Table Of Contents
Resolved Caveats—Cisco IOS Release 12.3(9e)
Resolved Caveats—Cisco IOS Release 12.3(9d)
Resolved Caveats—Cisco IOS Release 12.3(9c)
Resolved Caveats—Cisco IOS Release 12.3(9b)
Resolved Caveats—Cisco IOS Release 12.3(9a)
Resolved Caveats—Cisco IOS Release 12.3(9)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.3(6f)
Resolved Caveats—Cisco IOS Release 12.3(6e)
Resolved Caveats—Cisco IOS Release 12.3(6c)
Resolved Caveats—Cisco IOS Release 12.3(6b)
Resolved Caveats—Cisco IOS Release 12.3(6a)
Resolved Caveats—Cisco IOS Release 12.3(6)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.3(9e)
Cisco IOS Release 12.3(9e) is a rebuild release for Cisco IOS Release 12.3(9). The caveats in this section are resolved in Cisco IOS Release 12.3(9e) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
Symptoms—A description of what is observed when the caveat occurs.
•
•
Basic System Services
•
Symptoms: The following attributes are duplicated in the RADIUS accounting records of an incoming leg:
Calling-Station-Id
Called-Station-IdConditions: This symptom is observed on a Cisco platform that is configured for AAA.
Workaround: There is no workaround.
•
Remote Authentication Dial In User Service (RADIUS) authentication on a device that is running certain versions of Cisco Internetworking Operating System (IOS) and configured with a fallback method to none can be bypassed.
Systems that are configured for other authentication methods or that are not configured with a fallback method to none are not affected.
Only the systems that are running certain versions of Cisco IOS are affected. Not all configurations using RADIUS and none are vulnerable to this issue. Some configurations using RADIUS, none and an additional method are not affected.
Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects of the vulnerability.
More details can be found in the security advisory which posted at the following URL:
http://www.cisco.com/warp/public/707/cisco-sa-20050629-aaa.shtml•
Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.
Cisco has made free software available that includes the additional integrity checks for affected customers.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml.
IP Routing Protocols
•
Symptoms: A router may reset its Border Gateway Protocol (BGP) session.
Conditions: This symptom is observed when a Cisco router that peers with other routers receives an Autonomous System (AS) path with a length that is equal to or greater than 255.
Workaround: Configure the bgp maxas limit command in such as way that the maximum length of the AS path is a value below 255. When the router receives an update with an excessive AS path value, the prefix is rejected and recorded the event in the log.
Miscellaneous
•
Symptoms: When you perform a stress test on a Cisco 7200 series that processes H.323 voice calls, the following error message and traceback may be generated:
%ALIGN-3-SPURIOUS: Spurious memory access made at 0x6241A498 reading 0x94 %ALIGN-3-TRACE: -Traceback= 6241A498 6241C788 623EB0F8 623ED694 00000000 00000000 00000000 00000000 DGK7201#Conditions: This symptom is observed when you make approximately 40 calls per second and when the directory gatekeeper (DGK) loader constantly sends LRQs to the DGKs to query a route server to obtain routes. Note, however, that the router continues to process calls normally.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(9d)
Cisco IOS Release 12.3(9d) is a rebuild release for Cisco IOS Release 12.3(9). The caveats in this section are resolved in Cisco IOS Release 12.3(9d) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: The console of a router may stop responding and the router may stop forwarding traffic.
Conditions: This symptom is observed on a Cisco 7206VXR that runs Cisco IOS Release 12.3(6b) and that is configured with an NPE-G1 when the native Gigabit Ethernet interfaces of the NPE-G1 are used. The symptom may also occur in other releases.
Workaround: There is no workaround.
IP Routing Protocols
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at:
http://www.cpni.gov.uk/docs/re-20050412-00303.pdf
•
Symptoms: A router that is configured with the OSPF routing protocol may reload.
Conditions: This symptom is observed when the OSPF process is simultaneously deconfigured via one session and configured via another session.
Workaround: There is no workaround. Cisco strongly discourages you to configure a router via two different but simultaneous sessions.
•
Symptoms: In a simple network that consists of two routers, SPF calculations occur every minute although no topology changes occur.
Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS release later than Release 12.3(6b) or Release 12.3(7)T4 and that functions as an ABR router when there are static routes in the network.
Workaround: There is no workaround. Note that the symptom does not occur in Release 12.3(6b) and Release 12.3(7)T4: SPF calculations do not occur every minute.
•
Symptoms: Connected routes cannot be redistributed from one protocol to another.
Conditions: This symptom is observed on EIGRP routes when using the shut command followed by the no shut command, but could affect other routing protocols.
Workaround: There is no workaround.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf
Miscellaneous
•
Symptoms: A Cisco router may reload when you enter the show standby or show standby brief command.
Conditions: This symptom is observed on a Cisco Multiprocessor WAN Application Module MWAM) when multiple HSRP groups are configured and unconfigured in a loop while traffic for the HSRP groups is being processed. The symptom may be platform-independent.
However, a stress scenario in which many HSRP groups are configured and unconfigured while the show standby or show standby brief command is executed may be a rather uncommon scenario.
Workaround: Do not to enter the show standby or show standby brief command while configuration changes are being made.
•
Symptoms: A Cisco 7200 series or another mid-range router may crash or may stop responding.
Conditions: This symptom is observed on a Cisco 7200 series or other mid-range router that runs Cisco IOS Release 12.3(6a). The crash occurs when an interface that is configured with a rate-limit command is deleted by entering the no interface command and then reenabled by entering the interface command.
Workaround: Remove the rate-limit configuration from the interface before deleting the interface.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf
•
Reception of certain IPv6 fragments with carefully crafted illegal contents may cause a router running Cisco IOS to reload if it has IPv6 configured. This applies to all versions of Cisco IOS that include support for IPv6.
The system may be protected by installing appropriate access lists to filter all IPv6 fragments destined for the system. For example:
interface Ethernet0/0
ipv6 traffic-filter nofragments in
!
ipv6 access-list nofragments
deny ipv6 any <my address1> undetermined-transport
deny ipv6 any <my address2> fragments
permit ipv6 any any
This must be applied across all interfaces, and must be applied to all IPv6 addresses which the system recognizes as its own.
This will effectively disable reassembly of all IPv6 fragments. Some networks may rely on IPv6 fragmentation, so careful consideration should be given before applying this workaround.
We would recommend for customers to upgrade to the fixed IOS release. All IOS releases listed in IPv6 Routing Header Vulnerability Advisory at /en/US/products/products_security_advisory09186a00807cb0fd.shtml contain fixes for this issue.
•
Cisco Internetwork Operating System (IOS) software is vulnerable to a Denial of Service (DoS) and potentially an arbitrary code execution attack from a specifically crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to process IPv6 traffic are affected. Upon successful exploitation, the device may reload or be open to further exploitation.
Cisco has made free software available to address this vulnerability for all affected customers.
More details can be found in the security advisory that is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml.
•
Symptoms: A PCMCIA flash card that is installed in either slot 0 or slot 1 of a Cisco 3620 may become read-only.
Conditions: This symptom is observed occasionally on a Cisco 3620 that runs Cisco IOS Release 12.3(6b).
Workaround: There is no workaround.
•
Symptoms: A Cisco 1760 that runs Cisco IOS Release 12.3(6c) may crash because of a SegV exception.
Conditions: This symptom is observed when the following conditions are present:
- A policy map is applied to a VLAN interface.
- The policy map includes the set cos command.
Workaround: Disable Layer 2 class of service (CoS) packet marking by entering the no set cos command.
•
Symptoms: A gateway that has a higher IP address in comparison with its peer may fail to open a TCP connection for a logical channel.
Conditions: This symptom is observed during fast start when a glare condition occurs while both gateways indicate to each other (in facility or other H.225 messages) that the H.245 control channel should be opened.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 VXR router crashes after running out of I/O memory because of a buffer leak in a public particle pool.
Conditions: This symptom is observed on a 7200 VXR router that runs Cisco IOS Release 12.3(9c) or Release 12.3(12) and that is configured with an NPE-G1. The symptom does not occur in Release 12.3(9).
Workaround: There is no workaround.
•
Symptoms: A Cisco voice gateway may drop a voice or fax relay call during CNG tone detection.
Conditions: This symptom is observed on a Cisco voice gateway that is configured with an VXML application script on the incoming POTS dial peer and that receives a fax CNG tone.
Workaround: There is no workaround. However, this is the limitation on voice gateways that use VXML applications: such platforms only support T.37.
Further Problem Description: The fix for this caveat includes support for T.38 on voice gateways that use VXML applications.
•
Symptoms: Backup calls are not initiated after you reload the router.
Conditions: This symptom is observed on a Cisco 2800 series that is configured for QoS. When the dialer interface is a designated backup interface and you reload the router, the dialer interface does enter the backup mode even though the primary interface is down.
Workaround: After you have reloaded the router, enter the shutdown command followed by the no shutdown command on the dialer interface.
•
Symptoms: A Cisco 3660 gateway may crash when a voice call is made.
Conditions: This symptom is observed on a Cisco 3660 that runs Cisco IOS Release 12.3 or interim Release 12.3(12.4)T1 when accounting is enabled.
Workaround: There is no workaround.
•
The Cisco IOS Firewall Authentication Proxy for FTP and/or Telnet Sessions feature in specific versions of Cisco IOS software is vulnerable to a remotely-exploitable buffer overflow condition.
Devices that do not support, or are not configured for Firewall Authentication Proxy for FTP and/or Telnet Services are not affected.
Devices configured with only Authentication Proxy for HTTP and/or HTTPS are not affected.
Only devices running certain versions of Cisco IOS are affected.
Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects of the vulnerability.
This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20050907-auth_proxy.shtml.
Wide-Area Networking
•
Symptoms: A call may cause the following error messages, after which calls may pause indefinitely:
%DIAL0-3-MSG: %DS_TDM-3-NO_RECOMB_BUS_DS0: Slot 0: no free Recombination bus DS0s left; connection not madeConditions: This symptom is observed on a Cisco platform that functions in a stress environment.
Workaround: There is no workaround. To recover from the symptom, reload the platform.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.cpni.gov.uk/docs/re-20050412-00303.pdf
Resolved Caveats—Cisco IOS Release 12.3(9c)
Cisco IOS Release 12.3(9c) is a rebuild release for Cisco IOS Release 12.3(9). The caveats in this section are resolved in Cisco IOS Release 12.3(9c) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: When you try to configure NTP on a Cisco platform, the ntp server command is rejected with the following error message:
%NTP: failed to initialize NTP processConditions: This symptom is observed on any Cisco platform that does not support a reference clock.
Workaround: There is no workaround.
•
Symptoms: A specifically crafted Transmission Control Protocol (TCP) connection to a telnet or reverse telnet port of a Cisco device running Internetwork Operating System (IOS) may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases Hypertext Transport Protocol (HTTP) access to the Cisco device. Telnet, reverse telnet, RSH and SSH sessions established prior to exploitation are not affected.
All other device services will operate normally.
Conditions: User initiated specially crafted TCP connection to a telnet or reverse telnet port results in blocking further telnet sessions. Whereas, services such as packet forwarding, routing protocols and all other communication to and through the device remains unaffected.
Workaround: The detailed advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml
IBM Connectivity
•
Symptoms: A Cisco router that functions as a LANE server may fail to attain the active state and remains in the backup state regardless of the priority. This situation prevents LANE clients from becoming operational.
Conditions: This symptom is observed on a Cisco 7200 series and Cisco 7500 series that run Cisco IOS interim Release 12.3(8.4) and later interim releases. The symptom may also occur in other releases.
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: Packets that originate from a Cisco router that is configured with a PA-MC-8TE1+ port adapter may be corrupted and have an invalid FCS. These packets may have the address and control fields compressed even when PFC and ACFC options are explicitly disabled.
Conditions: This symptom is observed only when traffic is presented simultaneously on several B-channels.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series router may experience a spurious memory access on the VIP with PA-A3, and the VIP might crash.
Conditions: This problem may occur when the PA-A3 interface is flapped continuously. This problem was mainly seen with PA-A3 interface, which is configured with a service policy attached to an ATM permanent virtual circuit (PVC) that has distributed link fragmentation and interleaving (dLFI) enabled. There is a variety of other stress conditions that can cause this problem.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: Network Address Translation (NAT) incorrectly resets the TTL of DNS Dynamic Update (RFC2136) Address Records (A-RR) to zero. This situation impacts updates that are sent within the Microsoft Active Directory (AD) system because the AD server refuses A-RR updates that have a TTL of zero.
Conditions: This symptom is observed only for A-RR record types. Record types other than A-RR are not affected.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: An MLP bundle configured between a Cisco 7500 series and any other router may not be able to switch traffic when dCEF is enabled on the Cisco 7500 series.
Conditions: This symptom is observed when LFI is enabled with one member link in the MLP bundle.
Workaround: Either remove dCEF or remove LFI. (A combination of CEF and MLP is not supported.) Note that if there are two member links in the interleaving-enabled MLP bundle, the problem does not occur.
•
Symptoms: On a Cisco 7500 series, all PVCs may suddenly enter the down state and remain in this state for about two minutes before they come back up. During the DLCI down state, the subinterface does not go down and no notifications are observed in the message log.
Conditions: This symptom is observed on a Cisco 7500 series that is configured with an RPS4+ or an RSP8 and that runs the rsp-jsv-mz image of Cisco IOS Release 12.2(12i). In addition, the router is configured with an 8-port serial port adapter and an HSSI port adapter, is configured for Frame Relay, and has more than 450 PVCs/DLCIs. Note that the symptom may be platform-independent and may also occur on other Cisco platforms in a similar configuration.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may experience a memory leak. The "Holding" column in the output of the show process memory command shows that the "VTEMPLATE Backgr" process allocates memory without freeing it. This column will continue to grow until all the memory is consumed.
Conditions: This symptom is observed on a Cisco router that is configured for RIP version 2.
Workaround: Schedule the router for a periodic reload before it completely exhausts all available memory.
•
Symptoms: When the Cisco IOS Firewall CBAC is configured, the router seems to have a software-forced reload caused by one of the inspections processed.
Conditions: This symptom is observed when the router is part of a DMVPN hub-spoke with a Cisco VoIP phone solution deployed on it and the router is connected to the central office over the Internet. The Cisco VoIP phone runs the SKINNY protocol.
Workaround: There is no workaround.
•
Symptoms: When a T.38 fax failure occurs, for example because a call is disconnected, a Cisco AS5400 may incorrectly generate the following message in its log:
%DSM-3-DSP_TIMEOUT: DSP timeout on channel <channel specific information> T38
Codec Switch Failed or Timed outConditions: This symptom is observed when there is no real failure in the codec download. The symptom may occur when a disconnect from the telephony side occurs while the Cisco AS5400 is in the middle of a codec download.
Workaround: There is no workaround.
•
Symptoms: Upon resetting or reloading a Cisco 3700 series, the IP phones that are connected to an NM-ESW-16 no longer receive power from the internal power supply.
Conditions: This symptom is observed when a Cisco 3725 is configured with an NM-ESW-16 and when three IP phones are directly connected to the NM-ESW-16. The symptom may also occur on another Cisco 3700 series router.
Workaround: For the interfaces that do not receive power, enter the shutdown command followed by the no shutdown command on the interface of the NM-ESW-16 or disconnect and reconnect the FE cables that run between the NM-ESW-16 and the IP phones.
•
Symptoms: A Cisco router may experience alignment errors involving MPLS and BGP, and the output of the show alignment command may show the following information:
Total Spurious Accesses 1, Recorded 1
Address Count Traceback
C 1 0x612EE93C 0x60BD2894 0x60BD2F0C 0x60B8C2DCConditions: This symptom is observed on a Cisco router that is configured for MPLS and BGP.
Workaround: There is no workaround. However, note that the symptoms are of a transient nature and do not affect the functionality of the router.
•
Symptoms: RIP non-direct neighbor functionality does not work.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3.
Workaround: There is no workaround.
•
A Cisco device running Cisco IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DoS) attack from a malformed BGP packet. Only devices with the command `bgp log-neighbor-changes' configured are vulnerable. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet.
If a misformed packet is received and queued up on the interface, this bug may also be triggered by other means which are not considered remotely exploitable such as the use of the command `show ip bgp neighbors' or running the command `debug ip bgp <neighbor> updates' for a configured bgp neighbor.
Cisco has made free software available to address this problem.
For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20050126-bgp.shtml
•
Symptoms: IPSec tunnels may fail to kick off sometimes.
Conditions: This symptom occurs when the IPSec tunnels are created through tunnel protection CLI, and the user issues the clear crypto sa command.
Workaround: Issue the shut command then the no shut command on the tunnel interface on both ends.
•
Symptoms: Some objects in CISCO-CLASS-BASED-QOS-MIB get a huge value, which is different from the show policy-map interface command output (result is normal statistics).
For example:
CISCO-CLASS-BASED-QOS-MIB::cbQosPoliceCfgConformAction.2361 = INTEGER:1680654100
CISCO-CLASS-BASED-QOS-MIB::cbQosPoliceCfgConformAction.2365 = INTEGER:1680654100
CISCO-CLASS-BASED-QOS-IB::cbQosPoliceCfgConformSetValue.2983=Gauge32:1653639456 CISCO-CLASS-BASED-QOS-IB::cbQosPoliceCfgConformSetValue.3023=Gauge32:1653639456Conditions: This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.3(9).
Workaround: There is no workaround.
•
Symptoms: An outband named access list on a NAT outside interface is applied before the NAT translation occurs in the NAT-aware VRF configuration. This situation prevents the named access list from functioning properly.
Conditions: This symptom is observed on a Cisco router that is configured for NAT-aware VRF and that has a named access list.
Workaround: There is no workaround.
•
Symptoms: A software-forced crash may occur on a gatekeeper that processes an incoming call.
Conditions: This symptom is observed on a Cisco platform that functions as a gatekeeper and that runs Cisco IOS Release 12.2(15)T13 and occurs only when a GKTMP server is configured for LRQ triggering.
Workaround: There is no workaround.
•
Symptoms: On a Cisco 12000 series that functions as an egress PE router in an MPLS VPN network, after the customer-facing Gigabit Ethernet line card is reloaded, the ingress line card that receives an incoming VPN label with a destination with a glean adjacency (which requires an ARP) without a BGP session may not properly complete the adjacency, causing traffic to be dropped.
Conditions: This symptom is mostly observed with static recursive route configurations. To recover from the symptom, manually ping the interface of the CE router from the adjacent PE router.
Workaround: Configure the static ARP entries for the nexthop router that is configured in the static recursive routes.
•
Symptoms: Subscribers cannot access the network when the ssg qos police session command is enabled.
Conditions: This symptom is observed on a Cisco 6400 series NRP that runs Cisco IOS Release 12.3(9).
Workaround: Disable the ssg qos police session command. The symptom does not occur in Release 12.3(6).
•
Symptoms: A Cisco 3725 that has an AIM slot populated may hang sporadically.
Conditions: This symptom is observed on a Cisco 3725 that runs Cisco IOS Release 12.3(6) or a later release.
Workaround: There is no workaround. To restore the router to normal operation, power-cycle the router.
•
Symptoms: Spurious memory accesses occur on a gatekeeper during RAS communication for H.323 voice calls.
Conditions: This symptom is observed when the gatekeeper sends an LRQ for a voice call.
Workaround: There is no workaround.
•
Symptoms: When the calling number or the called number or both contains the * character, for example *67#1234567890, the call is rejected by the gateway and is released with cause code 63 (service or option not available). In the debugs the following message is generated before call is released:
H225Lib::is_valid_e164_number: Number has non-supported IA5 character - * cch323_ras_arj_notify:calledConditions: This symptom is observed on a Cisco platform that functions as a gateway in an H.323 VoIP network and that runs Cisco IOS Release 12.3(6c) or another release that contains the fix for CSCee07037. The symptom occurs only in gatekeeper-routed call scenarios, that is, RAS-based call flows.
A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCee07037. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
The symptom does not occur with other characters such as #.
Workaround: There is no workaround.
•
Symptoms: Mute calls may occur on a Cisco MGCP gateway. The output of the show mgcp connection command shows that the Connection Mode for the originating endpoint remains in a loopback (M=5) after answering the call:
Endpoint Call_ID(C) Conn_ID(I) (P)ort (M)ode ...
1. S7/DS1-0/31 C=3E,315,313 I=0x81 P=0,0 M=3 ...
2. S7/DS1-1/31 C=3E,313,315 I=0x80 P=0,0 M=5 ...Conditions: This symptom is observed for a hairpin call with COT that is requested on the originating call leg from the PSTN side.
Workaround: Disable COT on the PSTN side.
•
Symptoms: A Cisco router crashes when you enter the fsck command for an ATA flash disk.
Conditions: This symptom is observed when the boot sector of the ATA flash disk is corrupted and when the router runs a release that is listed in the "First Fixed-in Version" field at http://www.cisco.com/cgi- bin/Support/Bugtool/onebug.pl?bugid=CSCed58384. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: Format the disk.
•
Cisco Internetwork Operating System (IOS) Software release trains 12.2T, 12.3 and 12.3T may contain vulnerabilities in processing certain Internet Key Exchange (IKE) Xauth messages when configured to be an Easy VPN Server.
Successful exploitation of these vulnerabilities may permit an unauthorized user to complete authentication and potentially access network resources.
This advisory will be posted to http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml
•
Symptoms: Multicast packets such as HSRP and OSPF are not received on a port-channel interface.
Conditions: This symptom is observed when a port-channel interface is configured on a Cisco router, when you reload the router, and when the first member is added to the port-channel interface by entering the no shutdown interface configuration command on physical interface.
Workaround: Enter the do shutdown interface configuration command followed by the no shutdown interface configuration command on the port-channel interface.
Wide-Area Networking
•
Symptoms: A PPP interface may fail to come up when the router is booted or when the interface resets. When this situation occurs, the interface appears to be physically up but PPP does not start. When you enable logging of PPP negotiation events with the debug ppp negotiation command and when packets arrive on the PPP interface, you can see in the log that PPP discards these inbound frames with an "LCP: Lower layer not up, discarding packet" message even though the lower layer (the link) is up.
Conditions: This symptom is observed when a PPP interface transitions from a down state to an up state at the link level. The symptom is most likely to occur when the router operates under a moderate-to-heavy load, or when large numbers of PPP interfaces simultaneously change state (for example when a channelized interface is reset).
Workaround: Any sequence that resets the interface usually clears the symptom. Therefore, you can enter the clear interface interface-name EXEC command or the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
•
Symptoms: When you enter the show frame-relay lmi command on a router, the router may crash, or alignment errors may occur.
Conditions: This symptom is observed after you first have deleted an MFR interface on the router.
Workaround: There is no workaround.
•
Symptoms: After forwarding an ISDN dialin connection to an LNS via L2TP, the LAC does not disconnect the ISDN connection upon termination of the L2TP session. The ISDN connection must be terminated by the remote user.
Conditions: This symptom is observed on a Cisco platform that functions as a LAC and that runs Cisco IOS interim Release 12.3(10.2). Note that the symptom does not occur in Release 12.3(10) and earlier releases.
Workaround: There is no workaround.
•
Symptoms: When a call is placed from the network side to a VoIP CPE that runs Cisco IOS Release 12.3(6c) and when the called party number is configured on a dial peer that points to a deactivated BRI, the VoIP CPE may release the incoming call to the VoIP leg with incorrect disconnection cause code 16 (normal call clearing) instead of cause code 34 (no circuit).
Conditions: This symptom is observed when the BRI is deactivated by a router that functions as a VoIP CPE and that runs Cisco IOS Release 12.3(6c). Note that a router that runs Release 12.2(11)T7 or Release 12.3(6b) sends the proper cause code 34.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(9b)
Cisco IOS Release 12.3(9b) is a rebuild release for Cisco IOS Release 12.3(9). The caveats in this section are resolved in Cisco IOS Release 12.3(9b) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: A bus error crash (that is, an illegal access to a low address) may occur in the RADIUS process.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with an NPE-G1 and that runs Cisco IOS Release 12.3(9).
Workaround: There is no workaround. Note that the symptom does not occur in Release 12.3(3).
IP Routing Protocols
•
Symptoms: A Cisco router that runs Cisco IOS Release 12.3(5a) may reload because of a bus error. The output of the show version command may show the following:
System returned to ROM by bus error at PC 0xXXXXXXXX, address 0xYYYYYYYYConditions: The symptom may be observed when IP NAT is configured.
Workaround: Enter the no ip nat service sip tcp port 5060 command and the no ip nat service sip udp port 5060 command.
The following link provides general information about bus errors: http://www.cisco.com/warp/public/122/crashes_buserror_troubleshooting.html
["Troubleshooting Bus Error Crashes"; Document ID: 7949; replaces http://www.cisco.com/warp/public/122/crashes_buserror_troubleshooting.shtml]
•
Symptoms: A Cisco router may crash when you enter the clear ip route * command.
Conditions: This symptom is observed when the routing table has a default route.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: A NAS crashes when stress scripts are running and when bulk calls are made.
Conditions: This symptom is observed on a Cisco AS5400 and Cisco AS5800 that are configured for T1 when scripts run that enter the shutdown command followed by the no shutdown command on controllers in digital callers and the clear modem all command in analog callers. The NAS is stressed with both analog and digital calls made from a traffic generator that sends 20 packets per second and the scripts run every 10 minutes.
Workaround: There is no workaround.
•
Symptoms: After marking a high threshold, a call from a gateway that is registered with another gatekeeper is rejected because of Disconnect Cause 34 (no circuit/channel available) though there are channels available.
Conditions: This symptom is observed with a gatekeeper that is running Cisco IOS Release 12.3 T or Release 12.3, and with any gateway (can be from Cisco or a third party) that supports RAI functionality.
Resource Availability Indicator (RAI) and the gatekeeper clustering function are used. The originating gateway and terminating gateway are registered with different gatekeepers.
Workaround: Register all gateways with a single gatekeeper.
