Guest

Cisco IOS Software Releases 12.2 T

Cross-Platform Release Notes for Cisco IOS Release 12.2 T, Part 7: Caveats for 12.2(2)T through 12.2(11)T11

 Feedback

Table Of Contents

Resolved Caveats—Cisco IOS Release 12.2(11)T11

Resolved Caveats—Cisco IOS Release 12.2(11)T10

Basic System Services

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.2(11)T9

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.2(11)T8

Basic System Services

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.2(11)T6

Resolved Caveats—Cisco IOS Release 12.2(11)T5

Resolved Caveats—Cisco IOS Release 12.2(11)T4

Resolved Caveats—Cisco IOS Release 12.2(11)T3

Resolved Caveats—Cisco IOS Release 12.2(11)T2

Resolved Caveats—Cisco IOS Release 12.2(11)T1

Resolved Caveats—Cisco IOS Release 12.2(11)T

Access Server

Basic System Services

Interfaces and Bridging

IP Routing Protocols

Miscellaneous

TCP/IP Host-Mode Services

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.2(8)T10

Resolved Caveats—Cisco IOS Release 12.2(8)T8

Resolved Caveats—Cisco IOS Release 12.2(8)T7

Miscellaneous

Resolved Caveats—Cisco IOS Release 12.2(8)T5

Resolved Caveats—Cisco IOS Release 12.2(8)T4

Resolved Caveats—Cisco IOS Release 12.2(8)T3

Resolved Caveats—Cisco IOS Release 12.2(8)T2

Resolved Caveats—Cisco IOS Release 12.2(8)T1

Resolved Caveats—Cisco IOS Release 12.2(8)T

Basic System Services

Interfaces and Bridging

IP Routing Protocols

Miscellaneous

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.2(4)T7

Resolved Caveats—Cisco IOS Release 12.2(4)T6

Resolved Caveats—Cisco IOS Release 12.2(4)T5

Resolved Caveats—Cisco IOS Release 12.2(4)T3

Resolved Caveats—Cisco IOS Release 12.2(4)T1

Resolved Caveats—Cisco IOS Release 12.2(4)T

Basic System Services

IBM Connectivity

Interfaces and Bridging

IP Routing Protocols

Miscellaneous

TCP/IP Host-Mode Services

Wide-Area Networking

Resolved Caveats—Cisco IOS Release 12.2(2)T4

Resolved Caveats—Cisco IOS Release 12.2(2)T3

Resolved Caveats—Cisco IOS Release 12.2(2)T2

Resolved Caveats—Cisco IOS Release 12.2(2)T1

Resolved Caveats—Cisco IOS Release 12.2(2)T

Basic System Services

Miscellaneous

Wide-Area Networking

Obtaining Documentation

Cisco.com

Product Documentation DVD

Ordering Documentation

Documentation Feedback

Cisco Product Security Overview

Reporting Security Problems in Cisco Products

Product Alerts and Field Notices

Obtaining Technical Assistance

Cisco Technical Support & Documentation Website

Submitting a Service Request

Definitions of Service Request Severity

Obtaining Additional Publications and Information


Resolved Caveats—Cisco IOS Release 12.2(11)T11

Cisco IOS Release 12.2(11)T11 is a rebuild of Cisco IOS Release 12.2(11)T. The caveats listed in this section are resolved in Cisco IOS Release 12.2(11)T11 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms: A description of what is observed when the caveat occurs.

Conditions: The conditions under which the caveat has been known to occur.

Workaround: Solutions, if available, to counteract the caveat.

CSCdz84583

A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.

All Cisco products which contain TCP stack are susceptible to this vulnerability.

This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.

A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.

CSCed27956

A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.

All Cisco products which contain TCP stack are susceptible to this vulnerability.

This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.

A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.

CSCed35253

Symptoms: A router may reload unexpectedly after it attempts to access a low memory address.

Conditions: This symptom is observed after ACLs have been updated dynamically or after the router has responded dynamically to an IDS signature.

Workaround: Disable IP Inspect and IDS.

CSCed38527

A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.

All Cisco products which contain TCP stack are susceptible to this vulnerability.

This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.

A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.

CSCed93836

A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.

All Cisco products which contain TCP stack are susceptible to this vulnerability.

This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.

A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.

Resolved Caveats—Cisco IOS Release 12.2(11)T10

Cisco IOS Release 12.2(11)T10 is a rebuild of Cisco IOS Release 12.2(11)T. The caveats listed in this section are resolved in Cisco IOS Release 12.2(11)T10 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms: A description of what is observed when the caveat occurs.

Conditions: The conditions under which the caveat has been known to occur.

Workaround: Solutions, if available, to counteract the caveat.

Basic System Services

CSCdx27891

Symptoms: A router may indicate a watchdog timeout instead of a parity error.

Conditions: This symptom is observed on routers that have a different memory map compared to the Cisco 7200 router. In the case reported for a Cisco 12000 series Internet router, KuSeg addresses start at 0x50000000 instead of 0x60000000, which is where they start for a Cisco 7200 router.

Workaround: There is no workaround.

CSCdy29329

Symptoms: The cache error recover function (CERF) is disabled after a Cisco 7200 series router is reloaded. This symptom is observed after CERF is enabled, written into the startup configuration, and the router is reloaded.

The output of the show memory cache error-recovery EXEC command may indicate that the commands are disabled after the router is reloaded:

no memory cache error-recovery L3 data

no memory cache error-recovery options nvram-report

no memory cache error-recovery options parity-check

memory cache error-recovery options window 0

memory cache error-recovery options max-recoveries 0

Conditions: This symptom is observed on a Cisco 7200 series router that is using a Network Processing Engine (NPE-300) that has 32 MB of memory in the dual in-line memory module (DIMM2).

Workaround: Install 64 MB of memory in the DIMM2.

CSCin10634

Symptoms: A Cisco 7500 series router may reload because of a software condition after an online insertion and removal (OIR) of a Versatile Interface Processor (VIP) that is configured with an ATM OC-3c/STM-1 port adapter (PA-A3- OC3) and after the following error message has been generated:

%SYS-6-STACKLOW: Stack for process OIR Handler running low, 12/3000

Conditions: This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.2(7) and occurs with a VIP2-50, VIP4, and VIP6. The symptom is related to the PA-A3-OC3 and occurs only during an OIR.

Workaround: Do not perform an OIR on any VIP that is configured with a PA-A3- OC3.

Miscellaneous

CSCdu24618

Symptoms: The "speed 57600" configuration entry may be added to the line configuration on a router.

Conditions: This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.2(5e).

Workaround: Remove the configuration entry from the line configuration.

CSCdy20272

Symptoms: H.323 disconnect cause codes are incorrect. Debug output displays codes of "211" instead of "11."

Conditions: This symptom is observed if the location in the cause information element (CAUSE_IE) is anything other than "USER."

Workaround: There is no workaround.

CSCdy45587

Symptoms: A Cisco AS5400 may reload unexpectedly and a high rate of Processor Memory Parity Errors (PMPE) may occur.

Conditions: This symptom is observed on a Cisco AS5400 that runs any Cisco IOS release.

Workaround: There is no workaround.

CSCea07154

Symptoms: Two routers that are connected via serial interfaces may reload unexpectedly. The following message may be displayed when the show version EXEC command is entered:

System was restarted by bus error at PC 0x6103B948, address 0xFFFFFFFC

Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(15)T.

Workaround: There is no workaround.

CSCeb47086

Symptoms: When the integrated Signaling Link Terminal (SLT) functionality is running on a Cisco AS5350 or Cisco AS5400, the Signaling System 7 (SS7) links will not come into service. Using an SS7 analyzer indicates that Link Status Signal Units (LSSUs) are not being transmitted from the Cisco AS5350 or Cisco AS5400 to the SS7 network.

Conditions: This symptom is observed when the Cisco AS5350 or Cisco AS5400 is configured with a 2-, 4-, or 8-port PRI board that contains the D4 version of an MPC860 processor. You can verify the version of the MPC860 processor by entering the show chassis slot detail EXEC command. The symptom occurs when the board hardware version is version 4.0 or a later version.

Workaround: Install a PRI board with a board hardware version earlier than 4.0.

CSCeb47188

Symptoms: A Cisco IAD2420 series may not collect digits properly. One number 2 may become two number 4s in the dialed digits that are detected by a voice telephony service provider (VTSP).

Conditions: This symptom is observed on a Cisco IAD2420 series that is interconnected via a digital interface to a BTS10200 softswitch that runs software release 3.5.1v01. When the Cisco IAD2420 series is rebooted and sends Restart in Progress (RSIP) messages to the call agent (CA), the trunks are automatically brought back into service. The symptom occurs when a PBX goes off-hook, then on-hook (without dialing digits), then off-hook again on the same channel, and then begins dialing.

Workaround: There is no workaround.

CSCeb66174

Symptoms: The Media Gateway Control Protocol (MGCP) is too slow in acknowledging the delete connection (DLCX) parameter on a Cisco AS5400. The output of the show mgcp stat EXEC command indicates that the CreateConn rx counter is increasing.

Conditions: This symptom is observed when a DLCX is received on a Cisco AS5400 under a heavy call volume with calls on different slots but on the same port number and DS0 number.

Workaround: There is no workaround. The symptom will clear when the call volume decreases.

CSCeb75485

Symptoms: No audio may be heard on a Voice over IP (VoIP) call from the public switched telephone network (PSTN) to an H.323 application of a third-party vendor.

Conditions: This symptom is observed on a Cisco AS5350 that runs Cisco IOS Release 12.2(11)T9. The symptom may also occur in other releases.

The symptom occurs because no Real-Time Transport Protocol (RTP) stream is created on the Cisco AS5350 when the RTP sequence number is altered by the H.323 application of the third-party vendor during a previous call. Once the RTP sequence number has been altered, all subsequent calls fail.

Workaround: To enable the Cisco AS5350 to process a single call properly, reboot the Cisco AS5350. However, once the RTP sequence number has been altered, all subsequent calls fail.

CSCeb78434

Symptoms: A Media Gateway Control Protocol (MGCP) gateway may send Restart In Progress (RSIP) messages with a very low delay to a call agent (CA), and with a low delay between the RSIP messages. The delay may be much less than one second, which is the minimum value that is permitted by the MGCP standard. The resulting flood of RSIP messages may cause the CA to overload, and may prevent the overloaded CA from recovering.

Conditions: These symptoms are observed on a Cisco AS5400 that has not received a timely acknowledgement (ACK) response to a delete connection (DLCX) message that the Cisco AS5400 sent to the call agent (CA); an overloaded CA may send highly delayed responses.

Workaround: There is no workaround.

CSCec06547

Symptoms: When a Cisco router boots up, the following messages appear and the router is unusable:

Process= "MIPC Periodic Timer", ipl= 0, pid= 32

%PIF-3-READ_IMEM_ERROR: NULL response for READ_IMEM MIPC msg to, XPIF2 Process= "FDM Forwarding Stats Process", ipl= 0, pid= 35

%PIF-3-READ_PHY_ERROR: NULL response for PIF_PHY_REG_SEND_CMD MIPC msg to, XPIF2

Conditions: This symptom is observed on a Cisco AS5850 gateway that has a Route Switch Controller (RSC) card with revision 8.9 or later, and that is running Cisco IOS Release 12.2(11)T4, Release 12.2(11)T9, Release 12.3(1), Release 12.3(1a), or Release 12.3(3a).

Workaround: Load a working Cisco AS5850 image of Cisco IOS software (images other than those listed in the Conditions section) and then reload the gateway with the newer image of the software without turning off power and turning on power to the router.

CSCec22682

Symptoms: An IP route may not be properly downloaded, preventing the IP route from being installed on a network access server (NAS).

Conditions: This symptom is observed on a NAS that is configured for RADIUS authorization when the user profile contains IP routes that include interface information, as shown in the following example of a Framed Route:

x.x.x.x/32 Dialer1 200 name dialout2

Workaround: Use IP routes that include a gateway address, as shown in the following example of a Framed Route:

1.1.1.0/24 1.1.1.254 200

CSCec28631

Symptoms: A Cisco AS5400 may reload unexpectedly while running Media Gateway Control Protocol (MGCP) in normal mode of operation.

Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.2(11)T8 and occurs because of incorrect memory management.

Workaround: There is no workaround.

CSCin50301

Symptoms: A router may pause indefinitely or reload unexpectedly when modem relay calls are made.

Conditions: This symptom is observed on a Cisco 3600 series that is running Cisco IOS Release 12.2(11)T9 or Release 12.3(13)T9.

Workaround: There is no workaround.

Wide-Area Networking

CSCea67085

Symptoms: An asynchronous dialer interface may not come up as expected.

Conditions: This symptom is observed when a service policy is attached to an asynchronous dialer interface.

Workaround: Use a dialer rotary configuration instead of a dialer profile configuration for the service policy on the dialer interface.

Resolved Caveats—Cisco IOS Release 12.2(11)T9

Cisco IOS Release 12.2(11)T9 is a rebuild of Cisco IOS Release 12.2(11)T. The caveats listed in this section are resolved in Cisco IOS Release 12.2(11)T9 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms: A description of what is observed when the caveat occurs.

Conditions: The conditions under which the caveat has been known to occur.

Workaround: Solutions, if available, to counteract the caveat.

Miscellaneous

CSCdu53656

A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.

Cisco has made free software available to address this problem. For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.

CSCdx76632

Symptoms: A Cisco AS5300 that is functioning as a voice gateway may reload because of an incoming bus error exception.

Conditions: This symptom is observed on a Cisco AS5300 that is running Cisco IOS Release 12.2(6d).

Workaround: There is no workaround.

CSCdx77253

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCdz71127

Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.

Cisco has made software available, free of charge, to correct the problem.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml

CSCdz89241

Symptoms: A Real-Time Transport Control Protocol (RTCP) packet may cause an input queue wedge on a Cisco voice gateway.

Conditions: This symptom is observed on a Cisco router that functions as a voice gateway and that is configured as an originating, terminating, or IP to IP (IPIP) gateway.

Workaround: There is no workaround.

CSCea02355

Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.

Cisco has made software available, free of charge, to correct the problem.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml

CSCea10446

Symptoms: Memory corruption may cause a router to reload.

Conditions: This symptom is observed on a Cisco 3600 series that is handling Voice over IP (VoIP) T.38 fax calls under load conditions.

Workaround: There is no workaround.

CSCea19885

Symptoms: A Cisco router that has a voice feature such as H.323 enabled may reload because of a bus error at address 0xD0D0D0B.

Conditions: This symptom is observed on a Cisco 3700 series but may also occur on other routers.

Workaround: There is no workaround.

CSCea21429

Symptoms: A Cisco IAD2420 series that is processing calls may reload.

Conditions: This symptom is observed on a Cisco IAD2420 series when the voice local-bypass global configuration command is configured.

Workaround: There is no workaround.

CSCea21665

Symptoms: Entries in the tag forwarding table may disappear from a provider edge (PE) router.

Conditions: This symptom may be observed on a Cisco 7200 series or Cisco 7513 router that is running Cisco IOS Release 12.2(11)T2 or Release 12.2(15)T3 in a Multiprotocol Label Switching (MPLS) over ATM environment with the multi- virtual circuit (Multi-VC) feature turned on. The label protocol is Label Distribution Protocol (LDP.)

Workaround: Use the clear ip route prefix EXEC command. This command must be entered on each PE that has this symptom. The prefix to be used in the command is the loopback address of the remote PE.

CSCea23140

Symptoms: A digital signal processor (DSP) may time out on a Cisco IAD2420 series because of a Host Port Interface (HPI) error.

Conditions: This symptom is observed on a Cisco IAD2420 series that is running Cisco IOS Release 12.2(11)T4 every time a call is placed or received.

Workaround: Use the command-line interface (CLI) to issue the following command to the DSPs that have a timeout symptom:

[no] voice dsp waitstate ws dsp_id

where ws is in the range of 1 to 3 with 1 being the default and dsp_id is a 1-based DSP number. The recommended ws value to set in this particular case is 2. Do not set the ws value higher than 2. The issuance of the CLI command will not take effect until the next DSP reset occurs either through an automatic mechanism or through test commands.

CSCea28131

A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.

Cisco has made free software available to address this problem. For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.

CSCea32240

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCea27536

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCea33065

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCea35306

Symptoms: Two Cisco routers that are running Cisco fax relay over a Voice over IP (VoIP) connection may reload after approximately 8 hours of operation.

Conditions: This symptom is observed in a test using a Cisco 3640 router and a Cisco 3660 router, although the symptom may be platform independent.

Workaround: There is no workaround.

CSCea36231

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCea41038

Symptoms: On a Media Gateway Control Protocol (MGCP) gateway, when a T1 controller or the serial interface that is bound to an ISDN User Adaptation (IUA) Application Server (AS) is disabled (via a shutdown command or because of an error condition), the call agent may not be aware that the T1 controller is disabled and may still attempt to set up calls on the T1 link.

When the T1 controller or the serial interface is disabled, the MGCP gateway sends a release indication message for the corresponding D channel to the call agent. However, the "Reason" field is lacking from this message, preventing the call agent from recognizing the message as a release indication message and from marking the interface as disabled.

Conditions: This symptom is observed on a Cisco platform that is functioning as an MGCP gateway, that is configured for IUA backhaul, and that is running Cisco IOS Release 12.2(11)T or Release 12.2(13)T.

Workaround: There is no workaround.

CSCea46342

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCea50163

Symptoms: A Cisco gateway stops responding to delete connection (DLCX) messages from the call agent when T.38 fax calls are sent.

Conditions: This symptom is observed on a Cisco AS5850.

Workaround: There is no workaround. Most call agents should allow the timeout value to be configured. This timeout value may need to be as high as 5.5 seconds. If the call agent is also configured to retransmit unacknowledged messages, such as DLCX, the total time before the message times out needs to be at least 5.5 seconds. For example, three retries with two seconds between each retry would be sufficient.

CSCea51030

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCea51076

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCea54851

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCea62642

Symptoms: A call may be rejected on the plain old telephone service (POTS) leg with cause code "0x2F" that indicates that there is no resource for the call.

Conditions: This symptom is observed on a Cisco AS5300 that is functioning as a terminating gateway when the call reaches the "progress/alerting" stage and the Cisco AS5300 has no available time-division multiplexing (TDM) resource to connect the call to the digital signal processor (DSP), which can be verified in the output of the show tdm pool privileged EXEC command:

Dynamic Backplane Timeslot Pool:

Req

------------------------

Grp ST Ttl/Free Cur/Ttl/Fail Deallocated

0 0-3 120 0 120 27726 3745 0

1 4-7 0 0 0 0 0 0

The output of the show isdn active user EXEC command displays how many active calls there are. There should be one TDM resource in use for every active call. If the total number of TDM resources minus the total number of active calls does not indicate the correct number of available TDM resources, a TDM resource leak has occurred.

Workaround: Reload the Cisco AS5300.

CSCea63595

Symptoms: The Session Definition Protocol (SDP)/Media Gateway Control Protocol (MGCP) parser may not function properly while parsing local parameters "red" and "siren."

Conditions: This symptom is observed on a Cisco AS5300 that is running Cisco IOS Release 12.2(11)T or Release 12.2(13)T when an MGCP create connection (CRCX) message is sent with a local parameter setting "red" and "siren."

Workaround: There is no workaround. Note that the symptom does not occur in Release 12.2(15)T.

CSCea66476

Symptoms: A Cisco IAD2420 series may not generate a crashinfo file and store in it the Flash disk.

Conditions: This symptom is observed when the Cisco IAD2420 series reloads unexpectedly.

Workaround: There is no workaround.

CSCea69519

Symptoms: A memory leak in the "MGCP Application" process may occur on a Cisco router.

Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(11)T6 and that is configured for Media Gateway Control Protocol (MGCP) when the call agent signals the Visual Message Waiting Indicator (VMWI).

Workaround: If possible, configure the call agent not to use VMWI.

CSCea82542

Symptoms: After a "%VTSP-3-DSP_TIMEOUT" error message is generated, the affected digital signal processor (DSP) may not automatically recover.

Conditions: This symptom is observed on a Cisco  IAD2420 series, but may not be platform specific.

Workaround: There is no workaround. To recover the affected DSP, reload the router.

CSCea88948

Symptoms: Calls from a Cisco S5850 may be rejected by a Cisco Resource Policy Management System (RPMS) with following error message:

Msg:Error: Inconsistent session detected. No Active Call with Call-Id:

Conditions: This symptom is observed when a Cisco AS5850 is configured for preauthentication and Virtual Private Dialup Network (VPDN) forwarding.

Debugging the failed call on the Cisco AS5850 indicates that no unique ID was used when the "access accept" for the preauthentication request was received.

Workaround: There is no workaround.

CSCea90782

Symptoms: On a Cisco AS5300, restart in progress (RSIP) messages may be sent only to the first address in a host list. When this first address does not respond, the Cisco AS5300 reattempts to access this first address but does not move on to subsequent addresses. This situation prevents the call agent from being aware of conditions that are present on the Cisco AS5300, such as an E1 failure.

Conditions: This symptom is observed only when the Cisco AS5300 is running Cisco IOS Release 12.2(11)T8, is functioning as a gateway, and is configured for multiple call agent addresses.

Workaround: Ensure that a call agent is active at the first address in the list.

CSCeb03824

Symptoms: A Cisco IAD2420 series may reload when it is processing calls.

Conditions: This symptom is observed when an analog port receives two incoming calls simultaneously.

Workaround: There is no workaround.

CSCeb10465

Symptoms: A Cisco gateway does not send open logical channel (OLC) messages to the Cisco H.323 Signaling Interface (HSI) for tunneled H.245 calls.

Conditions: This symptom is observed in a test situation on a Cisco 3640 that is running Cisco IOS Release 12.2(11)T8 and that has H.245 enabled.

Workaround: There is no workaround.

CSCeb21064

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

Session Initiation Protocol (SIP)

Media Gateway Control Protocol (MGCP)

Signaling protocols H.323, H.254

Real-time Transport Protocol (RTP)

Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

CSCeb23822

Symptoms: Under a heavy call load, a Foreign Exchange Station (FXS) port fails to return to the DORMANT state.

Conditions: This symptom is observed on a Cisco IAD2420 series, Cisco 2600 series, and a Cisco 3600 series when a call setup fails. The FXS port is left in an UP state after the call is cleared.

Workaround: Use the shutdown interface configuration command followed by the no shutdown interface configuration command to restore the function of the FXS port.

Wide-Area Networking

CSCdz88409

Symptoms: A Cisco AS5800 may reload.

Conditions: This symptom is observed during a period of inconsistent RADIUS service that causes sessions to flap.

Workaround: There is no workaround.

CSCea64624

Symptoms: An analog call to a digital service 0 (DS0) line may fail.

Conditions: This symptom is observed when an analog call is placed to a digital service 0 (DS0) line that has just serviced a digital call. The analog call may fail because of unavailable resources.

Workaround: There is no workaround.

Resolved Caveats—Cisco IOS Release 12.2(11)T8

Cisco IOS Release 12.2(11)T8 is a rebuild of Cisco IOS Release 12.2(11)T. The caveats listed in this section are resolved in Cisco IOS Release 12.2(11)T8 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms: A description of what is observed when the caveat occurs.

Conditions: The conditions under which the caveat has been known to occur.

Workaround: Solutions, if available, to counteract the caveat.

Basic System Services

CSCdz01366

Symptoms: A multihop router may reload because of a port flap.

Conditions: This symptom is observed when there are 940 PPP over ATM (PPPoA) sessions with 50 ingress and 10 egress tunnels configured on a Cisco router running Cisco IOS that is employed as a multihop router.

Workaround: There is no workaround.

CSCdz45885

Symptoms: An authentication, authorization, and accounting (AAA) packet of disconnect (POD) server may not disconnect a client request that has an 8-byte session ID.

Conditions: This symptom may occur on a Cisco AS5400 or a Cisco AS58500 that is functioning as a triple A POD server.

Workaround: There is no workaround.

Miscellaneous

CSCdy36274

Symptoms: A hung time slot may be observed on a Cisco voice gateway.

Conditions: This symptom is observed when a call is made after it has just been disconnected in quick succession on the same time slot on a Cisco voice gateway that is running E1 R2 signaling.

Workaround: There is no workaround.

CSCdz61543

Symptoms: Calls that come in on 1AESS trunks may be rejected by the Cisco AS5000 series access servers.

Conditions: This symptom is observed when incoming calls on 1AESS trunk lines fail to connect. Trunks that come from other switch types are not affected by this symptom.

Workaround: There is no workaround.

CSCdz71034

Symptoms: When "cpmISDNCfgBChannelsInUse" is polled from a network access server (NAS), the total number of active analog and digital calls is returned. The value that is returned does not agree with the results from the show caller summary output. It is observed that "cpmISDNCfgBChannelsInUse" returns a value that is one less than the actual value.

For example: If the total number of calls equals 115 (as verified on the NAS from the show caller summary output), polling "cpmISDNCfgBChannelsInUse" returns a value of 114. Similarly, when the total number of calls equals 23, polling "cpmISDNCfgBChannelsInUse" returns a value of 22.

Conditions: This symptom may be observed on a Cisco AS5400 that is running Cisco IOS Release 12.2(11)T2 and may occur when a large number of both analog and digital calls are received.

Workaround: There is no workaround.

CSCdz73721

Symptoms: A Cisco AS5350 that is configured as a voice gateway may reload because of a bus error.

Conditions: This symptom is observed recurringly (weekly) on a Cisco AS5350 that is running Cisco IOS Release 12.2(11)T and Session Initiation Protocol (SIP), and that may have the timer receive-rtcp gateway configuration command enabled.

Workaround: There is no workaround.

CSCdz77263

Symptoms: The H.323 conference ID format on a Cisco 3700 series router and a Cisco 2600XM series router is not compatible with the conference id format from prior releases of Cisco IOS software.

Conference ID format prior to Cisco IOS Release 12.2(11)T: 712E35B1 A3000037 0 2D37E8

Conference ID format for Cisco IOS Release 12.2(11)T: 712E35B1 A3000037 00000000 002D37E8

Conditions: This symptom is observed only for the Cisco 3700 series routers and the Cisco 2600XM series routers that are running Cisco IOS Release 12.2(11)T, Release 12.2(11)T2, and Release 12.2(11)T3.

Workaround: There is no workaround.

CSCea01305

Symptoms: On a Cisco AS5850 gateway, the transmit and receive packet count may be calculated incorrectly. The punted voice packets may be counted twice: once on the feature board and once on the route shelf controller. In addition, packets that are dropped at the feature board because of an incorrect mode may also be counted.

Conditions: This symptom may be observed only on a Cisco AS5850 gateway and affects all voice calls.

Workaround: There is no workaround.

CSCea02424

Symptoms: A Cisco AS5400 Session Initiation Protocol (SIP) gateway may stop replying to reINVITE requests from the proxy to maintain a call. This behavior may cause the call to be disconnected when the keepalive timer expires.

Conditions: This symptom is observed on a Cisco AS5400 SIP gateway.

Workaround: Ensure that the SIP proxy is configured with a session timer value that is greater than or equal to the minimum session timer value. If this is not possible, configure the session timer to the highest possible value by entering the min-se time SIP configuration command.

CSCea07478

Symptoms: Call setups with Continuity Test (COT) may fail. When a COT test fails, the CIC is marked as blocked and because COT continues to fail, the CIC is never recovered.

Conditions: This symptom is observed on a Cisco AS5300 gateway and on a Cisco AS5800 that is running the following images of Cisco IOS Release 12.2(11)T3 through Release 12.2(13)T:

c5300-is-mz

c5300-js-mz

c5300-i8ks-mz

c5300-j8ks-mz

dsc-c5800-mz

c5800-p4-mz

c5800-k8p4-mz

Workaround: There is no workaround except to turn off COT.

CSCea08721

Symptoms: When a Cisco integrated access device (IAD) receives a far-end release and when a call agent sends a request notify (RQNT) message for a release complete (RLC) message, the Cisco IAD does not return an acknowledgement for an RLC message and acknowledges only the receipt of the RQNT message. This symptom causes the broadband telephony system (BTS) call agent to perform an automatic recovery on the Cisco IAD.

Conditions: This symptom is observed on a Cisco IAD2420 that is running Cisco IOS Release 12.2(11)T4.

Workaround: To clear the hung connection on the Cisco IAD, enter the mgcp dlcx global configuration command.

CSCea11946

Symptoms: A Cisco IAD2420 series may reload when it is under stress from voice calls.

Conditions: This symptom is observed when the voice local-bypass global configuration command is configured to bypass the digital signal processor (DSP) for hairpin calls and when there are mixed analog-to-digital voice calls.

Workaround: Deconfigure the voice local-bypass global configuration command.

CSCea12136

Symptoms: Some dial-in users that connect to a Cisco AS5850 may be unable to reach external destinations. The packets are sent, but the return packets that enter the Gigabit Ethernet egress interfaces are silently dropped. These drops are not reported by the show cef drop EXEC command, nor do any of the interface drop counters increase. The incoming packet counter on the Gigabit Ethernet, and the outgoing packet counter on the vaccess increase as packets arrive, but the packets do not arrive at the user. All Cisco Express Forwarding (CEF), Forwarding Information Base (FIB), and adjacency entries appear normal. This symptom is observed only for some active sessions. Other sessions function normally. Multilink sessions (even with a single channel only) have not been reported as failing.

Conditions: This symptom is observed only on a Cisco AS5850 that is running Cisco IOS Release 12.2(2)XB10. The symptom is not observed on a Cisco AS5800 that is running the same Cisco IOS software release.

Workaround: There is no workaround at this time. The user must disconnect and reconnect to restore connectivity.

CSCea14648

Symptoms: A universal gateway may reload.

Conditions: This symptom is observed under rare circumstances on a Cisco AS5400 that is used as a terminating gateway.

Workaround: There is no workaround.

CSCea33785

Symptoms: When a gateway starts up, Media Gateway Control Protocol (MGCP) restart in progress (RSIP) messages may not be sent for all available E1 interfaces, causing the call agent to be unaware of full circuit availability on the gateway and calls to be dropped. For example, of 15 available E1 interfaces, only one RSIP message is sent (generally but necessarily for the first E1 interface). After 20 minutes, another individual E1 RSIP message is sent followed by a wildcard RSIP message for the entire gateway. Every 10 minutes thereafter, two RSIP messages for individual E1s are sent. Up to 80 minutes may be required before stability is reached, causing calls to be dropped each time a delayed RSIP message is sent after the wildcard RSIP message has been sent.

Conditions: This symptom is observed on a Cisco AS5400 that is functioning as a gateway and that is running Cisco IOS Release 12.2(11)T5.

Workaround: There is no workaround.

CSCea35239

Symptoms: Endpoints on a gateway may no longer be available after the gateway has reloaded.

Conditions: This symptom is observed when restart in progress (RSIP) messages are lost when a Cisco AS5850 uses a secondary Media Gateway Control Protocol (MGCP) link after it has reloaded. This secondary link is the one with a lower priority when redundant MGCP links are configured on the gateway and a Cisco PGW 2200 PSTN gateway.

Workaround: Disable the secondary link by unplugging the IP connectivity on the gateway.

Wide-Area Networking

CSCdz31092

Symptoms: RADIUS attributes may be missing from an access request packet that is sent from a network access server (NAS) to a RADIUS server, causing an authentication failure from the RADIUS server.

Conditions: This symptom is observed intermittently in Cisco IOS Release 12.2 XB but may also occur in other releases such as Release 12.2 T.

Workaround: Remove the following preauthentication attributes:

preauth:auth-required=1

preauth:auth-type=chap

preauth:auth-type=pap

CSCin14471

Symptoms: The PPP over ATM (PPPoA) peer starts one session to the Layer 2 Tunneling Protocol (L2TP) network server (LNS). When the LNS ends the session or clears the tunnel, the PPPoA peer is notified and the PPPoA session is restarted, but the L2TP access concentrator (LAC) does not send the Stop or Start record.

Conditions: This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.2(4)B4.

Workaround: Restart the session from the PPPoA peer by entering the shutdown interface configuration command followed by the no shutdown interface configuration command on the ATM interface.

Resolved Caveats—Cisco IOS Release 12.2(11)T6

Cisco IOS Release 12.2(11)T6 is a rebuild of Cisco IOS Release 12.2(11)T. The caveats listed in this section are resolved in Cisco IOS Release 12.2(11)T6 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

CSCdx43636

Symptoms: Incorrect Low Latency Queueing (LLQ) and Weighted Random Early Detection (WRED) statistics may be observed on a router when the show policy-map interface interface-name EXEC command is entered.

Conditions: This symptom is observed on a Cisco router while there are hundreds of virtual circuits (VCs) on the router.

Workaround: There is no workaround.

Resolved Caveats—Cisco IOS Release 12.2(11)T5

Cisco IOS Release 12.2(11)T5 is a rebuild of Cisco IOS Release 12.2(11)T. The caveats listed in this section are resolved in Cisco IOS Release 12.2(11)T5 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

CSCdu63564

Symptoms: On a router that has static Address Resolution Protocol (ARP) entries configured, the router may fail to use the static ARP entries immediately.

Conditions: This symptom is observed on a Cisco router if CEF is enabled manually or if the router is reloaded with Cisco Express Forwarding (CEF) enabled.

Workaround: Disable CEF on the router by entering the no ip cef global configuration command.

CSCdy04411

Symptoms: Under rare circumstances, a Channelized T3 (CT3) card may reboot because of a bus error and then recover. The router itself does not reboot or reload; just the card by itself.

Conditions: This symptom is observed when the CT3 card is installed on a Cisco AS5850 that is running Cisco IOS Release 12.2(2)XB6 but may also occur on other releases such as Release 12.2 T.

Workaround: There is no workaround.

CSCdy09292

Symptoms: Physical inverse multiplexing over ATM (IMA) ports are not indexed in the IF-MIB.

Conditions: This symptom is observed on a Cisco router that has IMA interfaces. This symptom has been fixed in Cisco IOS Release 12.2(3)T but may appear in Cisco IOS Release 12.2(8)T and Release 12.2(11)T.

The following example of the IF-MIB shows ATM1/IMA0 (index 43), but the interface is not indexed:

ifDescr.40 = ATM1/7-aal5 layer

ifDescr.41 = ATM1/7.0-aal5 layer

ifDescr.42 = Null0

ifDescr.43 = ATM1/ima0 <----

ifDescr.44 = ATM1/ima0-atm layer

ifDescr.45 = ATM1/ima0.0-atm subif

ifDescr.46 = ATM1/ima0-aal5 layer

ifDescr.47 = ATM1/ima0.0-aal5 layer

ifDescr.48 = ATM1/ima0.40-atm subif

ifDescr.49 = ATM1/ima0.40-aal5 layer

Workaround: There is no workaround.

CSCdy12404

Symptoms: A Cisco router may reload because of a bus error when you download per-user access control lists (ACLs) from a RADIUS server and configure these ACLs for each connection.

Conditions: This symptom is observed on but may not be limited to a Cisco AS5850.

Workaround: Configure static ACLs for each connection.

CSCdy13000

Symptoms: Channels may be stuck in the pending state in a Trunk Group Resource Manager (TGRM).

Conditions: This symptom is observed when the TGRM is used for data calls.

Workaround: There is no workaround.

CSCdy56897

Symptoms: Digital calls and stacks beyond 70 do not get registered to a Call Distributor Application Programming Interface (CDAPI), causing the calls to pause indefinitely.

Conditions: This symptom is observed when there are more than 66 T1 ports configured on a Cisco AS5850.

Workaround: Deconfigure some unused controllers.

CSCdz20801

Symptoms: A Cisco AS5850 may reload because of a memory corruption.

Conditions: This symptom is observed on a Cisco AS5850 that is functioning as a voice gateway and that is running Cisco IOS Release 12.2(11)T2.

Workaround: There is no workaround.

CSCdz21534

Symptoms: When a T1 line in channelized T3 interface on a dial feature card (DFC) goes into a loopback, the remote equipment may receive Path Code Violations (PCVs) or Loss of Signal (LoS), or both.

Conditions: This symptom is observed when a channelized DFC is installed in a Cisco AS5400.

Workaround: Cable a hard loop to the T3 channelized interface.

CSCdz25748

Symptom: The following error message may be displayed on the console of a Cisco AS5850:

%RS_TDM-3-TDM_BADARG: conn types different, trunk=1 modem=0

The error message is followed by a traceback.

Conditions: This symptom is observed when voice calls and calls that are switched via time-division multiplexing (TDM) are being made in a Media Gateway Control Protocol (MGCP) environment.

Workaround: There is no workaround.

CSCdz27525

Symptoms: A Cisco Catalyst 4000 access gateway module (AGM) may reload when it detects an overtemperature condition.

Conditions: This symptom is observed on a Cisco Catalyst 4000 AGM that is running Cisco IOS Release 12.2(11)T1 or Release 12.2(11)T2.

Workaround: There is no workaround.

CSCdz38099

Symptoms: An incorrect Resource Availability Indicator (RAI) update may occur when a Cisco AS5400 boots up.

Conditions: This symptom is observed on a Cisco AS5400 that is configured with RAI and that has all its B channels in the maintenance state. After the Cisco AS5400 has reloaded, the RAI sends the status of the gateway as "available with full resources" but should send the status as "out of resources" because all the B channels are in the maintenance state.

Workaround: There is no workaround.

CSCdz38268

Symptoms: A Cisco AS5350 may reload because of a bus error that may be related to Session Initiation Protocol (SIP).

Conditions: This symptom is observed on Cisco AS5350 that is running Cisco IOS Release 12.2(11)T and that is configured for Voice over IP (VoIP), fax, and SIP User Agent (SIP-UA).

The symptom may also occur on a Cisco AS5300 or a Cisco AS5400 that is running Cisco IOS Release 12.2(2)XB.

Workaround: There is no workaround.

CSCdz38650

Symptoms: The following symptoms may occur on a Cisco AS5850:

DS0 links may become stuck in a transient state and cannot be cleared by the call agent.

A Create Connection (CRCX) message may receive a "502" error response.

A Delete Connection (DLCX) message may be acknowledged with a "250" response, but the cleanup of resources is not performed because the endpoint is in a transient state.

Conditions: These symptoms are observed under high traffic conditions on a Cisco AS5850 that is running Cisco IOS Release 12.2(11)T.

Workaround: There is no workaround.

CSCdz40253

Symptoms: The CPU utilization on a Cisco AS5300 voice gateway may be too high during the handling of voice traffic.

Conditions: This symptom is observed on a Cisco AS5300 voice gateway that is running Cisco IOS Release 12.2(11)T2. The CPU utilization in Release 12.2(11)T2 is about 15 percent higher than the CPU utilization in Release 12.2(12a) under the same traffic conditions.

Workaround: There is no workaround.

CSCdz40483

Symptoms: A Cisco router may reload because of a watchdog timeout condition.

Conditions: This symptom is observed on a Cisco router that is functioning as a voice endpoint with active calls.

Workaround: There is no workaround.

CSCdz40565

Symptoms: A gateway does not provide a ringback tone to a voice call that originates from a remote switch that it is connected to via a T1 connection.

Conditions: This symptom is observed on a Cisco AS5350, Cisco AS5400, or Cisco AS5350.

Workaround: There is no workaround.

CSCdz40921

Symptoms: A Cisco 2600 series may reload with a signal trap (Sigtrap) exception that is caused by a memory leak in the "CCSIP-SPI-CONTROL" process.

Conditions: This symptom is observed on a Cisco 2600 series that is running Cisco IOS Release 12.2(11)T when a subscribe request for unsupported services or nonexistent events occurs.

Workaround: Ensure that no invalid subscribe request is being sent.

CSCdz41003

Symptoms: Error messages may be generated during the bootup of a Cisco AS5850, and Gigabit Ethernet interfaces may not come up.

Conditions: This symptom is observed when there are active calls on a Cisco AS5850 and you reload the Cisco AS5850 with a new image of Cisco IOS Release 12.2(11)T.

Workaround: Reload the Cisco AS5850.

CSCdz47646

Symptoms: The "callactive" and "callhistory" records may display erroneous information.

Conditions: This symptom is observed if the display information element (IE) is greater than 15 characters in size.

Workaround: There is no workaround.

CSCdz61047

Symptoms: A Cisco gateway may return a 200 message (indicating Delete in Progress) to a delete connection (DLCX) message, causing the connection to remain up indefinitely.

Conditions: This symptom is observed on a Cisco AS5850.

Workaround: There is no workaround.

CSCdz61369

Symptoms: A Cisco AS5300 may report an incorrect ISDN service status after it has reloaded.

Conditions: This symptom is observed on a Cisco AS5300 that is running Cisco IOS Release 12.2(11)T and that is configured with Signaling System 7 (SS7) (using the rlm group global configuration command) and Non-Facility Associated Signaling (NFAS).

When all B channels are set to maintenance state, the output of the show isdn service privileged EXEC command displays correct information. After you reload the Cisco AS5300 with same configuration, all B channels are still displayed in the maintenance state except the 24th B channel in the NFAS group, as is displayed in the following command output:

Router# show isdn service

PRI Channel Statistics:

ISDN Se0:23 SC, Channel [1-24]

Configured Isdn Interface (dsl) 0

Channel State (0=Idle 1=Proposed 2=Busy 3=Reserved 4=Restart 5=Maint_Pend)

Channel : 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4

State : 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

Service State (0=Inservice 1=Maint 2=Outofservice)

Channel : 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4

State : 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0

Channel blocked? (0=No 1=Yes)

Channel : 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0


Note For E1 configurations, after you reload the Cisco AS5300 with same configuration, all B channels are still displayed in the maintenance state except the 16th B channel in the NFAS group.


Workaround: Add the isdn service nfas-int 0 b_channel 24 state 1 interface configuration command under the serial interface to place the 24th B channel in the maintenance state, and verify the output of the show isdn service privileged EXEC command.

CSCdz61492

Symptoms: Modem and fax passthrough calls may fail to train up.

Conditions: This symptom is observed when voice activity detection (VAD) is enabled. VAD is not turned off for fax and modem calls after the calls are determined to be fax modem calls.

Workaround: Disable VAD if the gateway is intended to be used for fax and modem calls.

CSCdz61827

Symptoms: Packet statistics may not be updated for some voice calls.

Conditions: This symptom is observed on a Cisco AS5850.

Workaround: There is no workaround.

CSCdz68860

Symptoms: A Cisco 2600 series may incorrectly send a disconnect cause code "0x1B" to a RADIUS server for a normal call.

Conditions: This symptom is observed when you make a call from a Cisco 2600 series using a third-party vendor gateway.

Workaround: There is no workaround.

CSCdz69604

Symptoms: Calls may be dropped after 10 seconds because a Cisco AS5400 does not answer.

Conditions: This symptom is observed when a Cisco AS5400 does not send answer signal A6 for incoming calls. Outgoing calls work fine. The symptom may also occur on other platforms.

Workaround: There is no workaround.

CSCdz71663

Symptoms: The output of the test dsprm hidden command and the output of the show snmp EXEC command display active digital signal processor (DSP) recovery alarms.

Conditions: This symptom is observed on a Cisco AS5300 that is functioning as a voice gateway.

Workaround: There is no workaround.

CSCdz72200

Symptoms: When digital signal processor (DSP) resource management (DSPRM) attempts to recover a DSP channel without first checking whether its peer channel is still loading, a double loading condition may occur.

Conditions: This symptom is observed on a Cisco AS5300 that is configured for Voice over IP (VoIP).

Workaround: There is no workaround.

CSCdz72678

Symptoms: Media Gateway Control Protocol (MGCP) network access server (NAS) package calls may cause the following RADIUS accounting attributes to contain zero values:

Acct-Input-Octets

Acct-Output-Octets

Acct-Input-Packets

Acct-Output-Packets

Data-Rate

Ascend-Xmit-Rate

Presession-Packets-Input

Presession-Packets-Output

Presession-Octets-In

Presession-Octets-Out

Conditions: This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.2(2)XB8 or Release 12.2 T.

Workaround: There is no workaround.

CSCdz79160

Symptoms: An incorrect cause code may be used for normal call clearing.

Conditions: This symptom is observed when a Cisco gateway receives a disengage reject (DRJ) or timeout message as a response to a disengage request (DRQ) that was sent to a gatekeeper. The gateway attempts to map the DRJ reason into the H.225 termination cause code. However, this termination cause code is incorrect and should not be used.

Workaround: There is no workaround.

CSCdz84694

Symptoms: When you dial an access code to access a Foreign Exchange Office (FXO) port, the call may be dropped immediately after the FXO port is seized.

Conditions: This symptom is observed on a Cisco IAD2421 that is running Cisco IOS Release 12.2(11)T.

Workaround: There is no workaround.

CSCdz86545

Symptoms: Configuring a dialer interface (or any other logical interface) may cause a router to reload.

Conditions: This symptom is observed when the cns config notify diff global configuration command is configured and you use Cisco Networking Services (CNS) to configure a dialer interface (or any other logical interface).

The symptom also occurs when the cns config initial global configuration command or the cns config partial global configuration command is configured.

Workaround: There is no workaround.

CSCea01498

Symptoms: A gateway that negotiates a G.729 codec with 20 bytes in the call setup may send 40 bytes instead.

Conditions: This symptom is observed on a Cisco AS5300 that is functioning as a gateway.

Workaround: There is no workaround.

CSCin14386

Symptoms: Voice over Frame Relay (VoFR) calls may fail because of path confirmation failures.

Conditions: This symptom is observed on a Cisco 7200 series.

Workaround: There is no workaround.

CSCin29800

This caveat consists of four symptoms, four conditions, and four workarounds:

Symptoms A: The local connection descriptor information that is returned by a Media Gateway Control Protocol (MGCP) gateway in response to an Audit Connection (AUCX) request may contain the "audio" media type instead of the expected "image" media type.

Conditions A: This symptom is observed in all images of Cisco IOS Release 12.2(11)T, Release 12.2(13)T, and later releases that support MGCP when a T.38 fax call that is in progress is audited.

Workaround A: There is no workaround.

Symptoms B: The local connection descriptor information that is returned by a Media Gateway Control Protocol (MGCP) gateway in response to an Audit Connection (AUCX) request may contain the "image" media type instead of the expected "audio" media type.

Conditions B: This symptom is observed on a Cisco IOS release later than Release12.2(13)T when a voice call that contains both a voice leg and a Voice over IP (VoIP) leg is audited.

Workaround B: There is no workaround.

Symptoms C: A fax relay switchover that is driven by a call agent may fail to switch the media stream to the T.38 codec, even though MGCP signaling indicates that the switchover occurs.

Conditions C: This symptom is observed on a Cisco IOS release later than Release 12.2(13)T when an active call is audited before a corresponding feature (such as a T.38 fax feature that is driven by a call agent) is invoked.

Workaround C: There is no workaround.

Symptoms D: Class of Service (CoS) features such as Three-Way Calling may fail to establish the third leg of the call.

Conditions D: This symptom is observed on a Cisco IOS release later than Release 12.2(13)T when an active call is audited before a corresponding feature (such as three-way calling) is invoked.

Workaround D: There is no workaround.

Resolved Caveats—Cisco IOS Release 12.2(11)T4

Cisco IOS Release 12.2(11)T4 is a rebuild of Cisco IOS Release 12.2(11)T. The caveats listed in this section are resolved in Cisco IOS Release 12.2(11)T4 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

CSCdz35986

Symptoms   When you bring Media Gateway Control Protocol (MGCP) endpoints out of a hold situation while you simultaneously change their codec, the codec change may not take effect.

Conditions   This symptom is observed when a Cisco IAD2420 series is interoperating with a call agent of a third-party vendor.

Workaround   There is no workaround.

CSCdz35986

Symptoms   No ringback tone is heard when a hairpin call is made from a Foreign Exchange Station (FXS) port to the T1 port of a Cisco IAD2421 integrated access device.

Conditions   This symptom is observed on a Cisco IAD2421 that is running Cisco IOS Release 12.2(11)T.

Workaround   Configure the no voice local-bypass global configuration command to prevent hairpin calls from being made.

Resolved Caveats—Cisco IOS Release 12.2(11)T3

Cisco IOS Release 12.2(11)T3 is a rebuild of Cisco IOS Release 12.2(11)T. The caveats listed in this section are resolved in Cisco IOS Release 12.2(11)T3 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

CSCdy00341

Symptoms   After an integrated access device (IAD) initiates a NTFY message indicating a new call, the call agent sends a notification request (RQNT) with all the dial-plan information to the IAD, but the IAD never sends the notify (NTFY) message with the collected digits to the call agent.

The Voice Port Module (VPM) debug output shows that the IAD starts collecting the digits to be sent to the call agent, but never actually sends the notify (NTFY) message with the collected digits to the call agent. Eventually, after 20 to 30 seconds, an announcement is played to the client on the phone.

Conditions   This symptom is observed on a Cisco IAD2420 series router.

Workaround   Move the subscriber termination to out of service (OOS) and then back to in service (INS).

CSCdy04472

Symptoms   Polling for numbered ATM subinterfaces and unnumbered Frame Relay interfaces does not return any data. When the ifInNUcastPkts, ifOutNUcastPkts, and ifOutQLen variables are among the first of multiple objects that are bundled together in an snmpget command, some or all of these variables return the message "no such variable."

Conditions   This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0(19)S2.

Workaround   Retrieve the variables individually or via an snmpwalk command.

CSCdy31385

Symptoms   This symptom is observed in a setup in which three phones (phones A, B, and C) are connected to a gateway that has a Media Gateway Control Protocol (MGCP) call agent. When phone C calls phone A while there is an ongoing call between phone A and phone B, a conference warning departure tone is heard on phone A instead of a call waiting tone.

Conditions   This symptom is observed in a setup in which three phones are connected to a gateway that has an MGCP call agent.

Workaround   There is no workaround.

CSCdy32161

Symptoms   A PRI subscriber cannot hear a ringback tone (RBT) when a call to a call waiting (CW) subscriber is terminated. When the CW line is active with a call and when the PRI terminates to it, the CW line hears a CW tone, but the PRI subscriber does not hear an RBT. The PRI subscriber will hear a RBT tone from all other lines and from the call waiting line if call waiting is not invoked.

Conditions   This symptom is observed when calls are made from a PRI to an analog integrated access device (IAD) analog CW line while the CW line is active. This symptom affects all PRI subscribers and is observed in Cisco IOS Release 12.2(11)T2 and earlier releases.

Workaround   There is no workaround.

CSCdy38691

Symptoms   A provider edge (PE) headend router that is running Multiprotocol Label Switching (MPLS) and that is connected via a Label Distribution Protocol (LDP) link to a neighboring provider (P) router may reload when one or more interfaces on the P router are unconfigured using the following sequence of commands (all commands are entered):

a. no mpls ip global configuration command

b. no mpls ip interface configuration command

c. shutdown interface configuration command

Conditions   This symptom is observed on LDP neighbors that are connected via label controlled ATM (LC-ATM) interfaces. The symptom may not occur when Tag Distribution Protocol (TDP) is the label signaling protocol.

Workaround   Shut down the LC-ATM interface of the PE headend router before you enter the three above-mentioned configuration commands on the P router.

Alternative Workaround   Do not use all three above-mentioned configuration commands to unconfigure the interface on the P router. Instead, use only the two interface configuration commands, that is, the no mpls ip and shutdown interface configuration commands.

CSCdy59613

Symptoms   A Cisco router may reload with a software-forced reload error when triggering a dial call.

Conditions   This symptom occurs on Cisco platforms that are running Cisco IOS Release 12.2(13)T and that support ISDN using the dialer configuration.

Workaround   There is no workaround.

CSCdy72426

Symptoms   A gateway may occasionally time out when it is sending side keepalive messages.

Conditions   This symptom is observed when a Cisco MC3810 is configured as a connection trunk for Voice over IP (VoIP) over ATM Adaptation Layer 5 (AAL5). This symptom occurs because the Cisco MC3810 generates the keepalive packet without the "initialize rtp ssrc" field. The keepalive packet is then dropped because it failed to pass the Real-Time Protocol (RTP) range checking.

Workaround   Enter the signal sequence oos no-action voice-class configuration command to configure the router to ignore the occasional drops of keepalive packets. The trunk will disconnect if the loss of keepalive event lasts longer than the default value of 120 seconds that is in the signal timing oos timeout seconds voice-class configuration command. This workaround prevents the trunk from being blocked, and new calls can be accepted even when the trunk detects dropped keepalives.

CSCdy82946

Symptoms   A ringback tone may be played regardless of the true state of the called party.

Conditions   This symptom is observed when a loopback-directory number (loopback-dn) is used to place outgoing calls on a Cisco IP telephony gateway that is configured with a loopback-dn between the Voice over IP (VoIP) cloud and the IP phones.

The ringback tone is played for a short duration before the true progress tone is heard. This symptom occurs when a call terminates to open a voice path in the backward direction to play progress tones or messages that can be heard by the caller before the call is disconnected (because the called party is either busy or unavailable). The Cisco gateway in this setup is running Cisco IOS Release 12.2(11)T.

Workaround   There is no workaround.

CSCdy84833

Symptoms   ISUP-to-ISUP calls may fail because the terminating gateway creates an extended facility information element (IE) that is out of order.

Conditions   This symptom is observed when a Cisco router that is running Cisco IOS Release 12.2(11)T1 or Release 12.2(11)T2 is configured for a Cisco SS7 Interconnect for Voice Gateways Solution that depends on ISDN User Part (ISUP) transparency.

Workaround   There is no workaround.

CSCdy85971

Symptoms   When a call goes through a Cisco 2600 series that works as a gateway to be called, the "200 okay reply message to reinvite" has an incorrect Session Definition Protocol (SDP) value.

Conditions   This symptom is observed on a Cisco 2600 series that is running Cisco IOS Release 12.2(11)T. This symptom occurs when a mid-call invite message is received to revert from a negotiated dtmf-reply payload type to the inband voice payload type.

Workaround   There is no workaround.

CSCdy87529

Symptoms   The Simple Network Management Protocol (SNMP) counters of a Cisco AS5800 may begin to deviate and may no longer reflect the actual number of calls when random analog and digital calls are received.

Conditions   This symptom is observed on a Cisco AS5800 and occurs only when both analog and digital calls are received at the same time.

Workaround   There is no workaround.

CSCdy88768

Symptoms   Digital signal processor (DSP) problems may occur during stress. A minilogger output shows that the fax mode message was sent to the DSP before the fax codec overlay request was sent.

Conditions   This symptom is observed in a Media Gateway Control Protocol (MGCP) Voice over IP (VoIP) network.

Workaround   There is no workaround.

CSCdz04856

Symptoms   A Cisco UPC324 dial feature card on a Cisco AS5800 may stop accepting analog calls after running for about two hours. The following message may be displayed in the log when the failure occurs:

DSIP-6-NIP_SEND_BUF: DSIP send data failed, slot 6 nip client id 4 DSIP-6-NIP_SEND_BUF: DSIP send data failed, slot 6 nip client id 4 DSIPPF-5-DS_HELLO: DSIP Hello from shelf 1 slot 6 Succeeded

The failed board will no longer be accessible by entering the dsip console command, and more than 3 GBs of memory are displayed in the following output of the show dial-shelf EXEC command:

Slot Board CPU DRAM I/O Memory State Elapsed

Type Util Total (free) Total (free) Time

0 CE1 3%/2% 14047744( 48%) 12582912(59%) Up 06:48:47

1 CE1 3%/2% 14047744( 48%) 12582912(59%) Up 06:48:49

6 UP324 3474718759( 0%) 4179101916(0%) Up 06:48:48

7 UP324 0%/0% 60185088( 82%) 67108864(79%) Up 06:48:47

12 DSC 0%/0% 13588640( 53%) 12582912(73%) Up 06:51:21

Conditions   This symptom is observed on a Cisco AS5800 that is running Cisco IOS Release 12.2(2)XB7. This symptom is observed only when a dial shelf controller (DSC) is installed in slot 12. Cisco universal port cards (UPCs) that are controlled by a DSC in slot 13 are not affected. The symptom may also occur in Release 12.2 T.

