm-clock global configuration command to configure the time-division multiplexing clock, if T1 controller one is selected to be the master, the software selects port two.

Workaround: Configure port one to be the primary port.

Resolved Caveats—Cisco IOS Release 12.1(4)T

Cisco IOS Release 12.1(4)T was not released. Please see "Resolved Caveats—Cisco IOS Release 12.1(5)T" section.

Resolved Caveats—Cisco IOS Release 12.1(3a)T8

Cisco IOS Release 12.1(3a)T8 is a rebuild release for Cisco IOS Release 12.1(3)T. The caveats in this section are resolved in Cisco IOS Release 12.1(3a)T8 but may be open in previous Cisco IOS releases.

CSCdt78578

When enabling the no ip cef & no tag switching command, a Provider Edge (PE) route reflector redistributes the default route to their clients causing the receiver ready (RR) router to reload while pings are going through. There is no workaround.

CSCdt78831

The Internet Control Message Protocol (ICMP) Type 3, Code 4 Fragmentation required but DF bit set message is generated by a router when it realizes that a packet received on one interface is too large to be transmitted on a subsequent interface. The normal course of action would be for the router to fragment that packet into two or more pieces and send each one. However, with the Don't Fragment (DF) bit set the router cannot do this. Instead, it sends back a Fragmentation required but DF bit set message to the transmitter. Ideally, the transmitter will use this message (which contains the maximum packet size that could be transmitted without fragmentation) to reduce its packet size so that unfragmented end-end communications takes place. In the case of traffic sent across a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN), an additional overhead of 8 bytes (2 labels) is imposed by the (Provider Edge) PE router. For traffic generated from Ethernet (or default on T1 link) that is normally max mtu 1500 bytes, this is reduced to max 1492 bytes without fragmentation. So the ICMP message generated by the PE router should show 1492 bytes as the largest supportable frame size within the ICMP message. This issue was found in 12.1(3a)T3. There is no workaround.

Resolved Caveats—Cisco IOS Release 12.1(3a)T7

Cisco IOS Release 12.1(3a)T7 is a rebuild release for Cisco IOS Release 12.1(3)T. The caveats in this section are resolved in Cisco IOS Release 12.1(3a)T7 but may be open in previous Cisco IOS releases.

CSCdr54230

A Border Gateway Protocol (BGP) UPDATE contains Network Layer Reachability Information (NLRI) and attributes that describe the path to the destination. Each path attribute is a type, length, value (TLV) object. The type is a two-octet field that includes the attribute flags and the type code. The fourth high-order bit (bit 3) of the attribute flags is the Extended Length bit. It defines whether the attribute length is one octet (if set to 0) or two octets (if set to 1). The extended length bit is used only if the length of the attribute value is greater than 255 octets. The AS_PATH (type code 2) is represented by a series of TLVs (or path segments). The path segment type indicates whether the content is an AS_SET or AS_SEQUENCE. The path segment length indicates the number of autonomous systems (ASes) in the segment. The path segment value contains the list of ASes each AS is represented by two octets). The total length of the attribute depends on the number of path segments and the number of ASes in them. For example, if the AS_PATH contains only an AS_SEQUENCE, then the maximum number of ASes (without having to use the extended length bit) is 126 [= (255-2)/2]. If the UPDATE is propagated across an AS boundary, then the local Abstract Syntax Notation (ASN) must be appended and the extended length bit used. This situation is caused by the mishandling of the operation during which the length of the attribute is truncated to only one octet. Because of the internal operation of the code, the receiving border router is not affected, but its iBGP peers detect the mismatch and issue a NOTIFICATION message (update malformed) to reset their session. The average maximum AS_PATH length in the Internet is between 15 and 20 ASes, so there is no need to use the extended length. The failure was discovered because of a malfunction in the BGP implementation of another vendor. There is no workaround.

CSCdr54231

When Border Gateway Protocol (BGP) sessions are reset with the bgp log-neighbor-changes router configuration command, NOTIFICATION messages sent or received are visible only if you enable the debug ip bgp EXEC command.

Workaround: Use the Cisco IOS release that contains the fix for this caveat.

CSCdr59314

Multiple Cisco IOS software and CatOS software releases contain several independent but related vulnerabilities involving the unexpected creation and exposure of SNMP community strings. These vulnerabilities can be exploited to permit the unauthorized viewing or modification of affected devices.

To remove the vulnerabilities, Cisco is offering free software upgrades for all affected platforms. The defects are documented in DDTS records CSCds32217, CSCds16384, CSCds19674, CSCdr59314, CSCdr61016, and CSCds49183.

In addition to specific workarounds for each vulnerability, affected systems can be protected by preventing SNMP access.

This notice will be posted at http://www.cisco.com/warp/public/707/ios-snmp-community-vulns-pub.shtml.

CSCdr61016

Multiple Cisco IOS software and CatOS software releases contain several independent but related vulnerabilities involving the unexpected creation and exposure of SNMP community strings. These vulnerabilities can be exploited to permit the unauthorized viewing or modification of affected devices.

To remove the vulnerabilities, Cisco is offering free software upgrades for all affected platforms. The defects are documented in DDTS records CSCds32217, CSCds16384, CSCds19674, CSCdr59314, CSCdr61016, and CSCds49183.

In addition to specific workarounds for each vulnerability, affected systems can be protected by preventing SNMP access.

This notice will be posted at http://www.cisco.com/warp/public/707/ios-snmp-community-vulns-pub.shtml.

CSCdr67801

A Cisco 7200 series router or a Cisco 7500/RSP series router with a PA-A3 ATM port adapter may reload because of a bus error that points to an 0x50000000 address or an 0x08000000 address. These reloads occur after the PA-A3 port adapter driver has received a packet and attempts to process it.

Workaround: Disable Cisco Express Forwarding (CEF) by entering the no ip cef global configuration command on the Cisco 7200 series router or by entering the no ip cef [distributed] global configuration command on the Cisco 7500/RSP series router.

CSCdr73000

A Versatile Interface Processor (VIP) and a Cisco 7200 series router may reload while trying to access 0x08000000 in ct3sw_rx_interrupt().

Workaround: Disable the ip cef global configuration command.

CSCds04747

Cisco IOS software contains a flaw that permits the successful prediction of TCP Initial Sequence Numbers.

This vulnerability is present in all released versions of Cisco IOS software running on Cisco routers and switches. It only affects the security of TCP connections that originate or terminate on the affected Cisco device itself; it does not apply to TCP traffic forwarded through the affected device in transit between two other hosts.

To remove the vulnerability, Cisco is offering free software upgrades for all affected platforms. The defect is described in DDTS record CSCds04747.

Workarounds are available that limit or deny successful exploitation of the vulnerability by filtering traffic containing forged IP source addresses at the perimeter of a network or directly on individual devices.

This notice will be posted at http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml.

CSCds18899

When you export Routing Information Protocol (RIP) learned routes from one Virtual Private Network (VPN) to another VPN through Border Gateway Protocol (BGP) at the same Provider Edge (PE) router, these routes appear in the BGP table of the importing VPN but do not appear in the routing table. There is no workaround.

CSCds29989

The wrong label is assigned to one of the Virtual Private Network (VPN) routing/forwarding (VRF) routes from remote provider-edge routers (PEs) after a reload occurs. There is no workaround.

