Table Of Contents
Caveats for Cisco IOS Release 12.2T
Resolved Caveats—Cisco IOS Release 12.2(15)T17
Resolved Caveats—Cisco IOS Release 12.2(15)T16
Resolved Caveats—Cisco IOS Release 12.2(15)T15
Resolved Caveats—Cisco IOS Release 12.2(15)T14
Resolved Caveats—Cisco IOS Release 12.2(15)T13
Resolved Caveats—Cisco IOS Release 12.2(15)T12
Resolved Caveats—Cisco IOS Release 12.2(15)T11
Resolved Caveats—Cisco IOS Release 12.2(15)T10
Resolved Caveats—Cisco IOS Release 12.2(15)T9
Resolved Caveats—Cisco IOS Release 12.2(15)T8
Resolved Caveats—Cisco IOS Release 12.2(15)T7
Resolved Caveats—Cisco IOS Release 12.2(15)T5
Resolved Caveats—Cisco IOS Release 12.2(15)T4
Resolved Caveats—Cisco IOS Release 12.2(15)T2
Resolved Caveats—Cisco IOS Release 12.2(15)T1
Open Caveats—Cisco IOS Release 12.2(15)T
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.2(15)T
Caveats for Cisco IOS Release 12.2T
March 26, 2008
Cisco IOS Release 12.2(15)T17
OL-2333-04 Rev. Q3
This document lists severity 1 and 2 caveats and select severity 3 caveats for Cisco IOS Release 12.2T, up to and including Release 12.2(15)T17. Caveats describe unexpected behavior or defects in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 and severity 3 caveats are less serious.
Note
The first maintenance release of Cisco IOS Release 12.2T was renumbered from Release 12.2(1)T to Release 12.2(2)T. The set of features for Release 12.2(1)T is the same as that for Release 12.2(2)T. There was no change in the feature content of the release. The second maintenance release of Cisco IOS Release 12.2T is numbered 12.2(4)T, the third maintenance release of Cisco IOS Release 12.2T is numbered 12.2(8)T, the fourth maintenance release of Cisco IOS Release 12.2T is numbered 12.2(11)T, and the fifth maintenance release of Cisco IOS Release 12.2T is numbered 12.2(13)T. The sixth maintenance release of Cisco IOS Release 12.2T is numbered 12.2(15)T.
To improve this document, we would appreciate your comments. If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically at http://www.cisco.com/feedback/ or contact caveats-doc@cisco.com. For more information, see the "Documentation Feedback" section on page 648.
Contents
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
How to Use This Document
This document describes open and resolved severity 1 and 2 caveats and select severity 3 caveats.
•
•
Within the sections the caveats are sorted by technology in alphabetical order. For example, AppleTalk caveats are listed separately from, and before, IP caveats. The caveats are also sorted alphanumerically by caveat number.
If You Need More Information
Cisco IOS software documentation can be found on the web through Cisco.com. For information on Cisco.com, see the "Obtaining Documentation" section on page 647.
For more information on caveats and features in Cisco IOS Release 12.2 T, refer to the following sources:
•
•
•
•
•
Note
The most recent release notes document when this caveats document was published is Release Notes for Cisco IOS Release 12.2 T, for Cisco IOS Release 12.2(15)T8 on August 22, 2006.
Resolved Caveats—Cisco IOS Release 12.2(15)T17
Cisco IOS Release 12.2(15)T17 is a rebuild release for Cisco IOS Release 12.2(15)T. The caveats in this section are resolved in Cisco IOS Release 12.2(15)T17 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Remote Authentication Dial In User Service (RADIUS) authentication on a device that is running certain versions of Cisco Internetworking Operating System (IOS) and configured with a fallback method to none can be bypassed.
Systems that are configured for other authentication methods or that are not configured with a fallback method to none are not affected.
Only the systems that are running certain versions of Cisco IOS are affected. Not all configurations using RADIUS and none are vulnerable to this issue. Some configurations using RADIUS, none and an additional method are not affected.
Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects of the vulnerability.
More details can be found in the security advisory which posted at the following URL:
http://www.cisco.com/warp/public/707/cisco-sa-20050629-aaa.shtmlMiscellaneous
•
Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.
Cisco has made free software available that includes the additional integrity checks for affected customers.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml.
Wide-Area Networking
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1.
2.
3.
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at:
http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=enResolved Caveats—Cisco IOS Release 12.2(15)T16
Cisco IOS Release 12.2(15)T16 is a rebuild release for Cisco IOS Release 12.2(15)T. The caveats in this section are resolved in Cisco IOS Release 12.2(15)T16 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Miscellaneous
•
NetFlow Feature Acceleration has been deprecated and removed from Cisco IOS. The global command ip flow-cache feature-accelerate will no longer be recognized in any IOS configuration.
If your router configuration does not currently contain the command ip flow-cache feature-accelerate, this change does not affect you.
The removal of NetFlow Feature Acceleration does not affect any other aspects of Netflow operation, for example Access-list processing. The features are separate and distinct.
Cisco Express Forwarding (CEF) supercedes the deprecated NetFlow Feature Acceleration.
Additionally, the following MIB objects and OIDs have been deprecated and removed from the netflow mib (CISCO-NETFLOW-MIB):
cnfFeatureAcceleration 1.3.6.1.4.1.9.9.99999.1.3
cnfFeatureAccelerationEnable 1.3.6.1.4.1.9.9.99999.1.3.1
cnfFeatureAvailableSlot 1.3.6.1.4.1.9.9.99999.1.3.2
cnfFeatureActiveSlot 1.3.6.1.4.1.9.9.99999.1.3.3
cnfFeatureTable 1.3.6.1.4.1.9.9.99999.1.3.4
cnfFeatureEntry 1.3.6.1.4.1.9.9.99999.1.3.4.1
cnfFeatureType 1.3.6.1.4.1.9.9.99999.1.3.4.1.1
cnfFeatureSlot 1.3.6.1.4.1.9.9.99999.1.3.4.1.2
cnfFeatureActive 1.3.6.1.4.1.9.9.99999.1.3.4.1.3
cnfFeatureAttaches 1.3.6.1.4.1.9.9.99999.1.3.4.1.4
cnfFeatureDetaches 1.3.6.1.4.1.9.9.99999.1.3.4.1.5
cnfFeatureConfigChanges 1.3.6.1.4.1.9.9.99999.1.3.4.1.6Resolved Caveats—Cisco IOS Release 12.2(15)T15
Cisco IOS Release 12.2(15)T15 is a rebuild release for Cisco IOS Release 12.2(15)T. The caveats in this section are resolved in Cisco IOS Release 12.2(15)T15 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
IP Routing Protocols
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1.
2.
3.
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
Symptoms: Connected routes cannot be redistributed from one protocol to another.
Conditions: This symptom occurs on EIGRP routes when using the shut command followed by the no shut command.
Workaround: There is no workaround.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1.
2.
3.
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
Miscellaneous
•
Symptoms: In the RTSP server, the TCL IVR "media record" verb records in the RTSP server. After recording, "media play" plays the recorded audio-file from the RTSP server, and the playback voice quality is bad. (TCL is not the only script that can cause this problem. Another usage that can lead to the same symptom is the VXML script.)
Conditions: This symptom occurs when "media record" is the destination of the RTSP server with a codec of g711ulaw.
Workaround: Change the record codec from g711uLaw to g729r8, which appears to work fine.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1.
2.
3.
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1.
2.
3.
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1.
2.
3.
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
Reception of certain IPv6 fragments with carefully crafted illegal contents may cause a router running Cisco IOS to reload if it has IPv6 configured. This applies to all versions of Cisco IOS that include support for IPv6.
The system may be protected by installing appropriate access lists to filter all IPv6 fragments destined for the system. For example:
interface Ethernet0/0
ipv6 traffic-filter nofragments in
!
ipv6 access-list nofragments
deny ipv6 any <my address1> undetermined-transport
deny ipv6 any <my address2> fragments
permit ipv6 any any
This must be applied across all interfaces, and must be applied to all IPv6 addresses which the system recognizes as its own.
This will effectively disable reassembly of all IPv6 fragments. Some networks may rely on IPv6 fragmentation, so careful consideration should be given before applying this workaround.
We would recommend for customers to upgrade to the fixed IOS release. All IOS releases listed in IPv6 Routing Header Vulnerability Advisory at /en/US/products/products_security_advisory09186a00807cb0fd.shtml contain fixes for this issue.
•
Cisco Internetwork Operating System (IOS) software is vulnerable to a Denial of Service (DoS) and potentially an arbitrary code execution attack from a specifically crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to process IPv6 traffic are affected. Upon successful exploitation, the device may reload or be open to further exploitation.
Cisco has made free software available to address this vulnerability for all affected customers.
More details can be found in the security advisory that is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml.
•
Symptoms: IPSec does not function when the ip route cache command is enabled.
Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.3(11)T3 but may be platform-independent.
Workaround: There is no workaround.
•
Symptoms: No traffic is sent from the Cisco 3825 router.
Conditions: This symptom occurs while running Cisco IOS Release 12.3(11)T3 if the traffic from a VPN going out through the global interface does not require encryption.
Workaround: Remove crypto map from the global interface.
•
Cisco Internetwork Operating System (IOS) Software release trains 12.2T, 12.3 and 12.3T may contain vulnerabilities in processing certain Internet Key Exchange (IKE) Xauth messages when configured to be an Easy VPN Server.
Successful exploitation of these vulnerabilities may permit an unauthorized user to complete authentication and potentially access network resources.
This advisory will be posted to http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml
Wide-Area Networking
•
Symptoms: The CEF-Dialer feature fails to add an adjacency for a virtual-access1 CEF interface because the IP route is installed after the feature attempts to add the adjacency.
Conditions: This symptom is observed during a test on a Cisco router that runs Cisco IOS Release 12.3 or interim Release 12.3(10.3)T.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.2(15)T14
Cisco IOS Release 12.2(15)T14 is a rebuild release for Cisco IOS Release 12.2(15)T. The caveats in this section are resolved in Cisco IOS Release 12.2(15)T14 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: Many memory allocation failure (MALLOCFAIL) messages may occur for a Cisco Discovery Protocol (CDP) process:
%SYS-2-MALLOCFAIL: Memory allocation of -1732547824 bytes failed from x605111F0, pool Processor, alignment 0
-Process= "CDP Protocol", ipl= 0, pid= 42
-Traceback= 602D5DF4 602D78A0 605111F8 60511078 6050EC88 6050E684 602D0E2C 602D0E18Conditions: The symptom is observed on a Cisco 7513 that runs Cisco IOS Release 12.0(17)ST. The symptom may also occur on other Cisco 7500 series routers that run Release 12.0 S, 12.2 S, 12.3, or 12.3 T.
Workaround: To prevent the symptom from occurring again, disable CDP by entering the no cdp run global configuration command.
•
Symptoms: A Cisco device reloads on receipt of a corrupt CDP packet. One possible scenario is:
Reloading a faulty Cisco IP conference station 7935 or 7936 may cause a connected Cisco switch or router to reload. A CDP message may appear on the terminal, such as the following one:
%CDP-4-DUPLEX_MISMATCH duplex mismatch discovered on FastEthernet5/1 (not half duplex), with SEP00e0752447b2 port 1 (half duplex).Conditions: This symptom is observed when an empty "version" field exists in the output of the show cdp entry * command for at least one entry.
Workaround: Disable CDP by entering the no cdp run global configuration command.
First Alternate Workaround: Disable CDP on the specific (sub-)interface(s) whose corresponding neighbor(s) has or have an empty "version" field in the output of the show cdp entry * command.
Second Alternate Workaround: Disconnect the 7935 or 7936 phone, in the case of the specific symptom that is described above.
•
Symptoms: Depending upon configuration, issuing The show cdp entry * protocol command may cause a reload of the device.
Conditions: This symptom occurs on Cisco products that are speaking CDP with configurable interface MTU.
Workaround: Disable CDP, avoid issuing the command under given circumstances, or upgrade to a fixed version of software.
•
Symptoms: A Cisco router crashes with a POD request.
Conditions: This symptom is observed when a POD request is issued for an MLP call.
Workaround: There is no workaround.
Further Problem Description: This problem is seen in Cisco IOS Release 12.2T but not in Cisco IOS Release 12.3 and its child branches.
•
Symptoms: A Cisco device experiences a memory leak in the CDP process.
Conditions: The device sending CDP packets sends a hostname that is 256 or more characters. There are no problems with a hostname of 255 or fewer characters.
Workaround: Configure the neighbor device to use less than a 256 character hostname, or disable the CDP process with the global command no cdp run.
IP Routing Protocols
•
Symptoms: A Cisco 1600 series crashes with an "Unexpected exception to CPU vector 2" error.
Conditions: This symptom is observed when stateful NAT is configured with the redundancy in command.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: Voice ports on a router may be stuck in a seizure acknowledgement (SEIZURE-ACK) state.
Conditions: This symptom is observed for a number of calls on voice ports because some digits in the calls are not pulsed out.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command to clear the voice ports.
•
Symptoms: A Cisco router may reload if the show ip access- list access-list-name command is performed on an existing reflexive access-list.
Conditions: This symptom is observed on a Cisco 3620 router that is running Cisco IOS Release 12.2(13).
Workaround: There is no workaround.
•
Symptoms: The following tracebacks are seen on a voice router:
%DSM-3-NOEVENT: no free event structure available from dsm_ev_chunk_pool for DSM messageConditions: This symptom leads to dropped calls or DSP timeouts under high stress or high CPU.
Workaround: Reload the router.
•
A router that is running RIPng may crash after receiving a malformed RIPng packet causing a Denial of Service (DoS) on the device.
Such malformed packets can normally be sent locally. However, if "ipv6 debug rip" is enabled on a system then the crash can also be triggered remotely.
RIP for IPv4 is not affected by this vulnerability.
There is no workaround.
•
Symptoms: Traceback messages are seen on a Cisco AS5400 origination GW (OGW). The tracebacks are reproducible.
Conditions: This symptom is observed when running tests with an E1R2 interface.
Workaround: There is no workaround.
•
Symptoms: A NAS crashes when stress scripts are running and when bulk calls are made.
Conditions: This symptom is observed on a Cisco AS5400 and Cisco AS5800 that are configured for T1 when scripts run that enter the shutdown command followed by the no shutdown command on controllers in digital callers and the clear modem all command in analog callers. The NAS is stressed with both analog and digital calls made from a traffic generator that sends 20 packets per second and the scripts run every 10 minutes.
Workaround: There is no workaround.
•
Symptoms: All VIPs in a Cisco 7500 series restart as a consequence of a Cbus complex that is triggered by a stuck output. Just before the output becomes stuck, IPC timeout errors occur.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3(5) in a dLFIoATM environment. The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: When a T.38 fax failure occurs, for example because a call is disconnected, a Cisco AS5400 may incorrectly generate the following message in its log:
%DSM-3-DSP_TIMEOUT: DSP timeout on channel <channel specific information> T38
Codec Switch Failed or Timed outConditions: This symptom is observed when there is no real failure in the codec download. The symptom may occur when a disconnect from the telephony side occurs while the Cisco AS5400 is in the middle of a codec download.
Workaround: There is no workaround.
•
Symptoms: A software-forced crash may occur on a gatekeeper that processes an incoming call.
Conditions: This symptom is observed on a Cisco platform that functions as a gatekeeper and that runs Cisco IOS Release 12.2(15)T13 and occurs only when a GKTMP server is configured for LRQ triggering.
Workaround: There is no workaround.
•
Symptoms: A router that functions as a DHCP relay agent may drop DHCP packets that contain option 220. A client may not be able to receive an IP address. The following error message is displayed when the debug ip dhcp server packet command is enabled:
DHCPD: nonhierarchical subnet allocation is not supported in this image.Conditions: These symptoms are observed when option 220 is used differently by some DHCP clients and servers. (Option 220 is not yet standardized). A Cisco IOS DHCP server or relay agent uses option 220 as a subnet allocation option. This situation may cause problems for certain DHCP clients and servers that use a proprietary option 220 in DHCP packets; such packets may be dropped by a Cisco IOS DHCP server or relay agent.
Workaround: There is no workaround.
•
Symptoms: A Cisco access server that terminates virtual-profile calls with per-user access control lists (ACLs) does not remove all per-user ACLs when calls are terminated. This situation may cause the memory of the access server to be depleted, and the output of the show processes memory EXEC command may indicate that the "AAA Per-User" process holds most of the allocated memory.
Conditions: This symptom is observed on a Cisco access server that runs a Cisco IOS Release that contains the fix for CSCee01688.
Temporary Workaround: To free up memory, manually remove the per-user ACL by entering the no ip access-list extended virtual-access number global configuration command. The number argument consists of the numbers (for example, 2003#671) that are assigned by the Cisco IOS software when the ACL is created.
•
Symptoms: Adding a large policymap with a number of classes, each with a set feature enabled, can cause a router to crash when there is traffic to each of the classes.
Conditions: This symptom occurs when adding a large policymap with a number of classes.
Workaround: There is no workaround.
•
Symptoms: A router may reload unexpectedly while you disable label distribution protocol (LDP) on an interface.
Conditions: This symptom is observed on a router that has several interfaces that are configured for LDP when you disable LDP on all interfaces and when there is still one open TCP connection that is passively used by LDP while you disable LDP on the last interface.
Workaround: There is no workaround.
TCP/IP Host-Mode Services
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1.
2.
3.
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
Resolved Caveats—Cisco IOS Release 12.2(15)T13
Cisco IOS Release 12.2(15)T13 is a rebuild release for Cisco IOS Release 12.2(15)T. The caveats in this section are resolved in Cisco IOS Release 12.2(15)T13 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: A Cisco router may reload when it performs Simple Network Management Protocol (SNMP) Notification Log MIB queries.
Conditions: This symptom is observed on all versions of Cisco IOS software.
Workaround: There is no workaround; however, the symptoms are not observed on a Cisco ONS 15530 or a Cisco ONS 15540 switch module because the symptoms have been resolved on these platforms.
•
Symptoms: A VIP crash can lead to a memory exhaustion situation on the RSP in turn leading to an RSP crash.
Conditions: This will happen more frequently on routers with a high idb count.
Workaround: There is no workaround.
•
Symptoms: Attributes 42 and 43 may be of value "zero" in Connection STOP records.
Conditions: This symptom is observed on a Cisco AS5400 and Cisco AS5850 that run Cisco IOS Release 12.3 or Release 12.3(4)T4 when a TCP-clear call is disconnected by the caller. For call disconnects by the NAS, the values are proper.
Workaround: There is no workaround.
•
Symptoms: An update to Cisco IOS changes the size of the control message of the jitter, UDP, or TCP probe, however, this change in size makes the updated version have an incompatible issue with the previous version.
The `RTT_FORMAT_FAIL' error may occur if the source and the target do not use the same versions of Cisco IOS.
Workaround: Ensure that both the source and the target use the same version of Cisco IOS.
•
Symptoms: After a VIP crashes, a FIB-3-FIBDISABLE error message due to an IPC timeout may occur for all the slots of the VIP.
Conditions: This symptom is observed on a Cisco 7500 series after the VIP crashes and before the VIP recovers. The FIB-3-FIBDISABLE error message is generated for all the slots of the VIP, causing dCEF switching to become disabled.
Workaround: There is no workaround. You can reenable dCEF by entering the clear cef linecard command.
IP Routing Protocols
•
Symptoms: A Cisco router may reload unexpectedly when you enter a show command that is related to IP multicast.
Conditions: This symptom is observed on a Cisco router that has remained at the "more" prompt for a long period of time.
Workaround: There is no workaround. If the user tries to avoid leaving a show command at a --More-- prompt for a long time, chance of running into this issue is very small. Also, if the router doesn't have directly connected receivers nor igmp join configured (e.g. core routers), this bug wouldn't cause any harm.
•
Symptoms: A Cisco router may reload when Border Gateway Protocol (BGP) is configured to carry Virtual Private Network version 4 (VPNv4) routes.
Conditions: This symptom is observed when VPNv4 import processing occurs simultaneously with a BGP neighbor reset, for example, when a VPN routing and forwarding (VRF) instance is configured and you enter the clear ip bgp * privileged EXEC command.
Workaround: There is no workaround.
•
Symptoms: When the debug ip pim auto-rp command is enabled on a Cisco 7500 series, the router crashes when it receives an AutoRP message.
Conditions: This symptom is observed on a Cisco 7500 series that runs the rsp-isv-mz image of Cisco IOS Release 12.2(15)T7 or 12.2(15)T9. The symptom may also occur in other releases of Release 12.2 T, or in Release 12.3 or Release 12.3 T.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: Directly-connected neighbors may be displayed in the "Targeted Hellos" field in the output of the show mpls ldp discovery privileged EXEC, which is incorrect behavior. This situation does not impact routing functionality.
Conditions: This symptom is observed in an Any Transport over Multiprotocol Label Switching (AToM) environment and is platform independent.
Workaround: There is no workaround.
•
Symptoms: Peer fails to call network access server (NAS) if authentication, authorization, and accounting (AAA) configurations are missing.
Workaround: Configure the aaa new-model and aaa authorization commands.
•
Symptoms: A router may fail to handle the Label Withdraw if the Label Withdraw Message is received with a Forwarding Equivalence Class (FEC) type length value (TLV) and no Label TLV. The router may generate an error message that is similar to the following if a withdraw failure occurs:
%LDP-3-UNKNOWN_MPLS_APP: ldp label withdraw message from 10.1.1.1:0; list type 7; afam 1;Conditions: This symptom is observed on a Cisco router that is running Multiprotocol Label Switching (MPLS) and the Label Distribution Protocol (LDP).
Workaround: There is no workaround.
•
Symptoms: A digital signal processor (DSP) may time out on a Cisco IAD2420 series because of a Host Port Interface (HPI) error.
Conditions: This symptom is observed on a Cisco IAD2420 series that is running Cisco IOS Release 12.2(11)T4 every time a call is placed or received.
Workaround: Use the command-line interface (CLI) to issue the following command to the DSPs that have a timeout symptom:
[no] voice dsp waitstate ws dsp_id
where ws is in the range of 1 to 3 with 1 being the default and dsp_id is a 1-based DSP number. The recommended ws value to set in this particular case is 2. Do not set the ws value higher than 2. The issuance of the CLI command will not take effect until the next DSP reset occurs either through an automatic mechanism or through test commands.
•
Symptoms: A Cisco 3640 router running recent Cisco IOS Release 12.2T based images does not write a crashinfo file to flash upon suffering a crash.
Conditions: This problem is seen only when the crashinfo location that is configured via the exception crashinfo file command and the default crashinfo location (mostly bootflash:), both had insufficient space or some other reason for the crashinfo not being written.
Only when this occurs do we try to write into all remaining local storage media. Only in such a last effort if flash: were to be selected to dump the crash information, then flash may fail to write.
Workaround: If flash has sufficient space to collect crashinfo, configure exception crashinfo file flash: command explicitly rather than relying on the default configuration.
•
Symptoms: A 1-port High-Speed Serial Interface network module (NM-1HSSI) that is running Frame Relay traffic shaping (FRTS) and Frame Relay fragmentation 12 (FRF.12) may randomly stop functioning and does not recover on its own. This problem is not limited to FRF.12 and could also occur with other configurations.
Conditions: This symptom is observed on a Cisco 3600 router that is running Cisco IOS Release 12.2(11)T1 or Release 12.2(13a) but may also occur in other releases. In addition, the symptom may also occur on a Cisco 7200 series.
Workaround: Disabling FRF.12 fragmentation might help.