•
Symptoms: A Cisco router accepts an incoming plaintext that matches the crypto map that is applied to an interface. The packet should be rejected because is should have been encrypted.
Conditions: This symptom is observed when all the following conditions occur:
- The interface is a serial subinterface.
- The interface has both fast switching and CEF switching disabled.
- The outgoing interface for the packet has fast switching or CEF switching enabled.
Workaround: Ensure that all interfaces have fast switching and CEF switching either enabled or disabled.
•
Symptoms: A Cisco 7500 series that is configured for Distributed Link Fragmentation and Interleaving (DLFI) may cause delays.
Conditions: This symptom is observed on a Cisco 7500 series that is configured with a multilink interface after the router is reloaded.
Workaround: Enter the shutdown command followed by the no shutdown command on the multilink interface.
•
Symptoms: A router may fail to advertise a prefix for which the network portion matches the major net. For example, when 10.0.0.0/8 is the major net, 10.0.0.0/16 is not advertised.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(4) or a later release when the subnet between the two routers is in the same classful range as the advertised prefix of the advertising router.
Workaround: On the advertising router, enter the shutdown command followed by the no shutdown command on the interface that is connected to the receiving RIP peer.
•
Symptoms: Address 0.0.0.0 and mask 128.0.0.0 are considered invalid if used in a service profile.
Conditions: This symptom is observed on a Cisco platform that runs a Cisco IOS software image that includes the fix for CSCee13629. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCee13629. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: Use the following service networks instead of 0.0.0.0/128.0.0.0:
1.0.0.0;255.0.0.032.0.0.0;224.0.0.0
2.0.0.0;254.0.0.0
4.0.0.0;252.0.0.0
8.0.0.0;248.0.0.0
16.0.0.0;240.0.0.0
64.0.0.0;192.0.0.0
128.0.0.0;128.0.0.0•
Symptoms: A router may fail to advertise a major net route such as 10.0.0.0/8 to a RIP peer.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(3.3) or a later release when the route is redistributed from MP-IBGP into RIP and when the subnet connecting the RIP peer is in the classful range of the advertised major net.
Workaround: On the advertising router, enter the shutdown command followed by the no shutdown command on the interface that is connected to the receiving RIP peer.
•
Symptoms: A Cisco Access server that terminates virtual-profile calls with per-user access control lists (ACLs) does not remove all per-user ACLs when calls are terminated. This situation may cause the memory of the access server to be depleted, and the output of the show processes memory EXEC command may indicate that the "AAA Per-User" process holds most of the allocated memory.
Conditions: This symptom is observed on a Cisco access server that runs a Cisco IOS Release that contains the fix for CSCee01688.
Temporary Workaround: To free up memory, manually remove the per-user ACL by entering the no ip access-list extended virtual-access number global configuration command. The number argument consists of the numbers (for example, 2003#671) that are assigned by the Cisco IOS software when the ACL is created.
•
Symptoms: A call may fail with MGCP error code 400 (Voice setup failed).
Conditions: This symptom is observed when call is made from a Cisco AGM that functions as an MGCP gateway and that is registered to a Cisco CallManager.
Workaround: There is no workaround.
•
Symptoms: Spurious memory accesses may occur on a VIP card with installed channelized port adapter(s). the CPU utilization may increase to 99 or 100 percent, causing the performance of the VIP to be impacted.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3(6).
Workaround: There is no workaround.
Wide-Area Networking
•
Symptom: A process-switched L2TP packet is dropped on an LNS when the sessions are created into multiple VRFs. There is no problem with a CEF-switched session.
Conditions: This symptom is observed when one of the sessions is process-switched (for example, the UDP checksum is present) and when CEF switching is enabled.
Workaround: Disable CEF switching by entering the no ip route-cache cef interface configuration command on the virtual-template interface or enter the vpdn ip udp ignore checksum global configuration command.
•
Symptoms: A Cisco L2TP network server (LNS) may not send the following RADIUS accounting record attributes:
–
–
–
–
Conditions: This symptom is observed when all of the following conditions are present:
–
–
–
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(9a)
Cisco IOS Release 12.3(9a) is a rebuild release for Cisco IOS Release 12.3(9). The caveats in this section are resolved in Cisco IOS Release 12.3(9a) but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: A VIP crash can lead to a memory exhaustion situation on the RSP in turn leading to an RSP crash.
Conditions: This will happen more frequently on routers with a high idb count.
Workaround: There is no workaround.
•
Symptoms: Async PPP calls fail on a Cisco AS5850 when an IOS upgrade is performed from 12.3(7)T to 12.3(7)T1.
Conditions: This is seen on a Cisco AS5850 running 12.3(7)T1 and only with async mode interactive. This issue can be service affecting and this is reproducible. The symptom may also occur in Release 12.3.
Workaround: Though not a good solution, configuring async mode dedicated solves the problem.
•
Symptoms: AAA database memory is not released when the AAA ID is deallocated.
Conditions: This symptom is observed when a GGSN PPP context is opened or closed and when AAA authentication is configured but AAA accounting is not.
Workaround: There is no workaround.
•
Symptoms: Users are unable to authenticate using RADIUS, or accounting is not sent to the RADIUS server. In addition, when you enter the debug radius command, the following information is generated:
RADIUS(00000049): sending
%RADIUS-3-NOSERVERS: No Radius hosts configured.
RADIUS/DECODE: parse response no app start; FAIL
RADIUS/DECODE: parse response; FAILThe output of the show running-config command indicates that there are in fact RADIUS servers in the server group.
Conditions: These symptoms are observed after following these steps:
1. Remove and recreate a server group that is still referenced by one or more method lists, by entering the following commands:
no aaa group server radius XXXX
aaa group sever radius XXXX
server x.x.x.x
...2. Allow one of these method lists to be used, causing a transaction to be sent to a RADIUS or TACACS+ server in the server group.
3. Remove and re-add the radius-server host ... command lines for all authentication-capable (or accounting-capable if this group is used for accounting) servers in this server group.
Workaround: Remove all RADIUS or TACACS+ server configurations, remove all RADIUS or TACACS+ server group configurations, and remove all method lists. Then, reconfigure all of them.
Further problem description: If you enter the debug aaa sg-ref-count command before Step 2 of the Conditions, a debug message similar to the following one is generated:
AAA/SG: Server group ref count decoalesced sg_type for public group XXXX and is reduced by 2 to 0Interfaces and Bridging
•
Symptoms: A Cisco 7500 series may show a %SYS-3-CPUHOG error message when an ATM link on the router is flapped.
Conditions: This symptom is observed only when there are a lot of VCs on the ATM interface and when the VIP is oversubscribed.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series may leave ATM PVCs up when the ATM interface is shut down.
Conditions: This symptom is observed on a Cisco 7500 series that has a PA-A3 when the CPU utilization of the VIPs is high.
Workaround: There is no workaround.
•
Symptoms: The show controllers t1 slot/port command may show only the current interval.
Conditions: This symptom is observed on a Cisco 7200 series when FDL is configured.
Workaround: There is no workaround.
Further Problem Description: When FDL is configured, the router updates the MIB data after checking for a valid local and remote MIB data interval that it receives from the T1 PA. During the remote MIB update, and if the received data interval is invalid, the router clears both the remote and the local data instead of clearing only the remote data and starting again.
•
Symptoms: Channelized interfaces on a channelized T3 line card or port adapter that is configured for Frame Relay encapsulation may be in the up/down state, and DLCIs are inactive.
Conditions: This symptom is observed when you reload a Cisco platform and when the interfaces were in the up/up state before you reloaded the platform.
Workaround: Enter the shutdown command followed by the no shutdown command on the controller of either the T3 line card or port adapter on the Cisco platform or on the T3 line card or port adapter on the platform at the remote end.
Alternate Workaround: Enter the shutdown command followed by the no shutdown command on the main interface on the Cisco platform.
IP Routing Protocols
•
Symptoms: A Cisco router with a Border Gateway Protocol (BGP) system may lose the address family's use of aggregate routes after the router reloads. The aggregate routes are moved from the VPN routing/forwarding (VRF) address family and appear under the global IP version 4 (IPv4) address family. When the router reloads, the console displays the following error messages:
exit-address-family
^ % Invalid input detected at Ã^Ã marker.
exit-address-family
^ % Invalid input detected at Ã^Ã marker.
exit-address-family
^ % Invalid input detected at Ã^Ã marker.The above symptom is only one of the possible symptoms. Support for the auto-summary router configuration command and the default-information originate router configuration command has been removed from some of the address families as a result of the caveat CSCdx14351 without providing support to accept these commands silently when being booted with a configuration from a prior Cisco IOS release. The presence of the unsupported commands in address families like Virtual Private Network version 4 (VPNv4) and IPv4 Multicast (MCAST) causes the command-line interface (CLI) to go out of the address family submode and apply these commands to the v4 address family, which results in unpredictable behavior.
Conditions: This symptom is observed on all Cisco platforms that run Cisco IOS Release 12.2(16.4)T or Release 12.3 T. The symptom may also occur in other releases.
Workaround: Reenter the configuration that was present before the router reloaded.
•
Symptoms: When using Cisco CallManager and PAT on the CE router, no voice is observed if a call is made across CCM clusters and is transferred back to another phone on the same CCM, between the IP phones behind PAT.
Conditions: This symptom occurs when Cisco CallManager is configured for Static NAT. The IP phones registered to the CCM in the location are configured to use PAT. A call is made across the CCM cluster and transferred back to the cluster.
Workaround: There is no workaround.
•
Symptom: A router that is configured for multicast routing may reload due to a bus error.
Condition: This symptom is observed on a Cisco router that runs a Cisco IOS software release that contains the fix for CSCec80252. A list of the affected releases can be found at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCec80252. Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•
Symptoms: It may not be possible to remove a VRF-based static NAT configuration.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3 in an MPLS VRF NAT configuration.
Workaround: There is no workaround.
•
Symptoms: The maximum-paths import number-of-paths command enables a VRF to import additional paths in addition to the bestpath. If the original path of the import path is withdrawn, wrong import paths may be purged. This situation may cause traffic disruption up to 15 seconds.
Conditions: This symptom is observed when the original path of the best import path is withdrawn and the import path is at the end of the path list (that is, the one learned the very first). In this situation, all import paths that are derived from other paths may be purged as well. If the imported net has only import paths, the net may not be reachable until other paths are reimported.
Workaround: Ensure that the import path is at the top of the path list or use the same route descriptor (RD) for all import paths.
•
Symptoms: A BGP VPNv4 table may contain paths that may be imported from deleted BGP table entries or from table entries that have a different prefix from the importing prefix.
An example of a path from a deleted BGP table entry is as follows:
Router# sh ip bgp v v vpn2 192.168.0.0
BGP routing table entry for 200:2:192.168.0.0/32, version 52
Paths: (1 available, best #1, table vpn2)
Advertised to non peer-group peers:
10.4.1.2
2 100, imported path from 2829:2829:185404173:11.13.11.13/-53
10.1.1.2 from 10.1.1.2 (10.1.1.2)
Origin IGP, localpref 100, valid, external, bestThe entry that this path is imported from has been removed from the table and its memory contents contain an incorrect pattern. When the incorrect pattern is displayed as a prefix, it appear as "2829:2829:185404173:11.13.11.13/-53".
A mismatched prefix appears as follows:
Router# sh ip bgp v v vpn2 192.168.0.0
BGP routing table entry for 200:2:192.168.0.0/32, version 54
Paths: (2 available, best #1, table vpn2)
Flag: 0x820
Advertised to non peer-group peers:
10.10.10.10 10.20.20.20
2
10.4.1.2 from 10.4.1.2 (10.4.1.2)
Origin IGP, localpref 100, valid, external, best
Extended Community: RT:1:2
2 100, imported path from 200:2:172.16.0.0/24
10.1.1.2 from 10.1.1.2 (10.1.1.2)
Origin IGP, localpref 100, valid, external
Extended Community: RT:1:3This BGP VPNv4 table entry is for prefix 192.168.0.0/32 but it shows that a path is imported from 172.16.0.0/24. This situation occurs when a path has a link to a deleted BGP table entry, and then the memory for the deleted entry is reused for a new table entry of which the prefix may not match with the importing entry.
Conditions: These symptoms are observed when you enter the maximum-paths import number command in router BGP address-family IPv4 VRF mode. The number argument indicates the number of paths to import from one VRF to another.
Workaround: Remove the maximum-paths import number command from the router BGP address-family IPv4 VRF mode.
ISO CLNS
•
Symptoms: A default route is not installed into the Border Gateway Protocol (BGP) routing table when the default-information originate command is configured in Connectionless Network Service Protocol (CLNS) address family configuration mode.
Conditions: This symptom is observed only on routers that run Cisco IOS Release 12.3(4)T2 and are configured to run CLNS, Integrated Intermediate System-to-Intermediate System (IS-IS), and BGP.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: Voice gateway router may crash during voice and data traffics with high CPU load.
Conditions: This symptom is observed on a Cisco 2600 series router but is platform independent.
Workaround: There is no workaround.
•
Symptoms: When a Cisco 7500 series boots up with low-speed serial interfaces, an error message is generated for each interface for which Cisco IOS legacy fair queueing is disabled.
Conditions: This symptom is observed on a Cisco 7500 series router that has low-speed serial interfaces and dCEF configured. QoS functionality is not impacted.
Workaround: There is no workaround.
•
Symptoms: A router may reload with a bus error.
Conditions: This symptom is observed on a Cisco router that is configured for time-division multiplexing (TDM) hairpinning.
Workaround: There is no workaround.
•
Symptoms: A router running CEF may report a "IP Null turbo vector" status message.
Conditions: This symptom is observed on a Cisco 3725 that runs Cisco IOS Release 12.3(6) and that has an AIM-VPN/EPII.
Workaround: Manually disable and reenable CEF. The status message then changes to "IP CEF VPN Feature Fast switching turbo vector."
•
Symptoms: Channels may occasionally hang on an MRP.
Conditions: This symptom is observed on an MRP that runs Cisco IOS Release 12.3(2)XA and that uses the R2 protocol. The symptom may also occur in Release 12.3.
Workaround: Enter the shutdown command followed by the no shutdown command on the affected voice ports.
•
This caveat consists, of six separate symptoms, conditions, and workaround, of which the first three apply to all Cisco IOS releases and the last three apply only to Cisco IOS Release 12.3 T:
1) Symptoms: There are three symptoms:
- There may be a inconsistent or duplicate display of files between the show diskslot-number and dir diskslot-number commands.
- When a file is deleted from the CLI, the file may be deleted but a "No such file" message may be printed.
- One cluster may leak. Entering the fsck command truncates the original file and creates an orphan file for the leaked cluster.
Conditions: This symptom is observed when an application creates or opens a file without the "O_TRUNC:" mode, as in the following example:
show version | append disk#:
Router#conf t Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#vtp file new Setting device to store VLAN database at filename new. Router(config)#^ZWorkaround: There is no workaround.
2) Symptoms: The show diskslot-number and dir diskslot-number commands may show inconsistent information (such as inconsistent file sizes) when multiple images are copied.
Conditions: This symptom is observed when you make two copies of the image file to the disk by using two vtys and by entering the dir diskslot-number command at the same time.
Workaround: Do not enter the show diskslot-number and dir diskslot-number commands when multiple images are being copied.
3) Symptoms: There are two symptoms:
- The show diskslot-number and dir diskslot-number commands may show inconsistent information.
- Entering the fsck command may delete or truncate the valid files or create an orphan file for an unused cluster.
Conditions: This symptom is observed when you rename a directory that consists of many subdirectories or files.
Workaround: Reload the router.
4) Symptoms: There are two symptoms:
- There may be a duplicate entry for each file when you enter the show diskslot-number command.
- An snmpGet on a ciscoFlashFileSize object may enter a loop.
Conditions: This symptom is observed on a router that runs Cisco IOS Release 12.3 T after the router boots up.
Workaround: There is no workaround.
5) Symptoms: There are two symptoms:
- The show diskslot-number and dir diskslot-number commands may show inconsistent information.
- Entering the fsck command may delete or truncate the original file.
Conditions: This symptom is observed on a router that runs Cisco IOS Release 12.3 T when an application or a CLI command overwrites a file on the disk.
Workaround: Reload the router.
6) Symptoms: A router that runs Cisco IOS Release 12.3 T crashes.
Conditions: This symptom is observed when an application creates or opens a file without the "O_TRUNC" mode and attempts to delete the file, as in the following example:
show version | append disk0:redirect.out" and issuing delete disk0:disk0:redirect.out
Workaround: Reload the router and delete the file.
•
Symptoms: On a Cisco AS5400 Voice Gateway, calls may fail when it is used as an Originating Gateway that is configured with g.clear codec and signalled by an MGCP call agent. NAK messages may also be seen.
Conditions: This symptom is observed on a Cisco AS5400 Voice Gateway.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may crash if a PA driver attempts to convert an uncached iomem address to a cached iomem address.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with an NPE-G1.
Workaround: There is no workaround.
•
Symptoms: A router may reload after sending some traffic during the PPPoE client authentication setup.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(9) when the clear pppoe all command is entered on the PPPoE client after both corresponding ATM and dialer interfaces have been shut down first.
Workaround: Do not enter the clear pppoe all command on the PPPoE client when the ATM and dialer interfaces are shut down.
•
Symptoms: All SWIDBs may be used.
Conditions: This symptom is observed when PPPoA sessions flap continuously.
Workaround: There is no workaround.
•
Symptoms: During the reloading of a Cisco router with dual RSP8 processors, the following error message may be displayed:
%Error opening nvram:/startup-config (Device or resource busy)As a result, the configuration in NVRAM might not be applied. This problem is unlikely to occur outside a specific timing condition.
Conditions: This symptom is observed on a Cisco 7500 series router with dual RSP8 processors but is platform independent.
Workaround: Use boot config to redirect the config to slot/disk/bootflash.
•
Symptoms: All VIPs in a Cisco 7500 series restart as a consequence of a Cbus complex that is triggered by a stuck output. Just before the output becomes stuck, IPC timeout errors occur.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3(5) in a dLFIoATM environment.
Workaround: There is no workaround.
•
Symptoms: IMA link status sticks in NE usable/usable while showing FE active/active.
Conditions: This happens when connecting an IMA module in a Cisco 3640 to a third party vendor switch.
Workaround: Administratively shut down the link and then bring it back.
•
Symptom: The MBS value may be incorrect when you configure VBR-nrt for a PVC on an ATM interface.
Conditions: This symptom is observed when you first configure VBR-nrt with identical values for PCR and SCR, as in the following example:
pvc 2/5 vbr-nrt 3000 3000
When the PCR value is identical to the SCR value, MBS should not be configured. When you then apply a different PCR and SCR value (although still identical values for the PCR and SCR), the MBS is calculated as shown below:
pvc 2/5 vbr-nrt 2000 2000 94
This MBS value is not accepted as a valid value when you reload the router because the MBS should be 1 or nothing when the PCR value is identical to the SCR value.
Workaround: Remove the PVC and reapply the configuration.
•
Symptoms: A router may experience a memory leak when the LSR MIB is queried.
Conditions: This symptom is observed on a Cisco router running Cisco IOS Release 12.2(15)T10 but is software-independent.
Workaround: Disable the LSR MIB queries and reboot the device to reclaim the leaked memory.
•
Symptoms: A Cisco AS5300 may leak memory in the ISDN process.
Conditions: This symptom is observed on a Cisco AS5300 that runs Cisco IOS Release 12.3(6).
Workaround: There is no workaround.
•
Symptoms: A URM that is configured as an LSC does not pass traffic. Xtags come up but traffic does not pass.
Conditions: This symptom is observed on a URM that runs Cisco IOS Release 12.3(6). The symptom does not occur on other software trains.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5400 may crash with a bus error at address 0xFFFFFFFF.
Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.3(6) only when facility messages are generated. The symptom may also occur on a Cisco 1700 series and Cisco 2600 series.
Workaround: There is no workaround.
•
Symptoms: A Cisco router reboots more than once when using Cisco IOS Release 12.2(16b).
Conditions: This problem is observed by doing the shut command followed by the no shut command on the ATM interfaces several times with traffic flowing through and by having QoS, service policy, and hardware encryption configured on ATM IMA interfaces.
Workaround: Remove the service-policy prior to doing the shut command followed by the no shut command. Alternatively, stop the traffic prior to doing the shut command followed by the no shut command.
•
Symptoms: A Cisco AS5300 running Cisco IOS Release 12.3(6) may encounter a bus error.
Conditions: This symptom is observed when a Cisco AS5300 is running voice traffic under a heavy load.
Workaround: There is no workaround.
•
Symptoms: IKE SAs will fail to be created if the two peers are not running the same version of Cisco IOS software. This affects both main mode and aggressive mode negotiations. This also impacts devices negotiating IKE regardless of whether a NAT devices exists in the mix or not, it also impacts router to router and router to client negotiations.
Conditions: An update to the Cisco IOS support for NAT-Transparency (UDP- encaps) in CSCed21558 led to the problem that unless both peers were running the version of code that contained this enhancement, IKE negotiation would fail. The reason for this is that the new functionality contained support for the new version-7 vendor-id. An error in the vendor-id handling caused devices to misinterpret the NAT-T vendor-IDs in such a way that negotiations would break down. The problem occurred in Cisco IOS Release 12.3(9) and Cisco IOS Release 12.3(8.3)T interim.
Workaround: Use the same version of Cisco IOS on peers negotiating with each other. For software clients connecting to Cisco IOS Release 12.3(9) gateways, there is no workaround.
•
Symptoms: A Cisco 3700 series with an NM-1A-OC3, NM-1A-T3, or NM-1A-E3 network module with many VCs of the same class may reload because of a bus error.
Conditions: This symptom is observed when you configure more than 255 VCs of the same QoS type on the ATM interface, when traffic is processed on all VCs, and when a line error occurs.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload under a specific sequence of CLI commands:
# conf t
Enter configuration commands, one per line. End with CNTL/Z.
(config)#policy-map Set_BestEffort_IP
(config-pmap)#class class-default
(config-pmap-c)#shape average 4000000
shape is invalid command in input policy.
(config-pmap-c)#exit...router reloads...
(config-pmap)#exit
(config)#interface Serial4/1/0:10
(config-if)#bandw 4096Conditions: This symptom has been observed in Cisco IOS Release 12.2(13)T and Release 12.3(6) software, but it should be reproducible in older Cisco IOS releases as well.
Workaround: Avoid the illegal shape command.
•
Symptoms: MGCP quarantine mode is updated with each incoming MGCP message, independent of the fact that the message may not have Q-line. This behavior may cause regressions.
Note that the legacy behavior is to ignore any updates to the MGCP quarantine mode when no Q-line is present in the MGCP message.
Conditions: This symptom is observed when a Cisco gateway that runs Cisco IOS Release 12.3 or Release 12.3 T is configured for MGCP.
Workaround: There is no workaround.
•
Symptoms: The problem exists when PIM announcement packets are distributed through tunnels, and when crypto map, which specifies the protection on GRE traffic, is only applied to the physical interface. Even though it is a correct way to apply the crypto map only to the physical interface to protect the GRE traffic, the crypto policy checking on PIM announcement packets is missing.
Conditions: This symptom occurs when PIM announcement packets are distributed through tunnels.
Workaround: Apply the crypto map to both tunnel and physical interfaces.
•
Symptoms: When you change the Cisco IOS release from Release 12.2 to Release 12.3(6a), a router may reload because of a bus error.
Conditions: This symptom is observed when a MQC-based policy and legacy fair queueing are configured on different Frame Relay subinterfaces of the same physical interface.
Workaround: There is no workaround.
•
Symptoms: The output of the show ip access-list command does not show extended access lists.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(9.3)T. The symptom may also occur in Release 12.3.
Workaround: There is no workaround.
•
Symptoms: A VIP may crash with a bus error and generate the following error message:
%ALIGN-1-FATAL: Illegal access to a low addressThis occurs after the following scheduler error in the "req_proc" process
%SYS-2-INTSCHED: 'sleep for' at level 2
-Process= "req_proc", ipl= 2, pid= 27Conditions: This symptom is observed on a Cisco 7500 series that runs a Cisco IOS image that contains the fix for CSCec07487 when a PA-MC-8TE1+ is installed in the VIP.
Workaround: There is no workaround.
•
Symptoms: A Cisco7200VXR series router that is installed with PA-MC-8TE1 serial interface and is configured with IPSec encryption enabled may run into hang occasionally.
Conditions: This symptom is observed on Cisco 7200VXR series routers that have the following conditions:
a) Installed with PA-MC-8TE1 serial interface card
b) Configured with IPSec encryption (does not matter if it is tunnel protection or crypto map).
Workaround: There is no workaround except turning off IPSec encryption.
•
Symptoms: A software-forced reload may occur on an MGCP gateway that uses embedded messages in the MGCP protocol.
Conditions: This symptom is observed on a Cisco platform that functions as an MGCP gateway and is caused by the MGCP embedded message processing.
Workaround: There is no workaround.
•
This caveat consists of three symptoms, three conditions, and three workarounds:
Symptom 1: Memory utilization may increase on a Cisco IOS gatekeeper that
functions as an originating gatekeeper (OGK). You must reboot the gatekeeper to enable it to return to normal operating conditions.
Condition 1: This symptom is observed when the following conditions are
present:
- There are two or more remote zones configured for the same prefix and the gatekeeper receives ARQs for this prefix.
- All these remote zones are configured for inter-gatekeeper authentication using Cisco Access Tokens (CAT).
- The zone prefix is configured to send sequential LRQ messages.
Workaround 1: Use the "blast" mode to send LRQ messages or turn off inter-gatekeeper authentication.
Symptom 2: Wrong CATs are sent to remote zones from a Cisco IOS gatekeeper that functions as an OGK.
Condition 2: This symptom is observed when the following conditions are present:
- There are three or more remote zones configured for the same prefix and the gatekeeper receives ARQs for this prefix.
- Each of these remote zones is configured for inter-gatekeeper authentication with a different password to be used for the creation of the CAT.