CSCds32217

Multiple Cisco IOS software and CatOS software releases contain several independent but related vulnerabilities involving the unexpected creation and exposure of SNMP community strings. These vulnerabilities can be exploited to permit the unauthorized viewing or modification of affected devices.

To remove the vulnerabilities, Cisco is offering free software upgrades for all affected platforms. The defects are documented in DDTS records CSCds32217, CSCds16384, CSCds19674, CSCdr59314, CSCdr61016, and CSCds49183.

In addition to specific workarounds for each vulnerability, affected systems can be protected by preventing SNMP access.

This notice will be posted at http://www.cisco.com/warp/public/707/ios-snmp-community-vulns-pub.shtml.

CSCds41629

After you add some channel groups under T1 or E1 controllers on a network that has some interfaces configured with Frame Relay encapsulation and some interfaces configured with High-Level Data Link Control (HDLC) encapsulation, a Cisco router reloads when you remove those channel groups and configure both channel groups again. There is no workaround.

CSCds48844

Enabling Multilink PPP on some interfaces on a PA-MC-2T3 port adapter card together with distributed Cisco Express Forwarding (dCEF) may cause tracebacks. There is no workaround.

CSCds57862

When you configure a Committed Access Rate (CAR) on a channelized interface and then remove the interface by using the E1 or T1 no channel-group controller configuration command, the CAR should be unconfigured since the interface is now gone. But when you configure a different channelized interface by using the E1 or T1 channel-group controller configuration command, the CAR, which is configured on the removed interface, appears in the newly created interface.

Workaround: Remove the CAR before removing the channelized interface.

CSCds57882

In a full mesh of Provider Edge (PE) routers, one or two of the PE routers may have a Border Gateway Protocol (BGP) table with multiple entries for the same route (there should be only one) with multiple tags. Clients of the PE routers still receive the correct BGP information. Virtual Private Network (VPN) routing/forwarding instance (VRF) interfaces on the PE routers may get an incorrect tag. This same situation is also seen at provider edge (PE) routers but not Routing Registry (RR).

Workaround: Clear the BGP session. Clearing the route fixes the tag situation but not the BGP table.

CSCds62892

In a full mesh of route reflectors, one or two of the route reflectors may have a Border Gateway Protocol (BGP) table with multiple entries for the same route (there should be only one) with multiple tags. Clients of the route reflector still receive the correct BGP information. Virtual Private Network (VPN) routing/forwarding instance (VRF) interfaces on the route reflector may get an incorrect tag. This situation may also occur with Provider Edge routers.

Workaround: Clear the BGP session. Clearing the route fixes the tag situation but not the BGP table.

CSCds75882

A subinterface created under an E1 channel group is misnumbered and misplaced in the output of the show running config command and the show ip interface command. There is no workaround. This caveat is a duplicate of CSCdt51478. See"CSCdt51478".

CSCdt30424

When you unconfigure the map-class frame-relay global configuration command, a Cisco router may reload.

Workaround: Remove the configuration under the map-class command instead of unconfiguring the map-class frame-relay command in the global configuration mode.

CSCdt35137

In a Multiprotocol Label Switching (MPLS) environment, when a customer edge (CE) router sends a packet that requires fragmentation, the Provider Edge (PE) router sends an "ICMP fragmentation required, but do not fragment set" message. When there are multiple CE routers connected to a PE router, the PE router drops the ICMP message as unroutable to some CE routers, even though the CE routers are directly connected and a route appears in the routing table. This situation does not occur in Cisco IOS Release 12.1(5)T1. There is no workaround.

CSCdt51478

A subinterface created under an E1 channel group is misnumbered and misplaced in the output of the show running config command and the show ip interface command. There is no workaround.

Resolved Caveats—Cisco IOS Release 12.1(3a)T6

Cisco IOS Release 12.1(3a) T6 is a rebuild release for Cisco IOS Release 12.1(3) T. The caveats in this section are resolved in Cisco IOS Release 12.1(3a) T6 but may be open in previous Cisco IOS Releases.

CSCdr67801

A Cisco 7200 series router or a Cisco 7500/RSP series router with a PA-A3 ATM port adapter may reload because of a bus error that points to an 0x50000000 address or an 0x08000000 address. These reloads occur after the PA-A3 port adapter driver has received a packet and attempts to process it.

Workaround: Disable Cisco Express Forwarding (CEF) by entering the no ip cef global configuration command on the Cisco 7200 series router or by entering the no ip cef distributed global configuration command on the Cisco 7500/RSP series router.

CSCdr73000

A Versatile Interface Processor (VIP) and a Cisco 7200 series router may reload while trying to access 0x08000000 in ct3sw_rx_interrupt().

Workaround: Disable the ip cef global configuration command.

CSCds18899

When you export Routing Information Protocol (RIP) learned routes from one Virtual Private Network (VPN) to another VPN through Border Gateway Protocol (BGP) at the same Provider Edge (PE) router, these routes appear in the BGP table of the importing VPN but do not appear in the routing table. There is no workaround.

CSCds29989

The wrong label is assigned to one of the Virtual Private Network (VPN) routing/forwarding (VRF) routes from remote provider-edge routers (PEs) after a reload occurs. There is no workaround.

CSCds41629

After you add some channel groups under T1 or E1 controllers and some interfaces configure Frame Relay Encapsulation and some interfaces configure High-Level Data Link Control (HDLC) encapsulation, a Cisco router will reload when you remove those channel groups and configure both channel groups again. There is no workaround.

CSCds48844

Enabling Multilink PPP on some interfaces on a PA-MC-2T3 port adapter card together with distributed Cisco Express Forwarding (dCEF) may cause trace backs. There is no workaround.

CSCds62892

A Cisco router that is acting as a Provider Edge (PE) router in a Multiprotocol Label Switching (MPLS)/Virtual Private Network (VPN) may show an incorrect tag value for some VPN routing/forwarding instance (VRF) routes. This situation breaks connectivity between the local and remote VPN networks. The problem may occasionally appear under specific timing conditions in networks with unstable (flapping) VRF links and redundant Route Reflectors (RR) that are at different geographical locations (different network connection speed). The recovery method is to use the clear ip route vrf vrf-name {ip-address} EXEC command, where vrf-name is the VRF that includes the route and the corresponding IP address.

Workaround: Use a single RR.

CSCds75882

A subinterface created under an E1 channel group is misnumbered and misplaced in the output of the show running - config command and the show ip interface command. There is no workaround.

CSCdt30424

When you unconfigure the map-class frame-relay global configuration command, the Cisco router may reload.

Workaround: Remove the configuration under the map- class command instead of unconfiguring the map-class frame-relay global configuration command.

CSCdt35137

In an MPLS environment, when a CE (Customer Edge) router sends a packet which requires fragmentation, the PE (Provider Edge) router will send an "ICMP fragmentation required, but do not fragment set" message (also called a "Datagram Too Big" message). When there are multiple CE routers connected to a PE router, the PE router will drop the ICMP message as unroutable to some CE routers, even though the CE routers are directed and a route appears in the routing table. There is no workaround.

Resolved Caveats—Cisco IOS Release 12.1(3)T

All the caveats listed in this section are resolved in Cisco IOS Release 12.1(3)T. This section describes severity 1 and 2 caveats and select severity 3 caveats.