First Alternate Workaround: Enter the clear interface EXEC command on the affected interface.
Second Alternate Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
•
Symptoms: When a gateway starts up, Media Gateway Control Protocol (MGCP) restart in progress (RSIP) messages may not be sent for all available E1 interfaces, causing the call agent to be unaware of full circuit availability on the gateway and calls to be dropped. For example, of 15 available E1 interfaces, only one RSIP message is sent (generally but necessarily for the first E1 interface). After 20 minutes, another individual E1 RSIP message is sent followed by a wildcard RSIP message for the entire gateway. Every 10 minutes thereafter, two RSIP messages for individual E1s are sent. Up to 80 minutes may be required before stability is reached, causing calls to be dropped each time a delayed RSIP message is sent after the wildcard RSIP message has been sent.
Conditions: This symptom is observed on a Cisco AS5400 that is functioning as a gateway and that is running Cisco IOS Release 12.2(11)T5.
Workaround: There is no workaround.
•
Symptoms: A Cisco 6400 series Node Route Processor 2 (NRP2) may reload.
Conditions: This symptom is observed when the Cisco 6400 series NRP2 is running Cisco IOS Release 12.2(13)T1 and the Service Selection Gateway (SSG) is enabled.
Workaround: There is no workaround.
•
Symptoms: A router may reload because of a bus error.
Conditions: This symptom is observed on a Cisco router if a VPN routing/forwarding (VRF) instance is deleted while the show ip vrf vrf-name EXEC command executes.
Workaround: Do not enter the show ip vrf vrf-name EXEC command while any VRF is being deleted.
•
Symptoms: An ATM permanent virtual circuit (PVC) that is configured for autodetection of PPP over ATM (PPPoA) or PPP over Ethernet (PPPoE) protocols may drop the incoming PPPoA frames.
Conditions: This symptom may be triggered on a particular PVC, if the PPPoA session is brought up from the other end of the PVC, and if there is a change in the PVC state for any reason (for example, ATM Operation, Administration, and Maintenance [OAM] taking the VC down).
Workaround: Use one of the following workarounds: - Reconfigure the ATM PVC. - Do not use PPPoA or PPPoE autosensing. - Configure the PVC for either PPPoA or PPPoE.
Following is an example of the PVC configuration: interface atm 4/0.1 no pvc 4/43 pvc 4/43 ... If the VC is part of a range, first configure the pvc-in-range and then configure the encapsulation:
configure terminal
range pvc 6/43 6/1000 pvc-in-range 6/43 encapsulation aal5mux ppp virtual-Template 1
•
Symptoms: VLAN class of service (CoS) bits may not be set for outgoing Multiprotocol Label Switching (MPLS) packets, although the modular QoS CLI (MQC) may indicate so.
Conditions: This symptom is observed on a Cisco 7200 series or Cisco 7500 series that runs Cisco IOS Release 12.2, Release 12.3, or Release 12.3 B when CoS marking is applied to a VLAN subinterface. Note that traffic that is generated by the router itself receives the correct CoS for all classes.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 series may reload unexpectedly during a service-policy configuration.
Conditions: This symptom is observed when you attach a level 2 policy map as a child of a level 1 policy map and when the level 1 policy map is already attached to an interface.
Workaround: Create a level 3 policy map, and attach it to the interface.
•
Symptoms: On an ASBR-PE, the TFIB may be missing a forwarding entry for a prefix that is learnt from a PE.
Conditions: This symptom is observed on an "ABSR-co-located PE" (that is, an ASBR that also functions as a PE router) when the PE functionality is removed by deconfiguring VRF, for example, by entering the no ip vrf vrf-name command.
Since this is a timing issue, it may occur in Cisco IOS Release 12.0 S, 12.2 S, 12.2 T, and 12.3.
Workaround: There is no workaround.
•
Symptoms: Data packets may be punted to the process path when user logon and logoff activity occurs.
Conditions: This symptom is observed in all of the Service Selection Gateway (SSG) images of Cisco IOS software under heavy load conditions.
Workaround: There is no workaround.
•
Symptoms: A router may reload with a bus error if a quality of service (QoS) class map or policy map is renamed through modular QoS CLI (MQC) and a subsequent show memory EXEC command is issued.
Conditions: This symptom is observed in all Cisco IOS software releases on all Cisco platforms where the rename command is available under class map and policy map modes. It is observed in Cisco IOS Release 12.1 (14)E, Release 12.2(12) and later releases. This symptom is not observed in Release 12.1. The symptom occurs after a global class map or policy map is renamed and a subsequent show memory EXEC command is issued.
Workaround: Avoid use of the rename command. Remove and recreate the class map or policy map instead.
•
Symptoms: A Cisco router may reload when you enter the show policy-map interface EXEC command.
Conditions: This symptom is observed on a Cisco 7500 series that is configured with a Frame Relay permanent virtual circuit (PVC) policy.
Workaround: There is no workaround.
•
Symptoms: On a Cisco router that is configured with a Multilink PPP (MLP) interface, the available processor memory may decrease rapidly because of a memory leak.
Conditions: This symptom is observed when the MLP interface flaps repeatedly.
Workaround: There is no workaround. You must resolve the cause of the flapping MPL interface.
Further Problem Description: A QoS configuration is the key to cause this memory leak. The problem will not happen without a QoS configuration. Note: If PPP multilink interleave is configured, then this configuration will trigger QoS memory allocation.
•
Symptoms: A 1-port E3 serial port adapter (PA-E3) may fail to recover to the "up/up" state even when the original cause of the failure is corrected.
Conditions: This symptom is observed on a Cisco 7500 series.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface of the PA-E3.
•
Symptoms: When configuring QoS on a Cisco 7200 series, the router may reload with a bus error. Specifically, the bus error occurs after having entered the no class name command on subinterfaces.
Conditions: This symptom is observed on a Cisco 7200 series that runs the c7200-jk9s-mz image of Cisco IOS Release 12.2(17a). The symptom may also occur in other releases. This behavior is associated to the use of "payload-compression" and Weighted Random Early Detection (WRED) configurations.
Workaround: There is no workaround.
•
Symptoms: An H.323 proxy may fail when a conference call between a PSTN user and IP phones users is initiated by an IP phone in a Cisco CallManager environment.
Conditions: This symptom is observed on a Cisco router that functions as a gatekeeper, that has the H.323 proxy enabled, and that runs Cisco IOS Release 12.3(5) in the following topology:
An IP phone connects to a Cisco CallManager that connects to the Cisco gatekeeper that has the H.323 proxy enabled. The Cisco gatekeeper connects to yet another gatekeeper that connects to a gateway that, in turn, connects to the PSTN.
All calls to and from the Cisco CallManager IP phone via the Cisco gatekeeper are proxied. The Cisco CallManager runs software version 3.3(3)SR3. The display IE delivery option is disabled in the H.225 trunk configuration in the Cisco CallManager administration web page. The H.225 trunk is controlled by one of the gatekeepers.
The symptom occurs in the following sequence of events:
1. A PSTN user calls IP phone (IP phone 1).
2. The user of IP phone 1 answers the call and the call is connected with two-way audio.
3. The user of IP phone 1 presses the "conference" button and calls another IP phone (IP phone 2).
4. The user of IP phone 2 answers the call and the call is connected with two-way audio.
5. The user of IP phone 1 presses the "conference" button again.
6. The H.323 proxy fails, causing the PSTN to be disconnected from the conference call.
7. The conference call continues between the user of IP phone 1 and the user of IP phone 2.
Workaround: Enable the "Display IE delivery" option in the H.225 trunk configuration Cisco CallManager administration web page.
Alternate Workaround: Disable the H.323 proxy on the Cisco gatekeeper.
•
Symptoms: Several prefixes for non-redistributed connected interfaces in different VRFs may be partially bound to the same MPLS-VPN label, thus disrupting traffic bound to one or more of these VRFs.
Conditions: This symptom can occur on a Cisco router that runs Cisco IOS Releases 12.2, 12.2T, 12.0S, 12.3 after the VRF interfaces have flapped. The symptom may occur in all code levels of these releases.
Workaround: Clear the routes in the VRFs in sequence.
•
Symptoms: A router may log a CPUHOG message that is caused by the CEF reloader process.
Conditions: This symptom is observed on a Cisco router when a VRF with more than 9000 routes is added to the configuration.
Workaround: There is no workaround.
•
Symptoms: A gateway may send wrong resource availability information to a gatekeeper. The actual number of "used" and "free" channels that is shown in the output the show trunk group command does not match with the number that is shown in the output of the show call resource voice status and show isdn status commands.
This situation causes the gatekeeper to receive wrong information about the number of free circuits that the gateway has and may also cause the circuits of the gateway to be underutilized.
Conditions: This symptom is observed on a Cisco AS5300 but may not be platform dependent.
Workaround: There is no workaround.
•
Symptoms: DTS may not work properly on dot1q Fast Ethernet subinterfaces. Traffic is not shaped at the expected rate
Conditions: This problem is observed on a Cisco 7500 series that is configured as a PE router and that runs Cisco IOS Release 12.2(12i). The symptom may also occur in other releases.
Workaround: If this is an option, use ISL subinterfaces.
•
Symptoms: LC-ATM-enabled subinterface on a PE router stays in "not ready" state when viewing the LDP session to the LSC using the show mpls ldp discovery command. The shutdown interface command followed by the no shutdown interface command will not clear the problem when performed on either the LC-ATM subinterface on the PE or the Xtag interface on the connected LSC.
Conditions: The interface stays in "interface not LDP ready" state when there exists a stray LVC on the switch interface. The PE reaches this state after multiple LDP flaps.
Workaround: The condition may be cleared by entering the clear ip route prefix command where prefix is the local loopback address for the LC- ATM subinterface. This will cause all tailend LVCs on all LC-ATM subinterfaces to be torn down and re-established, causing a brief customer outage. This workaround should only be used if no alternate path exists for MPLS traffic towards this device (i.e., a redundant LC-ATM subinterface). After using this workaround, user should confirm that the expected number of LVCs has been re- established with the output of the show mpls atm summary command. If bindings are not successfully re-established, repeat the clear ip route prefix command, or reload the router.
Reload of the router will remove the stray LVC and bring the LDP session on the PE's LC-ATM subinterface back to normal state.
•
Cisco Internetwork Operating System (IOS) Software release trains 12.1YD, 12.2T, 12.3 and 12.3T, when configured for Cisco's IOS Telephony Service (ITS), Cisco CallManager Express (CME) or Survivable Remote Site Telephony (SRST) may contain a vulnerability in processing certain malformed control protocol messages.
A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS). This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml
Cisco has made free software upgrades available to address this vulnerability for all affected customers.
This vulnerability is documented by Cisco bug ID CSCee08584.
•
Symptoms: Inbound ISDN B-channels through a Cisco IOS VoIP gateway may get hung in an S_WAIT_STATS state.
Conditions: This symptom is observed when the calling party hangs up the call prior to the called H.323 call leg being answered and when the called H.323 device not send back an H.225 Release_Complete message. This occurs when placing calls from a Cisco IOS gateway to a Cisco CallManager.
Workaround: There is no workaround.
•
Symptoms: A file type sometimes becomes ASCII text when you enter the write memory command on an NRP2-SV. You can see the file type when you enter the show file info disk0:slotX/nrp2-startup-config command on the NSP, as in the following example:
NSP# shos file info disk0:slot5/nrp2-startup-config disk0:slot5/nrp2-startup-config: type is ascii text <<<<<
Conditions: This symptom is observed on an NRP2-SV that is installed in a Cisco 6400 series that runs Cisco IOS Release 12.2(15)T9 or 12.3(6).
Workaround: There is no workaround.
•
Symptoms: IMA link status sticks in NE usable/usable while showing FE active/active.
Conditions: This happens when connecting an IMA module in a Cisco 3640 to a third party vendor switch.
Workaround: Administratively shut down the link and then bring it back.
•
Symptoms: A router may experience a memory leak when the LSR MIB is queried.
Conditions: This symptom is observed on a Cisco router running Cisco IOS Release 12.2(15)T10 but is software-independent.
Workaround: Disable the LSR MIB queries and reboot the device to reclaim the leaked memory.
•
Symptoms: Data packets gets punted to the process path when the Service Selection Gateway (SSG) timeout process is scheduled.
Conditions: This symptom is observed in all SSG images of Cisco IOS software.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: When isdn fast-rollover delay is configured on an ISDN interface, the failed DDR connection attempts from that interface may result in used memory permanently increasing.
show processes memory will indicate that the memory held by the process IP Input is increasing.
Workaround: Remove the isdn fast-rollover delay command and reload the router.
•
Symptom: The information element (IE) of a calling party number in an outgoing call setup message may be corrupted. When you use the Q.931 Translator, the log files may display that the calling party number in the outgoing call setup message is "0x00," as in the following example:
ISDN Se0:23: TX -> SETUP pd = 8 callref = 0x0005 Bearer Capability i = 0x8890 Channel ID i = 0xA98397 Calling Party Number i = 0x00, (null), Plan:Unknown, Type:Unknown Calling Party SubAddr i = 0x80, '9876' Called Party Number i = 0x80, '2222', Plan:Unknown, Type:Unknown
Condition: This symptom is observed after an IE for a calling party subaddress is received.
Workaround: There is no workaround.
•
Symptoms: When you enter the show frame-relay pvc privileged EXEC command, a Cisco router may reload because of a bus error.
Conditions: This symptom is observed when two users simultaneously edit the same data-link connection identifier (DLCI).
Workaround: Ensure that only one person at a time edits a DLCI.
•
Symptoms: A parity error on a Versatile Interface Processor (VIP) card may cause other VIPs to go to a wedged state.
Conditions: This symptom is observed on a Cisco 7500 series router.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.2(15)T12
Cisco IOS Release 12.2(15)T12 is a rebuild release for Cisco IOS Release 12.2(15)T. The caveats in this section are resolved in Cisco IOS Release 12.2(15)T12 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: A Route Switch Processor (RSP) that is acting as a slave may have complete packet switching activity interrupted for several minutes. This situation may cause the RSP to permanently pause.
Conditions: This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.2(12d).
Workaround: There is no workaround.
•
Symptoms: Some Simple Network Management Protocol (SNMP) packets may linger in the input queue while they are processed. However, the packets do exit the queue on their own without any intervention from the user. This fix allows these packets to be removed from the queue more quickly.
Conditions: This symptom is observed on a device that runs Cisco IOS software and that supports SNMP operations. In addition, the SNMP request must contain a valid community string.
Workaround: Protect the SNMP community strings with good password management. Permit SNMP traffic only from trusted devices.
•
Symptoms: The order of the Service Assurance Agent (SAA) Response Time Reporter (RTR) schedule command options is incorrect in the output of the show running-config EXEC command. This situation may cause difficulties with third-party vendor software that configures and manages RTR probes.
Conditions: This symptom is observed on all Cisco platforms that run Cisco IOS Release 12.2(13)T1.
Workaround: There is no workaround.
•
Symptoms: SAA RTR key-chain authentication may fail with the following RTT responder:
authentication failure
Conditions: This symptom is observed when SAA is using a key chain which has a key ID that has a value larger than 255.
Workaround: Ensure that the value of the key ID does not exceed 255.
Interfaces and Bridging
•
Symptoms: The output of an snmpwalk for the entPhysicalDescr MIB on a PA-MC-8E1/120 may show the PA-MC-8E1/120 as unknown.
Conditions: This symptom is observed on a Cisco 7500 series router in which a PA-MC-8E1/120 is installed.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: Network Address Translation (NAT) debug messages do not show release messages at the end of a call.
Conditions: This symptom is observed for NAT debug messages for the following debug commands: in Cisco IOS Release 12.2(13)TO1: debug ip nat h323 debug ip nat debug ip nat skinny
Workaround: Upgrade to Cisco IOS Release 12.2(13)T3 or a later release.
•
Symptoms: A Cisco router may reload when you simultaneously enter the same command to terminate a router protocol through two different sessions. For example, one session may run via the console and the other session may run via a Virtual Terminal Protocol (VTP). Examples of commands that terminate a router protocol are the no router bgp global configuration command, the no router isis global configuration command, the no router ospf global configuration command, and so on.
Conditions: This symptom is platform independent.
Workaround: Do not simultaneously enter the same command to terminate a router protocol through two different sessions.
•
Symptoms: Address Resolution Protocol (ARP) may not be triggered for an inside-local address destination after the outside-to-inside translation is performed correctly, causing packets to be dropped because the adjacency remains gleaned.
Conditions: This symptom is observed on a Cisco router when the Multi-VRF feature is configured and when you configure a customer edge (CE) router to perform Network Address Translation (NAT).
Workaround: Perform a ping from the router to the CE router to trigger ARP and to populate the adjacency table.
•
Symptoms: A router may reload unexpectedly because of a bus error when it accesses a low address during the translation of TCP port 514.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(5) and that is configured for Network Address Translation (NAT).
Workaround: Prevent the translation of TCP port 514.
Miscellaneous
•
Symptoms: When a provider edge (PE) router has multiple paths to an Autonomous System Boundary Router (ASBR) that is used as a next hop in a Virtual Private Network (VPN) routing/forwarding (VRF) static route with a global keyword, there is no Internet connectivity for the customers that are defined in the VRF.
Conditions: This symptom is observed in a Multiprotocol Label Switching (MPLS) VPN.
Workaround: Shut down one of the outgoing interfaces on the PE router.
•
Symptoms: Connectivity difficulties may occur when Virtual Private Network (VPN) routing/forwarding (VRF) packets follow the global routing table instead of the VRF table.
Conditions: This symptom is observed on a low-end Cisco router that runs Cisco IOS Release 12.2(7a) or another release when the global address space in the router overlaps with the VRF address that is configured on a VRF interface of a connected PE router. The VRF interface of this PE router may be unreachable but end-to-end connectivity may not be affected.
Workaround: There is no workaround.
•
Symptoms: A Fast Ethernet (FE) interface resets after you enter the no ip igmp join-group group-address interface configuration command and the link state goes down temporarily.
Conditions: This symptom is observed on a Cisco 2691, Cisco 3725, or Cisco 3745 router when you enter the ip igmp join-group group-address interface configuration command followed by the no ip igmp join-group group-address interface configuration command several times in succession on the FE interface.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that functions as a voice gateway may reload unexpectedly after a series of calls that include call transfers and diverted calls have been processed.
Conditions: This symptom is observed on a Cisco 2621XM and Cisco 3640 when you use a third-party vendor protocol convertor to translate and provide a tunnel for Digital Private Network Signaling System (DPNSS) traffic over Q Signaling (QSIG). The symptom is not platform specific.
Workaround: There is no workaround.
•
Symptoms: The H.323 conference ID format on a Cisco 3700 series router and a Cisco 2600XM series router is not compatible with the conference ID format from prior releases of Cisco IOS software.
Conference ID format prior to Cisco IOS Release 12.2(11)T: 712E35B1 A3000037 0 2D37E8
Conference ID format for Cisco IOS Release 12.2(11)T: 712E35B1 A3000037 00000000 002D37E8
Conditions: This symptom is observed only for the Cisco 3700 series routers and the Cisco 2600XM series routers that are running Cisco IOS Release 12.2(11) T, Release 12.2(11)T2, and Release 12.2(11)T3.
Workaround: There is no workaround.
•
Symptoms: A Session Initiation Protocol (SIP) gateway stack may not remove the user parameters from the request-Uniform Resource Identifier (URI) message for a call, causing the acknowledgement (ACK) message to contain a part of the user parameters, and the call to fail.
Conditions: This symptom is observed on a Cisco AS5300 but may occur on any Cisco gateway that supports SIP.
Workaround: There is no workaround.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Symptoms: The output of the show dial-peer voice EXEC command may report the incorrect number of active connections supported by the dial peer:
connections/maximum = 247848/unlimited,
This is only a cosmetic error unless the user has also configured the max-conn statement under a given dial-peer to limit the maximum number of concurrent sessions supported by the dial peer. If this is the case, the max-conn value may be exceeded and further calls will fail for that dial peer even if the true number of calls that the dial peer is supporting is below the maximum setting.
Conditions: This symptom is observed on Voice over IP (VoIP) dial peers.
Workaround: There is no workaround.
•
Symptoms: Response times from Internet Information Servers (IISs) and Cisco Tomcat HTTP servers are always at least 0.5 seconds.
Conditions: This symptom is observed when the TCP push bit on an HTTP GET request to an IIS or Tomcat server is not set. The server response time is delayed.
Workaround: Place a router and Cisco cache engine between the client gateway and the HTTP server. The router and/or cache engine turn on the bit and speed up response times.
•
Symptoms: A Cisco 2600XM router may generate the following error message:
ASSERTION FAILED: file "../les/if_dslsar.c", line 1041Conditions: This symptom is observed on a Cisco 2600XM router that is running Cisco IOS Release 12.2(13)T1.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload after Virtual Private Network (VPN) clients disconnect.
Conditions: This symptom is observed intermittently on a Cisco router that is running Cisco IOS Release 12.2(13)T or a later release when the IP Security (IPSec) Network Address Translation Transversal (NAT-T) mode is configured.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5300 may reload because of a TCP socket connection failure.
Conditions: This symptom is observed when you make asynchronous calls over an ISDN line to a network access server (NAS).
Workaround: There is no workaround.
•
Symptoms: Two Cisco routers that run Real-Time Protocol (RTP) traffic over a Voice over IP (VoIP) connection may reload.
Conditions: This symptom may be observed on any Cisco router.
Workaround: There is no workaround.
•
Symptoms: A cbus complex (which will bring down all the interfaces on the box for some time but the router will not reload) may be observed on a Cisco router when the following message appears on the serial interface:
%RSP-3-RESTART: interface Serial8/1/0/23:23, not transmittingConditions: This symptom occurs specifically on a Cisco 7500 series router when Multilink PPP (MLP) is configured on the serial interface and distributed Cisco Express Forwarding (dCEF) switching is enabled.
The problem occurs when multilink member links flap. It may be after a single flap or multiple flaps.
Workaround: There is no workaround.
Further Problem Description: The time-frame associated with Interfaces being down tied to a cbus complex depends on the number of VIPs/IPs (time taken for microcode download) and the type of PAs (time taken for VIP reload) present in those VIPs. All the interfaces will be come back up without any manual intervention.
•
Symptoms: A crash may occur when bringing up a large number of PPP over ATM (PPPoA) sessions.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Releases 12.2(15)B and 12.3. This also completes the unfinished part of CSCdz61744.
Workaround: There is no workaround.
•
Symptoms: A Foreign Exchange Station (FXS) port may lock up after having functioned fine for a long time.
Conditions: This symptom is observed on a Cisco 3640 that runs Cisco IOS Release 12.2(15)T or Release 12.3 and that is configured with a high-density analog voice network module (NM-HDA). This symptom typically occurs when fax lines are configured on the FXS port.
Workaround: Reboot the router.
•
Symptoms: A Cisco router may reload because of a segmentation violation (SegV) exception, and the following error messages and tracebacks may be generated:
AppPushLegORConnection: Object(0x0)(0) NOT a Valid Framework Object
-Traceback= 81124770 8112ED20 81134B04 811049E0 81105048 811062A0 81107D84 81108284 80430CD8
AppPushLegORConnection:Object(0x0) NOT HANDLER: Is APP_NONE
-Traceback= 811247A8 8112ED20 81134B04 811049E0 81105048 811062A0 81107D84 81108284 80430CD8A8 8112ED20 81134B04 811049E0 81105048 811062A0 81107D84 81108284 80430CD8Conditions: This symptom is observed on a Cisco platform that is running an interactive voice response (IVR) application.