Workaround   Reload the affected card by entering the hw-module slot shelf-id/slot-number reload privileged EXEC command.

CSCdz05645

Symptoms   No dial tone is heard on the Foreign Exchange Station (FXS) ports, and no calls can connect from T1 ports. Dead air exists on the handset.

Conditions   This symptom is observed on a Cisco IAD2420 series smart integrated access device that is running Cisco IOS Release 12.2(11)T1.

Workaround   Enter the no voice local-bypass global configuration command on the Cisco IAD2420 series.

CSCdz07741

Symptoms   ATM permanent virtual circuit (PVC) may remain inactive after a reload occurs. The shutdown interface configuration command followed by the no shutdown interface configuration command has to be entered to bring the interface back up again.

Conditions   This symptom is observed on a Cisco 2650XM router that is running Cisco IOS Release 12.2(11)T.

Workaround   There is no workaround.

CSCdz09449

Symptoms   A bus error may occur on a Cisco AS5400, and the following message may be displayed in the output of the show log EXEC command:

%NP-3-NAKRSP: NAK Response Received - command 0x1501, result code 0x8005, msg id 0x15FF, session id 0x85, msg tag 0x0, slot/port 1/25 %NP_EST-6-CTRL_NAK_RSP: (NP address 1/0/0/255), Msg ID=0x15 01, Result=UNKNOWN_COMMAND_ID, Data format=Binary, Data len=8, Data=80 02 00 85 00 00 15 01

Conditions   This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.2(11)T.

Workaround   There is no workaround.

CSCdz09639

Symptoms   A router shelf may reload because of a bus error when an illegal access to a low address occurs.

Conditions   This symptom occurs on a Cisco 7200 series router shelf that is configured with a PA-MC-8E1/120 port adapter and that is part of a Cisco AS5800 that is running Cisco IOS Release 12.2(11)T after you configure the show running-config privileged EXEC command or the write memory privileged EXEC command

Workaround   The Cisco AS5800 does not reload if you do not use the E1 port adapter on the router shelf.

CSCdz10497

Symptoms   The loopback-directory number (loopback-dn) is used to place outgoing calls across Voice over IP (VoIP). The ringback tone may play regardless of the true state of the called party (busy for example). The ringback is played for a moment before the true progress tone is heard.

Conditions   This symptom occurs when a Cisco IOS Telephony Service (ITS) gateway is configured with loopback-dn between the VoIP cloud and the IP phones. This event is triggered when the loopback-dn falsely predicts itself as the final target and is still in the idle state.

Workaround   There is no workaround.

CSCdz15039

Symptoms   The Continuity Test (COT) single-tone loopback in a Signaling System 7 (SS7) network may fail because echo cancellation is not being turned off. The digital signal processor (DSP) is not able to detect the same tone that it is sending if echo cancellation is enabled.

Conditions   This symptom is observed on a Cisco 3660 router that is running Cisco IOS Release 12.2(11)T2.

Workaround   Turn off echo cancellation on the voice port.

Alternate Workaround   Change the COT from single-tone loopback to dual-tone test.

CSCdz15598

Symptoms   Multiple codecs specified in Voice over IP (VoIP) dial peers, including g723r63 or g726r32, cause several dial peers to rotate with the same destination. The wrong 20-byte payload size is sent to the digital signal processor (DSP) which may cause the DSP to reload intermittently because g723r63 is expecting no less than a 24-byte payload, and g726r32 is expecting no less than a 40-byte payload.

Conditions   This symptom is observed in a Cisco H.323 VoIP network and Media Gateway Control Protocol (MGCP) VoIP network.

Workaround   There is no workaround.

CSCdz17963

Symptoms   A Cisco 2600 series or Cisco 3600 series router that is configured with a Multiflex Trunk (MFT) voice/WAN interface card (VWIC) that is installed in a Fast Ethernet (FE) combo network module (NM) may lose connectivity on port 0 of the MFT VWIC in slot 1 of the FE combo NM. This symptom does not occur on slot 0 of the FE combo NM.

Conditions   This symptom is observed on a Cisco 2600 series or Cisco 3600 series router that is running Cisco IOS Release 12.2(12.4)T or a later release.

Workaround   There is no workaround.

CSCdz20398

Symptoms   Cisco IAD2420 series analog voice ports may overheat. As a result, the Cisco IAD2420 series will try to alleviate the situation by reducing the driving currents. However, there is also a reset operation that might interfere with how the Cisco IAD2420 series current-limit function works. The result may cause the Cisco IAD2420 series to have physical damage (burned parts).

Conditions   Under an unknown situation, the Cisco IAD2420 series analog voice ports may overheat, possibly because of poor venting at the installation site.

Workaround   Improve the vent condition. To avoid blocking the vent hole, do not remove the rubber feet on the chassis.

CSCdz21273

Symptoms   The call-waiting tone may not be played when a call comes into a port where another call is already in progress.

Conditions   This symptom is observed when a Cisco IAD2420 series voice port is configured with the cptone hk command (hk stands for Hong Kong).

Workaround   There is no workaround.

CSCdz28475

Symptoms   The ds0-group channel timeslots range type signal controller configuration command cannot be configured with 15 channels on an E1 controller interface. This limitation allows only 30 channels to be configured on an E1 controller interface.

Conditions   This symptom is observed on the E1 controller interface of a Cisco router that is running Cisco IOS Release 12.2(13)T.

Workaround   There is no workaround.

CSCdz32900

Symptoms   If a T1 or E1 interface is brought back into service either by entering the no shutdown interface configuration command or by flapping the T1 or E1 interface while a default profile is configured, Media Gateway Control Protocol (MGCP) restart in progress (RSIP) messages may use the default retransmit parameters even though MGCP should be using parameters that are defined in the corresponding MGCP profile configuration. As a result of this behavior, the RSIP messages may not reach the correct call agent and the circuit identification code (CIC) on the call agent may enter the BLK= gateway state.

Conditions   This symptom is observed on a Cisco gateway router that is running Cisco IOS Release 12.2(11)T2. This behavior does not occur when an RSIP message is sent to the T1 or E1 interface while the interface is shut down. The gateway uses the correct parameters in the corresponding MGCP profile in such a scenario.

Workaround   Configure the gateway router so that the IP link is active on the first IP address or reconfigure the static host list so that the current active IP link is the first IP address that is on the list.

CSCdz35353

Symptoms   An originating Foreign Exchange Station (FXS) phone hears a ringback tone instead of a busy tone.

Conditions   This symptom is observed when a call comes in from an FXS phone on Gateway 1 or Gateway 2. The call comes in to Gateway 2 through a pair of loopback-directory numbers (loopback-dns) and is forwarded on Call Forward No Answer (CFNA)/call forward busy (CFB) to a public switched telephone network (PSTN)/PRI gateway. The PSTN gateway phone is busy; hence a disconnect tone is sent to the originating side in the form of PI value 8. Gateway 2 receives in-band alerting. The loopback-directory number (loopback-dn) pair converts in-band alerting to out-of-band alerting.

Workaround   There is no workaround.

CSCdz38667

Symptoms   If Create Connection (CRCX) is sent with a string of digits including the symbol "*", the Cisco IOS gateway responds with the 510 protocol error as the acknowledgement (ACK), and the call is not set up.

Conditions   This symptom is observed on Cisco 2600 series router when Media Gateway Control Protocol (MGCP) is configured with a Cisco IOS gateway using T1 channel-associated signaling (CAS) and Cisco CallManager.

Workaround   Use the H.323 protocol instead of MGCP.

CSCdz60229

Cisco devices which run IOS and contain support for the Secure Shell (SSH) server are vulnerable to a Denial of Service (DoS) if the SSH server is enabled on the device. A malformed SSH packet directed at the affected device can cause a reload of the device. No authentication is necessary for the packet to be received by the affected device. The SSH server in Cisco IOS is disabled by default.

Cisco will be making free software available to correct the problem as soon as possible.

The malformed packets can be generated using the SSHredder test suite from Rapid7, Inc. Workarounds are available. The Cisco PSIRT is not aware of any malicious exploitation of this vulnerability.

This advisory is available at

http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml

CSCin11611

Symptoms   Internetwork Packet Exchange (IPX) Enhanced Interior Gateway Routing Protocol (EIGRP) neighbors will not form adjacencies if incremental Service Advertising Protocol (SAP) updates are enabled. IPX EIGRP neighbors will not remain established and IPX routing will not work for interfaces that are affected by this symptom.

The following message is displayed if the eigrp log-neighbor-change router configuration command is configured:

%DUAL-5-NBRCHANGE: IPX-EIGRP 1: Neighbor ABC.0001.4266.3381 (Serial0/0)is down: Auth failure

Incremental SAP updates are enabled by default on all non-IEEE interfaces (WAN interfaces). Incremental SAP updates are also disabled on all IEEE interfaces (LAN interfaces). Therefore, LAN interfaces are not affected by this symptom unless the interfaces have been configured to perform incremental SAP updates by entering the ipx sap-incremental interface configuration command.

Conditions   This symptom is observed on a Cisco 4224 that is running Cisco IOS Release 12.2(8.05)T.

Workaround   Configure the no ipx sap-incremental interface configuration command on the interfaces that have incremental SAP updates enabled by default or configuration to prevent the symptom from occurring.

CSCin15414

Symptoms   A router may reload unexpectedly because of a bus error.

Conditions   This symptom is observed when IP Security (IPSec) is configured on a Cisco router. The Cisco router rekeys after both the IPSec and Internet Key Exchange (IKE) security associations (SAs) expire while the peer is operating in the Dead Peer Detection (DPD) mode.

Workaround   The router is less likely to reload if Internet Security Association and Key Management Protocol (ISAKMP) is not configured.

Resolved Caveats—Cisco IOS Release 12.2(11)T2

Cisco IOS Release 12.2(11)T2 is a rebuild of Cisco IOS Release 12.2(11)T. The caveats listed in this section are resolved in Cisco IOS Release 12.2(11)T2 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

CSCdw04802

Symptoms   The virtual-access counters and the RADIUS accounting data exceed the real value.

Conditions   This symptom is observed on a Cisco 7200 PA-A3 port adapter and a Cisco 6400 NRP2-SV when a Layer 2 Tunneling Protocol (L2TP) network server (LNS) uses an ATM permanent virtual connection (PVC) as an ingress interface for L2TP tunnels.

Workaround   Configure an Ethernet port as the ingress interface.

CSCdw45103

Symptoms   A router reloads unexpectedly with I/O memory corruption errors when using RADIUS accounting for Voice over IP (VoIP).

Conditions   This symptom is observed on a router that is running Cisco IOS Release 12.2(11)T or Release 12.2(11)T1.

Workaround   Configure an accounting template that limits the number attributes so that RADIUS accounting packet sizes do not exceed 1500 bytes.

CSCdw85004

Symptoms   The Response Time Reporter (RTR) uses random User Datagram Protocol (UDP) ports to respond to Service Assurance Agent (SAA) probes.

Conditions   This symptom is observed on a Cisco router.

Workaround   There is no workaround.

CSCdx26331

Symptoms   The call-history information that is generated by the Session Initiation Protocol (SIP) call leg does not have a valid duration (nonzero) even though the plain old telephone service (POTS) call history for the same call has a nonzero duration.

Conditions   This symptom is observed when the acknowledge (ACK) message fails to reach the terminating gateway (TGW).

Workaround   There is no workaround.

CSCdx34875

Symptoms   A Cisco IOS MGCP gateway returns a "510 Network type not supported" error message when the Call Agent sends a Request Notify (RQNT) command prior to sending a Create Connection (CRCX) command that specifies "nt:local" to setup a hairpin connection. Any RQNT command will cause this symptom, but it occurs only when the CRCX has "nt:local" to setup a hairpin connection.

Conditions   This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2T or Release 12.2XB4.

Workaround   There is no workaround.

CSCdx35300

Symptoms   A Gigabit Ethernet input queue may become wedged.

Conditions   This symptom is observed on a Cisco 7400 router.

Workaround   There is no workaround.

CSCdx40473

Symptoms   A telephony leg call detail record (CDR) may not have the original called number.

Conditions   This symptom is observed when the H.323 call leg receives a new number following signaling with a gatekeeper (GK). The telephony call leg CDR gets updated with the translated number.

Workaround   There is no workaround.

CSCdx49447

Symptoms   A Cisco IOS terminating gateway that is not configured to use the T.38 fax relay protocol receives and accepts a T.38 fax call after detecting a fax tone when the call should not have been accepted or received.

Conditions   This symptom is observed when the remote originating gateway advertises T.38 capabilities, and the terminating gateway is configured for the default Cisco fax protocol. This symptom exists in Cisco IOS Release 12.2T, 12.2(2)XB2, 12.2(2)XA3.

Workaround   There is no workaround.

CSCdx56874

Symptoms   ISDN Layer 2 traffic processed after the T1/E1 controller is shutdown.

Conditions   This symptom has been observed on a Cisco AS5300 access server.

Workaround   There is no workaround.

CSCdx69141

Symptoms   A Cisco 7507 router that is running 12.2(11)T with an Enhanced Gigabit Ethernet Interface Processor (GEIP+) reloads when Border Gateway Protocol (BGP) is enabled and generates the following error messages:

%SYS-3-CPUHOG: Task ran for 11716 msec (83/3), process = OIR Handler, PC = 604D1A28.

-Traceback= 604D1A30

%VIP4-80 RM7000-3-MSG: slot6 VIP-3-SVIP_RELOAD: SVIP Reload is called.

%IPC_RSP_CBUS-3-NOBUF: No more IPC memd buffers to transmit IPC

%SYS-2-MALLOCFAIL: Memory allocation of 2304 bytes failed from 0x6042BDFC, alignment 0

Pool: Processor Free: 19336 Cause: Memory fragmentation

Alternate Pool: None Free: 0 Cause: No Alternate pool

Total Spurious Accesses 171, Recorded 1

Address Count Traceback

D0 171 0x6027E12C 0x602E2678 0x6012EFA0

Conditions   This symptom is observed on a Cisco 7507 router that is running Cisco IOS Release 12.2(11)T. This symptom does not affect GEIP. This symptom occurs when distributed Cisco Express Forwarding (dCEF) is enabled globally and dCEF is enabled or disabled on the Gigabit Ethernet interface.

Workaround   There is no workaround.

CSCdx94617

Symptoms   Simple Network Management Protocol (SNMP) queries for the dsx1ConfigTable and dsx1CurrentTable objects do not populate the MIB tables.

Conditions   This symptom is observed Cisco 2600 series, Cisco 3600 series, and the Cisco AS5300 when running Cisco IOS Release 12.2(11)T.

Workaround   There is no workaround.

CSCdy06366

Symptoms   A digital signal processor (DSP) of a high density analog voice network module (NM-HDA) may not upspeed.

Conditions   This symptom is observed on a Cisco 2600 series and Cisco 3600 series router with fax or modem pass-through calls over an ATM Adaptation Layer 2 (AAL2) connection trunk. The DSP should upspeed to g711 u-law/a-law but does not do so. G711a-law, g711 u-law, and g726r32 codec fax calls go through without upspeed.

Workaround   There is no workaround.

CSCdy09361

Symptoms   Gatekeepers may fail to exchange Gatekeeper Update Protocol (GUP) registration and may work as a cluster when the number of gateways and zones is high.

Conditions   This symptom is observed on a Cisco 2600 series router.

Workaround   There is no workaround.

CSCdy09417

Symptoms   The output from the show process memory EXEC command indicates that the amount of memory held by the "PPP Events" process continues to increase. This indicates a memory leak.

Conditions   This symptom is observed on a Cisco AS5850. User profiles that have a Link Control Protocol (LCP) attribute that is applied to an interface, for example, Timeout or Idle-Timeout, cause a leak of per-user request structures.

Workaround   Use virtual profiles.

CSCdy15023

Symptoms   On a router, the initial, minimum, and maximum playout values are not set to the same values in the NextPort driver.

Conditions   This symptom is observed on a Cisco AS5400. This symptom does not occur on the Cisco AS5300 because the initial value is used.

Workaround   Explicitly set the initial, minimum, and maximum delay values as close as possible to the same values in the NextPort driver. Note that there are some range check limitations such as in dial peers and voice ports for H.323 and Session Initiation Protocol (SIP), and in the mgcp playout command for Media Gateway Control Protocol (MGCP).

CSCdy17626

Symptoms   A message stating "DSP timeout on event 0x6" may be reported accompanied by a drop in the call success rate.

Conditions   This symptom is observed after running several iterations of 40 simultaneous modem and fax pass-through calls.

Workaround   There is no workaround.

CSCdy18495

Symptoms   When the gateway controller goes down or is disconnected on the network, the gateways still shows that Permanent Virtual Circuits (PVCs) are up.

Conditions   This symptom has been observed on a Cisco MC3810 multiservice access concentrator and Cisco IAD 2420 Integrated Access Devices.

Workaround   Enter the oam-pvc [manage] configuration command.

CSCdy18949

Symptoms   An ISDN BRI interface does not use the T302 timer as an interdigit timer.

Conditions   This symptom is observed only with voice calls on an ISDN BRI interface that is configured for overlap receiving on a Cisco router that is running Cisco IOS Release 12.2(6e). This symptom does not affect modem or data calls. The inbound dial peer for the voice call does not have the direct-inward-dial string dial-peer configuration command configured.

Workaround   There is no workaround.

CSCdy19073

Symptoms   Media Gateway Control Protocol (MGCP) generates parser error (510) in the Session Definition Protocol (SDP) information.

Conditions   This symptom is observed when any of the string parameters in the "origin" option (session name and user ID) of the Modify Connection (MDCX) message in the SDP is greater than 80 characters.

Workaround   There is no workaround on the Cisco IOS gateway. However, if the call agent is configurable, it can be configured to send a shorter session name and user ID (less than 80 characters).

CSCdy21198

Symptoms   A Cisco AS5800 network access server (NAS) reloads at multi_session_add_link after approximately 14 to 16 hours of stress testing.

Conditions   This symptom is observed on a NAS that is running almost 700 calls (a mixture of analog, sync PPP, and multilink calls).

Workaround   There is no workaround.

CSCdy22040

Symptoms   False virtual access interfaces are seen on a Cisco AS5800 under a heavy load.

Conditions   This symptom is observed in the output of the show users command on a Cisco AS5800 router. This symptom can be service impacting as the Cisco AS5800 will eventually run out of virtual access interfaces.

Workaround   There is no workaround.

CSCdy23918

Symptoms   A gateway reloads upon receipt of a STATUS message. The gateway could receive a STATUS message if the sender had received an H.225 message from the gateway that was not understood or that was regarded as an error.

Conditions   This symptom is observed when certain IP in IP (IPIP) gateway images send information (INFO) messages with the Signal IE to Cisco IOS 12.1(5) T time-division multiplexing (TDM) gateway images. (Refer to CSCdy23133 for more information on this particular instance of the failure.)

Workaround   There is no workaround.

CSCdy29558

Symptoms   A Simple Network Management Protocol (SNMP) query for DS0 entities from the cpmDS0UsageTable object in the CISCO-POP-MGMT-MIB fails over an Engine 1 port that is configured with Channel Associated Signalling (CAS). The DS0 entity (specifically, ds0-group) information is not populated in the MIB table.

Conditions   This symptom is observed on the Cisco AS5300, AS5350, AS5400, AS5800, and AS5850 platforms when running Cisco IOS Release 12.2(11)T.

Workaround   There is no workaround.

CSCdy31903

Symptoms   A Cisco uBR905 Cable Access Router is unable to go online after a software upgrade to Cisco IOS Release 12.2(8)T5 or later.

Conditions   This symptom is observed only on revision 3.c Cisco uBR 905 Cable Access Routers. The following text is seen after entering the show version command:

cisco uBR924 CM (MPC850) processor (revision 3.c)

Workaround   There is no workaround.

CSCdy35836

Symptoms   Calls fail and a "No more SWIDB allowed" error message is displayed.

Conditions   This symptom is observed on a Cisco AS5800 series router.

Workaround   There is no workaround.

CSCdy44100

Symptoms   A voice call fails to connect when both sides negotiate a connection using g711alaw compression.

Conditions   This symptom is observed when the Media Gateway Control Protocol (MGCP) starts a call with using g729ar8 compression through an H323 proxy gatekeeper (which prefers g711alaw compression by default). The MGCP changes to g711alaw compression before the call fails.

Workaround   There is no workaround.

CSCdy49778

Symptoms   A Continuity Test (COT) in Signaling System 7 (SS7) fails when issued from a Terminating Gateway (TGW) toward the Telco side of the network.

Conditions   This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(8)T1 or later.

Workaround   There is no workaround.

CSCdy50103

Symptoms   Attributes 42 and 43 might carry negative values when the aaa accounting exec default none command is configured on the network access server (NAS).

Conditions   This symptom occurs in approximately one accounting record out of ten.

Workaround   There is no workaround.

CSCdy51183

Symptoms   A router that is running cell-mode tag switching or Multiprotocol Label Switching (MPLS) on a label controlled ATM (LC-ATM) interface may reload when it receives a more specific prefix for a label mapping or binding than the one that is already allocated. For example, the router may reload when it receives the prefix 10.1.1.0/24 if a binding was already allocated for 10.1.1.1/32 on the basis of the routing entry 10.1.0.0/16.

Conditions   This symptom is observed on an Edge Label Switch Router (ELSR) or Label Switch Controller (LSC).

Workaround   There is no workaround for an ELSR. To prevent an LSC from reloading, disable the headend label virtual circuits (LVCs) by entering the tag-switching atm disable-headend-vcs global configuration command.

CSCdy52842

Symptoms   Failed Multilink PPP (MLP) calls may cause phantom virtual-access interface conditions.

Conditions   This situation has been observed on a Cisco AS5800 access server.

Possible workaround   Enter the ppp timeout ncp interface configuration command.

CSCdy53489

Symptoms   Configuring a gatekeeper that has Location Request (LRQ) authentication enabled with a file from a TFTP server causes a password authentication error and the "invalid permission" Location Rejection (LRJ) message to be displayed.

Conditions   This symptom is observed when the configuration file on the TFTP server contains the security password-group gatekeeper configuration command, and the password string is written to the configuration file in the clear text format.

Workaround   Configure an encrypted password on the gatekeeper, and use the encrypted password in the configuration file on the TFTP server.

CSCdy54989

Symptoms   All packets that are sent to a line card are shown as queued up when the show cef linecard command is issued.

Conditions   This symptom is observed when the Forwarding Information Base (FIB) is disabled on the line card.

Workaround   Issue the clear cef linecard slot-number command. If this does not correct the problem, perform an online insertion and removal (OIR) procedure on the affected line card.

CSCdy55068

Symptoms   Media Gateway Control Protocol (MGCP) fax passthrough does not function.

Conditions   This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.2(11)T.

Workaround   There is no workaround.

CSCdy56895

Symptoms   A dangling timer causes a digital signal processor (DSP) to crash and time out.

Conditions   This symptom is observed when a heavy load of Voice over IP (VoIP) fax or modem calls are received.

Workaround   There is no workaround.

CSCdy58504

Symptoms   A router reloads with a bus error that has no identifiable trigger.

Conditions   This symptom is observed on a Cisco 3660 router that is running Cisco IOS Release 12.2(11)T and is running ATM Service Level Monitoring.

Workaround   There is no workaround.

CSCdy59604

Symptoms   Digital Signal Processor (DSP) failures to set a codec are not handled correctly.

Conditions   This symptom has been observed on a Cisco AS5400 access server or Cisco AS5350 access server Voice over IP (VoIP) topology.

Workaround   There is no workaround.

CSdy63793

Symptoms   An input queue wedge error occurs on an ATM interface of a Cisco IAD 2421 Integrated Access Device when the no connect frf575 serial0 75 atm0 0/75 network-internetwork command is configured on a Frame Relay-to-ATM Network Interworking (FRF.5) connection. The input queue (76/75) does not recover if the connect statement is configured again or if the shutdown command is issued and followed by the no shutdown command.

Conditions   This symptom is observed when traffic is flowing into the ATM interface where the connect statement is removed.

Workaround   Issue the shutdown connect command to disconnect the FRF.5 connection.

CSCdy68974

Symptoms   I/O memory fragmentation occurs with various digital signal processor (DSP) timeout errors causing alarms to be triggered.

Conditions   This symptom is observed on a Cisco AS5300 with Dual Tone Multifrequency (DTMF) path confirmation enabled.

Workaround   There is no workaround.

CSCdy69221

Symptoms   Idle channels suppression will not function properly after an AAL2 trunk fails and recovers from PBX failure alarms.

Condition   This symptom is observed when an AAL2 trunk is set up with idle channel suppression to save bandwidth on the trunk. After a T1 alarm, the trunk enters out of service (OOS) state. When the T1 alarm is recovered, the trunk recovers. But idle channel suppression is then not seen as active, which does not save bandwidth on the trunk.

Workaround   There is no workaround.

CSCdy70240

Symptoms   Unexpected long voice delays cause severe voice quality problems.

Conditions   This symptom is observed with Voice over IP (VoIP) topologies. This symptom is caused by an incorrect default playout mode.

Workaround   There is no workaround.

CSCdy71923

Symptoms   A router reloads when sending downstream traffic.

Conditions   This symptom has been observed during stress tests with Multilink Point to Point Protocol (MLPPP) call configuration and downstream traffic.

Workaround   There is no workaround.

CSCdy72488

Symptoms   A device running Cisco IOS software reloads.

Conditions   This situation occurs when the cns config initial command is configured with the event keyword option and the initial configuration sends an event message before the event agent starts up.

Workaround   There is no workaround.

CSCdy72511

Symptoms   Configuring a bind statement multiple times under a serial interface causes the existing ISDN Q.921-User Adaptation (IUA) configurations to be removed.

Conditions   This symptom is observed on a Cisco AS5850 that is running the C5850-p9-mz.122-11.T image.

Workaround   There is no workaround.

CSCdy77499

Symptoms   A voice port does not measure the high idle voltage accurately. The voice port 1/x relays battery-reversal on command and will not send the active low with battery-reversal out if the voice port has idle voltage low configured.

Conditions   This symptom is observed on a router that is running Cisco IOS Release 12.2(11)T1.

Workaround   There is no workaround.

CSCdy78181

Symptoms   A GSM Full Rate (GSMFR) information field size is sent incorrectly as a byte size to the firmware when it should be sent as a 20 ms frame size. The digital signal processor (DSP) will use 40 ms GSMFR frames in voice sessions, which causes a 20ms voice delay in one direction.

Condition   This symptom is observed on a router that is running Cisco IOS Release 12.2.

Workaround   There is no workaround.

CSCuk36585

Symptoms   A gateway that has an ISDN PRI interface does not use T301 as an interdigit timer.

Conditions   This symptom is observed on a Cisco gateway that is running Cisco IOS Release 12.2(6g) and that has an ISDN PRI interface that is configured for overlap receiving.

Workaround   There is no workaround.

CSCuk37891

Symptoms   If a channel-group is removed from an E1 controller using the no channel-group 1 command, then the Signalling Link Terminal (SLT) can restart spontaneously resulting in the loss of connectivity from all ports on the SLT.

Conditions   This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(8)T5 or later.

Workaround 1   Copy the running-config from the SLT to an offline location, edit the running-config, copy the running-config back to the SLT as the startup-config, and then reload the SLT.

Workaround 2   Shut down the SLT and remove the E1 or T1 WAN interface card (WIC), start up the SLT and save the running-config, turn off the SLT again, and reinsert the E1 or T1 WIC. When the SLT is started again, the channel groups will have been removed from the running-config.

Resolved Caveats—Cisco IOS Release 12.2(11)T1

Cisco IOS Release 12.2(11)T1 is a rebuild release for Cisco IOS Release 12.2(11)T. The caveats in this section are resolved in Cisco IOS Release 12.2(11)T1 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

CSCdu33372

Symptoms   A Cisco AS5300 may reload.

Conditions   This symptom is observed on a Cisco AS5300 that is running Cisco IOS Release 12.1(5)XM.

Workaround   Enter the no snmp-server enable traps dial global configuration command.

CSCdw22050

Symptoms   The crashinfo file is incomplete, and memory block information is not dumped. Multiple traceback messages may be displayed in the crashinfo file.

Conditions   This symptom is observed on a Route Processor Module (RPM) card that has 512 MB of memory when the card dumps the crashinfo file.

Workaround   There is no workaround.

CSCdw59775

Symptoms   After the aaa accounting send stop-record authentication failure global configuration command is configured, a successful PPP call may generate two stop records.

Conditions   This symptom is observed on a Cisco AS5850 that is running Cisco IOS Release 12.2(2)XB if Link Control Protocol (LCP) renegotiates after the authenticating phase has started.

Workaround   There is no workaround.

CSCdw87887

Symptoms   With continuous traffic and the calls being cleared regularly, over a period of time outgoing calls may fail.

Conditions   This symptom is observed on a Cisco AS5400.

Workaround   There is no workaround.

CSCdx29088

Symptoms   If a call is terminated after the aaa accounting resource default stop-failure group radius global configuration command is enabled, authentication, authorization, and accounting (AAA) resource accounting may not generate a stop record before a user is authenticated.

Conditions   This symptom is observed on a Cisco AS5300.

Workaround   There is no workaround.

CSCdx54866

Symptoms   A virtual private dial-up network (VPDN) may ignore the configured source IP address and default to the primary IP address of the tunneling interface.

Conditions   This symptom is observed on a Cisco AS5400 when VPDN is configured locally on the Cisco AS5400.

Workaround   There is no workaround.

CSCdx59302

Symptoms   Under load or stress conditions for Voice calls with E1R2 signaling, the following negative acknowledgments (NAKs) are observed on the terminating gateway (TGW).

UTC: %NP-3-NAKRSP: NAK Response Received - command 0x1500, result code 0x8005, msg id 0x15FF, session id 0x1EB, msg tag 0x0, slot/port 4/59

UTC: %NP-3-NAKRSP: NAK Response Received - command 0x1500, result code 0x8005, msg id 0x15FF, session id 0x2C2, msg tag 0x0, slot/port 6/58

The overall effect on the call success rate (CSR) is about 1 percent or less.

Conditions   This symptom is observed on a Cisco AS5400.

Workaround   There is no workaround.

CSCdx60202

Symptoms   The output of the show isdn active EXEC command displays two entries for each Personal Handyphone System (PHS) Internet Access Forum Standard (PIAFS) call.

Conditions   This symptom is observed on a Cisco 800 series that is running Cisco IOS Release 12.2(8)T4.

Workaround   There is no workaround.

CSCdx61867

Symptoms   A router may stop reusing virtual interfaces after the virtual interfaces have been used for a few times.

Conditions   This symptom is observed on a Cisco router that is handling a high volume of short-duration calls.

Workaround   There is no workaround.

CSCdx62798

Symptoms   A router may reload because of an ISDN memory leak.

Conditions   This symptom is observed when Signaling System 7 (SS7) calls are made between an originating and a terminating gateway. The symptom is observed when the underlying physical layer is unstable. This may include instances when Layer 2 and Layer 3 bounce at regular intervals. This memory leak does not occur under normal SS7 working conditions when Layers 2 and 3 are stable.

Workaround   There is no workaround.

CSCdx69943

Symptoms   After a router is rebooted, the "VPDN group" configuration is removed.

Conditions   This symptom is observed on a Cisco AS5300 that is running Cisco IOS Release 12.2(2)XB6.

Workaround   There is no workaround.

CSCdx70479

Symptoms   After RADIUS servers are reloaded, the resource manager state is not set to idle and no calls can be received.

Conditions   This symptom is observed on a Cisco AS5400.

Workaround   Reload the RADIUS servers again.

CSCdx79318

Symptoms   A router may drop an event message if the connection to the Tag Information Gate Base (TIB) gate is down when the send attempt is executed.

Conditions   This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2 T.

Workaround   There is no workaround.

CSCdx80232

Symptoms   A Cisco AS5850 sends the same Media Gateway Control Protocol (MGCP) network access server (NAS) error code of 808 when a controller is shut down and a modem line is cleared.

Conditions   This symptom is observed on a Cisco AS5850 that is running Cisco IOS Release 12.2(11)T.

Workaround   There is no workaround.

CSCdx83124

Symptoms   The network access server (NAS) port name on the TACACS server may be reported incorrectly for a digital call that is terminated on a NextPort; ISDN may be reported as asynchronous. No other types of calls are affected, and the RADIUS server works fine.

Conditions   This symptom is observed on a Cisco AS5400.

Workaround   There is no workaround.

CSCdx83531

Symptoms   When you configure the no transport tcp SIP user-agent configuration command under the sip-ua global configuration command, save the configuration using the write EXEC command, and reload the router, the no transport tcp SIP user-agent configuration command is no longer in the configuration when the router has come back up.

Conditions   This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(2)XB5.

Workaround   Reenter the command after the router has reloaded.

CSCdx84133

Symptoms   A Media Gateway Control Protocol (MGCP) modem pass-through call may fail with a Cisco Call Manager.

Conditions   This symptom is observed on a Cisco 3700 series router when the codec complexity is high. When the codec complexity is medium, the same configuration works fine.

Workaround   There is no workaround.

CSCdx87139

Symptoms   Authentication, authorization, and accounting (AAA) stop records may report 0 in acct_output_octets and acct_input_octets, even when large amounts of data have been transferred by the session.

Conditions   This symptom is observed on a Cisco AS5850.

Workaround   Retrieve the information using the spe call-record modem, modem call-record, and calltracker call-record global configuration commands

CSCdx87575

Symptoms   An ATM interface may have an incorrect Iftype object (DS1 instead of ATM), which may cause the ATM Service Level Measurement (SLM) feature to be inoperable with third-party software.

Conditions   This symptom is observed on a Cisco 2600 series router.

Workaround   There is no workaround.

CSCdx87842

Symptoms   When an attempt is made to acquire new MIB values, Simple Network Management Protocol (SNMP) responds with a "no such name" message and the MIB variables are not displayed.

Conditions   This symptom is observed with Cisco IOS Release 12.2(2)XB5.

Workaround   There is no workaround.

CSCdx89461

Symptoms   An FTP session may pause indefinitely while compressed files such as zip files are transferred.

Conditions   This symptom is observed on a Cisco 3600 series router when a vendor-specific compression protocol is enabled.

Workaround   There is no workaround.

CSCdx89901

Symptoms   The "PPP Endpoint go" process may leak memory blocks in certain Virtual Private Network (VPN) forwarding configurations.

Conditions   This symptom is observed on a Cisco AS5300 when PPP is used.

Workaround   There is no workaround.

CSCdx90951

Symptoms   A choppy voice signal occurs just after call setup. Consequently, the person on the connected side cannot hear the top of the voice.

Conditions   This symptom is observed on a Cisco gateway that is running Cisco IOS Release 12.2 T on the calling side. The symptom does not occur in Cisco IOS 12.2 mainline releases.

Workaround   Use a Cisco IOS 12.2 mainline release.

CSCdx92501

Symptoms   Terminal Window PPP authentication may fail with the authentication, authorization, and accounting (AAA) "if-needed" method.

Conditions   This symptom is observed on a Cisco AS5400.

Workaround   There is no workaround.

CSCdx95503

Symptoms   A user may be able to connect to another customer or group via Virtual Private Network (VPN) because Extended Authentication (Xauth) itself is a global procedure.

Conditions   This symptom is observed when the service provider has one global authentication, authorization, and accounting (AAA) server where the user is doing both authorization and authentication.

The issue is that XAUTH is independent of the actual VPN client group. Authentication should only be permitted if the user belongs to the group to which he is trying to connect. To tie the user to his correct group, the username entered during Xauth should be in the form of username/group, username\group, username@group, or username%group.

The value of the group must match the group to which the user is trying to connect. In addition, the username must be stored in one of the above formats in RADIUS or in the local router configuration.

If the user enters no groupname and, for example, there is a match in RADIUS, Xauth will succeed. There should be only username/group type names in the AAA database so that the group value can be validated by both AAA and the router.

Workaround   There is no workaround.

CSCdx95791

Symptoms   Calls may have only one-way audio. There may be calls for which the digital signal processor (DSP) is not responding to Cisco IOS messages and an additional debug points to the fact that a voice path is available only in one direction.

Conditions   This symptom is observed on a Cisco AS5300.

Workaround   There is no workaround.

CSCdy00238

Symptoms   A Cisco 3725 router may report to be in an "Up/Up" status when it is connected to a third-party vendor ATM equipment, but input packets may not be displayed in the output of the show interfaces atm slot/port privileged EXEC command. Far End Block Error (FEBE) errors may also be reported in the output of the show controllers atm slot/port privileged EXEC command:

DS3/E3: G.832 FEBE errors 2434963 DS3/E3: G.832 FEBE errored secs 656

Conditions   This symptom is observed on a Cisco 3725 router.

Workaround   There is no workaround.

CSCdy00247

Symptoms   The modemcap AT command string may be in the input buffer of a line when the line comes up. As a result, this string—rather than actual user data received from the client modem—may be used for character mode authentication.

Conditions   This symptom is observed on a Cisco AS5800 that has autoconfiguration enabled on the modem lines.

Workaround   Enter the no flush-at-activation command.

CSCdy02959

Symptoms   A V.110 call fails when it is time-division multiplexing (TDM)-switched from an inbound Signaling System 7 (SS7) trunk to an outbound SS7 trunk, or from an inbound PRI trunk to an outbound PRI trunk.

Conditions   This symptom is observed on a Cisco AS5800 that is running Cisco IOS Release 12.2(11).

Workaround   There is no workaround.

CSCdy04517

Symptoms   A router may reload.

Conditions   This symptom is observed on a Cisco 2600 series router and a Cisco 3600 series router that are running a combined H.323 gatekeeper/gateway image (-jsx-) and when the H.323 interface is being disabled using the no h323 interface configuration command while traffic is running.

Workaround   Shut down the gateway first by issuing the no gateway global configuration command, or run the gatekeeper on a separate image (-ix-).

CSCdy04830

Symptoms   A router may reload before ISDN/User Adaptation (IUA) layer association when Stream Control Transmission Protocol (SCTP) backhauling is used.

Conditions   This symptom is observed on a Cisco AS5850.

Workaround   If the call agent supports it, use Reliable User Data Protocol (RUDP) backhauling. The call agent must support RUDP backhauling for this workaround to be usable.

CSCdy05296

Symptoms   The port information provided on a Cisco AS5350, Cisco AS5400, and Cisco AS5850 on modems within RADIUS attribute 5 using either NAS-port format a or b for asynchronous calls provides the true port information (as in slot/port) and not the TTY line number of the modem that previous-generation dial platforms provided. This causes difficulties for service providers that use a variety of Cisco dial platforms because the platforms are inconsistent in the information that they relay.

Conditions   This symptom is observed on a Cisco AS5350, Cisco AS5400, and Cisco AS5850.

Workaround   There is no workaround.

CSCdy05599

Symptoms   Cisco Fax Relay and modem pass-through cannot be configured at the same time in a Cisco CallManager Media Gateway Control Protocol (MGCP) environment. When MGCP modem pass-through is configured, it overwrites the Cisco Fax Relay for MGCP in the Cisco CallManager.

Conditions   This symptom is observed on a Cisco 3600 series router in a Cisco CallManager MGCP environment.

Workaround   There is no workaround.

CSCdy06253

Symptoms   Policy-based routing (PBR) does not work on a router if Cisco Express Forwarding (CEF) is enabled.

Conditions   This symptom is observed on a Cisco 1700 series that is running Cisco IOS software images that have the -sy feature set.

Workaround   Disable CEF.

CSCdy06603

Symptoms   An ATM Adaptation Layer 2 (AAL2) permanent virtual circuit (PVC) does not come up when managed by Operation, Administration, and Maintenance (OAM) cells. The number of packets received for AAL2 is also incorrect.

Conditions   This symptom is observed on a Cisco MC3810 that is running Cisco IOS Release 12.2(10.7)T4.

Workaround   There is no workaround.

CSCdy06678

Symptoms   Under heavy load conditions, Frame Relay traffic shaping may cause a router to reload with tracebacks.

Conditions   This symptom is observed on a Cisco 2600 series router.

Workaround   There is no workaround.

CSCdy06679

Symptoms   A general call success rate (CSR) degradation may occur on an access router.

Conditions   This symptom is observed on a Cisco AS5800 that is running the c5800-p4-mz image of Cisco IOS Release 12.2(10.7)T4. All CSRs observed after running an E1 PRI connection from 5 E1s to 16 E1s are in the low 90-percent range.

Workaround   There is no workaround. The earlier Cisco IOS Release 12.2(9.4)PI4 image consistently generates a 99-percent CSR.

CSCdy08083

Symptoms   When a router is set up for ATM Adaptation Layer 2 (AAL2) trunking for 24 G.726 voice calls with no voice activity detection (VAD), CPU utilization is up to 90 percent, which is 20 percent higher than for an image of Cisco IOS Release 12.2(2)XB5.

Conditions   This symptom is observed on a Cisco MC3810 that is running Cisco IOS Release 12.2(10.7)T4.

Workaround   There is no workaround.

CSCdy09165

Symptoms   An ATM Adaptation Layer 2 (AAL2) permanent virtual circuit (PVC) does not come up when managed by Operation, Administration, and Maintenance (OAM) cells. The number of packets received for AAL2 is also incorrect.

Conditions   This symptom is observed on a Cisco MC3810 that is running Cisco IOS Release 12.2(10.7)T4.

Workaround   There is no workaround.

CSCdy10021

Symptoms   The Survivable Remote Site Telephony (SRST) feature does not function on the Cisco Catalyst 4000 Access Gateway Module.

Conditions   This symptom is observed on all Cisco Catalyst 4000 Access Gateway Module images.

Workaround   There is no workaround.

CSCdy10610

Symptoms   The received uncompressed bytes counter in the output of the show compression EXEC command is not accumulated correctly. The received uncompressed bytes counter should show the number of the received compressed bytes that cannot be decompressed and the number of bytes that have been decompressed.

Conditions   This symptom is observed on a Cisco 3660 router.

Workaround   There is no workaround.

CSCdy10734

Symptoms   When a "telephone.disconnect.hangup" event is detected by a catch handler in a subdialog, the call control is not returned to the original calling dialog. Thus the event is not returned to the calling dialog.

When a call is disconnected and a catch handler defined in the subdialog, the expected behavior is that the event is caught by the catch handler. If a return is specified in the subdialog, the call control is returned from the subdialog to the calling dialog. The calling dialog is then left to determine how the event that is returned should be handled.

Conditions   This symptom is observed when the disconnect event is caught by the catch handler of a subdialog.

Workaround   There is no workaround.

CSCdy11427

Symptoms   A router may go into a rebooting loop during startup.

Conditions   This symptom is observed on an integrated access device (IAD) router that is running Cisco IOS Release 12.2(8)T during startup if the boot host tftp: global configuration command is configured and someone attempts to log on to the console using TACACS.

Workaround   There is no workaround.

CSCdy11440

Symptoms   When hardware encryption is enabled for IP phone-to-IP phone calls on two different Cisco IOS Telephony Service (ITS) gateways, there is only a one-way voice path.

The data start pointer is not adjusted after the MAC header is added to the packet in the IP phone code (ephone_send_packet). Some Ethernet drivers rely on this pointer. If the pointer is not set, these Ethernet drivers cause malformed frames to be sent out onto the Ethernet, resulting in no voice connectivity.

Conditions   This symptom is observed on a Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series router.

Workaround   Disable hardware encryption or use process switching.

CSCdy11591

Symptoms   High CPU utilization may occur when calls are made using ATM Adaptation Layer 2 (AAL2) trunking. The CPU utilization may be as high as 17 percent per call, which allows for no more than six simultaneous G.711 calls.

Conditions   This symptom is observed on a Cisco 3600 series router that is running Cisco IOS Release 12.2(10.7)T5 and that is configured with an Inverse Multiplexing Over ATM (IMA) or High Density Voice network module. The symptom is also observed on a Cisco 3745 router.

Workaround   There is no workaround.

CSCdy13821

Symptoms   When a Route Processor Module version B (RPM/B) card is switched with a Route Processor Module-PRemium (RPM-PR) card, short flaps may be observed on the provider-edge-to-provider-edge (PE-PE) connections on a network.

Conditions   This symptom is observed on the RPM-PR card when a permanent virtual circuit (PVC) is configured by entering the oam-pvc manage 1 VC-class configuration command.

Workaround   Stop Operation, Administration, and Maintenance (OAM) loopback cells from being generated by entering the oam-pvc manage 0 VC-class configuration command.

CSCdy14689

Symptoms   A router does not send RADIUS connection accounting attribute 46 for TCP clear calls or for any outbound Telnet connections.

Conditions   This symptom is observed in Cisco IOS Release 12.2(2)XB and Release 12.2(4)T and in later Cisco IOS releases. This symptom occurs only with regular PPP calls over a Telnet connection. Accounting records do contain this attribute.

Workaround   There is no workaround.

CSCdy16252

Symptoms   A router may reload when the following sequence of steps is performed on a Cisco IE2100 series configuration registrar:

The Cisco IE2100 series is configured with Secure Socket Layer (SSL).

The cns config partial global configuration command is configured with a clear text port such as port 80 instead of port 443 for SSL.

The cns config partial global configuration command is unconfigured.

Conditions   This symptom is observed on a Cisco IE2100 series.

Workaround   To prevent this symptom from occurring, configure the cns config partial global configuration command on an SSL port on which the Cisco IE2100 series is set up with SSL.

CSCdy16520

Symptoms   Extensible markup language (XML) tags that are advertised from a router have a third-party vendor prefix, which makes them specific for this third-party vendor.

Conditions   This symptom is observed on a Cisco MC3810, Cisco 2600 series, Cisco IAD2420 series, and Cisco 3660 router.

Workaround   There is no workaround.

CSCdy16847

Symptoms   The AOC-E facility information element (IE) is not passed across Voice over IP (VoIP) links if the AOC-E facility IE is received as part of an ISDN release message.

Conditions   This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(6a).

Workaround   There is no workaround.

CSCdy17203

Symptoms   Access Gateway Module (AGM) fails to boot. The following output is captured from the console:

%MGCP-3-INTERNAL_ERROR: Not able to create the profile

Unexpected exception to CPU vector 0, PC = 80FB1B90

-Traceback= 80FB1B90 80356DBC

=== Flushing messages ===

*** System received a SegV exception ***

signal= 0xb, code= 0x0, context= 0x81be49f8

PC = 0x80fb1b90, Vector = 0x0, SP = 0x824e7c80

Conditions   This symptom occurs when the following two conditions are met:

a. The AGM is configured for gateway mode (conferencing and transcoding).

b. The boot system global configuration command is entered as boot system flash filename.

Note that in condition b we are not using the colon (:) between the flash keyword and the filename argument.

Workaround   You must have console access. You need to send the control-break sequence to get the AGM in ROM monitor (ROMMON) mode. Once in ROMMON mode, set the configuration to 0x2142. Reset the module. Copy the startup configuration to the running configuration and change the configuration back to 0x2102.

CSCdy17772

Symptoms   A Voice over IP (VoIP) connection does not pass the Advice of Charge at the end of the call (AOC-E) facility information element (IE) transparently when the AOC-E facility IE is included with a progress indicator in the DISCONNECT message.

Conditions   This symptom is observed when the progress indicator IE and a facility IE are part of a DISCONNECT message.

Workaround   There is no workaround.

CSCdy18772

Symptoms   On a Cisco Voice Gateway, a number translation that is using the translation-rule rule-tag command-line interface (CLI) global configuration command may not work.

Conditions   This symptom is observed on a Cisco Voice Gateway that is using an interactive voice response (IVR) version 2.0 application such as "application session."

Workaround   There is no workaround.

CSCdy18992

Symptoms   A fax may be transmitted using pass-through even though Cisco Fax Relay has been selected.

Conditions   This symptom is observed on a Cisco 3600 series router that is running Cisco IOS Release 12.2(11)T when a modem tone is detected before a fax tone and an upspeed occurs because of the modem tone.

Workaround   There is no workaround.

CSCdy19114

Symptoms   With Cisco Fax Relay configured as the fax method of choice on the Cisco CallManager, the originating gateway (OGW) ignores the signal to switch to Cisco Fax Relay. The traces imply that Cisco Fax Relay is not supported.

Conditions   This symptom is observed on a Cisco CallManager Media Gateway Control Protocol (MGCP) gateway that has Cisco Fax Relay configured as the fax method of choice.

Workaround   There is no workaround.

CSCdy19802

Symptoms   A Multirate Symmetrical High-Speed Digital Subscriber Line (G.SHDSL) may be reset every three to four days. Although the line comes up normally after the reset occurs, line service may be interrupted.

Conditions   This symptom is observed when a Cisco 2600 router is connected to a vendor-specific digital subscriber line access multiplexer (DSLAM) that has a G.SHDSL.

Workaround   There is no workaround.

CSCdy20699

Symptoms   The keepalive and source command parameters may be switched, rendering the cns event global configuration command unreadable by the parser at the next router reload. This will cause loss of manageability of the router.

Conditions   This symptom is observed after a router has reloaded and the cns event ip-address keepalive seconds retry-count source ip-address global configuration command is generated as the cns event ip-address source ip-address keepalive seconds retry-count global configuration command in NVGEN. The cns event global configuration command works correctly until the router is reloaded.

Workaround   Reenter the cns event global configuration command each time the router reloads.

CSCdy21398

Symptoms   A router may reload and display traceback messages that are related to the mgcpapp_process_ccapi_ev process.

Conditions   These symptoms are observed on a Cisco router.

Workaround   There is no workaround.

CSCdy21791

Symptoms   A router may reload.

Conditions   This symptom is observed when you leave an EXEC Secure Shell (SSH) session by entering the exit command-line interface (CLI) command when Connection Accounting is enabled.

Workaround   Terminate the line using the clear line-number EXEC CLI command.

CSCdy23049

Symptoms   A router may reload if prompts are played while automatic speech recognition (ASR) and text-to-speech (TTS) are not configured on the command-line interface (CLI) and ASR and TTS properties are not set in the voice extensible markup language (VXML) document.

Conditions   This symptom is observed on a Cisco AS5300.

Workaround   Configure ASR and TTS using the CLI.

CSCdy23678

Symptoms   After a TCP connection is terminated, the TCP transmissions that are sent by a router are corrupted. The last 6 bytes of the IP header are duplicated in the packet and appear as the first 6 bytes of the TCP header.

Conditions   This symptom is observed on the outgoing interface of a Cisco router that is running Multilink PPP (MLP).

Workaround   Disable MLP.

CSCdy24585

Symptoms   An error event is "thrown" when a prompt that is used in a field item fails. If another automatic speech recognition (ASR) session is started in the catch handler for the error event, the catch handler will fail because the previous session has not been terminated.

Conditions   This symptom is observed on voice platforms that support the ASR/text-to-speech (TTS) feature. This symptom may affect platforms such as the Cisco 3660, Cisco AS5300, Cisco AS5350, and Cisco AS5400 that are running Cisco IOS Release 12.2(11)T.

Workaround   There is no workaround.

CSCdy25042

Symptoms   A Cisco router may reload because of a bus error.

Conditions   This symptom is observed when a Service Assurance Agent is configured using the Simple Network Management Protocol (SNMP) through a "Create and Wait" operation. The rttMonEchoAdminOwner or rttMonEchoAdminTag variable is set using this "Create and Wait" operation.

Workaround   To configure the Service Assurance Agent, use one of the following three solutions:

Use a "Create and Go" operation to create the probe.

Use a "Create and Wait" operation without the rttMonEchoAdminOwner or rttMonEchoAdminTag variable.

Use a "Create and Wait" operation with the rttMonEchoAdminOwner or rttMonEchoAdminTag variable. These two variables should be in the last set of the "Create and Wait" sets that are using SNMP.

For more information about bus errors, refer to the Cisco document at the following location:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00800cdd51.shtml

CSCdy26336

Symptoms   If an established 3-way Media Gateway Control Protocol (MGCP) call is taken out of the conference mode and placed back into the conference mode, the call may disconnect, or the voice path may be dropped.

The call disconnects if the controller party flashes the hook and then goes on-hook. The voice path is dropped if the controlling party flashes the hook and dials the number 3 to put the call back into the conference mode.

Conditions   This symptom is observed on a Cisco IAD2420 series.

Workaround   There is no workaround.

CSCdy27740

Symptoms   An echo may be heard on the Voice over IP (VoIP) side of a call.

Conditions   This symptom is observed on a Cisco 3640 router that is running Cisco IOS Release 12.2(11.8)T and that is configured with a VIC-2FXO-M1 card.

Workaround   Replace the VIC-2FXO-M1 card with a VIC-2FXO card. The echo does not occur with a VIC-2FXO card.

Alternate Workaround   Run Cisco IOS Release 12.2(8)T5 or Release 12.2(9.4)T.

CSCdy28551

Symptoms   Built-in and external grammars may not work on a vendor-specific automatic speech recognition (ASR) server.

Conditions   This symptom is observed on a Cisco AS5300 that is running Cisco IOS Release 12.2(11)T.

Workaround   There is no workaround.

CSCdy29941

Symptoms   PPP may drop serial interfaces after the PPP session is forwarded.

Conditions   This symptom is observed when PPP is used on a Layer 2 Tunneling Protocol (L2TP) access concentrator (LAC).

Workaround   There is no workaround.

CSCdy31356

Symptoms   A Cisco AS5300 may reload when it is initialized with a stack overflow error for Dynamic Host Configuration Protocol (DHCP) and the port dial-peer configuration command is present in the configuration file that is downloaded from a TFTP server. The following is a sample configuration that may cause the reload to occur:

dial-peer voice 10 pots

destination-pattern .T

direct-inward-dial

port 0:D

Conditions   This symptom is observed on a Cisco AS5300 that is running Cisco IOS Release 12.2(11)T3.

Workaround   Remove the line in the configuration file that contains the port dial-peer configuration command. Configure the port dial-peer configuration command manually after the autoinstall process has completed.

CSCdy31636

Symptoms   On a Cisco AS5850, upstream (ingress-to-egress) traffic that is sent through a single-link asynchronous Multilink PPP (MLP) call is process-switched instead of being switched by Cisco Express Forwarding (CEF). This symptom may cause high CPU utilization on the Route Switch Controller (RSC) when MLP data is forwarded. Data integrity is not affected when this symptom occurs.

Conditions   This symptom is observed on a Cisco AS5850 that is running Cisco IOS Release 12.2(2)XB6C. Only single-link asynchronous MLP calls are affected by this symptom. All digital calls, non-MLP calls, and all MLP calls that have more than one link are not affected.

Workaround   There is no workaround.

CSCdy32299

Symptoms   The PRI dial-modifier feature does not work as expected on a Cisco AS5400.

Conditions   This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.2(11)T.

Workaround   There is no workaround.

CSCdy32839

Symptoms   A Cisco AS5850 Media Gateway Control Protocol (MGCP) universal gateway does not send a slot number in the endpoint name when an MGCP NTFY message is sent.

Conditions   This symptom is observed with MGCP channel-associated signaling (CAS) calls if a feature board is installed in slot 0.

Workaround   Use a slot other than slot 0.