Access Server

CSCdr71878

The default bundled portware for a Cisco AS5300 or an AS5800 series access server needs to be 2.7.2.0. The current default firmware is 2.7.1.1, which does not support inbound messaging.

Workaround: Manually download 2.7.2.0 from Cisco.com and configure the access server to download this firmware to the modems using the see global configuration command.

Basic System Services

CSCdr77832

When you start a Service Assurance (SA) agent operation of any type on a Cisco 1600 series router, a CPU exception error message occurs. There is no workaround.

EXEC and Configuration Parser

CSCdr46291

With Asynchronous Call Queuing configured, some attempts to telnet to the router will fail even though lines are available. There is no workaround.

Interfaces and Bridging

CSCdr61934

802.1Q bridging does not work on a Cisco Route Switch Processor (RSP) that is running Cisco IOS Release 12.1(2.2)PI or a later release. There is no workaround.

IP Routing Protocols

CSCdr10934

A Cisco router that is running Cisco IOS Release 12.1 T and that is using Resource Reservation Protocol (RSVP) might reload when handling static path reservations. This situation occurs when the router runs Routing with Resource Reservation (RRR) tunnels or Common Open Policy Service (COPS) applications. There is no workaround.

Miscellaneous

CSCdr13589

Maximum-length Message Signalling Units (Muses) are discarded when you use the Cisco Signalling System 7 (SS7) Signalling Link Terminal (SLT). There is no workaround.

CSCdr48026

On a Cisco 7200 series router, traffic is not classified correctly in the mpls->ip path for traffic from provider-edge routers (PE) to customer-edge routers (CE) for "untagged destinations." This situation results in packets getting incorrect weight and therefore, incorrect service. There is no workaround.

CSCdr48143

The H.323 protocol stack on Cisco IOS software uses a third-party Abstract Syntax Notation One (ASN.1) library, and Cisco does not have control over the source code. Under some situations, when there are encoding errors and no free memory is available, a Cisco router reloads inside the third-party library code. In the third-party library code, the _oss_freeGlobals() function is called by the ASN encoder, to free all allocated memory whenever an error is detected. However, the encoder does not free the memory gracefully and causes the router to reload.

Workaround: Upgrade to Cisco IOS Release 12.1 T, which uses a Cisco-developed ASN1 library code.

CSCdr48618

Continuity Test (COT) in loopback mode fails in a Cisco router that is running Cisco IOS Release 12.1 PI or 12.1 T. There is no workaround.

CSCdr51651

When you reload a Cisco router that it is running Cisco IOS Release 12.1(2)T, any configured secondary IP addresses on Ethernet and Bridge Group Virtual Interface (BVI) interfaces are removed from the configuration. During start-up, the Cisco router displays the following error message:

Secondary addresses not allowed with negotiated addresses

Workaround: Reconfigure the secondary IP.

CSCdr52861

There is a missing incoming_guid copy in the Cisco IOS Release 12.1 PI that gets synchronized into Cisco IOS Release 12.1(2.3)T.

Workaround: Insert the copy line.

CSCdr55351

When Channel-Associated Signalling (CAS) pre authentication is enabled after Dial-In over ISDN/automatic number identification (DNIS/ANI) collection for E1 R2 Signalling, Cisco IOS software will not send an answer signal until it gets a response from the RADIUS server. If the call is accepted, Cisco IOS software will send a register answer signal and a connect-through-the-line answer. If the call is rejected, Cisco IOS software will send a busy signal and send idle to disconnect the call. There is no workaround.

CSCdr55864

The botflies file system might be corrupted after a system reload. This situation occurs only after a reloaded file is written to botflies. There is no workaround.

CSCdr56776

On a Cisco 5300 series universal access server that is running Cisco IOS Release12.1(2)T and Release 12.1(3)T, the debug as command does not work correctly. There is no workaround.

CSCdr57325

The Open Settlement Protocol (OSP) feature does not work because of the missing roaming capability on the new tool command line (TCL) interface infrastructure. There is no workaround.

CSCdr60236

Frames with Ethernet frame check sequence (FCS) that are queued for process-level handling are dropped incorrectly with a format error. There is no workaround.

CSCdr64130

FAX Non Standard Facility (NSF) cannot be configured for Voice over Frame Relay (VoFR) or Voice over ATM (VoATM) on a dial peer router that is running Cisco IOS Release 12.1(2)T. There is no workaround.

CSCdr64408

Tool command line (TCL) interface script authorization fails while sending Mind Server with correct account or password information. This situation affects all debit card TCL scripts. There is no workaround.

CSCdr64591

Calls from PBX2 to PBX 1 are connected, but no ring tone is heard. Debugging shows that a "T" digit is matched although there is no "T" digit configured in the dial peer destination pattern. This situation causes the router to miss the ring tone from the called party.

Workaround: Turn off H.323 fast-start functionality on all VoIP dial peer routers by performing a re-qos controlled-load.

CSCdr64913

On a Cisco AS5800 series universal access server that is running Cisco IOS Release 12.1(2a)XH or Cisco IOS Release 12.1(3)T, the show modem operational-status and the show modem configuration EXEC commands display nothing for Modem ISDN channel aggregation (MICA) Hex Modem Module/Double-Density Modem (HMM/DMM) modem ports.

Workaround: Use the show modem [slot/port] or the show modem log [slot/port] EXEC commands to view modem history statistics.

CSCdr68372

When Multilink PPP and fast switching or Cisco Express Forwarding (CEF) switching are configured, Real Time Protocol (RTP) packets are not compressed.

When you use Multilink PPP for link fragmentation and interleaving (LFI) in a voice and data environment, the ip rtp header-compression command has no effect on most platforms and can cause a Cisco 7200 series router to reload.

Workaround: Turn off fast switching or CEF switching by using the no ip cef and the no ip route-cache global configuration commands.

CSCdr68821

Digit collection on the IP leg of a Media Gateway Control Protocol (MGCP) call will fail. There is no workaround.

CSCdr69220

On a Cisco router that is running Cisco IOS Release 12.1(2)T with the Airline Product Set (ALPS) set and encapsulated Airline Control (ALC), ALPS circuit processing queues always queue data regardless of the state of the peer or the circuit. Reliance on failure processing to discard the packets is a solicited error because the router sends service message after the loss of a packet. The circuit failure notification takes 15 to 30 seconds. If the packet lifetime timer has been exceeded, the router generates a service message. The time to generate a service message is random because it depends on when the message is queued. Because the timers are hardcoded, the CRT is locked until a 30 second timer expires at the agent-set control unit (ASCU) or the service messages is received.

Workaround: Upgrade to a Cisco IOS release that has the fix for this bug.

CSCdr70409

Cisco gateways that are registered to some vendor gatekeepers and that send an Admissions Confirm (ACF) message with Clear Tokens consisting of unknown object identifiers in the nonstandard field of the Charlottetown structure might experience a memory leak in the CCH323_CT process.

Workaround: Set the gatekeeper not to send ClearTokens and disable the gateway security.

CSCdr70698

The tool command line (TCL) interface 1.0 interactive voice response (IVR) infrastructure does not properly handle ISDN PROGRESS indication messages. This situation can result in incomplete calls, inaudible ringback, and busy tones when you use certain ISDN switchtypes.