- The zone prefix is configured to send sequential LRQ messages.
Workaround 2: Use the "blast" mode to send LRQ messages or turn off inter-gatekeeper authentication.
Symptom 3: A spurious memory access may occur on a Cisco IOS gatekeeper that functions as a directory gatekeeper (DGK).
Condition 3: This symptom is observed when the following conditions are
present:
- There are two or more remote zones configured for the same prefix and the gatekeeper receives LRQ messages for this prefix.
- The second and subsequent remote zones are configured for inter-gatekeeper authentication using Cisco Access Tokens (CAT).
- The zone prefix is configured to send sequential LRQ messages.
Workaround 3: Use the "blast" mode to send LRQ messages or turn off inter-gatekeeper authentication.
•
Symptoms: A Cisco access server does not report digital/ISDN data calls in the output of the show controllers e1 call-counters command. Analog calls are correctly counted. The SNMP representation of active DS0s within the CISCO-POP-MGMT-MIB is also affected by this problem: the cpmActiveDS0s OID no longer shows the total number of calls, but reports only the number of analog/modem calls.
Conditions: This symptom is observed on a Cisco access server that runs Cisco IOS interim Release 12.3(7.9) or a later release.
Workaround: To retrieve the number of digital data calls using a CLI command, enter the show caller summary EXEC command. There is no workaround for SNMP retrieval.
•
Symptoms: When you boot a router, VBR-NRT configurations are lost. For example, when MBS is 32 and you boot the router, the VBR-NRT command in the startup configuration is not parsed to the running configuration:
vbr-nrt 1000 1000 32
^
% Invalid input detected at '^' marker.The following example is a configuration before the symptom occurs:
interface ATM5/0.5 point-to-point
ip address xx.xx.xx.xx 255.255.255.0
pvc 1/105
vbr-nrt 1000 1000 32
!After you boot the router, the configuration is as follows:
interface ATM5/0.5 point-to-point
ip address xx.xx.xx.xx 255.255.255.0
pvc 1/105
!Conditions: This symptom is observed on a Cisco router that runs Cisco IOS interim Release 12.3(4.4) or a later release under the following conditions:
–
–
–
Note that symptom does not affect old style PVCs.
Workaround: Reconfigure the PVC to the same PCR and SCR value and configure the MBS value to "1".
•
Symptoms: An NPE-G1 may displays an erroneous parity error message.
Conditions: This symptom is observed on a Cisco 7200 series when the NPE-G1 receives an ECC/bus error.
Workaround: There is no workaround.
•
Symptoms: %ALIGN-3-SPURIOUS and %ALIGN-3-TRACE messages may appear in the logs of a router, and the output of the show align command shows that some spurious memory accesses are recorded.
Conditions: This symptom is observed on a Cisco 7500 series when a dLFIoATM interface on the router flaps.
Workaround: There is no workaround. However, the capabilities and performance of the router are not affected.
•
Symptoms: Configure three routers one as a Generator, one as the reflector and the third as the unit under test. Configure the three routers for a back to back ping with the three routers (using static routes). Ping 50 5200 byte packets from the generator to the reflector. The NPEG1 router crashes.
Conditions: This symptom is seen in Cisco 7200 platform on NPEG1 routers that are running Cisco IOS Release 12.3(9a).
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 series router with high speed serial interfaces like HSSI or PA-2T3+ PA undergoes unexpected reload.
Conditions: This symptom is observed after OIR on HSSI and PA-2T3+ PAs with traffic.
Workaround: Without any traffic, or if the PA is shutdown before OIR, the defect may not happen.
•
Symptoms: The MGCP default setting for a minimum jitter buffer size is 4 ms; this setting degrades the voice quality until you configure the setting to be different via the mgcp playout command.
Conditions: This symptom is observed under normal operating conditions.
Workaround: Configure the nominal MGCP default setting for the minimum jitter buffer size to be the same as for H.323 and SIP gateways so that the setting for each individual gateway does not need to be changed via the mgcp playout command.
•
Symptoms: A line card reloads continuously after an OIR.
Conditions: This symptom is observed when the line card has MFR and a service policy configured.
Workaround: Remove the service policy before performing an OIR.
•
Symptoms: A Cisco7200VXR series router that is installed with PA-MC-8TE1 serial interface and is configured with IPSec encryption enabled may run into hang occasionally.
Conditions: This symptom is observed on Cisco 7200VXR series routers that have the following conditions:
a) Installed with PA-MC-8TE1 serial interface card
b) Configured with IPSec encryption (does not matter if it is tunnel protection or crypto map).
Workaround: There is no workaround except turning off IPSec encryption.
•
Symptoms: Serial interfaces based on PA-MC-8TE1+ hardware continue to process packets even after interface is placed in ADMINDOWN state. The counters in "show interface" may continue to increment even if the serial interface is "shut down".
Conditions: This defect is seen on serial interfaces based of PA-MC-8TE1+ hardware.
Workaround: Remove the channel-group configuration for the interface.
•
Symptoms: MGCP links between a gateway and an EGW call agent fail may fail to come back into service.
Conditions: This symptom is observed when you change from Cisco IOS Release 12.3(4)T4 to Release 12.3(8)T. The gateway normally uses the source address that is specified to respond to MGCP messages. After upgrading to Release 12.3(8)T, the MGCP bind control seems to be ignored and the gateway uses the WAN interface IP address as the source address. The symptom could also occur in Release 12.3.
Workaround: There is no workaround.
Wide-Area Networking
•
Symptoms: When multiple dialout calls are triggered at virtually the same time on a Cisco AS5300 with a Large-Scale-Dial-Out (LSDO) configuration, the resulting accounting records may be either wrong or missing.
Conditions: This symptom is observed in a stress test under lab conditions when the concurrent dialout attempts are made using the same E1 link and when the packets triggering the dialout arrive at the same time, causing two ISDN SETUP messages within a very short period, that is, within 5 to 10 msec.
Workaround: There is no workaround.
•
Symptoms: A parity error on a Versatile Interface Processor (VIP) card may cause other VIPs to go to a wedged state.
Conditions: This symptom is observed on a Cisco 7500 series router.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series Route Switch Processor (RSP) may crash while Multilink PPP (MLP) is running.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3(5), that is equipped with a VIP4-80 and PA-A3 ATM port adapters, and that is configured for distributed Link Fragmentation and Interleaving over ATM (dLFIoATM).
Workaround: There is no workaround.
•
Symptoms: A spurious memory access may occur on a Cisco router that is configured for PPP.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(5).
Workaround: There is no workaround.
•
Symptoms: With PPP multilink over ATM configured in Cisco IOS, the router may reload with a bus error.
Conditions: This symptom is observed when the PPP over ATM link goes down and is removed from the multilink bundle.
Workaround: Increasing the keepalive interval or retry count, or disabling keepalives altogether, may help to avoid the problem by making it less likely that the PPP over ATM session goes down during periods of instability in the ATM network.
•
Symptoms: A11 sessions on a Cisco PDSN may be stuck in the "EST" establishing state, and PPP negotiation may stop progressing any further. This situation may cause the Cisco PDSN to run out of memory, preventing new PPP sessions (PDSN or otherwise) from being started, and possibly preventing other features from being used.
Conditions: This symptom is observed on a Cisco PDSN that runs Cisco IOS Release 12.3(7)T or a later release later after about 1 million sessions are established and closed.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.3(9)
This section describes possibly unexpected behavior by Cisco IOS Release 12.3(9). All the caveats listed in this section are resolved in Cisco IOS Release 12.3(9). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: Many memory allocation failure (MALLOCFAIL) messages may occur for a Cisco Discovery Protocol (CDP) process:
%SYS-2-MALLOCFAIL: Memory allocation of -1732547824 bytes failed from
x605111F0, pool Processor, alignment 0
-Process= "CDP Protocol", ipl= 0, pid= 42
-Traceback= 602D5DF4 602D78A0 605111F8 60511078 6050EC88 6050E684 602D0E2C 602D0E18Conditions: The symptom is observed on a Cisco 7513 that runs Cisco IOS Release 12.0(17)ST. The symptom may also occur on other Cisco 7500 series routers that run Release 12.0 S, 12.2 S, 12.3, or 12.3 T.
Workaround: To prevent the symptom from occurring again, disable CDP by entering the no cdp run global configuration command.
•
Symptoms: Information about a port adapter (PA) may be missing from the output of a show diag command.
Conditions: This symptom is observed on a controller with a memory size of 128 MB DRAM and 8192 KB SRAM. The controller displays the following information:
PA Bay 0 Information:
Fast-Ethernet PA, 1 ports, 100BaseTX-ISL
EEPROM format version 0
HW rev 0.00, Board revision UNKNOWN
Serial number: 00000000 Part number: 00-0000-00
PA Bay 1 Information:4
Fast-Ethernet PA, 1 ports, 100BaseTX-ISL
EEPROM format version 1
HW rev 1.00, Board revision A0
Serial number: 08534388 Part number: 73-1688-0The problem is related to a timing issue and is not always reproducible.
Workaround: There is no workaround. On the other hand it does not impact the functionality of the router.
•
Symptoms: A Cisco router may fail to process Cisco Discovery Protocol (CDP) packets and update the IP process for On Demand Routing (ODR) routes.
Conditions: This symptom is mainly observed on WAN interfaces with traffic that is passing through the link when a Cisco router fails to update the hold-down timer and the IP process when it receives a CDP packet from a neighbor.
Workaround: There is no workaround.
•
Symptoms: When you configure the Per VRF AAA feature by using a remotely defined customer template, a Virtual Home Gateway (VHG) may fail to parse authentication, authorization, and accounting (AAA) attributes that it receives in an Access-Accept response from a RADIUS server.
Conditions: This symptom is observed when the virtual-template interface is configured to support virtual-access subinterfaces and when the VHG functions under a heavy traffic load.
Workaround: Disable the virtual-access subinterfaces by entering the no virtual-template subinterface global configuration command.
Alternate workaround: Enter the ntp disable interface configuration command on the virtual-template interface.
•
Symptoms: When downloading IP address pools via a Radius Server using Radius Attribute 217, Ascend-IP-Pool-Definition, the ending IP address of the address pool is incorrect. It seems that the translation from the Ascend max entries to a Cisco CLI attribute goes wrong.
See the following example:
Nov 6 11:26:49.696: RADIUS: ascend_pool_definiti[217] 19 "1 10.112.26.1 240"
Nov 6 11:26:49.696: RADIUS: Vendor, Ascend [26] 26
Nov 6 11:26:49.696: RADIUS: ascend_pool_definiti[217] 20 "5 10.112.26.242 10"
Nov 6 11:26:49.696: RADIUS(0000017C): Received from id 21648/217
Nov 6 11:26:49.696: AAA/PER-USER: mode = config; command = [ ip local pool 1 10.112.26.1 10.112.26.240]
Nov 6 11:26:49.696: AAA/PER-USER: line = [ ip local pool 1 10.112.26.1 10.112.26.240]
Nov 6 11:26:49.700: AAA/PER-USER: mode = config; command = [ ip local pool 5 10.112.26.242 10.128.59.6]
Nov 6 11:26:49.700: AAA/PER-USER: line = [ ip local pool 5 10.112.26.242 10.128.59.6]It is unclear where i.e. 10.128.59.6 comes from as it should be 10.112.26.252 (total of 10 addresses in the pool).
The NAS rightfully complains further about it in the debugs as follows:
Nov 6 11:26:49.704: PPP: Message from per-user configuration ...
Nov 6 11:26:49.704: %Bad IP range, 10.112.26.242-10.128.59.6Radius Attribute Translations and Cisco AV-pairs are handled as you would parser the command into the CLI.
Conditions: This seems to fail in about 1 out of 10 IP pool downloads from the Radius-Server.
Workaround: Use Cisco AV-pairs attributes to download IP address pool instead of Radius Attribute 217, Ascend-IP-Pool-Definition.
•
Symptoms: When command accounting is enabled, Cisco IOS routers will send the full text of each command to the ACS server. Though this information is sent to the server encrypted, the server will decrypt the packet and log these commands to the logfile in plain text. Thus sensitive information like passwords will be visible in the server's log files.
Conditions: This problem happens only with command accounting enabled.
Workaround: Disable command accounting.
•
Symptoms: A memory leak may occur in the "dead process" on a Cisco router, and memory allocation failures (MALLOCFAIL) may be reported in the processor pool. The authentication, authorization, and accounting (AAA) User Identifier (UID) database may leak about 200,000 bytes for each failed EXEC call or vty session because of internal errors during the initiation process.
Conditions: This symptom is observed when EXEC Accounting and Network Accounting are enabled and when a failure occurs during an EXEC call or a vty session. The reasons for the EXEC call failure or vty session failure could be low processor memory on the Cisco router, an internal message processing error, or a timeout during the prompting for a username and password.
Workaround: If this is an option, disable EXEC Accounting and Network Accounting.
•
Symptoms: The individual AAA periodic accounting update messages (Radius accounting messages with Acct-Status-Type=Watchdog) generated by an IOS gateway for each call leg (TDM and IP) of the same voice call may be sent to the Radius server more than 5 minutes apart due to the randomized timer algorithm used by the AAA message transmit function.
Conditions: The aaa accounting update newinfo periodic command is configured.
Workaround: There is no workaround.
•
Symptoms: A Cisco router will reload when the tftp-server flash long- string global configuration command is enabled.
Conditions: This symptom occurs on a Cisco router that is running Cisco IOS Release 12.3(4)T and Release 12.3(6).
Workaround: There is no workaround.
•
Symptoms: The AAA method list and server group configuration may not function, that is, a valid server group and method list configuration may be rejected.
Conditions: This symptom is observed on a Cisco platform that runs a Cisco IOS software release that is listed in the "First Fixed-in Version" field at the following location:
http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCed25576
Cisco IOS software releases that are not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: There is no workaround.
•
Symptoms: A Cisco 10000 series functioning as a LAC may become very busy and start queueing up the incoming L2TP packets from an LNS, causes the middle buffer to become exhausted and eventually use all available IO memory. Malloc failures with tracebacks can be seen in the log.
Conditions: This symptom is observed when disconnecting L2TP sessions at 200 calls per second or more.
Workaround: There is no workaround.
•
Symptoms: An SNMP trap configuration may be erased when you enter the snmp-server enable traps snmp global configuration command with any trap type followed by the snmp-server enable traps [syslog | entity] global configuration command.
Conditions: This symptom is observed on multiple Cisco platforms that run Cisco IOS Release 12.2 or Release 12.3.
For example, the symptom occurs when you enter the following configuration:
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps syslog
snmp-server enable traps entityThen you enter:
no snmp-server enable traps snmp authentication
no snmp-server enable traps syslogor you enter:
no snmp-server enable traps snmp authentication
no snmp-server enable traps entityAt this point, the snmp-server enable traps snmp linkdown linkup coldstart warmstart command is no longer in the output of the show running-config command.
Workaround: Manually reconfigure the snmp-server enable traps snmp linkdown linkup coldstart warmstart command.
Alternate Workaround: First enter the no snmp-server enable traps syslog command or the no snmp-server enable traps entity command before you enter the no snmp-server enable traps snmp authentication command.
•
Symptoms: A serial interface on a Cisco 7500 series may stop transmitting traffic and may report the following VIP crashes:
%MDS-2-LC_FAILED_IPC_ACK: RP failed in getting Ack for IPC message of size 84
to LC in slot 2 with sequence 1007, error = timeout
%RSP-3-RESTART: interface Serial3/0/0:0, not transmitting
%VIP2-3-MSG: slotX VIP-3-SVIP_CYBUSERROR_INTERRUPT: A Cybus Error occurred.
%VIP2-1-MSG: slotX CYASIC Error Interrupt register 0x4000000
%VIP2-1-MSG: slotX DMA Transmit Error
%VIP2-1-MSG: slotX CYASIC Other Interrupt register 0x100
%VIP2-1-MSG: slotX QE HIGH Priority Interrupt
%VIP2-1-MSG: slotX QE RX HIGH Priority Interrupt
%VIP2-1-MSG: slotX CYBUS Error Cmd/Addr 0xD00FF3AConditions: This symptom is observed on a Cisco 7500 series running Cisco IOS Release 12.3(5a). This symptom is not observed in Release 12.1(8c).
Workaround: There is no workaround.
•
Symptoms: In Cisco IOS Release 12.3 when double authentication is configured, a change of behavior is noticed regarding the dynamic access lists that are used on the virtual-template and the access lists that are used per user.
Before Cisco IOS Release 12.3 (in Release 11.2, 12.0, 12.1, an 12.2), double authentication occurs when a RADIUS server replies with a "NO ACL" attribute. When the access-profile replace command is enabled, the command removes the existing ACL.
In Cisco IOS Release 12.3 (in particular, in Release 12.3.6), when the access-profile replace command is enabled, the command removes the existing ACL only if the RADIUS reply includes an ACL attribute. Some RADIUS servers do not return an ACL on the second authentication, causing service to stop functioning. This situation may be difficult to detect and troubleshoot.
Following is an example in which the access-profile replace command is applied:
line vty 5
password xxxxx
authorization exec CSCO
login authentication CSCO
rotary 12
autocommand access-profile replace
transport preferred all
transport input telnet
transport output all
line vty 6Conditions: This problem happens when in both phases of double authentication access lists are required to restrict user access.
Workaround: Make use of a per-user access list that is downloaded via a RADIUS attribute during the second phase (with a second user name) of double authentication. Due to legacy implications, this workaround can not always be implemented.
•
Symptoms: SAA RTR key-chain authentication may fail with the following RTT responder:
authentication failure
Conditions: This symptom is observed when SAA is using a key chain which has a key ID that has a value larger than 255.
Workaround: Ensure that the value of the key ID does not exceed 255.
•
Symptoms: A router may crash while accessing an illegal low value that is received from a timer of a RADIUS server.
Conditions: This symptom is observed when there are retransmits for a proxy RADIUS server during the SSG user logon process.
Workaround: There is no workaround.
•
Symptoms: A router may reload due to a software-forced crash.
Conditions: This symptom is observed on a Cisco 3745 that runs Cisco IOS Release 12.2(13)T5 and that has SSH configured. However, the symptom may occur on other platforms that run other releases and that do not have SSH configured.
Workaround: There is no workaround.
•
Symptoms: The session duration time reported in accounting packets may be wrong.
Conditions: This symptom is observed when you enter the show aaa user all command; the session time recorded in the accounting stop record is incorrect. This symptom is seen only when the aaa accounting session-duration ntp-adjusted command is enabled via the CLI.
Workaround: If this is an option, avoid using the aaa accounting session-duration ntp-adjusted command.
•
Symptoms: Attributes 42 and 43 may be of value "zero" in Connection STOP records.
Conditions: This symptom is observed on a Cisco AS5400 and Cisco AS5850 that run Cisco IOS Release 12.3 or Release 12.3(4)T4 when a TCP-clear call is disconnected by the caller. For call disconnects by the NAS, the values are proper.
Workaround: There is no workaround.
•
Symptoms: Two RADIUS accounting records may be generated for a terminal window PPP session.
Conditions: This symptom is observed on a Cisco AS5400 and Cisco AS5800.
Workaround: There is no workaround.
•
Symptoms: The router may not respond to valid PoD packets by disconnecting the user. Instead, the router will return a RADIUS-format packet with a Code of Disconnect-Request-NAKed (42 in decimal) and a Reply-Message attribute with a value set to the string "No Matching Session."
Conditions: This problem happens when you are using PoD to disconnect users, and have aaa pod server ... auth-type all ... configured, and are using a PoD server which includes an EXACT copy of RADIUS attribute 151 from an earlier accounting request in the PoD packet.
Workaround: Either use a program to generate the PoD packets which knows to convert from an ASCII string of hexadecimal characters to a 32-bit number or Configure the router to ignore the value of attribute 151 in the PoD request by configuring aaa pod server ... auth-type all ignore session-key ....
Further Problem Description: In RADIUS accounting packets, IOS generates attribute 151 values as a string of hexadecimal digits, corresponding to a 32-bit integer. When running a Cisco IOS version affected by this bug, the router IOS expects a copy of that 32-bit unsigned integer as a 32-bit unsigned integer, rather than as a string of ascii characters representing a hexadecimal number.
In Cisco IOS versions where the fix for this bug has been integrated, Cisco IOS software will accept either the string that Cisco IOS software sent out, or the 32-bit unsigned integer which unfixed versions accept.
PoD stands for "Packet of Disconnect" or "Packet of Death," depending on the specification version.
•
Symptoms: Console access to a router may not be available after booting up.
Conditions: This symptom is observed when the router does not have the aaa authentication login command enabled.
Workaround: Load a Cisco IOS software image in which this problem does not occur and use one of the following workarounds before loading the Cisco IOS software image in which the problem occurs:
–
–
•
Symptoms: A platform may reload when the aaa dnis map dnis-number authentication ppp group server-group-name command is entered.
Conditions: This symptom is observed when aaa dnis map commands are enabled.
Workaround: There is no workaround.
•
Symptoms: After a VIP crashes, a FIB-3-FIBDISABLE error message due to an IPC timeout may occur for all the slots of the VIP.
Conditions: This symptom is observed on a Cisco 7500 series after the VIP crashes and before the VIP recovers. The FIB-3-FIBDISABLE error message is generated for all the slots of the VIP, causing dCEF switching to become disabled.
Workaround: There is no workaround. You can reenable dCEF by entering the clear cef linecard command.
•
Symptoms: A Cisco router may reload during an attempt to free memory after Simple Network Management (SNMP) operations.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3(9), that is configured with an RSP, and that has the SNMP bulk transfer feature enabled.
Workaround: There is no workaround.
•
Symptoms: The "radius-server attribute 196 network-up lcp-open" cannot be configured and is treated as an invalid input.
Conditions: This symptom is observed in Cisco IOS Release 12.3(9).
Workaround: There is no workaround.
•
Symptoms: A TACACS+ server may not switch to an alternate server in the same server group when the connection to the first server times out.
Conditions: This symptom is observed when there are multiple TACACS+ servers configured in the same server group and when the connection to the first TACACS+ server times out.
Workaround: Configure a single server in each server group, and attach multiple server groups to the method list.
As an example, if the symptom occurs in the following configuration:
aaa group server tacacs DIAL
server 1
server 2
aaa authentication ppp default group DIAlchange this configuration to the following:
aaa group server tacacs DIAL1
server 1
aaa group server tacacs DIAL2
server 2
aaa authentication ppp default group DIAL1 group DIAL2•
Symptoms: A router crashes when trying to send an access-request to a server group that has no RADIUS server configured.
Conditions: This symptom is observed when the radius-server retry method reorder command is configured and when a RADIUS server is configured and then unconfigured.
Workaround: There is no workaround.
Further Problem Description: This problem is not seen when there are one or more RADIUS servers configured or when the radius-server retry method reorder command is not enabled.
•
Symptoms: A Cisco device experiences a memory leak in the CDP process.
Conditions: The device sending CDP packets sends a hostname that is 256 or more characters. There are no problems with a hostname of 255 or fewer characters.
Workaround: Configure the neighbor device to use less than a 256 character hostname, or disable the CDP process with the global command no cdp run.
•
Symptoms: A platform may pause indefinitely when the radius-server deadtime command is configured.
Conditions: This symptom is observed on a Cisco platform under the following conditions:
–
–
–
Workaround: There are three different workarounds:
–
–
–
EXEC and Configuration Parser
•
Symptoms: A Cisco router may crash when you perform and online insertion removal (OIR) of a line card.
Conditions: This symptom is observed when an interface on the line card is being configured through the CLI while the OIR of the line card removes the interface.
Workaround: There is no workaround.
•
Symptoms: The startup configuration may not be applied to SPA interfaces.
Conditions: This symptom is observed only on SPA interfaces.
Workaround: There is no workaround.
IBM Connectivity
•
Symptoms: A router may crash and enter the ROMmon. The output of the sysret ROMmon command shows the following:
dlsw_tcpd_async_openf tcp_driver_direct tcp_driverThis symptom is related to memory corruption.
Conditions: This symptom is observed on a Cisco router that is configured for DLSw.
Workaround: There is no workaround.
•
Symptoms: Data-link switching (DLSw) Synchronous Data Link Control (SDLC) does not sends an XID command; the DLSw circuit does goes into the CONNECTED state but stays in the CKT_ESTABLISHED state until it drops.
Conditions: This symptom is observed when SDLC attaches to a PU2.0 and attempts to establish a session via DLSw to an Ethernet-attached Tandem where the DLSw SDLC interface is running as a role primary. After the DLSw router sends an XID P and the tandem returns an XID F, the DLSw router does not send an XID command.
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: A Cisco router may forward the MAC-layer broadcast.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.1(10) but may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 series router may experience a software-forced reload.
The router console may show the following output:
validblock_diagnose, code = 1
current memory block, bp = 0x7001E58,
memory pool type is I/O
data check, ptr = 0x7001E80
next memory block, bp = 0x7001F98,
memory pool type is I/O
data check, ptr = 0x7001FC0
previous memory block, bp = 0x7001D18,
memory pool type is I/O
data check, ptr = 0x7001D40
%SYS-3-OVERRUN: Block overrun at 7001E58 (red zone
FD010220)
-Traceback= 606706A0 60673658 60675324 60675574
%SYS-6-MTRACE: mallocfree: addr, pc
6259BE40,60000730 6259BDE8,6083FFB8 6259FE14,6000002E 6259FDC0,60B03A64
6259F5BC,60B03854 6259F704,60000026 6259F6AC,60B03940 6259E1D8,60000730
%SYS-6-MTRACE: mallocfree: addr, pc
6259E184,60B03854 627BE824,60B03854 6259BDE8,60846E8C 6259BDE8,40000018
6259E184,60B0B1EC 6259E184,40000016 6259F6AC,60B0B4AC 6259F6AC,40000018
%SYS-6-BLKINFO: Corrupted redzone blk 7001E58, words
140, alloc 60620B44, InUse, dealloc 0, rfcnt 1
-Traceback= 6066E188 606706B4 60673658 60675324 60675574
%SYS-6-MEMDUMP: 0x7001E58: 0xAB1234CD 0xFFFFFFFE 0x0
0x615A0EA0
%SYS-6-MEMDUMP: 0x7001E68: 0x60620B44 0x7001F98
0x7001D2C 0x8000008C
%SYS-6-MEMDUMP: 0x7001E78: 0x1 0x0 0x0 0x0Conditions: This symptom is observed on a Cisco 7200 series router that is running Cisco IOS Release 12.2(12). The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: The media-type interface configuration command cannot be configured on an FEIP interface on a Cisco router.
