Table Of Contents
Resolved Caveats—Cisco IOS Release 12.2(13)T16
Resolved Caveats—Cisco IOS Release 12.2(13)T14
Resolved Caveats—Cisco IOS Release 12.2(13)T13
Resolved Caveats—Cisco IOS Release 12.2(13)T12
Resolved Caveats—Cisco IOS Release 12.2(13)T11
Resolved Caveats—Cisco IOS Release 12.2(13)T10
Resolved Caveats—Cisco IOS Release 12.2(13)T9
Resolved Caveats—Cisco IOS Release 12.2(13)T8
Resolved Caveats—Cisco IOS Release 12.2(13)T5
Resolved Caveats—Cisco IOS Release 12.2(13)T4
Resolved Caveats—Cisco IOS Release 12.2(13)T3
Resolved Caveats—Cisco IOS Release 12.2(13)T2
Resolved Caveats—Cisco IOS Release 12.2(13)T1
Resolved Caveats—Cisco IOS Release 12.2(13)T
Resolved Caveats—Cisco IOS Release 12.2(13)T16
Cisco IOS Release 12.2(13)T16 is a rebuild release for Cisco IOS Release 12.2(13)T. The caveats in this section are resolved in Cisco IOS Release 12.2(13)T16 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
Symptoms: A description of what is observed when the caveat occurs.
•
•
Miscellaneous
•
NetFlow Feature Acceleration has been deprecated and removed from Cisco IOS. The global command ip flow-cache feature-accelerate will no longer be recognized in any IOS configuration.
If your router configuration does not currently contain the command ip flow-cache feature-accelerate, this change does not affect you.
The removal of NetFlow Feature Acceleration does not affect any other aspects of Netflow operation, for example Access-list processing. The features are separate and distinct.
Cisco Express Forwarding (CEF) supercedes the deprecated NetFlow Feature Acceleration.
Additionally, the following MIB objects and OIDs have been deprecated and removed from the netflow mib (CISCO-NETFLOW-MIB):
cnfFeatureAcceleration 1.3.6.1.4.1.9.9.99999.1.3
cnfFeatureAccelerationEnable 1.3.6.1.4.1.9.9.99999.1.3.1
cnfFeatureAvailableSlot 1.3.6.1.4.1.9.9.99999.1.3.2
cnfFeatureActiveSlot 1.3.6.1.4.1.9.9.99999.1.3.3
cnfFeatureTable 1.3.6.1.4.1.9.9.99999.1.3.4
cnfFeatureEntry 1.3.6.1.4.1.9.9.99999.1.3.4.1
cnfFeatureType 1.3.6.1.4.1.9.9.99999.1.3.4.1.1
cnfFeatureSlot 1.3.6.1.4.1.9.9.99999.1.3.4.1.2
cnfFeatureActive 1.3.6.1.4.1.9.9.99999.1.3.4.1.3
cnfFeatureAttaches 1.3.6.1.4.1.9.9.99999.1.3.4.1.4
cnfFeatureDetaches 1.3.6.1.4.1.9.9.99999.1.3.4.1.5
cnfFeatureConfigChanges 1.3.6.1.4.1.9.9.99999.1.3.4.1.6Resolved Caveats—Cisco IOS Release 12.2(13)T14
Cisco IOS Release 12.2(13)T14 is a rebuild release for Cisco IOS Release 12.2(13)T. The caveats in this section are resolved in Cisco IOS Release 12.2(13)T14 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: Many memory allocation failure (MALLOCFAIL) messages may occur for a Cisco Discovery Protocol (CDP) process:
%SYS-2-MALLOCFAIL: Memory allocation of -1732547824 bytes failed from x605111F0, pool Processor, alignment 0 -Process= "CDP Protocol", ipl= 0, pid= 42 -Traceback= 602D5DF4 602D78A0 605111F8 60511078 6050EC88 6050E684 602D0E2C 602D0E18Conditions: The symptom is observed on a Cisco 7513 that runs Cisco IOS Release 12.0(17)ST. The symptom may also occur on other Cisco 7500 series routers that run Release 12.0 S, 12.2 S, 12.3, or 12.3 T.
Workaround: To prevent the symptom from occurring again, disable CDP by entering the no cdp run global configuration command.
•
Symptoms: A Cisco device reloads on receipt of a corrupt CDP packet. One possible scenario is:
Reloading a faulty Cisco IP conference station 7935 or 7936 may cause a connected Cisco switch or router to reload. A CDP message may appear on the terminal, such as the following one:
%CDP-4-DUPLEX_MISMATCH duplex mismatch discovered on FastEthernet5/1 (not half duplex), with SEP00e0752447b2 port 1 (half duplex).Conditions: This symptom is observed when an empty "version" field exists in the output of the show cdp entry * command for at least one entry.
Workaround: Disable CDP by entering the no cdp run global configuration command.
First Alternate Workaround: Disable CDP on the specific (sub-)interface(s) whose corresponding neighbor(s) has or have an empty "version" field in the output of the show cdp entry * command.
Second Alternate Workaround: Disconnect the 7935 or 7936 phone, in the case of the specific symptom that is described above.
•
Symptoms: Depending upon configuration, issuing The show cdp entry * protocol command may cause a reload of the device.
Conditions: This symptom occurs on Cisco products that are speaking CDP with configurable interface MTU.
Workaround: Disable CDP, avoid issuing the command under given circumstances, or upgrade to a fixed version of software.
•
A specifically crafted Transmission Control Protocol (TCP) connection to a telnet or reverse telnet port of a Cisco device running Internetwork Operating System (IOS) may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases Hypertext Transport Protocol (HTTP) access to the Cisco device. Telnet, reverse telnet, RSH and SSH sessions established prior to exploitation are not affected.
All other device services will operate normally. Services such as packet forwarding, routing protocols and all other communication to and through the device are not affected.
Cisco will make free software available to address this vulnerability. Workarounds, identified below, are available that protect against this vulnerability.
The Advisory is available at /en/US/products/products_security_advisory09186a00802acbf6.shtml
•
Symptoms: A Cisco device experiences a memory leak in the CDP process.
Conditions: The device sending CDP packets sends a hostname that is 256 or more characters. There are no problems with a hostname of 255 or fewer characters.
Workaround: Configure the neighbor device to use less than a 256 character hostname, or disable the CDP process with the global command no cdp run.
IP Routing Protocols
•
Symptoms: One of two redundant route reflectors (RRs) that are part of the same cluster may reload and may cause a Virtual Private Network (VPN) routing/forwarding (VRF) table to contain incomplete routes. Routes that originated elsewhere in network are in the Route Descriptor table but not in the VRF table, despite import statements and the fact that the routes were in the VRF table previously.
Conditions: This symptom is observed in a Multiprotocol Label Switching (MPLS) VPN network. This is only observed if the route-reflectors have equal cluster-ids.
Workaround: Slightly change the metrics of the routes coming from one of the route-reflectors (e.g., weight or local preference). You can also re-configure one of the RRs with a unique cluster-ID.
Alternatively, reset the Border Gateway Protocol (BGP) neighbor session to the RR that did not reload.
Miscellaneous
•
Cisco Routers running Internetwork Operating System (IOS) that supports Multi Protocol Label Switching (MPLS) are vulnerable to a Denial of Service (DoS) attack on MPLS disabled interfaces.
The vulnerability is only present in Cisco IOS release trains based on 12.1T, 12.2, 12.2T, 12.3 and 12.3T. Releases based on 12.1 mainline, 12.1E and all releases prior to 12.1 are not vulnerable.
More details can be found in the security advisory which is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050126-les.shtml.
•
Symptoms: A router that is running RIPng may crash after receiving a malformed RIPng packet causing a Denial of Service (DoS) on the device.
Conditions: Such malformed packets can normally be sent locally. However, if "ipv6 debug rip" is enabled on a system, then the crash can also be triggered remotely.
RIP for IPv4 is not affected by this vulnerability.
Workaround: There is no workaround.
•
Symptoms: When you enter the undebug all privileged EXEC command on a Cisco 3700 series, all traffic that passes through an encrypted generic routing encapsulation (GRE) tunnel may stop.
Conditions: This symptom is observed on a Cisco 3700 series that is configured with a GRE tunnel that is secured via IP Security (IPSec) and that is using Cisco Express Forwarding (CEF) switching.
Workaround: Reinitialize CEF switching by entering the no ip cef global configuration command followed by the ip cef global configuration command.
Alternate Workaround: Do not enter the undebug all privileged EXEC command. Rather, individually disable each debug command.
•
Cisco Internetwork Operating System (IOS) Software is vulnerable to a Denial of Service (DoS) attack from crafted IPv6 packets when the device has been configured to process IPv6 traffic. This vulnerability requires multiple crafted packets to be sent to the device which may result in a reload upon successful exploitation.
More details can be found in the security advisory, which is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050126-ipv6.shtml.
•
Cisco Internetwork Operating System (IOS) Software release trains 12.1YD, 12.2T, 12.3 and 12.3T, when configured for Cisco's IOS Telephony Service (ITS), Cisco CallManager Express (CME) or Survivable Remote Site Telephony (SRST) may contain a vulnerability in processing certain malformed control protocol messages.
A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS). This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml
Cisco has made free software upgrades available to address this vulnerability for all affected customers.
This vulnerability is documented by Cisco bug ID CSCee08584.
TCP/IP Host-Mode Services
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1.
2.
3.
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
Wide-Area Networking
•
Symptoms: A parity error on a Versatile Interface Processor (VIP) card may cause other VIPs to go to a wedged state.
Conditions: This symptom is observed on a Cisco 7500 series router.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.2(13)T13
Cisco IOS Release 12.2(13)T13 is a rebuild release for Cisco IOS Release 12.2(13)T. The caveats in this section are resolved in Cisco IOS Release 12.2(13)T13 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Interfaces and Bridging
•
Symptoms: When a Cisco router reloads, the ATM permanent virtual circuit (PVC) status remains inactive (INAC) even though the ATM subinterface is in an UP/UP state. The following message may also be displayed when you enter the debug atm errors privileged EXEC command:
ATM(ATMx/x/x):point-to-point interface does not have a VCDConditions: This symptom is observed on a Cisco router with a PA-A3 port adapter and is caused by some physical line errors that occur while the router reloads. These physical line errors cause carrier transition on the PA-A3 interface, which in turn causes the symptom to occur.
Workaround: Enter the no shutdown interface configuration command on the ATM interface.
Further Problem Description: The symptom may even occur while the router reloads without any traffic.
•
Symptoms: The input packet and byte counters remain "zero" regardless of traffic effectively being received on a channelized interface.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.2(13)T10 or 12.2(13)T11 and is specific to a PA-MC-8TE1+ port adapter.
Workaround: Enter the show interfaces serial slot/port[:channel-group] accounting command to display the correct data.
IP Routing Protocols
•
Symptoms: When the debug ip pim auto-rp command is enabled on a Cisco 7500 series, the router crashes when it receives an AutoRP message.
Conditions: This symptom is observed on a Cisco 7500 series that runs the rsp-isv-mz image of Cisco IOS Release 12.2(15)T7 or 12.2(15)T9. The symptom may also occur in other releases of Release 12.2 T, or in Release 12.3 or Release 12.3 T.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: Modem passthrough calls fail with a "Playout Dejitter Mode value" error message and traceback, and a NAK message is generated.
Conditions: This symptom is observed on a Cisco AS5400 access server for every MPT call.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.2(13)T12
Cisco IOS Release 12.2(13)T12 is a rebuild release for Cisco IOS Release 12.2(13)T. The caveats in this section are resolved in Cisco IOS Release 12.2(13)T12 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
IP Routing Protocols
•
Symptoms: A Cisco 7400 series router that is configured with Network Address Translation (NAT) experiences high CPU utilization.
Conditions: This symptom is observed when a large number of TCP packet sessions are translated by the router and stay on the router for up to 24 hours even though the connections have been terminated.
Workaround: Clear the translations table using the clear ip nat translations EXEC command.
•
Symptoms: A Cisco router that is configured for SIP NAT may not be able to process authentication messages from a third-party SIP gateway that performs SIP proxy authentication.
Conditions: This symptom is observed in a Call Hold/Resume procedure.
Workaround: There is no workaround.
•
Symptoms: T.38 fax calls between a Cisco router and a third-party gateway may fail.
Conditions: This symptom is observed when two third-party gateways are connected via a Cisco router that runs SIP NAT. The T.38 fax calls fail from one of the third-party gateways to the Cisco router and vice versa.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: When polling the cbQosREDClassStatsTable of the CISCO-CLASS-BASED- QOS-MIB, spurious memory accesses may occur on a Cisco 2600 series, Cisco 3600 series, or Cisco 7200 series. A Cisco 3640 router may also reboot. The spurious memory accesses may be reproduced when polling the above-mentioned table via Simple Network Management Protocol (SNMP).
Conditions: This symptom is observed on a Cisco 2600 series, Cisco 3600 series, and Cisco 7200 series that run Cisco IOS Release 12.2(8)T, Release 12.3, or Release 12.3 T.
Workaround: Prevent the router from answering to queries on the cbQosREDClassStatsTable by implementing the following SNMP view in the router configuration:
snmp-server view qos internet included
snmp-server view qos 1.3.6.1.4.1.9.9.166.1.20.1 excluded
snmp-server community string view qos ro
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Symptoms: A Cisco router may reload after Virtual Private Network (VPN) clients disconnect.
Conditions: This symptom is observed intermittently on a Cisco router that is running Cisco IOS Release 12.2(13)T or a later release when the IP Security (IPSec) Network Address Translation Transversal (NAT-T) mode is configured.
Workaround: There is no workaround.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Symptoms: A router may reload unexpectedly after it attempts to access a low memory address.
Conditions: This symptom is observed after ACLs have been updated dynamically or after the router has responded dynamically to an IDS signature.
Workaround: Disable IP Inspect and IDS.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Symptoms: LC-ATM-enabled subinterface on a PE router stays in "not ready" state when viewing the LDP session to the LSC using the show mpls ldp discovery command. The shutdown interface command followed by the no shutdown interface command will not clear the problem when performed on either the LC-ATM subinterface on the PE or the Xtag interface on the connected LSC.
Conditions: The interface stays in "interface not LDP ready" state when there exists a stray LVC on the switch interface. The PE reaches this state after multiple LDP flaps.
Workaround: The condition may be cleared by entering the clear ip route prefix command where prefix is the local loopback address for the LC- ATM subinterface. This will cause all tailend LVCs on all LC-ATM subinterfaces to be torn down and re-established, causing a brief customer outage. This workaround should only be used if no alternate path exists for MPLS traffic towards this device (i.e., a redundant LC-ATM subinterface). After using this workaround, user should confirm that the expected number of LVCs has been re- established with the output of the show mpls atm summary command. If bindings are not successfully re-established, repeat the clear ip route prefix command, or reload the router.
Reload of the router will remove the stray LVC and bring the LDP session on the PE's LC-ATM subinterface back to normal state.
Wide-Area Networking
•
Symptoms: Software interface description blocks (IDBs) may become exhausted after an interface flaps repeatedly.
Conditions: This symptom is observed under the following conditions:
- PPP sessions go down.
- The same PPP sessions come back up and make use of a new IDB rather than the previously used IDB.
- A virtual-access interface is used rather than a virtual-access subinterface.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.2(13)T11
Cisco IOS Release 12.2(13)T11 is a rebuild release for Cisco IOS Release 12.2(13)T. The caveats in this section are resolved in Cisco IOS Release 12.2(13)T11 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Miscellaneous
•
Symptoms: On a Cisco router that is configured with a Multilink PPP (MLP) interface, the available processor memory may decrease rapidly because of a memory leak.
Conditions: This symptom is observed when the MLP interface flaps repeatedly.
Workaround: There is no workaround. You must resolve the cause of the flapping MPL interface.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
Wide-Area Networking
•
Symptoms: A voice call that is placed over a Frame Relay (FR) link with Low Latency Queueing (LLQ) and FR end-to-end fragmentation (FRF.12) enabled may cause the router to pause indefinitely.
Conditions: This symptom is observed on a router when the voice path is established with LLQ and fragmented data traffic active.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.2(13)T10
Cisco IOS Release 12.2(13)T10 is a rebuild release for Cisco IOS Release 12.2(13)T. The caveats in this section are resolved in Cisco IOS Release 12.2(13)T10 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Interfaces and Bridging
•
Symptoms: Router interfaces that are created on a Cisco PA-MC-8TE1+ port adapter and a Cisco PA-CE3 port adapter may display input counters and input rate counters with a value of 0.
Conditions: This symptom is observed on the router interfaces of a Cisco 7500 series.
Workaround: Enter the show interfaces serial [slot/port [channel-group]] [accounting] privileged EXEC command as an alternative method for displaying the value of the input counters. There is no alternative for finding the input rate.
IP Routing Protocols
•
Symptoms: In a large Border Gateway Protocol (BGP) Open Shortest Path First (OSPF) environment, the OSPF neighbors may go down when the BGP link flaps and a large number of BGP routes are flushed out of the route table or are repopulated.
Conditions: The conditions under which this symptom occurs seem to depend upon when the BGP configuration is applied to the router. There is no OSPF neighbor drop if the router reloads without the BGP configuration and BGP is added after the router reloads. However, the router drops OSPF neighbors when a BGP link flaps if BGP is already configured before the router is reloaded.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: You may not be able to use the command-line interface (CLI) to disable a remote loopback request on the network.
Conditions: This symptom is observed when a remote loopback is initiated toward a Cisco AS5xx0 and the Cisco AS5xx0 responds to the remote loopback request.
Workaround: Enter the loopback network ignore controller configuration command on the T1 controllers.
•
Symptoms: The digital signal processors (DSPs) on T1 high-density voice network modules (NM-HDVs) that support the clear channel codec may become unresponsive.
Conditions: This symptom is observed when the Enhanced ITU-T G.168 Echo Cancellation feature is enabled for NM-HDVs that link two Cisco voice gateways that are configured for Transparent Common Channel Signaling (T-CCS). This symptom does not occur when the Enhanced ITU-T G.168 Echo Cancellation feature is not used.
Workaround: There is no workaround.
•
Symptoms: After a few weeks of normal operation, the interface on a Cisco PA- MC-8E1 begins flapping and finally pauses with the output queue stuck as follows:
Serial1/1:1 is up, line protocol is up
Encapsulation HDLC, crc 16, Data non-inverted
Keepalive set (120 sec)
Last input 00:00:03, output 04:14:23, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 21952
Queueing strategy: weighted fair
Output queue: 30/4000/64/21855 (size/max total/threshold/drops)
30 second input rate 0 bits/sec, 0 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
43903807 packets input, 3646461183 bytes, 0 no buffer
Received 0 broadcasts, 321 runts, 0 giants, 0 throttles
5160 input errors, 4 CRC, 0 frame, 0 overrun, 0 ignored, 2945 abort
42026998 packets output, 2185017012 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets 0 output buffer failures,
0 output buffers swapped out 31 carrier transitions
no alarm present
Timeslot(s) Used:1-31, subrate: 64Kb/s, transmit delay is 0 flagsThe following traceback is observed in the log:
%LINK-4-TOOBIG: Interface Serial60:1, Output packet size of 1526 bytes too big Traceback= 0x604007F8 0x604A927C 0x6084E4D4 0x6057425C 0x60CE921C 0x60CE55EC %LINK-4-TOOBIG: Interface Serial20:1, Output packet size of 1526 bytes too big Traceback= 0x604007F8 0x604A927C 0x6084E4D4 0x6057425C 0x60CE921C 0x60CE55ECConditions: This symptom is observed on a Cisco router that is configured with a PA-MC-8E1 interface.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that runs Real-Time Protocol (RTP) traffic over a Voice over IP (VoIP) connection may reload.
Conditions: This symptom may be observed on any Cisco router.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may generate a "SYS-2-GETBUF" message during the "Tag Input" process and may subsequently reload unexpectedly.
Conditions: This symptom is observed when the router fragments a Multiprotocol Label Switching (MPLS) packet.
Workaround: There is no workaround.
•
Symptoms: When a gateway that is in Media Gateway Control Protocol (MGCP) fallback mode reloads, no calls can be made, nor can calls be received. When the gateway comes up again, all controllers including a serial controller are automatically shut down. When you turn off auto configuration and reload the router again, you can make calls, but you still cannot receive calls.
Conditions: These symptoms are observed on a Cisco 3745 that functions as a gateway and that runs MGCP.
Workaround: There is no workaround.
•
Symptoms: A multilink interface may stop processing received packets.
Conditions: This symptom is observed on a Cisco 7500 series when Multilink PPP (MLP) is configured and when a lot of traffic is forwarded to the process-switching path.
Workaround: To clear the symptom, move the physical interfaces to a new multilink interface with a new interface number.
•
Symptoms: A Cisco AS5400 may reload unexpectedly while running Media Gateway Control Protocol (MGCP) in normal mode of operation.
Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.2(11)T8 and occurs because of incorrect memory management.
Workaround: There is no workaround.
•
Symptoms: A Cisco voice gateway may report IP and telephony call legs that remain active even though the calls are no longer active.
Conditions: This symptom is observed on a Cisco AS5400HPX voice gateway that is running Cisco IOS Release 12.2(11)T under high CPU utilization. In addition, the gateway uses the interactive voice response (IVR) 2.0 session application to handle blind call transfers.
Workaround: There is no workaround.
•
Symptoms: The Cisco AS5xxx series routers that are equipped with the Bt8370 T1/E1 framer will bring down the controller immediately upon receiving an alarm indication signal (AIS).
Conditions: This symptom occurs when noisy line conditions that last less than 2 seconds can result in T1s going down, or outages or cable problems that last for less than 2 seconds can bring down the controller.
Workaround: There is no workaround. The fix is available in Cisco IOS Release 12.3.
•
Symptoms: A Cisco Session Initiation Protocol (SIP) gateway does not use calling information contained in the Remote-Party-ID header. A traceback may be observed and the following error is displayed in the output of the debug ccsip error privileged EXEC command:
sippmh_parse_remote_party_id: syntax error in Remote-Party -ID headerConditions: This symptom is observed on a Cisco SIP gateway that is running images of Cisco IOS Release 12.2(13)T and occurs when the gateway receives an initial INVITE message with a Remote-Party-ID header that contains the "other" parameters in the header.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload when a member is removed and then added back to a multilink interface.
Conditions: This symptom is observed on a Cisco 7500 series when distributed Multilink PPP (MLP) is enabled.
Workaround: Shut down the multilink and then add or remove the member links. This action can prevent this symptom, but is not a very acceptable workaround.
Wide-Area Networking
•
Symptoms: A router may experience a memory leak in the vtemplate background process. This symptom may be confirmed by entering the show processes memory EXEC command to monitor memory usage.
Conditions: This symptom is observed on a router that is running Cisco IOS Release 12.2(13)T5.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.2(13)T9
Cisco IOS Release 12.2(13)T9 is a rebuild release for Cisco IOS Release 12.2(13)T. The caveats in this section are resolved in Cisco IOS Release 12.2(13)T9 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Miscellaneous
•
Symptoms: Configuring a bind statement multiple times under a serial interface causes the existing ISDN Q.921-User Adaptation (IUA) configurations to be removed.
Conditions: This symptom is observed on a Cisco AS5850 that is running the C5850-p9-mz.122-11.T image.
Workaround: There is no workaround.
•
Symptoms: Automatic Speech Recognition (ASR) does not function after Regex dual tone multifrequency (DTMF) is used on a Cisco gateway.
Conditions: This symptom may be observed when XML and Regex-based grammar are used in the same call. The Cisco gateway prevents the use of XML and Regex grammars in the same call even if they are in different VoiceXML (VXML) documents.
Workaround: There is no workaround.
•
Symptoms: A nonexistent policy map that is configured as the input or output service policy of an ATM virtual circuit (VC) causes a router to be unable to display or save its configuration.
Conditions: This symptom is observed on Cisco Route Processor Module (RPM) routers, but may affect any Cisco router that uses ATM interfaces.
Workaround: Do not specify nonexistent policy maps as an ATM VC service policy.
•
Symptoms: A Cisco router ignores an ISDN User Adaptation (IUA) 0x508 (REL-REQ) message that is sent by a third party call agent. The router does not act upon or reject the message by taking down ISDN Layer 3.
Conditions: This symptom is observed on a Cisco AS5850.
Workaround: There is no workaround.
•
Symptoms: Data packets may be punted to the process path when user logon and logoff activity occurs.
Conditions: This symptom is observed in all of the Service Selection Gateway (SSG) images of Cisco IOS software under heavy load conditions.
Workaround: There is no workaround.
•
Symptoms: The use of a VoiceXML (VXML) application on a Cisco gateway may cause the gateway to pause indefinitely.
Conditions: This symptom is observed if the following two conditions are met:
–
–
In addition, one of the following conditions must also be present:
–
For example:
<prompt cisco-vcrprompt="true"> <audio
src="http://px1-sun/audio/DUCF_33_httpg7llulaw.au"/>}<audio
src="http://px1-sun/audio/DUCF_33_httpg7llulaw.au"/></prompt>–
Workaround: Turn off HTTP streaming by entering the no ivr prompt streamed http global configuration command or the ivr prompt streamed none global configuration command.