TCL session application ignores the CC_EV_CALL_PROGRESS event from the call control applications programming interface (CCAPI), so this event is not passed to the Voice over IP (VoIP) Service Provider Interfaces (SPIs). This condition breaks the alerting function for calls terminating on channel-associated signalling (CAS) trunks. There is no workaround.

CSCdr71105

When you configure Circuit Emulation Service (CES) over switched virtual circuits (SVCs) with the CES network module (NM), the connection may pause indefinitely in the "coming up" state.

Workaround: Use the shut command followed by the no shut command on the T1 controller that is marked as down.

CSCdr71125

When Cisco voice gateways operate with alternate endpoints as directed by the gatekeeper, the free event queue buffers may get depleted.

Workaround: Disable the alternate endpoints.

CSCdr75648

Outgoing fax calls do not work on a Cisco AS5800 series universal access server with an E1 controller. There is no workaround.

CSCdr87083

After a user runs Simple Gateway Control Protocol (SGCP) calls for several minutes, a Cisco router experiences 100 percent CPU usage and cannot process any calls. The router will not reload automatically (which only takes about 1 minute). The CPU high utilization is at VOIP_RTCP process. There is no workaround.

CSCdr88376

When voice and data are both running in Frame Relay Low Latency Queuing (FR LLQ) configuration, some of the data packets are being classified as voice. This situation will result in police and consequent packet drops in the priority queue, which will cause bad voice quality.

Workaround: Turn on process-switching on the incoming interfaces for voice and data.

Wide-Area Networking

CSCdr27246

Under rare circumstances, a Cisco router may experience a software-forced reload. The router displays the following queued messages:

%SYS-3-LOGGER_FLUSHING: System pausing to ensure console debugging output.

validblock_diagnose, code = 11 current memory block, bp = 0x61BA5080, memory pool type

is Processor data check, ptr = 0x61BA50A8 next memory block, bp = 0x61E02608, memory

pool type is Processor data check, ptr = 0x61E02630 previous memory block, bp = 0x61E02660, memory pool type is Processor data check, ptr = 0x61E02688

%SYS-3-BADMAGIC: Corrupt block at 61BA5080 (magic 61E0058C)

-Traceback= 6036EBD0 603705D0 602FAEDC 602E09A8 60302C54 6030EEA4 60361794 60361780 %SYS-6-MTRACE: mallocfree: addr, pc 61BA50A8,602FAED4 61BA4DCC,602F5274 61BA4DCC,40000020 61CE6A20,602F5164 61CE6A20,40000016 61CE5E64,60369FDC 61BA5484,60369FDC 61CD53CC,60369FDC

The following combination of actions causes this situation to occur:

The service password-encryption global configuration command is already enabled or is enabled before the third action.

The username password global configuration command is entered with unencrypted passwords for more than one user.

A command causes the running configuration to be displayed. (Examples: the write terminal command, the copy running-config startup-config command, or answering "yes" at the "System configuration has been modified" or "Save?" prompt after using the reload EXEC command).

During the conversion from unencrypted to encrypted passwords, all passwords except the final encrypted password become corrupted. For example, if username one password one, username two password two, username three password three are entered, the encrypted passwords represented by "one" and "two" will become corrupted. The passwords will become one of two things:

Random characters that are invalid for a password.

The same as the final password.

In the example above, all three passwords would be the same as the password for "three."

These passwords are not corrupted until after the running configuration has been displayed or saved, so the first commands, such as write terminal and copy running-config startup-config, will show a correct configuration, but the corresponding subsequent commands will show the corrupted passwords.

If the password is corrupted, the associated username will not be able to log in. If the password is changed to the last entry, the earlier usernames might be able to log in using the password of the last user. If users are deleted, the router might reload. If the passwords are already encrypted, this problem does not occur, so there will be no problem with existing configurations.

Workaround: Configure and display passwords one at a time. To add the passwords in the example above, the following command sequence could be used: conf t, service password-encryption, username one password one, end, show running, conf t, username two password two, end, show running, conf t, username three password three, end, show running, conf t.

Alternate workaround: Reload immediately after configuration. Use the following command sequence: conf t, service password-encryption, username one password one, username two password two, username three password three, end, copy running-config startup-config, reload.

CSCdr45407

On a Cisco router that is running Cisco IOS Release 12.1(0.9)T or an earlier release, a ping cannot go through a BRI interface until all of the following conditions are met:

The legacy dialer command is configured on the BRI interface.

The ppp multilink command is configured on the BRI interface.

At least two links are up.

There is no workaround.

CSCdr48629

On a Cisco AS5800 access server that is running Cisco IOS Release 12.1(2a)XH or 12.1(3)T, if the ppp callback accept command is enabled on an asynchronous or group-asynchronous interface and if a call is made from a client into the access server, the call will fail. There is no workaround.

CSCdr49022

When no Voice over IP (VoIP) calls are made for the period of one minute, the Cisco AS 5300 series universal access server goes dormant. The result is that a call cannot be made again from the Private Automatic Branch eXchange (PABX) to the Cisco AS5300 series universal access server side. The call must be made from the Cisco 2600 series router side in order for the Cisco AS5300 series universal access server to resume normal operation There is no workaround.

CSCdr49426

When you try to use a Cisco Route Switch Processor (RSP) as a switch between an ISDN cloud and a Frame Relay (FR) cloud, the RSP does not send anything back when it receives the ping packets from the other side. Instead the log shows the following message:

1d02h: %CBUS-3-BADVC: MIP 1/0 got bad VC packet 30810800 45000064 01290000 FF01906B 14010101 14010102 000093D3 02781E6C dt219#

When the same test with FR clouds on both ends of the switch is performed the problem does not occur. There is no workaround.

CSCdr56959

When a network access server (NAS) is reloaded on a Cisco SC2200 Signalling Controller, it sends the wrong Non-Facility Associated Signalling (NFAS) interface number to the Cisco SC2200 Signalling Controller in Group Service Message that causes Customer Information Control System (CICS) to be in LOCMAN and REMMAN states. There is no workaround.

CSCdr58453

Certain ISDN message sequences for a PRI-NI switch type may cause the system to reload. There is no workaround.

CSCdr58788

Non-Facility Associated Signalling (NFAS) voice calls and Signalling System 7 (SS7) voice calls using an SC2200 Signalling Controller fail. There is no workaround.

CSCdr58953

When a voice application on an ISDN BRI port that is running Cisco IOS Release 12.1(2)T has both B channels of the BRI port in use and a third call is tried from the Voice over IP (VoIP) call leg to this BRI port, the new call fails as it should. However, the disconnect procedure sometimes will cause one of the established calls in which the VoIP call leg cannot hear from the BRI side.

Workaround: Limit the number of calls on the dial peer to two.

CSCdr59431

On Cisco AS5400 and AS5800 series universal access servers running Cisco IOS version 12.1(3)T or 12.1(3a)T1, a system may reload after 8 to 10 hours of continuously heavy loaded operation when TCP header compression is enabled. The system reloads because of a per call memory leak that only occurs if TCP or IP header compression is enabled.

Workaround: Disable TCP/IP header compression.

CSCdr60424

When a Non-Facility Associated Signalling (NFAS) primary D interface is shut down, all of the calls are dropped. There is no workaround.

CSCdr61735

A system that is configured with the Signalling System 7 (SS7) and ISDN interconnect application with Voice over IP (VoIP) could reload after running for several hours. There is no workaround.