Conditions: This symptom is observed on a Cisco 7500 series router.
Workaround: There is no workaround.
•
Symptoms: TX Simple Network Management Protocol (SNMP) counters do not update on Fast Ethernet subinterfaces for distributed Cisco Express Forwarding (dCEF) traffic.
Conditions: This symptom is observed on Cisco IOS Release 12.0(26)S and Release 12.3. The hardware is DEC21140A, and the interface receiving the traffic is not located on the same Versatile Interface Processor (VIP).
Workaround: There is no workaround.
•
Symptoms: When a client dials up with Serial Line Internet Protocol (SLIP) in dedicated mode, the IP address may not be dynamically assigned, and the client may have difficulty to get a connection.
Conditions: This symptom is observed when the dialup connection is made via a Cisco AS5350 that runs Cisco IOS Release 12.2(6). The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: Some of the commands that are related to bridging may be changed dynamically by the router which may result in undesired behavior.
Conditions: This symptom is observed on a Cisco 3745 router that is running Cisco IOS Release 12.3.
Workaround: There is no workaround.
•
Symptoms: A router crashes when you enter the default/no bridge-group bridge group subscriber-loop-control interface configuration command.
Conditions: This symptom is observed when there are no existing bridge-group configurations on the router.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: A Cisco 7204VXR that functions as an L2TP network server (LNS) may pause indefinitely because of a bus error when a user disconnects and then reconnects.
Conditions: This symptom is observed on a Cisco 7204VXR that is configured with a Network Processing Engine G1 (NPE-G1) under the following conditions:
–
–
Workaround: There is no workaround.
•
Symptoms: During BGP scalability testing, error messages and tracebacks similar to the following ones may be logged, indicating a difficulty with TCP and buffer usage:
%SYS-2-MALLOCFAIL: Memory allocation of 4692 bytes failed from 0x6076F714, align
Pool: I/O Free: 11143248 Cause: Memory fragmentation
Alternate Pool: None Free: 0 Cause: No Alternate pool
-Process= "Pool Manager", ipl= 0, pid= 6
-Traceback= 607FE10C 607FF1EC 6076F71C 6080C1D0 6080C400
%TCP-6-NOBUFF: TTY0, no buffer available
-Process= "BGP I/O", ipl= 0, pid= 139
-Traceback= 6098B4EC 609938C8 60993C1C 60D55CE4 60D0BEB0
%TCP-6-NOBUFF: TTY0, no buffer available
-Process= "BGP Router", ipl= 0, pid= 138
-Traceback= 6098B4EC 609938C8 60993C1C 60D55CE4 60D29858 60D2AF88 60D1B4BCConditions: This symptom is observed on a Cisco router that is in the processing of building BGP sessions for about 80,000 prefixes and about 1200 BGP peers.
Workaround: There is no workaround.
•
Symptoms: Address Resolution Protocol (ARP) may not be triggered for an inside-local address destination after the outside-to-inside translation is performed correctly, causing packets to be dropped because the adjacency remains gleaned.
Conditions: This symptom is observed on a Cisco router when the Multi-VRF feature is configured and when you configure a customer edge (CE) router to perform Network Address Translation (NAT).
Workaround: Perform a ping from the router to the CE router to trigger ARP and to populate the adjacency table.
•
Symptoms: Static routes may be left without deletions. If an interface belonging to a VRF is disabled and reenabled, packets may no longer pass through the VPN instance.
Conditions: This symptom is observed when the egress interface of the static route is in a shutdown state.
Workaround: There is no workaround. One way of recovery is to reset the line card on which the interface was reenabled.
•
Symptom: When you enter the passive-interface default router configuration command in an Open Shortest Path First (OSPF) environment, all interfaces, including a virtual link, become passive interfaces. However, the virtual link may not come up even if the routers that terminate the endpoints of the virtual link have a full neighboring relationship via a nonpassive interface. When you enter the no passive-interface interface-type interface-number router configuration command and you enter virtual 0 for the interface-type interface-number argument, the command may not function, and the virtual link may remain down.
Conditions: These symptoms are observed on a Cisco router that runs Cisco IOS Release 12.0 S, 12.2 S. or 12.3, that functions in an OSPF environment, and that has the passive-interface default router configuration command enabled.
Workaround: Delete the virtual link and disable the passive-interface default router configuration command. Then, reconfigure the virtual link before you reenter the passive-interface default router configuration command.
Alternate Workaround: Do not enter the passive-interface default router configuration command. Rather, enter the passive-interface interface-type interface-number router configuration command for each individual interface that must be configured as a passive interface.
•
Symptoms: Pings fail on an Ethernet-to-VLAN interworking over L2TPv3 due to an IRDP failure.
Conditions: This symptom is observed when you ping between two CE routers. Both of the CE routers do not learn each other's MAC address automatically.
Workaround: Ping from the first CE router to the second CE router, then ping from the second CE router to the first CE router.
•
Symptoms: A Cisco router may crash.
Conditions: This symptom is observed after you enter the shutdown interface configuration command followed by the no shutdown interface configuration command multiple times on different interfaces.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that is configured for SIP NAT may not be able to process authentication messages from a third-party SIP gateway that performs SIP proxy authentication.
Conditions: This symptom is observed in a Call Hold/Resume procedure.
Workaround: There is no workaround.
•
Symptoms: Routes may not be deleted from the routing table correctly.
Conditions: This symptom is observed when variance is configured on a Cisco platform that runs EIGRP.
Workaround: Remove the erroneous routes by entering the clear ip route * command.
•
Symptoms: The withdraw message of a multipath (not bestpath) from a BGP neighbor deletes the path from the BGP table but it does not uninstall the route from the IP routing table.
Conditions: This symptom is observed when the maximum-paths eibgp command or maximum-paths ibgp command is configured.
Workaround: Enter the clear ip bgp * or disable the maximum-paths eibgp command or maximum-paths ibgp command.
•
Symptoms: The output of the show ip nhrp command does not include the pre-NAT private IP address for a spoke behind NAT.
Conditions: This symptom is observed when a spoke is behind NAT and when the transport mode is used on both the hub and the spoke.
Workaround: There is no workaround. This problem is only cosmetic in nature and only the output of the show ip nhrp command is affected.
•
Symptom: This symptom occurs in an OSPF network topology in which a CE router (CE-1) connect to a PE router (PE-1) that connects to two other PE routers (PE- 2 and PE-3), each of which connect to another CE router (CE-2 and CE-3). In turn, both of these CE routers are connected to each other (that is, CE-2 and CE-3 connect to each other).
When the link between the PE-3 and the CE-3 flaps, the OSPF route in the VRF fails to switch back from BGP to OSPF on the PE-1.
Conditions: This symptom is observed in Cisco IOS Release 12.0 S, 12.2 S, and 12.3 T.
Workaround: Clear the ip route, clear the OSPF process, or enter the clear ip bgp * command on the PE-1 to bring the route back from BGP to OSPF.
•
Symptoms: T.38 fax calls between a Cisco router and a third-party gateway may fail.
Conditions: This symptom is observed when two third-party gateways are connected via a Cisco router that runs SIP NAT. The T.38 fax calls fail from one of the third-party gateways to the Cisco router and vice versa.
Workaround: There is no workaround.
•
Symptoms: Enhanced Interior Gateway Routing Protocol (EIGRP) next-hop self- routes are incorrectly deleted from a Routing Information Base (RIB).
Conditions: This symptom is observed when the no ip next-hop-self eigrp interface configuration command is used in a dual hub Dynamic multipoint VPN (DMVPN) network. Routes are learned for the same destination from two different sources over the DMVPN network directly from the spokes and from the other hub. These routes in the EIGRP topology table have the same IP- next-hop, but different metrics. The routes learned from the spokes have a lower metric and are used to populate the routing table. If this hub loses the other hub as an EIGRP neighbor, then EIGRP correctly removes the topology entries from the EIGRP topology table that are learned from the other hub. But EIGRP then deletes these routes from the routing table. EIGRP should not remove the routes from the routing table since the removed topology entries are not used to populate the routing table in the first place.
Workaround: EIGRP does not restore these routes to the routing table until the clear ip route * EXEC command is entered on the router.
•
Symptoms: A software-forced reload occurs on a router when you unconfigure a tunnel interface. After the router has reloaded, the router hangs.
Conditions: This symptom is observed on a Cisco 1760, Cisco 3640, and Cisco 7100 series that run Cisco IOS Release 12.3(9).
Workaround: There is no workaround. The reset the router, enter "send break."
•
Symptoms: A Cisco 1600 series crashes with an "Unexpected exception to CPU vector 2" error.
Conditions: This symptom is observed when stateful NAT is configured with the redundancy in command.
Workaround: There is no workaround.
•
Symptoms: When an IP phone on the inside talks to an analog phone inside or outside the network there is one-way audio in the destination phone.
Conditions: This problem occurs under the following conditions:
–
–
–
The problem was reported in Cisco 3600 routers. However, it seems not to be hardware dependent.
Workarounds:
–
–
•
Symptoms: EIGRP may generate an internal error message after NSF restarts and when there is an EIGRP process configured that has not yet started.
Conditions: This symptom is observed when you enter the router rip command and the redistribute eigrp 1 command. The EIGRP 1 process does not start until you enter the router eigrp 1 command.
Workaround: Prevent the internal error message by disabling the redistribute command or start the process by entering the router eigrp command.
•
Symptoms: NAT calculates an invalid UDP checksum for some checksum values.
Conditions: This symptom is observed in a very particular situation which depends on the NAT configuration and the UDP checksum value. After the translation, the new UDP checksum value of the translated packet is equal to zero. NAT ignores the new checksum value of zero and it uses the original checksum value, which causes a checksum error at the end device.
Workaround: There is no workaround.
•
Symptoms: NHRP registrations may not be sent.
Conditions: This symptom is observed when a tunnel interface goes from the down state to the up state.
Workaround: There is no workaround.
•
Symptoms: EIGRP may incorrectly remove a connected route from a topology.
Conditions: This symptom is observed when you change the router network commands and there are overlapping networks. For example, if the following is configured:
int loopback1
ip addr 10.1.2.2 255.255.255.0
router eigrp 1
net 10.0.0.0 0.3.255.255and you change the network command to:
router(config)# net 10.0.0.0
router(config)# no net 10.0.0.0 0.3.255.255the connected route will be removed when it should be retained.
Workaround: Remove the old network command first before adding the new one, for example:
router(config)# no net 10.0.0.0 0.3.255.255
router(config)# net 10.0.0.0•
Symptoms: Per-user access control lists disappear.
Conditions: This symptoms is observed on a Cisco platform when you enter the show ip access-lists command.
Workaround: There is no workaround.
•
Symptoms: When the debug ip pim auto-rp command is enabled on a Cisco 7500 series, the router crashes when it receives an AutoRP message.
Conditions: This symptom is observed on a Cisco 7500 series that runs the rsp-isv-mz image of Cisco IOS Release 12.2(15)T7 or 12.2(15)T9. The symptom may also occur in Release 12.3 or 12.3 T.
Workaround: There is no workaround.
•
Symptoms: ABRs may continue to generate summary LSA(s) for obsolete non-backbone intra-area route(s).
Conditions: This symptom occurs under the following conditions:
1. The ABR (call ABR X) has at least one non-backbone area (call area X) in common with one or more additional ABRs.2. The ABRs are generating summary LSAs, on behalf of the Area X's two or more intra-area routes, into the backbone area and other areas. The two intra-area routes must be advertised as stub links from two different routers; i.e., one from ABR X, and the other from another router belonging to Area X.
3. The summary LSA IDs for the intra-area routes above, when ORed with the host bits of the corresponding masks, yield identical LSA IDs.
For example, 10.10.10.128/25 and 10.10.10.0/24 yield identical LSA IDs when the network address is logically ORed with the host bits; i.e.,
10.10.10.128 | 0.0.0.127 = 10.10.10.255
10.10.10.0 | 0.0.0.255 = 10.10.10.255Workaround: Perform the clear ip ospf proc command on all ABRs containing the obsolete LSAs.
•
Symptoms: A Cisco 3600 series may crash while unconfiguring NFAS.
Conditions: This symptom is observed on a Cisco 3600 series that runs Cisco IOS Release 12.3(6).
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: A Cisco 7200 series that is configured for IPSec may reboot with a bus error.
Conditions: This symptom is observed under rare circumstances when a race condition occurs.
Possible Workaround: Reload the router.
•
Symptoms: The performance of a router may be lower than you would expect, and CPU utilization may be high during packet forwarding.
Conditions: These symptoms are observed on a nondistributed Cisco router that runs Cisco IOS Release 12.2, 12.2 S, 12.2 T, 12.3, or 12.3 T under the following circumstances:
–
–
–
Workaround: If this is an option, enter the match access-group access-group class-map configuration command in the class maps, that is, enter the access-group argument instead of the access-group-name argument.
•
Symptoms: A Cisco router or switch that is configured with distributed Network-Based Application Recognition (dNBAR) may reload unexpectedly because of a software-forced crash.
Conditions: This symptom is observed under rare circumstances when distributed Cisco Express Forwarding (dCEF) is disabled or reset. The symptom may also occur on routers with unsupported configurations; dNBAR is only supported on a Cisco 7500 series that is configured with a VIP2-50 or a later VIP and on a Catalyst 6000 series switch that is configured with a FlexWAN module.
Workaround: There is no workaround.
•
Symptoms: On an MPLS label edge router that supports hardware-assisted forwarding (that is, platforms such as the Cisco Catalyst 6500 series, the Cisco 7600 series, the Cisco Catalyst 8540, and the Cisco 12000 series) with multiple outgoing MPLS paths, there could be an inconsistency between the hardware and software MPLS forwarding table.
Conditions: This symptom is observed when you enter the shutdown interface command followed by the no shutdown interface configuration command on one of the outgoing MPLS enabled interfaces or you enter the no mpls ldp interface command followed by the mpls ldp interface configuration command on one of the outgoing MPLS enabled interfaces on an MPLS label edge router that supports hardware-assisted forwarding with multiple outgoing MPLS paths.
Workaround: Enter the clear ip route command for the affected prefix to take down all the paths and ensure that the paths are rebuilt.
•
Symptoms: Connectivity difficulties may occur when Virtual Private Network (VPN) routing/forwarding (VRF) packets follow the global routing table instead of the VRF table.
Conditions: This symptom is observed on a low-end Cisco router that runs Cisco IOS Release 12.2(7a) or another release when the global address space in the router overlaps with the VRF address that is configured on a VRF interface of a connected PE router. The VRF interface of this PE router may be unreachable but end-to-end connectivity may not be affected.
Workaround: There is no workaround.
•
Symptoms: V.22B modem connections may not work reliably over modem pass-through.
Conditions: This symptom is observed on V.22B modems when a pair of voice gateways have digital voice ports that are driven by different clock sources. High-speed modem connections (V.32, v32bis) are not affected by this condition.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload unexpectedly when you enter the crypto card shutdown slot global configuration command followed by the crypto card enable slot global configuration command while traffic is flowing.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with a VPN Accelerator Module (VAM).
Workaround: Shut down the input interface before you enter the crypto card shutdown slot global configuration command followed by the crypto card enable slot global configuration command.
•
Symptoms: A Cisco router that functions as a voice gateway may reload unexpectedly after a series of calls that include call transfers and diverted calls have been processed.
Conditions: This symptom is observed on a Cisco 2621XM and Cisco 3640 when you use a third-party vendor protocol convertor to translate and provide a tunnel for Digital Private Network Signaling System (DPNSS) traffic over Q Signaling (QSIG). The symptom is not platform specific.
Workaround: There is no workaround.
•
Symptoms: Incorrect playout values may be set for Voice over ATM adaptation layer 2 (AAL2) and may overwrite the playout delay setting on a voice port.
Conditions: This symptom is observed on a Cisco 3600 series.
Workaround: There is no workaround.
•
Symptoms: The following objects are not supported in the ENTITY-MIB:
–
–
–
Conditions: This symptom is observed on a Cisco 7200 series.
Workaround: The values of the objects listed above can be displayed by entering the show c7200 privileged EXEC command or the show diag EXEC command.
•
Symptoms: A Cisco 3640 router that is configured with a Systems Network Architecture Switch (SNASwitch) reloads unexpectedly and displays the following message:
System was restarted by bus error
Conditions: This symptom is observed on a Cisco 3640 router that is running Cisco IOS Release 12.2(15).
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 series may reload unexpectedly when it is polled by the CiscoWorks Voice Manager (CVM).
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.2(13)T1 or Release 12.3, that is configured with a Network Processing Engine 400 (NPE-400), and that is configured for Voice over IP (VoIP).
Workaround: Disable Simple Network Management Protocol (SNMP) on the router by entering the no snmp server global configuration command.
•
Symptoms: A Foreign Exchange Station (FXS) port may lock up after having functioned fine for a long time.
Conditions: This symptom is observed on a Cisco 3640 that runs Cisco IOS Release 12.2(15)T or Release 12.3 and that is configured with a high-density analog voice network module (NM-HDA). This symptom typically occurs when fax lines are configured on the FXS port.
Workaround: Reboot the router.
•
Symptoms: Q Signaling (QSIG) ISDN BRI ports of a Cisco 2600 series that are connected to a third-party vendor PBX on the user side may become locked after 10 to 20 calls. ISDN layer 2 may change to the "TEI_ASSIGNED" state, and the output of the show controllers bri privileged EXEC command may display the "No reply from DSP" message.
Conditions: These symptoms are observed on a Cisco 2600 series that runs Cisco IOS Release 12.2(8)T5 or a later release, including Release 12.3.
Workaround: Reload the router.
•
Symptoms: Distributed Cisco Express Forwarding (DCEF) may become disabled on a Versatile Interface Processor (VIP) or Cisco 12000 series line card (LC), and the following error message may appear on the console:
%FIB-3-FIBDISABLE: Fatal error, slot 12: Window did not open, LC to RP IPC is non-operationalConditions: This symptom is observed on a Cisco 7500 series VIP2-50 and VIP4- 80 in which ATM OC-3 port adapters such as the PA-A1-OC3 or PA-A3-OC3 are installed when the Cisco 7500 series is upgraded to Cisco IOS Release 12.0(24) S or Release 12.0(24)S1. This symptom is also observed on a Cisco 12000 series LC during significant, prolonged routing table churn.
Workaround: Reload CEF on the VIP or LC by entering the clear cef linecard slot-number EXEC command.
Alternate Workaround: Restart the VIP by performing an online insertion and removal (OIR). Restart the LC by executing the hw-module slot slot # reload command.
•
Symptoms: A Cisco platform that is configured for CME/SRST may reload unexpectedly because of a SIGTRAP exception.
Conditions: This symptom is observed on a Cisco 1760, Cisco 2600 series, and Cisco 3725, but is platform independent. The symptom may occur on any platform that is configured for CME/SRST. The symptom may occur in Release 12.3 T and earlier releases.
Workaround: There is no workaround.
•
Symptoms: When an incoming digital call is not a V.110, V.120 or HDLC call, the "np_dsplib_prepare_digital_modem()" function may fail to set up a NextPort modem for CSM in digital modem mode (the function should return "FALSE" instead of "TRUE").
Conditions: This symptom is observed on a Cisco AS5400 series universal gateway.
Workaround: There is no workaround.
•
Symptoms: A Cisco 3745 that runs Cisco IOS Release 12.2(15)T2 or Release 12.3 may deplete the interrupt level stacks and report the following error messages in the syslog:
%SYS-6-STACKLOW: Stack for level Network interfaces running low, 0/9000 %SYS-6-STACKLOW: Stack for level DMA/Timer Interrupt running low, 0/9000 %SYS-6-STACKLOW: Stack for level PA Management Int Handler running low, 0/9000 %SYS-6-STACKLOW: Stack for level Console Uart running low, 0/9000Interrupt level stacks:
Level Called Unused/Size Name
1 22321736 0/9000 Network interfaces
2 830757 0/9000 DMA/Timer Interrupt
3 453468 0/9000 PA Management Int Handler
4 5100 0/9000 Console Uart
5 0 7656/9000 External Interrupt
7 113396404 8600/9000 NMI Interrupt HandlerConditions: This symptom is observed when the BSTUN configuration is being updated.
Workaround: There is no workaround.
•
Symptoms: When you manually set the value of the ring-limit argument in the tx-ring-limit ring-limit interface configuration command, the value is lost when you reload the router, even though the value is properly saved in the running configuration and in the startup configuration.
Conditions: This symptom is observed only when you manually set the value of the ring-limit argument for an 8-port multichannel T1/E1 PRI port adapter (PA-MC-8TE1+) and you reload the router.
Workaround: There is no workaround.
•
Symptoms: When G.168 echo cancellation is enabled, a high echo level may occur during a call.
Conditions: This symptom is observed on a Cisco router that functions as an echo cancel point and that is configured with one of the following voice interface cards (VICs) when the non-linear processor (NLP) is disabled:
–
–
–
Workaround: Enable the NLP.
•
Symptoms: A Cisco AS5300 may reload unexpectedly. The output of the show version command may show an error message similar to the following:
System restarted by software forced crash at 0x6037EE44Conditions: This symptom is observed on a Cisco AS5300 that runs Cisco IOS Release 12.2(19). The symptom could also occur in Release 12.3.
Workaround: There is no workaround.
•
Symptoms: On an ASBR-PE, the TFIB may be missing a forwarding entry for a prefix that is learnt from a PE.
Conditions: This symptom is observed on an "ABSR-co-located PE" (that is, an ASBR that also functions as a PE router) when the PE functionality is removed by deconfiguring VRF, for example, by entering the no ip vrf vrf-name command.
Since this is a timing issue, it may occur in Cisco IOS Release 12.0 S, 12.2 S, 12.2 T, and 12.3.
Workaround: There is no workaround.
•
Symptoms: A router may reload due to a software-forced crash after experiencing alignments errors.
Conditions: This symptom is observed on a Cisco 3660 router running Cisco IOS Release 12.2(8)T0b when you enter the default ip unnumbered fastethernet0/0 command. The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: A Cisco router crashes when the crypto key zeroize rsa command is issued.
Conditions: This symptom is observed when the ip http secure-server is enabled.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7200 series that is on a dial interface may unexpectedly reload.
Conditions: This symptom is observed on a Cisco 7200 series that is running Cisco IOS Release 12.2(13)T3, Release 12.2(13)T5, Release 12.2(15)T5, Release 12.3(1a), or Release 12.3(2)T and that has IP header compression configured.
Workaround: Remove TCP and Real-Time Protocol (RTP) header compression from all dial interfaces by entering the no ip tcp header-compression and no ip rtp header-compression interface configuration commands.
•
Symptoms: A Cisco Catalyst 4000 Access Gateway Module (AGM) may reload unexpectedly when you establish a crypto tunnel.
Conditions: This symptom is observed on a Cisco Catalyst 4000 AGM that runs Cisco IOS Release 12.2 T, Release 12.3, or Release 12.3 T.
Workaround: There is no workaround.
•
Symptoms: A Network Processing Engine G1 (NPE-G1) may restart unexpectedly and report the following message:
Last reset from watchdog resetConditions: This symptom is observed on a Cisco 7200VXR series that is configured with an NPE-G1 Network Processing Engine
Workaround: There is no workaround.
•
Symptoms: A Cisco 7206VXR that is configured for Network Address Translation (NAT) to process Reliability, Availability, and Serviceability (RAS) traffic may reload unexpectedly because of a software condition.
Conditions: This symptom is observed on a Cisco 7206VXR that runs Cisco IOS Release 12.2(15)T5 or Release 12.3.
The symptom does not occur when the configuration does not include NAT for H.323 RAS traffic. Therefore, ensure that the ip nat service ras global configuration command is not part of your configuration.
Workaround: Enter the no ip nat service ras global configuration command.
•
Symptoms: A 1-port E3 serial port adapter (PA-E3) may fail to recover to the "up/up" state even when the original cause of the failure is corrected.
Conditions: This symptom is observed on a Cisco 7500 series.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the interface of the PA-E3.
•
Symptoms: A Cisco 7206 VXR that is running Cisco IOS Release 12.2(12b) doing OSPF to RIP redistribution may be sending wrong metric in RIP domain. In this case, a route-map used for the OSPF to RIP redistribution sets the metric value to 5, but the RIP updates for some routes are sent with a wrong metric of 1.
Conditions: This symptom is observed on a Cisco 7206 VXR that is running Cisco IOS Release 12.2(12b).
Workaround: There is no workaround.
•
Symptoms: When the CPU utilization of a Cisco router on which an IP Security (IPSec) tunnel is configured exceeds 50 percent, the Internet Security Association and Key Management Protocol (ISAKMP) IPSec rekey may fail, and traffic may be blocked for many minutes until the router or the device on the other side attempts another rekey.
Conditions: These symptoms are observed when traffic is encrypted. The larger the amount of traffic encrypted, the higher the chance that the symptoms occur. For example, on a Cisco 7200 series that is configured with a VPN Acceleration Module 2 (VAM2), the symptoms may occur when more than 60 megabits of traffic are encrypted per second.
Workaround: There is no workaround.
Further Problem Description: This DDTS affects all platforms, but it affects operations only if there is very frequent rekeying. If the IPSec lifetimes are such that a particular SA lasts at least 5 minutes (the default is one hour), the symptom does not occur.