Alternate Workaround: Turn off HTTP caching by entering the http client cache memory pool 0 global configuration command.
•
Symptoms: A router may pause indefinitely when modem relay calls are made.
Conditions: This symptom is observed on a Cisco 3600 series that is running Cisco IOS Release 12.2(11)T9.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may pause indefinitely when a VoiceXML (VXML) dialog is initiated.
Conditions: This symptom is observed on a Cisco AS5350 router when a VXML dialog is initiated and standard VXML events (for example, help, nomathc, noinput, and error) are sent.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: A router may reload after you enter the ppp multilink interface configuration command.
Conditions: This symptom occurs when multilink is configured on an active serial interface and neither the ppp multilink group interface configuration command nor the multilink virtual- template global configuration command is entered. Under these conditions, multilink normally fails to create a bundle because of the lack of a configuration source for the bundle interface, but in this instance, it causes the router to reload.
Workaround: Use the shutdown interface configuration command to shut down the serial interface until it is configured with the ppp multilink group interface configuration command.
Resolved Caveats—Cisco IOS Release 12.2(13)T8
Cisco IOS Release 12.2(13)T8 is a rebuild release for Cisco IOS Release 12.2(13)T. The caveats in this section are resolved in Cisco IOS Release 12.2(13)T8 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: After a Versatile Interface Processor (VIP) has reloaded, there does not seem to be a crashinfo file because the crashinfo file is not closed; therefore, it is not visible or accessible. If the same VIP reloads again, both the first and second crashinfo files are accessible.
Conditions: This symptom is observed on a Cisco 7500 series that is running Cisco IOS Release 12.2(6f).
Workaround: There is no workaround.
•
Symptoms: The memory that is held by the "RTT Responder" process may increase, as is indicated by the amount of memory in the "Hold" column in the output of the show processes memory include {rtt | pid} EXEC command.
Conditions: This symptom is observed when many jitter probes are sent simultaneously to the same destination port.
Workaround: Do not use the same destination port for all the probes.
First Alternate Workaround: To free memory once in a while, enter the no rtr responder global configuration command followed by the rtr responder global configuration command.
Second Alternate Workaround: Lower the duration of the probes.
•
Symptoms: The order of the Service Assurance Agent (SAA) Response Time Reporter (RTR) schedule command options is incorrect in the output of the show running-config EXEC command. This may cause problems with third-party software configuring and managing RTR probes.
Conditions: This symptom is observed on all Cisco platforms that are running Cisco IOS Release 12.2(13)T1.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: I/O memory corruption may occur in the Cisco CallManager software during the bootup process of a Cisco IOS platform that is functioning as a gateway.
Conditions: This symptom is observed only rarely and occurs when a call-load generator is already generating calls to the gateway when the gateway is still booting up.
Workaround: There is no workaround.
•
Symptoms: A digital signal processor (DSP) may time out on a Cisco IAD2420 series because of a Host Port Interface (HPI) error.
Conditions: This symptom is observed on a Cisco IAD2420 series that is running Cisco IOS Release 12.2(11)T4 every time a call is placed or received.
Workaround: Use the command-line interface (CLI) to issue the following command to the DSPs that have a timeout symptom:
[no] voice dsp waitstate ws dsp_id
where ws is in the range of 1 to 3 with 1 being the default and dsp_id is a 1-based DSP number. The recommended ws value to set in this particular case is 2. Do not set the ws value higher than 2. The issuance of the CLI command will not take effect until the next DSP reset occurs either through an automatic mechanism or through test commands.
•
Symptoms: A Cisco AS5350 or Cisco AS5400 may get spurious access errors and output the following digital signal processor (DSP) timeout errors:
Local7.Error gw4-kyiv 50: %ALIGN-3-TRACE: -Traceback= 60279AA0 60A7F4D4 60A8397C 00000000 00000000 00000000 00000000 00000000
Local7.Error gw4-kyiv 49: %ALIGN-3-TRACE: -Traceback= 60279A94 60A7F4D4 60A8397C 00000000 00000000 00000000 00000000 00000000
Local7.Error gw4-kyiv 48: %ALIGN-3-SPURIOUS: Spurious memory access made at 0x60279A94 reading 0x10
Local7.Error gw4-kyiv 52: %VTSP-3-DSP_TIMEOUT: DSP timeout on channel 3/6:D (10), event 0x1306: DSP ID=0x10040: DSPRM FAX/VOICE Set Codec (call mode=0) ...
Local7.Error gw4-kyiv 56: %VTSP-3-DSP_TIMEOUT: DSP timeout on channel 3/2:D (928), event 0x1306: DSP ID=0x10230: DSPRM FAX/VOICE Set Codec (call mode=0)
Local7.Error gw4-kyiv 55: %VTSP-3-DSP_TIMEOUT: DSP timeout on channel 3/4:D (757), event 0x1306: DSP ID=0x21030: DSPRM FAX/VOICE Set Codec (call mode=0)
Local7.Error gw4-kyiv 54: %VTSP-3-DSP_TIMEOUT: DSP timeout on channel 3/4:D (781), event 0x1306: DSP ID=0x10450: DSPRM FAX/VOICE Set Codec (call mode=0)Conditions: This symptom is observed on a Cisco AS5350 or Cisco AS5400 that is configured with NextPort and that uses T.38 fax to send faxes over IP.
Workaround: There is no workaround.
•
Symptoms: A Cisco 6400 series Node Route Processor 2 (NRP2) may reload.
Conditions: This symptom is observed when the Cisco 6400 series NRP2 is running Cisco IOS Release 12.2(13)T1 and the Service Selection Gateway (SSG) is enabled.
Workaround: There is no workaround.
•
Symptoms: The following error message and tracebacks may be generated on a Cisco 3660 router that is configured with a Virtual Private Network High Performance advanced interface module (AIM-VPN/HP):
%SYS-2-BADSHARE: Bad refcount in retparticle, ptr=6344EB40, count=0 -Traceback= 60449944 61A9DCB4 61A9E000 61A9E898 61AA2CCC 61A96100 61A82EB8Conditions: This symptom is observed on a Cisco 3660 router that is running the c3660-ik9o3s-mz image of Cisco IOS Release 12.2(13)T but may also occur on other Cisco 3600 series routers that are running other Cisco IOS images.
Workaround: Disable compression.
•
Symptoms: After a "%VTSP-3-DSP_TIMEOUT" error message is generated, the affected digital signal processor (DSP) may not automatically recover.
Conditions: This symptom is observed on a Cisco IAD2420 series, but may not be platform specific.
Workaround: There is no workaround. To recover the affected DSP, reload the router.
•
Symptoms: A user session may pause indefinitely, causing a Cisco router to become unresponsive.
Conditions: This symptom is observed when multiple simultaneous users enter modular QoS CLI (MQC) commands on the same router via separate vty sessions.
Workaround: Allow only one user at a time to enter MQC commands.
•
Symptoms: A Cisco 6400 series Node Route Processor 2 (NRP2) may reload when high CPU utilization occurs.
Conditions: This symptom is observed on a Cisco 6400 series NRP2 that is configured for Service Selection Gateway (SSG) when high CPU utilization (above 80 percent) occurs.
Workaround: There is no workaround.
•
Symptoms: A memory leak may occur on a Cisco 6400 series Node Route Processor 1 (NRP1) during the installation of per-user access control lists (ACLs) that are downloaded from a RADIUS server.
Conditions: This symptom is observed on a Cisco 6400 series NRP1 that is running Cisco IOS Release 12.2(13)T and that is configured for PPP over Ethernet (PPPoE) when there is a high-call setup rate and the CPU utilization of the NRP1 exceeds 70 percent. The symptom may be platform independent.
Workaround: Disable the per-user ACLs.
Alternate Workaround: Decrease the call setup rate.
•
Symptoms: IP sockets are not cleared properly by the router when a call to a terminating gateway (TGW) is not completed successfully. This may lead to a socket leak that could use all the resources of the originating gateway (OGW).
Conditions: This symptom is caused when alternate endpoints are configured in the gatekeeper. If the OGW does not successfully complete a call to the TGW provided in the Admission Confirm (ACF), the OGW will then try the alternate endpoint. However, the socket that is used to send the SETUP message to the first TGW is not cleared properly.
Workaround: Configure the gatekeeper without the use of alternate endpoints, and then reboot the router. There is no way to clear the sockets that are left behind.
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•
Symptoms: The "Class-Based RTP and TCP Header Compression" feature introduced in Cisco IOS Release 12.2(13)T permits the configuration of Real-Time Protocol (RTP) and TCP header compression within MQC. On the Cisco 3725 platform, this feature is not configurable in Cisco IOS Release 12.2(13)T and Cisco IOS Release 12.2(15)T.
Conditions: This symptom is observed on a Cisco 3725 router. The feature is configurable in Cisco IOS Release 12.2(13)T and Release 12.2(15)T on more mature platforms like the Cisco 3640, and also the Cisco 3745 platform which was introduced at the same time as the Cisco 3725 platform. The feature is not configurable on the Cisco 3725 for the same Cisco IOS releases. See the following information for the Cisco 3725:
c3725#
c3725#conf t
Enter configuration commands, one per line. End with CNTL/Z.
c3725(config)#policy-map llq_voice
c3725(config-pmap)#class voice-rtp
c3725(config-pmap-c)#?
QoS policy-map class configuration commands:
bandwidth Bandwidth
drop Drop all packets
exit Exit from QoS class action configuration mode
no Negate or set default values of a command
police Police
priority Strict Scheduling Priority for this Class
queue-limit Queue Max Threshold for Tail Drop
random-detect Enable Random Early Detection as drop policy
service-policy Configure QoS Service Policy
set Set QoS values
shape Traffic Shaping
c3725(config-pmap-c)#compression header ip rtp
^
% Invalid input detected at '^' marker.
c3725(config-pmap-c)#class voice-tcp
c3725(config-pmap-c)#compression header ip tcp
^
% Invalid input detected at '^' marker.
c3725(config-pmap-c)#^Z
c3725#
Note
(2) In Cisco IOS Release 12.2(15)T, the MQC IPHC CLI is not available.Workarounds: (1) Configure RTP and TCP header compression directly on the interface of interest. (2) The MQC IPHC CLI is available, configurable, and will persist in the running configuration in the latest Cisco IOS Release 12.3 mainline and Cisco IOS Release 12.3 T builds. For example, the feature works in Cisco IOS Release 12.3(1) and Cisco IOS Release 12.3(2)T.
Also, see related caveat CSCeb13548 "c2691: MQC IPHC compression header CLI and feature is not available."
•
Symptoms: After a `submit' element with `post' method in a Voice XML (VXML) document, the `submit' element with the `get' method no longer works.
Conditions: This symptom is observed on all Cisco gateways that support VXML.
Workaround: There is no workaround.
•
Symptoms: A Cisco VG200 that has a transcoder and is configured with Cisco Conference Connection (CCC) has only one-way audio for certain callers.
Conditions: This symptom is observed under the following conditions:
–
–
–
–
–
Workaround: Use Cisco IOS Release 12.1(5)YH4.
•
Symptoms: When the tx-ring-limit interface configuration command is used and the value is set at 3, packets are dropped.
Conditions: This symptom is observed on a Cisco router that is configured with QoS and that uses digital subscriber line (DSL) interfaces.
Workaround: Remove the tx-ring-limit 3 command for non-QoS configurations. When QoS configuration is required, use Cisco IOS Release 12.2(15)T or a later release, or use Release 12.3(1).
•
Symptoms: The Cisco IAD2420 series integrated access device (IAD) with digital interface is interconnected with a BTS10200 softswitch that is running 3.5.1v01. When the Cisco IAD2420 is rebooted and sends Restart in Progress (RSIP) to the call agent (CA), the trunks are automatically brought back into service. If a PBX goes off-hook, then on-hook (without dialing digits), then goes off-hook on the same channel and begins dialing, the Cisco IAD2420 does not collect digits properly. It was observed that a 2 becomes two 4s in the dialed digits detected by the voice telephony service provider (VTSP).
Conditions: This symptom is observed on a Cisco IAD240 that is running Cisco IOS Release 12.2(11)T8.
Workaround: There is no workaround. The customer will be provided with a special image based off Cisco IOS Release 12.2(11)T8 with in-band signal detection hardcoded to work around this problem.
•
Symptoms: The output from the show diag EXEC command indicates that a voice interface card (VIC-1J1) is an unknown card.
Conditions: This symptom is observed on a Cisco router that has a VIC-1J1.
Workaround: There is no workaround.
•
Symptoms: After a Cisco gateway receives an ATM switch processor (ASP) down (ASPDN) message, it sends the ASPDN acknowledgement (DOWN ACK) without a reason code. To be compliant with the Internet Engineering Task Force (IETF) Draft 0.4, the reason field must be included.
Conditions: This symptom is observed on a Cisco router that is running a PRI backhaul and that uses Stream Control Transmission Protocol (SCTP).
Workaround: There is no workaround.
•
Symptoms: The ATM interface on a Cisco Node Route Processor (NRP2) may go into the down state.
Conditions: This symptom is observed when 8000 PPP over ATM (PPPoA) sessions are loaded on a redundant NRP2 and then the NRP2 is reloaded.
Workaround: Flap the interface for the sessions to go up.
•
Symptoms: Packets received from or going to unauthenticated users may be punted to the process path.
Conditions: This symptom is observed on all Service Selection Gateway (SSG) images of Cisco IOS software. If there is high unauthorized user traffic on the network, this symptom may cause a load on the process path (the IP input), but it does not break the functionality of the network.
Workaround: Configure the SSG TCP Redirect feature for unauthenticated users and unauthorized services. With this configuration, there will be no unauthenticated packets punted to the process path, and all packets will be handled in the Cisco Express Forwarding (CEF) path.
•
Symptoms: Domain Name System (DNS) packets may take more time than normal to process.
Conditions: This symptom is observed in all Service Selection Gateway (SSG) images of Cisco IOS software.
Workaround: If the number of domains is large, provide Internet service to each user and let the domains be resolved through the Internet DNS service.
•
Symptoms: Data packets gets punted to the process path when the Service Selection Gateway (SSG) timeout process is scheduled.
Conditions: This symptom is observed in all SSG images of Cisco IOS software.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: A Cisco 1700 series may not release a backup call, and the CPU utilization may increase to 100-percent when the dial-on-demand routing (DDR) timers are active.
Conditions: These symptoms are observed when the backup call is initiated through Dialer Watch and the dialer watch-list group-number delay disconnect disconnect-time global configuration command is configured.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload with a bus error when the authentication, authorization, and accounting (AAA) server experiences severe delays (several seconds) in the response to IP Control Protocol (IPCP) authorization requests.
Conditions: This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.3(1.5) and that is configured as an L2TP Network Server (LNS). The symptom is observed only when there is a significant AAA delay.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.2(13)T5
Cisco IOS Release 12.2(13)T5 is a rebuild release for Cisco IOS Release 12.2(13)T. The caveats in this section are resolved in Cisco IOS Release 12.2(13)T5 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Miscellaneous
•
A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.
Cisco has made free software available to address this problem. For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.
•
Symptoms: When a provider edge (PE) router has multiple paths to an Autonomous System Boundary Router (ASBR) that is used as a next hop in a Virtual Private Network (VPN) routing/forwarding (VRF) static route with a global keyword, there is no Internet connectivity for the customers that are defined in the VRF.
Conditions: This symptom is observed in a Multiprotocol Label Switching (MPLS) VPN.
Workaround: Shut down one of the outgoing interfaces on the PE router.
•
Symptoms: A Cisco AS5300 that is functioning as a voice gateway may reload because of an incoming bus error exception.
Conditions: This symptom is observed on a Cisco AS5300 that is running Cisco IOS Release 12.2(6d).
Workaround: There is no workaround.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Symptoms: The following symptoms may occur on a Cisco AS5850:
–
–
–
Conditions: These symptoms are observed under high traffic conditions on a Cisco AS5850 that is running Cisco IOS Release 12.2(11)T.
Workaround: There is no workaround.
•
Symptoms: The input queue of an ATM interface may be wedged at "76/75" when the input queue receives Operation, Administration, and Maintenance (OAM) continuity check (CC) cells. This behavior causes all permanent virtual circuits (PVCs) to go down for a few minutes after the router restarts.
Conditions: This symptom is observed on an enhanced ATM port adapter (PA-A3) that is installed in a Cisco 7200 series when the router is not configured to generate OAM cells.
Workaround: Stop the generation of CC cells at the remote end.
•
Symptoms: A Cisco router may reload because of a software condition when it receives a certificate revocation list (CRL) from an Lightweight Directory Access Protocol.(LDAP) server during the certificate validation process.
Conditions: This symptom is observed on a Cisco 7200 series but may also occur on other Cisco routers.
Workaround: There is no workaround.
•
Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.
Cisco has made software available, free of charge, to correct the problem.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
•
A Session Initiation Protocol (SIP) gateway stack may not remove the user parameters from the request-Uniform Resource Identifier (URI) message for a call, causing the acknowledgement (ACK) message to contain a part of the user parameters, and the call to fail.
Conditions: This symptom is observed on a Cisco AS5300 but may occur on any Cisco gateway that supports SIP.
Workaround: There is no workaround.
•
Symptoms: Errors may occur on the far end of a connection of a Cisco 2691 or a Cisco 3700 series, and the line protocol may never come up, or the line protocol may come up but go down again.
Conditions: This symptom is observed on a Cisco 2691 and a Cisco 3700 series when one or more WAN interface card (WIC) slots on the mainboard (that is, the native slots) are configured with any of the following WICs:
–
–
–
–
Workaround: For a configuration that includes a WIC-1T, WIC-2T, or WIC-2A/S, configure the WIC for DCE. There is no workaround for a configuration that includes a WIC-1DSU-T1.
•
Symptoms: A Real-Time Transport Control Protocol (RTCP) packet may cause an input queue wedge on a Cisco voice gateway.
Conditions: This symptom is observed on a Cisco router that functions as a voice gateway and that is configured as an originating, terminating, or IP in IP (IPIP) gateway.
Workaround: There is no workaround.
•
Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.
Cisco has made software available, free of charge, to correct the problem.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
•
Symptoms: A Cisco router that has a voice feature such as H.323 enabled may reload because of a bus error at address 0xD0D0D0B.
Conditions: This symptom is observed on a Cisco 3700 series but may also occur on other routers.
Workaround: There is no workaround.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.
Cisco has made free software available to address this problem. For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Symptoms: Endpoints on a gateway may no longer be available after the gateway has reloaded.
Conditions: This symptom is observed when restart in progress (RSIP) messages are lost when a Cisco AS5850 uses a secondary Media Gateway Control Protocol (MGCP) link after it has reloaded. This secondary link is the one with a lower priority when redundant MGCP links are configured on the gateway and a Cisco PGW 2200 PSTN gateway.
Workaround: Disable the secondary link by unplugging the IP connectivity on the gateway.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Symptoms: On a Media Gateway Control Protocol (MGCP) gateway, when a T1 controller or the serial interface that is bound to an ISDN User Adaptation (IUA) Application Server (AS) is disabled (via a shutdown command or because of an error condition), the call agent may not be aware that the T1 controller is disabled and may still attempt to set up calls on the T1 link.
When the T1 controller or the serial interface is disabled, the MGCP gateway sends a release indication message for the corresponding D channel to the call agent. However, the "Reason" field is lacking from this message, preventing the call agent from recognizing the message as a release indication message and from marking the interface as disabled.
Conditions: This symptom is observed on a Cisco platform that is functioning as an MGCP gateway, that is configured for IUA backhaul, and that is running Cisco IOS Release 12.2(11)T or Release 12.2(13)T.
Workaround: There is no workaround.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Symptoms: A memory allocation failure (MALLOCFAIL) may be reported in the "ATM PVC Discovery" process.
Conditions: This symptom is observed on a Cisco 7200 series that is running the c7200-js-mz image of Cisco IOS Release 12.2(13)T1 and occurs because the Interim Local Management Interface (ILMI) input process does not free up the memory, which can be verified in the output of the show processes memory EXEC command.
Workaround: Reload the router.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Symptoms: Transmit lockups, packet transmission delays, and unexplained packet losses may occur on a Cisco 2691, Cisco 3631, Cisco 3725, or Cisco 3745.
Conditions: These symptoms are observed on a Cisco 2691, Cisco 3631, Cisco 3725, and Cisco 3745 when one or more WAN interface card (WIC) slots on the mainboard (that is, the native slots) are configured with any of the following WICs:
–
–
–
–
These symptoms occur because the underruns on the onboard serial controller are not handled correctly. The following is an example of the output of the show controllers serial privileged EXEC command:
..
.
Interface Serial0/0 <---Make sure it is on the "On-Board Slots"
Hardware is GT96K
DTE V.11 (X.21) TX and RX clocks detected.
idb at 0x637C0508, driver data structure at 0x637C82A4
wic_info 0x637C8800
Physical Port 5, SCC Num 5
..
.
0 input aborts on receiving flag sequence
0 throttles, 0 enables
0 overruns
0 transmitter underruns
0 transmitter CTS losts
3224973 rxintr, 5576097 txintr, 0 rxerr, 0 txerr
0 mpsc_rx, 11 mpsc_rxerr, 0 mpsc_rlsc, 0 mpsc_rhnt, 0 mpsc_rfsc
0 mpsc_rcsc, 11 mpsc_rovr, 0 mpsc_rcdl, 0 mpsc_rckg, 0 mpsc_bper
5 mpsc_txerr, 5 mpsc_teidl,*** 5 mpsc_tudr***, 0 mpsc_tctsl, 0 mpsc_tckg
0 sdma_rx_sf, 0 sdma_rx_mfl, 11 sdma_rx_or, 0 sdma_rx_abr, 0 sdma_rx_no
0 sdma_rx_de, 0 sdma_rx_cdl, 13 sdma_rx_ce, 0 sdma_tx_rl, ***1748 sdma_tx_ur***
0 sdma_rx_reserr, 0 sdma_tx_reserrWorkaround: There is no workaround.
•
Symptoms: The configuration ID in the inventory data of a Cisco router may be invalid even though the configuration ID in the post header may be correct.
Conditions: This symptom is observed on a Cisco router that is running a Cisco IOS release earlier than Release 12.3 when the cns inventory, cns config initial, and cns id hardware-serial global configuration commands are configured when the router boots up.
Workaround: There is no workaround.
•
Symptoms: The Session Definition Protocol (SDP)/Media Gateway Control Protocol (MGCP) parser may not function properly while parsing local parameters "red" and "siren."
Conditions: This symptom is observed on a Cisco AS5300 that is running Cisco IOS Release 12.2(11)T or Release 12.2(13)T when an MGCP create connection (CRCX) message is sent with a local parameter setting "red" and "siren."
Workaround: There is no workaround. Note that the symptom does not occur in Release 12.2(15)T.
•
Symptoms: A Cisco router that is functioning as a gateway may place incorrect characters in the header of an "invite" message, causing a proxy server to respond with a "400 syntax error" message.
Conditions: This symptom is observed when the Cisco router changes "%40" in the header of an incoming "refer" message to "f" or "U" in the header of an outgoing "invite" message.
Workaround: There is no workaround.
•
Symptoms: A Cisco gateway may reject a "subscribe" request with a "400" response, indicating a "Bad Request, Malformed/Missing Request Line."
Conditions: This symptom is observed when the Session Initiation Protocol (SIP) address in the Uniform Resource Identifier (URI) of the "subscribe" request does not contain a user portion.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload because of a segmentation violation (SegV) exception, and the following error messages and tracebacks may be generated:
AppPushLegORConnection: Object(0x0)(0) NOT a Valid Framework Object
-Traceback= 81124770 8112ED20 81134B04 811049E0 81105048 811062A0 81107D84 81108284 80430CD8
AppPushLegORConnection:Object(0x0) NOT HANDLER: Is APP_NONE
-Traceback= 811247A8 8112ED20 81134B04 811049E0 81105048 811062A0 81107D84 81108284 80430CD8A8 8112ED20 81134B04 811049E0 81105048 811062A0 81107D84 81108284 80430CD8Conditions: This symptom is observed on a Cisco platform that is running an interactive voice response (IVR) application.
Workaround: There is no workaround.
•
Symptoms: A Cisco universal access server or Cisco universal gateway may drop calls that have cause code "0x2C". This cause code is generated because difficulties occur with the allocation of a digital signal processor (DSP).
Conditions: This symptom is observed when a "%VTSP-3-DSP_TIMEOUT: DSP timeout on channel" message appears, the DSP for which the message appears is blocked, and this blocked DSP is then allocated.
Workaround: To recover the blocked DSP, enter the clear spe EXEC command.
•
Symptoms: Calls from a Cisco AS5850 may be rejected by a Cisco Resource Policy Management System (RPMS) with following error message:
Msg:Error: Inconsistent session detected. No Active Call with Call-Id:Conditions: This symptom is observed when a Cisco AS5850 is configured for preauthentication and Virtual Private Dialup Network (VPDN) forwarding.
Debugging the failed call on the Cisco AS5850 indicates that no unique ID was used when the "access accept" for the preauthentication request was received.