CSCdy32948

Symptoms   The RADIUS NAS-Port attribute 5 does not report the TTY number of the asynchronous interface that is used for the modem-based call.

Conditions   This symptom is observed when the radius-server attribute nas-port format a global configuration command is configured and authentication, authorization, and accounting (AAA) is tracking the modem-based call.

Workaround   There is no workaround.

CSCdy33286

Symptoms   Leakage at the I/O memory may cause memory allocation (MALLOC) failures on a Cisco AS5400.

Conditions   This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.2(2)XB6.4 regardless of the load conditions.

Workaround   There is no workaround.

CSCdy35408

Symptoms   The Media Gateway Control Protocol (MGCP) error code 502 may be observed on MGCP platforms, and calls may not be established successfully.

Conditions   This symptom is observed when a gateway that is running Cisco IOS Release 12.2(11)T attempts to negotiate both named telephone events (NTEs) and X-named signal events (NSEs) with a gateway that is running Cisco IOS Release 12.2(8)T.

Workaround   Upgrade to Cisco IOS Release 12.2(11)T.

CSCdy37229

Symptoms   When a voice port is configured with the Hong Kong (HK) ringing tone (cptone), the off-hook warning tone does not play as expected.

Conditions   This symptom is observed on a Cisco IAD2420 series that is running Cisco IOS Release 12.2(10.7)T4.

Workaround   There is no workaround.

CSCdy38113

Symptoms   Network Address Translation (NAT) may drop H.323 version 3 and version 4 packets because H.323 versions 3 and 4 are not supported.

Conditions   This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(11)T.

Workaround   There is no workaround.

CSCdy38447

Symptoms   A router may stop detecting routes when IP version 6 (IPv6) Routing Information Protocol (RIP) is used on a tunnel.

Conditions   This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(11)T.

Workaround   There is no workaround.

CSCdy39663

Symptoms   A Cisco AS5800 may reload because of the outb-telnet_aaa_acct_get_dynamic_attrs routine.

Conditions   This symptom is observed on a Cisco AS5800 that is running Cisco IOS Release 12.2(2)XB6.

Workaround   There is no workaround.

CSCdy39987

Symptoms   A Cisco AS5300 may reload when it is accessing an illegal address (0xDEADBEF7).

Conditions   This symptom is observed on a Cisco AS5300 when a user attempts to send a TACACS+ accounting packet for a network or PPP connection.

Workaround   There is no workaround.

CSCdy41827

Symptoms   No ringback tone is heard when a hairpin call is made from a Foreign Exchange Station (FXS) port to the T1 port of a Cisco IAD2421 integrated access device.

Conditions   This symptom is observed on a Cisco IAD2421 that is running Cisco IOS Release 12.2(11)T.

Workaround   Configure the no voice local-bypass global configuration command to prevent hairpin calls from being made.

CSCdy41874

Symptoms   The G.729 codec selection option cannot be configured for Voice over IP (VoIP) dial peer on an Access Gateway Module (AGM) that is operating in the IP telephony mode.

Conditions   This symptom is observed on an Access Gateway Module (AGM) for Catalyst 4000 series switch (WS-X4604-GWY).

Workaround   There is no workaround.

CSCdy42450

Symptoms   The ISDN User Part (ISUP) trunk package cannot be configured on a Media Gateway Control Protocol (MGCP) trunking gateway. This symptom prevents MGCP trunking gateways from being compliant with Trunking Gateway Control Protocol (TGCP) call agents that require the ISUP trunk package as the default trunking package.

When the configure terminal privileged EXEC command is entered, the mgcp package-capability package global configuration command erroneously omits the it-package option. Similarly, the mgcp default-package global configuration command omits the it-package option.

If the ISUP trunk package is not configured, call agents that shorten it-package requests may encounter failures. For example, "R: IT/ft" may be replaced with "R: ft" if the ISUP trunk package is configured as the default. Because the ISUP trunk package cannot be configured as the default package, "R: ft" will fail.

The biggest ramification of this symptom is noncompliance with TGCP call agents. The inability to configure "it-package" as the default package also means that an alternate package must be used as the default trunk package. The trunk package or generic media package are possible substitutes, but neither has the complete set of events that are present in the "it-package." This circumstance means that the call agent may encounter failures with the "it-package" functionality.

Conditions   This symptom is observed on a Cisco IAD2421 integrated access device that is running Cisco IOS Release 12.2(11)T.

Workaround   There is no workaround.

CSCdy43191

Symptoms   The no boot system global configuration command does not work when it is entered on a redundant primary Route Processor Module (RPM) card.

Conditions   This symptom is observed on an RPM card of a Cisco router that is running Cisco IOS Release 12.2(11)T.

Workaround   There is no workaround.

CSCin14935

Symptoms   Public switched telephone network (PSTN) fallback cannot be configured on a Cisco Catalyst 4000.

Conditions   This symptom is observed on a Cisco Catalyst 4000 that is running Cisco IOS Release 12.2(11)T.

Workaround   There is no workaround.

CSCin15209

Symptoms   A PRI trunk may go out of service. This symptom occurs when an inbound call from a PBX is received on a PRI trunk and when an access code is dialed to access the PBX (the same PBX that originated the call). Subsequent calls that are made on the PRI trunk do not go through.

Conditions   This symptom is observed on a PRI trunk when calls are hairpinned on a Catalyst 4000 Access Gateway Module (AGM) that is running the c4gwy-io3sx3-mz.122-10.7.T6 image of Cisco IOS Release 12.2(10.7)T6.

Workaround   Restart the controller or reload the router.

CSCuk35086

Symptoms   A Cisco AS5400 may not send Restart in Progress (RSIP) messages to the Call Agent.

Conditions   This symptom is observed when an E1 cable is unplugged from the Cisco AS5400, causing a Loss of Signal (LOS) on the line.

Workaround   There is no workaround.

CSCuk35508

Symptoms   The end-to-end delay for an access server may be greater than the delay for a Voice Interworking Service Module (VISM). This end-to-end delay is unacceptable.

Conditions   This symptom is observed on a Cisco AS5400.

Workaround   There is no workaround.

CSCuk36172

Symptoms   A call is rejected by call admission control (CAC) because of unavailable resources. External Call Service Provider (XCSP) calls may pause in the in-progress state, and no new calls can be made on the given DS0 channel.

Conditions   This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.2(11)T.

Workaround   There is no workaround.

CSCuk36687

Symptoms   A Media Gateway Control Protocol (MGCP) dial call that is terminated is not deleted from the memory of the Cisco AS5350 after the connection is deleted.

Conditions   This symptom is observed on a Cisco AS5350 that is running Cisco IOS Release 12.2(11)T.

Workaround   There is no workaround.

Resolved Caveats—Cisco IOS Release 12.2(11)T

All the caveats listed in this section are resolved in Cisco IOS Release 12.2(11)T. This section describes only severity 1, severity 2, and select severity 3 caveats.

These caveats are documented in the following format:

Symptoms: A description of what is observed when the caveat occurs.

Conditions: The conditions under which the caveat has been known to occur.

Workaround: Solutions, if available, to counteract the caveat.

Access Server

CSCdw78376

Symptoms   A modem configuration may fail.

Conditions   This symptom is observed on a Cisco AS5850 when a modem capability (modemcap) is used to modify the NextPort register configuration.

Workaround   Apply the same modemcap from a reverse Telnet to the NextPort.

Basic System Services

CSCdr85778

Symptoms   You cannot specify a loopback interface to use in relation with Cisco Discovery Protocol (CDP) IP information. Campus Manager, which is a CDP-based discovery tool, cannot use loopback addresses for discovery purposes.

Conditions   This symptom is observed on all platforms.

Workaround   Upgrade to the latest CiscoWorks 2000 (CD-1 4th Edition, RME 3.3, Campus Manager 3.1) and follow the information at the following location:

http://www.cisco.com/warp/public/cc/pd/wr2k/cpmn/prodlit/wk2ke_wp.htm

CSCdw42791

Symptoms   Multichassis Multilink PPP (MMP) Media Gateway Control Protocol (MGCP) calls do not work because of authentication failures.

Conditions   This symptom is observed on a Cisco AS5400.

Workaround   Use local authentication by enabling the aaa authentication ppp default local global configuration command.

Alternate Workaround   If RADIUS authentication is used, omit the "class" attribute from the RADIUS user profile.

CSCdw65439

Symptoms   The RADIUS music on hold (MOH) per-user attribute does not function for EXEC and Layer 2 Tunneling Protocol (L2TP) users: the attribute is discarded. The attribute is working fine for PPP users.

Conditions   This symptom is observed on a Cisco AS5400.

Workaround   Use a modem capability (modemcap) to define a default setting for all EXEC and L2TP users.

CSCdw88228

Symptoms   Digital calls should be reported as port type "isdn sync", but some digital calls are reported incorrectly as port type "async". This affects only digital calls that terminate on digital signal processors (DSPs).

Conditions   This symptom is observed on a Cisco AS5400.

Workaround   There is no workaround.

CSCdw92181

Symptoms   IP Control Protocol (IPCP) may be rejected when a Virtual Access interface is created for attributes (such as the "route" attribute) that are global per-user attributes. The Virtual Access interface does not contain IP configurations because no Virtual Template has been configured.

Conditions   This symptom is observed on a Cisco AS5300 that is running Cisco IOS Release 12.2(9.4)T or Release 12.2(6.8)PIa.

Workaround   Create a Virtual Template and configure the virtual-profile virtual-template number global configuration command.

CSCdx09435

Symptoms   A route switch controller (RSC) reloads upon modem call setup.

Conditions   This symptom is observed when an asynchronous interface is configured for interactive mode and a RADIUS server is configured to download an IP address pool to the network access server (NAS).

Workaround   Do not configure the RADIUS server to download an IP address pool.

CSCdx12879

Symptoms   A router may not make any attempt to authenticate from the authentication, authorization, and accounting (AAA) server, and messages similar to following may be recorded:

AAA/AUTHEN/PPP (00000023): Pick method list 'default'
As61 PPP: Sent MSCHAP LOGIN Request to AAA
TPLUS: Queuing AAA Authentication request 35 for processing
TPLUS: processing authentication start request id 35
As61 PPP: Received LOGIN Response from AAA = FAIL

Conditions   This symptom is observed in a router that is running Cisco IOS Release 12.2(4)T3 and that is using MS-CHAP authentication for the TACACS+ server.

Workaround   There is no workaround.

CSCdx17074

Symptoms   Multichassis Multilink PPP (MPP) sessions do not report RADIUS accounting on the basis of the respective network access server (NAS) that is serving the B channel.

Conditions   This symptom is observed on a Cisco AS5400.

Workaround   There is no workaround.

CSCdx22275

Symptoms   Two RADIUS accounting stop records are sent to the RADIUS server for a "1-B channel V.120" call.

Conditions   This symptom is observed on a Cisco AS5800 that is running Cisco IOS Release 12.2(2)XB5.

Workaround   There is no workaround.

CSCdx24115

Symptoms   A RADIUS authentication, authorization, and accounting (AAA) accounting stop record may have negative values of presession packets when a V.120 call is disconnected.

Conditions   This symptom is observed on a Cisco AS5800 that is running a Cisco IOS release that is earlier than Cisco IOS Release 12.2(2)XB5.

Workaround   There is no workaround.

CSCdx24518

Symptoms   In a configuration that includes a Large Scale Dial Out (LSDO) with Multilink PPP (MLP), an outbound ping from an enterprise router to a remote client router passes, and multiple links and dialer sessions come up successfully at a Cisco AS5300 that is functioning as a network access server (NAS). However, if you enter the clear dialer session EXEC command on the NAS while dialer sessions are still active, the NAS reloads at aaa_acct_send_req.

Conditions   This symptom is observed on a Cisco AS5300 that is running the c5300-js-mz of Cisco IOS Release 12.2(9.4)T.

Workaround   Use an LSDO without MLP.

CSCdx26899

Symptoms   High CPU utilization may occur on a router, causing the router first to pause and then to reload.

Conditions   This symptom is observed on a Cisco uBR7246 router that is running Cisco IOS Release 12.1(9)EC.

Workaround   Enter the no snmp-server manager global configuration command to disable the internal Simple Network Management Protocol (SNMP) server.

CSCdx27480

Symptoms   A system accounting record is not sent when a hidden command-line interface (CLI) is configured and the RADIUS server is deleted from the configuration.

Conditions   This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.2(6.4)T.

Workaround   Configure (add or delete) the RADIUS server from a nonconsole line.

CSCdx34632

Symptoms   A network access server (NAS) may reload when a non-multisession call comes in.

Conditions   This symptom is observed on a NAS when the ppp multilink interface configuration command is not configured.

Workaround   Configure the ppp multilink interface configuration command.

CSCdx41068

Symptoms   A class attribute may not be found in the start and stop accounting records on a home gateway when the vpdn aaa attribute class tunnel-class global configuration command is configured.

Conditions   This symptom is observed on a Cisco 7200 series router.

Workaround   There is no workaround.

CSCdx41316

Symptoms   A ppp authorization interface configuration command that is defined under a template does not reference a globally defined nondefault method list of an authentication, authorization, and accounting (AAA) authorization network.

Conditions   This symptom is observed on a Cisco AS5400.

Workaround   Enter the aaa authorization network default group radius global configuration command in the configuration of the network access server (NAS).

CSCdx42856

Symptoms   Authentication, authorization, and accounting (AAA) route download does not work when a router reloads.

Conditions   This symptom is observed on a Cisco 6400 Node Route Processor 1 (NRP1) that is running Cisco IOS Release 12.2(4)B3. The symptom has been reproduced in Cisco IOS Release 12.2(4)T3.

Workaround   To enable the route download, enter the no aaa route download time global configuration command followed by the aaa route download time global configuration command.

CSCdx44821

Symptoms   The "Ascend PW-Lifetime" RADIUS attribute is not supported.

Conditions   This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.2(9.4)P14.

Workaround   There is no workaround.

CSCdx44891

Symptoms   The "Ascend-Shared-Profile-Enable" RADIUS attribute is not supported.

Conditions   This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.2(9.4)P14.

Workaround   There is no workaround.

CSCdx46375

Symptoms   A router may reload at radius_build_packet() after a couple of hours of stress tests running analog, ISDN, and Layer 2 Tunneling Protocol (L2TP) calls.

Conditions   This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.2(02)XB05.

Workaround   There is no workaround.

CSCdx46438

Symptoms   Simple Network Management Protocol (SNMP) traps may stop working after configuration changes are made.

Conditions   This symptom is observed on a Route Switch Processor (RSP).

Workaround   There is no workaround.

CSCdx48050

Symptoms   Users may be assigned IP addresses from a nonspecified pool.

Conditions   This symptom is observed when users are assigned an IP address with Ascend-IP-Assign-Pool attribute 218 in the user profile and when all addresses in the specified pool are exhausted.

Workaround   There is no workaround.

CSCdx48073

Symptoms   An attribute 195 may be sent for users, which is not correct.

Conditions   This symptom is observed on a Cisco AS5400 when users are disconnected because of an idle timeout or a session timeout.

Workaround   There is no workaround.

CSCdx51157

Symptoms   T.38 fax traffic is missing the NAS-Port in the accounting request for the telephony leg.

Conditions   This symptom is observed on a Cisco AS5400.

Workaround   There is no workaround.

CSCdx51851

Symptoms   Incorrect RADIUS disconnect cause codes may be sent while the PPP idle timeout is tested on the serial interface of a Layer 2 Tunneling Protocol (L2TP) access concentrator (LAC).

Conditions   This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.2(10.3)T2.

Workaround   There is no workaround.

CSCdx52334

Symptoms   A server may report the absence of an access list after the server has rebooted.

Conditions   This symptom is observed on a network access server (NAS) that is running Cisco IOS Release 12.2(02)XB05.

Workaround   There is no workaround.

CSCdx56484

Symptoms   A Cisco AS5850 may reload.

Conditions   This symptom is observed on a Cisco AS5850 Route Switch Controller (RSC) when Multilink PPP (MLP) calls are torn down by clearing a D-channel interface on the caller side. The symptom is seen in Cisco IOS Release 12.2(2)XB5 with authentication, authorization, and accounting (AAA) configured.

Workaround   There is no workaround.

CSCdx56743

Symptoms   A RADIUS attribute 69 that has special characters defined may fail in decryption.

Conditions   This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.2(02)XB05.

Workaround   There is no workaround.

CSCdx57179

Symptoms   Digital service zero (DS0) information may not be reported in authentication, authorization, and accounting (AAA).

Conditions   This symptom is observed on a Cisco AS5400.

Workaround   There is no workaround.

CSCdx58624

Symptoms   The disconnect cause in attribute 195 may be reported as "no reason."

Conditions   This symptom is observed on a Cisco AS5400 when Windows NT clients are disconnected in a normal way.

Workaround   There is no workaround.

CSCdx61284

Symptoms   A network access server (NAS) may generate an extra stop accounting record for an ISDN Multilink PPP (MLP) call.

Conditions   This symptom is observed on a NAS that is running Cisco IOS Release 12.2(02)XB05.

Workaround   There is no workaround.

CSCdx61435

Symptoms   Copying the configuration of a router from a TFTP server to the running configuration via Simple Network Management Protocol (SNMP) may fail, and the following error message may be displayed:

SNMP error: (genError) A general failure occurred..

Copying the configuration of a router via the command-line interface (CLI) works properly.

Conditions   This symptom is observed on a router that is running Cisco IOS Release 12.2(10.5)T. The symptom is not seen in Cisco IOS Release 12.2(9.4)T or in earlier releases.

Workaround   There is no workaround.

CSCdx61703

Symptoms   The internal application programming interface (API) may return wrong values for IfType and IfSubType on an E1 controller.

Conditions   This symptom is observed on a Cisco MC3810 that is running Cisco IOS Release 12.2(10.7)T.

Workaround   There is no workaround.

CSCdx63048

Symptoms   Service Level Measurements feature measurements cannot be made on a Frame Relay Service (FRF.8) encapsulation-type circuit.

Conditions   This symptom is observed on a Cisco 3810 router.

Workaround   There is no workaround.

CSCdx67320

Symptoms   A progress code may be reported as "LCP STOPPED" for a PPP call.

Conditions   This symptom is observed on a Cisco AS5400.

Workaround   There is no workaround.

CSCdx67370

Symptoms   The RADIUS disconnect code may report value 10, "modem never detected DCD," for a regular PPP.

Conditions   This symptom is observed on a Cisco AS5400.

Workaround   There is no workaround.

CSCdx75492

Symptoms   PPP Link Control Protocol (LCP) negotiation may not work correctly.

Conditions   The conditions under which this symptom occurs are not known at this time. This caveat is related to the fix for CSCdx46822.

Workaround   There is no workaround.

CSCdx76246

Symptoms   For asynchronous-over-ISDN calls, the network access server (NAS) port type may be incorrectly reported as ISDN when it should be reported as asynchronous.

Conditions   The conditions under which this symptom occurs are not known at this time.

Workaround   There is no workaround.

CSCdx80072

Symptoms   The attribute 6 Service-Type may be missing in an authentication request, and messages similar to the following may be displayed:

RADIUS: Send to unknown id 11 10.52.216.2:1645, Access-Request, len 81
RADIUS: authenticator 65 86 66 A9 AA C9 E5 D5 - DA E6 E6 1D 77 EC 26 37
RADIUS: Framed-Protocol [7] 6 PPP [1]
RADIUS: User-Name [1] 18 "lac-1@tunnel.com"
RADIUS: CHAP-Password [3] 19 *
RADIUS: NAS-Port [5] 6 34
RADIUS: NAS-Port-Type [61] 6 Virtual [5]
RADIUS:  NAS-IP-Address    [4] 6 10.52.221.120

Conditions   This symptom is observed on a Cisco 7200 series router that is functioning as a multihop node that is running Cisco IOS Release 12.2(10.7)T1 in a configuration in which the multihop node is located in between a Cisco AS5300 that is functioning as a Layer 2 Tunnel Protocol (L2TP) concentrator (LAC) and a Cisco 7200 series router that is functioning as an L2TP network server (LNS).

The symptom does not occur when the multihop node is running Cisco IOS Release 12.2(6.7)T, in which case messages similar to the following may be displayed:

RADIUS: Send to unknown id 5 10.52.216.2:1645, Access-Request, len 87
RADIUS: authenticator DB C3 2D 4E A8 F6 10 DE - DA E6 E6 1D CB 96 98 DB
RADIUS: Framed-Protocol [7] 6 PPP [1]
RADIUS: User-Name [1] 18 "lac-1@tunnel.com"
RADIUS: CHAP-Password [3] 19 *
RADIUS: NAS-Port [5] 6 12
RADIUS: NAS-Port-Type [61] 6 Virtual [5]
RADIUS: Service-Type [6] 6 Framed [2]
RADIUS:  NAS-IP-Address   [4] 6 10.52.221.120

Workaround   To enable the Service-Type to be sent in the authentication request, enter the radius-server attribute 6 on-for-login-auth global configuration command.

CSCdx81321

Symptoms   Voice calls may be rejected after running voice calls with preauthorization enabled for an extended period.

Conditions   This symptom is observed on a Cisco AS5400.

Workaround   Enter the no aaa preauth global configuration command to get voice calls running again.

CSCdx81388

Symptoms   A memory leak may be seen in PPP events after a stress test.

Conditions   This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.2(02)XB06 after a stress test.

Workaround   There is no workaround.

CSCdx81949

Symptoms   Progress Code attribute 196 may report value 10 for Layer 2 Tunneling Protocol (L2TP) call disconnect, but is should pass the value as 65.

Conditions   This symptom is observed on a Cisco AS5400.

Workaround   There is no workaround.

CSCdx87139

Symptoms   Authentication, authorization, and accounting (AAA) stop records may report 0 in acct_output_octets and acct_input_octets, even when large amounts of data have been transferred by the session.

Conditions   This symptom is observed on a Cisco AS5850.

Workaround   Retrieve the information using the spe call-record modem, modem call-record, and calltracker call-record global configuration commands.

CSCdx91959

Symptoms   Not all extensible markup language (XML) traps are being generated for the Service Level Measurement (SLM) feature.

Conditions   This symptom is observed on a Cisco MC3810 router that is using the SLM feature.

Workaround   There is no workaround.

CSCdx96207

Symptoms   When you enter the no cns event global configuration command, the Service Level Measurement (SLM) notify process may throw tracebacks.

Conditions   This symptom is observed on a Cisco 2600 series router.

Workaround   Do not remove the CNS event agent.

CSCin05213

Symptoms   A virtual private dial-up network (VPDN) call may not be forwarded.

Conditions   This symptom is observed when the vpdn authen-before-forward command is configured and "preauth:auth-required=0"is listed in the preauthorization user profile.

Workaround   There is no workaround.

CSCin09496

Symptoms   A Simple Network Management Protocol (SNMP) query may return a wrong value for an entPhysicalVendorType query.

Conditions   This symptom is observed when an SNMPWalk entPhysicalVendorType query is performed on a Cisco 7576 router.

Workaround   There is no workaround.

CSCuk33318

Symptoms   The network access server (NAS) port type for channel-associated signaling (CAS) preauthorization may be reported incorrectly as asynchronous, but should be reported as ISDN for backward compatibility.

Conditions   The conditions under which this symptom occurs are not known at this time.

Workaround   There is no workaround.

Interfaces and Bridging

CSCdx35375

Symptoms   A lot of memory (more than 20 MB) may be used by the Tag Control process.

Conditions   This symptom is observed on a Cisco 7200 series router when a very large number of per-Virtual Circuit (VC) queues are allocated under the Tag Control process.

Workaround   There is no workaround.

CSCdx65197

Symptoms   A Label Distribution Protocol (LDP)/Tag Distribution Protocol (TDP) session may flap, and IP packets that are sent from the Label Switch Controller (LSC) or to the LSC will time-out when IP connectivity is broken on headend tagged virtual circuits (TVCs) and label virtual circuits (LVCs) out of the LSC. Only headend virtual circuits (VCs) from the LSC are affected.

Conditions   This symptom is observed on a Cisco 7200 series router and on a Route Processor Module (RPM) that is running Cisco IOS Release 12.2(10.7)T and when TDP or LDP with TVCs and LVCs are using an LSC. Also, for the symptom to occur, the control interface needs to be ATM Deluxe.

At first, Interior Gateway Protocols (IGPs) and TDP and LDP traffic will not be affected, and the IGP and TDP and LDP neighbors will come up because the control-VC is a permanent virtual circuit (PVC). The symptom occurs on TVCs and LVCs only on the LSC. IGPs (Open Shortest Path First [OSPF] and Intermediate System-to-Intermediate System [IS-IS]) will run initially on the control-VC, but then they will move to the TVC or LVC when one of these is created. IGP then fails. Consequently, the TDP/LDP session flaps continuously. In normal conditions, traffic from and to the LSC should be minimal because the edge functionality should be disabled.

Workaround   Disable the headend TVCs and LVCs using the mpls atm disable-headend-vcs global configuration command. Traffic terminating and originating in the LSC will run via the control-VC and will be processed switched.

IP Routing Protocols

CSCdu70309

Symptoms   The Open Shortest Path First (OSPF) process fails to update the metric in the self-generated external link-state advertisements (LSAs).

Conditions   This symptom is observed when interface cost changes because of bandwidth configuration change and there exists an OSPF process to redistribute this interface. OSPF process (OSPF process 1) that is running on this interface updates its router and network LSAs. If another OSPF process (OSPF process 2) is configured to redistribute this interface, it will not update the cost in its external LSAs.

Workaround   To update external LSAs with the correct metric, clear redistribution on the OSPF process (OSPF process 2) that is redistributing this interface using the clear ip ospf process-number redistribution EXEC command, or flap the interface on which bandwidth is changed using the shutdown interface configuration command followed by the no shutdown interface configuration command.

CSCdw47116

Symptoms   A router may reboot because of a memory allocation (MALLOC) error in the Border Gateway Protocol (BGP) router process.

Conditions   This symptom is observed on a Cisco 12000 series router.

Workaround   There is no workaround.

CSCdw83512

Symptoms   A system may reload.

Conditions   This symptom is observed on a Cisco router when a write terminal EXEC command is issued.

Workaround   There is no workaround.

CSCdx29663

Symptoms   Session Initiation Protocol (SIP) phones (7960) may fail to register.

Conditions   This symptom is observed when a third-party server challenges the REGISTER message that is coming across a Cisco IOS Network Address Translation (NAT). The same scenario works fine with a Cisco SIP proxy server (CSPS).

Workaround   There is no workaround.

CSCdx34211

Symptoms   The Session Initiation Protocol (SIP) Application Layer Gateway (ALG) does not parse the "Expires" header in the REGISTER message.

Conditions   This symptom is observed when Cisco IOS Network Address Translation (NAT) is configured on a router in order to use SIP ALG.

Workaround   There is no workaround.

CSCdx34356

Symptoms   Resource Reservation Protocol (RSVP) ignores the ip rsvp resource-provider none command-line interface (CLI) command.

Conditions   This symptom is observed on a Cisco 7500 series router that is configured with a Versatile Interface Processor (VIP) when Distributed Weighted Fair Queuing (DWFQ) is enabled on an interface.

Workaround   There is no workaround.

CSCdx49700

Symptoms   A call setup may be successful, but data cannot be transferred because the Virtual-Access interface is removed from the routing table after the call is set up.

Conditions   This symptom is observed when a user attempts to dial back in to a remote access (RA) Multiprotocol Label Switching (MPLS)/Virtual Private Network (VPN) service for a Layer 2 Tunneling Protocol (L2TP) dial-in virtual home gateway (VHGW)/provider edge (PE) router and a direct dial-in network access server (NAS)/PE router.

Workaround   There is no workaround.

CSCdx60925

Symptoms   A 99-percent CPU utilization may occur on a router during a stress test.

Conditions   This symptom is observed on a Cisco AS5850 with 1100 ISDN synchronous/asynchronous calls, including virtual private dial-up network (VPDN) and non-VPDN calls, and with a traffic rate of 7/28 packets per second (pps) and a teardown rate of 9 calls per second (CPS).

Workaround   There is no workaround.

CSCdy18789

Symptoms   A system may run out of memory because of a leak in the routing table structures. No explicit triggers (other than routes in the table) are needed to cause this symptom.

Conditions   The conditions under which this symptom occurs are not known at this time.

Workaround   There is no workaround.

Miscellaneous

CSCdu83722

Symptoms   Packets between VLANs on an Enhanced Gigabit Ethernet Interface Processor (GEIP+) are corrupted.

Conditions   This symptom is observed on a Cisco 7500 series router that is configured with a GEIP+ if the following conditions are present:

Dot1q trunking is configured on the GEIP+.

Distributed Cisco Express Forwarding (dCEF) is enabled globally and on the GEIP+.

Packets are going from one VLAN to another.

Workaround   Disable dCEF on the GEIP+ by entering the no ip route-cache distributed interface configuration command.

CSCdv85570

Symptoms   Incoming dual tone multifrequency (DTMF) digits from the public switched telephone network (PSTN) may not be reported by Media Gateway Control Protocol (MGCP) after a call is connected.

Conditions   This symptom is observed on a Cisco 3600 series router when a channel-associated signaling (CAS) T1 MGCP trunk is configured for multifrequency (MF) and functions as the terminating endpoint.

Workaround   Use DTMF signaling.

CSCdw24449

Symptoms   Media Gateway Control Protocol (MGCP) dial preauthentication does not work on a Cisco Resource Policy Management System (RPMS) server.

Conditions   The conditions under which this symptom occurs are not known at this time.

Workaround   Use an alternate RADIUS server.

CSCdw43280

Symptoms   Errors such as "ISA heartbeat failure," "ISA failed to Initialize," or other unusual errors related to the Integrated Services Adapter (ISA) microcode may be reported from an ISA.

Conditions   This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.2, Release 12.2 T, Release 12.2 S, or any release derived from these releases.

Workaround   Do not use an ISA.

CSCdw46349

Symptoms   Distributed Network-Based Application Recognition (dNBAR) stateful classification and bidirectional traffic classification across Versatile Interface Processors (VIPs) do not work.

Conditions   This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.2(8)T

Workaround   There is no workaround.

CSCdw48007

Symptoms   Inbound and outbound calls that are going through a gateway may fail with a fastbusy signal because the gateway indicates that all of the channels on the T1 line are the busy.

The debug voip ccapi inout EXEC command indicates that outbound calls are rejected by the gateway based on the following reasons in the debug output:

ssaSetupPeer intf busy. peer(0x824912D8), cid(5543)
ssaSetupPeer - intf busy. calledNum(97526501)
ccCallDisconnect (callID=0x15A7, cause=0x11 tag=0x0)
ssaSetupPeer: setup failed rc(0)

An inbound call that originates from either a public switched telephone network (PSTN) or a PBX does not reach the gateway because the channels appear to be busy to the PSTN or the PBX.

Conditions   This symptom is observed on a Cisco Catalyst 4224 switch that is configured with T1 data lines and a T1 voice line that is connected to a PSTN. When the T1 controller for one of the T1 lines is shut down administratively or when a T1 line goes down for any reason, the Cisco Catalyst 4224 switch will busyout all of the T1 voice channels. When this situation occurs, the Cisco Catalyst 4224 switch can make no further outbound calls to the PSTN, nor can it receive any inbound call from the PSTN. This symptom can be verified with channel-associated signaling (CAS) using a receive & transmit (E&M) wink.

Workaround   There is no workaround.

CSCdw59332

Symptoms   An access list may not function properly after Cisco Express Forwarding (CEF) is enabled.

Conditions   This symptom is observed if a per-user access list is applied to dialup users that negotiate TCP/IP header compression.

Workaround   Disable CEF.

Alternate Workaround   Disable TCP/IP header compression.

CSCdw61739

Symptoms   Some channels may be aborted on a port adapter.

Conditions   This symptom is observed on a multichannel Synchronous Transport Module level 1 (STM-1) port adapter (PA-MC-STM1) that is configured to operate in the framed or unframed mode.

Workaround   Perform the following steps:

a. Configure the network payload loopback on the E1 channel that has this symptom.

b. Configure another E1 channel on another synchronous payload envelope (SPE).

c. Unconfigure the payload loopback.

CSCdw65768

Symptoms   When a gateway is operating in gateway-controlled mode with T.38 fax relay for Media Gateway Control Protocol (MGCP) enabled by default, T.38 fax for MGCP does not engage and a fax does not go through. Fax pass-through does not engage either.

Conditions   This symptom is observed on a Cisco gateway that is running Cisco IOS Release 12.2(7.6)T.

Workaround   There is no workaround.

CSCdw67549

A Cisco MC3810 multiservice access concentrator router may reload when the busyout monitor probe ip-address voice-port configuration command is configured on a voice port interface. The busyout monitor works normally with voice port interfaces. There is no workaround.

CSCdw72560

Symptoms   Different speeds cannot be set on a serial interface.

Conditions   This symptom is observed when circuit emulation service (CES) is configured on a Cisco MC3810. You cannot set different speeds on the serial 0 and serial 1 interfaces.

Workaround   There is no workaround.

CSCdw78516

Symptoms   A router may reload after a login is performed using Kerberos.

Conditions   This symptom is observed on a Cisco 2500 series router after the username and password are entered during the initial login process using Kerberos.

Workaround   There is no workaround.

CSCdw78938

Symptoms   A gatekeeper does not send Gatekeeper Transaction Message Protocol (GKTMP) messages to a second server if the first server of the same priority is down or shut down using the command-line interface (CLI).

Conditions   This symptom is observed only with Cisco IOS Release 12.2(2)XU2 gatekeeper images when redundant GKTMP servers are used.

Workaround   If load balancing between servers is not required, set the servers to different priorities. If load balancing is required, there is no workaround.

CSCdw81168

Symptoms   A Cisco AS5850 does not answer more than 256 ISDN calls.

Conditions   This symptom is observed when Resource Policy Management System (RPMS) version 1.1 is used in a Signaling System 7 (SS7) environment. This symptom is observed when the number of resources under the resource group are greater than the available High-Level Data Link Control (HDLC) resources on a trunk card. When all the resources on the trunk card are used for the next call (the 257th call), the call fails to terminate as NextPort resources are not used.

Workaround   There is no workaround.

CSCdw82851

Symptoms   A terminating gateway may print spurious memory access messages and exhibit abnormal signaling behavior.

Conditions   This symptom is observed on a Cisco AS5850 that is operating as a terminating gateway in a T1 and channel-associated signaling (CAS) setup in which the originating and the terminating gateways are configured for T1 and CAS.

Workaround   There is no workaround.

CSCdw83684

Symptoms   A gateway may not report the correct number of trunks that are in use to the gatekeeper via resource availability indicator (RAI) messages. If 24 trunks of a T1 span are in use or are busy remotely, the gateway reports only 20 of the trunks in use via RAI.

Conditions   This symptom is observed in a Cisco Signaling System 7 (SS7) Interconnect for Voice Gateways environment on a voice gateway that is configured with a multifrequency (MF) channel-associated signaling (CAS) trunk group.

Workaround   There is no workaround.

CSCdw84256

Symptoms   Several Cisco attribute-value (AV) pairs are missing from the accounting records that are sent to RADIUS server.

Conditions   This symptom is observed on a Cisco AS5300 when authentication, authorization, and accounting (AAA) start and stop records for customer profiles are created on the network access server (NAS) for every call.

Workaround   There is no workaround.

CSCdw85312

Symptoms   The tag forwarding table does not show entries for recursive static routes.

Conditions   This symptom is observed when more than one static route is configured on a router. When the routes are cleared, the Tag Forwarding Information Base (TFIB) entry shows the recursive static route entry briefly, and then the entry disappears.

Workaround   There is no workaround.

CSCdw85853

Symptoms   Calls are not routed to a gateway.

Conditions   This symptom is observed on a Cisco universal access gateway that has trunk groups configured and has the resource threshold gateway configuration command enabled.

Workaround   Define dummy operational plain old telephone service (POTS) dial peers to reference the trunk group interfaces.

CSCdw87209

Symptoms   A Cisco IAD2420 may not respond to a notification request (RQNT) message that is sent by a call agent.

Conditions   This symptom is observed on a Cisco IAD2420. At the end of a call, the call agent will send a delete connection (DLCX) message and a RQNT message one after another without waiting for the Cisco IAD2420 to respond to the first DLCX message. Sometimes the Cisco IAD2420 sends a "250" message in response to the DLCX message and then sends a "200" message for the RQNT message. In some cases, the Cisco IAD2420, though it receives the DLCX message and the RQNT message, responds to the DLCX message with a "250" message, but it never sends a "200" message in response to the RQNT message. Instead, the Cisco IAD2420 will start sending a NTFY message (O:rlc). In this way both the call agent and the Cisco IAD2420 go into a deadlock mode, each one expecting the other to send an acknowledgement.

If the call agent would send a DLCX message and would wait for a "250" message before it would send the RQNT message (S:rel, R:rlc), this condition could be avoided.

Workaround   There is no workaround.

CSCdw90587

Symptoms   Media Gateway Control Protocol (MGCP) dial calls are unsuccessful and cannot be completed if ISDN is configured.

Conditions   This symptom is observed if ISDN is configured on MGCP dial platforms such as the Cisco AS5300, Cisco AS5350, and the Cisco AS5400.

Workaround  There is no workaround.  

CSCdw91760

Symptoms   The dynamic IP pool download feature for digital Multilink PPP (MLP) calls does not work as expected.

Conditions   This symptom is observed on a Cisco AS5800 that is running Cisco IOS Release 12.2(10)T.

Workaround   There is no workaround.

CSCdw94720

Symptoms   The local pool of IP addresses on a router may not be cleaned after a client disconnects.

Conditions   This symptom is observed on a Cisco router that is running the Easy VPN Server feature.

Workaround   There is no workaround.

CSCdx03411

Symptoms   The twist levels for a Foreign Exchange Office (FXO) analog interface are reversed.

Conditions   This symptom is observed on an analog interface.

Workaround   There is no workaround.

CSCdx06024

Symptoms   A Media Gateway Control Protocol (MGCP) call may connect successfully, but the call may not register properly with call tracker and resource accounting.

Conditions   This symptom is observed on a Cisco universal access server.

Workaround   Do not configure accounting in the configuration file.

CSCdx06556

Symptoms   A bus error exception may occur on a router, and the router may reload when a Simple Network Management Protocol (SNMP) walk is performed on a CiscoMgmt MIB.

Conditions   This symptom is observed on a Cisco 3660 router.

Workaround   There is no workaround.

CSCdx08664

Symptoms   A Cisco CVA122 platform incorrectly includes the notified entity parameter in the delete connection (DLCX) message that is sent to the call agent.

Conditions   This symptom is observed when the Real-Time Transport Protocol (RTP) stream is disrupted and the Cisco CVA122 platform is configured to disconnect calls if the RTP stream is lost. Sending the notified entity (N:) parameter in the DLCX is a violation of Media Gateway Control Protocol (MGCP) standards.

Workaround   There is no workaround.

CSCdx11084

Symptoms   An ATM OC-12 interface on a Cisco 7500 series port adapter shows output drops that cannot be accounted for anywhere else in the router. None of the permanent virtual connections (PVCs) show any drops, but the interface still accumulates drops.

Conditions   This symptom is observed when the traffic rate is very low compared to line rate of the port adapter.

Workaround   There is no workaround.

CSCdx12498

Symptoms   Media Gateway Control Protocol (MGCP) dial modem calls do not work because the dispatcher subsystem is not included.

Conditions   This symptom is observed on a Cisco AS5350.

Workaround   There is no workaround.

CSCdx16565

Symptoms   A high CPU utilization condition may occur on a universal access server, and service may be impacted.

Conditions   This symptom is observed on a Cisco AS5300 when a Media Gateway Control Protocol (MGCP) network access server (NAS) package is configured.

Workaround   There is no workaround.

CSCdx17656

Symptoms   A router may have only an 80 percent call success rate (CSR).

Conditions   This symptom is observed on two Cisco 3640 routers that are connected back-to-back using a Fast Ethernet connection when fax pass-through is stress tested with 46 calls. The concurrency level is set at 48 for the maximum session numbers and PRI-IP-channel-associated signaling (CAS) is used in the test setup.

Workaround   There is no workaround.

CSCdx19465

Symptoms   Hung voice calls may exist on a terminating gateway.

Conditions   This symptom is observed on a Cisco universal gateway if the IP link between the originating gateway and the terminating gateway goes down.

Workaround   There is no workaround.

CSCdx20157

Symptoms   The serial background process repeatedly attempts to bring up the serial interface in the middle of a call, the call is brought down, and a carrier transition occurs on the serial interface.

Conditions   These symptoms are observed on a serial interface on a Cisco AS5300.

Workaround   There is no workaround.

CSCdx21264

Symptoms   The virtual IP address on an EtherSwitch network module does not work as the default gateway for clients, and the virtual IP address cannot be pinged across subnets.

Conditions   These symptoms are observed on a Cisco 16-port EtherSwitch network module that is installed on a Cisco 2600 series or Cisco 3600 series router that is running Cisco IOS Release 12.2(8)T, Release 12.2(2)XT2, or Release 12.2(2)XT3.

Workaround   Enter the standby use-bia interface configuration command on the Cisco 16-port EtherSwitch network module.

CSCdx22835

Symptoms   A console port pauses indefinitely when the show call active voice EXEC command is entered.

Conditions   This symptom is observed on a Cisco AS5850 that is running Cisco IOS Release 12.2(11)T when the show call active voice EXEC command is entered while there is a call rate of 9 to 10 calls per second.

Workaround   To restore the access on the console port, reduce the rate of the calls.

CSCdx23756

Symptoms   A serial interface cannot be pinged even though the interface shows that the line protocol is in the "Up/Up" state.

Conditions   This symptom is observed on a 1-port serial WAN interface card (WIC-1T) or a 2-port serial WAN interface card (WIC-2T) that is installed in a Cisco 2600 series router that is running Cisco IOS Release 12.2(9.4)T.

Workaround   There is no workaround.

CSCdx24054

Symptoms   The Cisco IOS Telephony Service (ITS) voice-mail integration command-line interface (CLI) may not function. Customers who are using Cisco IOS Release 12.2(8)T with voice-mail inband integration requirements may not be able to upgrade to Cisco IOS Release 12.2(11)T.

Conditions   This symptom is observed on a Cisco 3600 series router.

Workaround   There is no workaround.

CSCdx24523

Symptoms   The Framed IP Netmask attribute 9 is not installed correctly.

Conditions   This symptom is observed when a PPP dialup is performed on a Cisco 7400 series router that is running Cisco IOS Release 12.2 T.

Workaround   There is no workaround.

CSCdx25545

Symptoms   A router may leak memory.

Conditions   This symptom is observed on a Cisco 7200 series router when a "getmany" Simple Network Management Protocol (SNMP) request is made.

Workaround   There is no workaround.

CSCdx25573

Symptoms   A gateway may report a nonzero duration for failed calls.

Conditions   This symptom is observed on a Cisco AS5400.

Workaround   There is no workaround.

CSCdx25768

Symptoms   Zone sorting (based on cost and priority) is giving higher precedence to lower priority values, and zone sorting priority has to be reversed.

Conditions   This symptom is observed on a Cisco 3600 router that is running Cisco IOS Release 12.2 T.

Workaround   There is no workaround.

CSCdx26302

Symptoms   The console port of a router pauses indefinitely after an incorrect timeout value is configured.

Conditions   This symptom is observed on a Cisco 2600 series router that is running Cisco IOS Release 12.2 T.

Workaround   There is no workaround.

CSCdx28816

Symptoms   A gateway may lose digital signal processor (DSP) channels after it receives "bursty" traffic.

Conditions   This symptom is observed on a Cisco gateway that is running Cisco IOS Release 12.2(2)XU3 in a Signaling System 7 (SS7) Interconnect for Voice Gateway environment when ISDN User Part (ISUP) transparency is configured and a "bursty" traffic load of 24 cells per second (CPS) with a short holding time (2 seconds) occurs.

Workaround   There is no workaround.

CSCdx28888

Symptoms   A Cisco AS5300 may play a constant tone on a channel-associated signaling (CAS) trunk to a calling party. The constant tone will not terminate until the calling party goes onhook.

Conditions   This symptom is observed when an ingress call is made via a CAS trunk to a Cisco AS5300 and the call is not completed either because the Cisco AS5300 receives an admission rejection (ARJ) message from the gatekeeper or because the far end disconnects the call with a cause code of 3, 41, or 38.

Workaround   There is no workaround.

CSCdx28905

Symptoms   The hairpin connection between ports on different high-density voice network modules (NM-HDVs) may not work; that is when a voice call is switched from a port on one NM-HDV to a port on another NM-HDV.

The same symptom may occur for hairpin connections between ports of an NM-HDV and any other T1 or E1 voice interface card (VIC) that is installed in either an NM-HDV, or in any network module that has two WAN interface card slots, or in slot 0 of the router.

A voice call between two ports on the same NM-HDV works fine.

Conditions   This symptom is observed on a Cisco 3660 router that is configured with a multiservice interchange (MIX) module.

Workaround   There is no workaround.

CSCdx30607

Symptoms   The following error message is logged when a virtual circuit (VC) is activated or deactivated on a Route Processor Module (RPM):

%RPM_VIRTUAL_PORT-3-IPCERR: switch_vport_send_pxm_with_reply: Vport re quest rejected by PXM. Error String = enErr:Input parameters are InCorrect.Error Code = 1869756999

The error message above indicates that the virtual port request is rejected by the Processor Switch Module 1 (PXM1) controller card.

Conditions   This symptom is observed when a VC is activated or deactivated on an RPM that is installed on a Cisco MGX 8850 advanced ATM multiservice switch that has a PXM1 controller card.

A VC can be activated or deactivated in the following scenarios:

Whenever the interface to which the VC is bounded goes down or up.

Whenever the interface to which the VC is bounded is administratively shut down or brought up using the shutdown interface configuration command or the no shutdown interface configuration command.

Workaround   There is no workaround. A "CONN_STATE_UPDT" request is not supported on a Cisco MGX 8850 that has a PXM1 controller card; such requests should not be sent.

CSCdx32463

Symptoms   A router may reload because of a software condition when a trustpoint label that has more than ten characters is configured.

Conditions   This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(10.1)T.

Workaround   Configure a trustpoint label that has fewer than ten characters. There is no workaround for labels that have predetermined lengths.

CSCdx33754

Symptoms   An interactive voice response (IVR) solution does not work with a T1 or a PRI connection on a WAN router or a LAN router and the following error message may be displayed:

%IVR_MSB-3-INVALID_MAX_PROMPTS: ms_play: This version of IOS does not support prompt playout for IVR applications

Conditions   This symptom is observed on a Cisco WAN or LAN router that has a T1 or PRI connection and that is running Cisco IOS Release 12.2 T.

Workaround   There is no workaround.

CSCdx33763

Symptoms   A subinterface of a Route Processor Module (RPM) can be deleted using a Simple Network Management Protocol (SNMP) command while connections exists on this subinterface. You should not be able to delete a subinterface using an SNMP command while connections exists on this subinterface.

Conditions   This symptom is observed on a Cisco MGX RPM that is running Cisco IOS Release 12.2 T. After the subinterface is deleted, the connection is still displayed in the output of the show switch connections EXEC command.

Workaround   There is no workaround.

CSCdx34038

Symptoms   A Cisco AS5400 may reload during the bootup process.

Conditions   This symptom is observed on a Cisco AS5400 that has a failed NextPort module.

Workaround   There is no workaround.

CSCdx35145

Symptoms   Ping failures may occur between the network access server (NAS) and a caller on ISDN PRI synchronous and asynchronous calls.

Conditions   This symptom is observed on a Cisco AS5850 that is running Cisco IOS Release 12.2(2)XB5 when an ISDN call is made while virtual profiles are enabled.

Workaround   Disable the virtual profiles on the access server for ISDN calls.

CSCdx34520

Symptoms   Spurious memory accesses and tracebacks may occur on a Cisco AS5400. The following error messages may be generated:

%ALIGN-3-SPURIOUS: Spurious memory access made at 0x614D3CBC reading 0x178

%ALIGN-3-TRACE: -Traceback= 614D3CBC 6149D0A0 610528B8 611D43F0 611E2EF0 611F9D38 611FA548 611F35D4

%ALIGN-3-TRACE: -Traceback= 614D33A8 602FF8F4 60303690 6149D0C8 610528B8 611D43F0 611E2EF0 611F9D38

Conditions   This symptom is observed on a Cisco AS5400 during a performance test with 648 channels using a Voice Extensible Markup Language (VXML) application.

Workaround   There is no workaround.

CSCdx36048

Symptoms   A gatekeeper may reload when a Cisco Gatekeeper Transaction Message Protocol (GKTMP) server replies with a location confirm (LCF) message to a location reject (LRJ) request.

Conditions   This symptom is observed on a Cisco gatekeeper that is configured with an LRJ trigger. When the gatekeeper receives an LRJ trigger from a remote gatekeeper, the originating gatekeeper sends a LRJ request to the server. The server changes this LRJ request to a LCF message. The gatekeeper reloads when the server sends the LCF message.

Workaround   Deconfigure the LRJ trigger on the gatekeeper.

CSCdx36191

Symptoms   PPP sessions are torn down and brought back up unnecessarily.

Conditions   This symptom is observed when you configure PPP sessions on an ATM interface and a virtual circuit (VC) class that is not related to the set of ATM permanent virtual circuits (PVCs).

Workaround   There is no workaround.

CSCdx36273

Symptoms   Incoming Multiprotocol Label Switching (MPLS) traffic that is destined for Virtual Private Network (VPN) prefixes cannot be forwarded over a VPN routing and forwarding (VRF) generic routing encapsulation (GRE) tunnel. The traffic is dropped at the disposition provider edge (PE) router, which is a Cisco 7500 series router.

Conditions   This symptom is observed when distributed switching is enabled on an interface.

Workaround   Configure the no ip route-cache distributed interface configuration command on the input interface.

Alternate Workaround   Configure the ip cef global configuration command.

CSCdx37044

Symptoms   When a Route Processor Module (RPM) subinterface is administratively shut down, "down" traps are generated for the RPM subinterface and for other subinterfaces that are in the "administratively up" state.

Conditions   This symptom is observed on a Cisco RPM that is running Cisco IOS Release 12.2 T.

Workaround   There is no workaround.

CSCdx37120

Symptoms   A router may reload with a bus error when the following EXEC commands are used to change the buffer playout parameters while the router is running and an ISDN interface is explicitly specified as the port:

test voice playout [adaptive | fixed | nots] {initial} {min} {max} {fax_nom} [port]

test playout [adaptive | fixed | nots] {initial} {min} {max} {fax_nom} [port]

When a non-ISDN interface such as an analog or channel-associated signaling (CAS) interface is specified as the port, the router does not reload, but an alignment error is produced in either of the commands stated above.

Conditions   These symptoms are observed on a Cisco 3600 series or a Cisco 3700 series router and do not affect the performance of the router significantly.

Workaround   There is no workaround.

CSCdx37293

Symptoms   Calls may pause indefinitely.

Conditions   This symptom is observed on a Cisco AS5400 during a stress test with 230 sessions of audio playback from multiple servers and storage locations (using HTTP, Real-Time Streaming Protocol [RTSP], Flash memory, and TFTP).

Workaround   There is no workaround.

CSCdx37763

Symptoms   A router may reload because of a memory corruption.

Conditions   This symptom is observed during a stress test when you record to RAM and to various servers (using Real-Time Streaming Protocol [RTSP], Simple Mail Transfer Protocol [SMTP], and HTTP).

Workaround   There is no workaround.

CSCdx38037

Symptoms   A router may reset unexpectedly with a bus error when the command-line interface (CLI) test gssapi init_sec_contxt server name command is issued.

Conditions   This symptom is observed on any platform that supports the CLI test gssapi init_sec_contxt server name command.

Workaround   Configure the kerberos local-realm kerberos-realm global configuration command.

CSCdx38779

Symptoms   A voice port does not come up if the pri-group timeslots 1-24 nfas_d none controller configuration command is configured under the T1 1/0 controller on a Cisco 3600 series or a Cisco 3700 series router.

Conditions   This symptom is observed on a Cisco 3600 series or a Cisco 3700 series router that has a network module. The voice port works normally if the T1 1/0 controller is configured as the primary D channel.

Workaround   There is no workaround.

CSCdx40218

Symptoms   The ignore-dcd interface configuration command does not function on a serial interface.

Conditions   This symptom is observed on a Cisco 2600 series router that has a 1-port WAN interface card (WIC-1T), 2-port serial WAN interface card (WIC-2T), or a 2-port asynchronous/synchronous WAN interface card (WIC-2A/S).

The ignore-dcd interface configuration command does function on a 4-port asynchronous/synchronous serial network module (NM-4A/S) and an 8-port asynchronous/synchronous network module (NM-8A/S).

Workaround   There is no workaround.

CSCdx40327

Symptoms   A bus error may occur, and a gateway may reload.

Conditions   This symptom is observed in a Signaling System 7 (SS7) Interconnect for Voice Gateway environment that includes a Cisco AS5300, during the processing of a combination of H.323 Voice over IP (VoIP) calls and SS7 to channel-associated signaling (CAS) hairpin calls.

Workaround   There is no workaround.

CSCdx40656

Symptoms   Memory leaks may occur in authentication, authorization, and accounting (AAA) when T.37 onramp calls are stress-tested.

Conditions   This symptom is observed on a Cisco AS5400.

Workaround   There is no workaround.

CSCdx42312

Symptoms   A router may reload when it attempts to access a nonexistent HTTP server.

Conditions   This symptom is observed on a Cisco router.

Workaround   There is no workaround.

CSCdx44281

Symptoms   When a Cisco AS5850 is reloaded, not all D channels can be brought up.

Conditions   This symptom is observed on a Cisco AS5850 that is running the c5850-p9-mz image of Cisco IOS Release 12.2(2)XB.

Workaround  There is no workaround.

CSCdx45386

Symptoms   An end-to-end ping cannot be sent from a customer edge (CE) router to another CE router.

Conditions   This symptom is observed in Cisco IOS Release 12.2(10.3)T1 in network in which two CE routers are connected through two provider edge (PE) routers and there are distributed Link Fragmentation and Interleaving (dLFI)-over-Frame Relay or dLFI-over-ATM links between the CE and PE routers. Packets are not switched via distributed Cisco Express Forwarding (dCEF) for the dLFI-over-Frame Relay or dLFI-over-ATM egress interface on the PE router.

Workaround   There is no workaround.

CSCdx46251

Symptoms   When a fax call arrives from an originating call generator of a T.38-enabled gateway (GW) over a connection trunk, the GW switches to T.38 fax-relay mode. After the fax download is complete, the call switches to voice mode and no obvious error messages are found in the output of the GW debug commands. However, the fax has not been received in the terminating call generator. The terminating call generator produces an error code 0x6F, and the originating call generator produces an error code 0x3F. The same T.38 fax-relay call works fine on a nontrunk H.323 GW.

Conditions   This symptom is observed on Cisco 3640 routers that are running Cisco IOS Release 12.2(11)T in the following test topology:

A call originates from a Cisco AS5300 and arrives over a T1 channel-associated signaling (CAS) line at a Cisco 3640 router that functions as an H.323 outgoing gateway (OGW). The OGW forwards the call through a Voice over IP (VoIP) connection to another Cisco 3640 router that functions as an H.323 terminating gateway (TGW). The TGW forwards the call over a T1 channel-associated signaling (CAS) line to a Cisco AS5300 that terminates the call.

Workaround   There is no workaround.