•
Symptoms: There may be no memory for the expanded TFIB PSA. The label allocation may fail with error messages that are shown below and may be followed by a memory traceback.
%TAGCON-3-LCLTAG_ALLOC: Cannot allocate local tag
%TFIB-2-MEMORY: No memory for expanded TFIB PSA
-Traceback=Conditions: This symptom is only observed on an MPLS-capable Cisco platform and only when the label space has been exhausted to the maximum level supported by the platform or is about to be exhausted (only a few hundred labels are available) and when the TFIB table is expanded further.
Workaround: Enter the mpls label range 16 101900 command at the conf-t level to avoid the error messages.
•
Symptoms: A memory leak occurs when a subdirectory is created or extended.
Conditions: This symptom is observed in Cisco IOS Release 12.3 T (but may also occur in other releases) when any of the following actions are performed:
–
–
–
Workaround: If this is an option, do not use any subdirectory. Note that the symptom does not occur when you format a disk.
•
Symptoms: The amount of free memory on a router may decrease by very small amounts as the memory that is held by the Virtual Switch Interface (VSI) master process increases. The decrease in the amount of free memory can be verified by examining the output of the show processes privileged EXEC command. As a consequence of not freeing this memory, a Label Switch Controller (LSC) may reload unexpectedly under the conditions listed below.
Conditions: This symptom is observed when VSI is disabled on an LSC that is running Cisco IOS. VSI is disabled by entering the no label-control-protocol vsi interface configuration command on ATM or switch interfaces. Repeatedly disabling and enabling VSI reduces the free memory on the LSC. When a VSI NAK error 11 or 12 is received in less then five minutes before you disable and reenable VSI, the LSC reloads unexpectedly when you do disable and reenable VSI.
Workaround: To prevent the memory leak, avoid disabling and reenabling VSI. If you must toggle VSI, avoid an unexpected reload of the LSC by first enabling the debug vsi errors command and ensure that no VSI NAK error 11 or 12 is received five minutes before entering this command. Such a NAK error would look similar to the following:
VSI Master: got NAK reason 12 (sec VPI/VCI in use) in CONN CMT RSP rcvd on
Switch1:0/65513
VSI_M xconn conn Cmt NAK code = 12: would Initiate re-sync on slave_id = 9
VSI_M - resync timer started sl=9After such an error is received, wait at least five minutes before you toggle VSI.
•
Symptoms: Analog recEive and transMit (E&M) ports may become stuck intermittently. When the symptom occurs, the following error message is displayed:
%C542-1-NO_RING_DESCRIPTORS: No more ring descriptors on recEive And transMit 3/0/1. Msg id=48, Len=38In addition, the output of the show voice call summary EXEC command indicates that the voice-port state is "EM_PARK_IDLE."
Conditions: This symptom is observed on a Cisco gateway that runs Cisco IOS Release 12.2(15)T5 and that has an analog E&M port to connect to a PBX. Note that the symptom does not occur in Release 12.2(15)T1. The symptom may occur in Release 12.3.
Workaround: Reload the Cisco gateway.
•
Symptoms: Traffic is not forwarded by a line card in a multiple virtual circuit (VC) setup.
Conditions: This symptom may be observed when one of the following actions occur through the command-line interface (CLI):
–
–
–
–
–
Workaround: Enter the clear ip route * EXEC command.
•
Symptoms: A small memory leak is experienced on a Cisco router.
Conditions: The problem appears only in the corner case when ftp operation aborts in the middle and results in a few bytes of memory leak. The memory leak does not happen otherwise. This does not impact any other router operation.
Workaround: There is no workaround.
•
Symptoms: The maximum MTU with a DF set across an L2TP MPLS VPN is 1460 while the physical layer MTU is 1500; any ping larger than 1460 may fail.
Condition: This symptom is observed on a LES platform such as a Cisco 3600 series or a Cisco 4500 series when the router performs MPLS operations and functions as an L2TP Network Server (LNS). The incoming MPLS packet is dropped while the router attempts to inject the packet into the L2TP tunnel.
Workaround: Traffic of packets between 1460 and 1500 bytes can be made possible by fragmenting the tagged packets before the transmission.
Enter the mpls mtu 1450 command on the router in the MPLS cloud before the MPLS packet reaches the router that injects the packet into the L2TP tunnel.
•
Symptoms: A Cisco AS5350 may not recognize that a Telco switch is in the "blocking" state and attempts to receive calls from time slots that are busied out by the Telco switch, causing a low call success rate.
Conditions: This symptom is observed on a Cisco AS5350 that runs Cisco IOS Release 12.3(1a) or Release 12.3(3) when E1 R2 signaling is configured.
The Cisco AS5350 does detect the "blocking" state, but it does so in cycles of six minutes. That means that three hours (180 minutes) would be required to automatically busy out a single E1 port.
Workaround: Configure multiple DS0 groups and map them to multiple plain old telephone service (POTS) dial peers that are all configured with the same preference. Doing so enables the Cisco AS5350 to go from one dial peer to another until it finds one that is available.
•
Symptoms: A router may crash with an address error when you configure or unconfigure a channel group on a VWIC-T1 or on another T1 or E1 VWIC that is installed in an NM-2W or in a variant of an NM-2W.
Conditions: This symptom is observed very rarely.
Workaround: There is not workaround.
•
Symptoms: Packets are route-cache switched instead of being distributed switched.
Conditions: This symptom is observed on a Cisco 6500 series and Cisco 7600 series that run Cisco IOS Release 12.2 S after the router has been reloaded. The symptom may also occur in other releases.
Workaround: Enter the shutdown command followed by the no shutdown command on the affected interface.
•
Symptoms: When you reload a Multiprotocol Label Switching (MPLS) provider edge (PE) router that has 20 PA-MC-2T3+ controllers and 780 channelized interfaces, the first PA-MC-2T3+ controller may have many channelized interfaces in the down/down state.
Conditions: This symptom is observed on an MPLS PE router that has the channelized interfaces that are in the down/down state directly connected to a customer edge (CE) router. If the connection is a T1 interface, then the interfaces on the CE router are in an up/down state. If the connection is sub- T1 (fractional T1), then the interfaces on the CE router are in an up/up state.
Workaround: Reload only the CE router and all the interfaces will go to the up/up state on both the CE router and the PE router.
•
Symptoms: When an ATA disk is formatted on a router that shares ATA-Monlib within its CPU family, any disk-related CLIs may log the following information:
PCMCIAFS-5-DIBERR: PCMCIA disk 0 is formatted from a different router or PC. A format in this router is required before an image can be booted from this device
Conditions: This symptom is observed on a Cisco router that shares ATA-Monlib within its CPU family such as a Cisco 6400 series NSP and a Cisco 10000 series.
Workaround: There is no workaround.
•
Cisco routers and switches running Cisco IOS or Cisco IOS XR software may be vulnerable to a remotely exploitable crafted IP option Denial of Service (DoS) attack. Exploitation of the vulnerability may potentially allow for arbitrary code execution. The vulnerability may be exploited after processing an Internet Control Message Protocol (ICMP) packet, Protocol Independent Multicast version 2 (PIMv2) packet, Pragmatic General Multicast (PGM) packet, or URL Rendezvous Directory (URD) packet containing a specific crafted IP option in the packet's IP header. No other IP protocols are affected by this issue.
Cisco has made free software available to address this vulnerability for affected customers.
There are workarounds available to mitigate the effects of the vulnerability.
This vulnerability was discovered during internal testing. This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml
•
Symptoms: When you enter the show crypto ipsec sa command and an IPSec SA is deleted before the command completes, the router may reload unexpectedly.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.3(1).
Workaround: There is no workaround.
•
Symptoms: Packet drops may not be seen in the output of the show queueing interface interface command because of an error in the WRED VIP code.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3(6) or Release 12.3 T and that is configured for quality of service (QoS). The problem occurs after unconfiguring and reconfiguring WRED.
Workaround: There is no workaround. The information in the show interface interface command is correct.
•
Symptoms: A provider edge (PE) router may not be able to ping other PE routers or a label switch controller (LSC), nor may other platforms be able to ping the PE router.
Conditions: This symptom is observed on a Cisco MGX platform that is configured with a primary Route Processor Module PRemium (RPM-PR) that functions as a PE router and a secondary RPM.
Workaround: Reset the primary RPM to initiate a switchover to the secondary RPM. The symptom does not occur on the secondary RPM.
•
Symptoms: When configuring QoS on a Cisco 7200 series, the router may reload with a bus error. Specifically, the bus error occurs after having entered the no class name command on subinterfaces.
Conditions: This symptom is observed on a Cisco 7200 series that runs the c7200-jk9s-mz image of Cisco IOS Release 12.2(17a). The symptom may also occur in other releases. This behavior is associated to the use of "payload-compression".
Workaround: There is no workaround.
•
Symptoms: The caller ID may not be displayed.
Conditions: This symptom is observed when MGCP is configured on a Cisco IAD2420 series with FXS ports that have the cptone dk command enabled.
Workaround: There is no workaround.
•
Symptoms: A Versatile Interface Processor (VIP) may reload when the clear cef line command is entered or when a new VRF is provisioned on an interface via the CLI.
Conditions: This symptom is observed on a VIP when Multiprotocol Label Switching (MPLS), Egress NetFlow, and distributed Cisco Express Forwarding (dCEF) are configured.
Workaround: Disable dCEF or Egress NetFlow before making configuration changes or before entering the clear cef line command.
•
Symptoms: Periodically, MGCP connections may get stuck in the "CALL_DISCONNECTING" state (S=6).
Conditions: This symptom is observed on an E1 controller of a Cisco AS5xx0.
Workaround. Reset the E1 controller by entering the shutdown command followed by the no shutdown command.
•
Symptoms: A Cisco 7500 series with an RSP may crash when a low memory condition occurs while the router runs RIP.
Conditions: This symptom is observed on a Cisco 7500 series that runs the rsp-jsv-mz image of Cisco IOS Release 12.3(4)T but may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: A router configured for EzVPN (with NEM and auto connection mode) will fail QM negotiation when it is trying to reestablish an IPSec tunnel after a temporary communication problem with a concentrator.
The following error message is displayed:
IPSEC(validate_transform_proposal): invalid local address xxx.yyy.zzz.126Conditions: This problem is observed on a Cisco 800 series and a Cisco 1700 series that run Cisco IOS Release 12.3(2)XA. The symptom may also occur in other releases.
Workaround: Manual intervention is required to restart the tunnel. Enter the clear crypto ipsec client ezvpn command.
•
Symptoms: When a subscriber calls a 911 operator via a Cisco AS5850 trunking gateway T1 CAS FGD trunk running a 12.3(2)T1 image, the operator gets ANI and DNIS and goes off-hook, but the subscriber keeps hearing ringing tone and the call never gets connected to the operator. This problem may not happen with all the 911 calls.
Conditions: Configure CAS FGD trunk on the 5850 to a 911 operator. Make sure the channels are in-service. Place a 911 call. This triggers the above symptom. The symptom may also occur in Release 12.3.
Workaround: There is no workaround.
•
Symptoms: A router may crash upon exiting a Telnet session after changing the configuration on the router.
Conditions: This symptom is observed when the cns config notify diff command is configured on the router and when a Telnet connection is established to the router via another port than the console port.
Workaround: Do not configure the router via a Telnet connection.
•
Symptoms: The output queue of a Gigabit Ethernet port may become stuck, preventing traffic from leaving the interface.
Conditions: This symptom is observed on the Gigabit Ethernet port 0/1 (gig0/1) of a Network Processing Engine NPE-G1 (NPE-G1) that is installed in a Cisco 7200 series.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the affected interface.
Alternate Workaround: Reload the router.
•
Symptoms: A Cisco 7200 VXR router that terminates a large number of IPSec tunnels may restart unexpectedly.
Conditions: This symptom is observed when IKE MIB variables are being polled on the router.
Workaround: Avoid polling of IKE MIB variables.
•
Symptoms: When an IP phone user parks or transfers a call from the public switched telephone network (PSTN), the calling party hears music on hold (MOH). However, when the IP phone user resumes the call, the calling party continues to hear MOH while speaking. (The IP phone user does not hear MOH.)
Conditions: The symptom is observed on a Cisco platform that runs Cisco Release 12.2(13)T5 or Release 12.3, that functions as a Media Gateway Control Protocol (MGCP) gateway, and that is connected to a Cisco CallManager that runs software version 3.3(3).
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload unexpectedly.
Conditions: This symptom is observed when bringing up the multilink interfaces of the router.
Workaround: There is no workaround.
•
Symptoms: A ping from an interface of a Cisco 7500 series that functions as a PE router to a CE router may fail.
Conditions: This symptom is observed on a Cisco 7500 series that runs iMPLS and that has CEF switching enabled. The problem may affect all serial interfaces which allow configuration of PPP, Frame Relay, and HDLC and occurs only when the layer encapsulation of the subinterface is changed.
Workaround: Manually delete subinterfaces before changing the encapsulation
•
Symptoms: Pings fail across PPPoE.
Conditions: This symptom occurs when a Cisco 7500 series router has distributed switching enabled.
Workaround: Disable dCEF on the Cisco 7500 core router or enable a feature that causes the packets to be punted to the RP. Note that CEF works fine.
•
Symptoms: FXO ports on a Cisco IAD2420 may cease to process inbound and outbound calls because a voice port is stuck in the "FXOGS_PARK" state.
Conditions: This symptom is observed on a Cisco IAD2420 voice gateway with FXO ports that runs Cisco IOS Release 12.2(15)T8, 12.3, or 12.3 T. The FXO ports are connected to the PSTN.
Workaround: Enter the shutdown command followed by the no shutdown command on the affected voice port.
•
Symptoms: The show running-config command may not show anything because of a memory leakage in the CCH323_CT process on a Cisco gateway. The output of the show processes memory command may show that the CCH323_CT process holds a lot of memory and does not release it. The output of the show memory summary may show that the free memory continuously decreases as the gateway continues to handle VoIP calls. After the gateway has run out of free memory, the gateway may either hang or crash.
Conditions: This symptom is observed on a Cisco AS5350 that runs Cisco IOS Release 12.2(15)T5 in a SS7 solution environment and that functions as both an originating and a terminating gateway. The symptom may also occur in other releases.
Temporary Workaround: Reload or power-cycle the router.
•
Symptoms: ISDN overlap receiving may not function on a Cisco 2600 series.
Conditions: This symptom is observed on a Cisco 2600 series that runs Cisco IOS Release 12.3(6) when a custom Tool Command Language (Tcl) script is used.
Workaround: There is no workaround.
•
Symptoms: A router may reload unexpectedly because of a bus error when Session Initiation Protocol (SIP) calls are cancelled.
Conditions: This symptom is observed on a Cisco router while Real-Time Transport Protocol (RTP) statistics for the cancelled SIP calls are being updated.
Workaround: There is no workaround.
•
Symptoms: IPv4 routes that are advertised via IPv6 Border Gateway Protocol (BGP) peers may not be injected into the routing table.
Conditions: This symptom is observed when you implement multiprotocol BGP for IPv6.
Workaround: Configure IPv4 peers to enable the IPv4 routes to function.
•
Symptoms: A voice call may fail when it is rotated on another outgoing dial peer that has a lower preference than the originating outgoing dial peer.
Condition: This symptom is observed when the isdn overlap-receiving command is enabled and when one of two dial peers has a lower preference than the other dial peer and has a destination-pattern with either a "T" or with a higher number of digits than the other dial peer that has the higher preference.
Workaround: Configure the same destination-pattern on both dial-peers.
•
Symptoms: Voice hunt may fail.
Conditions: This symptom is observed on an originating gateway (OGW) when the isdn overlap-receiving command is enabled, when the OGW has at least two dial peers that only partially match the called number, and when the terminating gateway (TGW) has dial peers that match the complete called number. For example, the symptom occurs when the OGW has two dial peers that match "destination-pattern 123" while the TGW has dial peers that match "destination-pattern 123456."
Workaround: Do not enable the isdn overlap-receiving command when voice hunt is enabled.
•
Symptoms: A Cisco router may unexpectedly reload if IPv6 encounters a routing loop, and IPv6 CEF is enabled.
Conditions: This symptom occurs under the following conditions:
–
–
–
Router# show ipv6 route
IPv6 Routing Table - 9 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
B ::/0 [200/0]
via 2::2
C 1::/64 [0/0]
via ::, Ethernet0/0
L 1::2/128 [0/0]
via ::, Ethernet0/0
C 2::/64 [0/0]
via ::, Ethernet1/0
L 2::1/128 [0/0]
via ::, Ethernet1/0
B 2001::/16 [200/0]
via 2002::1
B 2002::/16 [200/0]
via 2001::1
L FE80::/10 [0/0]
via ::, Null0
L FF00::/8 [0/0]
via ::, Null0Note that 2001::/16 and 2002::/16 results in a recursion loop because 2001::/16 is accessible via 2002::/16 and 2002::/16 is accessible via 2001::/16.
Workaround: Disable IPv6 CEF using the global configuration command no ipv6 cef.
•
Symptoms: A router may truncate frames that are larger than 560 bytes.
Conditions: This symptom is observed on a Cisco 1700 series and Cisco 2600 series that have the Airline Product Set (ALPS) configured on a 2-port serial WAN interface card (WIC-2T).
Workaround for both the Cisco 1700 series and Cisco 2600 series: Change the value of the delay argument in the alps t1 delay interface configuration command to a value that allows the frame to go through.
Workaround for the Cisco 2600 series only: Do not use a WIC-2T. Rather, use a 4-port asynchronous/synchronous network module (NM-4A/S).
•
Symptoms: A Node Route Processor (NRP) may reload unexpectedly and generate the following error message:
%UTIL-3-TREE: Data structure error--received a NULL handleConditions: This symptom is observed on a Cisco 6400 series that runs Cisco IOS Release 12.3 and that has an ATM interface that is configured as an Interim Local Management Interface (ILMI) when a virtual circuit (VC) class is configured on this ATM interface.
Workaround: There is no workaround.
•
Symptoms:
–
–
Conditions: These symptoms are observed in a Cisco IOS image that contains the fix for CSCea63829.
Workaround: There is no workaround.
•
Symptoms: The following information tags may be missing: leg_rgn_num, leg_rgn_npi, leg_rgn_pi, leg_rgn_si, and leg_rgn_noa. This situation causes a Tool Command Language (Tcl) script that uses these information tags to fail.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3.
Workaround: To make the missing information tags available for the Tcl script, modify the Tcl script to use the generic transparency descriptor (GTD) object.
•
Symptoms: A Cisco ICS7700 may not recognize that a Telco switch is in the "blocking" state and attempts to place calls on time slots that are busied out by the Telco switch, causing a low call success rate.
Conditions: This symptom is observed on a Cisco ICS7700 that runs Cisco IOS Release 12.3(2)XE when E1 R2 signaling is configured.
Workaround: One possible workaround would be to configure multiple DS0 groups and map them to multiple plain old telephone service (POTS) dial peers that are all configured with the same preference. Doing so enables the ICS to go from one dial peer to another until it finds one that is available. However, this does not scale.
•
Symptoms: The IP multicast throughput in Cisco IOS Release 12.3(6)T is not as good as in Release 12.3(4)T.
Conditions: This symptom is observed when more than 130 kpps of traffic is sent. The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: A Cisco platform may reload unexpectedly because of a bus error.
Conditions: This symptom is observed when the platform is configured to run IP Interactive Voice Response (IVR) and when a VXML script walks the IVR menu.
Workaround: There is no workaround.
•
Symptoms: An Engine 3 QOC12 LC configured with multicast VPNs may drop or punt traffic to the RP. This may happen when the mdt data group-address-range wildcard-bits threshold threshold-value command is configured in VRF configuration mode.
Conditions: This symptom is observed on a Cisco 12000 series.
Workaround: Remove the mdt data group-address-range wildcard-bits threshold threshold-value command from the VRF configuration.
•
Symptoms: A Route Processor Module-PRemium 512 (RPM-PR-512) may reload unexpectedly. The crashinfo file may show segmentation and reassembly (SAR) autorecovery messages and indicate that the SAR ATM processing unit (APU) has stalled.
Conditions: This symptom is observed on a Cisco MGX8850 when SAR autorecovery is enabled. When SAR autorecovery is disabled and the SAR APU stalls, the RPM-PR-512 does not reload abnormally but is reset by the Processor Switch Module 45 (PXM-45).
Workaround: There is no workaround.
•
Symptoms: When you make call, the dialed digits are displayed on the telephone but the call may not go through and may pause indefinitely.
Conditions: This symptom is observed for a call that is made via a Cisco router that functions as a Media Gateway Control Protocol (MGCP) when the backup Cisco CallManager attempts to switch to the primary Cisco CallManager while the primary Cisco CallManager is in the process of coming up.
Workaround: Hang up the phone and dial the number again. When the primary Cisco CallManager is up, the call should go through.
•
Symptoms: A calling party from the public switched telephone network (PSTN) may not be able to hear multicast enabled Music on Hold (MOH).
Conditions: This symptom is observed on a Cisco 3660 that runs Cisco IOS Release 12.3(4)T, 12.3(4)T1, or 12.2(6)T, that functions as a gateway, and that connect to a Cisco CallManager. The symptom may also occur in Release 12.3. The symptom may not be platform specific.
Workaround: There is no workaround. Note that the symptom does not occur in Release 12.3(2)T3.
•
Symptoms: A Cisco 7200 series NPE-G1 built-in GE (SBeth) MAC filter may accept NULL DAs (00-00-00-00-00-00). This unintentional behavior may pose a denial of service security risk in customer environments when their networks are flooded with NULL DAs.
Conditions: This symptom is observed when NULL DAs are presented to an NPE-G1 GE interface. This situation may be either a third-party vendor product flaw or a third-party vendor documentation error. (The third-party vendor documentation states that NULL DAs may be used for unused MAC Filter entries, implying that they are not accepted.)
Workaround: There is no workaround.
•
Symptoms: An ISDN voice gateway may immediately disconnect a call even though a DISCONNECT message with an PI of "8" is received from the ISDN network. Proper behavior would be for the ISDN voice gateway to postpone the release of the call and keep the voice media for a while.
Conditions: This symptom observed on a Cisco router that runs Cisco IOS 12.3(3), 12.3(5), or a later release and that functions as an ISDN voice gateway when calls are initiated and then released from the ISDN network side. The voice gateway is configured with PRI and BRI interfaces and runs SIP and H.323 as the VoIP protocols.
Workaround: There is no workaround.
•
Symptoms: Some E1 controllers on an STM-1 interface that are configured for MGCP call control may not be able to make calls because a Cisco PGW2200 that functions as the call agent may place the B channels for these E1 controllers in the "INTERFACE DISABLED" gateway state.
Conditions: This symptom is observed on a Cisco AS5850 when one or more adjacent E1 controllers on the STM-1 interface are configured for non-MGCP call control. The Cisco PGW2200 runs software version 9.3.2; the MGCP version is 0.1; SONET is configured for AU4 mapping; the controllers are configured as 3/0.1/1/1, 3/0.1/7/3, 3/0.2/1/1, 3/0.2/7/3, 3/0.3/1/1, and 3/0.3/7/3.
The following configuration is enabled on the Cisco AS5850:
backhaul-session-manager
set set1 client nft
group group1 set set1
session group group1 remote-ip remote-port local-ip local-portcontroller SONET 3/0
au-4 1 tug-3 1
tug-2 1 e1 1
tug-2 2 e1 1
tug-2 6 e1 3
tug-2 7 e1 3controller E1 3/0.1/1/1
pri-group timeslots 1-31 service mgcpcontroller E1 3/0.1/2/1
pri-group timeslots 1-31Workaround: Configure all E1 controllers on a TUG boundary for MGCP.
•
Symptoms: An H.323 proxy may fail when a conference call between a PSTN user and IP phones users is initiated by an IP phone in a Cisco CallManager environment.
Conditions: This symptom is observed on a Cisco router that functions as a gatekeeper, that has the H.323 proxy enabled, and that runs Cisco IOS Release 12.3(5) in the following topology:
An IP phone connects to a Cisco CallManager that connects to the Cisco gatekeeper that has the H.323 proxy enabled. The Cisco gatekeeper connects to yet another gatekeeper that connects to a gateway that, in turn, connects to the PSTN.
All calls to and from the Cisco CallManager IP phone via the Cisco gatekeeper are proxied. The Cisco CallManager runs software version 3.3(3)SR3. The display IE delivery option is disabled in the H.225 trunk configuration in the Cisco CallManager administration web page. The H.225 trunk is controlled by one of the gatekeepers.
The symptom occurs in the following sequence of events:
1.
2.
3.
4.
5.
6.
7.
Workaround: Enable the "Display IE delivery" option in the H.225 trunk configuration Cisco CallManager administration web page.
Alternate Workaround: Disable the H.323 proxy on the Cisco gatekeeper.
•
Symptoms: At 12 cps, the following message is displayed on a V4 gatekeeper:
ASSERT failed: line 9900 in file ../mm/gk/gk_rassrv_util.cConditions: This symptom is observed when an external server is using the GKTMP interface to communicate with the gatekeeper and when the gatekeeper is configured with "send-cisco-circuit-info."
Workaround: There is no workaround.
•
Symptoms: You may not be able to apply a service policy when the parent policy has a shape value that does not exceed the priority value of the child policy.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3 when you attempt to configure a hierarchical policy map.
Workaround: There is no workaround. Note that the symptom does not occur in Release 12.2 T.
•
Symptoms: Huge packet drops are observed due to a shaping failure on an AIM ATM switch.
Conditions: This symptom is observed when multiple service category traffic passes through the switch and shaping is applied to the traffic.
Workaround: There is no workaround.
•
Symptoms: A Layer 2 Tunneling Protocol (L2TP) network server (LNS) may not remove a per-user access control list (ACL) from the configuration. This situation may cause the memory of the LNS to be depleted, and the output of the show processes memory EXEC command may indicate that the "AAA Per-User" process holds most of the allocated memory.