Workaround: There is no workaround.
•
Symptoms: On a Cisco AS5300, restart in progress (RSIP) messages may be sent only to the first address in a host list. When this first address does not respond, the Cisco AS5300 reattempts to access this first address but does not move on to subsequent addresses. This situation prevents the call agent from being aware of conditions that are present on the Cisco AS5300, such as an E1 failure.
Conditions: This symptom is observed only when the Cisco AS5300 is running Cisco IOS Release 12.2(11)T8, is functioning as a gateway, and is configured for multiple call agent addresses.
Workaround: Ensure that a call agent is active at the first address in the list.
•
Symptoms: After a call is first placed on hold and then is retrieved from hold, there may be no audio signal.
Conditions: This symptom is observed when a Cisco gateway receives a codec change while a call is on hold. When the call is retrieved from hold, the codec change does not take effect.
Workaround: There is no workaround.
•
Symptoms: The input queue of an interface that is connected to a default network may increase and eventually become full, causing the interface to be no longer usable.
Conditions: This symptom is observed during a service logon when the connection activation takes a long time, for example, because of an authentication, authorization, and accounting (AAA) failure or a delay in a tunnel activation.
Workaround: There is no workaround.
•
Symptoms: A Versatile Interface Processor (VIP) may reload, and the following error message may be logged:
%RSP-2-QAERROR: reused or zero link errorAfter the message has been logged, all VIPs in the router may reload.
Conditions: These symptoms are observed on a Cisco 7500 series that is running Cisco IOS Release 12.2 T and that has the service single-slot-reload-enable global configuration command enabled.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: A Cisco AS5800 may reload.
Conditions: This symptom is observed during a period of inconsistent RADIUS service that causes sessions to flap.
Workaround: There is no workaround.
•
Symptoms: A Cisco 6400 Node Route Processor 1 (NRP1) or a Cisco 7200 series may reload because of an unexpected exception or a bus error at address 0xB0D0B0D.
Conditions: This symptom is observed in Cisco IOS Release 12.2(13)T1 and Release 12.2(15)T1 when the Cisco 6400 NRP1 or the Cisco 7200 series is configured as a PPP over Ethernet (PPPoE) terminator and a Layer 2 Tunneling Protocol (L2TP) access concentrator (LAC).
Workaround: There is no workaround.
•
Symptoms: A Cisco router or Cisco universal gateway may reload when you enter the show ppp multilink EXEC command.
Conditions: This symptom is observed when Multilink PPP (MLP) bundles transition between the "up" and "down" state.
Workaround: Do not enter the show ppp multilink EXEC command.
Resolved Caveats—Cisco IOS Release 12.2(13)T4
Cisco IOS Release 12.2(13)T4 is a rebuild release for Cisco IOS Release 12.2(13)T. The caveats in this section are resolved in Cisco IOS Release 12.2(13)T4 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: A Cisco router may disable Cisco Discovery Protocol (CDP) globally after reloading if an interface on the router is configured for Frame Relay (FR) encapsulation. In addition, if CDP is reenabled, incoming CDP packets on some interfaces may be ignored, preventing the router from recognizing its CDP neighbors. After CDP is reenabled, outgoing CDP packets are sent without any difficulties.
Conditions: This symptom is observed on routers that have CDP enabled prior to a reload and that have at least one interface configured for FR encapsulation.
Workaround: After reloading, reenable CDP and enter the shut command followed by the no shut command on the interfaces that are not receiving CDP traffic.
Miscellaneous
•
Symptoms: A Cisco 1700 series router may stop forwarding packets on an ATM interface and start generating output drops, as is displayed in the output of the show interface atm EXEC command.
Conditions: This symptom is observed on a Cisco 1700 series router that is configured with a digital subscriber line (DSL) WAN interface card (WIC). The symptom is not observed on a Cisco 2600 series router that is configured with the same DSL WIC.
Temporary Workaround: To clear the symptom temporarily, enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the main ATM interface.
•
Symptoms: A router may reload when trying to place calls across an H.323 gatekeeper. The gatekeeper may experience a reload during call setup or after call setup (when the two parties are talking).
Conditions: This symptom is observed on a Cisco 2600 series router that is running Cisco IOS Release 12.2(13)T1.
Workaround: There is no workaround.
•
Symptoms: An established remote-access Virtual Private Network (VPN) that is connected via a dynamic crypto map may stop functioning.
Conditions: This symptom is observed in Cisco IOS Release 12.2 T when the dynamic crypto map is configured without an access control list (ACL) and you configure an ACL on the router.
Workaround: There is no workaround.
•
Symptoms: When the service-policy interface configuration command has been configured on any of its interfaces, a Cisco router may reload during the bootup process, and the following error message is logged on the console of the router:
%ALIGN-1-FATAL: Corrupted program counter pc=0xABCD, ra=0xFJHK, sp=0xLMNOPQRSNote: Pc represents the program counter; ra represents the return address; sp represents the stack pointer.
Conditions: This symptom is observed on a Cisco 7500 series that is running Cisco IOS Release 12.2(15) or Release 12.2(15)T.
Workaround: Disable the configuration of the service policy before you reload the router and reapply the configuration of the service policy after the router has been booted up.
•
Symptoms: A text-to-speech (TTS) prompt that corresponds to a nonmatching event may not be played in a Voice Extensible Markup Language (VXML) application when a nonmatching dual tone multifrequency (DTMF) is entered at the regular TTS prompt.
Conditions: This symptom is observed when the Automatic Speech Recognition (ASR) server recognizes user input before the "Digit End" event is received locally. In this situation, the TTS prompt that corresponds to nonmatching text may start to play (because the ASR recognizes user input) but may be interrupted when the "Digit End" event is received locally. The symptom is related to timing and occurs more frequently with a third-party vendor server.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5350 that is configured as a voice gateway may reload because a bus error.
Conditions: This symptom is observed recurringly (weekly) on a Cisco AS5350 that is running Cisco IOS Release 12.2(11)T and Session Initiation Protocol (SIP), and that may have the timer receive-rtcp gateway configuration command enabled.
Workaround: There is no workaround.
•
Symptoms: E1 Controller 0 on an advanced integration module (AIM) voice WAN interface card (VWIC) may not come up correctly after the interface goes down or the cable is removed.
Conditions: This symptom is observed on a Cisco 2610XM router when the network-clock-participate global configuration command and the network-clock-select global configuration command are enabled.
Workaround: Reload the router. After the router has reloaded, enter the network-clock-participate global configuration command followed by the network-clock-select global configuration command. When the interface derives its clock signal from an external source, the two network clock commands must be entered in the above mentioned sequence to enable the AIM VWIC and the E1 (or T1) interface to synchronize with the network.
Alternate Workaround: Use a High-Speed Data Module (HDM) instead of an AIM VWIC.
•
Symptoms: The crypto map global configuration command that is installed under the BRI interface of a Cisco 2600 series may cause segmentation violation (SegV) exceptions or unexpected exceptions to the CPU vector when the router is booting up.
Conditions: This symptom is observed on a Cisco 2600 series that has a network module and a WAN interface card. This symptom is observed only when the Cisco 2600 series is booting up. This symptom does not occur if the crypto map global configuration command is installed under a different interface and does not occur if the BRI interface is configured after the router has booted up.
Workaround: It is possible to configure the BRI interface without causing this symptom to occur. However, if the router reboots with the configuration in NVRAM, it may continue to experience SegV exceptions and fail to boot completely.
•
Symptoms: A multilink PPP (MLP) interface does not CEF-switch incoming Multiprotocol Label Switching (MPLS) packets. Instead, it switches them in the process-switching path. Outgoing MPLS packets are correctly handled in the Cisco Express Forwarding (CEF) path.
Conditions: This symptom is observed on a Cisco 7200 VXR router that is running Cisco IOS Release 12.2(13)T3.
Workaround: There is no workaround.
•
Symptoms: A Versatile Interface Processor 2-50 (VIP2-50) may reload after it boots up.
Conditions: This symptom is observed on a VIP2-50 that has a 1-port multichannel E3 port adapter (PA-MC-E3) that has distributed link fragmentation and interleaving (LFI) with Virtual Private Network routing and forwarding (VRF) configured on its interfaces.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5400 Session Initiation Protocol (SIP) gateway may stop replying to re-INVITE requests from the proxy to maintain a call. This behavior causes the call to be disconnected when the keepalive timer expires.
Conditions: This symptom is observed under rare circumstances on a Cisco AS5400 SIP gateway.
Workaround: Ensure that the SIP proxy is configured with a session timer value that is greater than or equal to the minimum session timer value on the Cisco AS5400. If this is not possible, configure the session timer on the Cisco AS5400 to the highest possible value by entering the min-se time SIP configuration command.
•
Symptom: A Cisco IAD2420 series may reload when it is under stress from voice calls.
Conditions: This symptom is observed when the voice local-bypass global configuration command is configured to bypass the digital signal processor (DSP) for hairpin calls and when there are mixed analog-to-digital voice calls.
Workaround: Deconfigure the voice local-bypass global configuration command.
•
Symptoms: A Cisco router may reload during the bootup process because of insufficient stack memory. When this situation occurs, the router generates messages similar to the following:
current memory block, bp = 0x63903D80,
memory pool type is Processor
data check, ptr = 0x63903DA8
bp->next(0x605C57C0) not in any mempool
previous memory block, bp = 0x200039E1,
memory pool type is Processor
data check, ptr = 0x20003A09
%SYS-3-BADMAGIC: Corrupt block at 63903D80 (magic 61DEC941)Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2 T when the network configuration contains ATM permanent virtual circuit (PVC) configurations.
Workaround: Move the no shutdown interface configuration command for the ATM interface to the end of the network configuration file, as is shown in the following example:
interface ATM4/0
no ip proxy-arp
no atm ilmi-keepalive
ntp disable
interface ATM4/0.102 point-to-point <-- add the ATM subinterfaces here
pvc 0/102
interface ATM4/0 <--- repeat the ATM main interface for the no shutdown command
no shutdown•
Symptoms: A Cisco 2600XM router may generate the following error message:
ASSERTION FAILED: file "../les/if_dslsar.c", line 1041Conditions: This symptom is observed on a Cisco 2600XM router that is running Cisco IOS Release 12.2(13)T1.
Workaround: There is no workaround.
•
Symptoms: A supervisor card may not recognize the Cisco 4000 Access Gateway Module after the gateway boots up.
Conditions: This symptom is observed on a Cisco 4000 Access Gateway Module that is running Cisco IOS Release 12.2(13)T.
Workaround: There is no workaround.
•
Symptoms: When a gateway starts up, Media Gateway Control Protocol (MGCP) restart in progress (RSIP) messages may not be sent for all available E1 interfaces, causing the call agent to be unaware of full circuit availability on the gateway and calls to be dropped. For example, of 15 available E1 interfaces, only one RSIP message is sent (generally but necessarily for the first E1 interface). After 20 minutes, another individual E1 RSIP message is sent followed by a wildcard RSIP message for the entire gateway. Every 10 minutes thereafter, two RSIP messages for individual E1s are sent. Up to 80 minutes may be required before stability is reached, causing calls to be dropped each time a delayed RSIP message is sent after the wildcard RSIP message has been sent.
Conditions: This symptom is observed on a Cisco AS5400 that is functioning as a gateway and that is running Cisco IOS Release 12.2(11)T5.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5300 may reload because of a TCP socket connection failure.
Conditions: This symptom is observed when you make asynchronous calls over an ISDN line to a network access server (NAS).
Workaround: There is no workaround.
•
Symptoms: A service policy may be removed from a multilink interface after the router reloads or after you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the multilink interface.
Conditions: This symptom is observed only when the sum of the total bandwidth in the service policy is equal to 100 percent of the total available bandwidth.
Workaround: Remove bandwidth from the class default, as indicated in the following command output:
policy-map generic
class Voice_MPLS
priority percent 20
class LowDelay_MPLS
bandwidth remaining percent 30
class BestEffort_MPLS
bandwidth remaining percent 35
class class-default
bandwidth remaining percent 35 <---- Remove this bandwidth configuration.
By default, class-default receives
the remaining 35% anyway.Symptoms: Even though you can configure Distributed Link Fragmentation and Interleaving (DLFI) on a Multilink PPP (MLP) link on an 8-port serial port adapter (PA-8T), interleaving may not function, causing excessive latency on voice traffic.
Conditions: This symptom is observed on a Cisco 7500 series that is configured with a Versatile Interface Processor (VIP) and a PA-8T.
Temporary Workaround: Configure the tx-ring-limit 2 interface configuration command on the serial interface. Repeat the workaround after the router or the MLP bundle has been reset.
•
Symptoms: A Cisco router may reload when you send a Server Load Balancing (SLB) ping through an ATM interface.
Conditions: This symptom is observed in Cisco IOS Release 12.2 T.
Workaround: There is no workaround.
•
Symptoms: Modem pass-through calls may not work over the connection trunk after a modem or a fax call. The Host Port Interface (HPI) may not respond after the first call has finished. The modem or fax call may not terminate properly and causes the subsequent calls to fail.
Conditions: This symptom is observed on a Cisco 3600 series router that is running Cisco IOS Release 12.2(13)T2.
Workaround: There is no workaround.
•
Symptoms: If a codec filter is configured on the outbound dial peer of an IP in IP (IPIP) gateway, a fax call may fail.
Conditions: This symptom may be observed if the originating IPIP gateway proposes more than one codec in the FastStart list. The codec filter should be such that one or more codecs from the beginning of the proposed list are filtered.
Workaround: Do not use a codec filter configuration (for example, use a codec of transparent).
•
Symptoms: During a connection trunk case, a call may pause indefinitely.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(13)T.
Workaround: There is no workaround.
•
Symptoms: The Foreign Exchange Station (FXS) ports may stop responding completely. The following errors will be seen on the console of the gateway:
%VTSP-3-DSP_TIMEOUT: DSP timeout on channel 4/2 (2557), event 0x74: DSP ID=0x3: DSP Disc (call mode=0)
ERROR::chopin_dsprm_cmd_enqueue: Queue full, DSP=0,write_ptr=255,read_ptr=0
Conditions: This symptom is observed on a Cisco 4604 Access Gateway Module (AGM) with FXS ports that is running Cisco IOS Release 12.2(13)T2. The AGM was controlled by Cisco CallManager using the Media Gateway Control Protocol (MGCP).
Workaround: Reboot the AGM.
Alternate Workaround: Enter a shut command followed by the no shut command on the voice port to reboot the digital signal processor (DSP).
•
Symptoms: Calls that wait for longer than 5 minutes to be answered are dropped.
Conditions: This symptom is observed when the maximum timer value of the Session Initiation Protocol (SIP) expires. Calls in queue may need to wait longer than 5 minutes to be answered and are dropped.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload when a virtual-access interface is created.
Conditions: This symptom is observed on a Cisco 6400 NRP2 that is running Cisco IOS Release 12.2(13)T1.
Workaround: There is no workaround.
•
Symptoms: Cisco routers may reload if they are configured with the following features:
–
–
–
–
–
Conditions: This symptom is observed on Cisco 2691, Cisco 3725, and Cisco 3745 routers when configured with the above feature combinations and tested with 24 voice calls. Routers reload when voice calls are established by executing the following show commands:
–
–
Workaround: There is no workaround.
•
Symptoms: The SONET MIB data is not updated. The missing data is indicated in the output when the show controller sonet command is issued.
Conditions: This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.2 T.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: Payload packets may be transmitted out of order over a Multilink PPP (MLP) bundle.
Conditions: This symptom is observed during periods of heavy data traffic.
Workaround: There is no workaround.
•
Symptoms: Microsoft Point-to-Point Encryption (MPPE) enforcement may not work on a Cisco router. The router may allow Point-to-Point Tunneling Protocol (PPTP) Windows 2000 (W2K) and Windows XP users to connect without negotiating the MPPE.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(13)T even if it is configured with the ppp encrypt mppe 128 required command.
Workaround: Enable software compression from the Windows client. The software compression allows the router to disconnect the client that is not able to negotiate MPPE.
•
Symptoms: A Cisco router may not pass traffic to a Tag Distribution Protocol (TDP) neighbor, counter increments are ignored on an ingress interface, and tag adjacency information is missing from a bundled Frame Relay interface.
Conditions: This symptom is observed on a Cisco 7500 series router but may be platform independent.
Workaround: Reenter the ip route-cache distributed interface configuration command on the Frame Relay interface. Another option is to flap the interface a few times using the shut command followed by the no shut command.
•
Symptoms: A segmentation violation (SegV) exception may occur on a Cisco 1751- V router, causing the router to reload.
Conditions: This symptom is observed during normal operation of a Cisco 1751-V router that is running Cisco IOS Release 12.2(13)T.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.2(13)T3
Cisco IOS Release 12.2(13)T3 is a rebuild release for Cisco IOS Release 12.2(13)T. The caveats in this section are resolved in Cisco IOS Release 12.2(13)T3 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: An incorrect value is displayed for the ifOperStatus object for High-Speed Serial Interfaces (HSSIs) that are running PPP or propPointToPointSerial encapsulation. A value of "6" (not present) is returned.
Conditions: This symptom is observed when a Simple Network Management Protocol (SNMP) query is performed on the ifOperStatus object or the propPointToPointSerial encapsulation.
Workaround: There is no workaround.
•
Symptoms: A router may experience a watchdog forced reload with the following error message:
Enter hex value: 60FE00B4 60FE0124 60FE018C 60FE09F8 60FCD324 60FD0F74 60FD180C
0x60FE00B4:radius_find_attr(0x60fe0088)+0x2c
0x60FE0124:radius_message_authenticator_extract(0x60fe00cc)+0x58
0x60FE018C:radius_message_authenticator_encode(0x60fe0164)+0x28
0x60FE09F8:radius_encrypt_access_request(0x60fe0458)+0x5a0
0x60FCD324:radius_encrypt(0x60fcd26c)+0xb8
0x60FD0F74:radius_queues(0x60fd0cb4)+0x2c0Conditions: This symptom is observed when the RADIUS authentication occurs.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: A Cisco router with Resource Reservation Protocol (RSVP) may unexpectedly reload by "bus error at address 0xB0D0B1D" when an RSVP sender application is informed of a reservation (RESV) update and the sender application calls RSVP to delete the matching protection switch byte (PSB) and reservation state block (RSB) state in the context of the notification function.
Conditions: This symptom is observed by the Optical Channel Protection (OCP) traffic engineering (TE) client when the OCP TE tunnel headends and tailends are configured for AdminStatus updates.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is functioning as an Autonomous System Boundary Router (ASBR) in an inter-autonomous system (Inter-AS) Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) topology may advertise the wrong next hop (IP address of the external Border Gateway Protocol [eBGP] neighbor) to the eBGP neighbor ASBR for some VPN-IPv4 (vpnv4) prefixes.
Conditions: This symptom is observed on an ASBR Cisco router.
Workaround: Manually change the "ip next-hop" by entering the set ip next-hop router configuration command on either this ASBR or the neighbor ASBR using the route map.
•
Symptoms: Multiprotocol Label Switching (MPLS) traffic engineering (TE) tunnels will take 5 minutes to come back up after an interface flap.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(11)T, Release 12.2(12)T, or Release 12.2(13)T with MPLS TE tunnels configured.
Workaround: There is no workaround.
•
Symptoms: A bad magic number in the chunk header may lead to a memory corruption and may cause a router to reload.
Conditions: This symptom is observed after a Resource Reservation Protocol (RSVP) path message is received on a Cisco router that is running Cisco IOS Release 12.2(13)T or Release 12.2 S and RSVP.
Workaround: There is no workaround.
•
Symptoms: Network Address Translation (NAT) debug messages do not show release messages at the end of a call.
Conditions: This symptom is observed for NAT debug messages for the following debug commands: in Cisco IOS Release 12.2(13)TO1:
debug ip nat h323
debug ip nat
debug ip nat skinny
Workaround: Upgrade to Cisco IOS Release 12.2(13)T3 or a later release.
Miscellaneous
•
Symptoms: A Cisco router may fail to establish tunnels after the router has been running for a period of time. The source address mask in the crypto access control lists (ACLs) has become corrupted.
Example before corruption:
interface: Serial1/3 Crypto map tag: my_map, local addr. 10.24.128.145
local ident (addr/mask/prot/port): (10.24.0.0/255.254.192.0/0/0) remote ident (addr/mask/prot/port): (10.24.137.128/255.255.255.192/0/0) current_peer: 10.24.128.146 .....Example after corruption:
interface: Serial1/3 Crypto map tag: my_map, local addr. 10.24.128.145
local ident (addr/mask/prot/port): (10.24.0.0/255.255.23.0/0/0) <=== remote ident (addr/mask/prot/port): (10.24.137.128/255.255.255.192/0/0) current_peer: 10.24.128.146 .....Conditions: This symptom is observed on a Cisco router that is running a Data Encryption Standard (DES) or 3DES crypto image of Cisco IOS Release 12.1(11b)E to Release 12.1(11b)E8, or Cisco IOS Release 12.1(12c)E to Release 12.1(12c)E4. This symptom is usually observed soon after a rekey has occurred for one or more IP security (IPSec) tunnels.
Workaround: Upgrade to Cisco IOS Release 12.1(12c)E6 for all 7100 images of Cisco IOS software. Upgrade to Cisco IOS Release 12.1(12c)E6 for all 7200 -k2 and -561 images of Cisco IOS software.
•
Symptoms: No dial tone is heard on the Foreign Exchange Station (FXS) ports, and no calls can connect from T1 ports. Dead air exists on the handset.
Conditions: This symptom is observed on a Cisco IAD2420 series smart integrated access device that is running Cisco IOS Release 12.2(11)T1.
Workaround: Enter the no voice local-bypass global configuration command on the Cisco IAD2420 series.
•
Symptoms: A High-Speed Serial Interface (HSSI) may stop transmitting traffic for some time and then recover. When the HSSI stops transmitting traffic, the output of the show interfaces privileged EXEC command displays the following message: "Output queue 40/40"
Conditions: This symptom is observed on a Cisco 7200 series router.
Workaround: There is no workaround.
•
Symptoms: A Cisco Node Route Processor (NRP) may take more time than normal to reboot after the copy startup-config tftp: running- config privileged EXEC command is entered.
Conditions: This symptom is observed when there are 8000 routed bridge encapsulation (RBE) sessions on a Cisco router that is running Cisco IOS Release 12.2(12.10)T1 and after the radius-server host global configuration command is configured.
This symptom is observed when Cisco Service Selection Gateway (SSG) and RADIUS server commands are enabled. This symptom may continue to occur after SSG commands are removed and when RADIUS server commands are still present.
Workaround: Remove the RADIUS server commands from the startup configuration and reboot the router. Reenter the RADIUS server commands into the configuration after the router has rebooted.
•
Symptoms: A Cisco 6400 Node Switch Processor (NSP) may reload when you initiate a command.
Conditions: This symptom is observed when you use the cd EXEC command to change to the mir-disk0 directory and then enter the dir EXEC command on an NSP that is running any release of Cisco IOS software
Workaround: There is no workaround.
•
Symptoms: A Cisco 2600 series router or a Cisco 3640 router that is using a T1 high-density voice network module (NM-HDV) for data (using a channel group configuration) and the compressed Real-Time Protocol (cRTP) will pass uncompressed RTP frames to the WAN when fast switching or Cisco Express Forwarding (CEF) switching is enabled on the T1 NM-HDV network module. This symptom does not occur if the Real-Time Transport Protocol (RTP) stream is generated by the router.
Conditions: This symptom is observed on a Cisco 2600 series router or a Cisco 3640 router that has a T1 NM-HDV network module that is running Cisco IOS Release 12.2(8)T5, 12.2(11)T1, or Release 12.2(12.14)T1.
Workaround: Configure the router to perform process switching on the WAN interface by entering the no ip route-cache interface configuration command. Verify the condition of the router before entering this command as the configuration of this command may increase the level of CPU processing on the router.
•
Symptoms: The following error message may be displayed on the console of a Cisco AS5850:
%RS_TDM-3-TDM_BADARG: conn types different, trunk=1 modem=0The error message is followed by a traceback.
Conditions: This symptom is observed when voice calls and calls that are switched via time-division multiplexing (TDM) are being made in a Media Gateway Control Protocol (MGCP) environment.
Workaround: There is no workaround.
•
Symptoms: A T1 channel-associated signaling (CAS) trunk may produce a 1-kHz tone at 19.9 dB while the trunk is in the idle state.
Conditions: This symptom is observed on a T1 CAS trunk that is running Cisco IOS Release 12.2(11)T. This symptom does not affect normal call operation.
Workaround: There is no workaround.
•
Symptoms: The ds0-group channel timeslots range type signal controller configuration command cannot be configured with 15 channels on an E1 controller interface. This limitation allows only 30 channels to be configured on an E1 controller interface.
Conditions: This symptom is observed on the E1 controller interface of a Cisco router that is running Cisco IOS Release 12.2(13)T.
Workaround: There is no workaround.