CSCdr66745

A traceback message might be produced because of de referencing an invalid idb pointer. There is no workaround.

CSCdr97632

All virtual private dialup network (VPDN) functionality is defective. There is no workaround.

Resolved Caveats—Cisco IOS Release 12.1(2)T

All the caveats listed in this section are resolved in Cisco IOS Release 12.1(2)T. This section describes severity 1 and 2 caveats and select severity 3 caveats.

Basic System Services

CSCdp73900

A Cisco MC3810 series multiservice access concentrator does not include the option to configure a G.729 "pre-ietf" codec when running Voice over IP (VoIP). This situation will affect the operability of MC3810 with other products running VoIP when those products are using Cisco IOS releases prior to Cisco IOS Release 12.0(4)T.

Workaround: Upgrade to Release 12.0(5)T (or a later release) for those products operating with MC3810 and running VoIP.

CSCdr41316

The ds0-group for a Cisco MC3810 multiservice access concentrator needs to be reconfigured every time it is rebooted. There is no workaround.

EXEC and Configuration Parser

CSCdp79614

Rotary groups under virtual vtys might not work. Attempts to make connections to that rotary group will show a message indicating that the connection is being queued even though the vty is free. There is no workaround.

Interfaces and Bridging

CSCdp71620

A Cisco Packet OC-3 Interface Processor (POSIP) might reload with a bus error. There is no workaround.

IP Routing Protocols

CSCdr01005

A Cisco router that is using Multiprotocol Label Switching (MPLS) traffic engineering might reload in or near rsvp_rrr_path_query. Sometimes this reload is accompanied by a SYS-6-STACKLOW message. There is no workaround.

CSCdr18972

Due to new RFC 2328, the calculation of summary route costs have changed. This situation might create suboptimal routing, if all of the are border routers (ABRs) are not upgraded to the new code at the same time.

Workaround: Upgrade all of the ABRs to the new code.

CSCdr32693

A Cisco router might reload if the generic routing encapsulation (GRE) nat-entries were deleted prior to deleting the Point to Point Tunneling Protocol (PPTP) control session nat-entry, when there was an address change on the interface on which it is overloaded. There is no workaround.

Miscellaneous

CSCdk34319

After sending packets at a very high rate through a PA-A3 port adapter on a Cisco 7200 series router, the router may reload if you remove the card and reinsert it to a different slot with a new configuration on the same interface at the new slot. The following error patterns occur on the console:

%SYS-2-LINKED: Bad enqueue of 60DFD980 in queue 60CCFB30 -Process= "<interrupt level>", ipl= 1 -Traceback= 602398F0 601C1370 602000C8 60203958 601C4408 601C81B0 %SYS-2-BADSHARE: Bad refcount in retparticle, ptr=14AF, count=0 -Traceback= 601C14FC 602000C8 60203958 601C4408 601C81B0

There is no workaround.

CSCdp28380

Multicast packets are sent out with an "all routers" destination multicast MAC address of 01005e000002 that corresponds to the "all routers" multicast IP address of 224.0.0.2. However, the destination multicast IP address in the packet is the correct one.

This method works on Windows 95 because Windows 95 accepts the packets with the "all routers" multicast address. With NT, the PC accepts the packets with the "all routers" multicast MAC address, but drops them when the multicast MAC address does not belong to the multicast IP address carried in the MAC frame.

This situation occurs in the node route processor/Layer 2 Tunnel Protocol Access Concentrator (NRP/LAC) and not in the CPE. You can verify this circumstance by turning on the show ip mcache EXEC command at the NRP. There is no workaround.

CSCdp56022

A Cisco 6400 series node route processor (NRP) that is running PPP over Ethernet (PPPoE) and Integrated Routing and Bridging (IRB) on the same NRP might occasionally experience some spurious memory accesses. There is no workaround.

CSCdp66448

The alarm-forward feature on a Cisco 2611 router with a VWIC-2MFT-E1 Voice/WAN interface card does not work for E1 controllers on a Cisco router. This situation only affects the Cisco Signalling System 7 (SS7) Signalling Link Terminal (SLT) product. There is no workaround.

CSCdp68943

When there is a high volume of traffic moving through IP Security Protocol (IPSec), you might see the following message:

Memory allocation of 18196 bytes failed.

There is no workaround.

CSCdp82036

A Cisco router that is configured with Dynamic Host Configuration Protocol (DHCP) might reload.

Workaround: Remove DHCP from the router configuration.

CSCdp89660

When a gatekeeper is operated with multiple Location Requests (LRQs) or multiple gatekeepers per zone, there is a possibility that multiple Location Confirmations (LCFs) from multiple LRQ requests to multiple destination gatekeepers might occur. Under this condition, the gatekeeper will create a remote endpoint based on the first LCF received. The subsequent calls might fail if the LCF received is not from the zones that are used to create the remote endpoint as done from the very first success of LCF. These subsequent calls will be erroneously rejected. This situation can be diagnosed using gatekeeper debug to identify the problem (debug gatekeeper main 5). With debug enabled, the error message that indicates failure to create remote endpoint will appear. There is no workaround.

CSCdp89661

With Cisco IOS Release 12.0(7)XR, you should not try to explicitly destroy a static quality of service (QoS) profile created by a cable modem termination system (CMTS) and used for G.729 or G.711 upstream CBR service. These profiles occupy QoS profile index 3 and 4 in Cisco IOS Release 12.0(7)XR. The CMTS will not allow you to destroy the profiles. However, a failure in the qos profile delete command line interface (CLI) will cause the ubr7200 series router to reload when the first voice or fax call using the undeleted profile terminates.

Workaround: Do not try to destroy CMTS-created static QoS profiles used for CBR voice or fax at index 3 and 4.

CSCdp89692

A Cisco router will not check to learn if an interface data block (idb) needs to be initialized. There is no workaround.

CSCdp90731

A Cisco gateway does not comply with the H.323 specification of the International Telecommunication Union (ITU) because the ITU recently changed the specification dictating that newly created calls for an H.450.2 Call Transfer or H.450.3 Call Deflection generate a unique callIdentifier. The previous specification dictated that new calls should reuse the existing callIdentifier from a previous call. This situation causes interoperability problems with third party Gatekeepers that expect a unique callIdentifier for forwarded or transferred calls, and the duplicate callIdentifier causes the gatekeeper to reject the new call. There is no workaround.

CSCdp94386

The H.323 Implementor guide published by ITU recently introduced language that dictates when creating a new call for an H.450.2 Call Transfer or H.450.3 Call Deflection, the new call SHALL generate a unique callIdentifier; previously the Implementor guide specified that the new call should re-use the existing callIdentifier from a previous call.

Since our gateway follows the old specification, we are now in violation of the H.323 Specification. Additionally, we are seeing interoperability problems with third-party Gatekeepers that expect a unique callIdentifier for forwarded/transferred calls; the duplicate callIdentifier causes the Gatekeeper to reject the new call.

Also, the behavior will cause backward-compatibility problems between 12.1(1)T and future IOS releases of the Cisco Gateway. Since the post-12.1(1)T gateway must follow the new specification, it will be incompatible with 12.1(1)T.

There is no workaround for this problem.

CSCdr02575

A Session Initiation Protocol (SIP) subsystem will reload on Domain Name System (DNS) query when the DNS entries configured on the DNS server have a Time To Live (TTL) value set to zero.