CSCdx46856

Symptoms   A Cisco AS5400 stops responding during a call run, and the following message is displayed on the console port:

low on memory, try again later

Conditions   This symptom is observed on a Cisco AS5400 that is running a c5400-js-mz image.

Workaround   There is no workaround.

CSCdx47149

Symptoms   When reusing the same 8-port number to configure 24 Redundant Link Manager (RLM) groups per Cisco AS5850-route switch controller (RSC) (48 RLM groups per Cisco AS5850), only 8 RLM groups per RSC are active at a time. Because three loopback interfaces per RSC are used to divide each RSC into three virtual network access servers (NASs), the same 8-port number (3000-3016) should be reusable for each virtual NAS and all 24 RLM groups per RSC should be able to be brought up.

Conditions   This symptom is observed on a Cisco AS5850 when the customer attempts to configure more than 8 RLM groups. The User Datagram Protocol (UDP) socket handler function selects the socket for RLM on the basis of the incoming UDP ports and source IP address.

Workaround   There is no workaround.

CSCdx47840

Symptoms   False silence detection does not work for recording.

Conditions   This symptom is observed on a Cisco AS5300.

Workaround   Use dual tone multifrequency (DTMF) or define a maximum time (maxtime) for the recording duration to terminate the recording.

CSCdx48036

Symptoms   Attribute 77 is not supported on NextPort asynchronous calls.

Conditions   This symptom is observed on a Cisco AS5400.

Workaround   There is no workaround.

CSCdx48567

Symptoms   A low call success rate (CSR) may occur.

Conditions   This symptom is observed on a Cisco AS5400 when basic Media Gateway Control Protocol (MGCP) calls are broken up.

Workaround   There is no workaround.

CSCdx48689

Symptoms   The ISDN Layer 2 is not in the "MULTIPLE-FRAME_ESTABLISHED" state when the ISDN Layer 1 for the D channel is in the "DEACTIVATED" state.

Conditions   This symptom is observed when a router is reloaded after you have enabled the pri-group timeslot 1-24 service mgcp controller configuration command.

Workaround   Disable the pri-group timeslot 1-24 service mgcp controller configuration command before you reload the router and reenable the pri-group timeslot 1-24 service mgcp controller configuration command after the router has reloaded. Do not enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the controller after the Media Gateway Control Protocol (MGCP) backhaul configuration has occurred.

CSCdx48844

Symptoms   Digital signal processors (DSPs) may reload and their corresponding calls are dropped if there are bit errors in the IP cloud. The following console message may be displayed when this symptom occurs:

hda_tx_dsp_pak: Transmit Ring is full. ep = 108 host pointer= 106

Conditions   This symptom is observed on a Cisco voice gateway that has a high density analog voice network module (NM-HDA). The DSPs stop responding after they have reloaded. If all DSPs enter a nonresponsive state, the NM-HDA has to be removed and reinserted to be restored to normal working condition.

Workaround   There is no workaround.

CSCdx48860

Symptoms   A stale raw message pointer is used to send disengage requests (DRQs).

Conditions   This symptom is observed if multiple DRQs are sent and if the Call Control Application Programming Interface (CCAPI) reuses the cached raw message pointer. When DRQs are either lost or time out, invalid data may be accessed if the cached raw message pointer is reused.

Workaround   There is no workaround.

CSCdx49272

Symptoms   Intrazone calls are affected when the bandwidth remote gatekeeper configuration command or the bandwidth interzone gatekeeper configuration command is entered.

Conditions   This symptom is observed in Cisco IOS Release 12.2(2)T and later T-train releases but does not affect Cisco IOS mainline releases.

Workaround   There is no workaround.

CSCdx49295

Symptoms   A router may reload when fax calls are made.

Conditions   This symptom is observed on a Cisco AS5400 that has Resource Reservation Protocol (RSVP) configured.

Workaround   There is no workaround.

CSCdx49684

Symptoms   A memory leak may occur with every call on a Cisco AS5400.

Conditions   This symptom is observed on a Cisco AS5400 that has preauthentication enabled and either the no gw-accounting aaa global configuration command or the gw-accounting syslog global configuration command configured.

Workaround   Enable the gw-accounting aaa global configuration command instead of the gw-accounting syslog global configuration command.

CSCdx49902

Symptoms   Memory leaks may occur in the CCH323_CT process.

Conditions   This symptom is observed on a Cisco AS5400. This symptom does not appear to have any effect on the system performance.

Workaround   There is no workaround.

CSCdx50241

Symptoms   Only a one-way Real-Time Transport Protocol (RTP) stream can be established between Session Initiation Protocol (SIP) and Media Gateway Control Protocol (MGCP) phones.

Conditions   This symptom is observed on a Cisco IAD 2420 integrated access device that is running Cisco IOS Release 12.2(8)T.

Workaround   There is no workaround.

CSCdx50317

Symptoms   Memory allocation difficulties may occur and digital signal resources may be overbooked when authentication, authorization, and accounting (AAA) timeouts occur.

Conditions   This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.2(11)T and may be caused by a rejected call that is dangling and that is not properly cleaned.

Workaround   There is no workaround.

CSCdx50421

Symptoms   A "VXML_ERROR_INVALID" error message is generated for the following prompts and tags:

element <audio> with attribute "fetchtimeout = 0s"

element <break> with attribute "time = 0s"

element <link > with attribute "fetchtimeout = 0s"

element <prompt> with attribute "timeout = 0s"

element <transfer> with attribute "connectiontimeout = 0s"

Conditions   These symptoms are observed on a Cisco AS5300 that is running the c5300-is-mz image of Cisco IOS Release 12.2(11)T.

Workaround   There is no workaround.

CSCdx50798

Symptoms   When Resource Pool Management (RPM) is enabled, the authorization of digital virtual private dialup network (VPDN) calls on NextPort modems is skipped.

Conditions   This symptom is observed on a NextPort modem on a Cisco AS5400.

Workaround   Terminate digital VPDN calls on High-Level Data Link Control (HDLC) resources when the RPM is enabled.

CSCdx50836

Symptoms   A router may reload when IP phones are reset.

Conditions   This symptom is observed on a Cisco Catalyst 4224 that is running Cisco IOS Release 12.2(9.4)PI4.

Workaround   There is no workaround.

CSCdx51144

Symptoms   A router may reload when calls are passed through it.

Conditions   This symptom is observed on a Cisco 827 router only if the router is running Cisco IOS Release 12.2(10.3)T2.

Workaround   There is no workaround.

CSCdx51381

Symptoms   The access restrict feature does not function when a client router and Virtual Private Network (VPN) are configured to use certificates instead of preshared keys.

Conditions   This symptom is observed on a Cisco 7100 series router. The access restrict feature works fine when preshared keys are used.

Workaround   Configure the client router and VPN to use preshared keys instead of certificates.

CSCdx51540

Symptoms   The route to a client IP address that was installed into a Virtual Private Network (VPN) routing and forwarding (VRF) instance using Reverse Route Injection (RRI) is removed when the IP Security (IPSec) security associations (SAs) are rekeyed.

Conditions   This symptom causes the loss of connectivity between the client and the rest of the VPN.

Workaround   Redistribute the summarized subnet.

CSCdx52226

Symptoms   A Cisco AS5800 may reload.

Conditions   This symptom is observed on a Cisco AS5800 that is running Cisco IOS Release 12.2 T when multilink multichassis PPP calls are set up and torn down at a random rate of less than 3 calls per second.

Workaround   There is no workaround.

CSCdx52638

Symptoms   A Cisco 2651 may reload with a segmentation violation (SegV) exception.

Conditions   This symptom is observed on the Fast Ethernet interface of a Cisco 2651 that is running Cisco IOS Release 12.2(8)T and that is configured with both priority queueing and quality of service (QoS) preclassification.

Workaround   Disable priority queueing on the Fast Ethernet interface.

CSCdx53028

Symptoms   A certification authority (CA) trustpoint cannot be authenticated through TFTP.

Conditions   This symptom is observed in Cisco IOS Release 12.2(8)T.

Workaround   Use a cut-and-paste procedure to configure the CA trustpoint and use HTTP to authenticate the CA trustpoint.

CSCdx53140

Symptoms   A router may reload because of a corrupted call detail block (CDB) memory access in vtsp_is_modem_passthrough_active.

Conditions   This symptom is observed on a Cisco MC3810 when a voice call is started.

Workaround   There is no workaround.

CSCdx53209

Symptoms   A user can hear the caller identification (ID) modem burst if the phone is picked up quickly.

Conditions   This symptom is observed on a Cisco IAD 2420 integrated access device that is running Cisco IOS Release 12.2(8)T.

Workaround   There is no workaround.

CSCdx54219

Symptoms   A router may reload if the PPP over Ethernet (PPPoE) virtual private dialup network (VPDN) group is misconfigured and does not contain a virtual template.

Conditions   This symptom is observed on a Cisco router that is configured to terminate PPPoE sessions.

Workaround   Ensure that the PPPoE VPDN group contains a virtual template.

CSCdx54283

Symptoms   If the voice class h323 tag global configuration command is configured without configuring an H.225 timeout connect value that references this voice class in an outbound Voice over IP (VoIP) dial peer, all outbound dial peers will disconnect immediately with a cause code 41 (temporary failure).

Conditions   This symptom is observed on a Cisco AS5400 in a Signaling System 7 (SS7) Interconnect for Voice Gateways environment. In the affected setup, the voice class h323 tag global configuration command has to be configured with a valid value (60 to 360 seconds).

Workaround   Use the h225 timeout setup value voice class configuration command to set the H.225 timeout connect value to a valid value (60 to 360 seconds).

CSCdx54940

Symptoms   A high CPU utilization condition may be observed on a router, and the router may stop responding and display the following traceback message:

Traceback= 61351904 613E46A0 6160FEA4 6161EA04 6144DD18 6144DF20 6144E374 614448A0

Conditions   This symptom is observed on a router that has a high density analog voice network module (NM-HDA) when Media Gateway Control Protocol (MGCP) Voice over ATM Adaptation Layer 2 (VoAAL2) calls are made.

Workaround   There is no workaround.

CSCdx55838

Symptoms   Outgoing calls may fail on a router.

Conditions   This symptom is observed on a Cisco AS5850 when a network continuity test (COT) in transponder mode is requested by a vendor-specific switch.

Workaround   There is no workaround.

CSCdx56046

Symptoms   The branch count may become -1 instead of 0 when a Multifrequency (MF) main branch is removed.

Conditions   This symptom is observed on a Cisco AS5400.

Workaround   There is no workaround.

CSCdx56133

Symptoms   Poor voice quality and dropped calls may occur on a High-Density Analog Voice/Fax Network Module (NM-HDA) with interactive voice response (IVR).

Conditions   This symptom is observed on a Cisco 3600 series router that is running Cisco IOS Release 12.2(10.5)T.

Workaround   There is no workaround.

CSCdx56166

Symptoms   A gateway may reload.

Conditions   This symptom is observed when an Open Settlement Protocol (OSP) call is made on a Cisco AS5400 that is running Cisco IOS Release 12.2 T.

Workaround   There is no workaround.

CSCdx56822

Symptoms   A vendor-specific conferencing device that is registered to a router cannot perform transfer and hold call functions.

Conditions   This symptom is observed on a vendor-specific conferencing device.

Workaround   Use Cisco IOS Telephony Services (ITS)-supported firmware.

CSCdx57319

Symptoms   If more than one certificate authority (CA) trustpoint is pointed to a given CA server, the CA public key will be removed if one of the CA trustpoints is deleted. Subsequent enrollments to the other CA trustpoint will fail.

Conditions   This symptom is observed if more than one CA trustpoint is pointed to a given CA server.

Workaround   Add another trustpoint that points to the CA server before enrollment.

CSCdx57530

Symptoms   A call may pause indefinitely on a terminating gateway and cause resources to hang.

Conditions   This symptom is observed when a call is made on a terminating gateway that is running receive and transmit (E&M) wink start signaling and that has failed digital signal processors (DSPs).

Workaround   There is no workaround.

CSCdx58240

Symptoms   A router may reload if the router is configured with an interface that is inoperative or the interface is shut down.

Conditions   This symptom is observed on a Cisco 3640 router.

Workaround   There is no workaround.

CSCdx60836

Symptoms   A gatekeeper that is processing egress calls may fail to release memory. Over time this situation may result in call failures.

Conditions   This symptom is observed in a Cisco Signaling System 7 (SS7) Interconnect for Voice Gateways Solution environment.

Workaround   There is no workaround.

CSCdx61039

Symptoms   A router may reload at infrequent times with H.323 calls during a stress test.

Conditions   This symptom is observed on a Cisco AS5300 that is running Cisco IOS Release 12.2(10.5)T.

Workaround   There is no workaround.

CSCdx61680

Symptoms   If Multifrequency (MF)-Feature Group D (FGD) call termination occurs in a Cisco AS5800, the line signaling for call termination does not behave properly, which results in calls being unanswered, and the circuit may pause indefinitely The egress test equipment receives all digits and answers the call, but the answer signaling is not being propagated to the ingress side.

Conditions   This symptom is observed on a Cisco AS5800 that is running Cisco IOS Release 12.2(10.6)T and that is functioning as an egress voice gateway for MF-FDG receive and transmit (E&M) signaling trunks.

Workaround   There is no workaround.

CSCdx62210

Symptoms   A Node Route Processor 2 (NRP2) may reload when ATM virtual circuits (VCs) are provisioned or deprovisioned.

Conditions   This symptom is observed on a Cisco 6400 series platform.

Workaround   Shut down the VC to ensure that traffic is not flowing through the VC before you provision or deprovision VCs.

CSCdx62595

Symptoms   A Media Gateway Control Protocol (MGCP) gateway does not negotiate the use of payload value 98 from the mgcp tse payload 98 global configuration command.

Conditions   This symptom is observed when a dual tone multifrequency (DTMF) relay call is made when the Cisco AS5850 is not configured in the MGCP DTMF relay mode.

Workaround   There is no workaround.

CSCdx63555

Symptoms   A router may not be able to play any interactive voice response (IVR) prompts from TFTP or Flash. The following errors are generated:

%IPM_C54X-1-TOOBIG: DSP 0, packet(size 260) too big.

%IPM_C54X-1-TOOBIG: DSP 0, packet(size 260) too big.

%IPM_C54X-1-TOOBIG: DSP 0, packet(size 260) too big.

%IPM_C54X-1-TOOBIG: DSP 0, packet(size 260) too big.

Conditions   This symptom is observed on a Cisco 1751 router that is running Cisco IOS Release 12.2(10.6)T.

Workaround   There is no workaround.

CSCdx63602

Symptoms   A traceback may occur in xcsp_ppp_event_proc, and the router may reload.

Conditions   This symptom is observed on a Cisco AS5400 when a call is made without a hardware interface data block (HWIDB).

Workaround   There is no workaround.

CSCdx64530

Symptoms   No free event structure may be available from the "vtsp_ev_chunk_pool" for a digital signal processor (DSP).

Conditions   This symptom is observed on a Cisco AS5400 that is running the c5400-js-mz image of Cisco IOS Release 12.2 T.

Workaround   There is no workaround.

CSCdx64709

Symptoms   When a channel that belongs to controllers 7/0 to 7/7 is involved in a call, the RADIUS call detail record (CDR) that is generated by a Cisco AS5400 may display incorrect values in the cisco-vsa-port-string and cisco-avpair fields. The values for these fields in the RADIUS CDR are "6/x:y" instead of "7/x:y."

Conditions   This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.2(11)T in a Cisco Signaling System 7 (SS7) Interconnect for Voice Gateways Solution. This symptom is observed with calls that have a channel that belongs to controller 7/0 to 7/7.

Workaround   There is no workaround.

CSCdx65795

Symptoms   A router may reload before it completes the bootup process.

Conditions   This symptom is observed on a Cisco 3660 router when it is booted up with the c3660-g4js-mz image or with certain telcoent images of Cisco IOS Release 12.2(8)T1.

Workaround   There is no workaround.

CSCdx66259

Symptoms   If a negative output attenuation value is configured on a voice port and this value is applied to a NextPort digital signal processor (DSP), the following error is seen:

%NP_VSM-3-OUT_OF_RANGE_VALUE: OUTPUT GAIN value:[#] is out of range

Conditions   This symptom is observed on a Cisco AS5850.

Workaround   Do not configure a negative output attenuation on a voice port when using NextPort DSPs.

CSCdx67000

Symptoms   A router may consistently reload if Internetwork Packet Exchange (IPX) and RADIUS are enabled on the router and a modem dialin user attempts to connect to the router.

Conditions   This symptom is observed on a Cisco 5400HPX that is running Cisco IOS Release 12.2(2)XB5.

Workaround   Disable either IPX or RADIUS on the router.

CSCdx67538

Symptoms   A T1 PRI call cannot be made after a Media Gateway Control Protocol (MGCP) gateway rehomes back to MGCP control following a fallback to H.323 control.

Conditions   This symptom is observed on a Cisco Catalyst 4224 and on a Cisco Catalyst 4000 Access Gateway Module.

Workaround   There is no workaround.

CSCdx68161

Symptoms   If a T1 link in a channel-associated signaling (CAS) trunk group goes down, an incorrect value of 11 may populate the "Pending" field of the "Total calls for trunk group:" section in the output of the show trunk group command. This value is incremented by 11 each time the T1 goes down and comes up. The remaining channels in the span, less these 11, are populated in the "Free" field even though all channels in the span are available and free.

Conditions   This symptom is observed on a Cisco AS5850 that is running Cisco IOS Release 12.2(10.7)T1.

Workaround   Reload the gateway.

CSCdx68171

Symptoms   When an H.323 call to the IP side debit card application on a terminating gateway is made, no prompts are heard.

Conditions   This symptom is observed on a Cisco AS5300 that is running Cisco IOS Release 12.2(10.6)T, and it affects the interactive voice response (IVR) application that has a codec class configuration.

Workaround   Do not use a codec class.

CSCdx68391

Symptoms   A router may reload if the long pound is used several times to enter an incorrect destination number.

Conditions   This symptom is observed on a Cisco AS5850 that is running the c5850-p9-mz image of Cisco IOS Release 12.2(11)T when a call is made with the debit card application on the incoming plain old telephone service (POTS) side.

Workaround   There is no workaround.

CSCdx68422

Symptoms   A severe memory leak may occur in an H.323 environment after channel-associated signaling (CAS) Feature Group-B (FGB) voice calls (on 8 T1 lines) are run for a long duration (more than 20 hours).

Conditions   This symptom is observed on a Cisco AS5400.

Workaround   There is no workaround.

CSCdx68556

Symptoms   On a router, when the Media Gateway Control Protocol (MGCP) default codec is set to G.711 with a packetization period of 20 ms, the codec bytes for the Real-Time Transport Protocol (RTP) stream are 160. When the MGCP default codec is G.711 with a packetization period of 10 ms, the codec bytes for the RTP stream are 80.

The network access server (NAS) ignores the create connection (CRCX) Session Definition Protocol (SDP) parameters; that is, the codec bytes appear to use 10 ms when the CRCX states 20 ms and the default is 10 ms. This results in poor voice quality.

Conditions   This symptom is observed on a Cisco AS5400.

Workaround   Use the G.711 default codec with a packetization period of 20 ms.

CSCdx70306

Symptoms   A Cisco platform that functions as a Voice Telephony Service Provider (VTSP) reloads because of a bus error exception.

Conditions   This symptom occurs when an interactive voice response (IVR) application terminates unexpectedly immediately after a CONNECT message is received.

Workaround   Do not request notification of a CONNECT message or do not terminate the call upon the notification of a CONNECT message.

CSCdx70345

This caveat resolves critical issues related to CSCdx62034 (a digital signal processor [DSP] may reload during a modem relay and Frame Relay test) and CSCdv71641 (a DSP serial port reset is required).

Symptoms A   The symptoms for CSCdx62034 are as follows:

A DSP may reload, resulting in a temporary loss of channel connectivity for all channels of this DSP.

Conditions A   This symptom is observed under stress conditions, with a combination of modem relay and Frame Relay calls.

Workaround A   There is no workaround.

Symptoms B   The symptoms for CSCdv71641 are as follows:

Voice ports on a Cisco AS5300 may fail to transport voice, causing a dead-air condition on certain channels.

Conditions B   This symptom is observed in rare cases, when serial ports on a DSP stop operating because of irregular conditions existing on the E1 or T1 line connected to voice ports on a Cisco AS5300.

The voice port can be recovered by resetting the Voice Feature Card (VFC), by resetting the DSP, or by reloading the router.

Workaround B   There is no workaround.

CSCdx70506

Symptoms   Digital signal processor (DSP) resources are not being allocated to channel-associated signaling (CAS) calls by the call switching module (CSM).

Conditions   This symptom is observed on a Cisco AS5300.

Workaround   There is no workaround.

CSCdx73943

Symptoms   The Media Gateway Control Protocol (MGCP) Cisco fax relay functionality may not function.

Conditions   This symptom is observed on a Cisco 3600 series router that is running Cisco IOS Release 12.2(10.7)T1.

Workaround   There is no workaround.

CSCdx74340

Symptoms   Traffic shaping may be affected when a Route Processor Module (RPM) in an adjacent slot boots up.

Conditions   This symptom is observed on a Cisco MGX RPM that has traffic shaping configured when another RPM is inserted in the adjacent slot. Traffic shaping is affected until the Processor Switch Module (PXM) recognizes the card and changes the cell-bus clock speed.

Workaround   There is no workaround.

CSCdx74358

Symptoms   Multiple sessions may not be established between a Secure Socket Layer (SSL) server and a client.

Conditions   This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(10.7)T1.

Workaround   There is no workaround.

CSCdx74654

Symptoms   A router may reload when the show running-config privileged EXEC command is entered.

Conditions   This symptom is observed on a Cisco router when the cns config notify command is configured and the line console line-number global configuration command-line interface (CLI) command is entered.

Workaround   Do not use these two CLI commands in the same router configuration.

CSCdx75077

Symptoms   A gatekeeper may not route calls to all gateway members of a trunk group.

Conditions   This symptom is observed on a Cisco 7200 series router.

Workaround   There is no workaround.

CSCdx75724

Symptoms   Speech recognition may not function.

Conditions   This symptom is observed on a Cisco AS5300. In a Voice Telephony Service Provider (VTSP) platform, Voice Activity Detection (VAD) is always enabled for record and Automatic Speech Recognition (ASR). For ASR to function properly, VAD needs to be disabled. VAD must be enabled only when the final silence parameter is set.

Workaround   There is no workaround.

CSCdx75770

Symptoms   An event agent may not be able to gain connectivity with a TibGate, and Cisco Networking Services (CNS) event services may not be usable.

Conditions   This symptom is observed on a router when the cns event agent global configuration command is first disabled, the cns id global configuration command is enabled, and the cns event agent global configuration command is then reenabled. This situation causes the event ID that is used by the event agent to come up as "Invalid_Event_Id," regardless if the cns id global configuration command is enabled.

Workaround   For the correct value to be used, disable the cns id global configuration command when the cns event agent global configuration command is disabled and reenabled, and reenable the cns id global configuration command afterwards.

CSCdx75797

Symptoms   DSPALARM, DSP_TIMEOUT, and invalid Finite State Machine (FSM) conditions may occur within two hours of starting a stress bed test.

Conditions   This symptom is observed on a Cisco AS5300 when the stress call is started with the dual tone multifrequency (DTMF) path confirmation enabled in the following setup:

A call generator from a third-party vendor connects over a T1 PRI line to a Cisco AS5300 that is functioning as an H.323 Voice over IP (VoIP) gateway. The Cisco AS5300 connects over a T1 channel-associated signaling (CAS) line to a call generator from a third-party vendor.

Workaround   There is no workaround.

CSCdx76402

Symptoms   A server may not play either the busy or the reorder tone down a channel-associated signaling (CAS) trunk to the calling party.

Conditions   This symptom is observed on a Cisco AS5850 when an ingress call is made on a CAS Multifrequency (MF)-Feature Group D (FGD) trunk and either the calling party is busy or the call cannot be completed.

Workaround   There is no workaround.

CSCdx77152

Symptoms   Packets that are generated by a router to legacy dialer interfaces may not be transmitted properly when Cisco Express Forwarding (CEF) is enabled.

Conditions   This symptom is observed on a Cisco AS5850 that has CEF enabled.

Workaround   There is no workaround.

CSCdx77575

Symptoms   A Media Gateway Control Protocol (MGCP) PRI backhaul call may not be disconnected on fallback.

Conditions   This symptom is observed on a Cisco Catalyst 4224 and a Cisco Catalyst 4000 Access Gateway Module following an MGCP fallback. When the symptom occurs, no further H.323 or MGCP PRI calls can be made on the same channel.

Workaround   Reload the Cisco Catalyst 4224 or Cisco Catalyst 4000 Access Gateway Module.

CSCdx78948

Symptoms   Traceback messages are displayed repeatedly.

Conditions   This symptom is observed on a Cisco 7200 series router that has the Cisco Networking Services (CNS) event agent configured in the bootstrap configuration and when the initial CNS configuration process fails.

Workaround   There is no workaround.

CSCdx79038

Symptoms   In a Media Gateway Control Protocol (MGCP) modem pass-through Voice over IP (VoIP) environment, codec G.726-32 does not function.

Conditions   This symptom is observed on a Cisco IAD2400 that is running Cisco IOS Release 12.2(11)T.

Workaround   Use a different codec.

CSCdx79075

Symptoms   Digital signal processor (DSP) alarm conditions, memory fragmentation, and buffer shortage conditions may occur within five minutes of starting a stress test.

Conditions   This symptom is observed on a Cisco AS5300 when a stress call is started with the dual tone multifrequency (DTMF) path confirmation enabled and the debug hpi error and debug vtsp error EXEC commands are enabled in the following setup:

A call generator of a third-party vendor connects over a T1 PRI line to a Cisco AS5300 that is functioning as an H.323 Voice over IP (VoIP) gateway. The Cisco AS5300 connects over a T1 channel-associated signaling (CAS) line to another call generator of a third-party vendor.

Workaround   There is no workaround.

CSCdx79247

Symptoms   If a T1 link in a channel-associated signaling (CAS) trunk group goes down, an incorrect value of 11 may populate the "Pending" field of the "Total calls for trunk group:" section in the output of the show trunk group command. This value is incremented by 11 each time the T1 goes down and comes up. The remaining channels in the span, less these 11, are populated in the "Free" field even though all channels in the span are available and free.

Conditions   This symptom is observed on a Cisco AS5300, Cisco AS5350, Cisco AS5400, Cisco AS5800, or Cisco AS5850 that is running Cisco IOS Release 12.2(10.7)T1.

Workaround   Reload the gateway.

CSCdx80434

Symptoms   Within one hour of starting a stress test, the following BADSHARE message is displayed:

%SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=61FBDBFC, count=0

Conditions   This symptom is observed on a Cisco AS5300 when a stress call is started with the dual tone multifrequency (DTMF) path confirmation enabled and the debug hpi error and debug vtsp error EXEC commands are enabled in the following setup:

A call generator of a third-party vendor connects over a T1 PRI line to a Cisco AS5300 that is functioning as an H.323 Voice over IP (VoIP) gateway. The Cisco AS5300 connects over a T1 channel-associated signaling (CAS) line to another call generator of a third-party vendor.

Workaround   There is no workaround.

CSCdx80547

Symptoms   A Voice Telephony Service Provider (VTSP) voice processor module (VPM) may get stuck in the "wait release" state.

Conditions   This symptom is observed on a voice network module (NM-1V or NM-2V) or on a high-density voice network module (NM-HDV) that is installed in a Cisco 3600 series router that is running Cisco IOS Release 12.2(10.7)T2. The symptom occurs when a new call comes in while the previous one has been terminated but the port is not yet on-hook because the port timers (wait-release/call-disconnect) have not yet expired.

Workaround   There is no workaround.

To bring the VPM back into service on a voice network module, reload the voice network module.

To bring the VPM back into service on a high-density voice network module, use one of the following solutions:

To reset the digital signal processor (DSP) and restore the port, change the codec complexity to high and then back to normal (or the other way around).

To restore the port, reset the DSP using the test hda 1 hidden command.

After you have applied one of these two solutions, the VPM is back into service, but the output of the show voice call summary command still displays the "wait release" state, which is no longer correct.

CSCdx81247

Symptoms   Clock slips may occur on a universal router module (URM) T1/E1 controller interface.

Conditions   This symptom is observed when the clocking configuration receives the URM clocking from an attached device. When the URM is set to Internal timing and the attached device to Receive, no slips are observed. If the URM is set to Line Timing and the attached device is set to Internal, slips are seen on the T1/E1 controller interface.

The default clock source configuration on the T1/E1s is line. The show controller [t1 | e1] slot|port EXEC command displays the clock source configuration as follows:

Router# show controllers t1 2/0 brief

T1 2/0 is up.

Applique type is Channelized T1

Cablelength is long gain36 0db

Transmitter is sending remote alarm.

Receiver has loss of signal.

alarm-trigger is not set

Version info Firmware: 20020306, FPGA: 11

Framing is SF, Line Code is AMI, Clock Source is Line.

Data in current interval (20 seconds elapsed):

0 Line Code Violations, 0 Path Code Violations

0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins

0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs

Workaround   There is no workaround.

CSCdx81961

Symptoms   On a router, the total amount of free memory may decrease over time, causing memory allocation (MALLOC) failure messages after a long period of time. This symptom may also cause memory fragmentation that will lead to MALLOC failure messages even when memory is available on the router.

Conditions   This symptom is observed on a Cisco router when Internet Key Exchange (IKE) connections are used and negotiated with aggressive mode. The memory leak occurs only on the responder of aggressive mode. The memory leak does not occur when the Cisco Unity client is used as the IKE initiator or when the IKE Extended Authentication (Xauth) version 2 is used during IKE negotiation.

Possible Workarounds   Use IKE main mode instead of aggressive mode or use Xauth version 2.

CSCdx82893

Symptoms   When a Cisco IOS Telephony Service (ITS) router uses loopback-directory number (loopback-dn) configurations and the voice-class codec is set to use a-law as first priority, poor voice quality may occur during three-party conferencing.

Conditions   This symptom is observed on a Cisco 3600 series router.

Workaround   Select G.711 u-law instead of a-law for the on-net Voice over IP (VoIP) calls.

CSCdx84318

Symptoms   A Cisco AS5400 may reload.

Conditions   This symptom is observed when a channel group configuration is removed and a PRI group configuration is added.

Workaround   After removing the channel group configuration, wait for about two minutes before adding the PRI group configuration.

CSCdx84754

Symptoms   A router may reload at "pm7366_fastsend" because of a bus error.

Conditions   This symptom is observed on a Cisco AS5400 during a stress test.

Workaround   There is no workaround.

CSCdx85026

Symptoms   After a Cisco router has reloaded, it may not be able to connect to a Cisco IE2100. The error trace may indicate an authentication error.

Conditions   This symptom is observed on a router that has the cns config initial hostname no-persist global configuration command enabled and that has a Cisco Networking Services (CNS) password in the startup configuration through the use of the cns password hidden command-line interface (CLI) command.

Workaround   Reconfigure the router so that the CNS password is not configured in the startup configuration. Enter the following sequence of commands:

config terminal

cns password

write memory

copy tftp startup-config

CSCdx85659

Symptoms   An ISDN layer 2 may go down after a switchover on a Virtual Switch Controller (VSC).

Conditions   This symptom is observed on a Cisco AS5300 that is running Cisco IOS Release 12.2(10.7)T2.

Workaround   There is no workaround.

CSCdx86570

Symptoms   Spurious memory accesses may occur on a per-packet basis on a Versatile Interface Processor (VIP). In addition, interfaces and routing protocols on the affected VIP and other interfaces on the router may flap.

Conditions   These symptoms are observed on a Cisco 7500 series router when Multiprotocol Label Switching (MPLS) is enabled on one of the VIP interfaces.

Workaround   There is no workaround.

CSCdx89971

Symptoms   A router may not boot.

Conditions   This symptom is observed on a Cisco 3745 router that is running the Cisco image c3745-ik9o3s-mz.12.2(10.7)T3.

Workaround   There is no workaround.

CSCdx90010

Symptoms   When you enter the test dsprm command followed by the show pool command, some failed digital signal processors (DSPs) may appear to be located in the disabled queue.

Conditions   This symptom is observed on a Cisco AS5300 when a stress call is started with the dual tone multifrequency (DTMF) path confirmation enabled and when all Voice over IP (VoIP) peers are configured with the no vad dial-peer configuration command in the following test topology:

A call generator of a third-party vendor connects over a T1 PRI line to a Cisco AS5300 that is functioning as an H.323 Voice over IP (VoIP) gateway. The Cisco AS5300 connects over a T1 PRI line to another call generator of a third-party vendor.

Workaround   There is no workaround.

CSCdx90819

Symptoms   When an On Demand Address Pool (ODAP) router requests a subnet from the ODAP server and the ODAP server does not return the subnet mask option in the Dynamic Host Configuration Packet (DHCPACK), ODAP fails to get the subnet allocated and displays the following error message:

DHCP: ack received without mandatory subnet mask. Please contact the DHCP server administrator to upgrade the DHCP server.

For ODAP, this subnet mask option is not mandatory.

Conditions   This symptom is observed on a Cisco 7200 series router.

Workaround   There is no workaround.

CSCdx91035

Symptoms   A large memory leak at the rate of 15 MB per hour may occur in the Tool Command Language (TCL) process.

Conditions   This symptom is observed on a Cisco AS5300 that is running Cisco IOS Release 12.2(10.7)T3 during an Open Settlement Protocol (OSP) stress test.

Workaround   There is no workaround.

CSCdx92691

Symptoms   A Route Processor Module (RPM) ingress virtual circuit locks up and stops forwarding traffic.

Conditions   This symptom is observed when there is a sudden, large increase in the ingress traffic (such as 145 Mbps of traffic or more with packet sizes of 384 bytes).

Workaround   Clear the ingress switch subinterface by entering the shutdown interface configuration command followed by the no shutdown interface configuration command.

CSCdx93324

Symptoms   An H.323 gateway may reload.

Conditions   This symptom is observed when the H.323 gateway accesses an invalid memory location.

Workaround   There is no workaround.

CSCdx93438

Symptoms   A gateway may not upspeed for fax pass-through over an ATM Adaptation Layer 2 (AAL2) connection trunk.

Conditions   This symptom is observed on a Cisco 2600 series router that is running Cisco IOS Release 12.2(10.7)T3.

Workaround   There is no workaround.

CSCdx93606

Symptoms   After you remove an access list, a packet assembler/disassembler (PAD) call may still go through because the access list appears to be still present.

Conditions   This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.2(8)T5.

Workaround   There is no workaround.

CSCdx94158

Symptoms   Dynamic IP Security (IPSec) may not be accepted by a router if there are old security associations (SAs) that have the same proxy address but the remote address is different or does not exist.

Conditions   This symptom is observed in Cisco IOS Release 12.2(10.7)T and later releases.

Workaround   There is no workaround.

CSCdx95386

Symptoms   Call waiting does not work properly on an Analog Telephone Adaptor 186 (ATA 186) that is connected to a Cisco IOS Telephony Service (ITS) system.

Conditions   This symptom is observed when the telephones are connected via a Cisco 3600 series router that is running Cisco IOS Release 12.2(10.7)T3.

Workaround   There is no workaround.

CSCdy00721

Symptoms   Service Level Measurement (SLM) ATM packets may be sent and received with an incorrect datagram size.

Conditions   This symptom is observed on a Cisco MC3810.

Workaround   There is no workaround.

CSCdy01275

Symptoms   During interoperability testing of G. Symmetric high-bit-rate DSL (GSHDSL), unexpected retrains over a period of about seven days occur because of both watchdog and cyclic redundancy check (CRC) errors on customer premises equipment (CPE) with a third-party vendor digital subscriber line access multiplexer (DSLAM). This situation causes an interruption to the service.

Conditions   This symptom is observed on a Cisco 2600 series router.

Workaround   There is no workaround.

CSCdy01591

Symptoms   A glare condition may occur on a router, and the router may reload.

Conditions   This symptom is observed on a Cisco AS5850 that is running Cisco IOS Release 12.2(10.7)T3. The glare condition is part of the trunk group signaling feature enhancement, which is used for optimization and scaling.

Workaround   Do not use trunk group signaling.

CSCdy03190

Symptoms   During a stress bed test, the following BADSHARE message is displayed:

%SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=61FBDBFC, count=0

Conditions   This symptom is observed on a Cisco 3600 series router when a stress call is started with the dual tone multifrequency (DTMF) path confirmation enabled and the debug hpi error and debug vtsp error EXEC commands are enabled in the following topology:

A call generator of a third-party vendor connects over a T1 PRI line to a Cisco AS5300 that is functioning as an H.323 Voice over IP (VoIP) gateway. The Cisco AS5300 connects over a T1 PRI line to another call generator of a third-party vendor.

Workaround   There is no workaround.

CSCin06542

Symptoms   A Cisco AS5300 may reload at "voip_authenticate."

Conditions   This symptom is observed under stress conditions on a Cisco AS5300 that is running Toolkit Command Language (TCL) 1.0 scripts.

Workaround   There is no workaround.

CSCin07166

Symptoms   The mpls ldp router-id interface force global configuration command may not work as expected. The command should use the IP address of the interface that is specified in the interface argument of the command as the Label Distribution Protocol (LDP) router identification (ID) when the interface is up.

However, if a loopback interface is specified in the above-mentioned command and you administratively shut down the loopback interface and bring it back up again by entering the shutdown interface configuration command followed by the no shutdown interface configuration command on the loopback interface, the IP address of the loopback interface is not restored as the LDP router ID, but another interface is selected as the LDP router ID.

Conditions   These symptoms are observed on a Cisco 7200 series and a Cisco 7500 series router.

Workaround   To recover from this condition, enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface that was selected as the LDP router ID.

CSCin07737

Symptoms   A Session Initiation Protocol (SIP) call may not be function properly.

Conditions   This symptom is observed when you use TCP as the session transport protocol.

Workaround   Use User Datagram Protocol (UDP) as the session transport protocol.

CSCin07972

Symptoms   The Service Selection Gateway (SSG) connection counters may not be updated.

Conditions   This symptom is observed on a Cisco 7400 series router that has Parallel Express Forwarding (PXF) configured when there is a Bridge-Group Virtual Interface (BVI) downlink interface on the SSG connection to the Cisco 7400 series router.

Workaround   Disable PXF by entering the no ip pxf global configuration command.

First Alternate Workaround   Bind the SSG connection to the physical Ethernet interface.

Second Alternate Workaround   Enter the no ip route-cache cef interface configuration command on the physical Ethernet interface.

CSCin07992

Symptoms   Calls may fail on some channels on a controller. The create connection (CRCX) request for the affected channels receives a code 400 response (voice call setup failed).

Conditions   This symptom is observed on a controller on a multiservice interchange (MIX)-enabled T1/E1 port adapter (PA-MCX) that is configured for PRI backhaul service using Media Gateway Control Protocol (MGCP) version 0.1.

Workaround   There is no workaround.

CSCin08504

Symptoms   Modem pass-through or modem relay calls may fail.

Conditions   This symptom is observed in a Media Gateway Control Protocol (MGCP) channel-associated signaling (CAS) configuration.

Workaround   There is no workaround.

CSCin09402

Symptoms   The amount of memory that is held by a Real-Time Streaming Protocol (RTSP) client may increase steadily.

Conditions   This symptom is observed when RTSP recording is stress-tested for six hours.

Workaround   There is no workaround.

CSCin09825

Symptoms   For Trunking Gateway Control Protocol (TGCP) 1.0, a gateway may send a response code 500 ("Endpoint unavailable") when you enter any command that includes an endpoint name in the format "DS/S<slot>/DS1-<port>/<timeslot>@<hostname>", even though the endpoint is in service.

If the endpoint name does not include the host name, the gateway sends an appropriate response. If you use the Media Gateway Control Protocol (MGCP) 1.0 endpoint naming convention for TGCP, the gateway acknowledges the command.

Conditions   This symptom is observed on any Simple Gateway Control Protocol (SGCP) gateway or MGCP gateway that is running Cisco IOS Release 12.2(10.5)T.

Workaround   Do not use a host name with an endpoint, or use the MGCP 1.0 endpoint naming convention for TGCP.

CSCin09852

Symptoms   A redirected number in the Admission Confirm Function (ACF) is not copied to the called number. The called number remains the same as it was before.

Conditions   This symptom is observed on a Cisco AS5300 that is running Cisco IOS Release 12.2(10.3)T2 or Release 12.2(11)T when the call is forwarded using Registration, Admission, and Status (RAS) and when the server does not copy the redirected number that is present in the ACF to the called number in the H.225 setup message during redirection.

Workaround   There is no workaround.

CSCin11166

Symptoms   A Cisco 3745 router may reload during the bootup process with a watchdog timeout.

Conditions   This symptom is observed on a Cisco 3745 router while the High-Speed Serial Interface (HSSI) is being configured.

Workaround   There is no workaround.

CSCin12822

Symptoms   A Cisco AS5400 may reload at rtsp_process_resp_headers.

Conditions   This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.2(10.7)T3 during an offramp stress test.

Workaround   There is no workaround.

CSCin12885

Symptoms   Automatic Speech Recognition (ASR) and Text-to-Speech (TTS) functionality may not work with the G.729 codec.

Conditions   This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.2(10.7)T3.

Workaround   There is no workaround.

CSCuk27655

GRE implementation of Cisco IOS is compliant with RFC2784 and RFC2890 and backward compatible with RFC1701.

CSCuk34309

Symptoms   A Cisco AS5400 may reload during the first fax call.

Conditions   This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.2(11)T.

Workaround   There is no workaround.

CSCuk35434

Symptoms   You may not be able to set up Media Gateway Control Protocol (MGCP) calls with the G.723 codec.

Conditions   This symptom is observed on a Cisco AS5400.

Workaround   There is no workaround.

TCP/IP Host-Mode Services

CSCdx38471

Symptoms   A Packet Data Serving Node (PDSN) may reload when it is in the process of releasing a session.

Conditions   This symptom is observed on a PSDN during high traffic conditions when sessions are being set up and released continuously while TCP header compression is enabled.

Workaround   Disable TCP header compression.

Wide-Area Networking

CSCdr96632

Symptoms   The magic number may fail to negotiate successfully and cause lines to be dropped.

Conditions   This symptom is observed when a specific third-party vendor client and a specific third-party vendor access server are used in combination to connect to a Cisco Layer 2 Tunneling Protocol (L2TP) network server (LNS) and keepalives are enabled.

Workaround   There is no workaround.

CSCdw55476

Symptoms   The B channels on an E1 controller may enter the "out of service" state when microinterruptions occur. When this situation occurs, no calls can be made on the B channels.

Conditions   This symptom is observed in an environment in which a network access server (NAS) is connected to a Cisco SC2200 signaling controller.

Workaround   Enter the shutdown controller configuration command followed by the no shutdown controller configuration command on the affected E1 controller.

CSCdw86345

Symptoms   Instead of selecting an IP address from the local pool, a router may assign the RADIUS framed IP address of 255.255.255.224 to users who dial in using interactive mode.

Conditions   This symptom is observed on a router that is running Cisco IOS Release 12.2(7.6)T.

Workaround   Configure the dialin to operate in the asynchronous dedicated mode by entering the async mode dedicated interface configuration command.

CSCdw86453

Symptoms   A multihop router may fail to transparently send a serial line interface (SLI) message that contains the asynchronous control character map (ACCM) back to a Layer 2 Tunneling Protocol (L2TP) access concentrator (LAC).

Conditions   This symptom is observed on a Cisco AS5300 that is running Cisco IOS Release 12.2(7). When a vendor-specific device starts to negotiate the Link Control Protocol (LCP), it sends an SLI message to set the transmit and receive ACCM of the LAC back to 0xFFFFFFFF. The message is received by the multihop router, but the message is not sent back to the LAC.

Workaround   There is no workaround.

CSCdx00921

Symptoms   A channelized T3 (CT3) line card may reload at "vpn_fs_lc."

Conditions   This symptom is observed on a Cisco AS5850 that is running Cisco IOS Release 12.2(2)XB5.

Workaround   There is no workaround.

CSCdx07229

Symptoms   When two routes are installed for the same virtual private dialup network (VPDN) user, the VPDN user receives one IP address from the Layer 2 Tunneling Protocol (L2TP) network server (LNS) and another IP address from the network access server (NAS) even though the VPDN user should receive only one IP address from the LNS server. Only the IP address that is assigned from the LNS is visible on the routing table and can be pinged.

Conditions   This symptom is observed on a Cisco AS5300 that is running Cisco IOS Release 12.2(2)XB2.

Workaround   There is no workaround.

CSCdx16141

Symptoms   A Cisco AS5800 may display a misleading remote IP address for a virtual private dialup network (VPDN) call. The correct IP address should be assigned by the VPDN gateway.

Conditions   This symptom is observed on a Cisco AS5800 that is running Cisco IOS Release 12.2(2)XB5. This symptom does not affect service for the remote user. However, IP resources are used, and a misleading IP address may be displayed for the remote VPDN user.

Workaround   There is no workaround.

CSCdx18198

Symptoms   The following memory access messages may be recorded during a V.120 call setup:

%ALIGN-3-SPURIOUS: Spurious memory access made at 0x6049D1D4 reading 0x8
%ALIGN-3-TRACE: -Traceback= 6049D1D4 6049FD9C 607EE578 607EDA4C 604F2C34 605041D4 605729FC 605729E8
%ALIGN-3-TRACE: -Traceback= 6049D1E8 6049FD9C 607EE578 607EDA4C 604F2C34 605041D4 605729FC 605729E8

Conditions   This symptom is observed on a Cisco AS5800 and does not impact service.

Workaround   There is no workaround.

CSCdx19963

Symptoms   A Virtual Private Network (VPN) unity client (version 3.5) may fail to establish an IP Security (IPSec) session to an IPSec gateway if the group profile contains the Tunnel-Type or the Tunnel-Medium-Type Internet Engineering Task Force (IETF) tunnel attributes.

Conditions   This symptom is observed on a VPN unity client that is attempting to establish an IPSec session to an IPSec gateway that is running Cisco IOS Release 12.2(8.5)T or a later release.

Workaround   Remove the IETF attributes from the group profile or replace IETF attributes with Cisco attribute-value (AV) pairs. Alternatively, you may choose to enable the vpdn enable global configuration command on the gateway.

CSCdx21035

Symptoms   LAN Emulation (LANE) clients may not come up when LANE services are running on third-party equipment.

Conditions   This symptom is observed with LANE clients that are used on a Cisco router that is running Cisco IOS Release 12.2 T. This symptom is caused by the corruption of the ATM Adaptation Layer (AAL) parameters in the call setup messages.

Workaround   Use a Cisco IOS release other than Cisco IOS Release 12.2 T.

CSCdx21469

Symptoms   The idle timer may not function properly for Multilink PPP (MLP) calls.

Conditions   This symptom is observed on a Cisco AS5800 that is running Cisco IOS Release 12.2(2)XB5.

Workaround   There is no workaround.

CSCdx21563

Symptoms   The session timeout function works, but the Multilink PPP (MLP) call disconnect cause code (that indicates that a call is disconnected because of a session timeout) is not reflected in the RADIUS stop record. The stop record reflects the disconnect cause code as PPP Link Control Protocol (LCP) close.

Conditions   This symptom is observed on a Cisco AS5800 that is running Cisco IOS Release 12.2(2)XB5.

Workaround   There is no workaround.

CSCdx24528

Symptoms   Excessive debug output may be generated when the debug ppp events privileged EXEC command is enabled.

Conditions   This symptom is observed on a Cisco 7400 series router that is running Cisco IOS Release 12.2(8)T or images that are based on Release 12.2 T.

Workaround   There is no workaround.

CSCdx25038

Symptoms   An ISDN call may be rejected by an access server.

Conditions   This symptom is observed on an access server when an ISDN speed of 56 K is configured under the map-class dialer class-name global configuration command.

Workaround   There is no workaround.

CSCdx25244

Symptoms   A Cisco Express Forwarding (CEF) dialer interface is not able to add an adjacency for a dialer interface. When this symptom occurs, the dialer interface information is missing from the show adjacency detail EXEC command.

Conditions   This symptom is observed on a Cisco 7200 series router.

Workaround   There is no workaround.  

CSCdx32747

Symptoms   A router may reload when a Frame Relay-to-ATM Service Internetworking (FRF.8) connection is deleted. This symptom may impact router service.

Conditions   This symptom is observed on a Cisco MC3810 that is configured for FRF.8 connections.

Workaround   Disable Operation, Administration, and Maintenance (OAM) management on the ATM permanent virtual circuit (PVC).

CSCdx33071

Symptoms   V.120 calls fail when virtual private dialup network (VPDN) is enabled for dialed number identification service (DNIS) screening.

Conditions   This symptom is observed on a Cisco AS5800 and may impact router service.

Workaround   There is no workaround.

CSCdx33166

Symptoms   Sessions may be lost on a server during a Large Scale Dialout (LSDO) callback and callback does not occur. The output of debug commands may include messages that state that "callback already exists."

Conditions   This symptom is observed in a setup in which an LSDO callback is made from a client to a server.

Workaround   There is no workaround.

CSCdx33179

Symptoms   Layer 2 Tunnel Protocol (L2TP) may get stuck.

Conditions   This symptom is observed on a Cisco 7400 series router that is running Cisco IOS Release 12.2(2)DD3 when L2TP parses an invalid control message with a zero-length attribute-value (AV) pair.

Workaround   There is no workaround.

CSCdx39865

Symptoms   The following error message may be displayed on the console port:

%ISDN-4-ISDN_UNEXPECTED_EVENT: No NLCB:Occurred at ../isdn/l3.c:7032

Conditions   This symptom is observed in a Signaling System 7 (SS7) environment when a National ISDN-2 (NI2) switch-type call is made.

Workaround   Disable console logging and use syslog or buffer logging instead.

CSCdx45498

Symptoms   An outgoing gateway (OGW) may release a call in a "RingNoAnswer" scenario with a cause code of 41 (temporary failure).

Conditions   This symptom is observed on a Cisco AS5400 that is running Cisco IOS Release 12.2(2)XU3 when ISDN User Part (ISUP)-PRI calls are made. The ISUP receives an address complete message (ACM) and waits for an unexpected answer message (ANM). The call should be released by the egress side with a cause code of 19 (ring no answer).

Workaround   There is no workaround.

CSCdx48190

Symptoms   PPP calls are not terminated properly on a Layer 2 Tunneling Protocol (L2TP) network server (LNS).

Conditions   This symptom is observed if authentication is performed on the LNS.

Workaround   There is no workaround.

CSCdx49771

Symptoms   A router may reload when you enter the no shutdown interface configuration command on a PRI interface.

Conditions   This symptom is observed when the debug isdn event privileged EXEC command is enabled.

Workaround   There is no workaround.

CSCdx51478

Symptoms   An authentication failure may occur with ISDN calls even though the RADIUS server may indicate that the authentication was successful.

Conditions   This symptom is observed on a Cisco AS5800 but may also occur on other access servers after an asynchronous call is terminated by PPP and a new inbound ISDN call that comes in on the B channel (that was carrying the terminated asynchronous call) receives an authentication failure.

Workaround   There is no workaround.

CSCdx53527

Symptoms   An asynchronous modem user may not be disconnected after the modem fails to allocate an IP address from a pool that is specified by a user RADIUS profile although the asynchronous group configuration includes the ppp ipcp address required interface configuration command that allows calls to be disconnected if the network access server (NAS) fails to allocate an IP address from the pool that is configured under the asynchronous group configuration.

Conditions   This symptom is observed on but may not be limited to a Cisco AS5400 that is running Cisco IOS Release 12.2(2)XB5.

Workaround   There is no workaround.

CSCdx57653

Symptoms   A network access server (NAS) fails to forward calls to a Virtual Private Dial-up Network (VPDN).

Conditions   This symptom is observed on a Cisco AS5400 when authentication, authorization, and accounting (AAA) authorization is configured locally on the NAS and the aaa new-model global configuration command is not configured.

Workaround   Add the aaa new-model global configuration command to the configuration.

CSCdx57783

Symptoms   The PPP idle timeout timer is reset by incoming keepalive packets. When this symptom occurs, the PPP idle timeout timer does not expire and the PPP session does not get closed.

Conditions   This symptom is observed on a Cisco 7200 series router.

Workaround   There is no workaround.

CSCdx60915

Symptoms   The 25th outgoing modem call may not go through.

Conditions   This symptom is observed on a Cisco AS5400 but may also occur on other universal gateways or universal access servers in a Signaling System 7 (SS7) Interconnect dial configuration.

Workaround   There is no workaround.

CSCdx67739

Symptoms   A a Cisco 7200 series router may reload when a multihop user tries to dial in.

Conditions   This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.2(8)T3 and that is configured for virtual private dial-up network (VPDN) multihop.

Workaround   There is no workaround.

CSCdx70531

Symptoms   A router that is configured as a PPP over Ethernet (PPPoE) client and that has Cisco Express Forwarding (CEF) enabled may reload unexpectedly.

Conditions   This symptom is observed when IP Control Protocol (IPCP) completes negotiation.

Workaround   Disable CEF.

CSCdx72255

Symptoms   A router may pause indefinitely when you configure the pri-group nec-fusion controller configuration command followed by the no pri-group nec-fusion controller configuration command.

Conditions   This symptom is observed on a Cisco AS5300 and Cisco AS5800 but may also occur on other platforms.

Workaround   There is no workaround.

CSCdx74122

Symptoms   A BRI Q Signaling (QSIG) call may not work on a BRI platform. An outgoing call may get rejected with a cause value of "requested channel not available."

Conditions   This symptom is observed a Cisco 2600 series router but may also occur on other BRI platforms.

Workaround   There is no workaround.

CSCin06824

Symptoms   A Cisco AS5300 may reload when a network access server (NAS) attempts to perform a callback.

Conditions   This symptom is observed when authentication, authorization, and accounting (AAA) dialed number identification service (DNIS) substring-based preauthentication is used with the callback.

Workaround   There is no workaround.

CSCin09960

Symptoms   Layer 2 Forwarding (L2F) and Layer 2 Tunneling Protocol (L2TP) dial-in calls fail because PPP does not invoke authentication, authorization, and accounting (AAA).

Conditions   This symptom is observed on but may not be limited to a Cisco 7200 series router that is running Cisco IOS Release 12.2(10.05)T.

Workaround   There is no workaround.

CSCin11143

Symptoms   When you make a PPP Password Authentication Protocol (PAP) authenticated call from a Cisco AS5300 to a Cisco AS5850, the following ISDN error debug message is generated on the Cisco AS5850:

ISDN Se0/0:15 **ERROR**: calltrkr_call_connect: calltrkr_find_entry(0x62674174, 0x8) returns NULL, punting call? isdn_info=0x65FFD69C, call_id=0x8

Conditions   This symptom is observed on a Cisco AS5850 that is running Cisco IOS Release 12.2(10.7)T1.

Workaround   There is no workaround.

Resolved Caveats—Cisco IOS Release 12.2(8)T10

Cisco IOS Release 12.2(8)T10 is a rebuild release for Cisco IOS Release 12.2(8)T. The caveats in this section are resolved in Cisco IOS Release 12.2(8)T10 but may be open in previous Cisco IOS releases.

CSCdu53656

A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.

Cisco has made free software available to address this problem. For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.

CSCdx76632

Symptoms: A Cisco AS5300 that is functioning as a voice gateway may reload because of an incoming bus error exception.