Conditions: This symptom is observed on a Cisco router that functions as an LNS in a Large-Scale Dial-Out (LSDO) configuration when a per-user ACL is present in the RADIUS profile of the user.
Temporary Workaround: To free up memory, manually remove the per-user ACL by entering the no ip access-list extended virtual-access number global configuration command. The number argument consists of the numbers (for example, 2003#671) that are assigned by the Cisco IOS software when the ACL is created.
•
Symptoms: A router may reload unexpectedly after it attempts to access a low memory address.
Conditions: This symptom is observed after ACLs have been updated dynamically or after the router has responded dynamically to an IDS signature.
Workaround: Disable IP Inspect and IDS.
•
Symptoms: A Cisco platform may not recognize any command that starts with "no."
Conditions: This symptom is platform independent.
Workaround: There is no workaround.
•
Symptoms: When an interface that is configured with an IP address goes down while another interface is configured with the same IP address, traffic destined to this IP address may not be received by the interface that remains up.
Conditions: This symptom is observed when CEF is enabled.
Workaround: Flap the interface that is up. Doing so enables the interface to receive traffic for the IP address.
•
Symptoms: A router does not send RST packets once the number of half-opened sessions exceeds the "max-incomplete" high threshold.
Conditions: This symptom is observed when the ip audit command is enabled and a SYN flood attack happens on port 80.
Workaround: Disable the ip audit command and enter the ip inspect command instead.
•
Symptoms: A router may reload unexpectedly after renaming a policy-map the second time.
Conditions: This defect may be observed if there are at least two policies configured.
Workaround: Avoid renaming the policy-map.
•
Symptoms: When Cisco IDS is enabled, HTTP browsing slows down considerably.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(15)T5 or 12.3.
Workaround: There is no workaround. Note that the symptom does not occur in Cisco IOS Release 12.2(13)T5.
•
Symptoms: When voice calls are made after the first voice call is terminated, a Cisco AS5300, Cisco AS5350, or Cisco AS5400 may reload unexpectedly because of a bus error.
Conditions: This symptom is observed on a Cisco AS5300, Cisco AS5350, and Cisco AS5400 that run the c5350-js-mz image of Cisco IOS Release 12.3 and that are configured for Voice over IP (VoIP).
Workaround: There is no workaround.
•
Symptoms: A router configured as an H.323 voice gateway may leak memory in the ISDN process.
Conditions: This symptom is observed when the gateway receives the name of the calling party from a PBX.
Workaround: Configure the PBX so that it does not forward the name of the calling party to the gateway.
•
Symptoms: The tag forwarding table for a line card on Cisco platforms that have distributed (i.e. linecard based) forwarding, such as the Cisco 7500 Series and the Cisco 12000 Series, may not have complete entries even though the Route Processor (RP) does. This results in ingress tagged traffic being dropped for the missing tag forwarding entries.
Conditions: This symptom is observed on Cisco platforms that have distributed (i.e. linecard based) forwarding in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment with a provider edge (PE) router to customer edge (CE) router link.
The problem is more likely to happen if the PE to CE link experiences quick flaps of an interface (i.e. goes down and come back up in a very small amount of time (e.g. 2 sec)). Although this can happen on any linecard, this situation is more likely to happen on the Engine 3(E3) channelized OC48 line cards due to its quick flapping behavior.
Note: There are additional prerequisites for this bug to happen. These are:
–
–
–
Workaround: There is no workaround.
•
Symptom: A Cisco platform with a voice configuration reloads unexpectedly.
Conditions: This symptom can happen on a Cisco IOS VoIP gateway that functions under stress when H.323 is configured as the VoIP protocol.
The problem is tied to a low memory condition that can be caused by the total memory available or the lack of contiguous memory bytes available and tied to a lot of memory fragmentation. The problem is voice related. The unexpected reload occurs only if fax and/or modem pass-through or modem relay is configured and if fax or modem calls are made under low memory conditions.
The relevant CLI commands are:
voice service voip
fax protocol t38/cisco
modem passthrough nseWorkaround: There is no workaround. If voice is not configured, the unexpected reload does not occur.
•
Symptoms: CPU utilization may reach 98% because of the way messages are handled when the call agent attempts repeatedly to tear down a call that fails on the gateway. The call fails due to an enumeration problem on the STM-1 interface.
Conditions: This symptom is observed when you run MGCP voice traffic on an AS5850 utilizing an STM-1 (channelized E1) interface and occurs only when some controllers on the STM-1 interface are not configured for MGCP and when the call agent is a Cisco PGW 2200 Softswitch that runs software version 9.3.2.
Workaround: The symptom occurs only when some E1 controllers on the STM-1 interface are configured for PRI group and not for MGCP while other controllers are configured for MGCP. Deconfigure any non-MGCP E1 controllers or configure all E1 controllers for MGCP.
•
Symptoms: A Cisco gateway may fall back to Cisco PGW 2200 Softswitch that is in standby mode.
Conditions: This symptom is observed on a Cisco router that functions as a gateway and that is configured for BRI backhaul.
Workaround: There is no workaround.
•
Symptoms: There may be a low call success rate for IAD hairpin/POTS calls.
Conditions: This symptom is observed on a Cisco MC3810 that runs Cisco IOS Release 12.2(15)T or 12.3. The symptom does not occur on a Cisco 2600 series, Cisco 3600 series, or Cisco 7200 series.
Workaround: Allocate DSPs with the round-robin method by entering the voice dsp allocation round-robin command.
•
Cisco Internetwork Operating System (IOS) Software is vulnerable to a Denial of Service (DoS) attack from crafted IPv6 packets when the device has been configured to process IPv6 traffic. This vulnerability requires multiple crafted packets to be sent to the device which may result in a reload upon successful exploitation.
More details can be found in the security advisory, which is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050126-ipv6.shtml.
•
Symptoms: If an incoming call does not include the called-party number IE, a translation rule is not applied, an outbound dial peer is not matched, and the call is terminated.
Conditions: This symptom is observed when a call is placed over PRI into a Cisco AS5400 access server that runs Cisco IOS Release 12.3(6) and that is configured with overlap-receiving and a translation rule. The symptom occurs when any destination pattern other than ".T" is configured on the dial peers of the Cisco AS5400.
Workaround: Configure the ".T" destination pattern on the outbound dial peers.
•
Symptoms: Static routes that are not configured for reverse routing may remain in the routing tables until a reboot of the system. This situation occurs because of a problem with the tracking of route creation and deletion during an IPSec rekey.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(6).
Workaround: Do not use reverse routing or use long lifetimes for IPSec to prevent routes form being manipulated during an IPSec rekey.
•
Symptoms: An alignment error may cause a Cisco router to reload unexpectedly.
Conditions: This symptom is observed under rare conditions (an "extreme corner case") on a MIPS-based Cisco platform or on a Versatile Interface Processor (VIP), port adapter, or line card that contains a MIPS processor. The symptom is not release-dependent and may occur in all Cisco IOS releases.
Workaround: There is no workaround.
Further Problem Description: All 7500 VIP's and 7200 NPEs use MIPS based processors. Additional platforms that use MIPS processors are:
2691,3620,3631,3640,3660,3725,3745,4500,4500-M,4700,4700-M,AS5300,AS5400,AS5450, AS5800 Router Shelf,AS5800 System Controller (3640 based),7120,7140,UBR7100, UBR7200 - All NPE's,7301,7304,7400,6500 MSFC,6500 MSFC2,7600 MSFC,7600 MSFC2, 10000,UBR10012,12000 GRP, most (if not all) 12000 Line Cards
•
Symptoms: Because of memory corruption, a software-forced reload may occur on a router.
Conditions: This symptom is observed on a Cisco router that runs an IP interactive voice response (IVR) script.
Workaround: There is no workaround.
•
Symptoms: Input cell drops may occur on an ingress frame PVC that is configured on a switch interface. This situation may cause LDP/TDP/OSPF flaps.
Conditions: This symptom is observed when a lot of core traffic enters an ingress PVC that has a larger bandwidth then the egress PVC to which the traffic is routed.
Workaround: There is no workaround.
•
Symptoms: A gateway may crash and/or reboot with an "unexpected exception" message.
Conditions: This symptom is observed when a reset request is triggered from a Cisco CallManager after changing an interface setting such as changing an FXO endpoint's Attendant DN setting. The download of a gateway XML configuration file must also be enabled using the ccm-manager config global configuration command on the gateway. The crash occurs during or immediately after the XML download.
Workaround: There is no workaround.
•
Symptoms: There may be no dial tone from a VIC2-2FXS.
Conditions: This symptom is observed on a Cisco router when two VIC2-2FXS are installed in one PVDM-256K-4 DSP.
Workaround: Use two legacy VIC-2FXS.
Alternate Workaround: Use two VIC2-2FXS with two PVDM-256K-8 DSPs.
•
Symptoms: A Versatile Interface Processor (VIP) with an ATM port adaptor may reload unexpectedly.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3(5) when the ATM interface is configured for Multilink PPP, Link Fragmentation and Interleave (LFI), and distributed Cisco Express Forwarding (dCEF).
Workaround: Disable LFI by entering the no ppp interleave command.
•
Symptoms: A label switch controller (LSC) may reload unexpectedly after unconfiguring VSI using either the no tag-control-protocol vsi command or the no label-control-protocol vsi command.
Conditions: This symptom is observed when either of the above-mentioned commands is executed within five minutes of receiving a VSI NAK with reason code 11 or 12.
Workaround: When you must enter either of the above-mentioned commands, first enter the debug vsi errors command and ensure there are no VSI NAK errors with cause 11 or 12 within a five minute window before entering the no tag-control-protocol vsi or no label-control-protocol vsi command. Such a VSI NAK error would look similar to the following:
VSI Master: got NAK reason 12 (sec VPI/VCI in use) in CONN CMT RSP rcvd on
Switch1:0/65513
VSI_M xconn conn Cmt NAK code = 12: would Initiate re-sync on slave_id = 9
VSI_M - resync timer started sl=9After these error messages, wait five minutes before entering the command.
•
Symptoms: A Cisco voice gateway may use an incorrect codec payload value (that is different from the configured value) during media transmission after the call is transferred to a new endpoint.
Conditions: This symptom is observed on a Cisco voice gateway that runs Cisco IOS Release 12.2(15)T9 or Release 12.3 and that is configured to use H.323 as the VoIP protocol. The symptom occurs when the remote endpoint sends an H.245 EmptyCapabilitySet (ECS) message to initiate the call transfer (H.323 Version 4, Section 8.4.6) after the initial call establishment and then sends an H.245 OpenLogicalChannel (OLC) message before sending a new H.245 TerminalCapabilitySet (TCS) message.
Workaround: There is no workaround.
•
Symptoms: A Cisco router that functions as a PE router may crash.
Conditions: This symptom is observed when traffic is switched through a multilink interface on which a QoS service policy is configured that includes a set command and when the multilink interface flaps (goes down and comes back up). The symptom occurs at random and depends on the traffic pattern. This applies only to non-distributed CEF platforms.
Workaround: There is no workaround.
•
Symptoms: A Cisco 831 sporadically experiences high-latency and packet-loss for packets traversing the 4-port shared Ethernet 0 interface.
Conditions: This would most likely occur during a reload with the scheduler interval xxx command in the start-up configuration.
Workaround: When this issue occurs, do a shut and no shut on the "interface e0" to get the interface to normal working condition.
•
Symptoms: A Cisco router that runs DNS may reload unexpectedly because of a bus error.
Conditions: This symptom is observed when the DNS process runs during a low memory condition.
Workaround: If this is an option, disable DNS. Otherwise, there is no workaround.
•
Symptoms: A file that is copied to an ATA disk may become corrupted.
Conditions: This symptom is observed on any Cisco IOS image that contains the fix for CSCdz27200. The problem does not occur on a disk that is formatted with 16 or less sectors/cluster.
Workaround: Use an ATA disk that is formatted with 16 or less sectors/cluster. The show disk all command indicates how many sectors are configured per cluster.
•
Symptoms: An incorrect instruction may be executed on a Cisco AS5350 or Cisco AS5400 when low address ranges in the memory are accessed with the show memory command. When some of the CP0 registers are updated, the instruction cache is flushed while the instruction in the pipeline may be loading the instruction cache. This situation may cause an incorrect instruction to be executed.
Conditions: These symptoms are observed only when low address ranges in the memory that should not be viewed with the show memory command are accessed.
Workaround: There is no workaround.
•
Symptoms: Unused ports on a 1-port multichannel STM-1 port adapter (PA-MC-STM-1) may flap even when they are not processing any traffic.
Conditions: This symptom is observed when there is congestion on used ports of the PA-MC-STM-1 and when a committed access rate (CAR) is configured on these used ports.
Workaround: There is no workaround.
•
Symptoms: Several prefixes for non-redistributed connected interfaces in different VRFs may be partially bound to the same MPLS-VPN label, thus disrupting traffic bound to one or more of these VRFs.
Conditions: This symptom can occur on a Cisco router that runs Cisco IOS Releases 12.2, 12.2T, 12.0S, 12.3 after the VRF interfaces have flapped. The symptom may occur in all code levels of these releases.
Workaround: Clear the routes in the VRFs in sequence.
•
Symptoms: When running SIP calls on a Cisco IOS gateway under load/stress, the user is recommended not to use the show sip calls command. However, if the command is given, it can possibly lead to a gateway crash due to memory corruption. The crash may not be seen immediately after giving the command. Instead, it may happen a few minutes or hours later.
Conditions: The following conditions need to be satisfied for memory corruption to happen:
1) SIP calls are running, and there is a heavy load of call setups and tear downs.
2) Run the show sip calls command.
3) Continue with heavy load of SIP calls.
4) May see a memory corruption and crash on the gateway after sometime.
Note that step (4) is not always going to happen. It will more likely happen if there are competing processes, for example ISDN, SNMP, and others, requesting fresh memory.
Workaround: Do not use the show sip calls command for viewing call status for SIP calls when there is call traffic. Instead use the show call active voice command for generic call related information.
•
Symptoms: Sessions may fail with sense code 08150004.
Conditions: This symptom is observed when an SNA switching services Enterprise Extender (EE) is used to connect to a host. New sessions that attempt to reuse an existing EE RTP connection to the host may fail with sense code 08150004. Other RTP connections do accept new sessions.
Workaround: Inactivate the flawed RTP connection on the host. Doing so drops all existing sessions on that RTP connection, but enables the router and all other RTP connections and their sessions to stay up.
•
Symptoms: In Cisco IOS software that is running Multiprotocol Label Switching (MPLS), a router may reload after accessing a freed Label Information Base (LIB) entry. When the symptom occurs, an error message similar to the following is likely to precede the reload:
%TIB-3-LCLTAG: 10.10.10.10/10.10.10.10, tag advert; unexpected tag state=13Conditions: This symptom is observed when a very uncommon timing of a Label Distribution Protocol (LDP) events occurs. The symptom may occur with LDP or Tagswitching Distribution Protocol (TDP).
Workaround: There is no workaround.
•
Symptoms: The native Gigabit Ethernet ports of a Cisco 7200 series NPE-G1 or a Cisco 7301 may stop forwarding traffic.
Conditions: This symptom is observed in a stress situation when bursty traffic is received.
Workaround: There is no workaround.
•
Symptoms: A voice call may fail on an IP-to-IP gateway when the call is hunted on another outgoing dial peer because there is no answer.
Condition: This symptom is observed when the voice-hunt no-answer global configuration command is enabled on the IP-to-IP gateway.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5300 may stop accepting calls and generate the following error message:
Endpt in transient stateConditions: This symptom is observed after an attempt to relay a fax on a Cisco AS5300 that runs Cisco IOS Release 12.3(4)T1 or Release 12.3(5a) and that is configured for MGCP.
Workaround: There is no workaround.
•
Symptoms: An RPM-XF may crash when a VC is deleted.
Condition: This symptom is observed when the you enter the no switch connection vcc vpi vci command.
Workaround: There is no workaround.
•
Symptoms: A MGCP modem-relay call may fail to resume as a voice session.
Conditions: This symptom is observed when a MGCP modem-relay call is continued as a voice call. During the reversion back to voice, the voice channel may fail.
Workaround: Configure the G.711 codec for modem pass-through.
•
Symptoms: The amount of memory that the crypto IKMP process is holding increases without being released. After some time the crypto IKMP process may use all the memory.
Condition: This symptom is observed when a crypto map is configured on a dialer interface and when there are authentication failures (for example, due to a maximum session number limitation) during the reestablishment of the session.
Workaround: There is no workaround.
•
Symptoms: A gateway may stay at 100 percent CPU utilization, preventing any new calls from being made until the gateway is reloaded.
Conditions: This symptom is observed on a Cisco router that functions as a gateway and that runs Voice XML applications under a high traffic load.
Workaround: There is no workaround.
•
Symptoms: The following error message is generated in a SNASw router while bringing up CP-CP sessions with a network node server:
%SNASW-3-DS_LOG_17: PROBLEM - 22702 - Protocol error while registering resources with network node serverSense code 1014023C is returned by the NN server on the registration failure notification. The SNASw router unbinds the CP-CP sessions with sense code 08900060.
Conditions: This symptom is observed on a Cisco router that functions as an SNASw router when a downstream end node incorrectly registers an APPN network node as an end node.
Workaround: Remove the CP name on the partner LU definition on the downstream end node.
Alternate Workaround: Apply APAR JR16282 to the downstream end node.
•
Symptoms: The show flash-filesystem EXEC command and the dir filesystem EXEC command may not work properly on a Cisco 2600XM, preventing you from seeing the flash images.
In addition, the copy destination url flash: EXEC command may fail when the erase option is not selected (that is, you type in no when you are asked if you want to erase the device). The copy destination url flash: EXEC command functions fine when you do select the erase option.
Conditions: These symptoms are observed on a Cisco 2600XM that is configured with a particular third-party vendor 16-MB SIMM. Note that the router is still functional with this SIMM; you can boot or reload the router, perform a TFTP download operation, and similar actions without any difficulty.
Workaround: There is no workaround.
•
Symptoms: Gigabit Ethernet interfaces on a Network Processing Engine G-1 (NPE-G1) may not accept packets with long MPLS headers. This situation may decrease the performance of some network environment such as an Ethernet over MPLS (EoMPLS) environment.
Packets with a size that exceeds the maximum MTU in the output of the show controller gigabitethernet 0/x command may be dropped.
Conditions: This symptom is observed on a Cisco 7200 series.
Workaround: Increase the MTU at the interface level.
•
Symptom: When the HSRP MIB is polled and there are HSRP groups configured on subinterfaces, an error such as "OID not increasing" may occur on the device that is polling the router. In some cases, a CPUHOG traceback may occur on a router when the HSRP MIB is polled, especially when a lot of interfaces are configured.
Conditions: This symptom is observed under either one of the following two conditions:
–
–
Workaround: Do not initiate an SNMP query for HSRP.
Alternate Workaround: Enter the snmp-server global configuration command to specify which MIBs are available, as in the following example:
snmp-server view HSRP internet included
snmp-server view HSRP ciscoHsrpMIB excluded
snmp-server view HSRP ciscoHsrpExtMIB excluded
snmp-server community public view HSRP RW 20
snmp-server community private view HSRP RW 20
•
Symptoms: The MPLS packets are forwarded with a bogus label when they are sent out on a loadshared non-VRF MPLS enabled "Internet" interface from a VRF.
Condition: A static route for the VRF should be configured to reach the Internet, which would in turn be configured to recurse over 2 static routes to reach the next hop for the global Internet.
Workaround: Shut down one of the interfaces to remove the load-sharing condition.
•
Symptoms: Hardware compression on an AIM-COMPR4 may fail, causing a router to revert to software compression.
Conditions: This symptom is observed on a Cisco router when MLP and Low Latency Queueing (LLQ) are configured and when a service policy is applied to a multilink interface.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may lock up when sending traffic over an X.25 interface.
Conditions: This symptom is observed on a Cisco router that has the encapsulation x25 command enabled.
Workaround: Configure the X.25 interface for priority or custom queuing.
•
Symptoms: A Cisco 2600 series or Cisco 3600 series that is configured with SVC bundles may fail to parse the SVC-bundle configuration at bootup, causing most of the SVC bundles to fail. After bootup, only the SVC bundle that was first configured as part of the bundle svc command may be in the running configuration.
Conditions: This symptom is observed on a Cisco 2600 series and Cisco 3600 series that run Cisco IOS Release 12.2(8)T3, 12.2(8)T10, or 12.3(5) and that are configured with an IMA port adapter.
Workaround: After the router has booted up, reconfigure the SVC bundles.
•
Symptoms: The following error messages may be generated on a Cisco platform:
%SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 80C1721C 80521C34 80522130 80522DCC 80523008 80271964 80271F30 80273A78 80285954 8007DE1C 8007DE1C 80285A14 80C23698
%SYS-2-MALLOCFAIL: Memory allocation of 600 bytes failed from 0x80521C30, alignment 0
Pool: Processor Free: 28708508 Cause: Interrupt level allocation
Alternate Pool: I/O Free: 8397996 Cause: Interrupt level allocation
-Process= "<interrupt level>", ipl= 4
-Traceback= 80C15E28 80C173E8 80521C34 80522130 80522DCC 80523008 80271964 80271F30 80273A78 80285954 8007DE1C 8007DE1C 80285A14 80C23698Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.3(1a) when any of the following XML logging global configuration commands are enabled:
–
–
–
–
Workaround: Disable the XML logging commands.
•
Symptoms: On a Cisco AS5850 using E1 trunks, the debounce-time rai time-interval command does not work.
Conditions: This command is only supported on Cisco AS5850 E1 trunks.
Workaround: There is no workaround.
•
Symptoms: Running a Voice XML application with submit may cause a router to reload with a bus error.
Conditions: This symptom is observed when a subdialog in a Voice XML application is called repeatedly.
Workaround: There is no workaround.
•
Symptoms: From a local customer edge (CE) router, you may not be able to reach or ping some prefixes (subnets) on a remote CE router over an Multiprotocol Label Switching (MPLS) network.
Conditions: This symptom is observed in a cell-based MPLS network.
Workaround: Enter the shutdown command followed by the no shutdown command on the affected subinterface that is connected to the local CE router. Doing so enables the Border Gateway Protocol (BGP) to run a scan again and repopulates the subnets in the Tag Forwarding Information Base (TFIB).
•
Symptoms: When you perform an HTTPS File Get operation on a Cisco router, the router may reload.
Conditions: This symptom is observed when you use SDC.
Workaround: Avoid using HTTP-based java configuration tools such as SDC.
•
Symptoms: A "Spurious memory access" error message may be displayed and tracebacks may occur on a Cisco router.
Conditions: This symptom is observed on a Cisco router that functions as a LAC and that runs PPPoE.
Workaround: There is no workaround.
•
Symptoms: When a large number of VRFs are configured, input OAM F5 loopback cells on the ATM interface are dropped continuously even without traffic. Drop could be seen at OAM cell drops of show atm traffic and at Input queue drops of show interface ATM EXEC commands.
Conditions: This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.2(19), Release 12.3(5), or Release 12.3(4)T2 where the oam-pvc manage command and the ip vrf global command are configured.
Workaround: Remove the ip vrf command. There is no workaround for a router such as a provider edge (PE) router that cannot remove VRFs.
•
Symptoms: A router may log a CPUHOG message that is caused by the CEF reloader process.
Conditions: This symptom is observed on a Cisco router when a VRF with more than 9000 routes is added to the configuration.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5300 may improperly generate a disconnect cause of 8A10 for any call leg. The proper disconnect cause should be 10.
Conditions: This symptom is observed on a Cisco AS5300 that runs and IP Plus image of Cisco IOS Release 12.3(5) and that is configured for E1 R2 signaling for Thailand. The symptom may not be platform-specific.
Workaround: There is no workaround.
•
Symptoms: A Cisco 2611XM that runs Cisco IOS Release 12.3(5a) and that is configured for encryption may generate spurious memory accesses and may reload unexpectedly because of a SegV exception.
Conditions: This symptom is observed when the router accepts ISDN calls.
Workaround: There is no workaround.
•
Symptoms: The CLI command show run would not show anything. This is due to a memory leakage in the router. The memory leak occurs at process CCH323_CT.
Conditions: This symptom occurs on a Cisco AS5350 that is running Cisco IOS Release 12.2(15)T5 in a SS7 solution environment acting as the originating and terminating gateway. The CLI command show proc mem shows process CCH323_CT holding lots of memory and not releasing it back. The show memory sum will show the free memory continuously decreases as the gateway continues to handle VoIP calls. After the free memory runs out, the router either hangs or crashes.
Workaround: The only way to recover the router is with a reload or power cycle.
•
Symptoms: A Cisco router running Cisco IOS Release 12.3(7)T may reload unexpectedly after a crypto map has been configured for IPSec.
Condition: This symptom is observed when all of the following conditions occur:
–
–
–
The symptom may also occur in Release 12.3.
Workaround: Stop the traffic when changing a crypto map or applying a crypto map to an interface.
Alternate Workaround: Disable CEF switching.
•
Symptoms: After a Route Switch Controller (RSC) has rebooted, line cards are no longer recognized by the RSC. The output of the show chassis command shows the following information:
RSC-Slot6# show chassis
System is in classic-split mode, RSC in slot 6.
Slots owned: none
Slots configured: none
Slots owned by other: 8 9 10 11 12 13
Slots not owned: 0 1 2 3 4 5
Slot Board CPU DRAM I/O Memory State Elapsed
Type Util Total (free) Total (free) Time
System set for auto bootConditions: This symptom is observed on a Cisco AS5850 that runs Cisco IOS Release 12.3(3c) and that has dual RSCs that function in classic split mode.
Workaround: There is no workaround. To recover from the symptoms, manually reload the affected RSC.
•
Symptoms: During periods of high Session Initiation Protocol (SIP) call volumes, a router may reload unexpectedly because of a bus error.
Conditions: This symptom is observed on a Cisco AS5300 series universal gateway when a SIP call is cancelled due to a 408 Request Timeout response received for a SIP PRovisional ACKnowledgement (PRACK) message.