Workaround: There is no workaround.
•
Symptoms: A Cisco universal access server or Cisco universal gateway may drop calls that have cause code "0x2C". This cause code is generated because difficulties occur with the allocation of a digital signal processor (DSP).
Conditions: This symptom is observed when a "%VTSP-3-DSP_TIMEOUT: DSP timeout on channel" message appears, the DSP for which the message appears is blocked, and this blocked DSP is then allocated.
Workaround: To recover the blocked DSP, enter the clear spe EXEC command.
•
Symptoms: Calls from a Cisco AS5850 may be rejected by a Cisco Resource Policy Management System (RPMS) with following error message:
Msg:Error: Inconsistent session detected. No Active Call with Call-Id:Conditions: This symptom is observed when a Cisco AS5850 is configured for preauthentication and Virtual Private Dialup Network (VPDN) forwarding.
Debugging the failed call on the Cisco AS5850 indicates that no unique ID was used when the "access accept" for the preauthentication request was received.
Workaround: There is no workaround.
•
Symptoms: Some Simple Network Management Protocol (SNMP) packets may linger in the input queue while they are processed. However, the packets do exit the queue on their own without any intervention from the user. This fix allows these packets to be removed from the queue more quickly.
Conditions: This symptom is observed on a device that runs Cisco IOS software and that supports SNMP operations. In addition, the SNMP request must contain a valid community string.
Workaround: Protect the SNMP community strings with good password management. Permit SNMP traffic only from trusted devices.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Symptoms: A Cisco Media Gateway Control Protocol (MGCP) gateway may be unregistered by a Cisco CallManager.
Conditions: This symptom is observed on a Cisco router that functions as a gateway and that runs Cisco IOS Release 12.2 T, Release 12.3, or Release 12.3 T when the T1 channel-associated signaling (CAS) and PRI backhaul is configured.
Following is an example of the sequence of events that cause the symptom to occur:
1) The Cisco CallManager tears down an active call on the gateway by sending an MGCP delete connection (DLCX) request.
2) The gateway sends a "200 OK" response to the MGCP DLCX request.
3) The Cisco CallManager sends an MGCP Request Notify (RQNT) response to the gateway with "DT/sup" and "D/[0-9ABCD*#]" as the requested events to be notified.
4) The gateway receives the MGCP RQNT request but does not immediately send a "200 OK" response to the MGCP RQNT request.
5) The Cisco CallManager retransmits the MGCP RQNT request four more times at a frequency of one request per 3 seconds.
6) The Cisco CallManager unregisters the gateway because it does not receive any response to its MGCP RQNT request.
7) After 20 seconds, the gateway sends an MGCP notify (NTFY) message with "DT/rlc" as the notified event.
8) Subsequently, the gateway sends a "200 OK" response to the MGCP RQNT request.
9) The gateway does not receive any response to its MGCP requests because the Cisco CallManager has unregistered the gateway.
Workaround: Do not use MGCP. Rather, use H.323.
•
Symptoms: Analog recEive and transMit (E&M) ports may become stuck intermittently. When the symptom occurs, the following error message is displayed:
%C542-1-NO_RING_DESCRIPTORS: No more ring descriptors on recEive And transMit 3/0/1. Msg id=48, Len=38In addition, the output of the show voice call summary EXEC command indicates that the voice-port state is "EM_PARK_IDLE."
Conditions: This symptom is observed on a Cisco gateway that runs Cisco IOS Release 12.2(15)T5 and that has an analog E&M port to connect to a PBX. Note that the symptom does not occur in Cisco IOS Release 12.2(15)T1. The symptom may occur in Release 12.3.
Workaround: Reload the Cisco gateway.
•
Symptoms: A Cisco AS5xx0 platform that is equipped with a particular third-party vendor E1/T1 framer may bring down the controller immediately upon receiving an alarm indication signal (AIS).
Conditions: This symptom is observed when noisy line conditions that last less than 2 seconds cause T1 links to go down or when outages or cable difficulties that last less than 2 seconds cause the controller to go down.
Workaround: There is no workaround.
•
Symptoms: A VIP may reload when an SSO occurs on an RP.
Conditions: This problem occurs intermittently when distributed MLP is configured on the router.
Workaround: There is no workaround.
•
Symptoms: A router may reload unexpectedly because of a bus error when it accesses a low address during the translation of TCP port 514.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(5) and that is configured for Network Address Translation (NAT).
Workaround: Prevent the translation of TCP port 514.
•
Symptoms: A router that is configured for quality of service (QoS) may reload unexpectedly because of a segmentation violation (SegV) exception.
Conditions: This symptom was observed on a Cisco 2600 series that runs the c2600-telco-mz image of Cisco IOS Release 12.3(1a). This can be seen on other IOS-based routers.
Possible Workaround: Disable QoS.
•
Symptoms: A FlexWAN or VIP in which a channelized port adaptor such as a PA-STM1 or PA-MC-8TE1+ is installed may reload continuously.
Conditions: This issue is seen when distributed LFI is configured on channelized serial interfaces and heavy traffic (close to line rate) occurs on these interfaces.
Workaround: There is no workaround.
•
Symptoms: A buffer leak may occur in the Multilink PPP (MLP) header pool on a Versatile Interface Processor (VIP). The speed of the leak depends on the rate of traffic that is flowing between the interface of the VIP and the interface on the other end. The leak may eventually cause memory allocation failures (MALLOCFAIL) on the VIP and may result in memory fragmentation.
Conditions: This symptom is observed on a Cisco 7500 series when all of the following conditions are present:
- Distributed Cisco Express Forwarding (dCEF) is enabled.
- An MLP bundle that includes interfaces on the VIP is configured.
- A different interface on the same VIP performs some type of fancy queueing such as committed access rate (CAR), policing, or Class-Based Weighted Fair Queueing (CBWFQ).
- Packets are locally switched between the MLP interface and the interface that is configured for fancy queueing.
Workaround: Stop the leak by removing fancy queueing from the VIP interface.
Alternate Workaround: Move the MLP interfaces to a different VIP that does not have an interface that performs fancy queueing.
•
Symptoms: FXO ports on a Cisco IAD2420 may cease to process inbound and outbound calls because a voice port is stuck in the "FXOGS_PARK" state.
Conditions: This symptom is observed on a Cisco IAD2420 voice gateway with FXO ports that runs Cisco IOS Release 12.2(15)T8, 12.3, or 12.3 T. The FXO ports are connected to the PSTN.
Workaround: Enter the shutdown command followed by the no shutdown command on the affected voice port.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Symptoms: A Layer 2 Tunneling Protocol (L2TP) network server (LNS) may not remove a per-user access control list (ACL) from the configuration. This situation may cause the memory of the LNS to be depleted, and the output of the show processes memory EXEC command may indicate that the "AAA Per-User" process holds most of the allocated memory.
Conditions: This symptom is observed on a Cisco router that functions as an LNS in a Large-Scale Dial-Out (LSDO) configuration when a per-user ACL is present in the RADIUS profile of the user.
Temporary Workaround: To free up memory, manually remove the per-user ACL by entering the no ip access-list extended virtual-access number global configuration command. The number argument consists of the numbers (for example, 2003#671) that are assigned by the Cisco IOS software when the ACL is created.
•
Symptoms: A router may reload unexpectedly after it attempts to access a low memory address.
Conditions: This symptom is observed after ACLs have been updated dynamically or after the router has responded dynamically to an IDS signature.
Workaround: Disable IP Inspect and IDS.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Cisco Internetwork Operating System (IOS) Software is vulnerable to a Denial of Service (DoS) attack from crafted IPv6 packets when the device has been configured to process IPv6 traffic. This vulnerability requires multiple crafted packets to be sent to the device which may result in a reload upon successful exploitation.
More details can be found in the security advisory, which is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050126-ipv6.shtml.
•
Symptoms: An alignment error may cause a Cisco router to reload unexpectedly.
Conditions: This symptom is observed under rare conditions (an "extreme corner case") on a MIPS-based Cisco platform or on a Versatile Interface Processor (VIP), port adapter, or line card that contains a MIPS processor. The symptom is not release-dependent and may occur in all Cisco IOS releases.
Workaround: There is no workaround. Further Problem Description: All Cisco 7500 VIPs and Cisco 7200 NPEs use MIPS- based processors. The following are additional platforms that use MIPS processors:
Cisco 2691, 3620, 3631, 3640, 3660, 3725, 3745, 4500, 4500-M, 4700, 4700-M, AS5300, AS5400, AS5450, AS5800 router shelf, AS5800 system controller (3640 based), 7120, 7140, UBR7100, UBR7200 - all NPEs, 7301, 7304, 7400, 6500 MSFC, 6500 MSFC2, 7600 MSFC, 7600 MSFC2, 10000, UBR10012, 12000 GRP, and most (if not all) 12000 line cards.
•
Symptoms: A Cisco voice gateway may use an incorrect codec payload value (that is different from the configured value) during media transmission after the call is transferred to a new endpoint.
Conditions: This symptom is observed on a Cisco voice gateway that runs Cisco IOS Release 12.2(15)T9 or Release 12.3 and that is configured to use H.323 as the VoIP protocol. The symptom occurs when the remote endpoint sends an H.245 EmptyCapabilitySet (ECS) message to initiate the call transfer (H.323 Version 4, Section 8.4.6) after the initial call establishment and then sends an H.245 OpenLogicalChannel (OLC) message before sending a new H.245 TerminalCapabilitySet (TCS) message.
Workaround: There is no workaround.
•
Symptoms: In Cisco IOS software that is running Multiprotocol Label Switching (MPLS), a router may reload after accessing a freed Label Information Base (LIB) entry. When the symptom occurs, an error message similar to the following is likely to precede the reload:
%TIB-3-LCLTAG: 10.10.10.10/10.10.10.10, tag advert; unexpected tag state=13
Conditions: This symptom is observed when a very uncommon timing of a Label Distribution Protocol (LDP) events occurs. The symptom may occur with LDP or Tagswitching Distribution Protocol (TDP).
Workaround: There is no workaround.
•
Cisco Internetwork Operating System (IOS) Software releases trains 12.0S, 12.1E, 12.2, 12.2S, 12.3, 12.3B and 12.3T may contain a vulnerability in processing SNMP requests which, if exploited, could cause the device to reload.
The vulnerability is only present in certain IOS releases on Cisco routers and switches. This behavior was introduced via a code change and is resolved with CSCed68575.
This vulnerability can be remotely triggered. A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS).
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml
•
Symptoms: On a Cisco IOS VoIP gateway, a memory leak may occur in the context of the VTSP process.
Conditions: This symptom is observed when there are low memory conditions and when translation rules are configured.
Workaround: Reload the gateway.
•
Symptoms: On a Cisco IOS VoIP gateway, a memory leak may occur in the context of the H.323 process.
Conditions: This symptom is observed when there are low memory conditions and when translation rules are configured.
Workaround: Reload the gateway.
•
Symptoms: A router with VOIP configured may experience a memory leak in VTSP.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(15)T10. The symptom may also occur in Release 12.3 and 12.3 T.
Workaround: There is no workaround.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Symptoms: A Cisco router may reload when 24 voice calls are successfully established and you enter the show interfaces privileged EXEC command followed by the show interface multilink number privileged EXEC command.
Conditions: This symptom is observed on a Cisco 2691, Cisco 3725 and Cisco 3745 that are configured with the following:
- Low-latency queueing (LLQ) or Resource-Reservation Protocol (RSVP) support for LLQ to prioritize the voice traffic.
- The G.711ulaw codec.
- A Voice + ATM Advanced Integration Module (AIM) (AIM-ATM-Voice-30) that is configured with a 2-port T1 Multi-Flex Trunk Voice/WAN interface card (VWIC- 2MFT-T1) for voice traffic.
- A 2-port serial WAN interface card (WIC-2T) that is used for WAN connectivity, that is configured with Multilink PPP (MLP) on its serial interfaces, and that has a WAN link speed of 2 Mbps.
Workaround: Disable LLQ or RSVP-support for LLQ.
•
Symptoms: A Cisco router may pause indefinitely when a Voice XML (VXML) dialog is initiated.
Conditions: This symptom is observed on a Cisco AS5350 router when a VXML dialog is initiated and standard VXML events (for example, help, nomathc, noinput, and error) are sent.
Workaround: There is no workaround.
•
Symptoms: TCCS clear-channel codec calls may not go through. The trunks may be up but the signaling information may not be communicated.
Conditions: This symptom is observed only when a medium complex codec is configured.
Workaround: Use a high complex codec, or use stun encapsulation for the D-channel.
•
Symptoms: A Cisco 7500 series with a multilink DLFI configuration may crash.
Conditions: This symptom is observed when an Ethernet packet is received on the RSP and is switched by the RSP to a DLFI multilink interface.
Workaround: There is no workaround.
•
Symptoms: A FlexWAN, enhanced FlexWAN, or Versatile Interface Processor that has a PA-MC-E3 or PA-MC-T3 installed may crash.
Conditions: This symptom is observed under rare conditions in a stress situation with dFLI and dCRTP configured.
Workaround: There is no workaround.
•
Symptoms: The following tracebacks can occur on a Route Processor (RP) console:
04:24:32:%ALIGN-3-SPURIOUS: Spurious memory access made at 0x619B6AD8 reading 0x10 04:24:32: %ALIGN-3-TRACE:
-Traceback= 619B6AD8 60EC5764 60EC58D0 60EDAC74 6037C6A8 6037C694 00000000 00000000Conditions: This problem is seen when a dLFIoATM interface flaps on a Cisco 7500 platform.
Workaround: There is no workaround.
•
Symptoms: On an LFI over ATM interface, ping does not work.
Conditions: This occurs only when distributed LFI over ATM is configured on a Cisco 7500 platform.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: After a router has reloaded, an ISDN PRI interface may not reestablish the proper layer 2 state.
Conditions: This symptom is observed on a Cisco router that communicates via Media Gateway Control Protocol (MGCP) with a Cisco CallManager that runs Release 3.3(2)spC.
Workaround: Enter the no mgcp global configuration command followed by the mgcp global configuration command.
Alternate Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the ISDN D channel.
•
Symptoms: A call from a remote client may be terminated at a Layer 2 Tunneling Protocol (L2TP) network server (LNS) that functions as a multihop node instead of being forwarded to a second LNS.
Conditions: This symptom is observed when the L2TP Tunnel Connection Speed Labeling feature is enabled in a multihop-node configuration in which an LNS functions as a multihop node that authenticates a user based on the connection speed of the user. When the connected Cisco Access Registrar (ARS) RADIUS server sends an Access-Accept message, the LNS should forward the L2TP session to a second LNS, but does not do so, causing the call to be terminated on the LNS itself.
Workaround: There is no workaround.
•
Symptoms: Software interface description blocks (IDBs) may become exhausted after an interface flaps repeatedly.
Conditions: This symptom is observed under the following conditions:
- PPP sessions go down.
- The same PPP sessions come back up and make use of a new IDB rather than the previously used IDB.
- A virtual-access interface is used rather than a virtual-access subinterface.
Workaround: There is no workaround.
•
Symptoms: When a call is not answered, no release cause value may be sent to the public switched telephone network (PSTN) leg and an incorrect release cause value of 102 may be sent to the voice over IP (VoIP) leg.
Conditions: This symptom is observed on a Cisco router that is configured for ISDN when a T301 timer expires. When a call is not answered, a release cause value of 19 ("No answer from user [user alerted]") should be sent to both legs.
Workaround: There is no workaround.
•
Symptoms: When a router running Cisco IOS Release 12.0S, 12.1, 12.2, or 12.2T receives a multilink packet with Protocol Field Compression (PFC) applied, the packet is not interpreted correctly, and is subsequently rejected. The following debug messages appear in the debug trace when the debug ppp negotiation command is enabled:
MLP: I UNKNOWN(192) [Not negotiated] id 0 len 0 LCP: O PROTREJ [Open] id 2 len 95 protocol MLPConditions: This symptom is observed when the router requests PFC during Link Control Protocol (LCP) negotiations and the peer applies PFC to its outbound packets. PFC is enabled by default on asynchronous serial interfaces, it is disabled by default on other interfaces.
Workaround: In Cisco IOS Release 12.2 and 12.2T, PFC can be disabled using the ppp pfc local forbid interface configuration command. In Release 12.0S and 12.1, there is no workaround.
Resolved Caveats—Cisco IOS Release 12.2(15)T11
Cisco IOS Release 12.2(15)T11 is a rebuild release for Cisco IOS Release 12.2(15)T. The caveats in this section are resolved in Cisco IOS Release 12.2(15)T11 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: The individual AAA periodic accounting update messages (Radius accounting messages with Acct-Status-Type=Watchdog) generated by an IOS gateway for each call leg (TDM and IP) of the same voice call may be sent to the Radius server more than 5 minutes apart due to the randomized timer algorithm used by the AAA message transmit function.
Conditions: The command aaa accounting update newinfo periodic is configured.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: When the following Open Shortest Path First (OSPF) MIB tables are queried via snmpwalk, some interfaces may not be displayed:
–
–
–
Conditions: This symptom is observed on any Cisco platform that runs OSPF.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: In a sniffer trace, the IP header checksum is incorrect and displays an incorrect IP version of 10 instead of 4.
Conditions: This symptom is observed when IP traffic is destined out of the native (untagged) VLAN and when matching policies that rewrite the class of service (CoS) value to 5 corrupt the IP header.
Workaround: Do not use the native VLAN.
•
Symptoms: After a "%VTSP-3-DSP_TIMEOUT" error message is generated, the affected digital signal processor (DSP) may not automatically recover.
Conditions: This symptom is observed on a Cisco IAD2420 series, but may not be platform specific.
Workaround: There is no workaround. To recover the affected DSP, reload the router.
•
Symptoms: A Cisco VG200 that has a transcoder and is configured with Cisco Conference Connection (CCC) has only one-way audio for certain callers.
Conditions: This symptom is observed under the following conditions:
- The Cisco VG200 software has been upgraded from Cisco IOS Release 12.1(5)YH4 to Release 12.2(13)T4.
- A conference call is in progress on the CCC server. All parties use the G.711u codec.
- An IP phone caller at a remote site, using the G.729a codec, calls the CCC server to join the ongoing conference call.
- The remote caller hears the prompt from the CCC server to enter the conference ID to join the ongoing conference.
- Once the remote caller is in the conference, the caller cannot hear the other participants, but all other G.711u codec participants can hear the caller.
Workaround: Use Cisco IOS Release 12.1(5)YH4.
•
Symptoms: An outgoing label may not be installed in the Label Forwarding Information Base (LFIB) for an IP version 4 (IPv4) prefix.
Conditions: This symptom is observed when the prefix is learned via a Border Gateway Protocol (BGP) session. This situation may occur when the prefix is deleted in the Label Information Base (LIB) and not allocated to any local label binding.
Workaround: There is no workaround.
•
Symptom: A Cbus Complex may occur and the packet memory may be recarved, causing a temporary disruption in service.
Conditions: This symptom is observed on a Cisco 7500 series when you install an 8-port multichannel T1/E1 PRI port adapter (PA-MC-8TE1+) or an enhanced 2-port T1/E1 high-capacity port adapter (PA-VXC-2TE1+) and when you configure the port adapter via the command-line interface (CLI) for E1 or T1.
Workaround: There is no workaround. Try to install the port adapter during a maintenance window.
•
Symptoms: A Cisco IAD2420 may reload unexpectedly when a watchdog timeout occurs in the voice telephony service provider (VTSP) process.
Conditions: This symptom is observed during normal processing of calls in the local-bypass mode.
Workaround: There is no workaround.
•
Symptoms: Incorrect tags may be imposed after a route has flapped.
Conditions: This symptom is observed on a Cisco router that functions in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment.
Workaround: There is no workaround.
•
Symptoms: One-way audio may occur during a phone call: a user on the public switched telephone network (PSTN) side may not hear a Cisco IP SoftPhone user.
The output of debug command and sniffer traces do not indicate any packets drops, and when you listen to the sniffer trace, there seems to be two-way audio.
Symptoms: This symptom is observed when the Cisco IP SoftPhone calls the PSTN via a Cisco VG200 series that runs Cisco IOS Release 12.2(15)T7 or Release 12.3.
Workaround: There is no workaround. Note that the symptom does not occur in Release 12.2(11)T2.
•
Symptom: When multiple dial peers are configured with different translation rules that are used one the same call, the authentication, authorization, and accounting (AAA) accounting records do not show accurate information of the translated called number.
Conditions: This symptom is observed on a Cisco AS5350 and a Cisco AS5400 when the outbound dial peers have translation rules configured and when multiple dial peers are used for and outbound call because of dial-peer hunting. The symptom does not occur on a Cisco AS5300.
Workaround: Analyze the call by using the correct number that is contained in the gw-final-xlated-cgn vendor-specific attribute (VSA) that is part of the stop record for the RADIUS server.
Further Problem Description: When a universal gateway such as a Cisco AS5350 or Cisco AS5400 receives a call via time-division multiplexing (TDM), and this call needs to be forwarded via Voice over IP (VoIP), the universal gateway tries the first dial peer, which translates the called number and adds a prefix to it. When this call does not go through, the universal gateway tries a second dial peer via dial-peer hunting. This second dial peer translates the number and adds a different prefix to it.
There is a start and stop record for each dial peer:
- The start record for the first dial peer contains the called station ID with the translated number and the first prefix, and there a stop record for the first dial peer.
- There is a start record for the second dial peer, but it contains the called station ID with the prefix of the first dial peer.
Although the number is translated and properly sent, the AAA records are incorrectly populated.
•
Symptoms: There is no memory for the expanded TFIB PSA. The label allocation fails with an error message shown below and followed by a memory traceback.
%TAGCON-3-LCLTAG_ALLOC: Cannot allocate local tag
%TFIB-2-MEMORY: No memory for expanded TFIB PSA -Traceback=Conditions: This problem can only been in the RPMXF platform and only when the label space has been exhausted to the maximum level supported by the platform or is about to be exhausted (only a few hundred labels are available) and the TFIB table is expanded further.
Work-around: Configure mpls label range 16 101900 on the conf-t level to avoid this error message for RPMXF platform.
•
Symptoms: The MAXIMUM MTU with Df set across an L2TP MPLS VPN is 1460(df set); any ping larger than 1460 failed. In this case, the physical layer MTU is 1500.
Condition: This issue is observed on LES platforms when the router is performing MPLS operations as well as acting as a L2TP Network Server (LNS). The received MPLS packet is dropped while trying to inject into the L2TP tunnel. This issue is observed only in LES platforms like the Cisco 3600 series routers and the Cisco 4500 series routers.
Workaround: Besides the issue with 1460 bytes and above ping packets with DF bit set, the traffic of packets between 1460 and 1500 bytes can be made possible, by fragmenting the tagged packets before the transmission.
Configure mpls mtu 1450 on the router in the MPLS cloud before the MPLS packet reaches the router that injects the packet into the L2TP tunnel.
•
Symptoms: A Cisco 7500 series that functions as a provider edge (PE) router may fail to receive an Internet Control Message Protocol (ICMP) echo message on a Multilink PPP (MLP) ingress interface.
Conditions: This symptom is observed on a Cisco 7500 series when Virtual Private Network (VPN) routing/forwarding (VRF) is configured on the MLP interface.
Workaround: There is no workaround.
•
Symptoms: A gateway that receives a mid-call invite message with a missing contact header may respond with a "400 Bad Request" message, causing the call to be terminated. This is improper behavior.
Conditions: This symptom is observed on a Cisco gateway that runs Cisco IOS Release 12.2(15)T, 12.3, or 12.3 T.