•
Symptoms: A backend Gatekeeper Transaction Message Protocol (GKTMP) server that is attached to a Cisco H.323 gatekeeper (GK) may disconnect a TCP connection or send an error message for each GKTMP request message that is sent to the GKTMP server.
Conditions: This symptom is observed in the following scenario:
a.
b.
c.
d.
Workaround: There is no workaround.
•
Symptoms: V.22B modem connections may not work reliably over modem pass-throughs.
Conditions: This symptom is observed on V.22B modems when a pair of voice gateways have digital voice ports that are driven by different clock sources. High-speed modem connections (V.32, v32bis) are not affected by this condition.
Workaround: There is no workaround.
•
Symptoms: The com.cisco.asr-server property is not applied on the revisited Voice Extensible Markup Language (VXML) form.
Conditions: This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.2(13)T.
Workaround: There is no workaround.
•
Symptoms: Cisco CallManager uses different versions of the G.729 codec when setting up Message Transfer Protocol (MTP) calls across intercluster trunks. Cisco CallManager should set up the call legs with the same versions of the G.729 codec.
Conditions: This symptom is observed with Cisco CallManager on the Cisco VG200 with a Catalyst switch.
Workaround: There is no workaround.
•
Symptoms: A router permanently pauses when removing certain types of policies from the interface.
Conditions: This symptom is observed on a Cisco router if the policy has bandwidth configured on class-default. When this policy is removed, the router permanently pauses.
Workaround: There is no workaround.
•
Symptoms: When a digital subscriber line (DSL) goes down and comes up again, the RX buffers on a WAN interface card (WIC) may be depleted because of a memory leak in the management of these buffers. This may cause complete downstream path failure.
Conditions: This symptom is observed on a Cisco WIC with RX buffers.
Workaround: Execute the shut global configuration command followed by the no shut global configuration command on the interface.
•
Symptoms: A Cisco AS5350 may reload because of a bus error that may be related to Session Initiation Protocol (SIP).
Conditions: This symptom is observed on a Cisco AS5350 that is running Cisco IOS Release 12.2(11)T and that is configured for Voice over IP (VoIP), fax, and SIP User Agent (SIP-UA).
The symptom may also occur on a Cisco AS5300 or a Cisco AS5400 that is running Cisco IOS Release 12.2(2)XB.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload because of a watchdog timeout condition.
Conditions: This symptom is observed on a Cisco router that is functioning as a voice endpoint with active calls.
Workaround: There is no workaround.
•
Symptoms: A Cisco 2600 series may reload with a signal trap (Sigtrap) exception that is caused by a memory leak in the "CCSIP-SPI-CONTROL" process.
Conditions: This symptom is observed on a Cisco 2600 series that is running Cisco IOS Release 12.2(11)T when a subscribe request for unsupported services or nonexistent events occurs.
Workaround: Ensure that no invalid subscribe request is being sent.
•
Symptoms: A provider edge (PE) router may fail to bind a label for a route.
Conditions: This symptom is observed after the route has flapped and recovered.
Workaround: There is no workaround. To recover from the situation, enter the no mpls ip global configuration command followed by the mpls ip global configuration command.
•
Symptoms: Fax pass-through calls that originate from PRI interfaces may fail if using Cisco CallManager.
Conditions: This symptom is observed on a Cisco VG200 that is configured with Message Transfer Protocol (MTP).
Workaround: Use a Foreign Exchange Station (FXS) port to originate calls.
Alternate workaround: Do not use MTP.
•
Symptoms: A router may reload when more than two Telnet sessions are established on a router and all sessions try to modify the same class map or policy map, or one session tries to modify the class map or policy map while another session is trying to access the data structures using the show EXEC command.
Conditions: This symptom is observed on a router that has more than two Telnet sessions established.
Workaround: While "showing" the class map or policy map, do not modify or remove the data structure.
•
Symptoms: A Session Initial Protocol (SIP) Cisco IOS gateway (GW) receives an initial INVITE with both an IMAGE and AUDIO m line. The GW negotiates the IMAGE m line and does not set up a voice call.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(11)T.
Workaround: There is no workaround; however, in the initial INVITE, the AUDIO m line should be given preference.
•
Symptoms: A router that is running PPP over ATM (PPPoA) may randomly drop packets.
Conditions: This symptom is observed on any Cisco platform and any Cisco IOS release that supports the Subscriber Server Switch (SSS).
Workaround: There is no workaround.
•
Symptoms: Dynamic Multipoint Virtual Private Network (DMVPN) does not function in conjunction with Network Address Translation Traversal (NAT-T) mode.
Conditions: This symptom is observed when two routers in a VPN NAT-T environment negotiate IP Security (IPSec) security associations (SAs) and a connected hub side that is configured for DMVPN does not decrypt any traffic.
Workaround: Use point-to-point generic routing encapsulation (GRE) tunnels with NAT-T instead of DMVPN.
Alternate Workaround: Do not use NAT-T if DMVPN is required.
•
Symptoms: User authentication may fail for a CiscoSecure VPN client.
Conditions: This symptom is observed in Cisco IOS Release 12.2(13)T when the client username includes a domain delimiter character (for example, @) and when the domain name does not match the authentication group name.
Workaround: Ensure that the domain name matches the group name in the CiscoSecure VPN client profile.
•
Symptoms: A gateway may reload during a stress test.
Conditions: This symptom is observed when the gateway uses an Automatic Speech Recognition (ASR)/text-to-speech (TTS) server that is overloaded, causing both the ASR/TTS server and the gateway to reload.
Workaround: Ensure that the ASR/TTS server is not overloaded.
•
Symptoms: All or a portion of a prerecorded prompt may not be heard.
Conditions: This symptom is observed when you mix text-to-speech (TTS) and prerecorded prompts in one call and when the prerecorded prompt immediately follows a TTS prompt.
Workaround: There is no workaround.
•
Symptoms: While you copy the configuration from the startup configuration or from TFTP to the running configuration, the following error message may be displayed:
NRP2_SE64-3-LLD_RX_VC_NOT_CLOSEConditions: This symptom is observed on a Cisco Node Route Processor 2 (NRP2) when the configuration includes the atm vc-per-vp interface configuration command and the range pvc subinterface configuration command.
Workaround: Manually configure the atm vc-per-vp interface configuration command before you copy the entire configuration.
•
Symptoms: No ringback tone is heard when a hairpin call is made from a Foreign Exchange Station (FXS) port to the T1 port of a Cisco IAD2421 integrated access device.
Conditions: This symptom is observed on a Cisco IAD2421 that is running Cisco IOS Release 12.2(11)T.
Workaround: Configure the no voice local-bypass global configuration command to prevent hairpin calls from being made.
•
Symptoms: A basic call on a Cisco universal access server that is configured for Network Address Translation (NAT) may cause a traceback indicating a memory allocation (MALLOC) failure and may cause one-way audio to occur.
Conditions: This symptom is observed on a Cisco universal access server that is running Cisco IOS Release 12.2(13)T when it is located behind another device that is also configured for NAT.
Workaround: There is no workaround.
•
Symptoms: When a port of a switch that is connected to a Fast Ethernet (FE) interface of a router that is running Hot Standby Router Protocol (HSRP) at a higher priority than the switch is disabled and then enabled, the FE interface may go up and down continuously.
The HSRP state may change continuously from "Active" to "Speaking," from "Speaking" to "Standby," and from "Standby" to "Active." When the HSRP state changes from "Active" to "Speaking," the router resets the FE interface in order to remove the HSRP MAC address from the interface MAC address filter. The switch detects this link state change on the FE interface, and a Spanning Tree Protocol (STP) transition occurs. The spanning tree takes 30 seconds (twice the default forward delay time of 15 seconds) to transition the port into the forwarding state.
Conditions: These symptoms are observed on the FE interface of a Cisco 1700 series that is running Cisco IOS Release 12.2(13)T when both the following conditions are present:
a.
b.
Workaround: Do all of the following:
–
–
–
For more information, refer to the Troubleshooting the Catalyst 5000 document at http://www.cisco.com/warp/public/473/56.html.
–
–
•
Symptoms: The following CPU hog message may be displayed on a router after a multilink interface is shut down:
%SYS-3-CPUHOG: Task ran for 2480 msec (3/2), process = MultilinkConditions: This symptom is observed when a state transition occurs on a multilink interface such as when the interface is coming up or going down.
Workaround: There is no workaround for the CPU hog condition.
If any application or routing protocol is affected by the CPU hog condition and is timing out because of the CPU hogging condition, increase the duration of the application or routing protocol timers.
•
Symptoms: The transmitting Segmentation and Reassembly (SAR) side of a Cisco Node Route Processor 2 (NRP2) may stop functioning.
Conditions: This symptom is observed under high traffic conditions (52,000 packets per second) and when the CPU utilization is at 100 percent for more than 10 minutes.
Workaround: There is no workaround.
•
Symptoms: Poor voice quality occurs after several calls on a Cisco router.
Conditions: This symptom is observed on a Cisco 7500 series router that is configured with Compressed Real-Time Protocol (CRTP) header compression.
Workaround: Disable the CRTP.
•
Symptoms: The output of the test dsprm hidden command and the output of the show snmp EXEC command display active digital signal processor (DSP) recovery alarms.
Conditions: This symptom is observed on a Cisco AS5300 that is functioning as a voice gateway.
Workaround: There is no workaround.
•
Symptoms: When digital signal processor (DSP) resource management (DSPRM) attempts to recover a DSP channel without first checking whether its peer channel is still loading, a double loading condition may occur.
Conditions: This symptom is observed on a Cisco AS5300 that is configured for Voice over IP (VoIP).
Workaround: There is no workaround.
•
Symptoms: The range pvc subinterface configuration command may not work properly on an ATM interface.
Conditions: This symptom is observed on a Cisco Node Route Processor 2 that is processing variable bit rate (VBR) traffic.
Workaround: Shut down the ATM interface before you make any changes to the configuration.
•
Symptoms: An H.323 gatekeeper sends an admission rejection (ARJ) to an admission request (ARQ) that contains the destination IP address of the remote endpoint on the ARQ.
Conditions: This symptom is observed after an upgrade occurs from Cisco IOS Release 12.2(7c) to Release 12.2(13)T.
Workaround: Configure aliases on both source and terminating endpoints.
•
Symptoms: The H.323 conference ID format on a Cisco 3700 series router and a Cisco 2600XM series router is not compatible with the conference ID format from prior releases of Cisco IOS software.
–
–
Conditions: This symptom is observed only for the Cisco 3700 series routers and the Cisco 2600XM series routers that are running Cisco IOS Release 12.2(11)T, Release 12.2(11)T2, and Release 12.2(11)T3.
Workaround: There is no workaround.
•
Symptoms: A terminating gateway may reload when fax tones are detected during the call setup process.
Condition: This symptom is observed when Cisco IOS routers are functioning as Session Initiation Protocol (SIP) gateways for T.38 fax and are configured with the Media Inactivity Timer.
Workaround: Turn off the Media Inactivity Timer. This action may leave some call legs hanging. If turning of the Media Inactivity Timer is not an option, there is no workaround.
•
Symptoms: Location request (LRQ) messages are sent to all zones of a remote cluster even after one of the elements returns a location confirm (LCF) message. This behavior impacts the load-balancing process that is associated with the remote cluster zone.
Conditions: This symptom is observed only when the gatekeeper is configured with the endpoint alt-ep collect gatekeeper configuration command and cluster zones.
Workaround: Remove the endpoint alt-ep collect gatekeeper configuration command from the gatekeeper configuration as a temporary workaround.
Note
•
Symptoms: Configuring a dialer interface (or any other logical interface) may cause a router to reload.
Conditions: This symptom is observed when the cns config notify diff global configuration command is configured and you use Cisco Networking Services (CNS) to configure a dialer interface (or any other logical interface).
The symptom also occurs when the cns config initial global configuration command or the cns config partial global configuration command is configured.
Workaround: There is no workaround.
•
This caveat consists of two symptoms, two conditions, and two workarounds:
Symptoms A: A Cisco 3745 router that is configured with a 16-port Ethernet switch network module may reload during the bootup process.
Conditions A: This symptom is observed when duplicate or unique MAC addresses were manually configured under the switch ports and this was done for more than 10 switch ports. The symptom does not occur when fewer than 10 ports were manually configured.
Workaround A: Do not configure MAC addresses under the switch ports. The 16-port Ethernet switch network module is already provisioned with one MAC address per switch port when it is shipped from the factory.
Symptoms B: A Cisco 3745 router that is configured with a 16-port Ethernet switch network module may reload.
Conditions B: This symptom is observed when the Cisco 3745 receives tagged packets for a VLAN that does not exist in the VLAN database.
Workaround B: Ensure that all expected 802.1q VLAN tags have been configured in the VLAN database.
•
Symptoms: The Internet Security Association and Key Management Protocol (ISAKMP) key with a hardware encryption module is limited to 64 bytes when doing hardware-to-software encryption.
Conditions: This symptom is observed with Cisco IOS Release 12.1(12c)E6.
Workaround: Use 64 bytes or less for ISAKMP preshared keys if using hardware-to-software encryption.
•
Symptoms: The output of the show dial-peer voice EXEC command may report the incorrect number of active connections supported by the dial peer:
connections/maximum = 247848/unlimited,This is only a cosmetic error unless the user has also configured the max-conn statement under a given dial-peer to limit the maximum number of concurrent sessions supported by the dial peer. If this is the case, the max-conn value may be exceeded and further calls will fail for that dial peer even if the true number of calls that the dial peer is supporting is below the maximum setting.
Conditions: This symptom is observed on Voice over IP (VoIP) dial peers.
Workaround: There is no workaround.
•
Symptoms: A gateway that negotiates a G.729 codec with 20 bytes in the call setup may send 40 bytes instead.
Conditions: This symptom is observed on a Cisco AS5300 that is functioning as a gateway.
Workaround: There is no workaround.
•
Symptoms: A router that is configured as a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) provider edge (PE) router may reload with an error message similar to the following:
Jan 17 10:41:53.299 CET: %SYS-2-CHUNKBADMAGIC: Bad magic number in chunk header,Conditions: This symptom is observed only on routers that are configured as MPLS VPN PEs and that are running Cisco IOS Release 12.2(6.2)T or later releases.
Workaround: There is no workaround. However, it is believed that Cisco IOS images without the fix for caveat CSCdu19498 are not susceptible to this symptom. For Cisco IOS images that do have this fix, the router reload is likely to occur in topologies in which one or more interfaces on the router do not have support for Cisco Express Forwarding (CEF).
•
Symptoms: When modem pass-through or relay is used, modem calls may fail to connect. This is because the gateway does not detect the answer tone (ANS) on the called modem and does not switch to pass-through or relay.
Conditions: This symptom is observed only in a connection trunk environment when Cisco fax relay or T.38 fax relay is used on the trunks.
Workaround: Run G.711 on the trunk to help improve modem performance.
Alternate workaround: Disable fax relay.
•
Symptoms: Response times from Internet Information Servers (IISs) and Cisco Tomcat HTTP servers are always at least 0.5 seconds.
Conditions: This symptom is observed when the TCP push bit on an HTTP GET request to an IIS or Tomcat server is not set. The server response time is delayed.
Workaround: Place a router and Cisco cache engine between the client gateway and the HTTP server. The router and/or cache engine turn on the bit and speed up response times.
•
Symptoms: High density analog voice/fax network modules with 4 Foreign Exchange Station (FXS) ports (NM-HDA-4FXS) may fail in diagnostic testing (pre-2 corner) at varying rates depending on the date code of a field-programmable gate array (FPGA). This may cause a DSP failure in one or more of the digital signal processors (DSPs).
Conditions: This symptom is currently observed only in diagnostic images and occurs during the system bootup.
Workaround: There is no workaround.
•
Symptoms: A Session Initiation Protocol (SIP) gateway may build the "Router" header in a "Bye" message using only the "Contact" header.
Conditions: This symptom is observed when the initial SIP request "Invite" message has tags in the "Record-Route" headers.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5400 router configured as a terminating gateway (TGW) may permanently pause after running a 24-hour stress test with all features enabled.
Conditions: This symptom is observed on a Cisco AS5400 router that is running Cisco IOS test image c5400-is-mz.th.sync2.
Workaround: There is no workaround.
•
Symptoms: For Voice Extensible Markup Language (VXML) regex grammar, there is no way to specify the range for digits. The Cisco version of the VXML interpreter does not support this capability.
Conditions: This symptom is observed in the Cisco version of the VXML interpreter.
Workaround: There is no workaround.
•
Symptoms: When Parallel Express Forwarding (PXF) is enabled, a variety of symptoms may occur depending on the Cisco router or switch:
–
–
–
Conditions: This symptom is observed when a packet is punted to the Route Processor (RP) and occurs because the paktype was not properly scrubbed after its last use.
Workaround: Disable PXF. If this is not an option, there is no workaround.
•
Symptoms: IP phone users are not able to enter long distance access codes or navigate through interactive voice response (IVR) applications. This symptom occurs only when the called party does not provide answer supervision.
The symptom is experienced when the telco requires that a long distance access code be entered after the called party is dialed. The telco plays a tone indicating that the user must enter a fixed length access code in order to complete the call. However the telco does not provide answer supervision.
The show voice call summary output indicates a voice processor module (VPM) state of "EM_WAIT_FOR_ANSWER".
When the calling party IP phone user attempts to enter the dual tone multifrequency (DTMF) access code, the IP phone sends an out-of-band Skinny Client Control Protocol (SCCP) message to the Cisco CallManager and the Cisco CallManager relays this DTMF message to the Cisco IOS gateway via Media Gateway Control Protocol (MGCP). However, the gateway does not pulse out the DTMF digits to the telco.
This symptom may also be observed when some IVR systems that do not provide answer supervision are dialed.
In both cases, the IP phone displays "Ring Out" and the show voice call summary output from the gateway indicates "EM_WAIT_FOR_ANSWER".
If the call is "CONNECTED," the gateway plays DTMF without symptoms.
Conditions: This symptom is observed on a Cisco IOS gateway that is running MGCP with Cisco CallManager. The gateway has a T1 channel-associated signaling (CAS) recEive and transMit (E&M) wink circuit to the telco.
Workaround: Use H.323 instead of MGCP.
•
Symptoms: A Cisco 7200 series router initiates an Internet Security Association and Key Management Protocol (ISAKMP) connection (phase 1 negotiation) and then tries to reestablish the phase 1 security association (SA) after the phase 1 SA has expired. In this process, the local User Datagram Protocol (UDP) port is assumed to be 0, which causes the failure of the rekey (because the peer sends at port 0):
ISAKMP: local port 0, remote port 500The failure causes the deletion of the IP security (IPSec) SA on the local side, but the local side is unable to notify the other peer about the deletion because there no longer is a phase 1 SA. Therefore, when the peer tries to send encrypted packets, it uses an invalid service profile identifier (SPI) and the following message is received on the local side:
%CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr= , prot=50, spi=0x71AE3489(1907242121), srcaddr=Conditions: This symptom is observed on a Cisco 7200 series router with an ISAKMP connection.
Workaround: There is no workaround.
•
Symptoms: T.38 fax calls fail when FastStart is used with more than one codec proposed.
Conditions: This symptom is observed with IP in IP (IPIP) gateways.
Workaround: Use SlowStart for any calls that require fax.
•
Symptoms: On an IP in IP (IPIP) gateway, the forward logical channel number between call legs may not match if the inbound call leg codec list contains a G.723ar63 codec type.
If a mismatch occurs and the outgoing gateway attempts to close the channel, the IPIP gateway will not forward the close request to the terminating gateway because the outbound call leg cannot find the channel number that is given by the originating gateway.
Conditions: This symptom is observed when a fax is sent on an IPIP gateway.
Workaround: Avoid passing the G.723ar63 codec through the IPIP gateway. The G.723ar63 can be prevented from being passed through the gateway by removing the G.723ar63 codec type from the originating gateway or by providing a codec filter on the IPIP gateway. Slowstart procedures may also be used to prevent the G.723ar63 codec from being passed through the IPIP gateway.
•
Symptoms: Traceback and spurious memory accesses may be seen on a Cisco 3660 router with a VG200 voice gateway when the router is being used as a conference bridge. In addition, the conference bridge functionality does not work.
Conditions: This symptom is observed on a Cisco 3660 router with a Cisco VG200 that is running the c3660-is-mz.122-12.13.T1 image of Cisco IOS Release 12.2(13)T1.
Workaround: There is no workaround.
•
Symptoms: A permanent virtual connection (PVC) configuration is removed if a PVC fails when it is recreated.
Conditions: This symptom is observed on a Cisco 7500 series that has a Versatile Interface Processor (VIP). The PVC configuration may be removed if the VIP is carrying data traffic and the parameters of the virtual circuit (VC) class that is attached to the configured PVCs on the associated interface are modified.
Workaround: There is no workaround.
•
Symptoms: All Multiprotocol Label Switching (MPLS), Label Distribution Protocol (LDP), and MIBs are missing on Cisco 2691, Cisco 3660, Cisco 3725, and Cisco 3745 routers.
Conditions: This symptom is observed on Cisco 2691, Cisco 3660, Cisco 3725, and Cisco 3745 routers.
Workaround: There is no workaround.
•
This caveat consists of four symptoms, four conditions, and four workarounds:
- Symptoms A: The local connection descriptor information that is returned by a Media Gateway Control Protocol (MGCP) gateway in response to an Audit Connection (AUCX) request may contain the "audio" media type instead of the expected "image" media type.
Conditions A: This symptom is observed in all images of Cisco IOS Release 12.2(11)T, Release 12.2(13)T, and later releases that support MGCP when a T.38 fax call that is in progress is audited.
Workaround A: There is no workaround.
- Symptoms B: The local connection descriptor information that is returned by a Media Gateway Control Protocol (MGCP) gateway in response to an Audit Connection (AUCX) request may contain the "image" media type instead of the expected "audio" media type.
Conditions B: This symptom is observed on a Cisco IOS release later than Release 12.2(13)T when a voice call that contains both a voice leg and a Voice over IP (VoIP) leg is audited.
Workaround B: There is no workaround.
- Symptoms C: A fax relay switchover that is driven by a call agent may fail to switch the media stream to the T.38 codec, even though MGCP signaling indicates that the switchover occurs.
Conditions C: This symptom is observed on a Cisco IOS release later than Release 12.2(13)T when an active call is audited before a corresponding feature (such as a T.38 fax feature that is driven by a call agent) is invoked.
Workaround C: There is no workaround.
- Symptoms D: Class of Service (CoS) features such as Three-Way Calling may fail to establish the third leg of the call.
Conditions D: This symptom is observed on a Cisco IOS release later than Release 12.2(13)T when an active call is audited before a corresponding feature (such as three-way calling) is invoked.
Workaround D: There is no workaround.
•
Symptoms: After a router reboots, it does not get directly connected interfaces.
Conditions: This symptom is observed only if Fast Ethernet is configured.
Workaround: Disable and then reenable IP routing.
•
Symptoms: A Cisco Catalyst 4224 Access Gateway Switch (AGW) may reload after you have configured a Voice VLAN ID (VVID) on a switch port.
Conditions: This symptom is observed when you configure VVID on the switch port to which port 3 of an IP telephone is connected.
Workaround: To enable the Cisco Catalyst 4224 AGW to recover, temporarily disconnect the crossover cable that interconnects the switch port and port 3 of the IP telephone.
•
Symptoms: A Versatile Interface Processor (VIP) may display messages that indicate memory allocation failure.
Conditions: This symptom is observed on a Cisco 7500 series router that is running a distributed multilink feature.
Workaround: Switch to the Route Switch Processor (RSP) based multilink.
•
Symptoms: T.38 fax relay calls cannot be made.
Conditions: This symptom is observed when a T.38 fax relay call is placed between a Cisco 3640 and a Cisco Catalyst 4000.
Workaround: Enable fallback to Cisco fax relay.
Wide-Area Networking
•
Symptoms: A Cisco 7200 series router that is used in a Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) multihop setup as the PPTP Network Server (PNS) and L2TP Access Concentrator (LAC) node, and exhibits a combination of spurious memory accesses, packet misalignment warnings, and invalid TCP encapsulation errors may permanently pause with a Translational Bridging (TLB) exception.
Conditions: These symptoms are observed on a Cisco 7200 series router that is running Cisco IOS Release 12.2(10b). The spurious accesses and packet misalignments occur when the PPTP plus L2TP multihop setup is used. The invalid TCP encapsulations and the permanent pause occur when the number of sessions is high and some of the LNS routers are not reachable.
Workaround: Do not use a combination of PPTP and L2TP protocols.
•
Symptoms: A Cisco router may reload when the debug ppp events privileged EXEC command is configured.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2 T.
Workaround: There is no workaround.
•
Symptoms: RADIUS attributes may be missing from an access request packet that is sent from a network access server (NAS) to a RADIUS server, causing an authentication failure from the RADIUS server.
Conditions: This symptom is observed intermittently in Cisco IOS Release 12.2 XB but may also occur in other releases such as Release 12.2 T.
Workaround: Remove the following preauthentication attributes:
–
–
–
•
Symptoms: A Cisco router that is configured for Multilink Frame Relay (MFR) may reload when traffic shaping is enabled on an MFR interface.