Workaround: Make sure that no DNS entry in the DNS server has TTL set to zero. This workaround does not impose any limitation.

CSCdr05787

For calls where a nonzero Progress Indicator Octet 4 value other than 0x08 is received, you will hear a ringback tone for the original call. However, if the call is deflected or transferred, you will not hear a ringback tone after the call is deflected or transferred. There is no workaround.

CSCdr05885

On a Cisco 2600 series router, a Cisco 3600 series router, or a Cisco Signalling System 7 Link Terminal (SS7 SLT), the firmware for the T1/E1 Multiflex Voice/WAN interface cards (VWIC-MFT-T1/E1) prematurely includes V.54 bit error rate testing features, which are not fully operational. There is no workaround.

CSCdr07128

When H.323 security is enabled on a gateway, the ClearToken parameter is included in the H.323 Registration, Admission, and Status (RAS) messages sent by the gateway to the gatekeeper. While the RAS messages are sent, memory is allocated for ClearToken structure and its contents to build the ClearToken. After receiving an appropriate response from the gatekeeper, the ClearToken memory is not freed for registration request (RRQ) messages, which results in a memory leak. There is no workaround.

CSCdr13184

Simultaneous traffic to the same cable modem (CM) with different IP Precedence rate limits configured using the Cisco vendor-specific IP Precedence rate limit results in erroneous rate limits being applied for non precedence data packets, which leads to packet loss and a fall in TCP throughput.

Workaround: Disable the IP Precedence rate limit setting to prevent TCP throughput from suffering by removing the IP precedence rate limit setting in the CM configuration file. This will affect voice quality when voice and data traffic are sent simultaneously to a CM. If voice quality is more important to you than TCP throughput, then no change is required.

CSCdr13675

The Secure Socket Layer Reference (SSLRef) Library is not properly integrated with the public key infrastructure (PKI) code base. Secure Socket Layer (SSL) verifies all certificates correctly, so it is important that the PKI configuration is correct. Prior to Cisco IOS Release 12.1(2)T, it was possible for SSL to appear to be verifying certificates even when the crypto ca identity global configuration command section of the configuration was incomplete.

For example, you must either specify how to obtain a Certificate Revocation List (CRL) from the certification authority (CA) server, or specify crl optional (which is not a secure solution). It is necessary to make this specification before PKI can verify a certificate as being valid. Before Release 12.1(2)T, this specification would not have been necessary because the certificates were not being verified anyway. There is no workaround.

CSCdr14471

In Signalling System 7 (SS7) applications, a Cisco router might not clear calls properly when the T1 or E1 physical layer fails. The show isdn {active} EXEC command shows the calls are still active. There is no workaround.

CSCdr14497

The H.323 gateway memory leaks slowly when running with quality of service (QoS) in H.245. This situation occurs when a gateway is configured with Resource Reservation Protocol (RSVP) and QoS in the Voice over IP (VoIP) dial peer for a value other than the best-effort default. The memory leak is approximately 64 to 100 bytes for each call. The router will eventually run out of memory.

Workaround: Do not use RSVP and specific QoS other than the best-effort default. Once the leak occurs, there is no workaround except to reboot.

CSCdr19087

In bundling, if the IP address on the master interface is configured with certain values, modems on all cable interfaces within the bundle will not be able to pass init(i).

Workaround: Do not use an IP address pool that has a hex value of "e" in the upper nibble of the third byte (bits 12-15) in any of the IP addresses in the pool.

CSCdr19962

A voice call on a Cisco 1750 series router that is running Cisco IOS Release 12.1(1.1)T might fail without generating a ring tone. On a Cisco 1750 router that is running Cisco IOS Release 12.1(1) and that has the same configuration, the call succeeds. There is no workaround.

CSCdr23090

If a frequency hop is triggered on an upstream port serving CBR slots, a Cisco ubr7200 series router might reload.

Workaround: Do not configure the frequency hopping feature on a U.S. port that will be serving CBR slots.

CSCdr23563

A Route Switch Processor (RSP) that is configured with Multiprotocol over ATM (MPOA) clients might take a large number of packets (approximately 500) to transfer the data through the MPOA shortcut. There is no workaround.

CSCdr28474

A Cisco 2613 series router that is running Cisco IOS Release 12.1 T or Release 12.0(7)XK1 might reload while booting up.

Workaround: Configure a memory-size iomem global configuration command in the startup-config file to read memory-size iomem 30.

Alternative workaround: Upgrade to Cisco IOS Release 12.1.

CSCdr30870

A Cisco router that is running Cisco IOS Release 12.1(1)T might experience the equivalent of a memory leak when session directory cache (SDR) duplicates entries.

Workaround: Enable timeouts for SAP cache, using the ip sap cache-timeout command (for example, ip sap cache-timeout 15). In some instances, using this configuration improves memory consumption rates.

CSCdr31521

If a controller on a Cisco 5300 series Signalling System 7 (SS7) configuration is down at boot time, the B-channels on that downed controller will show "in service" when you use the show isdn {services} global configuration command on the command-line interface (CLI). There is no workaround.

CSCdr37247

This situation occurs when Session Initiation Protocol (SIP) is configured to use Domain Name System (DNS) services and the domain name servers fail to respond to the queries sent from the router when Time To Live (TTL) for the cached DNS entries expire. SIP Voice over IP (VoIP) calls using DNS services might cause the router to reload.

Workaround: Use high TTL values in the domain name servers (7200 seconds or higher). Use high availability platforms for domain name servers.

CSCdr41465

When a Hot Standby Router Protocol (HSRP) group on a Catalyst 5000 Route Switch Feature Card (RSFC) VLAN with the standby use-bia interface configuration command configured becomes active, the Address Resolution Protocol (ARP) entry for the HSRP virtual IP addresses is not updated with the local burned-in MAC address (BIA). It is overwritten by the BIA of the router which was previously in the "Listen" state. This situation does not occur if only two routers are participating in the HSRP group.

This also affects other platforms when HSRP is configured on an encapsulated (ISL, dot1q etc.) interface.

Workaround: Do not configure the standby use-bia interface configuration command.

CSCdr43513

A Cisco 7200 series router that is running Cisco IOS Release 12.1(1.6) and that is configured with Multilink PPP (MLP) and Cisco Express Forwarding (CEF) switching might report the following alignment error messages on the console:

%ALIGN-3-CORRECT: Alignment correction made at 0x60DD3E0C reading 0xF9A052B

%ALIGN-3-TRACE: -Traceback= 60DD3E0C 603CC26C 6011C1F8 60361E18 60363A94 60363B58 00000000 00000000

This situation only occurs when you use MLP and CEF switching simultaneously. The alignment error count increases rapidly. The following message appears in the output of the show align command:

Router> align

Alignment data for:

7200 Software (C7200-JS-M), Version 12.1(1.6), MAINTENANCE INTERIM SOFTWARE

Total Corrections 8095, Recorded 1, Reads 8095, Writes 0

Initial Initial

Address Count Access Type Traceback

F9A052B 8095 16bit read 0x60DD3E0C 0x603CC26C 0x6011C1F8 0x60361E18

0x60363A94 0x60363B58

Workaround: Disable either MLP or CEF.