Workaround: There is no workaround.
•
Symptoms: A Cisco platform may crash after the following error is seen:
SCHED: Stack for process CEF IPC Background running low, 48/6000
%SYS-SP-6-STACKLOW: Stack for process CEF IPC Background running low, 48/6000Conditions: This symptom is observed with a recursive prefix with multiple next hops when these next hops match host routes that themselves are recursive prefixes and recurse through themselves.
Workaround: Avoid recursion loops.
•
Symptoms: VRFs do not inherit the proper version setting, preventing RIP from sending the configured packet version to its adjacencies.
Conditions: This symptom is observed when, for example, you enter the version 2 RIP command followed by the address-family ipv4 vrf vrf name command. Version 2 is not inherited by the VRF.
Workaround: Explicitly configure the RIP version under the VRF to enable the configuration to work properly, that is, in the above-mentioned example, enter the version 2 RIP command after you have entered the address-family ipv4 vrf vrf name command.
•
Symptoms: RIP static neighbors may not function properly. Specifically, unicast updates may not be sent to the configured neighbor addresses.
Conditions: This symptom is observed when static neighbors are configured.
Workaround: Do not run the interface with static neighbors, which is often done in combination with the passive-interface command. Rather, rely on the default broadcast or multicast delivery, which depends on the RIP version that is deployed.
•
Symptoms: When Call Admission Control from a gatekeeper is configured, an oversubscribed call may be disconnected immediately without a busy tone.
Conditions: This symptom is observed when an ARJ reject reason "ARJ_REQ_DENIED" is mapped to cause code 31 (Normal unspecified) instead of to cause code 34 (no circuit channel available).
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series with a VIP that has any type of ATM port adapter (PA) may crash with a bus error (sig 10) upon bootup. The VIP will ultimately come on line and the services are not impacted thereafter.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.3 when ATM subinterfaces on the PA are configured for any QoS queueing feature (for example, shaping, LLQ, WRED, CFWFQ, fair-queueing, etc.)
Workaround: There is no workaround.
Further Problem Description: This is a timing issue between ATM interfaces coming up and being fully configured (via IPC) for QoS on the PA. The higher the number of ATM subinterfaces/PVCs, the more likely is a chance that the router crashes. However, if only one subinterface/PVC is configured, there is still a potential problem; the router may not crash but QoS may not function.
•
Symptoms: A WIC-2T interface card that is configured for BSTUN encapsulation may not recognize an MTU setting above 1500. Inbound frames with a size of 1900 bytes that enter the interface may be fragmented in the router before being passed on to BSTUN.
Conditions: This symptom is observed on a Cisco 2691, Cisco 3725, and Cisco 3745 that have a serial WIC interface card installed in the main board WIC slot.
Workaround: Lower the outbound frame size on the Bisync host or remove BSTUN encapsulation from the WIC-2T interface card and configure BSTUN encapsulation on a serial interface of a network module.
•
Symptoms: A Cisco 3600 series or Cisco 3700 series may not initialize correctly and report the following error message during startup:
%VPN_HW-1-INITFAIL: Slot 1: hifn7814_init_dsConditions: This symptom is observed on Cisco 3600 series and Cisco 3700 series that run Cisco IOS Release 12.3(6) and that use a Virtual Private Network (VPN) encryption and hardware advanced integration module AIM-VPN/EPII or an AIM-VPN/HPII. If the AIM is installed in slot 1, it fails to initialize.
Workaround: Install the AIM in slot 0 instead of slot 1.
•
Symptoms: An IPv6 PIM neighbor may be down after changing the PIM configuration.
Conditions: This symptom is observed when the no ipv6 pim command is entered on some subinterfaces of a physical Ethernet interface and PIM is enabled on several subinterfaces of the same physical Ethernet interface.
Workaround: There is no workaround.
•
Symptoms: During an initial boot of a Cisco 7301 that has a PA-MC-8TE1+ or PA-MCX-8TE1-M in bay 0, an unexpected reload may occur.
Conditions: The symptom may occur irrespective of whether a regular Cisco IOS software image or a boot software image is present in the bootflash filesystem.
Workaround: Powercycle the Cisco 7301 and reboot platform. The problem only surfaces during the initial boot of the platform.
•
Symptoms: When mixed channels are defined on a channelized OC-12 line card and these channels include DS3s, T1s, an DS0s, CEF/RIB inconsistency may occur, preventing traffic to be sent over the correct interfaces.
Conditions: This symptom is observed on a Cisco 10000 series.
Workaround: When you delete interfaces or subinterfaces on the channelized OC-12 line card, ensure that the adjacency for the deleted interface is deleted before you configuring a new interface.
This can be checked by entering the show adjacency or show adjacency | include interface name command. When the adjacency no longer appears in the output of the show adjacency command, it is safe to add new interfaces.
Note that the show adjacency type number command cannot be used to get the required information.
When deleting large numbers of interfaces, a delay of about 2 minutes should be enough to ensure that all of the adjacencies have been deleted.
•
Symptoms: A RPM-PR may reload unexpectedly when you enter the a debug command.
Conditions: This symptom is observed when you enter any of the following debug CLI commands:
debug rpm pooltype 4294967295
debug rpm mempool 4294967295
debug rpm regiontype 4294967295Workaround: There is no workaround.
•
Symptom: The line protocol may go down.
Conditions: This symptom is observed when Frame Relay fragmentation is enabled on the main interface.
Workaround: There is no workaround.
•
Symptoms: On a Cisco IOS VoIP gateway, a memory leak may occur in the context of the VTSP process.
Conditions: This symptom is observed when there are low memory conditions and when translation rules are configured.
Workaround: Reload the gateway.
•
Symptoms: Spurious memory accesses and a traceback may occur on a Cisco router, causing the router to reload.
Conditions: This symptom is observed on a Cisco 1760, Cisco 3640, and Cisco 7200 series that run Cisco IOS Release 12.3(9).
Workaround: There is no workaround.
•
Symptoms: Buffer I/O memory starvation may occur and a "%SYS-2-MALLOCFAIL" message may be shown on the console.
Conditions: This symptom is observed on a Cisco 7200 series with an NSE-1 processor board and on a Cisco 7401 series. The symptom occurs when PXF is enabled and when encryption/compression and fair-queueing are enabled on the same interface.
Workaround: Disable PXF by entering the no ip pxf command.
Alternate Workaround: Disable fair-queuing on the egress interface by entering the no fair-queue command.
•
Symptoms: Multiple SYS-3-CPUHOG error messages may be generated in the LDP process, eventually followed by a watchdog timeout crash:
%SYS-3-CPUHOG: Task is running for (2000)msecs, more than (2000)msecs (422/8),process = LDP.
-Traceback= 6101DFC0 6102546C 61016FE4 6101CE24 6101728C 61017A30
...
%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = LDP.
Traceback= 6085658C 6101DE48 6102546C 61016FE4 6101CE24 6101728C 61017A30After the router has reloaded, the output of the show version command indicates "Last reset from watchdog reset."
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(18)S3 or Release 12.2(22)S and that is configured for MPLS LDP.
Workaround: There is no workaround.
•
Symptoms: The cpmISDNCfgBChanInUseForVoice objects are not counted by the cpmISDNCfgBChannelCalls object.
Conditions: This symptom is observed when the CISCO-POP-MGMT-MIB is polled for ISDN voice calls. The expected behavior is that voice calls on all ISDN B-channels should be counted by the cpmISDNCfgBChannelCalls object.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5350 reloads when an OSP call is made.
Conditions: This symptom is observed on a Cisco AS5350 that runs the c5350-jk8s-mz image of Cisco IOS Release 12.3(9) when you use a CLI command to shut down and then unconfigure the settlement after some OSP calls have occurred, as in the following example:
1. You enter the settlement 0 global configuration command.
2. You enter the shutdown settlement configuration command. This stops the OSP process.
3. You enter the no settlement 0 settlement configuration command. At this point, the Cisco AS5350 may reload.
Workaround: There is no workaround.
•
Symptoms: Multicast packets are not dropped by a drop action in a policy map.
Conditions: This symptom is observed during an MQC drop test.
Workaround: Configure the police command with the drop action for both traffic that conforms and exceeds the policy map.
•
Symptoms: A Versatile Interface Processor (VIP) on a Cisco 7500 series that runs Cisco IOS Release 12.3(5) and that is configured for distributed Link Fragmentation and Interleaving over ATM (dLFIoATM) may reload.
Conditions: This crash occurs when all of the conditions below are present:
–
–
–
–
Workaround: Avoid local VIP switching to the dLFIoATM PVC.
•
Symptoms: On a Cisco 7500 series that is equipped with Versatile Interface Processors (VIPs) with ATM port adapters, the ATM PVCs may not come back up after the ATM interface flaps. This occurs because the interfaces in the VIP do not transmit any packets but still process incoming traffic.
Conditions: This symptom is observed in a dLFIoATM environment in which distributed Class Based Weighted Fair Queueing (dCBWFQ) is configured on PPPoATM virtual templates.
Workaround: Apply any kind of distributed queueing on any interface or subinterface of the affected VIP. Doing so triggers all interfaces to start transmitting again, enabling the ATM PVCs to come back up.
•
Symptoms: On a Cisco IOS VoIP gateway, a memory leak may occur in the context of the H.323 process.
Conditions: This symptom is observed when there are low memory conditions and when translation rules are configured.
Workaround: Reload the gateway.
•
Symptoms: A Cisco AS 5400 reloads at "is_xcsp" when you enter the show users command for async calls.
Conditions: This symptom is observed on a Cisco AS5400 that runs Cisco IOS Release 12.3 or Release 12.3(8)T.
Workaround: There is no workaround.
•
Symptoms: Voice calls fail to go through when a gatekeeper is involved in the call.
Conditions: This symptom is seen for all calls involving a gatekeeper.
Workaround: There is no workaround.
•
Symptoms: A Cisco platform may reload unexpectedly when bulk calls are initiated while an SS7 configuration is being loaded.
Conditions: This symptom is only observed for SS7 configurations. Non-SS7 configurations are not affected.
Workaround: There is no workaround.
•
Symptoms: A router reloads when the origin dhcp command is configured on one or more DHCP pools.
Conditions: This symptom is observed when the subnets allocated to these pools are renewed or released.
Workaround: Do not use the origin dhcp command.
•
Symptoms: Voice calls being placed through a PRI voice gateway using DSPs of an ATM AIM module may encounter no-way voice on either the PSTN or the IP device/phone side.
Conditions: This symptom may be observed when hairpinned calls are placed with a Cisco 3745 that functions as a Cisco IOS voice gateway and that has an AIM-ATM-VOICE-30 module installed.
You can verify that the symptom occurs through the output of the show connection all EXEC command: the command output shows one timeslot twice and shows that it is connected to both another timeslot and to a DSP resource.
Workaround: Reboot the Cisco 3745 voice gateway to fix the no-way audio problem. To prevent the problem from occurring, configure the gateway in such a way that hairpinned calls do not occur.
•
Symptoms: A "not well-formed" error may occur when you run a Voice XML document that contains an XML prolog that includes the "encoding" element. For example:
<?xml version="1.0" encoding="iso-8859-1"?> <---- This line will give an error <vxml version="2.0">Note that not all XML encoding triggers this error. The following encoding does not have any problem:
<?xml version="1.0" encoding="UTF-8"?>Conditions: This symptom is observed on a Cisco IOS gateway that runs Cisco IOS Release 12.3(9).
Workaround: There is no workaround.
•
Symptoms: An MFR interface does not forward traffic.
Conditions: This symptom is observed on a Cisco platform when traffic is forwarded outbound on the MFR interface.
Workaround: Flap the MFR interface.
•
Symptoms: A router may reload due to a bus error when processing VTSP.
Conditions: This symptom is when the router is configured for voice.
Workaround: There is no workaround.
•
Symptoms: You cannot delete a trustpoint, and the following error message is generated on the router:
% The trustpoint appears to be in use. Unable to remove this trustpointConditions: This symptom is observed after IKE negotiation; the trustpoint is locked.
Workaround: Reload the router and remove the trustpoint before IKE negotiation.
•
Symptoms: A router may reload due to a software-forced crash when a voice call is made through a VIC-2DID or VIC2FXO, and the following error message is generated:
%SYS-3-CPUHOG: Task is running for (126207)msecs, more than (2000)msecs (85/5),process = IP Input.
-Traceback= 80C25B98 80C2741C 80C274D8 80C27970 80C2A508 80C07910 80C07134 80C04540 803EEBDC 803ECB3C 803ECD0C 803ECED8 80223338 80227950Conditions: This symptom is observed on a Cisco 1760 running CIsco IOS Release 12.3(4)T3 with the firewall feature set. The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: A router running SNASw reloads when connecting to downstream devices.
Conditions: This symptom is observed when a downstream device sends an XID with the same ID as a previously connected device.
Workaround: Correct the duplicate PU ID problem at the downstream device or add the snasw dlus command to the configuration.
•
Symptoms: An RPM-PR crashes and switches over to the redundant card. There is a crashinfo file created with traceback.
Conditions: This symptom is observed when 320 IP flows are sent outbound from a switch subinterface that is configured for flow-based fair queueing.
Workaround: There is no workaround.
•
Symptoms: A Cisco IAD2420 series responds to a RQNT with "R: L/hd(N)" with a "519 161233591 No digit map available" answer, which causes the call agent to take the endpoint out of service.
Conditions: This symptom is observed in a normal call flow.
Workaround: There is no workaround.
•
Symptoms: The crypto PKI query mode is not working.
Conditions: This symptom is observed when you perform the following steps:
–
–
–
Workaround: There is no workaround.
•
Symptoms: A Cisco router running Gateway GPRS Support node software (GGSN) Release 5.0 may reload with an exception due an illegal access to a freed memory location after some PPP regeneration sessions are created and deleted and the ppp-regeneration command is unconfigured.
Conditions: This symptom is only observed when the following sequence of events occurs:
1. An APN is configured for PPP-regeneration.
2. PPP regeneration sessions are created and deleted on this APN.
3. The ppp-regeneration command is unconfigured on this APN.
4. After at least 5 minutes, the ppp-regeneration command is reconfigured under the APN.
5. An attempt is made to create a PPP regeneration session.
After Step 5, the GGSN reloads.
Workaround: This is a rare scenario involving an unconfiguration, and if this sequence of events occurs, there is no workaround.
•
Symptom: A router running SNASWitch enterprise extender over a WAN connection experiences intermittent performance problems.
Conditions: This symptom is observed when some type of delay occurs in the IP network between the router and the third-party vendor host.
Workaround: Take down the link. If this is not an option, there is no workaround.
Further Problem Description: The Network Performance Monitor (NPM) on the mainframe reports network response times of up to 13 seconds and a display of the CNR node associated with the affected RTP pipe on the mainframe of the form "D NET,ID=CNR.....,E" shows that the allowed data flow rate is severely throttled.
The problem usually lasts for about one hour before responses fall to acceptable subsecond levels but can take up to three hours to completely stabilize.
No congestion, retransmissions are observed while the problem is occurring and a sniffer trace taken at the mainframe OSA port shows that the Round Trip Time (RTT) is consistently around 16 ms, which is acceptable, but the Server Measurement Interval (SMI), in the Rate Request coming from the mainframe, varies widely.
•
Symptoms: A router with VOIP configured may experience a memory leak in VTSP.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(15)T10. The symptom may also occur in Release 12.3 and 12.3 T.
Workaround: There is no workaround.
•
Symptoms: The g729ar8 codec option is not configurable under a VoX dial-peer. The only G.729 codec option available is the g729r8 option.
Conditions: This symptom is observed on a Cisco MC3810 voice gateway that has the C542-based Voice Compression Module (VCM) DSP card installed. The problem is that the g729ar8 option is a medium-complexity (MC) codec but the g729r8 option is a high-complexity (HC) codec. A VCM DSP can handle at most two MC calls or a single HC call, so if a higher call density is required on the Cisco MC3810, you must use the proper codec.
This issue does not pertain to a Cisco MC3810 voice gateway with C549-based High Compression Module (HCM) DSP cards as the only G.729 codec selection for this configuration is the g729r8 option. Whether G.729 proper or G.729 Annex A is used depends on whether the HCM card is configured for, respectively, HC or MC operation mode.
This defect affects Cisco IOS Release 12.2 T and Release 12.3. The symptom does not occur in Release 12.2.
Workaround: There is no workaround.
•
Symptoms: When you configure the autosecure feature through a Telnet session and the Telnet session is closed, terminated, or times-out, you cannot open another Telnet session to the router.
Condition: This symptom is only observed for a Telnet session and does not occur for an SSH session.
Workaround: Use the console or use SSH.
•
Symptoms: Entering the no cns config notify command may cause a router to reload.
Conditions: This symptom is observed when the cns config notify command has been configured previously.
Workaround: There is no workaround.
•
Symptoms: MPLS forwarding may stop.
Conditions: This symptom is observed under the following conditions:
–
–
Workaround: There is no workaround.
•
Symptoms: Stale MPLS COS per-route entries may be left behind.
Conditions: This symptom is observed after the route disappears from the routing table in cell mode multi-VC network.
Workaround: There is no workaround.
•
Symptoms: A Fast Ethernet 100BASE-TX port adapter on an RPM-PR may stop receiving burst traffic packets.
Conditions: This symptom is observed on a FE RPM-PR Backcard.
To identify this problem, the output of the show interface fastethernet command shows no input packets and all packets as overrun:
30 second input rate 0 bits/sec, 0 packets/sec
30 second output rate 100000 bits/sec, 106 packets/sec
0 packets input, 0 bytes
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 263523 overrun, 0 ignoredThe output of the show controllers command for the Fast Ethernet interface shows high numbers for "rx_fifo_overflow" and "throttled":
throttled=5352, enabled=5352, disabled=0
rx_fifo_overflow=434500, rx_no_enp=0, rx_state=0Workaround: There is no workaround. To clear the symptom, enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the Fast Ethernet interface.
Further Problem Description: In the output of the show controllers command for the Fast Ethernet interface, locate the value for CFRV. If the last byte is either 0x20, 0x21, 0x22, or 0x23, the Fast Ethernet is susceptible to the symptom.
•
Symptoms: A PRI trunk of an MGCP controller may come up in an ISDN layer 2 "TEI_ASSIGNED" state.
Conditions: This symptom is observed when the gateway is reloaded or during the initial configuration of MGCP on the gateway and occurs when the PRI backhaul feature is configured with Cisco CallManager.
Workaround: In order to bring up the trunk, reset the associated T1 controller by entering the shutdown command followed by the no shutdown command.
•
Symptoms: A Cisco 2651 does not boot up and enters into a loop with the "Unexpected exception at ..." error message.
Conditions: This symptom is observed when you attempt to load the c2600-a3js-mz image of Cisco IOS Release 12.3(8)T. The symptom may also occur in Release 12.3.
Workaround: There is no workaround.
•
Symptoms: A VoIP call with the required SETUP message is up but may be disconnected when the call initiator sends an H225 Q931 NOTIFY message.
Conditions: This symptom is observed during a test of the ISDN Calling Name Display feature.
Workaround: There is no workaround.
•
Symptoms: An accounting stop record does not account for inbound CEF switched packets such as Acct-Input-Packets and Acct-Input-Octets.
Conditions: This problem only occurs for connections that are terminated onto a virtual-access interface.
Workaround: Disable CEF globally or per interface.
•
Symptoms: CEF may become disabled on a VIP, port adapter, module, or line card because of a fatal error, and the following error message may be generated:
%FIB-3-FIBDISABLE: Fatal error, slot 2: Window did not open, LC to RP IPC is non-operationalConditions: This symptom is observed after an RPR+ switchover.
Workaround: There is no workaround.
•
Symptoms: A router reloads after a CNS configlet includes configuring a TTY.
Conditions: This symptom is observed when the cns config initial command, cns config partial command, or cns config retrieve command is enabled and when the password is set via CNS or any other aspect of a TTY is configured via CNS.
Workaround: Do not configure a TTY by using CNS.
•
Symptoms: Traceback are seen if an SSH connection fails during a version exchange.
Conditions: This symptom is observed when the client and the Cisco IOS software release on the SSH server do not match.
Workaround: There is no workaround.
•
Symptoms: The Fast Ethernet output queue of a Cisco 1700 series may become wedged.
Conditions: This symptom is observed when Multilink PPP is enabled on the incoming serial interface via the ppp multilink fragment-delay delay-max command (with a delay of 10 ms), when there is a low link bandwidth (128 kb), and when there are large packet sizes (1343 bytes).
Workaround: Remove the ppp multilink fragment-delay delay-max command from Multilink PPP configuration.
Alternate Workaround: Disable fast switching on the Fast Ethernet interface.
•
Symptoms: Traffic with large packet sizes may not go through.
Conditions: This symptom is observed on a Cisco 7200 series that is configured with an ATM-to-Ethernet VLAN.
Workaround: There is no workaround.
•
Symptoms: When you enter the write memory command, two files may be missing ("persistent-data" and "rf_cold_starts") or the following error message may be displayed:
startup-config file open failed (Device or resource busy)Conditions: This symptom is observed on any router with redundant RPs running any Cisco IOS release when the following sequence occurs:
–
–
–
Workaround: Do not access the NVRAM of the standby RP when you enter write memory command on the console of the master RP.
•
Symptoms: An uncorrectable ECC parity error may occur on a Cisco 7200 series that is configured with an NPE-G1.
Conditions: This symptom is observed rarely when you enter the show sysctlr or the show tech command on the NPE-G1.
Workaround: Do not enter the show sysctlr or the show tech command.
•
Symptoms: Assertion failure messages along with some traceback messages may be seen after a soft OIR is performed on a universal port card (UPC324).
Conditions: This symptom is observed on a Cisco AS5850.
Workaround: There is no workaround.
•
Symptoms: On a Cisco 3725 or Cisco 3745, hairpin voice calls fail between two J1 digital voice modules with following error message:
%config_tdm_connection: error from reg_invoke_interslot_connect 2When you attempt the calls from one slot to another slot on a J1 voice module, the called party phone rings but the calling party hears dead air. Then, when the called party goes off-hook, there is no audio between the calling party and the called party.
Conditions: This symptom is observed on a Cisco 3725 and Cisco 3745 that runs Cisco IOS Release 12.2(13)T or a later release. The symptom may also occur in other releases. The symptom is not observed on a Cisco 3640.
Workaround: There is no workaround.
•
Symptoms: OAMs are dropped on a Cisco router's ATM IMA interface that is configured for AAL5oMPLs, causing directly connected CE routers that have the oam pvc-manage command enabled to take the PVC down. As a result, the CE routers cannot forward any traffic to the MPLS core, thereby impacting basic connectivity between CE routers that are interconnected via the MPLS core. Errors are also see when the debug atm error command is enabled.
Conditions: This symptom is observed on a Cisco 7200 series that runs Cisco IOS Release 12.0(28)S and that is configured for AAL5oMPLS on an ATM-IMA interface. The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: The "Transmitted packets" column in the output of the show policy interface command for a particular interface may not be updated for packets that exit via this interface without being random or tail-dropped by WRED.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.2 S and that has WRED configured in an output service policy on an interface. The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: On a Cisco AS5400 functioning as an originating gateway, when the calling number is not present, the OSP settlement client receives a 200 OK Authorization Response for its Authorization Request message. However, the call is immediately rejected by IVR because there is no calling number.
Condition: This symptom is observed on a Cisco AS5400 running Cisco IOS Release 12.3(9) when ANI is not present on the originating GW.
Workaround: There is no workaround.
•
Symptoms: Traffic-shaping using MQC fails.
Conditions: This symptom is observed on low-end routers such as a Cisco 3640 for packets that are greater then the MTU size of the output interface.
Workaround: There is no workaround.
•
Symptoms: The copy tftp vfc: command is not accepted by the parser.
Conditions: This symptom is observed in Cisco IOS Release 12.3(8)T and Release 12.3(9).
Workaround: There is no workaround.
•
Symptoms: A router crashes when enrolling with a CA server.
Conditions: This symptom is observed when the CA server encodes a subject name in the "ASN.1 PrintableString" but includes an illegal character such as an underscore (_) in it.
Workaround: Regenerate the CA certificate with the correct set of characters.
The "PrintableString" can include the following characters:
A, B, ..., Z
a, b, ..., z
0, 1, ..., 9
(space) ' ( ) + , - . / : = ?•
Symptoms: The threshold metric (sub)command may be lost.
Conditions: This symptom is observed after a router that runs Cisco IOS Release 12.3(6) has reloaded and boots up again. The symptom may also occur in other releases.
Workaround: There is no workaround.
•
Symptoms: A router reloads when receiving IPX packets.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.3(9) and that is configured for IPX networking. The router may reload after named ACLs have been displayed.
Workaround: There is no workaround.
•
Symptoms: A gateway may send wrong resource availability information to a gatekeeper. The actual number of "used" and "free" channels that is shown in the output the show trunk group command does not match with the number that is shown in the output of the show call resource voice status and show isdn status commands.
This situation causes the gatekeeper to receive wrong information about the number of free circuits that the gateway has and may also cause the circuits of the gateway to be underutilized.
Conditions: This symptom is observed on a Cisco AS5300 but may not be platform dependent.
Workaround: There is no workaround.
•
Symptoms: An H.323 call across a Cisco IP-to-IP H.323 gateway (GW) may not work correctly.
Conditions: This problem is observed in the following topology:
A third party H.323 GW connects to a Cisco IP-to-IP H.323 GW (a Cisco 3660) that connects to a Cisco GW (a Cisco 2600 series) that, in turn, connects to an FXS phone.
Calls from the FXS phone to the third party GW do not work intermittently. The Cisco IP-to-IP H.323 GW runs Cisco IOS Release 12.3(5). This problem happens only when the Alerting and Connect messages are received by the IP-to-IP H.323 GW very quickly in succession and when the Connect message has a Facility element.
Workaround: There is no workaround.