Conditions: This symptom is observed only when one of the MFR bundle links is configured after traffic shaping has been enabled.
Workaround: There is no workaround.
•
Symptoms: A Multilink PPP (MLP) bundle may pause indefinitely in the "Up/Down" state.
Conditions: This symptom is observed after a dialer idle timeout occurs when MLP is used on some interfaces. When this behavior occurs, pings will fail and no calls will go through.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the BRI interface.
•
Symptoms: When large numbers of Layer 2 Tunneling Protocol (L2TP) sessions are dropped, "thrashing" occurs with the virtual private dialup network (VPDN) history manager.
Conditions: This symptom is observed on L2TP access concentrators (LACs) when the tunnels are shut down.
Workaround: There is no workaround.
•
Symptoms: The sequence numbers of fragments that are encapsulated for Multilink PPP (MLP) may be duplicated. This situation may cause fragments to be dropped on the receiving side.
Conditions: This symptom is observed in Cisco IOS Release 12.2(13)T and Release 12.2(13)T1.
Workaround: There is no workaround.
•
Symptoms: On a Cisco 6400 Node Route Processor (NRP) that is being used as a PPP over Ethernet (PPPoE) terminator, the NRP may not send the authentication failure message received from the authentication, authorization, and accounting (AAA) server but instead may send the standard authentication failure message.
Conditions: This symptom is observed on a Cisco 6400 NRP that is running Cisco IOS Release 12.2(13)T1 and that is functioning as a PPPoE terminator.
Workaround: There is no workaround.
•
Symptoms: A memory leak may be observed on a router.
The system memory will decrease and become increasingly fragmented over time. The output of the show memory EXEC command will display an increasing number of objects that are of the "MLP bundle name" object type.
One "MLP bundle name" object is lost each time a forwarded connection is established. Hence, systems that have high call rates (with several dynamically created sessions) are more severely impacted than systems that have low call rates (with a few semi permanent sessions).
Conditions: This symptom is observed on routers that are the local termination points for PPP sessions that have been forwarded by virtual private dialup network (VPDN) or Subscriber Service Switching (SSS) and where the PPP sessions in question have negotiated to use multilink.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.2(13)T2
Cisco IOS Release 12.2(13)T2 is a rebuild release for Cisco IOS Release 12.2(13)T. The caveats in this section are resolved in Cisco IOS Release 12.2(13)T2 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Miscellaneous
•
Symptoms: An overtemperature condition may occur on the Cisco Catalyst 4000 Access Gateway Module (AGM) that will cause the module to reload.
Conditions: This symptom is observed on a Cisco Catalyst 4000 AGM that is running Cisco IOS Release 12.2(11)T1 or Release 12.2(11)T2.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.2(13)T1
Cisco IOS Release 12.2(13)T1 is a rebuild release for Cisco IOS Release 12.2(13)T. The caveats in this section are resolved in Cisco IOS Release 12.2(13)T1 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: A Cisco 6400 Node Route Processor (NRP) may reload.
Conditions: This symptom is observed when a large number of PPP over ATM (PPPoA) sessions that have a large number of tunnels are brought up on a Cisco 6400 NRP. This symptom occurs only when keepalives are disabled.
Workaround: Enable keepalives on the virtual template for PPPoA interfaces.
•
Symptoms: The c1600-bk8nor2sy-l image of Cisco IOS Release 12.2(13)T cannot be loaded onto a system that has a maximum of 16 MB of Flash memory.
Conditions: This symptom is observed with the c1600-bk8nor2sy-l image of Cisco IOS Release 12.2(13)T.
Workaround: There is no workaround.
•
Symptoms: Frame Relay and ATM internetworking may not work as expected. Data may pass through, but discard eligibility/cell loss priority (DE/CLP) and explicit forward congestion indication/forward explicit congestion notification (EFCI/FECN) bit mapping may be mapped incorrectly. The DE bit is set to one when the CLP bit is zero from ATM to Frame Relay. The FECN bit is set to one when the EFCI bit is zero from ATM to Frame Relay.
Conditions: These symptoms are observed on a Cisco MC3810 router that is running an image of Cisco IOS Release 12.2(13)T.
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: A port adapter may stop receiving packets. When this symptom occurs, the output of the show interface EXEC command does not report any input or output drops. When the show controller EXEC command is issued on the Versatile Interface Processor (VIP) console of a router, the command output may display incrementing rx_no_buffer and virtual circuit connection (VCC) counts.
Conditions: This symptom is observed on the enhanced ATM Port Adapter (PA-A3) of a Cisco 7500 router.
Workaround: Bounce the port adapter interface by issuing the shutdown interface configuration command followed by the no shutdown interface configuration command.
IP Routing Protocols
•
Symptoms: A Cisco 12000 series router may reload when an interface flaps.
Conditions: This symptom is observed on a Cisco 12000 series router that is running Cisco IOS Release 12.0(21)S during multicast traffic.
Workaround: There is no workaround.
•
Symptoms: The redistribution of unicast routes into Distance Vector Multicast Routing Protocol (DVMRP) may not function properly.
Conditions: This symptom is observed when you use the ip dvmrp metric metric list access-list-number interface configuration command. This command should allow all unicast routes that are allowed by the value of the access-list-number argument to be redistributed with the value of the metric argument, but only connected routes are advertised.
Workaround: Explicitly configure the unicast routing protocols that must be advertised, as in the following example:
ip dvmrp metric metric list eigrp ip dvmrp metric metric list ospf
•
Symptoms: The distribute-list 10 in ethernet 10 router configuration command may not be saved under a Virtual Private Network (VPN) routing/forwarding (VRF) instance.
Conditions: The conditions under which this symptom is observed are unknown at this time.
Workaround: Use the distribute-list 10 router configuration command instead.
•
Symptoms: A router may reload or report spurious memory access at the Resource Reservation Protocol (RSVP) process when certain functions are used.
Conditions: These symptoms may occur when RSVP sends a ResvError or ResvConfirm request from a router that is acting as an RSVP endpoint.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: The output of the show call active voice brief EXEC command displays "0" as the call ID for some call legs.
Conditions: This symptom is observed when a T1 to channel-associated signaling (CAS) signaling call is made in a Media Gateway Control Protocol (MGCP) network.
Workaround: There is no workaround.
•
Symptoms: Service Selection Gateway (SSG) users may be able to access a service network without logging on.
Conditions: This symptom occurs when internal flags within SSG enter an inconsistent state and causes SSG to become disabled on the uplink and downlink interfaces.
Workaround: Enter the no ssg enable global configuration command followed by the ssg enable global configuration command to set the internal flags within SSG back to a consistent state.
•
Symptoms: A software-forced reload may occur on a router, and the following messages may be displayed:
System was restarted by error - a Software forced crash, PC 0x60396E7C at 4500 Software (C4500-A3JS-M), Version 12.2(8.1), MAINTENANCE INTERIM SOFTWARE Compiled (current version) Image text-base: 0x60008948, data-base: 0x61116000 Stack trace from system failure: FP: 0x618A8458, RA: 0x60396E7C FP: 0x618A8458, RA: 0x603952F4 FP: 0x618A8480, RA: 0x6039D584 FP: 0x618A84A0, RA: 0x603A0CC8 FP: 0x618A84C0, RA: 0x60398BDC FP: 0x618A8558, RA: 0x6037E1F0 FP: 0x618A85A0, RA: 0x6174B1F0Conditions: This symptom is observed on a Cisco 4500 router.
Workaround: There is no workaround.
•
Symptoms: An Access Gateway Module (AGM) blade may fail to transcode a G.711 music on hold (MoH) stream to G.729. The packets are dropped instead of being transcoded. As the number of dropped packets that the CPU has to process increases, a degradation of voice quality and the deregistration of the transcoder may be observed.
Conditions: This symptom is observed on an AGM blade.
Workaround: Disable MoH or enable G.729 under IP voice media streaming application service parameters.
•
Symptoms: Cyclic redundancy check (CRC) input errors may be observed on an interface. This congestion may limit traffic performance on the router.
Conditions: This symptom is observed on the ATM interface of a Cisco 6400 Node Route Processor (NRP) that is configured as a provider edge (PE) router. This symptom is observed in a RADIUS to Multiprotocol Label Switching (MPLS) or Virtual Private Network (VPN) environment in which traffic is sent from an MPLS or VPN network to end users.
Workaround: There is no workaround.
•
Symptoms: False virtual access interfaces are seen on a Cisco AS5800 under a heavy load.
Conditions: This symptom is observed in the output of the show users command on a Cisco AS5800 router. This symptom can be service impacting as the Cisco AS5800 will eventually run out of virtual access interfaces.
Workaround: There is no workaround.
•
Symptoms: IP Security (IPSec) may fail to encrypt traffic when the hardware crypto accelerator is used and when fast switching or Cisco Express Forwarding (CEF) switching is enabled. The hardware crypto accelerator may return the following error message:
%VPN_HW-1-PACKET_ERROR: slot: 0 Packet Encryption/Decryption error, Invalid PacketConditions: The symptom is observed with almost all types of IPSec configurations. The symptom is prevalent when there is Layer 2 (L2) padding in the packet.
Workaround: There is no workaround.
•
Symptoms: A 2-port serial WAN interface card (WIC-2T) may stop receiving traffic for 50 seconds and may eventually reset because of missed keepalives.
Conditions: These symptoms are observed on the WIC-2T interface of a Cisco 3640 that is running Cisco IOS Release 12.2(11)T. These symptoms occur after a large burst of traffic overruns the interface.
Workaround: Disable fast switching, increase the keepalive interval, or find the source of the traffic that causes this issue and filter the traffic that is originating from the source.
•
Symptoms: Voice calls that use a Virtual Private Network (VPN) card may not work with some IP Security (IPSec) transforms.
Conditions: This symptom is observed on a Cisco router that has a voice or digital signal processor (DSP) module (NM-HDV, NM-HDA, NM-1V/2V, AIM-ATM-VOICE30, AIM-VOICE-30) and that uses a VPN card (AIM-VPN/BP, NM- VPN/MP, AIM-VPN/HP, AIM-VPN/EP) to encrypt voice calls. The use of authentication header (AH) transform options with Encapsulating Security Payload (ESP) encryption may result in poor voice quality.
Workaround: Disable hardware encryption or configure a transform set without an AH transform option.
•
Symptoms: When the cable interface on a cable modem that is configured for routing is reset, the cable modem may lose IP connectivity between the Ethernet interface and the connected device. Both the cable interface and Ethernet interface will be reachable via IP through the cable interface.
When this symptom occurs, Address Resolution Protocol (ARP) entries in the cable modem for the LAN segment and the Ethernet interface will remain in the "up/up" state. The network that is on the Ethernet interface on the routing table remains and routing information is passed from the cable modem to the Cable Modem Termination System (CMTS).
Conditions: This symptom is observed on a Cisco uBR905 router or Cisco uBR925 router that is running Cisco IOS Release 12.2(8)T5.
Workaround: Clear the IP routing table.
Alternate Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the cable interface.
•
Symptoms: Ping failures may be observed on an ATM interface after a soft reload is performed on a Cisco router.
Conditions: This symptom is observed when a soft reload is performed on either a Cisco 2600 series or a Cisco 3600 series when both the 1-port G.SHDSL WAN interface card (WIC-1SHDSL) and the 1-port ADSL WAN interface card (WIC-1ADSL) are installed on any of the following network modules:
–
–
–
This symptom is observed only when both the WIC-1SHDSL and the WIC-1ADSL are present in the same NM-2W series network module. This symptom is caused by the incorrect behavior of the NM-2W series network module.
Workaround: There is no workaround.
•
Symptoms: A trunk may flap on a Gigabit Ethernet interface.
Conditions: This symptom is observed on a Gigabit Ethernet interface when a dot1q or an Inter-Switch Link (ISL) subinterface is added with an IP Virtual Private Network (VPN) Routing and Forwarding table.
Workaround: There is no workaround.
•
Symptoms: When a client receives a specific address (for example, x.x.x.x) through the Dynamic Host Configuration Protocol (DHCP) unnumbered relay, a static route is added for x.x.x.x by the relay. When the same client reboots or when some other client attempts to acquire the same address, the DHCP relay fails to broadcast the DHCPACK response back to the client. Instead, the DHCP relay sends an Address Resolution Protocol (ARP) request for this address. Because of this behavior, the client is not able to acquire the x.x.x.x address.
Conditions: This symptom is observed only when the route already exists on the DHCP relay.
Workaround: Enter the clear ip route dhcp destination-gateway privileged EXEC command to delete IP routing table entries. The destination-gateway variable should be substituted with the x.x.x.x address.
•
Symptoms: A terminating endpoint may see a change in the initial sequence number of the voice Real-Time Transport Protocol (RTP) stream and poor voice quality may be observed.
Conditions: These symptoms are observed when H.245 faststart is performed on a Cisco router that is running Cisco IOS Release 12.2(11)T.
Workaround: Disable H.245 faststart on the client or originating gateway by entering the voice service voip h323 call start slow global configuration command.
•
Symptoms: A Cisco router may reload because of a segmentation violation (SegV) exception.
Conditions: This symptom is observed with remote peers that have dynamically assigned addresses.
Workaround: There is no workaround.
•
Symptoms: The Simple Network Management Protocol (SNMP) counters of a Cisco AS5800 may begin to deviate and may no longer reflect the actual number of calls when random analog and digital calls are received.
Conditions: These symptoms are observed on a Cisco AS5800 and occurs only when both analog and digital calls are received at the same time.
Workaround: There is no workaround.
•
Symptoms: Digital signal processor (DSP) problems may occur during stress. A minilogger output shows that the fax mode message was sent to the DSP before the fax codec overlay request was sent.
Conditions: This symptom is observed in a Media Gateway Control Protocol (MGCP) Voice over IP (VoIP) network.
Workaround: There is no workaround.
•
Symptoms: A Node Route Processor 2 (NRP2) may reload after a bus error occurs.
Conditions: This symptom is observed on an NRP2 that has Service Selection Gateway (SSG) enabled.
Workaround: There is no workaround.
•
Symptoms: CPU hog messages may be displayed on a router. The router may reload if heavy traffic is present while the router is booting up.
Conditions: These symptoms are observed when network-based application recognition (NBAR) is first activated.
Workaround: There is no workaround.
•
Symptoms: A Cisco UPC324 dial feature card on a Cisco AS5800 may stop accepting analog calls after running for about two hours. The following message may be displayed in the log when the failure occurs:
DSIP-6-NIP_SEND_BUF: DSIP send data failed, slot 6 nip client id 4 DSIP-6-NIP_SEND_BUF: DSIP send data failed, slot 6 nip client id 4 DSIPPF-5-DS_HELLO: DSIP Hello from shelf 1 slot 6 SucceededThe failed board will no longer be accessible by entering the dsip console command, and more than 3 GBs of memory are displayed in the following output of the show dial-shelf EXEC command:
Slot Board CPU DRAM I/O Memory State Elapsed
Type Util Total (free) Total (free) Time
0 CE1 3%/2% 14047744( 48%) 12582912(59%) Up 06:48:47
1 CE1 3%/2% 14047744( 48%) 12582912(59%) Up 06:48:49
6 UP324 3474718759( 0%) 4179101916(0%) Up 06:48:48
7 UP324 0%/0% 60185088( 82%) 67108864(79%) Up 06:48:47
12 DSC 0%/0% 13588640( 53%) 12582912(73%) Up 06:51:21Conditions: These symptoms are observed on a Cisco AS5800 that is running Cisco IOS Release 12.2(2)XB7. This symptom is observed only when a dial shelf controller (DSC) is installed in slot 12. Cisco universal port cards (UPCs) that are controlled by a DSC in slot 13 are not affected. The symptom may also occur in Release 12.2 T.
Workaround: Reload the affected card by entering the hw-module slot shelf-id/slot-number reload privileged EXEC command.
•
Symptoms: A console may pause indefinitely after TXRPT_NOBUF messages are displayed. The CPU utilization reaches 100 percent, and all sessions are dropped.
Conditions: This symptom is observed on a router after an ATM subinterface is shut down.
Workaround: Shut down the main interface before changing the parameters of the shaper.
•
Symptoms: A bus error may occur on a Cisco AS5400, and the following message may be displayed in the output of the show log EXEC command:
%NP-3-NAKRSP: NAK Response Received - command 0x1501, result code 0x8005, msg id 0x15FF, session id 0x85, msg tag 0x0, slot/port 1/25 %NP_EST-6- CTRL_NAK_RSP: (NP address 1/0/0/255), Msg ID=0x15 01, Result=UNKNOWN_COMMAND_ID, Data format=Binary, Data len=8, Data=80 02 00 85 00 00 15 01Conditions: This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.2(11)T.
Workaround: There is no workaround.
•
Symptoms: The following error message that is related to overlapping Service Selection Gateway (SSG) hosts may be generated:
Host#sh ssg ho Host##sh ssg host <ip address> SSG: Overlapping hosts for IP <ip address> at interfaces: ATM0/0/0.1900 ATM0/0/0.1609Conditions: This symptom is observed on a Cisco 6400 Node Route Processor (NRP) when you upgrade from Cisco IOS Release 12.2(2)B5 to Release 12.2(4)B6 but may also occur when you upgrade from one 12.2 T release to another 12.2 T release.
Workaround: Disable checking of the server ID on the Dynamic Host Configuration Protocol (DHCP) server to force the server to accept requests that are coming from an address in the area that the server controls, regardless of the server ID field.
First Alternate Workaround: Reload the NRP.
Second Alternate Workaround: Clear the incorrect SSG hosts.
Third Alternate Workaround: Enter the ssg auto-logoff icmp interval 30 global configuration command.
Fourth Alternate Workaround: Configure the Cisco IOS DHCP server on the NRP.
•
Symptoms: A router shelf may reload because of a bus error when an illegal access to a low address occurs.
Conditions: This symptom occurs on a Cisco 7200 series router shelf that is configured with a PA-MC-8E1/120 port adapter and that is part of a Cisco AS5800 that is running Cisco IOS Release 12.2(11)T after you configure the show running-config privileged EXEC command or the write memory privileged EXEC command.
Workaround: The Cisco AS5800 does not reload if you do not use the E1 port adapter on the router shelf.
•
Symptoms: A router may reload while it is switching packets from service to the user.
Conditions: This symptom is observed on a Cisco router that has Service Selection Gateway (SSG) enabled.
Workaround: There is no workaround.
•
Symptoms: Modem pass-through does not work, and modems do not connect. The modems will attempt to establish the connection, but the connection will fail during the training phase of the connection process.
Conditions: These symptoms are observed when modems are used to make hairpin calls through a Catalyst 4224 gateway switch.
Workaround: There is no workaround.
•
Symptoms: The following traceback message may be displayed on a Cisco 7200 series that is acting as a Multiprotocol Label Switching (MPLS) provider edge (PE) router. IP Security (IPSec) tunnels are terminated on Virtual Private Network (VPN) routing/forwarding (VRF) interfaces.
%SYS-2-BADBUFFER: Attempt to use contiguous buffer as scattered srcConditions: This symptom is observed on a Cisco 7200 series that is running Cisco IOS Release 12.2(13)T.
Workaround: There is no workaround.
•
Symptoms: The Continuity Test (COT) single-tone loopback in a Signaling System 7 (SS7) network may fail because echo cancellation is not being turned off. The digital signal processor (DSP) is not able to detect the same tone that it is sending if echo cancellation is enabled.
Conditions: This symptom is observed on a Cisco 3660 router that is running Cisco IOS Release 12.2(11)T2. Workaround Turn off echo cancellation on the voice port.
Alternate Workaround: Change the COT from single-tone loopback to dual-tone test.
•
Symptoms: A noncached HTTP prompt is cut off prematurely.
Conditions: This symptom is observed when Voice Extensible Markup Language (VXML) documents are used to play noncached audio files from an HTTP server.
Workaround: There is no workaround.
•
Symptoms: Multiple codecs specified in Voice over IP (VoIP) dial peers, including g723r63 or g726r32, cause several dial peers to rotate with the same destination. The wrong 20-byte payload size is sent to the digital signal processor (DSP) which may cause the DSP to reload intermittently because g723r63 is expecting no less than a 24-byte payload, and g726r32 is expecting no less than a 40-byte payload.
Conditions: This symptom is observed in a Cisco H.323 VoIP network and Media Gateway Control Protocol (MGCP) VoIP network.
Workaround: There is no workaround.
•
Symptoms: Border Gateway Protocol (BGP) may install Tag Forwarding Information Base-Virtual Private Network version 4 (TFIB-VPNv4) entries for some prefixes without any change in the incoming or outgoing tags for the prefix.
Conditions: This symptom is observed on an Autonomous System Boundary Router (ASBR) that is performing VPNv4 label exchange.
Workaround: There is no workaround.
•
Symptoms: "GSHDSL-6-EOCBADPACK" messages may be observed frequently on a router.
Conditions: This symptom is observed when G.SHDSL is connected to a Cisco 6260 Digital Subscriber Line Access Concentrator (DSLAM).
Workaround: There is no workaround.
•
Symptoms: When a text-to-speech (TTS) server goes down between a prompt play, a call may have to wait for a prolonged period of time if an attempt is made to contact another server.
Conditions: This symptom is observed when a Voice Extensible Markup Language (VXML) script attempts to recover from an unreachable automatic speech recognition (ASR) server by attempting to reach another server.
Workaround: There is no workaround.
•
Symptoms: PPP over ATM (PPPoA) user sessions may be dropped.
Conditions: This symptom is observed when keepalive is configured on a Layer 2 Tunneling Protocol (L2TP) network server (LNS).
Workaround: There is no workaround.
•
Symptoms: The call-waiting tone may not be played when a call comes into a port where another call is already in progress.
Conditions: This symptom is observed when a Cisco IAD2420 series voice port is configured with the cptone hk command (hk stands for Hong Kong).
Workaround: There is no workaround.
•
Symptoms: A Cisco 3640 may reload when it is overloaded with voice calls.
Conditions: This symptom is observed on a Cisco 3640 that is running generic routing encapsulation (GRE), IP Security (IPSec), and quality of service (QoS).
Workaround: There is no workaround.
•
Symptoms: User PPP sessions may pause indefinitely if vbr-nrt rates are changed on a PPP over ATM (PPPoA) permanent virtual circuit (PVC).
Conditions: This symptom is observed on a Node Route Processor 1 (NRP1) that has autosense enabled. This symptom occurs only when the client side of the session uses the multiplexer (MUX)-type virtual circuit encapsulation and the PPP Termination Aggregation (PTA) side uses autosense encapsulation.
Workaround: Clear the virtual access interface.
•
Symptoms: The following output of the show process memory EXEC command may indicate a memory leak in the gk_process process:
%TCP-6-NOBUFF: TTY0, no buffer available -Process= "gk process", ipl= 0, pid= XXor
%SYS-2-MALLOCFAIL: Memory allocation of 1716 bytes failed from 0xXYXYXYXY, alignment 32 Pool: I/O Free: 8616 Cause: Memory fragmentation Alternate Pool: None Free: 0 Cause: No Alternate pool -Process= "gk process", ipl= 0, pid= XX ìXXî refers to the process identifier (ID) of the gk_process process."XX" refers to the process identifier (ID) of the gk_process process.
Refer to the following document for information about memory allocation failures:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00800a6f3a.shtml#subfive
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2 T.
Workaround: There is no workaround.
•
Symptoms: When Voice Extensible Markup Language (VXML) documents are used for Automatic Speech Recognition (ASR), a different server can be tried when an ASR failure is captured. Speech input that is provided by the user to the second server is not accepted, and the VXML document receives a "noinput" event.
Conditions: This symptom is observed on a Cisco router when VXML documents are used for ASR.
Workaround: There is no workaround.
•
Symptoms: A Cisco 3660 router may reload at "SSLReadRecord."
Conditions: This symptom is observed on a Cisco 3660 router that is running Cisco IOS Release 12.2(13)T when calls are made using the Open Settlement Protocol (OSP).
Workaround: There is no workaround.
•
Symptoms: The trunk group feature on a router may not work as expected. The channels are shown as active even after the calls have disconnected. This behavior results in call failures if all of the channels are used simultaneously.
Conditions: This symptom is observed on a Cisco AS5800 that is running Cisco IOS Release 12.2(13)T.
Workaround: There is no workaround.
•
Symptoms: The bridging of PPP over Ethernet (PPPoE) frames from ATM to other media types does not work.
Conditions: This symptom is observed if Cisco Express Forwarding (CEF) is configured on the ATM interface of a Cisco router.
Workaround: Disable CEF switching by entering the no ip route-cache cef interface configuration command on the ATM interface.
•
Symptoms: If the system boots with more than one syslog host configured via logging host commands, then there is no logging to the console, vty connections, or to the syslog hosts. All logging is non-functional.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(13)T.
Workaround: Reconfigure the system so that only one syslog server is configured and save the new configuration. The system must then be reloaded to restore logging functionality.
•
Symptoms: A number of different memory access violations, including "align-3- spurious" errors, may occur on a Cisco 7400 series router, and the router may reload.