Conditions: This symptom is observed on a Cisco AS5300 that is running Cisco IOS Release 12.2(6d).

Workaround: There is no workaround.

CSCdx77253

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCdz71127

Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.

Cisco has made software available, free of charge, to correct the problem.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml

CSCea02355

Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.

Cisco has made software available, free of charge, to correct the problem.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml

CSCea27536

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCea28131

A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.

Cisco has made free software available to address this problem. For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.

CSCea32240

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCea33065

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCea36231

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCea46342

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCea51030

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCea51076

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCea54851

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

Resolved Caveats—Cisco IOS Release 12.2(8)T8

Cisco IOS Release 12.2(8)T8 is a rebuild release for Cisco IOS Release 12.2(8)T. The caveats in this section are resolved in Cisco IOS Release 12.2(8)T8 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms—A description of what is observed when the caveat occurs.

Conditions—The conditions under which the caveat has been known to occur.

Workaround—Solutions, if available, to counteract the caveat.

CSCdz60229

Cisco devices which run IOS and contain support for the Secure Shell (SSH) server are vulnerable to a Denial of Service (DoS) if the SSH server is enabled on the device. A malformed SSH packet directed at the affected device can cause a reload of the device. No authentication is necessary for the packet to be received by the affected device. The SSH server in Cisco IOS is disabled by default.

Cisco will be making free software available to correct the problem as soon as possible.

The malformed packets can be generated using the SSHredder test suite from Rapid7, Inc. Workarounds are available. The Cisco PSIRT is not aware of any malicious exploitation of this vulnerability.

This advisory is available at

http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml

Resolved Caveats—Cisco IOS Release 12.2(8)T7

Cisco IOS Release 12.2(8)T7 is a rebuild release for Cisco IOS Release 12.2(8)T. The caveats in this section are resolved in Cisco IOS Release 12.2(8)T7 but may be open in previous Cisco IOS releases.

The following information is provided for each caveat:

Symptoms: A description of what is observed when the caveat occurs.

Conditions: The conditions under which the caveat has been known to occur.

Workaround: Solutions, if available, to counteract the caveat.

Miscellaneous

CSCdv26036

Symptoms   Simple Network Management Protocol (SNMP) queries may fail for network management system (NMS) and communities when they are configured in "docsDevNmAccessTable" table.

Conditions   This problem is observed on Cisco uBR900 series routers and Cisco CVA120 series in releases prior to Cisco IOS Releases 12.2(13) and 12.2(13)T.

Workaround   There should be no interface specific entries in "docsDevNmAccessTable" table. For example, the entries should have the value for "docsDevNmAccessInterfaces" as "0xff." The impact of the workaround is that, certain specific NmAccess configurations to restrict the SNMP queries based on the interface through which it reaches the cable modem, cannot be configured.

CSCdv50542

Symptoms   A cable access router may pause indefinitely after it generates the following recurring log message:

SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=80B0EE4C, count=0 -Traceback= 80315D98 8026C6AC 80322A88 803C2540 8042076C 80421110 803C29C0 803C1BA4 80374E10

Conditions   These symptoms are observed on a Cisco uBR924 cable access router that is running Cisco IOS Release 12.1(5)T9. These symptoms occur if the radio frequency (RF) interfaces reset during an upstream TCP data transfer. The Cisco uBR925 and Cisco uBR905 universal broadband routers, and the Cisco CVA120 cable voice adapter are susceptible to these symptoms.

Workaround   Power-cycle the Cisco uBR924 to bring it back online. Disable selective TCP acknowledgement (ACK) control by issuing the no ip tcp selective-ack global configuration command.

CSCdv60884

Symptoms   The Cable Dynamic Host Configuration Protocol (DHCP) proxy may cause registration difficulties at some sites.

Conditions   This symptom is observed on a Cisco uBR905 router that is running Cisco IOS Release 12.2(2)T1 in routing mode and on a Cable Modem Termination System (CMTS) that is running Cisco IOS Release 12.0(14).

Workaround   There is no workaround. Note that the symptom does not occur when the Cisco uBR905 router is running in bridging mode.

CSCdy31903

Symptoms   A Cisco uBR 905 router is unable to go online after a software upgrade to Cisco IOS Release 12.2(8)T5 or later.

Conditions   This symptom is observed only on revision 3.c Cisco uBR905 routers that are running Cisco IOS Release 12.2(8)T5) or a later release. The following text is seen after the show version EXEC command is entered:

cisco uBR924 CM (MPC850) processor (revision 3.c)

Workaround   There is no workaround.

CSCdy72994

Symptoms   When a Cable Modem that is configured for routing has its cable interface reset, the Cable Modem may lose IP connectivity between the Ethernet interface and any device or devices off of it. Both the cable interface and Ethernet interface will be reachable by using IP through cable interface.

Address Resolution Protocol (ARP) entries will remain in the Cable Modem for the LAN segment, and the Ethernet interface will remain in the Up/Up state. In the routing table, the network that is off the Ethernet interface will remain. Routing information will also pass from the Cable Modem to the cable modem termination system (CMTS).

When testing with Internet Control Message Protocol (ICMP) pings and using the debug ip packet detail command, the debugs will indicate that the router is forwarding packets to the device or devices off that interface, but no packets are returned.

Conditions   The behavior is observed on Cisco uBR905 and Cisco ubr925 Cable Modems that are running Cisco IOS Release 12.2(8)T5 codes:

ubr925-k8o3sv4y5-mz.122-8.T5.bin VALUE SMALL OFFICE/ VOICE/FW IPSEC 56 ubr925-k8sv4y5-mz.122-8.T5.bin VALUE TELECOMMUTER/ VOICE/IPSEC 56

The behavior was not observed in the following Cisco IOS Release 12.2(4)T1 code:

ubr925-k8sv4y5-mz.122-4.T1.bin VALUE TELECOMMUTER/ VOICE/IPSEC 56

Workaround   There are three workarounds:

Clearing the IP routing table by entering the clear ip route * command.

Shutting down and restarting the cable interface.

Downgrading to Cisco IOS Release 12.2(4)T1 images.

CSCin20988

Symptoms   When reading a Data-over-Cable Service Interface Specifications (DOCSIS) configuration file containing an invalid object identifier (OID), the Cable Modem may reload.

Conditions   This symptom is observed on a Cisco uBR 924 Cable Modem that is running Cisco IOS Release 12.2(12).

Workaround   Detect and correct the invalid OID in the DOCSIS configuration file.

Resolved Caveats—Cisco IOS Release 12.2(8)T5

Cisco IOS Release 12.2(8)T5 is a rebuild release for Cisco IOS Release 12.2(8)T. The caveats in this section are resolved in Cisco IOS Release 12.2(8)T5 but may be open in previous Cisco IOS releases.

CSCdr55399

Directly connected routes are still associated with interfaces on the console of a Route Switch Processor (RSP) when a Versatile Interface Processor (VIP) is reloading. When this symptom occurs, the show ip interface brief EXEC command does not display the interfaces on the RSP list. This symptom may result in the creation of routes that have no VIP service if the VIP does not reload because of a failure.

Workaround: Perform an online insertion and removal (OIR) to restore the VIP to normal working condition.

CSCds46457

Packets may be discarded and errors may be observed when bridged Frame Relay packets are sent from a serial line to an Ethernet interface. There is no workaround.

CSCds80827

Operation, Administration, and Maintenance (OAM) cells are sent to the incorrect permanent virtual circuit (PVC). This symptom is observed on a 1-port enhanced ATM DS3 port adapter (PA-A3-T3) and on a 1-port enhanced ATM E3 port adapter (PA-A3-E3). The PVCs on the ATM may flap and the link may go down because OAM cells are lost. There is no workaround.

CSCdv06334

A Cisco 3660 router that is running the c3660-is-mz.122-2.T image of Cisco IOS Release 12.2 T may pause indefinitely because of alignment error corrections. This symptom is observed on the Cisco 3660 when TCP accesses data that is aligned incorrectly. For information about alignment errors, see the information at the following URL:

http://www.cisco.com/warp/public/63/spuraccess.html

The router must be reloaded to be restored to working condition. There is no workaround.

CSCdv34418

Under rare circumstances, the digital signal processors (DSPs) on the high density voice network module (NM-HDV) may pause indefinitely. This symptom may cause voice channels to go out of service. To restore the DSP to working condition, the router must be reloaded. There is no workaround.

CSCdv34579

A Versatile Interface Processor (VIP), Gigabit Ethernet Interface Processor (GEIP), Gigabit Ethernet Interface Processor plus (GEIP+), or Packet OC-3 Interface Processor (POSIP) that is installed in a router may reload. The VIP may display the following error message when it reloads:

%DMA-1-DRQ_STALLED: DRQ stalled. Dumping DRQ.

This symptom is observed on a Cisco 7500 router under heavy traffic conditions.

Workaround: There is no workaround.

CSCdv40244

The following continuous stream of "%POT1E1-3-FWFATAL" error messages may occur on a router:

%POT1E1-3-FWFATAL: Bay 5: firmware needsresetdue to fw watchdog timeout

%POT1E1-3-FWFATAL: Bay 4: firmware needsresetdue to fatal softwareerrors

This symptom is observed on a Cisco 7206VXR router that is running Cisco IOS Release 12.1(8.04) and that is using an 8-port multichannel T1 port adapter (PA-MC-8T1).

Workaround: There is no workaround.

CSCdv79965

A router may reload when a Simple Network Management Protocol (SNMP) query is performed. This symptom is observed on a Cisco 1700 router that has a 10BASE-T Ethernet WAN interface card (WIC-1ENET) installed in slot 1 and that is running images from Cisco IOS Release 12.2(2)XJ. This symptom occurs when an SNMP query is performed on the OLD-CISCO-CHASSIS-MIB MIB.

Workaround: Use Cisco IOS Release 12.2(4)XL or Release 12.2(4)XW.

CSCdw05149

Calls that do not have a dial peer match are dropped before translation instead of being matched to an outgoing dial peer. This symptom is observed on a Cisco AS5300 that is running Cisco IOS Release 12.2(2)XB.

Workaround: Create a pseudo Voice over IP (VoIP) dial peer that has the proper destination pattern using a false session target.

CSCdw20980

If you perform an online insertion and removal (OIR) of a Versatile Interface Processor (VIP) in a Cisco 7500 series router or use the Single Line Card Reload (SLCR) feature after a VIP has reloaded unexpectedly, and if there are static routes defined that use the interfaces on the failed VIP, traffic that is using those static routes may fail. The static routes include those that are defined within a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) Routing and Forwarding (VRF) instance.

Workaround: Enter the clear cef linecard slot- number adjacency command on the affected VIP.

CSCdw27800

A Versatile Interface Processor (VIP) may reload if distributed Multilink PPP (dMLP) is configured on a channelized T3 or E3 interface after the router is reloaded and booting up. There is no workaround.

CSCdw51605

A Cisco 1751 router reloads when the Cisco Networking Services (CNS) inventory feature is used to obtain configuration information. This symptom is observed when a BRI interface or a 2-port serial WAN interface card (WIC-2T) is used. There is no workaround.

CSCdw55359

A Cisco 7200 router may reload after the "Enable DSP control message history" option is enabled on the router.

Workaround: To prevent the router from reloading, do not enable the "Enable DSP control message history" option on the router.

CSCdw59661

A router that has a virtual private dial-up network (VPDN) group for PPP over Ethernet (PPPoE) may show spurious memory access when it is rebooted. Spurious memory access may also occur if a user configures a new PPPoE VPDN group on the router. There is no workaround.

CSCdw59677

The ip tftp source-interface interface global configuration command does not work as expected. If the ip tftp source-interface interface global configuration command is entered while files are copied from a TFTP server, the command sets the source IP (src-ip) address to the acknowledge (ACK) state. This symptom causes outgoing TFTP packets to be sent to the IP address of the egress interface rather than to the specified interface address. There is no workaround.

CSCdw62064

On Multilink PPP (MLP) interfaces that are receiving encrypted IP Security (IPSec) traffic that is terminated locally and when a hardware accelerator is used for decryption, inbound data packets that are reassembled from multilink fragments may not be processed properly. This symptom affects all inbound reassembled data frames that are received by the bundle and not just those data frames that are carrying encrypted IP datagrams. Most significantly, inbound Internet Security Association and Key Management Protocol (ISAKMP) keepalives are not processed, leading to the eventual failures of the associated IPSec sessions.

The IPSec sessions are reestablished after each failure, but traffic drops will occur until the session is renegotiated via the Internet Key Exchange (IKE). Thus, the observable symptoms are an intermittent failure of IPSec sessions combined with high loss rates in the encrypted data traffic.

Workaround: Disable hardware crypto acceleration, and use software crypto acceleration instead.

CSCdw67214

On a Cisco 7507 router that has a Versatile Interface Processor 2-40 (VIP2-40) that is installed with a dual-port Fast Ethernet port adapter (PA-2FE-TX) and configured as an Inter-Switch Link (ISL), IP packets that are larger than 1484 bytes are not passed. There is no workaround.

CSCdw71450

Echo is heard on calls that originate from a Voice over IP (VoIP) device such as an IP phone when a call is placed to a Public Switched Telephone Network (PSTN) via a gateway. The user on the VoIP device hears an echo, and the echo disappears after a duration of five to seven seconds. This symptom is observed when the gateway is configured with the echo-cancel coverage 32 voice port configuration command. This symptom may also be observed when a lower value is set for the number of milliseconds that the echo cancel will cover on a given signal. However, the length of the echo that is observed at the beginning of the call will be of a shorter duration. There is no workaround.

CSCdw71458

A Node Route Processor (NRP) may reload when the NRP attempts to remove per-user access control lists (ACLs). There is no workaround.

CSCdw78486

A Cisco uBR925 router may display the following error message:

131.CABLEMODEM.CISCO: %UPS-3-BATTERY_MISSING: System detected Uninterrupted Power Supply failure: battery is missing.

This symptom does not affect the normal operation of the router. There is no workaround.

CSCdw80326

A router may reload because of a bus error. This symptom is observed on a Cisco router after a named access list or an extended access list that has the following characteristics is removed by entering the no access-list number global configuration command:

A lock and key (dynamic) entry is part of the access list.

The lock and key entry has attached comments.

Workaround: Do not use comments with lock and key (dynamic) access list entries.

CSCdw83531

Border Gateway Protocol (BGP) updates may be corrupted and the following message may be displayed when this symptom occurs:

BGP-6-NEXTHOP: Invalid next hop (0.0.0.0) received from x.x.x.x: martian next hop

BGP(0): x.x.x.x rcv UPDATE w/ attr: nexthop 0.0.0.0, origin ?, metric 0, originator 0.0.0.0, path YYYY, community , extended community 20.1.1.0/24 -- DENIED due to: martian NEXTHOP;

These symptoms are observed on a customer edge (CE) router when BGP updates are sent from a provider edge (PE) router to the CE router if peer groups are specified using the address-family ipv4 vrf vrf-name router configuration command. BGP routes may be lost on the CE router even though the BGP neighbors remain up.

Workaround: Remove the peer group configuration from the address-family ipv4 vrf vrf-name router configuration command.

CSCdw89528

A service policy that is applied to an Ethernet subinterface does not work.  This symptom occurs after a policy map is applied to an outbound Ethernet subinterface. The service policy works if the policy is applied to the main Ethernet interface, but the service policy does not work if it is attached to a subinterface. When this symptom occurs, the class of service (COS) bit above 0 on Layer 2 of the Ethernet Frame is not set.

Workaround: Apply the service policy to the main Ethernet interface.

CSCdw90119

Ethernet bridge-encapsulated ATM packets (mandated by RFC 1483) may be sent out with nonzero pad bytes (2 bytes) in the header. This symptom is observed when ATM routed bridge encapsulation (RBE) is used with Cisco Express Forwarding (CEF) switching when Ethernet bridge-encapsulated ATM packets are sent. Although the RFC does not mandate that the two pad bytes have to be zeroed, some bridges may require the padding bytes to be zeroed.

Workaround: Issue the clear adjacency EXEC command to clear the CEF adjacency table.

CSCdw93358

If an outbound call on a Foreign Exchange Office (FXO) groundstart line is placed via the Media Gateway Control Protocol (MGCP) and the call is torn down, a simultaneous outbound call may cause the outbound port to pause indefinitely at the "FXOGS_WAIT_TIP_GROUND" state. An inbound call may reset the port, but the call will fail. After the inbound call is received, all subsequent inbound and outbound calls will work normally. There is no workaround.

CSCdx01664

A router may fail to obtain an IP address via the Dynamic Host Configuration Protocol (DHCP). This symptom is observed on a Cisco 806 router that is running Cisco IOS Release 12.2(8)T if a DHCP server does not send the subnet mask option in the DHCP OFFER message. There is no workaround.

CSCdx06621

A router may reload with a bus error while the shortest path first (SPF) algorithm is computed. This symptom is observed if multiple routers are advertising the same prefix in Type-5 or Type-7 link-state advertisements (LSAs). There is no workaround.

CSCdx08669

A router may reload with a bus error after spurious memory accesses are detected. These symptoms are observed on a Cisco 7500 router that has Multiprotocol Label Switching (MPLS) enabled. There is no workaround.

CSCdx16862

Dropped packets and errors may be observed when the Compressed Real-Time Transport Protocol (CRTP) is enabled on a Multilink PPP (MLP) over Frame Relay-to-ATM Internetworking (FRF.8) setup. This symptom is observed when fast switching is enabled on the virtual template interface.

Workaround: To disable fast switching, enter the no ip route-cache interface configuration command on the virtual template interfaces on both of the Frame Relay and ATM routers.

CSCdx23590

A "%SYS-2-LINEPROCDEAD" error message may be generated erroneously when a copy ftp operation fails. This message can be ignored. There is no workaround.

CSCdx36735

A service policy that is configured and applied to a tag-switched subinterface on a Route Processor Module (RPM) is deleted when the router is reloaded.

Workaround: Reapply the service policy after the router has reloaded.

CSCdx47589

A Cisco router may be depleted of free processor memory, and system functions on the router may be affected. This symptom is observed when a WAN link goes down or flaps on an interface that is using class-based weighted fair queueing (CBWFQ). The output of the show process memory EXEC command may indicate that the memory is held by the "Net Background" process.

Workaround: Remove CBWFQ from the WAN interface configuration as a temporary workaround.

CSCdx53648

A Cisco router may reload while it is booting up or during other transient intervals. This symptom is observed if the router is configured with static recursive routes that have nexthops that are reachable through virtual access interfaces. This symptom is observed if the following conditions are met:

One or more routes are configured using the ip route prefix mask [next-hop-address] global configuration command.

Virtual access interfaces are coming up.

Tag Distribution Protocol (TDP)/Label Distribution Protocol (LDP) is enabled on the router.

Workaround: Configure the routes as nonrecursive routes by entering the ip route prefix mask [next-hop-address] [interface {interface-number}] global configuration command, and specify an output interface in addition to specifying the nexthop address in the command.

CSCdx54028

When a Cisco integrated access device (IAD) receives a far-end release and when a call agent sends a request notify (RQNT) message for a release complete (RLC) message, the Cisco IAD does not return an acknowledgement for an RLC message and acknowledges only the receipt of the RQNT message. This symptom causes the broadband telephony system (BTS) call agent to perform an automatic recovery after it pauses a connection for 30 seconds on the Cisco IAD.

Workaround: To clear the hung connection on the Cisco IAD, enter the mgcp dlcx global configuration command.

CSCdx55493

A Cisco uBR900 series router may pause indefinitely if a cable interface resets repeatedly. The Cisco uBR900 must be power-cycled to be returned to normal working condition. There is no workaround.

CSCdx57857

A Cisco gatekeeper may consider only the local routes to a prefix that is reachable through a local zone as well as the remote zone. This symptom may cause other issues if a network has all routing decisions and service logic conducted in a remote zone.

Workaround: Use a specialized dial plan to route all requests to the remote zone.

CSCdx59053

A Cisco integrated access device (IAD) does not provide a dial tone for 10 seconds until all resources are properly released. This symptom is observed on a Cisco IAD if a redial attempt is made in quick succession on a partially dialed channel-associated signaling (CAS) call. There is no workaround.

CSCdx59695

A permanent virtual circuit (PVC) may enter the "INACTIVE" state if a router is reloaded after the maximum transmission unit (MTU) on an ATM subinterface is set to a value that is greater than 1500 bytes.

Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the ATM subinterface.

CSCdx60202

The output of the show isdn active EXEC command may display two entries for each Personal Handyphone System (PHS) Internet Access Forum Standard (PIAFS) call. There is no workaround.

CSCdx60692

A Cisco 3640 router that is running Cisco IOS Release 12.2(8)T1 may reload unexpectedly and report a bus error. There is no workaround.

CSCdx63850

On a Cisco 1750 router that has a one-port Ethernet WAN interface card (WIC) in slot 1 and a TLV4 EEPROM WIC (like an asymmetric digital subscriber line [ADSL] WIC) in slot 0, the MAC address of the Ethernet interface is incorrectly set to the broadcast address.

Workaround: Use the Ethernet WIC only in slot 0.

CSCdx64297

For some answering machines, the loop current feed open (LCFO) timer of 750 ms is not sufficient. The LCFO timer should have a configurable range of 751 ms to 1500 ms. There is no workaround.

CSCdx66100

A Cisco router may reload if the cns config initial global configuration command is executed with the optional event argument and if the cns event global configuration command is not configured. When this symptom occurs, the event response message that indicates the result of applying the initial configuration is not sent to the event bus, and the Cisco router displays the following message:

%Log packet overrun, PC 0xnnnnnnnn, format.

Workaround: To prevent the router from reloading, ensure that the cns event global configuration command is configured when the optional event argument is specified in the cns config initial global configuration command.

CSCdx69889

Packet forwarding difficulties may be observed on a Cisco router. This symptom is observed on a Cisco router that is acting as a Layer 2 Tunneling Protocol (L2TP) network server (LNS) and that is running Cisco IOS Release 12.2 T. This symptom occurs on the Multiprotocol Label Switching (MPLS) interface when the router is forwarding packets from the MPLS interface to L2TP tunnels while Cisco Express Forwarding (CEF) is enabled. This symptom does not occur if CEF is disabled on the interface and if the packets are process-switched.

Workaround: Disable CEF on the MPLS interface or enable debugging for MPLS packets.

CSCin04187

A Dynamic Host Configuration Protocol (DHCP) client may not send the correct host name in the DHCP host name feature (option 12) even after the correct host name is configured by entering the ip address dhcp host-name global configuration command. An incorrect host name is displayed when the show running-config EXEC command is entered. This symptom is observed in images for Cisco IOS releases 12.2 and 12.2 T that have the fix for CSCdu62830. There is no workaround.

CSCin05330

When a multilink bundle interface is created by entering the interface multilink group-name global configuration command, the Cisco Discovery Protocol (CDP) becomes incorrectly disabled. If the cdp enable interface configuration command is used to enable CDP on the multilink bundle interface, the command is not saved in the startup configuration and CDP remains disabled after the router is reloaded. There is no workaround.

CSCin05568

A router may reload after the shutdown interface configuration command followed by the no shutdown interface configuration command is entered on an interface. This symptom is observed on an X.25 over an ISDN D-channel interface. This symptom occurs after the shutdown interface configuration command is issued and if the no shutdown interface configuration command is issued on the interface after the timer is started. This symptom occurs only if X.25 is configured on the interface.

Workaround: There is no workaround.

CSCin07612

A router may reload if the show version EXEC command is entered on any Telnet session after the running configuration is stored in NVRAM by entering the write memory privileged EXEC command through a separate Telnet session or through the console port.

Workaround: Avoid using the show version EXEC command and the write memory privileged EXEC command simultaneously on separate Telnet sessions to a router.

CSCin08118

A router may reload if a nonexistent crypto map is applied to an interface. There is no workaround.

Resolved Caveats—Cisco IOS Release 12.2(8)T4

Cisco IOS Release 12.2(8)T4 is a rebuild release for Cisco IOS Release 12.2(8)T. The caveats in this section are resolved in Cisco IOS Release 12.2(8)T4 but may be open in previous Cisco IOS releases.

CSCdv50542

A cable access router may pause indefinitely after it generates the following log message:

SYS-2-BADSHARE: Bad refcount in datagram_done, ptr=80B0EE4C, count=0 -Traceback= 80315D98 8026C6AC 80322A88 803C2540 8042076C 80421110 803C29C0 803C1BA4 80374E10

These symptoms are observed on a Cisco uBR924 cable access router that is running Cisco IOS Release 12.1(5)T9. These symptoms occur if the radio frequency (RF) interfaces reset during an upstream TCP data transfer. The Cisco uBR925 and Cisco uBR905 universal broadband routers, and the Cisco CVA120 cable voice adapter are susceptible to these symptoms.

Workaround: Power-cycle the Cisco uBR924 to bring it back online. Disable selective TCP acknowledgement (ACK) control by entering the no ip tcp selective-ack global configuration command.

CSCdv67504

Traceback messages may be displayed on a router when a virtual access interface comes up while distributed Link Fragmentation and Interleaving (dLFI) over Frame Relay is configured. The messages are harmless, and the functionality of the dLFI over Frame Relay feature is not affected. There is no workaround.

CSCdv83875

On a Cisco 7500 series Versatile Interface Processor 4 (VIP4) that is configured with a 2-port Fast Ethernet port adapter (PA-2FE), the router may stop sending traffic if the microcode is reloaded while the router is forwarding traffic. This symptom can be resolved temporarily by entering the shutdown interface configuration command followed by the no shutdown interface configuration command.

Workaround: Reload the microcode while there is no egress traffic on the router.

CSCdv87113

The cbQoSMIB MIB displays large random values for class of service (CoS) monitoring MIBs such as the following objects in the cbQoSCMStatsTable table:

.1.3.6.1.4.1.9.9.166.1.15.1.1.3 = cbQosCMDropByte64

.1.3.6.1.4.1.9.9.166.1.15.1.1.6 = cbQosCMPrePolicyByte64

.1.3.6.1.4.1.9.9.166.1.15.1.1.10 = cbQosCMPostPolicyByte64

.1.3.6.1.4.1.9.9.166.1.15.1.1.14 = cbQosCMDropPkt64

There is no workaround.

CSCdw04211

External Border Gateway Protocol (eBGP) sessions on a Cisco 7500 router may not come up after both distributed Link Fragmentation and Interleaving (dLFI) and distributed Compressed Real-Time Protocol (dCRTP) are enabled on a Frame Relay or ATM link.

Workaround: Disable dCRTP.

CSCdw10495

Spurious memory access may be detected on a Layer 2 Tunneling Protocol (L2TP) access concentrator (LAC) and a L2TP network server (LNS). This symptom is observed when virtual private dialup network (VPDN) callout is performed using L2TP. There is no workaround.

CSCdw19677

A Cisco Router Route Processor (GRP, Route Switch Processor [RSP], or Network Processing Engine [NPE]) may reload when a traffic engineering (TE) tunnel interface is disabled and reenabled in quick secession by entering the shutdown interface configuration command followed by the no shutdown interface configuration command. The router may also exhibit this behavior when tag switching is enabled and disabled using the no tag-switching ip interface configuration command followed by the tag-switching ip interface configuration command in quick succession, or when a loopback interface is disabled and reenabled using the shutdown interface configuration command followed immediately by the no shutdown interface configuration command. This behavior may also occur when a file is copied to the running configuration to change the state of a tunnel.

Workaround: Wait for at least a minute after the shutdown interface configuration command is issued before entering the no shutdown interface configuration command on a tunnel interface or its associated loopback interface. Wait for at least a minute after the no tag-switching ip interface configuration command is issued before entering the tag-switching ip interface configuration command. Shut down all tunnel interfaces before copying a file to the running configuration.

CSCdw31637

Misaligned or spurious memory accesses may be detected on a Versatile Interface Processor (VIP) at the hqf_get_policymap() process. There is no workaround.

CSCdw50839

Packets on a Versatile Interface Processor (VIP) are dropped. This symptom is observed on a Cisco 7500 router that is configured as a provider edge (PE) router in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) switching environment when there are no distributed Cisco Express Forwarding (dCEF) entries for the remote Virtual Private Network routing/forwarding (VRF) route. This symptom occurs if a VRF is deleted after both dCEF and Border Gateway Protocol (BGP) are disabled from a previous MPLS VPN configuration.

Workaround: Disable and reenable distributed dCEF by entering the no ip cef distributed global configuration command followed by the ip cef distributed global configuration command on the Cisco 7500. End-to-end connectivity is restored after this workaround is performed.

CSCdw51935

When serial interfaces that use Frame Relay are configured, the following messages may be displayed:

%RSP-3-BADBUFHDR: freeing MEMD pak, address 0 -Traceback= 603A0098 603A7D98 603AD718 603B35F0 6035CA0C
%RSP-3-BADBUFHDR: freeing MEMD pak, address 0 -Traceback= 603A0098 603A7D98 603AD718 603B35F0 6035CA0C

These messages are displayed after Frame Relay-fragmented packets that are selected for selective packet discarding are reassembled. If the message is displayed repeatedly, the router has to be reloaded to be returned to normal working condition. There is no workaround.

CSCdw53446

Packets are not marked on a Cisco 7500 router. This symptom is observed when "set xyz" is configured as an action in a modular quality of service (QoS) command-line interface (MQC) service policy that is attached to a distributed Link Fragmentation and Interleaving (dLFI) over Frame Relay link. There is no workaround.

CSCdw55105

Some channels on a time slot may pause indefinitely in the "EM_PENDING" state when T1 wink-start signaling is used. This symptom is observed on time slots on a Cisco 3660 router that is running Cisco IOS Release 12.2(7.5) and that has T1 wink-start signaling configured. There is no workaround.

CSCdw55475

The "octets in" (ifHCInOctets) counters and "octets out" (ifHCOutOctets) counters may fluctuate wildly and display erroneous values when a Simple Network Management (SNMP) query is performed. The following is a sample output of the SNMP query of the ifHCInOctets and ifHCOutOctets counters:

ifMIB.ifMIBObjects.ifXTable.ifXEntry.6.9 : Counter64: 746173285208 ifMIB.ifMIBObjects.ifXTable.ifXEntry.6.9 : Counter64: 1953276477 ifMIB.ifMIBObjects.ifXTable.ifXEntry.6.9 : Counter64: 746222312654 ifMIB.ifMIBObjects.ifXTable.ifXEntry.6.9 : Counter64: 8095024725

These symptoms are observed on the E1 and ATM interfaces on a Cisco 7200 or 7500 router. 64-bit counters should not be used because the speed of the E1 and ATM interfaces are lower than 20 Mbps. Erroneous 64-bit values are returned for these low speed interfaces if an SNMP query of the ifHCInOctets and ifHCOutOctets counters is performed while using a running configuration that has the snmp-server sparse-tables global configuration command configured.

Workaround: Use 32-bit ifInOctets and ifOutOctets counters for low speed interfaces and 64 bit ifHCInOctets and ifHCOutOctets counters for high speed interfaces.

Alternate workaround: Issue the no snmp-server sparse-tables global configuration command.

CSCdw67019

A software-forced reload may occur when a Cisco Networking Services (CNS) extensible markup language (XML) event is received. This symptom occurs only if the cns event global configuration command is present in the running configuration. This symptom is observed in Cisco IOS Release 12.2(8)T, and does not exist in Cisco IOS releases prior to Release 12.2(8)T.

Workaround: Use Cisco IOS Release 12.2(8)T4 or a later rebuild release.

CSCdw68511

When the network router configuration command is used in the address-family submode to advertise a prefix in Border Gateway Protocol (BGP) under the IP version 4 (IPv4) Virtual Private Network routing / forwarding instance (VRF), the prefix is not advertised by BGP even though there is a corresponding route in the VRF routing table for that prefix.

Workaround: To advertise the prefix in BGP, use the redistribute router configuration command.

CSCdw71400

An invalid cache adjacency exists on a line card but not on the Route Processor (RP).

Workaround: Issue the clear cef linecard slot-number adjacency EXEC command on the line card.

CSCdw74143

On a Cisco router, the Route Switch Processor (RSP) reloads when a policy map is associated to a Frame Relay map class. This condition was observed on a router that had 380 interfaces in which each interface had distributed Frame Relay fragmentation (dFRF.12) configured. There is no workaround.

CSCdw76822

IP connectivity may be disrupted after distributed Cisco Express Forwarding (dCEF) is configured on a router. This symptom is observed on a Cisco 7500 series router that is functioning as a provider edge (PE) router, and that is running tag switching or Multiprotocol Label Switching (MPLS). This symptom occurs only if the router is running both cell-based tag switching and frame-based tag switching simultaneously. There is no workaround.

CSCdw76973

When a Cisco router is booted up using an image of Cisco IOS Release 12.1(7.6)T, a directly connected subnet on a serial interface is not in the Enhanced Interior Gateway Routing Protocol (EIGRP) topology table even though the subnet is covered under a network statement in EIGRP. This symptom occurs only if the serial interface is configured to be a passive interface in EIGRP.

Workaround: Unconfigure and reconfigure the EIGRP configuration.

CSCdw77268

A low hissing sound is heard when outbound calls are placed from a Foreign Exchange Office (FXO) port using the high-density analog voice or fax network module (NM-HDA). The hissing sounds as though the noise floor has been raised incorrectly. This symptom does not occur if the 2-port voice network module (NM-2V) is used instead of the NM-HDA.

Workaround: Disable nonlinear processing on the echo canceler by entering the no non-linear voice-port configuration command. More echo may be observed after this workaround is implemented.

CSCdw80817

After the service-policy input global configuration command is applied on a multilink interface, packets are not marked either when the router is reloaded or after the interface is reset by entering the shutdown interface command followed by the no shutdown interface command. This symptom is observed only when neither fragmentation or output queueing features are enabled.

Workaround: Remove and reapply the service-policy input interface configuration command.

Alternate workaround: Enable output queueing features such as class-based weighted fair queueing (CBWFQ), or enable fragmentation.

CSCdw84078

A router may display the "VTSP-3-DSP timeout" error message if the "DISCONNECT" message is received after a "PROCEEDING" message on an outgoing ISDN call. This symptom delays disconnect processing by two to four seconds. This symptom may cause the digital signal processor (DSP) to reset and be unavailable for about two seconds. The unavailability of the DSP may in turn affect the call success rate (CSR) in stress conditions that have very low intercall intervals. There is no workaround.

CSCdw85405

A Cisco gateway should return a connection option of 524 instead of 526 when a create connection (CRCX) request for time-division multiplexing (TDM) hairpinning is received. Connection option 526 indicates that there is insufficient bandwidth, and connection option 524 indicates that the gateway has found an inconsistency in the local connection option (LCO). There is no workaround.

CSCdw86740

When a service policy is applied to a large number of interfaces simultaneously, the service policy may overrun the interprocess communications (IPC) mechanism on a Cisco 7500 router.

Workaround: Break up the service policy, and apply the service policy individually to a smaller group of interfaces.

CSCdx02038

Calls cannot be placed on the voice port of a Cisco integrated access device (IAD) because no dial tone is detected on the voice port. This symptom occurs because the voice port enters the powered down high impedance mode after excessive temperature is detected. While the voice port is in the powered down high impedance mode, the voice port does not report any offhook signals to the Cisco IOS software. As such, no dial tone is detected on the voice port, and the voice port appears to be down.

Workaround: Issue the test voice port 1/x write sop 16 61 privileged EXEC command.

CSCdx07223

On a Cisco 800 series router that is running Cisco IOS Release 12.2(8)T, a Personal Handyphone System (PHS) Internet Access Forum Standard (PIAFS) call may become IP unreachable even after a negotiation succeeds. There is no workaround.

CSCdx07708

A Cisco router that is used as a gatekeeper may reload with a signal trap (Sigtrap) when the router processes a call from an H.323 terminal after a location confirmation (LCF) request is transmitted. This symptom is observed when the router is running the Gatekeeper Transaction Message Protocol (GKTMP). There is no workaround.

CSCdx08421

The burst parameter is not effective if the priority kpbs [burst] policy-map class configuration command is configured after the priority kbps policy-map class configuration command is configured.

Workaround: Enter the no priority kbps policy-map class configuration command, and reconfigure the burst parameter by entering the priority kpbs [burst] policy-map class configuration command.

CSCdx08427

Class-based weighted fair queueing (CBWFQ) matching on Differentiated Services Code Point (DSCP) does not work with hardware-assisted Virtual Private Network (VPN) encryption on a Cisco 1720 router that is running either Cisco IOS Release 12.2 or Release 12.2 T.

Workaround: Use process switching.

CSCdx11089

It may not be possible to activate the change password sequence through a Telnet session to a router that is using TACACS+ user authentication. This symptom is observed on a Cisco router that is using a CiscoSecure UNIX (CSUNIX) TACACS+ server and that is running Cisco IOS Release 12.2 T. There is no workaround.

CSCdx16870

Cisco uBR905 series universal broadband routers and Cisco CVA120 cable voice adapters may not boot properly when Cisco IOS Release 12.2(8)T1 is used.

Workaround: Avoid using Cisco IOS Release 12.2(8)T1 with either the Cisco uBR905 or the Cisco CVA120.

CSCdx21808

If the police conform is set to "set-prec-transmit", the precedence on the packet is not set when the policy map is attached to the distributed Link Fragmentation and Interleaving (dLFI) over ATM interface. There is no workaround.

CSCdx26010

On Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) provider edge (PE) routes that are running the Carrier Supporting Carrier (CSC) feature with the label distribution protocol (LDP) on the PE to customer edge (CE) interface, if LDP is toggled on and off, the router may not have Tag Forwarding Information Base (TFIB) entries for locally learned routes on a given VPN routing/forwarding (VRF) instance.

When this symptom occurs, no entries are shown after the show tag forwarding EXEC command is entered. Only tag information is displayed after the show ip cef vrf EXEC command is entered.

Workaround: Do not toggle LDP on or off.

CSCdx32319

High CPU utilization may occur on a three-way conference call. CPU utilization may exceed 20 percent if the calls are placed over Ethernet, and CPU utilization may exceed 30 percent when the calls are made over Ethernet and Multilink PPP (MLP). When these symptoms occur, traceback messages may also be displayed. There is no workaround.

CSCdx33510

A Cisco integrated access device (IAD) may hold dual tone multifrequency (DTMF) digits until a user hangs up. The offhook state of an endpoint is reported to the call agent, but digits that are dialed for the endpoint are not reported to the call agent. Subsequently, the offhook state of the endpoint prevents the endpoint from allowing a call to originate from the endpoint. The endpoint enters this state after a request for digits (A) is made by the call agent. This request is later followed by a request for digits (D). There is no workaround.

CSCdx34748

When a client modem dials into either a 1-port or 2-port analog modem WAN interface card (WIC-1AM/WIC-2AM) in the EXEC mode on either a Cisco 2600 or Cisco 3620 router, an EXEC session is started on the line for that client by the router. If another outgoing Telnet (or reverse Telnet) session is made from the first EXEC session, and if the user uses the escape character (^^x) to exit to a previous EXEC session, the characters that are transmitted by the client modem are received out of sequence by the first EXEC process.

For example, if the client modem transmits the string "show terminal", the EXEC session may receive the transmission as "howster inaml." The information that is received from the client modem continues to be garbled if the Telnet session is resumed.

Workaround: In such a scenario, avoid using the escape character (^^x) to return to the EXEC prompt and terminate the Telnet session from the server side.

CSCdx35197

A write memory request that is received via the Simple Network Management Protocol (SNMP) is rejected if there is already a write memory request in progress. This symptom is observed on a Route Processor Module-PRemium (RPM-PR) card that is installed in a Cisco switch that is running Cisco IOS Release 12.2(8)T.

Workaround: There is no workaround.

CSCdx36259

Traffic is dropped, and the following message may be displayed in the log:

%ATMPA-3-BADVCD: Switch1 bad vcd 25136 packet - 62308847 1F9DD0FE 000321FE 45000058 00010000 FE0001C2

This symptom is observed on a network in which two provider edge (PE) routers are connected via a label switch controller (LSC). The Multi-virtual circuit (VC) feature is also enabled on the network by entering the tag-switching atm multi-vc ATM subinterface submode command. 

There is no workaround.

CSCdx38578

An edge router that has the Multi-virtual circuit (VC) feature configured may reload when route flapping occurs. This symptom affects edge routers that have the Multi-VC feature configured and that have a label-controlled ATM (LC-ATM) interface that faces the Multiprotocol Label Switching (MPLS) core. When the route flaps occur, the timing between the deletion of different label-switched controlled virtual circuits (LVCs) that have the same prefix may cause a memory block to be freed multiple times. This behavior may cause the router to reload when the LC-ATM attempts to reestablish the LVCs. There is no workaround.

CSCdx39333

The tag forwarding table may not be populated correctly. This symptom occurs if the label distribution protocol (LDP) is used between provider edge (PE) and customer edge (CE) connections, and if the route goes from Open Shortest Path First (OSPF) to Border Gateway Protocol (BGP) in the Virtual Private Network (VPN) routing/forwarding (VRF) routing table.

This symptom is observed on a route that is known in a VRF (that is learned through the BGP and OSPF routing protocols) while hierarchical Multiprotocol Label Switching (MPLS) VPN is used.

Workaround: To remove routes from the VRF routing table, enter the clear ip route vrf [word] * EXEC command.

CSCdx41149

Interprocess communication (IPC) heartbeats may not be transmitted correctly. Within a few minutes after a universal router module (URM) comes up, the Cisco IGX 8400 multiservice WAN switch registers an IPC failure and declares the URM as "failed". When this symptom occurs, all ATM connections on the ATM network that terminate on the URM are brought down and traffic are stopped. If the dsplog command is entered on the Cisco IGX 8400 after this symptom occurs, the card is shown to be in the "IOS unavailable" state because of an IPC failure. This symptom may occur on Cisco IOS Release 12.2(8)T4 and earlier releases; however, this symptom has been observed more frequently with Cisco IOS Release 12.2(8)T and Release 12.2(8)T1.

Workaround: The following are the recommended steps for the workaround:

a. Enter the write memory privileged EXEC command to store the configuration for the router in NVRAM.

b. Enter the cnfrtr router-slot n privileged EXEC command to configure the router to load the Cisco IOS software configuration file from the Nodal Processor Module (NPM) battery-backup RAM (BRAM).

c. Enter the rstrtr router-slot privileged EXEC command to reset the URM on a specified router slot.

d. After the router has booted up with the default configuration and after the router has been running for five minutes, enter the copy startup-config running-config privileged EXEC command to configure the router.

Depending on the setup of the network, this workaround may not always work as expected.

CSCin01264

A Cisco 7500 router that is configured with distributed Compressed Real-Time Transport Protocol (dCRTP) and distributed Link Fragmentation and Interleaving (dLFI) on an ATM or Frame Relay link may reload after the shutdown interface configuration command followed by the no shutdown interface configuration command is issued on the interface.

Workaround: Do not configure dCRTP.

CSCin03391

When a ping is sent from a customer edge (CE) router to another CE router via a provider edge (PE) router, the ping fails. This condition occurs when the routers are configured using scripts. There is no workaround.

CSCin08334

A router may reload while it is booting up. This symptom is observed on a Cisco 7500 router that has the Compressed Real-Time Transport Protocol (CRTP) configured over a Link Fragmentation and Interleaving (LFI) link that has distributed Cisco Express Forwarding (dCEF) enabled.

Workaround: Configure CRTP after the LFI link comes up.

CSCuk27619

An incorrect adjacency may be created for the address of an interface after the shutdown interface configuration command followed by the no shutdown interface configuration command is issued. This symptom is observed when the Open Shortest Path First (OSPF) routing protocol is used.

Workaround: Issue the clear adjacency EXEC command to remove the incorrect adjacency.

Resolved Caveats—Cisco IOS Release 12.2(8)T3

Cisco IOS Release 12.2(8)T3 is a rebuild release for Cisco IOS Release 12.2(8)T. The caveats in this section are resolved in Cisco IOS Release 12.2(8)T3 but may be open in previous Cisco IOS releases.

CSCdw68066

A Cisco router that is configured as a Layer 2 Tunneling Protocol (L2TP) access concentrator (LAC) may not free memory properly if the vpdn authen-before-forward VPDN group mode command is configured. There is no workaround.

CSCdw76796

When a router is configured and used as a gatekeeper, the gatekeeper process does not return the held memory. This behavior causes subsequent calls to be refused and the following error message to be displayed:

gk_process Error decoding RAS Message...discarding

Workaround: Reload the router.

CSCdw92951

A Cisco H.323 Gatekeeper configured with "zone cluster remote xxx" and associated "elements" may reload when a call is passed to it. There is no workaround.

CSCdw95279

If a PPP over ATM (PPPoATM) session is configured to be forwarded into a Layer 2 Tunneling Protocol (L2TP) tunnel and if the tunnel fails to be established initially, extra Frame-Protocol attributes may appear in the accounting record when the session is eventually established. The router may reload if the tunnel fails to be established over a sustained period of time. There is no workaround.

CSCin03194

A Cisco 3620 H.323 gatekeeper may reload while it is executing the show gatekeeper server EXEC command. There is no workaround.

Resolved Caveats—Cisco IOS Release 12.2(8)T2

Cisco IOS Release 12.2(8)T2 is a rebuild release for Cisco IOS Release 12.2(8)T. The caveats in this section are resolved in Cisco IOS Release 12.2(8)T2 but may be open in previous Cisco IOS releases.

CSCdw64591

A Cisco Route Processor Module (RPM) may pause indefinitely and display the following message on the console after the clear ip ospf process EXEC command is issued:

%ATMPA-3-BADVCD: Switch1 bad vcd 1460 packet - 05B49847 000900FE 002021FE 45000058 00010000 FE00C3A0

Workaround: Reset the RPM.

CSCdw84776

When a customer edge (CE) router advertises a route that contains the provider edge (PE)-CE link, the PE router fails to install this route to the virtual private network routing/forwarding instance (VRF) because the route is already registered in the VRF as a connected route. If the connected route is learned from the redistribution of connected routes to the Border Gateway Protocol (BGP) through the external Border Gateway Protocol (eBGP), the BGP on the PE router marks the route with Routing Information Base (RIB) failure and prevents the route from being advertised to other peer internal Border Gateway Protocol (iBGP) PE routers. This behavior causes a loss of connectivity from the local connected route to the remote sites.

Workaround: Source the route on the PE router. Do not allow the CE router to advertise the route that connects the PE and the CE routers. This condition does not occur if eBGP is not configured between the CE and PE routers and if a routing protocol such as the VRF, Interior Gateway Protocol (IGP), Open Shortest Path First (OSPF), or Routing Information Protocol (RIP) is used.

CSCdx01120

Route Processor Module (RPM)-ATM hybrid connections that are provisioned using the Cisco WAN Manager (CWM) Connection Manager (CM) graphical user interface (GUI) may appear in the "mismatch" state on the RPM side. This symptom occurs when a Route Processor Module (RPM)-ATM hybrid is provisioned through the CWM CM GUI and when the hybrid connection is modified through the CM GUI.

Workaround: Reapply the same parameters.

CSCdx11351

When a permanent virtual circuit (PVC) is deleted from the Cisco WAN Manager (CWM), the Route Processor Module (RPM) resets and produces a flash file. This behavior occurs only when a service policy is configured on the connection.

Workaround: Add the service policy to the PVC after a connection is added. Manually remove the service policy for a connection before deleting the connection and PVC from the CWM.

CSCdx20717

A Cisco 3600 series router that is running Cisco IOS Release 12.2(8)T may reload if a Multilink Frame Relay (MFR) bundle is oversubscribed. There is no workaround.

CSCdx20802

Memory fragmentation may cause the memory allocation of 2 MB of memory to fail. This condition occurs when multiple virtual connections are configured. There is no workaround.

CSCdx20814

A freed virtual circuit descriptor (VCD) can be reused immediately after the associated virtual circuit (VC) is removed. If the driver fails to remove the VC promptly, a VC creation error may occur on the new VC to which the VCD has been reassigned. There is no workaround.

CSCdx26224

The cache l3 bypass global configuration command is missing from the running configuration of an active Route Processor Module (RPM) after an RPM switchover occurs. There is no workaround.

CSCin07419

A Route Processor Module (RPM) may return to the default "ON" state and support automatic cellbus clock change after the no rpm auto cbclk change command is issued and the card is reloaded.

Workaround: Issue the no rpm auto cbclk change command explicitly on the reloaded card after every reload.

CSCuk31794

Not all prefixes may not be cleared from the Cisco Express Forwarding (CEF) forwarding table if CEF is toggled or if the clear ip route * EXEC command is issued. There is no workaround.

Resolved Caveats—Cisco IOS Release 12.2(8)T1

Cisco IOS Release 12.2(8)T1 is a rebuild release for Cisco IOS Release 12.2(8)T. The caveats in this section are resolved in Cisco IOS Release 12.2(8)T1 but may be open in previous Cisco IOS releases.

CSCdv75121

If the write memory command is entered on a Cisco router that has a line card and if the line card reloads while the write memory command is being processed, the master Route Switch Processor (RSP) may cause the router to pause indefinitely or reload. There is no workaround.

CSCdv84788

A Versatile Interface Processor (VIP) may reload or record spurious access after class maps are configured for Frame Relay. There is no workaround.

CSCdw04669

A Cisco router reloads if the encapsulation is changed from PPP to High-Level Data Link Control (HDLC) on a Packet over SONET interface that has the mpls traffic-eng autoroute command enabled and for which the autorouting first has occurred and then has cleared. There is no workaround.

CSCdw12606

On a Cisco 7200 router that is running Cisco IOS Release, active permanent virtual circuits (PVCs) may be recreated even when no changes are made to the configuration. This condition occurs when the end command is issued on the router while the router is in the PVC configuration mode or the VC class configuration mode. There is no workaround.

CSCdw18116

Under stress conditions, a multichannel port adapter such as a PA-MC-T1 or a PA-MC-E1 may experience an output stuck condition when the port adapter is configured to operate in the PRI mode. There is no workaround.

CSCdw28810

When header compression is enabled on a dialer interface or a virtual access interface, no compression occurs. There is no workaround.

CSCdw34553

A Cisco Voice over IP (VoIP) gateway that uses version 3 (or a later version) of the H.323 International Telecommunication Union (ITU) standard specification may reload when the VoIP gateway is used with another VoIP gateway that uses an H.323 ITU standard specification version earlier than version 3 while there is a heavy call volume. There is no workaround.

CSCdw35237

The following traceback message may be displayed after the shutdown interface configuration command followed by the no shutdown interface configuration command is issued on an interface that has an IP phone connected to its ports:

Event 'link_down' is invalid for the current state 'link_down'

This message indicates that a redundant event was received by a software state machine. The link-down event was received when the link state of the interface was already in the down state. There is no workaround.

CSCdw42862

On a Cisco 7200 series router that is running Cisco IOS Release 12.2(6.1)T, a bus error may occur when the ip tcp header-compression interface configuration command is issued. There is no workaround.

CSCdw47263

When an ATM switching module cable is disconnected between two label switch controllers (LSCs), tag bindings are not established when they are rerouted.

Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the extended tag (XTag) interfaces.

CSCdw47524

A loop may occur in a configuration if an additional port and an Ethernet channel are configured on a switch and if the Spanning Tree Protocol (STP) state is set to block while the STP state for the additional port is set to forwarding.

Workaround: Ensure that the STP state of the Ethernet channel is set to forwarding. To avoid the additional link to the switch, add the additional link to the Ethernet channel.

CSCdw47678

A Versatile Interface Processor (VIP) card may reload when a multilink interface that has a service policy priority configured in the policy is shut down. There is no workaround.

CSCdw47681

Multicast traffic may be sent through ports that are not part of a multicast group on the double wide EtherSwitch network module. There is no workaround.

CSCdw51152

When Flash memory or NVRAM memory is accessed while the write memory or the show running-config EXEC command is executed, high CPU utilization may occur if there is heavy packet traffic. This behavior occurs because the Layer 2 switching network module for the Cisco 2600 and 3600 router Peripheral Component Interconnect (PCI) bus is waiting for direct memory access (DMA) access to memory. There is no workaround.

CSCdw52832

A Cisco router boots the boot image in bootflash instead of booting the full Cisco IOS image from the disk if all of the following conditions are met:

The configuration register is set to autoboot.

There is no configuration in the NVRAM.

The boot system command is not in the configuration.

There is a complete and bootable Cisco IOS image on the disk, and there is a boot image in bootflash.

Workaround: Set the router to boot the image from the disk using the boot system global configuration command.

CSCdw54871

When a Cisco 2600 or 3600 router that has an EtherSwitch network module installed is booted, the following error messages may be displayed:

*** unable to assign MAC addr to eswilp port(30)*** Error in allocating MAC Addr (int 4/30)

*** unable to assign MAC addr to eswilp port(31)*** Error in allocating MAC Addr (int 4/31)

*** unable to assign MAC addr to eswilp port(32)*** Error in allocating MAC Addr (int 4/32)

*** unable to assign MAC addr to eswilp port(33)*** Error in allocating MAC Addr (int 4/33)

*** unable to assign MAC addr to eswilp port(34)*** Error in allocating MAC Addr (int 4/34)

*** unable to assign MAC addr to eswilp port(35)*** Error in allocating MAC Addr (int 4/35)

*** unable to assign MAC addr to eswilp port(36)*** Error in allocating MAC Addr (int 4/36)

*** unable to assign MAC addr to eswilp port(37)*** Error in allocating MAC Addr (int 4/37)

MAC addresses on the EtherSwitch network module are assigned from a base MAC address, and the address is incremented with each consecutive port. This condition occurs if the incremented MAC address that is assigned to the port differs from the base MAC address in the second least significant digit. There is no workaround.

CSCdw54940

On a router that is running Cisco IOS Release 12.0(20.3)ST3, Release 12.0(20.4)ST, Release 12.2(7.6), or Release 12.2(7.4)T, outgoing labels may become untagged in the Tag Forwarding Information Base (TFIB) when a traffic engineering (TE) tunnel goes down.

This situation may occur between two label switching routers that have the Label Distribution Protocol (LDP)/Tag Distribution Protocol (TDP) configured on a 1-hop tunnel and also on a physical link. When the tunnel goes down, the outgoing label for a prefix that is reachable via a physical link may become untagged.

Workaround: Enter the clear ip route network command, where the network argument is the IP address of the TFIB entry that became untagged.

CSCdw57001

In Cisco IOS Release 12.2 T, some attributes may be missing when an extra stop record is sent. The extra stop record should not be sent. There is no workaround.

CSCdw57010

When a Cisco router is used as a Layer 2 Tunneling Protocol (L2TP) access concentrator (LAC), session forwarding does not work if the L2TP network server (LNS) requests data sequencing while fast switching or Cisco Express Forwarding (CEF) switching is disabled on the L2TP interface. Fast switching or CEF switching is automatically turned off for L2TP traffic if the LNS uses User Datagram Protocol (UDP) checksums.

Workaround: Enable fast switching or CEF switching, and configure the vpdn ip udp ignore checksums global configuration command if the LNS uses UDP checksums.

CSCdw57301

Intermittent TACACS+ authentication failures may occur, and the following message may be displayed in the debug output when the debug tacacs EXEC command is issued on a router:

TPLUS(xxxx): Select Error Invalid argument

Workaround: Reload the router.

CSCdw57544

When an EtherChannel is configured between two EtherSwitch network modules, bridge protocol data units (BPDUs) are sent on only one of the bundled ports. The port on which BPDUs are sent is selected by the EtherSwitch network module. If the receiving switch decides to block BPDUs on the devices that are connected to the port, no BPDUs are received by the switch.