•
Symptoms: Changing any IP access control list (ACL) may cause a walk of all LC-ATM prefixes.
Conditions: This symptom is observed on a router configured with an LC-ATM Multi-VC when the changed ACL is not related to the Multi-VC.
Workaround: There is no workaround.
•
Symptoms: Spurious memory accesses are recorded in an RPM-PR card acting as Label Switch Controller (LSC). The show alignment EXEC command displays the spurious access records. There are three related spurious accesses that display an address of A, 8, and A respectively, and the records are continuous around one of each of the three per second.
An error message similar to this is logged:
%ALIGN-3-SPURIOUS: Spurious memory access made at 0x60418758 reading 0xA
%ALIGN-3-TRACE: -Traceback= 60418758 6041A718 600835B4 6007F4C4 6008214C
00000000 00000000 00000000
%ALIGN-3-TRACE: -Traceback= 6041875C 6041A718 600835B4 6007F4C4 6008214C
00000000 00000000 00000000
%ALIGN-3-TRACE: -Traceback= 604184D0 604188DC 6041A718 600835B4 6007F4C4
6008214C 00000000 00000000The output of the show alignment command shows the following:
Total Spurious Accesses 7984, Recorded 4
Total Spurious Accesses 7984, Recorded 4
Address Count Traceback
A 2660 0x60418758 0x6041A718 0x600835B4 0x6007F4C4
0x6008214C
8 2660 0x6041875C 0x6041A718 0x600835B4 0x6007F4C4
0x6008214C
A 2660 0x604184D0 0x604188DC 0x6041A718 0x600835B4
0x6007F4C4 0x6008214CConditions: This symptom is observed only on a Cisco RPM-PR.
Workaround: There is no workaround.
•
Symptoms: The output of the show policy-map interface command shows different values than expected.
Conditions: This symptom is observed when CBWFQ is configured on an interface with crypto and QoS preclassification. Hardware encryption works fine.
Workaround: Disable the qos pre-classify command when the service policy matches on IP precedence. Alternatively, use hardware encryption.
•
Symptoms: Downloading to an ATA flash disk may fail and the following error may appear:
%Error writing disk2:/c7200-js-mz.122-14.S7.bin (TF I/O failed in data-out phase)
ATA_Status time out waiting for card ready.
ATA_Status time out waiting for card ready.
ATA_Status time out waiting for card ready.The image size on the flash disk is 0 bytes.
Conditions: This problem is seen on a Cisco 7200 series NPE-G1 that runs Cisco IOS Release 12.2(14)S5 or Release 12.2(14)S7.
Workaround: Attempt a second time; the second attempt may be successful, but you will need to check the image size, even if there were no errors.
•
Symptoms: A Cisco 2691 may fail LCP negotiation.
Conditions: This symptom is observed when making an outgoing 56k speed ISDN BRI call. An outgoing 64k speed call works fine.
Workaround: There is no workaround.
•
Symptoms: When an LC-ATM switch subinterface is created and then deleted on an RPM-PR, the index for the current subinterface for the LVC stuck detection and recovery mechanism is changed in such a way that the "LVC stuck" information for an existing LC-ATM is overwritten when a new LC-ATM is added.
The "LVC stuck" information can be checked with the debug atmdx health_chk_stats EXEC command.
Conditions: This symptom is observed on an RPM-PR with an existing LC-ATM interface.
Workaround: There is no workaround.
•
Symptoms: A Label Switch Controller (LSC) may reload unexpectedly with a software-forced crashed. An error similar to this one followed by a traceback can be seen:
%SYS-2-BADSHARE: Bad refcount in mem_lock, ptr=628371F8, count=0Conditions: This symptom is observed when you enter the show mpls atm-ldp bindings path command to display LVC path information while network changes such as interfaces flaps or prefix flaps are occurring.
Workaround: There is no workaround.
•
Symptoms: The SRP protocol on a Cisco uBR7246VXR may not fully initialize during the boot sequence.
Conditions: This symptom is observed on a Cisco uBR7246VXR running Cisco IOS Release 12.2(15)BC1b when one SRP side is wrapped. The symptom may also occur on a Cisco 7200 series and is not release-specific.
Workaround: Force a wrap by entering the srp ips request forced-switch command and remove this forced wrap. Note that you have to do this manually after a reload/reboot.
•
Symptoms: DTS may not work properly on dot1q Fast Ethernet subinterfaces. Traffic is not shaped at the expected rate
Conditions: This problem is observed on a Cisco 7500 series that is configured as a PE router and that runs Cisco IOS Release 12.2(12i). The symptom may also occur in other releases.
Workaround: If this is an option, use ISL subinterfaces.
•
Symptoms: LC-ATM-enabled subinterface on a PE router stays in "not ready" state when viewing the LDP session to the LSC using the show mpls ldp discovery command. The shutdown interface command followed by the no shutdown interface command will not clear the problem when performed on either the LC-ATM subinterface on the PE or the Xtag interface on the connected LSC.
Conditions: The interface stays in "interface not LDP ready" state when there exists a stray LVC on the switch interface. The PE reaches this state after multiple LDP flaps.
Workaround: The condition may be cleared by entering the clear ip route prefix command where prefix is the local loopback address for the LC- ATM subinterface. This will cause all tailend LVCs on all LC-ATM subinterfaces to be torn down and re-established, causing a brief customer outage. This workaround should only be used if no alternate path exists for MPLS traffic towards this device (i.e., a redundant LC-ATM subinterface). After using this workaround, user should confirm that the expected number of LVCs has been re- established with the output of the show mpls atm summary command. If bindings are not successfully re-established, repeat the clear ip route prefix command, or reload the router.
Reload of the router will remove the stray LVC and bring the LDP session on the PE's LC-ATM subinterface back to normal state.
•
Symptoms: A router crashes when the mgcp command followed by the no mgcp command is entered.
Condition: This symptom is observed while running Cisco test scripts.
Workaround: There is no workaround.
•
Cisco Internetwork Operating System (IOS) Software release trains 12.1YD, 12.2T, 12.3 and 12.3T, when configured for Cisco's IOS Telephony Service (ITS), Cisco CallManager Express (CME) or Survivable Remote Site Telephony (SRST) may contain a vulnerability in processing certain malformed control protocol messages.
A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS). This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml
Cisco has made free software upgrades available to address this vulnerability for all affected customers.
This vulnerability is documented by Cisco bug ID CSCee08584.
•
Symptoms: When 911 calls are done via MF signaling, calls placed to 911 intermittently fail.
Conditions: This symptom is observed in the following call flow:
A customer dials 911; the call agent sends a RQNT to a TGR (a Cisco AS5850) with call setup information; the TGR acknowledges with a 200 message. At this point no further messages are sent from the TGR.
In most cases a customer abandons the call and reattempts to dial 911 again, which will connect on a different trunk (trunk groups are set up for LRU in the call agent). The MGCP connection on the TGR hangs.
DSIP debug shows that after receiving a wink back from the agent, TGR immediately sends a loop open, which should not be the next event. The caller hears dead air during this entire series of events.
Workaround: There is no workaround.
•
Symptoms: A Cisco platform reloads because of a watchdog timer expiration.
Conditions: This symptom is observed on a Cisco platform that runs Cisco IOS Release 12.2(20)S2 or Release 12.3 under the following conditions:
–
–
–
Workaround: First detach the service policy from the PVC, then rename it and attach it again.
•
Symptoms: Inbound calls through a PRI on a Cisco IOS VoIP gateway may get into a hung state. Further calls attempted to the same timeslot may be rejected with an ISDN cause code of 0x2F (Resource unavailable).
The output of the show voice call summary command may show the affected call in the "S_WAIT_RELEASE" state.
Conditions: This symptom is observed when the isdn global-disconnect ISDN subcommand is enabled and when there is an active call on the PRI at the time the T1/E1 controller goes down (for example, in a loss of frame condition on the controller).
To recover from the above-mentioned state, reload the gateway.
Workaround: Either use H.323 as the signaling protocol or remove the isdn global-disconnect command from the configuration.
•
Symptoms: On certain platforms (in particular but not limited to a Cisco 800 series), the CNS agents code that captures output for later transmission can crash.
Conditions: This symptom is observed on a router that has configuration and EXEC agents and CNS agents that execute CLI commands when you send an XML file to direct these agents to execute a CLI command and return the output (if there is any output).
Workaround: Telnet into the router (not through the console) and exit. This may need to be done multiple times.
•
Symptoms: SSG reloads due to a bus error when a user logs on and logs off from a service more than once.
Conditions: This symptom is observed when the service profile is defined on the platform that runs SSG, using a local profile with more service networks ("R" entries) and with incorrect address mask.
The more "R" attributes with wrong netmasks are configured, the sooner SSG reloads when users log on and log off from the same profile.
This behavior is observed on a Cisco 7206VXR with an NPE-G1 that runs the g4js-mz image of Cisco IOS Release 12.3(3)T, 12.3(4)T, or 12.3(7)T but may also occur in Release 12.3.
Workaround: Ensure that all address/mask pairs are valid.
•
Symptoms: A Cisco 7200 series may crash because of a bus error and the following error message and tracebacks are generated:
Unexpected exception, CPU signal 10, PC = 0x607D3144
-Traceback= 607D3144 607D52D0 60213420 60219874 61320D74 6131F01C 613220B0
613229A8 61322A6C
$0 : 00000000, AT : 63010000, v0 : 00000000, v1 : 00000000
a0 : 62170000, a1 : 00000000, a2 : 64641C04, a3 : 00000000
t0 : 00000001, t1 : 3400FF01, t2 : 3400E100, t3 : FFFF00FF
t4 : 607F6DB8, t5 : 64685888, t6 : 64685884, t7 : 64685880
s0 : 00000000, s1 : FFFFFFD7, s2 : 00000002, s3 : FFFFFFFF
s4 : FFFFFFFF, s5 : 6467D540, s6 : 61EB84F4, s7 : 63420000
t8 : 64641C04, t9 : 00000000, k0 : 3040D001, k1 : 00000000
gp : 6301CDC8, sp : 64641AA8, s8 : 6467D540, ra : 607D3120
EPC : 607D3144, ErrorEPC : 8FD20651, SREG : 3400FF03
MDLO : 00000011, MDHI : 08CB1EE0, BadVaddr : FFFFFFFD
Cause 00000010 (Code 0x4): Address Error (load or instruction fetch) exceptionConditions: This symptom is observed on a Cisco 7200 series running the c7200-ik9s-m image of Cisco IOS Release 12.3(6) that has an ATM interface with MPoA configured when the ATM interface comes up.
Workaround: Remove MPoA.
•
Symptoms: Malicious Call Identification (MCID) does not work because the digits are not being collected, causing the script to time out.
Conditions: This symptom is observed on a Cisco router that is configured for MCID with SIP as the VoIP protocol.
Workaround: There is no workaround.
•
Symptoms: Inbound ISDN B-channels through a Cisco IOS VoIP gateway may get hung in an S_WAIT_STATS state.
Conditions: This symptom is observed when the calling party hangs up the call prior to the called H.323 call leg being answered and when the called H.323 device not send back an H.225 Release_Complete message. This occurs when placing calls from a Cisco IOS gateway to a Cisco CallManager.
Workaround: There is no workaround.
•
Symptoms: A file type sometimes becomes ASCII text when you enter the write memory command on an NRP2-SV. You can see the file type when you enter the show file info disk0:slotX/nrp2-startup-config command on the NSP, as in the following example:
NSP# shos file info disk0:slot5/nrp2-startup-config
disk0:slot5/nrp2-startup-config:
type is ascii text <<<<<Conditions: This symptom is observed on an NRP2-SV that is installed in a Cisco 6400 series that runs Cisco IOS Release 12.2(15)T9 or 12.3(6).
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5400 crashes.
Conditions: This symptom is observed when an NP60 DFC is hot-swapped (OIR'ed) with an NP108 DFC.
Workaround: There is no workaround.
•
Symptoms: A Cisco platform using MGCP with a third-party call agent experiences a problem with signaling outgoing calls from a PBX if an incoming call is first handled after a bootup or after you have entered the no mgcp command followed by the mgcp command.
If the incoming call is handled first, a subsequent outgoing call attempt will fail to provide a 519 response to the RQNT requesting digit collection. This results in the call agent not providing the digit map to the gateway.
If an outgoing call is handled first following a bootup or an MGCP initialization, the RQNT is responded to by the gateway with a 519 (unable to process event request). The call agent then sends another RQNT with the digit map. Digit collection proceeds and the call completes as normal.
Conditions: This symptom is observed on a Cisco MC3810 running Cisco IOS Release 12.3(6) and on a Cisco IAD2420 running Release 12.3(5), Release 12.3(5a), and later releases.
Workaround: Have the call agent include the digit map in RQNT's requesting digit detection request
•
Symptoms: When you enter the format flash: command on a Cisco 2691, Cisco 3725, or Cisco 3745 to format a LEFS flash card, the router fails to give the DOS format and displays this error:
%Error formatting flash (Invalid DOS media or no media in slot)The flash card is no longer accessible until the router is reloaded.
Conditions: This symptom is observed on a Cisco 2691, Cisco 3725, or Cisco 3745 that run Cisco IOS Release 12.3(6) or a later release.
Workaround: There is no workaround.
•
Symptoms: A Cisco AS5850 does not fragment data packets.
Conditions: This symptom is observed when data packets enter the Cisco AS5850 through async (modem) interfaces and when the MTU on the egress Gigabit Ethernet interface is smaller than the ingress MTU or when L2F encapsulation overhead requires fragmentation. Async PPP sessions forwarded via L2TP are not affected by this problem.
Workaround: Increase the Gigabit Ethernet MTU to avoid fragmentation.
•
Symptoms: A format of the compact flash card after a previous erase displays CPUHOG messages.
Conditions: This symptom is observed on a Cisco 3725 and a Cisco 3745.
Workaround: Reformat the compact flash card and the CPUHOG messages will disappear.
•
Symptoms: Spurious memory accesses may occur on a Cisco media gateway, and MGCP request messages that have the Q: parameter (quarantine) may be handled improperly.
Conditions: This symptom is observed on Cisco media gateway that is configured for MGCP call control.
Workaround: There is no workaround.
•
Symptoms: When a call from the PSTN is received on a Cisco 2600 MGCP gateway, the calling party receives a fast busy tone and the call fails if it comes in on timeslot 2. However, this has also been observed on random timeslots. (The first call on timeslot 1 works fine.)
In the Cisco CallManager trace you see the following error:
400 12813 Voice call setup failed.Conditions: This symptom is observed on timeslot 2 of a Cisco 2600 gateway that runs Cisco IOS Release 12.3(5b) and that is configured for MGCP protocol.
Workaround: Busy out the B channel from the Cisco CallManager service parameters. You can do this is in the "Advanced settings" of the Cisco CallManager service parameters (ChangeBChannelMaintenanceStatus1).
Alternate Workaround: Remove the ccm-manager config command from the configuration.
•
Symptoms: A child policy bandwidth calculation is wrongly mixed with the specified rate of an old parent policy.
Conditions: This symptom is observed after you have changed the configuration of a policy map in a hierarchical policy.
Workaround: Detach and reattach the policy map.
•
Symptoms: A router crashes during NBAR initialization.
Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS software release that is included in the list at http://www.cisco.com/pcgi-bin/Support/Bugtool/onebug.pl?bugid=CSCdz04423. Cisco IOS software releases not listed in the "First Fixed-in Version" field at this location are not affected.
Workaround: Only initialize NBAR when the router CPU utilization is low.
•
Symptoms: A Cisco VG200 displays the following error message during the boot process and fails to boot:
Unexpected exception to CPUvector 1100, PC=0Conditions: This symptom is observed on a Cisco VG200 that runs the vg200-i6s-mz image of Cisco IOS interim Release 12.3(8.3) or interim Release 12.3(8.4), both of which are interim releases for Release 12.3(9).
Workaround: There is no workaround. Note that the symptom does not occur in interim Release 12.3(7.10) or earlier releases.
•
Symptoms: A router that functions as a VRF On Demand Address Pool (ODAP) manager may reload.
Conditions: This symptom is observed when the router that functions as a VRF ODAP manager attempts to renew a subnet lease that was removed from the ODAP pool via the clear ip dhcp subnet * command or the no origin dhcp command. The symptom occurs only when the subnets in the ODAP pool are cleared.
Workaround: Do not clear the ODAP pool subnets.
First Alternate Workaround: Configure the VPNID in the global VRF configuration.
Second Alternate Workaround: Do not use a VRF in the ODAP configuration.
•
Reception of certain IPv6 fragments with carefully crafted illegal contents may cause a router running Cisco IOS to reload if it has IPv6 configured. This applies to all versions of Cisco IOS that include support for IPv6.
The system may be protected by installing appropriate access lists to filter all IPv6 fragments destined for the system. For example:
interface Ethernet0/0
ipv6 traffic-filter nofragments in
!
ipv6 access-list nofragments
deny ipv6 any <my address1> undetermined-transport
deny ipv6 any <my address2> fragments
permit ipv6 any any
This must be applied across all interfaces, and must be applied to all IPv6 addresses which the system recognizes as its own.
This will effectively disable reassembly of all IPv6 fragments. Some networks may rely on IPv6 fragmentation, so careful consideration should be given before applying this workaround.
We would recommend for customers to upgrade to the fixed IOS release. All IOS releases listed in IPv6 Routing Header Vulnerability Advisory at /en/US/products/products_security_advisory09186a00807cb0fd.shtml contain fixes for this issue.
•
Symptoms: Object identifiers (OIDs) for the CISCO-ATM-PVCTRAP-EXTN-MIB MIB cannot be accessed.
Conditions: This symptom is observed with the CISCO-ATM-PVCTRAP-EXTN-MIB MIB. The MIB number of the CISCO-ATM-PVCTRAP-EXTN-MIB MIB has to be updated with the MIB number of the approved MIB.
Workaround: There is no workaround.
•
Symptom: A Cisco 7xxx series may crash.
Conditions: This symptom is observed when the traffic rate via a PA-A3-8T1IMA or PA-A3-8E1IMA port adapter is very high (at about or higher than the line rate).
Workaround: There is no workaround.
•
Symptoms: A controller of an 8-port multichannel T1/E1 PRI port adapter (PA-MC-8TE1+) may fail to come up after the router has booted up.
Conditions: This symptom is observed on a Cisco router that is configured with a PA-MC-8TE1+. The symptom is platform independent and port adapter dependent.
Workaround: Enter the shutdown controller configuration command followed the no shutdown controller configuration command on the affected controller.
Alternate Workaround: Enter the clear counters user EXEC or privileged EXEC command on the affected interface of the PA-MC-8TE1+.
•
Symptoms: An MFT WIC performs V.54 and BERT operations in 56k DS0 mode, even if the channel group speed is 64k.
Conditions: This symptom is observed on a Cisco 3700 series but may also occur on other platforms.
Workaround: Run the channel group in 56k mode if V.54 and BERT operations are required.
•
Symptoms: When you enter the channel-group command, a router may crash.
Conditions: This symptom is observed when you enter the channel-group command on native FE interfaces on a Cisco 3660 router or on NM-xFE interfaces on a Cisco 3600 series or Cisco 3700 series.
The channel-group command should not be used on native FE ports or on NM-FE ports because it is not supported on these ports. The channel-group command is meant only for NM-1GE GE ports and switching FE ports.
Workaround: There is no workaround. The fix for this DDTS ensure that the router does not crash. However, the EtherChannel is not supported on native FE ports and NM-xFE ports on a Cisco 3600 series and Cisco 3700 series.
•
Symptoms: TCCS clear-channel codec calls may not go through. The trunks may be up but the signaling information may not be communicated.
Conditions: This symptom is observed only when a medium complex codec is configured.
Workaround: Use a high complex codec, or use stun encapsulation for the D-channel.
•
Symptoms: A T.37 on-ramp fax transmission may fail because the call is disconnected.
Conditions: This symptom is observed during digit collection for E1 R2 signaling.
Workaround: There is no workaround.
•
Symptoms: A router may reload when you enter the show queue atm command.
Conditions: This symptom is observed on a Cisco 7200 series with an NSE-1 processor board and a Cisco 7401 when PXF is enabled. The symptom occurs when the show queue atm command is entered while traffic is flowing through an ATM PVC.
Workaround: Disable PXF globally by entering the no ip pxf command.
•
Symptoms: A Cisco 7500 series with a multilink DLFI configuration may crash.
Conditions: This symptom is observed when an Ethernet packet is received on the RSP and is switched by the RSP to a DLFI multilink interface.
Workaround: There is no workaround.
•
Symptoms: A router may reload when a Tcl IVR verb test script runs.
Conditions: This symptom is observed when a Telnet connection is made through the Ethernet port instead of through the console port and when simultaneous calls are made using all the 23 channels. The symptom occurs only with an automated test script.
Workaround: There is no workaround.
•
Symptoms: A Cisco Home Agent (HA) may reload unexpectedly.
Conditions: This symptom is observed on a Cisco router that functions as an HA under the following circumstances:
–
–
Workaround: Ensure that no FHAE is added when the "D" bit is set in an RRQ.
•
Symptoms: SSG may not send a calling station ID in connection accounting records to a local and a remote AAA server.
Conditions: This symptom is observed when a client log on by using a proxy service with MSISDN.
Workaround: There is no workaround.
•
Symptoms: A FlexWAN, enhanced FlexWAN, or Versatile Interface Processor that has a PA-MC-E3 or PA-MC-T3 installed may crash.
Conditions: This symptom is observed under rare conditions in a stress situation with dFLI and dCRTP configured.
Workaround: There is no workaround.
•
Symptom: PPPoE sessions cannot be established on VCs that have received non-PPPoE SNAP encapsulated frames (like RBE).
Conditions: This symptom is observed on a Cisco platform that functions as a LAC, that runs Cisco IOS Release 12.3(4)T1, Release 12.3(7)T, or a later release, and that is configured with RBE and autoPPP encapsulation. The symptom may also occur in Release 12.3.
Workaround: There is no workaround.
•
Symptoms: A session between a trip-lite gateway and a location server may not be established and may become stuck in OPENSENT.
Conditions: This symptom is observed on a Cisco 3600 series router.
Workaround: There is no workaround.
•
Symptoms: A PPPoE connection may not be established.
Conditions: This symptom is observed when an encapsulation configuration change occurs dynamically.
Workaround: Reboot the router on the LAC side or avoid an autoconfiguration from PPPoA to PPPoE.
•
Symptoms: A Cisco router may reload unexpectedly.
Conditions: This symptom occurs when the router is running under TTS stress.
Workaround: There is no workaround.
•
Symptoms: A VC that is configured on an IMA interface may remain in the inactive state.
Conditions: This symptom is observed when the VC is in the inactive state while the links come up. In this situation, the VC should enter the "up" state, but does not do so.
Workaround: Remove and reconfigure the VC.
Further Problem Description: If there is more then one member in a group, the problem does occur. Also, the problem occurs only on a Cisco 7500 series and not on a 7200 series.
•
Symptoms: A PPPoEoA session may fail to come up on a router on a user side. PPPoE profiles are used for establishing the PPPoE session. When the router receives a "CONFREQ" message from the LNS, the session goes down and cannot be reestablished.
Conditions: This symptom is observed on any Cisco platform that runs Cisco IOS Release 12.3 or Release 12.3(4)T2. The symptom does not occur in Release 12.3(4)T1.
Workaround: Although the following is not a good workaround, it can be used. Use VPDN groups instead of BBA profiles. Normal PPPoEoA sessions using VPDN group can be established, but with some overhead. When a PPPoE session is initiated, it does not come up at the first attempt, but the PPPoE client somehow reinitiates the session.
Alternate Workaround: Remove the "lcp renegotiation always" configuration from the LNS and use BBA groups.
•
Symptoms: A Cisco 7500 series or MSFC2 with a FlexWAN module may spontaneously reload.
Conditions: This problem mainly occurs when there are multiple FR DLCIs or ATM PVCs attached to the same virtual-template interface or the same multilink virtual-access interface and when one of the following conditions occurs:
–
–
Workaround: There is no workaround.
•
Symptoms: Voice calls may not go through on a High Density Voice network module (NM-HDV).
Conditions: This symptom is observed on a Cisco 2691 and Cisco 3700 series that run Cisco IOS Release 12.3 and that are configured with an NM-HDV.
Workaround: There is no workaround.
•
Symptoms: You can configure a router only once with the mgcp auto config command. After the first configuration, the command may no longer function and the router may not be configured.
Conditions: This symptom is observed on a Cisco VG200 and a Cisco IAD2420 series that run Cisco IOS Release 12.3(6).
Workaround: There is no workaround.
•
Symptoms: The line protocol on a T1 of a T3 controller in a PA-MC-2T3+ port adapter may stay in the down state even when looped.
Conditions: This symptom is observed on a Cisco 7200 series and Cisco 7500 series.
Workaround: There is no workaround.
•
Symptoms: Intercepted packets may not be switched to a mediation device (MD), and a traceback may be generated.
Conditions: This symptom is observed on a Cisco router when the Lawful Intercept feature is enabled to intercept packets.
Workaround: There is no workaround.
•
Symptoms: A router may reload while making OSP calls.
Conditions: This symptom is observed on a Cisco 3660 that runs the c3660-ik9s-mz image of Cisco IOS Release 12.3(6). However, the symptom may not be platform-specific or release-specific.
Workaround: There is no workaround.
•
Symptoms: IPCP may not come up when per-user virtual profile attributes are cloned from a remote AAA server.
Conditions: This symptom is observed after a number of sessions are brought up and torn down and when a cloning failure is observed on one or more sessions.
Workaround: There is no workaround.
•
Symptom: The CNG tone from a fax device may be ignored.
Condition: This symptom is observed only on Cisco AS5350 and Cisco AS5400 universal gateways. The symptom occurs when the universal gateway receives a CNG tone from a fax device while the universal gateway call has been connected to a Voice over IP (VoIP) call leg, that is there is end-to-end call connectivity for the VoIP call.
Workaround: There is no workaround.
Guest