Conditions: This symptom is observed on a Cisco 7400 series router that is configured as a Virtual Private Network (VPN) Layer 2 Tunneling Protocol (L2TP) network server (LNS) and that supports Parallel Express Forwarding (PXF). The symptom may occur independent of whether PXF is enabled or disabled.
Workaround: There is no workaround.
•
Symptoms: Digital signal processors (DSPs) may pause indefinitely if offramp e-mails that have the xact command request are sent to the offramp gateway.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(11)T.
Workaround: Do not send an xact command request to the offramp gateway.
•
Symptoms: A router may reload.
Conditions: This symptom is observed on a router that is running Cisco IOS Release 12.2(13)T under the following conditions:
–
–
–
Workaround: Upgrade the encryption peer router to use Cisco IOS Release 12.2(8)T or a later release, or disable IKE keepalives.
•
Symptoms: A Node Route Processor 2 (NRP2) may display the Segmentation and Reassembly (SAR) version as "unknown."
Conditions: This symptom is observed on an NRP2.
Workaround: There is no workaround.
•
Symptoms: A gateway may reload when Automatic Speech Recognition (ASR) failover is attempted repeatedly after an ASR failure occurs.
Conditions: This symptom is observed when Voice Extensible Markup Language (VXML) documents are used for ASR and when an ASR failover is attempted repeatedly after an ASR failure occurs. This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(13)T. A content switch is used to select the ASR servers.
Workaround: There is no workaround.
•
Symptoms: If a T1 or E1 interface is brought back into service either by entering the no shutdown interface configuration command or by flapping the T1 or E1 interface while a default profile is configured, Media Gateway Control Protocol (MGCP) restart in progress (RSIP) messages may use the default retransmit parameters even though MGCP should be using parameters that are defined in the corresponding MGCP profile configuration. As a result of this behavior, the RSIP messages may not reach the correct call agent and the circuit identification code (CIC) on the call agent may enter the BLK= gateway state.
Conditions: This symptom is observed on a Cisco gateway router that is running Cisco IOS Release 12.2(11)T2. This behavior does not occur when an RSIP message is sent to the T1 or E1 interface while the interface is shut down. The gateway uses the correct parameters in the corresponding MGCP profile in such a scenario.
Workaround: Configure the gateway router so that the IP link is active on the first IP address or reconfigure the static host list so that the current active IP link is the first IP address that is on the list.
•
Symptoms: For ATM adaptation layer 2 (AAL2) voice trunks, the Idle Channel Suppression feature is used to suppress voice packets when the channel-associated signaling (CAS) pattern is idle on both sides of the trunk. When a remote or local PBX sets off an alarm, the voice trunk enters the out of service (OOS) state. When the PBX recovers from the alarm state, the voice trunk enters the trunk state again and expects the Cisco Integrated Communications System (ICS) to become active and stop sending voice packets. The Idle Channel Suppression feature specifically does not work for remote PBX alarm recovery and affects only AAL2 voice trunks.
Conditions: This symptom is observed on a Cisco 3660 that is running Cisco IOS Release 12.2(13)T.
Workaround: There is no workaround.
•
Symptoms: Some embedded operations channel (EOC) messages may not be sent when queried by a G. Symmetric high-bit-rate DSL (GSHDSL) digital subscriber line access multiplexer (DSLAM). This situation prevents management systems on the DSLAM side from displaying values for EOC fields, but does not affect normal traffic.
Conditions: This symptom is observed on a Cisco 2600 series router.
Workaround: There is no workaround.
•
Symptoms: A Cisco Easy Virtual Private Network (EzVPN) connection may be dropped, and the "%private key not found for <Router>" and "%CRYPTO-3-QUERY_KEY: Querying key pair failed" error messages may be displayed on either the client or the server router.
Conditions: These symptoms are observed on the client in the network extension mode with EzVPN phase 2. These symptoms occur after the Internet Security Association and Key Management Protocol (ISAKMP) lifetime for the EzVPN IP Security (IPSec) connection expires during an IPSec rekey.
Workaround: There is no workaround. The EzVPN disconnect can be delayed by setting the default maximum ISAKMP lifetime of 86,400 seconds and a larger value for the IPSec security association lifetime.
•
Symptoms: Held Media Gateway Control Protocol (MGCP) endpoints that are brought out of hold while their codecs are being changed will not execute the codec change properly. The older codec will remain in effect.
Conditions: This symptom is observed mainly when a router is interoperating with a vendor-specific call agent.
Workaround: There is no workaround.
•
Symptoms: There is a limit in the number of VLANs that can be configured.
Conditions: This symptom is observed on a Cisco Access Gateway Module (AGM) (WS-X4604-GWY). This symptom affects AGM images of Cisco IOS Release 12.2 T.
Workaround: There is no workaround.
•
Symptoms: A Cisco 6400 Node Route Processor 2 (NRP2) may reload when you enable the clear ssg service privileged EXEC command.
Conditions: This symptom is observed after the service has been changed from pass-through to proxy.
Workaround: There is no workaround.
•
Symptoms: If Create Connection (CRCX) is sent with a string of digits including the symbol "*", the Cisco IOS gateway responds with the 510 protocol error as the acknowledgement (ACK), and the call is not set up.
Conditions: This symptom is observed on Cisco 2600 series router when Media Gateway Control Protocol (MGCP) is configured with a Cisco IOS gateway using T1 channel-associated signaling (CAS) and Cisco CallManager.
Workaround: Use the H.323 protocol instead of MGCP.
•
Symptoms: There may not be any label bindings on a Label Switch Router (LSR), but a Label Distribution Protocol (LDP) session may not be impaired.
Conditions: This symptom is observed when an LDP session flaps quickly.
Workaround: After you have brought down the LDP session, remove all label bindings, and bring the session up again.
•
Symptoms: A Media Recording Control Protocol (MRCP) session is not removed during a transfer. This behavior may cause unnecessary resource or license usage on automatic speech recognition (ASR) and text-to-speech (TTS) servers.
Conditions: This symptom is observed on a Cisco AS5400.
Workaround: There is no workaround.
•
Symptoms: Unpredictable results may be observed when the invia or outvia keywords are used in the zone remote gatekeeper configuration command. A gatekeeper reload is unlikely; however, the user may experience a call loop scenario that may prevent calls from going through.
Conditions: This symptom is observed when the invia or outvia keywords are entered in the zone remote gatekeeper configuration command.
Workaround: Avoid using the invia or outvia keywords with the zone remote gatekeeper configuration command.
•
Symptoms: A gateway may reload when the content switch that is used to load-balance the automatic speech recognition (ASR) servers fails over from the master to the backup.
Conditions: This symptom is observed on a Cisco router when Voice Extensible Markup Language (VXML) documents are used for ASR on a gateway.
Workaround: There is no workaround.
•
Symptoms: A write memory failure may be observed on a Node Route Processor 2 (NRP2), and traceback messages may be displayed.
Conditions: These symptoms are observed when the startup configuration is written from an NRP2 to a Node Switch Processor (NSP).
Workaround: There is no workaround.
•
Symptoms: A gateway does not provide a ringback tone to a voice call that originates from a remote switch to which it is connected via a T1 connection.
Conditions: This symptom is observed on a Cisco AS5350, Cisco AS5400, or Cisco AS5850.
Workaround: There is no workaround.
•
Symptoms: The "MT/inf" event is not supported by the Media Gateway Control Protocol (MGCP) parser. A 522 negative acknowledgement (NACK) occurs if there are MGCP messages that contain "R: MT/Inf" events.
Conditions: This symptom is observed when the Trunking Gateway Control Protocol (TGCP) is used. The occurrence of this symptom is specific to the "MT" package. However, this symptom cannot be corrected by setting the TGCP "MT" package to be the default package.
Workaround: Modify the call agent so that it does not use the "MT/inf" event. The "MS" package can correctly implement an "inf" event; therefore, it may be possible to replace "MT/inf" event with the "MS/inf" event.
•
Symptoms: A 2-port Foreign Exchange Office (FXO) voice and fax interface card that has battery reversal and Caller ID (VIC-FXO-M1) may not be able to receive calls from an outside analog phone. The following debug output may be observed when the debug vpm all EXEC command is entered:
[2/1/0, FXOLS_ONHOOK, E_HTSP_EVENT_TIMER] -> ERROR: INVALID INPUTConditions: This symptom is observed on a Cisco 3662 that has a VIC-FXO-M1 interface card.
Workaround: Use Cisco IOS Release 12.2(4)T or an earlier release.
•
Symptoms: A user may not be able to enter the connect-interface-config submode to access the modular router feature. This behavior prevents Cisco devices from using the Cisco Networking Services (CNS) modular router feature.
Conditions: This symptom is observed on Cisco devices that have the CNS modular router feature.
Workaround: There is no workaround.
•
Symptoms: A Node Route Processor 2 (NRP2) may reload.
Conditions: This symptom is observed when the NRP2 is switched from the PPP access mode to the bridge access mode.
Workaround: There is no workaround.
•
Symptoms: A router may reload because of an address error exception.
Conditions: This symptom is observed on a Cisco 6400.
Workaround: There is no workaround.
•
Symptoms: When originating calls are placed from a Cisco 3660 public switched telephone network (PSTN) gateway using Media Gateway Control Protocol (MGCP) signaling, the first call that is connected through time slot 1 succeeds. The next call that is connected through time slot 2 fails. Subsequent calls that are made using a time slot between time slot 3 and time slot 23 are successful.
Conditions: This symptom is observed on time slot 2 of a Cisco 3660 PSTN gateway that is using MGCP signaling and that is running Cisco IOS Release 12.2(13)T.
Workaround: There is no workaround.
•
Symptoms: The callactive and callhistory records may display erroneous information.
Conditions: This symptom is observed if the display information element (IE) is greater than 15 characters in size.
Workaround: There is no workaround.
•
Symptoms: A user may not be able to retrieve the configuration of a router from a server using the Cisco Networking Services (CNS) configuration agent.
Conditions: This symptom is observed when the cns id global configuration command is used to set the configuration ID (ConfigID).
Workaround: There is no workaround.
•
Symptoms: The following traceback messages may be displayed on a Node Route Processor 1 (NRP1):
%SCHED-7-WATCH: Attempt to enqueue uninitialized watched queue (address 0).
-Process= "<interrupt level>", ipl= 1, pid= 2
-Traceback=
6030BFAC 602BCB14 60126148 601266E4 6036FD34 6013B288 6012B9D4 601253AC 6031BD9CConditions: This symptom is observed when the NRP1 is booting up.
Workaround: There is no workaround.
•
Symptoms: The Gigabit interface of a Cisco Access Gateway Module (AGM) may reset and packets may be dropped. This behavior may cause poor voice quality and cause the AGM to be deregistered.
Conditions: These symptoms are observed on a Cisco AGM that is using Cisco CallManager version 3.3.
Workaround: Disable G.729 music on hold (MoH) on the Cisco CallManager.
•
Symptoms: The crypto ca enroll name global configuration command may fail when it is entered to generate router certificates using TFTP if the crypto ca authenticate name global configuration command has not been previously entered on the router.
Conditions: This symptom is observed if the crypto ca enroll name global configuration command is entered before the crypto ca authenticate name global configuration command is entered. It is common to generate the request for router certificates by entering the crypto ca enroll name global configuration command before the certification authority (CA) certificate is obtained by entering the crypto ca authenticate name global configuration command because the CA certificate may not be available when the requests are configured.
Workaround: Enter the crypto ca authenticate name global configuration command before entering the crypto ca enroll name global configuration command on the router. It is not possible to enter the commands in the reverse order.
•
Symptoms: The supervisory tone disconnect feature does not detect a busy tone and a Foreign Exchange Office (FXO) voice port does not enter the on-hook state even though the calling side enters the on-hook state before the IP phone answers the call. As a result of this behavior, the off-hook state remains on the voice port and the IP phone continues to ring.
Conditions: This symptom is observed in either the 2-stage dialing or the Private Line Auto Ringdown (PLAR) mode (connection plar) when a call is made from a 2-port FXO voice and fax interface card that has battery reversal and caller ID (VIC-FXO-M1) or from a 2-port FXO voice and fax interface card (VIC-FXO) to an IP phone via the Cisco CallManager.
Workaround: Configure the PLAR off-premise extension mode (connection PLAR off-premise exchange [OPX]) under the FXO voice port.
•
Symptoms: When a vendor-specific file sharing software is activated, it may miss file transfers in certain situations.
Conditions: This symptom is observed during heavy file transfer traffic.
Workaround: Upgrade the Packet Description Language Module (PDLM).
•
Symptoms: Incorrect values may be entered into the "DLCX connection P:" message. The latency value that is returned in responses to delete connection (DLCX) messages is often set to zero when it should be nonzero.
Conditions: This symptom is observed when call generator (CallGen) is started and some connections are made without tones. This symptom occurs when there is average latency greater than zero on a given Media Gateway Control Protocol (MGCP) voice call.
Workaround: There is no workaround.
•
Symptoms: Network access server (NAS) calls are not cleaned up when the no mgcp global configuration command is entered.
Conditions: This symptom is observed if the no mgcp global configuration command is entered while there are active NAS calls or NAS calls in progress.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the controller.
•
Symptoms: Spurious memory access may be observed on a router.
Conditions: This symptom is observed on a Cisco 6400.
Workaround: There is no workaround.
•
Symptoms: The fsck filesystem: privileged EXEC command does not work as expected, and a "not supported" error is displayed.
Conditions: These symptoms are observed when the fsck filesystem: privileged EXEC command is entered on a flash disk (disk0 or disk1).
Workaround: There is no workaround.
•
Symptoms: A Cisco 3745 may pause indefinitely and stop sending traffic.
Conditions: These symptoms are observed when traffic is sent over a port on an EtherSwitch module of a Cisco 3745. This symptom does not occur if there is no EtherSwitch module installed on the Cisco 3745.
Workaround: Power down the router, and move the Ethernet connection from the EtherSwitch module to the LAN port of a network module.
•
Symptoms: Segmentation and Reassembly (SAR) peripheral component interconnect (PCI) read or write (R/W) point mismatch issues may be observed on a Cisco 6400, and the Cisco 6400 may enter a status to send corrupted packets.
Conditions: These symptoms are observed on a Cisco 6400.
Workaround: There is no workaround.
•
Cisco devices which run IOS and contain support for the Secure Shell (SSH) server are vulnerable to a Denial of Service (DoS) if the SSH server is enabled on the device. A malformed SSH packet directed at the affected device can cause a reload of the device. No authentication is necessary for the packet to be received by the affected device. The SSH server in Cisco IOS is disabled by default.
Cisco will be making free software available to correct the problem as soon as possible.
The malformed packets can be generated using the SSHredder test suite from Rapid7, Inc. Workarounds are available. The Cisco PSIRT is not aware of any malicious exploitation of this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml
•
Symptoms: A 36-port 10/100 EtherSwitch High Density Service Module (NMD-36-ESW) EtherSwitch may report the following errors:
ERROR Interrupt: PCI Fatal Error ON DMA CH0
ERROR Interrupt: PCI Fatal Error ON DMA CH1Conditions: This symptom is observed on the NMD-36-ESW EtherSwitch of a Cisco 3745 router.
Workaround: Power the router down, and then power the router back up again.
•
Symptoms: Modem and fax passthrough calls may fail to train up.
Conditions: This symptom is observed when voice activity detection (VAD) is enabled. VAD is not turned off for fax and modem calls after the calls are determined to be fax modem calls.
Workaround: Disable VAD if the gateway is intended to be used for fax and modem calls.
•
Symptoms A: The Req-URI user portion of the initial INVITE message contains user parameters and visual separators.
Conditions A: The visual separators are not to be removed from the user portion if an initial INVITE message contains user parameters and visual separators in the user portion of the Req-URI. This behavior may cause failed dial-peer matching and the gateway to return a "404 not-found" message.
Symptoms B: An initial INVITE message may have visual separators in the user portion of the form or the remote party ID.
Conditions B: The visual separators are not to be removed from the user portion if an initial INVITE message is in the user portion of the form or if the remote party ID has visual separators. This behavior can cause failed dial-peer lookups or cause a user to send an invalid calling number out the the plain old telephone service (POTS).
Workaround: There is no workaround.
•
Symptoms: In a Service Selection Gateway (SSG) prepaid billing environment, the prepaid quota for a user is not updated on the billing server at the end of a session.
Conditions: This symptom is observed when a user is connected directly to the SSG on a broadcast interface and the SSG sends the MAC address in the accounting records even though the billing server is configured to receive the user's name rather than the MAC address in the calling-stationid field.
Workaround: There is no workaround.
•
Symptoms: Connectivity to an authentication, authorization, and accounting (AAA) network is lost when Service Selection Gateway (SSG) receives access rejects for user authentication requests.
Conditions: This symptom is specific to RADIUS proxy users and does not affect Subscriber Edge Services Manager (SESM) users. This symptom is observed when the number of access rejects exceeds the interface hold queue count.
Workaround: There is no workaround.
•
Symptoms: Internetwork Packet Exchange (IPX) does not work on a router that uses the default encapsulation type.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(13)T.
Workaround: Specify arpa as the encapsulation-type argument in the ipx network network encapsulation encapsulation-type interface configuration command. The configuration of this command overrides the default novell-ether encapsulation-type argument for the command.
•
Symptoms: A Cisco AS5400 may reload under stress conditions if calls are ended abruptly.
Conditions: This symptom is observed on a Cisco AS5400 when it is handling fax calls under stress conditions.
Workaround: There is no workaround.
•
Symptoms: Spurious memory accesses may occur during the bootup process of a Cisco 7200 series router, or the router may reload during the bootup process.
Conditions: This symptom is observed on a Cisco 7200 series router that is configured with an enhanced 8-port multichannel T1/E1 PRI port adapter (PA-MC- 8TE1+) configured in T1 mode and that is configured with a 2-port multichannel T1 port adapter (PA-MC-2T1), a 4-port multichannel T1 port adapter (PA-MC- 4T1), or an 8-port multichannel T1 port adapter (PA-MC-8T1).
Workaround: There is no workaround.
•
Symptoms: Service Selection Gateway (SSG) does not send host interim accounting records for a host.
Conditions: This symptom is observed with Cisco IOS Release 12.2(13)T.
Workaround: There is no workaround.
•
Symptoms: An outgoing gateway (OGW) sends the INVITE message with briefTags and the terminating gateway (TGW) is expected to respond with 100 "trying" and 180 "ringing" responses. However, the TGW ignores the INVITE message and treats it as a bad request.
Conditions: These symptoms are observed on a Cisco AS5400.
Workaround: There is no workaround.
•
Symptoms: Default call applications such as clid_authen and clid_authen_collect are not present on a Catalyst 4224 voice gateway switch. These default applications are required for interactive voice response (IVR) to work with Tool Command Language (TCL).
Conditions: This symptom is observed on a Catalyst 4224 voice gateway switch.
Workaround: There is no workaround.
•
Symptoms: A router may reload after an online insertion and removal (OIR) is performed on a Versatile Interface Processor (VIP).
Conditions: This symptom is observed if an OIR is performed on the VIP of a Cisco 7500 series while an 8-port T1/E1 Inverse Multiplexing over ATM (IMA) port adapter (PA-A3-8T1/8E1) is installed on the VIP.
Workaround: There is no workaround.
•
Symptoms: A memory leak may be observed on a router that has Service Selection Gateway (SSG) enabled when access control lists (ACLs) are configured in user and service profiles.
Conditions: This symptom may occur under the following two conditions:
–
–
Workaround: Define the ACLs by entering the ip access-list global configuration command, and refer to the ACL in both the user and service profiles.
Alternate Workaround: Define the ACLs correctly in both the user and service profiles.
•
Symptoms: The following keywords may not be displayed in the output of the show running-config EXEC command or the show ipv6 access-list EXEC command:
–
–
–
–
–
–
–
Conditions: This symptom is observed if a port match is omitted.
Workaround: Specify TCP ports to match the access list using the eq or neq keywords.
TCP/IP Host-Mode Services
•
Symptoms: TCP transmit packets that are sent from a router in some configurations may be corrupted. This behavior may cause a TCP session to pause indefinitely in one direction.
Conditions: These symptoms are observed with protocols that use TCP transport (Border Gateway Protocol [BGP] and Telnet are known to be affected). Configurations that may exhibit these symptoms include interfaces that are configured with Multiprotocol Label Switching (MPLS) or Multilink PPP (MLP) encapsulation.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms A Cisco router may reload with a software-forced reload error when triggering a dial call.
Conditions This symptom occurs on Cisco platforms that are running Cisco IOS Release 12.2(13)T and that support ISDN using the dialer configuration.
Workaround There is no workaround.
•
Symptoms: A Cisco 3600 series may reload.
Conditions: This symptom is observed on a Cisco 3600 series when there is a heavy traffic load over a Multilink Frame Relay (MFR) interface that has Local Management Interface (LMI) enabled.
Workaround: There is no workaround.
•
Symptoms: The Layer 2 Tunneling Protocol (L2TP) service level interface (SLI) packet is not sent from an L2TP network server (LNS) to an L2TP access concentrator (LAC).
Conditions: This symptom is observed in a network when renegotiation occurs between the client and the LNS to pass the information for the negotiated link from the LNS to the LAC.
Workaround: There is no workaround.
•
Symptoms: When a router receives an invalid FACILITY information element (IE) in the ISDN disconnect message, the task may not be completed.
Conditions: This symptom is observed on a router when it receives an unrecognized IE in the ISDN disconnect message.
Workaround: There is no workaround.
•
Symptoms: A router may reload or display "SYS-2-MALLOCFAIL" and "SYS-2-BADBUFFER: Attempt to use contiguous buffer as scattered src" error messages when the PPP multilink protocol is used.
Conditions: This symptom is observed when links are added to a PPP multilink bundle during periods of heavy load.
Workaround: There is no workaround.
•
Symptoms: The Multiclass Multilink feature uses incorrect bits to identify the class. This behavior may result in packet loss for multilink packets that have a class other than class 0.
Conditions: This symptom is observed with Cisco IOS Release 12.2(13)T. Cisco routers that are running Cisco IOS Release 12.2(13)T may fail to interoperate with non-Cisco IOS software implementations or routers that are running later versions of Cisco IOS software.
Workaround: There is no workaround.
•
Symptoms: A router may reload because of a bus error.
Conditions: This symptom is observed on a Cisco 3600 series that is running Cisco IOS Release 12.2(13)T.
Workaround: There is no workaround.
•
Symptoms: A router that has virtual private dialup network (VPDN) and VPDN debug messages enabled may reload when it brings up sessions.
Conditions: This symptom occurs only when the debug vpdn EXEC command is enabled. This symptom is observed most frequently when the username is greater than 50 characters in size and may also occur when the total number of bytes in the message is greater than 160 bytes.
Workaround: Do not enable the debug vpdn EXEC command.
Resolved Caveats—Cisco IOS Release 12.2(13)T
All the caveats listed in this section are resolved in Cisco IOS Release 12.2(13)T. This section describes only severity 1, severity 2, and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Access Server
•
Symptoms A modem configuration may fail.
Conditions This symptom is observed on a Cisco AS5850 when a modem capability (modemcap) is used to modify the NextPort register configuration.
Workaround Apply the same modemcap from a reverse Telnet to the NextPort.
Basic System Services
•
Symptoms Preauthentication incorrectly enables Password Authentication Protocol (PAP) for Large-Scale Dial-Out (LSDO) users.
Conditions This symptom is observed when no authentication is configured on a Cisco router.
Workaround There is no workaround.
•
Symptoms Multichassis Multilink PPP (MMP) Media Gateway Control Protocol (MGCP) calls do not work because of authentication failures.
Conditions This symptom is observed on a Cisco AS5400.
Workaround Use local authentication by enabling the aaa authentication ppp default local global configuration command.
Alternate Workaround If RADIUS authentication is used, omit the "class" attribute from the RADIUS user profile.
•
Symptoms After the aaa accounting send stop-record authentication failure global configuration command is configured, a successful PPP call may generate two stop records.
Conditions This symptom is observed on a Cisco AS5850 that is running Cisco IOS Release 12.2(2)XB if Link Control Protocol (LCP) renegotiates after the authenticating phase has started.
Workaround There is no workaround.
•
Symptoms A Node Route Processor (NRP) may reload.
Conditions This symptom is observed on a Cisco NRP when it attempts to remove per-user access control lists (ACLs).
Workaround There is no workaround.
•
Symptoms IP Control Protocol (IPCP) may be rejected when a Virtual Access interface is created for attributes, such as the "route" attribute, that are global per-user attributes. The Virtual Access interface does not contain IP configurations because no Virtual Template has been configured.
Conditions This symptom is observed on a Cisco AS5300 that is running Cisco IOS Release 12.2(9.4)T or Release 12.2(6.8)PIa.
Workaround Create a Virtual Template and configure the virtual- profile virtual-template number global configuration command.
•
Symptoms A router may reload.
Conditions This symptom is observed on a Cisco 1000 series edge services router while a configuration is being loaded from a TFTP server.
Workaround There is no workaround.
•
Symptoms When a virtual private dial-up network (VPDN) call is made with authentication, authorization, and accounting (AAA) preauthorization, a traceback is observed because of a spurious memory access made by a preauth_do_author function call.