This condition occurs because there is an incompatibility in the selection of the port that exchanges BPDUs. When this condition occurs, the nonroot switch erroneously assumes the role of the root and puts the EtherChannel in the forwarding state.

Workaround: Enable the transmission of BPDUs on one port on the EtherChannel, and enable the reception of BPDUs on all ports in the bundle.

CSCdw59420

A Cisco 2600 router that has a 1-port G.shdsl WAN interface card (WIC-1SHDSL) and that is running Cisco IOS Release 12.2(7.5)T or Release 12.2(4)XL and that is connected to a vendor-specific digital subscriber line access multiplexer (DSLAM) device may experience line flapping about once an hour. The line usually regains its normal function within a minute. This condition appears to occur because of interoperability issues between the WIC-1SSHDSL interface card and the vendor-specific DSLAM device. The WIC-1SHDSL interface card works normally when it is tested with other DSLAM devices. There is no workaround.

CSCdw59938

A label switch controller (LSC) may reload if an interface on a downstream router is shut down. This condition occurs when LSCs are configured to use the Tag Distribution Protocol (TDP). The output label switched controlled virtual circuit (LVC) is torn down after the downstream interface is shut down. If the routing protocol has not converged, a new output LVC request is sent to the downstream router using the same interface. When the routing update occurs, the requested output LVC is deleted and the input LVC is released. After the input LVC is released, the LSC will reload if it attempts to delete the output LVC. There is no workaround.

CSCdw60124

If an ATM tag switching subinterface is created and multi-virtual circuit (Multi-VC) is enabled on the subinterface, the local prefixes of a label distribution protocol (LDP) neighbor do not appear in the label forwarding table if the subinterface is deleted and subsequently recreated.

Workaround: Reload the router.

CSCdw62829

The high-density analog voice/fax network module (NM-HDA) for the Cisco 2600 and 3600 router platforms supports Local Voice Busyout (LVBO) features. The busyout-monitor voice-port configuration command can be configured on the NM-HDA voice ports to permit the busyout monitoring of local interfaces or remote interfaces using Service Assurance Agent (SAA) probes.

LVBO features work after they are configured and can be saved into NVRAM, but the busyout-monitor voice-port configuration command is rejected and disappears from the running configuration after the router is rebooted.

This condition does not affect the voice ports of the 2-port recEive and transMit (E&M) voice interface card (VIC-2E/M), the 2-port Foreign Exchange Station (FXS) voice/fax interface card (VIC-2FXS), or the 2-port Foreign Exchange Office (FXO) voice/fax interface card (VIC-2FXO) that are housed on the 1-port voice network module (NM-1V) or the 2-port voice network module (NM-2V).

Workaround: Issue the copy startup-config running-config privileged EXEC command to reinsert the missing commands.

CSCdw62969

A network access server (NAS) that is running Cisco IOS Release 12.2(02)XB3 or Release 12.2(8)T may reload when Layer 2 forwarding (L2F) virtual private dial-up network (VPDN) calls are placed using an authentication, authorization, and accounting (AAA) VPDN user profile that does not contain the RADIUS class (25) attribute.

Workaround: Configure a dummy RADIUS class (25) attribute in the VPDN user profile on the AAA server.

CSCdw63013

If the ipv6 router rip global configuration command is issued after the ip access-list global configuration command has been issued, the entry of subsequent IPv6 redistribute router configuration commands will fail. This condition occurs typically after the router reloads. The redistribute router configuration command is present in the startup configuration but not the running configuration.

Workaround: Reissue the missing redistribute router configuration command.

CSCdw64740

Tag switching advertise tags do not work when Tag Distribution Protocol (TDP) is toggled between the tag-switching advertise-tags global configuration command and the no tag-switching advertise-tags global configuration command. This condition is observed when Cisco IOS Release 12.2(7.6)T or Release 12.0(20.3)ST3 is used and does not occur when the Label Distribution Protocol (LDP) is used.

Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface that has the TDP session configured.

CSCdw66010

Shaping may not work properly if the cellbus clock is not set correctly. The cellbus block must be set to 42 MHz if Route Processor Modules (RPMs) are slotted side by side in the same cellbus pair. If a card is removed and the cellbus configuration is left at 42 MHz (instead of 21 MHz), shaping does not work properly for the RPM card. Similarly, if the cellbus is not set to 42 MHz when a card is added in such a way that it shares the same cellbus pair as another RPM, shaping is not done correctly. There is no workaround.

CSCdw66983

Under rare circumstances, the remote maximum burst size (RMBS) value may be missing from the running configuration and the startup configuration and cause a connection to fail.

Workaround: Add the RMBS value manually under the switch connection mode.

CSCdw67208

If the Label Distribution Protocol (LDP)-based Carrier supporting Carrier (CsC) feature is configured on a Virtual Private Network routing/forwarding (VRF) interface of a provider edge (PE) router and the Border Gateway Protocol (BGP) reallocates a new label for a Virtual Private Network (VPN) prefix, the LDP does not advertise the changed label to the customer edge (CE) routers.

The CE routers will still have the old label for the prefix. If you enter the show mpls forwarding-table command on the CE and PE routers, the old label will be returned:

Use the show mpls forwarding-table ldp binding command on the CE routers.

Use the show mpls forwarding-table ldp binding vrf vrf-name command on the PE router.

Workaround: Clear the LDP session between the PE router and the CE routers by entering the shutdown command followed by no shutdown command on the VRF interface of the PE router.

CSCdw67530

When a label switch controller (LSC) fails an attempt to remove a cross-connect, spurious memory accesses may occur after the "%TCATM-4-XCONNECT-REMOVE-FALIED" error message is displayed. There is no workaround.

CSCdw67882

If Tag Distribution Protocol (TDP) is configured between a router running that is Cisco IOS Release 12.2(7.6)T, Release 12.0(20.3)ST3, or Release 12.0(20.4)ST and another router and the mpls ldp explicit-null command is also configured, the explicit-null label is not advertised by TDP.

Workaround: Use Label Distribution Protocol (LDP) instead of TDP.

Alternate workaround: Reset the TDP session after you have configured the mpls ldp explicit-null command. Whenever you change the explicit-null label configuration, you will need to reset the TDP session. To reset the TDP session, enter the shutdown command followed by the no shutdown command on the link that is running TDP.

CSCdw69707

When a Route Processor Module (RPM) subinterface is shut down, an incorrect value is given for the administrative status of the subinterface when a Simple Network Management Protocol (SNMP) walk is performed on the Processor Switch Module (PXM). There is no workaround.

CSCdw71436

Under rare circumstances, a Cisco router may reload because of a segmentation violation (SegV) when fax calls are present. There is no workaround.

CSCdw72760

When Multilink PPP (MLP) is configured on an asymmetric digital subscriber line (ADSL) interface, the transmission path may fail. If two packets are sitting on the interface queue and the two packets are not dequeued, MLP may treat this condition as a congestion condition. MLP subsequently drops the packets and causes the transmission path to fail. There is no workaround.  

CSCdw73302

When a Tool Command Language (TCL) interactive voice response (IVR) application is used on a Cisco voice gateway for two-stage calls, the configured translation rule may be applied for each received digit instead of just for the initial digit. There is no workaround.

CSCdw73507

IP phones may not perform a network side ringback if a call originates from a Public Switched Telephone Network (PSTN). There is no workaround.

CSCdw74214

When Signaling System 7 (SS7) calls are made on a Cisco BTS 10200 softswitch and if the originating gateway is a Cisco 3660 router, a "510 Network Type Not Supported" error message is displayed. There is no workaround.

CSCdw80828

In Cisco IOS Release 12.2(7.6)T, Release 12.0(20.3)ST3, or Release 12.0(20.4)ST, if Tag Distribution Protocol (TDP) is running between two routers and the state of a Tag Information Base (TIB) entry changes quickly from "withdrawn" to "assigned," TDP may not advertise a tag. This situation may occur under stress when a large routing change takes place.

Workaround: Reset the TDP session by entering the shutdown command followed by the no shutdown command on the interface on which the TDP session is configured.

Alternate workaround: Use Label Distribution Protocol (LDP) instead of TDP.

CSCdw81386

When a Cisco IAD2420 series integrated access device (IAD) is internetworking with a Cisco BTS10200 soft switch through Media Gateway Control Protocol (MGCP), the MGCP connection may pause indefinitely. The hung MGCP connection cannot be cleared when a delete connection (DLCX) message is sent.

Workaround: Reload the IAD and reset the MGCP stack using the no mgcp global configuration command.

CSCdw82351

A Cisco gateway that is running Cisco IOS Release 12.2(8)T, 12.2(2)XU, or 12.2(2)XB3 and that is running a voice application may reload under a heavy load. This condition occurs when Signaling System 7 (SS7) ISDN User Part (ISUP) transparency is used or when a large amount of information about supplementary services is passed. There is no workaround.

CSCdw84363

The EtherSwitch network module is capable of providing inline 48 V power to IP phones. The source of the 48 V power can be from an internal power supply on Cisco 3725 and 3745 routers or an external power supply that attaches directly to the EtherSwitch network module.When an external power supply is attached the EtherSwitch network module, the internal power supply will supply power to the IP Phones should the power supply from the external power source be interrupted.

In a setup in which both power supplies are present and the IP phones are powered by the EtherSwitch network module, the show power inline EXEC command shows an incorrect budgetting of power. Some ports continue to be supplied with 48 V power even when the shutdown interface configuration command and the power inline never interface configuration command is configured on the ports. There is no workaround.

CSCdw84594

After the show diag privileged EXEC command is issued, incorrect hardware and revision information values may be displayed for a high density analog voice network module (NM-HDA) that uses the TLV_IDPROM process that is installed on a Cisco 2600 router. There is no workaround.

CSCdw87704

On a Cisco router that is used for PPP over ATM (PPPoA) aggregation, authentication for PPP sessions may fail even if the authentication, authorization, and accounting (AAA) server responds with a success signal.

Workaround: Clear the virtual access interface of the user.

CSCdw89965

A Multiprotocol Label Switching (MPLS) router that has several virtual private network (VPN) or IP version 4 (IPv4) Border Gateway Protocol (BGP) routes may experience a memory leak if the route to the BGP neighbor flaps. The memory leak is about 100 bytes per BGP route for each route flap. High memory consumption in the output of the Tag Forwarding Information Base (TFIB) of the show memory summary tfib EXEC command is an indication of the presence of a memory leak. There is no workaround.

CSCdw90187

If a T1 connection between a Cisco IAD2420 series integrated access device (IAD) and a PBX bounces during a call, the IAD does not wait for the endpoints to become available. Instead, the IAD immediately sends a Restart in Progress (RSIP) command to the call agent. The call agent immediately audits the endpoints, receives a "500 response" message, and marks the endpoints as faulty. This behavior prevents all further calls to these endpoints from going through.

Workaround: On the call agent, first configure the endpoints as "Out of Service (OOS)" and then as "In Service (InService)."

Alternate workaround: On the IAD, issue the no mgcp global configuration command followed by the mgcp global configuration command.

CSCdw91279

A Cisco router that is running Cisco IOS Release 12.2(5.7)T or a later release and that is acting as a Layer 2 Tunneling Protocol (L2TP) access concentrator (LAC) or L2TP network server (LNS) may fail to process valid L2TP Zero-Length Body Acknowledgement (ZLB ACK) packets. This behavior may cause sessions and tunnels to drop. There is no workaround.

CSCdw93992

A Cisco Layer 2 Tunneling Protocol (L2TP) access concentrator (LAC) may fail to send accounting records for a PPP over ATM (PPPoA) call after the call has been forwarded via L2TP to an L2TP network server (LNS). The LNS drops the call by sending a Call Disconnect Notification (CDN) message to the LAC.

Workaround: Clear the virtual access interface for the call on the LAC.

CSCdx01120

Route Processor Module (RPM)-ATM hybrid connections that are provisioned using the Cisco WAN Manager (CWM) Connection Manager (CM) graphical user interface (GUI) may appear in the "mismatch" state on the RPM side.

Workaround: Reapply the same parameters.

CSCdx02036

In a Carrier Supporting Carrier (CsC) topology that has two Cisco provider edge (PE) routers that are connected through a Packet over SONET (POS) interface, if a prefix of a third Cisco PE router is learned over the POS interface, the prefix comes up as untagged after the topology has been configured. This situation causes traffic forwarding to be halted through the CsC core.

Workaround: Manually clear the prefix from the routing table to establish a tag for the prefix.

CSCdx04374

If the Connectionless Network Protocol (CLNS) is configured on a switch virtual interface (SVI) that is installed on a Cisco 2600, Cisco 3600, or Cisco 3700 router, the router does not learn the SubNetwork Point of Attachment (SNPA)/MAC address correctly and sends packets to a nonexisting MAC address. There is no workaround.

CSCdx09795

When the Multiprotocol Label Switching (MPLS) virtual private network (VPN) Carrier feature is configured on a Carrier Supporting Carriers (CSC)-provider edge (PE) router, the CSC-PE router may not allocate local labels to the remote virtual private network routing/forwarding (VRF) prefixes that are learned from the internal Border Gateway Protocol (iBGP) peer for the CSC-PE router. This behavior causes untagged outlabels to be created for the prefixes in the CSC-customer edge (CE) router that is connected to the CSC-PE router. This behavior occurs if the carrier is configured on the VRF after the remote VRF prefixes are learned by the CSC-PE router through iBGP. There is no workaround.

CSCin02629

A Cisco Voice over IP (VoIP) gateway that is configured for interactive voice response (IVR) may fail to provide a ringback tone to a calling party when the called party is alerted.

Workaround: Replace IVR with the default application.

CSCin03065

When an attempt is made to create an additional session that has similar tunnel parameters that are defined by a RADIUS profile (for the same domain, the same user, or a different user), instead of creating a session under the existing tunnel, a new tunnel and a session are created. This condition is observed in Cisco IOS Release 12.2(7.4)T and occurs if the tunnel parameters are defined by RADIUS without either of the following definitions:

Cisco-Avpair vpdn:tunnel-id = "xyz"

or

Tunnel-Client-Auth-ID = "xyz"

Workaround: Define one of the following definitions under a RADIUS profile when tunnel parameters are defined:

Cisco-Avpair vpdn:tunnel-id = "xyz"

or

Tunnel-Client-Auth-ID = "xyz"

CSCin03199

A Cisco gatekeeper that is running Cisco IOS Release 12.2(8)T may reload when a location request (LRQ) is forwarded by the directory gatekeeper (DGK) to a remote cluster. This condition occurs only in a DGK that has a remote cluster configuration. There is no workaround.

CSCin03316

A Resource Reservation Protocol (RSVP) session that requests Traffic Control quality of service (QoS) leaks approximately 1.3 KB of memory when the session ends. The memory leak does not depend on the duration of the session, and the memory leak occurs on all Cisco routers along the session path. The rate of the memory loss is proportional to the rate at which RSVP sessions are created and terminated. There is no workaround.

CSCin04997

A Cisco IAD2420 series integrated access device (IAD) reloads when the Simple Network Management Protocol (SNMP) is used to set the "cvIfCfgRegionalTone" attribute in the CISCO-VOICE-IF-MIB MIB for the Foreign Exchange Office (FXO) port. There is no workaround.

CSCuk32142

When PPP over Ethernet (PPPoE) is configured to run on an ATM or inverse multiplexing over ATM (IMA) interface on a Cisco 7200 series router that is running Cisco IOS Release 12.2(6.1)T, a number of spurious memory accesses may occur. There is no workaround.

Resolved Caveats—Cisco IOS Release 12.2(8)T

All the caveats listed in this section are resolved in Cisco IOS Release 12.2(8)T. This section describes only severity 1, severity 2, and select severity 3 caveats.

Basic System Services

CSCdw30064

When Cisco IOS Release 12.2(6.8)T is tested for a Large Scale Dialout (LSDO) that has a Multiprotocol Label Switching (MPLS) configuration, the second link may fail to negotiate with the peer after the first link comes up and is successfully added to the bundle. There is no workaround.

CSCdw48431

On a Layer 2 Tunneling Protocol (L2TP) network server (LNS) that is running Cisco IOS Release 12.2(4)B, if the LNS receives attribute-value pair (AVP) 22 (Calling-Station-Id) through the L2TP tunnel and if no AVP 21 (Called-Station-Id) is received through the L2TP tunnel at the same time, the LNS will send out a blank string for AVP 30 (Called-Station-Id) to the LNS RADIUS server. This behavior affects both access-requests and accounting-requests. There is no workaround.

Interfaces and Bridging

CSCdw48003

A Cisco 7200 or 7500 router that is running flo_t images of Cisco IOS Release 12.2(7.5)T may not detect a 10Base-T Ethernet port adapter (PA-4E or PA-8E) after the router has booted up and may display the following log message:

00:00:11: %AMDP2_FE-1-DISCOVER: Only found 0 interfaces on bay 5, shutting down bay

The port adapter is shown as "disabled deactivated powered off" when the show diag privileged EXEC command is issued. There is no workaround.

IP Routing Protocols

CSCdw26140

When a Cisco router that has a Route Switch Processor (RSP) and that is running Cisco IOS Release 12.2(6.8)T is used to verify an area-range OUT filter, the summary address link-state advertisement (LSA) is not removed even after all the components are filtered. There is no workaround.

CSCdw34303

Open Shortest Path First (OSPF) packets may become wedged on an interface input queue if the interface is configured as a passive OSPF interface. There is no workaround.

Miscellaneous

CSCdv40844

Multiprotocol Label Switching (MPLS) forwarding entry may not be created for a recursive static route. The router should be configured with a recursive static route, using MPLS forwarding to that destination. This condition occurs when the label distribution protocol (LDP) remote binding from the resolved- next-hop router is received after the static route is installed in Cisco Express Forwarding (CEF).

Workaround: Enter the clear ip route static-route-prefix command.

CSCdv59309

Two vulnerabilities exist in the virtual private dial-up network (VPDN) solution when Point-to-Point Tunneling Protocol (PPTP) is used in certain Cisco IOS releases prior to 12.3. PPTP is only one of the supported tunneling protocols used to tunnel PPP frames within the VPDN solution.

The first vulnerability is a memory leak that occurs as a result of PPTP session termination. The second vulnerability may consume all interface descriptor blocks on the affected device because those devices will not reuse virtual access interfaces. If these vulnerabilities are repeatedly exploited, the memory and/or interface resources of the attacked device may be depleted.

Cisco has made free software available to address these vulnerabilities for affected customers.

There are no workarounds available to mitigate the effects of these vulnerabilities.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-pptp.shtml.

CSCdv70166

Internet Key Exchange (IKE) authentication cannot be completed when a communication server (CS) Virtual Private Network (VPN) client version 1.1 (with certificates) is used to establish an IP Security (IPSec) tunnel using a Cisco IOS software release such as Cisco IOS Release 12.2 T, 12.2(2)XH, or 12.2 XD that supports multiple crypto certification authority (CA) identities. The router cannot figure out which certificate to return even when the configuration has only one CA identity and one certificate. There is no workaround.

CSCdv79210

A Cisco router gradually looses memory when Media Gateway Control Protocol (MGCP) calls are originated on the router. There is no workaround.

CSCdv81719

Currently, the set-fr-de functionality on a modular quality of service command-line interface (MQC)-based policer is not supported in the output direction for multicast-switched packets. There is no workaround.

CSCdv87550

A Cisco 3662 router that is running Cisco IOS Release 12.1(5)YD3 may experience a memory allocation error that points to a memory leak. To verify if this condition is occurring, issue the show memory EXEC command. If this condition is occurring, the command output of the show memory EXEC command will indicate that the amount of total free memory is decreasing and is held primarily by the VTSP and CCH323_T processes.

Workaround: Reload the router when the memory is low.

CSCdv88875

If a router is reloaded after the cookie for a distributed forwarding card (DFC) is changed from E1 to T1, the controller is shown as T1 if the show running-config EXEC command is issued. There is no workaround.

CSCdw00531

The Resource Reservation Protocol (RSVP) cannot be used over ATM permanent virtual circuits (PVCs) on an interface or a PPP subinterface.

If the ip rsvp resource-provider wfq pvc interface configuration command is configured on the ATM interface, the reservations are rejected and an admission control error is sent to the receiver.

If the ip rsvp resource-provider wfq pvc interface configuration command is not configured on the ATM interface, the reservations may be accepted but they will not ensure the quality of service (QoS) for the reserved traffic.

This condition can be verified by examining the output of the show ip rsvp installed EXEC command and the show ip rsvp installed detail EXEC command. If this condition was occurring, the flow will be assigned a QoS provider of "None" instead of a weighted fair queuing (WFQ) weight. This condition exists on all routers that support the RSVP and ATM interfaces.

Workaround: Reconfigure the interface as a multipoint interface.

CSCdw03706

A Cisco AS5850 may reload if the dir disk0 command is issued after an online insertion and removal (OIR) is performed on the disk.

Workaround: After the disk is inserted, do not issue the dir command until at least two minutes have elapsed.

CSCdw03814

A Cisco 2600 router may return to the ROM monitor (ROMMON) mode when the input gain values are configured on a BRI voice port. There is no workaround.

CSCdw06470

Voice over IP (VoIP) channel-associated signaling (CAS) calls that are of the recEive and transMit (E&M)-wink-start signaling type may fail. This condition does not affect calls that are of the E&M-immediate-start signaling type. There is no workaround.

CSCdw09805

When a virtual profile that is cloned from an authentication, authorization, and accounting (AAA) server is used with a Cisco AS5350 or Cisco AS5400 for modem users, the successfully cloned virtual access interface may pass traffic only once. The virtual access interface will stop subsequent attempts to pass traffic. This condition affects link control protocol (LCP) echo requested (REQ) keepalives.

Workaround: Do not use virtual profiles for modem calls. Remove the virtual-profile virtual-template number global configuration command or configure the virtual-profile if-needed global configuration command (to limit the number of cases in which virtual access interfaces will be created) and remove per-user idle-timeout values and virtual profile attributes that are defined using RADIUS or TACACS.

CSCdw09895

A Cisco 3660 router may display "%SYS-3-MGDTIMER" and traceback messages if the Hot Standby Routing Protocol (HSRP) process fails to open a User Datagram Protocol (UDP) socket. When this condition occurs, any configured HSRP group may appear to pause indefinitely in the "init" state.

Workaround: Remove and read the HSRP configuration.

CSCdw09918

When the snmp-server enable traps vsimaster global configuration command is set in the running configuration, the following commands may cause a Route Processor Module (RPM) session that is conducted through Telnet or directly through the console port to pause indefinitely:

show running-config

write memory

show start

reload

configure terminal

Workaround: Perform the following steps:

a. Enter the copy running-config c:auto_config_slot slot number command.

b. Transfer the auto_config_slot file from the Processor Switch Module (PXM) card using FTP.

c. Remove the snmp-server enable traps vsimaster global configuration command from the configuration.

d. Transfer the file back to E:RPM on the PXM card using FTP.

e. Reset the RPM card from the PXM using the reset cd command.

CSCdw10360

Popping or clicking noises may be heard on the number 1 and 2 Foreign Exchange Service (FXS) ports of a Cisco IAD2400 series integrated access device. The noise may occasionally be heard on port numbers 3, 4, 9, and 10. The noise is usually heard while the Cisco IAD2400 is being stress tested.

Workaround: Do not use the noisy ports.

CSCdw10866

A Cisco 3660 router may reload and display traceback messages when the atm vc-per-vp interface configuration command is issued. There is no workaround.

CSCdw12544

On a Cisco 6400 carrier-class broadband aggregator, the tunnel service is not accessible by the user if the packet size is greater than the maximum transmission unit (MTU) that is configured on the tunnel service profile (with B attribute, Service Selection Gateway [SSG] service information, and vendor-specific attributes [VSAs]).

Workaround: Do not configure the tunnel MTU in the service profile (with B attribute, SSG service information, and VSAs) and set the path MTU to 1500 bytes.

Alternate workaround: Disable Cisco Express Forwarding (CEF) on the downlink interface.

CSCdw12637

The mgcp dlcx command does not work for an analog endpoint. A connection that has paused indefinitely is not deleted when the mgcp dlcx aaln/s1/1 command is issued. There is no workaround.

CSCdw14859

On a Cisco AS5300 that is running Cisco IOS Release 12.2(6.3)PI, traceback messages may be displayed after a callback is placed. There is no workaround.

CSCdw20915

A Cisco 806 router that is running Cisco IOS Release 12.2(2)XK may reload shortly after the Rivest, Shamir, & Adleman (RSA) keys are generated. There is no workaround.

CSCdw21541

If the literal key (*) is specified as a dual tone multifrequency choice in a menu, the literal key (*) is construed as the meta-character pattern that denotes a variable-length string. This behavior causes subsequent digits to be consumed to match this pattern instead of being given to subsequent dialogs. There is no workaround.

CSCdw24259

E1/R2 modem calls may fail if the Resource Pool Manager Server (RPMS) decides to use a device from another pool to answer the call after Dialed Number Identification Service (DNIS) information is collected.

Workaround: Use the same device to answer the call.

CSCdw27408

When a virtual profile is used through authentication, authorization, and accounting (AAA) to configure a RADIUS timeout absolute minutes [seconds] interface configuration command with a value that is greater than 35,790 minutes (2,147,483 seconds or 24 days), the cloning of the virtual access interface may fail. This behavior prevents the virtual interface from being used for another call even if the virtual interface uses a small timeout value.

Workaround: Do not attempt to configure RADIUS session timeout values that lie outside the valid range. This caveat entry changes the session timeout to use a 64-bit timer, which increases the maximum value of the timeout absolute minutes [seconds] interface configuration command to approximately 71,582,787 minutes (136 years).  

CSCdw28317

A Cisco AS5300 that is running Cisco IOS Release 12.2(2)XA3 and that is using 128 MB of DRAM may reload under moderate-to-heavy call volume with memory leak errors and may generate the following stack trace:

System was restarted by error - a Software forced crash, PC 0x6039AE4C

The memory leak occurs when the gatekeeper returns at least one alternate endpoint that contains clear tokens in the registration confirmation (RCF) and the gateway sends an H.225 setup message to an alternate destination after the primary destination fails. There is no workaround.

CSCdw28757

A Cisco Route Processor Module-PRemium (RPM-PR) may display an "imprecise data parity error" error message on the console and reload. There is no workaround.

CSCdw32444

A Cisco router may reload if the expansion module-digital signal processor (EM-DSP) in the high density analog (HDA) module sends an alarm indication and firmware restart indication signals.

Workaround: Replace the EM-DSP.

CSCdw35046

A Cisco router may reload when proxied RADIUS is used for authentication and accounting. There is no workaround.

CSCdw35565

Incoming R2 signaling voice calls may fail when the no modem inout line configuration command is configured.

Workaround: Do not change the modem inout line configuration command. Configure a dial peer with a number that matches the called number if all the other dial peers fail to match so that the calls will not be connected as modem calls.

CSCdw36058

In high traffic conditions, the modem at the other end will receive the hang up signal sooner and the call agent (CA) will deliver the delete connection (DLCX) signal along with the PPP reset signal. This condition causes the circuit to be in the restart mode when the DLCX is received, and the acknowledgement is not send. This condition occurs only in high traffic conditions. There is no workaround.

CSCdw37055

A Cisco AS5800 that is used as a voice gateway may display an assertion failed error message when a voice call is received. There is no workaround.

CSCdw38090

On a Cisco Route Processor Module-PRemium (RPM-PR), transmission segmentation and reassembly (SAR) may reload when virtual circuit (VC) merge is toggled and when traffic is pumped or sitting idle. There is no workaround.

CSCdw38541

When a call is made on an IP phone on Cisco 3660 router that is configured with Foreign Exchange Office (FXO) to an IP phone through a connected Cisco 3640 router and that is configured with Foreign Exchange Station (FXS), the call is dropped immediately after it is transferred and cannot be transferred locally on the Cisco 3660. If the IP phone that is connected to the Cisco 3640 hangs up the call, the destination phone to which the call was transferred to will start ringing. This behavior is also observed on a FXS-FX0 loop start setup that is using Cisco IOS Release 12.2(8)T. There is no workaround.

CSCdw39139

Traceback messages may be displayed if the clear crypto sa global configuration command is issued while there are a large number of tunnels present. There is no workaround.

CSCdw39278

A T.38 call that is placed between a Cisco router that is used as a gateway and a vendor-specific gateway (both of which are configured to a common vendor-specific gatekeeper) fails when Cisco IOS Release 12.2 T is used. This behavior does not occur if Cisco IOS Release 12.2 is used.

Workaround: To correct this condition, configure the Cisco gateway without a gatekeeper.

CSCdw39540

A Cisco Route Processor Module (RPM) may enter the failed state because of a heartbeat failure. There is no workaround.

CSCdw39551

A Cisco 12016 router that has dual Gigabit Route Processors (GRPs) and that is running the gsr-k4p-m image of Cisco IOS Release 12.0(17)ST2 may reload with an address error exception (load or instruction fetch). There is no workaround.

CSCdw40551

When a Simple Network Management Protocol (SNMP) request is generated for Any Transport over Multiprotocol Label Switching (AToM) on a Route Processor Module (RPM), some of the fields on the AToM MIB on the RPM do not work. There is no workaround.

CSCdw40601

Dropped periods may occur in the contact field from the session initiation protocol (SIP) URL. The period (.) is stripped from the user portion. There is no workaround.

CSCdw45120

When Border Gateway Protocol (BGP) Virtual Private Network (VPN) and global routes are withdrawn, the Route Processor (RP) on provider edge (PE) routers should release all memory that is held by the BGP process under an identical and symmetrical configuration scenario on both PE routers. However, one PE router may not release all the memory that is held by the BGP process. An additional 40 MB of memory may be lost from the free memory space of one of the PE routers even though the routes have been completely withdrawn. This behavior may degrade the scalability numbers for VPN significantly. There is no workaround.

CSCdw46065

A Cisco router that is used as a gateway may reload if one of multiple record routes that are received on the gateway is invalid. There is no workaround.

CSCdw46242

The feature switching flag is not "on" when Border Gateway Protocol (BGP) tagging is enabled on a permanent virtual circuit (PVC) bundled interface. There is no workaround.

CSCdw47063

On a Cisco router that is running Cisco IOS Release 12.2(6.8)T2 and that is configured with Internet Key Exchange (IKE), the configuration for the client address does not work with the Information Resource Engineering (IRE) client. There is no workaround.

CSCdw47109

A Cisco DistributedDirector that is running Cisco IOS Release 12.2(6.8)T and Release 12.2(6.8)T2 may fail a memory leak test. There is no workaround.

CSCdw48784

An asymmetric digital subscriber line (ADSL) does not train for the c2420-a2i8k8sv5-mz.122-6.8.T image of Cisco IOS Release 12.2(6.8)T. This condition does not affect the c2420-a2i8k8sv5-mz.122-6.8.T2 image of Cisco IOS Release 12.2(6.8)T2. There is no workaround.

CSCdw50518

The line protocol of a Gigabit Ethernet interface fails to come up, and a user will not be able to use the interface for data or voice traffic. There is no workaround.

CSCdw51501

A HTTP client may reload if it receives a redirect message (message 301 or 302) from the HTTP server. This behavior is observed in Cisco IOS Release 12.2(2)XB and Release 12.2(8)T. There is no workaround.

CSCdw53071

If a second call is made after the first call is completely disconnected (by hanging up the phone instead of using the flash feature to switch between two calls), the second call may fail. There is no workaround.

CSCdw58114

When the event identification (ID) on a router is changed, an event is sent out. The router must then resubscribe to all of its subjects so that the Netsys Service Manager (NSM) can map to the new name. The easiest way to accomplish this task is for the router to disconnect from, and later reconnect to the Tag Information Base (TIB) gate. However, if the event ID is changes during a partial configuration, the configuration completion event may be published on either the new or the old event ID. There is no workaround.

CSCdw58164

When a Route Processor Module (RPM-PR) MIB is accessed by a network management system (NMS), the RPM gives an incorrect Cisco Assigned Numbers Authority (CANA) number for the cevChassisRPmmpr chassis value. There is no workaround.

CSCdw65903

An error can occur with management protocol processing. Use the following URL for further information:

http://www.cisco.com/pcgi-bin/bugtool/onebug.pl?bugid=CSCdw65903

CSCin00780

A network continuity test (COT) that is performed in the netwtest and netwloop modes may fail in Cisco IOS Release 12.2(6.8)T. If the default COT receive tone co1 is received on a connection that is in the netwloop mode, the co1 tone is not echoed back. If a default COT receive tone co2 is received on a connection while the connection is in the netwtest mode, a co1 tone is not sent back. There is no workaround.

CSCin01217

A Cisco 3600 router that is running Cisco IOS Release 12.2(6.8)T2 may not allow the peak cell rate value on an interface that is bundled with more than one ATM T1 interface or more than one ATM E1 interface to be set to a value that is more than the bandwidth of one T1 ATM interface or one E1 ATM interface. There is no workaround.

CSCin01483

The interactive voice response (IVR) 1.0 verb play prompt may fail and return an invalid "call associated" value while the software is attempting to collect digits. This behavior is observed with alternate calls. There is no workaround.

CSCin02454

When Inverse Multiplexing over ATM (IMA) is used on two ATM interfaces that each have 1536KB of bandwidth (ATM 0/0 and ATM0/1), the actual combined bandwidth of 3072KB of the IMA group interface cannot be configured. The maximum peak cell rate (PCR) that can be configured with Cisco IOS Release 12.2(7.5)T is 1536KB. This condition affects only advanced integration module (AIM)-ATM interfaces.

Workaround: Upgrade to Cisco IOS Release 12.2(8)T.

CSCin02715

When distributed Cisco Express Forwarding (dCEF) is enabled on spatial reuse protocol (SRP) IP doing same-interface routing on a Cisco 7500 router, traffic will not be sent out the SRP interface.

Workaround: Change from first-in first-out (FIFO) to priority queueing (PQ).

CSCuk31298

The condition described in this caveat occurs in a setup whereby the call forward busy feature is configured using the Cisco IOS Telephony Service (ITS) on an IP phone (phone A) to a second IP phone (phone B). When a call is made from phone A to another phone (phone C), the call can be answered normally. When a second call is placed from another phone to phone A via a loopback-directory number (loopback-dn), the call is forwarded to phone B. As this call is received, the original call is incorrectly cleared by the node on phone C while the call is still shown as "up" on phone A. When this condition occurs, phone A is no longer able to place or receive calls and has to be powered down to be restored to working condition.

Workaround: This condition affects only the first IP phone in the internal control table on the router. The first IP phone is typically indicated as "ephone 1" when the show ephone EXEC command is issued.

To prevent this condition from occurring when the router is operating in the ITS mode, add a dummy phone entry as the first IP phone or "ephone 1" in the internal control table on the router to prevent an active phone from being listed as the first IP phone in the internal control table of the router. Reload the router to ensure that the dummy phone occupies the first position in the control table. There is currently no workaround to this condition if the router is operating in the Survivable Remote Site Telephony (SRST) mode (call manager fall back).

Wide-Area Networking

CSCdv21165

Spurious memory access traceback messages may be observed when the session-limit feature is configured for Layer 2 Tunneling Protocol (L2TP) tunnels. There is no workaround.

CSCdv70150

In a Layer 2 Tunneling Protocol (L2TP) dialout setup, data packets are transmitted with the incorrect encapsulation. This behavior occurs if Multilink PPP (MLP) is not configured on a virtual home gateway (VHG)/provider edge (PE) router that supports Multiprotocol Label Switching (MPLS) and Virtual Private Network (VPN).

Workaround: Configure multilink on the dialer profile on the VHG/PE router.

CSCdw06113

A Cisco router may display spurious memory access messages when Layer 2 Tunneling Protocol (L2TP) Large Scale Dialout (LSDO) support is configured for Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs). There is no workaround.

CSCdw11757

Authentication, authorization, and accounting (AAA) may send two STOP records when AAA fails to authenticate the user on a PPP call. There is no workaround.

CSCdw13813

Only one Layer 2 Tunneling Protocol (L2TP) tunnel is established to the L2TP network server (LNS) when two tunnel services are configured with different tunnel identifications (Cisco AV pair attribute vpdn:tunnel-id, Internet Engineering Task Force [IETF] AV pair attribute Tunnel-Client-Auth-Id) but share the same home gateway IP address.

This condition occurred in a network in which two virtual private dial-up network (VPDN) groups are defined in an authentication, authorization, and accounting (AAA) database and share the same LNS host IP address, but have different tunnel identifications and contain no VPDN group attributes (Cisco AV pair attribute vpdn:vpdn-group, IETF AV pair attribute Tunnel-Assignment-Id).

With this configuration, if the Service Selection Gateway (SSG) opens one connection to each of these services, both of the L2TP sessions will come up on the same tunnel. Instead, two tunnels should be established with one L2TP session for each tunnel.

Workaround: Configure different VPDN group attributes in the AAA profile by entering the vpdn:vpdn-group=group-name Cisco AV pair attributes in the RADIUS service profile.

Alternate workaround: Configure different home gateway IP addresses for the two services if two tunnels are required (even if both IP addresses are on the same router) by entering the vpdn:ip-address=address1 Cisco AV pair attributes in the RADIUS service profile.

CSCdw22072

In Cisco IOS Release 12.2(5.7)T, the virtual-profile if-needed global configuration command that is used to disable a virtual access interface for modem calls does not work. There is no workaround.

CSCdw40164

When a Layer 2 Tunneling Protocol (L2TP) access concentrator (LAC) (for dial-in) or an L2TP network server (LNS) (for dial-out) attempts to set up an alternate peer, the attempt may fail after the start control connect request (SCCRQ) is sent. There is no workaround.

CSCdw45057

A variety of authentication, authorization, and accounting (AAA)-based functions may not work with virtual private dial-up network (VPDN), and Layer 2 Tunneling Protocol (L2TP) tunnels will not be established. When this condition occurs, start records may not sent correctly for multihop and authentication may not occur. There is no workaround.

CSCdw45622

In a Layer 2 Tunneling Protocol (L2TP) dial-out scenario, data that is returned may be corrupted. There is no workaround.

CSCdw51975

On a Cisco 7500 router, Distributed Link Fragmentation and Interleaving (DLFI) does not have the proper flag set in the fr_flags field in the paktype_ structure. There is no workaround.

CSCdw59858

A Cisco router that is used to aggregate PPP sessions may reload after one hundred days of uptime. There is no workaround.

Resolved Caveats—Cisco IOS Release 12.2(4)T7

Cisco IOS Release 12.2(4)T7 is a rebuild release for Cisco IOS Release 12.2(4)T. The caveats in this section are resolved in Cisco IOS Release 12.2(4)T7 but may be open in previous Cisco IOS releases.

CSCea02355

Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.

Cisco has made software available, free of charge, to correct the problem.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml

Resolved Caveats—Cisco IOS Release 12.2(4)T6

Cisco IOS Release 12.2(4)T6 is a rebuild release for Cisco IOS Release 12.2(4)T. The caveats in this section are resolved in Cisco IOS Release 12.2(4)T6 but may be open in previous Cisco IOS releases.

CSCdu53656

A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.

Cisco has made free software available to address this problem. For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.

CSCdx76632

Symptoms: A Cisco AS5300 that is functioning as a voice gateway may reload because of an incoming bus error exception.

Conditions: This symptom is observed on a Cisco AS5300 that is running Cisco IOS Release 12.2(6d).

Workaround: There is no workaround.

CSCdx77253

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCdz71127

Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.

Cisco has made software available, free of charge, to correct the problem.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml

CSCea02355

Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.

Cisco has made software available, free of charge, to correct the problem.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml

CSCea32240

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCea27536

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCea28131

A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.

Cisco has made free software available to address this problem. For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.

CSCea33065

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCea36231

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCea46342

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCea51030

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCea51076

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

CSCea54851

Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.

Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).

There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.

This advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.

Resolved Caveats—Cisco IOS Release 12.2(4)T5

Cisco IOS Release 12.2(4)T5 is a rebuild release for Cisco IOS Release 12.2(4)T. The caveats in this section are resolved in Cisco IOS Release 12.2(4)T5 but may be open in previous Cisco IOS releases.

CSCdz60229

Cisco devices which run IOS and contain support for the Secure Shell (SSH) server are vulnerable to a Denial of Service (DoS) if the SSH server is enabled on the device. A malformed SSH packet directed at the affected device can cause a reload of the device. No authentication is necessary for the packet to be received by the affected device. The SSH server in Cisco IOS is disabled by default.

Cisco will be making free software available to correct the problem as soon as possible.

The malformed packets can be generated using the SSHredder test suite from Rapid7, Inc. Workarounds are available. The Cisco PSIRT is not aware of any malicious exploitation of this vulnerability.

This advisory is available at

http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml

Resolved Caveats—Cisco IOS Release 12.2(4)T3

Cisco IOS Release 12.2(4)T3 is a rebuild release for Cisco IOS Release 12.2(4)T. The caveats in this section are resolved in Cisco IOS Release 12.2(4)T3 but may be open in previous Cisco IOS releases.

CSCdt30297

The dialin remote access to a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) service solution may experience some problems with a static route that is coming from the AAA server through the use of Cisco VSA pairs. When the Cisco AV-pair does not specify the next hop, the parsing of the route command fails even though the next hop IP address should be the negotiated IP address with the peer.

Workaround: Use a fixed IP address on the dialin connection and specify this IP address as the next hop in the Cisco AV-pair syntax for the static route.

CSCdt60335

Calls cannot be passed from a Cisco 3640 router to a private branch exchange (PBX). In this situation, the digital signal processor (DSP) does not release each time a channel a seized. There is no workaround.

CSCdu74428

A PPP over Ethernet (PPPoE) client router may reload when traffic passes through the PPPoE client. In this situation, the traceback shows that the reload occurs in ip_fastswitch_wrapper(). There is no workaround.

CSCdu76635

The output of the show diag privileged EXEC command may not provide the correct packet voice/data module (PVDM) information. There is no workaround.

CSCdu79513

If traffic is sent at a rate that is close to the line rate on a Cisco 2611 router, packets are dropped and the WAN interface card (WIC) stops transmission. The hardware must be reset to resume normal operation. There is no workaround.

CSCdu81936

An ARP packet received by the router that has the router's own interface address but with a different MAC address can overwrite the router's own MAC address in the ARP table, causing that interface to stop sending and receiving traffic. This attack is successful only against interfaces on the Ethernet segment that is local to the attacking host.

The workaround for this vulnerability is to hard-code the interface's ARP table entry by using the arp ip-address hardware- address type [alias] command. This entry will remain in the ARP table until the clear arp command is issued.

Please refer to the advisory at:

http://www.cisco.com/warp/public/707/IOS-arp-overwrite-vuln-pub.shtml


Note This vulnerability does *NOT* apply to switches running Cisco CatOS software, only to switches running Cisco IOS software.


CSCdv12873

A Voice over IP (VoIP) gateway that is running Cisco IOS Release 12.2(3.5)T and used as an originating gateway may reload when making calls to a terminating gateway that is running a Cisco IOS release that is earlier than Release 12.2(3.5)T. This condition occurs under a heavy load when there are call failures and if the calls are released by the originating gateway. This condition does not occur if the calls are released by the terminating gateway.

Workaround: Use Cisco IOS Release 12.2(5.4)T or a later release.

CSCdv24983

Authorization may fail in certain Large Scale Dialout (LSDO) cases. There is no workaround.

CSCdv34857

In a Multiprotocol Label Switching (MPLS) inter-as test, a ping from a provider edge (PE) router to a customer edge (CE) router may fail after the path between the two routers is shut down. The tag labels for the destination address in the Border Gateway Protocol (BGP) and the Cisco Express Forwarding (CEF) tables on the PE router do not match.

Workaround: Issue the no ip route prefix mask global configuration command for the entry that has mismatching labels in both the BGP and CEF tables.

CSCdv37118

A Cisco router that is running Cisco IOS Release 12.2(3) and that is configured with Multiprotocol Label Switching (MPLS), Multilink PPP, and Cisco Express Forwarding (CEF) may record spurious memory accesses and log the following messages:

Router# show log

%ALIGN-3-SPURIOUS: Spurious memory access made at 0x60D8382C reading 0x0 %ALIGN-3-TRACE: -Traceback= 60D8382C 603CC6EC 6035DB70 00000000 00000000 00000000 00000000 00000000

%ALIGN-3-TRACE: -Traceback= 60D8382C 603D111C 6035DB70 00000000 00000000 00000000 00000000 00000000

Router# show align

Alignment data for: RSP Software (RSP-JSV-M), Version 12.2(3), RELEASE SOFTWARE (fc1) Compiled Wed 18-Jul-01 22:17 by pwade No alignment data has been recorded.

Total Spurious Accesses 42987261, Recorded 39

Address Count Traceback 0 51527 0x60E6EE50 0x603BB440 0x6035DB70 0 63069

0x60E6F544 0x603BB440 0x6035DB70 0 29961 0x60E6F544 0x603C9A78 0x6035DB70 0

60000 0x60E6F544 0x603C01D0 0x6035DB70 0 62938 0x60E6F544 0x603C4CE4 0x6035DB70

...

The effect on the router is poor performance and high CPU utilization, even when there is little traffic. There is no workaround.

CSCdv46312

A Cisco router may reload when the no tag-switching ip interface configuration command is configured on an interface that has the tag-switching ip interface configuration command enabled on its subinterfaces. There is no workaround.

CSCdv46476

In Cisco IOS Release 12.2(5.2)PI and Release 12.2(5.4)T, the access request reports only attribute 31 and contains both the Calling Line ID (CLID) and the dialed number identification service (DNIS). The access request is altered against what is specified in the RFC, which specifies that attributes 30 and 31 are used for reporting information on the DNIS and the CLID. This condition occurs only on a Layer 2 Tunneling Protocol (L2TP) network server (LNS) when PPP user sessions that are forwarded over an L2TP tunnel are authenticated. There is no workaround.

CSCdv48261

The Cisco IOS Firewall Feature set, also known as Cisco Secure Integrated Software, also known as Context Based Access Control (CBAC), and introduced in Cisco IOS Release 11.2P, has a vulnerability that permits traffic normally expected to be denied by the dynamic access control lists.

This vulnerability is documented as Cisco Bug ID CSCdv48261.

No other Cisco product is vulnerable.

There is no workaround.

This advisory is available at:

http://www.cisco.com/warp/public/707/IOS-cbac-dynacl-pub.shtml

CSCdv51676

The order of a cyclic redundancy check (CRC) reject flag and a redundancy enable flag is reversed. If redundancy is not set and if CRC reject is enabled, the relayed dual tone multifrequency (DTMF) digit is not properly sent to a digital signal processor (DSP). There is no workaround.

CSCdv53345

In Cisco IOS Release 12.2(0.2)T and later releases, if PPP over ATM is forwarded over a virtual private dial-up network (VPDN) tunnel to a Layer 2 Tunnel Protocol (L2TP) network server (LNS) and if a permanent virtual circuit (PVC) on an L2TP access concentrator (LAC) is removed from the ATM interface while the sessions are up, the same virtual access interface cannot be used to forward another session over the tunnel after the virtual access interface is recycled.

Workaround: To avoid this condition, clear the VPDN session before removing the PVC from the ATM interface.

CSCdv57640

When a virtual-template interface is configured for IP virtual routing and forwarding (VRF) in a Layer 2 Tunnel Protocol (L2TP) dial-in setup, only about 50 percent of the data packets are able to make it across the tunnel. This condition occurs only when Multilink PPP (MLP) is used.

Workaround: Disable the ip route-cache cef interface configuration command on the virtual template interface to allow all packets to go through.

CSCdv62106

Commands related to Frame Relay cannot be entered on the command-line interface (CLI) after the router is reloaded. This condition occurs after the encapsulation frame-relay interface configuration command is configured on the interface.

Workaround: To recover from this condition, reconfigure the encapsulation frame-relay interface configuration command.

CSCdv62549

The Multiprotocol Label Switching (MPLS) tags that are associated with a virtual private network (VPN) (vrf x.y.z.w) and a default route (0.0.0.0) are inconsistent between the main Cisco Express Forwarding (CEF) table and the distributed CEF (dCEF) table on the outbound Versatile Interface Processor (VIP) card.

Workaround: To recover from this condition, enter the clear ip route vrf vrf-name EXEC command.

CSCdv77513

A Cisco 7500 series router that is running Cisco IOS Release 12.2 with a Channelized T3 (CT3) single wide port adapter on a Versatile Interface Processor (VIP2-50 or VIP4-50) may experience a VIP reload. There is no workaround.

CSCdv78855

Under certain conditions, public buffer pools on a Cisco 805 router are not grown dynamically.

Workaround: To create the buffers statically, use the buffers verybig permanent number global configuration command.

CSCdw65903

An error can occur with management protocol processing. Please use the following URL for further information:

http://www.cisco.com/pcgi-bin/bugtool/onebug.pl?bugid=CSCdw65903

Resolved Caveats—Cisco IOS Release 12.2(4)T1

Cisco IOS Release 12.2(4)T1 is a rebuild release for Cisco IOS Release 12.2(4)T. The caveats in this section are resolved in Cisco IOS Release 12.2(4)T1 but may be open in previous Cisco IOS releases.

CSCdt04761

A provider edge (PE) router may reload while it is switching traffic if the Label Distribution Protocol (LDP) label becomes unavailable.

This condition occurs:

If the router is functioning as an autonomous system boundary router (ASBR) in a interAS virtual private network (VPN) environment.

or

If the router is functioning as a PE router in a Multiprotocol Label Switching (MPLS) VPN environment.

This condition is triggered when the no mpls ip interface configuration command is entered on the router or a connected neighbor or if a LDP or Tag Distribution Protocol (TDP) is lost.

This condition affects Cisco IOS Release 12.1(5)T, earlier versions of Cisco IOS Release 12.2 and 12.2 T, and all platforms that support the MPLS VPN PE functionality.

CSCdt71082

A Cisco 7200 series router that is using any DS3 port adapter (PA) may experience line flaps at high rates of traffic and display the following message:

MUESLIX-1-HALT: Mx serial: Serial6/0 TPU halted: cause 0x3 status 0x00371A00

There is no workaround.

CSCdv22621

Disconnecting and reconnecting a cable to a Packet over SONET (PoS) port adapter on a Cisco 7206 VXR router, while the PoS interface is in a shutdown state, might cause the router to display a line remote defect indicator (LRDI) alarm when the show controllers pos command is entered on the router. Under normal circumstances, the cables would not be disconnected and reconnected unless there is a change in the configuration of the router. The alarm does not affect communication between PoS port adapters. This problem does not occur when the router is in the "no shutdown" state.

Workaround: Enter the no shutdown command for the PoS port adapter that is causing the alarm. If the alarm persists, enter the following commands beginning in global configuration mode:

Router# configure terminal

Router(config)# interface pos slot/port

Router(config-if)# pos ais-shut

Router(config-if)# shutdown

Router(config-if)# no shutdown

Router(config-if)# end

This alarm does not affect communication between the POS port adapters. Under normal circumstances, the cables are not repeatedly disconnected and reconnected.

CSCdv29315

If a traffic engineering (TE) tunnel is configured between two provider edge (PE) routers and if the Label Distribution Protocol (LDP) or Tag Distribution Protocol (TDP) is configured on the tunnel, it is not possible to establish an end-to-end virtual private network (VPN) connection between the two PE routers. There is no workaround.

CSCdv32499

In an inter-autonomous system (InterAS) setup, the Tag Forwarding Information Base (TFIB) entry for the external Border Gateway Protocol (eBGP) virtual private network version 4 (VPNv4) neighbor on the demilitarized zone (DMZ) link does not get installed in the Multiprotocol Label Switching (MPLS) forwarding table. This condition will cause a loss of connectivity for VPN traffic between the two customer edge (CE) routers. There is no workaround.

CSCdv34997

End-to-end virtual private network connectivity does not work when a traffic engineering (TE) tunnel is configured between two provider edge (PE) routers. This caveat entry corrects the setup that does not have the Tag Distribution Protocol (TDP) or the Label Distribution Protocol (TDP) configured on the tunnel.

Workaround: Use an earlier image such as the gsr-p-mz.120-17.ST3 of Cisco IOS Release 12.0(17)ST3 on the PE router or remove the tunnel mpls traffic-eng autoroute announce interface configuration command from the tunnel interface and use a static route through the tunnel instead.

CSCdv44080

An interface may reappear in a Processor Switch Module (PXM) database during a periodic bulk update after the interface is deleted from the Router Processor Module (RPM). This condition occurs because the periodic bulk update that is sent every two hours from the RPM to the PXM updates the database with incorrect information. This inconsistency is seen also on the Cisco WAN Manager (CWM) port table. There is no workaround.

CSCdv45322

Once a call has been placed through a BRI interface on a Cisco 3600 series router, no more calls can be placed until the 'clear interface x/y' command has been entered. The output of the 'debug dialer' command shows the following message being displayed as the router attempts to place a dial-on-demand routing (DDR) call:

00:12:32.127: Di0: No free dialer - starting fast idle timer.

This condition affects basic-net3 on all platforms and is present in Cisco IOS Release 12.1(10), 12.2(5) and 12.2(4)T. There is no workaround.

CSCdv53315

A Cisco router that is running Cisco IOS release 12.2(4)T or later may return a maximum transmission unit (MTU) of 65532 in the Internet Control Message Protocol (ICMP) "fragmentation needed, but df bit set" message. This defect might occur in a configuration where fragmentation is needed for a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) Provider Edge (PE) router, and the core router has load sharing is enabled. This defect will adversely affect MTU discovery. There is no workaround.

CSCdv57629

In an inter-autonomous system (InterAS) setup, the TFIB entry for the external Border Gateway Protocol (eBGP) virtual private network version 4 (VPNv4) neighbor on the demilitarized zone (DMZ) link does not get installed in the Multiprotocol Label Switching (MPLS) forwarding table. This condition may cause a loss of connectivity for traffic that is sent between two routers that are connected through the setup. There is no workaround.

Resolved Caveats—Cisco IOS Release 12.2(4)T

All the caveats listed in this section are resolved in Cisco IOS Release 12.2(4)T. This section describes only severity 1, severity 2, and select severity 3 caveats.

The following information is provided for each caveat:

Symptoms: A description of what is observed when the caveat occurs.

Conditions: The conditions under which the caveat has been known to occur.

Workaround: Solutions, if available, to counteract the caveat.

Basic System Services

CSCds73098

Symptoms   Dual-tone multifrequency (DTMF) digits may be clipped on permanent voice trunks that use idle channel suppression to save bandwidth between calls. Clipped DTMF digits may not be recognizable by an attached PBX or voice switch.

Conditions   The conditions under which this symptom occurs are not known at this time.

Workaround   Ensure that DTMF digit duration is sufficiently long (such as 60 to 80 microseconds).

Alternate Workaround   Delay the wait period for DTMF digits to be transmitted after seizing a channel.

CSCdt93370

Symptoms   Memory allocation failures may occur on a Cisco MC3810.

Conditions   This symptom is observed after the Cisco MC3810 has been running for about 1 hour and 45 minutes.

Workaround   There is no workaround.

CSCdu04085

Symptoms   A Cisco 7200 series router may reload.

Conditions   This symptom is observed when you remove a service policy from a tag switching subinterface.

Workaround   There is no workaround.

CSCdu07504

Symptoms   A Cisco router may reload because of a software condition when you enter the show voice dsp EXEC command. The following message is displayed when you enter the show version EXEC command:

<router name> uptime is 10 minutes
System returned to ROM by error - software forced crash, PC 0x2242AC
System image file is <file name>

Conditions   This symptom is observed on a Cisco router that is running Cisco IOS Release 12.1(5)XM2 but may also occur in other releases such as Release 12.2 T.