CSCdr43569

Dial-plan enhancements with wildcards "%," "?," "+," "[]," "()" and other features such as digit stripping are missing for voice features on the following Cisco products: 1700, 3600, 2600, 7200, and 7500 series routers; MC3810 multiservice access concentrators; and the AS5300 and AS5800 access servers.

Workaround: Upgrade to Cisco IOS Release 12.1(2)T.

CSCdr49828

A Cisco AS5300 series access server that uses new controller cards (either 4 ports or 8 ports T1/E1) with four serial interfaces might randomly reload. There is no workaround.

CSCdr51789

While running Continuity Test (COT) regressions, a NAS-1 network access server might reload when a call is placed. After the call is placed, the script is not able to get console access. Call control block (CCB) coder-decoder (codec) related fields are not initialized. There is no workaround.

CSCdr56030

A Cisco AS5800 series access server with 4 CE1 PRI cards disconnects incoming ISDN calls with the following message:

256 PDT: ISDN Se1/3/1:15: Ux_BadMsg(): Invalid Message for call state 11, call id 0xF6C, call ref 0x811C, event 0x13A0

There is no workaround.

CSCdr57699

When a Non-Facility Associated Signalling (NFAS) outgoing setup specifies a preferred B-channel and interface, and the "switch" negotiates for the same B-channel on another interface, the B-channel on the interface specified in the outgoing setup remains in the proposed service state. B-channels in the proposed service state are not usable for outgoing calls.

A change in the digital subscriber lines (DSLs) state through configuration (using the shutdown and no shutdown commands) does not restore the B-channel(s) to IN_SERVICE. A reload is necessary. There is no workaround.

CSCdr57917

The following messages are generated for every call disconnect with switchtype primary-ni configured:

ISDN ERROR: Module-l3_sdl_u Function-Ux_BadMsg

Error-Source ID = 400 Event = AB

There is no workaround.

CSCdr58453

While a call is connected with PRI-NI switch type and without a prior DISCONNECT message received, a release request from layers above ISDN might force a release message to be sent out and result in memory corruption. There is no workaround.

CSCdr73676

A manufacturer serial number is appended with 0x format when it should be displayed as an alphanumeric string. There is no workaround.

Wide-Area Networking

CSCdp61842

ISDN Layer 3 timers might not expire predictably when there is no activity. There is no workaround.

CSCdp73335

Modem calls over BRI do not work correctly. There is no workaround.

CSCdp76631

A Cisco 3661 series router reports the following error message when placing an outbound ISDN call:

VOICE ERROR 0x3A.

However, incoming calls work properly on the same router.

Workaround: Upgrade to Cisco IOS Release 12.1(00.09)PI, 12.0(07)XK, 12.1(01.03)T, or later.

CSCdp79627

A Cisco router might reload in cdapi_appl_send_message() during an overlap receiving call with primary Q (point of the ISDN model) Signalling (QSIG) switchtype if partial digits have been received and T302 ISDN timer expires. There is no workaround.

CSCdp88783

A Cisco router might exhibit a traceback message and switch to monitor mode when an ISDN interface is shut or when the interface is cleared. There is no workaround.

CSCdp97588

An ISDN User Part (ISUP) call generator that is configured on a Signalling System 7 (SS7) interface might experience a memory leak. There is no workaround.

CSCdr03992

The redirect number feature is not working for PRI Net5 switches. There is no workaround.

CSCdr04932

In violation of Q.931 of the International Telecommunication Union Telecommunication Standardization Sector (ITU-T), a Cisco router might not respond to RESTART messages from a basic-net3 routing switch. This situation might result in calls not being placed or accepted over the channel or interface by the originator of the RESTART message. There is no workaround.

CSCdr19899

A router might reload if an attempt is made to remove the ppp pap sent-username interface configuration command. The ppp pap sent-username command will also not work correctly. There is no workaround.

CSCdr20645

A Cisco 4500 series router might reload during periods of high PPP session activity (cells per second, not data rates) in PPP Manager because of a stack overflow. There is no workaround.

CSCdr24693

Layer 2 Tunnel Protocol (L2TP) or Layer 2 Forwarding Protocol (L2F) might fail to forward virtual private dialup network (VPDN) calls when using Challenge Handshake Authentication Protocol (CHAP) or Microsoft CHAP (MSCHAP) authentication.

This condition might occur when clients that are to be tunneled negotiate CHAP authentication with the L2TP Access Concentrator/network access server (LAC/NAS). The following error message will be displayed if you use the vpdn debug error command:

VPDN: Fail to copy authentication info

Workaround: There is no workaround if CHAP or MSCHAP authentication is required. If CHAP or MSCHAP is not required, use Password Authentication Protocol (PAP) authentication.

CSCdr30874

Overlap receiving for BRI might not work for NET3. Overlap is currently supported for NET3 and Q Signalling (QSIG) switchtypes only. There is no workaround.

CSCdr39270

If Calling Party number information element (IE) is received without any digits, the calling_oct3a field is set to 0. Instead, it should fill in the Octet 3a of this IE, so that upper layer applications get it. There is no workaround.

CSCdr45798

ISDN does not send the Called Party "Number Type" information received from the call switching module (CSM) in the outgoing SETUP message. There is no workaround.

Resolved Caveats—Cisco IOS Release 12.1(1)T

All the caveats listed in this section are resolved in Cisco IOS Release 12.1(1)T. This section describes severity 1 and 2 caveats and select severity 3 caveats.

Miscellaneous

CSCdp67512

A Cisco uBR7200 series universal broadband router that is running Cisco IOS Release 12.07XR might show a high CPU utilization despite very few modems and low data traffic. This situation will cause slow response times, and the router might be inaccessible by Telnet. There is no workaround.

CSCdp70339

A Cisco 3640 that is running Cisco IOS Release12.1(0.5)T with channelized T1 and digital modems, might experience very low (25 percent) modem call success rate (CSR). Many of the calls that do train up might be at very slow modulations such as V.21 or V.22bis. Nonetheless, some calls do train up at fast (V.34/V.90/K56Flex) modulations and, once connected, work well. ISDN data callers are not affected.

In calls from a handset into the Cisco 3640 router, about 70 percent of callers hear no modem answer back tone. Of the remaining 30 percent that do hear answer back tone, only the end of the tone is heard (V.22bis, V.21, etc.). About 10 percent of the time, the caller will hear the full answer back tone sequence starting with the normal V.8bis. There is no workaround.

CSCdp71987

On a Cisco uBR7200 series universal broadband router that is running Cisco IOS Release 12.1, the setting of max-cpe is enforced. There is no workaround.

CSCdp78708

A Cisco 5800 series router might reload when an asynchronous call is dialed. There is no workaround.

Obtaining Documentation

Cisco documentation and additional literature are available on Cisco.com. This section explains the product documentation resources that Cisco offers.