Conditions This symptom is observed on a Cisco AS5300 when preauthorization is configured with only the aaa group server radius 7777 command.
Workaround Configure the dnis required customer profile configuration command.
•
Symptoms If a call is terminated after the aaa accounting resource default stop-failure group radius global configuration command is enabled, authentication, authorization, and accounting (AAA) resource accounting may not generate a stop record before a user is authenticated.
Conditions This symptom is observed on a Cisco AS5300.
Workaround There is no workaround.
•
Symptoms A class attribute may not be found in the start and stop accounting records on a home gateway when the vpdn aaa attribute class tunnel- class global configuration command is configured.
Conditions This symptom is observed on a Cisco 7200 series router.
Workaround There is no workaround.
•
Symptoms The "Ascend-Shared-Profile-Enable" RADIUS attribute is not supported.
Conditions This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.2(9.4)P14.
Workaround There is no workaround.
•
Symptoms Incorrect RADIUS disconnect cause codes may be sent while the PPP idle timeout is tested on the serial interface of a Layer 2 Tunneling Protocol (L2TP) access concentrator (LAC).
Conditions This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.2(10.3)T2.
Workaround There is no workaround.
•
Symptoms Cisco Discovery Protocol (CDP) packets going out of the permanent virtual circuit (PVC) may fail on CDP header checksum.
Conditions This symptom is observed on devices that are running Cisco IOS Release 12.2(10.3)T1 and that have bridging enabled on ATM interfaces.
Workaround If the devices at the end of the PVC are routers, do not enable bridging. If one of the devices is a LAN switch that has a LAN Emulation (LANE) blade, there is no workaround.
•
Symptoms A RADIUS attribute 69 that has special characters defined may fail in decryption.
Conditions This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.2(02)XB05.
Workaround There is no workaround.
•
Symptoms Digital service zero (DS0) information may not be reported in authentication, authorization, and accounting (AAA).
Conditions This symptom is observed on a Cisco AS5400.
Workaround There is no workaround.
•
Symptoms The disconnect cause in attribute 195 may be reported as "no reason."
Conditions This symptom is observed on a Cisco AS5400 when Windows NT clients are disconnected in a normal way.
Workaround There is no workaround.
•
Symptoms The internal application programming interface (API) may return wrong values for IfType and IfSubType on an E1 controller.
Conditions This symptom is observed on a Cisco MC3810 that is running Cisco IOS Release 12.2(10.7)T.
Workaround There is no workaround.
•
Symptoms Service Level Measurements feature measurements cannot be made on a Frame Relay Service (FRF.8) encapsulation-type circuit.
Conditions This symptom is observed on a Cisco 3810 router.
Workaround There is no workaround.
•
Symptoms A progress code may be reported as "LCP STOPPED" for a PPP call.
Conditions This symptom is observed on a Cisco AS5400.
Workaround There is no workaround.
•
Symptoms The RADIUS disconnect code may report value 10, "modem never detected DCD," for a regular PPP.
Conditions This symptom is observed on a Cisco AS5400.
Workaround There is no workaround.
•
Symptoms PPP Link Control Protocol (LCP) negotiation may not work correctly.
Conditions The conditions under which this symptom occurs are not known at this time. This caveat is related to the fix for CSCdx46822.
Workaround There is no workaround.
•
Symptoms For asynchronous-over-ISDN calls, the network access server (NAS) port type may be incorrectly reported as ISDN when it should be reported as asynchronous.
Conditions The conditions under which this symptom occurs are not known at this time.
Workaround There is no workaround.
•
Symptoms The attribute 6 Service-Type may be missing in an authentication request, and messages similar to the following may be displayed:
RADIUS: Send to unknown id 11 10.52.216.2:1645, Access-Request, len 81
RADIUS: authenticator 65 86 66 A9 AA C9 E5 D5 - DA E6 E6 1D 77 EC 26 37
RADIUS: Framed-Protocol [7] 6 PPP [1]
RADIUS: User-Name [1] 18 "lac-1@tunnel.com"
RADIUS: CHAP-Password [3] 19 *
RADIUS: NAS-Port [5] 6 34
RADIUS: NAS-Port-Type [61] 6 Virtual [5]
RADIUS: NAS-IP-Address [4] 6 10.52.221.120Conditions This symptom is observed on a Cisco 7200 series router that is functioning as a multihop node that is running Cisco IOS Release 12.2(10.7)T1 in a configuration in which the multihop node is located in between a Cisco AS5300 that is functioning as a Layer 2 Tunnel Protocol access concentrator (LAC) and a Cisco 7200 series router that is functioning as a Layer 2 Tunnel Protocol (L2TP) network server (LNS).
The symptom does not occur when the multihop node is running Cisco IOS Release 12.2(6.7)T, in which case messages similar to the following may be displayed:
RADIUS: Send to unknown id 5 10.52.216.2:1645, Access-Request, len 87
RADIUS: authenticator DB C3 2D 4E A8 F6 10 DE - DA E6 E6 1D CB 96 98 DB
RADIUS: Framed-Protocol [7] 6 PPP [1]
RADIUS: User-Name [1] 18 "lac-1@tunnel.com"
RADIUS: CHAP-Password [3] 19 *
RADIUS: NAS-Port [5] 6 12
RADIUS: NAS-Port-Type [61] 6 Virtual [5]
RADIUS: Service-Type [6] 6 Framed [2]
RADIUS: NAS-IP-Address [4] 6 10.52.221.120Workaround To enable the Service-Type to be sent in the authentication request, enter the radius-server attribute 6 on-for-login-auth global configuration command.
•
Symptoms Voice calls may be rejected after running voice calls with preauthorization enabled for an extended period.
Conditions This symptom is observed on a Cisco AS5400.
Workaround Enter the no aaa preauth global configuration command to get voice calls running again.
•
Symptoms A memory leak may be seen in PPP events after a stress test.
Conditions This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.2(02)XB06 after a stress test.
Workaround There is no workaround.
•
Symptoms Progress Code attribute 196 may report value 10 for Layer 2 Tunneling Protocol (L2TP) call disconnect, but is should pass the value as 65.
Conditions This symptom is observed on a Cisco AS5400.
Workaround There is no workaround.
•
Symptoms The network access server (NAS) port name on the TACACS server may be reported incorrectly for a digital call that is terminated on a NextPort; ISDN may be reported as asynchronous. No other types of calls are affected, and the RADIUS server works fine.
Conditions This symptom is observed on a Cisco AS5400.
Workaround There is no workaround.
•
Symptoms Digital calls that are terminated by NextPort do not record packet throughput in the TACACS accounting record. The bytes-in, bytes_out, paks_in, and paks_out values are reported as "0".
Conditions This symptom is observed on a Cisco AS5400.
Workaround There is no workaround.
•
Symptoms Authentication, authorization, and accounting (AAA) stop records may report 0 in acct_output_octets and acct_input_octets, even when large amounts of data have been transferred by the session.
Conditions This symptom is observed on a Cisco AS5850.
Workaround Retrieve the information using the spe call-record modem, modem call-record, and calltracker call-record global configuration commands
•
Symptoms An ATM interface may have an incorrect Iftype object (DS1 instead of ATM), which may cause the ATM Service Level Measurement (SLM) feature to be inoperable with third-party software.
Conditions This symptom is observed on a Cisco 2600 series router.
Workaround There is no workaround.
•
Symptoms Not all extensible markup language (XML) traps are being generated for the Service Level Measurement (SLM) feature.
Conditions This symptom is observed on a Cisco MC3810 router that is using the SLM feature.
Workaround There is no workaround.
•
Symptoms Terminal Window PPP authentication may fail with the authentication, authorization, and accounting (AAA) "if-needed" method.
Conditions This symptom is observed on a Cisco AS5400.
Workaround There is no workaround.
•
Symptoms When you enter the no cns event global configuration command, the Service Level Measurement (SLM) notify process may throw tracebacks.
Conditions This symptom is observed on a Cisco 2600 series router.
Workaround Do not remove the CNS event agent.
•
Symptoms A per-user interface configuration that is loaded from an authentication, authorization, and accounting (AAA) server can have a maximum length of 600 bytes. If if the maximum length is exceeded and the AAA profile is in the "old-style" format "lcp:interface-config=....," the router will reload.
If the maximum length is exceeded and the AAA profile is in the "new-style" format "lcp:interface-config#<n>=..." (in which <n> is the is the sequence number of the lines sent), the router will not reload, but the user will be rejected.
Conditions This symptom is observed on a router that is running Cisco IOS Release 12.2(4)B or Release 12.2(10.7)T.
Workaround There is no workaround.
•
Symptoms An ATM Adaptation Layer 2 (AAL2) permanent virtual circuit (PVC) does not come up when managed by Operation, Administration, and Maintenance (OAM) cells. The number of packets received for AAL2 is also incorrect.
Conditions This symptom is observed on a Cisco MC3810 that is running Cisco IOS Release 12.2(10.7)T4.
Workaround There is no workaround.
•
Symptoms When a router is set up for ATM Adaptation Layer 2 (AAL2) trunking for 24 G.726 voice calls with no voice activity detection (VAD), CPU utilization is up to 90 percent, which is 20 percent higher than for an image of Cisco IOS Release 12.2(2)XB5.
Conditions This symptom is observed on a Cisco MC3810 that is running Cisco IOS Release 12.2(10.7)T4.
Workaround There is no workaround.
•
Symptoms The output from the show process memory EXEC command indicates that the amount of memory held by the "PPP Events" process continues to increase. This indicates a memory leak.
Conditions This symptom is observed on a Cisco AS5850. User profiles that have a Link Control Protocol (LCP) attribute that is applied to an interface, for example, Timeout or Idle-Timeout, cause a leak of per-user request structures.
Workaround Use virtual profiles.
•
Symptoms A Cisco 7206VXR may be restarted because of a bus error at the printf and c7100_platform_show_env_last processes and display the following crashinfo messages:
%LINK-3-UPDOWN: Interface Virtual-Access72, changed state to up
%LINK-3-UPDOWN: Interface Virtual-Access72, changed state to down
CMD: 'interface Virtual-Access72' 16:50:53 JST Thu Jul 4 2002
CMD: 'default snmp trap link-status' 16:50:53 JST Thu Jul 4 2002Conditions This symptom is observed on a Cisco 7206VXR that is running Cisco IOS Release 12.2(2)DD4.
Workaround There is no workaround.
•
Symptoms A router does not send RADIUS connection accounting attribute 46 for TCP clear calls or for any outbound Telnet connections.
Conditions This symptom is observed in Cisco IOS Release 12.2(2)XB and Release 12.2(4)T and in later Cisco IOS releases. This symptom occurs only with regular PPP calls over a Telnet connection. Accounting records do contain this attribute.
Workaround There is no workaround.
•
Symptoms Extensible markup language (XML) tags that are advertised from a router have a third-party vendor prefix, which makes them specific for this third-party vendor.
Conditions This symptom is observed on a Cisco MC3810, Cisco 2600 series, Cisco IAD2420 series, and Cisco 3660 router.
Workaround There is no workaround.
•
Symptoms A Cisco AS5800 network access server (NAS) reloads at multi_session_add_link after approximately 14 to 16 hours of stress testing.
Conditions This symptom is observed on a NAS that is running almost 700 calls (a mixture of analog, sync PPP, and multilink calls).
Workaround There is no workaround.
•
Symptoms A router may reload.
Conditions This symptom is observed when you leave an EXEC Secure Shell (SSH) session by entering the exit command-line interface (CLI) command when Connection Accounting is enabled.
Workaround Terminate the line using the clear line-number EXEC CLI command.
•
Symptoms A router may decode a preshared key incorrectly.
Conditions This symptom is observed when a Cisco router incorrectly decodes a preshared key from an authentication, authorization, and accounting (AAA) RADIUS server.
Workaround Use local authorization instead of RADIUS authorization.
•
Symptoms A Cisco router may reload because of a bus error.
Conditions This symptom is observed when a Service Assurance Agent is configured using the Simple Network Management Protocol (SNMP) through a "Create and Wait" operation. The rttMonEchoAdminOwner or rttMonEchoAdminTag variable is set using this "Create and Wait" operation.
Workaround To configure the Service Assurance Agent, use one of the following three solutions:
–
–
–
For more information about bus errors, refer to the Cisco document at the following location:
http://www.cisco.com/warp/public/122/crashes_buserror_troubleshooting.shtml
•
Symptoms When the radius-server attribute nas-port format d global configuration command is entered, the network access server (NAS) port (attribute 5) prepend for the missing account session ID (acct-sess-id [44]) attribute may be missing.
Conditions This symptom is observed when the radius-server attribute nas-port format d global configuration command is entered on a Cisco network access server.
Workaround There is no workaround.
•
Symptoms RADIUS NAS-port attribute (attribute 5) value does not report the TTY number of the asynchronous interface that is used for a call. This value should be reported for any asynchronous calls.
Conditions This symptom is observed when the radius-server attribute nas-port format a global configuration command is configured and authentication, authorization, and accounting (AAA) is tracking a modem-based call.
Workaround There is no workaround.
•
Symptoms A Cisco AS5400 may display an incorrect value of 255 for the radius-server unique-ident number global configuration command even when the value of 254 is configured using the command.
Conditions This symptom is observed only when the value of "254" is configured by entering the radius-server unique-ident 254 global configuration command on a Cisco AS5400.
Workaround Enter the radius-server unique-ident 1 global configuration command.
•
Symptoms A Cisco AS5800 may reload at the outb-telnet_aaa_acct_get_dynamic_attrs routine if TCP clear connection accounting is enabled.
Conditions This symptom is observed only when a configured accounting method-list is altered on an Cisco router that has active Telnet TCP connections.
Workaround Avoid modifying accounting the method-list configuration while there are active Telnet TCP clear sessions on the router.
•
Symptoms A Cisco AS5300 may reload when it accesses an illegal address (0xDEADBEF7).
Conditions This symptom is observed on a Cisco AS5300 when a TACACS+ accounting packet is sent for a network or PPP connection.
Workaround There is no workaround.
•
Symptoms Attribute 42 and attribute 43 may carry negative values when the aaa accounting exec default none global configuration command is configured on the network access server (NAS).
Conditions This symptom is observed on a Cisco AS5800 that is running Cisco IOS Release 12.2(2)XB6.1.
Workaround There is no workaround.
•
Symptoms A router may reload unexpectedly when a user attempts to initiate a Telnet session from the router to another device.
Conditions This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(12.5)T but does not have authentication, authorization, and accounting (AAA) configured.
Workaround Enable AAA.
•
Symptoms A Cisco 3660 may reload unexpectedly because of a bus error.
Conditions This symptom is observed on a Cisco 3660 that is running Cisco IOS Release 12.2(11)T and that is configured to support ATM service level monitoring.
Workaround There is no workaround.
•
Symptoms In a callback setup, the class attribute from the original call is not transferred to the accounting of the callback call when the auth-required attribute is set to 0 (indicating that no authentication is required for subsequent callbacks). This particular combination is not recommended because of security risks.
Conditions This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(11)T1.
Workaround There is no workaround.
•
Symptoms An extra stop record may be generated for a session failure in which the session is not allocated an IP address because the IP address pool has been exhausted of available IP addresses.
Conditions This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.2(2)XB7.
Workaround There is no workaround.
•
Symptoms An empty value is returned for the tsLineUser value in the OLD-CISCO-TS-MIB MIB.
Conditions This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(2)XB6 with authentication, authorization, and accounting (AAA) RADIUS and that has a local user configuration. The tsLineUser value of the OLD-CISCO-TS-MIB is populated when Cisco IOS 12.1(5)T8 is used.
Workaround There is no workaround.
•
Symptoms Attribute 195 of an accounting record may be reported as "no reason" when there is a vendor-specific client disconnect for an asynchronous call into a Cisco AS5400.
Conditions This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.2(2)XB7.
Workaround There is no workaround.
•
Symptoms The task_id attribute of an authentication, authorization, and accounting (AAA) accounting record may be incorrect if the task_id attribute has a value that is greater than 9999.
Conditions This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(2)XB7.
Workaround There is no workaround.
•
Symptoms A router may reload when it is sending downstream traffic.
Conditions This symptom is observed on a Cisco router during a stress test with a Multilink PPP (MLP) call configuration while downstream traffic is present.
Workaround There is no workaround.
•
Symptoms A gateway may occasionally time out when it is sending side keepalive messages.
Conditions This symptom is observed when a Cisco MC3810 is configured as a connection trunk for Voice over IP (VoIP) over ATM Adaptation Layer 5 (AAL5). This symptom occurs because the Cisco MC3810 generates the keepalive packet without the "initialize rtp ssrc" field. The keepalive packet is then dropped because it failed to pass the Real-Time Protocol (RTP) range checking.
Workaround Enter the signal sequence oos no-action voice-class configuration command to configure the router to ignore the occasional drops of keepalive packets. The trunk will disconnect if the loss of keepalive event lasts longer than the default value of 120 seconds that is in the signal timing oos timeout seconds voice-class configuration command. This workaround prevents the trunk from being blocked, and new calls can be accepted even when the trunk detects dropped keepalives.
•
Symptoms A Cisco 3700 series may display the following output message when the squeeze flash privileged EXEC command is entered:
%SYS-3-CPUHOG: Task ran for 2992 msec (1/1), process = Exec, PC = 604B7FE0.
-Traceback= 604B7FE8 604BBEE4 604BF33C 604BF4AC 604BF588 604BD594 604323F0 60441F5C 60372054 60384CA0 603F6BE0 603F6BCCsssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssseeeeeeeeeeeeThis message is informational and should not affect the operation of the router.
Conditions This symptom is observed on a Cisco 3700 series that is running Cisco IOS Release 12.2(12.7)T.
Workaround There is no workaround.
•
Symptoms When a vendor-specific callback protocol is used for asynchronous-callback with the callback-noverify option specified, the network access server (NAS) fails to apply the Acct-Session-ID [44] attribute that is associated with that user from the initial call-in to the callback session. This behavior causes the observed the Acct-Session-ID [44] attribute for the callback session to be different from the Acct-Session-ID [44] attribute of the user call-in session.
Conditions This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.2(2)XB6.
Workaround There is no workaround.
•
Symptoms An incorrect nas-port-type value may be displayed for an asynchronous V.120 call.
Conditions This symptom is observed on a Cisco AS5850 that is running Cisco IOS Release 12.2(2)XB7.
Workaround There is no workaround.
•
Symptoms A multihop router may reload because of a port flap.
Conditions This symptom is observed when there are 940 PPP over ATM (PPPoA) sessions with 50 ingress and 10 egress tunnels configured on a Cisco 6400 Node Route Processor (NRP) (NRP1 or NRP2) that is used as multihop router and that is running Cisco IOS Release 12.2(12.10)T1.
Workaround There is no workaround.
•
Symptoms A router may reload after performing data or voice transfer with ATM encapsulation over the path of an ATM T1 channel that uses 24 channels via an ATM switch.
Conditions This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(12.12)T or Release 12.2(12.13)T.
Workaround There is no workaround.
•
Symptoms A Cisco 1602 may fail to boot.
Conditions This symptom is observed on a Cisco 1602 that is running Cisco IOS Release 12.2(13)T.
Workaround Use an earlier release such as Cisco IOS Release 12.2(13)T.
•
Symptoms An authentication, authorization, and accounting (AAA) pre-authentication failure causes STOP records to be generated. ISDN synchronization users may fail to connect when this behavior occurs.
Conditions This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.2(2)XB7.
Workaround There is no workaround.
•
Symptoms Framed routes that have gateway addresses of 0.0.0.0 or gateways specified by an interface string are not parsed correctly, resulting in an invalid route string being applied by the authentication, authorization, and accounting (AAA) per-user process.
Conditions This symptom is observed on a Cisco AS5300.
Workaround There is no workaround.
•
Symptoms While Route Switch Processor (RSP) platform images are being built, the build may fail with the following errors:
{standard input}: Assembler messages: {standard input}:57463: Error: Branch out of range make[1]: *** [rsp_if.o] Error 1Conditions This symptom is observed on a Cisco 7500 series router.
Workaround There is no workaround.
•
Symptoms The class attribute may not be transferred from a network access server (NAS) to a home gateway, even when the vpdn aaa attribute class tunnel-class command is configured.
Conditions This symptom is observed on a Cisco 7200 series router.
Workaround There is no workaround.
•
Symptoms The tacacs+ keyword is not accepted for accounting commands. This behavior prevents aaa accounting global configuration commands from being configured. The following error message may be displayed when this behavior occurs:
00:03:07: %AAAA-3-ILLSGNAME: Illegal server-group name tacacs+ (type tacacs+).Conditions This symptom is observed when the tacacs+ keyword is specified in aaa accounting global configuration commands an on a Cisco router.
Workaround Use a group that is defined by the aaa group server global configuration command instead of the standard TACACS+ group.
•
Symptoms TACACS+ directed request authentications by authentication, authorization, and accounting (AAA) servers may fail. The TACACS+ directed request authentications are sent to the correct servers, but the usernames are not formatted correctly.
Conditions This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2 T.
Workaround There is no workaround.
•
Symptoms An authentication server group is not picked on the basis of the dialed number identification service (DNIS).
Conditions This symptom is observed on a Cisco AS5300 when a DNIS-based server group is tested.
Workaround There is no workaround.
•
Symptoms When an Extensible Authentication Protocol (EAP) authentication is performed after a RADIUS failover, the network access server (NAS) try to fail over a new RADIUS server. However, this process is forbidden while authentication is occurring. Therefore, the NAS is required to restart the authentication process from the beginning and permit the user to attempt another authentication.
Conditions This symptom is observed on a Cisco router after a RADIUS failover occurs.
Workaround There is no workaround.
DECnet
•
Symptoms A Cisco 3640 may reload after DECnet routing is enabled.
Conditions This symptom is observed on a Cisco 3640 that is running Cisco IOS Release 12.2(12.2)T.
Workaround Use an earlier Cisco IOS Release such as Cisco IOS Release 12.2(11.3)T.
•
Symptoms Spurious memory access may occur after DECnet routing is configured on a Cisco 3640. This symptom does not affect operation of DECnet routing.
Conditions This symptom is observed on a Cisco 3640 that is running Cisco IOS Release 12.2(12.2)T.
Workaround There is no workaround.
EXEC and Configuration Parser
•
Symptoms The monitor traffic command may cause a system reload if its argument is a nonexistent line number. The output of this command may display line numbers incorrectly on some platforms.
Conditions This symptom is observed on a Cisco 7500 series that has a Route Switch Processor (RSP).
Workaround There is no workaround.
•
Symptoms A router may reload when a command that uses the PARAMS_KEYONLY macro is parsed.
Conditions This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(11.03)T.
Workaround There is no workaround.
•
Symptoms The router isis global configuration command cannot be synchronized with the standby Route Processor (RP) when the router is running in the redundancy mode. Because of this behavior, the standby RP may not have the correct configuration.
Conditions This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2 S or Release 12.2 T.
Workaround There is no workaround.
•
Symptoms The Open Shortest Path First (OSPF) network ip-address wildcard-mask area area-id router configuration command is accepted in an active Route Processor (RP) but not properly synchronized to the standby RP. The first command that you enter is synchronized correctly to the standby RP, but commands that are subsequently entered are not properly synchronized to the standby RP.
Conditions This symptom is observed on a Cisco 12000 series router when Stateful Switchover (SSO) is enabled.
Workaround There is no workaround.
Interfaces and Bridging
•
Symptoms The Versatile Interface Processor (VIP) of a Cisco 7500 series may reload.
Conditions This symptom is observed after the no shutdown interface configuration command is entered on an ATM interface that is installed on the VIP of a Cisco 7500 series.
Workaround There is no workaround.
•
Symptoms A Label Distribution Protocol (LDP)/Tag Distribution Protocol (TDP) session may flap, and IP packets that are sent from the Label Switch Controller (LSC) or to the LSC will time-out when IP connectivity is broken on headend tagged virtual circuits (TVCs) and label virtual circuits (LVCs) out of the LSC. Only headend virtual circuits (VCs) from the LSC are affected.
Conditions This symptom is observed on a Cisco 7200 series router and on a Route Processor Module (RPM) that is running Cisco IOS Release 12.2(10.7)T and when TDP or LDP with TVCs and LVCs are using an LSC. Also, for the symptom to occur, the control interface needs to be ATM Deluxe.
At first, Interior Gateway Protocols (IGPs) and TDP and LDP traffic will not be affected, and the IGP and TDP and LDP neighbors will come up because the control-VC is a permanent virtual circuit (PVC). The symptom occurs on TVCs and LVCs only on the LSC. IGPs (Open Shortest Path First [OSPF] and Intermediate System-to-Intermediate System [IS-IS]) will run initially on the control-VC, but then they will move to the TVC or LVC when one of these is created. IGP then fails. Consequently, the TDP/LDP session flaps continuously. In normal conditions, traffic from and to the LSC should be minimal because the edge functionality should be disabled.
Workaround Disable the headend TVCs and LVCs using the mpls atm disable-headend-vcs global configuration command. Traffic terminating and originating in the LSC will run via the control-VC and will be processed switched.