Workaround   There is no workaround.

CSCdu43689

Symptoms   If the user profile has more than 600 bytes of configuration information, the Per-User attributes are not processed, which results in rejecting the user.

Conditions   This symptom occurs because the Per-User Request buffer is limited to 600 bytes.

Workaround   There is no workaround.

CSCdu65104

Symptoms   A Cisco MC3810 may reload when it is sending B-channel signaling through Voice over Frame Relay (VoFR) with common channel signaling (CCS) frame forwarding enabled.

Conditions   This symptom is observed on a Cisco MC3810 that is running Cisco IOS Release 12.2(2)T.

Workaround   There is no workaround.

CSCdu65170

Symptoms   A router may reload at the "shutdown coming up" process because of a software condition.

Conditions   This symptom is observed during a switching test.

Workaround   There is no workaround.

CSCdu68363

Symptoms   A policy rule that is applied on an ATM tag-switching subinterface does not function.

Conditions   This symptom is observed on but may not be limited to a Cisco 7200 series router.

Workaround   There is no workaround.

CSCdu68993

Symptoms   A bus error may occur on a Cisco router, and the router may reload.

Conditions   This symptom is observed when a Remote Monitoring (RMON) event triggers a Simple Network Management Protocol (SNMP) trap.

Workaround   Do not use RMON events that send traps; use logging events only.

CSCdu70514

Symptoms   When you enter the show aaa session hidden command on an access server, the access server may reload.

Conditions   This symptom is observed while there are active sessions on the access server.

Workaround   There is no workaround.

CSCdu74728

Symptoms   No accounting records are generated for outbound Telnet sessions.

Conditions   This symptom is observed after connection accounting is configured.

Workaround   There is no workaround.

CSCdu76530

Symptoms   The FRF.8 ATM permanent virtual circuit (PVC) may go down.

Conditions   This symptom is observed when a user reloads an external router that is connected to a Cisco MC3810.

Workaround   To enable the FRF.8 ATM PVC to come up again, reload the Cisco MC3810.

CSCdv02732

Symptoms   A router may reload unexpectedly after the aaa accounting global configuration command is enabled for use with TACACS+ and the configure network privileged EXEC command is entered.

Conditions   This symptom is observed on a router that is running Cisco IOS Release 12.2(4)T or a later release.

Workaround   There is no workaround.

CSCdv04225

Symptoms   On a router, a network access server (NAS) may fail to communicate with TACACS+ for peer authentication. The router login does not work when the router is reloaded after TACACS+ is enabled and saved into the startup configuration.

Conditions   This symptom is observed on a Cisco 800 series router.

Workaround   Enter the aaa authentication ppp default local global configuration command to change the default PPP authentication method to local in order to bypass the authentication process via TACACS+.

CSCdv22426

Symptoms   When a Point-to-Point over X Protocol (PPPoX) call type is used on a Layer 2 Tunneling Protocol (L2TP) access concentrator (LAC), an L2TP network server (LNS) always sends out a "0" as the NAS-PORT value to a RADIUS server.

Conditions   This symptom is observed when the vpdn aaa attribute nas-port vpdn-nas global configuration command is enabled on the LNS to send PPP extended NAS-PORT format values to the RADIUS server for accounting.

Workaround   Enable the radius-server attribute nas-port format d EXEC command on the LNS.

IBM Connectivity

CSCdu54722

Symptoms   Data-link switching (DLSw) peers fail to come up.

Conditions   This symptom is observed after logical link control (LLC) traffic is started. This condition exists on all platforms.

Workaround   There is no workaround.

Interfaces and Bridging

CSCdu00743

Symptoms   The Spanning Tree Protocol (STP) may disable an ATM port, and the following error message is generated:

Port 6 (ATM1/0.1) of Bridge group 1 is broken (Port Type Mismatch)
  Port path cost 14, Port priority 128, Port Identifier 128.6.
  Designated root has priority 32768, address 0000.0c04.3aec
  Designated bridge has priority 32768, address 0000.0c04.3aec
  Designated port id is 128.6, designated path cost 0
  Timers: message age 0, forward delay 10, hold 0
  Number of transitions to forwarding state: 0
  BPDU: sent 7357, received 12979

%SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking ATM1/0.1 on Bridge group 1. Port consistency restored.
  PVST+:Inconsistency timer expired. inconsistency 0

Conditions   This symptom is observed on a Cisco 7200 series router when a Per-VLAN-Spanning-Tree plus (PVST+) packet comes through.

Workaround   There is no workaround.

CSCdu49000

Symptoms   Frame Relay Traffic Shaping (FRTS) does not function on a 1-port Packet-over-SONET OC-3c port adapter (PA-POS-OC3).

Conditions   This symptom is observed on a PA-POS-OC3 that is installed in a Cisco 7200 series router in the following test topology:

A third-party traffic generator at the transmitting end is connected over a Fast Ethernet link to a customer edge (CE) router in which the PA-POS-OC3 is installed and FRTS is configured. The CE router is connected over the Packet-over-SONET OC-3 link to a provider edge (PE) router, which is connected over a Fast Ethernet link to a third-party traffic generator at the receiving end.

FRTS is set to 1 Mbps. The traffic generator at the transmitting end sends 100-Mbps traffic, and the traffic generator at the receiving end receives more or less 100 Mbps.

Workaround   There is no workaround.

IP Routing Protocols

CSCds70407

Symptoms   An advertise map may deny some components for the generation of an autonomous system path. The autonomous system path information may not be consistent with the advertise map.

Conditions   This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2 T or a later release, that has Border Gateway Protocol (BGP) enabled, and that has the aggregate-address address mask advertise-map map-name address family or router configuration command enabled.

Workaround   There is no workaround.

CSCds84987

Symptoms   Enhanced Interior Gateway Routing Protocol (EIGRP) may reload because of a bus error exception.

Conditions   This symptom is observed when you use the show ip eigrp events command, the event log has the "xmit" log type enabled, and the event log displays stuck in active (SIA) reply messages.

Workaround   Do not enable the "xmit" log type for the event log.

CSCdt49069

Symptoms   A Cisco router that is running the Border Gateway Protocol (BGP) may reload.

Conditions   This symptom is observed when the aggregate-address address mask as-set router configuration command is enabled.

Workaround   There is no workaround.

CSCdt54823

Symptoms   The show ip bgp network network-mask shorter-prefixes mask-length privileged EXEC command does not display the parent routes of the routes listed under the show ip bgp injected-paths EXEC command.

The show ip bgp network network-mask shorter-prefixes mask-length privileged EXEC command should display the learned prefixes that have a longer mask than the maximum length, but shorter than the specified mask for the prefix.

Conditions   This symptom is observed when the conditional route injection feature is enabled.

Workaround   Do not enable the conditional route injection feature.

CSCdt79945

Symptoms   An injected route inherits the attributes of the received-only route instead of the attributes of the received and used route.

Conditions   This symptom is observed when the neighbor {ip-address | peer-group-name} soft-reconfiguration inbound router configuration command is enabled.

Workaround   Do not enable the neighbor {ip-address | peer-group-name} soft-reconfiguration inbound router configuration command on the Border Gateway Protocol (BGP) peer to enable the route-refresh to effect the change in configured policy.

CSCdu47931

Symptoms   A Virtual Private Network version 4 (VPNv4) path may disappear from a Border Gateway Protocol (BGP) table.

Conditions   This symptom is observed after a route has been added to a VPN routing/forwarding instance (VRF). The associated locally sourced VPNv4 path may appear in the Border Gateway Protocol (BGP) table, but the path may disappear within 15 seconds. The path may disappear whether or not the route is advertised by BGP because of a network statement or because of a redistribution.

Workaround   There is no workaround.

CSCdu49076

Symptoms   Multicast Border Gateway Protocol (MBGP) prefixes may show up in the IP routing table.

Conditions   The conditions under which this symptom occurs are not known at this time.

Workaround   There is no workaround.

CSCdu74704

Symptoms   High CPU utilization may occur for a "BGP Router" process on a Cisco 7200 series or Cisco 7500 series router when the router is configured for exterior Border Gateway Protocol (eBGP) peering and the next hop becomes unreachable (for example, when an interface to an external peer is shut down).

Conditions   This symptom is observed on a Cisco 7200 series or Cisco 7500 series router that is running Cisco IOS Release 12.2(2)T and occurs only when the router must send a large number of withdrawn routes to other peers because the next hop is unreachable.

Workaround   There is no workaround.

Miscellaneous

CSCdr92137

Symptoms   You may be able to use the shut DSP configuration command on a voice port that corresponds to a DS0 group with null signaling. This is incorrect behavior; the shut DSP configuration command should not be used.

Conditions   This symptom is observed on any voice platform that is running Cisco IOS Release 12.2(4)T or an earlier release.

Workaround   Instead of the shut DSP configuration command, use the busyout port configuration command on a voice port that corresponds to a DS0 group with null signaling.

CSCds47237

Symptoms   An interface may go down and come back up again.

Conditions   This symptom is observed when there is only one bundle present on an interface and the bundle is removed.

Workaround   There is no workaround.

CSCds48812

Symptoms   A loopback route on a Virtual Private Network (VPN) routing/forwarding instance (VRF) may not be removed from the Cisco Express Forwarding (CEF) table.

Conditions   This symptom is observed after you enter the import map VRF configuration submode command.

Workaround   Use the clear ip route vrf vrf-name * EXEC command to remove the /32 receive entry from CEF.

CSCds49599

Symptoms   The ciscoEnvMonShutdownNotification trap may not be sent.

Conditions   This symptom is observed before a Cisco uBR7200 series router shuts down.

Workaround   There is no workaround.

CSCds56041

Symptoms   The chassis card table (cardTable) of OLD-CISCO-CHASSIS-MIB.my may not be populated. The functionality of the Cisco View package may be affected.

Conditions   These symptoms are observed on a Cisco 2600 series router.

Workaround   There is no workaround.

CSCds56576

Symptoms   The rpmrscprtn command may fail to send a resource partition to a Cisco 8000 series MGX Processor Switch Module (PXM).

Conditions   This symptom is observed when a new Cisco 8000 series MGX Route Processor Module (RPM) is plugged into an empty slot, and the router is rebooted.

Workaround   Manually configure the resource partition.

CSCds64619

Symptoms   Packets of all permanent virtual circuits (PVCs) may be dropped from an ingress interface. Open Shortest Path First (OSPF) hello packets may be among the packets that are dropped, causing the OSPF neighbor adjacency to go down periodically.

Conditions   This symptom is observed when traffic is sent via one or more egress PVCs that are severely oversubscribed and when some of the PVCs are congested and send traffic above their configured peak cell rate (PCR) values. The more severe the congestion, the faster the symptom occurs.

Workaround   Configure the PCR values on the egress PVCs in such a way that the egress PVCs can handle incoming traffic. Use traffic policing to prevent oversubscription of the egress PVCs.

CSCds64781

Symptoms   When you enter the delred card-level redundancy command on redundant Route Processor Modules (RPMs), the RPM that previously served as the secondary card may come up with the same configuration as the RPM that previously served as the primary card.

Conditions   This symptom is observed when the following sequence of commands occurs:

You enter the addred card-level redundancy command on the redundant RPMs without the presence of the "auto_config_slot" file for the secondary RPM.

You enter the write memory EXEC command while the secondary RPM is active.

You enter the delred card-level redundancy command on the redundant RPMs.

Workaround   Before you enter the addred card-level redundancy command on the redundant RPMs, save the configuration of the secondary Processor Switch Module (PXM) in the "auto_config_slot" file.

CSCds67983

Symptoms   A Cisco 7500 series router with a Fast Ethernet Interface Processor 2 (FEIP2) may stop forwarding traffic after displaying several errors, such as the following:

%DEC21140-5-LATECOLL: FastEthernet0/0 transmit error

However these errors are shown on the Versatile Interface Processor (VIP) console and are not visible on the Route Switch Processor (RSP) console. After a while, an output-stuck or output-frozen condition may occur on the Fast Ethernet interfaces.

Conditions   This symptom is observed when a mismatch occurs between the peer and the duplex option.

Workaround   Keep the similar duplex (full/half) settings on the interfaces connected back-to-back.

CSCds78695

Symptoms   When two routers are connected to each other via distributed Multilink PPP (dMLP), a mismatch sequence number may be displayed when the show ppp multilink EXEC command is entered on both routers. In this situation, the controller and interfaces are up, but packets cannot get through the multilink interfaces.

Conditions   This symptom is observed in a dMLP configuration.

Workaround   Disable dMLP.

CSCds80093

Symptoms   Call Tracker and Simple Network Management Protocol (SNMP) may display incorrect accounting session IDs when compared to the IDs that are received in the "acct-session-id" attribute (44) of the authentication records. This situation does not impact functionality.

Conditions   This symptom is observed on a Cisco AS5300 that is running Cisco IOS Release 12.1(5) but may also occur in other releases such as Release 12.2 T.

Workaround   There is no workaround.

CSCdt15888

Symptoms   When a create connection (CRCX) request is sent with an S:D option with any digit (for example, S:D/1 or S:D/3), the Voice Telephony Service Provider (VTSP) is not able to send the digit.

Conditions   This symptom is observed on a Cisco AS5300 that is running Cisco IOS Release 12.2 T.

Workaround   There is no workaround.

CSCdt20090

Symptoms   A Cisco CVA122 series cable voice adapter may not scan all of the frequencies in the European channel plan. The Data-Over-Cable Service Interface Specifications (DOCSIS) require that when a DOCSIS cable modem is attached to a cable network, it must search the downstream channel for an available frequency.

Conditions   This symptom is observed when the Cisco CVA122 series starts its downstream frequency scan with the United States channel plan, and when that fails, it uses the European channel plan. When this plan also fails, the Cisco CVA122 series then begins an exhaustive search of all available DOCSIS downstream frequencies. However, the Cisco CVA122 series does not scan all of the frequencies in the European channel plan, so when it is used on a plant that has the Eurochannel plan, it can take a significantly longer time before the Cisco CVA122 series discovers the correct frequency.

Workaround   There is no workaround.

CSCdt23554

Symptoms   "MTUMISMATCH" warning messages may be logged.

Conditions   This symptom is observed when ATM Address Resolution Protocol (ARP) is used and a a maximum transmission unit (MTU) mismatch occurs.

Workaround   There is no workaround.

CSCdt25466

Symptoms   A Cisco 3600 series router may generate tracebacks during the bootup process when the pri-group controller configuration command is enabled in the startup configuration.

Conditions   This symptom is observed on a Cisco 3620 router and a Cisco 3640 router that are running Cisco IOS Release 12.2(2)T and that are configured with a Digital T1/E1 Packet Voice Trunk network module.

Workaround   Enable the pri-group controller configuration command after the bootup process.

CSCdt25730

Symptoms   A Cisco router that has IP header compression configured on a PPP-over-ATM (PPPoA) interface may reload.

Conditions   This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(2)T under heavy traffic conditions.

Workaround   Disable IP header compression on the interface using the no ip rtp header-compression interface configuration command or the no ip tcp header-compression interface configuration command, or using both commands.

CSCdt32273

Symptoms   Digits may be missing or bursts may occur.

Conditions   These symptoms are observed when strings of digits are sent using H.245 alphanumeric dual tone multifrequency (DTMF) relay.

Workaround   Use H.245 signaling DTMF relay, with on and off times set to 100 ms.

CSCdt42948

Symptoms   The voice-class busyout voice-class-tag pri-group controller configuration command is missing and cannot be configured.

Conditions   This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(1)XA but may also occur in other releases such as Release 12.2 T.

Workaround   There is no workaround.

CSCdt49428

Symptoms   An endpoint may enter a transient state, and error message "401" may be generated.

Conditions   This symptom is observed on a Cisco router that functions as an endpoint and that has Media Gateway Control Protocol (MGCP) configured. A delete connection (DLCX) message from a call agent may resolve the transient state and enable the endpoint to function normally.

Workaround   If the DLCX message does not resolve the situation, reset the MGCP application by entering the no mgcp global configuration command (which will terminate all calls) followed by the mgcp global configuration command. If resetting the Media Gateway Control Protocol (MGCP) application still does not resolve the situation, reload the router.

CSCdt51794

Symptoms   When a WAN interface card (WIC) is present in slot 0, configuration commands that are sent to the serial WIC in slot 0 or to a Fast Ethernet Combination Port Module may not work. The command-line interface (CLI) accepts the command entry, but the configuration fails to show up when the show run interface serial EXEC command is entered.

Conditions   This symptom is observed on a Cisco 3600 series router.

Workaround   There is no workaround.

CSCdt59350

Symptoms   X.25 encapsulation may not work on interfaces of a Fast Ethernet network module (NM-xFE2W).

Conditions   This symptom is observed when the NM-xFE2W is installed in a Multicast Address Resolution Server (MARS) platform.

Workaround   There is no workaround.

CSCdt60026

Symptoms   A connection trunk may come up and go down continuously.

Conditions   This symptom is observed on a Cisco 2600 series or Cisco 3600 series router.

Workaround   There is no workaround.

CSCdt60442

Symptoms   An RFC 1577 client may fail to resolve a Logical IP Subnet (LIS) neighboring client via an ATM server.

Conditions   This symptom is observed on a Cisco 7500 series router.

Workaround   There is no workaround.

CSCdt61332

Symptoms   A Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) provider edge (PE) router that employs the Enhanced Interior Gateway Routing Protocol (EIGRP) multipath feature may not load share equally among all the unlabeled links. The symptom can be identified by entering the show tag-switching forwarding vrf vrf-name [ip-prefix] [detail] EXEC command. The command output will show unequal allotment of load sharing slots to the different unlabeled paths.

Conditions   This symptom is observed when a labeled packet that is coming from the provider network is switched out.

Workaround   There is no workaround.

CSCdt63586

Symptoms  The VLAN feature is configurable on the 10BASE-T Ethernet WAN interface card (WIC) even though this WIC does not support VLAN functionality.

Conditions   This symptom is observed on a Cisco 1751 router.

Workaround   There is no workaround.

CSCdt65062

Symptoms   A memory leak may occur because the ATM configuration mode data structure is not released when a permanent virtual connection (PVC) is removed.

Conditions   The conditions under which this symptom occurs are not known at this time.

Workaround   There is no workaround.

CSCdt66730

Symptoms   On an outgoing gateway (OGW), voice activity detection (VAD) is not turned on, but on the terminating gateway (TGW), VAD is turned on. VAD does not function on the path from the OGW to the TGW, but it does function on the path from the TGW to the OGW. This situation causes unnecessary bandwidth usage and CPU processing on the OGW.

Conditions   This symptom is observed when you make an E1 R2 call on a Cisco AS5400 that functions as an OGW.

Workaround   There is no workaround.

CSCdt70804

Symptoms   Cisco IOS software may not recognize the ID PROM for the 1-port T1 CSU/DSU WAN interface card (WIC-1DSU-T1) and may not read the EEPROM contents for the WIC-1DSU-T1.

The WIC-1DSU-T1 may be recognized in the output of the show running-config EXEC command, but not in the output of the show diag privileged EXEC command.

Conditions   These symptoms are observed on a Cisco 3600 series router that is running Cisco IOS Release 12.1(5)YB, or a later release, or Release 12.2(2)T. There are different versions of ID PROMs for the WAN WICs: the above-mentioned releases recognize versions 0, 1 and 4, but not version 2. The WIC-1DSU-T1 has ID PROM version 2 and is not recognized. However, the WIC-1DSU-T1 can still be configured, and the configuration is displayed in the output of the show running-config EXEC command.

Workaround   There is no workaround.

CSCdt75167

Symptoms   On a Cisco IAD2420 series, the line connection of virtual access interface 1 may go down while ATM interface 0 remains up. Pings may also fail as a result of this condition.

Conditions   This symptom is observed on a Cisco IAD2420 series when Network-Based Application Recognition (NBAR) is configured on an Asynchronous Digital Subscriber Line (ADSL) ATM interface that is running PPP over ATM (PPPoA).

Workaround   Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on virtual access interface 1.

CSCdt79383

Symptoms   Time-division multiplexing (TDM) hairpinning via an E1 link that is using common channel signaling (CCS) may fail between two plain old telephone service (POTS) ports, and E1 controllers may go down.

Conditions   These symptoms are observed on a Cisco 3660 router when the pri-group controller configuration command is configured on the E1 controllers. Both interslot and intraslot hairpinning fails. The symptoms occur only in an E1 configuration with PRI provisioned. The symptoms do not occur in an E1 configuration with channel-associated signaling (CAS), nor in a T1 configuration with either PRI or CAS.

Workaround   There is no workaround.

CSCdt80732

This caveat consists of three symptoms, three conditions, and three workarounds, all of which are related to Voice over IP (VoIP) Media Gateway Control Protocol (MGCP) modem pass-through fax calls.

Symptoms A   A digital signal processor (DSP) may become unresponsive and fail to complete a fax call.

Conditions A   This symptom is observed when a VoIP MGCP modem pass-through call is placed and a fax tone is detected before a modem tone.

Workaround A   There is no workaround.

Symptoms B   A DSP may become unresponsive and fail to complete a fax call that has call waiting and caller ID enabled.

Conditions B   This symptom is observed when the call is presented to a voice port that is handling a VoIP MGCP modem pass-through fax call.

Workaround B   Disable the call waiting or caller ID configuration.

Symptoms C   A DSP may become unresponsive and fail to complete subsequent fax calls.

Conditions C   This symptom is observed when another fax tone is detected (to initiate another fax call) after the first VoIP MGCP modem pass-through fax call is ended before the call is disconnected.

Workaround C   There is no workaround.

CSCdt81541

Symptoms   Packets may be dropped incorrectly.

Conditions   This symptom is observed when a dialer is used and Cisco Express Forwarding (CEF) and hardware compression are enabled.

Workaround   There is no workaround.

CSCdt82604

Symptoms   A Cisco 827 router or a Cisco 1700 series router may reload with a bus error.

Conditions   This symptom is observed when an interface is shut down after a PPP over Ethernet (PPPoE) session is initiated and authentication is configured.

Workaround   There is no workaround.

CSCdt83789

Symptoms   A voice gateway may reload.

Conditions   This symptom is observed when the number of Voice over IP (VoIP) calls exceeds the number of available digital signal processor (DSP) channels in the voice gateway.

Workaround   Ensure that the number of DSPs in the voice gateway exceeds the number of DS0 channels.

CSCdt86998

Symptoms   A Cisco 1700 series router that is configured with a Virtual Private Network (VPN) module, a Fast Ethernet interface, or a 10BASE-T Ethernet interface may reload or pause indefinitely.

Conditions   This symptom is observed when the outbound traffic flow is greater than 524 packets per second (pps) and the packet size is larger than 1460 bytes.

Workaround   If the rate of encrypted outbound traffic is expected to reach 6 Mbps on the Fast Ethernet or 10BASE-T Ethernet interface, disable the VPN module (that is, switch to software encryption). Doing so will reduce the encryption throughput and prevent the router from being reloaded.

CSCdt88329

Symptoms   NextPort 6-port central site modems (CSMV/6) on a Cisco AS5350 or Cisco AS5400 may be marked "bad."

Conditions   This symptom is observed on a Cisco AS5350 or Cisco AS5400 that is running Cisco IOS Release 12.1(5)XM2 or a later release when the port modem autotest global configuration command or the port modem startup-test command is configured. Entering the test port modem back-to-back EXEC command may also cause the modems to be marked "bad." The symptom may also occur in other releases such as Release 12.2 T.

Workaround   Remove the port modem autotest global configuration command or the port modem startup-test command from the configuration and refrain from using the test port modem back-to-back EXEC command. To restore service modems that have been marked "bad," use the clear spe EXEC command.

CSCdt92664

Symptoms   A Cisco 6400 series platform and a 7200 series router may reload with a watchdog timeout.

Conditions   This symptom is observed when you clear the Layer 2 Tunneling Protocol (L2TP) tunnel by using the clear vpdn tunnel l2tp EXEC command and then unconfigure the permanent virtual circuit (PVC).

Workaround   Use the clear vpdn tunnel pppoe EXEC command and then unconfigure the PVC on the virtual circuit (VC).

CSCdt94375

Symptoms   A Cisco 7200 series router or a Cisco AS5400 may reload after you physically remove a voice-support port adapter and then change the configuration of the serial interface.

Conditions   This symptom is observed after a voice-support port adapter that is configured with primary Non-Facility Associated Signaling (NFAS) is physically removed and the no isdn rlm-group number interface configuration command followed by the isdn rlm-group number interface configuration command is entered on the serial interface.

Workaround   There is no workaround.

CSCdt96051

Symptoms   A disengage request (DRQ) may not be sent to an alternate gatekeeper in a gatekeeper cluster.

Conditions   This symptom is observed when a gatekeeper in a gatekeeper cluster is shut down and there is an active call.

Workaround   There is no workaround.

CSCdu00558

This caveat consists of two symptoms, two conditions, and two workarounds.

Symptoms A   Half of the ports on a CT3-216UP card become stuck in the downloading state and can no longer be used.

Conditions A   This symptom is observed when you attempt to download nondefault universal port firmware to a CT3-216UP card in slot 0 of a Cisco AS5850.

Workaround A   To recover the ports that are stuck, configure the Cisco IOS bundled default firmware on these ports. Change the configuration so that the Cisco IOS bundled default firmware is downloaded to the CT3-216UP card.

Symptoms B   A CT3-216UP card may reload.

Conditions B   This symptom is observed when you attempt to download nondefault universal port firmware to a CT3-216UP card in slot 0 of a Cisco AS5850.

Workaround B   Change the configuration so that the Cisco IOS bundled default firmware is downloaded to the CT3-216UP card.

CSCdu07720

Symptoms   A codec change may not take effect when it occurs while an active call is on hold.

Conditions   This symptom is observed when you use Session Initiation Protocol (SIP) in the following sequence of events:

The initial call setup negotiates to G.729.

A user agent sends an "invite" message with a Session Description Protocol (SDP) that indicates that the call should go on hold and that lists G.711.

The call goes on hold.

The user agent sends another "invite" message with an SDP that indicates that the call should no longer be on hold and that lists G.711.

The call should now be using G.711, but instead is still using G.729.

Workaround   There is no workaround.

CSCdu11211

Symptoms   Phase 2 failures may occur on a Cisco uBR905 when IP Security (IPSec) is negotiated and hardware encryption is enabled. No traffic is passed even though phase 2 IPSec Security Associations (SAs) are set up. The child IPSec SA stops passing data when the Internet Key Exchange (IKE) SA lifetime expires.

Conditions   These symptoms are observed on a Cisco uBR905 series router that is running Cisco IOS Release 12.1(3a)XL1 but may also occur in Release 12.2 T.

Workaround   Disable hardware encryption or use the default IKE SA lifetime of 24 hours and a minimal IPSec SA lifetime of 120 seconds. With these settings, traffic stops flowing for only two minutes every 24 hours. When rekeying is done every two minutes, there will be a slight degradation in performance.

CSCdu11970

Symptoms   The following error message that is related to digital signal processors (DSPs) may be generated on a Cisco AS5800, causing two DPS channels to fail:

%VTSP-3-DSP_TIMEOUT: DSP timeout on event 6: DSP ID=0x2541: DSP error stats

Conditions   This symptom is observed on a Cisco AS5800 that is configured for channel-associated signaling (CAS) calls.

Workaround   There is no workaround.

CSCdu12528

Symptoms   Three-way calling does not function.

Conditions   The conditions under which this symptom occurs are not known at this time.

Workaround   There is no workaround.

CSCdu14026

Symptoms   When you enter the clear crypto sa EXEC command, a router may reload and display messages that state "%ALIGN-1-FATAL: Illegal access to a low address."

Conditions   This symptom is observed on a Cisco 7200 series router.

Workaround   There is no workaround.

CSCdu15875

Symptoms   Repeated Cbus-complex reloads may occur on a Cisco 7500 series router.

Conditions   This symptom is observed on a Cisco 7500 series router that is configured with a multichannel T1 or E1 port adapter (PA-MC-T1 or PA-MC-E1) that, in turn, has 128 channel groups configured when an online insertion and removal (OIR) is performed.

Workaround   There is no workaround.

CSCdu17530

Symptoms   IP version 6 (IPv6) over Frame Relay encapsulation has changed in Cisco IOS Release 12.2(2)T. Earlier Cisco IOS IPv6 beta or EFT releases cannot interoperate with Release 12.2(2)T and later releases.

Conditions   Conditions do not apply to this caveat. Cisco IOS IPv6 beta or EFT releases before Release 12.2(2)T use network layer protocol identification (NLPID) 0x80 Subnetwork Access Protocol (SNAP) encapsulation in accordance with RFC 2427. In Release 12.2(2)T and later releases, IPv6 over Frame Relay uses NLPID 0x8E encapsulation in accordance with RFC 2590.

Workaround   There is no workaround.

CSCdu19420

Symptoms   A Cisco 2600 series router may not properly send IP traffic to a Token Ring interface.

Conditions   This symptom is observed when source-route bridging (SRB) is configured for Systems Network Architecture (SNA) traffic while integrated routing and bridging (IRB) is enabled on a Token Ring interface on a Cisco 2600 router.

Workaround   There is no workaround.

CSCdu20917

Symptoms   Some Virtual Private Network (VPN) clients may fail to establish secure Layer 2 Tunneling Protocol (L2TP) sessions with Cisco routers. The sessions may be established after several repeated attempts. The following message is displayed when this condition occurs:

%CRYPTO-3-QUERY_KEY: Querying key pair failed

Conditions   This symptom is observed when certificate-based authentication is used.

Workaround   There is no workaround.

CSCdu22487

Symptoms   The configuration of the protocol pppoe interface-ATM-VC configuration command (for an ATM permanent virtual circuit [PVC] or switched virtual circuit [SVC]) may not be displayed in the output of the show running-config EXEC command.

Conditions   This symptom is observed when the protocol pppoe interface-ATM-VC configuration command is configured along with the range pvc 2/100 2/200 subinterface configuration command on an ATM subinterface.

Workaround   There is no workaround.

CSCdu23279

Symptoms   An originating gatekeeper may reload.

Conditions   This symptom is observed after the endpoint alt-ep h323id h323-id ip-address gatekeeper configuration command is configured and after the gatekeeper is configured to receive three location confirmations (LCFs).

Workaround   There is no workaround.

CSCdu23289

Symptoms   The default output level in analog T1, Foreign Exchange Station (FXS), and Foreign Exchange Office (FXO) is 3 dB lower than normal.

Conditions   This symptom is observed on a Cisco 3600 series router but may also occur on other platforms.

Workaround   Change the output level back to the normal level using the command-line interface (CLI).

CSCdu24249

This caveat consists of two symptoms, two conditions, and two workarounds.

Symptoms A   A Cisco router that is configured with a Cisco 2600 series or Cisco 3600 series Virtual Private Network (VPN) hardware module may pause indefinitely.

Conditions A   This symptom is observed when the router processes a burst of large packets (more than 2 KB) and when the show running-config privileged EXEC command is entered while the router is passing a moderate amount of large-packet data. The symptom is more likely to occur when double authentication is used (that is, when esp-sha-hmac and ah-sha-hmac are used).

Workaround A   There is no workaround. To correct the situation, reload the router.

Symptoms B   A Cisco 2600 series or Cisco 3600 series VPN hardware module may stop processing packets. However, the router does not pause indefinitely.

Conditions B   This symptom is observed in Cisco IOS Release 12.2(4)T when the driver stops processing packets that are queued for processing when all the jumbo buffers are in use.

A change that was introduced in Cisco IOS Release 12.2(4)T fixes the indefinite pause that is mentioned in symptom A but introduces symptom B.

Workaround B   There is no workaround. To correct the situation, reload the router.

CSCdu25491

Symptoms   Fax calls on a Cisco 3660 gateway may occasionally fail.

Conditions   This symptom is observed when more than five voice calls are made simultaneously.

Workaround   There is no workaround.

CSCdu28703

Symptoms   Only the following four trap control elements in the CISCO-IPSEC-FLOW-MONITOR-MIB can be enabled (set to 1):

cipSecTrapCntlIkeTunnelStart

cipSecTrapCntlIkeTunnelStop

cipSecTrapCntlIpSecTunnelStart

cipSecTrapCntlIpSecTunnelStop

The router sends Simple Network Management Protocol (SNMP) replies to indicate that the other elements are read-only.

Conditions   This symptom is observed on a Cisco 7200 series router but may also occur on other platforms.

Workaround   There is no workaround.

CSCdu29382

Symptoms   Configuring the fair-queue interface configuration command on a Gigabit Ethernet or Fast Ethernet egress interface may cause continuous traceback messages.

Conditions   This symptom is observed on a Cisco AS5850.

Workaround   Do not configure the fair-queue interface configuration command on the egress interface.

CSCdu29411

Symptoms   The Call Success Ratio (CSR) may drop more than 10 percent.

Conditions   This symptom is observed on a Cisco AS5400 during a stress test with E1 R2 H.323 calls.

Workaround   There is no workaround.

CSCdu29645

Symptoms   The no mgcp global configuration command may cause instability when it is used to clear calls.

Conditions   This symptom is observed on a Cisco MC3810 but may also occur on other platforms.

Workaround   There is no workaround.

CSCdu30658

Symptoms   A Cisco 8000 series MGX Route Processor Module (RPM) may not boot up completely. The Processor Switch Module (PXM) may indicate that the RPM is in the boot state, but the RPM is still waiting for a response and the PXM can no longer communicate with the RPM. If you reset the RPM, it does not boot up at all.

When you enter the escape sequence Ctrl-Shift-6 from the console to bring up the RPM, you may be able to change the RPM configuration, but the RPM still cannot communicate with the PXM.

Conditions   These symptoms are observed when the configuration registry is set to 0x1.

Workaround   There is no workaround.

CSCdu31931

Symptoms   A gateway may generate an inconsistent Answer (ANS) notify (NTFY) message, causing the call flow to fail and the endpoint to become unusable.

Conditions   This symptom is observed in channel-associated signaling (CAS) calls.

Workaround   There is no workaround.

CSCdu33274

Symptoms   A transponder Continuity Test (COT) may fail when the transmit and receive frequencies are different.

Conditions   This symptom is observed on a Cisco AS5300 in a Cisco SS7 Interconnect for Voice Gateways solution.

Workaround   Instead of a transponder COT, perform a loopback COT.

CSCdu35335

Symptoms   A Cisco 1700 series router may reload because of a redzone corruption.

Conditions   This symptom is observed on a Cisco 1700 series router that is configured with an asymmetric digital subscriber line (ADSL) WAN interface card (WIC) when packets that are 4000 bytes in size are sent.

Workaround   There is no workaround.

CSCdu36732

Symptoms   When an operator services call termination is processed, the recEive and transMit (E&M) Feature Group D channels may fail to release, and the Media Gateway Control Protocol (MGCP) connection may remain active indefinitely.

Conditions   This symptom is observed only under the following circumstances:

The E&M Feature Group D channel is the facility that is used to connect the operator to the terminating gateway.

The subscriber disconnects from the call while the operator is off hook.

The call agent is configured to send the Delete Connection (DLCX) or notification request (RQNT) message with the S: MO/rel event and R: MO/rlc event to the terminating gateway upon subscriber disconnect while the operator is off hook. If the operator goes on hook while the terminating gateway is processing the S: MO/rel event, the gateway can fail to release the E&M Feature Group D channel.

This condition causes the MGCP connection to remain active, and the call agent is not notified of the operator going on hook.

To avoid this situation, configure the call agent to send RQNT S: MO/sus when a subscriber disconnect is detected and the operator is off hook. This provides an opportunity for the operator to recall the subscriber. The ability and procedures to configure call agents vary. Consult your call agent vendor for instructions.

Workaround   Attempt to release the MGCP connection and the E&M Feature Group D channel by entering the mgcp dlcx endpoint id configuration command, specifying the endpoint name to be cleared.

Alternate Workaround   If the above-mentioned workaround does not clear the condition, the T1 controller must be shut down and restarted. This action should be considered only as a last resort because all active calls on the T1 span will be disconnected when the T1 controller is shut down. The T1 controller is shut down from the T1 controller command level interface that is accessed by entering the controller t1 controller unit number configuration command, specifying the controller unit number of the T1 controller to be disabled. From the T1 controller command level interface, shut down the T1 controller using the shutdown interface configuration command. Enter the no shutdown interface configuration command to reenable the T1 controller.

CSCdu37421

Symptoms   A Cisco IAD2420 series may not send a notify (NTFY) message (O:rlc) to a call agent after having received a notification request (RQNT) message (R:DT/rlc[N]) from the call agent upon call termination. Subsequent call attempts do not succeed because the line is busy.

Conditions   This symptom is observed in a Foreign Exchange Office (FXO) Direct-Inward-Dial (DID) call flow.

Workaround   There is no workaround.

CSCdu37772

Symptoms   A Session Initiation Protocol (SIP) call may be disconnected unexpectedly.

Conditions   This symptom is observed when a hookflash occurs.

Workaround   There is no workaround.

CSCdu38531

Symptoms   A Cisco uBR7200 series may reload when you enter the su-mac MAC-address qos-level level-num type pppoe global configuration command.

Conditions   This symptom is observed on a Cisco uBR7223 or a Cisco uBR7246 universal broadband router.

To prevent the symptom from occurring, tags may be used instead of SU MAC addresses for PPP over Ethernet (PPPoE) forwarding.

Workaround   There is no workaround.

CSCdu38797

Symptoms   If you disable the voice-fastpath enable global configuration command on a universal gateway, the configuration is not saved. When the universal gateway is booted up again, it reverts to the default configuration in which the voice-fastpath enable global configuration command is enabled.

Conditions   This symptom is observed on a Cisco AS5400.

Workaround   Disable the voice-fastpath enable global configuration command after the router has reloaded.

CSCdu40546

This caveat consists of two symptoms, two conditions, and two workarounds.

Symptoms A   A Virtual Private Network Advanced Integration Module (AIM-VPN) or VPN network module (NM-VPN) may stop passing data when authentication errors occur with packets that are larger than 2048 bytes (including the IP Security [IPSec] headers).

Conditions A   This symptom is observed on Cisco 2600 series and Cisco 3600 series AIM-VPN and NM-VPN modules.

Workaround A   On interfaces that are passing IPSec traffic, set the maximum transmission unit (MTU) to a value less than 1500.

Symptoms B   An AIM-VPN or NM-VPN may not handle large packets correctly when Encapsulating Security Payload (ESP) authentication is enabled. The module incorrectly considers these packets to have authentication errors, discards them, and generates the following error message:

%HW_VPN-1-HPRXERR: Hardware VPN0/2: Packet Encryption/Decryption error, status=4609

Conditions B   This symptom is observed on Cisco 2600 series and Cisco 3600 series AIM-VPN and NM-VPN modules.

The exact packet size at which symptom B occurs depends on the type of transform:

For ESP authentication only, 1510-byte packets cause the symptom to occur.

For ESP encryption with authentication, 3046-byte packets cause the symptom to occur.

For ESP encryption with Authenticated Header (AH) and ESP authentication enabled, 3022-byte packets cause the symptom to occur.

Workaround B   On interfaces that are passing IPSec traffic, set the maximum transmission unit (MTU) to a value less than 1500.

CSCdu42078

Symptoms   PPP over Ethernet (PPPoE) commands and quality of service (QoS)-level commands are not accepted on an ATM permanent virtual circuit (PVC) subinterface, preventing PPPoE forwarding from functioning. No error messages are displayed on the console.

Conditions   These symptoms are observed on a Cisco uBR7200 series.

Workaround   There is no workaround.

CSCdu42728

Symptoms   A Cisco uBR7200 series may reset the interface when brief disruptions occur on the control channel of the outdoor unit (ODU). On a headend, the entire sector may be brought down briefly and all subscribers may experience an availability impact as the subscribers are reranged. On a subscriber, the link may be brought down as it reranges to join the network.

Conditions   These symptoms are observed when brief disruptions occur. These disruptions are described in DDTS CSCdt60488.

Workaround   Upgrade to Cisco IOS Release 12.2(2)T1 or a later release.

CSCdu44766

Symptoms   Deleting an IP version 6 (IPv6) access list multiple times using the no ipv6 access-list access-list-name global configuration command may cause the router to reload.

Conditions   This symptom is observed on a Cisco 12000 series router.

Workaround   Delete the IPv6 access list only once.

CSCdu45419

Symptoms   The output attenuation decibels voice-port configuration command does not function properly for values other than 1 through 5 or when the value is zero. The actual decibel levels that are measured on the wire are not what you would expect.

Conditions   This symptom is observed on a Cisco voice gateway that is running Cisco IOS Release 12.2 T.

Workaround   There is no workaround.

CSCdu45581

Symptoms   The "display info" information from the ISDN/Call Distributor application program interface API (CDAPI) is not located in the "display name" field in the "From" header of the Session Initiation Protocol (SIP) "Invite" message that is used for the setup of a call. Similarly, on the egress side, the "display name" field in the "From" header of the "Invite" message is not forwarded in the call decode information for the ISDN/CDAPI.

This second situation does not enable switches to present the calling name to a customer premises equipment (CPE) if the "presentation indication" states "allowed." Because SIP does not provide an end-to-end transport of typical Q.931 parameters, there is no consistent end-to-end transport of calling name information and, therefore, no feature parity with H.323.

Conditions   These symptoms are observed in Cisco IOS Release 12.2(1)XA but may also occur in other releases such as Release 12.2 T.

Workaround   There is no workaround.

CSCdu47902

Symptoms   The insertion of a large number of Border Gateway Protocol (BGP) routes may cause memory to become fragmented and distributed Cisco Express Forwarding (dCEF) to become disabled because of a low memory condition.

Conditions   This symptom is observed on a Cisco 12000 series router but may also occur on other platforms.

Workaround   There is no workaround.

CSCdu50693

Symptoms   A Fast Ethernet (FE) interface on a Cisco 8000 series MGX Route Processor Module (RPM) may not be able to receive traffic.

Conditions   This symptom is observed after you have first entered the clear counters EXEC command and then the shutdown interface configuration command followed by the no shutdown interface configuration command on the FE interface.

Workaround   Reload the RPM.

CSCdu51466

Symptoms   A Cisco AS5300 voice gateway may generate an error message when playing an audio file on the call leg from the plain old telephone service (POTS) side to the Voice over IP (VoIP) side. This situation may cause Tool Command Language (TCL) interactive voice response (IVR) scripts that need the audio file to function improperly.

Conditions   This symptom is observed on a Cisco AS5300 voice gateway that is running Cisco IOS Release 12.2(4)T.

Workaround   There is no workaround.

CSCdu51646

Symptoms   A Cisco router may reload unexpectedly and generate the following error messages:

%Software-forced reload

%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = Crypto IKMP.
-Traceback=

(After "traceback", a string of hexadecimal values is displayed.)

Conditions   This symptom is observed on a Cisco router that is running a Cisco IOS image that includes encryption features.

Workaround   There is no workaround.

CSCdu52551

Symptoms   A negative number of free Software Port Entities (SPEs) may be displayed in the output of the show spe EXEC command.

Conditions   This symptom is observed when you repeatedly enter the busyout SPE configuration command and the no busyout SPE configuration command on a NextPort Dial Feature Card (DFC-108NP) that has active calls.

Workaround   Do not enter the busyout SPE configuration command and the no busyout SPE configuration command on a DFC-108NP that has active calls.

CSCdu53584

Symptoms   The switching path changes from distributed Cisco Express Forwarding (dCEF) to Cisco Express Forwarding (CEF) after 40 online insertion and removal (OIR) events. This situation affects quality of service (QoS) functionality and the performance of the router, which requires a dCEF path.

Conditions   This symptom is observed on a Cisco 7500 series Route Switch Processor (RSP).

Workaround   There is no workaround.

CSCdu53863

Symptoms   A router may reload after the IP address is moved from one interface to another, and an endless loop is created.

Conditions   This symptom is observed on a Cisco 2600 series router but may also occur on other platforms.

Workaround   There is no workaround.

CSCdu56329

Symptoms   When there is a codec mismatch, a Session Initiation Protocol (SIP) gateway may respond to a forked "Invite" request with a "606 Not Acceptable" message and a "Warning: 304 10.10.100.2:0 Media Type(s) Unavailable" message, causing all "Invite" requests to fail.

The SIP gateway should interpret the forked "Invite" request differently and respond with a "488 Not Acceptable Here" message so that other parties can still accept their forked "Invite" requests.

Conditions   This symptom is observed on a Cisco 2600 series router that functions as a SIP gateway but may also occur on other platforms.

Workaround   There is no workaround.

CSCdu56561

Symptoms   A gatekeeper that is using accounting may reload if a call is originated from or terminated by a gateway that is registered with the gatekeeper.

Conditions   This symptom is observed on a Cisco 3600 series router that is functioning as a gatekeeper and that is running Cisco IOS Release 12.1(5)XM3 but may also occur in other releases such as Release 12.2 T.

Workaround   There is no workaround.

CSCdu57189

Symptoms   Extension traps (up, down, and Operation, Administration, and Maintenance [OAM] failure loopback) may not be generated.

Conditions   This symptom is observed on a Cisco 3600 series router that is configured with an ATM interface when the following sequence of events occurs:

You enable old traps.

You disable old traps.

You enable extension traps.

You enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the ATM interface while permanent virtual circuits (PVCs) are configured on the interface.

Workaround   There is no workaround.

CSCdu57265

Symptoms   A memory leak may occur on a universal gateway when you enter the busyout shelf/slot/port privileged EXEC command before you perform an online insertion and removal (OIR) of a port module that has active calls.

Conditions   This symptom is observed on a Cisco AS5400 that is configured for port-level event logging. The symptom may also occur on other platforms.

Workaround   Enter the clear port log slot EXEC command to clear all event entries in the port-level history event log before you perform an OIR.

CSCdu57585

Symptoms   If a channel-associated signaling (CAS) outgoing modem call is attempted via reverse-Telnet on a port that has been previously engaged in an incoming ISDN call, the call may fail, producing some traceback messages.

Conditions   This symptom is observed on a Cisco AS5300 but may also occur on other platforms.

Workaround   There is no workaround.

CSCdu57844

Symptoms   A slow memory leak may occur in the "CCH323_CT" process on a gateway.

Conditions   This symptom is observed when a Cisco AS5400 is stressed with calls that use H.245 tunneling. The symptom may also occur on other platforms.

Workaround   Disable H.245 tunneling by entering the following commands in terminal configuration mode:

voice service voip

h323 h245 tunnel disable

Entering these terminal configuration commands will force a separate connection for H.245 tunneling.

CSCdu58531

Symptoms   An Ethernet interface may have an incorrect interface type (ifType) in the corresponding RFC 1213 ifTable entry.

Conditions   This symptom is observed on a Cisco 5800 dial shelf controller (DSC) card.

Workaround   There is no workaround.

CSCdu60377

Symptoms   When an ISDN "Setup" message is sent to a gateway with all the required information elements (IEs), such as calling and called number, the Session Initiation Protocol (SIP) "Invite" message that is sent out from the gateway may not contain the calling number mapped to the "From" header of the SIP "Invite" message. This situation may cause call failures.

Conditions   Call failures occur when the destination pattern on the ingress Voice over IP (VoIP) dial peer, which is matched on the egress gateway, contains wildcard characters. The wildcard characters are sent directly as the calling number in the ISDN "Setup" message from the egress gateway.

Workaround   Do not use wildcard characters on the VoIP dial peers on the egress gateway.

CSCdu62096

Symptoms   A Cisco AS5300 that is configured for E1 R2 and that has resource pooling enabled may not connect calls. All calls may fail with a "soft reset."

Conditions   This symptom is observed on a Cisco AS5300 that is running Cisco IOS Release 12.2(1a) but may also occur in other releases such as Release 12.2 T.

Workaround   There is no workaround.

CSCdu65832

Symptoms   When a Cisco 8000 series MGX Route Processor Module (RPM) is in the boot mode, it may not boot from the C drive.

Conditions   This symptom is observed when the RPM is configured to boot from the C drive.

Workaround   Boot the RPM from Flash memory.

Alternate Workaround   Include the buffers verybig permanent 5 global configuration command in the startup configuration file in the boot mode, and reload the RPM to load the Cisco IOS software from the C drive.

CSCdu65856

Symptoms   A Virtual Private Network (VPN) hardware encryption module may generate the following error message:

ALIGN-1-FATAL: Illegal access to a low address

After the error message has been generated, a traceback follows, and the router reloads.

Conditions   These symptoms are observed under high traffic rate conditions and when high CPU utilization occurs.

Workaround   Lower CPU utilization on the router.

CSCdu66011

Symptoms   The trunk group global configuration command may not function.

Conditions   This symptom is observed on a Cisco 7200 series router.

Workaround   There is no workaround.

CSCdu66372

Symptoms   Modem or fax calls may fail if the 2100-Hz tone is detected at the gateway before the "Connect" message is received.

Conditions   This symptom is observed under rare circumstances on a Cisco AS5300 but may also occur on other platforms.

Workaround   There is no workaround.

CSCdu66434

Symptoms   A router log may begin to fill with the following message when production traffic is started:

%SYS-2-GETBUF: Bad getbuffer, bytes= 61554 -Process= "SNA Switch", ipl= 0, pid=84 -Traceback= 6049E0F8 61055964 610527D8 61051384 60F485E8 60F47A64 60F48250 60F4DE98 61059020 61058DAC 61058E28 60F34E38 604D3E74 604D3E60

Conditions   This symptom is observed after a router is upgraded to Cisco IOS Release 12.1(9) but may also occur in other releases such as Release 12.2 T.

Workaround   There is no workaround.

CSCdu69390

Symptoms   "%SYS-3-CPUHOG" error messages may be displayed when the Director Response Protocol (DRP) client process is used.

Conditions   This symptom is observed on a Distributed Director.

Workaround   There is no workaround.

CSCdu71151

Symptoms   A Cisco 3640 router that is functioning as a provider edge (PE) router may not support Label Distribution Protocol (LDP). This situation may prevent the PE router from advertising any Border Gateway Protocol (BGP) routes to a Cisco 2600 series customer edge (CE) router that is running Cisco IOS Release 12.0(18). However, the CE router will advertise routes to the PE router. Entering the neighbor ce-ipaddress don-capability-negotiate command on the PE router does not correct this situation.

Conditions   This symptom is observed on a Cisco 3640 router that is running Cisco IOS Release 12.2(2)T or Release 12.2(4)T.

Workaround   Upgrade the CE router from Cisco IOS Release 12.0(18) to Release 12.1.

CSCdu72336

Symptoms   Multicast Distributed Fast Switching (MDFS) for IP multicast on a Cisco 12000 series router may fail to add a particular interface to the outgoing interface (OIF) list of certain multicast static routes (mroutes) on a line card. If that line card is the Reverse Path Forwarding (RPF) interface for that mroute, this situation will result in forwarding to that OIF interface to fail.

Conditions   This symptom is observed on a Cisco 12000 series router. If the router is not correctly forwarding IP multicast traffic out of a particular interface but the output of the show ip mroute EXEC command shows that interface in the OIF list of that route, verify that the interface also shows up in the OIF list on the line card that has the incoming interface of the route. Enter the attach slot-number privileged EXEC command, in which the slot-number argument is the number of the line card, and then enter the show ip mds forwarding EXEC command to determine the actual MDFS forwarding state of the mroute. If the outgoing interface in question does not show "ip" in this output, then this caveat applies.

Workaround   Disable MDFS on the incoming interface by configuring the no ip mroute-cache interface configuration command on the interface. Do not use this workaround if more than a very low amount of multicast traffic is arriving on that interface or else you will compromise the stability of the router because the workaround causes the packets to be switched through the Gigabit Route Processor instead of through the switching fabric.

CSCdu72782

Symptoms   If an IP address is enabled on an SW1 interface, the SW1 interface flushes packets, and the traffic flow stops.

Conditions   This symptom is observed on a Cisco 8000 series MGX Route Processor Module (RPM).

Workaround   Remove the IP address from the SW1 interface.

CSCdu73149

Symptoms   When a universal gateway is configured for Hot Standby Router Protocol (HSRP), the active gateway sets the Fast Ethernet chipset of a specific third-party vendor into promiscuous mode, causing the chipset to react to every single frame on the LAN instead of only to frames with a built-in address (BIA), frames with a virtual MAC address, broadband frames, or multicast frames.

When the active gateway sends frames back via the interface the frames arrived through, many duplicates may occur.

Conditions   This symptom is observed on a Cisco AS5400, but may also occur on other platforms such as a Cisco 3600 series router or a Cisco 7200 series router.

Workaround   Configure the active router in such a way that duplicates are avoided. For example, if there is no receiving host or next-hop router, there is no reason for the active router to send frames back via the interface the frames arrived through.

The fix for this caveat applies a filter mechanism that enables an active router in an HSRP configuration to react only to frames that are destined for the active router.

CSCdu74065

Symptoms   Time-division multiplexing (TDM) switching may fail.

Conditions   This symptom is observed when Resource Pool Manager Server (RPMS) is enabled and when there are no digital signal processors (DSPs) to handle PRI hairpin calls. TDM switching works fine when RPMS is disabled.

Workaround   Disable RPMS when there are no DSP resources available to handle TDM switching or investigate why there are no more system processing engine (SPE) resources available.

CSCdu74169

Symptoms   For Session Initiation Protocol (SIP) calls, the PRI "Setup" message that is sent by a gateway always includes a progress indicator (PI) information element (IE), in which the value of the PI is set to 0x8181 (indicating "Call not end-to-end ISDN, inband information may be available"). This is actually legal and logical behavior, because the call is really not an end-to-end ISDN call.

However, because of this PI value, the terminating gateway may return inband progress tones rather than a "Disconnect" message with a cause code. If the called party is busy, all circuits are busy, an invalid dialed number (DN) occurs, or in others cases, the calling party will simply listen to the inband message and hang up, resulting in a disconnect cause code of "normal call clearing," which does not allow the Voice over IP (VoIP) service provider to collect call completion statistics that are based on the real cause of disconnection.

With the exception of customers who require discrimination of disconnect cause codes, this situation does not affect service.

Conditions   This symptom is observed for any outbound VoIP call from the SIP gateway to the ISDN terminating gateway.

Workaround   Instead of SIP, use the H.323 protocol.

CSCdu75145

Symptoms   A Cisco 8000 series MGX Route Processor Module (RPM) may reload.

Conditions   This symptom is observed when you add 2000 subinterfaces in bulk using Simple Network Management Protocol (SNMP) and you exceed the limit of the maximum number of supported subinterfaces.

Workaround   For a Route Processor Module-PRemium (RPM-PR), limit the maximum number of subinterfaces to 1999 subinterfaces minus the number of other interfaces, such as Ethernet, Fast Ethernet, and loopback.

For a Route Processor Module B (RPM-B), limit the maximum number of subinterfaces to 799 subinterfaces minus the number of other interfaces.

CSCdu75796

Symptoms   A Cisco AS5400 may reject the calls that follow the first 16 calls. A Resource Pool Manager (RPM) is used with channel-associated signaling (CAS) and Feature Group-B (FGB) signaling. All calls pause indefinitely in the "Connect" state for about 4 seconds and are subsequently disconnected in the NextPort trainup step after the RPM switches the modem to pick up the call.

Conditions   This symptom is observed on a Cisco AS5400 that is running a Cisco IOS Release 12.2(2)XA but may also occur in other releases such as Release 12.2 T.

Workaround   There is no workaround.