Workaround: There is no workaround.
•
Symptoms: A Cisco Session Initiation Protocol (SIP) gateway does not use calling information that is contained in the Remote-Party-ID header. A traceback may be observed and the following error is displayed in the output of the debug ccsip error privileged EXEC command:
sippmh_parse_remote_party_id: syntax error in Remote-Party -ID headerConditions: This symptom is observed on a Cisco SIP gateway that runs Cisco IOS Release 12.2(13)T, 12.3, or 12.3 T and occurs when the gateway receives an initial INVITE message with a Remote-Party-ID header that contains the "other" parameters in the header. The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: Tag entries may be missing on a Versatile Interface Processor (VIP).
Conditions: This symptom is observed on a Cisco 7500 series that has distributed Cisco Express Forwarding (dCEF) enabled.
Workaround: Enter the clear cef linecard user EXEC or privileged EXEC command.
•
Symptoms: Hairpin voice calls that are made via recEive and transMit (E&M) wink on multiple channels may cause digital signal processors (DSPs) to time out. The output of the show voice dsp privileged EXEC command may show "-1" followed by "DSP_TIMEOUT."
Conditions: This symptom is observed on a Cisco IAD2420 series. The symptom does not occur with plain old telephone system (POTS) calls, nor does it occur on a Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series.
Workaround: Enter the voice dsp allocation round-robin global configuration command.
•
Symptoms: A terminating gateway (TGW) that receives a group B backward signal 5 (B5 signal) from a terminating switch that is configured for R2 signaling may map the B5 signal to cause value 42 ("Switching equipment congestion") in the H.225 Release Complete message. This is improper behavior: the B5 signal should be mapped to cause value 1 ("Unallocated [unassigned] number").
Conditions: This symptom is observed on a Cisco platform that functions as a TGW.
Workaround: There is no workaround.
•
Symptoms: A gatekeeper that is configured for H.323 version 4 (H.323v4) may not insert service IDs in an Admission Rejection (ARJ) message to an H.323v4 gateway.
Conditions: This symptom is observed on a Cisco platform that functions as a gatekeeper and that receives service IDs from a route server but does not include the service IDs in the ARJ message to the H.323v4 gateway.
Workaround: There is no workaround.
•
Symptoms: When an originating gateway (OGW) receives an R2 Group II signal that is equal to 5 from an incoming E1 R2 trunk, the OGW may map this signal to a generic transparency descriptor (GTD) ISDN User Part (ISUP) calling party category (CPC) that is equal to 6. This is improper behavior: the R2 Group II signal that is equal to 5 should be mapped to a GTD ISUP CPC that is equal to 29.
Conditions: This symptom is observed on a Cisco AS5xxx platform that functions as an OGW with an R2 interface and that uses GTD for signaling transparency across an H.323 Voice over IP (VoIP) network.
Workaround: There is no workaround.
•
Symptoms: A router may reload unexpectedly when packets are tag switched.
Conditions: This symptom is observed when a Bridge-Group Virtual Interface (BVI) is created after the router has booted up, when IP packets are received through the BVI, and when these IP packets are forwarded as Multiprotocol Label Switching (MPLS) packets through another interface.
Workaround: Disable tag switching on the BVI interface by entering the tag-switching ip interface configuration command followed by the no tag-switching ip interface configuration command.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Symptoms: At 12 cps, the following message is seen on the V4 GK: ASSERT failed: line 9900 in file ../mm/gk/gk_rassrv_util.c
Conditions: An external server is using the GKTMP interface to communicate with the gatekeeper and the gatekeeper is configured with "send-cisco-circuit-info".
Workaround: There is no workaround.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Symptoms: The show flash-filesystem EXEC command and the dir filesystem EXEC command may not work properly on a Cisco 2600XM, preventing you from seeing the flash images.
In addition, the copy destination url flash: EXEC command may fail when the erase option is not selected (that is, you type in no when you are asked if you want to erase the device). The copy destination url flash: EXEC command functions fine when you do select the erase option.
Conditions: These symptoms are observed on a Cisco 2600XM that is configured with a particular third-party vendor 16-MB SIMM. Note that the router is still functional with this SIMM; you can boot or reload the router, perform a TFTP download operation, and similar actions without any difficulty.
Workaround: There is no workaround.
•
Symptoms: The outgoing label for a prefix that is received through Border Gateway Protocol (BGP) IP version 4+ (IPv4+) labels may not be installed in the Tag Forwarding Information Base (TFIB).
Conditions: This symptom is observed if the router that performs a BGP IPv4+ label exchange receives a label withdraw request for an MPLS label from a BGP peer that is followed by a readvertisement of the label. This symptom occurs if the no mpls ip global configuration command followed by the mpls ip global configuration command is executed on the peer router; however, the label withdraw request may be triggered in other ways also.
Workaround: Enter the clear ip route prefix EXEC command to correct the symptom.
•
Symptoms: A provider edge (PE) router may reload when packets are forwarded while a remote Virtual Private Network (VPN) prefix is being reresolved.
Conditions: This symptom is observed when the MPLS VPN—Inter-AS—IPv4 BGP Label Distribution feature is configured for option 4, that is, for a non-VPN transit provider and a multi-hop external Border Gateway Protocol (eBGP) connection between route reflectors (RRs).
Workaround: For the exchange of PE loopback addresses between autonomous systems, do not use eBGP with IPv4 label distribution. Rather, configure redistribution into Interior Gateway Protocol (IGP) or static routes.
Resolved Caveats—Cisco IOS Release 12.2(15)T10
Cisco IOS Release 12.2(15)T10 is a rebuild release for Cisco IOS Release 12.2(15)T. The caveats in this section are resolved in Cisco IOS Release 12.2(15)T10 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: Open Shortest Path First (OSPF) database packets may be exchanged with an invalid length. Error messages may indicate an invalid packet length and bad checksum.
Conditions: This symptom is observed on a Cisco 7500 series that is running the rsp-js-mz image of Cisco IOS Release 12.2(13)T.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 series may generate a "%SYS-2-LINKED: Bad requeue" message. Following this message and after a time of operation, memory fragmentation occurs and the router reloads.
Conditions: This symptom is observed on a Cisco 7200 series that is running Cisco IOS Release 12.2(11)T.
Workaround: There is no workaround.
•
Symptoms: A Cisco Virtual Home Gateway (VHG) may fail to download authentication, authorization, and accounting (AAA) attributes that contain remote virtual templates.
Conditions: This symptom is observed when using the "Per VRF AAA part II Using a Remote RADIUS Customer Template" setup.
Workaround: There is no workaround.
•
Symptoms: Protocol translation sessions that require RADIUS authentication may fail to propagate class-attribute or state- attribute information in subsequent authentication and accounting packets.
Conditions: This symptom is observed in Cisco IOS Release 12.2(4)T or a later release.
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: When a Cisco router reloads, the ATM permanent virtual circuit (PVC) status remains inactive (INAC) even though the ATM subinterface is in an UP/UP state. The following message may be displayed when you enter the debug atm errors privileged EXEC command:
ATM(ATMx/x/x):point-to-point interface does not have a VCDConditions: This symptom is observed on a Cisco 7500 series router with a PA-A3 port adapter.
Workaround: Enter the no shutdown interface configuration command on the ATM interface.
IP Routing Protocols
•
Symptoms: When you enter the distribute-list in router configuration command on a Cisco Route Switch Processor 4+ (RSP4+), the system returns to ROM by bus error at PC 0x605FBA3C, address 0xEF4321D9.
Conditions: The symptom is observed on a Cisco RSP4+ in the generic IP routing table code, and occurs across all routing protocols. It is a day one race condition situation and may occur when the CPU is under severe load.
Workaround: There is no workaround.
•
Symptoms: Multicast traffic may get dropped by a Cisco router that is running in dense mode. (Note that all routers have the multicast group in a pruned state even though interested receivers are present.)
Conditions: This symptom is observed when a T-flag is incorrectly set on an (S,G) entry.
A process that is used by dense mode and that is called an Assert process (referred to as Assert) is triggered, causing a designated forwarder (referred to as an Assert winner) to be elected. The Assert winner forwards multicast traffic onto a multiaccess segment when there is more than one router on the segment. If the router that becomes the Assert winner has the T-flag incorrectly set because traffic arrives on its outgoing interface (OIF) rather than on its incoming interface (IIF), multicast traffic is dropped as a result of Reverse Path Forwarding (RPF).
The Assert winner is based on the lowest administrative distance that is required to reach the source. When administrative distances are equal, the Interior Gateway Protocol (IGP) metric is used to determine how to reach the source. When both the administrative distance and the IGP metric are equal, the router with the highest IP address is used as a tiebreaker.
Possible Workaround: Disable Protocol Independent Multicast (PIM) on the interface of the Assert winner that has incorrectly set the T-flag on its (S,G) entry as a result of receiving traffic on its OIF rather than on its IIF.
First Possible Alternate Workaround: Enter the ip mroute source-address rpf-address distance global configuration command with a value of 255 for the distance argument on the Assert winner.
Second Possible Alternate Workaround: Configure the ip pim sparse- mode interface configuration command on the interface of the Assert winner to prevent the interface from operating in dense mode.
•
Symptoms: In a large Border Gateway Protocol (BGP) Open Shortest Path First (OSPF) environment, the OSPF neighbors may go down when the BGP link flaps and a large number of BGP routes are flushed out of the route table or are repopulated.
Conditions: The conditions under which this symptom occurs seem to depend upon when the BGP configuration is applied to the router. There is no OSPF neighbor drop if the router reloads without the BGP configuration and BGP is added after the router reloads. However, the router drops OSPF neighbors when a BGP link flaps if BGP is already configured before the router is reloaded.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: If distributed Cisco Express Forwarding (dCEF) is configured on a generic routing encapsulation (GRE) provider edge (PE) router, IP packets are ignored and dropped on the Versatile Interface Processor (VIP) interface.
Conditions: This symptom is observed on a Cisco 7500 series that is running Cisco IOS Release 12.2(12.14)T.
Workaround: Use Cisco Express Forwarding (CEF).
•
Symptoms: A spurious memory access may occur on the Versatile Interface Processor (VIP) of a Cisco 7500 series, even though the VIP does not reload.
Conditions: This symptom is observed when Multiprotocol Label Switching (MPLS) forwarding is enabled.
Workaround: There is no workaround.
•
Symptoms: When polling the cbQosREDClassStatsTable of the CISCO-CLASS-BASED-QOS-MIB, spurious memory accesses may occur on all platforms. A Cisco 3640 router platform may also reboot. The spurious memory accesses may be reproduced (but not always) when polling the above-mentioned table by way of Simple Network Management Protocol (SNMP).
Conditions: This symptom is observed on Cisco 2600 series, Cisco 3600 series, and Cisco 7200 series routers that are running Cisco IOS releases including Release 12.2(8)T, Release 12.3, and Release 12.3 T.
Workaround: Prevent the router from answering to queries on the bQosREDClassStatsTable by implementing the following SNMP view in the router configuration:
snmp-server view qos internet included
snmp-server view qos 1.3.6.1.4.1.9.9.166.1.20.1 excluded
snmp-server community <your_read_community_string> view qos RO•
Symptoms: A first call into the standard prepaid Tool Command Language (Tcl) application version 2.0.2.6 is successful, but all subsequent calls may encounter a busy signal.
Conditions: This symptom is observed when the application is configured on E1R2 trunks. The application works fine with PRI trunks.
Workaround: There is no workaround.
•
Symptoms: A Parallel Express Forwarding (PXF) network processor may reload and generate the following error messages:
%PXF-2-EXCEPTION: PXF exception on unit tmc.
%PXF-2-RESTARTED: PXF tmc restarted.Conditions: This symptom is observed on a Cisco 7200 series that is configured with a Network Service Engine-1 (NSE-1) and on a Cisco 7400 series. The symptom occurs when the router receives a large number of streaming video feeds.
Workaround: Disable PXF by entering the no ip pxf global configuration command.
•
Symptoms: A Cisco router may reload when the configuration of the police QoS policy-map class configuration command is updated.
Conditions: This symptom is observed on a Cisco 800 series.
Workaround: There is no workaround.
•
Symptoms: A Cisco router with ATM interface(s) with Address Resolution Protocol (ARP) enabled may experience alignment corrections as shown below:
%ALIGN-3-CORRECT: Alignment correction madeConditions: This symptom is observed on a Cisco 7200 series router but is not platform dependent.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5850 router may have high CPU usage in the IP input process because voice packets are punted from the line cards to the Route Switch Controller (RSC) card. To verify this symptom, enter the show interface type number stat EXEC command. The following output from the show interface command indicates that the entry for packets out (Pkts Out) in the "Distributed cache" field is 0.
Router#show interface g6/0 stat
GigabitEthernet6/0
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 752 56786 25 3267
Route cache 0 0 3120 666090
Distributed cache 3019 644372 0 0
Total 3771 701158 3145 669357Conditions: This symptom is observed on a Cisco AS5850 that handles voice calls. The symptom is not observed on the Cisco AS5850 with modem calls.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that functions in a Multiprotocol Label Switching (MPLS) environment may reload unexpectedly with a bus error.
Conditions: This symptom is observed under rare circumstances when the router attempts to send an Internet Control Message Protocol (ICMP) packet that was triggered by an MPLS packet.
Workaround: There is no workaround.
•
Symptoms: When two or more phone calls (Foreign Exchange Office [FXO] or BRI) are set as "hold" and "hold," or "resume" is repeated by one of the calls, an input queue wedge may occur.
Conditions: This symptom is observed on a Cisco voice gateway that is running Cisco IOS Release 12.2(15)T1 and that has multicast for Music on Hold (MOH) configured.
Workaround: Enable Protocol Independent Multicast (PIM) on the voice gateway.
Alternate Workaround: Use unicast MOH.
Second Alternate Workaround: Reboot the router. Entering the clear interface EXEC command and the shutdown interface configuration command followed by the no shutdown interface configuration command does not clear the input queue wedge.
•
Symptoms: When you enter the copy running-config startup-config EXEC command or any other command that affects the configuration, the copy process may not be successful or the configuration may not be saved, and a "File table overflow" error message may be generated. After this situation has occurred, any other file-operation attempts will fail too with a "File table overflow" error message.
Conditions: This symptom is observed on a Cisco router that is configured with dual Route Processors (RPs) and that runs Cisco IOS Release 12.0(23)S2 when you enter any command that affects the configuration while the show running-config EXEC command is being executed, which takes a relatively long time when the running configuration is large.
To clear the symptom, reload the router.
Workaround: Do not enter any command that affects the configuration while the show running-config EXEC command is being executed.
•
Symptoms: E1 R2 calls may fail on a Cisco router.
Conditions: This symptom is observed on a Cisco AS5850 router that is running Cisco IOS Release 12.3(2)T.
Workaround: There is no workaround.
•
Symptoms: An interface of a Cisco router may not be able to receive traffic that is destined for an address that is configured on the router.
Conditions: This symptom is platform independent and occurs only when there is a route in a different VPN routing and forwarding instance (VRF) that is attached or connected to the interface. This may occur when the route has been exported from one VRF to another or when a static route in a VRF points to the interface.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
•
Symptoms: All of the extended Multiprotocol Label Switching (MPLS) ATM (XTagATM) interfaces may flap on a label switch controller (LSC).
Conditions: This symptom is observed when an edge label switch router (LSR) resets or when ATM Services (AXSM) trunks flap.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload unexpectedly.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(17), later releases of Release 12.2, or Release 12.3. The interface of the router has an output service policy attached, and the bandwidth interface configuration command or the fair-queue interface configuration command is configured in the policy map attached by the service-policy router configuration command. The traffic is flowing through the interface at a fast rate. The router reloads under the following conditions:
–
–
–
In all three situations, a service policy that is configured with the bandwidth or fair-queue command is attached to the interface.
Workaround: Shut down the interface before issuing the above commands. Enable the interface again after issuing the commands.
•
Symptoms: Network authorizations may fail for locally authenticated sessions.
Conditions: This symptom is observed for network authorizations for PPP sessions if the user is authenticated locally and the authorization method list contains the radius keyword.
Workaround: Use separate lists for local and RADIUS authorization.
•
Symptoms: A label may not be assigned for a peer provider edge (PE) router.
Conditions: This symptom is observed on a Cisco 7500 series and a Cisco 12000 series in a Virtual Private Network (VPN) configuration with multiple route reflectors (RRs) and label controlled ATM (LC-ATM) links between PE routers. The symptom may also occur on other platforms.
Workaround: There is no workaround.
•
Symptoms: When a gateway that is in Media Gateway Control Protocol (MGCP) fallback mode reloads, no calls can be made, nor can calls be received. When the gateway comes up again, all controllers including a serial controller are automatically shut down. When you turn off auto configuration and reload the router again, you can make calls, but you still cannot receive calls.
Conditions: These symptoms are observed on a Cisco 3745 that functions as a gateway and that runs MGCP.
Workaround: There is no workaround.
•
Symptoms: A 1-port multichannel STM-1 port adapter (PA-MC-STM-1) may report huge numbers of degraded minutes on an E1 controller. For example, after 15 minutes of operation since startup, 35,000,000 degraded minutes may be reported and these values may increase every second. Code violations may also be reported.
Conditions: These symptoms are observed on a Cisco router in which a PA-MC-STM-1 is installed.
Workaround: There is no workaround. However, the traffic is not affected, and the symptom is of a cosmetic nature.
•
Symptoms: A Foreign Exchange Office (FXO) port on a Cisco 3600 series may lock up and not process any calls.
To determine if the port is locked up, enter the show voice port summary EXEC command and look for a port that is in the "up, up, idle, on-hook" state, as in the following example:
IN OUT
PORT CH SIG-TYPE ADMIN OPER STATUS STATUS EC
========= == ============ ===== ==== ======== ======== ==
2/0/0 -- fxo-ls up up idle on-hook yConditions: This symptom is observed when the port processes a moderate traffic load.
Workaround: Enter the shutdown port configuration command followed by no shutdown port configuration command on the affected port.
•
Symptoms: A Cisco router that is running IP over Multiprotocol Label Switching (MPLS) may reload when the Label Distribution Protocol (LDP) responds to the creation of a new session.
Conditions: This symptom is observed when the router is operating under extremely stressful conditions that cause the CPU utilization to be close to 100 percent. This situation rarely occurs.
Workaround: There is no workaround.
•
Symptoms: Subinterfaces that are not configured for policing may randomly drop packets.
Conditions: This symptom is observed when modular QoS CLI (MQC) class-based policing is configured on an Inter-Switch Link (ISL) subinterface and when there are other ISL subinterfaces that are not configured for policing.
Possible Workaround: Remove the quality of service (QoS) policy with class-based policing from the ISL subinterface.
•
Symptoms: An originating gateway (OGW) may incorrectly insert the calling number information element (IE) in an H.225 call setup message to the terminating gateway (TGW).
Conditions: This symptom is observed on a Cisco AS5400 that functions as an OGW. The symptom occurs only for calls from an H.323-Version 4 OGW to an H.323-Version 2 TGW when the following conditions are present:
–
–
–
Workaround: There is no workaround.
•
Symptoms: A Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) provider edge (PE) router that is running distributed Cisco Express Forwarding (dCEF) may have high memory usage and memory allocation failures when dCEF is disabled and then reenabled.
Conditions: This symptom is observed on a PE router that has a large number of VPN routes (over 30,000) in a VPN routing/forwarding (VRF) table when CEF is disabled and then reenabled.
Further Problem Description: View the output of the show processes memory EXEC command to verify that the CEF process memory usage increases.
Workaround: Reload the router.
•
Symptoms: An incorrect MAC encapsulation string in a Multiprotocol Label Switching (MPLS) forwarding table on a provider edge (PE) router causes traffic to go down.
Conditions: This symptom is observed on a cell-based Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) that rebuilds the MPLS forwarding table after traffic stops on a PE router.
Workaround: Enter the clear ip route network EXEC command on the PE router that has the traffic problem.
Alternate Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface command on the MPLS interfaces of the problem PE.
•
Symptoms: R2 International Telecommunication Union (ITU) base variants do not apply the correct mapping for the following two ISDN or ISDN User Part (ISUP) cause values (CVs):
CV#04 - Send Special Information Tone
CV#28 - Invalid Number Format (Address Incomplete)
Conditions: This symptom is observed on Cisco gateways that are configured with ISDN and Redundant Link Manager (RLM) and that have R2-ITU trunks.
Workaround: There is no workaround.
•
Symptoms: The node of a local Label Switch Controller (LSC) that is part of a Multiprotocol Label Switching (MPLS) cell-based network may observe the following symptoms:
–
–
–
–
–
–
Conditions: These symptoms are observed on the LSC of a Cisco MGX Route Processor Module (MGX-PRM-PR-512) that is running Cisco IOS Release 12.2(15) T4a.
Workaround: From the node of the local LSC that is observing the symptoms, enter the clear ip route network EXEC command.
•
Symptoms: Some virtual circuit (VC) information is missing in the Simple Network Management Protocol (SNMP) MIB object cAal5VccEntry from the output of the snmpwalk router configuration command. The ATM VCs 0/100, 0/200, and 0/500 exist on the router but are missing in the MIB.
Conditions: This symptom is observed on a Cisco 7513 router that is running a special image of Cisco IOS Release 12.2(15)T5.
Workaround: Enter the show atm vc privileged EXEC command on the same device to obtain a complete list of all the VCs.
•
Symptoms: The SONET MIB data may not be updated. You can verify this situation in the output of the show controllers sonet EXEC command.
Conditions: This symptom is observed on a Cisco router that is configured with a 1-port multichannel STM-1 port adapter.
Workaround: There is no workaround.
•
Symptoms: A line card may reload when header compression is disabled.
Conditions: This symptom occurs when header compression is disabled when the show ip rtp header-compression command is executed from another window and is waiting on "more."
Workaround: Do not disable header compression in the middle of enabling the show ip rtp header-compression command.
•
Symptoms: An output service policy with a police feature may be rejected, and the following error message may be generated:
Cannot attach flat policy to pvc/sub-interface. Hierarchical policy with shape in class-default is recommendedConditions: This symptom is observed when the output service policy is attached to multiple subinterfaces.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7206VXR may reload when there is a high E1 PRI call load.
Conditions: This symptom is observed on a Cisco 7206VXR that runs the c7200-is-mz image of Cisco IOS Release 12.3(3) or Cisco IOS Release 12.3(2)T.
Workaround: There is no workaround.
•
Symptoms: A Versatile Interface Processor (VIP) may reload, and the following error message may be logged:
%RSP-2-QAERROR: reused or zero link errorAfter the message has been logged, all VIPs in the router may reload.
Conditions: These symptoms are observed on a Cisco 7500 series that is running Cisco IOS Release 12.2 T and that has the service single-slot-reload- enable global configuration command enabled.
Workaround: There is no workaround.
•
Symptoms: If an online insertion and removal (OIR) occurs on the slot of a line card with interprocess communications (IPC) traffic running, the forwarding information base (FIB) on the other slots or on a secondary route processor (RP) may be disabled.
The following error messages are logged on the router:
%OIR-6-REMCARD: Card removed from slot 0, interfaces disabled
%HA-5-SYNC_NOTICE: OIR sync started.
%HA-5-SYNC_NOTICE: OIR sync completed.
%OIR-6-INSCARD: Card inserted in slot 0, interfaces administratively shut down
%SYS-3-CPUHOG: Task is running for (2000)msecs, more than (2000)msecs (1/1),process = OIR Handler.