Cisco.com

You can access the most current Cisco documentation at this URL:

http://www.cisco.com/techsupport

You can access the Cisco website at this URL:

http://www.cisco.com

You can access international Cisco websites at this URL:

http://www.cisco.com/public/countries_languages.shtml

Product Documentation DVD

The Product Documentation DVD is a library of technical product documentation on a portable medium. The DVD enables you to access installation, configuration, and command guides for Cisco hardware and software products. With the DVD, you have access to the HTML documentation and some of the PDF files found on the Cisco website at this URL:

http://www.cisco.com/univercd/home/home.htm

The Product Documentation DVD is created monthly and is released in the middle of the month. DVDs are available singly or by subscription. Registered Cisco.com users can order a Product Documentation DVD (product number DOC-DOCDVD= or DOC-DOCDVD=SUB) from Cisco Marketplace at the Product Documentation Store at this URL:

http://www.cisco.com/go/marketplace/docstore

Ordering Documentation

You must be a registered Cisco.com user to access Cisco Marketplace. Registered users may order Cisco documentation at the Product Documentation Store at this URL:

http://www.cisco.com/go/marketplace/docstore

If you do not have a user ID or password, you can register at this URL:

http://tools.cisco.com/RPF/register/register.do

Documentation Feedback

You can provide feedback about Cisco technical documentation on the Cisco Technical Support & Documentation site area by entering your comments in the feedback form available in every online document.

Notices

The following notices pertain to this software license.

OpenSSL/Open SSL Project

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).

This product includes software written by Tim Hudson (tjh@cryptsoft.com).

License Issues

The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org.

OpenSSL License:

Copyright © 1998-2007 The OpenSSL Project. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".

4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact openssl-core@openssl.org.

5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project.

6. Redistributions of any form whatsoever must retain the following acknowledgment:

"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT "AS IS"' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com).

Original SSLeay License:

Copyright © 1995-1998 Eric Young (eay@cryptsoft.com). All rights reserved.

This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).

The implementation was written so as to conform with Netscapes SSL.

This library is free for commercial and non-commercial use as long as the following conditions are adhered to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com).

Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgement:

"This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)".

The word `cryptographic' can be left out if the routines from the library being used are not cryptography-related.

4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: "This product includes software written by Tim Hudson (tjh@cryptsoft.com)".

THIS SOFTWARE IS PROVIDED BY ERIC YOUNG "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

The license and distribution terms for any publicly available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution license [including the GNU Public License].

Cisco Product Security Overview

Cisco provides a free online Security Vulnerability Policy portal at this URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

From this site, you will find information about how to do the following:

Report security vulnerabilities in Cisco products

Obtain assistance with security incidents that involve Cisco products

Register to receive security information from Cisco

A current list of security advisories, security notices, and security responses for Cisco products is available at this URL:

http://www.cisco.com/go/psirt

To see security advisories, security notices, and security responses as they are updated in real time, you can subscribe to the Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed. Information about how to subscribe to the PSIRT RSS feed is found at this URL:

http://www.cisco.com/en/US/products/products_psirt_rss_feed.html

Reporting Security Problems in Cisco Products

Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you have identified a vulnerability in a Cisco product, contact PSIRT:

For emergencies only — security-alert@cisco.com

An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported. All other conditions are considered nonemergencies.

For nonemergencies — psirt@cisco.com

In an emergency, you can also reach PSIRT by telephone:

1 877 228-7302

1 408 525-6532


Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product (for example, GnuPG) to encrypt any sensitive information that you send to Cisco. PSIRT can work with information that has been encrypted with PGP versions 2.x through 9.x.

Never use a revoked encryption key or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page at this URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

The link on this page has the current PGP key ID in use.

If you do not have or use PGP, contact PSIRT to find other means of encrypting the data before sending any sensitive material.


Product Alerts and Field Notices

Modifications to or updates about Cisco products are announced in Cisco Product Alerts and Cisco Field Notices. You can receive Cisco Product Alerts and Cisco Field Notices by using the Product Alert Tool on Cisco.com. This tool enables you to create a profile and choose those products for which you want to receive information.

To access the Product Alert Tool, you must be a registered Cisco.com user. (To register as a Cisco.com user, go to this URL: http://tools.cisco.com/RPF/register/register.do) Registered users can access the tool at this URL: http://tools.cisco.com/Support/PAT/do/ViewMyProfiles.do?local=en

Obtaining Technical Assistance

Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. The Cisco Technical Support & Documentation website on Cisco.com features extensive online support resources. In addition, if you have a valid Cisco service contract, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not have a valid Cisco service contract, contact your reseller.

Cisco Technical Support & Documentation Website

The Cisco Technical Support & Documentation website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day at this URL:

http://www.cisco.com/techsupport

Access to all tools on the Cisco Technical Support & Documentation website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:

http://tools.cisco.com/RPF/register/register.do


Note Use the Cisco Product Identification Tool to locate your product serial number before submitting a request for service online or by phone. You can access this tool from the Cisco Technical Support & Documentation website by clicking the Tools & Resources link, clicking the All Tools (A-Z) tab, and then choosing Cisco Product Identification Tool from the alphabetical list. This tool offers three search options: by product ID or model name; by tree view; or, for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call.



Tip Displaying and Searching on Cisco.com

If you suspect that the browser is not refreshing a web page, force the browser to update the web page by holding down the Ctrl key while pressing F5.

To find technical information, narrow your search to look in technical documentation, not the entire Cisco.com website. On the Cisco.com home page, click the Advanced Search link under the Search box and then click the Technical Support & Documentation.radio button.

To provide feedback about the Cisco.com website or a particular technical document, click Contacts & Feedback at the top of any Cisco.com web page.


Submitting a Service Request

Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL:

http://www.cisco.com/techsupport/servicerequest

For S1 or S2 service requests, or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.

To open a service request by telephone, use one of the following numbers:

Asia-Pacific: +61 2 8446 7411
Australia: 1 800 805 227
EMEA: +32 2 704 55 55
USA: 1 800 553 2447

For a complete list of Cisco TAC contacts, go to this URL:

http://www.cisco.com/techsupport/contacts

Definitions of Service Request Severity

To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.

Severity 1 (S1)—An existing network is "down" or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.

Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operations are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.

Severity 3 (S3)—Operational performance of the network is impaired while most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.

Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

The Cisco Product Quick Reference Guide is a handy, compact reference tool that includes brief product overviews, key features, sample part numbers, and abbreviated technical specifications for many Cisco products that are sold through channel partners. It is updated twice a year and includes the latest Cisco channel product offerings. To order and find out more about the Cisco Product Quick Reference Guide, go to this URL:

http://www.cisco.com/go/guide

Cisco Marketplace provides a variety of Cisco books, reference guides, documentation, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:

http://www.cisco.com/go/marketplace/

Cisco Press publishes a wide range of general networking, training, and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:

http://www.ciscopress.com

Packet magazine is the magazine for Cisco networking professionals. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can subscribe to Packet magazine at this URL:

http://www.cisco.com/packet

Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:

http://www.cisco.com/ipj

Networking products offered by Cisco Systems, as well as customer support services, can be obtained at this URL:

http://www.cisco.com/en/US/products/index.html

Networking Professionals Connection is an interactive website where networking professionals share questions, suggestions, and information about networking products and technologies with Cisco experts and other networking professionals. Join a discussion at this URL:

http://www.cisco.com/discuss/networking

"What's New in Cisco Documentation" is an online publication that provides information about the latest documentation releases for Cisco products. Updated monthly, this online publication is organized by product category to direct you quickly to the documentation for your products. You can view the latest release of "What's New in Cisco Documentation" at this URL:

http://www.cisco.com/univercd/cc/td/doc/abtunicd/136957.htm

World-class networking training is available from Cisco. You can view current offerings at this URL:

http://www.cisco.com/en/US/learning/index.html