CSCdu75881

Symptoms   A Tool Command Language (TCL) interactive voice response (IVR) script that is running on a Cisco IOS voice gateway may terminate unexpectedly.

Conditions   This symptom is observed when an "aaa" TCL IVR version 2.0 verb is supplied with a parameter that begins with the "-" character.

Workaround   Avoid parameters that begin with the "-" character.

CSCdu76660

Symptoms   Media Gateway Control Protocol (MGCP) may fail to correctly parse the "Connection ID."

Conditions   This symptom is observed when a call agent sends a request to generate a ringing tone or a ringback tone and when the "Connection ID" begins with the letter "D," which is interpreted as a "Delay" attribute, causing the call agent to reply with "error 522" (no such event type). Calls can be answered, but the caller ID functionality does not work for calls with a caller ID that begins with the letter "D" in the "Connection ID."

Workaround   There is no workaround.

CSCdu76789

Symptoms   Tagged packets may be dropped at the next hop.

Conditions   Tagged packets that are coming in on an Inter-Switch Link (ISL) that is encapsulated on a Cisco 7200 series router and that are going out tagged on a subinterface that is running ISL are dropped at the next hop because of cyclic redundancy check (CRC) errors.

Workaround   There is no workaround.

CSCdu77489

Symptoms   PPP calls may not be forwarded properly.

Conditions   This symptom is observed when PPP calls are sent to a Stack Group Bidding Protocol (SGBP) member that is configured to forward all calls to an offload server. This symptom may occur in Cisco IOS Release 12.2(2) or another release such as Release 12.2 S or Release 12.2 T.

Workaround   There is no workaround.

CSCdu77582

Symptoms   The physical connection between a customer premises equipment (CPE) and a digital subscriber line access concentrator (DSLAM) may cause a router to reload because of a signal trap (Sigtrap) exception.

Conditions   This symptom is observed while traffic is being passed.

Workaround   There is no workaround.

CSCdu79392

Symptoms   An H.245 connection may enter an indefinite loop because of asymmetric codec negotiation failure with slow-start calls.

Conditions   This symptom is observed when slow-start calls are made using a voice class codec configuration in a Voice over IP (VoIP) dial peer.

Workaround   Configure the codec directly on the VoIP dial peer with slow-start calls.

CSCdu79720

Symptoms   Connections on a Cisco 8000 series MGX Route Processor Module (RPM) may fail.

Conditions   This symptom is observed when Operation, Administration, and Maintenance (OAM) is enabled. The connections are restored after OAM is disabled.

Workaround   There is no workaround.

CSCdu82224

Symptoms   A Cisco AS5300, Cisco AS5300, Cisco AS5800 or Cisco AS5850 may misinterpret a 64-kBps V.120 call as a Personal Handyphone Internet Access Forum Standard (PIAFS) call.

Conditions   This symptom is observed when the Terminal Adaptor sends a Q.931 setup frame that matches the following criteria:

The low-layer compatibility fields are present in the setup frame.

The Octet 5 identifies the call as a V.120 call.

The Octet 5A user rate is 64 kBps or 32 kBps.

Workaround   Configure the Terminal Adaptor in such a way that it does not send any low-layer compatibility fields for V.120 calls, and enable the autodetect encapsulation ppp v120 interface configuration command in the D-channel configuration.

CSCdu83823

Symptoms   The execution of a write memory privileged EXEC command may time out when a very large configuration is processed.

Conditions   This symptom is observed on a Cisco 8000 series MGX Route Processor Module (RPM) when you have a maximum number of subinterfaces (about 2000) configured and you add a large number of connections (more than 3700).

Workaround   On both the RPM and the Processor Switch Module (PXM), specify no timeout by setting the timeout value of the exec-timeout line configuration command to 0 minutes and 0 seconds.

CSCdu86695

Symptoms   A Cisco router may reload when Label Distribution Protocol (LDP) sessions are added or removed.

Conditions   This symptom is observed on a Cisco 12000 series router but may also occur on other platforms.

Workaround   There is no workaround.

CSCdu87080

Symptoms   Endpoint name parsing may fail.

Conditions   This symptom is observed when a Trunking Gateway Control Protocol (TGCP) endpoint is addressed by both a local name and a domain name, such as "ds/s-0/ds1-1/1@testnet.com." The endpoint name parsing may fail, and the message is rejected with a "500" error code.

Workaround   Use the local name for TGCP endpoints. Use "ds/s-0/ds1-1/1" instead of "ds/s-0/ds1-1/1@testnet.com."

CSCdu88059

Symptoms   Redundancy may fail on a Cisco 8000 series MGX Route Processor Module-PRemium (RPM-PR) or Route Processor Module B (RPM-B).

Conditions   This symptom is observed when there are a large number of connections on the RPM-PR or the RPM-B.

Workaround   Limit the number of subinterfaces to 1985 for the RPM-PR or to 700 for the RPM-B.

CSCdu88980

Symptoms   A provider edge (PE) router may send a Border Gateway Protocol (BGP) update with malformed attributes to a customer edge (CE) router. This situation may cause the external BGP (eBGP) session to go down when the CE router sends a BGP notification back to the PE router.

Conditions   This symptom is observed on a Cisco 12000 series router that is functioning as a PE router and that is running Cisco IOS Release 12.0(19)ST or another release such as Release 12.2 S or Release 12.2 T when static routes are configured in a Virtual Private Network (VPN) virtual routing/forwarding instance (VRF) on the PE router.

Workaround   There is no workaround.

CSCdu89611

Symptoms   A router that is configured for the home agent service may reload.

Conditions   This symptom is observed when a previously configured mobile host is unconfigured without first unconfiguring the mobile networks.

Workaround   Unconfigure the mobile networks before unconfiguring the mobile host.

CSCdv01146

Symptoms   Packets may not be forwarded.

Conditions   This symptom is observed when Cisco Express Forwarding (CEF) is enabled on a dialer interface (rotary group).

Workaround   There is no workaround.

CSCdv02158

Symptoms   A Cisco router may reload when the verify md5 nvram:persistent-data privileged EXEC command is entered.

Conditions   The conditions under which this symptom occurs are not known at this time.

Workaround   Avoid using the verify md5 privileged EXEC command with the "nvram:persistent-data" file.

CSCdv03619

Symptoms   A Cisco 1750 router may display the following message:

%IPM_C54X-1-DSP_TIMEOUT

Calls terminate after the message is displayed.

Conditions   This symptom is observed on a Cisco 1750 router that is running Cisco IOS Release 12.2(4)T and that has Real-Time Protocol (RTP) compression configured in a fast-switching path.

Workaround   Configure RTP compression with process switching.

CSCdv06314

Symptoms   Drop and insert (D&I) may not work on a multiflex trunk (MFT), and the following error message may be displayed:

%config_tdm_connection: error from reg_invoke_intraslot_connect

Conditions   This symptom is observed on an MFT that is running an IP Keyswitch image that is associated with Cisco IOS Release 12.2(2)T.

Workaround   There is no workaround.

CSCdv09797

Symptoms   A Cisco router may fail to route a call via a Voice over IP (VoIP) dial peer. No error messages are generated.

Conditions   This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(4)T when the acc-qos controlled-load dial peer configuration command is enabled.

Workaround   There is no workaround.

CSCdv09989

Symptoms   A Cisco 3600 series router may fail to allocate digital signal processor (DSP) resources for Tag Distribution Protocol (TDP) hairpinned calls. The calls connect, but no audio is heard by either party. No DSPs are shown as allocated when the show voice dsp privileged EXEC command is entered.

Conditions   This symptom is observed on a Cisco 3600 series router that is running Cisco IOS Release 12.2 T.

Workaround   Instead of Cisco IOS Release 12.2 T, use Release 12.2.

CSCdv11530

Symptoms   A router may reload when the show crypto ca crl EXEC command is entered.

Conditions   This symptom is observed when you use the above-mentioned command to display certificate revocation lists (CRLs) that the router has cached. During normal certificate public key infrastructure (PKI) operations, a router will get a CRL. The router caches this CRL until the CRL expires.

Workaround   Avoid using the show crypto ca crl EXEC command.

CSCdv14155

Symptoms   Label distribution protocol (LDP) may cause a router to reload.

Conditions   This symptom is observed when the first LDP session comes up and may also occur when the session goes down.

Workaround   There is no workaround.

CSCdv15409

Symptoms   Memory consumption may increase, causing the router throughput to decrease and eventually the router to pause indefinitely because there is no more memory available.

Conditions   This symptom is observed when you use RADIUS as the authentication protocol and occurs because of a memory leak. For each authentication session, a small amount of memory (about 40 bytes) is leaked. Depending on the amount of memory that is installed in the router, it may take thousands of authentication sessions before the router pauses indefinitely.

Workaround   There is no workaround.

CSCdv19084

Symptoms   Available bit rate (ABR)/variable bit rate nonreal time (VBR-nrt) may not work correctly on a Cisco 8000 series MGX Route Processor Module-PRemium (RPM-PR).

Conditions   This symptom is observed when the Cell Bus Controller (CBC) is set to 21 MHz. The peak cell rate (PCR) or sustainable cell rate (SCR) values are not enforced correctly.

Workaround   Configure the shaping values to accommodate the variation that is observed when CBC is set to 21 MHz. If another RPM card is on the same Cell Bus, modify the CBC to 42 MHz.

CSCdv23485

Symptoms   You may not be able to set the bandwidth percentage as part of a hierarchical quality of service (QoS) policy.

Conditions   This symptom is observed only in certain configurations.

Workaround   There is no workaround.

CSCdv27059

Symptoms   A router may reload when it encounters Operation, Administration, and Maintenance (OAM) traffic while there is more than one Inverse Multiplexing over ATM (IMA) interface configured.

Conditions   This symptom is observed on a Cisco 3640 router or Cisco 2600 series router that is running Cisco IOS Release 12.2(4)T.

Workaround   Ensure that there is only a single IMA interface configured on a router.

CSCuk25851

Symptoms   A Border Gateway Protocol (BGP) update may be rejected with an "illegal network" notification.

Conditions   This symptom is observed when corrupt BGP update messages are sent from an IP version 6 (IPv6) BGP peer that is configured within a BGP peer group.

Workaround   Avoid using BGP peer groups with IPv6.

TCP/IP Host-Mode Services

CSCdt38855

Symptoms   A Cisco 7200 series router that is configured for data-link switching (DLSw) may reload because of a software condition.

Conditions   This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.0(15) or another release such as Release 12.2 S or Release 12.2 T when DLSw with TCP encapsulation is sent over an X.25 network and when an X.25 transmission attempt fails because of dropped packets.

Workaround   There is no workaround.

Wide-Area Networking

CSCds18874

Symptoms   A Cisco router may not be able to ping another router that is configured with a BRI interface.

Conditions   This symptom is observed when you use the frame-relay interface-dlci interface configuration command on a BRI interface because this command does not function on a BRI interface. Similarly, the frame-relay traffic-shaping interface configuration command is not supported on a BRI interface.

Workaround   Use the frame-relay map ip-address dlci [broadcast] interface configuration command to ping the router that is configured with the BRI interface.

CSCdt57260

Symptoms   Network Control Protocol (NCP) negotiation may fail.

Conditions   This symptom is observed when NCP is configured on a Cisco router and an additional NCP is configured on an interface that is not shut down if one peer receives the configuration more than 30 seconds after another peer.

When you enter the show interface command, the command output shows that the protocol is not negotiated and that it is in the "Listen" or "REQsent" state. In the case of Connectionless Network Service (CLNS), this situation terminates the CLNS adjacency and causes Intermediate System-to-Intermediate System (IS-IS) to fail. Other NCPs are affected in a similar way.

Workaround   Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface that is encapsulated with PPP.

Alternate Workaround   Use another interface encapsulation, such as High-Level Data Link Control (HDLC).

CSCdt84080

Symptoms   No more than 34 digital ISDN calls can be brought up.

Conditions   This symptom is observed on a Cisco AS5800.

Workaround   There is no workaround.

CSCdt87343

Symptoms   The Frame Relay software subblock requires a free function.

Conditions   The conditions under which this symptom occurs are not known at this time.

Workaround   There is no workaround.

CSCdu19512

Symptoms   The idle timer may not be reset.

Conditions   This symptom is observed in a Multiprotocol Label Switching Virtual Private Network (MPLS VPN) direct dialout setup in which dialer profiles are used.

Workaround   Disable Cisco Express Forwarding (CEF) in the dialer profile to enable "interesting traffic" to reset the idle timer.

CSCdu26673

Symptoms   DECnet pings over PPP encapsulation may fail.

Conditions   This symptom is observed on PPP-encapsulated interfaces that are running Cisco IOS Release 12.2(4)T.

Workaround   There is no workaround.

CSCdu47987

Symptoms   A Cisco 1600 series router may reload because of a bus error in the "mlp post defragment fastswitch" process.

Conditions   This symptom is observed on a Cisco 1600 series router that configured with a BRI interface and that is running Multilink PPP (MLP) and fast switching.

Workaround   After you have a dialer list configured, associate an access list with the dialer list.

CSCdu67430

Symptoms   Initial Internet Protocol Control Protocol (IPCP) negotiation difficulties may occur for certain PPP clients.

Conditions   This symptom is observed when you use virtual profiles with customer profile templates in which the template is configured to use a nondefault method for PPP authorization that is not used for initial IPCP negotiation.

Workaround   Define a default authorization method that uses the same method as the one defined in the method list.

CSCdu70661

Symptoms   On a Cisco AS5800, all channels except the 24th channel of the primary Non-Facility Associated Signaling (NFAS) may become stuck in the "out of service" channel service state.

Conditions   This symptom is observed on a Cisco AS5800 that is running Cisco IOS Release 12.1(5)XM4 or another release such as Release 12.2 S or Release 12.2 T after the Cisco AS5800 is provisioned to use the Cisco Signaling System 7 (SS7) Interconnect for Voice Gateways Solution for the first time.

Workaround   Reload the Cisco AS5800.

Alternate Workaround   Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the T3 controller or on the individual T1 controllers.

CSCdu76677

Symptoms   When you configure Frame Relay to ATM Network Interworking (FRF.5) or Frame Relay Payload Compression (FRF.9) on one segment and then you configure it again but on another segment, a spurious access may occur, or the router may reload.

Conditions   This symptom is observed on a Cisco IAD2420 series and on a Cisco MC3810 but may also occur on other platforms.

Workaround   Do not use the same connection indentifier for the configuration of different segments.

CSCdu79309

Symptoms   An outgoing "Setup" message at a terminal gateway may contain a calling party number information element (IE) without digits even though no calling party number IE is intended to be carried in the "Setup" message.

Conditions   This symptom is observed on a Cisco AS5300.

Workaround   There is no workaround.

CSCdu81278

Symptoms   An Cisco AS5400 may reload during the configuration of a Layer 2 Tunneling Protocol (L2TP) tunnel.

Conditions   This symptom is observed when the Cisco AS5400 is configured with a host name that is longer than 34 characters.

Workaround   Use a shorter host name.

CSCdv20977

Symptoms   Incoming Multilink PPP (MLP) packets from an ATM interface may be process switched.

Conditions   This symptom is observed when a virtual template is used for configuration of the MLP bundle.

Workaround   There is no workaround.

CSCuk25947

Symptoms   A call may fail if a user does not have any callback information configured.

Conditions   This symptom is observed when PPP authentication is configured on an interface and a user negotiates a callback during a Link Control Protocol (LCP) operation.

Workaround   There is no workaround.

CSCuk26224

Symptoms   Real-Time Protocol (RTP) frames are lost when RTP header compression is configured on PPP-encapsulated interfaces.

Conditions   This symptom is observed in Cisco IOS Release 12.2(4)T.

Workaround   Use Cisco IOS Release 12.2(4) or a later release.

Alternate Workaround   Disable RTP header compression on the PPP-encapsulated interfaces using the no ip rtp header-compression interface configuration command.

Resolved Caveats—Cisco IOS Release 12.2(2)T4

Cisco IOS Release 12.2(2)T4 is a rebuild release for Cisco IOS Release 12.2(2)T. The caveats in this section are resolved in Cisco IOS Release 12.2(2)T4 but may be open in previous Cisco IOS releases.

CSCdw65903

An error can occur with management protocol processing. Use the following URL for further information:

http://www.cisco.com/pcgi-bin/bugtool/onebug.pl?bugid=CSCdw65903

Resolved Caveats—Cisco IOS Release 12.2(2)T3

Cisco IOS Release 12.2(2)T3 is a rebuild release for Cisco IOS Release 12.2(2)T. The caveats in this section are resolved in Cisco IOS Release 12.2(2)T3 but may be open in previous Cisco IOS releases.

CSCdt04761

A Cisco router that is functioning as an autonomous system boundary router (ASBR) in an interautonomous system virtual private network (VPN) or as a Provider Edge (PE) router in a Multiprotocol Label Switching (MPLS) VPN environment might reload if a Label Distribution Protocol (LDP) outgoing label becomes unavailable. The outgoing label can become unavailable under the following conditions:

The no mpls ip command is entered on the router or a neighbor.

The LDP/Tag Distribution Protocol (TDP) session goes down (for example, a route flaps).

This condition affects all platforms that support MPLS VPN PE functionality. There is no workaround.

CSCdu76946

A Cisco router that is running Cisco IOS Release 12.2(2)T or 12.2(3.1)T may experience multiple reloads that are caused by TFIB problems. The reloads occur only if the router has installed Dynamic Host Configuration Protocol (DHCP) routes going out on an ATM interface that has routed bridge encapsulation configured. This condition affects only images that contain the fix for CSCds75405.

Workaround: Configure the no ip cef table adjacency-prefix override command. This action disables the fix for CSCds75405.

CSCdt91554

The ip mroute-cache command cannot be configured on a Cisco router that is running Cisco IOS Release 12.2. This condition occurs on most platforms that support multicast fast switching. This condition does not affect multicast distributed switching (MDS).

Workaround: Configure MDS on the router if possible.

CSCdu71151

A Cisco 3640 router that is running Cisco IOS Release 12.2(4)T or 12.2(2)T and that is configured as a provider edge (PE) router may not support Label Distribution Protocol (LDP). This condition might cause the PE router not to advertise any Border Gateway Protocol (BGP) routes to a Cisco 2600 series customer edge (CE) router that is running Cisco IOS Release 12.0(18). However, the CE router will advertise routes to the PE router. Entering the neighbor ce-ipaddress don-capability-negotiate command on the PE router does not correct this defect.

Workaround: Upgrade the CE router from Cisco IOS Release 12.0(18) to Cisco IOS Release 12.1.

CSCdu88980

A provider edge (PE) router may send a Border Gateway Protocol (BGP) update with malformed attributes to a customer edge (CE) router. This situation may cause the external BGP (eBGP) session to go down when the CE router sends a BGP notification back to the PE router.

This symptom is observed on a Cisco 12000 series router that is functioning as a PE router and that is running Cisco IOS Release 12.0(19)ST or another release such as Release 12.2 S or Release 12.2 T when static routes are configured in a Virtual Private Network (VPN) virtual routing/forwarding instance (VRF) on the PE router.

There is no workaround.

Resolved Caveats—Cisco IOS Release 12.2(2)T2

Cisco IOS Release 12.2(2)T2 is a rebuild release for Cisco IOS Release 12.2(2)T. The caveats in this section are resolved in Cisco IOS Release 12.2(2)T2 but may be open in previous Cisco IOS releases.

CSCdt67397

When distributed Cisco Express Forwarding (dCEF) is disabled and an attempt is made to remove a service policy that is attached to an ATM permanent virtual circuit (PVC), a Cisco router may reload.

Workaround: Enable dCEF and remove the service policy from the PVC.

CSCdt77775

The clear counter EXEC command may clear the MIB counters. There is no workaround.

CSCdu30194

Flapping an ATM subinterface on a Cisco 7500 series router that is running Cisco IOS Release 12.2(2)T or 12.2(2)T1 may result in a Virtual Interface Processor (VIP) reload when all of the following conditions are true:

There are two Multiprotocol Label Switching (MPLS) enabled ATM subinterfaces (each on a different physical interface).

The Multi-VC feature is configured.

The output service policy is attached.

Traffic headed for a certain destination uses either of the ATM subinterfaces as an outgoing interface.

There is no workaround.

CSCdu50693

A Fast Ethernet interface on a Route Processor Module (RPM) may not receive traffic after the clear counters command is issued followed by the shutdown command and no shutdown command on the interface.

Workaround: Reload the RPM.

CSCdu59144

If the service policy is attached to an ATM permanent virtual circuit (PVC) and distributed Cisco Express Forwarding (dCEF) is disabled, exiting from the ATM PVC mode will cause the PVC and the service policy to be removed and recreated. Unnecessary messages are generated and the policy is removed from the Route Switch Processor (RSP), while the policy remains on the Versatile Interface Processor (VIP). There is no workaround.

CSCdu74704

A Cisco 7200 or 7500 series router that is running Cisco IOS Release 12.2(2)T may experience high CPU utilization for a "BGP Router" process if the router is configured for eBGP peering and the next hop becomes unreachable (for example, when an interface to an external peer is shut down). High CPU utilization occurs only if the router must send a large number of withdrawn routes to other peers because the next hop is unreachable. There is no workaround.

Resolved Caveats—Cisco IOS Release 12.2(2)T1

Cisco IOS Release 12.2(2)T1 is a rebuild release for Cisco IOS Release 12.2(2)T. The caveats in this section are resolved in Cisco IOS Release 12.2(2)T1 but may be open in previous Cisco IOS releases.

CSCdr00116

A Cisco multichannel T1/E1 port adapter does not support the switching of Multiprotocol Label Switching (MPLS) packets. There is no workaround.

CSCds11520

The translation rule does not find a match to any available type of number (international, national, subscriber, abbreviated, and unknown). There is no workaround.

CSCdt46941

The configuration of the isdn negotiate-bchan [resend-setup] interface configuration command on the serial interface (D channel) of an Non-Facility Associated Signaling (NFAS)/Redundant Link Manager (RLM) group in a SS7-enabled Voice over IP configuration causes multiple setups to be sent for a call in the event of a Continuity Testing (COT) failure. This may cause the Cisco SC2200 Signaling Controller and the gateway to associate different setup messages with the call and may subsequently cause the call to fail. There is no workaround.

CSCdt77514

The Layer 2 protocol may intermittently fail to be established on a voice BRI interface after a reload. There is no workaround.

CSCdt83647

The raw message buffer may pause indefinitely when Cisco interactive voice response (IVR) 1.0 is used with ISDN (primary-net5). If a facility message is received on an ISDN trunk on a terminating gateway (TGW), the facility message is forwarded to the originating gateway (OGW). The raw message buffer is lost when the OGW receives the facility message. There is no workaround.

CSCdt91000

When a Cisco AS5300 receives an ISDN release message with a 0xAC cause code (cause 44 "requested circuit/channel not available") before connecting on the Redundant Link Manager (RLM)/National ISDN-2 (NI2) interface, the Cisco Signaling System 7 (SS7) Interconnect for Voice Gateways Solution gateway may change the cause value to cause code 0x03 (cause 3 "no route to destination") when it sends the H.225 release message to the H.323 leg of the call if the gateway has a Voice over IP (VoIP) dial peer trying for the same call. This problem occurs when a call originates on the H.232 side and terminates on the RLM/NI2 side of the gateway. There is no workaround.

CSCdt92200

A new language cannot be configured using the call language voice language URL global configuration command. The gateway may reload when a user attempts to use an undefined language. There is no workaround.

CSCdt93862

When a HTTP server is enabled and local authorization is used, it is possible, under some circumstances, to bypass the authentication and execute any command on the device. It that case, the user will be able to exercise complete control over the device. All commands will be executed with the highest privilege (level 15).

All releases of Cisco IOS® software, starting with the release 11.3 and later, are vulnerable. Virtually, all mainstream Cisco routers and switches running Cisco IOS are affected by this vulnerability.

Products that are not running Cisco IOS software are not vulnerable.

The workaround for this vulnerability is to disable HTTP server on the router or to use Terminal Access Controller Access Control System (TACACS+) or RADIUS for authentication.

This advisory will be posted at:

http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html

CSCdt95498

A Cisco 3620 router does not support the ISDN Link Access Procedure, Balanced-Terminal Adapter (LAPB-TA) feature. There is no workaround.

CSCdt96042

A Cisco router that is running Cisco IOS Release 12.1(6.4), 12.1(6.5)EC, 12.2(0.10), 12.2(0.8)T, or later releases may fail to use the image in the SAN/ATA disk during an autoboot. When the configuration register is set to 0x2102, the router loads the boot image from the bootflash during a reload even if a full Cisco IOS image is present in the disk file systems (when none of the other file systems contain the Cisco IOS image). This situation occurs only with SAN/ATA disks and not with Flash cards.

Workaround: Boot from ROMMON mode.

CSCdt96253

Three different Cisco product lines are susceptible to multiple vulnerabilities in the Secure Shell (SSH) protocol. These issues are inherent to the SSH protocol version 1.5, which is implemented in several Cisco product lines.

By exploiting the weakness in the SSH protocol, it is possible to insert an arbitrary commands into an established SSH session, collect information that may help in brute force key recovery, or brute force a session key.

The affected product lines are:

All devices running Cisco IOS software supporting SSH. That includes routers and switches running Cisco IOS.

Catalyst 6000 switches running CatOS.

Cisco PIX Firewall.

No other Cisco products are vulnerable.

It is possible to mitigate this vulnerability by preventing, or having a control over, interception of SSH traffic.

This advisory will be available at:

http://www.cisco.com/warp/public/707/SSH-multiple-pub.html

CSCdt96906

A Cisco multiservice access concentrator may reload after processing the first digit on a large digit map that is sent out by a Call Agent on a Media Gateway Controller.

Workaround: Send a digit map that is no larger than 1638 bytes.

CSCdt97942

When there are multiple outbound dial peers for the same called numbers, a Cisco router rotates through the dial peers attempting to set up the call. If any of the dial peers has the session target settlement provider-number dial-peer configuration command configured and if the dial peer is not the first dial peer on the list, the call set up process fails. There is no workaround.

CSCdu00064

Some prompts may not be displayed in Real-Time Streaming Protocol (RTSP) queued play. There is no workaround.

CSCdu04273

A Cisco AS5300 may occasionally receive a disconnect with progress message and reload on ISDN voice trunks when no B channel is negotiated. There is no workaround.

CSCdu04555

Voice calls cannot be made from a vendor-specific collaboration and conferencing client software out of a voice BRI interface to a Cisco 2600 or Cisco 3600 series router. An incorrect bearer capability is constructed. There is no workaround.

CSCdu05166

The terminating end of a Cisco AS5300 that is using a channel-associated signaling (CAS) interface and E1 R2 may experience hung calls and hung digital signal processors (DSPs) when high voice traffic is present. There is no workaround.

CSCdu05205

A Cisco voice gateway may reload under a load of 15 to 20 simultaneous voice calls. There is no workaround.

CSCdu05378

Toggling may occur on the A-bit on one of the DS0s when both ports of a voice support module on a Cisco 7200 series router are used with Foreign Exchange Office (FXO) Loopstart signalling.

Workaround: Shut down port 1, reset the digital signal processor (DSP) farm, or avoid using the affected DS0.

CSCdu05811

A Cisco 2600 or Cisco 3600 series router may not properly release the second B channel of a voice BRI interface if the call is first terminated by the Voice over IP (VoIP) side of the connection. The second B channel pauses indefinitely until the device that is connected to the BRI releases the second B channel. There is no workaround.

CSCdu07504

A Cisco router may reload because of a software condition when you enter the show voice dsp EXEC command. The following message is displayed when you enter the show version EXEC command:

<router name> uptime is 10 minutes
System returned to ROM by error - software forced crash, PC 0x2242AC
System image file is <file name>

This symptom is observed on a Cisco router that is running Cisco IOS Release 12.1(5)XM2 but may also occur in other releases such as Release 12.2 T. There is no workaround.

CSCdu07559

A Cisco 12000 Internet Router that is running Cisco IOS Release 12.0(16.6)S with an Advanced Technology Attachment (ATA) SanDisk in the first PCMCIA slot (disk0:) may experience a software-forced reload when you load the conn_isp image. There is no workaround.

CSCdu08652

The terminating end of a Cisco AS5300 that is using a channel-associated signaling (CAS) interface (T1 recEive and transMit [E&M] and E1 E2) may pause indefinitely when high voice traffic is present. There is no workaround.

CSCdu10213

A Label Edge Router (LER) that is running the c7200-p-mz.122-0.18 or the rsp-pv-mz.122-0.18 image of Cisco IOS Release 12.2(18) may experience tagged virtual circuits (TVCs) that are held in the "bindwait" state if router flapping occurs on the paths from the LER to some destinations that have TVCs configured. This problem occurs even when alternate paths exist.

Workaround: Enter the shut command followed by the no shut command on the interfaces on the LER.

CSCdu11203

A Cisco AS5300 that is using channel-associated signaling (CAS) and E1 or R2 end- to-end signaling may not work because there may not be Call Distributor Application Programming Interface (CDAPI) buffers to carry information from end to end. This problem may also cause system malloc errors. There is no workaround.

CSCdu14641

Packets that are originated locally by a router are not correctly classified by class-based weighted fair queueing (CBWFQ) (policy out) when the packets are either labelled or tagged and when the outgoing interface has Multiprotocol Label Switching (MPLS), Label Distribution Protocol (LDP), or Tag Distribution Protocol (TDP) configured. CBWFQ puts those packets into the class-default class instead of their proper configured class. The problem does not occur if MPLS or TDP is removed from the interface where the policy map is applied. In such a setup, the coloring and matching are both correct. There is no workaround.

CSCdu15053

The tailend of a tagged virtual circuit (TVC) may remain active while the headend of a TVC becomes missing. This problem is triggered when TVCs are reestablished when better routes become available due to change of topology. The new TVCs are set up normally, but the old TVCs are not cleaned up properly. There is no workaround.

CSCdu20666

A bus error may occur when the following privileged EXEC commands are entered:

traceroute (privileged EXEC level 1)

ping (privileged EXEC level 1)

show ip access-lists (privileged EXEC level 15)

show ip (privileged EXEC level 1)

show access-lists (privileged EXEC level 15)

show (privileged EXEC level 1)

There is no workaround.

CSCdu24635

Possible packet replay vulnerability in IP Security (IPSec).

CSCdu27954

The stack for EST message process may run low when a Cisco AS5400 is populated with Layer 2 Tunneling Protocol (L2TP), TCPClear, and Async PPP calls. There is no workaround.

CSCdu29645

The no mgcp command may cause instability when it is used to clear calls. There is no workaround.

CSCdu37543

A Cisco router that is running Cisco IOS Release 12.1, 12.1 T, or 12.1 E and that is configured as a Multiprotocol Label Switching (MPLS) virtual private network (VPN) Provider Edge (PE) router using an IP loopback address of (a.b.c.d) as the Tag Distribution Protocol (TDP) router ID in a network that has additional loopbacks that share the same (a.b.c.d) IP address (which are bound to a VPN routing/forwarding [VRF] instance) may experience an uncommanded change in the TDP router ID on the router when an additional loopback interface is shut down or deleted. This problem may interrupt MPLS traffic in a given network.

Workaround: Avoid configuring any interfaces on an MPLS PE router that is bound to a VRF instance to share an IP address that is also used as a TDP router ID on a router in a network.

CSCdu37946

Tagged virtual circuits (TVCs) and label virtual circuits (LVCs) are created, but there is no connectivity. The problem occurs in a network that is connected to two label switch routers (LSRs). The network has a limit on the virtual channel identifier (VCI) space, but there is currently no way of limiting the VCI space used by the Tag Distribution Protocol (TDP) or the Label Distribution Protocol (LDP) in ATM and Tag-Controlled ATM (TC-ATM) interfaces. There is no workaround.

CSCdu38531

A Cisco uBR7223 or Cisco uBR7246 universal broadband router may reload when the su-mac MAC-address qos-level level-num type pppoe global configuration command is entered. To avoid this problem, tags may be used instead of SU MAC addresses for Point-to-Point Protocol over Ethernet (PPPoE) forwarding. There is no workaround.

CSCdu42728

A Cisco uBR7200 universal broadband router may reset the interface when brief disruptions (described in CSCdt60488) occur on the control channel of the outdoor unit (ODU). On a headend, the entire sector may be brought down briefly and all subscribers may experience an availability impact as the subscribers are reranged. On a subscriber, the link may be brought down as it reranges to join the network.

Workaround: Upgrade to Cisco IOS Release 12.2(2)T1 or a later release.

Resolved Caveats—Cisco IOS Release 12.2(2)T

All the caveats listed in this section are resolved in Cisco IOS Release 12.2(2)T. This section describes only severity 1, severity 2, and select severity 3 caveats.

Basic System Services

CSCdt23689

A Cisco 2500 series router that is running Cisco IOS Release 12.2(0.3)T may experience a software-forced reload after the rtr schedule 1 [start-time {now}] global configuration command is entered. This problem occurs because of a stack overflow. There is no workaround.

CSCdt50020

When a service policy that is attached to a tag-switching subinterface is shut down and brought up again, feature specific information may become missing from the service policy output.

Workaround: Remove and reattach the service policy.

CSCdt64925

A router may reload when a service policy is attached and subsequently deleted from a tag switch (tagsw) subinterface. There is no workaround.

CSCdt86610

A router that has service policies attached to a tag switch (tagsw) subinterface and a ATM permanent virtual circuit (PVC) on another subinterface will stop classifying the PVC-based packets when the service policies on the tagsw subinterface are deleted.

Workaround: Disable and reenable the PVC-based service policy for the PVC interface.

CSCdt93370

A Cisco MC3810 access concentrator may experience memory allocation failures. The memory allocation failure messages begin appearing after the access concentrator has been running for about 1 hour and 45 minutes. There is no workaround.

Miscellaneous

CSCdr58946

Entries in the interfaces MIB ifTable for Traffic Engineering (TE) tunnels do not report an ifType = mpls tunnel (155). Instead, the entries return ifType = 0 (unknown). This problem occurs for any Simple Network Management Protocol (SNMP) operation on the interfaces table when entries that represent TE tunnels are queried. This problem does not affect Cisco IOS Release 12.0(14)ST or later releases.

Workaround: Query the ifName and ifDescr fields in Cisco IOS releases prior to Cisco Release 12.0(14)ST.

CSCds21694

A Cisco gatekeeper that is running Cisco IOS Release 12.1(5)XM may reload with a SegV exception error when authentication, authorization, and accounting (AAA) is configured, and when the gatekeeper receives an admission request (ARQ) message with a transportID: ipaddress in the srcinfo field. There is no workaround.

CSCds46336

In situations in which several downstream packets have cyclic redundancy check (CRC) errors, the subscriber may get stuck in a state and fail to receive any additional downstream data packets even though station maintenance may still be operating correctly (and the link otherwise appears to be up).

Workaround: Reset the subscriber interface (on the HE) by entering the clear radio subscriber [address] reset EXEC command.

Alternate workaround: Reset the subscriber interface (on the SU) by entering the clear radio interface radio slot privileged EXEC command.

CSCds47858

When interworking between a voice platform at the originating gateway and a terminating gateway that is using a channel-associated signaling (CAS) interface, a call fails at the terminating gateway and is not placed. There is no workaround.

CSCds51025

A Cisco 2611 Signaling Link Terminal (SLT) that is running Cisco IOS Release 12.1(3)T or Release 12.1 T produces the following message on the console:

* <timestamp>: %PQUICC=1-TOOSMALL: PQUICC(0/0), packet was less than 2 bytes

As a result of this unexpected behavior, the Signaling System 7 (SS7) link goes in and out of service until the SLT is reloaded.

Workaround: Use Cisco IOS Release 12.2(2)T or Release 12.1(5)XM.

CSCds54963

The originating gatekeeper may reload at the end of a call as the call is being torn down if the call is placed using a proxy at the destination. There is no workaround.

CSCds56576

When a new route processor module (RPM) is plugged into a clean slot, and the router is rebooted, the rpmrscprtn [partition_type] [percent_ingressBW] [percent_egressBW] [min_vpi] [max_vpi] [min_vci] [max_vci] [max_lcns] command may fail to send a resource partition to the processor switch module (PXM).

Workaround: Manually configure the resource partition.

CSCds61247

On a network with six or more T1or E1 connections to a Cisco 7200 series router that is running Cisco IOS Release 12.2(2)T with voice over ATM adaptation Layer 2 (AAL2), and has Transparent Common Channel Signaling (T-CCS) enabled, one or more 2 Port T1/E1 Moderate-Capacity Digital Voice Port Adapters (PA-VXB-2TE1) or 2 Port T1, E1, High-Capacity, Enhanced Digital Voice Port Adapters (PA-VXC-2TE1) may reset if all T1 or E1 lines are brought down simultaneously, resulting in link failures. This symptom occurs intermittently.

Workaround: Reboot the router, use the firmware patch for this caveat or enable the scheduler allocate interrupt-time process-time command to guarantee CPU time scheduling of low priority processes. The modification of default interrupt-time and process-time values is not recommended.

CSCds71867

A Cisco Signaling Link Terminal (SLT) that is running Cisco IOS Release 12.1(5)T and earlier releases fails to reject the Message Signal Unit (MSU) while in the alignment state when the International Telecommunications Union (ITU) standard Signaling System 7 (SS7) Message Transfer Part 2 (MTP2) protocol is used. There is no workaround.

CSCds75021

The Cisco WAN Manager (CWM) is not able to add interfaces or subinterfaces to the route processor module (RPM) card on a Cisco 8230 edge concentrator. This symptom is caused by the CWM when the slot number is included in the interface [type] [number] configuration command.

Workaround: Use a command or script that does not use the slot number in referencing an interface or subinterface. The slot number is assumed to be the slot or card that you are issuing to the command.

CSCds85411

A Cisco universal access gateway may reload after six hours when it is stress tested with about 150 voice calls. There is no workaround.

CSCds89690

A Cisco 7206VXR that is running Cisco IOS Release 12.2(01)T with an ATM card may fail to receive Interim Local Management Interface (ILMI) prefix add events if the interface has not been configured for Per-VC queuing.

Workaround: Configure the interface for Per-VC queuing.

CSCds91090

A Digital Voice Module is not capable of supporting packet traffic at 4800 packets per second (using the existing algorithm in the Digital Voice Network Module firmware) when it is used with a Cisco 3600 series router. There is no workaround.

CSCds91249

When a backend Gatekeeper Transaction Message Protocol (GKTMP) server replies with a RESPONSE admission request (ARQ) or a RESPONSE location request (LRQ) containing multiple zone overrides, the gatekeeper reloads. There is no workaround.

CSCds92680

The following object types, though defined with read-write access, cannot be written using a Simple Network Management Protocol (SNMP) set command:

rs232PortInSpeed

rs232PortOutSpeed

rs232PortInFlowType

rs232PortOutFlowType

rs232AsyncPortBits

rs232AsyncPortStopBits

rs232AsyncPortParity

rs232AsyncPortAutobaud

Workaround: Use Cisco IOS Release 12.2

CSCdt00117

A spurious memory access may cause low call success rate (CSR) for channel-associated signaling (CAS) Feature Group-D (FGD) Exchange Access North American (EANA) Voice over IP (VoIP) calls. There is no workaround.

CSCdt01646

A Cisco 7200 series router may fail to detect E1 and T1 port adapters after they are hot swapped during an online insertion and removal (OIR) into slots 1 and 3. The following messages may be displayed when attempts are made to access the interface in slot 3:

Router(config)#int ser 3/0:23 (3/0 interface / slot)

% Cannot access B-channel interfaces

Workaround: Perform an online insertion and removal (OIR) on the primary interface of a Non-Facility Associated Signaling (NFAS) group that is supported by the Redundant Link Manager (RLM) link by doing the following steps:

a. Remove the RLM group number that ISDN is configured to use with the no isdn rlm-group number command.

b. Perform the OIR.

c. Reconfigure the RLM group number that ISDN will use with the isdn rlm-group number command.

CSCdt02190

Committed access rate (CAR) with an access control list (ACL) does not function on a Gigabit Inter-Switch Link (ISL) subinterface for output.

Workaround: Use CAR for all traffic.

CSCdt06494

In Cisco IOS Release 12.1(5)T and later releases, the call duration imposed by a Vocaltec gatekeeper in its billing token is not enforced by the tool command line (TCL) interactive voice response (IVR) 2.0 application.

Workaround: Configure the dial peer router to use the TCL IVR 1.0 application.

CSCdt07625

An outbound call to a Media Gateway Control Protocol (MGCP) Foreign Exchange Office (FXO) causes a secondary dial tone.

Workaround: Use FXO H.323 mode operation with Cisco Call Manager for outbound calls.

CSCdt11892

A Cisco 2600 or 3600 series router with more than one inverse multiplexing over ATM (IMA) or with an ATM interface on a 4-port ATM IMA module may reload if you use the no shutdown command. There is no workaround.

CSCdt15194

A Cisco series access server that has continuity test (COT) enabled on the Cisco SC200 signaling controller software will not be able to complete any outgoing calls in which a COT test is performed.

Workaround: Disable the COT on the SC2200 signaling controller software.

CSCdt15696

A Cisco 7200 series router that is running IOS Release 12.2(2)T and using voice over ATM (VoAAL2) support may occasionally receive a Resource Availability Indicator (RAI) instead of an alarm indication signal (AIS) through the ATM link. There is no workaround.

CSCdt17114

A Cisco 7200 series router that is running IOS Release 12.2(0.5)T may reload when attempts are made to configure an extended Tag ATM (XTagATM) interface. There is no workaround.

CSCdt21515

A rare condition in the opening and closing of the TCP link that is used by the ccm-manager redundant-host global configuration command may cause a reload when the software accesses data in a link record that was previously freed. There is no workaround.

CSCdt25333

If operation, administration, and maintenance (OAM) is enabled on an ATM OC3, DS3, or E3 interface on a Cisco 2600 or 3600 series router, the router reloads. There is no workaround.

CSCdt26332

A Cisco 2600 series router that is running IOS Release 12.2 T may reload when ATM Adaptation Layer Type-5 (AAL5) Transparent Common Channel Signaling (TCCS) is configured. There is no workaround.

CSCdt28083

A Cisco 7500 series router with an Enhanced ATM port adapter (PA-A3) interface that is configured with an output service-policy containing class-based weighted fair queuing (CBWFQ) will transmit packets that match the criteria of the associated class maps but may experience subinterface statistics that are not updated. There is no workaround.

CSCdt29989

A Cisco series router may drop voice sessions after it has been stress tested for 72 hours. There is no workaround.

CSCdt36247

An universal access server will fail if a voice call is made with the Route Processor Module (RPM) enabled without first having a voice profile configured as a service profile. There is no workaround.

CSCdt37274

A Cisco universal access gateway may fail when it is tested with voice calls.

Workaround: Maintain a greater number of digital signal processors (DSPs) than the number of digital service zero (0) (DSOs).

CSCdt39982

A Cisco 2600 series router that is running IOS Release 12.2(0.9)T may fail when outbound calls are placed on a Foreign Exchange Office (FXO) interface. Inbound calls are not affected.

Workaround: Configure the no battery-reversal voice port configuration command on the FXO interface.

CSCdt40633

Simple Network Management Protocol (SNMP) queries for cvCallActiveTable and cvCallHistoryTable can cause a memory leak, which can cause the router to reload.

This problem occurs when the router is polled for any variable that is listed as part of the cvCallActiveTable in the CISCO-VOICE-DIAL-CONTROL-MIB for active voice calls. The amount of memory leak depends on the number of active voice calls.

This problem also occurs when the router is polled for any variable that is listed as part of the cvCallHistoryTable in the CISCO-VOICE-DIAL-CONTROL-MIB for completed voice calls. The amount of memory leak depends on the number of completed voice calls.

There is no workaround.

CSCdt41196

The Cisco IOS Release 12.2 T does not work on a Cisco VG200 series voice gateway for TI channel associated signaling (CAS) and a T1 PRI. Digital signal processor (DSP) resources are unavailable for any call on a T1 interface.

Workaround: Use Cisco IOS Release 12.1(5)XM.

CSCdt41508

A Cisco 827 series router that is using Point-to-Point Protocol over Ethernet (PPPoE) may reload with a "SEG-V" exception when the permanent virtual circuit (PVC) value of the ATM 0 interface is removed or unconfigured. There is no workaround.

CSCdt42548

In Cisco IOS Release 12.2(0.9)T, Pulse dial detection is not working correctly on the Foreign Exchange Station (FXS) voice interface card (VIC).

Workaround: Use tone dialing or upgrade the software to Cisco IOS Release 12.2(0.7)T or a later release.

CSCdt42746

A Cisco 7200 series router that is configured as a Label Switch Controller is not able to establish a Label Virtual Circuits (LVCs). The LVCs remain in the "Bind Wait" state. There is no workaround.

CSCdt43601

When upperstream traffic is passed between a Subscriber Unit (SU) and a Headend (HE) line card using a pagent, a connection problem occurs after a high rate number is seen on the pagent. When this happens, no pagent traffic can be sent between the SU and the HE. This problem can be seen only when the SU is in bridging mode and when there is a high rate of data transfer between the SU and a HE.

Workaround: Run SU in routing mode.

CSCdt44437

A Cisco 7200 series router with a PA-A3 Enhanced ATM Port Adapter and an ATM tag-switching subinterface that has a service policy containing Class-based weighted fair queueing (CBWFQ) may experience tracebacks, alignment errors, and system reloads when the show queue PA-A3 main interface name command is entered. There is no workaround.

CSCdt47220

A Cisco 2600 series or 3640 series router may fail to restore the trunk connections after the router is rebooted. The Ethernet1 links can be restored without any problem but the trunk connections can only be restored after the E1 cables at either end are disconnected and reconnected. There is no workaround.

CSCdt47432

A Cisco 7500 series router with an Enhanced ATM port adapter (PA-A3) tag-switching subinterface that has the tag-switching atm multi-vc and service-policy output policy-map-name interface configuration commands configured may experience a Versatile Interface Processor (VIP) reload when the show queue atm tag-switching subinterface-name command is entered under the following circumstances:

When the output interface is experiencing congestion.

When multi-vc is disabled using the no tag-switching atm multi-vc command.

Workaround: Reload the VIP.

CSCdt47737

Quality of service (QoS) may not work with vendor-specific hardware encryption on a Cisco 2600 or 3600 series router that is running Cisco IOS Release 12.1 T or Release 12.2.

Workaround: Use Cisco IOS Release 12.2(0.12)T or a later release.

CSCdt51670

A router may display the following bus error message and reload at the "xxx_process_receive_packet() function" when old style permanent virtual connections (PVCs) are configured.

Workaround: Replace old style PVC configuration with the new style PVC configuration.

Old Style:

interface ATM1/0

no ip address

no ip route-cache

no ip mroute-cache

atm pvc 2 0 33 aal5snap

New Style:

interface ATM1/0

no ip address

no ip route-cache

no ip mroute-cache

pvc 0/33

encapsulation aal5snap

CSCdt54019

The channels on a Cisco AS5400 and a Cisco AS5850 that are running channel-associated signaling (CAS) may pause indefinitely in the active state under certain circumstances. A similar symptom is also observed on the modem of a Cisco 5800. There is no workaround.

CSCdt54845

A Cisco Route Processor Module (RPM) does not boot with the rpm-js-mz image in Cisco IOS Release 12.2(0.11)T. A traceback occurs in the timer_calibrate function when the router is booted.

Workaround: Boot the RPM with the rpm-js-mz image in Cisco IOS Release 12.2(0.0)T.

CSCdt60832

The show crypto engine configuration command may cause a seg V exception when it is used on platforms that contain hardware encryption accelerator cards. There is no workaround.

CSCdt62889

A Cisco 7500 series router with an Enhanced ATM port adapter (PA-A3) that is attached to an ATM tag-switching subinterface that has priority or class-based weighted fair queueing (CBWFQ) configured in a service-policy has a higher than normal Low latency queueing (LLQ) of about 140 mSec. The latency should be about 4 ms in order to support Voice over IP (VoIP) requirements. There is no workaround.

CSCdt65798

A Cisco access server that is running Cisco IOS Release 12.1(5)XV or 12.1(5)XV1 may do the following:

Display incorrect information when the show modem related commands are entered.

Reload when the clear modem counters command is entered.

This problems occur when 72-port modem cards (HMM) and 144-port modem cards (DMM) are installed and various show modem related commands are issued. There is no workaround.

CSCdt68465

A Cisco voice gateway that is running Cisco IOS Release 12.2(0.13)T may reload when it is receiving an incoming Public Switched Telephone Network (PSTN) call that has a destination number that does not match any configured dial peer.

Workaround: Use Cisco IOS Release 12.2(0.13)T or an earlier release.

CSCdt69048

The headend receive gain calibration function does not operate correctly when the Cisco Multipoint Distribution Service (MMDS) HE Transverter (WT-2755) is operated at the highest MMDS carrier frequency of 2683 MHz. This symptom can cause upstream performance to be severely impaired.

Workaround: Disable the RX (receiving) gain calibration feature when using this frequency with the no radio rf-meas-interval calibration command. Use the show interface slot/dsport rf-meas-interval command to verify that the calibration interval is set to zero.

CSCdt79440

A Cisco universal access server is not able to terminate LAP-TA(X.75) calls. There is no workaround.

CSCdt84982

A Cisco 2600 series gatekeeper may reload when calls are placed after the proxy configuration is removed. There is no workaround.

CSCdu12528

Three-way calling does not work. There is no workaround.

CSCdu17530

IP version 6 (IPv6) over Frame Relay encapsulation has changed in Cisco IOS Release 12.2(2)T. Earlier Cisco IOS IPv6 beta or EFT releases cannot interoperate with Release 12.2(2)T and later releases. Cisco IOS IPv6 beta or EFT releases before Release 12.2(2)T use network layer protocol identification (NLPID) 0x80 Subnetwork Access Protocol (SNAP) encapsulation in accordance with RFC 2427. In Release 12.2(2)T and later releases, IPv6 over Frame Relay uses NLPID 0x8E encapsulation in accordance with RFC 2590. There is no workaround.

CSCdu23316

When the channel-group channel-no timeslots timeslot-list speed {56 | 64} controller configuration command is used to configure the T1 or E1 interface on a 2 WAN Card Slot Network Module (NM-2W), a 1 10/100 Ethernet 2 WAN Card Slot Network Module (NM-1FE2W), a 2 10/100 Ethernet 2 WAN Card Slot Network Module (NM-2FE2W), or a 1 10/100 Ethernet 1 4/16 Token Ring 2 WAN Card Slot Network Module (NM-1FE1R-2W), the line protocol can sometimes remain down and no traffic is sent through the T1/E1 link. There is no workaround.

Wide-Area Networking

CSCdt25003

Voice over IP (VoIP) calls that are configured with a dial peer with a "T" deliminator may fail to connect. There is no workaround.

CSCdt31492

A router may reload when the show running-configuration command is entered. There is no workaround.

Obtaining Documentation

Cisco documentation and additional literature are available on Cisco.com. This section explains the product documentation resources that Cisco offers.

Cisco.com

You can access the most current Cisco documentation at this URL:

http://www.cisco.com/techsupport

You can access the Cisco website at this URL:

http://www.cisco.com

You can access international Cisco websites at this URL:

http://www.cisco.com/public/countries_languages.shtml

Product Documentation DVD

The Product Documentation DVD is a library of technical product documentation on a portable medium. The DVD enables you to access installation, configuration, and command guides for Cisco hardware and software products. With the DVD, you have access to the HTML documentation and some of the PDF files found on the Cisco website at this URL:

http://www.cisco.com/univercd/home/home.htm

The Product Documentation DVD is created monthly and is released in the middle of the month. DVDs are available singly or by subscription. Registered Cisco.com users can order a Product Documentation DVD (product number DOC-DOCDVD= or DOC-DOCDVD=SUB) from Cisco Marketplace at the Product Documentation Store at this URL:

http://www.cisco.com/go/marketplace/docstore

Ordering Documentation

You must be a registered Cisco.com user to access Cisco Marketplace. Registered users may order Cisco documentation at the Product Documentation Store at this URL:

http://www.cisco.com/go/marketplace/docstore

If you do not have a user ID or password, you can register at this URL:

http://tools.cisco.com/RPF/register/register.do

Documentation Feedback

You can provide feedback about Cisco technical documentation on the Cisco Technical Support & Documentation site area by entering your comments in the feedback form available in every online document.

Cisco Product Security Overview

Cisco provides a free online Security Vulnerability Policy portal at this URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

From this site, you will find information about how to do the following:

Report security vulnerabilities in Cisco products

Obtain assistance with security incidents that involve Cisco products

Register to receive security information from Cisco

A current list of security advisories, security notices, and security responses for Cisco products is available at this URL:

http://www.cisco.com/go/psirt

To see security advisories, security notices, and security responses as they are updated in real time, you can subscribe to the Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed. Information about how to subscribe to the PSIRT RSS feed is found at this URL:

http://www.cisco.com/en/US/products/products_psirt_rss_feed.html

Reporting Security Problems in Cisco Products

Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you have identified a vulnerability in a Cisco product, contact PSIRT:

For emergencies only — security-alert@cisco.com

An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported. All other conditions are considered nonemergencies.

For nonemergencies — psirt@cisco.com

In an emergency, you can also reach PSIRT by telephone:

1 877 228-7302

1 408 525-6532


Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product (for example, GnuPG) to encrypt any sensitive information that you send to Cisco. PSIRT can work with information that has been encrypted with PGP versions 2.x through 9.x.

Never use a revoked encryption key or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page at this URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

The link on this page has the current PGP key ID in use.

If you do not have or use PGP, contact PSIRT to find other means of encrypting the data before sending any sensitive material.


Product Alerts and Field Notices

Modifications to or updates about Cisco products are announced in Cisco Product Alerts and Cisco Field Notices. You can receive Cisco Product Alerts and Cisco Field Notices by using the Product Alert Tool on Cisco.com. This tool enables you to create a profile and choose those products for which you want to receive information.

To access the Product Alert Tool, you must be a registered Cisco.com user. (To register as a Cisco.com user, go to this URL: http://tools.cisco.com/RPF/register/register.do) Registered users can access the tool at this URL: http://tools.cisco.com/Support/PAT/do/ViewMyProfiles.do?local=en

Obtaining Technical Assistance

Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. The Cisco Technical Support & Documentation website on Cisco.com features extensive online support resources. In addition, if you have a valid Cisco service contract, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not have a valid Cisco service contract, contact your reseller.

Cisco Technical Support & Documentation Website

The Cisco Technical Support & Documentation website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day at this URL:

http://www.cisco.com/techsupport

Access to all tools on the Cisco Technical Support & Documentation website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:

http://tools.cisco.com/RPF/register/register.do


Note Use the Cisco Product Identification Tool to locate your product serial number before submitting a request for service online or by phone. You can access this tool from the Cisco Technical Support & Documentation website by clicking the Tools & Resources link, clicking the All Tools (A-Z) tab, and then choosing Cisco Product Identification Tool from the alphabetical list. This tool offers three search options: by product ID or model name; by tree view; or, for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call.



Tip Displaying and Searching on Cisco.com

If you suspect that the browser is not refreshing a web page, force the browser to update the web page by holding down the Ctrl key while pressing F5.

To find technical information, narrow your search to look in technical documentation, not the entire Cisco.com website. On the Cisco.com home page, click the Advanced Search link under the Search box and then click the Technical Support & Documentation.radio button.

To provide feedback about the Cisco.com website or a particular technical document, click Contacts & Feedback at the top of any Cisco.com web page.


Submitting a Service