-Traceback= 4043F544 404D667C 404D7698 404EEB94 404E01B4
%SYS-3-CPUHOG: Task is running for (4000)msecs, more than (2000)msecs (1/1),process = OIR Handler.
-Traceback= 404D6680 404D7698 404EEB94 404E01B4
%SYS-3-CPUHOG: Task is running for (6000)msecs, more than (2000)msecs (1/1),process = OIR Handler.
-Traceback= 4043F56C 404D667C 404D7698 404EEB94 404E01B4
%SYS-3-CPUHOG: Task is running for (8000)msecs, more than (2000)msecs (1/1),process = OIR Handler.
-Traceback= 404D6680 404D7698 404EEB94 404E01B4
%HA-5-SYNC_NOTICE: OIR sync started.
%FIB-3-FIBDISABLE: Fatal error, slot/cpu 2/0: IPC Failure: timeout <<< <<<<<<< !!!!Conditions: This symptom is observed on a Cisco Route Switch Processor (RSP) router that is running Cisco IOS software.
Workaround: There is no workaround. The FIB may be reenabled by entering the no ip cef distributed global configuration command followed by the ip cef distributed global configuration command.
Wide-Area Networking
•
Symptoms: The "change password" feature may not work when using Cisco Secure and Windows Client.
Conditions: This symptom occurs when the client times out and sends multiple change password requests before it gets a response for the first request.
Workaround: There is no workaround.
•
Symptoms: A PPP renegotiation may fail with a Subscriber Service Switch (SSS) on legacy sessions.
Conditions: This symptom is observed on the serial line of a Cisco 7200 series or on a Cisco 2600 series that is configured with the vpdn enable global configuration command when the configuration is changed. The PPP renegotiation fails when the peer does not correctly switch the post-link-control-protocol (post-LCP) configuration requirements.
Workaround: Shut down the interface before changing the configuration.
•
Symptoms: After some duration the NAS will crash running MSCHAP or MSCHAP V2. It is not certain whether this may be timing influenced by async calls or something specific to the AS5400.
Conditions: This symptom is observed on a Cisco AS5400.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.2(15)T9
Cisco IOS Release 12.2(15)T9 is a rebuild release for Cisco IOS Release 12.2(15)T. The caveats in this section are resolved in Cisco IOS Release 12.2(15)T9 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: If you enter the show chunk command at the command-line interface (CLI), a router may reload.
Conditions: This symptom is observed on all Cisco platforms that use nondata chunks (for example, when chunk creation is used as a flag).
Workaround: There is no workaround.
•
Symptoms: The memory that is held by the "RTT Responder" process may increase, as is indicated by the amount of memory in the "Hold" column in the output of the show processes memory include {rtt | pid} EXEC command.
Conditions: This symptom is observed when many jitter probes are sent simultaneously to the same destination port.
Workaround: Do not use the same destination port for all the probes.
First Alternate Workaround: To free memory once in a while, enter the no rtr responder global configuration command followed by the rtr responder global configuration command.
Second Alternate Workaround: Lower the duration of the probes.
•
Symptoms: A PC that is running Tactical Software DialOut/EZ software may halt data transfer.
Conditions: This symptom is observed with Tactical Software DialOut/EZ software that is running on a PC and a modem that is attached to a Cisco AS5300 that is running Cisco IOS software. The Cisco IOS software may lower the Data Set Ready (DSR) Data Carrier Detect (DCD) with a Clear To Send (CTS) message to the PC side. This causes the PC to halt data transfer.
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: Some permanent virtual circuits (PVCs) may not come up when autoprovision is enabled.
Conditions: This symptom is observed on a Cisco ATM port adapter (PA-A6) when autoprovision PVC and autosense are configured.
Workaround: Enter the clear interface atm EXEC command to reset the interface.
IP Routing Protocols
•
Symptoms: Selective Packet Discard (SPD) with an IP precedence of 6 and 7 may not function correctly. Packets may be treated as nonpriority packets. SPD is used when a queue is filling (for example, because of a flap or change) and routing traffic must be guaranteed a high priority and not dropped while the interface recovers. In this situation, routing traffic with an IP precedence of 6 and 7 is not given proper priority, and the recovery process may be delayed.
Conditions: This symptom is observed with incoming traffic on any interface of a Cisco 7200 series and may be observed on other Cisco platforms as well.
Workaround: There is no workaround.
•
Symptoms: A ping may not be sent from the router that generates the ping.
Conditions: This symptom is observed when the ping originates from a Cisco router that has a virtual access interface as the only interface that is configured for IP.
Workaround: Configure IP on any physical interface of the router, in addition to the virtual access interface.
•
Symptoms: A Cisco router may reload if it is low on processor memory and Simple Network Management Protocol (SNMP) get operations are performed on Open Shortest Path First (OSPF) MIBs.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(8)YW, Release 12.2(8)YY, Release 12.2 T, Release 12.3, or Release 12.3 T.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: A Cisco 7500 series router that acts as the penultimate hop of the backup Label Switched Path (LSP) and that is configured with the mpls traffic-eng signalling interpret explicit-null verbatim router configuration command may have the primary LSP go down when Fast ReRoute (FRR) is enabled on the router.
Conditions: This symptom is observed on a Cisco 7500 series that has Multiprotocol Label Switching (MPLS) traffic engineering (TE) configured.
Workaround: Do not configure the mpls traffic-eng signalling interpret explicit-null verbatim router configuration command.
•
Symptoms: After a few weeks of normal operation, the interface on a Cisco PA- MC-8E1 begins flapping and finally pauses with the output queue stuck as follows:
Serial1/1:1 is up, line protocol is up
Encapsulation HDLC, crc 16, Data non-inverted
Keepalive set (120 sec)
Last input 00:00:03, output 04:14:23, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 21952
Queueing strategy: weighted fair
Output queue: 30/4000/64/21855 (size/max total/threshold/drops)
30 second input rate 0 bits/sec, 0 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
43903807 packets input, 3646461183 bytes, 0 no buffer
Received 0 broadcasts, 321 runts, 0 giants, 0 throttles
5160 input errors, 4 CRC, 0 frame, 0 overrun, 0 ignored, 2945 abort
42026998 packets output, 2185017012 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
31 carrier transitions
no alarm present
Timeslot(s) Used:1-31, subrate: 64Kb/s, transmit delay is 0 flagsThe following traceback is observed in the log:
%LINK-4-TOOBIG: Interface Serial60:1, Output packet size of 1526 bytes too big Traceback= 0x604007F8 0x604A927C 0x6084E4D4 0x6057425C 0x60CE921C 0x60CE55EC %LINK-4-TOOBIG: Interface Serial20:1, Output packet size of 1526 bytes too big Traceback= 0x604007F8 0x604A927C 0x6084E4D4 0x6057425C 0x60CE921C 0x60CE55ECConditions: This symptom is observed on a Cisco router that is configured with a PA-MC-8E1 interface.
Workaround: There is no workaround.
•
Symptoms: An H.323 gatekeeper sends an admission rejection (ARJ) to an admission request (ARQ) that contains the destination IP address of the remote endpoint on the ARQ.
Conditions: This symptom is observed after an upgrade occurs from Cisco IOS Release 12.2(7c) to Release 12.2(13)T.
Workaround: Configure aliases on both source and terminating endpoints.
•
Symptoms: A Cisco router may occasionally reload because of a parser cache manipulation.
Conditions: This symptom is observed on a Cisco router when many virtual access interfaces are created on the router or are recreated after they have been deleted from the router.
Workaround: The router may not reload if you use the no parser cache global configuration command; however, the creation and deletion of virtual access interfaces may slow down and configuration processing in general may also slow down after you have entered this command.
•
Symptoms: PPP over Ethernet (PPPoE) or PPP over ATM (PPPoA) sessions that go down may cause a leak of full virtual-access interfaces. The symptom is not observed with configurations that use virtual-access subinterfaces.
Conditions: This symptom is observed with PPPoE or PPPoA sessions that clear because of the PPP protocol going down (because of a termination request [TERMREQ] from a peer router or a PPP keepalive failure). The leaked virtual-access interfaces are not reused for new sessions. This results in the creation of new virtual-access interfaces for new sessions.
Workaround: There is no workaround.
•
Symptoms: When an IP phone generates a call and disconnects, a Cisco router does not send a complete release after the caller disconnects.
Conditions: This symptom is observed on a Cisco 1700 series.
Workaround: There is no workaround.
•
Symptoms: T.37 on-ramp fax calls may terminate in the middle of the call, or the originating fax machines may detect a transmission or communication error even though the fax actually goes through correctly.
Conditions: This symptom is observed when a T.37 on-ramp fax call is made on any Cisco platform that is running a release of Cisco IOS software.
Workaround: There is no workaround.
•
Symptoms: A memory leak may occur in the PPP authorization process on a Cisco 7206VXR.
Conditions: This symptom is observed on a Cisco 7206VXR that is running Cisco IOS Release 12.2(16) and that is configured for PPP over Ethernet (PPPoE). The symptom may occur on any Cisco router that is running Cisco IOS Release 12.2(16).
Workaround: There is no workaround.
•
Symptoms: A committed access rate (CAR) output rule may not function on a Spatial Reuse Protocol (SRP) interface.
Conditions: This symptom is observed on a Cisco 7500 series, regardless if legacy quality of service (QoS) or modular QoS CLI (MQC) is configured.
Workaround: There is no workaround.
•
Symptoms: An interactive voice response (IVR) script error and traceback may be encountered when the IVR application tries to create a generic transparency descriptor (GTD) object using the object create IVR command.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(15)T7 if the IVR script executes the object create IVR command.
Workaround: There is no workaround.
•
Symptoms: If a three-level hierarchy service policy is attached to two different interfaces and the policers are removed from the parent class, the policers for the child class are also removed.
Conditions: This symptom is observed on a Cisco 7200 series and a Cisco 7500 series.
Workaround: Detach the service policies from the interfaces, and reattach them.
•
Symptoms: A Cisco router may generate a "SYS-2-GETBUF" message during the "Tag Input" process and may subsequently reload unexpectedly.
Conditions: This symptom is observed when the router fragments a Multiprotocol Label Switching (MPLS) packet.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may experience output queue packet drops on the priority queue before the interface is congested on an E1 serial interface on a PA-MC-E3.
Conditions: This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.1(18)E.
Workaround: Use the tx-ring-limit interface configuration command to increase the value of the drivers transmitted on the queue. Refer to the following document for additional information:
/en/US/tech/tk39/tk824/technologies_tech_note09186a00800fbafc.shtml
•
Symptoms: A call setup failure may occur for high-delay links with a round-trip time greater than 300 milliseconds.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.2(16) but may also occur in other releases.
The call fallback subsystem hard-codes the amount of time it will wait for the response to probes to 300 milliseconds. The probes fail if the round-trip time is more than 300 milliseconds, even though the network is a high-bandwidth network.
Workaround: There is no workaround.
•
Symptoms: A Cisco platform that functions as a gateway may report a "destination out of order" cause code for a call that is disconnected in a normal way.
Conditions: This symptom is observed when an H.245 TCP connection close request (FIN) reaches the gateway before the H.225 release complete message (RLC), which causes the gateway to assume that the H.245 connection is terminated and to tear down the call with a "destination out of order" cause code. This situation may occur with semi-routed gatekeeper signalling, when the H.225 connection runs via a gatekeeper and the H.245 connection runs directly between the gateway and the third-party vendor endpoint. This situation may also occur when a race condition occurs between the FIN and the RLC.
Workaround: Ensure that the third-party vendor endpoint sends an end session command (an H.245 message) before tearing down the H.245 connection.
•
Symptoms: A Cisco router may continue to send 64-bit counters in authentication, authorization, and accounting (AAA) records when it no longer should do so. These counters may also be invalid.
Conditions: This symptom is observed for certain TCP-Clear connections.
Workaround: There is no workaround.
•
Symptoms: In a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment, if you enter the ping vrf EXEC command toward the directly connected interfaces of a neighbor's provider edge (PE) router, the ping may fail.
Conditions: This symptom is observed when aggregate routes on Cisco routers are pinged.
Workaround: The ping will be successful if you select options when you enter the ping vrf EXEC command.
•
Symptoms: A multilink interface may stop processing received packets.
Conditions: This symptom is observed on a Cisco 7500 series when Multilink PPP (MLP) is configured and when a lot of traffic is forwarded to the process-switching path.
Workaround: To clear the symptom, move the physical interfaces to a new multilink interface with a new interface number.
•
Symptoms: A Cisco Catalyst 4224 Access Gateway Switch may reload with a segmentation violation (SegV) exception when a Tool Command Language (Tcl) interactive voice response (IVR) script is used.
Conditions: This symptom is observed on a Cisco Catalyst 4224 Access Gateway Switch that is running Cisco IOS Release 12.2(15)T5, Release 12.3, or Release 12.3 B.
Workaround: There is no workaround.
•
Symptoms: A software-forced reload may occur on a Cisco router.
Conditions: This symptom is observed on a Cisco 2691, Cisco 3660, Cisco 3725, or Cisco 3745 router if a Gigabit Ethernet Network Module (NM-1GE) is present in the router and the show interfaces EXEC command is entered after the show tech EXEC command has been entered.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 series with a Network Service Engine (NSE) and a Cisco 7401 may reload.
Conditions: This symptom is observed on a Cisco 7200 series and a Cisco 7401 router that have an ATM or serial interface configured for multilink and that have Parallel Express Forwarding (PXF) enabled.
Workaround: Disable the PXF microcode.
•
Symptoms: Gateways may not be able to register with the gatekeeper.
Conditions: This symptom is observed when the security password is enabled on the gatekeeper.
Workaround: There is no workaround. If you remove the security password, there is no authentication.
•
Symptoms: A Cisco terminating gateway fails to send the correct generic transparency descriptor (GTD) for calls that are reattempted due to a glare condition. The terminating gateway attempts setup and sends an NI2-SETUP message. When this message does not go through, the terminating gateway reattempts setup and sends another NI2-SETUP message. The format of the second setup message is not the same as the format of the first setup message.
Conditions: This symptom is observed when a terminating gateway sends an NI2- SETUP message to a public switched telephone network gateway (PGW). The egress public switched telephone network (PSTN) sends an Initial Address Message (IAM) in response, and the IAM causes a glare condition. The PGW sends CV=15 to the terminating gateway as it is configured to do in the NI2 DISC message. The terminating gateway is configured to reattempt to send the call upon receiving the CV. The gateway sends a reattempt NI2-SETUP message to the PGW.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series may reload when one of the physical multilink member interfaces is shut down while traffic passes through the interface of the multilink member.
Conditions: This symptom is observed on a Cisco 7500 series and is specific to configuring tag switching (and not VPN routing/forwarding [VRF] forwarding) on a multilink interface that is based on Versatile Interface Processor (VIP) channels or serial interfaces in the distributed mode (for example, the symptom may occur only if a provider edge [PE] link is implemented over the multilink interface).
Workaround: Shut down the Multilink PPP (MLP) interface first, and then shut down the MLP physical subinterface as needed.
•
Symptoms: A Cisco router (router 1) with a digital modem is connected over a public switched telephone network (PSTN) to another router (router 2) with a digital modem. Router 1 is configured to check the basic connectivity to router 2. When router 1 tries to ping router 2, router 1 reloads.
Conditions: This symptom is observed on a Cisco 3725 router with a digital modem that is configured to test the digital modem connectivity between the two routers.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5400 may reload unexpectedly while running Media Gateway Control Protocol (MGCP) in normal mode of operation.
Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.2(11)T8 and occurs because of incorrect memory management.
Workaround: There is no workaround.
•
Symptoms: A terminating gateway rejects incoming Voice over IP (VoIP) calls that carry Field Compatibility Information (FDC) national calling party category (CPC) information in the generic transparency descriptor (GTD) message.
Conditions: This symptom is observed on an H.323 version 4 (V4) Cisco gateway that terminates T1 channel-associated signaling (CAS). Calls that originate from Signaling System 7 (SS7) and R2 trunks that carry national CPC values are affected.
Workaround: There is no workaround.
•
Symptoms: A gateway does not send an H.225 progress (PROG) Information Element (IE) when it receives an ISDN call proceeding message with a progress indicator (PI).
Conditions: This symptom is observed when an ISDN public switched telephone network (PSTN) switch returns a call proceeding message with a PI IE in response to the setup message from the terminating gateway. The call proceeding message does not trigger any H.225 message from the terminating gateway to the originating gateway.
Workaround: There is no workaround.
•
Symptoms: A router may reload with a bus error, and the following message appears:
PC 0x616F0B80, address 0x3C.Conditions: This symptom is observed on a Cisco 3660 router that has low memory.
Workaround: There is no workaround.
•
Symptoms: A Cisco 2691XM router that is configured as an H.323 gatekeeper may reload when the gatekeeper functionality is shut down and when the dynamic zone prefix gatekeeper configuration command is configured.
Conditions: This symptom is observed on a Cisco 2691XM that is running Cisco IOS Release 12.2(15)T5, or Release 12.3(2)T when the dynamic zone prefix gatekeeper configuration command is enabled by default on both the gateway and the gatekeeper, and when the following conditions occur:
–
–
For example:
This symptom is observed when the gateway and the gatekeeper have the following configurations (the same destination pattern and zone prefix):
Gateway configuration (with dynamic prefix registration enabled)
dial-peer voice 1 pots
destination-pattern 385....
Gatekeeper configuration
zone prefix zone-1 385.... gw-priority 10 GW1
The symptom is not observed when the gateway and the gatekeeper have the following configurations (the destination pattern and the zone prefix are different):
Gateway configuration (with dynamic prefix registration enabled)
dial-peer voice 1 pots
destination-pattern 555....
Gatekeeper configuration
zone prefix zone-1 385.... gw-priority 10 GW1
Workaround: Disable the dynamic zone prefixes on both the gateway and the gatekeeper.
For information on how to disable dynamic zone prefixes, refer to the following URL:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a00801541bc.html
•
Symptoms: A provider edge (PE) router may reload when it tries to remove an ATM virtual circuit (VC) bundle.
Conditions: This symptom is observed on a Cisco Route Switch Processor (RSP) router that is running Cisco IOS Release 12.2(15)T8.
Workaround: There is no workaround.
•
Symptoms: A modem may not save the upstream power level correctly, and when the modem reloads it may not start ranging at the last saved upstream power level.
Conditions: This symptom is observed on a Cisco uBR900 that is running Cisco IOS Release 12.2(15)T7.
Workaround: There is no workaround.
•
Symptoms: A Cisco router repeatedly displays the following error message because of the IP Routing Information Protocol (RIP) update process:
%PXF-2-TALLOCFAILConditions: This symptom is observed on a Cisco 7200 series with a Network Service Engine (NSE-1) or on a Cisco 7401 router whenever the router turns on any routing protocol.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 series pauses indefinitely in the middle of a link control protocol (LCP) negotiation. The PPP over ATM (PPPoATM) session receives a "Sending Acct Event [Reneg]" message and terminates the LCP phase. The remote peer renegotiates another PPP session and uses the same PPP ID. This causes a continuous LCP state for that user.
Conditions: This symptom is observed on a Cisco 7200 series that is configured for PPPoATM and that is running Cisco IOS Release 12.2(15)T9.
Workaround: There is no workaround.
•
Symptoms: A router may reload when the police policy-map class configuration command is enabled under a policy map.
Conditions: This symptom has been observed rarely and is not easily reproduced.
Workaround: There is no workaround.
•
Symptoms: Pings between two customer edge (CE) routers may fail.
Conditions: This symptom is observed after a high traffic load has occurred for a short period of time on Any Transport over Multiprotocol Label Switching (AToM) Layer 2 Tunneling Protocol version 3 (L2TPv3) virtual circuits (VCs). The VCs stay up, but pings may fail.
Workaround: Reload the microcode onto the line card on which the VCs are configured.
•
Symptoms: A T.37 off-ramp fax call may disconnect without a T.30 data communications network (DCN). The fax is received correctly, but the call does not disconnect properly. The following error message is displayed:
T.30 flow error: DCN signal not received before session end.Conditions: This symptom is observed on a Cisco AS5350 router that is running Cisco IOS Release 12.3(4)T during fax off-ramp call testing.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: A memory leak may occur during the PPP events process.
Conditions: This symptom is observed when PPP is configured on a router.
Workaround: There is no workaround.
•
Symptoms: A router may experience a memory leak in the vtemplate background process. This symptom may be confirmed by entering the show processes memory EXEC command to monitor memory usage.
Conditions: This symptom is observed on a router that is running Cisco IOS Release 12.2(13)T5.
Workaround: There is no workaround.
•
Symptoms: A router may reload after you enter the ppp multilink interface configuration command.
Conditions: This symptom occurs when multilink is configured on an active serial interface and neither the ppp multilink group interface configuration command nor the multilink virtual-template global configuration command is entered. Under these conditions, multilink normally fails to create a bundle because of the lack of a configuration source for the bundle interface, but in this instance, it causes the router to reload.
Workaround: Enter the shutdown interface configuration command to shut down the serial interface. Then, enter the ppp multilink group interface configuration command on the serial interface.
•
Symptoms: ISDN may need to build a generic transparency descriptor (GTD) when it receives an ISDN call proceeding (callp) with a progress indicator (PI). The callp does not trigger an H.225 message from the terminating gateway.
Conditions: This symptom is observed when an ISDN public switched telephone network (PSTN) switch returns a callp message with a PI Information Element (IE) in response to the setup message from the terminating gateway.
Workaround: ISDN needs to build the following GTD when it receives the callp message that can then be used by the H.225 code to carry in the H.225 progress parameter that is generated.
gtd msg = "
CPG,
PRN,isdn*,,NET5*,"The callp with PI should trigger an H.225 progress message from the terminating gateway to the originating gateway with this GTD.
Resolved Caveats—Cisco IOS Release 12.2(15)T8
Cisco IOS Release 12.2(15)T8 is a rebuild release for Cisco IOS Release 12.2(15)T. The caveats in this section are resolved in Cisco IOS Release 12.2(15)T8 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: A Cisco router may reload because of a watchdog timeout condition when you poll the ciscoEnvMonTemperatureStatusValue MIB variable.
Conditions: This symptom is observed when the MIB variable has an index that is larger than 6. Indexes 0 to 6 are valid indexes; indexes that are larger than 6 are not valid indexes.
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: The following error message may appear on a Cisco router:
SYS-2-BADSHAREConditions: This symptom is observed on a Cisco 7200 series that has an ATM PA-A3 port adapter, and that is running Cisco IOS Release 12.2(15)B when it is configured with 100 PPP over ATM (PPPoA) sessions and bidirectional traffic is sent across the ATM port adapter.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: The Multiprotocol Label Switching (MPLS) provider edge (PE) router experiences a reload because of the following bus error:
System returned to ROM by bus error at PC 0x60B5F1C0, address 0xEF4321E5Conditions: This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.2(15)T5.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: Label Distribution Protocol (LDP) and Border Gateway Protocol (BGP) with IP version 4+ labels (IPv4+) may be applied to the same Virtual Private Network (VPN) routing/forwarding (VRF) instance on the same router, which is restricted in the current code. Hence, the feature cannot work properly.
Conditions: This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(21)3S1.
Workaround: There is no workaround.
•
Symptoms: A Cisco 1700 series may stop forwarding packets on an ATM interface and may start generating output drops when the show version EXEC command is issued twice.
Conditions: This symptom is observed on a Cisco 1700 series that is configured with a digital subscriber line (DSL) WAN interface card (WIC).
Workaround: To clear the symptom temporarily, enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the main ATM interface.