•
Symptoms A router may reload when a bridge group is removed.
Conditions This symptom is observed on a Cisco 2600 series, Cisco 3600 series, or Cisco 3700 series router that has transparent bridging configured and has serial multiflex trunk (MFT), T3 modules or E3 modules configured in the bridge group. The following sequence of actions may cause the router to reload:
a.
b.
c.
d.
e.
f.
Workaround There is no workaround.
•
Symptoms The ISDN status remains as "TEI_ASSIGNED" until the clear interface EXEC command is entered.
Conditions This symptom is observed on a 2-port T1/E1 high-capacity enhanced digital voice port adapter (PA-VXC-2TE1+) of a Cisco router that is running Cisco IOS Release 12.2(8)T4.
Workaround Use either one of the following workarounds:
a.
b.
For a T1 controller that has the pri-group timeslots 1-24 controller configuration command configured, the corresponding D-channel interface is serial 1/0:24.
•
Symptoms An ATM OC-12/STM-4 single-mode (IR); multimode (PA-A3-OC12) port adapter that has multiple low latency queuing (LLQ) streams that are running near the peak cell rate (PCR) may begin to drop packets. Only outbound packets (and no inbound packets) are displayed when the show interface stats EXEC command is entered on the PA-A3-OC12 port adapter. The interface does not display input or output packet drops.
Conditions This symptom is observed on the PA-A3-OC12 port adapter of a Cisco router that is running Cisco IOS Release 12.0(22)S.
Workaround Enter the clear interface type card | subcard | port privileged EXEC command to clear the interface as a temporary workaround.
•
Symptoms A basic dot1q bridging ping on a router may fail.
Conditions This symptom is observed on a Cisco router that is running the rsp-jsv-mz, c2600-js-mz, c3640-js-mz, or c7200-js-mz image of Cisco IOS Release 12.2(12.5)T.
Workaround There is no workaround.
•
Symptoms A router reloads immediately after configuring the card type for PA-MC-8TE1+ port adapter.
Conditions This symptom is observed on a Cisco 7500 series. This symptom occurs if an online insertion and removal (OIR) is performed on a Versatile Interface Processor (VIP) that has the PA-MC-8TE1+ port adapter before the card type is configured.
Workaround There is no workaround.
•
Symptoms A virtual circuit may enter the INACTIVE state after the quality of service (QoS) parameters of the virtual circuit are modified.
Conditions This symptom is observed when the QoS parameters of the virtual circuit are changed from "VBR" to "CBR/ABR." After the change is made, the creation of the virtual circuit fails and the virtual circuit will enter the INACTIVE state.
Workaround Delete and recreate the virtual circuit if the QoS parameters of the virtual circuit have to be modified.
•
Symptoms Certain BRIDGE_MIB objects such as dot1dStpPortTable and dot1dTpPortTable are not populated after bridging is configured on the interfaces.
Conditions This symptom is observed after bridging is configured on the interfaces of a Cisco router.
Workaround There is no workaround.
•
Symptoms An IP route entry may not be updated properly.
Conditions This symptom is observed when one-step and two-step translations are performed using the Serial Line Internet Protocol (SLIP).
Workaround There is no workaround.
IP Routing Protocols
•
Symptoms Routes may not exist in the tag forwarding table.
Conditions This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(20.3)ST on routes that exist in both the Cisco Express Forwarding (CEF) table and in the route table.
Workaround Reload the router.
•
Symptoms Enhanced Interior Gateway Routing Protocol (EIGRP) may not form a neighbor relationship with message digest algorithm 5 (MD5) authentication.
Conditions The conditions under which this symptom occurs are not known at this time.
Workaround Disable MD5 authentication.
•
Symptoms Frequent exceptions may occur on a router after multicast routing is configured.
Conditions This symptom is observed on Cisco 7200 series routers and Catalyst 6000 series switches that have a Multilayer Switch Feature Card (WS-F6K-MSFC).
Workaround There is no workaround.
•
Symptoms In a failover configuration of a designated router (DR) and a non-DR, the DR fails, does not clear its connected flag, and continues to send Protocol Independent Multicast (PIM) join messages upstream. This situation causes unnecessary traffic. Upon failback, the non-DR does not clear its connected flag and continues to sends join-packet messages upstream long after the outgoing interface list of the multicast route (mroute) entry becomes empty.
Conditions This symptom is observed in a failover configuration of a DR and a non-DR that have directly connected receivers.
Workaround Clear the mroute entry.
•
Symptoms A router may be unable to handle IP Security (IPSec) traffic correctly. Network Address Translation (NAT) translations may not be created.
Conditions This symptom is observed on a Cisco 800 series router that is running Cisco IOS Release 12.2(10.1)T.
Workaround There is no workaround.
•
Symptoms A 99-percent CPU utilization may occur on a router during a stress test.
Conditions This symptom is observed on a Cisco AS5850 with 1100 ISDN synchronous/asynchronous calls, including virtual private dial-up network (VPDN) and non-VPDN calls, and with a traffic rate of 7/28 packets per second (pps) and a teardown rate of 9 calls per second (CPS).
Workaround There is no workaround.
•
Symptoms Labels in reservation messages may be incorrect.
Conditions This symptom is observed in a Multiprotocol Label Switching (MPLS) tunnel setup on all platforms that run Resource Reservation Protocol (RSVP).
Workaround There is no workaround.
•
Symptoms When a provider edge (PE) router must advertise a large number of Virtual Private Network version 4 (VPNv4) prefixes to another PE router, the initial convergence time may be very long (more than 20 minutes) or convergence may never occur. One symptom of this caveat is that the number of Border Gateway Protocol (BGP) messages used to propagate the VPNv4 prefixes may be greater than the number of prefixes.
Conditions This symptom is observed when a PE router must advertise a large number of VPNv4 prefixes to another PE router.
Workaround There is no workaround.
•
Symptoms A software-forced reload may occur on a router, and the Open Shortest Path First (OSPF) process may fail.
Conditions This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.2(11)T and that is configured for Border Gateway Protocol (BGP) tag switching with OSPF in an autonomous system. The router may reload when the main link bandwidth is changed to switch to the shortest path. This behavior may cause the router OSPF process to fail.
Workaround There is no workaround.
•
Symptoms A Protocol Independent Multicast (PIM) may not work correctly when a host is leaving a multicast group. The mroute table has difficulty pruning the interface from the entry.
Conditions This symptom is observed on platforms that are running Cisco IOS Release 12.2(11)T.
Workaround There is no workaround.
•
Symptoms The Internet Group Management Protocol (IGMP) may leak buffers on a PPP link.
Conditions This symptom is observed on a Cisco router that is running IGMP.
Workaround There is no workaround.
•
Symptoms If the Admission Confirm Function (ACF) returns a nonstandard H.225 port (for a corresponding Admission Request [ARQ]) as the destination call- signaling address or port, outgoing calls fail.
Conditions This symptom is observed on a Cisco 3600 series router that is using Network Address Translation (NAT).
Workaround There is no workaround.
•
Symptoms A router may reload when the Sham-Link Support feature is configured.
Conditions The conditions under which this symptom occurs are not known at this time.
Workaround There is no workaround.
•
Symptom An old bestpath may incorrectly remain in the routing table.
Conditions This symptom is observed if internal Border Gateway Protocol (iBGP) multipath is used for a Virtual Private Network version 4 (VPNv4) route.
Workaround There is no workaround, but the situation can be cleared by clearing the route.
•
Symptoms The Session Initiation Protocol (SIP) Application Layer Gateway (ALG) feature may not "compact" headers in SIP messages. As a result, IP addresses in the SIP message are incorrectly changed (affecting the CallID) when traversing a Cisco IOS Network Address Translation (NAT) SIP ALG router.
Conditions This symptom is observed when Cisco IOS NAT is configured on a router to use SIP ALG. The Cisco IOS NAT ALG needs to support Compact Headers.
Workaround Use Normal Headers in SIP messages.
•
Symptoms In rare circumstances, a downstream multicast router may have a group in the mroute table, yet the upstream multicast router does not show the downstream multicast router in the outgoing interface list.
Conditions The conditions under which this symptom occurs are not known at this time.
Workaround Issue the clear ip mroute group interface configuration command.
•
Symptoms An extended ping source address may not be accepted when you add a loopback with an IP address to a defined Virtual Private Network (VPN) routing/forwarding (VRF) instance using this IP address as source address.
Conditions This symptom is observed on a Cisco 3600 series router.
Workaround There is no workaround.
•
Symptoms Subnets in the /31 range may not be accepted.
Conditions This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(21.4)S.
Workaround There is no workaround.
•
Symptoms A router may reload after the neighbor default-originate router configuration command is configured.
Conditions This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2 T.
Workaround There is no workaround.
•
Symptoms When a router that is running Resource Reservation Protocol (RSVP) originates a reservation confirm (ResvConfirm) message, the next-hop downstream router may drop the ResvConfirm message and produce a debug output similar to the following:
RSVP 10.15.222.69_17152-10.15.94.239_19522: Received RESV CONFIRM message without Router-Alert option - ignoring.As a result, Voice over IP (VoIP) telephone calls that are using RSVP may not complete.
Conditions This symptom is observed when the router that is generating the ResvConfirm message is running a Cisco IOS release earlier than Release 12.2(11.3)T1 and the router that is receiving the ResvConfirm message is running Release 12.2(11.3)T1 or a release between Release 12.2(11.3)T1 and Release 12.2(12.05)T.
Workaround Use the same Cisco IOS release on all routers that are capable of running RSVP in the network.
•
Symptoms A Multiprotocol Label Switching traffic engineering (MPLS TE) tunnel may take three minutes to recover after a neighboring interface flaps.
Conditions This symptom is observed when you enter the shutdown interface configuration command immediately followed by the no shutdown interface configuration command on the neighboring Packet-over-SONET (POS) interface. The headend may not immediately tear down the link-state packet (LSP) and may be stuck for up to three minutes after the physical interface comes back up.
Workaround Configure the neighboring POS interface with the pos ais- shut interface configuration command.
•
Symptoms A router may reload because of a software-forced reload without any identifiable event triggering the reload.
Conditions This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.2(11.8)T and that is equipped with a Network Service Engine 1 (NSE-1) and a dual Fast Ethernet (FE) I/O board and with Network Address Translation (NAT) running in the router.
Workaround There is no workaround.
•
Symptoms A route reflector does not change the nexthop to itself, even when it is set to do so via a route map.
Conditions The conditions under which this symptom occurs are not known at this time.
Workaround There is no workaround.
•
Symptoms A router may fail to bring up a traffic engineering (TE) tunnel and display the following message:
%UTIL-3-TREE: Data structure error--attempt to reference an uninitialized wavl treeConditions This symptom is observed on a Cisco router that has the Resource Reservation Protocol (RSVP) and Multiprotocol Label Switching (MPLS) configured and that is running Cisco IOS Release 12.2 T. The neighbor database is not reinitialized even after the RSVP process is stopped and restarted.
Workaround There is no workaround.
•
Symptoms Network Address Translation (NAT) may drop H.323 version 3 and version 4 packets as versions 3 and 4 are not supported.
Conditions This symptom is observed on a Cisco 3600 series that is running Cisco IOS Release 12.2(11)T.
Workaround There is no workaround.
•
Symptoms A router that is running Multiprotocol Label Switching (MPLS)-Traffic Engineering (TE) reloads when it handles an incoming PATH TEAR message while a Resource Reservation Protocol (RSVP) Reservation State Block (RSB) data structure is being cleaned up.
Conditions This symptom is observed when a large number of development test cases are run back to back.
Workaround Run the test cases individually.
•
Symptoms When a Resource Reservation Protocol (RSVP)-capable router receives a PathTear message from an upstream neighbor, it sends a ResvTear message back to that neighbor.
Conditions This symptom is observed when an RSVP reservation is torn down on a Cisco router.
Workaround There is no workaround.
•
Symptoms Internetwork Packet Exchange (IPX) Enhanced Interior Gateway Routing Protocol (EIGRP) neighbors will not form adjacencies if incremental Service Advertising Protocol (SAP) updates are enabled. IPX EIGRP neighbors will not remain established and IPX routing will not work for interfaces that are affected by this symptom.
The following message is displayed if the eigrp log-neighbor-change router configuration command is configured:
%DUAL-5-NBRCHANGE: IPX-EIGRP 1: Neighbor ABC.0001.4266.3381 (Serial0/0)is down: Auth failureIncremental SAP updates are enabled by default on all non-IEEE interfaces (WAN interfaces). Incremental SAP updates are also disabled on all IEEE interfaces (LAN interfaces). Therefore, LAN interfaces are not affected by this symptom unless the interfaces have been configured to perform incremental SAP updates by entering the ipx sap-incremental interface configuration command.
Conditions This symptom is observed on a Cisco 4224 that is running Cisco IOS Release 12.2(8.05)T.
Workaround Configure the no ipx sap-incremental interface configuration command on the interfaces that have incremental SAP updates enabled by default or configuration to prevent the symptom from occurring.
ISO CLNS
•
Symptoms A router may reload while calculating shortest path routes.
Conditions This symptom is observed when you configure the metric-style wide global configuration command to enable Intermediate System-to-Intermediate System (IS-IS) in a Multiprotocol Label Switching (MPLS) traffic engineering (TE) environment. This symptom is observed only with Cisco IOS releases that include the fix for CSCdv69786.
Workaround There is no workaround.
Miscellaneous
•
Symptoms Line protocol flapping may occur when a channel group is configured with 13, 14, or 15 time slots. Other time slot combinations do not cause this symptom to occur.
Conditions This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0 S or Release 12.1(5)E.
Workaround There is no workaround.
•
Symptoms A Cisco AS5300 may reload.
Conditions This symptom is observed on a Cisco AS5300 that is running Cisco IOS Release 12.1(5)XM.
Workaround Enter the no snmp-server enable traps dial global configuration command.
•
Symptoms A Foreign Exchange Office (FXO) port may pause indefinitely in the off-hook state, and the following debug message may be displayed:
%VTSP-3-DSP_TIMEOUT: DSP timeout on event 0x6: DSP ID=0x1: DSP error stats (call mode=1661098164)Conditions This symptom is observed on a Cisco 3600 series router that is running Cisco IOS Release 12.2(2)T.
Workaround There is no workaround.
•
Symptoms A Cisco media gateway does not send a wild carded Restart In Progress (RSIP) Media Gateway Control Protocol (MGCP) message when the ISDN PRI backhaul controller is shut down. Instead the Cisco media gateway sends individual RSIP messages for each time slot.
Conditions This symptom is observed only on an ISDN PRI backhaul controller of a Cisco media gateway and does not affect the call quality.
Workaround There is no workaround.
•
Symptoms Incoming dual tone multifrequency (DTMF) digits from the public switched telephone network (PSTN) may not be reported by Media Gateway Control Protocol (MGCP) after a call is connected.
Conditions This symptom is observed on a Cisco 3600 series router when a channel-associated signaling (CAS) T1 MGCP trunk is configured for multifrequency (MF) and functions as the terminating endpoint.
Workaround Use DTMF signaling.
•
Symptoms A router may reload after the access-list access-list-number permit any any global configuration command is removed from a crypto access list.
Conditions This symptom is observed after the access-list access-list-number permit any any global configuration command is removed from a crypto access list of a Cisco router.
Workaround There is no workaround. Avoid using the access-list access-list-number permit any any global configuration command on a crypto access list.
•
Symptoms When a virtual profile is used through authentication, authorization, and accounting (AAA) to configure a RADIUS timeout absolute minutes [seconds] interface configuration command with a value that is greater than 35,790 minutes (2,147,483 seconds or 24 days), the cloning of the virtual access interface may fail. This behavior prevents the virtual interface from being used for another call even if the virtual interface uses a small timeout value.
Conditions This symptom is observed on a Cisco AS5400.
Workaround Do not attempt to configure RADIUS session timeout values that lie outside the valid range. This caveat entry changes the session timeout to use a 64-bit timer, which increases the maximum value of the timeout absolute minutes [seconds] interface configuration command to approximately 71,582,787 minutes (136 years).
•
Symptoms Static noise may be observed with conference calls. The level of static noise increases along with the number of participants in the conference call and can reach a level at which it distorts the voice of the conference participants. The static sound is heard primarily when the participants are silent and is masked when the participants start speaking.
Conditions This symptom is observed on a Cisco VG200 Voice over IP (VoIP) gateway that provides hardware conferencing for the Cisco CallManager. The Cisco VG200 VoIP gateway is running Cisco IOS Release 12.1(5)YH1.
Workaround There is no workaround.
•
Symptoms Errors such as "ISA heartbeat failure," "ISA failed to Initialize," or other unusual errors related to the Integrated Services Adapter (ISA) microcode may be reported from an ISA.
Conditions This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.2, Release 12.2 T, Release 12.2 S, or any release derived from these releases.
Workaround Do not use an ISA.
•
Symptoms A Generic Routing Encapsulation (GRE) tunnel toggles up and down after a crypto map is applied to the tunnel and the associated interface.
Conditions This symptom is observed after a crypto map is applied to a GRE tunnel and the associated interface.
Workaround There is no workaround.
•
Symptoms A Cisco 2600 series may pause indefinitely after a digital subscriber line (DSL) WAN interface card (WIC) is installed.
Conditions This symptom is observed after a DSL WIC is installed on a Cisco 2600 series.
Workaround There is no workaround.
•
Symptoms When compiled access lists with noncontiguous masks are used, the following error message may be displayed:
VIP will crash with a %SYS-2-WATCHDOG: Process aborted on watchdog timeout Process = TurboACLConditions This symptom is observed on a Cisco 7500 series router that has a Versatile Interface Processor (VIP) and that is running Cisco IOS Release 12.0 (19.6)S. The symptom does not occur when compiled access lists without noncontiguous masks are used.
Workaround Turn off compiled access lists using the no access-list compiled global configuration command.
Alternate Workaround Avoid using entries that have noncontiguous masks or replace such entries with single or multiple entries with contiguous masks.
•
Symptoms A Cisco Versatile Interface Processor (VIP) card with distributed Network-Based Application Recognition (dNBAR) configured may reload with a Bus Error Exception.
Conditions This symptom was introduced in Cisco IOS Release 12.1(11b)E and 12.2(8)T by a new dNBAR feature that performs the automatic scanning of "unclassified traffic." Unclassified traffic is traffic that is not classified as one of the standard protocols for heuristic protocol packets. Currently, Real-Time Transport Protocol (RTP) is the only available heuristic protocol.
Workaround Disable the classification of the RTP protocol, by entering the no match protocol rtp class map configuration command and disable the NBAR Protocol Discovery feature by entering the no ip nbar protocol-discovery interface configuration command on all interfaces.
•
Symptoms When a Node Route Processor 2 (NRP2) receives certain types of Operation, Administration, and Maintenance (OAM) cells with cyclic redundancy check 10 (CRC10) errors, ATM interface 0/0/0 may become wedged. The cells are cleared from the interface buffer, but the buffer is never freed. Therefore, the packets cannot be seen with any show buffer commands.
Conditions This symptom is observed on a Cisco 6400 series platform. OAM does not need to be enabled on the NRP2 for these errors to occur and for the queue to become wedged. Also, not all types of OAM cells with CRC10 errors cause the queue to become wedged. It appears that some cells with CRC10 errors are able to get through.
Workaround Shut down the source of the OAM cells with CRC10 errors.
•
Symptoms If you enter the no ip vrf vrf- name command on a provider edge (PE) router, the deleted Virtual Private Network (VPN) routing/forwarding (VRF) table is not removed from the router. If you enter the show ip vrf command, the VRF table shows up as "being deleted." This situation prevents you from configuring a VRF table with same route distinguisher.
Conditions The conditions under which these symptoms occur are not known at this time.
Workaround There is no workaround.
•
Symptoms When certain combinations of input and output features are used, Parallel Express Forwarding (PXF) may punt traffic.
Conditions This symptom is observed when input policing is configured with a type of service (ToS) as the exceed action and an output service policy requires those packets to have a rate that exceeds the conform rate but does not exceed a value that is twice of the conform rate.
Workaround Enter the no ip pxf global configuration command to disable PXF.
•
Symptoms Dropped calls are observed when inbound calls are sent from a public switched telephone network (PSTN) voice gateway to an IP phone and when the IP phone places the PSTN user on hold.
Conditions This symptom is observed when there is a need to force Media Termination Point (MTP) or transcoding on inbound calls while a Cisco voice gateway 200 is configured as the digital signal processor (DSP) farm. This symptom is also observed when the inbound call from the voice gateway is set to use the G729 codec.
Workaround Use the G711 codec on the voice gateway or remove the MTP requirement.
•
Symptoms A router may reload after it is configured as the multihop node.
Conditions This symptom is observed when changes are made to the maximum transmission unit (MTU) on a virtual template. This symptom occurs regardless of whether Parallel Express Forwarding (PXF) is enabled.
Workaround There is no workaround.
•
Symptoms A user may not be able to access the tunnel service on a Cisco 6400.
Conditions This symptom is observed on a Cisco 6400 when a packet size that is greater than the maximum transmission unit (MTU) is configured on the tunnel service profile (with attribute B and Service Selection Gateway [SSG] service information vendor-specific attribute [VSA]).
Workaround Do not configure the tunnel MTU in the service profile (with attribute B, SSG service info VSA) and set the path MTU to 1500 bytes.
Alternate Workaround Disable Cisco Express Forwarding (CEF) on the downlink interface.
•
Symptoms Label Distribution Protocol (LDP) that is configured on a provider edge (PE) router does not advertise a changed label to customer edge (CE) routers. The CE routers continue to work an old label for the prefix. If you enter the show mpls forwarding-table EXEC command on the CE and PE routers, the old label will be returned:
–
–
Conditions This symptom is observed when the LDP-based Carrier Supporting Carrier feature is configured on a Virtual Private Network (VPN) routing/forwarding (VRF) interface of a provider edge (PE) router and the Border Gateway Protocol (BGP) reallocates a new label for a VPN prefix.
Workaround Clear the LDP session between the PE router and the CE routers by entering the shutdown command followed by no shutdown command on the VRF interface of the PE router.
•
Symptoms The media-type interface configuration command cannot be configured on an Ethernet interface or a Fast Ethernet interface of a Cisco 4500 series.
Conditions This symptom is observed on a Cisco 4500 series that has an Ethernet or Fast Ethernet interface.
Workaround There is no workaround.
•
Symptoms When a Cisco 7401 or Cisco 7200 series router that has a Network Services Engine (NSE-1) is used as a Layer 2 Tunneling Protocol (L2TP) access concentrator (LAC) or as an L2TP network server (LNS) to tunnel PPP over Ethernet (PPPoE) sessions, a ping that is sent from a client device to the LNS may fail if the packet size is within a certain range of a specific maximum transmission unit (MTU) size and if Parallel Express Forwarding (PXF) is enabled.
Conditions This symptom is observed on a Cisco 7401 or Cisco 7200 series router that has an NSE-1 and that is running Cisco IOS Release 12.2(4)B1.
Workaround Disable PXF globally on the router by entering the no ip pxf global configuration command.
•
Symptoms An implicit-null label over a Border Gateway Protocol (BGP) RFC 3107 session is distributed as "1" instead of "0".
Conditions The conditions under which this symptom occurs are not known at this time.
Workaround There is no workaround.
•
Symptoms A router may display the "VTSP-3-DSP timeout" error message if the "DISCONNECT" message is received after a "PROCEEDING" message on an outgoing ISDN call. This symptom delays disconnect processing by two to four seconds. This symptom may cause the digital signal processor (DSP) to reset and be unavailable for about two seconds. The unavailability of the DSP may in turn affect the call success rate (CSR) in stress conditions that have very low intercall intervals.
Conditions This symptom is observed on a Cisco 3600 series that is running Cisco IOS Release 12.2(8)T.
Workaround There is no workaround.
•
Symptoms An Cisco IAD2420 may not send a response to the notification request (RQNT) message sent by a call agent.
Conditions This symptom is observed on a Cisco IAD2420. At the end of a call, the call agent will send a delete connection (DLCX) message and a RQNT message one after another without waiting for the Cisco IAD2420 to respond to the first DLCX message. Sometimes the Cisco IAD2420 sends a "250" message in response to the DLCX message and then sends a "200" message for the RQNT message. In some cases, the Cisco IAD2420, though it receives the DLCX message and RQNT message, responds to the DLCX message with a "250" message, but never sends out a "200" response for the RQNT message. Instead, the Cisco IAD2420 will start sending a NTFY message (O:rlc). In this way both the call agent and the Cisco IAD2420 go into a deadlock mode, each one expecting the other to send an acknowledgement.
If the call agent sends a DLCX message and waits for a "250" message before sending the RQNT message (S:rel, R:rlc), this problem could be avoided.
Workaround There is no workaround.
•
Symptoms With continuous traffic and calls being cleared regularly, outgoing calls may fail.
Conditions This symptom is observed on a Cisco AS5400.
Workaround There is no workaround.
•
Symptoms A back-to-back ISDN connection never comes up. Both the ISDN client and network sides report the following trace back message:
Address Count Traceback
Guest