Alternate Workaround: Enter the show tech-support EXEC command instead of the show version EXEC command.
•
Symptoms: A serial interface on the motherboard of a Cisco router may experience transmit underruns or cyclic redundancy check (CRC) errors.
Conditions: This symptom is observed on the serial interface of a Cisco 3700 series router.
Workaround: Use the serial interface on a NM-2W/NM-xFE-2W module instead of the WAN interface card (WIC) slot on the motherboard.
•
Symptoms: A gateway does not stop generating a ringback tone on a connected voice call.
Conditions: This symptom is observed on a call that originates from a Cisco AS5350 and terminates on an H.323 endpoint that uses the H.225 information message with the signal information element (IE) value of "1" to start the ringback tone and the signal IE value of "63" to stop the ringback tones.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may display the following error messages:
1d13h: %IPC-2-PRECLOSE: IPC port pre-closure overflow : 0x10025 : 0x5F
-Traceback= 60366B1C 6035B908 6035BBBCConditions: This symptom is observed on all Cisco platforms that are running all versions of Cisco IOS software. It is not known at this time what specific conditions cause this symptom.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5850 may reload after 4 to 5 hours of operation.
Conditions: This symptom is observed on a Cisco AS5850 that is running Cisco IOS Release 12.2(15)T and that has a call load of 8 calls per second.
Workaround: There is no workaround.
•
Symptoms: After you enter the shutdown interface configuration command followed by the no shutdown interface configuration command on an interface, pings may fail on this interface.
Conditions: This symptom is observed on an interface that has both PPP and Intermediate System-to-Intermediate System (IS-IS) configured.
Workaround: There is no workaround.
•
Symptoms: An IP Packet that is sent out from a Cisco AS5850 may not be switched by using Cisco Express Forwarding (CEF). This situation may cause performance difficulties and may impact the call success rate.
Conditions: This symptom is observed on a Cisco AS5850 that is running Cisco IOS Release 12.3(1).
Workaround: There is no workaround.
•
Symptoms: In a T.38 fax relay test environment, the accounting records display an 8 second difference in the disconnection time between the IP leg and the telephony leg of the call.
Conditions: This symptom is observed when an originating fax machine loses power or its connection while a fax is being transmitted.
Workaround: There is no workaround.
•
Symptoms: An outgoing Large Scale Dial-Out (LSDO) call may not be forwarded to other Stack Group Bidding Protocol (SGBP) members from a network access server (NAS) that has all of its trunks down.
Conditions: This symptom is observed on a Cisco NAS that is configured with SGBP, and that is running Cisco IOS Release 12.2(15)T2.
Workaround: There is no workaround.
•
Symptoms: In a mixed Dial-in and Dial-out scenario where Large Scale Dial-Out (LSDO) is being used, the CLID and DNIS information reported in the AAA accounting records (for Radius as Calling-Station-ID and Called-Station-ID) might not be accurate. Some LSDO accounting records contain the number of a different dialin call, some dialin calls report the Called-Station-ID from a previous dialout call as its Calling-Station-ID.
This might be caused by the NAS allocating the same AAA ID to different calls. "debug radius" sometimes shows the same AAA ID for both calls.
Workaround: There is no known workaround at this time.
•
Symptoms: A Cisco router may pause indefinitely with a "pppoa_set_error."
Conditions: This symptom is observed on all Cisco platforms that are running Cisco IOS Release 12.2(15)T2.
Workaround: There is no workaround.
•
Symptoms: The main High-Speed Serial Interface (HSSI) interface flaps when you enter the map-class frame-replay global configuration command on a subinterface.
Conditions: This symptom is observed only when the map class contains both traffic shaping and Random Early Detection (RED).
Workaround: Use only traffic shaping under the map-class.
•
Symptoms: A Cisco router may reload when you enter the show ip cef non-recursive detail EXEC command.
Conditions: This symptom is observed when any show command attempts to display information about tag rewrite entries while the tag rewrite entries are being deleted by route updates.
Workaround: Do not enter any show command to display tag rewrite entries when many route updates occur.
•
Symptoms: When the radius-server attribute 8 include-in-access-req global configuration command is entered on a RADIUS server, attribute 8 (Framed-IP-Address) is not included in the access request.
Conditions: This symptom is observed on a RADIUS server that is running Cisco IOS Release 12.2(15)T5.
Workaround: There is no workaround.
•
Symptoms: A Systems Network Architecture Switching Services (SNASw) router pauses indefinitely when a LOCATE variable is received from an IBM AS400. From the data link control (DLC) trace entry in the LOCATE field, the order in which general data stream (GDS) variables are received from the AS400 is different than the SNASw router expects.
Conditions: This symptom is observed on a Cisco SNASw router that is attached to an IBM AS400.
Workaround: There is no workaround.
•
Symptoms: In Cisco IOS software that is running the Multiprotocol Label Switching (MPLS), the Label Distribution Protocol's (LDP) peer address table may become corrupted and cause the router to reload.
Conditions: This symptom may be observed in situations where 3 or more routers have advertised the same IP address in LDP Address Messages. This normally happens when routers have been mis-configured; but in very rare circumstances may be the done deliberately.
The circumstance can be recognized by the presence of the following error message:
%TAGCON-3-DUP_ADDR_RCVD: Duplicate Address 10.0.0.1 advertised by peer 10.2.2.2:0 is already bound to 10.1.1.1:0If only one such message is seen for a given IP address--10.0.0.1 in the above example--then only 2 routers have advertised it, and only the second is being treated as a duplicate. At least one more such message should be seen if at least 3 routers were advertising the IP address in question.
Workaround: The problem will not happen in typical configurations as duplicate addresses will not be configured. If such a configuration is accidentally done, the failure may be avoided if the configuration is corrected before the LDP session to any of the involved peers goes down. If the configuration is deliberate, then there is no workaround.
•
A Cisco device running Internetwork Operating System (IOS) and enabled for the Open Shortest Path First (OSPF) Protocol is vulnerable to a Denial of Service (DoS) attack from a malformed OSPF packet. The OSPF protocol is not enabled by default.
The vulnerability is only present in IOS release trains based on 12.0S, 12.2, and 12.3. Releases based on 12.0, 12.1 mainlines and all IOS images prior to 12.0 are not affected. Refer to the Security Advisory for a complete list of affected release trains.
Further details and the workarounds to mitigate the effects are explained in the Security Advisory which is available at the following URL:
http://www.cisco.com/warp/public/707/cisco-sa-20040818-ospf.shtml.
•
Symptoms: When Cisco Express Forwarding (CEF) is enabled, all packets that ingress from a Multiprotocol Label Switching (MPLS) over a Multilink PPP (MLP) core are process switched when a Route Switch Processor (RSP) is used.
Conditions: This symptom is observed on a Cisco 7500 series with CEF enabled.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload when a member is removed and then added back to a multilink interface.
Conditions: This symptom is observed on a Cisco 7500 series when distributed Multilink PPP (MLP) is enabled.
Workaround: Shut down the multilink and then add or remove the member links. This action can prevent this symptom but is not a very acceptable workaround.
•
Symptoms: When a call is made to a Cisco router loaded with a Voice XML (VXML) document that is executing authentication using an authentication object, a traceback may appear at vapp_authenticate.
Conditions: This symptom is observed in a test environment on a Cisco router that is running Cisco IOS Release 12.2(15)T1.
Workaround: There is no workaround.
•
Symptoms: A cable modem may pause indefinitely when it receives a voice call.
Conditions: This symptom is observed on a Cisco cable modem that is running Cisco IOS Release 12.3.
Workaround: There is no workaround with Release 12.3.
Alternate Workaround: Use Cisco IOS Release 12.2 T.
•
Symptoms: When the Cisco Call Connection Manager (CCM) resets a Media Gateway Control Protocol (MGCP)-controlled gateway, some Foreign Exchange Office (FXO) cards remain shut down.
Conditions: This symptom is observed on Cisco 2651XM and Cisco 3745 routers that are running Cisco IOS Release 12.2(15)T5. CCM sends an extensible markup language (XML) configuration file to the gateway, but some commands are not understood by the routers.
Workaround: Use the no shutdown interface configuration command on the FXO cards.
Wide-Area Networking
•
Symptoms: A router may reload when it tries to add a permanent virtual circuit (PVC) to a bundle link.
Conditions: This symptom is observed when a normal Local Management Interface (LMI) frame is received without the User-Network Interface (UNI) fragmentation header. This causes the frame to be processed on the bundle link instead of on the bundle.
Workaround: There is no workaround.
•
Symptoms: When call clearing is initiated for the primary-net5 switch on a Cisco gateway, the following symptoms occur:
–
–
–
These symptoms may cause state inconsistencies in the B channel and a low level of automatic speech recognition (ASR) on the gateway.
Conditions: These symptoms are observed with call clearing for the primary-net5 switch, and occur because the user and network protocol emulation are not in compliance with the European Telecommunications Standards Institute (ETSI).
Workaround: There is no workaround.
•
Symptoms: Data packets fail to flow if Multilink PPP (MLP) calls use compression with virtual profile based calls with compression.
Conditions: This symptom is observed on all Cisco platforms that are running Cisco IOS Release 12.2 or Release 12.3.
Workaround: Turn off hardware compression or remove the compression adaptor.
•
Symptoms: With Microsoft Point-to-Point Compression (MPPC) configured, dialer sessions are torn down prematurely although packets are flowing all the time.
Conditions: This symptom occurs only if PPP compression is configured.
Workaround: There is no workaround.
•
Symptoms: A Cisco access server may reload during high load conditions.
Conditions: This symptom is observed on a Cisco AS5850 that has a call volume of approximately 600 analog PPP calls and 300 digital Multilink PPP (MLP) calls.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.2(15)T7
Cisco IOS Release 12.2(15)T7 is a rebuild release for Cisco IOS Release 12.2(15)T. The caveats in this section are resolved in Cisco IOS Release 12.2(15)T7 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
IP Routing Protocols
•
Symptoms: A Cisco router may reload by bus error when ip accounting is configured on the router.
Conditions: This symptom is observed on a Cisco 7206VXR router that is running Cisco IOS Release 12.2(11)T2 after entering the clear ip accounting EXEC command.
Workaround: Do not use the clear ip accounting EXEC command or the show ip accounting EXEC command.
•
Symptoms: A Cisco router may reload with a bus error.
Conditions: This symptom is observed on a Cisco 7200 series router when the ip accounting EXEC command has been used.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload when you enter the show ip route vrf vrf-name EXEC command.
Conditions: This symptom is observed on a Cisco 7500 series that is running Cisco IOS Release 12.2(15)T.
Workaround: There is no workaround. However, if one single route needs to be displayed, enter the show ip route vrf vrf-name prefix EXEC command to reduce the chance of the router reloading.
•
Symptoms: Packet transmission on the channel group (trunk backhaul) serial interface is slow.
Conditions: This symptom occurs only for channel group interface, with or with out Low Latency Queueing (LLQ) for large packet sizes.
Workaround: There is no workaround.
•
Symptoms: I/O memory corruption may occur in the Cisco CallManager software during the bootup process of a Cisco IOS platform that is functioning as a gateway.
Conditions: This symptom is observed only rarely and occurs when a call-load generator is already generating calls to the gateway when the gateway is still booting up.
Workaround: There is no workaround.
•
Symptoms: After configuring modem relay, it remains disabled.
Conditions: This symptom is observed on a Cisco AS5300 universal access server.
Workaround: There is no workaround.
•
Symptoms: When a voice call is made into a Cisco voice gateway with the debug vtsp all EXEC command enabled, the gateway shows the following traceback and error message:
*Mar 1 08:55:48.251: %DSM-3-INTERNAL: Internal Error : No DSM handle provided -Traceback= 619EE3F8 61568BF4 6156004C 615648D0 61564EB8 61566B80 61568974Conditions: This symptom is observed on a Cisco 3640 router that is running Cisco IOS Release 12.2(15)T and on a Cisco AS5400 that is running Cisco IOS Release 12.2(15)T5.
Workaround: There is no workaround.
•
Symptoms: While updating PRI endpoints S1/DS1-0 with a new clock source setting and then resetting the gateway, extensible markup language (XML) reconfigures the endpoints but then shuts down the controller when the XML download is complete.
Conditions: This symptom is observed on Cisco routers that are configured with XML when auto-configuration is used.
Workaround: Do not use an XML configuration.
Alternate workaround: Enter the no shutdown controller configuration command on the affected controller.
•
Symptoms: The following local Resource Pool Management (RPM) command-line interface (CLI) commands may not be recognized:
- The resource-pool aaa accounting ppp global configuration command
- The resource-pool aaa protocol group global configuration command
Conditions: This symptom is observed during the bootup of any Cisco AS5xx0 platform.
Workaround: Enter the commands manually after the bootup.
•
Symptoms: IP phone users are not able to enter long distance access codes or navigate through interactive voice response (IVR) applications. This symptom occurs only when the called party does not provide answer supervision.
The symptom is experienced when the telco requires that a long distance access code be entered after the called party is dialed. The telco plays a tone indicating that the user must enter a fixed length access code in order to complete the call. However the telco does not provide answer supervision. The show voice call summary output indicates a voice processor module (VPM) state of "EM_WAIT_FOR_ANSWER."
When the calling party IP phone user attempts to enter the dual tone multifrequency (DTMF) access code, the IP phone sends an out-of-band Skinny Client Control Protocol (SCCP) message to the Cisco CallManager and the Cisco CallManager relays this DTMF message to the Cisco IOS gateway via Media Gateway Control Protocol (MGCP). However, the gateway does not pulse out the DTMF digits to the telco.
This symptom may also be observed when some IVR systems that do not provide answer supervision are dialed.
In both cases, the IP phone displays "Ring Out" and the show voice call summary output from the gateway indicates "EM_WAIT_FOR_ANSWER." If the call is "CONNECTED," the gateway plays DTMF without symptoms.
Conditions: This symptom is observed on a Cisco IOS gateway that is running MGCP with Cisco CallManager. The gateway has a T1 channel-associated signaling (CAS) recEive and transMit (E&M) wink circuit to the telco.
Workaround: Use H.323 instead of MGCP.
•
Symptoms: The RADIUS "Acct-Session-Id" attribute may not be sent correctly.
Conditions: This symptom is observed in a Service Selection Gateway (SSG) configuration that is running Cisco IOS Release 12.2(15)T or a later release when you enter the ip route-cache flow interface configuration command on a virtual template. The symptom may also occur in other conditions.
Workaround: In the above-mentioned conditions, deconfigure the ip route-cache flow interface configuration command.
•
Symptoms: Attribute 46 (indicating the account session time) may show a value of zero under the network stop records for asynchronous calls.
Conditions: This symptom is observed on a Cisco universal access server. If you use network stop records for billing purposes, the symptom may affect the service.
Workaround: There is no workaround.
•
Symptoms: A Frame Relay (FR) interface may go up and down continuously.
Conditions: This symptom is observed on an FR interface when the keepalive timeout is set to one second and fragmentation and traffic shaping are enabled on multiple permanent virtual circuits (PVCs).
Workaround: Increase the keepalive timeout to 5 seconds or more.
•
Symptoms: The Simple Network Management Protocol (SNMP) agent may use 99 percent of the CPU bandwidth of a Route Processor (RP) for an arbitrarily long time (hours or days), without necessarily generating CPUHOG errors. This situation causes other processes on the router to fail because these processes do not receive the CPU bandwidth that they require:
–
–
–
The output of the show snmp summary EXEC command may indicate that the number of requests is "N" while the number of replies that were sent is "N-1." The output of the show processes cpu | include SN EXEC command may indicate that the SNMP process uses 99 percent of the CPU bandwidth of the RP.
Conditions: These symptoms are observed when the MPLS-LSR-MIB MIB is enabled, you query the mplsXCTable or a MIB walk occurs, and there are more than 10,000 Multiprotocol Label Switching (MPLS) labels active. The symptoms are platform independent.
Workaround: Perform the following steps:
1.
2.
a.
b.
c.
3.
•
Symptoms: An ATM interface may be in the "down" state after you have entered the shutdown interface configuration command followed by the no shutdown interface configuration command on a Node Route Processor (NRP).
Conditions: This symptom is observed on a Cisco 6400 that has more than 3000 virtual circuit (VC) connections that are configured on the Node Switch Processor (NSP).
Workaround: If possible, use a virtual path (VP) switch.
Alternate Workaround: Do not exceed 3000 VC connections.
•
Symptoms: A Cisco router may reload when it is stressed by both T.37 OnRamp and T.37 offramp calls.
Conditions: This symptom occurs on Cisco AS5400 series universal gateways, Cisco AS5350 universal gateways, Cisco 3660 routers, and other platforms only under high stress conditions and abnormal call terminations.
Workaround: There is no workaround.
•
Symptoms: A Cisco gatekeeper does not send "InterfaceSpecificBillingID" information to Gatekeeper Transaction Message Protocol (GKTMP) server.
Conditions: This symptom is observed on all Cisco gatekeepers, for example, Cisco 2600 series, Cisco 3600 series, and Cisco 7200 series, when the gatekeeper gets this information in admission request (ARQ) nonstandard field from a voice gateway.
Workaround: There is no workaround.
•
Symptoms: When a remote Label Switch Controller (LSC) is performing 1:N redundant switchovers, the local provider edge (PE) router may have some tailend Label Virtual Circuits (LVCs) created for the remote PEs after a 1:N failover occurs.
Conditions: This symptom is observed on an MGX Route Processor Module (RPM-PR) that has a 1:N redundant card and has Label Switch Controller (LSC) hot redundancy configured, and 1:N redundant switchovers have been performed for a few times on a PE router.
Workaround: On the local PE router, use the clear ip route prefix EXEC command.
•
Symptoms: When configuration changes are made, a Cisco 7500 series Versatile Interface Processor (VIP) may pause indefinitely, produce large numbers of spurious memory accesses, or reload. This situation may cause the router to detect that interfaces on the VIP are not sending packets and to report that the output of the interfaces is stuck.
Conditions: This symptom is observed on a Cisco 7500 series that is configured for fragmentation and shaping on a Frame Relay interface using modular QoS CLI (MQC).
Workaround: Before you make quality of service (QoS) policy or Frame Relay fragmentation changes on an interface of the VIP, enter the shutdown interface configuration command on the interface.
•
Symptoms: A memory leak may occur on a Cisco 6400 series Node Route Processor 1 (NRP1) during the installation of per-user access control lists (ACLs) that are downloaded from a RADIUS server.
Conditions: This symptom is observed on a Cisco 6400 series NRP1 that is running Cisco IOS Release 12.2(13)T and that is configured for PPP over Ethernet (PPPoE) when there is a high-call setup rate and the CPU utilization of the NRP1 exceeds 70 percent. The symptom may be platform independent.
Workaround: Disable the per-user ACLs.
Alternate Workaround: Decrease the call setup rate.
•
Symptoms: A Cisco Route Switch Controller (RSC) may permanently pause while making voice calls if the terminating side is not configured properly.
Conditions: This symptom is observed on a Cisco RSC when a voice call enters the gateway through E1 R2 signaling, goes out as a Signaling System 7 (SS7) call, reenters as an IP call, and goes out as an SS7 call. If the terminating side is not configured properly, the originating side may permanently pause.
Workaround: There is no workaround.
•
Symptoms: A Cisco MGX Route Processor Module (RPM-XF) router that is configured as an Edge Label Switch Router (ELSR) may reload when deleting Multiprotocol Label Switching (MPLS) type subinterfaces.
Conditions: This symptom is observed on a Cisco RPM-XF when you remove the routes and stray label virtual circuits (LVCs) are not properly cleaned up or removed during route removal; then, when you delete the MPLS subinterfaces, the RPM-XF may be reset.
Workaround: There is no workaround
•
Symptoms: The "Class-Based RTP and TCP Header Compression" feature introduced in Cisco IOS Release 12.2(13)T permits the configuration of Real-Time Protocol (RTP) and TCP header-compression within MQC. On the Cisco 2691 platform, this feature is configurable in Release 12.2(13)T but is not configurable from Release 12.2(13.4)T forward, or in the current mainline builds of Release 12.3 or Release 12.3T.
Conditions: This symptom is observed on a Cisco 2691 router. The feature is configurable in Cisco IOS Release 12.3(1) on the Cisco 1760, Cisco 2600, Cisco 3640, Cisco 3745, and Cisco 7200 series platforms, but not on the Cisco 2691 for the same Cisco IOS release. See the following information for the Cisco 2691:
c2691#
c2691#conf t
Enter configuration commands, one per line. End with CNTL/Z.
c2691(config)#!
c2691(config)# class-map match-any voice-rtp
c2691(config-cmap)# match ip rtp 16384 16383
c2691(config-cmap)# class-map match-any voice-tcp
c2691(config-cmap)# match access-group 100
c2691(config-cmap)#!
c2691(config-cmap)#!
c2691(config-cmap)# policy-map llq_voice
c2691(config-pmap)# class voice-rtp
c2691(config-pmap-c)# priority 512
c2691(config-pmap-c)# class voice-tcp
c2691(config-pmap-c)# bandwidth 16
c2691(config-pmap-c)# class class-default
c2691(config-pmap-c)# fair-queue
c2691(config-pmap-c)#!
c2691(config-pmap-c)#class voice-rtp
c2691(config-pmap-c)#?
QoS policy-map class configuration commands:
bandwidth Bandwidth
drop Drop all packets
exit Exit from QoS class action configuration mode
no Negate or set default values of a command
police Police
priority Strict Scheduling Priority for this Class
queue-limit Queue Max Threshold for Tail Drop
random-detect Enable Random Early Detection as drop policy
service-policy Configure QoS Service Policy
set Set QoS values
shape Traffic Shaping
<cr>
c2691(config-pmap-c)#compression ?
% Unrecognized command
c2691(config-pmap-c)#compression header ip rtp
^
% Invalid input detected at '^' marker.
c2691(config-pmap-c)#
c2691(config-pmap-c)#^Z
c2691#
%SYS-5-CONFIG_I: Configured from console by vty0 (64.102.50.34)Workaround: Configure the RTP and TCP header-compression directly on the interface of interest.
Also, see the related caveat, CSCeb26383 "c3725: MQC IPHC compression header CLI commands are not accepted".
Alternate Workaround: Cisco IOS Release 12.2(13)T through Release 12.2(13)T3 are not affected by this software defect.
•
Symptoms: Loading the boot image on the Cisco uBR905 cable access router may cause much of the startup configuration to be deleted.
Conditions: This symptom is observed on a Cisco uBR905 cable access router that is running Cisco IOS software.
Workaround: There is no workaround.
•
Symptoms: A Cisco 3660 router, that is used as a gatekeeper in Signaling System 7 (SS7) interconnect solutions, fails to process calls. Memory held by the gatekeeper process increases considerably after 12 to 24 hours of a light load. The gatekeeper starts sending admission request rejects (ARJs) and location rejects (LRJs) for all admission request (ARQ) and location request (LRQ) messages with the cause code "Resource Unavailable, 47."
Conditions: This symptom is observed on a Cisco 3660 router that is running the c3660-ix-mz image.
Workaround: There is no workaround.
•
Symptoms: The "Class-Based RTP and TCP Header Compression" feature introduced in Cisco IOS Release 12.2(13)T permits the configuration of Real-Time Protocol (RTP) and TCP header compression within MQC. On the Cisco3725 platform, this feature is not configurable in Cisco IOS Release 12.2(13)T and Cisco IOS Release 12.2(15)T.
Conditions: This symptom is observed on a Cisco 3725 router. The feature is configurable in Cisco IOS Release 12.2(13)T and Release 12.2(15)T on more mature platforms like the Cisco 3640, and also the Cisco 3745 platform which was introduced at the same time as the Cisco 3725 platform. The feature is not configurable on the Cisco 3725 for the same Cisco IOS releases. See the following information for the Cisco 3725:
c3725#
c3725#conf t
Enter configuration commands, one per line. End with CNTL/Z.
c3725(config)#policy-map llq_voice
c3725(config-pmap)#class voice-rtp
c3725(config-pmap-c)#?
QoS policy-map class configuration commands:
bandwidth Bandwidth
drop Drop all packets
exit Exit from QoS class action configuration mode
no Negate or set default values of a command
police Police
priority Strict Scheduling Priority for this Class
queue-limit Queue Max Threshold for Tail Drop
random-detect Enable Random Early Detection as drop policy
service-policy Configure QoS Service Policy
set Set QoS values
shape Traffic Shaping
<cr>
c3725(config-pmap-c)#compression header ip rtp
^
% Invalid input detected at '^' marker.
c3725(config-pmap-c)#class voice-tcp
c3725(config-pmap-c)#compression header ip tcp
^
% Invalid input detected at '^' marker.
c3725(config-pmap-c)#^Z
c3725#
Note
Workarounds: (1) Configure RTP and TCP header compression directly on the interface of interest. (2) The MQC IPHC CLI is available, configurable, and will persist in the running configuration in the latest Cisco IOS Release 12.3 mainline and Cisco IOS Release 12.3 T builds. For example, the feature works in Cisco IOS Release 12.3(1) and Cisco IOS Release 12.3(2)T.
Also, see related caveat CSCeb13548 "c2691: MQC IPHC compression header CLI and feature is not available."
•
Symptoms: When a voice interactive response (IVR) application that runs on a Cisco gateway turns on the connect event interception feature during call setup, the call setup fails because IVR applications cannot receive the "ev_setup_done" event which contains the results of the setup.
Conditions: This symptom is observed on a Cisco gateway when a call setup is placed with the connect event being intercepted.
Workaround: Turn off the connect event interception feature.
•
Symptoms: Cisco IOS software voice gateways may not cancel some echo signals for tail circuits exceeding 16ms.
Conditions: This symptom is observed on a Cisco 3660 router that is running Cisco IOS Release 12.(13)T5.
Workaround: Use the codec complexity [high | medium] [ecan-extended] voice-card configuration command to enable the extended Cisco echo canceller.
•
Symptoms: Use of the show version EXEC command still shows the L3 cache in use even though the configuration includes "cache L3 bypass" and the MGX Router Processor Module (RPM-XF) has been reloaded.
Conditions: This symptom is observed on a Cisco RPM-XF when a no redundancy switchover is performed.
Workaround: Perform a 1:N redundancy switchover.
•
Symptoms: When a Cisco router is performing tag imposition, it may reload because of a bus error.
Conditions: This symptom is observed when you create a new generic routing encapsulation (GRE) tunnel after the router has booted up and when GRE packets are received through this GRE tunnel and forwarded as Multiprotocol Label Switching (MPLS) packets.
Workaround: Enter the tag-switching ip interface configuration command followed by the no tag-switching ip interface configuration command on the newly-created GRE tunnel interface.
•
Symptoms: The originating gateway generates an extra set of RADIUS start and stop records for failing calls.
Conditions: This symptom is observed on a Cisco AS5400 that is running Cisco IOS software when configured by Tool Command Language (TCL) to reattempt new admission requests (ARQs) for failing calls.
Workaround: There is no workaround.
•
Symptoms: A Cisco router intermittently drops calls or prevents some calls from connecting.
Conditions: This symptom is observed on a Cisco router when Cisco Express Forwarding (CEF) with Real-Time Protocol (RTP) header compression is enabled. This symptom occurs because the header compression packets get out of synchronization.
Workaround: There is no workaround. If RTP header compression with process switching is used, CPU utilization goes too high.
•
Symptoms: During an online Insertion and Removal (OIR) of feature boards (FBs) on a Cisco AS5850 router, the router may permanently pause.
Conditions: This symptom is observed on a Cisco AS5850 router that is running a c5850-p9-mz image of Cisco IOS Release 12.2(15)T5.
Workaround: There is no workaround.
•
Symptoms: The interfaceSpecificBillingId field in the admission request (ARQ) nonstandard message is not copied and sent in the location request (LRQ) nonstandard message.
Conditions: This symptom is observed on all Cisco gatekeepers (for example, Cisco 2600 series, Cisco 3600 series, Cisco 7200 series) when they get this information in an ARQ nonstandard field from a voice gateway.
Workaround: There is no workaround.
•
Symptoms: An H.225 connect message with a Frame Station (FS) element from a third party proxy may not be forwarded to the originating gateway (OGW) and may result in one-way voice calls.
Conditions: This symptom is observed on a Cisco IP to IP (IPIP) gateway that has tunneling enabled.
Workaround: Disable tunneling.
•
Symptoms: When the integrated Signaling Link Terminal (SLT) functionality is running on a Cisco AS5350 or Cisco AS5400, the Signaling System 7 (SS7) links will not come into service. Using an SS7 analyzer indicates that Link Status Signal Units (LSSUs) are not being transmitted from the Cisco AS5350 or Cisco AS5400 to the SS7 network.
Conditions: This symptom is observed when an 8-port (8PRI) board that contains the D4 version of the MPC860 processor is used. The version of the MPC860 may be verified by using the show chassis slot detail EXEC command. If the board hardware version is 4.0 or greater, this symptom will occur.
Workaround: Use an 8PRI board with a board hardware version less than 4.0.
•
Symptoms: The timeouts ringing {seconds | infinity} voice-port configuration command is used to determine the value of the ring, no answer timer. The timer is limited by the H.323 timer when the call is using H.323. The timer will always be stopped on call cleanup procedures. The H.323 connect timer that is configured under the voice class h323 tag global configuration command is always started on the originating gateway after reception of an Alerting or Progress message. The default value is 180 seconds with a range of 60 to 360 seconds. Upon triggering this timer, the cleanup procedures for the call are invoked. If the ring, no answer timer exceeds the H.323 connect timer, it will have no affect.
Conditions: This symptom is observed for ISDN-H.323 calls that are running on Cisco IOS Release 12.2(15)T2.
Workaround: There is no workaround. The best solution is to configure the H.323 connect timer to the maximum value of 360.
•
Symptoms: The Cisco IAD2420 series integrated access device (IAD) with digital interface is interconnected with a BTS10200 softswitch that is running 3.5.1v01. When the Cisco IAD2420 is rebooted and sends Restart in Progress (RSIP) to the call agent (CA), the trunks are automatically brought back into service. If a PBX goes off-hook, then on-hook (without dialing digits), then goes off-hook on the same channel and begins dialing, the Cisco IAD2420 does not collect digits properly. It was observed that a 2 becomes two 4s in the dialed digits detected by the voice telephony service provider (VTSP).
Conditions: This symptom is observed on a Cisco IAD240 that is running Cisco IOS Release 12.2(11)T8.
Workaround: There is no workaround. Customer will be provided with a special image based off Cisco IOS Release 12.2(11)T8 with in-band signal detection hardcoded to work around this problem.
•
Symptoms: Low performance is experienced while switching Cisco IPv6 Provider Edge Router (6PE) traffic. The show align command shows spurious memory accesses (one per packet) at low address (around 17).
Conditions: This symptom is observed on the 6PE when an IPv4 output feature is configured on any interface, or an IPv4 input feature is configured on MPLS interface used by 6PE traffic. Use the show mpls interfaces [interface] [detail] privileged EXEC command for output and check for "MPLS feature vector" presence.
Workaround: Ensure that on the 6PE, no IPv4 output feature is configured on any interface, and no input feature is configured on an MPLS interface crossed by 6PE traffic.
•
Symptoms: A Cisco AS5850 Universal Gateway with 2 DS0 groups configured will use the DS0 group that is not defined on any dial-peer POTS for outgoing calls.
Conditions: This symptom occurs when the first DS0 group is already taken. After that, the Gateway is going to choose the DS0s not defined on the dial peer.
Workaround: There is no workaround.
•
Symptoms: During an onramp fax call, the router may take up to 40 seconds to clear a channel if the fax call was terminated during the fax negotiation
Conditions: This symptom is observed on a Cisco 2600 series router.
Workaround: There is no workaround.
•
Symptoms: With VRF-Aware IP Security (IPSec), the packets are not routed in the given Inside VRF. Instead the packets get routed using the default routing table.
Conditions: This symptom occurs if there is a subinterface configured with VRF-Aware IPSec, and on the other subinterface there is a VRF configured.
Workaround: Turn off Cisco Express Forwarding (CEF) switching on the IPSec Aggregator.
•
Symptoms: Bulk updates are not taking place.
Conditions: This symptom may occur if the configuration is downloaded from the auto configuration file on the PXM disk.
Workaround: Enter the switchredcd command (switchover to redundant router processor module [RPM]).
•
Symptoms: All of the XTagATM interfaces flap on a Label Switch Controller (LSC).
Conditions: This symptom occurs when an edge label switch router (Edge LSR) resets.
Work around: Shut down the XTagATM interface on LSC towards the provider edge (PE) before resetting the PE. Then bring it up after the PE is completely up.
•
Symptoms: The output from the show diag EXEC command indicates that a voice interface card (VIC-1J1) is an unknown card.
Conditions: This symptom is observed on a Cisco router that has a VIC-1J1.
Workaround: There is no workaround.
•
Symptoms: If the originating gateway (OGW) advertises payload type 13 or 19 for comfort-noise in Session Description Protocol (SDP) of Invite, and the terminating gateway (TGW) does not indicate its support in answer SDP, the originating gateway will still generate comfort-noise packets to fill up periods of silence.
Conditions: This symptom occurs when outbound voice over IP (VOIP) dialpeer should have voice activity detection (VAD) configured on it and when the OGW advertises payload type 13 or 19 in SDP of Invite.
Workaround: Disabling the vad command disables comfort-noise generation from the gateway, but this configuration command does not facilitate negotiation of comfort-noise packet generation.
•
Symptoms: Call setup to an IP network may be delayed or rejected.
Conditions: This symptom occurs when the Tool Command Language (TCL) Interactive Voice Response (IVR) application attempts to setup a call without specifying the incoming leg. A call setup without an incoming call leg results in a H.225 SETUP or RAS admission message with the callIdentifier field value of zeroes.
Workaround 1: Setup a call with an incoming leg.
Workaround 2: Use the set callinfo (newguid) to force the call setup to generate a new conferenceID and callIdentifier. This assumes that the generated GUID does not affect the billing system or the remote endpoint.
•
Symptoms: A Cisco AS5850 will reload when configuring STM1 with Media Gateway Control Protocol (MGCP). The Cisco AS5850 is not able to support network access server (NAS) package on more than 29 controllers. An STM1 has a total of 63 controllers.
Conditions: This symptom is observed on a Cisco AS5850.
Workaround: There is no workaround.
•
This caveat exhibits several symptoms, each of which has a distinct cause and workaround. All symptoms have the following precondition: The router is configured with the Per VRF AAA feature and is downloading information from a RADIUS server. The aaa authorization template global configuration command is used.
Symptoms 1: A Cisco router may return to ROM monitor (ROMmon) because of a bus error.
Conditions 1: This symptom occurs when a RADIUS server vendor-specific attribute (VSA) in a user profile is not fully parsed. This can happen if the RADIUS server VSA is malformed, or if the router is unable to allocate storage for one of many data structures associated with the method list, server group, or server.
Workaround 1: If VSA is malformed, correct the RADIUS user profile so that the RADIUS server VSA is correctly formatted. Permissible formats are:
Cisco:Cisco-Avpair = N: "aaa:rad-serv=A.B.C.D auth-port X acct-port Y key Z retransmit V timeout W"
Cisco:Cisco-Avpair = :N: "aaa:rad-serv=A.B.C.D auth-port X acct-port Y key Z retransmit V timeout W"
Cisco:Cisco-Avpair = "aaa:rad-serv#N=A.B.C.D auth-port X acct-port Y key Z retransmit V timeout W"The following parameters must be present in order to ensure proper function:
–
–
The following parameters are optional, provided that a global default is configured on the router:
–
–
Symptoms 2: The router uses the retransmit value from the RADIUS server VSA as the timeout, and the timeout from the RADIUS server VSA as the number of retransmits.
Conditions 2: This symptom occurs any time the router receives a RADIUS server VSA containing the retransmit or timeout parameters or both.
Workaround 2: Either omit the retransmit and timeout parameters from the VSA, using the global defaults on the router, or swap the two values.
Symptoms 3: The show memory | inc AAA Server handle command will show a steadily increasing number of server handles allocated. Roughly 800 bytes will be consumed for each RADIUS server attribute parsed as part of a downloaded template. An additional roughly 900 bytes will be consumed for each downloaded template in Cisco IOS images which have CSCea85517 integrated. Eventually, all memory on the router will be consumed.
Conditions 3: This symptom occurs any time the RADIUS server VSA is used in a downloaded template to tell the router which RADIUS server to use.
Workaround 3: If you are using a Cisco IOS image which does not have CSCea85517 integrated, and the configuration of local templates is practical, then you can configure local templates instead of downloading them from a RADIUS server.
For example, if you had a template defined on your RADIUS server as:
example.com Password = "EXAMPLE"
Service-Type = Outbound,
Cisco:Cisco-Avpair = "aaa:rad-serv#1=a.b.c.d auth-port XXXX acct-port YYYY key ZZZZZ",
Cisco:Cisco-Avpair = :1:"aaa:rad-serv-vrf=examplevrf",
Cisco:Cisco-Avpair = "template:ppp-authen-type=chap"
Cisco:Cisco-Avpair = "template:ppp-authen-list=group 1",
Cisco:Cisco-Avpair = "template:ppp-author-list=group 1",
Cisco:Cisco-Avpair = "template:ppp-acct-list=start-stop group 1",
Cisco:Cisco-Avpair = "template:ip-vrf=examplevrf"
Cisco:Cisco-Avpair = "template:ip-unnumbered=Loopback 1"you would instead configure the following:
aaa authorization network default local radius-server host a.b.c.d auth-port XXXX acct-port YYYY
aaa group server radius example_servers
server a.b.c.d
ip vrf forwarding examplevrf
aaa authentication ppp example_list group example_servers
aaa authorization network example_list group example_servers
aaa accounting network example_list group example_servers
template example.com
ppp authentication chap example_list
ppp authorization example_list
aaa accounting delay-start
aaa accounting send stop-record authentication failure
interface virtual-template 1
ip vrf forwarding exampl vrf
ip unnumbered Loopback 1
ppp authentication chap
•
Symptoms: A device is unable to authenticate itself to the PPP peer using local method if interface is not configured with authentication parameters.
Conditions: This symptom occurs if the peer requests the device authenticate itself and the protocol corresponding configurations are not present on the interface, for example, ppp pap sent-username or ppp chap password. The session does not get established.
Workaround: Enable the ppp chap password interface configuration command or the ppp pap sent-username interface configuration command on the interface.
Alternative Workaround: Use T+ for mutual/bidirectional authentication.
•
Symptoms: "Dchannel" interface name is shown incorrectly.
Conditions: This symptom is observed on a Cisco AS5850 that is using channelized T3 controller (CT3) and that is running Cisco IOS Release 12.3(2)T.
Workaround: There is no workaround.
•
Symptoms: "Snmpwalk" is missing the ATM Adaptation Layer 5 (AAL5) entity specific information in cAal5VccTable from CISCO-AAL5-MIB with PVC bundle. Regular PVC works fine.
Conditions: This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.2(15)T5.
Workaround: Log into the router and enter the show command to get the required information.
•
Symptoms: The standby route switch controller (RSC) reloads when configuring an STM1 card.
Conditions: This symptom occurs when the extsig mgcp configuration command is used.
Workaround: Save the configuration and reload the system.
•
Symptoms: A cable modem interface may reset because of a Dynamic Host Configuration Protocol (DHCP) renewal failure during an FTP event. The "DHCP RENEW FAILED" and "DHCP REBIND FAILED" messages may appear when the cable modem interface resets.
Conditions: This symptom is observed under the following conditions:
–
–
Workaround: Configure the DHCP lease-time duration for a longer period than before.
Alternate Workaround: Configure a higher hold-queue value than the default value for the outgoing interface. For example, enter a value of 100 for the length argument instead of using the default value of 40 for the length argument in the hold-queue length out interface configuration command.
•
Symptoms: A Cisco platform that functions as a gatekeeper may reload.
Conditions: This symptom is observed when you deconfigure the zone local gatekeeper configuration command.
Workaround: There is no workaround.
•
Symptoms: When the Cisco Access Gateway Modules (AGM) T1 channel-associated signaling (CAS) channels are in the "EM_PARK" state, and the clear counters privileged switch command is entered, the AGM permanently pauses.
Conditions: This symptom is observed on a Cisco AGM that is running the c4gwy-isx3-mz image of Cisco IOS Release 12.3(1.4)T.
Workaround: Do not issue the clear counters privileged switch command on the AGM when T1 CAS channels are in the "EM_PARK" state.
•
Symptoms: The ATM interface on a Cisco Node Route Processor (NRP2) may go into the down state.
Conditions: This symptom is observed when 8000 PPP over ATM (PPPoA) sessions are loaded on a redundant NRP2 and then the NRP2 is reloaded.
Workaround: Flap the interface for the sessions to go up.
•
Symptoms: A Create Connection (CRCX) to a terminating gateway fails with the following error message when Media Gateway Control Protocol (MGCP) calls are made:
Error code 400 - SetUp FailedConditions: This symptom is observed on a Cisco gateway that is running Cisco IOS Release 12.2(15)T5, Release 12.3(1.8)T, and Release 12.3(1.9).
Workaround: There is no workaround.
•
Symptoms: A boot flash image upgrade using Flash MIB may fail.
Conditions: This symptom is observed on Cisco uBR905 and Cisco uBR925 routers and Cisco Cable Voice Adapter (CVA) modems.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: After saving the config with a 12.2(13.4)T1 release and reloading the router, the "ppp timeout multilink link add 1" statement is not recognized anymore at bootup and therefore is removed from the config.
Conditions: This only occurs if the config was last saved under 12.2(13.4)T1.
Workaround: Manually re-insert the statement after each reload.
•
Symptoms: A Cisco router may reload while attempting to create a Multilink PPP (MLP) bundle.
Conditions: This symptom is observed when there is constant Layer 2 Tunneling Protocol (L2TP) call churn on the order of 8 calls per second on the router.
Workaround: There is no workaround.
•
Symptoms: Callback may fail when network access server (NAS) configured for compression interrupts Microsoft Callback (MSCB)/Callback Control Protocol (CBCP) early.
Conditions: This symptom was observed on a Cisco AS5400 configured for MSHAPv2 authentication.
Workaround: There is no workaround.
•
Symptoms: Network layer connectivity is not achieved.
Conditions: This symptom is observed when a Cisco router is configured to do Microsoft Point-to-Point Compression (MPPC) and when a client connects and requests MPPC with a null set of supported bits.
Workaround: Disable MPPC on the router or enable MPPC on the client.
Resolved Caveats—Cisco IOS Release 12.2(15)T5
Cisco IOS Release 12.2(15)T5 is a rebuild release for Cisco IOS Release 12.2(15)T. The caveats in this section are resolved in Cisco IOS Release 12.2(15)T5 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: A router may send linkUp traps with the loclfReason attribute set as "Down" and linkDown traps with the loclfReason attribute set as "Up."
Conditions: This symptom is observed on a Cisco router.
Workaround: Query the link status using the command-line interface (CLI) or Simple Network Management Protocol (SNMP).
•
Symptoms: Difficulties may occur when you attempt to log in to a Cisco 6400. After you have established a Telnet connection to a Node Route Processor 2 (NRP-2) and press the Enter key, the following user access verification sequence may be displayed, and you cannot log in:
Password: Password: Password: % Bad passwordsConditions: This symptom is observed on a Cisco 6400 that is running Cisco IOS Release 12.2(4)B3 only after an interactive ATM ping has occurred. The occurrence of the symptom may depend on the Telnet client.
Workaround: Instead of using an interactive ATM ping, enter the ping atm interface atm interface vpi vci [seg- loopback | end-loopback] [repeat [timeout]] privileged EXEC command.
•
Symptoms: After a Versatile Interface Processor (VIP) has reloaded, there does not seem to be a crashinfo file because the crashinfo file is not closed; therefore, it is not visible or accessible. If the same VIP reloads again, both the first and second crashinfo files are accessible.
Conditions: This symptom is observed on a Cisco 7500 series that is running Cisco IOS Release 12.2(6f).
Workaround: There is no workaround.
EXEC and Configuration Parser
•
Symptoms: A router may reload unexpectedly when the show tech EXEC command is entered.
Conditions: This symptom is observed when the show tech EXEC command is entered on a Cisco 3660.
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: The following message may be observed many times on a router console:
interface info was deleted by another sessionConditions: This symptom is observed when traffic is sent on a PA-A3 port adapter with an ATM interface on a Route Processor Module (RPM). If the ATM interface is reset, this message may be observed on the console, and the PA-A3 may lose the Rx buffers.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: A Cisco router may advertise the wrong next hop (the IP address of the external Border Gateway Protocol [eBGP] neighbor) to the eBGP neighbor ASBR for some VPNv4 prefixes.
Conditions: This symptom is observed on a Cisco router that functions as an Autonomous System Boundary Router (ASBR) in an inter-autonomous system Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) topology.
Workaround: Use the set ip next-hop [ip-address] command in route-map configuration mode on the ASBR router or on the neighbor ASBR router.
•
Symptoms: A router may reload.
Conditions: This symptom is observed when a Border Gateway Protocol (BGP) policy list is used on a Cisco 7200 series.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may be unable to set up a Frame Relay or an ATM permanent virtual connection (PVC). When you enter the debug ip rsvp traffic-control EXEC command, the following message is displayed:
RSVP-TC: Unable to determine resource provider for tcsbConditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(15)T.
Workaround: There is no workaround.
•
Symptoms: A Resource Reservation Protocol (RSVP) reservation may be torn down when a routing change occurs.
Conditions: This symptom is observed on Cisco routers that are running Cisco IOS Release 12.2(11)T or later releases with Voice over IP (VoIP) configured.
Workaround: There is no workaround.
•
Symptoms: The EIGRP Stub Routing feature may be missing from the configuration.
Conditions: This symptom is observed when a Cisco router on which the EIGRP Stub Routing feature is enabled is reloaded, or when the Enhanced Interior Gateway Routing Protocol (EIGRP) process is restarted.
Workaround: There is no workaround; you must reenable the EIGRP Stub Routing feature.
•
Symptoms: An Open Shortest Path First (OSPF) interface may be reported to be in the "down" state while the interface and the line protocol may be reported to be in the "up" state. This situation causes missing OSPF neighbor adjacencies on the OSPF interface that is in the "down" state.
Conditions: This symptom is observed when there are a large number of active interfaces and you have upgraded a Cisco IOS image on a Route Processor (RP), you have reloaded the RP, or you have reloaded microcode onto a line card or RP.
Workaround: Use one of the following methods to recover the OSPF interface:
–
–
–
•
Symptoms: When a Network Address Translation (NAT) pool is created for subranges, the NAT pool may not show up in the configuration when you enter the show running-config privileged EXEC command, although the output of the show ip nat statistics EXEC command indicates that the pool is in use.
Conditions: This symptom is observed only for the NAT pools created with the "outside source list."
Workaround: There is no workaround.
•
Symptoms: A Cisco router may experience many spurious accesses at addresses 0x1D and 0x22, similar to the following example:
Total Spurious Accesses 3984, Recorded 8
Address Count Traceback
1D 775 0x610CFA2C 0x60420754 0x60432D98
24 775 0x610CFA38 0x60420754 0x60432D98
3 775 0x610CFCF4 0x60420754 0x60432D98
3 775 0x610B5D5C 0x610CFD20 0x60420754 0x60432D98
22 221 0x610CFA2C 0x60429D48 0x60432D98
24 221 0x610CFA38 0x60429D48 0x60432D98
8 221 0x610CFCF4 0x60429D48 0x60432D98
8 221 0x610B5D5C 0x610CFD20 0x60429D48 0x60432D98These accesses occur during data packet handling for each packet. If the traffic rate is high, the console may become unresponsive and the system may pause until the call is cleared.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.2(13)T or later releases and that has a single physical interface configured for both Resource Reservation Protocol (RSVP) over ATM switched virtual circuits (SVCs) and RSVP over ATM permanent virtual circuits (PVCs). (These virtual circuits [VCs] must be configured on different subinterfaces of the physical interface). The symptom is timing-dependent because it occurs only when the setup of the PVC is completed after the setup of the SVC.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: A Cisco AS5300 that is functioning as a voice gateway may reload because of an incoming bus error exception.
Conditions: This symptom is observed on a Cisco AS5300 that is running Cisco IOS Release 12.2(6d).
Workaround: There is no workaround.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Symptoms: A file that is copied from a remote server to the running configuration file using Secure File Transfer (SCP) may fail with an error 26 (internal error).
Conditions: This symptom is observed if the remote server is running the Linux operating system.
Workaround: Use another file transfer method (for example, FTP).
•
Symptoms: When a Cisco feature board reloads more than once, a watchdog timeout occurs.
Conditions: This symptom is observed when a Cisco feature board reloads more than once. When the feature board comes up the second time, the console locks up. When the console returns, the watchdog timeout occurs and the Route Switch Controller (RSC) card reloads.
Workaround: There is no workaround.
•
Symptoms: The range for the virtual path identifier (VPI) and virtual channel identifier (VCI) has been changed for configuring a permanent virtual circuit (PVC) on a Cisco 2600 series and Cisco 3600 series.
Conditions: This symptom is observed on a Cisco 2600 series and a Cisco 3600 series that is running Cisco IOS Release 12.2(13.3)PI6a. In previous releases of Cisco IOS software, the range for VPI was 0 to 255 and the range for VCI was 1 to 255. In Cisco IOS Release 12.2(13.3)PI6a, the VPI range is 192 to 207 and the VCI range is 1 to 255.
Workaround: There is no workaround.
•
Symptoms: When a Cisco gatekeeper is used for call routing, facility messages in the Q Signaling (QSIG) setup are lost.
Conditions: This symptom is observed on two Cisco gateways that are connected via Voice over IP (VoIP).
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload because of a software condition when it receives a certificate revocation list (CRL) from an Lightweight Directory Access Protocol (LDAP) server during the certificate validation process.
Conditions: This symptom is observed on a Cisco 7200 series but may also occur on other Cisco routers.
Workaround: There is no workaround.
•
Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.
Cisco has made software available, free of charge, to correct the problem.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
•
Symptoms: Errors may occur on the far end of a connection of a Cisco 2691 or a Cisco 3700 series, and the line protocol may never come up, or the line protocol may come up but go down again.
Conditions: This symptom is observed on a Cisco 2691 and a Cisco 3700 series when one or more WAN interface card (WIC) slots on the mainboard (that is, the native slots) are configured with any of the following WICs:
–
–
–
–
Workaround: For a configuration that includes a WIC-1T, WIC-2T, or WIC-2A/S, configure the WIC for DCE. There is no workaround for a configuration that includes a WIC-1DSU-T1.
•
Symptoms: A Real-Time Transport Control Protocol (RTCP) packet may cause an input queue wedge on a Cisco voice gateway.
Conditions: This symptom is observed on a Cisco router that functions as a voice gateway and that is configured as an originating, terminating, or IP in IP (IPIP) gateway.
Workaround: There is no workaround.
•
Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.
Cisco has made software available, free of charge, to correct the problem.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
•
Symptoms: A Cisco router that is configured with Frame Relay (FR) subinterfaces may leak memory if the subinterfaces are configured with Random Early Detection (RED).
Conditions: This symptom is observed when traffic shaping is configured with RED configured in the subclass of the service policy. If the subinterfaces are configured with RED, other changes to the configuration may cause the router to leak memory as well. For instance, adding an IP access list to a FR subinterface that is configured with RED will cause the router to leak memory.
Workaround: There is no workaround.
•
Symptoms: Digital signal processor (DSP) tracebacks may be observed with fax calls:
%HPI-3-CODEC_NOT_LOADED: channel:0:D:20 DSP ID:0x1222, command failed as codec not loaded 1
-Traceback= 61489F38 6147F7D4 61708128 61708334 6186E688 6186F094 616F04B0 616F1274 61363424Conditions: This symptom may be observed during fax calls at the time of the DSP download of codecs.
Workaround: There is no workaround.
•
Symptoms: Entries in the tag forwarding table may disappear from a provider edge (PE) router.
Conditions: This symptom may be observed on a Cisco 7200 series or Cisco 7513 router that is running Cisco IOS Release 12.2(11)T2 or Release 12.2(15)T3 in a Multiprotocol Label Switching (MPLS) over ATM environment with the multi-virtual circuit (Multi-VC) feature turned on. The label protocol is Label Distribution Protocol (LDP.)
Workaround: Use the clear ip route prefix EXEC command. This command must be entered on each PE that has this symptom. The prefix to be used in the command is the loopback address of the remote PE.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Symptoms: IP Control Protocol (IPCP) may be rejected in the PPP negotiation between a remote end client and a Layer 2 Tunneling Protocol (L2TP) network server (LNS). The output of the show running-config virtual- access number privileged EXEC command displays that the virtual access interface that is assigned to the incoming call during the PPP negotiation does not have an IP address configured.
Conditions: This symptom is observed on an LNS when precloning is configured.
Workaround: Reload the LNS.
First Alternate Workaround: Reset the tunnel that contains all the sessions.
Second Alternate Workaround: Do not configure precloning.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Symptoms: Attribute 46 (indicating the account session time) may show a value of zero under the network stop records for asynchronous calls.
Conditions: This symptom is observed on a Cisco universal access server. If you use network stop records for billing purposes, the symptom may affect the service.
Workaround: There is no workaround.
•
Symptoms: Multiple crashinfo files may be saved on a Cisco Route Processor Module XF (RPM-XF) because of a reused IPC buffer (a second IPC send). A new buffer should be used every time an unreliable message needs to be sent. If multiple crashinfo files are generated, the available storage space in the bootflash may be used up. If the card is part of a redundant pair, the card may fail during an attempt to switch back to the primary card from the secondary card in the redundant pair.
Conditions: The symptom is observed when a switchover occurs from an RPM-XF that functions as an active module to a second RPM-XF that functions as a redundant module. When the second RPM-XF switches back to the first RPM-XF, the first RPM-XF does not become active because there is not enough available storage space to load the configuration file because of the saved crashinfo files. After three switchover attempts, the Processor Switch Module (PXM) marks the first RPM-XF as "Failed."
Workaround: Delete some crashinfo files to clear space on the bootflash before attempting to switch back to the active RPM-XF card.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Symptoms: A memory allocation failure (MALLOCFAIL) may be reported in the "ATM PVC Discovery" process.
Conditions: This symptom is observed on a Cisco 7200 series that is running the c7200-js-mz image of Cisco IOS Release 12.2(13)T1 and occurs because the Interim Local Management Interface (ILMI) input process does not free up the memory, which can be verified in the output of the show processes memory EXEC command.
Workaround: Reload the router.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Symptoms: If the call setup time for an E1 R2 hairpin call takes a long time, the call is disconnected, but some of the resources associated with the voice telephony service provider (VTSP) may still show active call legs.
Conditions: This symptom is observed on E1 R2 hairpin calls that have a long call setup time and that have set the alert-wait-time command value to 5 under the cas-custom controller configuration command.
Workaround: There is no workaround.
•
Symptoms: Calls may pause on a Cisco AS5300 or a Cisco AS5400.
Conditions: This symptom is observed rarely on a Cisco AS5300 or a Cisco AS5400 and is associated with the Tool Command Language (TCL).
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload because of a bus error.
Conditions: This symptom may be observed on a Cisco router that has been configured with the aaa preauth global configuration command.
Workaround: There is no workaround except to not use the aaa preauth global configuration command.
•
Symptoms: Calls may pause indefinitely because of an incorrect state change.
Conditions: This symptom is observed on a Cisco AS5400 that is running a Tool Command Language (TCL) interactive voice response (IVR) 2.0 script.
Workaround: There is no workaround.
•
Symptoms: Spurious memory access and traceback messages may be observed on an L2TP Access Concentrator (LAC) while PPP over X (PPPoX) Layer 2 Tunneling Protocol (L2TP) sessions are brought up.
Conditions: This symptom is observed in Cisco IOS Release 12.2(15)T1 and Release 12.2(15)T2 and may be observed on all Cisco platforms.
Workaround: There is no workaround.
•
Symptoms: A call may be rejected on the plain old telephone service (POTS) leg with cause code "0x2F" that indicates that there is no resource for the call.
Conditions: This symptom is observed on a Cisco AS5300 that is functioning as a terminating gateway when the call reaches the "progress/alerting" stage and the Cisco AS5300 has no available time-division multiplexing (TDM) resource to connect the call to the digital signal processor (DSP), which can be verified in the output of the show tdm pool privileged EXEC command:
Dynamic Backplane Timeslot Pool:
Req
------------------------
Grp ST Ttl/Free Cur/Ttl/Fail Deallocated
0 0-3 120 0 120 27726 3745 0
1 4-7 0 0 0 0 0 0The output of the show isdn active user EXEC command displays how many active calls there are. There should be one TDM resource in use for every active call. If the total number of TDM resources minus the total number of active calls does not indicate the correct number of available TDM resources, a TDM resource leak has occurred.
Workaround: Reload the Cisco AS5300.
•
Symptoms: A Cisco router that is functioning as an H.323 gatekeeper with authentication, authorization, and accounting (AAA) enabled may run out of memory and may reload unexpectedly.
Conditions: This symptom is observed on a Cisco 2620 that is functioning as a gatekeeper and that is running the c2600-is3x-mz image of Cisco IOS Release 12.2(13)T or Release 12.2(15)T when about 45 endpoints are registered on the gatekeeper.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is functioning as a gateway may place incorrect characters in the header of an "invite" message, causing a proxy server to respond with a "400 syntax error" message.
Conditions: This symptom is observed when the Cisco router changes "%40" in the header of an incoming "refer" message to "f" or "U" in the header of an outgoing "invite" message.
Workaround: There is no workaround.
•
Symptoms: A 24E1 trunk card or STM-1 trunk card may reload during the bootup process of a Cisco AS5850, and the following error message is generated:
%FBINFO-3-CRASH: Feature board in slot <number>After the trunk card has reloaded, it recovers and operates normally. The entire bootup process may take up to 10 minutes.
Conditions: This symptom is observed on a Cisco AS5850 that is running Cisco IOS Release 12.2(15)T or a later release and that is configured for handover split mode. The symptom does not occur when the router is configured for classic split mode.
Workaround: If the Route Switch Controller (RSC) is installed in slot 6, install the 24E1 trunk card or STM-1 trunk card in slot 8 through slot 13. If the RSC is installed in slot 7, install the 24E1 trunk card or STM-1 trunk card in slot 0 through slot 5. Note that the bootup process may still take up to 8 minutes.
•
Symptoms: A Cisco gateway may send a Real-Time Protocol (RTP) frame with an incorrect sequence number in the RTP header. The incorrect sequence number will be in the first frame of the stream. The gap between the sequence numbers in the first and second RTP frames may result in a jitter condition in the terminating gateway (TGW). The TGW will play no audio to the user during this time period.
Conditions: This symptom is observed on a Cisco gateway that is running Cisco IOS Release 12.2(15)T1.
Workaround: There is no workaround.
•
Symptoms: A Cisco gateway may reject a "subscribe" request with a "400" response, indicating a "Bad Request, Malformed/Missing Request Line."
Conditions: This symptom is observed when the Session Initiation Protocol (SIP) address in the Uniform Resource Identifier (URI) of the "subscribe" request does not contain a user portion.
Workaround: There is no workaround.
•
Symptoms: An unexpected resource accounting stop record may be sent after the ISDN guard timer expires.
Conditions: This symptom is observed under the following very specific conditions:
–
–
–
Workaround: Use the aaa session-id unique global configuration command.
•
Symptoms: Media Gateway Control Protocol (MGCP) primary interface backhaul calls may not come up on an E1 controller of an STM-1 trunk card.
Conditions: This symptom is observed when an STM-1 trunk card is installed in slot 0 of a Cisco AS5850 that is running Cisco IOS Release 12.2(15)T or a later release.
Workaround: There is no workaround.
•
Symptoms: A customer administrator is incorrectly given access to the system administrator graphical user interface (GUI) in version 2.1 of Cisco IOS Telephony Services (ITS).
Cisco ITS V2.1 divides administrative users into two classes: system administrators and customer administrators. System administrators may configure all ITS features system wide. Customer administrators are limited to a configurable subset of GUI functionality that is defined in an XML file. When logged on as the customer administrator (using the sample XML file) to reset a phone, the phone resets but the entire system administrator menu option appears. All of the options that are available to the system administrator are shown on the customer administrator screen.
Conditions: This symptom is observed in version 2.1 of Cisco ITS on a router that is running Cisco IOS Release 12.2(15)T.
Workaround: There is no workaround.
•
Symptoms: Control traffic may not be dequeued from a Parallel Express Forwarding (PXF) processor towards a Route Processor (RP).
Conditions: This symptom is observed on a Cisco MGX 8800 series Route Processor Module XF (RPM-XF) in a Multiprotocol Label Switching (MPLS) environment. In a cell-based MPLS network, the symptom occurs when an MPLS packet with a Time To Live (TTL) setting below 2 reaches a provider edge (PE) router. In a frame-based MPLS network, the symptom occurs when an MPLS packet with explicit null labels and with a TTL setting below 2 reaches a provider (P) or PE router.
Workaround: Configure the no mpls ip propagate-ttl global configuration command on all the routers in the MPLS network to prevent MPLS packets with a TTL setting below 2 from being generated.
•
Symptoms: A Cisco voice gateway that is configured for H.323 and Fast Start may not correctly negotiate the codec payload size upon a call transfer when the codec of the initial call is different from the codec for the transferred call.
The following additional symptoms may be observed:
–
–
Conditions: These symptoms are observed on a Cisco voice gateway that is running Cisco IOS Release 12.2(8)T5 and that has Cisco CallManager configured to receive H.323 Fast Start calls. These symptoms may not be limited to this configuration and may be observed in other environments as well.
The public switched telephone network (PSTN) caller's initial call to IP phone A uses G.711 ulaw as the codec, but the transferred call to IP phone B is configured for G.729.
Workaround: Disable Fast Start on the Cisco CallManager.
Alternate Workaround: Configure all calls for the same codec.
•
Symptoms: A digital signal processor (DSP) resource and a time-division multiplexing (TDM) time slot may not be released after a fax call has disconnected, causing RADIUS accounting packets to continue to be sent for this call. This condition eventually triggers a long-duration alarm in a Cisco BTS 10200 Softswitch.
Conditions: This symptom is observed on a Cisco AS5400 but may also occur on other Cisco platforms.
Workaround: There is no workaround.
•
Symptoms: T.38 fax calls may fail if the terminating gateway sends fast start elements in multiple H.225 messages (for example, call_proceeding, alert, connect).
Conditions: This symptom is observed only with T.38 fax calls that go through an IP in IP (IPIP) gateway and is specific to fast start calls when non-Cisco gateways are used for the terminating gateway. The symptom is not observed on a Cisco gateway.
Workaround: Initiate the T.38 fax calls using H.323 slow start.
•
Symptoms: An STM-1 trunk card may not communicate properly with the Route Switch Controller (RSC) when path tracing for the 64/16-byte format (j1) is configured using the overhead j1 length {16 | 64} {receive- message | transmit-message} message SONET controller configuration command.
The following error message may be generated when the STM-1 trunk card boots up:
%FIB-3-FIBDISABLE: Fatal error, slot <number>: No window message, LC to RP IPC is non-operationalWhen you enter the execute-on slot slot-number privileged EXEC command, the command may fail to execute for the STM-1 trunk and the following error message may be generated:
%DSIP-6-NIP_SEND_BUF: DSIP send data failed, slot 2 nip client id 0
No response from remote hostConditions: These symptoms are observed on a Cisco AS5850 that is running Cisco IOS Release 12.2(15)T or a later release.
Workaround: There is no workaround.
•
Symptoms: An access list may fail to work.
Conditions: This symptom may be observed when virtual circuits (VCs) are torn down and recreated. The symptom occurs after the switch subinterface is shut down and then brought up.
Workaround: Remove the access list and add it again.
•
Symptoms: A call may pause indefinitely when an application makes a disconnect request before the "proceeding" message for the outgoing leg is received.
Conditions: This symptom is observed only when the trunk group rotary is enabled on a router.
Workaround: There is no workaround.
•
Symptoms: IP sockets are not cleared properly by the router when a call to a terminating gateway (TGW) is not completed successfully. This may lead to a socket leak that could use all the resources of the originating gateway (OGW).
Conditions: This symptom is caused when alternate endpoints are configured in the gatekeeper. If the OGW does not successfully complete a call to the TGW provided in the Admission Confirm (ACF), the OGW will then try the alternate endpoint. However, the socket that is used to send the SETUP message to the first TGW is not cleared properly.
Workaround: Configure the gatekeeper without the use of alternate endpoints, and then reboot the router. There is no way to clear the sockets that are left behind.
•
Symptoms: An E1 controller does not come up when the hardware loopback cable is connected or is in loopback mode.
Conditions: This symptom is observed on a Cisco AS5850 universal gateway.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7206VXR may encounter the following authentication, authorization, and accounting (AAA) message errors:
%SYS-2-CCA_INT_ERR: CCA Detected Logic Error, code = 16
-Traceback= 607E1108 607E2888 607E06D4 607E0734 607E0920 606DF050 606DF094 606D3E04 606D7DC4 606C9378 606DBC60 6Conditions: This symptom is observed on a Cisco 7206VXR that is running Cisco IOS Release 12.2(16.4)T.
Workaround: There is no workaround.
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•
Symptoms: An H.323 gateway may reload when the no gateway and gateway global configuration commands are entered. This symptom will occur if anything causes the unregistration and registration of the gateway with the Cisco gatekeeper.
Conditions: This symptom is observed only if a plain old telephone service (POTS) dial peer is configured with a "destination-pattern T" (terminator).
Workaround: Do not used the "destination-pattern T" configuration.
•
Symptoms: After a "submit" element with "post" method in a Voice XML (VXML) document, the "submit" element with the "get" method no longer works.
Conditions: This symptom is observed on all Cisco gateways that support VXML.
Workaround: There is no workaround.
•
Symptoms: An STM-1 feature board will not boot because of an initialization failure.
Conditions: This symptom is observed on a Cisco AS5850 with a Revision 3 STM-1 feature board that does not have the engineering fields of the serial EEPROM programmed.
Workaround: Program the engineering fields of the serial EEPROM on the STM-1 feature board.
•
Symptoms: The cache L3 bypass diagnostic command-line interface (CLI) command is not available.
Conditions: This symptom is observed only on a Cisco 7400 series.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload with a traceback at vxml_vxml_proc.
Conditions: This symptom is observed on a Cisco AS5350 router that is running Cisco IOS Release 12.2(13)T1.
Workaround: There is no workaround.
•
Symptoms: The input queue of an interface that is connected to a default network may increase and eventually become full, causing the interface to be no longer usable.
Conditions: This symptom is observed during a service logon when the connection activation takes a long time, for example, because of an authentication, authorization, and accounting (AAA) failure or a delay in a tunnel activation.
Workaround: There is no workaround.
•
Symptoms: A router may reload after an online insertion and removal (OIR) is performed on a Versatile Interface Processor (VIP).
Conditions: This symptom is observed if an OIR is performed on the VIP of a Cisco 7500 series while an 8-port T1/E1 Inverse Multiplexing over ATM (IMA) port adapter (PA-A3-8T1/8E1) is installed on the VIP.
Workaround: There is no workaround.
•
Symptoms: An accounting stop record that is sent by a Cisco gateway for the second alternate endpoint does not contain all of the attribute-value (AV) pairs.
Conditions: This symptom is observed on a Cisco AS5400 universal gateway that is running Cisco IOS Release 12.2(15)T2. The symptom is not observed in Cisco IOS Release 12.2(15)T1 or Release 12.3(0.5).
Workaround: There is no workaround.
•
Symptoms: If you configure the radius-server host x.x.x.x backoff exponential key SomeKey command and then enter the copy run start command, the configuration that is stored will be as follows:
radius-server host x.x.x.x key SomeKey backoff exponential
As a result, the router will use "SomeKey backoff exponential" as the key for communicating with the RADIUS server instead of "SomeKey."
This prevents the RADIUS server from communicating with the router and results in the following symptoms:
–
–
–
If the service password-encryption global configuration command is configured, you will see an error message that resembles the following message:
%Invalid encrypted key: 02050D480809 backoff exponential max-delay 3 backoff-retry 8Conditions: This symptom is observed any time you configure a RADIUS server with backoff exponential and a per-server key.
Workaround: Perform the following steps:
1. Configure the radius-server host x.x.x.x backoff exponential key SomeKey command.
2. Copy the running configuration to a TFTP or FTP server and edit the running configuration with a text editor to place the key SomeKey portion of the radius-server host configuration line at the end of the line.
3. Enter the copy tftp start or copy ftp start command to place the configuration in the router's startup configuration.
4. Do not enter the copy run start global configuration command.
Alternate Workaround: Do not configure a per-server key. Use a global key instead.
•
Symptoms: A Cisco router may experience a loss of packets.
Conditions: This symptom is observed on a Cisco AS5850 that is running the Virtual Profile feature in distributed Cisco Express Forwarding (dCEF) switching mode.
Workaround: Turn off dCEF switching.
Wide-Area Networking
•
Symptoms: Voice calls may disconnect when the European Telecommunication Standards Institute (ETSI) Supplementary Service is used.
Conditions: This symptom is observed on a Cisco 2620 router that is running Cisco IOS Release 12.1(05)T07 with a BRI interface to the public switched telephone network (PSTN) as a gateway for the Cisco CallManager.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5800 may reload.
Conditions: This symptom is observed during a period of inconsistent RADIUS service that causes sessions to flap.
Workaround: There is no workaround.
•
Symptoms: A Cisco 6400 Node Route Processor 1 (NRP1) or a Cisco 7200 series may reload because of an unexpected exception or a bus error at address 0xB0D0B0D.
Conditions: This symptom is observed in Cisco IOS Release 12.2(13)T1 and Release 12.2(15)T1 when the Cisco 6400 NRP1 or the Cisco 7200 series is configured as a PPP over Ethernet (PPPoE) terminator and a Layer 2 Tunneling Protocol (L2TP) access concentrator (LAC).
Workaround: There is no workaround.
•
Symptoms: When a user connects to an access control list (ACL) that is applied inbound on a virtual template, the ACL fails
Guest
